"Nesmrteľný" Win32/Sality.NAM

Zpráva

maker2807 · #1 Příspěvek od **maker2807** » 13 bře 2011 16:47

Ahoj,
včera mi NOD32 (plne aktualizovaný) začal vypisovať hlášky o tom, že našiel vírus Win32/Sality.NAM postupne pre niekoľko .exe súborov na disku C. Systém som reštartoval v núdzovom režime, oskenoval antivírusom a ďalšími nástrojmi, ktoré som našiel na internete (SalityKiller, rmslt od AVG, MBAM, stinger). Všetko vyzeralo fajn, no onedlho sa celá situácia zopakovala. Opäť som spustil uvedené nástroje a opäť bol chvíľu pokoj... No dnes NOD opäť začal vírus detekovať. Neviete mi poradiť ako sa toho víru zbaviť natrvalo? Používam plne aktualizovaný 64 bitový Windows 7. Prikladám RSIT log a vopred ďakujem za odpoveď.

Logfile of random's system information tool 1.08 (written by random/random)
Run by Marek at 2011-03-13 16:34:02
Microsoft Windows 7 Ultimate
System drive C: has 30 GB (38%) free of 80 GB
Total RAM: 4061 MB (36% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:34:08, on 13. 3. 2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16722)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe
C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer.exe
C:\Program Files (x86)\VMware\VMware Player\hqtray.exe
C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCompanionInfo.exe
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\totalcmd\TOTALCMD.EXE
C:\Windows\SysWOW64\notepad.exe
C:\Users\Marek\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Marek\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Marek\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\Marek\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Marek\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Marek\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Marek\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Marek\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Marek\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Marek\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
C:\Users\Marek\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Marek\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\trend micro\Marek.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=c:\windows\syswow64\userinit.exe,
O1 - Hosts: ::1 localhost
O2 - BHO: vShare Plugin - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files (x86)\vShare\vshare_toolbar.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\PROGRA~2\IDM\QUICKF~1\PlugIns\IEHelp.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: vShare Plugin - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files (x86)\vShare\vshare_toolbar.dll
O4 - HKLM\..\Run: [NokiaMServer] C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup
O4 - HKLM\..\Run: [SafeQ Client] "C:\Program Files (x86)\Y Soft\SafeQ Client\Client\SafeQ Client.exe"
O4 - HKLM\..\Run: [VMware hqtray] "C:\Program Files (x86)\VMware\VMware Player\hqtray.exe"
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Sony Ericsson PC Companion] "C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe" /Background
O4 - HKCU\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\vmware\vmware player\vsocklib.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\vmware\vmware player\vsocklib.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/f ... wflash.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: vsharechrome - {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - C:\Program Files (x86)\vShare\vshare_toolbar.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Connectify - Connectify - C:\Program Files (x86)\Connectify\Connectifyd.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files (x86)\WinPcap\rpcapd.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: ServiceLayer - Nokia - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: Sony Ericsson PCCompanion - Avanquest Software - C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - C:\Program Files (x86)\VMware\VMware Player\vmware-ufad.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\Windows\system32\vmnetdhcp.exe
O23 - Service: VMware USB Arbitration Service (VMUSBArbService) - VMware, Inc. - C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\Windows\system32\vmnat.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 11237 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
winlogon.exe
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
"C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe"
C:\Windows\system32\nvvsvc.exe -session -first
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Connectify\Connectifyd.exe"
"taskhost.exe"
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
"C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
"C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
"C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun
"C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
"C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe" /Background
"C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe"
"C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer.exe" /watchfiles startup
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files (x86)\Y Soft\SafeQ Client\Client\SafeQ Client.exe"
"C:\Program Files (x86)\VMware\VMware Player\hqtray.exe"
"C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe"
C:\Windows\SysWOW64\vmnat.exe
"C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCompanionInfo.exe"
"C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot
"C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
"C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe"
C:\Windows\SysWOW64\vmnetdhcp.exe
C:\Windows\system32\SearchIndexer.exe /Embedding
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
WLIDSvcM.exe 2740
C:\Windows\System32\svchost.exe -k secsvcs
"C:\Program Files\Synaptics\SynTP\SynTPHelper.exe"
"C:\Windows\system32\wuauclt.exe"
"C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe"
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
C:\Windows\servicing\TrustedInstaller.exe
"taskhost.exe"
C:\Windows\system32\svchost.exe -k SDRSVC
"C:\totalcmd\TOTALCMD.EXE"
Notepad.exe C:\rkill.log
"C:\Users\Marek\AppData\Local\Google\Chrome\Application\chrome.exe"
"C:\Users\Marek\AppData\Local\Google\Chrome\Application\chrome.exe" --type=extension --lang=sk --force-fieldtest="ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/max_6 concurrent_prefetch/DnsParallelism/parallel_7/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_60/Prefetch/ContentPrefetchDisabled/ProxyConnectionImpact/proxy_connections_32/SpdyCwnd/cwnd16/SpdyImpact/npn_with_spdy/" --channel=3096.01F60D80.1855385728 /prefetch:3 --ignored=" --type=renderer "
"C:\Users\Marek\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=sk --force-fieldtest="CacheSize/CacheSizeGroup_5/ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/max_6 concurrent_prefetch/DnsParallelism/parallel_7/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_60/Prefetch/ContentPrefetchDisabled/ProxyConnectionImpact/proxy_connections_32/SpdyCwnd/cwnd16/SpdyImpact/npn_with_spdy/" --channel=3096.083A4780.48050837 /prefetch:3
C:\Windows\system32\rundll32.exe "C:\Users\Marek\AppData\Local\Google\Chrome\APPLIC~1\100648~1.133\gcswf32.dll",BrokerMain browser=chrome
"C:\Users\Marek\AppData\Local\Google\Chrome\Application\chrome.exe" --type=plugin --plugin-path="C:\Users\Marek\AppData\Local\Google\Chrome\Application\10.0.648.133\gcswf32.dll" --lang=sk --plugin-data-dir="C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default" --channel=3096.0A738E00.173407497 /prefetch:4 --flash-broker=5168
"C:\Users\Marek\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=sk --force-fieldtest="CacheSize/CacheSizeGroup_5/ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/max_6 concurrent_prefetch/DnsParallelism/parallel_7/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_60/Prefetch/ContentPrefetchDisabled/ProxyConnectionImpact/proxy_connections_32/SpdyCwnd/cwnd16/SpdyImpact/npn_with_spdy/" --channel=3096.0644CA80.1183901276 /prefetch:3
"C:\Users\Marek\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=sk --force-fieldtest="CacheSize/CacheSizeGroup_5/ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/max_6 concurrent_prefetch/DnsParallelism/parallel_7/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_60/Prefetch/ContentPrefetchDisabled/ProxyConnectionImpact/proxy_connections_32/SpdyCwnd/cwnd16/SpdyImpact/npn_with_spdy/" --channel=3096.0A208600.1662763747 /prefetch:3
"C:\Users\Marek\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=sk --force-fieldtest="CacheSize/CacheSizeGroup_5/ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/max_6 concurrent_prefetch/DnsParallelism/parallel_7/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_60/Prefetch/ContentPrefetchDisabled/ProxyConnectionImpact/proxy_connections_32/SpdyCwnd/cwnd16/SpdyImpact/npn_with_spdy/" --channel=3096.0428BA80.759315420 /prefetch:3
"C:\Users\Marek\AppData\Local\Google\Chrome\Application\chrome.exe" --type=plugin --plugin-path="C:\Users\Marek\AppData\Local\Google\Chrome\Application\10.0.648.133\gears.dll" --lang=sk --plugin-data-dir="C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default" --channel=3096.06D83A00.302533659 /prefetch:4
"C:\Users\Marek\AppData\Local\Google\Chrome\Application\chrome.exe" --type=plugin --plugin-path="C:\Users\Marek\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll" --lang=sk --plugin-data-dir="C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default" --channel=3096.0A774A00.1011416322 /prefetch:4
"C:\Users\Marek\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe"
"C:\Users\Marek\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=sk --force-fieldtest="CacheSize/CacheSizeGroup_5/ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/max_6 concurrent_prefetch/DnsParallelism/parallel_7/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_60/Prefetch/ContentPrefetchDisabled/ProxyConnectionImpact/proxy_connections_32/SpdyCwnd/cwnd16/SpdyImpact/npn_with_spdy/" --channel=3096.0A6EEA80.335764298 /prefetch:3
"C:\Users\Marek\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=sk --force-fieldtest="CacheSize/CacheSizeGroup_5/ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/max_6 concurrent_prefetch/DnsParallelism/parallel_7/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_60/Prefetch/ContentPrefetchDisabled/ProxyConnectionImpact/proxy_connections_32/SpdyCwnd/cwnd16/SpdyImpact/npn_with_spdy/" --channel=3096.09E74900.379660217 /prefetch:3
taskeng.exe {D03A3664-CA90-4955-82CA-D966C12C23A9}
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe23_ Global\UsGthrCtrlFltPipeMssGthrPipe23 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Windows\system32\SearchFilterHost.exe" 0 504 508 516 65536 512
"D:\Downloads\RSITx64.exe"
C:\Windows\system32\wbem\wmiprvse.exe

======Scheduled tasks folder======

C:\Windows\tasks\At1.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1851725225-4217059799-1380760506-1000Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1851725225-4217059799-1380760506-1000UA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18 532336]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-08-10 43520]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{043C5167-00BB-4324-AF7E-62013FAEDACF}]
vShare Plugin - C:\Program Files (x86)\vShare\vshare_toolbar.dll [2010-10-05 478800]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-11-15 62376]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18 403840]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype add-on for Internet Explorer - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-02-08 804136]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C08DF07A-3E49-4E25-9AB0-D3882835F153}]
QUICKfind BHO Object - C:\PROGRA~2\IDM\QUICKF~1\PlugIns\IEHelp.dll [2007-02-16 457216]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2010-09-15 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{043C5167-00BB-4324-AF7E-62013FAEDACF} - vShare Plugin - C:\Program Files (x86)\vShare\vshare_toolbar.dll [2010-10-05 478800]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2010-07-02 2903688]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2009-08-14 1814312]
"AdobeAAMUpdater-1.0"=C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-03-06 500208]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-07-14 1475072]
""= []
"DAEMON Tools Lite"=C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [2010-04-01 357696]
"Sony Ericsson PC Companion"=C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe [2011-01-24 427008]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SPReview"=C:\Windows\System32\SPReview\SPReview.exe [2011-03-13 301568]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Connectify]
C:\Program Files (x86)\Connectify\Connectify.exe [2010-09-28 1338944]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PLFSetI]
C:\Windows\PLFSetI.exe [2008-07-29 200704]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"=C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup []
"SafeQ Client"=C:\Program Files (x86)\Y Soft\SafeQ Client\Client\SafeQ Client.exe [2010-03-31 249856]
"VMware hqtray"=C:\Program Files (x86)\VMware\VMware Player\hqtray.exe [2010-09-21 64048]
"SwitchBoard"=C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
"AdobeCS5ServiceManager"=C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [2010-07-22 402432]
"TkBellExe"=C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [2011-02-20 273544]
"Adobe Reader Speed Launcher"=C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [2010-11-15 35736]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-11-15 932288]
"Malwarebytes' Anti-Malware (reboot)"=C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe [2010-12-20 963976]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RkHit.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"DisableStartupSound"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=177

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"ForceActiveDesktopOn"=0
"NoDriveTypeAutoRun"=255

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2011-03-13 16:34:02 ----D---- C:\rsit
2011-03-13 16:34:02 ----D---- C:\Program Files\trend micro
2011-03-13 16:15:46 ----D---- C:\ProgramData\McAfee
2011-03-13 10:54:10 ----D---- C:\Windows\system32\SPReview
2011-03-13 10:52:55 ----D---- C:\Windows\system32\EventProviders
2011-03-12 22:58:32 ----D---- C:\Windows\system32\appmgmt
2011-03-12 17:05:08 ----D---- C:\Users\Marek\AppData\Roaming\Malwarebytes
2011-03-12 17:04:59 ----A---- C:\Windows\SYSWOW64\drivers\mbamswissarmy.sys
2011-03-12 17:04:58 ----D---- C:\ProgramData\Malwarebytes
2011-03-12 17:04:55 ----D---- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-03-12 17:04:55 ----A---- C:\Windows\system32\drivers\mbam.sys
2011-03-09 18:36:15 ----A---- C:\Windows\SYSWOW64\wcncsvc.dll
2011-03-09 18:36:15 ----A---- C:\Windows\system32\wcncsvc.dll
2011-03-09 18:31:33 ----A---- C:\Windows\SYSWOW64\DWrite.dll
2011-03-09 18:31:33 ----A---- C:\Windows\system32\FntCache.dll
2011-03-09 18:31:32 ----A---- C:\Windows\SYSWOW64\d2d1.dll
2011-03-09 18:31:32 ----A---- C:\Windows\system32\DWrite.dll
2011-03-09 18:31:32 ----A---- C:\Windows\system32\d2d1.dll
2011-03-09 18:31:30 ----A---- C:\Windows\SYSWOW64\XpsPrint.dll
2011-03-09 18:31:30 ----A---- C:\Windows\SYSWOW64\XpsGdiConverter.dll
2011-03-09 18:31:30 ----A---- C:\Windows\system32\XpsPrint.dll
2011-03-09 18:31:30 ----A---- C:\Windows\system32\XpsGdiConverter.dll
2011-03-09 18:31:28 ----A---- C:\Windows\system32\EncDec.dll
2011-03-09 18:31:28 ----A---- C:\Windows\system32\CPFilters.dll
2011-03-09 18:31:27 ----A---- C:\Windows\SYSWOW64\EncDec.dll
2011-03-09 18:31:27 ----A---- C:\Windows\SYSWOW64\CPFilters.dll
2011-03-09 18:31:27 ----A---- C:\Windows\system32\sbe.dll
2011-03-09 18:31:26 ----A---- C:\Windows\SYSWOW64\sbe.dll
2011-03-09 18:30:58 ----A---- C:\Windows\SYSWOW64\mstscax.dll
2011-03-09 18:30:58 ----A---- C:\Windows\system32\mstscax.dll
2011-03-09 18:30:57 ----A---- C:\Windows\SYSWOW64\mstsc.exe
2011-03-09 18:30:57 ----A---- C:\Windows\system32\mstsc.exe
2011-03-06 15:06:37 ----D---- C:\Program Files (x86)\Microsoft Games
2011-02-27 10:24:46 ----D---- C:\Program Files (x86)\NVIDIA Corporation
2011-02-27 10:22:15 ----A---- C:\Windows\SYSWOW64\nvwgf2um.dll
2011-02-27 10:22:15 ----A---- C:\Windows\SYSWOW64\nvoglv32.dll
2011-02-27 10:22:15 ----A---- C:\Windows\system32\nvoglv64.dll
2011-02-27 10:22:15 ----A---- C:\Windows\system32\drivers\nvlddmkm.sys
2011-02-27 10:22:14 ----A---- C:\Windows\SYSWOW64\nvd3dum.dll
2011-02-27 10:22:14 ----A---- C:\Windows\SYSWOW64\nvcuvid.dll
2011-02-27 10:22:14 ----A---- C:\Windows\SYSWOW64\nvcuvenc.dll
2011-02-27 10:22:14 ----A---- C:\Windows\SYSWOW64\nvcuda.dll
2011-02-27 10:22:14 ----A---- C:\Windows\SYSWOW64\nvcompiler.dll
2011-02-27 10:22:14 ----A---- C:\Windows\system32\nvgenco642040.dll
2011-02-27 10:22:14 ----A---- C:\Windows\system32\nvdispco642090.dll
2011-02-27 10:22:14 ----A---- C:\Windows\system32\nvcuvid.dll
2011-02-27 10:22:14 ----A---- C:\Windows\system32\nvcuvenc.dll
2011-02-27 10:22:14 ----A---- C:\Windows\system32\nvcuda.dll
2011-02-27 10:22:14 ----A---- C:\Windows\system32\nvcompiler.dll
2011-02-27 10:22:13 ----A---- C:\Windows\SYSWOW64\OpenCL.dll
2011-02-27 10:22:13 ----A---- C:\Windows\SYSWOW64\nvapi.dll
2011-02-27 10:22:13 ----A---- C:\Windows\system32\OpenCL.dll
2011-02-26 10:15:13 ----D---- C:\Program Files (x86)\Ghostgum
2011-02-26 10:14:48 ----A---- C:\Windows\gswin32.ini
2011-02-22 20:39:18 ----D---- C:\Users\Marek\AppData\Roaming\Mozilla
2011-02-20 20:20:39 ----A---- C:\Windows\SYSWOW64\rmoc3260.dll
2011-02-20 20:20:35 ----A---- C:\Windows\SYSWOW64\pndx5032.dll
2011-02-20 20:20:35 ----A---- C:\Windows\SYSWOW64\pndx5016.dll
2011-02-20 20:20:35 ----A---- C:\Windows\SYSWOW64\pncrt.dll
2011-02-20 20:20:26 ----D---- C:\ProgramData\Real
2011-02-20 20:20:26 ----D---- C:\Program Files (x86)\Real
2011-02-20 20:20:25 ----D---- C:\Users\Marek\AppData\Roaming\Real
2011-02-15 15:21:17 ----D---- C:\Users\Marek\AppData\Roaming\MiKTeX
2011-02-15 14:53:38 ----D---- C:\Program Files (x86)\gs
2011-02-15 14:43:34 ----D---- C:\ProgramData\MiKTeX
2011-02-15 14:40:58 ----D---- C:\Program Files (x86)\MiKTeX 2.8
2011-02-15 13:56:53 ----A---- C:\Windows\SYSWOW64\msxml4a.dll
2011-02-15 13:56:51 ----D---- C:\Program Files (x86)\TeXnicCenter

======List of files/folders modified in the last 1 months======

2011-03-13 16:34:09 ----D---- C:\Windows\Temp
2011-03-13 16:34:02 ----RD---- C:\Program Files
2011-03-13 16:15:46 ----HD---- C:\ProgramData
2011-03-13 15:56:11 ----A---- C:\Windows\WINCMD.INI
2011-03-13 15:35:34 ----D---- C:\Users\Marek\AppData\Roaming\codeblocks
2011-03-13 13:25:57 ----D---- C:\Windows\Prefetch
2011-03-13 11:46:35 ----D---- C:\Program Files (x86)\uTorrent
2011-03-13 11:21:16 ----D---- C:\p
2011-03-13 11:11:58 ----SHD---- C:\Windows\Installer
2011-03-13 11:11:29 ----D---- C:\Program Files (x86)\Microsoft Silverlight
2011-03-13 11:11:15 ----D---- C:\Windows\winsxs
2011-03-13 10:54:10 ----D---- C:\Windows\System32
2011-03-13 10:54:07 ----SHD---- C:\System Volume Information
2011-03-13 10:51:44 ----D---- C:\Windows\system32\config
2011-03-13 10:37:34 ----D---- C:\Windows\system32\catroot2
2011-03-13 10:37:34 ----D---- C:\Windows\system32\catroot
2011-03-13 10:26:36 ----D---- C:\Windows\inf
2011-03-13 10:26:36 ----A---- C:\Windows\system32\PerfStringBackup.INI
2011-03-13 10:21:23 ----D---- C:\ProgramData\VMware
2011-03-12 23:35:04 ----D---- C:\Program Files (x86)\Connectify
2011-03-12 22:58:32 ----RD---- C:\Program Files (x86)
2011-03-12 22:58:31 ----D---- C:\Program Files (x86)\Common Files
2011-03-12 22:58:30 ----D---- C:\Windows\SYSWOW64\drivers
2011-03-12 22:58:30 ----D---- C:\Windows\SysWOW64
2011-03-12 21:32:26 ----D---- C:\Windows\system32\Tasks
2011-03-12 17:21:22 ----D---- C:\Windows\Minidump
2011-03-12 17:21:22 ----D---- C:\Windows
2011-03-12 17:14:53 ----D---- C:\Windows\system32\drivers
2011-03-12 16:54:52 ----A---- C:\Windows\system.ini
2011-03-12 16:43:57 ----D---- C:\Dev-Cpp
2011-03-12 15:29:25 ----SD---- C:\Users\Marek\AppData\Roaming\Microsoft
2011-03-12 15:29:25 ----D---- C:\Users\Marek\AppData\Roaming\Adobe
2011-03-12 15:27:19 ----D---- C:\ProgramData\Adobe
2011-03-12 15:27:18 ----D---- C:\Program Files (x86)\Adobe
2011-03-12 14:20:12 ----A---- C:\Windows\ntbtlog.txt
2011-03-12 10:47:41 ----D---- C:\Users\Marek\AppData\Roaming\VMware
2011-03-09 18:32:39 ----D---- C:\Windows\debug
2011-03-09 18:32:38 ----A---- C:\Windows\system32\MRT.exe
2011-03-09 18:32:33 ----D---- C:\ProgramData\Microsoft Help
2011-03-06 14:38:21 ----D---- C:\Windows\system32\wdi
2011-02-27 20:20:24 ----D---- C:\Users\Marek\AppData\Roaming\Skype
2011-02-27 19:15:01 ----D---- C:\Users\Marek\AppData\Roaming\skypePM
2011-02-27 10:24:27 ----D---- C:\ProgramData\NVIDIA
2011-02-27 10:23:09 ----D---- C:\Program Files\NVIDIA Corporation
2011-02-27 10:23:00 ----D---- C:\Windows\system32\DriverStore
2011-02-26 16:23:22 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2011-02-20 20:20:34 ----A---- C:\Windows\SYSWOW64\msvcr71.dll
2011-02-20 20:20:34 ----A---- C:\Windows\SYSWOW64\msvcp71.dll
2011-02-17 22:09:45 ----D---- C:\Users\Marek\AppData\Roaming\uTorrent
2011-02-17 22:06:43 ----A---- C:\Windows\wcx_ftp.ini
2011-02-16 15:56:58 ----D---- C:\Windows\system32\oobe
2011-02-14 23:53:06 ----D---- C:\Program Files (x86)\DOSBox-0.74

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2009-07-14 214096]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2010-10-29 834544]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2009-07-14 514048]
R1 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [2010-04-28 139704]
R1 VBoxDrv;VirtualBox Service; C:\Windows\system32\DRIVERS\VBoxDrv.sys [2010-10-08 203024]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver; C:\Windows\system32\DRIVERS\VBoxUSBMon.sys [2010-10-08 53968]
R1 vmm;Virtual Machine Monitor; \??\C:\Windows\system32\Drivers\vmm.sys [2010-12-11 294232]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R2 eamonm;eamonm; C:\Windows\system32\DRIVERS\eamonm.sys [2010-06-24 166984]
R2 epfwwfpr;epfwwfpr; C:\Windows\system32\DRIVERS\epfwwfpr.sys [2010-04-28 124760]
R2 hcmon;VMware hcmon; \??\C:\Windows\system32\drivers\hcmon.sys [2010-09-21 38448]
R2 vmci;VMware vmci; \??\C:\Windows\system32\drivers\vmci.sys [2010-09-21 80944]
R2 VMnetBridge;VMware Bridge Protocol; C:\Windows\system32\DRIVERS\vmnetbridge.sys [2010-09-20 45104]
R2 VMnetuserif;VMware Network Application Interface; \??\C:\Windows\system32\drivers\vmnetuserif.sys [2010-09-21 30256]
R2 vmx86;VMware vmx86; \??\C:\Windows\system32\drivers\vmx86.sys [2010-09-21 68656]
R2 vstor2-ws60;Vstor2 WS60 Virtual Storage Driver; \??\C:\Program Files (x86)\VMware\VMware Player\vstor2-ws60.sys [2010-08-19 32816]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athrx.sys [2009-10-05 1542656]
R3 connctfyMP;connctfyMP; C:\Windows\system32\DRIVERS\connctfy.sys [2010-08-11 34880]
R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20); C:\Windows\system32\DRIVERS\L1C62x64.sys [2009-06-10 57344]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2009-08-14 286768]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter; C:\Windows\system32\DRIVERS\VBoxNetAdp.sys [2010-10-08 144784]
R3 VBoxNetFlt;VBoxNetFlt Service; C:\Windows\system32\DRIVERS\VBoxNetFlt.sys [2010-10-08 164304]
R3 vmkbd;VMware kbd; \??\C:\Windows\system32\drivers\VMkbd.sys [2010-09-21 31792]
R3 VMnetAdapter;VMware Virtual Ethernet Adapter Driver; C:\Windows\system32\DRIVERS\vmnetadapter.sys [2010-09-20 20016]
R3 VPCNetS2;Virtual Machine Network Services Driver; C:\Windows\system32\DRIVERS\VMNetSrv.sys [2007-01-29 79760]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
S3 a8i7gs9x;a8i7gs9x; C:\Windows\system32\drivers\a8i7gs9x.sys []
S3 BthEnum;Bluetooth Request Block Driver; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-07-14 41984]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 118784]
S3 BTHPORT;Bluetooth Port Driver; C:\Windows\System32\Drivers\BTHport.sys [2009-07-14 551936]
S3 BTHUSB;Bluetooth Radio USB Driver; C:\Windows\System32\Drivers\BTHUSB.sys [2009-07-14 79360]
S3 connctfy;Connectify Service; C:\Windows\system32\DRIVERS\connctfy.sys [2010-08-11 34880]
S3 ggflt;SEMC USB Flash Driver Filter; C:\Windows\system32\DRIVERS\ggflt.sys [2010-12-25 13352]
S3 ggsemc;SEMC USB Flash Driver; C:\Windows\system32\DRIVERS\ggsemc.sys [2010-12-25 27176]
S3 nmwcdcx64;Nokia USB Generic; C:\Windows\system32\drivers\ccdcmbox64.sys [2010-02-26 25088]
S3 nmwcdx64;Nokia USB Phone Parent; C:\Windows\system32\drivers\ccdcmbx64.sys [2010-02-26 19456]
S3 NPF;NetGroup Packet Filter Driver; C:\Windows\system32\drivers\npf.sys [2010-06-25 35344]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfdx64.sys [2008-08-28 25600]
S3 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [2009-07-14 12352]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2009-07-14 165376]
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 158720]
S3 s3cap;s3cap; C:\Windows\system32\DRIVERS\vms3cap.sys [2009-07-14 6656]
S3 storvsc;storvsc; C:\Windows\system32\DRIVERS\storvsc.sys [2009-07-14 34896]
S3 upperdev;upperdev; C:\Windows\system32\DRIVERS\usbser_lowerfltx64.sys [2010-02-26 9216]
S3 usbser;USB Modem Driver; C:\Windows\system32\drivers\usbser.sys [2009-07-14 32768]
S3 UsbserFilt;UsbserFilt; C:\Windows\system32\DRIVERS\usbser_lowerfltx64j.sys [2010-02-26 9216]
S3 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\DRIVERS\vmbus.sys [2009-07-14 200272]
S3 VMBusHID;VMBusHID; C:\Windows\system32\DRIVERS\VMBusHID.sys [2009-07-14 21760]
S3 vmusb;VMware USB Client Driver; C:\Windows\System32\Drivers\vmusb.sys [2010-09-20 37680]
S3 WinUSB;Sony Ericsson USB Device sa0101 Driver; C:\Windows\system32\DRIVERS\WinUSB.sys [2009-07-14 40448]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Connectify;Connectify; C:\Program Files (x86)\Connectify\Connectifyd.exe [2010-09-28 892992]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2010-07-02 810144]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2011-01-07 1005160]
R2 VMAuthdService;VMware Authorization Service; C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe [2010-09-21 113200]
R2 VMnetDHCP;VMware DHCP Service; C:\Windows\syswow64\vmnetdhcp.exe [2010-09-21 334384]
R2 VMUSBArbService;VMware USB Arbitration Service; C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe [2010-09-21 539184]
R2 VMware NAT Service;VMware NAT Service; C:\Windows\syswow64\vmnat.exe [2010-09-21 404016]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-08-18 2291568]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-10-06 136176]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2010-07-02 42360]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files (x86)\WinPcap\rpcapd.exe [2010-06-25 117264]
S3 ServiceLayer;ServiceLayer; C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe [2010-06-14 615936]
S3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion; C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [2010-10-26 155344]
S3 SwitchBoard;SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
S3 ufad-ws60;VMware Agent Service; C:\Program Files (x86)\VMware\VMware Player\vmware-ufad.exe [2010-08-19 191024]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136]

-----------------EOF-----------------

#2 Příspěvek od **vyosek** » 13 bře 2011 17:00

Zdravim, pekny podvecer preji a vitam Vas u nas na foru

Vlozte mi sem prosim i druhy log z RSIT s nazvem info.txt, je ulozen v c:\rsit

Spustte MBAM, prekliknete na zalozku Protokoly - vsechny protokoly co tam mate mi ulozte do jednoho raru a uploadnete sem http://vyosek.ic.cz/havet/uploader.php podivam se co vsem MBAM mazal

maker2807 · #3 Příspěvek od **maker2807** » 13 bře 2011 17:20

Protokoly z MBAM som nahral, neviem však, či budú nápomocné (pred MBAM som mal pustené tie ostatné aplikácie a MBAM mi potom v jednom prípade našiel len 1 infikovaný súbor a v ostatných žiaden)

Prikladám info.txt:

info.txt logfile of random's system information tool 1.08 2011-03-13 16:34:11

======Uninstall list======

-->MsiExec.exe /I{4CF23D36-EF5A-43F3-BC75-AB8D041DFD09}
-->C:\Program Files (x86)\Sony Ericsson\Update Engine\uninst.exe
-->MsiExec /X{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}
µTorrent-->"C:\Program Files (x86)\uTorrent\uTorrent.exe" /UNINSTALL
10prstami5 5.2-->D:\Programy\DesiatimiPrstami\pmqUnInstall.exe
Acer Crystal Eye webcam Ver:1.1.93.702-->C:\Program Files (x86)\InstallShield Installation Information\{D0ACE89D-EC7F-470F-80BE-4C98ED366B32}\setup.exe -runfromtemp -l0x0009 -removeonly
Acer Crystal Eye Webcam-->C:\Program Files (x86)\InstallShield Installation Information\{7760D94E-B1B5-40A0-9AA0-ABF942108755}\setup.exe -runfromtemp -l0x0009 -removeonly
Adobe AIR-->C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{A2BCA9F1-566C-4805-97D1-7FDC93386723}
Adobe Community Help-->msiexec /qb /x {0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}
Adobe Community Help-->MsiExec.exe /I{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}
Adobe Flash Player 10 ActiveX-->C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10m_ActiveX.exe -maintain activex
Adobe Media Player-->msiexec /qb /x {DE3A9DC5-9A5D-6485-9662-347162C7E4CA}
Adobe Media Player-->MsiExec.exe /I{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}
Adobe Photoshop CS5-->C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\core\PDApp.exe --appletID="DWA_UI" --appletVersion="1.0" --mode="Uninstall" --mediaSignature="{15FEDA5F-141C-4127-8D7E-B962D1742728}"
Adobe Reader X - Czech-->MsiExec.exe /I{AC76BA86-7AD7-1029-7B44-AA0000000001}
Aktualizácia Microsoft Office Excel 2007 Help (KB963678)-->msiexec /package {90120000-0016-041B-0000-0000000FF1CE} /uninstall {9A8C39B0-D27F-4F81-BE74-2FECF164707E}
Aktualizácia Microsoft Office Powerpoint 2007 Help (KB963669)-->msiexec /package {90120000-0018-041B-0000-0000000FF1CE} /uninstall {CE23B3DC-18CC-46FC-A309-81D6670F8D3D}
Aktualizácia Microsoft Office Word 2007 Help (KB963665)-->msiexec /package {90120000-001B-041B-0000-0000000FF1CE} /uninstall {D6DBF512-87C0-4F6A-8FB9-AC3A389D9DE5}
Altap Salamander 2.5-->C:\Program Files (x86)\Altap Salamander 2.5\remove\remove.exe
Ashampoo Burning Studio 2008-->"C:\Program Files (x86)\Ashampoo\Ashampoo Burning Studio 2008\unins000.exe"
BatteryCare-->MsiExec.exe /I{9F1C67D6-D0B8-4BA6-B953-238BA95A58B7}
Connectify-->C:\Program Files (x86)\Connectify\Uninstall.exe
Dev-C++ 5 beta 9 release (4.9.9.2)-->"C:\Dev-Cpp\uninstall.exe"
doPDF 7.1 printer-->"C:\Program Files\Softland\doPDF 7\unins000.exe"
DVD Shrink 3.2-->"C:\Program Files (x86)\DVD Shrink\unins000.exe"
F1 2010-->MsiExec.exe /I{434D0831-3E0C-4D03-A5D4-5E1000008400}
F1 2010-->MsiExec.exe /I{434D0831-A4CC-401A-9E74-621000018401}
F1 2010-->MsiExec.exe /X{434D0831-3E0C-4D03-A5D4-5E1000008400}
Foxit PDF Editor-->C:\Program Files\Foxit Software\PDF Editor\uninstall.exe
Golden Axe 2-->"D:\Hry\Golden Axe\unins000.exe"
Golden Axe 3-->"D:\Hry\Golden Axe 3\unins000.exe"
Google Earth Plug-in-->MsiExec.exe /X{FB4F9000-04FC-11E0-85D2-001AA037B01E}
Google Talk Plugin-->MsiExec.exe /I{005F78AF-110D-398A-8430-BE98950A1E22}
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
GPL Ghostscript 8.71-->"C:\Program Files (x86)\gs\uninstgs.exe" "C:\Program Files (x86)\gs\gs8.71\uninstal.txt"
Greasemetal Version 0.2-->"C:\Program Files (x86)\Greasemetal\unins000.exe"
GSview 4.9-->C:\Program Files (x86)\Ghostgum\gsview\uninstgs.exe "C:\Program Files (x86)\Ghostgum\gsview\uninstal.txt"
Haskell Platform 2010.2.0.0-->"C:\Program Files (x86)\Haskell Platform\2010.2.0.0\Uninstall.exe"
Cheat Engine 5.6.1-->"C:\Program Files (x86)\Cheat Engine\unins000.exe"
IrfanView (remove only)-->C:\Program Files (x86)\IrfanView\iv_uninstall.exe
Java(TM) 6 Update 21 (64-bit)-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F86416021FF}
Java(TM) 6 Update 22-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216021FF}
Java(TM) SE Development Kit 6 Update 21 (64-bit)-->MsiExec.exe /I{64A3A4F4-B792-11D6-A78A-00B0D0160210}
JPG to PDF Converter 1.0-->C:\Program Files (x86)\JPG to PDF Converter\uninst.exe
K-Lite Codec Pack 6.3.0 (Full)-->"C:\Program Files (x86)\K-Lite Codec Pack\unins000.exe"
KONICA MINOLTA PagePro 1400W-->MUINST_Y.EXE /PRN:"KONICA MINOLTA PagePro 1400W"
Longman Dictionary of Contemporary English 5th Edition-->"C:\Program Files (x86)\Longman\LDOCE5\uninstall.exe"
Malwarebytes' Anti-Malware-->"C:\Program Files (x86)\Malwarebytes' Anti-Malware\unins000.exe"
Mario-->D:\HRY\Mario\Uninstal.exe
MegaTrainer eXperience V1.0.2.8-->"C:\Program Files (x86)\MegaDev\MD-Trainers\MT-X\unins000.exe"
Microsoft .NET Framework 4 Client Profile-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\Setup.exe /repair /x86 /x64 /parameterfolder Client
Microsoft .NET Framework 4 Client Profile-->MsiExec.exe /X{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}
Microsoft Games for Windows - LIVE Redistributable-->MsiExec.exe /X{1FDA5A37-B22D-43FF-B582-B8964050DC13}
Microsoft Games for Windows - LIVE-->MsiExec.exe /X{86A4C6D9-29EE-4719-AFA1-BA3341862B83}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0015-041B-0000-0000000FF1CE} /uninstall {F69A7281-8297-47E2-B583-36EAA37C89EE}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0016-041B-0000-0000000FF1CE} /uninstall {F69A7281-8297-47E2-B583-36EAA37C89EE}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0018-041B-0000-0000000FF1CE} /uninstall {F69A7281-8297-47E2-B583-36EAA37C89EE}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0019-041B-0000-0000000FF1CE} /uninstall {F69A7281-8297-47E2-B583-36EAA37C89EE}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001A-041B-0000-0000000FF1CE} /uninstall {F69A7281-8297-47E2-B583-36EAA37C89EE}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001B-041B-0000-0000000FF1CE} /uninstall {F69A7281-8297-47E2-B583-36EAA37C89EE}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-002A-0000-1000-0000000FF1CE} /uninstall {E64BA721-2310-4B55-BE5A-2925F9706192}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-002A-041B-1000-0000000FF1CE} /uninstall {8AF3A9EB-FBB9-449F-AC11-94CE39930037}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0044-041B-0000-0000000FF1CE} /uninstall {F69A7281-8297-47E2-B583-36EAA37C89EE}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-041B-0000-0000000FF1CE} /uninstall {8AF3A9EB-FBB9-449F-AC11-94CE39930037}
Microsoft Office Access MUI (Slovak) 2007-->MsiExec.exe /X{90120000-0015-041B-0000-0000000FF1CE}
Microsoft Office Excel MUI (Slovak) 2007-->MsiExec.exe /X{90120000-0016-041B-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (Slovak) 2007-->MsiExec.exe /X{90120000-0044-041B-0000-0000000FF1CE}
Microsoft Office Office 64-bit Components 2007-->MsiExec.exe /X{90120000-002A-0000-1000-0000000FF1CE}
Microsoft Office Outlook MUI (Slovak) 2007-->MsiExec.exe /X{90120000-001A-041B-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (Slovak) 2007-->MsiExec.exe /X{90120000-0018-041B-0000-0000000FF1CE}
Microsoft Office Professional Plus 2007-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROPLUS /dll OSETUP.DLL
Microsoft Office Professional Plus 2007-->MsiExec.exe /X{90120000-0011-0000-0000-0000000FF1CE}
Microsoft Office Proof (Czech) 2007-->MsiExec.exe /X{90120000-001F-0405-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Hungarian) 2007-->MsiExec.exe /X{90120000-001F-040E-0000-0000000FF1CE}
Microsoft Office Proof (Slovak) 2007-->MsiExec.exe /X{90120000-001F-041B-0000-0000000FF1CE}
Microsoft Office Proofing (Slovak) 2007-->MsiExec.exe /X{90120000-002C-041B-0000-0000000FF1CE}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0405-0000-0000000FF1CE} /uninstall {294B4278-CF7B-40B9-86A1-2D3FF0C2C524}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {A0516415-ED61-419A-981D-93596DA74165}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-040E-0000-0000000FF1CE} /uninstall {573CA1BB-C8A3-46C4-993E-DB4043D9BFCD}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-041B-0000-0000000FF1CE} /uninstall {10EC59E5-9BCE-4884-BB1A-E28627220232}
Microsoft Office Publisher MUI (Slovak) 2007-->MsiExec.exe /X{90120000-0019-041B-0000-0000000FF1CE}
Microsoft Office Shared 64-bit MUI (Slovak) 2007-->MsiExec.exe /X{90120000-002A-041B-1000-0000000FF1CE}
Microsoft Office Shared MUI (Slovak) 2007-->MsiExec.exe /X{90120000-006E-041B-0000-0000000FF1CE}
Microsoft Office Word MUI (Slovak) 2007-->MsiExec.exe /X{90120000-001B-041B-0000-0000000FF1CE}
Microsoft Save as PDF Add-in for 2007 Microsoft Office programs-->MsiExec.exe /X{90120000-00B0-0409-0000-0000000FF1CE}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Virtual PC 2007-->MsiExec.exe /X{8A7CAA24-7B23-410B-A7C3-F994B0944160}
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148-->MsiExec.exe /X{EE936C7A-EA40-31D5-9B65-8E3E089C3828}
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17-->MsiExec.exe /X{8220EEFE-38CD-377E-8595-13398D740ACE}
Microsoft_VC80_ATL_x86_x64-->MsiExec.exe /I{925D058B-564A-443A-B4B2-7E90C6432E55}
Microsoft_VC80_CRT_x86_x64-->MsiExec.exe /I{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}
Microsoft_VC80_CRT_x86-->MsiExec.exe /I{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}
Microsoft_VC80_MFC_x86_x64-->MsiExec.exe /I{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}
Microsoft_VC80_MFC_x86-->MsiExec.exe /I{D1A19B02-817E-4296-A45B-07853FD74D57}
Microsoft_VC80_MFCLOC_x86_x64-->MsiExec.exe /I{1E9FC118-651D-4934-97BE-E53CAE5C7D45}
Microsoft_VC80_MFCLOC_x86-->MsiExec.exe /I{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}
Microsoft_VC90_ATL_x86_x64-->MsiExec.exe /I{8557397C-A42D-486F-97B3-A2CBC2372593}
Microsoft_VC90_ATL_x86-->MsiExec.exe /I{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}
Microsoft_VC90_CRT_x86_x64-->MsiExec.exe /I{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}
Microsoft_VC90_CRT_x86-->MsiExec.exe /I{08D2E121-7F6A-43EB-97FD-629B44903403}
Microsoft_VC90_MFC_x86_x64-->MsiExec.exe /I{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}
Microsoft_VC90_MFC_x86-->MsiExec.exe /I{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}
MiKTeX 2.8-->"C:\Program Files (x86)\MiKTeX 2.8\miktex\bin\internal\copystart_admin.exe" "C:\Program Files (x86)\MiKTeX 2.8\miktex\bin\internal\uninstall_admin.exe"
MSVC80_x64_v2-->MsiExec.exe /I{4D668D4F-FAA2-4726-834C-31F4614F312E}
MSVC80_x86_v2-->MsiExec.exe /I{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}
MSVC90_x64-->MsiExec.exe /I{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}
MSVC90_x86-->MsiExec.exe /I{AF111648-99A1-453E-81DD-80DBBF6DAD0D}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
Nokia Connectivity Cable Driver-->MsiExec.exe /I{F1FDAA01-988C-423F-AC12-0D8F333943FD}
Nokia Ovi Suite Software Updater-->MsiExec.exe /X{A0D65C73-F2C5-432F-8788-90F8A2E99B98}
Nokia Ovi Suite-->C:\ProgramData\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\Installer.exe
Nokia Ovi Suite-->MsiExec.exe /X{8070452B-15D6-4169-B9B9-FCC3B54588AD}
NVIDIA Grafický ovládač 266.58-->"C:\Windows\SysWOW64\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\installer.1\NVI2.DLL",UninstallPackage Display.Driver
NVIDIA PhysX-->MsiExec.exe /X{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}
NVIDIA Softvér systému s podporou technológie PhysX 9.10.0514-->"C:\Windows\SysWOW64\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\installer.1\NVI2.DLL",UninstallPackage Display.PhysX
OpenAL-->"C:\Program Files (x86)\OpenAL\OpenALwEAX.exe" /U
Oracle VM VirtualBox 3.2.10-->MsiExec.exe /I{EAFC065C-0576-4DE9-8FDB-4D943367506E}
Ovi Desktop Sync Engine-->MsiExec.exe /X{2D10FC46-1D96-44C4-8855-85F21B9B011E}
OviMPlatform-->MsiExec.exe /I{1373559F-6DC6-44EA-9079-6ABDCCE8CDAD}
PC Connectivity Solution-->MsiExec.exe /I{29F563F4-8807-4496-8463-441EAA0E96AB}
PCSafeDoctor-->"C:\Program Files (x86)\PCSafeDoctor\unins000.exe"
PDF Settings CS5-->MsiExec.exe /I{A78FE97A-C0C8-49CE-89D0-EDD524A17392}
PDF-Viewer-->"C:\Program Files\Tracker Software\PDF Viewer\unins000.exe"
QUICKfind server v1.1-->"C:\Program Files (x86)\IDM\QUICKfind\qf_uninstall.exe"
Rapture3D 2.4.4 Game-->"C:\Program Files (x86)\BRS\unins000.exe"
RealNetworks - Microsoft Visual C++ 2008 Runtime-->MsiExec.exe /X{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}
RealPlayer-->C:\Program Files (x86)\Real\RealPlayer\Update\r1puninst.exe RealNetworks|RealPlayer|12.0
RealUpgrade 1.1-->MsiExec.exe /I{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}
SafeQ Client-->MsiExec.exe /I{FE390EE1-41F4-4CF4-AE63-DC22EFECA5C1}
Security Update for 2007 Microsoft Office System (KB2288621)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {5C497F0B-2061-4CC9-A61C-6B45B867354D}
Security Update for 2007 Microsoft Office System (KB2288931)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {CD769337-C8AC-46DB-A7DC-643E50089263}
Security Update for 2007 Microsoft Office System (KB2289158)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {210B16C0-CEBD-4DE9-B474-04A7E8735E16}
Security Update for 2007 Microsoft Office System (KB2344875)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {6FC5C4C1-D7AE-44C3-94B7-6424FC3E752F}
Security Update for 2007 Microsoft Office System (KB2345043)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {536FB502-775F-4494-BACE-C02CC90B7A5B}
Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
Security Update for 2007 Microsoft Office System (KB976321)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {7F207DCA-3399-40CB-A968-6E5991B1421A}
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {FD8D7C9A-E56A-3E7B-BA6D-FE68F13296E3} /parameterfolder Client
Security Update for Microsoft Office Access 2007 (KB979440)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {1142CCEC-ACA9-484B-BA90-C3A5CA1988C5}
Security Update for Microsoft Office Access 2007 (KB979440)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {5A4E43D5-858F-49BD-BA72-8F30E1793060}
Security Update for Microsoft Office Excel 2007 (KB2345035)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {B23002DD-34EC-4988-B810-A5E2A0BF04F1}
Security Update for Microsoft Office InfoPath 2007 (KB979441)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {1109D0B3-EFA3-4553-AAED-4C3E9AD130E8}
Security Update for Microsoft Office InfoPath 2007 (KB979441)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {8CCB781A-CF6B-4FCB-B6D8-59C64DF5C6DB}
Security Update for Microsoft Office PowerPoint 2007 (KB982158)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {F5B70033-E79C-4569-90BF-BC9B4E4F3F46}
Security Update for Microsoft Office PowerPoint Viewer (KB2413381)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {3DED0A62-44C8-4E00-A785-5212F297A9D9}
Security Update for Microsoft Office Publisher 2007 (KB2284697)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {3A4CDE54-2403-483D-8D9A-15E3264410DF}
Security Update for Microsoft Office system 2007 (972581)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {3D019598-7B59-447A-80AE-815B703B84FF}
Security Update for Microsoft Office system 2007 (KB974234)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {FCD742B9-7A55-44BC-A776-F795F21FEDDC}
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {71127777-8B2C-4F97-AF7A-6CF8CAC8224D}
Security Update for Microsoft Office Word 2007 (KB2344993)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {7A5B74FA-7A92-4FC9-821A-2DD5D4E73E48}
Skype Toolbars-->MsiExec.exe /I{981029E0-7FC9-4CF3-AB39-6F133621921A}
Skype™ 4.2-->MsiExec.exe /X{D103C4BA-F905-437A-8049-DB24763BBE36}
SMath v4-->"C:\Program Files (x86)\SMath4\unins000.exe"
Sony Ericsson PC Companion 2.01.123-->"C:\Program Files (x86)\InstallShield Installation Information\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}\setup.exe" -runfromtemp -l0x0009 -removeonly
Sony Ericsson Update Engine-->C:\Program Files (x86)\Sony Ericsson\Update Engine\uninst.exe
Strawberry Perl-->MsiExec.exe /X{A73228B5-F869-3044-B3D8-7D3F0F3A5987}
Synaptics Pointing Device Driver-->rundll32.exe "%ProgramFiles%\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
TeXnicCenter Version 1.0 Stable RC1-->"C:\Program Files (x86)\TeXnicCenter\unins000.exe"
Tipard PDF Joiner-->"C:\Program Files (x86)\Tipard Studio\Tipard PDF Joiner\unins000.exe"
TmNationsForever-->"C:\Program Files (x86)\TmNationsForever\unins000.exe"
tools-linux-->MsiExec.exe /X{D102611A-6466-4101-A51D-51069303AC65}
Update for 2007 Microsoft Office System (KB2284654)-->msiexec /package {90120000-002A-0000-1000-0000000FF1CE} /uninstall {FB166E7C-8AA6-48C8-B726-1F25BEE7825A}
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for Microsoft Office Outlook 2007 (KB2412171)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {752A0B7C-BD24-4362-AC86-AB63FEE6F46F}
Update for Outlook 2007 Junk Email Filter (KB2508979)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {D2137BBA-250B-4548-BC1C-19E5009893D7}
VLC media player 1.1.6-->C:\Program Files (x86)\VideoLAN\VLC\uninstall.exe
VMware Player-->C:\ProgramData\VMware\VMware Player\Uninstaller\uninstall.exe -x -S "C:\ProgramData\VMware\VMware Player\Uninstaller\"
VMware Player-->MsiExec.exe /I{A53A11EA-0095-493F-86FA-A15E8A86A405}
vShare Plugin-->C:\Program Files (x86)\vShare\UNINSTALL.exe
Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)-->C:\PROGRA~1\DIFX\F4092DA208C2C970\dpinst.exe /u C:\Windows\system32\DRVSTORE\pccsmcfdx6_8A3BAB842294F8D9255C3CF2A3B1CECAEEB8EA7E\pccsmcfdx64.inf
Windows Live ID Sign-in Assistant-->MsiExec.exe /X{9B48B0AC-C813-4174-9042-476A887592C7}
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
Windows Pinball-->MsiExec.exe /X{156D6665-5555-4C44-B27B-AD8F33088E8C}
WinHugs-->"C:\Program Files (x86)\WinHugs\uninstaller.exe"
WinPcap 4.1.2-->C:\Program Files (x86)\WinPcap\uninstall.exe
WinRAR archivátor-->C:\Program Files\WinRAR\uninstall.exe
Wireshark 1.4.2-->"C:\Program Files\Wireshark\uninstall.exe"

======Hosts File======

127.0.0.1 localhost
::1 localhost

======System event log======

Computer Name: Marek-NB
Event Code: 4321
Message: The name "WORKGROUP :1d" could not be registered on the interface with IP address 147.251.208.167. The computer with the IP address 147.251.208.67 did not allow the name to be claimed by this computer.
Record Number: 38156
Source Name: NetBT
Time Written: 20101107075028.577733-000
Event Type: Error
User:

Computer Name: Marek-NB
Event Code: 4001
Message: Služba automatickej konfigurácie siete WLAN sa úspešne zastavila.

Record Number: 38073
Source Name: Microsoft-Windows-WLAN-AutoConfig
Time Written: 20101106233419.023949-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

Computer Name: Marek-NB
Event Code: 1014
Message: Name resolution for the name www.eradio.sk timed out after none of the configured DNS servers responded.
Record Number: 38034
Source Name: Microsoft-Windows-DNS-Client
Time Written: 20101106215558.183079-000
Event Type: Warning
User: NT AUTHORITY\NETWORK SERVICE

Computer Name: Marek-NB
Event Code: 1014
Message: Name resolution for the name www.eradio.sk timed out after none of the configured DNS servers responded.
Record Number: 37976
Source Name: Microsoft-Windows-DNS-Client
Time Written: 20101106153556.636555-000
Event Type: Warning
User: NT AUTHORITY\NETWORK SERVICE

Computer Name: Marek-NB
Event Code: 1014
Message: Name resolution for the name www.eradio.sk timed out after none of the configured DNS servers responded.
Record Number: 37944
Source Name: Microsoft-Windows-DNS-Client
Time Written: 20101106110522.228145-000
Event Type: Warning
User: NT AUTHORITY\NETWORK SERVICE

=====Application event log=====

Computer Name: Marek-NB
Event Code: 1
Message:
Record Number: 4475
Source Name: OviSuite
Time Written: 20100804144335.000000-000
Event Type: Error
User:

Computer Name: Marek-NB
Event Code: 1
Message:
Record Number: 4474
Source Name: OviSuite
Time Written: 20100804144335.000000-000
Event Type: Error
User:

Computer Name: Marek-NB
Event Code: 1
Message:
Record Number: 4473
Source Name: OviSuite
Time Written: 20100804144335.000000-000
Event Type: Error
User:

Computer Name: Marek-NB
Event Code: 1
Message:
Record Number: 4472
Source Name: OviSuite
Time Written: 20100804144335.000000-000
Event Type: Error
User:

Computer Name: Marek-NB
Event Code: 1
Message:
Record Number: 4471
Source Name: OviSuite
Time Written: 20100804144335.000000-000
Event Type: Error
User:

=====Security event log=====

Computer Name: Marek-NB
Event Code: 4672
Message: Special privileges assigned to new logon.

Subject:
Security ID: S-1-5-18
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x3e7

Privileges: SeAssignPrimaryTokenPrivilege
SeTcbPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege
Record Number: 5354
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100914103153.032471-000
Event Type: Audit Success
User:

Computer Name: Marek-NB
Event Code: 4624
Message: An account was successfully logged on.

Subject:
Security ID: S-1-5-18
Account Name: MAREK-NB$
Account Domain: WORKGROUP
Logon ID: 0x3e7

Logon Type: 5

New Logon:
Security ID: S-1-5-18
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x3e7
Logon GUID: {00000000-0000-0000-0000-000000000000}

Process Information:
Process ID: 0x1e0
Process Name: C:\Windows\System32\services.exe

Network Information:
Workstation Name:
Source Network Address: -
Source Port: -

Detailed Authentication Information:
Logon Process: Advapi
Authentication Package: Negotiate
Transited Services: -
Package Name (NTLM only): -
Key Length: 0

This event is generated when a logon session is created. It is generated on the computer that was accessed.

The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).

The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.

The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The authentication information fields provide detailed information about this specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
- Transited services indicate which intermediate services have participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM protocols.
- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Record Number: 5353
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100914103153.032471-000
Event Type: Audit Success
User:

Computer Name: Marek-NB
Event Code: 4624
Message: An account was successfully logged on.

Subject:
Security ID: S-1-0-0
Account Name: -
Account Domain: -
Logon ID: 0x0

Logon Type: 3

New Logon:
Security ID: S-1-5-7
Account Name: ANONYMOUS LOGON
Account Domain: NT AUTHORITY
Logon ID: 0x248a7
Logon GUID: {00000000-0000-0000-0000-000000000000}

Process Information:
Process ID: 0x0
Process Name: -

Network Information:
Workstation Name:
Source Network Address: -
Source Port: -

Detailed Authentication Information:
Logon Process: NtLmSsp
Authentication Package: NTLM
Transited Services: -
Package Name (NTLM only): NTLM V1
Key Length: 0

This event is generated when a logon session is created. It is generated on the computer that was accessed.

The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).

The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.

The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The authentication information fields provide detailed information about this specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
- Transited services indicate which intermediate services have participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM protocols.
- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Record Number: 5352
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100914103138.178027-000
Event Type: Audit Success
User:

Computer Name: Marek-NB
Event Code: 5024
Message: The Windows Firewall service started successfully.
Record Number: 5351
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100914103135.136022-000
Event Type: Audit Success
User:

Computer Name: Marek-NB
Event Code: 4672
Message: Special privileges assigned to new logon.

Subject:
Security ID: S-1-5-21-1851725225-4217059799-1380760506-1000
Account Name: Marek
Account Domain: Marek-NB
Logon ID: 0x18777

Privileges: SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege
Record Number: 5350
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100914103135.042422-000
Event Type: Audit Success
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\MiKTeX 2.8\miktex\bin;%CommonProgramFiles%\Microsoft Shared\Windows Live;C:\Program Files (x86)\Haskell\bin;C:\Program Files (x86)\Haskell Platform\2010.2.0.0\lib\extralibs\bin;C:\Program Files (x86)\Haskell Platform\2010.2.0.0\bin;C:\Program Files (x86)\PC Connectivity Solution\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\strawberry\c\bin;C:\strawberry\perl\site\bin;C:\strawberry\perl\bin
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=AMD64
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\
"NUMBER_OF_PROCESSORS"=2
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=Intel64 Family 6 Model 23 Stepping 10, GenuineIntel
"PROCESSOR_REVISION"=170a
"TERM"=dumb
"FTP_PASSIVE"=1
"VBOX_INSTALL_PATH"=C:\Program Files\Oracle\VirtualBox\

-----------------EOF-----------------

#4 Příspěvek od **vyosek** » 13 bře 2011 17:31

PROSIM CTETE DUKLADNE NAVOD - TATO UTILITA MA VELKOU SCHOPNOST MAZAT A JE NUTNE JI APLIKOVAT JEN NA DOPORUCENI, JINAK VAM MUZE JIT SYSTEM DO KYTEK

Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.
Pokud mate Win XP spustte pod uctem Spravce\Administratora
Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte
Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix

maker2807 · #5 Příspěvek od **maker2807** » 13 bře 2011 18:57

Tu je ComboFix log:

ComboFix 11-03-12.01 - Marek . 03. 2011 18:00:44.1.2 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1250.421.1051.18.4061.1812 [GMT 1:00]
Running from: c:\users\Marek\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\restoration\Restoration.exe
c:\windows\system32\arp.exe . . . . Failed to delete
c:\windows\system32\systemcpl.dll . . . . Failed to delete
c:\windows\SysWow64\arp.exe
.
----- File Replicators -----
.
c:\program files (x86)\MiKTeX 2.8\miktex\bin\afm2afm.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\authorindex.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\autoinst.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\bdftops.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\bib2xhtml.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\bibhtml.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\biokey2html.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\biokey2html1.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\biokey2html2.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\biokey2html3.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\birm.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\cmap2enc.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\config.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\csvtools.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\cyrename.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\dbcontext.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\dblatex.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\dbmcontext.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\dbmex.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\dbmlatex.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\dbmmex.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\dbmtex.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\dbmtexi.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\dbmxelatex.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\dbmxetex.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\dbtex.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\dbtexi.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\dbxelatex.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\dbxetex.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\dumphint.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\eps2eps.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\escontext.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\eslatex.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\esmex.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\estex.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\estexi.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\esxelatex.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\esxetex.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\feynmf.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\fig4latex.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\findhyph.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\fixmswrd.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\fixwada2.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\font2afm.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\font2c.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\gsbj.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\gsdj.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\gsdj500.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\gslj.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\gslp.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\gsnd.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\gsndt.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\gssetgs.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\gst.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\gstt.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\ht.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\htcontext.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\htlatex.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\htmex.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\httex.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\httexi.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\htxelatex.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\htxetex.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\ibyhyph.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\jh1context.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\jh1latex.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\jh1mex.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\jh1tex.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\jh1texi.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\jh1xelatex.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\jh1xetex.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\jhcontext.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\jhlatex.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\jhmex.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\jhtex.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\jhtexi.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\jhxelatex.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\jhxetex.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\jmcontext.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\jmlatex.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\jmmex.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\jmtex.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\jmtexi.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\jmxelatex.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\jmxetex.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\jscontext.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\jslatex.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\jsmex.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\jstex.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\jstexi.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\jsxelatex.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\jsxetex.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\latexdiff-fast.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\latexdiff-so.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\latexdiff-vc.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\latexdiff.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\latexmk.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\latexrevise.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\lp386.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\lp386r2.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\lpgs.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\lpr2.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\makeglossaries.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\makejmlrbook.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\makeuniwada.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\merge.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\mk4ht.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\mkmlsmf.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\mkt1font.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\mm.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\mzcontext.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\mzlatex.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\mzmex.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\mztex.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\mztexi.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\mzxelatex.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\mzxetex.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\nts.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\oocontext.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\oolatex.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\oomex.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\ootex.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\ootexi.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\ooxelatex.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\ooxetex.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\orderrefs.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\ot2kpx.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\pdf2dsc.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\pdf2ps.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\pdfatfi.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\pdfcrop.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\pdfopt.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\pedigree.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\perltex.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\pf2afm.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\pfbtopfa.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\pfm2kpx.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\pftogsf.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\plind.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\pn2pdf.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\ps2ascii.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\ps2epsi.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\ps2pdf.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\ps2pdf12.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\ps2pdf13.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\ps2pdf14.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\ps2pdfxx.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\ps2ps.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\ps2ps2.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\ps4pdf.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\pst2pdf.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\rcsinfo.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\runbat.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\runperl.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\showglyphs.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\splitindex.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\svn-multi.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\teicontext.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\teilatex.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\teimcontext.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\teimex.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\teimlatex.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\teimmex.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\teimtex.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\teimtexi.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\teimxelatex.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\teimxetex.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\teitex.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\teitexi.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\teixelatex.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\teixetex.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\texcount.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\texdiff.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\texdirflatten.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\texshow.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\thumbpdf.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\urlbst.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\uxhcontext.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\uxhlatex.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\uxhmex.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\uxhtex.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\uxhtexi.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\uxhxelatex.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\uxhxetex.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\vpl2ovp.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\vpl2vpl.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\wcontext.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\wlatex.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\wmakebat.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\wmex.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\wtex.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\wtexi.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\wxelatex.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\wxetex.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\xdv2pdf_mergemarks.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\xhcontext.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\xhlatex.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\xhmcontext.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\xhmex.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\xhmlatex.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\xhmmex.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\xhmtex.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\xhmtexi.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\xhmxelatex.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\xhmxetex.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\xhtex.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\xhtexi.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\xhxelatex.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\xhxetex.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-02-13 to 2011-03-13 )))))))))))))))))))))))))))))))
.
.
2011-03-13 17:08 . 2011-03-13 17:08 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-03-13 15:34 . 2011-03-13 15:34 -------- d-----w- C:\rsit
2011-03-13 15:34 . 2011-03-13 15:34 -------- d-----w- c:\program files\trend micro
2011-03-13 15:15 . 2011-03-13 15:15 -------- d-----w- c:\programdata\McAfee
2011-03-13 09:54 . 2011-03-13 09:54 -------- d-----w- c:\windows\system32\SPReview
2011-03-13 09:52 . 2011-03-13 09:52 -------- d-----w- c:\windows\system32\EventProviders
2011-03-13 09:52 . 2011-02-11 07:30 7947600 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{20A0BD09-477F-4D45-BF40-FBD9338350AD}\mpengine.dll
2011-03-13 09:24 . 2011-01-17 06:17 197120 ----a-w- c:\windows\system32\d3d10_1.dll
2011-03-13 09:24 . 2011-01-17 05:38 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll
2011-03-12 21:58 . 2011-03-12 21:58 -------- d-----w- c:\windows\system32\appmgmt
2011-03-12 16:05 . 2011-03-12 16:05 -------- d-----w- c:\users\Marek\AppData\Roaming\Malwarebytes
2011-03-12 16:04 . 2010-12-20 17:09 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-03-12 16:04 . 2011-03-12 16:04 -------- d-----w- c:\programdata\Malwarebytes
2011-03-12 16:04 . 2011-03-12 16:05 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-03-12 16:04 . 2010-12-20 17:08 24152 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-03-12 15:54 . 2011-03-12 21:58 -------- d-----w- c:\programdata\STOPzilla!
2011-03-12 15:46 . 2011-03-12 15:46 -------- d-----w- c:\program files (x86)\U0vd Security Corporation
2011-03-12 13:19 . 2011-03-12 13:44 -------- d-----w- c:\program files (x86)\PCSafeDoctor
2011-03-09 17:36 . 2010-09-14 06:45 367104 ----a-w- c:\windows\system32\wcncsvc.dll
2011-03-09 17:36 . 2010-09-14 06:07 276992 ----a-w- c:\windows\SysWow64\wcncsvc.dll
2011-03-09 17:30 . 2010-12-18 06:12 3138048 ----a-w- c:\windows\system32\mstscax.dll
2011-03-09 17:30 . 2010-12-18 05:30 2690560 ----a-w- c:\windows\SysWow64\mstscax.dll
2011-03-09 17:30 . 2010-12-18 06:08 1097216 ----a-w- c:\windows\system32\mstsc.exe
2011-03-09 17:30 . 2010-12-18 05:26 1034240 ----a-w- c:\windows\SysWow64\mstsc.exe
2011-03-06 14:06 . 2011-03-06 14:06 -------- d-----w- c:\program files (x86)\Microsoft Games
2011-02-27 09:24 . 2011-02-27 09:24 -------- d-----w- c:\program files (x86)\NVIDIA Corporation
2011-02-26 09:15 . 2011-02-26 09:15 -------- d-----w- c:\program files (x86)\Ghostgum
2011-02-20 19:20 . 2011-02-20 19:20 -------- d-----w- c:\program files (x86)\Common Files\xing shared
2011-02-20 19:20 . 2011-02-20 19:20 -------- d-----w- c:\program files (x86)\Real
2011-02-15 14:21 . 2011-02-15 14:21 -------- d-----w- c:\users\Marek\AppData\Roaming\MiKTeX
2011-02-15 14:21 . 2011-02-15 14:21 -------- d-----w- c:\users\Marek\AppData\Local\MiKTeX
2011-02-15 13:53 . 2011-02-15 13:53 -------- d-----w- c:\program files (x86)\gs
2011-02-15 13:43 . 2011-02-15 13:43 -------- d-----w- c:\programdata\MiKTeX
2011-02-15 13:40 . 2011-02-15 13:42 -------- d-----w- c:\program files (x86)\MiKTeX 2.8
2011-02-15 12:56 . 2008-08-02 10:58 44544 ----a-w- c:\windows\SysWow64\msxml4a.dll
2011-02-15 12:56 . 2011-02-15 12:56 -------- d-----w- c:\program files (x86)\TeXnicCenter
2011-02-12 11:48 . 2011-02-12 11:58 -------- d-----w- c:\users\Marek\AppData\Roaming\TuneUp Software
2011-02-12 11:47 . 2011-02-12 11:50 -------- d-----w- c:\programdata\TuneUp Software
2011-02-12 11:47 . 2011-02-12 11:47 -------- d-sh--w- c:\programdata\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-20 19:20 . 2003-03-18 19:14 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll
2011-02-20 19:20 . 2003-02-21 03:42 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
2011-02-02 16:11 . 2010-07-28 10:12 270720 ------w- c:\windows\system32\MpSigStub.exe
2011-01-26 06:53 . 2011-02-09 15:59 982912 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2011-01-26 06:53 . 2011-02-09 15:59 265088 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2011-01-26 06:31 . 2011-02-09 15:59 144384 ----a-w- c:\windows\system32\cdd.dll
2011-01-08 03:27 . 2010-07-28 12:33 12859496 ----a-w- c:\windows\system32\nvd3dumx.dll
2011-01-08 03:27 . 2009-07-08 13:37 7729256 ----a-w- c:\windows\system32\nvwgf2umx.dll
2011-01-08 03:27 . 2009-07-08 13:37 2200680 ----a-w- c:\windows\system32\nvapi64.dll
2011-01-07 19:50 . 2011-01-07 19:50 795752 ----a-w- c:\windows\system32\easyUpdatusAPIU64.dll
2011-01-07 19:50 . 2011-01-07 19:50 6143080 ----a-w- c:\windows\system32\nvcpl.dll
2011-01-07 19:49 . 2011-01-07 19:49 3156072 ----a-w- c:\windows\system32\nvsvc64.dll
2011-01-07 19:49 . 2011-01-07 19:49 117864 ----a-w- c:\windows\system32\nvmctray.dll
2011-01-07 19:49 . 2011-01-07 19:49 313448 ----a-w- c:\windows\system32\nvhotkey.dll
2011-01-07 19:49 . 2011-01-07 19:49 2558568 ----a-w- c:\windows\system32\nvsvcr.dll
2011-01-07 19:49 . 2011-01-07 19:49 1005160 ----a-w- c:\windows\system32\nvvsvc.exe
2011-01-07 08:06 . 2011-02-09 15:58 46080 ----a-w- c:\windows\system32\atmlib.dll
2011-01-07 07:27 . 2011-02-09 15:58 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2011-01-07 05:49 . 2011-02-09 15:58 366080 ----a-w- c:\windows\system32\atmfd.dll
2011-01-07 05:33 . 2011-02-09 15:58 294400 ----a-w- c:\windows\SysWow64\atmfd.dll
2011-01-05 06:20 . 2011-02-09 15:59 612352 ----a-w- c:\windows\system32\vbscript.dll
2011-01-05 05:37 . 2011-02-09 15:59 428032 ----a-w- c:\windows\SysWow64\vbscript.dll
2011-01-05 04:00 . 2011-02-09 15:59 3127808 ----a-w- c:\windows\system32\win32k.sys
2010-12-25 18:41 . 2010-12-25 18:41 27176 ----a-w- c:\windows\system32\drivers\ggsemc.sys
2010-12-25 18:41 . 2010-12-25 18:41 1490656 ----a-w- c:\windows\system32\WdfCoInstaller01007.dll
2010-12-25 18:41 . 2010-12-25 18:41 13352 ----a-w- c:\windows\system32\drivers\ggflt.sys
2010-12-21 06:16 . 2011-02-09 15:59 62976 ----a-w- c:\windows\system32\wscapi.dll
2010-12-21 06:16 . 2011-02-09 15:59 97280 ----a-w- c:\windows\system32\wscsvc.dll
2010-12-21 06:16 . 2011-02-09 15:59 214016 ----a-w- c:\windows\system32\winsrv.dll
2010-12-21 06:16 . 2011-02-09 15:59 1197056 ----a-w- c:\windows\system32\wininet.dll
2010-12-21 06:16 . 2011-02-09 15:59 442880 ----a-w- c:\windows\system32\winhttp.dll
2010-12-21 06:16 . 2011-02-09 15:59 258048 ----a-w- c:\windows\system32\WebClnt.dll
2010-12-21 06:15 . 2011-02-09 15:59 264192 ----a-w- c:\windows\system32\upnp.dll
2010-12-21 06:15 . 2011-02-09 15:59 15360 ----a-w- c:\windows\system32\slwga.dll
2010-12-21 06:13 . 2011-02-09 15:59 2003968 ----a-w- c:\windows\system32\msxml6.dll
2010-12-21 06:13 . 2011-02-09 15:59 1880576 ----a-w- c:\windows\system32\msxml3.dll
2010-12-21 06:10 . 2011-02-09 15:59 100864 ----a-w- c:\windows\system32\davclnt.dll
2010-12-21 05:38 . 2011-02-09 15:59 51200 ----a-w- c:\windows\SysWow64\wscapi.dll
2010-12-21 05:38 . 2011-02-09 15:59 981504 ----a-w- c:\windows\SysWow64\wininet.dll
2010-12-21 05:38 . 2011-02-09 15:59 350720 ----a-w- c:\windows\SysWow64\winhttp.dll
2010-12-21 05:38 . 2011-02-09 15:59 204800 ----a-w- c:\windows\SysWow64\WebClnt.dll
2010-12-21 05:38 . 2011-02-09 15:59 204288 ----a-w- c:\windows\SysWow64\upnp.dll
2010-12-21 05:38 . 2011-02-09 15:59 14336 ----a-w- c:\windows\SysWow64\slwga.dll
2010-12-21 05:36 . 2011-02-09 15:59 1389568 ----a-w- c:\windows\SysWow64\msxml6.dll
2010-12-21 05:36 . 2011-02-09 15:59 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
2010-12-21 05:34 . 2011-02-09 15:59 80384 ----a-w- c:\windows\SysWow64\davclnt.dll
2010-12-18 06:11 . 2011-02-09 15:59 57856 ----a-w- c:\windows\system32\licmgr10.dll
2010-12-18 06:11 . 2011-02-09 15:59 714752 ----a-w- c:\windows\system32\kerberos.dll
2010-12-18 05:29 . 2011-02-09 15:59 44544 ----a-w- c:\windows\SysWow64\licmgr10.dll
2010-12-18 05:29 . 2011-02-09 15:59 541184 ----a-w- c:\windows\SysWow64\kerberos.dll
2010-12-18 04:55 . 2011-02-09 15:59 482816 ----a-w- c:\windows\system32\html.iec
2010-12-18 04:20 . 2011-02-09 15:59 386048 ----a-w- c:\windows\SysWow64\html.iec
2010-12-18 04:13 . 2011-02-09 15:59 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2010-12-18 03:47 . 2011-02-09 15:59 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
"Sony Ericsson PC Companion"="c:\program files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe" [2011-01-24 427008]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\program files (x86)\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"SafeQ Client"="c:\program files (x86)\Y Soft\SafeQ Client\Client\SafeQ Client.exe" [2010-03-31 249856]
"VMware hqtray"="c:\program files (x86)\VMware\VMware Player\hqtray.exe" [2010-09-21 64048]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-22 402432]
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe" [2011-02-20 273544]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-15 35736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-15 932288]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"DisableStartupSound"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Taskman"=""
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RkHit.sys]
@=""
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"Virtual PDF Printer"=c:\program files (x86)\Virtual PDF Printer\VirtualPDFPrinter.exe
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Služba Google Update (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-06 136176]
R3 connctfy;Connectify Service;c:\windows\system32\DRIVERS\connctfy.sys [x]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [x]
R3 nmwcdcx64;Nokia USB Generic;c:\windows\system32\drivers\ccdcmbox64.sys [x]
R3 nmwcdx64;Nokia USB Phone Parent;c:\windows\system32\drivers\ccdcmbx64.sys [x]
R3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [x]
R3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\program files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [2010-10-26 155344]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [x]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [x]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 Connectify;Connectify;c:\program files (x86)\Connectify\Connectifyd.exe [2010-09-28 892992]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2010-07-02 810144]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [x]
S2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [x]
S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe [2010-09-21 539184]
S3 connctfyMP;connctfyMP;c:\windows\system32\DRIVERS\connctfy.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys [x]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [x]
S3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-03-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-20 14:14]
.
2011-03-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-20 14:14]
.
2011-03-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1851725225-4217059799-1380760506-1000Core.job
- c:\users\Marek\AppData\Local\Google\Update\GoogleUpdate.exe [2010-07-28 10:08]
.
2011-03-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1851725225-4217059799-1380760506-1000UA.job
- c:\users\Marek\AppData\Local\Google\Update\GoogleUpdate.exe [2010-07-28 10:08]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2010-07-02 2903688]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xportovať do programu Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
LSP: c:\program files (x86)\VMware\VMware Player\vsocklib.dll
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-SynTPEnh - %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1851725225-4217059799-1380760506-1000\Software\SecuROM\License information*]
"datasecu"=hex:3e,d7,be,3d,c3,d2,04,a1,8e,4f,64,71,c8,63,38,08,7c,1e,bd,a2,c9,
cd,91,66,76,ca,10,8d,84,b4,52,79,86,a4,86,70,53,c4,9c,8f,de,58,18,55,f7,da,\
"rkeysecu"=hex:9a,17,74,8d,a3,6f,53,7f,5c,d4,b1,fa,6c,62,0d,11
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10m.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10m.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10m.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10m.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\SysWOW64\vmnat.exe
c:\program files (x86)\VMware\VMware Player\vmware-authd.exe
c:\windows\SysWOW64\vmnetdhcp.exe
c:\program files (x86)\Common Files\Nokia\MPlatform\NokiaMServer.exe
c:\program files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCompanionInfo.exe
.
**************************************************************************
.
Completion time: 2011-03-13 18:31:22 - machine was rebooted
ComboFix-quarantined-files.txt 2011-03-13 17:31
.
Pre-Run: 31 461 982 208 bytes free
Post-Run: 31 047 356 416 bytes free
.
- - End Of File - - 880A22383E5573257ACE007DB36C4403

#6 Příspěvek od **vyosek** » 13 bře 2011 19:19

Pokud nemate, tak presunte Combofix na plochu

Spustte poznamkovy blok (Start-spustit-notepad)
Zkopirujte skript nize

Kód: Vybrat vše

KillAll::

File::
c:\windows\system32\arp.exe
c:\windows\system32\systemcpl.dll

Replicator::

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Taskman"=-
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"=-
"Sony Ericsson PC Companion"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"=-
"SwitchBoard"=-
"AdobeCS5ServiceManager"=-
"TkBellExe"=-
"Adobe Reader Speed Launcher"=-
"Adobe ARM"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RkHit.sys]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdobeAAMUpdater-1.0"=-

RegLock::
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

Reboot::

Ulozte vytvoreny TXT jako CFScript.txt
Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte

Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci

maker2807 · #7 Příspěvek od **maker2807** » 13 bře 2011 19:51

Tu je výsledok:

ComboFix 11-03-12.01 - Marek . 03. 2011 19:33:06.3.2 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1250.421.1051.18.4061.2370 [GMT 1:00]
Running from: c:\users\Marek\Desktop\ComboFix.exe
Command switches used :: c:\users\Marek\Desktop\CFScript.txt
AV: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\system32\arp.exe"
"c:\windows\system32\systemcpl.dll"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\arp.exe . . . . Failed to delete
c:\windows\system32\systemcpl.dll . . . . Failed to delete
.
----- File Replicators -----
.
c:\program files (x86)\MiKTeX 2.8\miktex\bin\afm2afm.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\authorindex.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\autoinst.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\bdftops.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\bib2xhtml.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\bibhtml.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\biokey2html.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\biokey2html1.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\biokey2html2.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\biokey2html3.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\birm.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\cmap2enc.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\config.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\csvtools.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\cyrename.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\dbcontext.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\dblatex.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\dbmcontext.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\dbmex.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\dbmlatex.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\dbmmex.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\dbmtex.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\dbmtexi.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\dbmxelatex.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\dbmxetex.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\dbtex.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\dbtexi.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\dbxelatex.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\dbxetex.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\dumphint.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\eps2eps.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\escontext.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\eslatex.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\esmex.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\estex.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\estexi.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\esxelatex.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\esxetex.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\feynmf.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\fig4latex.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\findhyph.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\fixmswrd.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\fixwada2.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\font2afm.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\font2c.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\gsbj.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\gsdj.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\gsdj500.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\gslj.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\gslp.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\gsnd.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\gsndt.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\gssetgs.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\gst.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\gstt.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\ht.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\htcontext.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\htlatex.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\htmex.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\httex.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\httexi.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\htxelatex.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\htxetex.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\ibyhyph.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\jh1context.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\jh1latex.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\jh1mex.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\jh1tex.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\jh1texi.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\jh1xelatex.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\jh1xetex.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\jhcontext.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\jhlatex.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\jhmex.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\jhtex.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\jhtexi.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\jhxelatex.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\jhxetex.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\jmcontext.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\jmlatex.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\jmmex.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\jmtex.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\jmtexi.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\jmxelatex.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\jmxetex.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\jscontext.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\jslatex.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\jsmex.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\jstex.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\jstexi.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\jsxelatex.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\jsxetex.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\latexdiff-fast.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\latexdiff-so.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\latexdiff-vc.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\latexdiff.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\latexmk.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\latexrevise.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\lp386.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\lp386r2.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\lpgs.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\lpr2.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\makeglossaries.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\makejmlrbook.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\makeuniwada.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\merge.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\mk4ht.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\mkmlsmf.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\mkt1font.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\mm.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\mzcontext.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\mzlatex.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\mzmex.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\mztex.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\mztexi.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\mzxelatex.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\mzxetex.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\nts.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\oocontext.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\oolatex.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\oomex.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\ootex.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\ootexi.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\ooxelatex.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\ooxetex.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\orderrefs.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\ot2kpx.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\pdf2dsc.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\pdf2ps.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\pdfatfi.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\pdfcrop.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\pdfopt.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\pedigree.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\perltex.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\pf2afm.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\pfbtopfa.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\pfm2kpx.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\pftogsf.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\plind.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\pn2pdf.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\ps2ascii.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\ps2epsi.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\ps2pdf.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\ps2pdf12.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\ps2pdf13.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\ps2pdf14.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\ps2pdfxx.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\ps2ps.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\ps2ps2.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\ps4pdf.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\pst2pdf.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\rcsinfo.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\runbat.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\runperl.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\showglyphs.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\splitindex.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\svn-multi.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\teicontext.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\teilatex.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\teimcontext.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\teimex.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\teimlatex.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\teimmex.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\teimtex.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\teimtexi.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\teimxelatex.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\teimxetex.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\teitex.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\teitexi.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\teixelatex.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\teixetex.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\texcount.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\texdiff.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\texdirflatten.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\texshow.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\thumbpdf.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\urlbst.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\uxhcontext.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\uxhlatex.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\uxhmex.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\uxhtex.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\uxhtexi.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\uxhxelatex.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\uxhxetex.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\vpl2ovp.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\vpl2vpl.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\wcontext.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\wlatex.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\wmakebat.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\wmex.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\wtex.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\wtexi.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\wxelatex.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\wxetex.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\xdv2pdf_mergemarks.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\xhcontext.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\xhlatex.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\xhmcontext.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\xhmex.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\xhmlatex.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\xhmmex.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\xhmtex.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\xhmtexi.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\xhmxelatex.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\xhmxetex.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\xhtex.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\xhtexi.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\xhxelatex.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\xhxetex.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-02-13 to 2011-03-13 )))))))))))))))))))))))))))))))
.
.
2011-03-13 18:42 . 2011-03-13 18:42 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-03-13 15:34 . 2011-03-13 15:34 -------- d-----w- C:\rsit
2011-03-13 15:34 . 2011-03-13 15:34 -------- d-----w- c:\program files\trend micro
2011-03-13 15:15 . 2011-03-13 15:15 -------- d-----w- c:\programdata\McAfee
2011-03-13 09:54 . 2011-03-13 09:54 -------- d-----w- c:\windows\system32\SPReview
2011-03-13 09:52 . 2011-03-13 09:52 -------- d-----w- c:\windows\system32\EventProviders
2011-03-13 09:52 . 2011-02-11 07:30 7947600 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{20A0BD09-477F-4D45-BF40-FBD9338350AD}\mpengine.dll
2011-03-13 09:24 . 2011-01-17 06:17 197120 ----a-w- c:\windows\system32\d3d10_1.dll
2011-03-13 09:24 . 2011-01-17 05:38 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll
2011-03-12 21:58 . 2011-03-12 21:58 -------- d-----w- c:\windows\system32\appmgmt
2011-03-12 16:05 . 2011-03-12 16:05 -------- d-----w- c:\users\Marek\AppData\Roaming\Malwarebytes
2011-03-12 16:04 . 2010-12-20 17:09 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-03-12 16:04 . 2011-03-12 16:04 -------- d-----w- c:\programdata\Malwarebytes
2011-03-12 16:04 . 2011-03-12 16:05 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-03-12 16:04 . 2010-12-20 17:08 24152 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-03-12 15:54 . 2011-03-12 21:58 -------- d-----w- c:\programdata\STOPzilla!
2011-03-12 15:46 . 2011-03-12 15:46 -------- d-----w- c:\program files (x86)\U0vd Security Corporation
2011-03-12 13:19 . 2011-03-12 13:44 -------- d-----w- c:\program files (x86)\PCSafeDoctor
2011-03-09 17:36 . 2010-09-14 06:45 367104 ----a-w- c:\windows\system32\wcncsvc.dll
2011-03-09 17:36 . 2010-09-14 06:07 276992 ----a-w- c:\windows\SysWow64\wcncsvc.dll
2011-03-09 17:30 . 2010-12-18 06:12 3138048 ----a-w- c:\windows\system32\mstscax.dll
2011-03-09 17:30 . 2010-12-18 05:30 2690560 ----a-w- c:\windows\SysWow64\mstscax.dll
2011-03-09 17:30 . 2010-12-18 06:08 1097216 ----a-w- c:\windows\system32\mstsc.exe
2011-03-09 17:30 . 2010-12-18 05:26 1034240 ----a-w- c:\windows\SysWow64\mstsc.exe
2011-03-06 14:06 . 2011-03-06 14:06 -------- d-----w- c:\program files (x86)\Microsoft Games
2011-02-27 09:24 . 2011-02-27 09:24 -------- d-----w- c:\program files (x86)\NVIDIA Corporation
2011-02-26 09:15 . 2011-02-26 09:15 -------- d-----w- c:\program files (x86)\Ghostgum
2011-02-20 19:20 . 2011-02-20 19:20 -------- d-----w- c:\program files (x86)\Common Files\xing shared
2011-02-20 19:20 . 2011-02-20 19:20 -------- d-----w- c:\program files (x86)\Real
2011-02-15 14:21 . 2011-02-15 14:21 -------- d-----w- c:\users\Marek\AppData\Roaming\MiKTeX
2011-02-15 14:21 . 2011-02-15 14:21 -------- d-----w- c:\users\Marek\AppData\Local\MiKTeX
2011-02-15 13:53 . 2011-02-15 13:53 -------- d-----w- c:\program files (x86)\gs
2011-02-15 13:43 . 2011-02-15 13:43 -------- d-----w- c:\programdata\MiKTeX
2011-02-15 13:40 . 2011-03-13 18:16 -------- d-----w- c:\program files (x86)\MiKTeX 2.8
2011-02-15 12:56 . 2008-08-02 10:58 44544 ----a-w- c:\windows\SysWow64\msxml4a.dll
2011-02-15 12:56 . 2011-02-15 12:56 -------- d-----w- c:\program files (x86)\TeXnicCenter
2011-02-12 11:48 . 2011-02-12 11:58 -------- d-----w- c:\users\Marek\AppData\Roaming\TuneUp Software
2011-02-12 11:47 . 2011-02-12 11:50 -------- d-----w- c:\programdata\TuneUp Software
2011-02-12 11:47 . 2011-02-12 11:47 -------- d-sh--w- c:\programdata\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-20 19:20 . 2003-03-18 19:14 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll
2011-02-20 19:20 . 2003-02-21 03:42 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
2011-02-02 16:11 . 2010-07-28 10:12 270720 ------w- c:\windows\system32\MpSigStub.exe
2011-01-26 06:53 . 2011-02-09 15:59 982912 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2011-01-26 06:53 . 2011-02-09 15:59 265088 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2011-01-26 06:31 . 2011-02-09 15:59 144384 ----a-w- c:\windows\system32\cdd.dll
2011-01-08 03:27 . 2010-07-28 12:33 12859496 ----a-w- c:\windows\system32\nvd3dumx.dll
2011-01-08 03:27 . 2009-07-08 13:37 7729256 ----a-w- c:\windows\system32\nvwgf2umx.dll
2011-01-08 03:27 . 2009-07-08 13:37 2200680 ----a-w- c:\windows\system32\nvapi64.dll
2011-01-07 19:50 . 2011-01-07 19:50 795752 ----a-w- c:\windows\system32\easyUpdatusAPIU64.dll
2011-01-07 19:50 . 2011-01-07 19:50 6143080 ----a-w- c:\windows\system32\nvcpl.dll
2011-01-07 19:49 . 2011-01-07 19:49 3156072 ----a-w- c:\windows\system32\nvsvc64.dll
2011-01-07 19:49 . 2011-01-07 19:49 117864 ----a-w- c:\windows\system32\nvmctray.dll
2011-01-07 19:49 . 2011-01-07 19:49 313448 ----a-w- c:\windows\system32\nvhotkey.dll
2011-01-07 19:49 . 2011-01-07 19:49 2558568 ----a-w- c:\windows\system32\nvsvcr.dll
2011-01-07 19:49 . 2011-01-07 19:49 1005160 ----a-w- c:\windows\system32\nvvsvc.exe
2011-01-07 08:06 . 2011-02-09 15:58 46080 ----a-w- c:\windows\system32\atmlib.dll
2011-01-07 07:27 . 2011-02-09 15:58 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2011-01-07 05:49 . 2011-02-09 15:58 366080 ----a-w- c:\windows\system32\atmfd.dll
2011-01-07 05:33 . 2011-02-09 15:58 294400 ----a-w- c:\windows\SysWow64\atmfd.dll
2011-01-05 06:20 . 2011-02-09 15:59 612352 ----a-w- c:\windows\system32\vbscript.dll
2011-01-05 05:37 . 2011-02-09 15:59 428032 ----a-w- c:\windows\SysWow64\vbscript.dll
2011-01-05 04:00 . 2011-02-09 15:59 3127808 ----a-w- c:\windows\system32\win32k.sys
2010-12-25 18:41 . 2010-12-25 18:41 27176 ----a-w- c:\windows\system32\drivers\ggsemc.sys
2010-12-25 18:41 . 2010-12-25 18:41 1490656 ----a-w- c:\windows\system32\WdfCoInstaller01007.dll
2010-12-25 18:41 . 2010-12-25 18:41 13352 ----a-w- c:\windows\system32\drivers\ggflt.sys
2010-12-21 06:16 . 2011-02-09 15:59 62976 ----a-w- c:\windows\system32\wscapi.dll
2010-12-21 06:16 . 2011-02-09 15:59 97280 ----a-w- c:\windows\system32\wscsvc.dll
2010-12-21 06:16 . 2011-02-09 15:59 214016 ----a-w- c:\windows\system32\winsrv.dll
2010-12-21 06:16 . 2011-02-09 15:59 1197056 ----a-w- c:\windows\system32\wininet.dll
2010-12-21 06:16 . 2011-02-09 15:59 442880 ----a-w- c:\windows\system32\winhttp.dll
2010-12-21 06:16 . 2011-02-09 15:59 258048 ----a-w- c:\windows\system32\WebClnt.dll
2010-12-21 06:15 . 2011-02-09 15:59 264192 ----a-w- c:\windows\system32\upnp.dll
2010-12-21 06:15 . 2011-02-09 15:59 15360 ----a-w- c:\windows\system32\slwga.dll
2010-12-21 06:13 . 2011-02-09 15:59 2003968 ----a-w- c:\windows\system32\msxml6.dll
2010-12-21 06:13 . 2011-02-09 15:59 1880576 ----a-w- c:\windows\system32\msxml3.dll
2010-12-21 06:10 . 2011-02-09 15:59 100864 ----a-w- c:\windows\system32\davclnt.dll
2010-12-21 05:38 . 2011-02-09 15:59 51200 ----a-w- c:\windows\SysWow64\wscapi.dll
2010-12-21 05:38 . 2011-02-09 15:59 981504 ----a-w- c:\windows\SysWow64\wininet.dll
2010-12-21 05:38 . 2011-02-09 15:59 350720 ----a-w- c:\windows\SysWow64\winhttp.dll
2010-12-21 05:38 . 2011-02-09 15:59 204800 ----a-w- c:\windows\SysWow64\WebClnt.dll
2010-12-21 05:38 . 2011-02-09 15:59 204288 ----a-w- c:\windows\SysWow64\upnp.dll
2010-12-21 05:38 . 2011-02-09 15:59 14336 ----a-w- c:\windows\SysWow64\slwga.dll
2010-12-21 05:36 . 2011-02-09 15:59 1389568 ----a-w- c:\windows\SysWow64\msxml6.dll
2010-12-21 05:36 . 2011-02-09 15:59 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
2010-12-21 05:34 . 2011-02-09 15:59 80384 ----a-w- c:\windows\SysWow64\davclnt.dll
2010-12-18 06:11 . 2011-02-09 15:59 57856 ----a-w- c:\windows\system32\licmgr10.dll
2010-12-18 06:11 . 2011-02-09 15:59 714752 ----a-w- c:\windows\system32\kerberos.dll
2010-12-18 05:29 . 2011-02-09 15:59 44544 ----a-w- c:\windows\SysWow64\licmgr10.dll
2010-12-18 05:29 . 2011-02-09 15:59 541184 ----a-w- c:\windows\SysWow64\kerberos.dll
2010-12-18 04:55 . 2011-02-09 15:59 482816 ----a-w- c:\windows\system32\html.iec
2010-12-18 04:20 . 2011-02-09 15:59 386048 ----a-w- c:\windows\SysWow64\html.iec
2010-12-18 04:13 . 2011-02-09 15:59 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2010-12-18 03:47 . 2011-02-09 15:59 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb
.
.
((((((((((((((((((((((((((((( SnapShot@2011-03-13_17.27.29 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-07-28 09:56 . 2011-03-13 17:50 39128 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-03-13 17:50 40732 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
- 2009-07-14 05:30 . 2011-03-13 17:09 86016 c:\windows\system32\DriverStore\infpub.dat
+ 2009-07-14 05:30 . 2011-03-13 17:50 86016 c:\windows\system32\DriverStore\infpub.dat
+ 2010-07-28 20:50 . 2011-03-13 18:42 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-07-28 20:50 . 2011-03-13 17:27 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-07-28 20:50 . 2011-03-13 18:42 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-07-28 20:50 . 2011-03-13 17:27 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-03-13 18:42 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2011-03-13 17:27 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-07-28 09:58 . 2011-03-13 17:13 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-07-28 09:58 . 2011-03-13 17:51 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:46 . 2011-03-13 17:56 71944 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2010-07-28 09:58 . 2011-03-13 17:51 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-07-28 09:58 . 2011-03-13 17:13 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-07-28 09:58 . 2011-03-13 17:13 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-07-28 09:58 . 2011-03-13 17:51 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-07-28 21:08 . 2011-03-13 18:09 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-07-28 21:08 . 2011-03-13 17:13 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-07-28 21:08 . 2011-03-13 18:09 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-07-28 21:08 . 2011-03-13 17:13 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-07-28 21:00 . 2011-03-13 17:50 9308 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1851725225-4217059799-1380760506-1000_UserData.bin
- 2011-03-13 17:26 . 2011-03-13 17:26 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-03-13 18:42 . 2011-03-13 18:42 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-03-13 18:42 . 2011-03-13 18:42 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-03-13 17:26 . 2011-03-13 17:26 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 02:36 . 2011-03-13 17:18 622270 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2011-03-13 17:53 622270 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2011-03-13 17:18 109116 c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2011-03-13 17:53 109116 c:\windows\system32\perfc009.dat
- 2009-07-14 05:30 . 2011-03-13 17:09 143360 c:\windows\system32\DriverStore\infstrng.dat
+ 2009-07-14 05:30 . 2011-03-13 17:50 143360 c:\windows\system32\DriverStore\infstrng.dat
+ 2009-07-14 05:30 . 2011-03-13 17:50 143360 c:\windows\system32\DriverStore\infstor.dat
- 2009-07-14 05:30 . 2011-03-13 17:09 143360 c:\windows\system32\DriverStore\infstor.dat
+ 2009-07-14 05:01 . 2011-03-13 18:42 471752 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2011-03-13 17:25 471752 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 04:45 . 2011-03-10 17:21 3607895 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2009-07-14 04:45 . 2011-03-13 17:29 3607895 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
- 2009-07-14 02:34 . 2011-03-13 17:27 10485760 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
+ 2009-07-14 02:34 . 2011-03-13 18:35 10485760 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SafeQ Client"="c:\program files (x86)\Y Soft\SafeQ Client\Client\SafeQ Client.exe" [2010-03-31 249856]
"VMware hqtray"="c:\program files (x86)\VMware\VMware Player\hqtray.exe" [2010-09-21 64048]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"DisableStartupSound"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"Virtual PDF Printer"=c:\program files (x86)\Virtual PDF Printer\VirtualPDFPrinter.exe
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Služba Google Update (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-06 136176]
R3 connctfy;Connectify Service;c:\windows\system32\DRIVERS\connctfy.sys [x]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [x]
R3 nmwcdcx64;Nokia USB Generic;c:\windows\system32\drivers\ccdcmbox64.sys [x]
R3 nmwcdx64;Nokia USB Phone Parent;c:\windows\system32\drivers\ccdcmbx64.sys [x]
R3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [x]
R3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\program files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [2010-10-26 155344]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [x]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [x]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 Connectify;Connectify;c:\program files (x86)\Connectify\Connectifyd.exe [2010-09-28 892992]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2010-07-02 810144]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [x]
S2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [x]
S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe [2010-09-21 539184]
S3 connctfyMP;connctfyMP;c:\windows\system32\DRIVERS\connctfy.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys [x]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [x]
S3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-03-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-20 14:14]
.
2011-03-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-20 14:14]
.
2011-03-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1851725225-4217059799-1380760506-1000Core.job
- c:\users\Marek\AppData\Local\Google\Update\GoogleUpdate.exe [2010-07-28 10:08]
.
2011-03-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1851725225-4217059799-1380760506-1000UA.job
- c:\users\Marek\AppData\Local\Google\Update\GoogleUpdate.exe [2010-07-28 10:08]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2010-07-02 2903688]
"SynTPEnh"="%ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe" [BU]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xportovať do programu Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
LSP: c:\program files (x86)\VMware\VMware Player\vsocklib.dll
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1851725225-4217059799-1380760506-1000\Software\SecuROM\License information*]
"datasecu"=hex:3e,d7,be,3d,c3,d2,04,a1,8e,4f,64,71,c8,63,38,08,7c,1e,bd,a2,c9,
cd,91,66,76,ca,10,8d,84,b4,52,79,86,a4,86,70,53,c4,9c,8f,de,58,18,55,f7,da,\
"rkeysecu"=hex:9a,17,74,8d,a3,6f,53,7f,5c,d4,b1,fa,6c,62,0d,11
.
------------------------ Other Running Processes ------------------------
.
c:\windows\SysWOW64\vmnat.exe
c:\program files (x86)\VMware\VMware Player\vmware-authd.exe
c:\windows\SysWOW64\vmnetdhcp.exe
.
**************************************************************************
.
Completion time: 2011-03-13 19:48:32 - machine was rebooted
ComboFix-quarantined-files.txt 2011-03-13 18:48
ComboFix2.txt 2011-03-13 17:53
ComboFix3.txt 2011-03-13 17:31
.
Pre-Run: 29 257 818 112 bytes free
Post-Run: 29 199 638 528 bytes free
.
- - End Of File - - 4E31D37A13FE92BD42B8378E0DEC6BF4

#8 Příspěvek od **vyosek** » 13 bře 2011 20:13

Znate tuto aplikaci c:\program files (x86)\MiKTeX 2.8

Zrejme bude nutne ji preinstalovat

Stahnete Avenger (viz muj podpis)

Pokud pouzivate Win Vista ci W7, kliknete na Avenger pravym a dejte Run As Administrator ci Spustit jako spravce
Po spusteni Vas program upozorni, ze vse co delate, delate na vlastni riziko - Dejte OK
Po potvrzeni uz na Vas koukne hlavni okno, kam vlozite skript, ktery mate nize

Kód: Vybrat vše

Files to delete:
c:\windows\system32\arp.exe
c:\windows\system32\systemcpl.dll

Do ctverecku u Scan for rootkits a Automatically disable any rootkits found dejte fajecku
Nyni uz kliknete na Execute a potvrdte Yes v nasledujicim okne - timto potvrdite spusteni skriptu
Na otazku Reboot now odpovezte opet OK - timto se PC restartuje
Po restartu by se mel otevrit poznamkovy blok s logem a jeho obsah vlozte sem. Pokud se tak nestane, naleznete pozadovany dokument v C:\avenger.txt

maker2807 · #9 Příspěvek od **maker2807** » 13 bře 2011 20:37

Aplikáciu poznám, s preinštalovaním nie je problém...

Avenger som stiahol a spustil podľa pokynov. PC sa reštartoval, no po reštarte sa žiaden log neotvoril a súbor C:\avenger.txt neexistuje. Skontroloval som manuálne dané súbory - c:\windows\system32\arp.exe neexistuje, c:\windows\system32\systemcpl.dll sa v priečinku nachádza a nie je nijak chránený pred zápisom. Mám ho skúsiť zmazať manuálne?

#10 Příspěvek od **vyosek** » 13 bře 2011 20:52

Stahnete OTM (viz muj podpis)

Pokud pouzivate Win Vista ci W7, kliknete na OTM pravym a dejte Run As Administrator ci Spustit jako spravce
Do leveho okna Paste Instructions for Items to be Moved (pod zlutou caru) vlozte obsah, ktery mate nize

Kód: Vybrat vše

:files
c:\windows\system32\arp.exe
c:\windows\system32\systemcpl.dll
c:\program files (x86)\MiKTeX 2.8\miktex\bin\*.exe
%windir%\system32\*.tmp.dll /s
%windir%\system32\SET*.tmp /s
%windir%\*.tmp /s

:commands
[RESETHOSTS]
[EMPTYTEMP]
[EMPTYFLASH]
[ClearAllRestorePoints]

Kliknete na cervene tlacitko MoveIt!
Budete vyzvani na restart, dejte Yes, log pote najdete C:\_OTM\MovedFiles, obsah sem vlozte

Nasledne aplikaci MiKTeX 2.8 odinstalujte a nainstalujte znovu

maker2807 · #11 Příspěvek od **maker2807** » 13 bře 2011 21:06

Tu je požadovaný log:

All processes killed

========== FILES ==========
File/Folder c:\windows\system32\arp.exe not found.
LoadLibrary failed for c:\windows\system32\systemcpl.dll
c:\windows\system32\systemcpl.dll moved successfully.
c:\program files (x86)\MiKTeX 2.8\miktex\bin\afm2tfm.exe moved successfully.
c:\program files (x86)\MiKTeX 2.8\miktex\bin\amstex.exe moved successfully.
c:\program files (x86)\MiKTeX 2.8\miktex\bin\arctrl.exe moved successfully.
c:\program files (x86)\MiKTeX 2.8\miktex\bin\bg5conv.exe moved successfully.
c:\program files (x86)\MiKTeX 2.8\miktex\bin\bg5latex.exe moved successfully.
c:\program files (x86)\MiKTeX 2.8\miktex\bin\bg5pdflatex.exe moved successfully.
c:\program files (x86)\MiKTeX 2.8\miktex\bin\bg5platex.exe moved successfully.
c:\program files (x86)\MiKTeX 2.8\miktex\bin\bg5pluslatex.exe moved successfully.
c:\program files (x86)\MiKTeX 2.8\miktex\bin\bg5pluspdflatex.exe moved successfully.
c:\program files (x86)\MiKTeX 2.8\miktex\bin\bg5ppdflatex.exe moved successfully.
c:\program files (x86)\MiKTeX 2.8\miktex\bin\bibtex.exe moved successfully.
c:\program files (x86)\MiKTeX 2.8\miktex\bin\bibtex8.exe moved successfully.
c:\program files (x86)\MiKTeX 2.8\miktex\bin\bmeps.exe moved successfully.
c:\program files (x86)\MiKTeX 2.8\miktex\bin\bplain.exe moved successfully.
c:\program files (x86)\MiKTeX 2.8\miktex\bin\cef5conv.exe moved successfully.
c:\program files (x86)\MiKTeX 2.8\miktex\bin\cef5latex.exe moved successfully.
c:\program files (x86)\MiKTeX 2.8\miktex\bin\cef5pdflatex.exe moved successfully.
c:\program files (x86)\MiKTeX 2.8\miktex\bin\cefconv.exe moved successfully.
c:\program files (x86)\MiKTeX 2.8\miktex\bin\ceflatex.exe moved successfully.
c:\program files (x86)\MiKTeX 2.8\miktex\bin\cefpdflatex.exe moved successfully.
c:\program files (x86)\MiKTeX 2.8\miktex\bin\cefsconv.exe moved successfully.
c:\program files (x86)\MiKTeX 2.8\miktex\bin\cefslatex.exe moved successfully.
c:\program files (x86)\MiKTeX 2.8\miktex\bin\cefspdflatex.exe moved successfully.
c:\program files (x86)\MiKTeX 2.8\miktex\bin\cjklatex.exe moved successfully.
c:\program files (x86)\MiKTeX 2.8\miktex\bin\cslatex.exe moved successfully.
c:\program files (x86)\MiKTeX 2.8\miktex\bin\csplain.exe moved successfully.
c:\program files (x86)\MiKTeX 2.8\miktex\bin\ctangle.exe moved successfully.
c:\program files (x86)\MiKTeX 2.8\miktex\bin\cweave.exe moved successfully.
c:\program files (x86)\MiKTeX 2.8\miktex\bin\dvicopy.exe moved successfully.
c:\program files (x86)\MiKTeX 2.8\miktex\bin\dvipdfm.exe moved successfully.
c:\program files (x86)\MiKTeX 2.8\miktex\bin\dvipdfmx.exe moved successfully.
c:\program files (x86)\MiKTeX 2.8\miktex\bin\dvipdft.exe moved successfully.
c:\program files (x86)\MiKTeX 2.8\miktex\bin\dvipng.exe moved successfully.
c:\program files (x86)\MiKTeX 2.8\miktex\bin\dvips.exe moved successfully.
c:\program files (x86)\MiKTeX 2.8\miktex\bin\dvitomp.exe moved successfully.
c:\program files (x86)\MiKTeX 2.8\miktex\bin\dvitype.exe moved successfully.
c:\program files (x86)\MiKTeX 2.8\miktex\bin\ebb.exe moved successfully.
c:\program files (x86)\MiKTeX 2.8\miktex\bin\epsffit.exe moved successfully.
c:\program files (x86)\MiKTeX 2.8\miktex\bin\epstopdf.exe moved successfully.
c:\program files (x86)\MiKTeX 2.8\miktex\bin\etex.exe moved successfully.
c:\program files (x86)\MiKTeX 2.8\miktex\bin\extconv.exe moved successfully.
c:\program files (x86)\MiKTeX 2.8\miktex\bin\extractbb.exe moved successfully.
c:\program files (x86)\MiKTeX 2.8\miktex\bin\fc-cache.exe moved successfully.
c:\program files (x86)\MiKTeX 2.8\miktex\bin\fc-cat.exe moved successfully.
c:\program files (x86)\MiKTeX 2.8\miktex\bin\fc-list.exe moved successfully.
c:\program files (x86)\MiKTeX 2.8\miktex\bin\fc-match.exe moved successfully.
c:\program files (x86)\MiKTeX 2.8\miktex\bin\findexe.exe moved successfully.
c:\program files (x86)\MiKTeX 2.8\miktex\bin\findtexmf.exe moved successfully.
c:\program files (x86)\MiKTeX 2.8\miktex\bin\gbklatex.exe moved successfully.
c:\program files (x86)\MiKTeX 2.8\miktex\bin\gbkpdflatex.exe moved successfully.
c:\program files (x86)\MiKTeX 2.8\miktex\bin\getafm.exe moved successfully.
c:\program files (x86)\MiKTeX 2.8\miktex\bin\gftodvi.exe moved successfully.
c:\program files (x86)\MiKTeX 2.8\miktex\bin\gftopk.exe moved successfully.
c:\program files (x86)\MiKTeX 2.8\miktex\bin\gftype.exe moved successfully.
c:\program files (x86)\MiKTeX 2.8\miktex\bin\gsf2pk.exe moved successfully.
c:\program files (x86)\MiKTeX 2.8\miktex\bin\hbf2gf.exe moved successfully.
c:\program files (x86)\MiKTeX 2.8\miktex\bin\htcmd.exe moved successfully.
c:\program files (x86)\MiKTeX 2.8\miktex\bin\inimf.exe moved successfully.
c:\program files (x86)\MiKTeX 2.8\miktex\bin\initex.exe moved successfully.
c:\program files (x86)\MiKTeX 2.8\miktex\bin\initexmf.exe moved successfully.
c:\program files (x86)\MiKTeX 2.8\miktex\bin\jadetex.exe moved successfully.
c:\program files (x86)\MiKTeX 2.8\miktex\bin\kpsewhich.exe moved successfully.
c:\program files (x86)\MiKTeX 2.8\miktex\bin\lambda.exe moved successfully.
c:\program files (x86)\MiKTeX 2.8\miktex\bin\latex.exe moved successfully.
c:\program files (x86)\MiKTeX 2.8\miktex\bin\makebase.exe moved successfully.
c:\program files (x86)\MiKTeX 2.8\miktex\bin\makefmt.exe moved successfully.
c:\program files (x86)\MiKTeX 2.8\miktex\bin\makeindex.exe moved successfully.
c:\program files (x86)\MiKTeX 2.8\miktex\bin\makeinfo.exe moved successfully.
c:\program files (x86)\MiKTeX 2.8\miktex\bin\makemem.exe moved successfully.
c:\program files (x86)\MiKTeX 2.8\miktex\bin\makemf.exe moved successfully.
c:\program files (x86)\MiKTeX 2.8\miktex\bin\makempx.exe moved successfully.
c:\program files (x86)\MiKTeX 2.8\miktex\bin\makepk.exe moved successfully.
c:\program files (x86)\MiKTeX 2.8\miktex\bin\maketfm.exe moved successfully.
c:\program files (x86)\MiKTeX 2.8\miktex\bin\metafun.exe moved successfully.
c:\program files (x86)\MiKTeX 2.8\miktex\bin\mex.exe moved successfully.
c:\program files (x86)\MiKTeX 2.8\miktex\bin\mf.exe moved successfully.
c:\program files (x86)\MiKTeX 2.8\miktex\bin\mfmp.exe moved successfully.
c:\program files (x86)\MiKTeX 2.8\miktex\bin\mft.exe moved successfully.
c:\program files (x86)\MiKTeX 2.8\miktex\bin\mgs.exe moved successfully.
c:\program files (x86)\MiKTeX 2.8\miktex\bin\miktex-bibtex.exe moved successfully.
c:\program files (x86)\MiKTeX 2.8\miktex\bin\miktex-makebase.exe moved successfully.
c:\program files (x86)\MiKTeX 2.8\miktex\bin\miktex-makefmt.exe moved successfully.
c:\program files (x86)\MiKTeX 2.8\miktex\bin\miktex-makeindex.exe moved successfully.
c:\program files (x86)\MiKTeX 2.8\miktex\bin\miktex-makemem.exe moved successfully.
c:\program files (x86)\MiKTeX 2.8\miktex\bin\miktex-makemf.exe moved successfully.
c:\program files (x86)\MiKTeX 2.8\miktex\bin\miktex-makepk.exe moved successfully.
c:\program files (x86)\MiKTeX 2.8\miktex\bin\miktex-maketfm.exe moved successfully.
c:\program files (x86)\MiKTeX 2.8\miktex\bin\miktex-mf.exe moved successfully.
c:\program files (x86)\MiKTeX 2.8\miktex\bin\miktex-mpost.exe moved successfully.
c:\program files (x86)\MiKTeX 2.8\miktex\bin\miktex-omega.exe moved successfully.
c:\program files (x86)\MiKTeX 2.8\miktex\bin\miktex-pdftex.exe moved successfully.
c:\program files (x86)\MiKTeX 2.8\miktex\bin\miktex-taskbar-icon.exe moved successfully.
c:\program files (x86)\MiKTeX 2.8\miktex\bin\miktex-tex.exe moved successfully.
c:\program files (x86)\MiKTeX 2.8\miktex\bin\miktex-texworks.exe moved successfully.
c:\program files (x86)\MiKTeX 2.8\miktex\bin\miktex-update.exe moved successfully.
c:\program files (x86)\MiKTeX 2.8\miktex\bin\miktex-update_admin.exe moved successfully.
c:\program files (x86)\MiKTeX 2.8\miktex\bin\miktex-xetex.exe moved successfully.
c:\program files (x86)\MiKTeX 2.8\miktex\bin\miktex-zip.exe moved successfully.
c:\program files (x86)\MiKTeX 2.8\miktex\bin\mkfntmap.exe moved successfully.
c:\program files (x86)\MiKTeX 2.8\miktex\bin\mkocp.exe moved successfully.
c:\program files (x86)\MiKTeX 2.8\miktex\bin\mktexlsr.exe moved successfully.
c:\program files (x86)\MiKTeX 2.8\miktex\bin\mllatex.exe moved successfully.
c:\program files (x86)\MiKTeX 2.8\miktex\bin\mltex.exe moved successfully.
c:\program files (x86)\MiKTeX 2.8\miktex\bin\mo.exe moved successfully.
c:\program files (x86)\MiKTeX 2.8\miktex\bin\mo_admin.exe moved successfully.
c:\program files (x86)\MiKTeX 2.8\miktex\bin\mp.exe moved successfully.
c:\program files (x86)\MiKTeX 2.8\miktex\bin\mpm.exe moved successfully.
c:\program files (x86)\MiKTeX 2.8\miktex\bin\mpm_mfc.exe moved successfully.
c:\program files (x86)\MiKTeX 2.8\miktex\bin\mpm_mfc_admin.exe moved successfully.
c:\program files (x86)\MiKTeX 2.8\miktex\bin\mpm_qt.exe moved successfully.
c:\program files (x86)\MiKTeX 2.8\miktex\bin\mpm_qt_admin.exe moved successfully.
c:\program files (x86)\MiKTeX 2.8\miktex\bin\mpost.exe moved successfully.
c:\program files (x86)\MiKTeX 2.8\miktex\bin\mpto.exe moved successfully.
c:\program files (x86)\MiKTeX 2.8\miktex\bin\mptopdf.exe moved successfully.
c:\program files (x86)\MiKTeX 2.8\miktex\bin\mthelp.exe moved successfully.
c:\program files (x86)\MiKTeX 2.8\miktex\bin\mtprint.exe moved successfully.
c:\program files (x86)\MiKTeX 2.8\miktex\bin\odvicopy.exe moved successfully.
c:\program files (x86)\MiKTeX 2.8\miktex\bin\ofm2opl.exe moved successfully.
c:\program files (x86)\MiKTeX 2.8\miktex\bin\omega.exe moved successfully.
c:\program files (x86)\MiKTeX 2.8\miktex\bin\opl2ofm.exe moved successfully.
c:\program files (x86)\MiKTeX 2.8\miktex\bin\otp2ocp.exe moved successfully.
c:\program files (x86)\MiKTeX 2.8\miktex\bin\outocp.exe moved successfully.
c:\program files (x86)\MiKTeX 2.8\miktex\bin\ovf2ovp.exe moved successfully.
c:\program files (x86)\MiKTeX 2.8\miktex\bin\ovp2ovf.exe moved successfully.
c:\program files (x86)\MiKTeX 2.8\miktex\bin\pcxtoppm.exe moved successfully.
c:\program files (x86)\MiKTeX 2.8\miktex\bin\pdfclose.exe moved successfully.
c:\program files (x86)\MiKTeX 2.8\miktex\bin\pdfdde.exe moved successfully.
c:\program files (x86)\MiKTeX 2.8\miktex\bin\pdfetex.exe moved successfully.
c:\program files (x86)\MiKTeX 2.8\miktex\bin\pdfjadetex.exe moved successfully.
c:\program files (x86)\MiKTeX 2.8\miktex\bin\pdflatex.exe moved successfully.
c:\program files (x86)\MiKTeX 2.8\miktex\bin\pdfmex.exe moved successfully.
c:\program files (x86)\MiKTeX 2.8\miktex\bin\pdfopen.exe moved successfully.
c:\program files (x86)\MiKTeX 2.8\miktex\bin\pdfplatex.exe moved successfully.
c:\program files (x86)\MiKTeX 2.8\miktex\bin\pdftex.exe moved successfully.
c:\program files (x86)\MiKTeX 2.8\miktex\bin\pdfxmltex.exe moved successfully.
c:\program files (x86)\MiKTeX 2.8\miktex\bin\platex.exe moved successfully.
c:\program files (x86)\MiKTeX 2.8\miktex\bin\pltotf.exe moved successfully.
c:\program files (x86)\MiKTeX 2.8\miktex\bin\pngtopnm.exe moved successfully.
c:\program files (x86)\MiKTeX 2.8\miktex\bin\pooltype.exe moved successfully.
c:\program files (x86)\MiKTeX 2.8\miktex\bin\ppmtobmp.exe moved successfully.
c:\program files (x86)\MiKTeX 2.8\miktex\bin\ps2pk.exe moved successfully.
c:\program files (x86)\MiKTeX 2.8\miktex\bin\psbook.exe moved successfully.
c:\program files (x86)\MiKTeX 2.8\miktex\bin\psnup.exe moved successfully.
c:\program files (x86)\MiKTeX 2.8\miktex\bin\psresize.exe moved successfully.
c:\program files (x86)\MiKTeX 2.8\miktex\bin\psselect.exe moved successfully.
c:\program files (x86)\MiKTeX 2.8\miktex\bin\pstops.exe moved successfully.
c:\program files (x86)\MiKTeX 2.8\miktex\bin\sjisconv.exe moved successfully.
c:\program files (x86)\MiKTeX 2.8\miktex\bin\sjislatex.exe moved successfully.
c:\program files (x86)\MiKTeX 2.8\miktex\bin\sjispdflatex.exe moved successfully.
c:\program files (x86)\MiKTeX 2.8\miktex\bin\skt.exe moved successfully.
c:\program files (x86)\MiKTeX 2.8\miktex\bin\t1asm.exe moved successfully.
c:\program files (x86)\MiKTeX 2.8\miktex\bin\t4ht.exe moved successfully.
c:\program files (x86)\MiKTeX 2.8\miktex\bin\tangle.exe moved successfully.
c:\program files (x86)\MiKTeX 2.8\miktex\bin\tex.exe moved successfully.
c:\program files (x86)\MiKTeX 2.8\miktex\bin\tex4ht.exe moved successfully.
c:\program files (x86)\MiKTeX 2.8\miktex\bin\texdoc.exe moved successfully.
c:\program files (x86)\MiKTeX 2.8\miktex\bin\texhash.exe moved successfully.
c:\program files (x86)\MiKTeX 2.8\miktex\bin\texi2dvi.exe moved successfully.
c:\program files (x86)\MiKTeX 2.8\miktex\bin\texify.exe moved successfully.
c:\program files (x86)\MiKTeX 2.8\miktex\bin\texindex.exe moved successfully.
c:\program files (x86)\MiKTeX 2.8\miktex\bin\texlinks.exe moved successfully.
c:\program files (x86)\MiKTeX 2.8\miktex\bin\texworks.exe moved successfully.
c:\program files (x86)\MiKTeX 2.8\miktex\bin\tftopl.exe moved successfully.
c:\program files (x86)\MiKTeX 2.8\miktex\bin\tgatoppm.exe moved successfully.
c:\program files (x86)\MiKTeX 2.8\miktex\bin\tie.exe moved successfully.
c:\program files (x86)\MiKTeX 2.8\miktex\bin\tifftopnm.exe moved successfully.
c:\program files (x86)\MiKTeX 2.8\miktex\bin\ttf2afm.exe moved successfully.
c:\program files (x86)\MiKTeX 2.8\miktex\bin\ttf2pfb.exe moved successfully.
c:\program files (x86)\MiKTeX 2.8\miktex\bin\ttf2pk.exe moved successfully.
c:\program files (x86)\MiKTeX 2.8\miktex\bin\ttf2tfm.exe moved successfully.
c:\program files (x86)\MiKTeX 2.8\miktex\bin\updmap.exe moved successfully.
c:\program files (x86)\MiKTeX 2.8\miktex\bin\vftovp.exe moved successfully.
c:\program files (x86)\MiKTeX 2.8\miktex\bin\virmf.exe moved successfully.
c:\program files (x86)\MiKTeX 2.8\miktex\bin\virtex.exe moved successfully.
c:\program files (x86)\MiKTeX 2.8\miktex\bin\vptovf.exe moved successfully.
c:\program files (x86)\MiKTeX 2.8\miktex\bin\weave.exe moved successfully.
c:\program files (x86)\MiKTeX 2.8\miktex\bin\xbb.exe moved successfully.
c:\program files (x86)\MiKTeX 2.8\miktex\bin\xdvipdfmx.exe moved successfully.
c:\program files (x86)\MiKTeX 2.8\miktex\bin\xelatex.exe moved successfully.
c:\program files (x86)\MiKTeX 2.8\miktex\bin\xetex.exe moved successfully.
c:\program files (x86)\MiKTeX 2.8\miktex\bin\xmltex.exe moved successfully.
c:\program files (x86)\MiKTeX 2.8\miktex\bin\yap.exe moved successfully.
File/Folder C:\Windows\system32\*.tmp.dll not found.
File/Folder C:\Windows\system32\SET*.tmp not found.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP9720.tmp folder moved successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP9E41.tmp folder moved successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPADBC.tmp folder moved successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPB02F.tmp folder moved successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE291.tmp folder moved successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE56E.tmp folder moved successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPEB78.tmp folder moved successfully.
C:\Windows\Installer\MSIF998.tmp moved successfully.
C:\Windows\System32\tmp5D5B.tmp moved successfully.
C:\Windows\System32\tmp5D7B.tmp moved successfully.
C:\Windows\Temp\NODD6FF.tmp moved successfully.
C:\Windows\Temp\NODD7CB.tmp moved successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 41620 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Marek
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 1479287 bytes
->Java cache emptied: 3166964 bytes
->Google Chrome cache emptied: 427484339 bytes
->Flash cache emptied: 1215250 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 6442 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 413,00 mb

Restore point Set: OTM Restore Point

OTM by OldTimer - Version 3.1.17.2 log created on 03132011_205758

Files moved on Reboot...
C:\Users\Marek\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Marek\AppData\Local\Temp\SafeQClientUI.log moved successfully.
C:\Windows\temp\vmware-SYSTEM\vmware-usbarb-SYSTEM-1792.log moved successfully.

Registry entries deleted on Reboot...

#12 Příspěvek od **vyosek** » 13 bře 2011 21:13

Preinstalujte aplikaci MiKTeX 2.8

Aplikujte tento skript pro ComboFix - postup stejny jako minule

Kód: Vybrat vše

KillAll::

File::
C:\Windows\tasks\At1.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1851725225-4217059799-1380760506-1000Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1851725225-4217059799-1380760506-1000UA.job

Registry::
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"=-
"Virtual PDF Printer"=-
"Adobe Reader Speed Launcher"=-
"Adobe ARM"=-

AtJob::

Replicator::

Reboot::

maker2807 · #13 Příspěvek od **maker2807** » 13 bře 2011 22:52

Tu je výsledný combofix log:

ComboFix 11-03-12.01 - Marek . 03. 2011 22:32:10.4.2 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1250.421.1051.18.4061.2562 [GMT 1:00]
Running from: c:\users\Marek\Desktop\ComboFix.exe
Command switches used :: c:\users\Marek\Desktop\CFScript.txt
AV: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\tasks\At1.job"
"c:\windows\tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\tasks\GoogleUpdateTaskMachineUA.job"
"c:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1851725225-4217059799-1380760506-1000Core.job"
"c:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1851725225-4217059799-1380760506-1000UA.job"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\arp.exe . . . . Failed to delete
c:\windows\system32\systemcpl.dll . . . . Failed to delete
c:\windows\SysWow64\Drivers\maeaw.sys
c:\windows\SysWow64\Drivers\xgymeue.sys
c:\windows\tasks\GoogleUpdateTaskMachineCore.job
c:\windows\tasks\GoogleUpdateTaskMachineUA.job
c:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1851725225-4217059799-1380760506-1000Core.job
c:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1851725225-4217059799-1380760506-1000UA.job
.
----- File Replicators -----
.
c:\program files (x86)\MiKTeX 2.8\miktex\bin\afm2afm.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\amstex.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\authorindex.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\autoinst.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\bdftops.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\bib2xhtml.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\bibhtml.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\biokey2html.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\biokey2html1.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\biokey2html2.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\biokey2html3.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\birm.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\bplain.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\cmap2enc.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\config.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\cslatex.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\csplain.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\csvtools.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\cyrename.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\dbcontext.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\dblatex.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\dbmcontext.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\dbmex.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\dbmlatex.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\dbmmex.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\dbmtex.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\dbmtexi.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\dbmxelatex.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\dbmxetex.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\dbtex.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\dbtexi.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\dbxelatex.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\dbxetex.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\dumphint.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\eps2eps.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\escontext.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\eslatex.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\esmex.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\estex.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\estexi.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\esxelatex.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\esxetex.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\etex.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\feynmf.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\fig4latex.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\findhyph.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\fixmswrd.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\fixwada2.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\font2afm.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\font2c.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\gsbj.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\gsdj.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\gsdj500.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\gslj.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\gslp.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\gsnd.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\gsndt.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\gssetgs.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\gst.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\gstt.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\ht.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\htcontext.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\htlatex.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\htmex.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\httex.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\httexi.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\htxelatex.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\htxetex.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\ibyhyph.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\jadetex.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\jh1context.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\jh1latex.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\jh1mex.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\jh1tex.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\jh1texi.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\jh1xelatex.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\jh1xetex.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\jhcontext.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\jhlatex.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\jhmex.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\jhtex.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\jhtexi.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\jhxelatex.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\jhxetex.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\jmcontext.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\jmlatex.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\jmmex.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\jmtex.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\jmtexi.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\jmxelatex.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\jmxetex.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\jscontext.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\jslatex.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\jsmex.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\jstex.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\jstexi.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\jsxelatex.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\jsxetex.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\latex.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\latexdiff-fast.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\latexdiff-so.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\latexdiff-vc.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\latexdiff.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\latexmk.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\latexrevise.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\lp386.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\lp386r2.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\lpgs.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\lpr2.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\makeglossaries.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\makejmlrbook.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\makeuniwada.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\merge.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\mex.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\mk4ht.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\mkmlsmf.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\mkt1font.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\mllatex.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\mltex.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\mm.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\mptopdf.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\mzcontext.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\mzlatex.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\mzmex.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\mztex.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\mztexi.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\mzxelatex.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\mzxetex.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\nts.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\oocontext.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\oolatex.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\oomex.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\ootex.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\ootexi.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\ooxelatex.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\ooxetex.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\orderrefs.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\ot2kpx.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\pdf2dsc.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\pdf2ps.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\pdfatfi.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\pdfcrop.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\pdfetex.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\pdfjadetex.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\pdflatex.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\pdfmex.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\pdfopt.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\pdfplatex.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\pdftex.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\pdfxmltex.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\pedigree.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\perltex.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\pf2afm.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\pfbtopfa.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\pfm2kpx.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\pftogsf.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\platex.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\plind.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\pn2pdf.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\ps2ascii.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\ps2epsi.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\ps2pdf.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\ps2pdf12.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\ps2pdf13.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\ps2pdf14.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\ps2pdfxx.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\ps2ps.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\ps2ps2.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\ps4pdf.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\pst2pdf.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\rcsinfo.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\runbat.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\runperl.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\showglyphs.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\splitindex.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\svn-multi.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\teicontext.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\teilatex.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\teimcontext.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\teimex.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\teimlatex.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\teimmex.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\teimtex.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\teimtexi.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\teimxelatex.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\teimxetex.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\teitex.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\teitexi.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\teixelatex.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\teixetex.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\texcount.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\texdiff.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\texdirflatten.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\texshow.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\thumbpdf.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\urlbst.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\uxhcontext.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\uxhlatex.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\uxhmex.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\uxhtex.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\uxhtexi.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\uxhxelatex.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\uxhxetex.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\vpl2ovp.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\vpl2vpl.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\wcontext.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\wlatex.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\wmakebat.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\wmex.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\wtex.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\wtexi.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\wxelatex.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\wxetex.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\xdv2pdf_mergemarks.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\xhcontext.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\xhlatex.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\xhmcontext.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\xhmex.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\xhmlatex.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\xhmmex.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\xhmtex.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\xhmtexi.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\xhmxelatex.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\xhmxetex.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\xhtex.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\xhtexi.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\xhxelatex.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\xhxetex.exe
c:\program files (x86)\MiKTeX 2.8\miktex\bin\xmltex.exe
d:\_otm\MovedFiles\03132011_205758\c_program files (x86)\MiKTeX 2.8\miktex\bin\amstex.exe
d:\_otm\MovedFiles\03132011_205758\c_program files (x86)\MiKTeX 2.8\miktex\bin\bplain.exe
d:\_otm\MovedFiles\03132011_205758\c_program files (x86)\MiKTeX 2.8\miktex\bin\cslatex.exe
d:\_otm\MovedFiles\03132011_205758\c_program files (x86)\MiKTeX 2.8\miktex\bin\csplain.exe
d:\_otm\MovedFiles\03132011_205758\c_program files (x86)\MiKTeX 2.8\miktex\bin\etex.exe
d:\_otm\MovedFiles\03132011_205758\c_program files (x86)\MiKTeX 2.8\miktex\bin\jadetex.exe
d:\_otm\MovedFiles\03132011_205758\c_program files (x86)\MiKTeX 2.8\miktex\bin\latex.exe
d:\_otm\MovedFiles\03132011_205758\c_program files (x86)\MiKTeX 2.8\miktex\bin\mex.exe
d:\_otm\MovedFiles\03132011_205758\c_program files (x86)\MiKTeX 2.8\miktex\bin\mllatex.exe
d:\_otm\MovedFiles\03132011_205758\c_program files (x86)\MiKTeX 2.8\miktex\bin\mltex.exe
d:\_otm\MovedFiles\03132011_205758\c_program files (x86)\MiKTeX 2.8\miktex\bin\mptopdf.exe
d:\_otm\MovedFiles\03132011_205758\c_program files (x86)\MiKTeX 2.8\miktex\bin\pdfetex.exe
d:\_otm\MovedFiles\03132011_205758\c_program files (x86)\MiKTeX 2.8\miktex\bin\pdfjadetex.exe
d:\_otm\MovedFiles\03132011_205758\c_program files (x86)\MiKTeX 2.8\miktex\bin\pdflatex.exe
d:\_otm\MovedFiles\03132011_205758\c_program files (x86)\MiKTeX 2.8\miktex\bin\pdfmex.exe
d:\_otm\MovedFiles\03132011_205758\c_program files (x86)\MiKTeX 2.8\miktex\bin\pdfplatex.exe
d:\_otm\MovedFiles\03132011_205758\c_program files (x86)\MiKTeX 2.8\miktex\bin\pdftex.exe
d:\_otm\MovedFiles\03132011_205758\c_program files (x86)\MiKTeX 2.8\miktex\bin\pdfxmltex.exe
d:\_otm\MovedFiles\03132011_205758\c_program files (x86)\MiKTeX 2.8\miktex\bin\platex.exe
d:\_otm\MovedFiles\03132011_205758\c_program files (x86)\MiKTeX 2.8\miktex\bin\xmltex.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-02-13 to 2011-03-13 )))))))))))))))))))))))))))))))
.
.
2011-03-13 21:40 . 2011-03-13 21:40 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-03-13 21:00 . 2011-03-13 21:00 -------- d-----w- c:\programdata\MiKTeX
2011-03-13 20:31 . 2011-03-13 20:52 -------- d-----w- c:\program files (x86)\MiKTeX 2.8
2011-03-13 15:34 . 2011-03-13 15:34 -------- d-----w- C:\rsit
2011-03-13 15:34 . 2011-03-13 15:34 -------- d-----w- c:\program files\trend micro
2011-03-13 15:15 . 2011-03-13 15:15 -------- d-----w- c:\programdata\McAfee
2011-03-13 09:54 . 2011-03-13 09:54 -------- d-----w- c:\windows\system32\SPReview
2011-03-13 09:52 . 2011-03-13 09:52 -------- d-----w- c:\windows\system32\EventProviders
2011-03-13 09:52 . 2011-02-11 07:30 7947600 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{20A0BD09-477F-4D45-BF40-FBD9338350AD}\mpengine.dll
2011-03-13 09:24 . 2011-01-17 06:17 197120 ----a-w- c:\windows\system32\d3d10_1.dll
2011-03-13 09:24 . 2011-01-17 05:38 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll
2011-03-12 21:58 . 2011-03-12 21:58 -------- d-----w- c:\windows\system32\appmgmt
2011-03-12 16:05 . 2011-03-12 16:05 -------- d-----w- c:\users\Marek\AppData\Roaming\Malwarebytes
2011-03-12 16:04 . 2010-12-20 17:09 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-03-12 16:04 . 2011-03-12 16:04 -------- d-----w- c:\programdata\Malwarebytes
2011-03-12 16:04 . 2011-03-12 16:05 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-03-12 16:04 . 2010-12-20 17:08 24152 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-03-12 15:54 . 2011-03-12 21:58 -------- d-----w- c:\programdata\STOPzilla!
2011-03-12 15:46 . 2011-03-12 15:46 -------- d-----w- c:\program files (x86)\U0vd Security Corporation
2011-03-12 13:19 . 2011-03-12 13:44 -------- d-----w- c:\program files (x86)\PCSafeDoctor
2011-03-09 17:36 . 2010-09-14 06:45 367104 ----a-w- c:\windows\system32\wcncsvc.dll
2011-03-09 17:36 . 2010-09-14 06:07 276992 ----a-w- c:\windows\SysWow64\wcncsvc.dll
2011-03-09 17:30 . 2010-12-18 06:12 3138048 ----a-w- c:\windows\system32\mstscax.dll
2011-03-09 17:30 . 2010-12-18 05:30 2690560 ----a-w- c:\windows\SysWow64\mstscax.dll
2011-03-09 17:30 . 2010-12-18 06:08 1097216 ----a-w- c:\windows\system32\mstsc.exe
2011-03-09 17:30 . 2010-12-18 05:26 1034240 ----a-w- c:\windows\SysWow64\mstsc.exe
2011-03-06 14:06 . 2011-03-06 14:06 -------- d-----w- c:\program files (x86)\Microsoft Games
2011-02-27 09:24 . 2011-02-27 09:24 -------- d-----w- c:\program files (x86)\NVIDIA Corporation
2011-02-26 09:15 . 2011-02-26 09:15 -------- d-----w- c:\program files (x86)\Ghostgum
2011-02-20 19:20 . 2011-02-20 19:20 -------- d-----w- c:\program files (x86)\Common Files\xing shared
2011-02-20 19:20 . 2011-02-20 19:20 -------- d-----w- c:\program files (x86)\Real
2011-02-15 13:53 . 2011-02-15 13:53 -------- d-----w- c:\program files (x86)\gs
2011-02-15 12:56 . 2008-08-02 10:58 44544 ----a-w- c:\windows\SysWow64\msxml4a.dll
2011-02-15 12:56 . 2011-02-15 12:56 -------- d-----w- c:\program files (x86)\TeXnicCenter
2011-02-12 11:48 . 2011-02-12 11:58 -------- d-----w- c:\users\Marek\AppData\Roaming\TuneUp Software
2011-02-12 11:47 . 2011-02-12 11:50 -------- d-----w- c:\programdata\TuneUp Software
2011-02-12 11:47 . 2011-02-12 11:47 -------- d-sh--w- c:\programdata\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-20 19:20 . 2003-03-18 19:14 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll
2011-02-20 19:20 . 2003-02-21 03:42 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
2011-02-02 16:11 . 2010-07-28 10:12 270720 ------w- c:\windows\system32\MpSigStub.exe
2011-01-26 06:53 . 2011-02-09 15:59 982912 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2011-01-26 06:53 . 2011-02-09 15:59 265088 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2011-01-26 06:31 . 2011-02-09 15:59 144384 ----a-w- c:\windows\system32\cdd.dll
2011-01-08 03:27 . 2010-07-28 12:33 12859496 ----a-w- c:\windows\system32\nvd3dumx.dll
2011-01-08 03:27 . 2009-07-08 13:37 7729256 ----a-w- c:\windows\system32\nvwgf2umx.dll
2011-01-08 03:27 . 2009-07-08 13:37 2200680 ----a-w- c:\windows\system32\nvapi64.dll
2011-01-07 19:50 . 2011-01-07 19:50 795752 ----a-w- c:\windows\system32\easyUpdatusAPIU64.dll
2011-01-07 19:50 . 2011-01-07 19:50 6143080 ----a-w- c:\windows\system32\nvcpl.dll
2011-01-07 19:49 . 2011-01-07 19:49 3156072 ----a-w- c:\windows\system32\nvsvc64.dll
2011-01-07 19:49 . 2011-01-07 19:49 117864 ----a-w- c:\windows\system32\nvmctray.dll
2011-01-07 19:49 . 2011-01-07 19:49 313448 ----a-w- c:\windows\system32\nvhotkey.dll
2011-01-07 19:49 . 2011-01-07 19:49 2558568 ----a-w- c:\windows\system32\nvsvcr.dll
2011-01-07 19:49 . 2011-01-07 19:49 1005160 ----a-w- c:\windows\system32\nvvsvc.exe
2011-01-07 08:06 . 2011-02-09 15:58 46080 ----a-w- c:\windows\system32\atmlib.dll
2011-01-07 07:27 . 2011-02-09 15:58 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2011-01-07 05:49 . 2011-02-09 15:58 366080 ----a-w- c:\windows\system32\atmfd.dll
2011-01-07 05:33 . 2011-02-09 15:58 294400 ----a-w- c:\windows\SysWow64\atmfd.dll
2011-01-05 06:20 . 2011-02-09 15:59 612352 ----a-w- c:\windows\system32\vbscript.dll
2011-01-05 05:37 . 2011-02-09 15:59 428032 ----a-w- c:\windows\SysWow64\vbscript.dll
2011-01-05 04:00 . 2011-02-09 15:59 3127808 ----a-w- c:\windows\system32\win32k.sys
2010-12-25 18:41 . 2010-12-25 18:41 27176 ----a-w- c:\windows\system32\drivers\ggsemc.sys
2010-12-25 18:41 . 2010-12-25 18:41 1490656 ----a-w- c:\windows\system32\WdfCoInstaller01007.dll
2010-12-25 18:41 . 2010-12-25 18:41 13352 ----a-w- c:\windows\system32\drivers\ggflt.sys
2010-12-21 06:16 . 2011-02-09 15:59 62976 ----a-w- c:\windows\system32\wscapi.dll
2010-12-21 06:16 . 2011-02-09 15:59 97280 ----a-w- c:\windows\system32\wscsvc.dll
2010-12-21 06:16 . 2011-02-09 15:59 214016 ----a-w- c:\windows\system32\winsrv.dll
2010-12-21 06:16 . 2011-02-09 15:59 1197056 ----a-w- c:\windows\system32\wininet.dll
2010-12-21 06:16 . 2011-02-09 15:59 442880 ----a-w- c:\windows\system32\winhttp.dll
2010-12-21 06:16 . 2011-02-09 15:59 258048 ----a-w- c:\windows\system32\WebClnt.dll
2010-12-21 06:15 . 2011-02-09 15:59 264192 ----a-w- c:\windows\system32\upnp.dll
2010-12-21 06:15 . 2011-02-09 15:59 15360 ----a-w- c:\windows\system32\slwga.dll
2010-12-21 06:13 . 2011-02-09 15:59 2003968 ----a-w- c:\windows\system32\msxml6.dll
2010-12-21 06:13 . 2011-02-09 15:59 1880576 ----a-w- c:\windows\system32\msxml3.dll
2010-12-21 06:10 . 2011-02-09 15:59 100864 ----a-w- c:\windows\system32\davclnt.dll
2010-12-21 05:38 . 2011-02-09 15:59 51200 ----a-w- c:\windows\SysWow64\wscapi.dll
2010-12-21 05:38 . 2011-02-09 15:59 981504 ----a-w- c:\windows\SysWow64\wininet.dll
2010-12-21 05:38 . 2011-02-09 15:59 350720 ----a-w- c:\windows\SysWow64\winhttp.dll
2010-12-21 05:38 . 2011-02-09 15:59 204800 ----a-w- c:\windows\SysWow64\WebClnt.dll
2010-12-21 05:38 . 2011-02-09 15:59 204288 ----a-w- c:\windows\SysWow64\upnp.dll
2010-12-21 05:38 . 2011-02-09 15:59 14336 ----a-w- c:\windows\SysWow64\slwga.dll
2010-12-21 05:36 . 2011-02-09 15:59 1389568 ----a-w- c:\windows\SysWow64\msxml6.dll
2010-12-21 05:36 . 2011-02-09 15:59 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
2010-12-21 05:34 . 2011-02-09 15:59 80384 ----a-w- c:\windows\SysWow64\davclnt.dll
2010-12-18 06:11 . 2011-02-09 15:59 57856 ----a-w- c:\windows\system32\licmgr10.dll
2010-12-18 06:11 . 2011-02-09 15:59 714752 ----a-w- c:\windows\system32\kerberos.dll
2010-12-18 05:29 . 2011-02-09 15:59 44544 ----a-w- c:\windows\SysWow64\licmgr10.dll
2010-12-18 05:29 . 2011-02-09 15:59 541184 ----a-w- c:\windows\SysWow64\kerberos.dll
2010-12-18 04:55 . 2011-02-09 15:59 482816 ----a-w- c:\windows\system32\html.iec
2010-12-18 04:20 . 2011-02-09 15:59 386048 ----a-w- c:\windows\SysWow64\html.iec
2010-12-18 04:13 . 2011-02-09 15:59 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2010-12-18 03:47 . 2011-02-09 15:59 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb
.
.
((((((((((((((((((((((((((((( SnapShot@2011-03-13_17.27.29 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-07-28 09:56 . 2011-03-13 20:03 39650 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-03-13 20:03 40732 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
- 2009-07-14 05:30 . 2011-03-13 17:09 86016 c:\windows\system32\DriverStore\infpub.dat
+ 2009-07-14 05:30 . 2011-03-13 19:30 86016 c:\windows\system32\DriverStore\infpub.dat
- 2010-07-28 20:50 . 2011-03-13 17:27 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-07-28 20:50 . 2011-03-13 21:41 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-03-13 20:01 . 2011-03-13 21:41 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-07-28 20:50 . 2011-03-13 17:27 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-03-13 21:41 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2011-03-13 17:27 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-07-28 09:58 . 2011-03-13 17:13 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-07-28 09:58 . 2011-03-13 20:04 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:46 . 2011-03-13 17:56 71944 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
- 2010-07-28 09:58 . 2011-03-13 17:13 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-07-28 09:58 . 2011-03-13 20:04 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-07-28 09:58 . 2011-03-13 20:04 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-07-28 09:58 . 2011-03-13 17:13 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-07-28 21:08 . 2011-03-13 21:11 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-07-28 21:08 . 2011-03-13 17:13 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-07-28 21:08 . 2011-03-13 21:11 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-07-28 21:08 . 2011-03-13 17:13 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-11-15 20:02 . 2010-11-15 20:02 73624 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA79201B744AA0000000010\10.0.0\wow_helper.exe
+ 2010-11-15 20:02 . 2010-11-15 20:02 17304 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA79201B744AA0000000010\10.0.0\ViewerPS.dll
+ 2010-11-15 20:02 . 2010-11-15 20:02 35736 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA79201B744AA0000000010\10.0.0\reader_sl.exe
+ 2010-11-15 20:02 . 2010-11-15 20:02 84896 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA79201B744AA0000000010\10.0.0\PDFPrevHndlr.dll
+ 2010-11-15 20:02 . 2010-11-15 20:02 94608 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA79201B744AA0000000010\10.0.0\eula.exe
+ 2010-11-15 20:02 . 2010-11-15 20:02 49064 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA79201B744AA0000000010\10.0.0\acrotextextractor.exe
+ 2010-11-15 20:02 . 2010-11-15 20:02 17824 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA79201B744AA0000000010\10.0.0\AcroRd32Info.exe
+ 2010-11-15 20:02 . 2010-11-15 20:02 62376 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA79201B744AA0000000010\10.0.0\acroiehelpershim.dll
+ 2010-11-15 20:02 . 2010-11-15 20:02 64928 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA79201B744AA0000000010\10.0.0\AcroIEHelper.dll
+ 2010-11-15 20:02 . 2010-11-15 20:02 63384 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA79201B744AA0000000010\10.0.0\Acrofx32.dll
+ 2010-07-28 21:00 . 2011-03-13 20:03 9372 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1851725225-4217059799-1380760506-1000_UserData.bin
- 2011-03-13 17:26 . 2011-03-13 17:26 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-03-13 21:41 . 2011-03-13 21:41 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-03-13 21:41 . 2011-03-13 21:41 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-03-13 17:26 . 2011-03-13 17:26 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-14 02:36 . 2011-03-13 20:06 622270 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2011-03-13 17:18 622270 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2011-03-13 20:06 109116 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2011-03-13 17:18 109116 c:\windows\system32\perfc009.dat
+ 2009-07-14 05:30 . 2011-03-13 19:30 143360 c:\windows\system32\DriverStore\infstrng.dat
- 2009-07-14 05:30 . 2011-03-13 17:09 143360 c:\windows\system32\DriverStore\infstrng.dat
- 2009-07-14 05:30 . 2011-03-13 17:09 143360 c:\windows\system32\DriverStore\infstor.dat
+ 2009-07-14 05:30 . 2011-03-13 19:30 143360 c:\windows\system32\DriverStore\infstor.dat
- 2009-07-14 05:01 . 2011-03-13 17:25 471752 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2011-03-13 21:40 471752 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2010-11-15 20:02 . 2010-11-15 20:02 390552 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA79201B744AA0000000010\10.0.0\pdfshell.dll
+ 2010-11-15 20:02 . 2010-11-15 20:02 135568 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA79201B744AA0000000010\10.0.0\nppdf32.dll
+ 2010-11-15 20:02 . 2010-11-15 20:02 681872 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA79201B744AA0000000010\10.0.0\JP2KLib.dll
+ 2010-11-15 20:02 . 2010-11-15 20:02 104344 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA79201B744AA0000000010\10.0.0\AiodLite.dll
+ 2010-11-15 20:02 . 2010-11-15 20:02 702352 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA79201B744AA0000000010\10.0.0\AcroPDF.dll
+ 2010-11-15 20:02 . 2010-11-15 20:02 294808 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA79201B744AA0000000010\10.0.0\acrobroker.exe
+ 2010-11-15 20:02 . 2010-11-15 20:02 205720 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA79201B744AA0000000010\10.0.0\a3dutils.dll
- 2009-07-14 04:45 . 2011-03-10 17:21 3607895 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2009-07-14 04:45 . 2011-03-13 17:29 3607895 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2010-11-15 20:02 . 2010-11-15 20:02 2207632 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA79201B744AA0000000010\10.0.0\rt3d.dll
+ 2010-11-15 20:02 . 2010-11-15 20:02 6222744 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA79201B744AA0000000010\10.0.0\authplay.dll
+ 2010-11-15 20:02 . 2010-11-15 20:02 5503368 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA79201B744AA0000000010\10.0.0\AGM.dll
+ 2010-11-15 20:02 . 2010-11-15 20:02 1216416 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA79201B744AA0000000010\10.0.0\AdobeCollabSync.exe
+ 2010-11-15 20:02 . 2010-11-15 20:02 1289624 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA79201B744AA0000000010\10.0.0\AcroRd32.exe
- 2009-07-14 02:34 . 2011-03-13 17:27 10485760 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
+ 2009-07-14 02:34 . 2011-03-13 20:21 10485760 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
+ 2011-01-30 20:52 . 2011-01-30 20:52 13186560 c:\windows\Installer\19d447.msp
+ 2010-11-15 20:02 . 2010-11-15 20:02 23724952 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA79201B744AA0000000010\10.0.0\AcroRd32.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SafeQ Client"="c:\program files (x86)\Y Soft\SafeQ Client\Client\SafeQ Client.exe" [2010-03-31 249856]
"VMware hqtray"="c:\program files (x86)\VMware\VMware Player\hqtray.exe" [2010-09-21 64048]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"DisableStartupSound"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R0 osmmx;osmmx;c:\windows\system32\drivers\maeaw.sys [x]
R0 vjuhnko;vjuhnko;c:\windows\system32\drivers\xgymeue.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Služba Google Update (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-06 136176]
R3 connctfy;Connectify Service;c:\windows\system32\DRIVERS\connctfy.sys [x]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [x]
R3 nmwcdcx64;Nokia USB Generic;c:\windows\system32\drivers\ccdcmbox64.sys [x]
R3 nmwcdx64;Nokia USB Phone Parent;c:\windows\system32\drivers\ccdcmbx64.sys [x]
R3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [x]
R3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\program files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [2010-10-26 155344]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [x]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [x]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 Connectify;Connectify;c:\program files (x86)\Connectify\Connectifyd.exe [2010-09-28 892992]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2010-07-02 810144]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [x]
S2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [x]
S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe [2010-09-21 539184]
S3 connctfyMP;connctfyMP;c:\windows\system32\DRIVERS\connctfy.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys [x]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [x]
S3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2010-07-02 2903688]
"SynTPEnh"="%ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe" [BU]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xportovať do programu Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
LSP: c:\program files (x86)\VMware\VMware Player\vsocklib.dll
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-Octoshape add-in for Adobe Flash Player - c:\users\Marek\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1851725225-4217059799-1380760506-1000\Software\SecuROM\License information*]
"datasecu"=hex:3e,d7,be,3d,c3,d2,04,a1,8e,4f,64,71,c8,63,38,08,7c,1e,bd,a2,c9,
cd,91,66,76,ca,10,8d,84,b4,52,79,86,a4,86,70,53,c4,9c,8f,de,58,18,55,f7,da,\
"rkeysecu"=hex:9a,17,74,8d,a3,6f,53,7f,5c,d4,b1,fa,6c,62,0d,11
.
------------------------ Other Running Processes ------------------------
.
c:\windows\SysWOW64\vmnat.exe
c:\windows\SysWOW64\vmnetdhcp.exe
c:\program files (x86)\VMware\VMware Player\vmware-authd.exe
.
**************************************************************************
.
Completion time: 2011-03-13 22:46:45 - machine was rebooted
ComboFix-quarantined-files.txt 2011-03-13 21:46
ComboFix2.txt 2011-03-13 18:48
ComboFix3.txt 2011-03-13 17:53
ComboFix4.txt 2011-03-13 17:31
.
Pre-Run: 28 991 016 960 bytes free
Post-Run: 28 411 273 216 bytes free
.
- - End Of File - - 5849421AE2780FAA2D47FE7F14ECC77A

#14 Příspěvek od **vyosek** » 13 bře 2011 23:29

Aplikujte AVPTool dle tohoto navodu http://www.viry.cz/forum/viewtopic.php?f=29&t=58179 log pak sem

maker2807 · #15 Příspěvek od **maker2807** » 14 bře 2011 20:48

AVP Tool nič nenašiel (neviem, či to je dobré alebo zlé)... v logu je len toto:

Automatická kontrola: dokončeno před 2 min. (události: 2, objekty: 358790, čas: 07:17:34)
14. 3. 2011 13:26:10 Úloha byla spuštěna
14. 3. 2011 20:43:44 Úloha byla dokončena

VIRY.CZ

"Nesmrteľný" Win32/Sality.NAM

"Nesmrteľný" Win32/Sality.NAM

Re: "Nesmrteľný" Win32/Sality.NAM

Re: "Nesmrteľný" Win32/Sality.NAM

Re: "Nesmrteľný" Win32/Sality.NAM

Re: "Nesmrteľný" Win32/Sality.NAM

Re: "Nesmrteľný" Win32/Sality.NAM

Re: "Nesmrteľný" Win32/Sality.NAM

Re: "Nesmrteľný" Win32/Sality.NAM

Re: "Nesmrteľný" Win32/Sality.NAM

Re: "Nesmrteľný" Win32/Sality.NAM

Re: "Nesmrteľný" Win32/Sality.NAM

Re: "Nesmrteľný" Win32/Sality.NAM

Re: "Nesmrteľný" Win32/Sality.NAM

Re: "Nesmrteľný" Win32/Sality.NAM

Re: "Nesmrteľný" Win32/Sality.NAM