VIRY.CZ

Otvorila som video, ktore mi bolo poslane cez webovu stranky www.tagged.com. Vyzera to ako falosny antivirus. Nekolko krat do minuty obtazuje zakupenim licencie a nedari sa nam ho najst a odinstalovat. Malwarebytes' Anti-Malware tento program mi nasiel okolo vyse 30 virusov a trojskych koni.

Logfile of random's system information tool 1.06 (written by random/random)
Run by janaperfect at 2009-11-08 20:20:12
Microsoft® Windows Vista™ Home Premium Service Pack 2
System drive C: has 264 GB (89%) free of 295 GB
Total RAM: 3000 MB (62% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:20:30, on 08/11/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v7.00 (7.00.6002.18005)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Windows\PLFSetI.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe
C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Users\JANAPE~1\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\janaperfect\Downloads\RSIT.exe
C:\Program Files\trend micro\janaperfect.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACA ... spire_5738
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACA ... spire_5738
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACA ... spire_5738
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Pomocník pri prihlasovaní v sieti Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
O4 - HKLM\..\Run: [PLFSetI] C:\Windows\PLFSetI.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe
O4 - HKLM\..\Run: [BackupManagerTray] "C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -k
O4 - HKLM\..\Run: [Acer ePower Management] C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe
O4 - HKLM\..\Run: [EgisTecLiveUpdate] "C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe"
O4 - HKLM\..\Run: [mwlDaemon] C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\RunOnce: [SafetyCenter] c:\SafetyCenter\start.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: Orion.lnk = C:\Program Files\Convesoft\Orion\Messenger.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Pridat do blogu - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Pridat do blogu v programe Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Avira AntiVir MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Avira AntiVir WebGuard (AntiVirWebService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MyWinLocker Service (MWLService) - Egis Technology Inc. - C:\Program Files\EgisTec\MyWinLocker 3\x86\\MWLService.exe
O23 - Service: NTI IScheduleSvc - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe

--
End of file - 9939 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Google Software Updater.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2009-05-19 137600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocník pri prihlasovaní v sieti Windows Live - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-09-06 256112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll [2009-09-25 762864]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll [2009-09-06 458736]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]
Windows Live Toolbar Helper - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-09-06 256112]
{21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-21 1008184]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2009-01-09 150040]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2009-01-09 178712]
"Persistence"=C:\Windows\system32\igfxpers.exe [2009-01-09 154136]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [2009-02-19 6793760]
"PLFSetI"=C:\Windows\PLFSetI.exe [2008-07-29 200704]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2008-12-05 1410344]
"LManager"=C:\Program Files\Launch Manager\LManager.exe [2009-02-19 866824]
"BackupManagerTray"=C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe [2009-04-11 249600]
"Acer ePower Management"=C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe [2009-04-15 440864]
"EgisTecLiveUpdate"=C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe [2009-05-13 199464]
"mwlDaemon"=C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe [2009-05-14 345384]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-09-05 417792]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-09-08 305440]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2007-08-24 33648]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]
"Malwarebytes Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2009-09-10 1312080]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"WindowsWelcomeCenter"=oobefldr.dll,ShowWelcomeCenter []
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-09-05 68856]
"Skype"=C:\Program Files\Skype\\Phone\Skype.exe [2009-10-09 25623336]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-21 202240]
"msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-07-26 3883856]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SafetyCenter"=c:\SafetyCenter\start.exe [2009-11-08 986624]

C:\Users\janaperfect\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Orion.lnk - C:\Program Files\Convesoft\Orion\Messenger.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2008-12-23 221184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MpfService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"EnableLUA"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6a1350dc-a5c0-11de-a70b-001f16a92829}]
shell\AutoRun\command - dogyx90.exe
shell\open\command - dogyx90.exe

======List of files/folders created in the last 1 months======

2009-11-08 20:20:12 ----D---- C:\rsit
2009-11-08 20:20:12 ----D---- C:\Program Files\trend micro
2009-11-08 18:43:52 ----D---- C:\Windows\system32\eu-ES
2009-11-08 18:43:52 ----D---- C:\Windows\system32\ca-ES
2009-11-08 18:43:51 ----D---- C:\Windows\system32\vi-VN
2009-11-08 18:26:50 ----D---- C:\Windows\system32\EventProviders
2009-11-08 18:15:47 ----D---- C:\Users\janaperfect\AppData\Roaming\Avira
2009-11-08 17:59:49 ----D---- C:\SafetyCenter
2009-11-05 18:56:10 ----A---- C:\Windows\system32\mshtml.dll
2009-11-03 07:38:27 ----D---- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2009-11-02 11:21:09 ----N---- C:\Windows\system32\MpSigStub.exe
2009-11-01 11:47:34 ----D---- C:\ProgramData\Avira
2009-11-01 11:47:34 ----D---- C:\Program Files\Avira
2009-11-01 11:41:09 ----D---- C:\Program Files\Microsoft Visual Studio
2009-11-01 11:41:08 ----D---- C:\Program Files\Common Files\DESIGNER
2009-11-01 11:39:58 ----D---- C:\Program Files\Microsoft.NET
2009-11-01 11:37:11 ----D---- C:\Program Files\Microsoft Visual Studio 8
2009-11-01 10:41:22 ----D---- C:\Users\janaperfect\AppData\Roaming\Malwarebytes
2009-11-01 10:41:17 ----D---- C:\ProgramData\Malwarebytes
2009-11-01 10:41:17 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-10-30 18:54:20 ----A---- C:\Windows\system32\wups2.dll
2009-10-30 18:54:20 ----A---- C:\Windows\system32\wucltux.dll
2009-10-30 18:54:20 ----A---- C:\Windows\system32\wuaueng.dll
2009-10-30 18:54:20 ----A---- C:\Windows\system32\wuauclt.exe
2009-10-30 18:54:00 ----A---- C:\Windows\system32\wups.dll
2009-10-30 18:54:00 ----A---- C:\Windows\system32\wudriver.dll
2009-10-30 18:54:00 ----A---- C:\Windows\system32\wuapi.dll
2009-10-30 18:53:54 ----A---- C:\Windows\system32\wuwebv.dll
2009-10-30 18:53:54 ----A---- C:\Windows\system32\wuapp.exe
2009-10-28 23:28:25 ----A---- C:\Windows\system32\wmp.dll
2009-10-28 23:28:23 ----A---- C:\Windows\system32\unregmp2.exe
2009-10-28 23:28:21 ----A---- C:\Windows\system32\wmploc.DLL
2009-10-16 22:52:28 ----A---- C:\Windows\system32\lsasrv.dll
2009-10-16 22:52:27 ----A---- C:\Windows\system32\wdigest.dll
2009-10-16 22:52:27 ----A---- C:\Windows\system32\msv1_0.dll
2009-10-16 22:52:26 ----A---- C:\Windows\system32\secur32.dll
2009-10-16 22:52:25 ----A---- C:\Windows\system32\lsass.exe
2009-10-16 22:52:19 ----A---- C:\Windows\system32\ieframe.dll
2009-10-16 22:52:17 ----A---- C:\Windows\system32\wininet.dll
2009-10-16 22:52:16 ----A---- C:\Windows\system32\urlmon.dll
2009-10-16 22:52:14 ----A---- C:\Windows\system32\ieapfltr.dll
2009-10-16 22:52:12 ----A---- C:\Windows\system32\ieui.dll
2009-10-16 22:52:10 ----A---- C:\Windows\system32\ieencode.dll
2009-10-16 22:52:01 ----A---- C:\Windows\system32\ntkrnlpa.exe
2009-10-16 22:52:00 ----A---- C:\Windows\system32\ntoskrnl.exe
2009-10-16 22:51:30 ----A---- C:\Windows\system32\msasn1.dll
2009-10-16 22:51:23 ----A---- C:\Windows\system32\WMSPDMOD.DLL

======List of files/folders modified in the last 1 months======

2009-11-08 20:20:16 ----D---- C:\Windows\Temp
2009-11-08 20:20:12 ----RD---- C:\Program Files
2009-11-08 20:10:26 ----D---- C:\Program Files\Mozilla Firefox
2009-11-08 19:59:38 ----D---- C:\Windows\System32
2009-11-08 19:59:38 ----D---- C:\Windows\inf
2009-11-08 19:59:38 ----A---- C:\Windows\system32\PerfStringBackup.INI
2009-11-08 19:54:56 ----D---- C:\Windows\Tasks
2009-11-08 19:29:02 ----D---- C:\Windows\rescache
2009-11-08 18:53:33 ----D---- C:\Windows\Microsoft.NET
2009-11-08 18:53:32 ----RSD---- C:\Windows\assembly
2009-11-08 18:50:43 ----D---- C:\Windows
2009-11-08 18:50:38 ----D---- C:\Windows\system32\catroot
2009-11-08 18:50:37 ----SHD---- C:\Boot
2009-11-08 18:50:34 ----D---- C:\Windows\Prefetch
2009-11-08 18:45:17 ----D---- C:\Program Files\Windows Mail
2009-11-08 18:45:17 ----D---- C:\Program Files\Windows Calendar
2009-11-08 18:45:17 ----D---- C:\Program Files\Movie Maker
2009-11-08 18:45:15 ----D---- C:\Program Files\Windows Sidebar
2009-11-08 18:45:15 ----D---- C:\Program Files\Internet Explorer
2009-11-08 18:45:14 ----D---- C:\Program Files\Windows Media Player
2009-11-08 18:45:14 ----D---- C:\Program Files\Windows Journal
2009-11-08 18:45:14 ----D---- C:\Program Files\Windows Collaboration
2009-11-08 18:45:11 ----D---- C:\Program Files\Windows Photo Gallery
2009-11-08 18:45:11 ----D---- C:\Program Files\Common Files\System
2009-11-08 18:45:07 ----D---- C:\Windows\servicing
2009-11-08 18:45:07 ----D---- C:\Windows\ehome
2009-11-08 18:45:07 ----D---- C:\Program Files\Windows Defender
2009-11-08 18:44:57 ----D---- C:\Windows\system32\XPSViewer
2009-11-08 18:44:57 ----D---- C:\Windows\IME
2009-11-08 18:44:56 ----D---- C:\Windows\system32\sk-SK
2009-11-08 18:44:56 ----D---- C:\Windows\system32\lv-LV
2009-11-08 18:44:56 ----D---- C:\Windows\system32\ko-KR
2009-11-08 18:44:56 ----D---- C:\Windows\system32\hr-HR
2009-11-08 18:44:56 ----D---- C:\Windows\system32\et-EE
2009-11-08 18:44:56 ----D---- C:\Windows\system32\da-DK
2009-11-08 18:44:55 ----D---- C:\Windows\system32\en-US
2009-11-08 18:44:54 ----D---- C:\Windows\system32\oobe
2009-11-08 18:44:54 ----D---- C:\Windows\system32\it-IT
2009-11-08 18:44:54 ----D---- C:\Windows\system32\el-GR
2009-11-08 18:44:54 ----D---- C:\Windows\system32\de-DE
2009-11-08 18:44:53 ----D---- C:\Windows\system32\migration
2009-11-08 18:44:49 ----D---- C:\Windows\system32\sv-SE
2009-11-08 18:44:49 ----D---- C:\Windows\system32\SLUI
2009-11-08 18:44:49 ----D---- C:\Windows\system32\setup
2009-11-08 18:44:49 ----D---- C:\Windows\system32\ru-RU
2009-11-08 18:44:49 ----D---- C:\Windows\system32\pt-PT
2009-11-08 18:44:49 ----D---- C:\Windows\system32\hu-HU
2009-11-08 18:44:49 ----D---- C:\Windows\system32\he-IL
2009-11-08 18:44:49 ----D---- C:\Windows\system32\fr-FR
2009-11-08 18:44:49 ----D---- C:\Windows\system32\fi-FI
2009-11-08 18:44:49 ----D---- C:\Windows\system32\cs-CZ
2009-11-08 18:44:49 ----D---- C:\Windows\system32\AdvancedInstallers
2009-11-08 18:44:48 ----D---- C:\Windows\system32\zh-TW
2009-11-08 18:44:48 ----D---- C:\Windows\system32\zh-CN
2009-11-08 18:44:48 ----D---- C:\Windows\system32\uk-UA
2009-11-08 18:44:48 ----D---- C:\Windows\system32\sr-Latn-CS
2009-11-08 18:44:48 ----D---- C:\Windows\system32\sl-SI
2009-11-08 18:44:48 ----D---- C:\Windows\system32\ro-RO
2009-11-08 18:44:48 ----D---- C:\Windows\system32\pl-PL
2009-11-08 18:44:48 ----D---- C:\Windows\system32\manifeststore
2009-11-08 18:44:48 ----D---- C:\Windows\system32\ja-JP
2009-11-08 18:44:48 ----D---- C:\Windows\system32\es-ES
2009-11-08 18:44:48 ----D---- C:\Windows\system32\en
2009-11-08 18:44:48 ----D---- C:\Windows\system32\bg-BG
2009-11-08 18:44:46 ----D---- C:\Windows\system32\th-TH
2009-11-08 18:44:46 ----D---- C:\Windows\system32\drivers
2009-11-08 18:44:45 ----D---- C:\Windows\system32\wbem
2009-11-08 18:44:45 ----D---- C:\Windows\system32\tr-TR
2009-11-08 18:44:44 ----D---- C:\Windows\system32\nl-NL
2009-11-08 18:44:44 ----D---- C:\Windows\system32\nb-NO
2009-11-08 18:44:44 ----D---- C:\Windows\system32\lt-LT
2009-11-08 18:44:44 ----D---- C:\Windows\system32\ar-SA
2009-11-08 18:44:43 ----D---- C:\Windows\system32\pt-BR
2009-11-08 18:44:43 ----D---- C:\Windows\system32\migwiz
2009-11-08 18:43:59 ----RSD---- C:\Windows\Fonts
2009-11-08 18:43:58 ----D---- C:\Windows\AppPatch
2009-11-08 18:43:51 ----D---- C:\Windows\system32\Boot
2009-11-08 18:43:04 ----D---- C:\Windows\system32\RTCOM
2009-11-08 18:37:21 ----D---- C:\Windows\winsxs
2009-11-08 18:28:13 ----SHD---- C:\System Volume Information
2009-11-08 18:17:06 ----D---- C:\Users\janaperfect\AppData\Roaming\Skype
2009-11-08 16:01:13 ----D---- C:\Users\janaperfect\AppData\Roaming\skypePM
2009-11-08 14:20:39 ----D---- C:\Windows\Debug
2009-11-05 18:55:39 ----D---- C:\Windows\system32\catroot2
2009-11-03 07:38:50 ----SHD---- C:\Windows\Installer
2009-11-03 07:38:50 ----D---- C:\ProgramData\Microsoft Help
2009-11-01 20:25:30 ----A---- C:\Windows\win.ini
2009-11-01 20:23:46 ----D---- C:\Program Files\Common Files\microsoft shared
2009-11-01 11:47:34 ----HD---- C:\ProgramData
2009-11-01 11:42:02 ----D---- C:\Program Files\MSBuild
2009-11-01 11:41:33 ----D---- C:\Program Files\Microsoft Office
2009-11-01 11:41:08 ----D---- C:\Program Files\Common Files
2009-11-01 11:41:03 ----D---- C:\Windows\ShellNew
2009-11-01 11:39:58 ----SD---- C:\Users\janaperfect\AppData\Roaming\Microsoft
2009-11-01 11:39:58 ----SD---- C:\ProgramData\Microsoft
2009-11-01 10:46:15 ----D---- C:\Windows\system32\Tasks
2009-11-01 10:44:22 ----D---- C:\ProgramData\McAfee
2009-10-29 21:33:56 ----D---- C:\Program Files\Google
2009-10-29 21:32:31 ----D---- C:\Program Files\Acer GameZone
2009-10-29 21:31:09 ----D---- C:\ProgramData\Google
2009-10-29 21:30:42 ----D---- C:\Program Files\Yahoo!
2009-10-29 21:11:45 ----HD---- C:\Program Files\InstallShield Installation Information
2009-10-29 21:11:32 ----D---- C:\Program Files\eSobi
2009-10-29 21:01:41 ----D---- C:\Program Files\Acer
2009-10-29 21:00:56 ----D---- C:\ProgramData\CyberLink
2009-10-12 00:59:10 ----D---- C:\Windows\system32\WDI

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys [2009-02-13 11608]
R1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [2009-03-30 96104]
R1 ssmdrv;ssmdrv; C:\Windows\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520]
R2 avgntflt;avgntflt; C:\Windows\system32\DRIVERS\avgntflt.sys [2009-07-28 55656]
R2 irda;IrDA Protocol; C:\Windows\system32\DRIVERS\irda.sys [2008-01-21 95744]
R2 mwlPSDFilter;mwlPSDFilter; C:\Windows\system32\DRIVERS\mwlPSDFilter.sys [2008-10-09 19504]
R2 mwlPSDNServ;mwlPSDNServ; C:\Windows\system32\DRIVERS\mwlPSDNServ.sys [2008-10-09 16432]
R2 mwlPSDVDisk;mwlPSDVDisk; C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys [2008-10-09 59952]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\Windows\system32\DRIVERS\AGRSM.sys [2008-02-29 1202560]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2008-12-29 952832]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-21 14208]
R3 DKbFltr;Dritek Keyboard Filter Driver; C:\Windows\system32\DRIVERS\DKbFltr.sys [2006-11-03 21264]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2008-12-23 2476032]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2009-02-19 2323680]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI; C:\Windows\system32\drivers\IntcHdmi.sys [2008-09-22 112128]
R3 k57nd60x;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\k57nd60x.sys [2008-09-04 223232]
R3 NTIDrvr;Upper Class Filter Driver; C:\Windows\system32\Drivers\NTIDrvr.sys [2009-03-25 15360]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2008-12-05 204976]
R3 usbvideo;USB Video Device (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-21 134016]
R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-01-21 11264]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2008-01-21 179712]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632]
S3 fssfltr;FssFltr; C:\Windows\system32\DRIVERS\fssfltr.sys [2009-08-05 54632]
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016]
S3 NSCIRDA;NSC Infrared Device Driver; C:\Windows\system32\DRIVERS\nscirda.sys [2008-01-21 30720]
S3 RTSTOR;Realtek USB 2.0 Card Reader; C:\Windows\system32\drivers\RTSTOR.SYS [2008-12-02 62976]
S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2009-08-28 40448]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-21 39936]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]
S4 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2008-01-21 88576]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AgereModemAudio;Agere Modem Call Progress Audio; C:\Windows\system32\agrsmsvc.exe [2008-03-18 13312]
R2 AntiVirMailService;Avira AntiVir MailGuard; C:\Program Files\Avira\AntiVir Desktop\avmailc.exe [2009-05-11 194817]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-07-21 185089]
R2 AntiVirWebService;Avira AntiVir WebGuard; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [2009-05-12 434945]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-08-28 144672]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 ePowerSvc;Acer ePower Service; C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe [2009-04-15 703008]
R2 Irmon;@%SystemRoot%\System32\irmon.dll,-2000; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 MWLService;MyWinLocker Service; C:\Program Files\EgisTec\MyWinLocker 3\x86\\MWLService.exe [2009-05-14 305448]
R2 NTI IScheduleSvc;NTI IScheduleSvc; C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2009-04-11 61184]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-09-23 144632]
R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-05-19 240512]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-09-08 545568]
S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-09-11 194032]
S3 fsssvc;Služba Bezpecnost rodiny v službe Windows Live; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2009-08-05 704864]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2007-08-24 68464]
S3 NTIBackupSvc;NTI Backup Now 5 Backup Service; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-09-23 50424]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]

-----------------EOF-----------------

a jeste log z combofixu. predpokladam ze by mi byl doporucen.

ComboFix 09-11-06.03 - janaperfect 08/11/2009 21:11.1.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.3000.1946 [GMT 0:00]
Running from: c:\users\janaperfect\Downloads\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-1532837770-1080338674-2631915440-500
c:\windows\010112010146101105.rx
c:\windows\Suyin.reg

.
((((((((((((((((((((((((( Files Created from 2009-10-08 to 2009-11-08 )))))))))))))))))))))))))))))))
.

2009-11-08 20:20 . 2009-11-08 20:20 -------- d-----w- C:\rsit
2009-11-08 20:20 . 2009-11-08 20:20 4096 d-----w- c:\program files\trend micro
2009-11-08 18:43 . 2009-11-08 18:44 -------- d-----w- c:\windows\system32\ca-ES
2009-11-08 18:43 . 2009-11-08 18:44 -------- d-----w- c:\windows\system32\eu-ES
2009-11-08 18:43 . 2009-11-08 18:44 -------- d-----w- c:\windows\system32\vi-VN
2009-11-08 18:26 . 2009-11-08 18:26 4096 d-----w- c:\windows\system32\EventProviders
2009-11-08 18:15 . 2009-11-08 18:15 -------- d-----w- c:\users\janaperfect\AppData\Roaming\Avira
2009-11-08 17:59 . 2009-11-08 17:59 4096 d-----w- C:\SafetyCenter
2009-11-03 07:38 . 2009-11-03 07:38 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2009-11-02 11:21 . 2009-11-02 20:42 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-11-01 11:47 . 2009-07-28 16:33 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-11-01 11:47 . 2009-03-30 10:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-11-01 11:47 . 2009-11-01 11:47 -------- d-----w- c:\programdata\Avira
2009-11-01 11:47 . 2009-11-01 11:47 -------- d-----w- c:\program files\Avira
2009-11-01 11:39 . 2009-11-01 11:39 -------- d-----w- c:\program files\Microsoft.NET
2009-11-01 11:37 . 2009-11-01 11:37 4096 d-----w- c:\program files\Microsoft Visual Studio 8
2009-11-01 10:41 . 2009-11-01 10:41 -------- d-----w- c:\users\janaperfect\AppData\Roaming\Malwarebytes
2009-11-01 10:41 . 2009-09-10 14:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-01 10:41 . 2009-11-01 10:41 4096 d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-01 10:41 . 2009-11-01 10:41 -------- d-----w- c:\programdata\Malwarebytes
2009-11-01 10:41 . 2009-09-10 14:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-30 18:54 . 2009-08-07 02:24 44768 ----a-w- c:\windows\system32\wups2.dll
2009-10-30 18:54 . 2009-08-07 02:24 53472 ----a-w- c:\windows\system32\wuauclt.exe
2009-10-30 18:54 . 2009-08-07 02:23 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-10-30 18:54 . 2009-08-07 01:45 2421760 ----a-w- c:\windows\system32\wucltux.dll
2009-10-30 18:54 . 2009-08-07 02:24 35552 ----a-w- c:\windows\system32\wups.dll
2009-10-30 18:54 . 2009-08-07 02:23 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-10-30 18:54 . 2009-08-07 01:44 87552 ----a-w- c:\windows\system32\wudriver.dll
2009-10-30 18:53 . 2009-08-06 19:23 171608 ----a-w- c:\windows\system32\wuwebv.dll
2009-10-30 18:53 . 2009-08-06 18:44 33792 ----a-w- c:\windows\system32\wuapp.exe
2009-10-28 23:28 . 2009-09-10 14:58 310784 ----a-w- c:\windows\system32\unregmp2.exe
2009-10-28 23:28 . 2009-09-10 14:59 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-10-16 22:51 . 2009-09-04 11:41 60928 ----a-w- c:\windows\system32\msasn1.dll
2009-10-16 22:51 . 2009-09-14 09:29 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2009-10-16 22:51 . 2009-05-08 12:53 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-08 18:45 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2009-11-08 18:45 . 2006-11-02 11:18 4096 d-----w- c:\program files\Windows Mail
2009-11-08 18:45 . 2006-11-02 12:37 4096 d-----w- c:\program files\Windows Sidebar
2009-11-08 18:45 . 2006-11-02 12:37 4096 d-----w- c:\program files\Windows Journal
2009-11-08 18:45 . 2006-11-02 12:37 4096 d-----w- c:\program files\Windows Collaboration
2009-11-08 18:45 . 2006-11-02 12:37 4096 d-----w- c:\program files\Windows Photo Gallery
2009-11-08 18:45 . 2006-11-02 12:37 4096 d-----w- c:\program files\Windows Defender
2009-11-08 18:43 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-11-08 18:17 . 2009-09-11 18:27 4096 d-----w- c:\users\janaperfect\AppData\Roaming\Skype
2009-11-08 16:01 . 2009-09-11 18:31 12288 d-----w- c:\users\janaperfect\AppData\Roaming\skypePM
2009-11-03 07:38 . 2009-02-18 12:10 12288 d-----w- c:\programdata\Microsoft Help
2009-11-01 11:55 . 2009-09-05 23:50 101856 ----a-w- c:\users\janaperfect\AppData\Local\GDIPFONTCACHEV1.DAT
2009-11-01 11:42 . 2006-11-02 12:37 -------- d-----w- c:\program files\MSBuild
2009-11-01 10:44 . 2009-02-18 11:55 4096 d-----w- c:\programdata\McAfee
2009-10-31 23:20 . 2009-09-08 17:45 6080 ----a-w- c:\users\janaperfect\AppData\Local\d3d9caps.dat
2009-10-29 21:33 . 2009-09-05 23:49 4096 d-----w- c:\program files\Google
2009-10-29 21:32 . 2009-02-18 12:01 8192 d-----w- c:\program files\Acer GameZone
2009-10-29 21:30 . 2009-09-06 03:42 -------- d-----w- c:\program files\Yahoo!
2009-10-29 21:11 . 2009-02-11 20:16 4096 d--h--w- c:\program files\InstallShield Installation Information
2009-10-29 21:11 . 2009-06-19 11:12 -------- d-----w- c:\program files\eSobi
2009-10-29 21:01 . 2009-06-19 11:10 -------- d-----w- c:\program files\Acer
2009-10-29 21:00 . 2009-02-18 12:22 -------- d-----w- c:\programdata\CyberLink
2009-10-29 20:57 . 2009-02-18 12:23 36864 ----a-w- c:\programdata\Temp\{2637C347-9DAD-11D6-9EA2-00055D0CA761}\PostBuild.exe
2009-09-23 08:07 . 2009-09-22 19:51 4096 d-----w- c:\program files\Microsoft Silverlight
2009-09-23 08:06 . 2009-02-18 12:11 28672 d-----w- c:\program files\Microsoft Works
2009-09-22 19:51 . 2009-02-18 12:26 4096 d-----w- c:\program files\Windows Live
2009-09-22 19:50 . 2009-09-22 19:50 -------- d-----w- c:\program files\Microsoft Sync Framework
2009-09-22 19:47 . 2009-09-22 19:47 -------- d-----w- c:\program files\Microsoft
2009-09-18 21:36 . 2009-09-18 21:36 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2009-09-18 21:36 . 2009-09-11 21:43 -------- d-----w- c:\programdata\Apple
2009-09-12 19:55 . 2009-09-12 19:55 -------- d-----w- c:\users\janaperfect\AppData\Roaming\SoftDMA
2009-09-12 19:55 . 2009-09-12 19:55 -------- d-----w- c:\users\janaperfect\AppData\Roaming\CyberLink
2009-09-11 22:23 . 2009-09-11 22:23 4096 d-----w- c:\programdata\Google Updater
2009-09-11 22:07 . 2009-09-11 22:04 -------- d-----w- c:\users\janaperfect\AppData\Roaming\Apple Computer
2009-09-11 22:03 . 2009-09-11 22:00 4096 d-----w- c:\program files\iTunes
2009-09-11 22:03 . 2009-09-11 22:00 -------- d-----w- c:\programdata\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-09-11 22:00 . 2009-09-11 22:00 -------- d-----w- c:\program files\iPod
2009-09-11 22:00 . 2009-09-11 21:43 -------- d-----w- c:\program files\Common Files\Apple
2009-09-11 22:00 . 2009-09-11 21:49 -------- d-----w- c:\programdata\Apple Computer
2009-09-11 21:52 . 2009-09-11 21:52 -------- d-----w- c:\program files\Bonjour
2009-09-11 21:51 . 2009-09-11 21:49 4096 d-----w- c:\program files\QuickTime
2009-09-11 21:46 . 2009-09-11 21:46 4096 d-----w- c:\program files\Apple Software Update
2009-09-11 21:13 . 2009-09-11 21:13 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2009-09-11 20:06 . 2009-09-11 18:45 4096 d-----w- c:\users\janaperfect\AppData\Roaming\vlc
2009-09-11 18:51 . 2009-06-19 11:12 -------- d-----w- c:\programdata\eSobi
2009-09-11 18:49 . 2009-09-11 18:49 -------- d-----w- c:\users\janaperfect\AppData\Roaming\eSobi
2009-09-11 18:43 . 2009-09-11 18:43 -------- d-----w- c:\program files\VideoLAN
2009-09-11 18:31 . 2009-09-11 18:31 56 ---ha-w- c:\programdata\ezsidmv.dat
2009-09-11 18:27 . 2009-09-11 18:26 -------- d-----r- c:\program files\Skype
2009-09-11 18:26 . 2009-09-11 18:26 -------- d-----w- c:\program files\Common Files\Skype
2009-09-11 18:26 . 2009-09-11 18:26 -------- d-----w- c:\programdata\Skype
2009-09-10 18:21 . 2009-06-19 11:11 4096 d-----w- c:\program files\EgisTec Egis Software Update
2009-09-10 18:19 . 2009-09-10 18:17 20692840 ----a-w- c:\programdata\EgisTec\EgisTec Software Update\1.0\Cache\8ad88a5a2254770c0122547c09e10001\MyWinLocker3.1.59.0.exe
2009-09-10 16:48 . 2009-10-16 22:52 218624 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-08 20:43 . 2009-09-08 20:43 79144 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.0.0.70\SetupAdmin.exe
2009-08-29 00:27 . 2009-09-06 05:04 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-29 00:14 . 2009-09-06 05:04 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-08-28 18:42 . 2009-08-28 18:42 40448 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-08-28 18:42 . 2009-08-28 18:42 2065696 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-08-27 13:29 . 2009-10-16 22:52 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-08-27 12:40 . 2009-10-16 22:52 834048 ----a-w- c:\windows\system32\wininet.dll
2009-08-17 22:33 . 2009-08-17 22:33 1193832 ----a-w- c:\windows\system32\FM20.DLL
2009-08-14 16:27 . 2009-09-09 21:19 904776 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-08-14 15:53 . 2009-09-09 21:19 17920 ----a-w- c:\windows\system32\netevent.dll
2009-08-14 13:49 . 2009-09-09 21:19 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2009-08-14 13:49 . 2009-09-09 21:19 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2009-08-14 13:49 . 2009-09-09 21:19 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2009-08-14 13:49 . 2009-09-09 21:19 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2009-08-14 13:49 . 2009-09-09 21:19 19968 ----a-w- c:\windows\system32\ARP.EXE
2009-08-14 13:49 . 2009-09-09 21:19 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2009-08-14 13:49 . 2009-09-09 21:19 10240 ----a-w- c:\windows\system32\finger.exe
2009-08-14 13:48 . 2009-09-09 21:19 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2009-08-14 13:48 . 2009-09-09 21:19 105984 ----a-w- c:\windows\system32\netiohlp.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2009-05-14 22:02 120104 ----a-w- c:\program files\EgisTec\MyWinLocker 3\x86\PSDProtect.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-09-05 68856]
"Skype"="c:\program files\Skype\\Phone\Skype.exe" [2009-10-09 25623336]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"WindowsWelcomeCenter"="oobefldr.dll" - c:\windows\System32\oobefldr.dll [2009-04-11 2153472]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"SafetyCenter"="c:\safetycenter\start.exe" [2009-11-08 986624]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-01-09 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-01-09 178712]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-01-09 154136]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-02-19 6793760]
"PLFSetI"="c:\windows\PLFSetI.exe" [2008-07-29 200704]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-12-05 1410344]
"LManager"="c:\program files\Launch Manager\LManager.exe" [2009-02-19 866824]
"BackupManagerTray"="c:\program files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2009-04-11 249600]
"Acer ePower Management"="c:\program files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe" [2009-04-15 440864]
"EgisTecLiveUpdate"="c:\program files\EgisTec Egis Software Update\EgisUpdate.exe" [2009-05-13 199464]
"mwlDaemon"="c:\program files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe" [2009-05-14 345384]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-08 305440]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]

c:\users\janaperfect\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Orion.lnk - c:\program files\Convesoft\Orion\Messenger.exe [2008-10-21 7892992]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
SetupExecute REG_MULTI_SZ \0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):72,b0,71,6b,a4,60,ca,01

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1532837770-1080338674-2631915440-1000]
"EnableNotificationsRef"=dword:00000001

R2 AntiVirMailService;Avira AntiVir MailGuard;c:\program files\Avira\AntiVir Desktop\avmailc.exe [01/11/2009 11:47 194817]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [01/11/2009 11:47 108289]
R2 AntiVirWebService;Avira AntiVir WebGuard;c:\program files\Avira\AntiVir Desktop\avwebgrd.exe [01/11/2009 11:47 434945]
R2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer PowerSmart Manager\ePowerSvc.exe [19/06/2009 11:10 703008]
R2 mwlPSDFilter;mwlPSDFilter;c:\windows\System32\drivers\mwlPSDFilter.sys [09/10/2008 15:47 19504]
R2 mwlPSDNServ;mwlPSDNServ;c:\windows\System32\drivers\mwlPSDNserv.sys [09/10/2008 15:47 16432]
R2 mwlPSDVDisk;mwlPSDVDisk;c:\windows\System32\drivers\mwlPSDVDisk.sys [09/10/2008 15:47 59952]
R2 MWLService;MyWinLocker Service;c:\program files\EgisTec\MyWinLocker 3\x86\MWLService.exe [14/05/2009 22:03 305448]
R2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [11/04/2009 18:32 61184]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [23/09/2008 14:11 144632]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\System32\drivers\IntcHdmi.sys [19/06/2009 18:36 112128]
R3 k57nd60x;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\System32\drivers\k57nd60x.sys [04/09/2008 04:12 223232]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\System32\drivers\b57nd60x.sys [21/01/2008 02:23 179712]
S3 fssfltr;FssFltr;c:\windows\System32\drivers\fssfltr.sys [22/09/2009 19:51 54632]
S3 fsssvc;Služba Bezpecnost rodiny v službe Windows Live;c:\program files\Windows Live\Family Safety\fsssvc.exe [05/08/2009 21:48 704864]
S3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [23/09/2008 14:11 50424]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - MBR
*Deregistered* - mbr
*Deregistered* - PROCEXP113
.
Contents of the 'Scheduled Tasks' folder

2009-11-08 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-09-05 22:23]
.
.
------- Supplementary Scan -------
.
uDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&s=2&o=vp32&d=0609&m=aspire_5738
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&s=2&o=vp32&d=0609&m=aspire_5738
mDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&s=2&o=vp32&d=0609&m=aspire_5738
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
FF - ProfilePath - c:\users\janaperfect\AppData\Roaming\Mozilla\Firefox\Profiles\4sstc50o.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.co.uk
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1698.5652\npCIDetect13.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".sk");
.
.
------- File Associations -------
.
regedit=regedit.exe "%1"
.
- - - - ORPHANS REMOVED - - - -

SafeBoot-mcmscsvc
SafeBoot-MCODS

**************************************************************************
scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\msiserver]
"ImagePath"="%systemroot%\system32\msiexec /V"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Completion time: 2009-11-08 21:23
ComboFix-quarantined-files.txt 2009-11-08 21:22

Pre-Run: 276,488,728,576 bytes free
Post-Run: 276,682,121,216 bytes free

- - End Of File - - 3CD1810F2FCFD101FB981044E3F6B015

Dobré ránko

Pokud nemáte, přesuňte Combofix na plochu
-otevřete si Poznámkový blok
-Do něj zkopírujte text z tohoto okénka

Kód: Vybrat vše

Folder::
c:\SafetyCenter
Registry::
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Malwarebytes Anti-Malware (reboot)"=-
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SafetyCenter"=-
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6a1350dc-a5c0-11de-a70b-001f16a92829}]

-uložte Vámi vytvořený TXT soubor jako CFScript.txt na plochu
-po uložení uchopte vámi vytvořený skript levým myšítkem a -přesuňte ho nad ikonu Combofixu, kde ho upustíte:

Obrázek

-po aplikaci na Vás vypadne další log,vložte ho sem

Upozornění : může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou, v tom případě znovu restartujte a přitom mačkejte F8, pak zvolte Poslední známou funkční konfiguraci

Dejte soubor otestovat na http://www.virustotal.com

C:\Program Files\Convesoft\Orion\Messenger.exe

Do okénka zkopírujte cestu k souboru , pokud napíše, že soubor byl už testován, dejte otestovat znovu.
Sem vložte link s výsledky.

Stahněte z mého podpisu AVPTOOl http://www.viry.cz/forum/viewtopic.php?f=29&t=58179

-Podle návodu nainstalujte a proveďte sken
-vložte zde log z výsledky

tak jsem aplikoval script. ale neco se stejne deje a neni jeste o.k. combofix jel docela dlouho a musel jsem vymazat a znovu se pripojit k siti. log je zde:

ComboFix 09-11-16.05 - janaperfect 17/11/2009 20:16.3.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.3000.1650 [GMT 0:00]
Running from: c:\users\janaperfect\Downloads\ComboFix.exe
Command switches used :: c:\users\janaperfect\Desktop\CFScript.txt
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\SafetyCenter
c:\safetycenter\main.ico
c:\safetycenter\new.exe
c:\safetycenter\protector.exe
c:\safetycenter\sound.wav
c:\safetycenter\uninstall.exe

.
((((((((((((((((((((((((( Files Created from 2009-10-17 to 2009-11-17 )))))))))))))))))))))))))))))))
.

2009-11-17 20:25 . 2009-11-17 20:25 -------- d-----w- c:\users\janaperfect\AppData\Local\temp
2009-11-17 20:25 . 2009-11-17 20:25 -------- d-----w- c:\users\Public\AppData\Local\temp
2009-11-17 20:25 . 2009-11-17 20:25 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-11-17 20:14 . 2009-11-17 20:15 24576 d-----w- C:\32788R22FWJFW
2009-11-12 19:13 . 2009-08-14 13:27 2036736 ----a-w- c:\windows\system32\win32k.sys
2009-11-12 19:13 . 2009-08-10 12:35 355328 ----a-w- c:\windows\system32\WSDApi.dll
2009-11-10 19:51 . 2009-11-10 19:51 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-11-08 20:20 . 2009-11-08 20:20 -------- d-----w- C:\rsit
2009-11-08 20:20 . 2009-11-08 20:20 4096 d-----w- c:\program files\trend micro
2009-11-08 18:43 . 2009-11-08 18:44 -------- d-----w- c:\windows\system32\ca-ES
2009-11-08 18:43 . 2009-11-08 18:44 -------- d-----w- c:\windows\system32\eu-ES
2009-11-08 18:43 . 2009-11-08 18:44 -------- d-----w- c:\windows\system32\vi-VN
2009-11-08 18:26 . 2009-11-08 18:26 4096 d-----w- c:\windows\system32\EventProviders
2009-11-08 18:15 . 2009-11-08 18:15 -------- d-----w- c:\users\janaperfect\AppData\Roaming\Avira
2009-11-03 07:38 . 2009-11-03 07:38 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2009-11-02 11:21 . 2009-11-02 20:42 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-11-01 11:47 . 2009-07-28 16:33 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-11-01 11:47 . 2009-03-30 10:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-11-01 11:47 . 2009-11-01 11:47 -------- d-----w- c:\programdata\Avira
2009-11-01 11:47 . 2009-11-01 11:47 -------- d-----w- c:\program files\Avira
2009-11-01 11:39 . 2009-11-01 11:39 -------- d-----w- c:\program files\Microsoft.NET
2009-11-01 11:37 . 2009-11-01 11:37 4096 d-----w- c:\program files\Microsoft Visual Studio 8
2009-11-01 10:41 . 2009-11-01 10:41 -------- d-----w- c:\users\janaperfect\AppData\Roaming\Malwarebytes
2009-11-01 10:41 . 2009-09-10 14:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-01 10:41 . 2009-11-01 10:41 4096 d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-01 10:41 . 2009-11-01 10:41 -------- d-----w- c:\programdata\Malwarebytes
2009-11-01 10:41 . 2009-09-10 14:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-30 18:54 . 2009-08-07 02:24 44768 ----a-w- c:\windows\system32\wups2.dll
2009-10-30 18:54 . 2009-08-07 02:24 53472 ----a-w- c:\windows\system32\wuauclt.exe
2009-10-30 18:54 . 2009-08-07 02:23 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-10-30 18:54 . 2009-08-07 01:45 2421760 ----a-w- c:\windows\system32\wucltux.dll
2009-10-30 18:54 . 2009-08-07 02:24 35552 ----a-w- c:\windows\system32\wups.dll
2009-10-30 18:54 . 2009-08-07 02:23 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-10-30 18:54 . 2009-08-07 01:44 87552 ----a-w- c:\windows\system32\wudriver.dll
2009-10-30 18:53 . 2009-08-06 19:23 171608 ----a-w- c:\windows\system32\wuwebv.dll
2009-10-30 18:53 . 2009-08-06 18:44 33792 ----a-w- c:\windows\system32\wuapp.exe
2009-10-28 23:28 . 2009-09-10 14:58 310784 ----a-w- c:\windows\system32\unregmp2.exe
2009-10-28 23:28 . 2009-09-10 14:59 8147456 ----a-w- c:\windows\system32\wmploc.DLL

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-17 20:05 . 2009-09-11 18:27 4096 d-----w- c:\users\janaperfect\AppData\Roaming\Skype
2009-11-17 18:55 . 2009-09-11 18:31 12288 d-----w- c:\users\janaperfect\AppData\Roaming\skypePM
2009-11-13 03:21 . 2006-11-02 11:18 4096 d-----w- c:\program files\Windows Mail
2009-11-13 03:06 . 2009-02-18 12:10 12288 d-----w- c:\programdata\Microsoft Help
2009-11-08 18:45 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2009-11-08 18:45 . 2006-11-02 12:37 4096 d-----w- c:\program files\Windows Sidebar
2009-11-08 18:45 . 2006-11-02 12:37 4096 d-----w- c:\program files\Windows Journal
2009-11-08 18:45 . 2006-11-02 12:37 4096 d-----w- c:\program files\Windows Collaboration
2009-11-08 18:45 . 2006-11-02 12:37 4096 d-----w- c:\program files\Windows Photo Gallery
2009-11-08 18:45 . 2006-11-02 12:37 4096 d-----w- c:\program files\Windows Defender
2009-11-08 18:43 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-11-01 11:55 . 2009-09-05 23:50 101856 ----a-w- c:\users\janaperfect\AppData\Local\GDIPFONTCACHEV1.DAT
2009-11-01 11:42 . 2006-11-02 12:37 -------- d-----w- c:\program files\MSBuild
2009-11-01 10:44 . 2009-02-18 11:55 4096 d-----w- c:\programdata\McAfee
2009-10-31 23:20 . 2009-09-08 17:45 6080 ----a-w- c:\users\janaperfect\AppData\Local\d3d9caps.dat
2009-10-29 21:33 . 2009-09-05 23:49 4096 d-----w- c:\program files\Google
2009-10-29 21:32 . 2009-02-18 12:01 8192 d-----w- c:\program files\Acer GameZone
2009-10-29 21:30 . 2009-09-06 03:42 -------- d-----w- c:\program files\Yahoo!
2009-10-29 21:11 . 2009-02-11 20:16 4096 d--h--w- c:\program files\InstallShield Installation Information
2009-10-29 21:11 . 2009-06-19 11:12 -------- d-----w- c:\program files\eSobi
2009-10-29 21:01 . 2009-06-19 11:10 -------- d-----w- c:\program files\Acer
2009-10-29 21:00 . 2009-02-18 12:22 -------- d-----w- c:\programdata\CyberLink
2009-10-29 20:57 . 2009-02-18 12:23 36864 ----a-w- c:\programdata\Temp\{2637C347-9DAD-11D6-9EA2-00055D0CA761}\PostBuild.exe
2009-09-23 08:07 . 2009-09-22 19:51 4096 d-----w- c:\program files\Microsoft Silverlight
2009-09-23 08:06 . 2009-02-18 12:11 28672 d-----w- c:\program files\Microsoft Works
2009-09-22 19:51 . 2009-02-18 12:26 4096 d-----w- c:\program files\Windows Live
2009-09-22 19:50 . 2009-09-22 19:50 -------- d-----w- c:\program files\Microsoft Sync Framework
2009-09-22 19:47 . 2009-09-22 19:47 -------- d-----w- c:\program files\Microsoft
2009-09-18 21:36 . 2009-09-18 21:36 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2009-09-18 21:36 . 2009-09-11 21:43 -------- d-----w- c:\programdata\Apple
2009-09-14 09:29 . 2009-10-16 22:51 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2009-09-10 18:19 . 2009-09-10 18:17 20692840 ----a-w- c:\programdata\EgisTec\EgisTec Software Update\1.0\Cache\8ad88a5a2254770c0122547c09e10001\MyWinLocker3.1.59.0.exe
2009-09-10 16:48 . 2009-10-16 22:52 218624 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-08 20:43 . 2009-09-08 20:43 79144 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.0.0.70\SetupAdmin.exe
2009-09-04 11:41 . 2009-10-16 22:51 60928 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 00:27 . 2009-09-06 05:04 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-29 00:14 . 2009-09-06 05:04 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-08-28 18:42 . 2009-08-28 18:42 40448 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-08-28 18:42 . 2009-08-28 18:42 2065696 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-08-27 13:29 . 2009-10-16 22:52 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-08-27 12:40 . 2009-10-16 22:52 834048 ----a-w- c:\windows\system32\wininet.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-11-08_21.20.23 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-01-21 01:58 . 2009-11-13 03:25 50468 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:05 . 2009-11-13 03:25 76790 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2009-09-05 23:50 . 2009-11-17 20:03 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-09-05 23:50 . 2009-11-08 21:07 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-09-05 23:50 . 2009-11-08 21:07 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-09-05 23:50 . 2009-11-17 20:03 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-09-05 23:50 . 2009-11-17 20:03 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-09-05 23:50 . 2009-11-08 21:07 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-11-01 11:44 . 2009-11-13 03:06 35088 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
- 2009-11-01 11:44 . 2009-11-03 07:38 35088 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
+ 2009-11-01 11:44 . 2009-11-13 03:06 18704 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
- 2009-11-01 11:44 . 2009-11-03 07:38 18704 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
- 2009-11-01 11:44 . 2009-11-03 07:38 20240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
+ 2009-11-01 11:44 . 2009-11-13 03:06 20240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
- 2009-10-31 03:01 . 2009-10-31 03:01 35600 c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
+ 2009-11-13 03:04 . 2009-11-13 03:04 35600 c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
+ 2006-10-26 21:13 . 2006-10-26 21:13 72472 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\XL12CNVP.DLL
+ 2009-11-10 03:24 . 2009-11-10 03:24 47616 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLiveWriter\8039c53d0b2703fe649d06f76984743e\WindowsLiveWriter.ni.exe
+ 2009-11-10 03:24 . 2009-11-10 03:24 99840 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\0a8d3929fd7c6f5983d7c800325058ee\WindowsLive.Writer.Api.ni.dll
+ 2009-11-10 03:25 . 2009-11-10 03:25 60928 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\71446066f8f87652fa7303395df566cc\UIAutomationProvider.ni.dll
+ 2009-11-10 03:26 . 2009-11-10 03:26 37888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\f7cfb619815540da7efa7d0ce6cd581c\System.Windows.Presentation.ni.dll
+ 2009-11-10 03:26 . 2009-11-10 03:26 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\94a159c32cf1d5ff553e2c12861c7e9f\System.Web.DynamicData.Design.ni.dll
+ 2009-11-10 03:25 . 2009-11-10 03:25 94208 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\fd2d9c558d28fb6fc1d5b650e2aaba6a\System.ComponentModel.DataAnnotations.ni.dll
+ 2009-11-10 03:25 . 2009-11-10 03:25 82944 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn.Contra#\ef965cf9c5c75294aef56d47f4b0eb26\System.AddIn.Contract.ni.dll
+ 2009-11-10 03:23 . 2009-11-10 03:23 44032 c:\windows\assembly\NativeImages_v2.0.50727_32\stdole\6fb97ad4786df4e2a5c0edaa3a284de8\stdole.ni.dll
+ 2009-11-10 03:25 . 2009-11-10 03:25 47104 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\28aa280d39ac935204e8f97b628dd25e\PresentationFontCache.ni.exe
+ 2009-11-10 03:25 . 2009-11-10 03:25 39424 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\32d58b6e9270ca077d0f3e787acd0a37\PresentationCFFRasterizer.ni.dll
+ 2009-11-10 03:24 . 2009-11-10 03:24 79872 c:\windows\assembly\NativeImages_v2.0.50727_32\napcrypt\ec37fe0ddb66e6ed277cc9c83c39e134\napcrypt.ni.dll
+ 2009-11-10 03:24 . 2009-11-10 03:24 55296 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa\e69555c56ddd01d1e809c1cf9e5cbf93\Microsoft.Vsa.ni.dll
+ 2009-11-10 03:22 . 2009-11-10 03:22 15872 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualC\84dda64a3e7cec7239ede8d5e48b5847\Microsoft.VisualC.ni.dll
+ 2009-11-10 03:24 . 2009-11-10 03:24 74752 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\f156806d82a796faf4968b2cb872141d\Microsoft.Build.Framework.ni.dll
+ 2009-11-10 03:24 . 2009-11-10 03:24 65024 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\2990c6a100dc31f3a36bd8c2afafa92b\Microsoft.Build.Framework.ni.dll
+ 2009-11-10 03:24 . 2009-11-10 03:24 68608 c:\windows\assembly\NativeImages_v2.0.50727_32\loadmxf\c06ed1ec9b9930295dd73986fe660559\loadmxf.ni.exe
+ 2009-11-10 03:23 . 2009-11-10 03:23 57856 c:\windows\assembly\NativeImages_v2.0.50727_32\ehiUserXp\9e40e4d9ddeac7b337afb0ab2a45b7c7\ehiUserXp.ni.dll
+ 2009-11-10 03:23 . 2009-11-10 03:23 55296 c:\windows\assembly\NativeImages_v2.0.50727_32\ehiReplay\53c8ef024a64e5e6c4a1a4e23db7c753\ehiReplay.ni.dll
+ 2009-11-10 03:24 . 2009-11-10 03:24 23552 c:\windows\assembly\NativeImages_v2.0.50727_32\ehiExtCOM\3c3b9f210946ad30b80aef7c2c61bec1\ehiExtCOM.ni.dll
+ 2009-11-10 03:24 . 2009-11-10 03:24 39424 c:\windows\assembly\NativeImages_v2.0.50727_32\ehExtCOM\2e777c70743dc2d17184d2c777c98568\ehExtCOM.ni.dll
+ 2009-11-10 03:24 . 2009-11-10 03:24 14336 c:\windows\assembly\NativeImages_v2.0.50727_32\dfsvc\8b295851a21fc513dcb5dbcd9b5385e6\dfsvc.ni.exe
+ 2009-11-10 03:23 . 2009-11-10 03:23 25600 c:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\1bcbcac5237f54c73628936552c55b69\Accessibility.ni.dll
+ 2009-09-05 23:50 . 2009-11-13 03:25 5998 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1532837770-1080338674-2631915440-1000_UserData.bin
+ 2009-11-13 03:22 . 2009-11-13 03:22 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2009-11-08 21:07 . 2009-11-08 21:07 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-11-13 03:22 . 2009-11-13 03:22 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-11-08 21:07 . 2009-11-08 21:07 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-11-12 19:13 . 2009-08-10 12:39 355328 c:\windows\winsxs\x86_wsdapi_31bf3856ad364e35_6.0.6002.22194_none_c0c6531463dfed55\WSDApi.dll
+ 2009-11-12 19:13 . 2009-08-10 12:35 355328 c:\windows\winsxs\x86_wsdapi_31bf3856ad364e35_6.0.6002.18085_none_c048867f4ab94af1\WSDApi.dll
+ 2009-11-12 19:13 . 2009-08-10 13:03 351232 c:\windows\winsxs\x86_wsdapi_31bf3856ad364e35_6.0.6001.22491_none_bedce04e66bc4c2c\WSDApi.dll
+ 2009-11-12 19:13 . 2009-08-10 13:05 351232 c:\windows\winsxs\x86_wsdapi_31bf3856ad364e35_6.0.6001.18306_none_beb994414d512f9c\WSDApi.dll
+ 2009-11-12 19:13 . 2009-08-10 12:53 323072 c:\windows\winsxs\x86_wsdapi_31bf3856ad364e35_6.0.6000.21103_none_bd59c9aa694b25b2\WSDApi.dll
+ 2009-11-12 19:13 . 2009-08-10 13:08 321536 c:\windows\winsxs\x86_wsdapi_31bf3856ad364e35_6.0.6000.16903_none_bcd054bd502d52a6\WSDApi.dll
+ 2009-11-10 03:00 . 2009-09-04 06:59 388920 c:\windows\winsxs\x86_netfx-sos_dll_b03f5f7f11d50a3a_6.0.6002.22219_none_fcfe427e14d1391e\SOS.dll
+ 2009-11-10 03:00 . 2009-09-04 06:59 388936 c:\windows\winsxs\x86_netfx-sos_dll_b03f5f7f11d50a3a_6.0.6002.18107_none_13cb1683fb2a8c7f\SOS.dll
+ 2009-11-10 03:00 . 2009-09-04 06:58 989528 c:\windows\winsxs\x86_netfx-mscordacwks_b03f5f7f11d50a3a_6.0.6002.22219_none_142ffabd20dc5d09\mscordacwks.dll
+ 2009-11-10 03:00 . 2009-09-04 06:58 989000 c:\windows\winsxs\x86_netfx-mscordacwks_b03f5f7f11d50a3a_6.0.6002.18107_none_2afccec30735b06a\mscordacwks.dll
+ 2009-09-07 12:28 . 2009-11-17 19:13 218532 c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S4.bin
+ 2009-09-07 10:41 . 2009-11-17 18:55 231386 c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
- 2006-11-02 10:33 . 2009-11-08 21:15 603282 c:\windows\System32\perfh009.dat
+ 2006-11-02 10:33 . 2009-11-13 03:28 603282 c:\windows\System32\perfh009.dat
+ 2006-11-02 10:33 . 2009-11-13 03:28 106696 c:\windows\System32\perfc009.dat
- 2006-11-02 10:33 . 2009-11-08 21:15 106696 c:\windows\System32\perfc009.dat
+ 2006-11-02 12:47 . 2009-11-13 03:23 379640 c:\windows\System32\FNTCACHE.DAT
- 2006-11-02 12:47 . 2009-11-08 18:48 379640 c:\windows\System32\FNTCACHE.DAT
- 2009-09-11 18:10 . 2009-03-30 04:42 388936 c:\windows\Microsoft.NET\Framework\v2.0.50727\SOS.dll
+ 2009-11-10 03:00 . 2009-09-04 06:59 388936 c:\windows\Microsoft.NET\Framework\v2.0.50727\SOS.dll
+ 2009-11-10 03:00 . 2009-09-04 06:58 989000 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
- 2009-09-11 18:10 . 2009-03-30 04:42 989000 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
- 2009-11-01 11:44 . 2009-11-03 07:38 888080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
+ 2009-11-01 11:44 . 2009-11-13 03:06 888080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
- 2009-11-01 11:44 . 2009-11-03 07:38 272648 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
+ 2009-11-01 11:44 . 2009-11-13 03:06 272648 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
- 2009-11-01 11:44 . 2009-11-03 07:38 922384 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
+ 2009-11-01 11:44 . 2009-11-13 03:06 922384 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
- 2009-11-01 11:44 . 2009-11-03 07:38 845584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
+ 2009-11-01 11:44 . 2009-11-13 03:06 845584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
+ 2009-11-01 11:44 . 2009-11-13 03:06 217864 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
- 2009-11-01 11:44 . 2009-11-03 07:38 217864 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
- 2009-11-01 11:44 . 2009-11-03 07:38 184080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
+ 2009-11-01 11:44 . 2009-11-13 03:06 184080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
+ 2009-11-01 11:44 . 2009-11-13 03:06 159504 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
- 2009-11-01 11:44 . 2009-11-03 07:38 159504 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
+ 2006-10-26 19:48 . 2006-10-26 19:48 434528 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\DWTRIG20.EXE
+ 2009-11-10 03:24 . 2009-11-10 03:24 321536 c:\windows\assembly\NativeImages_v2.0.50727_32\WsatConfig\e238b43f36388fcb7c57b80bdc1f7d62\WsatConfig.ni.exe
+ 2009-11-10 03:24 . 2009-11-10 03:24 633856 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLiveLocal.Wr#\722a7911f43794c1c020ee3b1f350b22\WindowsLiveLocal.WriterPlugin.ni.dll
+ 2009-11-10 03:24 . 2009-11-10 03:24 174080 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\fba5f4fe46e69058aa06be917a533f5d\WindowsLive.Writer.BrowserControl.ni.dll
+ 2009-11-10 03:24 . 2009-11-10 03:24 258048 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\e7806ba50403c85018a59c72525d24dc\WindowsLive.Writer.Mshtml.ni.dll
+ 2009-11-10 03:24 . 2009-11-10 03:24 118784 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\e3ed22c184efec9d19d85e6324060668\WindowsLive.Writer.Extensibility.ni.dll
+ 2009-11-10 03:24 . 2009-11-10 03:24 313856 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\dc9e378eca978b5e4d7155b0469b0632\WindowsLive.Writer.Interop.SHDocVw.ni.dll
+ 2009-11-10 03:24 . 2009-11-10 03:24 152064 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\d7799148a419bc09357901d984655920\WindowsLive.Writer.HtmlParser.ni.dll
+ 2009-11-10 03:24 . 2009-11-10 03:24 119296 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\bc49adcd29c410b26288f975e6f2cd94\WindowsLive.Writer.FileDestinations.ni.dll
+ 2009-11-10 03:24 . 2009-11-10 03:24 117760 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\b8a363ab5a3dbcd27dcd4a8c3042065f\WindowsLive.Writer.Instrumentation.ni.dll
+ 2009-11-10 03:24 . 2009-11-10 03:24 851968 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\851effe22cf0915f4d6972e0d679ebf2\WindowsLive.Writer.BlogClient.ni.dll
+ 2009-11-10 03:24 . 2009-11-10 03:24 843776 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\75a642f7c4551268fef722abf0843a40\WindowsLive.Writer.Controls.ni.dll
+ 2009-11-10 03:24 . 2009-11-10 03:24 319488 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\694fe4b717187686318f1327ae1bd701\WindowsLive.Writer.Interop.ni.dll
+ 2009-11-10 03:24 . 2009-11-10 03:24 428032 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\4b7f6a44c197d9c791e44ac1989bdf92\WindowsLive.Writer.Localization.ni.dll
+ 2009-11-10 03:24 . 2009-11-10 03:24 334848 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\4a7ecc7fe4e6d45d3682880c9d271b03\WindowsLive.Writer.Interop.Mshtml.ni.dll
+ 2009-11-10 03:24 . 2009-11-10 03:24 594944 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\3795351a740a36f1bb91bd860d1e98b4\WindowsLive.Writer.HtmlEditor.ni.dll
+ 2009-11-10 03:24 . 2009-11-10 03:24 108544 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\2bdecfaa5c6626ddc8c69e3e7bbf2992\WindowsLive.Writer.Passport.ni.dll
+ 2009-11-10 03:24 . 2009-11-10 03:24 322048 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\07f97bb56361d8a25a0ecb14c92f3fcb\WindowsLive.Writer.SpellChecker.ni.dll
+ 2009-11-10 03:24 . 2009-11-10 03:24 145920 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Client\2c363b22ceaf65f54fb49bf7805be1d5\WindowsLive.Client.ni.dll
+ 2009-11-10 03:26 . 2009-11-10 03:26 240128 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\8f9e7faa17ad97b10b90647dc804bd02\WindowsFormsIntegration.ni.dll
+ 2009-11-10 03:25 . 2009-11-10 03:25 187904 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\4609787a9b076765ecb68581a25df450\UIAutomationTypes.ni.dll
+ 2009-11-10 03:26 . 2009-11-10 03:26 447488 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\a7b063c683276e3a82a58ba41c52df12\UIAutomationClient.ni.dll
+ 2009-11-10 03:26 . 2009-11-10 03:26 235520 c:\windows\assembly\NativeImages_v2.0.50727_32\TaskScheduler\254b382cfc56f408ee61524805812f29\TaskScheduler.ni.dll
+ 2009-11-10 03:26 . 2009-11-10 03:26 400896 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\0eae6266b8c2becb2131349055187233\System.Xml.Linq.ni.dll
+ 2009-11-10 03:26 . 2009-11-10 03:26 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\9ab2b63a74f18bded73c752dfad29b7b\System.Web.Routing.ni.dll
+ 2009-11-10 03:23 . 2009-11-10 03:23 202240 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\67190e73b89e98b6488dcf6af49c216f\System.Web.RegularExpressions.ni.dll
+ 2009-11-10 03:26 . 2009-11-10 03:26 859648 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\c6abb45c13e5b9122696522bec0d2ecf\System.Web.Extensions.Design.ni.dll
+ 2009-11-10 03:26 . 2009-11-10 03:26 328704 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\eaa2ae0c44f344b227b2c382c846f7a4\System.Web.Entity.ni.dll
+ 2009-11-10 03:26 . 2009-11-10 03:26 301056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\5c0af069194b9d1f5d6ee63dbb90ee8d\System.Web.Entity.Design.ni.dll
+ 2009-11-10 03:26 . 2009-11-10 03:26 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\03efddc7dbc191f65c0b343666f27026\System.Web.DynamicData.ni.dll
+ 2009-11-10 03:26 . 2009-11-10 03:26 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\f064a5d32c3dbf54f7e6923b3cba5f35\System.Web.Abstractions.ni.dll
+ 2009-11-10 03:22 . 2009-11-10 03:22 627200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\5790f8446c866b543ab1740fd27aaec5\System.Transactions.ni.dll
+ 2009-11-10 03:23 . 2009-11-10 03:23 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\b0d40c6d0fc00ba251010b710ca452a6\System.ServiceProcess.ni.dll
+ 2009-11-10 03:22 . 2009-11-10 03:22 676352 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\3bf0444969d6c9bf5e3106c9aa59c1d0\System.Security.ni.dll
+ 2009-11-10 03:23 . 2009-11-10 03:23 311296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\f91c1865b06602c72f0efc99a0d4634a\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2009-11-10 03:22 . 2009-11-10 03:22 771584 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\5fada30bf7c201ababed5104184b9754\System.Runtime.Remoting.ni.dll
+ 2009-11-10 03:25 . 2009-11-10 03:25 621056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Net\23ca5e14f05c37fb49bc0df6521a314e\System.Net.ni.dll
+ 2009-11-10 03:23 . 2009-11-10 03:23 593408 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Messaging\9c037a2101174ed32002e0d492504573\System.Messaging.ni.dll
+ 2009-11-10 03:24 . 2009-11-10 03:24 998400 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\f3554229f9241c34b5acd5061bb7a9b6\System.Management.ni.dll
+ 2009-11-10 03:25 . 2009-11-10 03:25 330752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.I#\072654567a9c8a9788fc1dc3c36ecfc7\System.Management.Instrumentation.ni.dll
+ 2009-11-10 03:24 . 2009-11-10 03:24 381440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IO.Log\f5ec612354e6e5abf31cf67ac57698e2\System.IO.Log.ni.dll
+ 2009-11-10 03:23 . 2009-11-10 03:23 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\6fac519fcb4fe727abbd0e00b5ed358d\System.IdentityModel.Selectors.ni.dll
+ 2009-11-10 03:22 . 2009-11-10 03:22 280064 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\7315b1a64bf46430386b938ae3257e27\System.EnterpriseServices.Wrapper.dll
+ 2009-11-10 03:22 . 2009-11-10 03:22 627712 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\7315b1a64bf46430386b938ae3257e27\System.EnterpriseServices.ni.dll
+ 2009-11-10 03:20 . 2009-11-10 03:20 208384 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\cf90c37ebdf793f7d485cdf1461cefd7\System.Drawing.Design.ni.dll
+ 2009-11-10 03:23 . 2009-11-10 03:23 455680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\384bafb2a4f81a682eb2ae2c7fea976b\System.DirectoryServices.Protocols.ni.dll
+ 2009-11-10 03:25 . 2009-11-10 03:25 881152 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\34472e4436b3e385c07ee148575e09f6\System.DirectoryServices.AccountManagement.ni.dll
+ 2009-11-10 03:25 . 2009-11-10 03:25 939008 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\e7535982e4bf2036e9e7269641b7be96\System.Data.Services.Client.ni.dll
+ 2009-11-10 03:25 . 2009-11-10 03:25 354816 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\d8591d22020c2da6180edf325b1a5d06\System.Data.Services.Design.ni.dll
+ 2009-11-10 03:25 . 2009-11-10 03:25 756736 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\6a8e0561391bca5f520ea52bd10130dd\System.Data.Entity.Design.ni.dll
+ 2009-11-10 03:25 . 2009-11-10 03:25 135680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.DataSet#\75651a5359122974884b64b98dc1af0f\System.Data.DataSetExtensions.ni.dll
+ 2009-11-10 03:22 . 2009-11-10 03:22 971264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\78aac991cacbc9665c628f5466cec9c1\System.Configuration.ni.dll
+ 2009-11-10 03:23 . 2009-11-10 03:23 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\97b0e9c797db7eb8c7e15a81d88b0f1f\System.Configuration.Install.ni.dll
+ 2009-11-10 03:25 . 2009-11-10 03:25 633856 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn\de36037cdb70cd63979b9642fe1e916a\System.AddIn.ni.dll
+ 2009-11-10 03:25 . 2009-11-10 03:25 232448 c:\windows\assembly\NativeImages_v2.0.50727_32\sysglobl\723e877d7b2a6ef55f2ae48ce7c1ee09\sysglobl.ni.dll
+ 2009-11-10 03:24 . 2009-11-10 03:24 366080 c:\windows\assembly\NativeImages_v2.0.50727_32\SMSvcHost\0e2d201c84bf5d3207ff863642cd9aae\SMSvcHost.ni.exe
+ 2009-11-10 03:23 . 2009-11-10 03:23 256000 c:\windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\0813dc1488145bd9dd8547099ade2caf\SMDiagnostics.ni.dll
+ 2009-11-10 03:24 . 2009-11-10 03:24 320512 c:\windows\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\927f3f5537ce459700658426fe372255\ServiceModelReg.ni.exe
+ 2009-11-10 03:19 . 2009-11-10 03:19 539648 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\6a409c40a6067264d0592415fcfc266d\PresentationFramework.Luna.ni.dll
+ 2009-11-10 03:19 . 2009-11-10 03:19 224768 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\54e0042aba64d42f476234184b1b8f77\PresentationFramework.Classic.ni.dll
+ 2009-11-10 03:19 . 2009-11-10 03:19 258048 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\3ae3d45b608b6e0fcb51d3a903563621\PresentationFramework.Royale.ni.dll
+ 2009-11-10 03:19 . 2009-11-10 03:19 368128 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\0fa8eb806fadfff925850522a53c3c18\PresentationFramework.Aero.ni.dll
+ 2009-11-10 03:24 . 2009-11-10 03:24 724992 c:\windows\assembly\NativeImages_v2.0.50727_32\napsnap\b4b826189fd5456365147b7b09e85a36\napsnap.ni.dll
+ 2009-11-10 03:24 . 2009-11-10 03:24 110080 c:\windows\assembly\NativeImages_v2.0.50727_32\napinit\67f068987514ee7cafd3d78f3a0c1d03\napinit.ni.dll
+ 2009-11-10 03:24 . 2009-11-10 03:24 115712 c:\windows\assembly\NativeImages_v2.0.50727_32\naphlpr\fb54f69405c0a16d69c0ff218b8b226c\naphlpr.ni.dll
+ 2009-11-10 03:24 . 2009-11-10 03:24 133632 c:\windows\assembly\NativeImages_v2.0.50727_32\MSBuild\f5f5c57412a953a4cf89bef422dde61a\MSBuild.ni.exe
+ 2009-11-10 03:24 . 2009-11-10 03:24 285184 c:\windows\assembly\NativeImages_v2.0.50727_32\MMCFxCommon\49c2fd76ae8103221e9342bdba6c9c8d\MMCFxCommon.ni.dll
+ 2009-11-10 03:24 . 2009-11-10 03:24 386560 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\7d051e6ee6923e5db3ccab7a275f0812\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2009-11-10 03:23 . 2009-11-10 03:23 659968 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MediaCent#\cd3cb0a0113a7ccccff31da63487ede7\Microsoft.MediaCenter.Sports.ni.dll
+ 2009-11-10 03:23 . 2009-11-10 03:23 227840 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MediaCent#\42794bc8e41260b935b11c24f7b36916\Microsoft.MediaCenter.Shell.ni.dll
+ 2009-11-10 03:23 . 2009-11-10 03:23 593408 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MediaCent#\20c04c834cf047afa7256415151818a8\Microsoft.MediaCenter.ni.dll
+ 2009-11-10 03:24 . 2009-11-10 03:24 558592 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Managemen#\89756299b1ce3b6cc00b69d39685ab1b\Microsoft.ManagementConsole.ni.dll
+ 2009-11-10 03:24 . 2009-11-10 03:24 144384 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\8c80eafc04a20c51f6009ddd7920fbc1\Microsoft.Build.Utilities.ni.dll
+ 2009-11-10 03:24 . 2009-11-10 03:24 175104 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\6766c368a48789e57637e36681e397ce\Microsoft.Build.Utilities.v3.5.ni.dll
+ 2009-11-10 03:24 . 2009-11-10 03:24 888320 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\e32b8f3a1267236ca7f2bd9606e67ffd\Microsoft.Build.Engine.ni.dll
+ 2009-11-10 03:24 . 2009-11-10 03:24 222720 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Con#\5a16c39ea69c4ddcaa76b9b2f5c70ef7\Microsoft.Build.Conversion.v3.5.ni.dll
+ 2009-11-10 03:24 . 2009-11-10 03:24 238592 c:\windows\assembly\NativeImages_v2.0.50727_32\Mcx2Dvcs\5c546e94a6ce162317a9c41298c07b98\Mcx2Dvcs.ni.dll
+ 2009-11-10 03:24 . 2009-11-10 03:24 254976 c:\windows\assembly\NativeImages_v2.0.50727_32\mcupdate\c00d89371d1e93f341bef3ec8e889ef5\mcupdate.ni.exe
+ 2009-11-10 03:23 . 2009-11-10 03:23 225280 c:\windows\assembly\NativeImages_v2.0.50727_32\mcstoredb\d766ca6bde8ee7051ddc96d713d776cd\mcstoredb.ni.dll
+ 2009-11-10 03:23 . 2009-11-10 03:23 641536 c:\windows\assembly\NativeImages_v2.0.50727_32\mcstore\d6bf92ec4c3c212e4323bf15386be21a\mcstore.ni.dll
+ 2009-11-10 03:24 . 2009-11-10 03:24 543744 c:\windows\assembly\NativeImages_v2.0.50727_32\EventViewer\2bcdc9c4b2d9b6fe5f34b2556d937b1d\EventViewer.ni.dll
+ 2009-11-10 03:23 . 2009-11-10 03:23 103936 c:\windows\assembly\NativeImages_v2.0.50727_32\ehiWUapi\9bbb6b6e4992b9aef63f5f299d479a9d\ehiWUapi.ni.dll
+ 2009-11-10 03:23 . 2009-11-10 03:23 338432 c:\windows\assembly\NativeImages_v2.0.50727_32\ehiwmp\94f6a3674e8f4e4e8fa82e4e93bb4094\ehiwmp.ni.dll
+ 2009-11-10 03:24 . 2009-11-10 03:24 797696 c:\windows\assembly\NativeImages_v2.0.50727_32\ehiVidCtl\54c4dad0ab77449a338f9b0e17f7b7d0\ehiVidCtl.ni.dll
+ 2009-11-10 03:23 . 2009-11-10 03:23 965632 c:\windows\assembly\NativeImages_v2.0.50727_32\ehiProxy\266cdaf9ab6478fe4dfad14dccd6434c\ehiProxy.ni.dll
+ 2009-11-10 03:23 . 2009-11-10 03:23 565760 c:\windows\assembly\NativeImages_v2.0.50727_32\ehiPlay\ef0016884aa8f2aff3b31dcc02b96ed0\ehiPlay.ni.dll
+ 2009-11-10 03:23 . 2009-11-10 03:23 160768 c:\windows\assembly\NativeImages_v2.0.50727_32\ehiExtens\d33a77b9163bfb5a488ed34cea5ef217\ehiExtens.ni.dll
+ 2009-11-10 03:23 . 2009-11-10 03:23 243200 c:\windows\assembly\NativeImages_v2.0.50727_32\ehExtHost\6da0bd473a25740c9f037c3c180bd5d2\ehExtHost.ni.exe
+ 2009-11-10 03:23 . 2009-11-10 03:23 305152 c:\windows\assembly\NativeImages_v2.0.50727_32\ehepgdat\934e9445770ccc7acac7fb36f6202a0f\ehepgdat.ni.dll
+ 2009-11-10 03:24 . 2009-11-10 03:24 220160 c:\windows\assembly\NativeImages_v2.0.50727_32\ehCIR\2993150a626a90f2bd7853457f9fd6ac\ehCIR.ni.dll
+ 2009-11-10 03:24 . 2009-11-10 03:24 220672 c:\windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\11e7010bbb22a78ec4f9310bb5906686\CustomMarshalers.ni.dll
+ 2009-11-10 03:22 . 2009-11-10 03:22 410112 c:\windows\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\8cdd74f26f632d6087e8f79651870033\ComSvcConfig.ni.exe
+ 2009-11-10 03:22 . 2009-11-10 03:22 386560 c:\windows\assembly\NativeImages_v2.0.50727_32\BDATunePIA\61ee0d5f74301a686fa114678b23149a\BDATunePIA.ni.dll
+ 2009-11-10 03:24 . 2009-11-10 03:24 842240 c:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\5f5dce4fc044ca88c9be8513d05fd5c6\AspNetMMCExt.ni.dll
+ 2009-11-10 03:00 . 2009-09-04 06:59 5818704 c:\windows\winsxs\x86_netfx-mscorwks_dll_b03f5f7f11d50a3a_6.0.6002.22219_none_1b6bd7d648db5136\mscorwks.dll
+ 2009-11-10 03:00 . 2009-09-04 06:59 5812544 c:\windows\winsxs\x86_netfx-mscorwks_dll_b03f5f7f11d50a3a_6.0.6002.18107_none_3238abdc2f34a497\mscorwks.dll
+ 2009-11-10 03:00 . 2009-09-04 06:58 4550656 c:\windows\winsxs\x86_mscorlib_b77a5c561934e089_6.0.6002.22219_none_b0c508e8db53ecb1\mscorlib.dll
+ 2009-11-10 03:00 . 2009-09-04 06:58 4550656 c:\windows\winsxs\x86_mscorlib_b77a5c561934e089_6.0.6002.18107_none_c791dceec1ad4012\mscorlib.dll
+ 2009-11-12 19:13 . 2009-08-14 13:29 2045440 c:\windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.0.6002.22200_none_bb639005b0cab34a\win32k.sys
+ 2009-11-12 19:13 . 2009-08-14 13:27 2036736 c:\windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.0.6002.18091_none_ba79a25297f52b29\win32k.sys
+ 2009-11-12 19:13 . 2009-08-14 13:46 2036224 c:\windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.0.6001.22497_none_b922cef1b3e70dd9\win32k.sys
+ 2009-11-12 19:13 . 2009-08-14 13:53 2035712 c:\windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.0.6001.18311_none_b8e9afca9a8df67d\win32k.sys
+ 2009-11-12 19:13 . 2009-08-15 21:08 2032128 c:\windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.0.6000.21108_none_b79eb803b676ce08\win32k.sys
+ 2009-11-12 19:13 . 2009-08-14 14:01 2031104 c:\windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.0.6000.16908_none_b71543169d58fafc\win32k.sys
+ 2009-11-12 19:13 . 2009-10-16 08:39 2409776 c:\windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6002.22247_none_f4d3f2c581d85dd6\OESpamFilter.dat
+ 2009-11-12 19:13 . 2009-10-16 08:36 2409776 c:\windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6002.18124_none_f45cf4f468ad3a25\OESpamFilter.dat
+ 2009-11-12 19:13 . 2009-10-16 08:38 2409776 c:\windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6001.22544_none_f2ea7fff84b4bcad\OESpamFilter.dat
+ 2009-11-12 19:13 . 2009-10-16 08:39 2409776 c:\windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6001.18344_none_f260e14e6b971fbc\OESpamFilter.dat
+ 2009-11-12 19:13 . 2009-10-16 08:40 2409776 c:\windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6000.21142_none_f102170187902f29\OESpamFilter.dat
+ 2009-11-12 19:13 . 2009-10-16 08:41 2409776 c:\windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6000.16939_none_f08a74066e63f18d\OESpamFilter.dat
+ 2006-11-02 10:22 . 2009-11-13 03:33 6553600 c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT
- 2006-11-02 10:22 . 2009-11-08 19:51 6553600 c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT
+ 2009-11-10 03:00 . 2009-09-04 06:59 5812544 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
- 2009-09-11 18:11 . 2009-03-30 04:42 5812544 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
- 2009-09-11 18:10 . 2009-03-30 04:42 4550656 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
+ 2009-11-10 03:00 . 2009-09-04 06:58 4550656 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
+ 2009-10-16 07:03 . 2009-10-16 07:03 5003776 c:\windows\Installer\f64da2e.msp
+ 2009-08-18 12:58 . 2009-08-18 12:58 8301056 c:\windows\Installer\f64d9e6.msp
+ 2009-08-18 12:57 . 2009-08-18 12:57 9122304 c:\windows\Installer\f64d9d0.msp
+ 2009-11-01 11:44 . 2009-11-13 03:06 1172240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
- 2009-11-01 11:44 . 2009-11-03 07:38 1172240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
+ 2009-11-01 11:44 . 2009-11-13 03:06 1165584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
- 2009-11-01 11:44 . 2009-11-03 07:38 1165584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
+ 2006-10-26 20:42 . 2006-10-26 20:42 8423224 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OARTCONV.DLL
+ 2009-11-17 20:06 . 2009-11-17 20:15 6365184 c:\windows\ERDNT\Hiv-backup\SCHEMA.DAT
+ 2009-11-10 03:24 . 2009-11-10 03:24 1105920 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\ddebbfd1ee2ce89b79981458ca6820e7\WindowsLive.Writer.ApplicationFramework.ni.dll
+ 2009-11-10 03:24 . 2009-11-10 03:24 2002432 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\92769de1858261093d6b2d3f73389b54\WindowsLive.Writer.CoreServices.ni.dll
+ 2009-11-10 03:24 . 2009-11-10 03:24 6392832 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\3cbfbaa02498e2d273645e698fc9d2c2\WindowsLive.Writer.PostEditor.ni.dll
+ 2009-11-10 03:19 . 2009-11-10 03:19 3314176 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\c681da7e1c7b648cb456f2d90e7c50fe\WindowsBase.ni.dll
+ 2009-11-10 03:26 . 2009-11-10 03:26 1049600 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\2105c56c3fe48843fcb0b488cbe3a9d4\UIAutomationClientsideProviders.ni.dll
+ 2009-11-10 03:19 . 2009-11-10 03:19 7868416 c:\windows\assembly\NativeImages_v2.0.50727_32\System\13cce38e8de5fd54853390e4e98abd0e\System.ni.dll
+ 2009-11-10 03:20 . 2009-11-10 03:20 5450752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\99e7927ccb9099e607035349814d4cf6\System.Xml.ni.dll
+ 2009-11-10 03:26 . 2009-11-10 03:26 1356288 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\6cd20be7cbc4f149f2cb27342632f52e\System.WorkflowServices.ni.dll
+ 2009-11-10 03:20 . 2009-11-10 03:20 1911296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\1f48aa633e1390542786d1f4aadf4d9c\System.Workflow.Runtime.ni.dll
+ 2009-11-10 03:20 . 2009-11-10 03:20 4514304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\ea04089f9339c24a5b9049f225d644d6\System.Workflow.ComponentModel.ni.dll
+ 2009-11-10 03:20 . 2009-11-10 03:20 2992640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\d0cab30213f071a1d29756cc384b1c40\System.Workflow.Activities.ni.dll
+ 2009-11-10 03:23 . 2009-11-10 03:23 1840640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\3ac86230f8672732e33a9607b9d850c0\System.Web.Services.ni.dll
+ 2009-11-10 03:26 . 2009-11-10 03:26 2209280 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\40409c8e5284e8a59e3ea9d2969be855\System.Web.Mobile.ni.dll
+ 2009-11-10 03:26 . 2009-11-10 03:26 2403328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\84f6711a2dcbe862949b0d01ac8568ba\System.Web.Extensions.ni.dll
+ 2009-11-10 03:25 . 2009-11-10 03:25 1917440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Speech\a9bb974635790a38d3530b441a9c93cc\System.Speech.ni.dll
+ 2009-11-10 03:25 . 2009-11-10 03:25 1706496 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\1c98099c39a6925b6292b7f00c3010a5\System.ServiceModel.Web.ni.dll
+ 2009-11-10 03:23 . 2009-11-10 03:23 2346496 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\d70a3a621f0536c8cb151dc4775d3409\System.Runtime.Serialization.ni.dll
+ 2009-11-10 03:25 . 2009-11-10 03:25 1035776 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\3e90149cc7c633d9a631839308bb9bc3\System.Printing.ni.dll
+ 2009-11-10 03:23 . 2009-11-10 03:23 1056768 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\22c0c18be8858e433fe561c693a2c556\System.IdentityModel.ni.dll
+ 2009-11-10 03:20 . 2009-11-10 03:20 1587200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\57e722244d3b48cb92b340bc92d7a191\System.Drawing.ni.dll
+ 2009-11-10 03:22 . 2009-11-10 03:22 1116672 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\f8f2dbea11afbca27219a6aca87a60f9\System.DirectoryServices.ni.dll
+ 2009-11-10 03:23 . 2009-11-10 03:23 1801216 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\4edeee9bfffbaea5bc43ebdac1db3580\System.Deployment.ni.dll
+ 2009-11-10 03:19 . 2009-11-10 03:19 6621696 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\74114632794c536c35d28a5c60f694ab\System.Data.ni.dll
+ 2009-11-10 03:22 . 2009-11-10 03:22 2510336 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\84b5a57d2a24d4fdda2f25e93fdd4c65\System.Data.SqlXml.ni.dll
+ 2009-11-10 03:25 . 2009-11-10 03:25 1328128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\96217e2185e9b019a4a8d78e43be3124\System.Data.Services.ni.dll
+ 2009-11-10 03:23 . 2009-11-10 03:23 1119232 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.OracleC#\b4fecb0f2495c3ac69d59cc207d2734d\System.Data.OracleClient.ni.dll
+ 2009-11-10 03:19 . 2009-11-10 03:19 2516480 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\70de236a6b9a2ddf910f719c4c679226\System.Data.Linq.ni.dll
+ 2009-11-10 03:25 . 2009-11-10 03:25 9924096 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\ea5d154e33f61d3d949efae409d02356\System.Data.Entity.ni.dll
+ 2009-11-10 03:19 . 2009-11-10 03:19 2295296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\670d343c8b3213883fa70837195f7f81\System.Core.ni.dll
+ 2009-11-10 03:25 . 2009-11-10 03:25 2146816 c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\316de585c1205c92cf4b0a70fa34c874\ReachFramework.ni.dll
+ 2009-11-10 03:25 . 2009-11-10 03:25 1657856 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\52d83973b6c5886042800865d5321ef9\PresentationUI.ni.dll
+ 2009-11-10 03:25 . 2009-11-10 03:25 1451008 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationBuildTa#\03a073b4f13b073e27c0b2c8629fa7b8\PresentationBuildTasks.ni.dll
+ 2009-11-10 03:24 . 2009-11-10 03:24 2538496 c:\windows\assembly\NativeImages_v2.0.50727_32\Narrator\6d984081192a52d32ed475100a28b6c5\Narrator.ni.exe
+ 2009-11-10 03:24 . 2009-11-10 03:24 1536512 c:\windows\assembly\NativeImages_v2.0.50727_32\MMCEx\8de0a36d04d521a7287537f5d90f9c66\MMCEx.ni.dll
+ 2009-11-10 03:24 . 2009-11-10 03:24 6340096 c:\windows\assembly\NativeImages_v2.0.50727_32\MIGUIControls\cdbb5f1840a16aea2579a03a61ab56a2\MIGUIControls.ni.dll
+ 2009-11-10 03:24 . 2009-11-10 03:24 1711616 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\e3d4c11809bddd2154fe7b704695e070\Microsoft.VisualBasic.ni.dll
+ 2009-11-10 03:23 . 2009-11-10 03:23 1093120 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\e39b79c69a798731568441a7d2fe90b6\Microsoft.Transactions.Bridge.ni.dll
+ 2009-11-10 03:23 . 2009-11-10 03:23 5486080 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MediaCent#\edbd7d666fb3b01d2eb15a9b86c75e40\Microsoft.MediaCenter.UI.ni.dll
+ 2009-11-10 03:24 . 2009-11-10 03:24 2332160 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.JScript\a385166106bab1601126773d27135895\Microsoft.JScript.ni.dll
+ 2009-11-10 03:24 . 2009-11-10 03:24 1356288 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Ink\8685307d6582feb851388fff44046b56\Microsoft.Ink.ni.dll
+ 2009-11-10 03:24 . 2009-11-10 03:24 1966080 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\d02204eeabd2364b82eeaca997636b83\Microsoft.Build.Tasks.v3.5.ni.dll
+ 2009-11-10 03:24 . 2009-11-10 03:24 1620992 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\c3369952e0cde298bed8a00aa548123d\Microsoft.Build.Tasks.ni.dll
+ 2009-11-10 03:24 . 2009-11-10 03:24 1888768 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\0c3e11851cedaf97c03a74131b5f9293\Microsoft.Build.Engine.ni.dll
+ 2009-11-10 03:23 . 2009-11-10 03:23 1732608 c:\windows\assembly\NativeImages_v2.0.50727_32\ehRecObj\e6b488913d24a333cdb8b0dde82eed76\ehRecObj.ni.dll
+ 2009-11-10 03:23 . 2009-11-10 03:23 2130432 c:\windows\assembly\NativeImages_v2.0.50727_32\ehepg\f5d8c5451c6a49960dc7cde827d4909f\ehepg.ni.dll
+ 2009-11-10 03:00 . 2009-09-04 06:58 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
- 2009-09-11 18:10 . 2009-03-30 04:42 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2006-11-02 10:24 . 2009-11-05 17:36 26768832 c:\windows\System32\mrt.exe
+ 2009-08-18 13:19 . 2009-08-18 13:19 10098688 c:\windows\Installer\f64da18.msp
+ 2008-09-24 12:05 . 2008-09-24 12:05 16381440 c:\windows\Installer\f64da01.msp
+ 2006-10-26 21:13 . 2006-10-26 21:13 14674216 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\XL12CNV.EXE
+ 2006-10-27 15:14 . 2006-10-27 15:14 14151456 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OART.DLL
+ 2006-10-27 15:26 . 2006-10-27 15:26 16870712 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSO.DLL
+ 2009-11-10 03:20 . 2009-11-10 03:20 12430848 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\425e95df110b77abad261a46fca54e99\System.Windows.Forms.ni.dll
+ 2009-11-10 03:23 . 2009-11-10 03:23 11800576 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\7742aef93bc3679a986cb5dab148cd76\System.Web.ni.dll
+ 2009-11-10 03:23 . 2009-11-10 03:23 17328640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\830b346e51c9671cacaa75c4fd9bcfb3\System.ServiceModel.ni.dll
+ 2009-11-10 03:19 . 2009-11-10 03:20 10683392 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\1097f0aba9cd9bdb9295ab05ca7e68b8\System.Design.ni.dll
+ 2009-11-10 03:19 . 2009-11-10 03:19 14327808 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\394fd96b27f367e6ffb13bc8c35fdcb2\PresentationFramework.ni.dll
+ 2009-11-10 03:19 . 2009-11-10 03:19 12216320 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\bfbe98e8737c97d8c938275ceca2b1d8\PresentationCore.ni.dll
+ 2009-11-10 03:18 . 2009-11-10 03:18 11490816 c:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\894183c0c47bd4772fbfad4c1a7e3b71\mscorlib.ni.dll
+ 2009-11-10 03:23 . 2009-11-10 03:23 11587584 c:\windows\assembly\NativeImages_v2.0.50727_32\ehshell\a2a3779d05fd2f244006562903f3bd37\ehshell.ni.dll
+ 2009-09-08 07:08 . 2009-11-12 19:12 199255407 c:\windows\winsxs\ManifestCache\6.0.6002.18005_001c11ba_blobs.bin
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2009-05-14 22:02 120104 ----a-w- c:\program files\EgisTec\MyWinLocker 3\x86\PSDProtect.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-09-05 68856]
"Skype"="c:\program files\Skype\\Phone\Skype.exe" [2009-10-09 25623336]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"WindowsWelcomeCenter"="oobefldr.dll" - c:\windows\System32\oobefldr.dll [2009-04-11 2153472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-01-09 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-01-09 178712]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-01-09 154136]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-02-19 6793760]
"PLFSetI"="c:\windows\PLFSetI.exe" [2008-07-29 200704]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-12-05 1410344]
"LManager"="c:\program files\Launch Manager\LManager.exe" [2009-02-19 866824]
"BackupManagerTray"="c:\program files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2009-04-11 249600]
"Acer ePower Management"="c:\program files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe" [2009-04-15 440864]
"EgisTecLiveUpdate"="c:\program files\EgisTec Egis Software Update\EgisUpdate.exe" [2009-05-13 199464]
"mwlDaemon"="c:\program files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe" [2009-05-14 345384]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-08 305440]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

c:\users\janaperfect\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Orion.lnk - c:\program files\Convesoft\Orion\Messenger.exe [2008-10-21 7892992]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):72,b0,71,6b,a4,60,ca,01

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1532837770-1080338674-2631915440-1000]
"EnableNotificationsRef"=dword:00000001

R2 AntiVirMailService;Avira AntiVir MailGuard;c:\program files\Avira\AntiVir Desktop\avmailc.exe [01/11/2009 11:47 194817]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [01/11/2009 11:47 108289]
R2 AntiVirWebService;Avira AntiVir WebGuard;c:\program files\Avira\AntiVir Desktop\avwebgrd.exe [01/11/2009 11:47 434945]
R2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer PowerSmart Manager\ePowerSvc.exe [19/06/2009 11:10 703008]
R2 mwlPSDFilter;mwlPSDFilter;c:\windows\System32\drivers\mwlPSDFilter.sys [09/10/2008 15:47 19504]
R2 mwlPSDNServ;mwlPSDNServ;c:\windows\System32\drivers\mwlPSDNserv.sys [09/10/2008 15:47 16432]
R2 mwlPSDVDisk;mwlPSDVDisk;c:\windows\System32\drivers\mwlPSDVDisk.sys [09/10/2008 15:47 59952]
R2 MWLService;MyWinLocker Service;c:\program files\EgisTec\MyWinLocker 3\x86\MWLService.exe [14/05/2009 22:03 305448]
R2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [11/04/2009 18:32 61184]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [23/09/2008 14:11 144632]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\System32\drivers\IntcHdmi.sys [19/06/2009 18:36 112128]
R3 k57nd60x;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\System32\drivers\k57nd60x.sys [04/09/2008 04:12 223232]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\System32\drivers\b57nd60x.sys [21/01/2008 02:23 179712]
S3 fssfltr;FssFltr;c:\windows\System32\drivers\fssfltr.sys [22/09/2009 19:51 54632]
S3 fsssvc;Služba Bezpecnost rodiny v službe Windows Live;c:\program files\Windows Live\Family Safety\fsssvc.exe [05/08/2009 21:48 704864]
S3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [23/09/2008 14:11 50424]

--- Other Services/Drivers In Memory ---

*Deregistered* - mbr
*Deregistered* - PROCEXP113
.
Contents of the 'Scheduled Tasks' folder

2009-11-17 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-09-05 22:23]
.
.
------- Supplementary Scan -------

zde je zbytek logu protoze se sem najednou nevesel

mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&s=2&o=vp32&d=0609&m=aspire_5738
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
FF - ProfilePath - c:\users\janaperfect\AppData\Roaming\Mozilla\Firefox\Profiles\4sstc50o.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.co.uk
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1698.5652\npCIDetect13.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".sk");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-17 20:25
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

[0] 0x99620285
[0] 0x9F3A0231
scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Completion time: 2009-11-17 20:27
ComboFix-quarantined-files.txt 2009-11-17 20:27
ComboFix2.txt 2009-11-08 21:23

Pre-Run: 255,771,148,288 bytes free
Post-Run: 255,736,541,184 bytes free

- - End Of File - - C87E64F2C65ADD730ADB7A9D8A7B0E79

Provedte ještě ty další body a potom

Stáhněte Rootkit Unhooker http://forum.sysinternals.com/uploads/2 ... 300509.rar
-spusťte, klikněte na Report a potom klikněte na tlačítko Scan
-objeví se tabulka, dáte fajfku do všech okének a OK
-až se objeví tabulka "Select Disk for scan", vypněte ji křížkem v pravém horním rohu
-proběhne sken, objeví se okno z výsledky.Označte text a pravým tl. myši zkopírujte výsledky zde

hazi mi ten posledni program chybu error loading driver, NTSTATUS code: C0000001

Stáhněte Gmer http://www.viry.cz/forum/viewtopic.php?f=29&t=62878
- rozbalte a spusťte
-proběhne sken, po skončení se otevře okno s výsledky, klikněte na Save a tím si uložíte log,který sem vložíte

-Podle návodu v odkazu provedete druhý sken a log sem také vložíte.

asi uz nebudu nikomu pomahat. Kamaradka se nakonec rozhodla pro W7, coz jsem ji misto Vist nabizel hned. pro mne je jednodussi udelat novy system nez nekoho otravovat, protoze o data nakonec stejne prisla. laptopa ma uz asi mesic a pul kdosi jiny a ze az bude cas tak to udela. omlouvam se za vasi ztratu casu.

proč přišla o data?
Není zač

asi proto ze ji ten ''Zkusenejsi'' kolega zformatoval disk. ja se ji to snazil aspon s vasi pomoci vycistit, jenze jsme se dlouho nevideli a vir udelal sve. zdemoloval system.

logy vypadali už docela čistě, musela ještě někde něco chytnout. Data se dají vydolovat i z nefunkčního systému.
Hezký den

Nevim co kdo delal. kazdopadne se mu to nepovedlo. mohla byste se mi prosim podivat na toto? odpovedel jsem sam sobe a zatim si me nikdo nevsiml

http://www.viry.cz/forum/viewtopic.php?f=13&t=93205

Dekuji

Stalo se

Zde

VIRY.CZ

falesny antivir. safety center (New.exe)

falesny antivir. safety center (New.exe)

Re: falesny antivir. safety center (New.exe)

Re: falesny antivir. safety center (New.exe)

Re: falesny antivir. safety center (New.exe)

Re: falesny antivir. safety center (New.exe)

Re: falesny antivir. safety center (New.exe)

Re: falesny antivir. safety center (New.exe)

Re: falesny antivir. safety center (New.exe)

Re: falesny antivir. safety center (New.exe)

Re: falesny antivir. safety center (New.exe)

Re: falesny antivir. safety center (New.exe)

Re: falesny antivir. safety center (New.exe)

Re: falesny antivir. safety center (New.exe)

Re: falesny antivir. safety center (New.exe)