Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

Nejdou spustit některé .exe soubory..

Máte problém s virem? Vložte sem log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Zpráva
Autor
majkl655
Návštěvník
Návštěvník
Příspěvky: 37
Registrován: 30 srp 2011 13:24

Nejdou spustit některé .exe soubory..

#1 Příspěvek od majkl655 »

Zdravim
Prohledal jsem tu už několik témat s tímto problémem ...
Tento problém se mi stal když jsem jen tak byl na internetu (nevim co jsem měl puštěný přesně ale bylo toho dost)..Totálně se mi zaseknul počítač,zrestartoval jsem ho..A najednou to nešlo..Nechápu to... :?:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:20:10, on 30.8.2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v7.00 (7.00.6002.18005)
Boot mode: Normal

Running processes:
C:\PROGRA~1\ASUS\AISUIT~1\AiGear3\CPUPOW~1.EXE
C:\PROGRA~2\DivX\DIVXUP~1\DIVXUP~1.EXE
C:\PROGRA~1\AVASTS~1\Avast\AvastUI.exe
C:\PROGRA~2\Intel\INTELM~1\IAAnotif.exe
C:\Program Files (x86)\ASUS\AASP\1.00.40\aaCenter.exe
C:\PROGRA~2\BITTOR~1\BITTOR~1.EXE
C:\PROGRA~2\DAEMON~1\DTLite.exe
C:\PROGRA~2\Hamachi\hamachi.exe
C:\PROGRA~2\ICQ7.5\ICQ.exe
C:\PROGRA~2\MOZILL~1\firefox.exe
C:\PROGRA~2\MOZILL~1\plugin-container.exe
C:\Users\ADMINI~1\AppData\Local\Temp\winpbebwb.exe
C:\Users\ADMINI~1\AppData\Local\Temp\winkjvvfb.exe
D:\HIJACK~1.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource= ... =CT1750559
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bigseekpro.com/pivotstickfig ... A6D93936BD}
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: ToolbarURLSearchHook Class - {CA3EB689-8F09-4026-AA10-B9534C691CE0} - C:\Program Files (x86)\Pivot Stickfigure Toolbar\tbhelper.dll
R3 - URLSearchHook: (no name) - {9a29aeac-5ebd-407c-b5e2-144157d51936} - (no file)
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files (x86)\BS_Player\tbBS_P.dll
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: (no name) - {9a29aeac-5ebd-407c-b5e2-144157d51936} - (no file)
O2 - BHO: SMTTB2009 - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files (x86)\Pivot Stickfigure Toolbar\tbcore3.dll
O2 - BHO: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files (x86)\BS_Player\tbBS_P.dll
O3 - Toolbar: Pivot Stickfigure Toolbar - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Program Files (x86)\Pivot Stickfigure Toolbar\tbcore3.dll
O3 - Toolbar: (no name) - {9a29aeac-5ebd-407c-b5e2-144157d51936} - (no file)
O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files (x86)\BS_Player\tbBS_P.dll
O4 - HKLM\..\Run: [CPU Power Monitor] "C:\Program Files\ASUS\Ai Suite\AiGear3\CpuPowerMonitor.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [4StoryPrePatch] "D:\Program Files (x86)\Gameforge4D\4Story\PrePatch.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Google Update] "C:\Users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [WeatherBugAlert] "C:\Program Files (x86)\AWS\WeatherBug Alert\WeatherBugAlert.exe" /st
O4 - HKCU\..\Run: [System Smart Security] "C:\ProgramData\b7c20c\SSb7c_2140.exe" /s /d
O4 - HKCU\..\Run: [EA Core] "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent
O4 - HKCU\..\Run: [BitTorrent] "C:\PROGRA~2\BITTOR~1\BITTOR~1.EXE"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\PROGRA~2\DAEMON~1\DTLite.exe" -autorun
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [ICQ] "C:\Program Files (x86)\ICQ7.5\ICQ.exe" silent loginmode=4
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: hamachi.lnk = C:\Program Files (x86)\Hamachi\hamachi.exe
O4 - Global Startup: AutoClicker.lnk = C:\AutoClickExtreme\AutoClicker.exe
O4 - Global Startup: DynDNS Updater Tray Icon.lnk = C:\Program Files (x86)\DynDNS Updater\DynTray.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O9 - Extra button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/pub/s ... wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{17C5919F-1FA8-487F-90AF-5F9E31C2B18C}: NameServer = 216.146.35.35,216.146.36.36
O17 - HKLM\System\CCS\Services\Tcpip\..\{FF7DD46C-4A79-4268-A3DE-EF61F58CF371}: NameServer = 216.146.35.35,216.146.36.36
O17 - HKLM\System\CS1\Services\Tcpip\..\{17C5919F-1FA8-487F-90AF-5F9E31C2B18C}: NameServer = 216.146.35.35,216.146.36.36
O17 - HKLM\System\CS7\Services\Tcpip\..\{17C5919F-1FA8-487F-90AF-5F9E31C2B18C}: NameServer = 216.146.35.35,216.146.36.36
O17 - HKLM\System\CS8\Services\Tcpip\..\{17C5919F-1FA8-487F-90AF-5F9E31C2B18C}: NameServer = 216.146.35.35,216.146.36.36
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Skype Recorder\Skype4COM.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Unknown owner - C:\Windows\system32\AEADISRV.EXE (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: DynDNS Updater - Dynamic Network Services, Inc. - C:\Program Files (x86)\DynDNS Updater\DynUpSvc.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (X86)\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: mysql - Unknown owner - c:\xampp\mysql\bin\mysqld.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: NVIDIA Performance Driver Service - Unknown owner - C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: TeamViewer 5 (TeamViewer5) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: wampapache - Unknown owner - D:\wamp\bin\apache\apache2.2.11\bin\httpd.exe (file missing)
O23 - Service: wampmysqld - Unknown owner - D:\wamp\bin\mysql\mysql5.1.36\bin\mysqld.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 11059 bytes

Uživatelský avatar
vyosek
VIP
VIP
Příspěvky: 56373
Registrován: 07 lis 2006 15:24
Bydliště: Šalingrad - Brno

Re: Nejdou spustit některé .exe soubory..

#2 Příspěvek od vyosek »

Zdravim, pekne odpoledne preji a vitam vas u nas na foru :welcome:

:arrow: Pokud jste tak neucinil, tak si prosim prectete pravidla fora

:arrow: Nasledne vas poprosim o log z RSIT - viz muj podpis ci pravidla sekce - je podrobnejsi nez HJT
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen Obrázek od 1. února 2011.

majkl655
Návštěvník
Návštěvník
Příspěvky: 37
Registrován: 30 srp 2011 13:24

Re: Nejdou spustit některé .exe soubory..

#3 Příspěvek od majkl655 »

Přečteno :)
Tady to máte :wink:
Logfile of random's system information tool 1.09 (written by random/random)
Run by Administrator at 2011-08-30 14:40:25
Microsoft® Windows Vista™ Ultimate Service Pack 2
System drive C: has 5 GB (7%) free of 71 GB
Total RAM: 8190 MB (74% free)


======Listing Processes======

\SystemRoot\System32\smss.exe
C:\Windows\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
wininit.exe
C:\Windows\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
winlogon.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe -session -first
C:\Windows\system32\svchost.exe -k NetworkService
"C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
C:\PROGRA~1\ASUS\AISUIT~1\AiGear3\CPUPOW~1.EXE
C:\PROGRA~2\DivX\DIVXUP~1\DIVXUP~1.EXE /CHECKNOW
C:\PROGRA~1\AVASTS~1\Avast\AvastUI.exe /nogui
C:\PROGRA~2\Intel\INTELM~1\IAAnotif.exe
C:\PROGRA~1\WICC9F~1\sidebar.exe /autoRun
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
taskeng.exe {BF5D8298-95FD-4C87-A8F6-1505242554ED}
C:\PROGRA~1\WINDOW~3\MSASCui.exe -hide
"C:\Program Files (x86)\ASUS\AASP\1.00.40\aaCenter.exe"
C:\PROGRA~2\BITTOR~1\BITTOR~1.EXE
C:\PROGRA~2\DAEMON~1\DTLite.exe -autorun
C:\PROGRA~1\WICC9F~1\sidebar.exe /autoRun
C:\PROGRA~2\Hamachi\hamachi.exe
taskeng.exe {D03B7D34-7026-4F1F-B989-56EE46CE55E9}
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
C:\Windows\system32\AEADISRV.EXE
"C:\Program Files (X86)\Intel\Intel Matrix Storage Manager\Iaantmon.exe"
"C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe"
C:\PROGRA~2\ICQ7.5\ICQ.exe updatesrp=0:0:0:0
c:\xampp\mysql\bin\mysqld.exe --defaults-file=c:\xampp\mysql\bin\my.ini mysql
"C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe"
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe"
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe" -service
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Windows\system32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:\UMDFCommunicationPorts\WUDF\HostProcess-0e3fce82-003f-4025-ab70-ec59bafc77a2 -SystemEventPortName:\UMDFCommunicationPorts\WUDF\HostProcess-682cd062-9eee-47c3-90e5-45f1d20bf23b -IoCancelEventPortName:\UMDFCommunicationPorts\WUDF\HostProcess-27fb9738-5655-49d9-8659-7d8f1f955e9f -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:91d5e69e-6931-42ab-a757-ed9b05b303ba
"C:\Program Files (x86)\DynDNS Updater\DynUpSvc.exe"
"C:\Program Files\Windows Media Player\wmpnscfg.exe"
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
C:\PROGRA~2\MOZILL~1\firefox.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\mobsync.exe -Embedding
"C:\PROGRA~2\MOZILL~1\plugin-container.exe" --channel=5080.dbcc010.520975040 "C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll" - -greomni "C:\PROGRA~2\MOZILL~1\omni.jar" 5080 "\\.\pipe\gecko-crash-server-pipe.5080" plugin
C:\Users\ADMINI~1\AppData\Local\Temp\winpbebwb.exe
C:\Users\ADMINI~1\AppData\Local\Temp\winkjvvfb.exe
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe10_ Global\UsGthrCtrlFltPipeMssGthrPipe10 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Windows\system32\SearchFilterHost.exe" 0 668 672 680 65536 676
D:\RSITx64.exe
C:\PROGRA~1\TRENDM~1\ADMINI~1.EXE /silentautolog

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1052879530-2571350418-974908233-500Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1052879530-2571350418-974908233-500UA.job
C:\Windows\tasks\User_Feed_Synchronization-{B97A25D9-03BE-46A8-B934-C7C86E756055}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}]
avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2011-05-10 977472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-07-16 49440]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2011-06-06 63912]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
Conduit Engine - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll [2011-01-17 175912]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{326E768D-4182-46FD-9C16-1449A49795F4}]
DivX Plus Web Player HTML5 <video> - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll [2011-05-23 115072]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2011-05-10 819840]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9a29aeac-5ebd-407c-b5e2-144157d51936}]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}]
SMTTB2009 Class - C:\Program Files (x86)\Pivot Stickfigure Toolbar\tbcore3.dll [2010-02-16 2495488]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
BS Player Toolbar - C:\Program Files (x86)\BS_Player\tbBS_P.dll [2010-11-29 3908192]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{32099AAC-C132-4136-9E9A-4E364A424E17} - DAEMON Tools Toolbar - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll []
{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2011-05-10 977472]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{338B4DFE-2E2C-4338-9E41-E176D497299E} - Pivot Stickfigure Toolbar - C:\Program Files (x86)\Pivot Stickfigure Toolbar\tbcore3.dll [2010-02-16 2495488]
{9a29aeac-5ebd-407c-b5e2-144157d51936}
{30F9B915-B755-4826-820B-08FBA6BD249D} - Conduit Engine - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll [2011-01-17 175912]
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2011-05-10 819840]
{855F3B16-6D32-4FE6-8A56-BBB695989046} - ICQToolBar - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll [2010-11-21 1054520]
{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - BS Player Toolbar - C:\Program Files (x86)\BS_Player\tbBS_P.dll [2010-11-29 3908192]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-19 1584184]
"nwiz"=C:\Program Files\NVIDIA Corporation\nView\nwiz.exe [2010-08-26 1875048]
"IAAnotif"=C:\Program Files (X86)\Intel\Intel Matrix Storage Manager\Iaanotif.exe [2011-08-30 174872]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-04-11 1555968]
"Google Update"=C:\Users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-30 255472]
"WeatherBugAlert"=C:\Program Files (x86)\AWS\WeatherBug Alert\WeatherBugAlert.exe /st []
"System Smart Security"=C:\ProgramData\b7c20c\SSb7c_2140.exe /s /d []
"EA Core"=C:\Program Files (x86)\Electronic Arts\EADM\Core.exe -silent []
"BitTorrent"=C:\PROGRA~2\BITTOR~1\BITTOR~1.EXE [2011-08-30 483192]
"DAEMON Tools Lite"=C:\PROGRA~2\DAEMON~1\DTLite.exe [2011-08-30 4980544]
"WMPNSCFG"=C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe []
"ICQ"=C:\Program Files (x86)\ICQ7.5\ICQ.exe [2011-08-30 194112]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"CPU Power Monitor"=C:\Program Files\ASUS\Ai Suite\AiGear3\CpuPowerMonitor.exe [2007-09-06 707584]
"SoundMAXPnP"=C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe [2011-08-30 1220096]
"avast"=C:\Program Files\AVAST Software\Avast\avastUI.exe [2011-05-10 3459712]
"DivXUpdate"=C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [2011-08-30 1312624]
"4StoryPrePatch"=D:\Program Files (x86)\Gameforge4D\4Story\PrePatch.exe []

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
AutoClicker.lnk - C:\AutoClickExtreme\AutoClicker.exe
DynDNS Updater Tray Icon.lnk - C:\Program Files (x86)\DynDNS Updater\DynTray.exe

C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
hamachi.lnk - C:\Program Files (x86)\Hamachi\hamachi.exe

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=1
"DisableRegistryTools"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorUser"=2
"EnableLUA"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"DisallowRun"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0
"BindDirectlyToPropertySetStorage"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"VIDC.FPS1"=frapsv64.dll
"wave1"=wdmaud.drv
"mixer1"=wdmaud.drv
"wave2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave3"=wdmaud.drv
"mixer3"=wdmaud.drv
"midi1"=wdmaud.drv

======File associations======

.exe - open - C:\Windows\svchost.com "%1" %*
.js - edit -
.js - open -

======List of files/folders created in the last 1 month======

2011-08-30 14:40:25 ----D---- C:\rsit
2011-08-30 14:40:25 ----D---- C:\Program Files\trend micro
2011-08-30 13:32:00 ----A---- C:\Windows\svchost.com
2011-08-30 10:04:38 ----D---- C:\Windows\Microsoft_app
2011-08-29 20:52:35 ----A---- C:\Windows\directx.sys
2011-08-29 00:36:56 ----D---- C:\FR
2011-08-28 12:06:09 ----D---- C:\Nová složka (2)
2011-08-28 11:48:12 ----D---- C:\Nová složka
2011-08-28 11:43:38 ----D---- C:\tutorial
2011-08-28 11:39:07 ----A---- C:\m2.exe
2011-08-28 11:39:07 ----A---- C:\Extraction Helper .exe
2011-08-28 11:39:07 ----A---- C:\Archiver Helper.exe
2011-08-28 11:39:06 ----RD---- C:\system
2011-08-28 11:29:03 ----D---- C:\extract
2011-08-28 11:27:30 ----D---- C:\Source
2011-08-28 11:25:28 ----A---- C:\Easy File Extract0r by Eddy² 4 epvp.exe
2011-08-27 12:33:00 ----D---- C:\ProgramData\DynDNS
2011-08-24 12:13:49 ----D---- C:\Users\Administrator\AppData\Roaming\SynthMaker
2011-08-24 11:50:25 ----D---- C:\Users\Administrator\AppData\Roaming\.minecraft
2011-08-24 11:23:28 ----A---- C:\Windows\SYSWOW64\tzres.dll
2011-08-24 11:23:28 ----A---- C:\Windows\system32\tzres.dll
2011-08-24 01:31:02 ----D---- C:\Program Files\Yamaha
2011-08-24 01:26:14 ----D---- C:\Program Files (x86)\YAMAHA
2011-08-21 16:13:32 ----D---- C:\Eddy2
2011-08-20 13:39:26 ----A---- C:\Game-Tool.exe
2011-08-20 11:45:01 ----A---- C:\MT2ExpMod_1.1.0.0(1).exe
2011-08-19 22:08:15 ----D---- C:\Program Files (x86)\ConTEXT
2011-08-19 14:49:00 ----A---- C:\MT2ExpMod_1.2.0.0(1).exe
2011-08-19 13:33:05 ----A---- C:\EXP Edit.exe
2011-08-19 13:32:35 ----D---- C:\Users\Administrator\AppData\Roaming\expedit
2011-08-19 13:32:27 ----RD---- C:\EXP Edit
2011-08-19 13:32:27 ----D---- C:\Free_UPX
2011-08-18 22:57:26 ----D---- C:\Users\Administrator\AppData\Roaming\EditPlus 3
2011-08-18 22:57:26 ----D---- C:\Program Files (x86)\EditPlus 3
2011-08-18 22:31:54 ----A---- C:\MT2ExpMod_1.2.0.0.exe
2011-08-18 22:12:06 ----A---- C:\EXP_Edit_v1.5_by_Eddy².exe
2011-08-18 00:08:44 ----D---- C:\Program Files (x86)\DynDNS Updater
2011-08-16 21:28:15 ----D---- C:\Program Files (x86)\Conduit
2011-08-16 21:28:14 ----D---- C:\Program Files (x86)\BS_Player
2011-08-16 21:28:10 ----D---- C:\Users\Administrator\AppData\Roaming\BSplayer Pro
2011-08-16 21:28:10 ----D---- C:\Users\Administrator\AppData\Roaming\BSplayer
2011-08-16 21:28:10 ----D---- C:\Program Files (x86)\Webteh
2011-08-16 17:54:10 ----D---- C:\hl2
2011-08-16 12:17:27 ----D---- C:\Program Files (x86)\GIMP-2.0
2011-08-15 17:45:02 ----D---- C:\Program Files\Peter
2011-08-13 12:05:05 ----A---- C:\Windows\system32\drivers\dtsoftbus01.sys
2011-08-10 10:37:38 ----A---- C:\Windows\SYSWOW64\xmllite.dll
2011-08-10 10:37:38 ----A---- C:\Windows\system32\xmllite.dll
2011-08-10 10:37:38 ----A---- C:\Windows\system32\winsrv.dll
2011-08-10 10:37:38 ----A---- C:\Windows\system32\drivers\mrxsmb10.sys
2011-08-10 10:37:37 ----A---- C:\Windows\system32\drivers\tcpip.sys
2011-08-10 10:37:18 ----A---- C:\Windows\system32\ntoskrnl.exe
2011-08-10 10:37:16 ----A---- C:\Windows\system32\wininet.dll
2011-08-10 10:37:16 ----A---- C:\Windows\system32\mshtml.dll
2011-08-10 10:37:15 ----A---- C:\Windows\SYSWOW64\wininet.dll
2011-08-10 10:37:15 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2011-08-10 10:37:15 ----A---- C:\Windows\SYSWOW64\url.dll
2011-08-10 10:37:15 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2011-08-10 10:37:15 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2011-08-10 10:37:15 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2011-08-10 10:37:15 ----A---- C:\Windows\system32\urlmon.dll
2011-08-10 10:37:15 ----A---- C:\Windows\system32\url.dll
2011-08-10 10:37:15 ----A---- C:\Windows\system32\mshtmled.dll
2011-08-10 10:37:15 ----A---- C:\Windows\system32\iertutil.dll
2011-08-10 10:37:15 ----A---- C:\Windows\system32\ieframe.dll
2011-08-10 10:37:14 ----A---- C:\Windows\SYSWOW64\mstime.dll
2011-08-10 10:37:14 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2011-08-10 10:37:14 ----A---- C:\Windows\SYSWOW64\iepeers.dll
2011-08-10 10:37:14 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2011-08-10 10:37:14 ----A---- C:\Windows\SYSWOW64\ieapfltr.dll
2011-08-10 10:37:14 ----A---- C:\Windows\system32\mstime.dll
2011-08-10 10:37:14 ----A---- C:\Windows\system32\msfeeds.dll
2011-08-10 10:37:14 ----A---- C:\Windows\system32\iepeers.dll
2011-08-10 10:37:14 ----A---- C:\Windows\system32\ieapfltr.dll
2011-08-07 14:33:15 ----D---- C:\Program Files (x86)\RTF Viewer
2011-08-05 19:22:19 ----D---- C:\Program Files\Tracker Software
2011-08-05 12:19:10 ----D---- C:\Program Files (x86)\ICQ6Toolbar
2011-08-05 12:19:06 ----D---- C:\ProgramData\ICQ
2011-08-05 12:18:34 ----D---- C:\Users\Administrator\AppData\Roaming\ICQ
2011-08-05 12:18:30 ----D---- C:\Program Files (x86)\ICQ7.5
2011-08-04 18:46:54 ----D---- C:\Program Files\Valve
2011-08-04 18:42:05 ----ASH---- C:\pagefile.sys

======List of files/folders modified in the last 1 month======

2011-08-30 14:40:30 ----D---- C:\Windows\Temp
2011-08-30 14:40:25 ----RD---- C:\Program Files
2011-08-30 14:38:54 ----D---- C:\Users\Administrator\AppData\Roaming\Hamachi
2011-08-30 14:30:40 ----D---- C:\Users\Administrator\AppData\Roaming\BitTorrent
2011-08-30 14:04:43 ----D---- C:\Windows\System32
2011-08-30 14:04:43 ----D---- C:\Windows\inf
2011-08-30 14:04:43 ----A---- C:\Windows\system32\PerfStringBackup.INI
2011-08-30 13:58:35 ----D---- C:\ProgramData\NVIDIA
2011-08-30 13:33:55 ----RAS---- C:\BOOTSECT.BAK
2011-08-30 13:33:45 ----SHD---- C:\Boot
2011-08-30 13:32:00 ----D---- C:\Windows
2011-08-30 13:24:16 ----D---- C:\AutoClickExtreme
2011-08-29 21:32:10 ----D---- C:\Users\Administrator\AppData\Roaming\Skype
2011-08-29 17:15:34 ----D---- C:\Windows\system32\WDI
2011-08-29 15:20:11 ----D---- C:\Users\Administrator\AppData\Roaming\FileZilla
2011-08-28 01:07:31 ----D---- C:\Users\Administrator\AppData\Roaming\uTorrent
2011-08-27 16:54:18 ----D---- C:\Program Files (x86)\Mozilla Firefox
2011-08-27 13:27:05 ----D---- C:\Windows\Tasks
2011-08-27 13:27:05 ----D---- C:\Windows\system32\Tasks
2011-08-27 12:33:00 ----HD---- C:\ProgramData
2011-08-26 23:36:20 ----D---- C:\Windows\system32\NDF
2011-08-26 09:53:36 ----SHD---- C:\System Volume Information
2011-08-25 11:59:24 ----D---- C:\Windows\rescache
2011-08-25 01:45:43 ----D---- C:\Windows\winsxs
2011-08-25 01:45:40 ----D---- C:\Windows\SYSWOW64\cs-CZ
2011-08-25 01:45:40 ----D---- C:\Windows\SysWOW64
2011-08-25 01:45:40 ----D---- C:\Windows\system32\cs-CZ
2011-08-24 11:22:32 ----D---- C:\Windows\system32\catroot2
2011-08-24 11:22:32 ----D---- C:\Windows\system32\catroot
2011-08-24 01:31:21 ----SHD---- C:\Windows\Installer
2011-08-24 01:31:18 ----D---- C:\Windows\system32\drivers
2011-08-24 01:26:14 ----RD---- C:\Program Files (x86)
2011-08-24 01:26:14 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2011-08-18 07:59:36 ----D---- C:\Windows\Minidump
2011-08-16 21:28:15 ----RD---- C:\Users
2011-08-15 16:33:55 ----RSD---- C:\Windows\Fonts
2011-08-13 12:10:22 ----D---- C:\Program Files (x86)\PhotoFiltre Studio X
2011-08-13 12:05:05 ----D---- C:\Program Files (x86)\DAEMON Tools Lite
2011-08-13 12:00:32 ----RSD---- C:\Windows\assembly
2011-08-13 10:57:17 ----D---- C:\Windows\Prefetch
2011-08-11 13:42:47 ----D---- C:\ProgramData\Electronic Arts
2011-08-10 21:18:50 ----D---- C:\Windows\Microsoft.NET
2011-08-10 20:30:41 ----D---- C:\Program Files\Windows Mail
2011-08-10 20:30:41 ----D---- C:\Program Files (x86)\Windows Mail
2011-08-10 20:10:40 ----A---- C:\Windows\system32\MRT.INI
2011-08-10 20:08:36 ----A---- C:\Windows\system32\mrt.exe
2011-08-05 18:07:05 ----SD---- C:\Windows\Downloaded Program Files
2011-08-05 09:59:58 ----A---- C:\Windows\win.ini
2011-08-04 21:51:06 ----D---- C:\Program Files\Zrychleni Pocitace

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 fvevol;BitLocker Drive Encryption Filter Driver; C:\Windows\System32\DRIVERS\fvevol.sys [2009-04-11 160744]
R0 iaStor;Intel RAID Controller; C:\Windows\system32\DRIVERS\iaStor.sys [2007-03-21 381720]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2011-08-13 526392]
R1 AsIO;AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [2006-10-18 13632]
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr.sys [2011-05-10 31064]
R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2011-05-10 600920]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2011-05-10 287576]
R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2011-05-10 53592]
R1 VBoxDrv;VirtualBox Service; C:\Windows\system32\DRIVERS\VBoxDrv.sys [2009-12-17 193232]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver; C:\Windows\system32\DRIVERS\VBoxUSBMon.sys [2009-12-17 53264]
R2 adfs;adfs; C:\Windows\system32\drivers\adfs.sys [2008-06-27 88632]
R2 aswFsBlk;aswFsBlk; C:\Windows\system32\drivers\aswFsBlk.sys [2011-05-10 22360]
R2 aswMonFlt;aswMonFlt; \??\C:\Windows\system32\drivers\aswMonFlt.sys [2011-05-10 64344]
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\ADIHdAud.sys [2007-07-18 432640]
R3 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2011-08-13 270912]
R3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2011-07-16 33344]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\Windows\system32\DRIVERS\ASACPI.sys [2006-10-31 15680]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2010-09-02 12500840]
R3 teamviewervpn;TeamViewer VPN Adapter; C:\Windows\system32\DRIVERS\teamviewervpn.sys [2009-11-09 35112]
R3 VBoxNetFlt;VBoxNetFlt Service; C:\Windows\system32\DRIVERS\VBoxNetFlt.sys [2009-12-17 165200]
R3 VCSVADHWSer;Avnex Virtual Audio Device (WDM); C:\Windows\system32\DRIVERS\vcsvad.sys [2008-12-10 21504]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-18 108544]
R3 yukonx64;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller; C:\Windows\system32\DRIVERS\yk60x64.sys [2007-05-24 335872]
S3 amfpe27y;amfpe27y; C:\Windows\system32\drivers\amfpe27y.sys []
S3 drmkaud;Dekodér zvuků DRM jádra společnosti Microsoft; C:\Windows\system32\drivers\drmkaud.sys [2006-11-02 6144]
S3 EagleX64;EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys []
S3 HdAudAddService;Ovladač funkce Microsoft 1.1 UAA pro službu zvuku High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 273920]
S3 MSKSSRV;Server proxy služby datových proudů Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-18 11008]
S3 MSPCLOCK;Server proxy hodin datových proudů Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2006-11-02 7040]
S3 MSPQM;Server proxy správce kvality datových proudů Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2006-11-02 6656]
S3 MSTEE;Konvertor jímka-jímka typu T datových proudů Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2008-01-18 7936]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter; C:\Windows\system32\DRIVERS\VBoxNetAdp.sys [2009-12-17 145360]
S3 YMIDUSBW;Yamaha USB-MIDI Driver (WDM); C:\Windows\system32\drivers\ymidusbx64.sys [2011-01-31 49256]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
R2 AEADIFilters;Andrea ADI Filters Service; C:\Windows\system32\AEADISRV.EXE [2007-06-07 89088]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2011-05-10 42184]
R2 DynDNS Updater;DynDNS Updater; C:\Program Files (x86)\DynDNS Updater\DynUpSvc.exe [2011-04-15 93048]
R2 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-19 27648]
R2 IAANTMON;Intel(R) Matrix Storage Event Monitor; C:\Program Files (X86)\Intel\Intel Matrix Storage Manager\Iaantmon.exe [2007-03-21 355096]
R2 ICQ Service;ICQ Service; C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe [2010-11-21 247608]
R2 mysql;mysql; c:\xampp\mysql\bin\mysqld.exe [2010-12-03 8133120]
R2 NVIDIA Performance Driver Service;NVIDIA Performance Driver Service; C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe [2008-12-11 4297728]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2010-09-01 159336]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service; C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-09-01 235624]
R2 TeamViewer5;TeamViewer 5; C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe [2009-12-17 185640]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 wampapache;wampapache; D:\wamp\bin\apache\apache2.2.11\bin\httpd.exe -k runservice []
S3 NMIndexingService;NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe []
S3 PerfHost;@%systemroot%\sysWow64\perfhost.exe,-2; C:\Windows\SysWow64\perfhost.exe [2008-01-18 19968]
S3 wampmysqld;wampmysqld; D:\wamp\bin\mysql\mysql5.1.36\bin\mysqld.exe wampmysqld []
S3 WPFFontCache_v0400;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 1020768]

-----------------EOF-----------------

Uživatelský avatar
vyosek
VIP
VIP
Příspěvky: 56373
Registrován: 07 lis 2006 15:24
Bydliště: Šalingrad - Brno

Re: Nejdou spustit některé .exe soubory..

#4 Příspěvek od vyosek »

:arrow: Cela zoo i s babkou pokladni se tam vali :arcisit:

:arrow: Doporucuji odinstalovat (pokud nepouzivate) toolbary (listy prohlizecu) v Přidat nebo odebrat programy

:arrow: Stahnete na plochu CKScanner
  • Spustte a kliknete na Search for files
  • Po dokonceni skenu kliknete na Save List to File a nasledne OK
  • Na plose se Vam vytvori log s nazvem ckfiles.txt, jeho obsah mi sem vlozte
:arrow: Aplikujte exeHelper by Raktor :arrow: Stahnete RogueKiller http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe
  • Ukoncete vsechny programy
  • Pokud pouzivate Win Vista ci W7, kliknete na RogueKiller pravym a dejte Run As Administrator ci Spustit jako spravce
  • Zvolte moznost 2 a potvrte enterem
  • Utilita provede svou cinnost a da log - ten sem vlozte
  • Nyni znovu, ale zvolte moznost 3 - log opet vlozte
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen Obrázek od 1. února 2011.

majkl655
Návštěvník
Návštěvník
Příspěvky: 37
Registrován: 30 srp 2011 13:24

Re: Nejdou spustit některé .exe soubory..

#5 Příspěvek od majkl655 »

Jasný jasný :D
Takže CKScanner ->
CKScanner - Additional Security Risks - These are not necessarily bad
c:\fr\source\ymir work\effect\etc\firecracker\christmas_merry.dds
c:\fr\source\ymir work\effect\etc\firecracker\find_out.mse
c:\fr\source\ymir work\effect\etc\firecracker\firecracker.dds
c:\fr\source\ymir work\effect\etc\firecracker\firecracker.mde
c:\fr\source\ymir work\effect\etc\firecracker\firecracker_1.mse
c:\fr\source\ymir work\effect\etc\firecracker\firecracker_1.msf
c:\fr\source\ymir work\effect\etc\firecracker\firecracker_2.mse
c:\fr\source\ymir work\effect\etc\firecracker\firecracker_2.msf
c:\fr\source\ymir work\effect\etc\firecracker\firecracker_3.mse
c:\fr\source\ymir work\effect\etc\firecracker\firecracker_3.msf
c:\fr\source\ymir work\effect\etc\firecracker\firecracker_4.mse
c:\fr\source\ymir work\effect\etc\firecracker\firecracker_4.msf
c:\fr\source\ymir work\effect\etc\firecracker\firecracker_5.mse
c:\fr\source\ymir work\effect\etc\firecracker\firecracker_5.msf
c:\fr\source\ymir work\effect\etc\firecracker\firecracker_6.mse
c:\fr\source\ymir work\effect\etc\firecracker\firecracker_6.msf
c:\fr\source\ymir work\effect\etc\firecracker\firecracker_fly.mse
c:\fr\source\ymir work\effect\etc\firecracker\firecracker_w.dds
c:\fr\source\ymir work\effect\etc\firecracker\firecracker_xmas.mse
c:\fr\source\ymir work\effect\etc\firecracker\firecracker_xmas.msf
c:\fr\source\ymir work\effect\etc\firecracker\newyear_firecracker.mse
c:\fr\source\ymir work\effect\etc\firecracker\paing_i.dds
c:\fr\source\ymir work\effect\etc\firecracker\paing_i.mde
c:\fr\source\ymir work\effect\etc\firecracker\paing_i.mse
c:\hl2\materials\glass\glasswindow018a_cracked.vmt
c:\hl2\materials\glass\glasswindow018a_cracked.vtf
c:\program files (x86)\gimp-2.0\share\gimp\2.0\patterns\cracked.pat
c:\users\administrator\downloads\hl2\materials\glass\glasswindow018a_cracked.vmt
c:\users\administrator\downloads\hl2\materials\glass\glasswindow018a_cracked.vtf
scanner sequence 3.ZZ.11.UQAPOR
----- EOF -----

RogueKiller 2-> :)

RogueKiller V5.3.3 [08/18/2011] by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-toile.com/discussion- ... ntees.html

Operating System: Windows Vista (6.0.6002 Service Pack 2) 64 bits version
Started in : Normal mode
User: Administrator [Admin rights]
Mode: Remove -- Date : 08/30/2011 14:54:09

Bad processes: 0

Registry Entries: 7
[SUSP PATH] HKCU\[...]\Run : System Smart Security ("C:\ProgramData\b7c20c\SSb7c_2140.exe" /s /d) -> DELETED
[HJPOL] HKCU\[...]\System : DisableTaskMgr (1) -> DELETED
[HJPOL] HKCU\[...]\System : DisableRegistryTools (1) -> DELETED
[HJPOL] HKCU\[...]\Explorer : DisallowRun (1) -> DELETED
[HJ] HKLM\[...]\System : EnableLUA (0) -> REPLACED (1)
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

Particular Files / Folders:

HOSTS File:


Finished : << RKreport[1].txt >>
RKreport[1].txt

RogueKiller 3 -> :)

RogueKiller V5.3.3 [08/18/2011] by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-toile.com/discussion- ... ntees.html

Operating System: Windows Vista (6.0.6002 Service Pack 2) 64 bits version
Started in : Normal mode
User: Administrator [Admin rights]
Mode: HOSTSFix -- Date : 08/30/2011 14:55:34

Bad processes: 0

HOSTS File:


Resetted HOSTS:
127.0.0.1 localhost

Finished : << RKreport[3].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt



exeHelper by Raktor
Bohužel žádný exehelperlog.txt se mi nevytvořil :?:

Uživatelský avatar
vyosek
VIP
VIP
Příspěvky: 56373
Registrován: 07 lis 2006 15:24
Bydliště: Šalingrad - Brno

Re: Nejdou spustit některé .exe soubory..

#6 Příspěvek od vyosek »

Nevadi, pujdem dale :)

:arrow: TFC http://oldtimer.geekstogo.com/TFC.exe
  • Stahnete a spustte
  • Kliknete na Start a potvrdte OK
  • Program uklidi a restartuje pc
  • Po pouziti utilitu smazte
PROSIM CTETE DUKLADNE NAVOD - TATO UTILITA MA VELKOU SCHOPNOST MAZAT A JE NUTNE JI APLIKOVAT JEN NA DOPORUCENI, JINAK VAM MUZE JIT SYSTEM DO KYTEK
:arrow: Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe
  • Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.
  • Pokud mate Win XP spustte pod uctem Spravce\Administratora
  • Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
  • Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
  • Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
  • Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
  • Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
  • Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte
  • Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen Obrázek od 1. února 2011.

majkl655
Návštěvník
Návštěvník
Příspěvky: 37
Registrován: 30 srp 2011 13:24

Re: Nejdou spustit některé .exe soubory..

#7 Příspěvek od majkl655 »

Tady to je :P

ComboFix 11-08-30.01 - Administrator 30.08.2011 15:19:27.1.4 - x64
Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1250.420.1029.18.8190.5908 [GMT 2:00]
Spuštěný z: D:\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Pivot Stickfigure Toolbar\tbHElper.dll
c:\programdata\b7c20c
c:\programdata\b7c20c\461.mof
c:\programdata\b7c20c\BackUp\AutoClicker.lnk
c:\programdata\b7c20c\BackUp\hamachi.lnk
c:\programdata\b7c20c\SSS.ico
c:\programdata\b7c20c\trz21D4.tmp
c:\programdata\b7c20c\trz4528.tmp
c:\programdata\b7c20c\trz6A09.tmp
c:\programdata\b7c20c\trz6F5E.tmp
c:\programdata\b7c20c\trz7BF2.tmp
c:\programdata\b7c20c\trzA521.tmp
c:\programdata\b7c20c\trzAD9D.tmp
c:\programdata\b7c20c\trzB48F.tmp
c:\programdata\b7c20c\trzB527.tmp
c:\programdata\b7c20c\trzC8DB.tmp
c:\programdata\b7c20c\trzD0B9.tmp
c:\programdata\b7c20c\trzDEF8.tmp
c:\programdata\b7c20c\trzE18A.tmp
c:\programdata\b7c20c\trzE354.tmp
c:\programdata\b7c20c\trzECE8.tmp
c:\programdata\b7c20c\trzF92C.tmp
c:\users\Administrator\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\System Smart Security.lnk
c:\users\Administrator\AppData\Roaming\Microsoft\Windows\Recent\ANTIGEN.dll
c:\users\Administrator\AppData\Roaming\Microsoft\Windows\Recent\ANTIGEN.drv
c:\users\Administrator\AppData\Roaming\Microsoft\Windows\Recent\ANTIGEN.sys
c:\users\Administrator\AppData\Roaming\Microsoft\Windows\Recent\ANTIGEN.tmp
c:\users\Administrator\AppData\Roaming\Microsoft\Windows\Recent\cid.dll
c:\users\Administrator\AppData\Roaming\Microsoft\Windows\Recent\cid.tmp
c:\users\Administrator\AppData\Roaming\Microsoft\Windows\Recent\CLSV.drv
c:\users\Administrator\AppData\Roaming\Microsoft\Windows\Recent\DBOLE.drv
c:\users\Administrator\AppData\Roaming\Microsoft\Windows\Recent\ddv.dll
c:\users\Administrator\AppData\Roaming\Microsoft\Windows\Recent\ddv.tmp
c:\users\Administrator\AppData\Roaming\Microsoft\Windows\Recent\delfile.sys
c:\users\Administrator\AppData\Roaming\Microsoft\Windows\Recent\dudl.drv
c:\users\Administrator\AppData\Roaming\Microsoft\Windows\Recent\eb.exe
c:\users\Administrator\AppData\Roaming\Microsoft\Windows\Recent\energy.drv
c:\users\Administrator\AppData\Roaming\Microsoft\Windows\Recent\energy.sys
c:\users\Administrator\AppData\Roaming\Microsoft\Windows\Recent\exec.dll
c:\users\Administrator\AppData\Roaming\Microsoft\Windows\Recent\exec.tmp
c:\users\Administrator\AppData\Roaming\Microsoft\Windows\Recent\fan.dll
c:\users\Administrator\AppData\Roaming\Microsoft\Windows\Recent\fan.drv
c:\users\Administrator\AppData\Roaming\Microsoft\Windows\Recent\fix.drv
c:\users\Administrator\AppData\Roaming\Microsoft\Windows\Recent\fix.tmp
c:\users\Administrator\AppData\Roaming\Microsoft\Windows\Recent\FS.drv
c:\users\Administrator\AppData\Roaming\Microsoft\Windows\Recent\FS.sys
c:\users\Administrator\AppData\Roaming\Microsoft\Windows\Recent\FW.exe
c:\users\Administrator\AppData\Roaming\Microsoft\Windows\Recent\hymt.dll
c:\users\Administrator\AppData\Roaming\Microsoft\Windows\Recent\kernel32.drv
c:\users\Administrator\AppData\Roaming\Microsoft\Windows\Recent\kernel32.exe
c:\users\Administrator\AppData\Roaming\Microsoft\Windows\Recent\kernel32.sys
c:\users\Administrator\AppData\Roaming\Microsoft\Windows\Recent\pal.exe
c:\users\Administrator\AppData\Roaming\Microsoft\Windows\Recent\pal.tmp
c:\users\Administrator\AppData\Roaming\Microsoft\Windows\Recent\PE.drv
c:\users\Administrator\AppData\Roaming\Microsoft\Windows\Recent\PE.exe
c:\users\Administrator\AppData\Roaming\Microsoft\Windows\Recent\PE.sys
c:\users\Administrator\AppData\Roaming\Microsoft\Windows\Recent\PE.tmp
c:\users\Administrator\AppData\Roaming\Microsoft\Windows\Recent\runddl.drv
c:\users\Administrator\AppData\Roaming\Microsoft\Windows\Recent\runddl.tmp
c:\users\Administrator\AppData\Roaming\Microsoft\Windows\Recent\runddlkey.dll
c:\users\Administrator\AppData\Roaming\Microsoft\Windows\Recent\runddlkey.tmp
c:\users\Administrator\AppData\Roaming\Microsoft\Windows\Recent\SICKBOY.tmp
c:\users\Administrator\AppData\Roaming\Microsoft\Windows\Recent\sld.drv
c:\users\Administrator\AppData\Roaming\Microsoft\Windows\Recent\sld.tmp
c:\users\Administrator\AppData\Roaming\Microsoft\Windows\Recent\snl2w.sys
c:\users\Administrator\AppData\Roaming\Microsoft\Windows\Recent\std.sys
c:\users\Administrator\AppData\Roaming\Microsoft\Windows\Recent\tjd.drv
c:\users\Administrator\AppData\Roaming\Microsoft\Windows\Recent\tjd.exe
c:\users\Administrator\AppData\Roaming\Microsoft\Windows\Recent\tjd.sys
c:\users\Administrator\AppData\Roaming\Microsoft\Windows\Recent\tjd.tmp
c:\users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Smart Security.lnk
c:\users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\System Smart Security.lnk
c:\users\Administrator\AppData\Roaming\System Smart Security
c:\users\Administrator\AppData\Roaming\System Smart Security\cookies.sqlite
c:\users\Administrator\AppData\Roaming\System Smart Security\Instructions.ini
c:\windows\directx.sys
c:\windows\svchost.com
c:\windows\system32\drivers\etc\host_new
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-07-28 do 2011-08-30 )))))))))))))))))))))))))))))))
.
.
2011-08-30 13:24 . 2011-08-30 13:24 -------- d-----w- c:\users\DZ\AppData\Local\temp
2011-08-30 13:24 . 2011-08-30 13:24 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-08-30 12:40 . 2011-08-30 12:40 -------- d-----w- C:\rsit
2011-08-30 12:40 . 2011-08-30 12:40 -------- d-----w- c:\program files\trend micro
2011-08-30 08:04 . 2011-08-30 08:04 -------- d-----w- c:\windows\Microsoft_app
2011-08-28 22:36 . 2011-08-28 23:00 -------- d-----w- C:\FR
2011-08-28 10:06 . 2011-08-28 10:11 -------- d-----w- C:\Nová složka (2)
2011-08-28 09:48 . 2011-08-28 10:06 -------- d-----w- C:\Nová složka
2011-08-28 09:43 . 2009-07-04 16:39 -------- d-----w- C:\tutorial
2011-08-28 09:39 . 2011-08-29 18:52 534528 ----a-w- C:\m2.exe
2011-08-28 09:39 . 2011-08-29 18:52 661865 ----a-w- C:\Extraction Helper .exe
2011-08-28 09:39 . 2011-08-29 18:52 214016 ----a-w- C:\Archiver Helper.exe
2011-08-28 09:39 . 2010-07-14 12:20 -------- d-----r- C:\system
2011-08-28 09:29 . 2011-08-28 09:30 -------- d-----w- C:\extract
2011-08-28 09:27 . 2011-08-28 09:29 -------- d-----w- C:\Source
2011-08-28 09:25 . 2010-04-12 17:01 551473 ----a-w-4 epvp.exe C:\EASYFI~1.EXE
2011-08-27 14:54 . 2011-08-29 18:52 874744 ----a-w- c:\program files (x86)\Mozilla Firefox\uninstall\helper.exe
2011-08-27 14:54 . 2011-08-29 18:52 430040 ----a-w- c:\program files (x86)\Mozilla Firefox\updater.exe
2011-08-27 14:54 . 2011-08-29 18:52 282584 ----a-w- c:\program files (x86)\Mozilla Firefox\crashreporter.exe
2011-08-27 14:54 . 2011-08-12 06:10 134104 ----a-w- c:\program files (x86)\Mozilla Firefox\components\browsercomps.dll
2011-08-27 10:33 . 2011-08-27 10:33 -------- d-----w- c:\programdata\DynDNS
2011-08-26 07:53 . 2011-08-12 04:10 8862544 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8B91D79F-96E2-495D-825A-11570A0492A5}\mpengine.dll
2011-08-24 10:13 . 2011-08-24 10:13 -------- d-----w- c:\users\Administrator\AppData\Roaming\SynthMaker
2011-08-24 09:50 . 2011-08-24 09:50 -------- d-----w- c:\users\Administrator\AppData\Roaming\.minecraft
2011-08-24 09:23 . 2011-07-11 13:45 2048 ----a-w- c:\windows\system32\tzres.dll
2011-08-24 09:23 . 2011-07-11 13:25 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2011-08-23 23:31 . 2011-08-29 18:53 276848 ----a-r- c:\users\Administrator\AppData\Roaming\Microsoft\Installer\{C9A5048A-26A6-440B-A059-9DF9956C4D44}\ARPPRODUCTICON.exe
2011-08-23 23:31 . 2011-08-23 23:31 -------- d-----w- c:\program files\Yamaha
2011-08-23 23:27 . 2011-08-23 23:30 -------- d-----w- c:\users\Administrator\AppData\Local\Downloaded Installations
2011-08-23 23:26 . 2011-08-23 23:26 -------- d-----w- c:\program files (x86)\YAMAHA
2011-08-23 23:24 . 2002-12-05 12:12 692224 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iKernel.dll
2011-08-23 23:24 . 2002-12-05 12:10 155648 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iuser.dll
2011-08-23 23:24 . 2002-12-02 13:22 5632 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\DotNetInstaller.exe
2011-08-23 23:24 . 2002-12-02 11:33 57344 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\ctor.dll
2011-08-23 23:24 . 2002-12-02 11:33 237568 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iscript.dll
2011-08-23 23:24 . 2011-08-23 23:24 282756 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\setup.dll
2011-08-23 23:24 . 2011-08-23 23:24 163972 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iGdi.dll
2011-08-23 09:26 . 2011-08-30 09:34 -------- d-----r- c:\users\Administrator\ss
2011-08-21 14:13 . 2011-08-21 20:23 -------- d-----w- C:\Eddy2
2011-08-20 11:39 . 2011-06-30 21:33 46091776 ----a-w- C:\Game-Tool.exe
2011-08-20 09:45 . 2011-08-20 09:46 13304846 ----a-w- C:\MT2ExpMod_1.1.0.0(1).exe
2011-08-19 20:08 . 2011-08-19 20:13 -------- d-----w- c:\program files (x86)\ConTEXT
2011-08-19 12:49 . 2011-08-19 12:48 25908634 ----a-w- C:\MT2ExpMod_1.2.0.0(1).exe
2011-08-19 11:32 . 2011-08-20 10:44 -------- d-----w- c:\users\Administrator\AppData\Roaming\expedit
2011-08-19 11:32 . 2011-01-29 23:48 -------- d-----r- C:\EXP Edit
2011-08-19 11:32 . 2010-12-11 12:32 -------- d-----w- C:\Free_UPX
2011-08-18 20:57 . 2011-08-18 23:08 -------- d-----w- c:\users\Administrator\AppData\Roaming\EditPlus 3
2011-08-18 20:57 . 2011-08-18 20:58 -------- d-----w- c:\program files (x86)\EditPlus 3
2011-08-18 20:31 . 2011-08-18 20:26 25916826 ----a-w- C:\MT2ExpMod_1.2.0.0.exe
2011-08-18 20:12 . 2010-12-01 16:05 1321744 ----a-w-exe C:\EXP_ED~1.EXE
2011-08-17 22:08 . 2011-08-27 10:33 -------- d-----w- c:\program files (x86)\DynDNS Updater
2011-08-16 19:28 . 2011-08-16 19:28 -------- d-----w- c:\users\AppData
2011-08-16 19:28 . 2011-08-16 19:28 -------- d-----w- c:\program files (x86)\Conduit
2011-08-16 19:28 . 2011-08-16 19:28 -------- d-----w- c:\program files (x86)\BS_Player
2011-08-16 19:28 . 2011-08-16 19:29 -------- d-----w- c:\users\Administrator\AppData\Roaming\BSplayer
2011-08-16 19:28 . 2011-08-16 19:28 -------- d-----w- c:\users\Administrator\AppData\Roaming\BSplayer Pro
2011-08-16 19:28 . 2011-08-16 19:28 -------- d-----w- c:\program files (x86)\Webteh
2011-08-16 15:54 . 2011-08-16 15:54 -------- d-----w- C:\hl2
2011-08-16 10:34 . 2011-08-16 10:34 -------- d-----w- c:\users\Administrator\.thumbnails
2011-08-16 10:33 . 2011-08-29 00:37 -------- d-----w- c:\users\Administrator\.gimp-2.6
2011-08-16 10:17 . 2011-08-28 20:06 -------- d-----w- c:\program files (x86)\GIMP-2.0
2011-08-15 15:45 . 2011-08-15 15:45 -------- d-----w- c:\program files\Peter
2011-08-15 14:22 . 2011-08-15 14:22 -------- d-----w- c:\users\Administrator\AppData\Local\NFS Underground 2
2011-08-13 10:05 . 2011-08-13 10:05 270912 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2011-08-07 12:33 . 2011-08-07 12:33 -------- d-----w- c:\program files (x86)\RTF Viewer
2011-08-05 17:25 . 2000-01-01 01:00 167704 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npPDFXCviewNPPlugin.dll
2011-08-05 17:22 . 2011-08-05 17:22 -------- d-----w- c:\program files\Tracker Software
2011-08-05 10:19 . 2011-08-05 10:19 -------- d-----w- c:\program files (x86)\ICQ6Toolbar
2011-08-05 10:19 . 2011-08-05 10:19 -------- d-----w- c:\programdata\ICQ
2011-08-05 10:18 . 2011-08-30 13:17 -------- d-----w- c:\users\Administrator\AppData\Roaming\ICQ
2011-08-05 10:18 . 2011-08-30 13:14 -------- d-----w- c:\program files (x86)\ICQ7.5
2011-08-04 16:46 . 2011-08-04 16:47 -------- d-----w- c:\program files\Valve
2011-08-03 20:09 . 2011-08-03 20:09 -------- d-----w- c:\users\DZ\.VirtualBox
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-30 13:27 . 2011-08-30 13:27 41472 ----a-w- c:\windows\svchost.com
2011-08-05 16:07 . 2011-06-23 20:07 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-07-16 19:41 . 2011-06-19 18:02 33344 ----a-w- c:\windows\system32\drivers\hamachi.sys
2011-07-16 14:31 . 2011-07-16 14:31 525544 ----a-w- c:\windows\system32\deployJava1.dll
2011-06-25 01:02 . 2011-06-25 01:02 9216 ----a-r- c:\users\Administrator\AppData\Roaming\Microsoft\Installer\{7426428E-71D4-452C-BA13-B14E5EB52859}\Icon7426428E16.exe
2011-06-19 19:30 . 2011-06-19 19:30 515848 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-06-02 17:53 . 2011-06-02 17:53 94208 ----a-w- c:\windows\SysWow64\dpl100.dll
2011-06-02 13:50 . 2011-07-16 11:54 2764288 ----a-w- c:\windows\system32\win32k.sys
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}"= "c:\program files (x86)\BS_Player\tbBS_P.dll" [2010-11-29 3908192]
.
[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-01-17 14:54 175912 ----a-w- c:\program files (x86)\ConduitEngine\prxConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
2010-11-29 13:26 3908192 ----a-w- c:\program files (x86)\BS_Player\tbBS_P.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files (x86)\ConduitEngine\prxConduitEngine.dll" [2011-01-17 175912]
"{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}"= "c:\program files (x86)\BS_Player\tbBS_P.dll" [2010-11-29 3908192]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-10 1555968]
"BitTorrent"="c:\program files (x86)\BitTorrent\BitTorrent.exe" [2011-08-30 483192]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-08-30 4980544]
"ICQ"="c:\program files (x86)\ICQ7.5\ICQ.exe" [2011-08-30 165952]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"CPU Power Monitor"="c:\program files\ASUS\Ai Suite\AiGear3\CpuPowerMonitor.exe" [2007-09-06 707584]
"SoundMAXPnP"="c:\program files (x86)\Analog Devices\Core\smax4pnp.exe" [2011-08-30 1220096]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-05-10 3459712]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-08-30 1312624]
.
c:\users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
hamachi.lnk - c:\program files (x86)\Hamachi\hamachi.exe [2011-7-16 699680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AutoClicker.lnk - d:\c\AutoClickExtreme\AutoClicker.exe [2011-7-3 3006976]
DynDNS Updater Tray Icon.lnk - c:\program files (x86)\DynDNS Updater\DynTray.exe [2011-4-15 233328]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 2 (0x2)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"= 1 (0x1)
"DisableRegistryTools"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"UacDisableNotify"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [x]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 1020768]
R3 YMIDUSBW;Yamaha USB-MIDI Driver (WDM);c:\windows\system32\drivers\ymidusbx64.sys [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [x]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 DynDNS Updater;DynDNS Updater;c:\program files (x86)\DynDNS Updater\DynUpSvc.exe [2011-04-15 93048]
S2 ICQ Service;ICQ Service;c:\program files (x86)\ICQ6Toolbar\ICQ Service.exe [2010-11-21 247608]
S2 NVIDIA Performance Driver Service;NVIDIA Performance Driver Service;c:\program files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe [2008-12-11 4297728]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-09-01 235624]
S2 TeamViewer5;TeamViewer 5;c:\program files (x86)\TeamViewer\Version5\TeamViewer_Service.exe [2009-12-17 185640]
S3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\DRIVERS\teamviewervpn.sys [x]
S3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x]
S3 VCSVADHWSer;Avnex Virtual Audio Device (WDM);c:\windows\system32\DRIVERS\vcsvad.sys [x]
S3 yukonx64;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk60x64.sys [x]
.
.
Obsah adresáře 'Naplánované úlohy'
.
2011-08-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1052879530-2571350418-974908233-500Core.job
- c:\users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-27 13:16]
.
2011-08-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1052879530-2571350418-974908233-500UA.job
- c:\users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-27 13:16]
.
2011-08-30 c:\windows\Tasks\User_Feed_Synchronization-{B97A25D9-03BE-46A8-B934-C7C86E756055}.job
- c:\windows\system32\msfeedssync.exe [2010-09-22 21:33]
.
.
--------- x86-64 -----------
.
.
NETSVCS MUSÍ BÝT OPRAVENY - dosavadní položky jsou:
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
.
.
------- Doplňkový sken -------
.
mStart Page = hxxp://www.bigseekpro.com/pivotstickfigure/{7B ... A6D93936BD}
mLocal Page = %SystemRoot%\system32\blank.htm
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files (x86)\ICQ7.5\ICQ.exe
TCP: DhcpNameServer = 192.168.1.100
TCP: Interfaces\{17C5919F-1FA8-487F-90AF-5F9E31C2B18C}: NameServer = 216.146.35.35,216.146.36.36
TCP: Interfaces\{FF7DD46C-4A79-4268-A3DE-EF61F58CF371}: NameServer = 216.146.35.35,216.146.36.36
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
FF - ProfilePath - c:\users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\wsacl368.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - google.cz
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1750559&q=
.
.
------- Asociace souborů -------
.
exefile=c:\windows\svchost.com "%1" %*
.txt=
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
URLSearchHooks-{9a29aeac-5ebd-407c-b5e2-144157d51936} - (no file)
BHO-{9a29aeac-5ebd-407c-b5e2-144157d51936} - (no file)
Toolbar-{9a29aeac-5ebd-407c-b5e2-144157d51936} - (no file)
Wow6432Node-HKCU-Run-WeatherBugAlert - c:\program files (x86)\AWS\WeatherBug Alert\WeatherBugAlert.exe
Wow6432Node-HKCU-Run-EA Core - c:\program files (x86)\Electronic Arts\EADM\Core.exe
Wow6432Node-HKCU-Run-WMPNSCFG - c:\program files (x86)\Windows Media Player\WMPNSCFG.exe
Wow6432Node-HKLM-Run-4StoryPrePatch - d:\program files (x86)\Gameforge4D\4Story\PrePatch.exe
AddRemove-4StoryCZ_is1 - d:\program files (x86)\Gameforge4D\4Story\unins000.exe
AddRemove-7-Zip - c:\program files (x86)\7-Zip\Uninstall.exe
AddRemove-Adobe Flash Player Plugin - c:\windows\SysWOW64\Macromed\Flash\FlashUtil10t_Plugin.exe
AddRemove-Ashampoo ClipFinder HD_is1 - c:\program files (x86)\Ashampoo\Ashampoo ClipFinder HD\unins000.exe
AddRemove-Audacity 1.3 Beta (Unicode)_is1 - c:\program files (x86)\Audacity 1.3 Beta (Unicode)\unins000.exe
AddRemove-Cole2k Media - Codec Pack - c:\windows\SysWOW64\C2MP\Uninst.exe
AddRemove-conduitEngine - c:\progra~2\CONDUI~1\ConduitEngineUninstall.exe
AddRemove-Counter-Strike: Source - d:\program files (x86)\Counter-Strike Source\Uninst.exe
AddRemove-Counter-Strike: Source Texture Pack 1.00 - c:\program files (x86)\Counter-Strike Source\Uninstall.exe
AddRemove-DivX Setup.divx.com - c:\programdata\DivX\Setup\DivXSetup.exe
AddRemove-FileZilla Client - d:\program files (x86)\FileZilla FTP Client\uninstall.exe
AddRemove-FL Studio 10 - d:\program files (x86)\Image-Line\FL Studio 10\uninstall.exe
AddRemove-iFree Skype Recorder - c:\program files (x86)\iFree Skype Recorder\uninst.exe
AddRemove-MP3 Audio Recorder - c:\program files (x86)\MP3 Audio Recorder\uninst.exe
AddRemove-NewBlue 3D Explosions for Windows - c:\program files (x86)\NewBlue\3D Explosions for Windows\UninstalVegas.exe
AddRemove-NewBlue 3D Transformations for Windows - c:\program files (x86)\NewBlue\3D Transformations for Windows\UninstalVegas.exe
AddRemove-NVIDIAStereo - c:\program files (x86)\NVIDIA Corporation\3D Vision\nvStInst.exe
AddRemove-OJOsoft Total Video Converter_is1 - d:\program files (x86)\OJOsoft\OJOsoft Total Video Converter\unins000.exe
AddRemove-Open Video Converter_is1 - c:\program files (x86)\VideoConverter\unins000.exe
AddRemove-Opera 11.11.2109 - c:\program files (x86)\Opera\Opera.exe
AddRemove-Pivot Stickfigure Animator_is1 - c:\program files (x86)\Pivot Stickfigure Animator\unins000.exe
AddRemove-Pivot Stickfigure Toolbar - c:\program files (x86)\Pivot Stickfigure Toolbar\UninstallToolbar.exe
AddRemove-PluginPac - c:\program files (x86)\Sonic Foundry\Vegas 3.0\Video Plug-Ins\PluginPac\uninst.exe
AddRemove-Pocket Voice Recorder_is1 - c:\program files (x86)\XemiComputers\Pocket Voice Recorder\unins000.exe
AddRemove-PremiumSoft Navicat Lite_is1 - d:\navicat lite\unins000.exe
AddRemove-RadioCatch Toolbar - c:\progra~2\RADIOC~2\UNINST~1.EXE
AddRemove-RadioCatch Web Radio Recorder_is1 - c:\program files (x86)\RadioCatch Web Radio Recorder\unins000.exe
AddRemove-save2pc_is1 - c:\program files (x86)\FDRLab\save2pc\unins000.exe
AddRemove-TmNationsForever_is1 - c:\program files\TmNationsForever\unins000.exe
AddRemove-TmUnitedForever_is1 - d:\tmunitedforever\unins000.exe
AddRemove-uTorrent - d:\program files (x86)\uTorrent\uTorrent.exe
AddRemove-Valve_2 - d:\program files (x86)\Counter-Strike Source\Uninstall.exe
AddRemove-Virtual DJ - Atomix Productions - d:\progra~1\VIRTUA~1\UNWISE.EXE
AddRemove-WampServer 2_is1 - d:\wamp\unins000.exe
AddRemove-WinX Free MP4 to AVI Converter_is1 - c:\program files (x86)\Digiarty\WinX_Free_MP4_to_AVI_Converter\unins000.exe
AddRemove-{14F55D20-A582-4909-BF97-DE6778BB17F3}_is1 - c:\program files (x86)\Skype Recorder\unins000.exe
AddRemove-{2D37F6AE-D201-4580-B91A-6BF9BB93ED2D} - d:\program files\EAUninstall.exe
AddRemove-{81BDE21C-9D90-416A-9D7C-740626209AAC}_is1 - d:\metin2multikliens\unins000.exe
AddRemove-{9DD1E180-64EE-4595-A97F-33FA51E4588B}_is1 - d:\program files (x86)\DaemonicMU Season IV\unins000.exe
AddRemove-{AE84E7FF-4DEC-48EC-BBA9-9A808E48DF8E}_is1 - c:\program files (x86)\MP3Recorder\unins000.exe
AddRemove-{F0A37341-D692-11D4-A984-009027EC0A9C} - c:\program files (x86)\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\Setup.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-1052879530-2571350418-974908233-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aif\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AIFF"
.
[HKEY_USERS\S-1-5-21-1052879530-2571350418-974908233-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aifc\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AIFF"
.
[HKEY_USERS\S-1-5-21-1052879530-2571350418-974908233-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aiff\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AIFF"
.
[HKEY_USERS\S-1-5-21-1052879530-2571350418-974908233-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asf\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASF"
.
[HKEY_USERS\S-1-5-21-1052879530-2571350418-974908233-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASX"
.
[HKEY_USERS\S-1-5-21-1052879530-2571350418-974908233-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AU"
.
[HKEY_USERS\S-1-5-21-1052879530-2571350418-974908233-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.avi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.avi"
.
[HKEY_USERS\S-1-5-21-1052879530-2571350418-974908233-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cda\UserChoice]
@Denied: (2) (Administrator)
"Progid"="BSPlayerFile.CDA"
.
[HKEY_USERS\S-1-5-21-1052879530-2571350418-974908233-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.doc\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\AcroRD32.exe"
.
[HKEY_USERS\S-1-5-21-1052879530-2571350418-974908233-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.epk\UserChoice]
@Denied: (2) (Administrator)
"Progid"="epk_auto_file"
.
[HKEY_USERS\S-1-5-21-1052879530-2571350418-974908233-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.flv\UserChoice]
@Denied: (2) (Administrator)
"Progid"="com.adobe.flv"
.
[HKEY_USERS\S-1-5-21-1052879530-2571350418-974908233-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-1052879530-2571350418-974908233-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-1052879530-2571350418-974908233-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iso\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\BitTorrent.exe"
.
[HKEY_USERS\S-1-5-21-1052879530-2571350418-974908233-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.lua\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\EDITPLUS.EXE"
.
[HKEY_USERS\S-1-5-21-1052879530-2571350418-974908233-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m1v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-1052879530-2571350418-974908233-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.M2V\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-1052879530-2571350418-974908233-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u\UserChoice]
@Denied: (2) (Administrator)
"Progid"="BSPlayerFile.M3U"
.
[HKEY_USERS\S-1-5-21-1052879530-2571350418-974908233-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mht\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Opera.HTML"
.
[HKEY_USERS\S-1-5-21-1052879530-2571350418-974908233-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mhtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Opera.HTML"
.
[HKEY_USERS\S-1-5-21-1052879530-2571350418-974908233-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"
.
[HKEY_USERS\S-1-5-21-1052879530-2571350418-974908233-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.midi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"
.
[HKEY_USERS\S-1-5-21-1052879530-2571350418-974908233-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mkv\UserChoice]
@Denied: (2) (Administrator)
"Progid"="CCCP.WMP.AssocFile.MKV.1"
.
[HKEY_USERS\S-1-5-21-1052879530-2571350418-974908233-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.MOD\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-1052879530-2571350418-974908233-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="BSPlayerFile.MP2"
.
[HKEY_USERS\S-1-5-21-1052879530-2571350418-974908233-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-1052879530-2571350418-974908233-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP3"
.
[HKEY_USERS\S-1-5-21-1052879530-2571350418-974908233-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.mp4"
.
[HKEY_USERS\S-1-5-21-1052879530-2571350418-974908233-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpa\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-1052879530-2571350418-974908233-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpe\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-1052879530-2571350418-974908233-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpeg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-1052879530-2571350418-974908233-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-1052879530-2571350418-974908233-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpv2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-1052879530-2571350418-974908233-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ogm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="CCCP.WMP.AssocFile.OGM.1"
.
[HKEY_USERS\S-1-5-21-1052879530-2571350418-974908233-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.PNG\UserChoice]
@Denied: (2) (Administrator)
"Progid"="png_auto_file"
.
[HKEY_USERS\S-1-5-21-1052879530-2571350418-974908233-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.quest\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\ConTEXT.exe"
.
[HKEY_USERS\S-1-5-21-1052879530-2571350418-974908233-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rmi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"
.
[HKEY_USERS\S-1-5-21-1052879530-2571350418-974908233-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-1052879530-2571350418-974908233-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AU"
.
[HKEY_USERS\S-1-5-21-1052879530-2571350418-974908233-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sub\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\notepad.exe"
.
[HKEY_USERS\S-1-5-21-1052879530-2571350418-974908233-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tga\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\pfstudiox.exe"
.
[HKEY_USERS\S-1-5-21-1052879530-2571350418-974908233-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WAV"
.
[HKEY_USERS\S-1-5-21-1052879530-2571350418-974908233-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wax\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WAX"
.
[HKEY_USERS\S-1-5-21-1052879530-2571350418-974908233-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASF"
.
[HKEY_USERS\S-1-5-21-1052879530-2571350418-974908233-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMA"
.
[HKEY_USERS\S-1-5-21-1052879530-2571350418-974908233-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmd\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMD"
.
[HKEY_USERS\S-1-5-21-1052879530-2571350418-974908233-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wms\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMS"
.
[HKEY_USERS\S-1-5-21-1052879530-2571350418-974908233-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmv\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMV"
.
[HKEY_USERS\S-1-5-21-1052879530-2571350418-974908233-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASX"
.
[HKEY_USERS\S-1-5-21-1052879530-2571350418-974908233-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmz\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMZ"
.
[HKEY_USERS\S-1-5-21-1052879530-2571350418-974908233-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wpl\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WPL"
.
[HKEY_USERS\S-1-5-21-1052879530-2571350418-974908233-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wvx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WVX"
.
[HKEY_USERS\S-1-5-21-1052879530-2571350418-974908233-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-1052879530-2571350418-974908233-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Opera.HTML"
.
[HKEY_USERS\S-1-5-21-1052879530-2571350418-974908233-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-1052879530-2571350418-974908233-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\ConTEXT.exe"
.
[HKEY_USERS\S-1-5-21-1052879530-2571350418-974908233-500\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{6C12F7B8-A9DC-2323-9E66-62851D642ACA}*]
"makjeblfbafbkaomcdndggcamh"=hex:6f,61,64,70,67,6e,6e,62,67,6c,6c,63,6f,63,70,
6e,61,6a,6c,6e,67,63,67,63,67,65,6c,6b,63,61,00,00
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10u_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10u_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\ASUS\AASP\1.00.40\aaCenter.exe
c:\users\ADMINI~1\AppData\Local\Temp\3582-490\aaCenter.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\xampp\mysql\bin\mysqld.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
c:\program files (x86)\DAEMON Tools Lite\DTShellHlp.exe
.
**************************************************************************
.
Celkový čas: 2011-08-30 15:31:41 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-08-30 13:31
.
Před spuštěním: 8 180 342 784
Po spuštění: 7 785 349 120
.
Current=1 Default=1 Failed=0 LastKnownGood=8 Sets=1,2,3,4,5,6,7,8
- - End Of File - - 8659C91132B22B9A802F3A2B2830B3B5

Uživatelský avatar
vyosek
VIP
VIP
Příspěvky: 56373
Registrován: 07 lis 2006 15:24
Bydliště: Šalingrad - Brno

Re: Nejdou spustit některé .exe soubory..

#8 Příspěvek od vyosek »

:arrow: Aplikace Daft - Deckard´s Association Fix Tool
Linky ke stazeni Utilitu spustit, dat Scan, nasledne vybrat poskozene associace a dat Fix
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen Obrázek od 1. února 2011.

majkl655
Návštěvník
Návštěvník
Příspěvky: 37
Registrován: 30 srp 2011 13:24

Re: Nejdou spustit některé .exe soubory..

#9 Příspěvek od majkl655 »

Udělal jsem to zrestartoval sem počítač :) A nic ...Nejde...Nebo nevim jestli to má jít :)

Uživatelský avatar
vyosek
VIP
VIP
Příspěvky: 56373
Registrován: 07 lis 2006 15:24
Bydliště: Šalingrad - Brno

Re: Nejdou spustit některé .exe soubory..

#10 Příspěvek od vyosek »

:arrow: Fajn, ono Daft nedava log, ja poznam ci je to OK v nasledujicim logu

:arrow: Pokud nemate, tak presunte Combofix na plochu
  • Spustte poznamkovy blok (Start-spustit-notepad)
  • Zkopirujte skript nize
  • Kód: Vybrat vše

    KillAll::
    
    Collect::
    c:\windows\svchost.com
    
    Folder::
    c:\program files (x86)\ICQ6Toolbar
    c:\users\ADMINI~1\AppData\Local\Temp
    
    File::
    c:\program files (x86)\BS_Player\tbBS_P.dll
    c:\program files (x86)\ConduitEngine\prxConduitEngine.dll
    
    Registry::
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}"=-
    [-HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
    [-HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
    "{30F9B915-B755-4826-820B-08FBA6BD249D}"=-
    "{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}"=-
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "BitTorrent"=-
    "DAEMON Tools Lite"="-
    "ICQ"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "DivXUpdate"=-
    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusOverride"=dword:00000000
    "AntiVirusDisableNotify"=dword:00000000
    "FirewallDisableNotify"=dword:00000000
    "FirewallOverride"=dword:00000000
    "UpdatesDisableNotify"=dword:00000000
    "UacDisableNotify"=dword:00000000
    
    
    Driver::
    ICQ Service
    
    DDS::
    mStart Page = hxxp://www.bigseekpro.com/pivotstickfigure/{7B173D8F-0A42-4A9D-AA23-C4A6D93936BD}
    
    Firefox::
    FF - ProfilePath - c:\users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\wsacl368.default\
    FF - prefs.js: browser.search.selectedEngine - ICQ Search
    FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.as ... 1750559&q=
    
    RegLock::
    [HKEY_USERS\S-1-5-21-1052879530-2571350418-974908233-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aif\UserChoice]
    [HKEY_USERS\S-1-5-21-1052879530-2571350418-974908233-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aifc\UserChoice]
    [HKEY_USERS\S-1-5-21-1052879530-2571350418-974908233-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aiff\UserChoice]
    [HKEY_USERS\S-1-5-21-1052879530-2571350418-974908233-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asf\UserChoice]
    [HKEY_USERS\S-1-5-21-1052879530-2571350418-974908233-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asx\UserChoice]
    [HKEY_USERS\S-1-5-21-1052879530-2571350418-974908233-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au\UserChoice]
    [HKEY_USERS\S-1-5-21-1052879530-2571350418-974908233-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.avi\UserChoice]
    [HKEY_USERS\S-1-5-21-1052879530-2571350418-974908233-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cda\UserChoice]
    [HKEY_USERS\S-1-5-21-1052879530-2571350418-974908233-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.doc\UserChoice]
    [HKEY_USERS\S-1-5-21-1052879530-2571350418-974908233-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.epk\UserChoice]
    [HKEY_USERS\S-1-5-21-1052879530-2571350418-974908233-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.flv\UserChoice]
    [HKEY_USERS\S-1-5-21-1052879530-2571350418-974908233-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
    [HKEY_USERS\S-1-5-21-1052879530-2571350418-974908233-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
    [HKEY_USERS\S-1-5-21-1052879530-2571350418-974908233-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iso\UserChoice]
    [HKEY_USERS\S-1-5-21-1052879530-2571350418-974908233-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.lua\UserChoice]
    [HKEY_USERS\S-1-5-21-1052879530-2571350418-974908233-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m1v\UserChoice]
    [HKEY_USERS\S-1-5-21-1052879530-2571350418-974908233-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.M2V\UserChoice]
    [HKEY_USERS\S-1-5-21-1052879530-2571350418-974908233-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u\UserChoice]
    [HKEY_USERS\S-1-5-21-1052879530-2571350418-974908233-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mht\UserChoice]
    [HKEY_USERS\S-1-5-21-1052879530-2571350418-974908233-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mhtml\UserChoice]
    [HKEY_USERS\S-1-5-21-1052879530-2571350418-974908233-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid\UserChoice]
    [HKEY_USERS\S-1-5-21-1052879530-2571350418-974908233-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.midi\UserChoice]
    [HKEY_USERS\S-1-5-21-1052879530-2571350418-974908233-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mkv\UserChoice]
    [HKEY_USERS\S-1-5-21-1052879530-2571350418-974908233-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.MOD\UserChoice]
    [HKEY_USERS\S-1-5-21-1052879530-2571350418-974908233-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2\UserChoice]
    [HKEY_USERS\S-1-5-21-1052879530-2571350418-974908233-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2v\UserChoice]
    [HKEY_USERS\S-1-5-21-1052879530-2571350418-974908233-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\UserChoice]
    [HKEY_USERS\S-1-5-21-1052879530-2571350418-974908233-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4\UserChoice]
    [HKEY_USERS\S-1-5-21-1052879530-2571350418-974908233-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpa\UserChoice]
    [HKEY_USERS\S-1-5-21-1052879530-2571350418-974908233-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpe\UserChoice]
    [HKEY_USERS\S-1-5-21-1052879530-2571350418-974908233-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpeg\UserChoice]
    [HKEY_USERS\S-1-5-21-1052879530-2571350418-974908233-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpg\UserChoice]
    [HKEY_USERS\S-1-5-21-1052879530-2571350418-974908233-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpv2\UserChoice]
    [HKEY_USERS\S-1-5-21-1052879530-2571350418-974908233-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ogm\UserChoice]
    [HKEY_USERS\S-1-5-21-1052879530-2571350418-974908233-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.PNG\UserChoice]
    [HKEY_USERS\S-1-5-21-1052879530-2571350418-974908233-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.quest\UserChoice]
    [HKEY_USERS\S-1-5-21-1052879530-2571350418-974908233-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rmi\UserChoice]
    [HKEY_USERS\S-1-5-21-1052879530-2571350418-974908233-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
    [HKEY_USERS\S-1-5-21-1052879530-2571350418-974908233-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd\UserChoice]
    [HKEY_USERS\S-1-5-21-1052879530-2571350418-974908233-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sub\UserChoice]
    [HKEY_USERS\S-1-5-21-1052879530-2571350418-974908233-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tga\UserChoice]
    [HKEY_USERS\S-1-5-21-1052879530-2571350418-974908233-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\UserChoice]
    [HKEY_USERS\S-1-5-21-1052879530-2571350418-974908233-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wax\UserChoice]
    [HKEY_USERS\S-1-5-21-1052879530-2571350418-974908233-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wm\UserChoice]
    [HKEY_USERS\S-1-5-21-1052879530-2571350418-974908233-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\UserChoice]
    [HKEY_USERS\S-1-5-21-1052879530-2571350418-974908233-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmd\UserChoice]
    [HKEY_USERS\S-1-5-21-1052879530-2571350418-974908233-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wms\UserChoice]
    [HKEY_USERS\S-1-5-21-1052879530-2571350418-974908233-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmv\UserChoice]
    [HKEY_USERS\S-1-5-21-1052879530-2571350418-974908233-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmx\UserChoice]
    [HKEY_USERS\S-1-5-21-1052879530-2571350418-974908233-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmz\UserChoice]
    [HKEY_USERS\S-1-5-21-1052879530-2571350418-974908233-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wpl\UserChoice]
    [HKEY_USERS\S-1-5-21-1052879530-2571350418-974908233-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wvx\UserChoice]
    [HKEY_USERS\S-1-5-21-1052879530-2571350418-974908233-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
    [HKEY_USERS\S-1-5-21-1052879530-2571350418-974908233-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtm\UserChoice]
    [HKEY_USERS\S-1-5-21-1052879530-2571350418-974908233-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
    [HKEY_USERS\S-1-5-21-1052879530-2571350418-974908233-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xml\UserChoice]
    [HKEY_USERS\S-1-5-21-1052879530-2571350418-974908233-500\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{6C12F7B8-A9DC-2323-9E66-62851D642ACA}*]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
    
    FixCSet::
    
    AtJob::
    
    Reboot::
    
  • Ulozte vytvoreny TXT jako CFScript.txt
  • Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
    Obrázek
  • Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte
:arrow: Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen Obrázek od 1. února 2011.

majkl655
Návštěvník
Návštěvník
Příspěvky: 37
Registrován: 30 srp 2011 13:24

Re: Nejdou spustit některé .exe soubory..

#11 Příspěvek od majkl655 »

Takže ..

ComboFix 11-08-30.01 - Administrator 30.08.2011 16:49:40.2.4 - x64
Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1250.420.1029.18.8190.6214 [GMT 2:00]
Spuštěný z: c:\users\Administrator\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Administrator\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\program files (x86)\BS_Player\tbBS_P.dll"
"c:\program files (x86)\ConduitEngine\prxConduitEngine.dll"
.
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\BS_Player\tbBS_P.dll
c:\program files (x86)\ConduitEngine\prxConduitEngine.dll
c:\program files (x86)\ICQ6Toolbar
c:\program files (x86)\ICQ6Toolbar\config.xml
c:\program files (x86)\ICQ6Toolbar\Icons.bmp
c:\program files (x86)\ICQ6Toolbar\ICQ Service.exe
c:\program files (x86)\ICQ6Toolbar\icq6Toolbar.ico
c:\program files (x86)\ICQ6Toolbar\ICQToolBar.dll
c:\program files (x86)\ICQ6Toolbar\ICQUnToolbar.exe
c:\program files (x86)\ICQ6Toolbar\logo_small.gif
c:\program files (x86)\ICQ6Toolbar\ServiceStarter.exe
c:\program files (x86)\ICQ6Toolbar\short.wav
c:\program files (x86)\ICQ6Toolbar\Version.txt
c:\program files (x86)\ICQ6Toolbar\voucher.bmp
c:\program files (x86)\ICQ6Toolbar\voucher2.bmp
c:\users\ADMINI~1\AppData\Local\Temp\00060405_Rar\GoogleUpdate.exe
c:\users\ADMINI~1\AppData\Local\Temp\00060453_Rar\GoogleUpdate.exe
c:\users\ADMINI~1\AppData\Local\Temp\3582-490\aaCenter.exe
c:\users\ADMINI~1\AppData\Local\Temp\3582-490\DTShellHlp.exe
c:\users\ADMINI~1\AppData\Local\Temp\3582-490\firefox.exe
c:\users\ADMINI~1\AppData\Local\Temp\3582-490\GoogleUpdate.exe
c:\users\ADMINI~1\AppData\Local\Temp\FXSAPIDebugLogFile.txt
c:\users\ADMINI~1\AppData\Local\Temp\Rar$EX28.136\Skype\desktop.ini
c:\users\ADMINI~1\AppData\Local\Temp\Rar$EX28.136\Skype\Phone\Skype.exe
c:\users\ADMINI~1\AppData\Local\Temp\Rar$EX28.136\Skype\Plugin Manager\ezPMUtils.dll
c:\users\ADMINI~1\AppData\Local\Temp\Rar$EX28.136\Skype\Plugin Manager\MLS\skypePM_ARE.mls
c:\users\ADMINI~1\AppData\Local\Temp\Rar$EX28.136\Skype\Plugin Manager\MLS\skypePM_BGR.mls
c:\users\ADMINI~1\AppData\Local\Temp\Rar$EX28.136\Skype\Plugin Manager\MLS\skypePM_CSY.mls
c:\users\ADMINI~1\AppData\Local\Temp\Rar$EX28.136\Skype\Plugin Manager\MLS\skypePM_DAN.mls
c:\users\ADMINI~1\AppData\Local\Temp\Rar$EX28.136\Skype\Plugin Manager\MLS\skypePM_DEU.mls
c:\users\ADMINI~1\AppData\Local\Temp\Rar$EX28.136\Skype\Plugin Manager\MLS\skypePM_ELL.mls
c:\users\ADMINI~1\AppData\Local\Temp\Rar$EX28.136\Skype\Plugin Manager\MLS\skypePM_ESN.mls
c:\users\ADMINI~1\AppData\Local\Temp\Rar$EX28.136\Skype\Plugin Manager\MLS\skypePM_ETI.mls
c:\users\ADMINI~1\AppData\Local\Temp\Rar$EX28.136\Skype\Plugin Manager\MLS\skypePM_FIN.mls
c:\users\ADMINI~1\AppData\Local\Temp\Rar$EX28.136\Skype\Plugin Manager\MLS\skypePM_FRA.mls
c:\users\ADMINI~1\AppData\Local\Temp\Rar$EX28.136\Skype\Plugin Manager\MLS\skypePM_HEB.mls
c:\users\ADMINI~1\AppData\Local\Temp\Rar$EX28.136\Skype\Plugin Manager\MLS\skypePM_HUN.mls
c:\users\ADMINI~1\AppData\Local\Temp\Rar$EX28.136\Skype\Plugin Manager\MLS\skypePM_CHS.mls
c:\users\ADMINI~1\AppData\Local\Temp\Rar$EX28.136\Skype\Plugin Manager\MLS\skypePM_CHT.mls
c:\users\ADMINI~1\AppData\Local\Temp\Rar$EX28.136\Skype\Plugin Manager\MLS\skypePM_ITA.mls
c:\users\ADMINI~1\AppData\Local\Temp\Rar$EX28.136\Skype\Plugin Manager\MLS\skypePM_JPN.mls
c:\users\ADMINI~1\AppData\Local\Temp\Rar$EX28.136\Skype\Plugin Manager\MLS\skypePM_KOR.mls
c:\users\ADMINI~1\AppData\Local\Temp\Rar$EX28.136\Skype\Plugin Manager\MLS\skypePM_LTH.mls
c:\users\ADMINI~1\AppData\Local\Temp\Rar$EX28.136\Skype\Plugin Manager\MLS\skypePM_NLD.mls
c:\users\ADMINI~1\AppData\Local\Temp\Rar$EX28.136\Skype\Plugin Manager\MLS\skypePM_NOR.mls
c:\users\ADMINI~1\AppData\Local\Temp\Rar$EX28.136\Skype\Plugin Manager\MLS\skypePM_PLK.mls
c:\users\ADMINI~1\AppData\Local\Temp\Rar$EX28.136\Skype\Plugin Manager\MLS\skypePM_PTB.mls
c:\users\ADMINI~1\AppData\Local\Temp\Rar$EX28.136\Skype\Plugin Manager\MLS\skypePM_PTG.mls
c:\users\ADMINI~1\AppData\Local\Temp\Rar$EX28.136\Skype\Plugin Manager\MLS\skypePM_ROM.mls
c:\users\ADMINI~1\AppData\Local\Temp\Rar$EX28.136\Skype\Plugin Manager\MLS\skypePM_RUS.mls
c:\users\ADMINI~1\AppData\Local\Temp\Rar$EX28.136\Skype\Plugin Manager\MLS\skypePM_SVE.mls
c:\users\ADMINI~1\AppData\Local\Temp\Rar$EX28.136\Skype\Plugin Manager\MLS\skypePM_TRK.mls
c:\users\ADMINI~1\AppData\Local\Temp\Rar$EX28.136\Skype\Plugin Manager\skypePM.exe
c:\windows\directx.sys
c:\windows\svchost.com
c:\users\ADMINI~1\AppData\Local\Temp . . . . nemohl být smazán
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_ICQ Service
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-07-28 do 2011-08-30 )))))))))))))))))))))))))))))))
.
.
2011-08-30 14:55 . 2011-08-30 14:55 -------- d-----w- c:\users\uzivatel\AppData\Local\temp
2011-08-30 12:40 . 2011-08-30 12:40 -------- d-----w- C:\rsit
2011-08-30 12:40 . 2011-08-30 12:40 -------- d-----w- c:\program files\trend micro
2011-08-30 08:04 . 2011-08-30 08:04 -------- d-----w- c:\windows\Microsoft_app
2011-08-28 22:36 . 2011-08-28 23:00 -------- d-----w- C:\FR
2011-08-28 10:06 . 2011-08-28 10:11 -------- d-----w- C:\Nová složka (2)
2011-08-28 09:48 . 2011-08-28 10:06 -------- d-----w- C:\Nová složka
2011-08-28 09:43 . 2009-07-04 16:39 -------- d-----w- C:\tutorial
2011-08-28 09:39 . 2011-08-29 18:52 534528 ----a-w- C:\m2.exe
2011-08-28 09:39 . 2011-08-29 18:52 661865 ----a-w- C:\Extraction Helper .exe
2011-08-28 09:39 . 2011-08-29 18:52 214016 ----a-w- C:\Archiver Helper.exe
2011-08-28 09:39 . 2010-07-14 12:20 -------- d-----r- C:\system
2011-08-28 09:29 . 2011-08-28 09:30 -------- d-----w- C:\extract
2011-08-28 09:27 . 2011-08-28 09:29 -------- d-----w- C:\Source
2011-08-28 09:25 . 2010-04-12 17:01 551473 ----a-w-4 epvp.exe C:\EASYFI~1.EXE
2011-08-27 14:54 . 2011-08-29 18:52 874744 ----a-w- c:\program files (x86)\Mozilla Firefox\uninstall\helper.exe
2011-08-27 14:54 . 2011-08-29 18:52 430040 ----a-w- c:\program files (x86)\Mozilla Firefox\updater.exe
2011-08-27 14:54 . 2011-08-29 18:52 282584 ----a-w- c:\program files (x86)\Mozilla Firefox\crashreporter.exe
2011-08-27 14:54 . 2011-08-12 06:10 134104 ----a-w- c:\program files (x86)\Mozilla Firefox\components\browsercomps.dll
2011-08-27 10:33 . 2011-08-27 10:33 -------- d-----w- c:\programdata\DynDNS
2011-08-26 07:53 . 2011-08-12 04:10 8862544 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8B91D79F-96E2-495D-825A-11570A0492A5}\mpengine.dll
2011-08-24 10:13 . 2011-08-24 10:13 -------- d-----w- c:\users\Administrator\AppData\Roaming\SynthMaker
2011-08-24 09:50 . 2011-08-24 09:50 -------- d-----w- c:\users\Administrator\AppData\Roaming\.minecraft
2011-08-24 09:23 . 2011-07-11 13:45 2048 ----a-w- c:\windows\system32\tzres.dll
2011-08-24 09:23 . 2011-07-11 13:25 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2011-08-23 23:31 . 2011-08-29 18:53 276848 ----a-r- c:\users\Administrator\AppData\Roaming\Microsoft\Installer\{C9A5048A-26A6-440B-A059-9DF9956C4D44}\ARPPRODUCTICON.exe
2011-08-23 23:31 . 2011-08-23 23:31 -------- d-----w- c:\program files\Yamaha
2011-08-23 23:27 . 2011-08-23 23:30 -------- d-----w- c:\users\Administrator\AppData\Local\Downloaded Installations
2011-08-23 23:26 . 2011-08-23 23:26 -------- d-----w- c:\program files (x86)\YAMAHA
2011-08-23 23:24 . 2002-12-05 12:12 692224 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iKernel.dll
2011-08-23 23:24 . 2002-12-05 12:10 155648 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iuser.dll
2011-08-23 23:24 . 2002-12-02 13:22 5632 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\DotNetInstaller.exe
2011-08-23 23:24 . 2002-12-02 11:33 57344 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\ctor.dll
2011-08-23 23:24 . 2002-12-02 11:33 237568 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iscript.dll
2011-08-23 23:24 . 2011-08-23 23:24 282756 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\setup.dll
2011-08-23 23:24 . 2011-08-23 23:24 163972 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iGdi.dll
2011-08-23 09:26 . 2011-08-30 09:34 -------- d-----r- c:\users\Administrator\ss
2011-08-21 14:13 . 2011-08-21 20:23 -------- d-----w- C:\Eddy2
2011-08-20 11:39 . 2011-06-30 21:33 46091776 ----a-w- C:\Game-Tool.exe
2011-08-20 09:45 . 2011-08-20 09:46 13304846 ----a-w- C:\MT2ExpMod_1.1.0.0(1).exe
2011-08-19 20:08 . 2011-08-19 20:13 -------- d-----w- c:\program files (x86)\ConTEXT
2011-08-19 12:49 . 2011-08-19 12:48 25908634 ----a-w- C:\MT2ExpMod_1.2.0.0(1).exe
2011-08-19 11:32 . 2011-08-20 10:44 -------- d-----w- c:\users\Administrator\AppData\Roaming\expedit
2011-08-19 11:32 . 2011-01-29 23:48 -------- d-----r- C:\EXP Edit
2011-08-19 11:32 . 2010-12-11 12:32 -------- d-----w- C:\Free_UPX
2011-08-18 20:57 . 2011-08-18 23:08 -------- d-----w- c:\users\Administrator\AppData\Roaming\EditPlus 3
2011-08-18 20:57 . 2011-08-18 20:58 -------- d-----w- c:\program files (x86)\EditPlus 3
2011-08-18 20:31 . 2011-08-18 20:26 25916826 ----a-w- C:\MT2ExpMod_1.2.0.0.exe
2011-08-18 20:12 . 2010-12-01 16:05 1321744 ----a-w-exe C:\EXP_ED~1.EXE
2011-08-17 22:08 . 2011-08-27 10:33 -------- d-----w- c:\program files (x86)\DynDNS Updater
2011-08-16 19:28 . 2011-08-30 13:31 -------- d-----w- c:\users\AppData
2011-08-16 19:28 . 2011-08-16 19:28 -------- d-----w- c:\program files (x86)\Conduit
2011-08-16 19:28 . 2011-08-30 14:54 -------- d-----w- c:\program files (x86)\BS_Player
2011-08-16 19:28 . 2011-08-16 19:29 -------- d-----w- c:\users\Administrator\AppData\Roaming\BSplayer
2011-08-16 19:28 . 2011-08-16 19:28 -------- d-----w- c:\users\Administrator\AppData\Roaming\BSplayer Pro
2011-08-16 19:28 . 2011-08-16 19:28 -------- d-----w- c:\program files (x86)\Webteh
2011-08-16 15:54 . 2011-08-16 15:54 -------- d-----w- C:\hl2
2011-08-16 10:34 . 2011-08-16 10:34 -------- d-----w- c:\users\Administrator\.thumbnails
2011-08-16 10:33 . 2011-08-29 00:37 -------- d-----w- c:\users\Administrator\.gimp-2.6
2011-08-16 10:17 . 2011-08-28 20:06 -------- d-----w- c:\program files (x86)\GIMP-2.0
2011-08-15 15:45 . 2011-08-15 15:45 -------- d-----w- c:\program files\Peter
2011-08-15 14:22 . 2011-08-15 14:22 -------- d-----w- c:\users\Administrator\AppData\Local\NFS Underground 2
2011-08-13 10:05 . 2011-08-13 10:05 270912 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2011-08-07 12:33 . 2011-08-07 12:33 -------- d-----w- c:\program files (x86)\RTF Viewer
2011-08-05 17:25 . 2000-01-01 01:00 167704 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npPDFXCviewNPPlugin.dll
2011-08-05 17:22 . 2011-08-05 17:22 -------- d-----w- c:\program files\Tracker Software
2011-08-05 10:19 . 2011-08-05 10:19 -------- d-----w- c:\programdata\ICQ
2011-08-05 10:18 . 2011-08-30 13:17 -------- d-----w- c:\users\Administrator\AppData\Roaming\ICQ
2011-08-05 10:18 . 2011-08-30 13:14 -------- d-----w- c:\program files (x86)\ICQ7.5
2011-08-04 16:46 . 2011-08-04 16:47 -------- d-----w- c:\program files\Valve
2011-08-03 20:09 . 2011-08-03 20:09 -------- d-----w- c:\users\DZ\.VirtualBox
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-05 16:07 . 2011-06-23 20:07 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-07-16 19:41 . 2011-06-19 18:02 33344 ----a-w- c:\windows\system32\drivers\hamachi.sys
2011-07-16 14:31 . 2011-07-16 14:31 525544 ----a-w- c:\windows\system32\deployJava1.dll
2011-06-25 01:02 . 2011-06-25 01:02 9216 ----a-r- c:\users\Administrator\AppData\Roaming\Microsoft\Installer\{7426428E-71D4-452C-BA13-B14E5EB52859}\Icon7426428E16.exe
2011-06-19 19:30 . 2011-06-19 19:30 515848 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-06-02 17:53 . 2011-06-02 17:53 94208 ----a-w- c:\windows\SysWow64\dpl100.dll
2011-06-02 13:50 . 2011-07-16 11:54 2764288 ----a-w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2011-08-30_13.26.59 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-09-22 22:56 . 2011-08-30 14:57 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-09-22 22:56 . 2011-08-30 13:26 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-09-22 22:56 . 2011-08-30 14:57 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-09-22 22:56 . 2011-08-30 13:26 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-09-22 22:56 . 2011-08-30 14:57 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-09-22 22:56 . 2011-08-30 13:26 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-09-22 20:54 . 2011-08-30 14:28 85430 c:\windows\system32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 15:44 . 2011-08-30 14:28 63984 c:\windows\system32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2011-06-19 16:13 . 2011-08-30 14:28 13468 c:\windows\system32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1052879530-2571350418-974908233-500_UserData.bin
- 2010-09-22 20:39 . 2011-08-30 13:10 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-09-22 20:39 . 2011-08-30 13:43 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-09-22 20:39 . 2011-08-30 13:10 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-09-22 20:39 . 2011-08-30 13:43 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-09-22 20:39 . 2011-08-30 13:10 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-09-22 20:39 . 2011-08-30 13:43 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-06-19 16:26 . 2011-08-30 12:00 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-06-19 16:26 . 2011-08-30 14:04 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-06-19 16:26 . 2011-08-30 14:04 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-06-19 16:26 . 2011-08-30 12:00 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-06-19 16:26 . 2011-08-30 12:00 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-06-19 16:26 . 2011-08-30 14:04 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-09-27 09:55 . 2011-08-30 14:57 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-09-27 09:55 . 2011-08-30 13:26 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-09-27 09:55 . 2011-08-30 13:26 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-09-27 09:55 . 2011-08-30 14:57 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-08-30 13:26 . 2011-08-30 13:26 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-08-30 14:57 . 2011-08-30 14:57 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-08-30 14:57 . 2011-08-30 14:57 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-08-30 13:26 . 2011-08-30 13:26 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2006-11-02 12:46 . 2011-08-30 13:20 599940 c:\windows\system32\perfh009.dat
+ 2006-11-02 12:46 . 2011-08-30 14:32 599940 c:\windows\system32\perfh009.dat
- 2007-01-08 22:18 . 2011-08-30 13:20 611172 c:\windows\system32\perfh005.dat
+ 2007-01-08 22:18 . 2011-08-30 14:32 611172 c:\windows\system32\perfh005.dat
+ 2006-11-02 12:46 . 2011-08-30 14:32 105816 c:\windows\system32\perfc009.dat
- 2006-11-02 12:46 . 2011-08-30 13:20 105816 c:\windows\system32\perfc009.dat
- 2007-01-08 22:18 . 2011-08-30 13:20 119972 c:\windows\system32\perfc005.dat
+ 2007-01-08 22:18 . 2011-08-30 14:32 119972 c:\windows\system32\perfc005.dat
- 2010-10-11 09:19 . 2011-08-30 13:25 450868 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2010-10-11 09:19 . 2011-08-30 14:55 450868 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-10 1555968]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-08-30 4980544]
"WMPNSCFG"="c:\program files (x86)\Windows Media Player\WMPNSCFG.exe" [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"CPU Power Monitor"="c:\program files\ASUS\Ai Suite\AiGear3\CpuPowerMonitor.exe" [2007-09-06 707584]
"SoundMAXPnP"="c:\program files (x86)\Analog Devices\Core\smax4pnp.exe" [2011-08-30 1220096]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-05-10 3459712]
.
c:\users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
hamachi.lnk - c:\program files (x86)\Hamachi\hamachi.exe [2011-7-16 699680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AutoClicker.lnk - d:\c\AutoClickExtreme\AutoClicker.exe [2011-7-3 3088896]
DynDNS Updater Tray Icon.lnk - c:\program files (x86)\DynDNS Updater\DynTray.exe [2011-4-15 233328]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 2 (0x2)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"= 1 (0x1)
"DisableRegistryTools"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"UacDisableNotify"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [x]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 1020768]
R3 YMIDUSBW;Yamaha USB-MIDI Driver (WDM);c:\windows\system32\drivers\ymidusbx64.sys [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [x]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 DynDNS Updater;DynDNS Updater;c:\program files (x86)\DynDNS Updater\DynUpSvc.exe [2011-04-15 93048]
S2 NVIDIA Performance Driver Service;NVIDIA Performance Driver Service;c:\program files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe [2008-12-11 4297728]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-09-01 235624]
S2 TeamViewer5;TeamViewer 5;c:\program files (x86)\TeamViewer\Version5\TeamViewer_Service.exe [2009-12-17 185640]
S3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\DRIVERS\teamviewervpn.sys [x]
S3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x]
S3 VCSVADHWSer;Avnex Virtual Audio Device (WDM);c:\windows\system32\DRIVERS\vcsvad.sys [x]
S3 yukonx64;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk60x64.sys [x]
.
.
Obsah adresáře 'Naplánované úlohy'
.
2011-08-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1052879530-2571350418-974908233-500Core.job
- c:\users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-27 13:16]
.
2011-08-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1052879530-2571350418-974908233-500UA.job
- c:\users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-27 13:16]
.
2011-08-30 c:\windows\Tasks\User_Feed_Synchronization-{B97A25D9-03BE-46A8-B934-C7C86E756055}.job
- c:\windows\system32\msfeedssync.exe [2010-09-22 21:33]
.
.
--------- x86-64 -----------
.
.
NETSVCS MUSÍ BÝT OPRAVENY - dosavadní položky jsou:
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
.
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT1750559
mLocal Page = %SystemRoot%\system32\blank.htm
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files (x86)\ICQ7.5\ICQ.exe
TCP: Interfaces\{17C5919F-1FA8-487F-90AF-5F9E31C2B18C}: NameServer = 216.146.35.35,216.146.36.36
TCP: Interfaces\{FF7DD46C-4A79-4268-A3DE-EF61F58CF371}: NameServer = 216.146.35.35,216.146.36.36
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
FF - ProfilePath - c:\users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\wsacl368.default\
FF - prefs.js: browser.startup.homepage - google.cz
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
BHO-{9a29aeac-5ebd-407c-b5e2-144157d51936} - (no file)
Toolbar-{9a29aeac-5ebd-407c-b5e2-144157d51936} - (no file)
AddRemove-Counter-Strike: Source - d:\program files (x86)\Counter-Strike Source\Uninst.exe
AddRemove-Counter-Strike: Source Texture Pack 1.00 - c:\program files (x86)\Counter-Strike Source\Uninstall.exe
AddRemove-ICQToolbar - c:\program files (x86)\ICQ6Toolbar\ICQUnToolbar.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-1052879530-2571350418-974908233-500\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{6C12F7B8-A9DC-2323-9E66-62851D642ACA}*]
"makjeblfbafbkaomcdndggcamh"=hex:6f,61,64,70,67,6e,6e,62,67,6c,6c,63,6f,63,70,
6e,61,6a,6c,6e,67,63,67,63,67,65,6c,6b,63,61,00,00
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{84d4e968-0688-4b4d-9659-fb4c4e611232}\Implemented Categories\{71B2D918-2983-47B3-8337-9BEA15F184DA}]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\ASUS\AASP\1.00.40\aaCenter.exe
c:\users\ADMINI~1\AppData\Local\Temp\3582-490\aaCenter.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
c:\xampp\mysql\bin\mysqld.exe
c:\program files (x86)\DAEMON Tools Lite\DTShellHlp.exe
.
**************************************************************************
.
Celkový čas: 2011-08-30 17:01:48 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-08-30 15:01
ComboFix2.txt 2011-08-30 13:31
.
Před spuštěním: 7 679 987 712
Po spuštění: 7 294 377 984
.
- - End Of File - - E0FF01E7DE3DB090A72171F3DC9CF97D
Nahr nˇ probŘhlo ŁspŘçnŘ


A jestli vám to pomůže...Vždycky po restaru mi naběhne 3x po sobě chyba že Správce počítače zakázal úpravy registru :?:

Uživatelský avatar
vyosek
VIP
VIP
Příspěvky: 56373
Registrován: 07 lis 2006 15:24
Bydliště: Šalingrad - Brno

Re: Nejdou spustit některé .exe soubory..

#12 Příspěvek od vyosek »

:arrow: Se nam to tam nejak drzi :boxed:

:arrow: Odinstalujte Combofix
  • Prejmenujte ComboFix na Uninstall
  • Spustte jej
  • Tohle smaze Combofix a jeho slozky
:arrow: T-Cleaner http://vyosek.ic.cz/pro_usery/T-Cleaner.exe
  • Stahnete a spustte
  • Pro potvrzeni volby mackejte A, Enter
  • Po pouziti utilitu smazte
  • Antiviry touhou utilitu chybne oznacit jako vir - jedna se o falesny poplach - takze v pohode stahnete (pripadne vypnete pri stahovani antivir)
:arrow: Stahnete Malwarebytes' Anti-Malware (zkracene MBAM) (viz muj podpis)
  • Provedte aktualizaci - treti zalozka
  • Provedte uplny sken - nic nemazte :!:
  • MBAM miva obcas falesne detekce, proto vlozte log do prispevku a pockejte na posouzeni
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen Obrázek od 1. února 2011.

majkl655
Návštěvník
Návštěvník
Příspěvky: 37
Registrován: 30 srp 2011 13:24

Re: Nejdou spustit některé .exe soubory..

#13 Příspěvek od majkl655 »

"Provedte uplny sken - nic nemazte"
Mám otevřený program,kde mám provést úplný sken? :?:
Připomínka...Začalo mi to házet chyby snad na všechny .exe soubory který nejdou :shock: -> http://imageshack.us/photo/my-images/85 ... van1r.jpg/ na 100% tam trojan není..
A jestli to pomůže když kliknu na některou s aplikací .exe a dám spustit jako správce napíše to...že to není platná aplikace typu Win32 ..
Naposledy upravil(a) majkl655 dne 30 srp 2011 20:03, celkem upraveno 1 x.

Uživatelský avatar
vyosek
VIP
VIP
Příspěvky: 56373
Registrován: 07 lis 2006 15:24
Bydliště: Šalingrad - Brno

Re: Nejdou spustit některé .exe soubory..

#14 Příspěvek od vyosek »

jak vite ze tam trojani nejsou :???: Pripadne nektery z tech souboru otestujte na VirustTotal - odkaz v mem podpise

Kontrola by mela byt pod tlacitkem Planovac, pripadne na nektere ze zalozek - Omlouvam se, nejsme ted u PC kde je MBAM
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen Obrázek od 1. února 2011.

majkl655
Návštěvník
Návštěvník
Příspěvky: 37
Registrován: 30 srp 2011 13:24

Re: Nejdou spustit některé .exe soubory..

#15 Příspěvek od majkl655 »

Není tam nic ale virusem to určitě není...Je to tolik souboru co nejde otevřít..
A jestli to pomůže když kliknu na některou s aplikací .exe a dám spustit jako správce napíše to...že to není platná aplikace typu Win32 ..

Odpovědět