Prosim o kontrolu logu RSIT. Stale chytam nejake viry - pr. Win 32 .......
Pomozte prosim!?
Log:
Logfile of random's system information tool 1.10 (written by random/random)
Run by User at 2014-06-03 12:27:22
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 51 GB (69%) free of 74 GB
Total RAM: 1015 MB (29% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:28:10, on 3.6.2014
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe
C:\Program Files\EeePC\ACPI\AsEPCMon.exe
C:\Program Files\EeePC\ACPI\AsTray.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxext.exe
C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
C:\PROGRA~1\VIDEOD~1\bar\1.bin\AppIntegrator.exe
C:\PROGRA~1\VIDEOD~1\bar\1.bin\4zsrchmn.exe
C:\PROGRA~1\VIDEOD~1\bar\1.bin\4zbrmon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ASUS\Eee Docking\Eee Docking.exe
C:\Program Files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\Opera Next\22.0.1471.40\opera.exe
C:\Program Files\Opera Next\22.0.1471.40\opera_crashreporter.exe
C:\Program Files\Opera Next\22.0.1471.40\opera.exe
C:\Program Files\Opera Next\22.0.1471.40\opera.exe
C:\Program Files\Opera Next\22.0.1471.40\opera.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Opera Next\22.0.1471.40\opera.exe
C:\Program Files\Opera Next\22.0.1471.40\opera.exe
C:\Program Files\Opera Next\22.0.1471.40\opera.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Documents and Settings\User\Desktop\RSIT.exe
C:\Program Files\trend micro\User.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.tb.ask.com/index.jhtml?n=77 ... 442E377116
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://get.adobe.com/flashplayer/comple ... &appid=200
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:2444;https=127.0.0.1:2444
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = <-loopback>;<local>
R3 - URLSearchHook: (no name) - {93a3111f-4f74-4ed8-895e-d9708497629e} - C:\Program Files\VideoDownloadConverter_4z\bar\1.bin\4zSrcAs.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Toolbar BHO - {312f84fb-8970-4fd3-bddb-7012eac4afc9} - C:\PROGRA~1\VIDEOD~1\bar\1.bin\4zbar.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Search Assistant BHO - {c547c6c2-561b-4169-a2a5-20ba771ca93b} - C:\Program Files\VideoDownloadConverter_4z\bar\1.bin\4zSrcAs.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: VideoDownloadConverter - {48586425-6bb7-4f51-8dc6-38c88e3ebb58} - C:\Program Files\VideoDownloadConverter_4z\bar\1.bin\4zbar.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AsusACPIServer] C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe
O4 - HKLM\..\Run: [AsusEPCMonitor] C:\Program Files\EeePC\ACPI\AsEPCMon.exe
O4 - HKLM\..\Run: [AsusTray] C:\Program Files\EeePC\ACPI\AsTray.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SynAsusAcpi] C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe
O4 - HKLM\..\Run: [snp2uvc] C:\WINDOWS\vsnp2uvc.exe
O4 - HKLM\..\Run: [LiveUpdate] C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe auto
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe"
O4 - HKLM\..\Run: [VideoDownloadConverter Home Page Guard 32 bit] "C:\PROGRA~1\VIDEOD~1\bar\1.bin\AppIntegrator.exe"
O4 - HKLM\..\Run: [VideoDownloadConverter Search Scope Monitor] "C:\PROGRA~1\VIDEOD~1\bar\1.bin\4zsrchmn.exe" /m=2 /w /h
O4 - HKLM\..\Run: [VideoDownloadConverter_4z Browser Plugin Loader] C:\PROGRA~1\VIDEOD~1\bar\1.bin\4zbrmon.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Eee Docking] C:\Program Files\ASUS\Eee Docking\Eee Docking.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: SuperHybridEngine.lnk = ?
O8 - Extra context menu item: &Search - http://buttons.videodownloadconverter.c ... 53109&cv=6
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - AppInit_DLLs: c:\progra~1\searchprotect\searchprotect\bin\spvc32loader.dll
O20 - Winlogon Notify: SDWinLogon - SDWinLogon.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Search Protect Service (CltMngSvc) - Unknown owner - C:\PROGRA~1\SearchProtect\Main\bin\CltMngSvc.exe (file missing)
O23 - Service: Spybot-S&D 2 Scanner Service (SDScannerService) - Safer-Networking Ltd. - C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
O23 - Service: Spybot-S&D 2 Updating Service (SDUpdateService) - Safer-Networking Ltd. - C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) - Safer-Networking Ltd. - C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
O23 - Service: VideoDownloadConverterService (VideoDownloadConverter_4zService) - COMPANYVERS_NAME - C:\PROGRA~1\VIDEOD~1\bar\1.bin\4zbarsvc.exe
O23 - Service: Wajam Internet Enhancer Service - Unknown owner - C:\Program Files\Wajam\Wajam Internet Enhancer\WajamInternetEnhancerService.exe (file missing)
--
End of file - 10254 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\Adobe Flash Player Updater.job - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
C:\WINDOWS\tasks\avast! Emergency Update.job - C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
C:\WINDOWS\tasks\Check for updates (Spybot - Search & Destroy).job - C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe /autoupdate /silent /autoclose
C:\WINDOWS\tasks\Critical Battery Alarm Program.job - C:\Documents and Settings\User\Desktop\Programy\potrebne zvuky\kachna.amr
C:\WINDOWS\tasks\Low Battery Alarm Program.job - C:\Documents and Settings\User\Desktop\Programy\potrebne zvuky\lodnisirena.amr
C:\WINDOWS\tasks\Microsoft Windows XP End of Service Notification Logon.job - C:\WINDOWS\system32\xp_eos.exe -c
C:\WINDOWS\tasks\Microsoft Windows XP End of Service Notification Monthly.job - C:\WINDOWS\system32\xp_eos.exe
C:\WINDOWS\tasks\Opera scheduled Autoupdate 1401535161.job - C:\Program Files\Opera Next\launcher.exe --scheduledautoupdate
C:\WINDOWS\tasks\Refresh immunization (Spybot - Search & Destroy).job - C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe /immunize /silent /autoclose
C:\WINDOWS\tasks\Scan the system (Spybot - Search & Destroy).job - C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe /scan /cleanclose
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{312f84fb-8970-4fd3-bddb-7012eac4afc9}]
Toolbar BHO - C:\PROGRA~1\VIDEOD~1\bar\1.bin\4zbar.dll [2014-05-31 872008]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll [2012-11-13 3214392]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll [2009-01-15 92504]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2014-05-29 436600]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c547c6c2-561b-4169-a2a5-20ba771ca93b}]
Search Assistant BHO - C:\Program Files\VideoDownloadConverter_4z\bar\1.bin\4zSrcAs.dll [2014-05-31 139336]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]
Windows Live Toolbar Helper - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-07 1068904]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-07 1068904]
{48586425-6bb7-4f51-8dc6-38c88e3ebb58} - VideoDownloadConverter - C:\Program Files\VideoDownloadConverter_4z\bar\1.bin\4zbar.dll [2014-05-31 872008]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2007-12-19 135168]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2007-12-19 159744]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2007-12-19 131072]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2009-04-27 17881088]
"AsusACPIServer"=C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe [2009-04-17 630784]
"AsusEPCMonitor"=C:\Program Files\EeePC\ACPI\AsEPCMon.exe [2009-03-14 98304]
"AsusTray"=C:\Program Files\EeePC\ACPI\AsTray.exe [2009-04-17 118784]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2009-04-09 1512744]
"SynAsusAcpi"=C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe [2009-04-09 79144]
"snp2uvc"=C:\WINDOWS\vsnp2uvc.exe []
"LiveUpdate"=C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe [2009-06-25 712704]
"IMJPMIG8.1"=C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2008-04-14 208952]
"MSPY2002"=C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe [2008-04-14 59392]
"PHIME2002ASync"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2008-04-14 455168]
"PHIME2002A"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2008-04-14 455168]
"AvastUI.exe"=C:\Program Files\AVAST Software\Avast\AvastUI.exe [2014-05-29 3888648]
"SDTray"=C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [2012-11-13 3825176]
"VideoDownloadConverter Home Page Guard 32 bit"=C:\PROGRA~1\VIDEOD~1\bar\1.bin\AppIntegrator.exe [2014-05-31 421448]
"VideoDownloadConverter Search Scope Monitor"=C:\PROGRA~1\VIDEOD~1\bar\1.bin\4zsrchmn.exe [2014-05-31 55368]
"VideoDownloadConverter_4z Browser Plugin Loader"=C:\PROGRA~1\VIDEOD~1\bar\1.bin\4zbrmon.exe [2014-05-31 61512]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"Eee Docking"=C:\Program Files\ASUS\Eee Docking\Eee Docking.exe [2009-07-28 397312]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2007-10-11 39792]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2009-02-07 3885408]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
SuperHybridEngine.lnk - C:\Program Files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="c:\progra~1\searchprotect\searchprotect\bin\spvc32loader.dll "
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2007-12-19 208896]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SDWinLogon]
SDWinLogon.dll []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-19 133632]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe"="C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon"
"C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe"="C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service"
"C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe"="C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater"
"C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe"="C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"VIDC.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"VIDC.IYUV"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVU9"=tsbyuv.dll
"VIDC.YVYU"=msyuv.dll
"wavemapper"=msacm32.drv
"MSVideo8"=VfWWDM32.dll
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"aux"=wdmaud.drv
"msacm.siren"=sirenacm.dll
======List of files/folders created in the last 1 month======
2014-06-03 12:27:23 ----D---- C:\Program Files\trend micro
2014-06-03 12:27:22 ----D---- C:\rsit
2014-06-03 11:12:42 ----D---- C:\Program Files\Common Files\DESIGNER
2014-06-02 20:54:04 ----A---- C:\WINDOWS\system32\XAudio2_7.dll
2014-06-02 20:54:04 ----A---- C:\WINDOWS\system32\XAPOFX1_5.dll
2014-06-02 20:54:03 ----A---- C:\WINDOWS\system32\xactengine3_7.dll
2014-06-02 20:54:03 ----A---- C:\WINDOWS\system32\D3DCompiler_43.dll
2014-06-02 20:54:02 ----A---- C:\WINDOWS\system32\d3dcsx_43.dll
2014-06-02 20:54:01 ----A---- C:\WINDOWS\system32\D3DX9_43.dll
2014-06-02 20:54:01 ----A---- C:\WINDOWS\system32\d3dx11_43.dll
2014-06-02 20:54:01 ----A---- C:\WINDOWS\system32\d3dx10_43.dll
2014-06-02 20:54:00 ----A---- C:\WINDOWS\system32\XAudio2_6.dll
2014-06-02 20:54:00 ----A---- C:\WINDOWS\system32\XAPOFX1_4.dll
2014-06-02 20:54:00 ----A---- C:\WINDOWS\system32\xactengine3_6.dll
2014-06-02 20:53:59 ----A---- C:\WINDOWS\system32\XAudio2_5.dll
2014-06-02 20:53:59 ----A---- C:\WINDOWS\system32\X3DAudio1_7.dll
2014-06-02 20:53:58 ----A---- C:\WINDOWS\system32\xactengine3_5.dll
2014-06-02 20:53:58 ----A---- C:\WINDOWS\system32\D3DCompiler_42.dll
2014-06-02 20:53:57 ----A---- C:\WINDOWS\system32\d3dcsx_42.dll
2014-06-02 20:53:56 ----A---- C:\WINDOWS\system32\d3dx11_42.dll
2014-06-02 20:53:56 ----A---- C:\WINDOWS\system32\d3dx10_42.dll
2014-06-02 20:53:55 ----A---- C:\WINDOWS\system32\D3DX9_42.dll
2014-06-02 20:53:54 ----A---- C:\WINDOWS\system32\D3DX9_41.dll
2014-06-02 20:53:54 ----A---- C:\WINDOWS\system32\d3dx10_41.dll
2014-06-02 20:53:54 ----A---- C:\WINDOWS\system32\D3DCompiler_41.dll
2014-06-02 20:53:53 ----A---- C:\WINDOWS\system32\XAudio2_4.dll
2014-06-02 20:53:53 ----A---- C:\WINDOWS\system32\XAPOFX1_3.dll
2014-06-02 20:53:52 ----A---- C:\WINDOWS\system32\xactengine3_4.dll
2014-06-02 20:53:52 ----A---- C:\WINDOWS\system32\X3DAudio1_6.dll
2014-06-02 20:53:51 ----A---- C:\WINDOWS\system32\d3dx10_40.dll
2014-06-02 20:53:51 ----A---- C:\WINDOWS\system32\D3DCompiler_40.dll
2014-06-02 20:53:50 ----A---- C:\WINDOWS\system32\XAudio2_3.dll
2014-06-02 20:53:50 ----A---- C:\WINDOWS\system32\XAPOFX1_2.dll
2014-06-02 20:53:50 ----A---- C:\WINDOWS\system32\D3DX9_40.dll
2014-06-02 20:53:49 ----A---- C:\WINDOWS\system32\xactengine3_3.dll
2014-06-02 20:53:49 ----A---- C:\WINDOWS\system32\X3DAudio1_5.dll
2014-06-02 20:53:48 ----A---- C:\WINDOWS\system32\XAudio2_2.dll
2014-06-02 20:53:48 ----A---- C:\WINDOWS\system32\XAPOFX1_1.dll
2014-06-02 20:53:48 ----A---- C:\WINDOWS\system32\xactengine3_2.dll
2014-06-02 20:53:47 ----A---- C:\WINDOWS\system32\d3dx10_39.dll
2014-06-02 20:53:47 ----A---- C:\WINDOWS\system32\D3DCompiler_39.dll
2014-06-02 20:53:46 ----A---- C:\WINDOWS\system32\XAudio2_1.dll
2014-06-02 20:53:46 ----A---- C:\WINDOWS\system32\XAPOFX1_0.dll
2014-06-02 20:53:46 ----A---- C:\WINDOWS\system32\D3DX9_39.dll
2014-06-02 20:53:45 ----A---- C:\WINDOWS\system32\xactengine3_1.dll
2014-06-02 20:53:45 ----A---- C:\WINDOWS\system32\X3DAudio1_4.dll
2014-06-02 20:53:44 ----A---- C:\WINDOWS\system32\D3DX9_38.dll
2014-06-02 20:53:44 ----A---- C:\WINDOWS\system32\d3dx10_38.dll
2014-06-02 20:53:44 ----A---- C:\WINDOWS\system32\D3DCompiler_38.dll
2014-06-02 20:53:43 ----A---- C:\WINDOWS\system32\XAudio2_0.dll
2014-06-02 20:53:42 ----A---- C:\WINDOWS\system32\xactengine3_0.dll
2014-06-02 20:53:42 ----A---- C:\WINDOWS\system32\X3DAudio1_3.dll
2014-06-02 20:53:42 ----A---- C:\WINDOWS\system32\D3DCompiler_37.dll
2014-06-02 20:53:41 ----A---- C:\WINDOWS\system32\D3DX9_37.dll
2014-06-02 20:53:41 ----A---- C:\WINDOWS\system32\d3dx10_37.dll
2014-06-02 20:53:40 ----A---- C:\WINDOWS\system32\xactengine2_10.dll
2014-06-02 20:53:39 ----A---- C:\WINDOWS\system32\d3dx9_36.dll
2014-06-02 20:53:39 ----A---- C:\WINDOWS\system32\d3dx10_36.dll
2014-06-02 20:53:39 ----A---- C:\WINDOWS\system32\D3DCompiler_36.dll
2014-06-02 20:53:38 ----A---- C:\WINDOWS\system32\xactengine2_9.dll
2014-06-02 20:53:37 ----A---- C:\WINDOWS\system32\d3dx10_35.dll
2014-06-02 20:53:37 ----A---- C:\WINDOWS\system32\D3DCompiler_35.dll
2014-06-02 20:53:36 ----A---- C:\WINDOWS\system32\d3dx9_35.dll
2014-06-02 20:53:35 ----A---- C:\WINDOWS\system32\xactengine2_8.dll
2014-06-02 20:53:35 ----A---- C:\WINDOWS\system32\X3DAudio1_2.dll
2014-06-02 20:53:34 ----A---- C:\WINDOWS\system32\d3dx10_34.dll
2014-06-02 20:53:34 ----A---- C:\WINDOWS\system32\D3DCompiler_34.dll
2014-06-02 20:53:32 ----A---- C:\WINDOWS\system32\xactengine2_7.dll
2014-06-02 20:53:31 ----A---- C:\WINDOWS\system32\d3dx10_33.dll
2014-06-02 20:53:31 ----A---- C:\WINDOWS\system32\D3DCompiler_33.dll
2014-06-02 20:53:29 ----A---- C:\WINDOWS\system32\d3dx9_33.dll
2014-06-02 20:53:28 ----A---- C:\WINDOWS\system32\xactengine2_6.dll
2014-06-02 20:53:27 ----A---- C:\WINDOWS\system32\xactengine2_5.dll
2014-06-02 20:53:26 ----A---- C:\WINDOWS\system32\xactengine2_4.dll
2014-06-02 20:53:26 ----A---- C:\WINDOWS\system32\x3daudio1_1.dll
2014-06-02 20:53:26 ----A---- C:\WINDOWS\system32\d3dx9_31.dll
2014-06-02 20:53:25 ----A---- C:\WINDOWS\system32\xactengine2_3.dll
2014-06-02 20:53:24 ----A---- C:\WINDOWS\system32\xinput1_2.dll
2014-06-02 20:53:23 ----A---- C:\WINDOWS\system32\xinput1_1.dll
2014-06-02 20:53:23 ----A---- C:\WINDOWS\system32\xactengine2_2.dll
2014-06-02 20:53:22 ----A---- C:\WINDOWS\system32\xactengine2_1.dll
2014-06-02 20:53:18 ----A---- C:\WINDOWS\system32\d3dx9_30.dll
2014-06-02 20:53:17 ----A---- C:\WINDOWS\system32\xactengine2_0.dll
2014-06-02 20:53:17 ----A---- C:\WINDOWS\system32\x3daudio1_0.dll
2014-06-02 20:53:17 ----A---- C:\WINDOWS\system32\d3dx9_29.dll
2014-06-02 20:53:16 ----A---- C:\WINDOWS\system32\xinput9_1_0.dll
2014-06-02 20:53:15 ----A---- C:\WINDOWS\system32\d3dx9_27.dll
2014-06-02 20:53:15 ----A---- C:\WINDOWS\system32\d3dx9_26.dll
2014-06-02 20:53:13 ----A---- C:\WINDOWS\system32\d3dx9_25.dll
2014-06-02 20:53:11 ----A---- C:\WINDOWS\system32\d3dx9_24.dll
2014-06-02 20:50:39 ----D---- C:\WINDOWS\Logs
2014-06-02 19:19:59 ----D---- C:\Program Files\Common Files\DirectX
2014-06-02 19:15:51 ----D---- C:\Program Files\Need for Speed Underground 2
2014-06-02 15:01:56 ----D---- C:\Documents and Settings\User\Application Data\iWin
2014-06-02 15:01:56 ----D---- C:\Documents and Settings\All Users\Application Data\iWin
2014-06-02 15:00:56 ----D---- C:\Program Files\Games
2014-06-02 12:51:21 ----A---- C:\WINDOWS\system32\muweb.dll
2014-06-02 12:51:21 ----A---- C:\WINDOWS\system32\mucltui.dll
2014-06-01 14:40:08 ----D---- C:\Program Files\Puzzle Quest
2014-06-01 14:16:07 ----D---- C:\Program Files\OpenAL
2014-06-01 14:16:04 ----D---- C:\WINDOWS\Puzzle Quest
2014-06-01 14:15:39 ----A---- C:\WINDOWS\system32\d3dx9_34.dll
2014-06-01 14:15:37 ----A---- C:\WINDOWS\system32\xinput1_3.dll
2014-06-01 14:15:34 ----A---- C:\WINDOWS\system32\d3dx9_28.dll
2014-06-01 13:59:22 ----D---- C:\Documents and Settings\All Users\Application Data\APN
2014-06-01 13:43:57 ----D---- C:\Documents and Settings\All Users\Application Data\Big Fish
2014-06-01 13:43:53 ----D---- C:\Program Files\bfgclient
2014-06-01 13:42:44 ----D---- C:\Documents and Settings\All Users\Application Data\BigFishCache
2014-06-01 10:26:54 ----D---- C:\Documents and Settings\User\Application Data\AnvSoft
2014-06-01 10:26:09 ----D---- C:\Program Files\AnvSoft
2014-06-01 09:35:49 ----HDC---- C:\WINDOWS\$NtUninstallKB2467659$
2014-06-01 09:33:14 ----A---- C:\WINDOWS\system32\ieencode.dll
2014-06-01 09:25:13 ----HDC---- C:\WINDOWS\$NtUninstallKB2909212$
2014-06-01 09:24:57 ----HDC---- C:\WINDOWS\$NtUninstallKB2510581$
2014-06-01 09:24:32 ----HDC---- C:\WINDOWS\$NtUninstallKB2936068$
2014-06-01 09:23:57 ----HDC---- C:\WINDOWS\$NtUninstallKB2964358$
2014-05-31 18:19:46 ----A---- C:\WINDOWS\system32\wrap_oal.dll
2014-05-31 18:19:46 ----A---- C:\WINDOWS\system32\OpenAL32.dll
2014-05-31 14:29:57 ----D---- C:\Documents and Settings\User\Application Data\VideoDownloadConverter_4z
2014-05-31 14:23:50 ----D---- C:\Program Files\VideoDownloadConverter_4z
2014-05-31 12:19:21 ----D---- C:\Program Files\Opera Next
2014-05-31 10:25:10 ----D---- C:\Documents and Settings\User\Application Data\Opera Software
2014-05-31 10:24:55 ----D---- C:\Program Files\Opera
2014-05-30 19:31:28 ----A---- C:\WINDOWS\SchedLgU.Txt
2014-05-30 19:22:05 ----A---- C:\WINDOWS\wininit.ini
2014-05-30 14:15:13 ----D---- C:\Documents and Settings\User\Application Data\Windows Live Writer
2014-05-30 13:17:36 ----D---- C:\Documents and Settings\User\Application Data\XnView
2014-05-30 12:02:02 ----D---- C:\Program Files\VS Revo Group
2014-05-30 11:32:50 ----HDC---- C:\WINDOWS\$NtUninstallKB2345886$
2014-05-30 11:32:04 ----HDC---- C:\WINDOWS\$NtUninstallKB970430$
2014-05-30 11:16:28 ----A---- C:\WINDOWS\imsins.BAK
2014-05-30 11:15:38 ----HDC---- C:\WINDOWS\$NtUninstallKB961118$
2014-05-30 10:25:51 ----SHD---- C:\Config.Msi
2014-05-29 18:17:22 ----A---- C:\WINDOWS\system32\sdnclean.exe
2014-05-29 16:42:29 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2014-05-29 16:41:49 ----D---- C:\Program Files\Spybot - Search & Destroy 2
2014-05-29 16:36:13 ----D---- C:\Documents and Settings\All Users\Application Data\Tbccint
2014-05-29 16:35:16 ----D---- C:\Documents and Settings\User\Application Data\Mozilla
2014-05-29 16:22:22 ----D---- C:\Documents and Settings\User\Application Data\vlc
2014-05-29 16:21:14 ----D---- C:\Program Files\VideoLAN
2014-05-29 15:50:16 ----D---- C:\Documents and Settings\All Users\Application Data\2308189059
2014-05-29 15:45:33 ----D---- C:\Documents and Settings\All Users\Application Data\TEMP
2014-05-29 15:44:13 ----D---- C:\Program Files\Wajam
2014-05-29 15:43:14 ----D---- C:\Program Files\SearchProtect
2014-05-29 15:42:35 ----D---- C:\Program Files\sweetpacks bundle uninstaller_BS.Player_1505863
2014-05-29 15:18:55 ----A---- C:\WINDOWS\system32\FlashPlayerApp.exe
2014-05-29 14:48:56 ----D---- C:\Documents and Settings\User\Application Data\WinRAR
2014-05-29 14:47:49 ----D---- C:\Program Files\WinRAR
2014-05-29 13:58:49 ----D---- C:\WINDOWS\system32\XPSViewer
2014-05-29 13:58:42 ----D---- C:\Program Files\MSBuild
2014-05-29 13:58:27 ----D---- C:\Program Files\Reference Assemblies
2014-05-29 13:57:34 ----N---- C:\WINDOWS\system32\prntvpt.dll
2014-05-29 13:57:33 ----N---- C:\WINDOWS\system32\xpsshhdr.dll
2014-05-29 13:57:32 ----N---- C:\WINDOWS\system32\xpssvcs.dll
2014-05-29 13:46:47 ----HDC---- C:\WINDOWS\$NtUninstallKB2868626$
2014-05-29 13:46:33 ----HDC---- C:\WINDOWS\$NtUninstallKB2922229$
2014-05-29 13:46:15 ----HDC---- C:\WINDOWS\$NtUninstallKB2387149$
2014-05-29 13:45:54 ----HDC---- C:\WINDOWS\$NtUninstallKB2712808$
2014-05-29 13:45:36 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$
2014-05-29 13:45:16 ----HDC---- C:\WINDOWS\$NtUninstallKB2479943$
2014-05-29 13:44:59 ----HDC---- C:\WINDOWS\$NtUninstallKB2659262$
2014-05-29 13:44:39 ----HDC---- C:\WINDOWS\$NtUninstallKB2564958$
2014-05-29 13:43:16 ----HDC---- C:\WINDOWS\$NtUninstallKB2916036$
2014-05-29 13:43:03 ----HDC---- C:\WINDOWS\$NtUninstallKB2478971$
2014-05-29 13:42:49 ----HDC---- C:\WINDOWS\$NtUninstallKB2544893-v2$
2014-05-29 13:42:36 ----HDC---- C:\WINDOWS\$NtUninstallKB2834886$
2014-05-29 13:42:23 ----HDC---- C:\WINDOWS\$NtUninstallKB2536276-v2$
2014-05-29 13:42:09 ----HDC---- C:\WINDOWS\$NtUninstallKB2585542$
2014-05-29 13:41:55 ----HDC---- C:\WINDOWS\$NtUninstallKB2631813$
2014-05-29 13:41:41 ----HDC---- C:\WINDOWS\$NtUninstallKB2296011$
2014-05-29 13:41:08 ----HDC---- C:\WINDOWS\$NtUninstallKB2691442$
2014-05-29 13:40:54 ----HDC---- C:\WINDOWS\$NtUninstallKB2900986$
2014-05-29 13:40:41 ----HDC---- C:\WINDOWS\$NtUninstallKB2115168$
2014-05-29 13:40:27 ----HDC---- C:\WINDOWS\$NtUninstallKB975558_WM8$
2014-05-29 13:40:18 ----HDC---- C:\WINDOWS\$NtUninstallKB955759$
2014-05-29 13:40:04 ----HDC---- C:\WINDOWS\$NtUninstallKB2847311$
2014-05-29 13:39:49 ----HDC---- C:\WINDOWS\$NtUninstallKB2378111_WM9$
2014-05-29 13:39:39 ----HDC---- C:\WINDOWS\$NtUninstallKB974318$
2014-05-29 13:39:25 ----HDC---- C:\WINDOWS\$NtUninstallKB969059$
2014-05-29 13:39:11 ----HDC---- C:\WINDOWS\$NtUninstallKB2443105$
2014-05-29 13:38:56 ----HDC---- C:\WINDOWS\$NtUninstallKB2655992$
2014-05-29 13:38:43 ----HDC---- C:\WINDOWS\$NtUninstallKB2802968$
2014-05-29 13:38:29 ----HDC---- C:\WINDOWS\$NtUninstallKB2229593$
2014-05-29 13:38:16 ----HDC---- C:\WINDOWS\$NtUninstallKB2481109$
2014-05-29 13:38:02 ----HDC---- C:\WINDOWS\$NtUninstallKB2898715$
2014-05-29 13:37:48 ----HDC---- C:\WINDOWS\$NtUninstallKB975713$
2014-05-29 13:37:34 ----HDC---- C:\WINDOWS\$NtUninstallKB2485663$
2014-05-29 13:37:21 ----HDC---- C:\WINDOWS\$NtUninstallKB2598479$
2014-05-29 13:37:08 ----HDC---- C:\WINDOWS\$NtUninstallKB2929961$
2014-05-29 13:36:56 ----HDC---- C:\WINDOWS\$NtUninstallKB2686509$
2014-05-29 13:36:41 ----HDC---- C:\WINDOWS\$NtUninstallKB982132$
2014-05-29 13:36:28 ----HDC---- C:\WINDOWS\$NtUninstallKB2862335$
2014-05-29 13:36:04 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$
2014-05-29 13:35:51 ----HDC---- C:\WINDOWS\$NtUninstallKB978338$
2014-05-29 13:35:38 ----HDC---- C:\WINDOWS\$NtUninstallKB954155_WM9$
2014-05-29 13:35:30 ----HDC---- C:\WINDOWS\$NtUninstallKB2507938$
2014-05-29 13:35:17 ----HDC---- C:\WINDOWS\$NtUninstallKB2834904-v2_WM11$
2014-05-29 13:35:08 ----HDC---- C:\WINDOWS\$NtUninstallKB2780091$
2014-05-29 13:34:55 ----HDC---- C:\WINDOWS\$NtUninstallKB972270$
2014-05-29 13:34:42 ----HDC---- C:\WINDOWS\$NtUninstallKB974112$
2014-05-29 13:34:28 ----HDC---- C:\WINDOWS\$NtUninstallKB2904266$
2014-05-29 13:34:15 ----HDC---- C:\WINDOWS\$NtUninstallKB2347290$
2014-05-29 13:34:02 ----HDC---- C:\WINDOWS\$NtUninstallKB2876217$
2014-05-29 13:33:49 ----HDC---- C:\WINDOWS\$NtUninstallKB956844$
2014-05-29 13:33:33 ----HDC---- C:\WINDOWS\$NtUninstallKB2483185$
2014-05-29 13:29:55 ----D---- C:\WINDOWS\system32\MRT
2014-05-29 13:29:47 ----A---- C:\WINDOWS\system32\MRT.exe
2014-05-29 13:29:30 ----HDC---- C:\WINDOWS\$NtUninstallKB979687$
2014-05-29 13:29:18 ----HDC---- C:\WINDOWS\$NtUninstallKB2930275$
2014-05-29 13:29:07 ----HDC---- C:\WINDOWS\$NtUninstallKB2864063$
2014-05-29 13:28:56 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$
2014-05-29 13:28:45 ----HDC---- C:\WINDOWS\$NtUninstallKB975025$
2014-05-29 13:28:34 ----HDC---- C:\WINDOWS\$NtUninstallKB2719985$
2014-05-29 13:28:22 ----HDC---- C:\WINDOWS\$NtUninstallKB974571$
2014-05-29 13:28:11 ----HDC---- C:\WINDOWS\$NtUninstallKB2862152$
2014-05-29 13:28:00 ----HDC---- C:\WINDOWS\$NtUninstallKB2592799$
2014-05-29 13:27:49 ----HDC---- C:\WINDOWS\$NtUninstallKB975560$
2014-05-29 13:27:34 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$
2014-05-29 13:27:22 ----HDC---- C:\WINDOWS\$NtUninstallKB2770660$
2014-05-29 13:27:11 ----HDC---- C:\WINDOWS\$NtUninstallKB941569$
2014-05-29 13:26:34 ----HDC---- C:\WINDOWS\$NtUninstallKB2535512$
2014-05-29 13:26:23 ----HDC---- C:\WINDOWS\$NtUninstallKB977816$
2014-05-29 13:26:12 ----HDC---- C:\WINDOWS\$NtUninstallKB2850869$
2014-05-29 13:26:01 ----HDC---- C:\WINDOWS\$NtUninstallKB2876331$
2014-05-29 13:25:48 ----HDC---- C:\WINDOWS\$NtUninstallKB2859537$
2014-05-29 13:25:37 ----HDC---- C:\WINDOWS\$NtUninstallKB2807986$
2014-05-29 13:25:26 ----HDC---- C:\WINDOWS\$NtUninstallKB2570947$
2014-05-29 13:25:15 ----HDC---- C:\WINDOWS\$NtUninstallKB2868038$
2014-05-29 13:24:54 ----HDC---- C:\WINDOWS\$NtUninstallKB978695_WM9$
2014-05-29 13:24:47 ----HDC---- C:\WINDOWS\$NtUninstallKB2820917$
2014-05-29 13:24:36 ----HDC---- C:\WINDOWS\$NtUninstallKB2603381$
2014-05-29 13:24:24 ----HDC---- C:\WINDOWS\$NtUninstallKB973904$
2014-05-29 13:24:13 ----HDC---- C:\WINDOWS\$NtUninstallKB2893294$
2014-05-29 13:24:02 ----HDC---- C:\WINDOWS\$NtUninstallKB2757638$
2014-05-29 13:23:48 ----HDC---- C:\WINDOWS\$NtUninstallKB973540_WM9$
2014-05-29 13:23:36 ----HDC---- C:\WINDOWS\$NtUninstallKB2419632$
2014-05-29 13:23:24 ----HDC---- C:\WINDOWS\$NtUninstallKB2508429$
2014-05-29 13:23:13 ----HDC---- C:\WINDOWS\$NtUninstallKB2653956$
2014-05-29 13:23:02 ----HDC---- C:\WINDOWS\$NtUninstallKB974392$
2014-05-29 13:22:52 ----HDC---- C:\WINDOWS\$NtUninstallKB2749655$
2014-05-29 13:22:33 ----HDC---- C:\WINDOWS\$NtUninstallKB971029$
2014-05-29 13:22:20 ----HDC---- C:\WINDOWS\$NtUninstallKB2506212$
2014-05-29 13:22:01 ----HDC---- C:\WINDOWS\$NtUninstallKB977914$
2014-05-29 13:21:43 ----HDC---- C:\WINDOWS\$NtUninstallKB2892075$
2014-05-29 13:21:31 ----HDC---- C:\WINDOWS\$NtUninstallKB2698365$
2014-05-29 13:21:21 ----HDC---- C:\WINDOWS\$NtUninstallKB2619339$
2014-05-29 13:21:10 ----HDC---- C:\WINDOWS\$NtUninstallKB2705219-v2$
2014-05-29 13:20:58 ----HDC---- C:\WINDOWS\$NtUninstallKB978542$
2014-05-29 13:20:47 ----HDC---- C:\WINDOWS\$NtUninstallKB979309$
2014-05-29 13:20:36 ----HDC---- C:\WINDOWS\$NtUninstallKB2727528$
2014-05-29 13:20:26 ----HDC---- C:\WINDOWS\$NtUninstallKB979482$
2014-05-29 13:20:15 ----HDC---- C:\WINDOWS\$NtUninstallKB978706$
2014-05-29 13:20:04 ----HDC---- C:\WINDOWS\$NtUninstallKB981997$
2014-05-29 13:19:53 ----HDC---- C:\WINDOWS\$NtUninstallKB2934207$
2014-05-29 13:19:38 ----HDC---- C:\WINDOWS\$NtUninstallKB2723135-v2$
2014-05-29 13:19:26 ----HDC---- C:\WINDOWS\$NtUninstallKB973815$
2014-05-29 13:19:16 ----HDC---- C:\WINDOWS\$NtUninstallKB2862330$
2014-05-29 13:19:01 ----HDC---- C:\WINDOWS\$NtUninstallKB2813345$
2014-05-29 13:18:49 ----HDC---- C:\WINDOWS\$NtUninstallKB2509553$
2014-05-29 13:18:22 ----HDC---- C:\WINDOWS\$NtUninstallKB2676562$
2014-05-29 13:17:31 ----HDC---- C:\WINDOWS\$NtUninstallKB982665$
2014-05-29 13:17:20 ----HDC---- C:\WINDOWS\$NtUninstallKB2478960$
2014-05-29 13:17:05 ----HDC---- C:\WINDOWS\$NtUninstallKB2393802$
2014-05-29 13:16:52 ----HDC---- C:\WINDOWS\$NtUninstallKB2620712$
2014-05-29 13:16:41 ----HDC---- C:\WINDOWS\$NtUninstallKB2566454$
2014-05-29 13:16:31 ----HDC---- C:\WINDOWS\$NtUninstallKB2661637$
2014-05-29 13:16:21 ----HDC---- C:\WINDOWS\$NtUninstallKB2914368$
2014-05-29 13:16:11 ----HDC---- C:\WINDOWS\$NtUninstallKB2584146$
2014-05-29 13:16:00 ----HDC---- C:\WINDOWS\$NtUninstallKB975467$
2014-05-29 13:15:46 ----HDC---- C:\WINDOWS\$NtUninstallKB968389$
2014-05-29 13:15:30 ----HDC---- C:\WINDOWS\$NtUninstallKB2423089$
2014-05-29 12:41:44 ----N---- C:\WINDOWS\system32\browserchoice.exe
2014-05-29 12:39:38 ----N---- C:\WINDOWS\system32\xp_eos.exe
2014-05-29 12:38:01 ----N---- C:\WINDOWS\system32\iacenc.dll
2014-05-29 12:37:21 ----A---- C:\WINDOWS\system32\drivers\aswHwid.sys
2014-05-29 12:37:15 ----A---- C:\WINDOWS\avastSS.scr
2014-05-29 12:19:53 ----D---- C:\Documents and Settings\User\Application Data\AVAST Software
2014-05-29 12:19:17 ----A---- C:\WINDOWS\system32\drivers\aswVmm.sys
2014-05-29 12:19:17 ----A---- C:\WINDOWS\system32\drivers\aswTdi.sys
2014-05-29 12:19:16 ----A---- C:\WINDOWS\system32\drivers\aswsp.sys
2014-05-29 12:19:16 ----A---- C:\WINDOWS\system32\drivers\aswsnx.sys
2014-05-29 12:19:16 ----A---- C:\WINDOWS\system32\drivers\aswRvrt.sys
2014-05-29 12:19:16 ----A---- C:\WINDOWS\system32\drivers\aswrdr.sys
2014-05-29 12:19:16 ----A---- C:\WINDOWS\system32\drivers\aswmonflt.sys
2014-05-29 12:19:15 ----A---- C:\WINDOWS\system32\aswBoot.exe
2014-05-29 12:18:35 ----D---- C:\Program Files\AVAST Software
2014-05-29 12:17:09 ----D---- C:\Documents and Settings\All Users\Application Data\AVAST Software
2014-05-29 12:15:48 ----D---- C:\WINDOWS\system32\PreInstall
2014-05-29 12:15:47 ----HDC---- C:\WINDOWS\$NtUninstallKB898461$
2014-05-29 12:08:37 ----D---- C:\WINDOWS\system32\SoftwareDistribution
======List of files/folders modified in the last 1 month======
2014-06-03 12:27:23 ----RD---- C:\Program Files
2014-06-03 12:19:03 ----D---- C:\WINDOWS\Temp
2014-06-03 11:22:45 ----SHD---- C:\WINDOWS\Installer
2014-06-03 11:22:32 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2014-06-03 11:12:42 ----D---- C:\Program Files\Common Files
2014-06-03 11:06:53 ----D---- C:\WINDOWS\system32
2014-06-03 08:25:59 ----D---- C:\WINDOWS
2014-06-03 08:24:26 ----D---- C:\WINDOWS\system32\CatRoot2
2014-06-02 20:54:05 ----D---- C:\WINDOWS\system32\DirectX
2014-06-02 20:54:04 ----HD---- C:\WINDOWS\inf
2014-06-02 20:53:22 ----RSD---- C:\WINDOWS\assembly
2014-06-02 20:53:03 ----D---- C:\WINDOWS\Microsoft.NET
2014-06-02 16:26:44 ----SD---- C:\Documents and Settings\User\Application Data\Microsoft
2014-06-02 15:16:53 ----D---- C:\Program Files\Microsoft Works
2014-06-02 15:12:27 ----RSD---- C:\WINDOWS\Fonts
2014-06-02 15:11:42 ----D---- C:\Program Files\Common Files\Microsoft Shared
2014-06-02 14:02:45 ----D---- C:\WINDOWS\WinSxS
2014-06-02 08:16:03 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2014-06-01 12:02:20 ----SD---- C:\WINDOWS\Tasks
2014-06-01 09:55:45 ----RSHDC---- C:\WINDOWS\system32\dllcache
2014-06-01 09:55:44 ----D---- C:\WINDOWS\system32\en-US
2014-06-01 09:55:44 ----D---- C:\WINDOWS\Help
2014-06-01 09:55:44 ----D---- C:\Program Files\Internet Explorer
2014-06-01 09:54:52 ----D---- C:\WINDOWS\ie8updates
2014-06-01 09:54:00 ----D---- C:\WINDOWS\WBEM
2014-06-01 09:54:00 ----D---- C:\WINDOWS\Media
2014-06-01 09:38:38 ----D---- C:\WINDOWS\system32\CatRoot
2014-06-01 09:35:58 ----HD---- C:\WINDOWS\$hf_mig$
2014-06-01 09:27:36 ----D---- C:\WINDOWS\Debug
2014-05-31 14:30:00 ----D---- C:\Program Files\Google
2014-05-30 19:26:50 ----D---- C:\WINDOWS\system32\drivers\etc
2014-05-30 17:58:09 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2014-05-30 12:08:06 ----D---- C:\Documents and Settings\All Users\Application Data\Skype
2014-05-30 11:32:08 ----D---- C:\WINDOWS\system32\drivers
2014-05-30 11:25:49 ----A---- C:\WINDOWS\system.ini
2014-05-30 11:15:41 ----D---- C:\WINDOWS\system32\LogFiles
2014-05-29 16:42:24 ----D---- C:\WINDOWS\system32\config
2014-05-29 13:58:04 ----D---- C:\WINDOWS\system32\spool
2014-05-29 13:48:11 ----D---- C:\WINDOWS\AppPatch
2014-05-29 13:21:00 ----D---- C:\Program Files\Outlook Express
2014-05-29 13:20:06 ----D---- C:\Program Files\Movie Maker
2014-05-29 12:46:03 ----D---- C:\WINDOWS\Prefetch
2014-05-29 12:08:46 ----D---- C:\WINDOWS\SoftwareDistribution
2014-05-28 14:53:52 ----D---- C:\Documents and Settings\User\Application Data\Adobe
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 aswRvrt;avast! Revert; C:\WINDOWS\system32\drivers\aswRvrt.sys [2014-05-29 49944]
R0 aswVmm;avast! VM Monitor; C:\WINDOWS\system32\drivers\aswVmm.sys [2014-05-29 180632]
R0 iaStor;Intel AHCI Controller; C:\WINDOWS\system32\drivers\iaStor.sys [2008-09-12 327192]
R1 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2014-05-29 54832]
R1 aswSnx;aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [2014-05-29 777488]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2014-05-29 411680]
R1 aswTdi;aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [2014-05-29 57672]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 36352]
R2 aswHwid;avast! HardwareID; C:\WINDOWS\system32\drivers\aswHwid.sys [2014-05-29 24184]
R2 aswMonFlt;aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [2014-05-29 67824]
R2 fssfltr;FssFltr; C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys [2009-02-07 55152]
R3 AsusACPI;ASUS ACPI Driver; C:\WINDOWS\system32\DRIVERS\ASUSACPI.sys [2008-04-08 10752]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-14 144384]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2007-12-19 5854688]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2009-04-27 5074944]
R3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller; C:\WINDOWS\system32\DRIVERS\l1c51x86.sys [2009-03-02 38912]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 RT80x86;Ralink 802.11n Wireless Driver; C:\WINDOWS\system32\DRIVERS\RT2860.sys [2009-07-11 1015424]
R3 SNP2UVC;USB2.0 PC Camera (SNP2UVC); C:\WINDOWS\system32\DRIVERS\snp2uvc.sys [2009-03-14 1759616]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2009-04-09 208816]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
R3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2008-03-28 503008]
S3 Ambfilt;Ambfilt; C:\WINDOWS\system32\drivers\Ambfilt.sys [2008-08-05 1684736]
S3 AmUStor;AM USB Stroage Driver; C:\WINDOWS\system32\drivers\AmUStor.SYS []
S3 btaudio;Bluetooth Audio Device; C:\WINDOWS\system32\drivers\btaudio.sys []
S3 BTDriver;Bluetooth Virtual Communications Driver; C:\WINDOWS\system32\DRIVERS\btport.sys []
S3 BTWDNDIS;Bluetooth LAN Access Server; C:\WINDOWS\system32\DRIVERS\btwdndis.sys []
S3 btwhid;btwhid; C:\WINDOWS\system32\DRIVERS\btwhid.sys []
S3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 Monfilt;Monfilt; C:\WINDOWS\system32\drivers\Monfilt.sys [2006-01-04 1389056]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2013-08-09 32384]
S3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 usbvideo;USB Video Device (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2013-07-17 123008]
S3 uvclf;uvclf; C:\WINDOWS\system32\DRIVERS\uvclf.sys [2008-11-19 39040]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-29 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-29 82944]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-05-29 50344]
R2 SDScannerService;Spybot-S&D 2 Scanner Service; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [2012-11-13 1103392]
R2 SDUpdateService;Spybot-S&D 2 Updating Service; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2012-11-13 1369624]
R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-01-15 226656]
S2 CltMngSvc;Search Protect Service; C:\PROGRA~1\SearchProtect\Main\bin\CltMngSvc.exe []
S2 SDWSCService;Spybot-S&D 2 Security Center Service; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [2012-11-13 168384]
S2 VideoDownloadConverter_4zService;VideoDownloadConverterService; C:\PROGRA~1\VIDEOD~1\bar\1.bin\4zbarsvc.exe [2014-05-31 88648]
S2 Wajam Internet Enhancer Service;Wajam Internet Enhancer Service; C:\Program Files\Wajam\Wajam Internet Enhancer\WajamInternetEnhancerService.exe []
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-31 257712]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 fsssvc;Windows Live Family Safety; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2009-02-07 533360]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-19 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
-----------------EOF-----------------
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Prosim o kontrolu
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
-
cernohous13
- VIP in memoriam
- Příspěvky: 8721
- Registrován: 09 pro 2006 06:19
- Bydliště: Jablonec nad Nisou
- Kontaktovat uživatele:
Re: Prosim o kontrolu
Vítám tě u nás 
Odinstaluj C:\Program Files\Spybot - Search & Destroy 2 - mohl by Avastu překážet 
Stáhni Junkware Removal Tool http://thisisudax.org/downloads/JRT.exe
Ulož jej na plochu a spusť - zobrazí se licenční podminky -> start libovolnou klávesou.
Bude vytvořena záloha a proběhne skenování.
Vyskočí log (nebo je uložen zde c:\JRT jako JRT.txt) - zkopíruj jej sem
Stáhni AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner
Ulož nejlépe na plochu -> ukonči všechny programy -> spusť AdwCleaner -> klikni na Scan po dokončení na Clean
bude provedena oprava, restartuje se - (případně restartuj) a vypadne log C:\AdwCleaner\AdwCleaner[S?].txt , jeho obsah vložíš sem
pravděpodobně budeš nucen vypnout na tu chvíli antivir - je to čisté, prověřeno
Odinstaluj C:\Program Files\Spybot - Search & Destroy 2 - mohl by Avastu překážet Stáhni Junkware Removal Tool http://thisisudax.org/downloads/JRT.exeUlož jej na plochu a spusť - zobrazí se licenční podminky -> start libovolnou klávesou.
Bude vytvořena záloha a proběhne skenování.
Vyskočí log (nebo je uložen zde c:\JRT jako JRT.txt) - zkopíruj jej sem
Stáhni AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleanerUlož nejlépe na plochu -> ukonči všechny programy -> spusť AdwCleaner -> klikni na Scan po dokončení na Clean
bude provedena oprava, restartuje se - (případně restartuj) a vypadne log C:\AdwCleaner\AdwCleaner[S?].txt , jeho obsah vložíš sem
pravděpodobně budeš nucen vypnout na tu chvíli antivir - je to čisté, prověřeno
Log bude zde C:\zoek-results.logvyosek píše:
Kód: Vybrat vše
srinfo; autoclean; emptyclsid; iedefaults; process; hijackthis; emptyalltemp; resethosts;- Nasledne kliknete na Run Script
- PC provede opravu, restartuje se a da Vam log, jeho obsah vlozte sem
Doporučení:
V průběhu léčení prováděj nové instalace a odinstalace jen na můj pokyn.
Důkladně prostuduj a proveď celou operaci podle mé odpovědi.
V případě nejasností se zeptej - vysvětlím
-------------------------------------------------------------------------------------------------
> Podpora fóra <
V průběhu léčení prováděj nové instalace a odinstalace jen na můj pokyn.
Důkladně prostuduj a proveď celou operaci podle mé odpovědi.
V případě nejasností se zeptej - vysvětlím
-------------------------------------------------------------------------------------------------
> Podpora fóra <
Re: Prosim o kontrolu
Posilam udelane logy.
Log JRT:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Microsoft Windows XP x86
Ran by User on Łt 03.06.2014 at 16:02:33,67
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
Successfully stopped: [Service] cltmngsvc
Successfully deleted: [Service] cltmngsvc
Successfully stopped: [Service] videodownloadconverter_4zservice
Successfully deleted: [Service] videodownloadconverter_4zservice
~~~ Registry Values
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\videodownloadconverter search scope monitor
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\videodownloadconverter_4z browser plugin loader
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\im
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\smartbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\sweetim
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\wajam
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\smartbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\&search
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\installiq
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\wajam
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\videodownloadconverter_4z.feedmanager
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\videodownloadconverter_4z.feedmanager.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\videodownloadconverter_4z.htmlmenu
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\videodownloadconverter_4z.htmlmenu.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\videodownloadconverter_4z.htmlpanel
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\videodownloadconverter_4z.htmlpanel.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\videodownloadconverter_4z.multiplebutton
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\videodownloadconverter_4z.multiplebutton.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\videodownloadconverter_4z.pseudotransparentplugin
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\videodownloadconverter_4z.pseudotransparentplugin.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\videodownloadconverter_4z.radio
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\videodownloadconverter_4z.radio.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\videodownloadconverter_4z.radiosettings
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\videodownloadconverter_4z.radiosettings.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\videodownloadconverter_4z.scriptbutton
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\videodownloadconverter_4z.scriptbutton.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\videodownloadconverter_4z.settingsplugin
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\videodownloadconverter_4z.settingsplugin.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\videodownloadconverter_4z.thirdpartyinstaller
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\videodownloadconverter_4z.thirdpartyinstaller.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT3329621
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{cf6e4b1c-dbde-457e-9cef-ab8ecac8a5e8}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{EC4F3E8E-85D0-44AF-A361-4FF95C2C5F65}
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\apn"
Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\big fish"
Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\iwin"
Successfully deleted: [Folder] "C:\Documents and Settings\User\Application Data\iwin"
Successfully deleted: [Folder] "C:\Documents and Settings\User\Application Data\videodownloadconverter_4z"
Successfully deleted: [Folder] "C:\Documents and Settings\User\Local Settings\Application Data\big fish"
Successfully deleted: [Folder] "C:\Documents and Settings\User\Local Settings\Application Data\cre"
Successfully deleted: [Folder] "C:\Documents and Settings\User\Local Settings\Application Data\iac"
Successfully deleted: [Folder] "C:\Program Files\searchprotect"
Failed to delete: [Folder] "C:\Program Files\videodownloadconverter_4z"
Successfully deleted: [Folder] "C:\Program Files\wajam"
Successfully deleted: [Folder] "C:\Documents and Settings\All Users\start menu\programs\wajam"
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Łt 03.06.2014 at 16:27:35,85
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
____________________________________________________________________________________
Log adwcleaner:
# AdwCleaner v3.211 - Report created 03/06/2014 at 16:35:53
# Updated 26/05/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : User - YOUR-V9X9ZU7HBD
# Running from : C:\Documents and Settings\User\Desktop\adwcleaner_3.211.exe
# Option : Clean
***** [ Services ] *****
[#] Service Deleted : Wajam Internet Enhancer Service
***** [ Files / Folders ] *****
Folder Deleted : C:\Documents and Settings\All Users\Application Data\2308189059
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Tbccint
Folder Deleted : C:\Program Files\VideoDownloadConverter_4z
Folder Deleted : C:\Documents and Settings\User\Local Settings\Application Data\NativeMessaging
Folder Deleted : C:\Documents and Settings\User\Local Settings\Application Data\Tbccint
Folder Deleted : C:\DOCUME~1\User\LOCALS~1\Temp\NativeMessaging
[!] Folder Deleted : C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lgjdjiangcoaaboompdhbhcaedmmhajl
[!] Folder Deleted : C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lgjdjiangcoaaboompdhbhcaedmmhajl
***** [ Shortcuts ] *****
Shortcut Disinfected : C:\Documents and Settings\All Users\Start Menu\Programs\FileParade bundle uninstaller\FileParade bundle uninstaller.lnk
***** [ Registry ] *****
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\lgjdjiangcoaaboompdhbhcaedmmhajl
Key Deleted : HKLM\SOFTWARE\Classes\AppID\WLXQuickTimeShellExt.DLL
Key Deleted : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.ToolbarProtector
Key Deleted : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.ToolbarProtector.1
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@VideoDownloadConverter_4z.com/Plugin
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1F6F39C1-00A8-4752-A94C-D0EA92D978B6}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2A1260C1-2964-453F-B0BA-FA429472EB5F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{312F84FB-8970-4FD3-BDDB-7012EAC4AFC9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{363D5C92-10DC-4287-93E5-1832EECC48EC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3719959C-1CCD-4FA7-8EBB-7D9DED86FCCB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3B41BE90-F731-4137-AFF3-2CA951E7F0D9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3D429207-4689-492D-A0E5-CDC5DFBB5005}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4128C64D-F0DD-4811-9405-D22294E8151F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{48586425-6BB7-4F51-8DC6-38C88E3EBB58}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5354D921-3F52-47C5-938D-77A2FB6DEFE7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{69407823-3494-4400-8D49-612549E8F4EE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{71144427-1368-4D18-8DC9-2AE3CC4C4F83}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{84B7B98F-E018-4DBB-AB4C-4DDD3DFCB5FB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8FCA5302-6D6D-4645-BF99-D43CF76CE474}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A86782D8-7B41-452F-A217-1854F72DBA54}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C547C6C2-561B-4169-A2A5-20BA771CA93B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DD385519-22E7-4BE2-8A8D-35C66DF4858E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{ED345812-2722-4DCA-9976-D01832DB44EE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FF48DBA6-5DD8-4D10-9EB0-0FA968502E66}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD2049E-E483-4425-8555-8E0775ACB631}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2D73F2D0-2FAB-458E-977D-2F9050E0ED60}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3E9469AF-E866-4476-B767-810630F1F6E7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{47700C35-9E3E-4DAD-934C-0CE28A87237C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{716E443D-7CAA-44F1-866B-F45D00E712CC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{72063D77-7590-4DA9-A7F8-F5ECAF3632C4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7FC87AC5-FA93-476E-A32C-A941229DED0B}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{192F487E-E812-40C0-B0DE-CB4BFA20F37B}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2D3826A1-F3E8-45D6-94B5-C26D8EC0073B}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{37923200-6887-4B44-95D4-CAE8F83ECFEE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{3EE17DD1-E28B-4AED-A3B2-9C29CB2C19D6}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{79332472-47F3-4E32-B07F-CF8DF4C58499}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{886F93AD-3CBB-4424-8442-A7340243540F}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{AA289DBC-59B6-40A5-AC7D-C90DF850289C}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{BC153A3C-0BB7-4EED-83AE-28E6E398F56E}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{CA723163-6FAD-43D4-8B93-0D8C52BD9974}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{F1F328EB-F5A5-432B-A54C-05F3EF5B0BD8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{FE8DBB09-C3D3-4477-80CB-D38914B94BB8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{312F84FB-8970-4FD3-BDDB-7012EAC4AFC9}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C547C6C2-561B-4169-A2A5-20BA771CA93B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{312F84FB-8970-4FD3-BDDB-7012EAC4AFC9}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{48586425-6BB7-4F51-8DC6-38C88E3EBB58}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C547C6C2-561B-4169-A2A5-20BA771CA93B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1F6F39C1-00A8-4752-A94C-D0EA92D978B6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5354D921-3F52-47C5-938D-77A2FB6DEFE7}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{71144427-1368-4D18-8DC9-2AE3CC4C4F83}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A86782D8-7B41-452F-A217-1854F72DBA54}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{ED345812-2722-4DCA-9976-D01832DB44EE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3D429207-4689-492D-A0E5-CDC5DFBB5005}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{48586425-6BB7-4F51-8DC6-38C88E3EBB58}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{48586425-6BB7-4F51-8DC6-38C88E3EBB58}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{93A3111F-4F74-4ED8-895E-D9708497629E}]
Key Deleted : HKCU\Software\Tbccint
Key Deleted : HKCU\Software\Tbccint_HKLM
Key Deleted : HKCU\Software\TbccintSearchScopes
Key Deleted : HKCU\Software\VideoDownloadConverter_4z
Key Deleted : HKCU\Software\WEDLMNGR
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKCU\Software\AppDataLow\Software
Key Deleted : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : HKLM\Software\VideoDownloadConverter_4z
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FileParade bundle uninstaller
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VideoDownloadConverter_4zbar Uninstall Firefox
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\FileParade bundle uninstaller
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SearchProtect
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Wajam
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4
***** [ Browsers ] *****
-\\ Internet Explorer v6.0.2900.5512
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [SearchMigratedDefaultName]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [SearchMigratedDefaultUrl]
-\\ Google Chrome v
[ File : C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]
Deleted [Search Provider] : hxxp://uk.ask.com/web?q={searchTerms}
Deleted [Search Provider] : hxxp://trovi.com/Results.aspx?q={searchTerms}&SearchSource=49&CUI=UN68850742720171098&ctid=CT3329621&UM=4
*************************
AdwCleaner[R0].txt - [9218 octets] - [03/06/2014 16:32:36]
AdwCleaner[S0].txt - [8706 octets] - [03/06/2014 16:35:53]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [8766 octets] ##########
Log Zoek:
Zoek.exe v5.0.0.0 Updated 02-June-2014
Tool run by User on Łt 03.06.2014 at 16:46:27,06.
Microsoft Windows XP Home Edition 5.1.2600 Service Pack 3 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Documents and Settings\User\Desktop\zoek.exe [Scan all users] [Script inserted]
==== System Restore Info ======================
3.6.2014 16:48:11 Zoek.exe System Restore Point Created Succesfully.
==== Reset Hosts File ======================
# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
127.0.0.1 localhost
==== Deleting CLSID Registry Keys ======================
HKEY_USERS\S-1-5-21-3370533250-3650299419-1351793285-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5C255C8A-E604-49b4-9D64-90988571CECB} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB} deleted successfully
==== Deleting CLSID Registry Values ======================
==== Running Processes ======================
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe
C:\Program Files\EeePC\ACPI\AsEPCMon.exe
C:\Program Files\EeePC\ACPI\AsTray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ASUS\Eee Docking\Eee Docking.exe
C:\WINDOWS\system32\igfxext.exe
C:\Program Files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\User\Desktop\zoek.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
==== Deleting Services ======================
==== Deleting Files \ Folders ======================
C:\Program Files\sweetpacks bundle uninstaller_BS.Player_1505863 deleted
C:\WINDOWS\wininit.ini deleted
======== System Restore Points ========
RP8: 30.5.2014 10:17:59 - Software Distribution Service 3.0
RP9: 30.5.2014 10:50:33 - Software Distribution Service 3.0
RP10: 30.5.2014 11:30:34 - Software Distribution Service 3.0
RP11: 30.5.2014 12:03:53 - Revo Uninstaller's restore point - Skype™ 4.1
RP12: 30.5.2014 12:05:01 - Removed Skype™ 4.1
RP13: 30.5.2014 12:09:04 - Revo Uninstaller's restore point - Skype web features
RP14: 30.5.2014 12:09:55 - Removed Skype web features
RP15: 30.5.2014 12:21:53 - Software Distribution Service 3.0
RP16: 30.5.2014 17:59:04 - Revo Uninstaller's restore point - XnView 2.22
RP17: 31.5.2014 11:12:12 - Revo Uninstaller's restore point - Google Chrome
RP18: 31.5.2014 11:14:07 - Revo Uninstaller's restore point - CCleaner
RP19: 31.5.2014 11:15:33 - Revo Uninstaller's restore point - Windows Internet Explorer 8
RP20: 31.5.2014 12:20:50 - Revo Uninstaller's restore point - Opera Stable 21.0.1432.67
RP21: 31.5.2014 14:29:09 - Revo Uninstaller's restore point - Google Chrome
RP22: 1.6.2014 9:23:13 - Software Distribution Service 3.0
RP23: 1.6.2014 9:53:28 - Revo Uninstaller's restore point - Windows Internet Explorer 8
RP24: 1.6.2014 10:04:10 - Revo Uninstaller's restore point - OpenAL
RP25: 1.6.2014 10:07:49 - Revo Uninstaller's restore point - Atheros Client Installation Program
RP26: 1.6.2014 10:14:01 - Revo Uninstaller's restore point - Ralink RT2860 Wireless LAN Card
RP27: 1.6.2014 14:15:31 - Installed DirectX
RP28: 1.6.2014 14:35:48 - Revo Uninstaller's restore point - Puzzle Quest
RP29: 1.6.2014 14:39:41 - Installed DirectX
RP30: 2.6.2014 12:03:18 - Revo Uninstaller's restore point - TheSage
RP31: 2.6.2014 13:59:46 - Software Distribution Service 3.0
RP32: 2.6.2014 14:22:57 - Revo Uninstaller's restore point - Puzzle Quest 2 Free Trial
RP33: 2.6.2014 15:05:44 - Revo Uninstaller's restore point - Jewel Quest Mysteries The Seventh Gate Collectors Edition 1.27
RP34: 2.6.2014 15:07:38 - Software Distribution Service 3.0
RP35: 2.6.2014 20:52:51 - Installed DirectX
RP36: 3.6.2014 11:00:57 - Software Distribution Service 3.0
RP37: 3.6.2014 15:54:53 - Revo Uninstaller's restore point - Spybot - Search & Destroy
RP38: 3.6.2014 16:48:11 - zoek.exe restore point
==== Firefox Extensions Registry ======================
[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{20a82645-c095-46ed-80e3-08825760534b}"="C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension" [30.05.2014 11:08]
==== Chrome Look ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[29.05.2014 12:36]
avast Online Security - User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
"SearchMigratedDefaultName"="http://www.google.com"
"SearchMigratedDefaultUrl"="http://www.google.com"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"SearchMigratedDefaultName"="http://go.microsoft.com/fwlink/?LinkId=54896"
"SearchMigratedDefaultUrl"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="http://www.google.com"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://search.msn.com/results.asp?q=%s"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTer ... ORM=IE8SRC"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchT ... {startPage}"
{EABF545E-C9BA-4807-A82B-B61188114C62} Google Url="https://www.google.com/search?q={searchTerms}"
==== Reset IE Proxy ======================
Value(s) before fix:
"ProxyServer"="http=127.0.0.1:2444;https=127.0.0.1:2444"
"ProxyOverride"="<-loopback>;<local>"
"ProxyEnable"=dword:00000000
Value(s) after fix:
"ProxyEnable"=dword:00000000
==== HijackThis Entries ======================
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://get.adobe.com/flashplayer/comple ... &appid=200
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AsusACPIServer] C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe
O4 - HKLM\..\Run: [AsusEPCMonitor] C:\Program Files\EeePC\ACPI\AsEPCMon.exe
O4 - HKLM\..\Run: [AsusTray] C:\Program Files\EeePC\ACPI\AsTray.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SynAsusAcpi] C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe
O4 - HKLM\..\Run: [snp2uvc] C:\WINDOWS\vsnp2uvc.exe
O4 - HKLM\..\Run: [LiveUpdate] C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe auto
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [VideoDownloadConverter Home Page Guard 32 bit] "C:\PROGRA~1\VIDEOD~1\bar\1.bin\AppIntegrator.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Eee Docking] C:\Program Files\ASUS\Eee Docking\Eee Docking.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: SuperHybridEngine.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
==== Empty IE Cache ======================
C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
==== Empty FireFox Cache ======================
No FireFox Profiles found
==== Empty Chrome Cache ======================
C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache emptied successfully
==== Empty All Flash Cache ======================
Flash Cache Emptied Successfully
==== Empty All Java Cache ======================
No Java Cache Found
==== C:\zoek_backup content ======================
C:\zoek_backup (files=3 folders=1 385227 bytes)
==== Empty Temp Folders ======================
C:\Documents and Settings\Default User\Local Settings\Temp emptied successfully
C:\Documents and Settings\LocalService\Local Settings\Temp emptied successfully
C:\Documents and Settings\NetworkService\Local Settings\Temp emptied successfully
C:\Documents and Settings\User\Local Settings\Temp will be emptied at reboot
C:\WINDOWS\Temp will be emptied at reboot
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\WINDOWS\Temp successfully emptied
C:\DOCUME~1\User\LOCALS~1\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\RECYCLER successfully emptied
==== Deleting Files / Folders ======================
"C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat" not deleted
"C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\index.dat" not found
==== EOF on Łt 03.06.2014 at 17:28:04,85 ======================
Log JRT:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Microsoft Windows XP x86
Ran by User on Łt 03.06.2014 at 16:02:33,67
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
Successfully stopped: [Service] cltmngsvc
Successfully deleted: [Service] cltmngsvc
Successfully stopped: [Service] videodownloadconverter_4zservice
Successfully deleted: [Service] videodownloadconverter_4zservice
~~~ Registry Values
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\videodownloadconverter search scope monitor
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\videodownloadconverter_4z browser plugin loader
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\im
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\smartbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\sweetim
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\wajam
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\smartbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\&search
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\installiq
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\wajam
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\videodownloadconverter_4z.feedmanager
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\videodownloadconverter_4z.feedmanager.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\videodownloadconverter_4z.htmlmenu
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\videodownloadconverter_4z.htmlmenu.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\videodownloadconverter_4z.htmlpanel
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\videodownloadconverter_4z.htmlpanel.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\videodownloadconverter_4z.multiplebutton
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\videodownloadconverter_4z.multiplebutton.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\videodownloadconverter_4z.pseudotransparentplugin
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\videodownloadconverter_4z.pseudotransparentplugin.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\videodownloadconverter_4z.radio
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\videodownloadconverter_4z.radio.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\videodownloadconverter_4z.radiosettings
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\videodownloadconverter_4z.radiosettings.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\videodownloadconverter_4z.scriptbutton
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\videodownloadconverter_4z.scriptbutton.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\videodownloadconverter_4z.settingsplugin
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\videodownloadconverter_4z.settingsplugin.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\videodownloadconverter_4z.thirdpartyinstaller
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\videodownloadconverter_4z.thirdpartyinstaller.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT3329621
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{cf6e4b1c-dbde-457e-9cef-ab8ecac8a5e8}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{EC4F3E8E-85D0-44AF-A361-4FF95C2C5F65}
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\apn"
Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\big fish"
Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\iwin"
Successfully deleted: [Folder] "C:\Documents and Settings\User\Application Data\iwin"
Successfully deleted: [Folder] "C:\Documents and Settings\User\Application Data\videodownloadconverter_4z"
Successfully deleted: [Folder] "C:\Documents and Settings\User\Local Settings\Application Data\big fish"
Successfully deleted: [Folder] "C:\Documents and Settings\User\Local Settings\Application Data\cre"
Successfully deleted: [Folder] "C:\Documents and Settings\User\Local Settings\Application Data\iac"
Successfully deleted: [Folder] "C:\Program Files\searchprotect"
Failed to delete: [Folder] "C:\Program Files\videodownloadconverter_4z"
Successfully deleted: [Folder] "C:\Program Files\wajam"
Successfully deleted: [Folder] "C:\Documents and Settings\All Users\start menu\programs\wajam"
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Łt 03.06.2014 at 16:27:35,85
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
____________________________________________________________________________________
Log adwcleaner:
# AdwCleaner v3.211 - Report created 03/06/2014 at 16:35:53
# Updated 26/05/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : User - YOUR-V9X9ZU7HBD
# Running from : C:\Documents and Settings\User\Desktop\adwcleaner_3.211.exe
# Option : Clean
***** [ Services ] *****
[#] Service Deleted : Wajam Internet Enhancer Service
***** [ Files / Folders ] *****
Folder Deleted : C:\Documents and Settings\All Users\Application Data\2308189059
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Tbccint
Folder Deleted : C:\Program Files\VideoDownloadConverter_4z
Folder Deleted : C:\Documents and Settings\User\Local Settings\Application Data\NativeMessaging
Folder Deleted : C:\Documents and Settings\User\Local Settings\Application Data\Tbccint
Folder Deleted : C:\DOCUME~1\User\LOCALS~1\Temp\NativeMessaging
[!] Folder Deleted : C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lgjdjiangcoaaboompdhbhcaedmmhajl
[!] Folder Deleted : C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lgjdjiangcoaaboompdhbhcaedmmhajl
***** [ Shortcuts ] *****
Shortcut Disinfected : C:\Documents and Settings\All Users\Start Menu\Programs\FileParade bundle uninstaller\FileParade bundle uninstaller.lnk
***** [ Registry ] *****
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\lgjdjiangcoaaboompdhbhcaedmmhajl
Key Deleted : HKLM\SOFTWARE\Classes\AppID\WLXQuickTimeShellExt.DLL
Key Deleted : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.ToolbarProtector
Key Deleted : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.ToolbarProtector.1
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@VideoDownloadConverter_4z.com/Plugin
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1F6F39C1-00A8-4752-A94C-D0EA92D978B6}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2A1260C1-2964-453F-B0BA-FA429472EB5F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{312F84FB-8970-4FD3-BDDB-7012EAC4AFC9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{363D5C92-10DC-4287-93E5-1832EECC48EC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3719959C-1CCD-4FA7-8EBB-7D9DED86FCCB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3B41BE90-F731-4137-AFF3-2CA951E7F0D9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3D429207-4689-492D-A0E5-CDC5DFBB5005}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4128C64D-F0DD-4811-9405-D22294E8151F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{48586425-6BB7-4F51-8DC6-38C88E3EBB58}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5354D921-3F52-47C5-938D-77A2FB6DEFE7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{69407823-3494-4400-8D49-612549E8F4EE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{71144427-1368-4D18-8DC9-2AE3CC4C4F83}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{84B7B98F-E018-4DBB-AB4C-4DDD3DFCB5FB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8FCA5302-6D6D-4645-BF99-D43CF76CE474}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A86782D8-7B41-452F-A217-1854F72DBA54}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C547C6C2-561B-4169-A2A5-20BA771CA93B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DD385519-22E7-4BE2-8A8D-35C66DF4858E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{ED345812-2722-4DCA-9976-D01832DB44EE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FF48DBA6-5DD8-4D10-9EB0-0FA968502E66}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD2049E-E483-4425-8555-8E0775ACB631}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2D73F2D0-2FAB-458E-977D-2F9050E0ED60}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3E9469AF-E866-4476-B767-810630F1F6E7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{47700C35-9E3E-4DAD-934C-0CE28A87237C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{716E443D-7CAA-44F1-866B-F45D00E712CC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{72063D77-7590-4DA9-A7F8-F5ECAF3632C4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7FC87AC5-FA93-476E-A32C-A941229DED0B}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{192F487E-E812-40C0-B0DE-CB4BFA20F37B}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2D3826A1-F3E8-45D6-94B5-C26D8EC0073B}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{37923200-6887-4B44-95D4-CAE8F83ECFEE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{3EE17DD1-E28B-4AED-A3B2-9C29CB2C19D6}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{79332472-47F3-4E32-B07F-CF8DF4C58499}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{886F93AD-3CBB-4424-8442-A7340243540F}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{AA289DBC-59B6-40A5-AC7D-C90DF850289C}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{BC153A3C-0BB7-4EED-83AE-28E6E398F56E}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{CA723163-6FAD-43D4-8B93-0D8C52BD9974}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{F1F328EB-F5A5-432B-A54C-05F3EF5B0BD8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{FE8DBB09-C3D3-4477-80CB-D38914B94BB8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{312F84FB-8970-4FD3-BDDB-7012EAC4AFC9}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C547C6C2-561B-4169-A2A5-20BA771CA93B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{312F84FB-8970-4FD3-BDDB-7012EAC4AFC9}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{48586425-6BB7-4F51-8DC6-38C88E3EBB58}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C547C6C2-561B-4169-A2A5-20BA771CA93B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1F6F39C1-00A8-4752-A94C-D0EA92D978B6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5354D921-3F52-47C5-938D-77A2FB6DEFE7}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{71144427-1368-4D18-8DC9-2AE3CC4C4F83}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A86782D8-7B41-452F-A217-1854F72DBA54}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{ED345812-2722-4DCA-9976-D01832DB44EE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3D429207-4689-492D-A0E5-CDC5DFBB5005}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{48586425-6BB7-4F51-8DC6-38C88E3EBB58}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{48586425-6BB7-4F51-8DC6-38C88E3EBB58}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{93A3111F-4F74-4ED8-895E-D9708497629E}]
Key Deleted : HKCU\Software\Tbccint
Key Deleted : HKCU\Software\Tbccint_HKLM
Key Deleted : HKCU\Software\TbccintSearchScopes
Key Deleted : HKCU\Software\VideoDownloadConverter_4z
Key Deleted : HKCU\Software\WEDLMNGR
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKCU\Software\AppDataLow\Software
Key Deleted : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : HKLM\Software\VideoDownloadConverter_4z
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FileParade bundle uninstaller
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VideoDownloadConverter_4zbar Uninstall Firefox
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\FileParade bundle uninstaller
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SearchProtect
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Wajam
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4
***** [ Browsers ] *****
-\\ Internet Explorer v6.0.2900.5512
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [SearchMigratedDefaultName]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [SearchMigratedDefaultUrl]
-\\ Google Chrome v
[ File : C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]
Deleted [Search Provider] : hxxp://uk.ask.com/web?q={searchTerms}
Deleted [Search Provider] : hxxp://trovi.com/Results.aspx?q={searchTerms}&SearchSource=49&CUI=UN68850742720171098&ctid=CT3329621&UM=4
*************************
AdwCleaner[R0].txt - [9218 octets] - [03/06/2014 16:32:36]
AdwCleaner[S0].txt - [8706 octets] - [03/06/2014 16:35:53]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [8766 octets] ##########
Log Zoek:
Zoek.exe v5.0.0.0 Updated 02-June-2014
Tool run by User on Łt 03.06.2014 at 16:46:27,06.
Microsoft Windows XP Home Edition 5.1.2600 Service Pack 3 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Documents and Settings\User\Desktop\zoek.exe [Scan all users] [Script inserted]
==== System Restore Info ======================
3.6.2014 16:48:11 Zoek.exe System Restore Point Created Succesfully.
==== Reset Hosts File ======================
# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
127.0.0.1 localhost
==== Deleting CLSID Registry Keys ======================
HKEY_USERS\S-1-5-21-3370533250-3650299419-1351793285-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5C255C8A-E604-49b4-9D64-90988571CECB} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB} deleted successfully
==== Deleting CLSID Registry Values ======================
==== Running Processes ======================
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe
C:\Program Files\EeePC\ACPI\AsEPCMon.exe
C:\Program Files\EeePC\ACPI\AsTray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ASUS\Eee Docking\Eee Docking.exe
C:\WINDOWS\system32\igfxext.exe
C:\Program Files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\User\Desktop\zoek.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
==== Deleting Services ======================
==== Deleting Files \ Folders ======================
C:\Program Files\sweetpacks bundle uninstaller_BS.Player_1505863 deleted
C:\WINDOWS\wininit.ini deleted
======== System Restore Points ========
RP8: 30.5.2014 10:17:59 - Software Distribution Service 3.0
RP9: 30.5.2014 10:50:33 - Software Distribution Service 3.0
RP10: 30.5.2014 11:30:34 - Software Distribution Service 3.0
RP11: 30.5.2014 12:03:53 - Revo Uninstaller's restore point - Skype™ 4.1
RP12: 30.5.2014 12:05:01 - Removed Skype™ 4.1
RP13: 30.5.2014 12:09:04 - Revo Uninstaller's restore point - Skype web features
RP14: 30.5.2014 12:09:55 - Removed Skype web features
RP15: 30.5.2014 12:21:53 - Software Distribution Service 3.0
RP16: 30.5.2014 17:59:04 - Revo Uninstaller's restore point - XnView 2.22
RP17: 31.5.2014 11:12:12 - Revo Uninstaller's restore point - Google Chrome
RP18: 31.5.2014 11:14:07 - Revo Uninstaller's restore point - CCleaner
RP19: 31.5.2014 11:15:33 - Revo Uninstaller's restore point - Windows Internet Explorer 8
RP20: 31.5.2014 12:20:50 - Revo Uninstaller's restore point - Opera Stable 21.0.1432.67
RP21: 31.5.2014 14:29:09 - Revo Uninstaller's restore point - Google Chrome
RP22: 1.6.2014 9:23:13 - Software Distribution Service 3.0
RP23: 1.6.2014 9:53:28 - Revo Uninstaller's restore point - Windows Internet Explorer 8
RP24: 1.6.2014 10:04:10 - Revo Uninstaller's restore point - OpenAL
RP25: 1.6.2014 10:07:49 - Revo Uninstaller's restore point - Atheros Client Installation Program
RP26: 1.6.2014 10:14:01 - Revo Uninstaller's restore point - Ralink RT2860 Wireless LAN Card
RP27: 1.6.2014 14:15:31 - Installed DirectX
RP28: 1.6.2014 14:35:48 - Revo Uninstaller's restore point - Puzzle Quest
RP29: 1.6.2014 14:39:41 - Installed DirectX
RP30: 2.6.2014 12:03:18 - Revo Uninstaller's restore point - TheSage
RP31: 2.6.2014 13:59:46 - Software Distribution Service 3.0
RP32: 2.6.2014 14:22:57 - Revo Uninstaller's restore point - Puzzle Quest 2 Free Trial
RP33: 2.6.2014 15:05:44 - Revo Uninstaller's restore point - Jewel Quest Mysteries The Seventh Gate Collectors Edition 1.27
RP34: 2.6.2014 15:07:38 - Software Distribution Service 3.0
RP35: 2.6.2014 20:52:51 - Installed DirectX
RP36: 3.6.2014 11:00:57 - Software Distribution Service 3.0
RP37: 3.6.2014 15:54:53 - Revo Uninstaller's restore point - Spybot - Search & Destroy
RP38: 3.6.2014 16:48:11 - zoek.exe restore point
==== Firefox Extensions Registry ======================
[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{20a82645-c095-46ed-80e3-08825760534b}"="C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension" [30.05.2014 11:08]
==== Chrome Look ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[29.05.2014 12:36]
avast Online Security - User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
"SearchMigratedDefaultName"="http://www.google.com"
"SearchMigratedDefaultUrl"="http://www.google.com"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"SearchMigratedDefaultName"="http://go.microsoft.com/fwlink/?LinkId=54896"
"SearchMigratedDefaultUrl"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="http://www.google.com"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://search.msn.com/results.asp?q=%s"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTer ... ORM=IE8SRC"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchT ... {startPage}"
{EABF545E-C9BA-4807-A82B-B61188114C62} Google Url="https://www.google.com/search?q={searchTerms}"
==== Reset IE Proxy ======================
Value(s) before fix:
"ProxyServer"="http=127.0.0.1:2444;https=127.0.0.1:2444"
"ProxyOverride"="<-loopback>;<local>"
"ProxyEnable"=dword:00000000
Value(s) after fix:
"ProxyEnable"=dword:00000000
==== HijackThis Entries ======================
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://get.adobe.com/flashplayer/comple ... &appid=200
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AsusACPIServer] C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe
O4 - HKLM\..\Run: [AsusEPCMonitor] C:\Program Files\EeePC\ACPI\AsEPCMon.exe
O4 - HKLM\..\Run: [AsusTray] C:\Program Files\EeePC\ACPI\AsTray.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SynAsusAcpi] C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe
O4 - HKLM\..\Run: [snp2uvc] C:\WINDOWS\vsnp2uvc.exe
O4 - HKLM\..\Run: [LiveUpdate] C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe auto
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [VideoDownloadConverter Home Page Guard 32 bit] "C:\PROGRA~1\VIDEOD~1\bar\1.bin\AppIntegrator.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Eee Docking] C:\Program Files\ASUS\Eee Docking\Eee Docking.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: SuperHybridEngine.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
==== Empty IE Cache ======================
C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
==== Empty FireFox Cache ======================
No FireFox Profiles found
==== Empty Chrome Cache ======================
C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache emptied successfully
==== Empty All Flash Cache ======================
Flash Cache Emptied Successfully
==== Empty All Java Cache ======================
No Java Cache Found
==== C:\zoek_backup content ======================
C:\zoek_backup (files=3 folders=1 385227 bytes)
==== Empty Temp Folders ======================
C:\Documents and Settings\Default User\Local Settings\Temp emptied successfully
C:\Documents and Settings\LocalService\Local Settings\Temp emptied successfully
C:\Documents and Settings\NetworkService\Local Settings\Temp emptied successfully
C:\Documents and Settings\User\Local Settings\Temp will be emptied at reboot
C:\WINDOWS\Temp will be emptied at reboot
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\WINDOWS\Temp successfully emptied
C:\DOCUME~1\User\LOCALS~1\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\RECYCLER successfully emptied
==== Deleting Files / Folders ======================
"C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat" not deleted
"C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\index.dat" not found
==== EOF on Łt 03.06.2014 at 17:28:04,85 ======================
-
cernohous13
- VIP in memoriam
- Příspěvky: 8721
- Registrován: 09 pro 2006 06:19
- Bydliště: Jablonec nad Nisou
- Kontaktovat uživatele:
Re: Prosim o kontrolu
Stáhni a nainstaluj MBAM zde http://www.bleepingcomputer.com/downloa ... i-malware/ verzi 1.75Spustit -> na 3.záložce "Aktualizace" -> Kontrola aktualizací (možná bude provedeno automaticky)
následně na 1.záložce "Kontrolor" -> Úplná kontrola -> Prohledat
po dokončení scanu vyskočí okno Notepad s výsledkem - obsah zkopíruj do své odpovědi
zatím nic nemazat - počkej na posouzení a program zatím nezavírej
Doporučení:
V průběhu léčení prováděj nové instalace a odinstalace jen na můj pokyn.
Důkladně prostuduj a proveď celou operaci podle mé odpovědi.
V případě nejasností se zeptej - vysvětlím
-------------------------------------------------------------------------------------------------
> Podpora fóra <
V průběhu léčení prováděj nové instalace a odinstalace jen na můj pokyn.
Důkladně prostuduj a proveď celou operaci podle mé odpovědi.
V případě nejasností se zeptej - vysvětlím
-------------------------------------------------------------------------------------------------
> Podpora fóra <
Re: Prosim o kontrolu
Posilam po kontrole:
Nico Mak Computing
WinZip Malware Protector
Scan Date 3. června 2014
Database Version 1824
Total Items Found 43
Objects Scanned : 266404
Time Elapsed : 00:17:51
Name Found Items
Item Name trojan-downloader.banload
Category Trojan-Downloader
Threat Level Severe
Action Performed NoActionTaken
Items Found 18
Found Area Registry
Details Registry Key hkey_users
.default\software\microsoft\windows\currentversion\internet settings\zonemap\ranges\range10
Found Area Registry
Details Registry Key hkey_users
.default\software\microsoft\windows\currentversion\internet settings\zonemap\ranges\range10
*
Found Area Registry
Details Registry Key hkey_users
.default\software\microsoft\windows\currentversion\internet settings\zonemap\ranges\range10
:range
Found Area Registry
Details Registry Key hkey_users
.default\software\microsoft\windows\currentversion\internet settings\zonemap\ranges\range15
Found Area Registry
Details Registry Key hkey_users
.default\software\microsoft\windows\currentversion\internet settings\zonemap\ranges\range15
*
Found Area Registry
Details Registry Key hkey_users
.default\software\microsoft\windows\currentversion\internet settings\zonemap\ranges\range15
:range
Found Area Registry
Details Registry Key hkey_users
.default\software\microsoft\windows\currentversion\internet settings\zonemap\ranges\range2
Found Area Registry
Details Registry Key hkey_users
.default\software\microsoft\windows\currentversion\internet settings\zonemap\ranges\range2
*
Found Area Registry
Details Registry Key hkey_users
.default\software\microsoft\windows\currentversion\internet settings\zonemap\ranges\range2
:range
Found Area Registry
Details Registry Key hkey_users
.default\software\microsoft\windows\currentversion\internet settings\zonemap\ranges\range5
Found Area Registry
Details Registry Key hkey_users
.default\software\microsoft\windows\currentversion\internet settings\zonemap\ranges\range5
*
Found Area Registry
Details Registry Key hkey_users
.default\software\microsoft\windows\currentversion\internet settings\zonemap\ranges\range5
:range
Found Area Registry
Details Registry Key hkey_users
.default\software\microsoft\windows\currentversion\internet settings\zonemap\ranges\range6
Found Area Registry
Details Registry Key hkey_users
.default\software\microsoft\windows\currentversion\internet settings\zonemap\ranges\range6
*
Found Area Registry
Details Registry Key hkey_users
.default\software\microsoft\windows\currentversion\internet settings\zonemap\ranges\range6
:range
Found Area Registry
Details Registry Key hkey_users
.default\software\microsoft\windows\currentversion\internet settings\zonemap\ranges\range7
Found Area Registry
Details Registry Key hkey_users
.default\software\microsoft\windows\currentversion\internet settings\zonemap\ranges\range7
*
Found Area Registry
Details Registry Key hkey_users
.default\software\microsoft\windows\currentversion\internet settings\zonemap\ranges\range7
:range
Item Name roguesecurityprogram.anti-spyware-plus-2006
Category Rogue Antispyware Program
Threat Level Severe
Action Performed NoActionTaken
Items Found 21
Found Area Registry
Details Registry Key hkey_current_user
software\microsoft\windows\currentversion\internet settings\p3p\history\180solutions.com
Found Area Registry
Details Registry Key hkey_current_user
software\microsoft\windows\currentversion\internet settings\p3p\history\bluemountain.com
Found Area Registry
Details Registry Key hkey_current_user
software\microsoft\windows\currentversion\internet settings\p3p\history\casalemedia.com
Found Area Registry
Details Registry Key hkey_current_user
software\microsoft\windows\currentversion\internet settings\p3p\history\goclick.com
Found Area Registry
Details Registry Key hkey_current_user
software\microsoft\windows\currentversion\internet settings\p3p\history\shopathomeselect.com
Found Area Registry
Details Registry Key hkey_current_user
software\microsoft\windows\currentversion\internet settings\p3p\history\statcounter.com
Found Area Registry
Details Registry Key hkey_current_user
software\microsoft\windows\currentversion\internet settings\zonemap\domains\010402.com
Found Area Registry
Details Registry Key hkey_current_user
software\microsoft\windows\currentversion\internet settings\zonemap\domains\010402.com
*
Found Area Registry
Details Registry Key hkey_current_user
software\microsoft\windows\currentversion\internet settings\zonemap\domains\971searchbox.com\www
*
Found Area Registry
Details Registry Key hkey_current_user
software\microsoft\windows\currentversion\internet settings\zonemap\domains\971searchbox.com\www
Found Area Registry
Details Registry Key hkey_current_user
software\microsoft\windows\currentversion\internet settings\zonemap\domains\971searchbox.com
Found Area Registry
Details Registry Key hkey_current_user
software\microsoft\windows\currentversion\internet settings\zonemap\domains\971searchbox.com
*
Found Area Registry
Details Registry Key hkey_current_user
software\microsoft\windows\currentversion\internet settings\zonemap\domains\allforadult.com
Found Area Registry
Details Registry Key hkey_current_user
software\microsoft\windows\currentversion\internet settings\zonemap\domains\allforadult.com
*
Found Area Registry
Details Registry Key hkey_current_user
software\microsoft\windows\currentversion\internet settings\zonemap\domains\angelfire.com
Found Area Registry
Details Registry Key hkey_current_user
software\microsoft\windows\currentversion\internet settings\zonemap\domains\angelfire.com\fuviseni
Found Area Registry
Details Registry Key hkey_current_user
software\microsoft\windows\currentversion\internet settings\zonemap\domains\angelfire.com\fuviseni
*
Found Area Registry
Details Registry Key hkey_current_user
software\microsoft\windows\currentversion\internet settings\zonemap\domains\angelfire.com\hetefow
Found Area Registry
Details Registry Key hkey_current_user
software\microsoft\windows\currentversion\internet settings\zonemap\domains\angelfire.com\hetefow
*
Found Area Registry
Details Registry Key hkey_current_user
software\microsoft\windows\currentversion\internet settings\zonemap\domains\angelfire.com\medopena
Found Area Registry
Details Registry Key hkey_current_user
software\microsoft\windows\currentversion\internet settings\zonemap\domains\angelfire.com\medopena
*
Item Name pup.optional
Category Potentially Unwanted Application
Threat Level High
Action Performed NoActionTaken
Items Found 1
Found Area FileSystem
Details File Name c:\adwcleaner\quarantine\c\documents and settings\user\local settings\application data\tbccint\community alerts\alert.dll.vir
MD5 0
Signature 4413792332991791415
Md5hash: 16cdfefac2ce2b12d031595a8d74e3ce
Item Name malware.gen-20120612
Category Generic Malware
Threat Level High
Action Performed NoActionTaken
Items Found 1
Found Area FileSystem
Details File Name c:\documents and settings\user\desktop\hry\age of empires 2 cz!!!!\mythxpak.exe
MD5 0
Signature 12287703946727507802
Md5hash: 831b8cad53201fb1fc2771493c3d81a8
Item Name malware.passwords
Category Generic Malware
Threat Level High
Action Performed NoActionTaken
Items Found 2
Found Area FileSystem
Details File Name c:\recycler\s-1-5-21-3370533250-3650299419-1351793285-1006\dc3.exe
MD5 0
Signature 5479641135789940984
Md5hash: 352e8561e633b17ed22012366721ffdc
Found Area FileSystem
Details File Name c:\windows\zoek-delete.exe
MD5 0
Signature 5479641135789940984
Md5hash: cc7aa7b42cf418fc3d926913490048f8
© 2013 WinZip International LLC. All rights reserved.
Program mam stale otevreny.
PS: Toto PC jsem si v patek koupil v zastavarne a potrebuji ho vycistit. Nevim jaky byl drive majitel a
jaky tam mel antivirus
Nico Mak Computing
WinZip Malware Protector
Scan Date 3. června 2014
Database Version 1824
Total Items Found 43
Objects Scanned : 266404
Time Elapsed : 00:17:51
Name Found Items
Item Name trojan-downloader.banload
Category Trojan-Downloader
Threat Level Severe
Action Performed NoActionTaken
Items Found 18
Found Area Registry
Details Registry Key hkey_users
.default\software\microsoft\windows\currentversion\internet settings\zonemap\ranges\range10
Found Area Registry
Details Registry Key hkey_users
.default\software\microsoft\windows\currentversion\internet settings\zonemap\ranges\range10
*
Found Area Registry
Details Registry Key hkey_users
.default\software\microsoft\windows\currentversion\internet settings\zonemap\ranges\range10
:range
Found Area Registry
Details Registry Key hkey_users
.default\software\microsoft\windows\currentversion\internet settings\zonemap\ranges\range15
Found Area Registry
Details Registry Key hkey_users
.default\software\microsoft\windows\currentversion\internet settings\zonemap\ranges\range15
*
Found Area Registry
Details Registry Key hkey_users
.default\software\microsoft\windows\currentversion\internet settings\zonemap\ranges\range15
:range
Found Area Registry
Details Registry Key hkey_users
.default\software\microsoft\windows\currentversion\internet settings\zonemap\ranges\range2
Found Area Registry
Details Registry Key hkey_users
.default\software\microsoft\windows\currentversion\internet settings\zonemap\ranges\range2
*
Found Area Registry
Details Registry Key hkey_users
.default\software\microsoft\windows\currentversion\internet settings\zonemap\ranges\range2
:range
Found Area Registry
Details Registry Key hkey_users
.default\software\microsoft\windows\currentversion\internet settings\zonemap\ranges\range5
Found Area Registry
Details Registry Key hkey_users
.default\software\microsoft\windows\currentversion\internet settings\zonemap\ranges\range5
*
Found Area Registry
Details Registry Key hkey_users
.default\software\microsoft\windows\currentversion\internet settings\zonemap\ranges\range5
:range
Found Area Registry
Details Registry Key hkey_users
.default\software\microsoft\windows\currentversion\internet settings\zonemap\ranges\range6
Found Area Registry
Details Registry Key hkey_users
.default\software\microsoft\windows\currentversion\internet settings\zonemap\ranges\range6
*
Found Area Registry
Details Registry Key hkey_users
.default\software\microsoft\windows\currentversion\internet settings\zonemap\ranges\range6
:range
Found Area Registry
Details Registry Key hkey_users
.default\software\microsoft\windows\currentversion\internet settings\zonemap\ranges\range7
Found Area Registry
Details Registry Key hkey_users
.default\software\microsoft\windows\currentversion\internet settings\zonemap\ranges\range7
*
Found Area Registry
Details Registry Key hkey_users
.default\software\microsoft\windows\currentversion\internet settings\zonemap\ranges\range7
:range
Item Name roguesecurityprogram.anti-spyware-plus-2006
Category Rogue Antispyware Program
Threat Level Severe
Action Performed NoActionTaken
Items Found 21
Found Area Registry
Details Registry Key hkey_current_user
software\microsoft\windows\currentversion\internet settings\p3p\history\180solutions.com
Found Area Registry
Details Registry Key hkey_current_user
software\microsoft\windows\currentversion\internet settings\p3p\history\bluemountain.com
Found Area Registry
Details Registry Key hkey_current_user
software\microsoft\windows\currentversion\internet settings\p3p\history\casalemedia.com
Found Area Registry
Details Registry Key hkey_current_user
software\microsoft\windows\currentversion\internet settings\p3p\history\goclick.com
Found Area Registry
Details Registry Key hkey_current_user
software\microsoft\windows\currentversion\internet settings\p3p\history\shopathomeselect.com
Found Area Registry
Details Registry Key hkey_current_user
software\microsoft\windows\currentversion\internet settings\p3p\history\statcounter.com
Found Area Registry
Details Registry Key hkey_current_user
software\microsoft\windows\currentversion\internet settings\zonemap\domains\010402.com
Found Area Registry
Details Registry Key hkey_current_user
software\microsoft\windows\currentversion\internet settings\zonemap\domains\010402.com
*
Found Area Registry
Details Registry Key hkey_current_user
software\microsoft\windows\currentversion\internet settings\zonemap\domains\971searchbox.com\www
*
Found Area Registry
Details Registry Key hkey_current_user
software\microsoft\windows\currentversion\internet settings\zonemap\domains\971searchbox.com\www
Found Area Registry
Details Registry Key hkey_current_user
software\microsoft\windows\currentversion\internet settings\zonemap\domains\971searchbox.com
Found Area Registry
Details Registry Key hkey_current_user
software\microsoft\windows\currentversion\internet settings\zonemap\domains\971searchbox.com
*
Found Area Registry
Details Registry Key hkey_current_user
software\microsoft\windows\currentversion\internet settings\zonemap\domains\allforadult.com
Found Area Registry
Details Registry Key hkey_current_user
software\microsoft\windows\currentversion\internet settings\zonemap\domains\allforadult.com
*
Found Area Registry
Details Registry Key hkey_current_user
software\microsoft\windows\currentversion\internet settings\zonemap\domains\angelfire.com
Found Area Registry
Details Registry Key hkey_current_user
software\microsoft\windows\currentversion\internet settings\zonemap\domains\angelfire.com\fuviseni
Found Area Registry
Details Registry Key hkey_current_user
software\microsoft\windows\currentversion\internet settings\zonemap\domains\angelfire.com\fuviseni
*
Found Area Registry
Details Registry Key hkey_current_user
software\microsoft\windows\currentversion\internet settings\zonemap\domains\angelfire.com\hetefow
Found Area Registry
Details Registry Key hkey_current_user
software\microsoft\windows\currentversion\internet settings\zonemap\domains\angelfire.com\hetefow
*
Found Area Registry
Details Registry Key hkey_current_user
software\microsoft\windows\currentversion\internet settings\zonemap\domains\angelfire.com\medopena
Found Area Registry
Details Registry Key hkey_current_user
software\microsoft\windows\currentversion\internet settings\zonemap\domains\angelfire.com\medopena
*
Item Name pup.optional
Category Potentially Unwanted Application
Threat Level High
Action Performed NoActionTaken
Items Found 1
Found Area FileSystem
Details File Name c:\adwcleaner\quarantine\c\documents and settings\user\local settings\application data\tbccint\community alerts\alert.dll.vir
MD5 0
Signature 4413792332991791415
Md5hash: 16cdfefac2ce2b12d031595a8d74e3ce
Item Name malware.gen-20120612
Category Generic Malware
Threat Level High
Action Performed NoActionTaken
Items Found 1
Found Area FileSystem
Details File Name c:\documents and settings\user\desktop\hry\age of empires 2 cz!!!!\mythxpak.exe
MD5 0
Signature 12287703946727507802
Md5hash: 831b8cad53201fb1fc2771493c3d81a8
Item Name malware.passwords
Category Generic Malware
Threat Level High
Action Performed NoActionTaken
Items Found 2
Found Area FileSystem
Details File Name c:\recycler\s-1-5-21-3370533250-3650299419-1351793285-1006\dc3.exe
MD5 0
Signature 5479641135789940984
Md5hash: 352e8561e633b17ed22012366721ffdc
Found Area FileSystem
Details File Name c:\windows\zoek-delete.exe
MD5 0
Signature 5479641135789940984
Md5hash: cc7aa7b42cf418fc3d926913490048f8
© 2013 WinZip International LLC. All rights reserved.
Program mam stale otevreny.
PS: Toto PC jsem si v patek koupil v zastavarne a potrebuji ho vycistit. Nevim jaky byl drive majitel a
jaky tam mel antivirus
-
cernohous13
- VIP in memoriam
- Příspěvky: 8721
- Registrován: 09 pro 2006 06:19
- Bydliště: Jablonec nad Nisou
- Kontaktovat uživatele:
Re: Prosim o kontrolu
To je sice zajímavé, ale pokud nehodláš postupovat podle mých návodů tak to nemá cenu.
Log MBAM vypadá jinak
Log MBAM vypadá jinak
Doporučení:
V průběhu léčení prováděj nové instalace a odinstalace jen na můj pokyn.
Důkladně prostuduj a proveď celou operaci podle mé odpovědi.
V případě nejasností se zeptej - vysvětlím
-------------------------------------------------------------------------------------------------
> Podpora fóra <
V průběhu léčení prováděj nové instalace a odinstalace jen na můj pokyn.
Důkladně prostuduj a proveď celou operaci podle mé odpovědi.
V případě nejasností se zeptej - vysvětlím
-------------------------------------------------------------------------------------------------
> Podpora fóra <
Re: Prosim o kontrolu
me to jen ukazalo vysledek testu a ja dole klikl na " exportovat log". Tento log jsem ti zkopiroval a poslal.
Porad kde co kliknout a poslat ti.
Porad kde co kliknout a poslat ti.
-
cernohous13
- VIP in memoriam
- Příspěvky: 8721
- Registrován: 09 pro 2006 06:19
- Bydliště: Jablonec nad Nisou
- Kontaktovat uživatele:
Re: Prosim o kontrolu
http://www.bleepingcomputer.com/downloa ... i-malware/ - spodní tlačítko version 1.75
Doporučení:
V průběhu léčení prováděj nové instalace a odinstalace jen na můj pokyn.
Důkladně prostuduj a proveď celou operaci podle mé odpovědi.
V případě nejasností se zeptej - vysvětlím
-------------------------------------------------------------------------------------------------
> Podpora fóra <
V průběhu léčení prováděj nové instalace a odinstalace jen na můj pokyn.
Důkladně prostuduj a proveď celou operaci podle mé odpovědi.
V případě nejasností se zeptej - vysvětlím
-------------------------------------------------------------------------------------------------
> Podpora fóra <
Re: Prosim o kontrolu
dokoncil jse me ten test ale nejde me to skopirovat.
Porad jak to skopirovat!
Porad jak to skopirovat!
Re: Prosim o kontrolu
Sorry, spatne jsem se podival.
Zasilam ten log.
Log:
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
Verze: v2014.06.04.04
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 6.0.2900.5512
User :: YOUR-V9X9ZU7HBD [administrátor]
4.6.2014 9:26:58
MBAM-log-2014-06-04 (12-28-59).txt
Typ: Kompletní kontrola (C:\|D:\|)
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 273652
Uplynulý čas: 2 hodin, 40 minut, 1 sekund
Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené klíče v registru: 1
HKCR\CLSID\{93a3111f-4f74-4ed8-895e-d9708497629e} (PUP.Optional.Mindspark.A) -> Nebyla provedena žádná instrukce.
Nalezené hodnoty v registru: 1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|VideoDownloadConverter Home Page Guard 32 bit (PUP.Optional.MindSpark) -> Data: "C:\PROGRA~1\VIDEOD~1\bar\1.bin\AppIntegrator.exe" -> Nebyla provedena žádná instrukce.
Nalezené datové položky v registru: 3
HKLM\SOFTWARE\Microsoft\Security Center|AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Špatný: (1) Dobrý: (0) -> Nebyla provedena žádná instrukce.
HKLM\SOFTWARE\Microsoft\Security Center|FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Špatný: (1) Dobrý: (0) -> Nebyla provedena žádná instrukce.
HKLM\SOFTWARE\Microsoft\Security Center|UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Špatný: (1) Dobrý: (0) -> Nebyla provedena žádná instrukce.
Nalezené složky: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené soubory: 14
C:\AdwCleaner\Quarantine\C\Program Files\VideoDownloadConverter_4z\bar\1.bin\4zbrstub.dll.vir (PUP.Optional.MindSpark.A) -> Nebyla provedena žádná instrukce.
C:\System Volume Information\_restore{AD59D2D3-9557-4F15-938F-8763BF16B5A2}\RP15\A0006481.exe (PUP.Optional.MindSpark.A) -> Nebyla provedena žádná instrukce.
C:\System Volume Information\_restore{AD59D2D3-9557-4F15-938F-8763BF16B5A2}\RP15\A0006482.exe (PUP.Optional.MindSpark.A) -> Nebyla provedena žádná instrukce.
C:\System Volume Information\_restore{AD59D2D3-9557-4F15-938F-8763BF16B5A2}\RP15\A0007404.exe (PUP.Optional.OptimumInstaller.A) -> Nebyla provedena žádná instrukce.
C:\System Volume Information\_restore{AD59D2D3-9557-4F15-938F-8763BF16B5A2}\RP16\A0007513.exe (PUP.Optional.Conduit.A) -> Nebyla provedena žádná instrukce.
C:\System Volume Information\_restore{AD59D2D3-9557-4F15-938F-8763BF16B5A2}\RP26\A0011069.exe (PUP.Optional.Somoto.A) -> Nebyla provedena žádná instrukce.
C:\System Volume Information\_restore{AD59D2D3-9557-4F15-938F-8763BF16B5A2}\RP26\A0011116.exe (PUP.Optional.InstallIQ) -> Nebyla provedena žádná instrukce.
C:\System Volume Information\_restore{AD59D2D3-9557-4F15-938F-8763BF16B5A2}\RP26\A0011117.exe (PUP.Optional.Softonic.A) -> Nebyla provedena žádná instrukce.
C:\System Volume Information\_restore{AD59D2D3-9557-4F15-938F-8763BF16B5A2}\RP26\A0011132.exe (PUP.Optional.InstallIQ) -> Nebyla provedena žádná instrukce.
C:\System Volume Information\_restore{AD59D2D3-9557-4F15-938F-8763BF16B5A2}\RP26\A0011133.exe (PUP.Optional.InstallIQ) -> Nebyla provedena žádná instrukce.
C:\System Volume Information\_restore{AD59D2D3-9557-4F15-938F-8763BF16B5A2}\RP37\A0017069.exe (PUP.Optional.AudioToAudioToolBar.A) -> Nebyla provedena žádná instrukce.
C:\System Volume Information\_restore{AD59D2D3-9557-4F15-938F-8763BF16B5A2}\RP37\A0017071.exe (PUP.Optional.MindSpark.A) -> Nebyla provedena žádná instrukce.
C:\System Volume Information\_restore{AD59D2D3-9557-4F15-938F-8763BF16B5A2}\RP37\A0017081.dll (PUP.Optional.MindSpark.A) -> Nebyla provedena žádná instrukce.
C:\System Volume Information\_restore{AD59D2D3-9557-4F15-938F-8763BF16B5A2}\RP37\A0017148.dll (PUP.Optional.MindSpark.A) -> Nebyla provedena žádná instrukce.
(konec)
Zasilam ten log.
Log:
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
Verze: v2014.06.04.04
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 6.0.2900.5512
User :: YOUR-V9X9ZU7HBD [administrátor]
4.6.2014 9:26:58
MBAM-log-2014-06-04 (12-28-59).txt
Typ: Kompletní kontrola (C:\|D:\|)
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 273652
Uplynulý čas: 2 hodin, 40 minut, 1 sekund
Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené klíče v registru: 1
HKCR\CLSID\{93a3111f-4f74-4ed8-895e-d9708497629e} (PUP.Optional.Mindspark.A) -> Nebyla provedena žádná instrukce.
Nalezené hodnoty v registru: 1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|VideoDownloadConverter Home Page Guard 32 bit (PUP.Optional.MindSpark) -> Data: "C:\PROGRA~1\VIDEOD~1\bar\1.bin\AppIntegrator.exe" -> Nebyla provedena žádná instrukce.
Nalezené datové položky v registru: 3
HKLM\SOFTWARE\Microsoft\Security Center|AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Špatný: (1) Dobrý: (0) -> Nebyla provedena žádná instrukce.
HKLM\SOFTWARE\Microsoft\Security Center|FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Špatný: (1) Dobrý: (0) -> Nebyla provedena žádná instrukce.
HKLM\SOFTWARE\Microsoft\Security Center|UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Špatný: (1) Dobrý: (0) -> Nebyla provedena žádná instrukce.
Nalezené složky: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené soubory: 14
C:\AdwCleaner\Quarantine\C\Program Files\VideoDownloadConverter_4z\bar\1.bin\4zbrstub.dll.vir (PUP.Optional.MindSpark.A) -> Nebyla provedena žádná instrukce.
C:\System Volume Information\_restore{AD59D2D3-9557-4F15-938F-8763BF16B5A2}\RP15\A0006481.exe (PUP.Optional.MindSpark.A) -> Nebyla provedena žádná instrukce.
C:\System Volume Information\_restore{AD59D2D3-9557-4F15-938F-8763BF16B5A2}\RP15\A0006482.exe (PUP.Optional.MindSpark.A) -> Nebyla provedena žádná instrukce.
C:\System Volume Information\_restore{AD59D2D3-9557-4F15-938F-8763BF16B5A2}\RP15\A0007404.exe (PUP.Optional.OptimumInstaller.A) -> Nebyla provedena žádná instrukce.
C:\System Volume Information\_restore{AD59D2D3-9557-4F15-938F-8763BF16B5A2}\RP16\A0007513.exe (PUP.Optional.Conduit.A) -> Nebyla provedena žádná instrukce.
C:\System Volume Information\_restore{AD59D2D3-9557-4F15-938F-8763BF16B5A2}\RP26\A0011069.exe (PUP.Optional.Somoto.A) -> Nebyla provedena žádná instrukce.
C:\System Volume Information\_restore{AD59D2D3-9557-4F15-938F-8763BF16B5A2}\RP26\A0011116.exe (PUP.Optional.InstallIQ) -> Nebyla provedena žádná instrukce.
C:\System Volume Information\_restore{AD59D2D3-9557-4F15-938F-8763BF16B5A2}\RP26\A0011117.exe (PUP.Optional.Softonic.A) -> Nebyla provedena žádná instrukce.
C:\System Volume Information\_restore{AD59D2D3-9557-4F15-938F-8763BF16B5A2}\RP26\A0011132.exe (PUP.Optional.InstallIQ) -> Nebyla provedena žádná instrukce.
C:\System Volume Information\_restore{AD59D2D3-9557-4F15-938F-8763BF16B5A2}\RP26\A0011133.exe (PUP.Optional.InstallIQ) -> Nebyla provedena žádná instrukce.
C:\System Volume Information\_restore{AD59D2D3-9557-4F15-938F-8763BF16B5A2}\RP37\A0017069.exe (PUP.Optional.AudioToAudioToolBar.A) -> Nebyla provedena žádná instrukce.
C:\System Volume Information\_restore{AD59D2D3-9557-4F15-938F-8763BF16B5A2}\RP37\A0017071.exe (PUP.Optional.MindSpark.A) -> Nebyla provedena žádná instrukce.
C:\System Volume Information\_restore{AD59D2D3-9557-4F15-938F-8763BF16B5A2}\RP37\A0017081.dll (PUP.Optional.MindSpark.A) -> Nebyla provedena žádná instrukce.
C:\System Volume Information\_restore{AD59D2D3-9557-4F15-938F-8763BF16B5A2}\RP37\A0017148.dll (PUP.Optional.MindSpark.A) -> Nebyla provedena žádná instrukce.
(konec)
-
cernohous13
- VIP in memoriam
- Příspěvky: 8721
- Registrován: 09 pro 2006 06:19
- Bydliště: Jablonec nad Nisou
- Kontaktovat uživatele:
Re: Prosim o kontrolu
Vidíš, že umíš být šikovný 
Zkontroluj zda je vše označeno a dej "Odstranit..."
log mi sem dej a přidej aktuální RSIT
Zkontroluj zda je vše označeno a dej "Odstranit..."
log mi sem dej a přidej aktuální RSIT
Doporučení:
V průběhu léčení prováděj nové instalace a odinstalace jen na můj pokyn.
Důkladně prostuduj a proveď celou operaci podle mé odpovědi.
V případě nejasností se zeptej - vysvětlím
-------------------------------------------------------------------------------------------------
> Podpora fóra <
V průběhu léčení prováděj nové instalace a odinstalace jen na můj pokyn.
Důkladně prostuduj a proveď celou operaci podle mé odpovědi.
V případě nejasností se zeptej - vysvětlím
-------------------------------------------------------------------------------------------------
> Podpora fóra <
Re: Prosim o kontrolu
Posilam log po odstraneni + RSIT.
Log:
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
Verze: v2014.06.04.04
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 6.0.2900.5512
User :: YOUR-V9X9ZU7HBD [administrátor]
4.6.2014 9:26:58
mbam-log-2014-06-04 (09-26-58).txt
Typ: Kompletní kontrola (C:\|D:\|)
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 273652
Uplynulý čas: 2 hodin, 40 minut, 1 sekund
Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené klíče v registru: 1
HKCR\CLSID\{93a3111f-4f74-4ed8-895e-d9708497629e} (PUP.Optional.Mindspark.A) -> Přesun do karantény a smazání se zdařilo.
Nalezené hodnoty v registru: 1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|VideoDownloadConverter Home Page Guard 32 bit (PUP.Optional.MindSpark) -> Data: "C:\PROGRA~1\VIDEOD~1\bar\1.bin\AppIntegrator.exe" -> Přesun do karantény a smazání se zdařilo.
Nalezené datové položky v registru: 3
HKLM\SOFTWARE\Microsoft\Security Center|AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Špatný: (1) Dobrý: (0) -> Přesun do karantény a opravení se zdařilo.
HKLM\SOFTWARE\Microsoft\Security Center|FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Špatný: (1) Dobrý: (0) -> Přesun do karantény a opravení se zdařilo.
HKLM\SOFTWARE\Microsoft\Security Center|UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Špatný: (1) Dobrý: (0) -> Přesun do karantény a opravení se zdařilo.
Nalezené složky: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené soubory: 14
C:\AdwCleaner\Quarantine\C\Program Files\VideoDownloadConverter_4z\bar\1.bin\4zbrstub.dll.vir (PUP.Optional.MindSpark.A) -> Přesun do karantény a smazání se zdařilo.
C:\System Volume Information\_restore{AD59D2D3-9557-4F15-938F-8763BF16B5A2}\RP15\A0006481.exe (PUP.Optional.MindSpark.A) -> Přesun do karantény a smazání se zdařilo.
C:\System Volume Information\_restore{AD59D2D3-9557-4F15-938F-8763BF16B5A2}\RP15\A0006482.exe (PUP.Optional.MindSpark.A) -> Přesun do karantény a smazání se zdařilo.
C:\System Volume Information\_restore{AD59D2D3-9557-4F15-938F-8763BF16B5A2}\RP15\A0007404.exe (PUP.Optional.OptimumInstaller.A) -> Přesun do karantény a smazání se zdařilo.
C:\System Volume Information\_restore{AD59D2D3-9557-4F15-938F-8763BF16B5A2}\RP16\A0007513.exe (PUP.Optional.Conduit.A) -> Přesun do karantény a smazání se zdařilo.
C:\System Volume Information\_restore{AD59D2D3-9557-4F15-938F-8763BF16B5A2}\RP26\A0011069.exe (PUP.Optional.Somoto.A) -> Přesun do karantény a smazání se zdařilo.
C:\System Volume Information\_restore{AD59D2D3-9557-4F15-938F-8763BF16B5A2}\RP26\A0011116.exe (PUP.Optional.InstallIQ) -> Přesun do karantény a smazání se zdařilo.
C:\System Volume Information\_restore{AD59D2D3-9557-4F15-938F-8763BF16B5A2}\RP26\A0011117.exe (PUP.Optional.Softonic.A) -> Přesun do karantény a smazání se zdařilo.
C:\System Volume Information\_restore{AD59D2D3-9557-4F15-938F-8763BF16B5A2}\RP26\A0011132.exe (PUP.Optional.InstallIQ) -> Přesun do karantény a smazání se zdařilo.
C:\System Volume Information\_restore{AD59D2D3-9557-4F15-938F-8763BF16B5A2}\RP26\A0011133.exe (PUP.Optional.InstallIQ) -> Přesun do karantény a smazání se zdařilo.
C:\System Volume Information\_restore{AD59D2D3-9557-4F15-938F-8763BF16B5A2}\RP37\A0017069.exe (PUP.Optional.AudioToAudioToolBar.A) -> Přesun do karantény a smazání se zdařilo.
C:\System Volume Information\_restore{AD59D2D3-9557-4F15-938F-8763BF16B5A2}\RP37\A0017071.exe (PUP.Optional.MindSpark.A) -> Přesun do karantény a smazání se zdařilo.
C:\System Volume Information\_restore{AD59D2D3-9557-4F15-938F-8763BF16B5A2}\RP37\A0017081.dll (PUP.Optional.MindSpark.A) -> Přesun do karantény a smazání se zdařilo.
C:\System Volume Information\_restore{AD59D2D3-9557-4F15-938F-8763BF16B5A2}\RP37\A0017148.dll (PUP.Optional.MindSpark.A) -> Přesun do karantény a smazání se zdařilo.
(konec)
____________________________________________________________________________________
Log RSIT:
Logfile of random's system information tool 1.10 (written by random/random)
Run by User at 2014-06-04 14:07:05
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 52 GB (70%) free of 74 GB
Total RAM: 1015 MB (49% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 14:08:00, on 4.6.2014
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe
C:\Program Files\EeePC\ACPI\AsEPCMon.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\EeePC\ACPI\AsTray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\WinZip Malware Protector\WinZipMalwareProtector.exe
C:\WINDOWS\system32\igfxext.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ASUS\Eee Docking\Eee Docking.exe
C:\Program Files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\User\Desktop\RSIT.exe
C:\Program Files\trend micro\User.exe
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://get.adobe.com/flashplayer/comple ... &appid=200
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AsusACPIServer] C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe
O4 - HKLM\..\Run: [AsusEPCMonitor] C:\Program Files\EeePC\ACPI\AsEPCMon.exe
O4 - HKLM\..\Run: [AsusTray] C:\Program Files\EeePC\ACPI\AsTray.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SynAsusAcpi] C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe
O4 - HKLM\..\Run: [snp2uvc] C:\WINDOWS\vsnp2uvc.exe
O4 - HKLM\..\Run: [LiveUpdate] C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe auto
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [WinZip Malware Protector_startup] "C:\Program Files\WinZip Malware Protector\WinZipMalwareProtector.exe" autolaunch
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Eee Docking] C:\Program Files\ASUS\Eee Docking\Eee Docking.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: SuperHybridEngine.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
--
End of file - 6562 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\Adobe Flash Player Updater.job - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
C:\WINDOWS\tasks\avast! Emergency Update.job - C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
C:\WINDOWS\tasks\Critical Battery Alarm Program.job - C:\Documents and Settings\User\Desktop\Programy\potrebne zvuky\kachna.amr
C:\WINDOWS\tasks\Low Battery Alarm Program.job - C:\Documents and Settings\User\Desktop\Programy\potrebne zvuky\lodnisirena.amr
C:\WINDOWS\tasks\Microsoft Windows XP End of Service Notification Logon.job - C:\WINDOWS\system32\xp_eos.exe -c
C:\WINDOWS\tasks\Microsoft Windows XP End of Service Notification Monthly.job - C:\WINDOWS\system32\xp_eos.exe
C:\WINDOWS\tasks\Opera scheduled Autoupdate 1401535161.job - C:\Program Files\Opera Next\launcher.exe --scheduledautoupdate
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll [2009-01-15 92504]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2014-05-29 436600]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]
Windows Live Toolbar Helper - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-07 1068904]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-07 1068904]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2007-12-19 135168]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2007-12-19 159744]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2007-12-19 131072]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2009-04-27 17881088]
"AsusACPIServer"=C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe [2009-04-17 630784]
"AsusEPCMonitor"=C:\Program Files\EeePC\ACPI\AsEPCMon.exe [2009-03-14 98304]
"AsusTray"=C:\Program Files\EeePC\ACPI\AsTray.exe [2009-04-17 118784]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2009-04-09 1512744]
"SynAsusAcpi"=C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe [2009-04-09 79144]
"snp2uvc"=C:\WINDOWS\vsnp2uvc.exe []
"LiveUpdate"=C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe [2009-06-25 712704]
"IMJPMIG8.1"=C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2008-04-14 208952]
"MSPY2002"=C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe [2008-04-14 59392]
"PHIME2002ASync"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2008-04-14 455168]
"PHIME2002A"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2008-04-14 455168]
"AvastUI.exe"=C:\Program Files\AVAST Software\Avast\AvastUI.exe [2014-05-29 3888648]
"WinZip Malware Protector_startup"=C:\Program Files\WinZip Malware Protector\WinZipMalwareProtector.exe [2013-07-15 6390448]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"Eee Docking"=C:\Program Files\ASUS\Eee Docking\Eee Docking.exe [2009-07-28 397312]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2007-10-11 39792]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2009-02-07 3885408]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
SuperHybridEngine.lnk - C:\Program Files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2007-12-19 208896]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-19 133632]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"VIDC.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"VIDC.IYUV"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVU9"=tsbyuv.dll
"VIDC.YVYU"=msyuv.dll
"wavemapper"=msacm32.drv
"MSVideo8"=VfWWDM32.dll
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"aux"=wdmaud.drv
"msacm.siren"=sirenacm.dll
======List of files/folders created in the last 1 month======
2014-06-04 09:24:47 ----D---- C:\Documents and Settings\User\Application Data\Malwarebytes
2014-06-04 09:24:20 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2014-06-04 09:24:16 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2014-06-04 09:24:16 ----A---- C:\WINDOWS\system32\drivers\mbam.sys
2014-06-03 18:19:16 ----D---- C:\Documents and Settings\User\Application Data\Nico Mak Computing
2014-06-03 18:19:03 ----D---- C:\Documents and Settings\All Users\Application Data\Nico Mak Computing
2014-06-03 18:18:59 ----D---- C:\Program Files\WinZip Malware Protector
2014-06-03 18:18:59 ----A---- C:\WINDOWS\system32\wsusnative32.exe
2014-06-03 18:17:31 ----SHD---- C:\RECYCLER
2014-06-03 17:26:29 ----A---- C:\WINDOWS\zoek-delete.exe
2014-06-03 17:26:28 ----D---- C:\WINDOWS\Temp
2014-06-03 16:45:50 ----D---- C:\zoek_backup
2014-06-03 16:33:36 ----A---- C:\WINDOWS\system32\sqlite3.dll
2014-06-03 16:32:29 ----D---- C:\AdwCleaner
2014-06-03 16:00:50 ----D---- C:\WINDOWS\ERUNT
2014-06-03 12:27:23 ----D---- C:\Program Files\trend micro
2014-06-03 12:27:22 ----D---- C:\rsit
2014-06-03 11:12:42 ----D---- C:\Program Files\Common Files\DESIGNER
2014-06-02 20:54:04 ----A---- C:\WINDOWS\system32\XAudio2_7.dll
2014-06-02 20:54:04 ----A---- C:\WINDOWS\system32\XAPOFX1_5.dll
2014-06-02 20:54:03 ----A---- C:\WINDOWS\system32\xactengine3_7.dll
2014-06-02 20:54:03 ----A---- C:\WINDOWS\system32\D3DCompiler_43.dll
2014-06-02 20:54:02 ----A---- C:\WINDOWS\system32\d3dcsx_43.dll
2014-06-02 20:54:01 ----A---- C:\WINDOWS\system32\D3DX9_43.dll
2014-06-02 20:54:01 ----A---- C:\WINDOWS\system32\d3dx11_43.dll
2014-06-02 20:54:01 ----A---- C:\WINDOWS\system32\d3dx10_43.dll
2014-06-02 20:54:00 ----A---- C:\WINDOWS\system32\XAudio2_6.dll
2014-06-02 20:54:00 ----A---- C:\WINDOWS\system32\XAPOFX1_4.dll
2014-06-02 20:54:00 ----A---- C:\WINDOWS\system32\xactengine3_6.dll
2014-06-02 20:53:59 ----A---- C:\WINDOWS\system32\XAudio2_5.dll
2014-06-02 20:53:59 ----A---- C:\WINDOWS\system32\X3DAudio1_7.dll
2014-06-02 20:53:58 ----A---- C:\WINDOWS\system32\xactengine3_5.dll
2014-06-02 20:53:58 ----A---- C:\WINDOWS\system32\D3DCompiler_42.dll
2014-06-02 20:53:57 ----A---- C:\WINDOWS\system32\d3dcsx_42.dll
2014-06-02 20:53:56 ----A---- C:\WINDOWS\system32\d3dx11_42.dll
2014-06-02 20:53:56 ----A---- C:\WINDOWS\system32\d3dx10_42.dll
2014-06-02 20:53:55 ----A---- C:\WINDOWS\system32\D3DX9_42.dll
2014-06-02 20:53:54 ----A---- C:\WINDOWS\system32\D3DX9_41.dll
2014-06-02 20:53:54 ----A---- C:\WINDOWS\system32\d3dx10_41.dll
2014-06-02 20:53:54 ----A---- C:\WINDOWS\system32\D3DCompiler_41.dll
2014-06-02 20:53:53 ----A---- C:\WINDOWS\system32\XAudio2_4.dll
2014-06-02 20:53:53 ----A---- C:\WINDOWS\system32\XAPOFX1_3.dll
2014-06-02 20:53:52 ----A---- C:\WINDOWS\system32\xactengine3_4.dll
2014-06-02 20:53:52 ----A---- C:\WINDOWS\system32\X3DAudio1_6.dll
2014-06-02 20:53:51 ----A---- C:\WINDOWS\system32\d3dx10_40.dll
2014-06-02 20:53:51 ----A---- C:\WINDOWS\system32\D3DCompiler_40.dll
2014-06-02 20:53:50 ----A---- C:\WINDOWS\system32\XAudio2_3.dll
2014-06-02 20:53:50 ----A---- C:\WINDOWS\system32\XAPOFX1_2.dll
2014-06-02 20:53:50 ----A---- C:\WINDOWS\system32\D3DX9_40.dll
2014-06-02 20:53:49 ----A---- C:\WINDOWS\system32\xactengine3_3.dll
2014-06-02 20:53:49 ----A---- C:\WINDOWS\system32\X3DAudio1_5.dll
2014-06-02 20:53:48 ----A---- C:\WINDOWS\system32\XAudio2_2.dll
2014-06-02 20:53:48 ----A---- C:\WINDOWS\system32\XAPOFX1_1.dll
2014-06-02 20:53:48 ----A---- C:\WINDOWS\system32\xactengine3_2.dll
2014-06-02 20:53:47 ----A---- C:\WINDOWS\system32\d3dx10_39.dll
2014-06-02 20:53:47 ----A---- C:\WINDOWS\system32\D3DCompiler_39.dll
2014-06-02 20:53:46 ----A---- C:\WINDOWS\system32\XAudio2_1.dll
2014-06-02 20:53:46 ----A---- C:\WINDOWS\system32\XAPOFX1_0.dll
2014-06-02 20:53:46 ----A---- C:\WINDOWS\system32\D3DX9_39.dll
2014-06-02 20:53:45 ----A---- C:\WINDOWS\system32\xactengine3_1.dll
2014-06-02 20:53:45 ----A---- C:\WINDOWS\system32\X3DAudio1_4.dll
2014-06-02 20:53:44 ----A---- C:\WINDOWS\system32\D3DX9_38.dll
2014-06-02 20:53:44 ----A---- C:\WINDOWS\system32\d3dx10_38.dll
2014-06-02 20:53:44 ----A---- C:\WINDOWS\system32\D3DCompiler_38.dll
2014-06-02 20:53:43 ----A---- C:\WINDOWS\system32\XAudio2_0.dll
2014-06-02 20:53:42 ----A---- C:\WINDOWS\system32\xactengine3_0.dll
2014-06-02 20:53:42 ----A---- C:\WINDOWS\system32\X3DAudio1_3.dll
2014-06-02 20:53:42 ----A---- C:\WINDOWS\system32\D3DCompiler_37.dll
2014-06-02 20:53:41 ----A---- C:\WINDOWS\system32\D3DX9_37.dll
2014-06-02 20:53:41 ----A---- C:\WINDOWS\system32\d3dx10_37.dll
2014-06-02 20:53:40 ----A---- C:\WINDOWS\system32\xactengine2_10.dll
2014-06-02 20:53:39 ----A---- C:\WINDOWS\system32\d3dx9_36.dll
2014-06-02 20:53:39 ----A---- C:\WINDOWS\system32\d3dx10_36.dll
2014-06-02 20:53:39 ----A---- C:\WINDOWS\system32\D3DCompiler_36.dll
2014-06-02 20:53:38 ----A---- C:\WINDOWS\system32\xactengine2_9.dll
2014-06-02 20:53:37 ----A---- C:\WINDOWS\system32\d3dx10_35.dll
2014-06-02 20:53:37 ----A---- C:\WINDOWS\system32\D3DCompiler_35.dll
2014-06-02 20:53:36 ----A---- C:\WINDOWS\system32\d3dx9_35.dll
2014-06-02 20:53:35 ----A---- C:\WINDOWS\system32\xactengine2_8.dll
2014-06-02 20:53:35 ----A---- C:\WINDOWS\system32\X3DAudio1_2.dll
2014-06-02 20:53:34 ----A---- C:\WINDOWS\system32\d3dx10_34.dll
2014-06-02 20:53:34 ----A---- C:\WINDOWS\system32\D3DCompiler_34.dll
2014-06-02 20:53:32 ----A---- C:\WINDOWS\system32\xactengine2_7.dll
2014-06-02 20:53:31 ----A---- C:\WINDOWS\system32\d3dx10_33.dll
2014-06-02 20:53:31 ----A---- C:\WINDOWS\system32\D3DCompiler_33.dll
2014-06-02 20:53:29 ----A---- C:\WINDOWS\system32\d3dx9_33.dll
2014-06-02 20:53:28 ----A---- C:\WINDOWS\system32\xactengine2_6.dll
2014-06-02 20:53:27 ----A---- C:\WINDOWS\system32\xactengine2_5.dll
2014-06-02 20:53:26 ----A---- C:\WINDOWS\system32\xactengine2_4.dll
2014-06-02 20:53:26 ----A---- C:\WINDOWS\system32\x3daudio1_1.dll
2014-06-02 20:53:26 ----A---- C:\WINDOWS\system32\d3dx9_31.dll
2014-06-02 20:53:25 ----A---- C:\WINDOWS\system32\xactengine2_3.dll
2014-06-02 20:53:24 ----A---- C:\WINDOWS\system32\xinput1_2.dll
2014-06-02 20:53:23 ----A---- C:\WINDOWS\system32\xinput1_1.dll
2014-06-02 20:53:23 ----A---- C:\WINDOWS\system32\xactengine2_2.dll
2014-06-02 20:53:22 ----A---- C:\WINDOWS\system32\xactengine2_1.dll
2014-06-02 20:53:18 ----A---- C:\WINDOWS\system32\d3dx9_30.dll
2014-06-02 20:53:17 ----A---- C:\WINDOWS\system32\xactengine2_0.dll
2014-06-02 20:53:17 ----A---- C:\WINDOWS\system32\x3daudio1_0.dll
2014-06-02 20:53:17 ----A---- C:\WINDOWS\system32\d3dx9_29.dll
2014-06-02 20:53:16 ----A---- C:\WINDOWS\system32\xinput9_1_0.dll
2014-06-02 20:53:15 ----A---- C:\WINDOWS\system32\d3dx9_27.dll
2014-06-02 20:53:15 ----A---- C:\WINDOWS\system32\d3dx9_26.dll
2014-06-02 20:53:13 ----A---- C:\WINDOWS\system32\d3dx9_25.dll
2014-06-02 20:53:11 ----A---- C:\WINDOWS\system32\d3dx9_24.dll
2014-06-02 20:50:39 ----D---- C:\WINDOWS\Logs
2014-06-02 19:19:59 ----D---- C:\Program Files\Common Files\DirectX
2014-06-02 19:15:51 ----D---- C:\Program Files\Need for Speed Underground 2
2014-06-02 15:00:56 ----D---- C:\Program Files\Games
2014-06-02 12:51:21 ----A---- C:\WINDOWS\system32\muweb.dll
2014-06-02 12:51:21 ----A---- C:\WINDOWS\system32\mucltui.dll
2014-06-01 14:40:08 ----D---- C:\Program Files\Puzzle Quest
2014-06-01 14:16:07 ----D---- C:\Program Files\OpenAL
2014-06-01 14:16:04 ----D---- C:\WINDOWS\Puzzle Quest
2014-06-01 14:15:39 ----A---- C:\WINDOWS\system32\d3dx9_34.dll
2014-06-01 14:15:37 ----A---- C:\WINDOWS\system32\xinput1_3.dll
2014-06-01 14:15:34 ----A---- C:\WINDOWS\system32\d3dx9_28.dll
2014-06-01 13:43:53 ----D---- C:\Program Files\bfgclient
2014-06-01 13:42:44 ----D---- C:\Documents and Settings\All Users\Application Data\BigFishCache
2014-06-01 10:26:54 ----D---- C:\Documents and Settings\User\Application Data\AnvSoft
2014-06-01 10:26:09 ----D---- C:\Program Files\AnvSoft
2014-06-01 09:35:49 ----HDC---- C:\WINDOWS\$NtUninstallKB2467659$
2014-06-01 09:33:14 ----A---- C:\WINDOWS\system32\ieencode.dll
2014-06-01 09:25:13 ----HDC---- C:\WINDOWS\$NtUninstallKB2909212$
2014-06-01 09:24:57 ----HDC---- C:\WINDOWS\$NtUninstallKB2510581$
2014-06-01 09:24:32 ----HDC---- C:\WINDOWS\$NtUninstallKB2936068$
2014-06-01 09:23:57 ----HDC---- C:\WINDOWS\$NtUninstallKB2964358$
2014-05-31 18:19:46 ----A---- C:\WINDOWS\system32\wrap_oal.dll
2014-05-31 18:19:46 ----A---- C:\WINDOWS\system32\OpenAL32.dll
2014-05-31 12:19:21 ----D---- C:\Program Files\Opera Next
2014-05-31 10:25:10 ----D---- C:\Documents and Settings\User\Application Data\Opera Software
2014-05-31 10:24:55 ----D---- C:\Program Files\Opera
2014-05-30 19:31:28 ----A---- C:\WINDOWS\SchedLgU.Txt
2014-05-30 14:15:13 ----D---- C:\Documents and Settings\User\Application Data\Windows Live Writer
2014-05-30 13:17:36 ----D---- C:\Documents and Settings\User\Application Data\XnView
2014-05-30 12:02:02 ----D---- C:\Program Files\VS Revo Group
2014-05-30 11:32:50 ----HDC---- C:\WINDOWS\$NtUninstallKB2345886$
2014-05-30 11:32:04 ----HDC---- C:\WINDOWS\$NtUninstallKB970430$
2014-05-30 11:16:28 ----A---- C:\WINDOWS\imsins.BAK
2014-05-30 11:15:38 ----HDC---- C:\WINDOWS\$NtUninstallKB961118$
2014-05-30 10:25:51 ----SHD---- C:\Config.Msi
2014-05-29 16:42:29 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2014-05-29 16:41:49 ----D---- C:\Program Files\Spybot - Search & Destroy 2
2014-05-29 16:35:16 ----D---- C:\Documents and Settings\User\Application Data\Mozilla
2014-05-29 16:22:22 ----D---- C:\Documents and Settings\User\Application Data\vlc
2014-05-29 16:21:14 ----D---- C:\Program Files\VideoLAN
2014-05-29 15:45:33 ----D---- C:\Documents and Settings\All Users\Application Data\TEMP
2014-05-29 15:18:55 ----A---- C:\WINDOWS\system32\FlashPlayerApp.exe
2014-05-29 14:48:56 ----D---- C:\Documents and Settings\User\Application Data\WinRAR
2014-05-29 14:47:49 ----D---- C:\Program Files\WinRAR
2014-05-29 13:58:49 ----D---- C:\WINDOWS\system32\XPSViewer
2014-05-29 13:58:42 ----D---- C:\Program Files\MSBuild
2014-05-29 13:58:27 ----D---- C:\Program Files\Reference Assemblies
2014-05-29 13:57:34 ----N---- C:\WINDOWS\system32\prntvpt.dll
2014-05-29 13:57:33 ----N---- C:\WINDOWS\system32\xpsshhdr.dll
2014-05-29 13:57:32 ----N---- C:\WINDOWS\system32\xpssvcs.dll
2014-05-29 13:46:47 ----HDC---- C:\WINDOWS\$NtUninstallKB2868626$
2014-05-29 13:46:33 ----HDC---- C:\WINDOWS\$NtUninstallKB2922229$
2014-05-29 13:46:15 ----HDC---- C:\WINDOWS\$NtUninstallKB2387149$
2014-05-29 13:45:54 ----HDC---- C:\WINDOWS\$NtUninstallKB2712808$
2014-05-29 13:45:36 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$
2014-05-29 13:45:16 ----HDC---- C:\WINDOWS\$NtUninstallKB2479943$
2014-05-29 13:44:59 ----HDC---- C:\WINDOWS\$NtUninstallKB2659262$
2014-05-29 13:44:39 ----HDC---- C:\WINDOWS\$NtUninstallKB2564958$
2014-05-29 13:43:16 ----HDC---- C:\WINDOWS\$NtUninstallKB2916036$
2014-05-29 13:43:03 ----HDC---- C:\WINDOWS\$NtUninstallKB2478971$
2014-05-29 13:42:49 ----HDC---- C:\WINDOWS\$NtUninstallKB2544893-v2$
2014-05-29 13:42:36 ----HDC---- C:\WINDOWS\$NtUninstallKB2834886$
2014-05-29 13:42:23 ----HDC---- C:\WINDOWS\$NtUninstallKB2536276-v2$
2014-05-29 13:42:09 ----HDC---- C:\WINDOWS\$NtUninstallKB2585542$
2014-05-29 13:41:55 ----HDC---- C:\WINDOWS\$NtUninstallKB2631813$
2014-05-29 13:41:41 ----HDC---- C:\WINDOWS\$NtUninstallKB2296011$
2014-05-29 13:41:08 ----HDC---- C:\WINDOWS\$NtUninstallKB2691442$
2014-05-29 13:40:54 ----HDC---- C:\WINDOWS\$NtUninstallKB2900986$
2014-05-29 13:40:41 ----HDC---- C:\WINDOWS\$NtUninstallKB2115168$
2014-05-29 13:40:27 ----HDC---- C:\WINDOWS\$NtUninstallKB975558_WM8$
2014-05-29 13:40:18 ----HDC---- C:\WINDOWS\$NtUninstallKB955759$
2014-05-29 13:40:04 ----HDC---- C:\WINDOWS\$NtUninstallKB2847311$
2014-05-29 13:39:49 ----HDC---- C:\WINDOWS\$NtUninstallKB2378111_WM9$
2014-05-29 13:39:39 ----HDC---- C:\WINDOWS\$NtUninstallKB974318$
2014-05-29 13:39:25 ----HDC---- C:\WINDOWS\$NtUninstallKB969059$
2014-05-29 13:39:11 ----HDC---- C:\WINDOWS\$NtUninstallKB2443105$
2014-05-29 13:38:56 ----HDC---- C:\WINDOWS\$NtUninstallKB2655992$
2014-05-29 13:38:43 ----HDC---- C:\WINDOWS\$NtUninstallKB2802968$
2014-05-29 13:38:29 ----HDC---- C:\WINDOWS\$NtUninstallKB2229593$
2014-05-29 13:38:16 ----HDC---- C:\WINDOWS\$NtUninstallKB2481109$
2014-05-29 13:38:02 ----HDC---- C:\WINDOWS\$NtUninstallKB2898715$
2014-05-29 13:37:48 ----HDC---- C:\WINDOWS\$NtUninstallKB975713$
2014-05-29 13:37:34 ----HDC---- C:\WINDOWS\$NtUninstallKB2485663$
2014-05-29 13:37:21 ----HDC---- C:\WINDOWS\$NtUninstallKB2598479$
2014-05-29 13:37:08 ----HDC---- C:\WINDOWS\$NtUninstallKB2929961$
2014-05-29 13:36:56 ----HDC---- C:\WINDOWS\$NtUninstallKB2686509$
2014-05-29 13:36:41 ----HDC---- C:\WINDOWS\$NtUninstallKB982132$
2014-05-29 13:36:28 ----HDC---- C:\WINDOWS\$NtUninstallKB2862335$
2014-05-29 13:36:04 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$
2014-05-29 13:35:51 ----HDC---- C:\WINDOWS\$NtUninstallKB978338$
2014-05-29 13:35:38 ----HDC---- C:\WINDOWS\$NtUninstallKB954155_WM9$
2014-05-29 13:35:30 ----HDC---- C:\WINDOWS\$NtUninstallKB2507938$
2014-05-29 13:35:17 ----HDC---- C:\WINDOWS\$NtUninstallKB2834904-v2_WM11$
2014-05-29 13:35:08 ----HDC---- C:\WINDOWS\$NtUninstallKB2780091$
2014-05-29 13:34:55 ----HDC---- C:\WINDOWS\$NtUninstallKB972270$
2014-05-29 13:34:42 ----HDC---- C:\WINDOWS\$NtUninstallKB974112$
2014-05-29 13:34:28 ----HDC---- C:\WINDOWS\$NtUninstallKB2904266$
2014-05-29 13:34:15 ----HDC---- C:\WINDOWS\$NtUninstallKB2347290$
2014-05-29 13:34:02 ----HDC---- C:\WINDOWS\$NtUninstallKB2876217$
2014-05-29 13:33:49 ----HDC---- C:\WINDOWS\$NtUninstallKB956844$
2014-05-29 13:33:33 ----HDC---- C:\WINDOWS\$NtUninstallKB2483185$
2014-05-29 13:29:55 ----D---- C:\WINDOWS\system32\MRT
2014-05-29 13:29:47 ----A---- C:\WINDOWS\system32\MRT.exe
2014-05-29 13:29:30 ----HDC---- C:\WINDOWS\$NtUninstallKB979687$
2014-05-29 13:29:18 ----HDC---- C:\WINDOWS\$NtUninstallKB2930275$
2014-05-29 13:29:07 ----HDC---- C:\WINDOWS\$NtUninstallKB2864063$
2014-05-29 13:28:56 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$
2014-05-29 13:28:45 ----HDC---- C:\WINDOWS\$NtUninstallKB975025$
2014-05-29 13:28:34 ----HDC---- C:\WINDOWS\$NtUninstallKB2719985$
2014-05-29 13:28:22 ----HDC---- C:\WINDOWS\$NtUninstallKB974571$
2014-05-29 13:28:11 ----HDC---- C:\WINDOWS\$NtUninstallKB2862152$
2014-05-29 13:28:00 ----HDC---- C:\WINDOWS\$NtUninstallKB2592799$
2014-05-29 13:27:49 ----HDC---- C:\WINDOWS\$NtUninstallKB975560$
2014-05-29 13:27:34 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$
2014-05-29 13:27:22 ----HDC---- C:\WINDOWS\$NtUninstallKB2770660$
2014-05-29 13:27:11 ----HDC---- C:\WINDOWS\$NtUninstallKB941569$
2014-05-29 13:26:34 ----HDC---- C:\WINDOWS\$NtUninstallKB2535512$
2014-05-29 13:26:23 ----HDC---- C:\WINDOWS\$NtUninstallKB977816$
2014-05-29 13:26:12 ----HDC---- C:\WINDOWS\$NtUninstallKB2850869$
2014-05-29 13:26:01 ----HDC---- C:\WINDOWS\$NtUninstallKB2876331$
2014-05-29 13:25:48 ----HDC---- C:\WINDOWS\$NtUninstallKB2859537$
2014-05-29 13:25:37 ----HDC---- C:\WINDOWS\$NtUninstallKB2807986$
2014-05-29 13:25:26 ----HDC---- C:\WINDOWS\$NtUninstallKB2570947$
2014-05-29 13:25:15 ----HDC---- C:\WINDOWS\$NtUninstallKB2868038$
2014-05-29 13:24:54 ----HDC---- C:\WINDOWS\$NtUninstallKB978695_WM9$
2014-05-29 13:24:47 ----HDC---- C:\WINDOWS\$NtUninstallKB2820917$
2014-05-29 13:24:36 ----HDC---- C:\WINDOWS\$NtUninstallKB2603381$
2014-05-29 13:24:24 ----HDC---- C:\WINDOWS\$NtUninstallKB973904$
2014-05-29 13:24:13 ----HDC---- C:\WINDOWS\$NtUninstallKB2893294$
2014-05-29 13:24:02 ----HDC---- C:\WINDOWS\$NtUninstallKB2757638$
2014-05-29 13:23:48 ----HDC---- C:\WINDOWS\$NtUninstallKB973540_WM9$
2014-05-29 13:23:36 ----HDC---- C:\WINDOWS\$NtUninstallKB2419632$
2014-05-29 13:23:24 ----HDC---- C:\WINDOWS\$NtUninstallKB2508429$
2014-05-29 13:23:13 ----HDC---- C:\WINDOWS\$NtUninstallKB2653956$
2014-05-29 13:23:02 ----HDC---- C:\WINDOWS\$NtUninstallKB974392$
2014-05-29 13:22:52 ----HDC---- C:\WINDOWS\$NtUninstallKB2749655$
2014-05-29 13:22:33 ----HDC---- C:\WINDOWS\$NtUninstallKB971029$
2014-05-29 13:22:20 ----HDC---- C:\WINDOWS\$NtUninstallKB2506212$
2014-05-29 13:22:01 ----HDC---- C:\WINDOWS\$NtUninstallKB977914$
2014-05-29 13:21:43 ----HDC---- C:\WINDOWS\$NtUninstallKB2892075$
2014-05-29 13:21:31 ----HDC---- C:\WINDOWS\$NtUninstallKB2698365$
2014-05-29 13:21:21 ----HDC---- C:\WINDOWS\$NtUninstallKB2619339$
2014-05-29 13:21:10 ----HDC---- C:\WINDOWS\$NtUninstallKB2705219-v2$
2014-05-29 13:20:58 ----HDC---- C:\WINDOWS\$NtUninstallKB978542$
2014-05-29 13:20:47 ----HDC---- C:\WINDOWS\$NtUninstallKB979309$
2014-05-29 13:20:36 ----HDC---- C:\WINDOWS\$NtUninstallKB2727528$
2014-05-29 13:20:26 ----HDC---- C:\WINDOWS\$NtUninstallKB979482$
2014-05-29 13:20:15 ----HDC---- C:\WINDOWS\$NtUninstallKB978706$
2014-05-29 13:20:04 ----HDC---- C:\WINDOWS\$NtUninstallKB981997$
2014-05-29 13:19:53 ----HDC---- C:\WINDOWS\$NtUninstallKB2934207$
2014-05-29 13:19:38 ----HDC---- C:\WINDOWS\$NtUninstallKB2723135-v2$
2014-05-29 13:19:26 ----HDC---- C:\WINDOWS\$NtUninstallKB973815$
2014-05-29 13:19:16 ----HDC---- C:\WINDOWS\$NtUninstallKB2862330$
2014-05-29 13:19:01 ----HDC---- C:\WINDOWS\$NtUninstallKB2813345$
2014-05-29 13:18:49 ----HDC---- C:\WINDOWS\$NtUninstallKB2509553$
2014-05-29 13:18:22 ----HDC---- C:\WINDOWS\$NtUninstallKB2676562$
2014-05-29 13:17:31 ----HDC---- C:\WINDOWS\$NtUninstallKB982665$
2014-05-29 13:17:20 ----HDC---- C:\WINDOWS\$NtUninstallKB2478960$
2014-05-29 13:17:05 ----HDC---- C:\WINDOWS\$NtUninstallKB2393802$
2014-05-29 13:16:52 ----HDC---- C:\WINDOWS\$NtUninstallKB2620712$
2014-05-29 13:16:41 ----HDC---- C:\WINDOWS\$NtUninstallKB2566454$
2014-05-29 13:16:31 ----HDC---- C:\WINDOWS\$NtUninstallKB2661637$
2014-05-29 13:16:21 ----HDC---- C:\WINDOWS\$NtUninstallKB2914368$
2014-05-29 13:16:11 ----HDC---- C:\WINDOWS\$NtUninstallKB2584146$
2014-05-29 13:16:00 ----HDC---- C:\WINDOWS\$NtUninstallKB975467$
2014-05-29 13:15:46 ----HDC---- C:\WINDOWS\$NtUninstallKB968389$
2014-05-29 13:15:30 ----HDC---- C:\WINDOWS\$NtUninstallKB2423089$
2014-05-29 12:41:44 ----N---- C:\WINDOWS\system32\browserchoice.exe
2014-05-29 12:39:38 ----N---- C:\WINDOWS\system32\xp_eos.exe
2014-05-29 12:38:01 ----N---- C:\WINDOWS\system32\iacenc.dll
2014-05-29 12:37:21 ----A---- C:\WINDOWS\system32\drivers\aswHwid.sys
2014-05-29 12:37:15 ----A---- C:\WINDOWS\avastSS.scr
2014-05-29 12:19:53 ----D---- C:\Documents and Settings\User\Application Data\AVAST Software
2014-05-29 12:19:17 ----A---- C:\WINDOWS\system32\drivers\aswVmm.sys
2014-05-29 12:19:17 ----A---- C:\WINDOWS\system32\drivers\aswTdi.sys
2014-05-29 12:19:16 ----A---- C:\WINDOWS\system32\drivers\aswsp.sys
2014-05-29 12:19:16 ----A---- C:\WINDOWS\system32\drivers\aswsnx.sys
2014-05-29 12:19:16 ----A---- C:\WINDOWS\system32\drivers\aswRvrt.sys
2014-05-29 12:19:16 ----A---- C:\WINDOWS\system32\drivers\aswrdr.sys
2014-05-29 12:19:16 ----A---- C:\WINDOWS\system32\drivers\aswmonflt.sys
2014-05-29 12:19:15 ----A---- C:\WINDOWS\system32\aswBoot.exe
2014-05-29 12:18:35 ----D---- C:\Program Files\AVAST Software
2014-05-29 12:17:09 ----D---- C:\Documents and Settings\All Users\Application Data\AVAST Software
2014-05-29 12:15:48 ----D---- C:\WINDOWS\system32\PreInstall
2014-05-29 12:15:47 ----HDC---- C:\WINDOWS\$NtUninstallKB898461$
2014-05-29 12:08:37 ----D---- C:\WINDOWS\system32\SoftwareDistribution
======List of files/folders modified in the last 1 month======
2014-06-04 14:04:31 ----D---- C:\WINDOWS\system32\drivers
2014-06-04 09:24:16 ----RD---- C:\Program Files
2014-06-04 07:05:23 ----D---- C:\WINDOWS
2014-06-03 23:39:48 ----D---- C:\WINDOWS\system32\CatRoot2
2014-06-03 18:18:59 ----D---- C:\WINDOWS\system32
2014-06-03 16:48:40 ----D---- C:\WINDOWS\system32\drivers\etc
2014-06-03 15:55:19 ----SD---- C:\WINDOWS\Tasks
2014-06-03 15:55:19 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2014-06-03 11:22:45 ----SHD---- C:\WINDOWS\Installer
2014-06-03 11:22:32 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2014-06-03 11:12:42 ----D---- C:\Program Files\Common Files
2014-06-02 20:54:05 ----D---- C:\WINDOWS\system32\DirectX
2014-06-02 20:54:04 ----HD---- C:\WINDOWS\inf
2014-06-02 20:53:22 ----RSD---- C:\WINDOWS\assembly
2014-06-02 20:53:03 ----D---- C:\WINDOWS\Microsoft.NET
2014-06-02 16:26:44 ----SD---- C:\Documents and Settings\User\Application Data\Microsoft
2014-06-02 15:16:53 ----D---- C:\Program Files\Microsoft Works
2014-06-02 15:12:27 ----RSD---- C:\WINDOWS\Fonts
2014-06-02 15:11:42 ----D---- C:\Program Files\Common Files\Microsoft Shared
2014-06-02 14:02:45 ----D---- C:\WINDOWS\WinSxS
2014-06-02 08:16:03 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2014-06-01 09:55:45 ----RSHDC---- C:\WINDOWS\system32\dllcache
2014-06-01 09:55:44 ----D---- C:\WINDOWS\system32\en-US
2014-06-01 09:55:44 ----D---- C:\WINDOWS\Help
2014-06-01 09:55:44 ----D---- C:\Program Files\Internet Explorer
2014-06-01 09:54:52 ----D---- C:\WINDOWS\ie8updates
2014-06-01 09:54:00 ----D---- C:\WINDOWS\WBEM
2014-06-01 09:54:00 ----D---- C:\WINDOWS\Media
2014-06-01 09:38:38 ----D---- C:\WINDOWS\system32\CatRoot
2014-06-01 09:35:58 ----HD---- C:\WINDOWS\$hf_mig$
2014-06-01 09:27:36 ----D---- C:\WINDOWS\Debug
2014-05-31 14:30:00 ----D---- C:\Program Files\Google
2014-05-30 12:08:06 ----D---- C:\Documents and Settings\All Users\Application Data\Skype
2014-05-30 11:25:49 ----A---- C:\WINDOWS\system.ini
2014-05-30 11:15:41 ----D---- C:\WINDOWS\system32\LogFiles
2014-05-29 16:42:24 ----D---- C:\WINDOWS\system32\config
2014-05-29 13:58:04 ----D---- C:\WINDOWS\system32\spool
2014-05-29 13:48:11 ----D---- C:\WINDOWS\AppPatch
2014-05-29 13:21:00 ----D---- C:\Program Files\Outlook Express
2014-05-29 13:20:06 ----D---- C:\Program Files\Movie Maker
2014-05-29 12:46:03 ----D---- C:\WINDOWS\Prefetch
2014-05-29 12:08:46 ----D---- C:\WINDOWS\SoftwareDistribution
2014-05-28 14:53:52 ----D---- C:\Documents and Settings\User\Application Data\Adobe
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 aswRvrt;avast! Revert; C:\WINDOWS\system32\drivers\aswRvrt.sys [2014-05-29 49944]
R0 aswVmm;avast! VM Monitor; C:\WINDOWS\system32\drivers\aswVmm.sys [2014-05-29 180632]
R0 iaStor;Intel AHCI Controller; C:\WINDOWS\system32\drivers\iaStor.sys [2008-09-12 327192]
R1 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2014-05-29 54832]
R1 aswSnx;aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [2014-05-29 777488]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2014-05-29 411680]
R1 aswTdi;aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [2014-05-29 57672]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 36352]
R2 aswHwid;avast! HardwareID; C:\WINDOWS\system32\drivers\aswHwid.sys [2014-05-29 24184]
R2 aswMonFlt;aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [2014-05-29 67824]
R2 fssfltr;FssFltr; C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys [2009-02-07 55152]
R3 AsusACPI;ASUS ACPI Driver; C:\WINDOWS\system32\DRIVERS\ASUSACPI.sys [2008-04-08 10752]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-14 144384]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2007-12-19 5854688]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2009-04-27 5074944]
R3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller; C:\WINDOWS\system32\DRIVERS\l1c51x86.sys [2009-03-02 38912]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 RT80x86;Ralink 802.11n Wireless Driver; C:\WINDOWS\system32\DRIVERS\RT2860.sys [2009-07-11 1015424]
R3 SNP2UVC;USB2.0 PC Camera (SNP2UVC); C:\WINDOWS\system32\DRIVERS\snp2uvc.sys [2009-03-14 1759616]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2009-04-09 208816]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
R3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2008-03-28 503008]
S3 Ambfilt;Ambfilt; C:\WINDOWS\system32\drivers\Ambfilt.sys [2008-08-05 1684736]
S3 AmUStor;AM USB Stroage Driver; C:\WINDOWS\system32\drivers\AmUStor.SYS []
S3 btaudio;Bluetooth Audio Device; C:\WINDOWS\system32\drivers\btaudio.sys []
S3 BTDriver;Bluetooth Virtual Communications Driver; C:\WINDOWS\system32\DRIVERS\btport.sys []
S3 BTWDNDIS;Bluetooth LAN Access Server; C:\WINDOWS\system32\DRIVERS\btwdndis.sys []
S3 btwhid;btwhid; C:\WINDOWS\system32\DRIVERS\btwhid.sys []
S3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 Monfilt;Monfilt; C:\WINDOWS\system32\drivers\Monfilt.sys [2006-01-04 1389056]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2013-08-09 32384]
S3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 usbvideo;USB Video Device (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2013-07-17 123008]
S3 uvclf;uvclf; C:\WINDOWS\system32\DRIVERS\uvclf.sys [2008-11-19 39040]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-29 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-29 82944]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-05-29 50344]
R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-01-15 226656]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-31 257712]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 fsssvc;Windows Live Family Safety; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2009-02-07 533360]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-19 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
-----------------EOF-----------------
____________________________________________________________________________________
Mam dotaz:
Vcera jak jsem udelal scan PC tim spatnym programem, tak me to vyhodilo 43 infikovanych souboru.
Proc to dneska vyhodilo jen 15 infekci?
Log:
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
Verze: v2014.06.04.04
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 6.0.2900.5512
User :: YOUR-V9X9ZU7HBD [administrátor]
4.6.2014 9:26:58
mbam-log-2014-06-04 (09-26-58).txt
Typ: Kompletní kontrola (C:\|D:\|)
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 273652
Uplynulý čas: 2 hodin, 40 minut, 1 sekund
Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené klíče v registru: 1
HKCR\CLSID\{93a3111f-4f74-4ed8-895e-d9708497629e} (PUP.Optional.Mindspark.A) -> Přesun do karantény a smazání se zdařilo.
Nalezené hodnoty v registru: 1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|VideoDownloadConverter Home Page Guard 32 bit (PUP.Optional.MindSpark) -> Data: "C:\PROGRA~1\VIDEOD~1\bar\1.bin\AppIntegrator.exe" -> Přesun do karantény a smazání se zdařilo.
Nalezené datové položky v registru: 3
HKLM\SOFTWARE\Microsoft\Security Center|AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Špatný: (1) Dobrý: (0) -> Přesun do karantény a opravení se zdařilo.
HKLM\SOFTWARE\Microsoft\Security Center|FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Špatný: (1) Dobrý: (0) -> Přesun do karantény a opravení se zdařilo.
HKLM\SOFTWARE\Microsoft\Security Center|UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Špatný: (1) Dobrý: (0) -> Přesun do karantény a opravení se zdařilo.
Nalezené složky: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené soubory: 14
C:\AdwCleaner\Quarantine\C\Program Files\VideoDownloadConverter_4z\bar\1.bin\4zbrstub.dll.vir (PUP.Optional.MindSpark.A) -> Přesun do karantény a smazání se zdařilo.
C:\System Volume Information\_restore{AD59D2D3-9557-4F15-938F-8763BF16B5A2}\RP15\A0006481.exe (PUP.Optional.MindSpark.A) -> Přesun do karantény a smazání se zdařilo.
C:\System Volume Information\_restore{AD59D2D3-9557-4F15-938F-8763BF16B5A2}\RP15\A0006482.exe (PUP.Optional.MindSpark.A) -> Přesun do karantény a smazání se zdařilo.
C:\System Volume Information\_restore{AD59D2D3-9557-4F15-938F-8763BF16B5A2}\RP15\A0007404.exe (PUP.Optional.OptimumInstaller.A) -> Přesun do karantény a smazání se zdařilo.
C:\System Volume Information\_restore{AD59D2D3-9557-4F15-938F-8763BF16B5A2}\RP16\A0007513.exe (PUP.Optional.Conduit.A) -> Přesun do karantény a smazání se zdařilo.
C:\System Volume Information\_restore{AD59D2D3-9557-4F15-938F-8763BF16B5A2}\RP26\A0011069.exe (PUP.Optional.Somoto.A) -> Přesun do karantény a smazání se zdařilo.
C:\System Volume Information\_restore{AD59D2D3-9557-4F15-938F-8763BF16B5A2}\RP26\A0011116.exe (PUP.Optional.InstallIQ) -> Přesun do karantény a smazání se zdařilo.
C:\System Volume Information\_restore{AD59D2D3-9557-4F15-938F-8763BF16B5A2}\RP26\A0011117.exe (PUP.Optional.Softonic.A) -> Přesun do karantény a smazání se zdařilo.
C:\System Volume Information\_restore{AD59D2D3-9557-4F15-938F-8763BF16B5A2}\RP26\A0011132.exe (PUP.Optional.InstallIQ) -> Přesun do karantény a smazání se zdařilo.
C:\System Volume Information\_restore{AD59D2D3-9557-4F15-938F-8763BF16B5A2}\RP26\A0011133.exe (PUP.Optional.InstallIQ) -> Přesun do karantény a smazání se zdařilo.
C:\System Volume Information\_restore{AD59D2D3-9557-4F15-938F-8763BF16B5A2}\RP37\A0017069.exe (PUP.Optional.AudioToAudioToolBar.A) -> Přesun do karantény a smazání se zdařilo.
C:\System Volume Information\_restore{AD59D2D3-9557-4F15-938F-8763BF16B5A2}\RP37\A0017071.exe (PUP.Optional.MindSpark.A) -> Přesun do karantény a smazání se zdařilo.
C:\System Volume Information\_restore{AD59D2D3-9557-4F15-938F-8763BF16B5A2}\RP37\A0017081.dll (PUP.Optional.MindSpark.A) -> Přesun do karantény a smazání se zdařilo.
C:\System Volume Information\_restore{AD59D2D3-9557-4F15-938F-8763BF16B5A2}\RP37\A0017148.dll (PUP.Optional.MindSpark.A) -> Přesun do karantény a smazání se zdařilo.
(konec)
____________________________________________________________________________________
Log RSIT:
Logfile of random's system information tool 1.10 (written by random/random)
Run by User at 2014-06-04 14:07:05
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 52 GB (70%) free of 74 GB
Total RAM: 1015 MB (49% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 14:08:00, on 4.6.2014
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe
C:\Program Files\EeePC\ACPI\AsEPCMon.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\EeePC\ACPI\AsTray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\WinZip Malware Protector\WinZipMalwareProtector.exe
C:\WINDOWS\system32\igfxext.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ASUS\Eee Docking\Eee Docking.exe
C:\Program Files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\User\Desktop\RSIT.exe
C:\Program Files\trend micro\User.exe
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://get.adobe.com/flashplayer/comple ... &appid=200
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AsusACPIServer] C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe
O4 - HKLM\..\Run: [AsusEPCMonitor] C:\Program Files\EeePC\ACPI\AsEPCMon.exe
O4 - HKLM\..\Run: [AsusTray] C:\Program Files\EeePC\ACPI\AsTray.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SynAsusAcpi] C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe
O4 - HKLM\..\Run: [snp2uvc] C:\WINDOWS\vsnp2uvc.exe
O4 - HKLM\..\Run: [LiveUpdate] C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe auto
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [WinZip Malware Protector_startup] "C:\Program Files\WinZip Malware Protector\WinZipMalwareProtector.exe" autolaunch
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Eee Docking] C:\Program Files\ASUS\Eee Docking\Eee Docking.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: SuperHybridEngine.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
--
End of file - 6562 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\Adobe Flash Player Updater.job - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
C:\WINDOWS\tasks\avast! Emergency Update.job - C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
C:\WINDOWS\tasks\Critical Battery Alarm Program.job - C:\Documents and Settings\User\Desktop\Programy\potrebne zvuky\kachna.amr
C:\WINDOWS\tasks\Low Battery Alarm Program.job - C:\Documents and Settings\User\Desktop\Programy\potrebne zvuky\lodnisirena.amr
C:\WINDOWS\tasks\Microsoft Windows XP End of Service Notification Logon.job - C:\WINDOWS\system32\xp_eos.exe -c
C:\WINDOWS\tasks\Microsoft Windows XP End of Service Notification Monthly.job - C:\WINDOWS\system32\xp_eos.exe
C:\WINDOWS\tasks\Opera scheduled Autoupdate 1401535161.job - C:\Program Files\Opera Next\launcher.exe --scheduledautoupdate
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll [2009-01-15 92504]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2014-05-29 436600]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]
Windows Live Toolbar Helper - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-07 1068904]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-07 1068904]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2007-12-19 135168]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2007-12-19 159744]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2007-12-19 131072]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2009-04-27 17881088]
"AsusACPIServer"=C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe [2009-04-17 630784]
"AsusEPCMonitor"=C:\Program Files\EeePC\ACPI\AsEPCMon.exe [2009-03-14 98304]
"AsusTray"=C:\Program Files\EeePC\ACPI\AsTray.exe [2009-04-17 118784]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2009-04-09 1512744]
"SynAsusAcpi"=C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe [2009-04-09 79144]
"snp2uvc"=C:\WINDOWS\vsnp2uvc.exe []
"LiveUpdate"=C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe [2009-06-25 712704]
"IMJPMIG8.1"=C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2008-04-14 208952]
"MSPY2002"=C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe [2008-04-14 59392]
"PHIME2002ASync"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2008-04-14 455168]
"PHIME2002A"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2008-04-14 455168]
"AvastUI.exe"=C:\Program Files\AVAST Software\Avast\AvastUI.exe [2014-05-29 3888648]
"WinZip Malware Protector_startup"=C:\Program Files\WinZip Malware Protector\WinZipMalwareProtector.exe [2013-07-15 6390448]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"Eee Docking"=C:\Program Files\ASUS\Eee Docking\Eee Docking.exe [2009-07-28 397312]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2007-10-11 39792]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2009-02-07 3885408]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
SuperHybridEngine.lnk - C:\Program Files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2007-12-19 208896]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-19 133632]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"VIDC.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"VIDC.IYUV"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVU9"=tsbyuv.dll
"VIDC.YVYU"=msyuv.dll
"wavemapper"=msacm32.drv
"MSVideo8"=VfWWDM32.dll
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"aux"=wdmaud.drv
"msacm.siren"=sirenacm.dll
======List of files/folders created in the last 1 month======
2014-06-04 09:24:47 ----D---- C:\Documents and Settings\User\Application Data\Malwarebytes
2014-06-04 09:24:20 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2014-06-04 09:24:16 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2014-06-04 09:24:16 ----A---- C:\WINDOWS\system32\drivers\mbam.sys
2014-06-03 18:19:16 ----D---- C:\Documents and Settings\User\Application Data\Nico Mak Computing
2014-06-03 18:19:03 ----D---- C:\Documents and Settings\All Users\Application Data\Nico Mak Computing
2014-06-03 18:18:59 ----D---- C:\Program Files\WinZip Malware Protector
2014-06-03 18:18:59 ----A---- C:\WINDOWS\system32\wsusnative32.exe
2014-06-03 18:17:31 ----SHD---- C:\RECYCLER
2014-06-03 17:26:29 ----A---- C:\WINDOWS\zoek-delete.exe
2014-06-03 17:26:28 ----D---- C:\WINDOWS\Temp
2014-06-03 16:45:50 ----D---- C:\zoek_backup
2014-06-03 16:33:36 ----A---- C:\WINDOWS\system32\sqlite3.dll
2014-06-03 16:32:29 ----D---- C:\AdwCleaner
2014-06-03 16:00:50 ----D---- C:\WINDOWS\ERUNT
2014-06-03 12:27:23 ----D---- C:\Program Files\trend micro
2014-06-03 12:27:22 ----D---- C:\rsit
2014-06-03 11:12:42 ----D---- C:\Program Files\Common Files\DESIGNER
2014-06-02 20:54:04 ----A---- C:\WINDOWS\system32\XAudio2_7.dll
2014-06-02 20:54:04 ----A---- C:\WINDOWS\system32\XAPOFX1_5.dll
2014-06-02 20:54:03 ----A---- C:\WINDOWS\system32\xactengine3_7.dll
2014-06-02 20:54:03 ----A---- C:\WINDOWS\system32\D3DCompiler_43.dll
2014-06-02 20:54:02 ----A---- C:\WINDOWS\system32\d3dcsx_43.dll
2014-06-02 20:54:01 ----A---- C:\WINDOWS\system32\D3DX9_43.dll
2014-06-02 20:54:01 ----A---- C:\WINDOWS\system32\d3dx11_43.dll
2014-06-02 20:54:01 ----A---- C:\WINDOWS\system32\d3dx10_43.dll
2014-06-02 20:54:00 ----A---- C:\WINDOWS\system32\XAudio2_6.dll
2014-06-02 20:54:00 ----A---- C:\WINDOWS\system32\XAPOFX1_4.dll
2014-06-02 20:54:00 ----A---- C:\WINDOWS\system32\xactengine3_6.dll
2014-06-02 20:53:59 ----A---- C:\WINDOWS\system32\XAudio2_5.dll
2014-06-02 20:53:59 ----A---- C:\WINDOWS\system32\X3DAudio1_7.dll
2014-06-02 20:53:58 ----A---- C:\WINDOWS\system32\xactengine3_5.dll
2014-06-02 20:53:58 ----A---- C:\WINDOWS\system32\D3DCompiler_42.dll
2014-06-02 20:53:57 ----A---- C:\WINDOWS\system32\d3dcsx_42.dll
2014-06-02 20:53:56 ----A---- C:\WINDOWS\system32\d3dx11_42.dll
2014-06-02 20:53:56 ----A---- C:\WINDOWS\system32\d3dx10_42.dll
2014-06-02 20:53:55 ----A---- C:\WINDOWS\system32\D3DX9_42.dll
2014-06-02 20:53:54 ----A---- C:\WINDOWS\system32\D3DX9_41.dll
2014-06-02 20:53:54 ----A---- C:\WINDOWS\system32\d3dx10_41.dll
2014-06-02 20:53:54 ----A---- C:\WINDOWS\system32\D3DCompiler_41.dll
2014-06-02 20:53:53 ----A---- C:\WINDOWS\system32\XAudio2_4.dll
2014-06-02 20:53:53 ----A---- C:\WINDOWS\system32\XAPOFX1_3.dll
2014-06-02 20:53:52 ----A---- C:\WINDOWS\system32\xactengine3_4.dll
2014-06-02 20:53:52 ----A---- C:\WINDOWS\system32\X3DAudio1_6.dll
2014-06-02 20:53:51 ----A---- C:\WINDOWS\system32\d3dx10_40.dll
2014-06-02 20:53:51 ----A---- C:\WINDOWS\system32\D3DCompiler_40.dll
2014-06-02 20:53:50 ----A---- C:\WINDOWS\system32\XAudio2_3.dll
2014-06-02 20:53:50 ----A---- C:\WINDOWS\system32\XAPOFX1_2.dll
2014-06-02 20:53:50 ----A---- C:\WINDOWS\system32\D3DX9_40.dll
2014-06-02 20:53:49 ----A---- C:\WINDOWS\system32\xactengine3_3.dll
2014-06-02 20:53:49 ----A---- C:\WINDOWS\system32\X3DAudio1_5.dll
2014-06-02 20:53:48 ----A---- C:\WINDOWS\system32\XAudio2_2.dll
2014-06-02 20:53:48 ----A---- C:\WINDOWS\system32\XAPOFX1_1.dll
2014-06-02 20:53:48 ----A---- C:\WINDOWS\system32\xactengine3_2.dll
2014-06-02 20:53:47 ----A---- C:\WINDOWS\system32\d3dx10_39.dll
2014-06-02 20:53:47 ----A---- C:\WINDOWS\system32\D3DCompiler_39.dll
2014-06-02 20:53:46 ----A---- C:\WINDOWS\system32\XAudio2_1.dll
2014-06-02 20:53:46 ----A---- C:\WINDOWS\system32\XAPOFX1_0.dll
2014-06-02 20:53:46 ----A---- C:\WINDOWS\system32\D3DX9_39.dll
2014-06-02 20:53:45 ----A---- C:\WINDOWS\system32\xactengine3_1.dll
2014-06-02 20:53:45 ----A---- C:\WINDOWS\system32\X3DAudio1_4.dll
2014-06-02 20:53:44 ----A---- C:\WINDOWS\system32\D3DX9_38.dll
2014-06-02 20:53:44 ----A---- C:\WINDOWS\system32\d3dx10_38.dll
2014-06-02 20:53:44 ----A---- C:\WINDOWS\system32\D3DCompiler_38.dll
2014-06-02 20:53:43 ----A---- C:\WINDOWS\system32\XAudio2_0.dll
2014-06-02 20:53:42 ----A---- C:\WINDOWS\system32\xactengine3_0.dll
2014-06-02 20:53:42 ----A---- C:\WINDOWS\system32\X3DAudio1_3.dll
2014-06-02 20:53:42 ----A---- C:\WINDOWS\system32\D3DCompiler_37.dll
2014-06-02 20:53:41 ----A---- C:\WINDOWS\system32\D3DX9_37.dll
2014-06-02 20:53:41 ----A---- C:\WINDOWS\system32\d3dx10_37.dll
2014-06-02 20:53:40 ----A---- C:\WINDOWS\system32\xactengine2_10.dll
2014-06-02 20:53:39 ----A---- C:\WINDOWS\system32\d3dx9_36.dll
2014-06-02 20:53:39 ----A---- C:\WINDOWS\system32\d3dx10_36.dll
2014-06-02 20:53:39 ----A---- C:\WINDOWS\system32\D3DCompiler_36.dll
2014-06-02 20:53:38 ----A---- C:\WINDOWS\system32\xactengine2_9.dll
2014-06-02 20:53:37 ----A---- C:\WINDOWS\system32\d3dx10_35.dll
2014-06-02 20:53:37 ----A---- C:\WINDOWS\system32\D3DCompiler_35.dll
2014-06-02 20:53:36 ----A---- C:\WINDOWS\system32\d3dx9_35.dll
2014-06-02 20:53:35 ----A---- C:\WINDOWS\system32\xactengine2_8.dll
2014-06-02 20:53:35 ----A---- C:\WINDOWS\system32\X3DAudio1_2.dll
2014-06-02 20:53:34 ----A---- C:\WINDOWS\system32\d3dx10_34.dll
2014-06-02 20:53:34 ----A---- C:\WINDOWS\system32\D3DCompiler_34.dll
2014-06-02 20:53:32 ----A---- C:\WINDOWS\system32\xactengine2_7.dll
2014-06-02 20:53:31 ----A---- C:\WINDOWS\system32\d3dx10_33.dll
2014-06-02 20:53:31 ----A---- C:\WINDOWS\system32\D3DCompiler_33.dll
2014-06-02 20:53:29 ----A---- C:\WINDOWS\system32\d3dx9_33.dll
2014-06-02 20:53:28 ----A---- C:\WINDOWS\system32\xactengine2_6.dll
2014-06-02 20:53:27 ----A---- C:\WINDOWS\system32\xactengine2_5.dll
2014-06-02 20:53:26 ----A---- C:\WINDOWS\system32\xactengine2_4.dll
2014-06-02 20:53:26 ----A---- C:\WINDOWS\system32\x3daudio1_1.dll
2014-06-02 20:53:26 ----A---- C:\WINDOWS\system32\d3dx9_31.dll
2014-06-02 20:53:25 ----A---- C:\WINDOWS\system32\xactengine2_3.dll
2014-06-02 20:53:24 ----A---- C:\WINDOWS\system32\xinput1_2.dll
2014-06-02 20:53:23 ----A---- C:\WINDOWS\system32\xinput1_1.dll
2014-06-02 20:53:23 ----A---- C:\WINDOWS\system32\xactengine2_2.dll
2014-06-02 20:53:22 ----A---- C:\WINDOWS\system32\xactengine2_1.dll
2014-06-02 20:53:18 ----A---- C:\WINDOWS\system32\d3dx9_30.dll
2014-06-02 20:53:17 ----A---- C:\WINDOWS\system32\xactengine2_0.dll
2014-06-02 20:53:17 ----A---- C:\WINDOWS\system32\x3daudio1_0.dll
2014-06-02 20:53:17 ----A---- C:\WINDOWS\system32\d3dx9_29.dll
2014-06-02 20:53:16 ----A---- C:\WINDOWS\system32\xinput9_1_0.dll
2014-06-02 20:53:15 ----A---- C:\WINDOWS\system32\d3dx9_27.dll
2014-06-02 20:53:15 ----A---- C:\WINDOWS\system32\d3dx9_26.dll
2014-06-02 20:53:13 ----A---- C:\WINDOWS\system32\d3dx9_25.dll
2014-06-02 20:53:11 ----A---- C:\WINDOWS\system32\d3dx9_24.dll
2014-06-02 20:50:39 ----D---- C:\WINDOWS\Logs
2014-06-02 19:19:59 ----D---- C:\Program Files\Common Files\DirectX
2014-06-02 19:15:51 ----D---- C:\Program Files\Need for Speed Underground 2
2014-06-02 15:00:56 ----D---- C:\Program Files\Games
2014-06-02 12:51:21 ----A---- C:\WINDOWS\system32\muweb.dll
2014-06-02 12:51:21 ----A---- C:\WINDOWS\system32\mucltui.dll
2014-06-01 14:40:08 ----D---- C:\Program Files\Puzzle Quest
2014-06-01 14:16:07 ----D---- C:\Program Files\OpenAL
2014-06-01 14:16:04 ----D---- C:\WINDOWS\Puzzle Quest
2014-06-01 14:15:39 ----A---- C:\WINDOWS\system32\d3dx9_34.dll
2014-06-01 14:15:37 ----A---- C:\WINDOWS\system32\xinput1_3.dll
2014-06-01 14:15:34 ----A---- C:\WINDOWS\system32\d3dx9_28.dll
2014-06-01 13:43:53 ----D---- C:\Program Files\bfgclient
2014-06-01 13:42:44 ----D---- C:\Documents and Settings\All Users\Application Data\BigFishCache
2014-06-01 10:26:54 ----D---- C:\Documents and Settings\User\Application Data\AnvSoft
2014-06-01 10:26:09 ----D---- C:\Program Files\AnvSoft
2014-06-01 09:35:49 ----HDC---- C:\WINDOWS\$NtUninstallKB2467659$
2014-06-01 09:33:14 ----A---- C:\WINDOWS\system32\ieencode.dll
2014-06-01 09:25:13 ----HDC---- C:\WINDOWS\$NtUninstallKB2909212$
2014-06-01 09:24:57 ----HDC---- C:\WINDOWS\$NtUninstallKB2510581$
2014-06-01 09:24:32 ----HDC---- C:\WINDOWS\$NtUninstallKB2936068$
2014-06-01 09:23:57 ----HDC---- C:\WINDOWS\$NtUninstallKB2964358$
2014-05-31 18:19:46 ----A---- C:\WINDOWS\system32\wrap_oal.dll
2014-05-31 18:19:46 ----A---- C:\WINDOWS\system32\OpenAL32.dll
2014-05-31 12:19:21 ----D---- C:\Program Files\Opera Next
2014-05-31 10:25:10 ----D---- C:\Documents and Settings\User\Application Data\Opera Software
2014-05-31 10:24:55 ----D---- C:\Program Files\Opera
2014-05-30 19:31:28 ----A---- C:\WINDOWS\SchedLgU.Txt
2014-05-30 14:15:13 ----D---- C:\Documents and Settings\User\Application Data\Windows Live Writer
2014-05-30 13:17:36 ----D---- C:\Documents and Settings\User\Application Data\XnView
2014-05-30 12:02:02 ----D---- C:\Program Files\VS Revo Group
2014-05-30 11:32:50 ----HDC---- C:\WINDOWS\$NtUninstallKB2345886$
2014-05-30 11:32:04 ----HDC---- C:\WINDOWS\$NtUninstallKB970430$
2014-05-30 11:16:28 ----A---- C:\WINDOWS\imsins.BAK
2014-05-30 11:15:38 ----HDC---- C:\WINDOWS\$NtUninstallKB961118$
2014-05-30 10:25:51 ----SHD---- C:\Config.Msi
2014-05-29 16:42:29 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2014-05-29 16:41:49 ----D---- C:\Program Files\Spybot - Search & Destroy 2
2014-05-29 16:35:16 ----D---- C:\Documents and Settings\User\Application Data\Mozilla
2014-05-29 16:22:22 ----D---- C:\Documents and Settings\User\Application Data\vlc
2014-05-29 16:21:14 ----D---- C:\Program Files\VideoLAN
2014-05-29 15:45:33 ----D---- C:\Documents and Settings\All Users\Application Data\TEMP
2014-05-29 15:18:55 ----A---- C:\WINDOWS\system32\FlashPlayerApp.exe
2014-05-29 14:48:56 ----D---- C:\Documents and Settings\User\Application Data\WinRAR
2014-05-29 14:47:49 ----D---- C:\Program Files\WinRAR
2014-05-29 13:58:49 ----D---- C:\WINDOWS\system32\XPSViewer
2014-05-29 13:58:42 ----D---- C:\Program Files\MSBuild
2014-05-29 13:58:27 ----D---- C:\Program Files\Reference Assemblies
2014-05-29 13:57:34 ----N---- C:\WINDOWS\system32\prntvpt.dll
2014-05-29 13:57:33 ----N---- C:\WINDOWS\system32\xpsshhdr.dll
2014-05-29 13:57:32 ----N---- C:\WINDOWS\system32\xpssvcs.dll
2014-05-29 13:46:47 ----HDC---- C:\WINDOWS\$NtUninstallKB2868626$
2014-05-29 13:46:33 ----HDC---- C:\WINDOWS\$NtUninstallKB2922229$
2014-05-29 13:46:15 ----HDC---- C:\WINDOWS\$NtUninstallKB2387149$
2014-05-29 13:45:54 ----HDC---- C:\WINDOWS\$NtUninstallKB2712808$
2014-05-29 13:45:36 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$
2014-05-29 13:45:16 ----HDC---- C:\WINDOWS\$NtUninstallKB2479943$
2014-05-29 13:44:59 ----HDC---- C:\WINDOWS\$NtUninstallKB2659262$
2014-05-29 13:44:39 ----HDC---- C:\WINDOWS\$NtUninstallKB2564958$
2014-05-29 13:43:16 ----HDC---- C:\WINDOWS\$NtUninstallKB2916036$
2014-05-29 13:43:03 ----HDC---- C:\WINDOWS\$NtUninstallKB2478971$
2014-05-29 13:42:49 ----HDC---- C:\WINDOWS\$NtUninstallKB2544893-v2$
2014-05-29 13:42:36 ----HDC---- C:\WINDOWS\$NtUninstallKB2834886$
2014-05-29 13:42:23 ----HDC---- C:\WINDOWS\$NtUninstallKB2536276-v2$
2014-05-29 13:42:09 ----HDC---- C:\WINDOWS\$NtUninstallKB2585542$
2014-05-29 13:41:55 ----HDC---- C:\WINDOWS\$NtUninstallKB2631813$
2014-05-29 13:41:41 ----HDC---- C:\WINDOWS\$NtUninstallKB2296011$
2014-05-29 13:41:08 ----HDC---- C:\WINDOWS\$NtUninstallKB2691442$
2014-05-29 13:40:54 ----HDC---- C:\WINDOWS\$NtUninstallKB2900986$
2014-05-29 13:40:41 ----HDC---- C:\WINDOWS\$NtUninstallKB2115168$
2014-05-29 13:40:27 ----HDC---- C:\WINDOWS\$NtUninstallKB975558_WM8$
2014-05-29 13:40:18 ----HDC---- C:\WINDOWS\$NtUninstallKB955759$
2014-05-29 13:40:04 ----HDC---- C:\WINDOWS\$NtUninstallKB2847311$
2014-05-29 13:39:49 ----HDC---- C:\WINDOWS\$NtUninstallKB2378111_WM9$
2014-05-29 13:39:39 ----HDC---- C:\WINDOWS\$NtUninstallKB974318$
2014-05-29 13:39:25 ----HDC---- C:\WINDOWS\$NtUninstallKB969059$
2014-05-29 13:39:11 ----HDC---- C:\WINDOWS\$NtUninstallKB2443105$
2014-05-29 13:38:56 ----HDC---- C:\WINDOWS\$NtUninstallKB2655992$
2014-05-29 13:38:43 ----HDC---- C:\WINDOWS\$NtUninstallKB2802968$
2014-05-29 13:38:29 ----HDC---- C:\WINDOWS\$NtUninstallKB2229593$
2014-05-29 13:38:16 ----HDC---- C:\WINDOWS\$NtUninstallKB2481109$
2014-05-29 13:38:02 ----HDC---- C:\WINDOWS\$NtUninstallKB2898715$
2014-05-29 13:37:48 ----HDC---- C:\WINDOWS\$NtUninstallKB975713$
2014-05-29 13:37:34 ----HDC---- C:\WINDOWS\$NtUninstallKB2485663$
2014-05-29 13:37:21 ----HDC---- C:\WINDOWS\$NtUninstallKB2598479$
2014-05-29 13:37:08 ----HDC---- C:\WINDOWS\$NtUninstallKB2929961$
2014-05-29 13:36:56 ----HDC---- C:\WINDOWS\$NtUninstallKB2686509$
2014-05-29 13:36:41 ----HDC---- C:\WINDOWS\$NtUninstallKB982132$
2014-05-29 13:36:28 ----HDC---- C:\WINDOWS\$NtUninstallKB2862335$
2014-05-29 13:36:04 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$
2014-05-29 13:35:51 ----HDC---- C:\WINDOWS\$NtUninstallKB978338$
2014-05-29 13:35:38 ----HDC---- C:\WINDOWS\$NtUninstallKB954155_WM9$
2014-05-29 13:35:30 ----HDC---- C:\WINDOWS\$NtUninstallKB2507938$
2014-05-29 13:35:17 ----HDC---- C:\WINDOWS\$NtUninstallKB2834904-v2_WM11$
2014-05-29 13:35:08 ----HDC---- C:\WINDOWS\$NtUninstallKB2780091$
2014-05-29 13:34:55 ----HDC---- C:\WINDOWS\$NtUninstallKB972270$
2014-05-29 13:34:42 ----HDC---- C:\WINDOWS\$NtUninstallKB974112$
2014-05-29 13:34:28 ----HDC---- C:\WINDOWS\$NtUninstallKB2904266$
2014-05-29 13:34:15 ----HDC---- C:\WINDOWS\$NtUninstallKB2347290$
2014-05-29 13:34:02 ----HDC---- C:\WINDOWS\$NtUninstallKB2876217$
2014-05-29 13:33:49 ----HDC---- C:\WINDOWS\$NtUninstallKB956844$
2014-05-29 13:33:33 ----HDC---- C:\WINDOWS\$NtUninstallKB2483185$
2014-05-29 13:29:55 ----D---- C:\WINDOWS\system32\MRT
2014-05-29 13:29:47 ----A---- C:\WINDOWS\system32\MRT.exe
2014-05-29 13:29:30 ----HDC---- C:\WINDOWS\$NtUninstallKB979687$
2014-05-29 13:29:18 ----HDC---- C:\WINDOWS\$NtUninstallKB2930275$
2014-05-29 13:29:07 ----HDC---- C:\WINDOWS\$NtUninstallKB2864063$
2014-05-29 13:28:56 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$
2014-05-29 13:28:45 ----HDC---- C:\WINDOWS\$NtUninstallKB975025$
2014-05-29 13:28:34 ----HDC---- C:\WINDOWS\$NtUninstallKB2719985$
2014-05-29 13:28:22 ----HDC---- C:\WINDOWS\$NtUninstallKB974571$
2014-05-29 13:28:11 ----HDC---- C:\WINDOWS\$NtUninstallKB2862152$
2014-05-29 13:28:00 ----HDC---- C:\WINDOWS\$NtUninstallKB2592799$
2014-05-29 13:27:49 ----HDC---- C:\WINDOWS\$NtUninstallKB975560$
2014-05-29 13:27:34 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$
2014-05-29 13:27:22 ----HDC---- C:\WINDOWS\$NtUninstallKB2770660$
2014-05-29 13:27:11 ----HDC---- C:\WINDOWS\$NtUninstallKB941569$
2014-05-29 13:26:34 ----HDC---- C:\WINDOWS\$NtUninstallKB2535512$
2014-05-29 13:26:23 ----HDC---- C:\WINDOWS\$NtUninstallKB977816$
2014-05-29 13:26:12 ----HDC---- C:\WINDOWS\$NtUninstallKB2850869$
2014-05-29 13:26:01 ----HDC---- C:\WINDOWS\$NtUninstallKB2876331$
2014-05-29 13:25:48 ----HDC---- C:\WINDOWS\$NtUninstallKB2859537$
2014-05-29 13:25:37 ----HDC---- C:\WINDOWS\$NtUninstallKB2807986$
2014-05-29 13:25:26 ----HDC---- C:\WINDOWS\$NtUninstallKB2570947$
2014-05-29 13:25:15 ----HDC---- C:\WINDOWS\$NtUninstallKB2868038$
2014-05-29 13:24:54 ----HDC---- C:\WINDOWS\$NtUninstallKB978695_WM9$
2014-05-29 13:24:47 ----HDC---- C:\WINDOWS\$NtUninstallKB2820917$
2014-05-29 13:24:36 ----HDC---- C:\WINDOWS\$NtUninstallKB2603381$
2014-05-29 13:24:24 ----HDC---- C:\WINDOWS\$NtUninstallKB973904$
2014-05-29 13:24:13 ----HDC---- C:\WINDOWS\$NtUninstallKB2893294$
2014-05-29 13:24:02 ----HDC---- C:\WINDOWS\$NtUninstallKB2757638$
2014-05-29 13:23:48 ----HDC---- C:\WINDOWS\$NtUninstallKB973540_WM9$
2014-05-29 13:23:36 ----HDC---- C:\WINDOWS\$NtUninstallKB2419632$
2014-05-29 13:23:24 ----HDC---- C:\WINDOWS\$NtUninstallKB2508429$
2014-05-29 13:23:13 ----HDC---- C:\WINDOWS\$NtUninstallKB2653956$
2014-05-29 13:23:02 ----HDC---- C:\WINDOWS\$NtUninstallKB974392$
2014-05-29 13:22:52 ----HDC---- C:\WINDOWS\$NtUninstallKB2749655$
2014-05-29 13:22:33 ----HDC---- C:\WINDOWS\$NtUninstallKB971029$
2014-05-29 13:22:20 ----HDC---- C:\WINDOWS\$NtUninstallKB2506212$
2014-05-29 13:22:01 ----HDC---- C:\WINDOWS\$NtUninstallKB977914$
2014-05-29 13:21:43 ----HDC---- C:\WINDOWS\$NtUninstallKB2892075$
2014-05-29 13:21:31 ----HDC---- C:\WINDOWS\$NtUninstallKB2698365$
2014-05-29 13:21:21 ----HDC---- C:\WINDOWS\$NtUninstallKB2619339$
2014-05-29 13:21:10 ----HDC---- C:\WINDOWS\$NtUninstallKB2705219-v2$
2014-05-29 13:20:58 ----HDC---- C:\WINDOWS\$NtUninstallKB978542$
2014-05-29 13:20:47 ----HDC---- C:\WINDOWS\$NtUninstallKB979309$
2014-05-29 13:20:36 ----HDC---- C:\WINDOWS\$NtUninstallKB2727528$
2014-05-29 13:20:26 ----HDC---- C:\WINDOWS\$NtUninstallKB979482$
2014-05-29 13:20:15 ----HDC---- C:\WINDOWS\$NtUninstallKB978706$
2014-05-29 13:20:04 ----HDC---- C:\WINDOWS\$NtUninstallKB981997$
2014-05-29 13:19:53 ----HDC---- C:\WINDOWS\$NtUninstallKB2934207$
2014-05-29 13:19:38 ----HDC---- C:\WINDOWS\$NtUninstallKB2723135-v2$
2014-05-29 13:19:26 ----HDC---- C:\WINDOWS\$NtUninstallKB973815$
2014-05-29 13:19:16 ----HDC---- C:\WINDOWS\$NtUninstallKB2862330$
2014-05-29 13:19:01 ----HDC---- C:\WINDOWS\$NtUninstallKB2813345$
2014-05-29 13:18:49 ----HDC---- C:\WINDOWS\$NtUninstallKB2509553$
2014-05-29 13:18:22 ----HDC---- C:\WINDOWS\$NtUninstallKB2676562$
2014-05-29 13:17:31 ----HDC---- C:\WINDOWS\$NtUninstallKB982665$
2014-05-29 13:17:20 ----HDC---- C:\WINDOWS\$NtUninstallKB2478960$
2014-05-29 13:17:05 ----HDC---- C:\WINDOWS\$NtUninstallKB2393802$
2014-05-29 13:16:52 ----HDC---- C:\WINDOWS\$NtUninstallKB2620712$
2014-05-29 13:16:41 ----HDC---- C:\WINDOWS\$NtUninstallKB2566454$
2014-05-29 13:16:31 ----HDC---- C:\WINDOWS\$NtUninstallKB2661637$
2014-05-29 13:16:21 ----HDC---- C:\WINDOWS\$NtUninstallKB2914368$
2014-05-29 13:16:11 ----HDC---- C:\WINDOWS\$NtUninstallKB2584146$
2014-05-29 13:16:00 ----HDC---- C:\WINDOWS\$NtUninstallKB975467$
2014-05-29 13:15:46 ----HDC---- C:\WINDOWS\$NtUninstallKB968389$
2014-05-29 13:15:30 ----HDC---- C:\WINDOWS\$NtUninstallKB2423089$
2014-05-29 12:41:44 ----N---- C:\WINDOWS\system32\browserchoice.exe
2014-05-29 12:39:38 ----N---- C:\WINDOWS\system32\xp_eos.exe
2014-05-29 12:38:01 ----N---- C:\WINDOWS\system32\iacenc.dll
2014-05-29 12:37:21 ----A---- C:\WINDOWS\system32\drivers\aswHwid.sys
2014-05-29 12:37:15 ----A---- C:\WINDOWS\avastSS.scr
2014-05-29 12:19:53 ----D---- C:\Documents and Settings\User\Application Data\AVAST Software
2014-05-29 12:19:17 ----A---- C:\WINDOWS\system32\drivers\aswVmm.sys
2014-05-29 12:19:17 ----A---- C:\WINDOWS\system32\drivers\aswTdi.sys
2014-05-29 12:19:16 ----A---- C:\WINDOWS\system32\drivers\aswsp.sys
2014-05-29 12:19:16 ----A---- C:\WINDOWS\system32\drivers\aswsnx.sys
2014-05-29 12:19:16 ----A---- C:\WINDOWS\system32\drivers\aswRvrt.sys
2014-05-29 12:19:16 ----A---- C:\WINDOWS\system32\drivers\aswrdr.sys
2014-05-29 12:19:16 ----A---- C:\WINDOWS\system32\drivers\aswmonflt.sys
2014-05-29 12:19:15 ----A---- C:\WINDOWS\system32\aswBoot.exe
2014-05-29 12:18:35 ----D---- C:\Program Files\AVAST Software
2014-05-29 12:17:09 ----D---- C:\Documents and Settings\All Users\Application Data\AVAST Software
2014-05-29 12:15:48 ----D---- C:\WINDOWS\system32\PreInstall
2014-05-29 12:15:47 ----HDC---- C:\WINDOWS\$NtUninstallKB898461$
2014-05-29 12:08:37 ----D---- C:\WINDOWS\system32\SoftwareDistribution
======List of files/folders modified in the last 1 month======
2014-06-04 14:04:31 ----D---- C:\WINDOWS\system32\drivers
2014-06-04 09:24:16 ----RD---- C:\Program Files
2014-06-04 07:05:23 ----D---- C:\WINDOWS
2014-06-03 23:39:48 ----D---- C:\WINDOWS\system32\CatRoot2
2014-06-03 18:18:59 ----D---- C:\WINDOWS\system32
2014-06-03 16:48:40 ----D---- C:\WINDOWS\system32\drivers\etc
2014-06-03 15:55:19 ----SD---- C:\WINDOWS\Tasks
2014-06-03 15:55:19 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2014-06-03 11:22:45 ----SHD---- C:\WINDOWS\Installer
2014-06-03 11:22:32 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2014-06-03 11:12:42 ----D---- C:\Program Files\Common Files
2014-06-02 20:54:05 ----D---- C:\WINDOWS\system32\DirectX
2014-06-02 20:54:04 ----HD---- C:\WINDOWS\inf
2014-06-02 20:53:22 ----RSD---- C:\WINDOWS\assembly
2014-06-02 20:53:03 ----D---- C:\WINDOWS\Microsoft.NET
2014-06-02 16:26:44 ----SD---- C:\Documents and Settings\User\Application Data\Microsoft
2014-06-02 15:16:53 ----D---- C:\Program Files\Microsoft Works
2014-06-02 15:12:27 ----RSD---- C:\WINDOWS\Fonts
2014-06-02 15:11:42 ----D---- C:\Program Files\Common Files\Microsoft Shared
2014-06-02 14:02:45 ----D---- C:\WINDOWS\WinSxS
2014-06-02 08:16:03 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2014-06-01 09:55:45 ----RSHDC---- C:\WINDOWS\system32\dllcache
2014-06-01 09:55:44 ----D---- C:\WINDOWS\system32\en-US
2014-06-01 09:55:44 ----D---- C:\WINDOWS\Help
2014-06-01 09:55:44 ----D---- C:\Program Files\Internet Explorer
2014-06-01 09:54:52 ----D---- C:\WINDOWS\ie8updates
2014-06-01 09:54:00 ----D---- C:\WINDOWS\WBEM
2014-06-01 09:54:00 ----D---- C:\WINDOWS\Media
2014-06-01 09:38:38 ----D---- C:\WINDOWS\system32\CatRoot
2014-06-01 09:35:58 ----HD---- C:\WINDOWS\$hf_mig$
2014-06-01 09:27:36 ----D---- C:\WINDOWS\Debug
2014-05-31 14:30:00 ----D---- C:\Program Files\Google
2014-05-30 12:08:06 ----D---- C:\Documents and Settings\All Users\Application Data\Skype
2014-05-30 11:25:49 ----A---- C:\WINDOWS\system.ini
2014-05-30 11:15:41 ----D---- C:\WINDOWS\system32\LogFiles
2014-05-29 16:42:24 ----D---- C:\WINDOWS\system32\config
2014-05-29 13:58:04 ----D---- C:\WINDOWS\system32\spool
2014-05-29 13:48:11 ----D---- C:\WINDOWS\AppPatch
2014-05-29 13:21:00 ----D---- C:\Program Files\Outlook Express
2014-05-29 13:20:06 ----D---- C:\Program Files\Movie Maker
2014-05-29 12:46:03 ----D---- C:\WINDOWS\Prefetch
2014-05-29 12:08:46 ----D---- C:\WINDOWS\SoftwareDistribution
2014-05-28 14:53:52 ----D---- C:\Documents and Settings\User\Application Data\Adobe
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 aswRvrt;avast! Revert; C:\WINDOWS\system32\drivers\aswRvrt.sys [2014-05-29 49944]
R0 aswVmm;avast! VM Monitor; C:\WINDOWS\system32\drivers\aswVmm.sys [2014-05-29 180632]
R0 iaStor;Intel AHCI Controller; C:\WINDOWS\system32\drivers\iaStor.sys [2008-09-12 327192]
R1 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2014-05-29 54832]
R1 aswSnx;aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [2014-05-29 777488]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2014-05-29 411680]
R1 aswTdi;aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [2014-05-29 57672]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 36352]
R2 aswHwid;avast! HardwareID; C:\WINDOWS\system32\drivers\aswHwid.sys [2014-05-29 24184]
R2 aswMonFlt;aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [2014-05-29 67824]
R2 fssfltr;FssFltr; C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys [2009-02-07 55152]
R3 AsusACPI;ASUS ACPI Driver; C:\WINDOWS\system32\DRIVERS\ASUSACPI.sys [2008-04-08 10752]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-14 144384]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2007-12-19 5854688]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2009-04-27 5074944]
R3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller; C:\WINDOWS\system32\DRIVERS\l1c51x86.sys [2009-03-02 38912]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 RT80x86;Ralink 802.11n Wireless Driver; C:\WINDOWS\system32\DRIVERS\RT2860.sys [2009-07-11 1015424]
R3 SNP2UVC;USB2.0 PC Camera (SNP2UVC); C:\WINDOWS\system32\DRIVERS\snp2uvc.sys [2009-03-14 1759616]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2009-04-09 208816]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
R3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2008-03-28 503008]
S3 Ambfilt;Ambfilt; C:\WINDOWS\system32\drivers\Ambfilt.sys [2008-08-05 1684736]
S3 AmUStor;AM USB Stroage Driver; C:\WINDOWS\system32\drivers\AmUStor.SYS []
S3 btaudio;Bluetooth Audio Device; C:\WINDOWS\system32\drivers\btaudio.sys []
S3 BTDriver;Bluetooth Virtual Communications Driver; C:\WINDOWS\system32\DRIVERS\btport.sys []
S3 BTWDNDIS;Bluetooth LAN Access Server; C:\WINDOWS\system32\DRIVERS\btwdndis.sys []
S3 btwhid;btwhid; C:\WINDOWS\system32\DRIVERS\btwhid.sys []
S3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 Monfilt;Monfilt; C:\WINDOWS\system32\drivers\Monfilt.sys [2006-01-04 1389056]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2013-08-09 32384]
S3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 usbvideo;USB Video Device (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2013-07-17 123008]
S3 uvclf;uvclf; C:\WINDOWS\system32\DRIVERS\uvclf.sys [2008-11-19 39040]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-29 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-29 82944]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-05-29 50344]
R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-01-15 226656]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-31 257712]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 fsssvc;Windows Live Family Safety; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2009-02-07 533360]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-19 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
-----------------EOF-----------------
____________________________________________________________________________________
Mam dotaz:
Vcera jak jsem udelal scan PC tim spatnym programem, tak me to vyhodilo 43 infikovanych souboru.
Proc to dneska vyhodilo jen 15 infekci?
-
cernohous13
- VIP in memoriam
- Příspěvky: 8721
- Registrován: 09 pro 2006 06:19
- Bydliště: Jablonec nad Nisou
- Kontaktovat uživatele:
Re: Prosim o kontrolu
odinstaluj C:\Program Files\WinZip Malware Protectoroznačil ti hlavně chybné záznamy v registrech - budou odstraněny při úklidu
Script OTMStáhni OTM z jednoho odkazu a rozbal nejlépe na plochu.
http://oldtimer.geekstogo.com/OTM.exe
http://www.itxassociates.com/OT-Tools/OTM.exe
Spusť program „OTM.exe“
Do okna pod žlutou čáru vlož celý text zeleným písmem ze „Scriptu“
Klikni na červené „MoveIt!“
Při nabídce restartu „YES“
a log potom najdeš v C:\_OTM\MovedFiles\ - dej mi ho sem na kontrolu
Kód: Vybrat vše
:Commands
[resethosts]
[emptytemp]
[emptyflash]
[emptyjava]
[clearallrestorepoints]
:Files
%windir%\system32\*.tmp.dll /s
%windir%\system32\SET*.tmp /s
%windir%\*.tmp /s
C:\WINDOWS\tasks\Microsoft Windows XP End of Service Notification Logon.job - C:\WINDOWS\system32\xp_eos.exe -c
C:\WINDOWS\tasks\Microsoft Windows XP End of Service Notification Monthly.job - C:\WINDOWS\system32\xp_eos.exe
C:\WINDOWS\tasks\Opera scheduled Autoupdate 1401535161.job - C:\Program Files\Opera Next\launcher.exe --scheduledautoupdate
C:\Documents and Settings\User\Application Data\Nico Mak Computing
C:\Documents and Settings\All Users\Application Data\Nico Mak Computing
C:\Program Files\WinZip Malware Protector
C:\WINDOWS\system32\wsusnative32.exe
C:\WINDOWS\zoek-delete.exe
C:\zoek_backup
C:\AdwCleaner
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
C:\Program Files\Spybot - Search & Destroy 2
C:\WINDOWS\system32\xp_eos.exe
:Reg
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"WinZip Malware Protector_startup"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
Doporučení:
V průběhu léčení prováděj nové instalace a odinstalace jen na můj pokyn.
Důkladně prostuduj a proveď celou operaci podle mé odpovědi.
V případě nejasností se zeptej - vysvětlím
-------------------------------------------------------------------------------------------------
> Podpora fóra <
V průběhu léčení prováděj nové instalace a odinstalace jen na můj pokyn.
Důkladně prostuduj a proveď celou operaci podle mé odpovědi.
V případě nejasností se zeptej - vysvětlím
-------------------------------------------------------------------------------------------------
> Podpora fóra <
Re: Prosim o kontrolu
Posilam ten posledni log, co se me dnes udelal.
06.03.2014 06:19:22|firstinstall
06.03.2014 06:19:27|[Registration details]
Key:
Registered:False
DaysLeft:365
InstallDays:0
Expired:False
06.03.2014 06:24:18|1
06.03.2014 06:24:18|6/2/2014 5:58:23 PM
06.03.2014 06:24:22|1
06.03.2014 06:24:22|6/3/2014 3:07:12 PM
06.03.2014 06:24:25|1
06.03.2014 06:24:25|6/3/2014 4:59:43 PM
06.03.2014 06:25:57|frmMain|oScanEngine_oShowScanInitializedEvent()|1
06.03.2014 06:26:00|- DeserializeData after calling pending finailzerCookies
06.03.2014 06:26:04|- DeserializeData after calling pending finailzerFilePaths
06.03.2014 06:26:04|- DeserializeData after calling pending finailzerFolders
06.03.2014 06:26:07|- DeserializeData after calling pending finailzerMd5
06.03.2014 06:26:10|- DeserializeData after calling pending finailzerFileSignature
06.03.2014 06:26:10|- DeserializeData after calling pending finailzerDigSign
06.03.2014 06:26:10|- DeserializeData after calling pending finailzerSetupSign
06.03.2014 06:26:10|- DeserializeData after calling pending finailzerStrSetupSign
06.03.2014 06:26:12|GetProcessModules|Access is denied
For :Idle
06.03.2014 06:26:49|- DeserializeData after calling pending finailzerRegistry
06.03.2014 06:28:20|- DeserializeData after calling pending finailzerFilePaths
06.03.2014 06:28:20|- DeserializeData after calling pending finailzerFolders
06.03.2014 06:28:24|- DeserializeData after calling pending finailzerMd5
06.03.2014 06:28:26|- DeserializeData after calling pending finailzerFileSignature
06.03.2014 06:28:26|- DeserializeData after calling pending finailzerDigSign
06.03.2014 06:28:26|- DeserializeData after calling pending finailzerSetupSign
06.03.2014 06:28:26|- DeserializeData after calling pending finailzerStrSetupSign
06.03.2014 06:35:23|ScanEngine.Utils.CUtils|GetShortcutTargetPath(1)|error:Exception occurred. (Exception from HRESULT: 0x80020009 (DISP_E_EXCEPTION))
06.03.2014 06:44:03|update arm
06.03.2014 06:44:03|ScanEngine.Core.cScanSettings|GetTotalCleanItemsCountARM()UInt32.TryParse|Unable to get value
06.03.2014 06:44:03|delete last scan log
06.03.2014 06:44:03|deleted last scan log
06.03.2014 06:44:10|- DeserializeData after calling pending finailzerFilePaths
06.03.2014 06:44:10|- DeserializeData after calling pending finailzerFolders
06.03.2014 06:44:16|- DeserializeData after calling pending finailzerMd5
06.03.2014 06:44:21|- DeserializeData after calling pending finailzerFileSignature
06.03.2014 06:44:21|- DeserializeData after calling pending finailzerDigSign
06.03.2014 06:44:21|- DeserializeData after calling pending finailzerSetupSign
06.03.2014 06:44:21|- DeserializeData after calling pending finailzerStrSetupSign
06.03.2014 06:44:26||GetWMIAntiVirus()|Error:Not found
06.03.2014 07:31:13|frmMain|oScanEngine_oShowScanInitializedEvent()|1
06.03.2014 07:31:16|- DeserializeData after calling pending finailzerCookies
06.03.2014 07:31:20|- DeserializeData after calling pending finailzerFilePaths
06.03.2014 07:31:20|- DeserializeData after calling pending finailzerFolders
06.03.2014 07:31:28|- DeserializeData after calling pending finailzerMd5
06.03.2014 07:31:34|- DeserializeData after calling pending finailzerFileSignature
06.03.2014 07:31:34|- DeserializeData after calling pending finailzerDigSign
06.03.2014 07:31:34|- DeserializeData after calling pending finailzerSetupSign
06.03.2014 07:31:34|- DeserializeData after calling pending finailzerStrSetupSign
06.03.2014 07:31:37|GetProcessModules|Access is denied
For :Idle
06.03.2014 07:32:15|- DeserializeData after calling pending finailzerRegistry
06.03.2014 07:33:47|- DeserializeData after calling pending finailzerFilePaths
06.03.2014 07:33:47|- DeserializeData after calling pending finailzerFolders
06.03.2014 07:33:52|- DeserializeData after calling pending finailzerMd5
06.03.2014 07:33:55|- DeserializeData after calling pending finailzerFileSignature
06.03.2014 07:33:55|- DeserializeData after calling pending finailzerDigSign
06.03.2014 07:33:55|- DeserializeData after calling pending finailzerSetupSign
06.03.2014 07:33:55|- DeserializeData after calling pending finailzerStrSetupSign
06.03.2014 07:40:37|ScanEngine.Utils.CUtils|GetShortcutTargetPath(1)|error:Exception occurred. (Exception from HRESULT: 0x80020009 (DISP_E_EXCEPTION))
06.03.2014 07:48:56|ScanFileSystem()|UnauthorizedAccessException|Access to the path 'D:\System Volume Information' is denied.
06.03.2014 07:48:56|ScanFileSystem()|Access to the path 'D:\System Volume Information' is denied.
06.03.2014 07:49:00|update arm
06.03.2014 07:49:00|delete last scan log
06.03.2014 07:49:00|deleted last scan log
06.03.2014 08:08:00|autolaunch
06.03.2014 08:08:16|[Registration details]
Key:
Registered:False
DaysLeft:365
InstallDays:0
Expired:False
06.04.2014 07:06:24|autolaunch
06.04.2014 07:06:35|[Registration details]
Key:
Registered:False
DaysLeft:364
InstallDays:1
Expired:False
06.04.2014 08:12:55|autolaunch
06.04.2014 08:12:59|[Registration details]
Key:
Registered:False
DaysLeft:364
InstallDays:1
Expired:False
06.04.2014 12:14:19|1
06.04.2014 12:14:19|6/4/2014 2:59:22 PM
06.04.2014 02:06:26|autolaunch
06.04.2014 02:06:37|[Registration details]
Key:
Registered:False
DaysLeft:364
InstallDays:1
Expired:False
06.04.2014 02:07:45|1
06.04.2014 02:07:45|6/4/2014 5:18:50 PM
06.03.2014 06:19:22|firstinstall
06.03.2014 06:19:27|[Registration details]
Key:
Registered:False
DaysLeft:365
InstallDays:0
Expired:False
06.03.2014 06:24:18|1
06.03.2014 06:24:18|6/2/2014 5:58:23 PM
06.03.2014 06:24:22|1
06.03.2014 06:24:22|6/3/2014 3:07:12 PM
06.03.2014 06:24:25|1
06.03.2014 06:24:25|6/3/2014 4:59:43 PM
06.03.2014 06:25:57|frmMain|oScanEngine_oShowScanInitializedEvent()|1
06.03.2014 06:26:00|- DeserializeData after calling pending finailzerCookies
06.03.2014 06:26:04|- DeserializeData after calling pending finailzerFilePaths
06.03.2014 06:26:04|- DeserializeData after calling pending finailzerFolders
06.03.2014 06:26:07|- DeserializeData after calling pending finailzerMd5
06.03.2014 06:26:10|- DeserializeData after calling pending finailzerFileSignature
06.03.2014 06:26:10|- DeserializeData after calling pending finailzerDigSign
06.03.2014 06:26:10|- DeserializeData after calling pending finailzerSetupSign
06.03.2014 06:26:10|- DeserializeData after calling pending finailzerStrSetupSign
06.03.2014 06:26:12|GetProcessModules|Access is denied
For :Idle
06.03.2014 06:26:49|- DeserializeData after calling pending finailzerRegistry
06.03.2014 06:28:20|- DeserializeData after calling pending finailzerFilePaths
06.03.2014 06:28:20|- DeserializeData after calling pending finailzerFolders
06.03.2014 06:28:24|- DeserializeData after calling pending finailzerMd5
06.03.2014 06:28:26|- DeserializeData after calling pending finailzerFileSignature
06.03.2014 06:28:26|- DeserializeData after calling pending finailzerDigSign
06.03.2014 06:28:26|- DeserializeData after calling pending finailzerSetupSign
06.03.2014 06:28:26|- DeserializeData after calling pending finailzerStrSetupSign
06.03.2014 06:35:23|ScanEngine.Utils.CUtils|GetShortcutTargetPath(1)|error:Exception occurred. (Exception from HRESULT: 0x80020009 (DISP_E_EXCEPTION))
06.03.2014 06:44:03|update arm
06.03.2014 06:44:03|ScanEngine.Core.cScanSettings|GetTotalCleanItemsCountARM()UInt32.TryParse|Unable to get value
06.03.2014 06:44:03|delete last scan log
06.03.2014 06:44:03|deleted last scan log
06.03.2014 06:44:10|- DeserializeData after calling pending finailzerFilePaths
06.03.2014 06:44:10|- DeserializeData after calling pending finailzerFolders
06.03.2014 06:44:16|- DeserializeData after calling pending finailzerMd5
06.03.2014 06:44:21|- DeserializeData after calling pending finailzerFileSignature
06.03.2014 06:44:21|- DeserializeData after calling pending finailzerDigSign
06.03.2014 06:44:21|- DeserializeData after calling pending finailzerSetupSign
06.03.2014 06:44:21|- DeserializeData after calling pending finailzerStrSetupSign
06.03.2014 06:44:26||GetWMIAntiVirus()|Error:Not found
06.03.2014 07:31:13|frmMain|oScanEngine_oShowScanInitializedEvent()|1
06.03.2014 07:31:16|- DeserializeData after calling pending finailzerCookies
06.03.2014 07:31:20|- DeserializeData after calling pending finailzerFilePaths
06.03.2014 07:31:20|- DeserializeData after calling pending finailzerFolders
06.03.2014 07:31:28|- DeserializeData after calling pending finailzerMd5
06.03.2014 07:31:34|- DeserializeData after calling pending finailzerFileSignature
06.03.2014 07:31:34|- DeserializeData after calling pending finailzerDigSign
06.03.2014 07:31:34|- DeserializeData after calling pending finailzerSetupSign
06.03.2014 07:31:34|- DeserializeData after calling pending finailzerStrSetupSign
06.03.2014 07:31:37|GetProcessModules|Access is denied
For :Idle
06.03.2014 07:32:15|- DeserializeData after calling pending finailzerRegistry
06.03.2014 07:33:47|- DeserializeData after calling pending finailzerFilePaths
06.03.2014 07:33:47|- DeserializeData after calling pending finailzerFolders
06.03.2014 07:33:52|- DeserializeData after calling pending finailzerMd5
06.03.2014 07:33:55|- DeserializeData after calling pending finailzerFileSignature
06.03.2014 07:33:55|- DeserializeData after calling pending finailzerDigSign
06.03.2014 07:33:55|- DeserializeData after calling pending finailzerSetupSign
06.03.2014 07:33:55|- DeserializeData after calling pending finailzerStrSetupSign
06.03.2014 07:40:37|ScanEngine.Utils.CUtils|GetShortcutTargetPath(1)|error:Exception occurred. (Exception from HRESULT: 0x80020009 (DISP_E_EXCEPTION))
06.03.2014 07:48:56|ScanFileSystem()|UnauthorizedAccessException|Access to the path 'D:\System Volume Information' is denied.
06.03.2014 07:48:56|ScanFileSystem()|Access to the path 'D:\System Volume Information' is denied.
06.03.2014 07:49:00|update arm
06.03.2014 07:49:00|delete last scan log
06.03.2014 07:49:00|deleted last scan log
06.03.2014 08:08:00|autolaunch
06.03.2014 08:08:16|[Registration details]
Key:
Registered:False
DaysLeft:365
InstallDays:0
Expired:False
06.04.2014 07:06:24|autolaunch
06.04.2014 07:06:35|[Registration details]
Key:
Registered:False
DaysLeft:364
InstallDays:1
Expired:False
06.04.2014 08:12:55|autolaunch
06.04.2014 08:12:59|[Registration details]
Key:
Registered:False
DaysLeft:364
InstallDays:1
Expired:False
06.04.2014 12:14:19|1
06.04.2014 12:14:19|6/4/2014 2:59:22 PM
06.04.2014 02:06:26|autolaunch
06.04.2014 02:06:37|[Registration details]
Key:
Registered:False
DaysLeft:364
InstallDays:1
Expired:False
06.04.2014 02:07:45|1
06.04.2014 02:07:45|6/4/2014 5:18:50 PM
-
cernohous13
- VIP in memoriam
- Příspěvky: 8721
- Registrován: 09 pro 2006 06:19
- Bydliště: Jablonec nad Nisou
- Kontaktovat uživatele:
Re: Prosim o kontrolu
Smůla, tohle mě ale vůbec nedojímá, čekám na log po provedení akce OTM 
Doporučení:
V průběhu léčení prováděj nové instalace a odinstalace jen na můj pokyn.
Důkladně prostuduj a proveď celou operaci podle mé odpovědi.
V případě nejasností se zeptej - vysvětlím
-------------------------------------------------------------------------------------------------
> Podpora fóra <
V průběhu léčení prováděj nové instalace a odinstalace jen na můj pokyn.
Důkladně prostuduj a proveď celou operaci podle mé odpovědi.
V případě nejasností se zeptej - vysvětlím
-------------------------------------------------------------------------------------------------
> Podpora fóra <
Přispějete na provoz fóra?