Dobrý den, prosím o kontrolu a pomoc. Díky
Roguekiller 2:
RogueKiller V6.1.4 [10/22/2011] by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-toile.com/discussion- ... ntees.html
Blog: http://tigzyrk.blogspot.com
Operating System: Windows 7 (6.1.7600 ) 32 bits version
Started in : Normal mode
User: Žaneta [Admin rights]
Mode: Remove -- Date : 10/27/2011 23:43:14
Bad processes: 17
[HJ NAME] svchost.exe -- c:\windows\update.5.0\svchost.exe -> KILLED [TermProc]
[SVCHOST] svchost.exe -- c:\windows\update.tray-14-0\svchost.exe -> KILLED [TermProc]
[SUSP PATH] systemup.exe -- c:\windows\systemup.exe -> KILLED [TermProc]
[SVCHOST] svchost.exe -- c:\windows\update.5.0\svchost.exe -> KILLED [TermProc]
[SUSP PATH] sysdriver32.exe -- c:\windows\sysdriver32.exe -> KILLED [TermProc]
[HJ NAME] svchost.exe -- c:\windows\update.1\svchost.exe -> KILLED [TermProc]
[SUSP PATH] l1rezerv.exe -- c:\windows\l1rezerv.exe -> KILLED [TermProc]
[HJ NAME] svchost.exe -- c:\windows\update.2\svchost.exe -> KILLED [TermProc]
[SVCHOST] svchost.exe -- c:\windows\update.2\svchost.exe -> KILLED [TermProc]
[SVCHOST] svchost.exe -- c:\windows\update.2\svchost.exe -> KILLED [TermProc]
[SVCHOST] svchost.exe -- c:\windows\update.2\svchost.exe -> KILLED [TermProc]
[SVCHOST] svchost.exe -- c:\windows\update.2\svchost.exe -> KILLED [TermProc]
[SVCHOST] svchost.exe -- c:\windows\update.2\svchost.exe -> KILLED [TermProc]
[SERVICE] srvbtcclient -- C:\windows\update.5.0\svchost.exe srv -> STOPPED
[SERVICE] srvsysdriver32 -- C:\windows\sysdriver32.exe srv -> STOPPED
[SERVICE] wxpdrivers -- C:\windows\update.1\svchost.exe srv -> STOPPED
[SERVICE] srviecheck -- C:\windows\update.2\svchost.exe srv -> STOPPED
Registry Entries: 24
[SUSP PATH] HKLM\[...]\Run : wxpdrv (C:\windows\services32.exe) -> DELETED
[HJ NAME] HKLM\[...]\Run : tray_ico0 (C:\windows\update.tray-14-0\svchost.exe) -> DELETED
[SUSP PATH] HKLM\[...]\Run : 4999611.exe ("C:\Windows\Temp\4999611.exe") -> DELETED
[SUSP PATH] HKLM\[...]\Run : sysdriver32.exe ("C:\windows\sysdriver32.exe" rezerv) -> DELETED
[SUSP PATH] HKLM\[...]\Run : sysdriver32_.exe ("C:\windows\sysdriver32_.exe" rezerv) -> DELETED
[SUSP PATH] HKLM\[...]\Run : 5223861.exe ("C:\Users\Žaneta\AppData\Local\Temp\5223861.exe") -> DELETED
[SUSP PATH] HKLM\[...]\Run : systemup ("C:\windows\systemup.exe" stand) -> DELETED
[SUSP PATH] HKLM\[...]\Run : 6944911.exe ("C:\Windows\Temp\6944911.exe") -> DELETED
[SUSP PATH] HKLM\[...]\Run : l1rezerv.exe ("C:\windows\l1rezerv.exe") -> DELETED
[SUSP PATH] HKLM\[...]\Run : 2000914.exe ("C:\windows\TEMP\2000914.exe") -> DELETED
[BLACKLIST] HKLM\[...]\services : srvbtcclient (C:\windows\update.5.0\svchost.exe srv) -> DELETED
[BLACKLIST] HKLM\[...]\services : srviecheck (C:\windows\update.2\svchost.exe srv) -> DELETED
[BLACKLIST] HKLM\[...]\services : srvsysdriver32 (C:\windows\sysdriver32.exe srv) -> DELETED
[BLACKLIST] HKLM\[...]\services : wxpdrivers (C:\windows\update.1\svchost.exe srv) -> DELETED
[BLACKLIST] HKLM\[...]\services : srvbtcclient (C:\windows\update.5.0\svchost.exe srv) -> DELETED
[BLACKLIST] HKLM\[...]\services : srviecheck (C:\windows\update.2\svchost.exe srv) -> DELETED
[BLACKLIST] HKLM\[...]\services : srvsysdriver32 (C:\windows\sysdriver32.exe srv) -> DELETED
[BLACKLIST] HKLM\[...]\services : wxpdrivers (C:\windows\update.1\svchost.exe srv) -> DELETED
[HJ] HKLM\[...]\System : EnableLUA (0) -> REPLACED ()
[HJ] HKLM\[...]\Security Center : AntiVirusDisableNotify (1) -> REPLACED ()
[HJ] HKLM\[...]\Security Center : FirewallDisableNotify (1) -> REPLACED ()
[HJ] HKLM\[...]\Security Center : UpdatesDisableNotify (1) -> REPLACED ()
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED ()
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED ()
Particular Files / Folders:
Driver: [LOADED]
HOSTS File:
127.0.0.1 localhost
127.0.0.1 facebook.com
127.0.0.1 www.facebook.com
127.0.0.1 af-za.facebook.com
127.0.0.1 az-az.facebook.com
127.0.0.1 id-id.facebook.com
127.0.0.1 ms-my.facebook.com
127.0.0.1 bs-ba.facebook.com
127.0.0.1 ca-es.facebook.com
127.0.0.1 cs-cz.facebook.com
127.0.0.1 cy-gb.facebook.com
127.0.0.1 da-dk.facebook.com
127.0.0.1 de-de.facebook.com
127.0.0.1 et-ee.facebook.com
127.0.0.1 en-gb.facebook.com
127.0.0.1 es-la.facebook.com
127.0.0.1 eo-eo.facebook.com
127.0.0.1 eu-es.facebook.com
127.0.0.1 tl-ph.facebook.com
127.0.0.1 fo-fo.facebook.com
[...]
Finished : << RKreport[1].txt >>
RKreport[1].txt
Roguekiller 3:
RogueKiller V6.1.4 [10/22/2011] by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-toile.com/discussion- ... ntees.html
Blog: http://tigzyrk.blogspot.com
Operating System: Windows 7 (6.1.7600 ) 32 bits version
Started in : Normal mode
User: Žaneta [Admin rights]
Mode: HOSTSFix -- Date : 10/27/2011 23:43:52
Bad processes: 0
Driver: [LOADED]
HOSTS File:
127.0.0.1 localhost
127.0.0.1 facebook.com
127.0.0.1 www.facebook.com
127.0.0.1 af-za.facebook.com
127.0.0.1 az-az.facebook.com
127.0.0.1 id-id.facebook.com
127.0.0.1 ms-my.facebook.com
127.0.0.1 bs-ba.facebook.com
127.0.0.1 ca-es.facebook.com
127.0.0.1 cs-cz.facebook.com
127.0.0.1 cy-gb.facebook.com
127.0.0.1 da-dk.facebook.com
127.0.0.1 de-de.facebook.com
127.0.0.1 et-ee.facebook.com
127.0.0.1 en-gb.facebook.com
127.0.0.1 es-la.facebook.com
127.0.0.1 eo-eo.facebook.com
127.0.0.1 eu-es.facebook.com
127.0.0.1 tl-ph.facebook.com
127.0.0.1 fo-fo.facebook.com
[...]
Resetted HOSTS:
127.0.0.1 localhost
Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt
Rk 4:
RogueKiller V6.1.4 [10/22/2011] by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-toile.com/discussion- ... ntees.html
Blog: http://tigzyrk.blogspot.com
Operating System: Windows 7 (6.1.7600 ) 32 bits version
Started in : Normal mode
User: Žaneta [Admin rights]
Mode: ProxyFix -- Date : 10/27/2011 23:44:08
Bad processes: 0
Driver: [LOADED]
Registry Entries: 0
Finished : << RKreport[3].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt
RSIT:
Logfile of random's system information tool 1.09 (written by random/random)
Run by Žaneta at 2011-10-27 23:50:17
Microsoft Windows 7 Home Premium
System drive C: has 75 GB (74%) free of 102 GB
Total RAM: 2038 MB (57% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 23:50:23, on 27.10.2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal
Running processes:
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\AsScrPro.exe
C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\ASUS\DigitalZoomControl\DigitalZoomControl.exe
C:\Program Files\SweetIM\Messenger\SweetIM.exe
C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.2\apdproxy.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\ATnotes\ATnotes.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Users\Žaneta\Desktop\RSIT.exe
C:\Program Files\trend micro\Žaneta.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://search-styles.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search-styles.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/sm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoods.com/?a=ostpl&s={searchTerms}&f=4
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTor.dll
R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: GdfrDUEn - {A3CF7606-E683-4375-A372-96B75DA0AEF7} - C:\Program Files\Get Styles\enlbrdr.dll
O2 - BHO: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTor.dll
O2 - BHO: Bing Bar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll
O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: @C:\Program Files\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll
O3 - Toolbar: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTor.dll
O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll
O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [HotkeyService] AsusSender.exe C:\Program Files\EeePC\HotkeyService\HotkeyService.exe
O4 - HKLM\..\Run: [HotKeyMon] AsusSender.exe C:\Program Files\EeePC\HotkeyService\HotKeyMon.exe
O4 - HKLM\..\Run: [SuperHybridEngine] AsusSender.exe C:\Program Files\EeePC\SHE\SuperHybridEngine.exe
O4 - HKLM\..\Run: [ASUS Screen Saver Protector] C:\windows\AsScrPro.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [EeeStorageBackup] C:\Program Files\ASUS\Asus WebStorage\BackupService.exe
O4 - HKLM\..\Run: [Eee Docking] C:\Program Files\ASUS\Eee Docking\Eee Docking.exe autorun
O4 - HKLM\..\Run: [LiveUpdate] AsusSender.exe C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe auto
O4 - HKLM\..\Run: [SynAsusAcpi] %ProgramFiles%\Synaptics\SynTP\SynAsusAcpi.exe
O4 - HKLM\..\Run: [IgfxTray] C:\windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [IgfxExt] C:\windows\system32\IgfxExt.exe /RegServer
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKLM\..\Run: [DigitalZoomControl] "C:\Program Files\ASUS\DigitalZoomControl\DigitalZoomControl.exe"
O4 - HKLM\..\Run: [MSSE] "c:\Program Files\Microsoft Security Essentials\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.2\apdproxy.exe"
O4 - HKLM\..\Run: [Media Codec Update Service] C:\Program Files\Essentials Codec Pack\update.exe -silent
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ATnotes.exe] C:\Program Files\ATnotes\ATnotes.exe
O4 - HKCU\..\Run: [ALLUpdate] "D:\Stažený\OpenSubtitlesPlayer\ALLUpdate.exe" "sleep"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Global Startup: AsusVibeLauncher.lnk = C:\Program Files\ASUS\AsusVibe\AsusVibeLauncher.exe
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: GetStyles - {14CD42DD-ABCD-3586-DCAB-40E3693E3737} - C:\Program Files\Get Styles\ct.htm
O9 - Extra 'Tools' menuitem: GetStyles - {14CD42DD-ABCD-3586-DCAB-40E3693E3737} - C:\Program Files\Get Styles\ct.htm
O9 - Extra button: Přidat na blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Přidat na blog Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe
O9 - Extra button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O23 - Service: Asus Launcher Service (AsusService) - Unknown owner - C:\Windows\System32\AsusService.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: ddservice - Unknown owner - C:\windows\update.7.1\svchostdriver.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
--
End of file - 8703 bytes
======Scheduled tasks folder======
C:\windows\tasks\GoogleUpdateTaskMachineCore.job
C:\windows\tasks\GoogleUpdateTaskMachineUA.job
=========Mozilla firefox=========
ProfilePath - C:\Users\Žaneta\AppData\Roaming\Mozilla\Firefox\Profiles\kr76fxqc.default
prefs.js - "browser.search.useDBForOrder" - true
prefs.js - "browser.startup.homepage" - "http://www.seznam.cz/"
prefs.js - "extensions.enabledItems" - "{6236BA26-C117-4007-928C-DE0716C7FA80}:1.0.24, {6236BA26-C117-4007-928C-DE0716C7FA96}:1.0.7, {6236BA26-C117-4007-928C-DE0716C7FA99}:1.0.1, {63414328-3ab4-2c84-6c41-5a473c4b2ff7}:1.0, {73a6fe31-595d-460b-a920-fcc0f8843232}:2.1.4, {7645f4b1-1f19-13dd-2d6b-0200600c2a56}:1.0, {800b5000-a755-47e1-992b-48a1c1357f07}:1.3.3, {8675f4b3-2f19-11ed-2d6b-0800600c0a16}:1.0, {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.10, {EEE6C361-6118-11DC-9C72-001320C79847}:1.2.0.2, engine@conduit.com:3.3.3.2, {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}:3.7.0.6, {8675f4b3-2f19-11ed-2d6b-0800600c0a17}:1.0, {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.11, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6"
prefs.js - "keyword.URL" - "http://search.mywebsearch.com/mywebsear ... searchfor="
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\windows\system32\Macromed\Flash\NPSWF32.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/ShockwavePlayer]
"Description"=Adobe Shockwave Player
"Path"=C:\windows\system32\Adobe\Director\np32dsw.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Google.com/GoogleEarthPlugin]
"Description"=Google Earth in your browser
"Path"=C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files\Microsoft Silverlight\4.0.60310.0\npctrl.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=1.0.3]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files\VideoLAN\VLC\npvlc.dll
C:\Program Files\Mozilla Firefox\extensions\
{800b5000-a755-47e1-992b-48a1c1357f07}
{972ce4c6-7e08-4474-a285-3208198ce6fd}
C:\Program Files\Mozilla Firefox\components\
AskHPRFF.js
binary.manifest
browser.xpt
browsercomps.dll
browserdirprovider.dll
brwsrcmp.dll
components.list
FeedConverter.js
FeedProcessor.js
FeedWriter.js
fuelApplication.js
GPSDGeolocationProvider.js
jsconsole-clhandler.js
NetworkGeolocationProvider.js
nsAddonRepository.js
nsBadCertHandler.js
nsBlocklistService.js
nsBrowserContentHandler.js
nsBrowserGlue.js
nsContentDispatchChooser.js
nsContentPrefService.js
nsDefaultCLH.js
nsDownloadManagerUI.js
nsExtensionManager.js
nsFormAutoComplete.js
nsHandlerService.js
nsHelperAppDlg.js
nsLivemarkService.js
nsLoginInfo.js
nsLoginManager.js
nsLoginManagerPrompter.js
nsMicrosummaryService.js
nsPlacesAutoComplete.js
nsPlacesDBFlush.js
nsPlacesTransactionsService.js
nsPrivateBrowsingService.js
nsProxyAutoConfig.js
nsSafebrowsingApplication.js
nsSearchService.js
nsSearchSuggestions.js
nsSessionStartup.js
nsSessionStore.js
nsSetDefaultBrowser.js
nsSidebar.js
nsTaggingService.js
nsTryToClose.js
nsUpdateService.js
nsUpdateServiceStub.js
nsUpdateTimerManager.js
nsUrlClassifierLib.js
nsUrlClassifierListManager.js
nsURLFormatter.js
nsWebHandlerApp.js
pluginGlue.js
storage-Legacy.js
storage-mozStorage.js
txEXSLTRegExFunctions.js
WebContentConverter.js
C:\Program Files\Mozilla Firefox\plugins\
npnul32.dll
C:\Program Files\Mozilla Firefox\searchplugins\
google.xml
jyxo-cz.xml
mall-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml
C:\Users\Žaneta\AppData\Roaming\Mozilla\Firefox\Profiles\kr76fxqc.default\extensions\
engine@conduit.com
{6236BA26-C117-4007-928C-DE0716C7FA80}
{6236BA26-C117-4007-928C-DE0716C7FA96}
{6236BA26-C117-4007-928C-DE0716C7FA99}
{63414328-3ab4-2c84-6c41-5a473c4b2ff7}
{73a6fe31-595d-460b-a920-fcc0f8843232}
{7645f4b1-1f19-13dd-2d6b-0200600c2a56}
{800b5000-a755-47e1-992b-48a1c1357f07}
{8675f4b3-2f19-11ed-2d6b-0800600c0a16}
{8675f4b3-2f19-11ed-2d6b-0800600c0a17}
{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
{EEE6C361-6118-11DC-9C72-001320C79847}
C:\Users\Žaneta\AppData\Roaming\Mozilla\Firefox\Profiles\kr76fxqc.default\searchplugins\
conduit.xml
icqplugin-1.xml
icqplugin-2.xml
icqplugin-3.xml
icqplugin-4.xml
icqplugin.gif
icqplugin.src
icqplugin.xml
mywebsearch.xml
wikipedie-cs.xml
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
Conduit Engine - C:\Program Files\ConduitEngine\ConduitEngine.dll [2010-12-09 3911776]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2010-09-22 191792]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 439168]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3CF7606-E683-4375-A372-96B75DA0AEF7}]
GdfrDUEn Class - C:\Program Files\Get Styles\enlbrdr.dll [2010-02-11 185856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
uTorrentBar Toolbar - C:\Program Files\uTorrentBar\tbuTor.dll [2010-12-09 3911776]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}]
Bing Bar BHO - C:\Program Files\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll [2010-09-22 612616]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
SweetIM Toolbar Helper - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll [2009-10-19 1345336]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EEE6C35B-6118-11DC-9C72-001320C79847} - SweetIM Toolbar for Internet Explorer - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll [2009-10-19 1345336]
{8dcb7100-df86-4384-8842-8fa844297b3f} - @C:\Program Files\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll,-100 - C:\Program Files\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll [2010-09-22 612616]
{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - uTorrentBar Toolbar - C:\Program Files\uTorrentBar\tbuTor.dll [2010-12-09 3911776]
{30F9B915-B755-4826-820B-08FBA6BD249D} - Conduit Engine - C:\Program Files\ConduitEngine\ConduitEngine.dll [2010-12-09 3911776]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2009-07-20 1545512]
"HotkeyService"=AsusSender.exe C:\Program Files\EeePC\HotkeyService\HotkeyService.exe []
"HotKeyMon"=AsusSender.exe C:\Program Files\EeePC\HotkeyService\HotKeyMon.exe []
"SuperHybridEngine"=AsusSender.exe C:\Program Files\EeePC\SHE\SuperHybridEngine.exe []
"ASUS Screen Saver Protector"=C:\windows\AsScrPro.exe [2009-10-14 3058304]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-28 35696]
"EeeStorageBackup"=C:\Program Files\ASUS\Asus WebStorage\BackupService.exe [2009-08-25 947472]
"Eee Docking"=C:\Program Files\ASUS\Eee Docking\Eee Docking.exe [2009-09-25 402608]
"LiveUpdate"=AsusSender.exe C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe auto []
"SynAsusAcpi"=C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe [2009-07-20 83240]
"IgfxTray"=C:\windows\system32\igfxtray.exe [2009-09-01 137752]
"HotKeysCmds"=C:\windows\system32\hkcmd.exe [2009-09-01 354840]
"IgfxExt"=C:\windows\system32\IgfxExt.exe [2009-09-01 174616]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [2009-09-11 7739936]
"DigitalZoomControl"=C:\Program Files\ASUS\DigitalZoomControl\DigitalZoomControl.exe [2009-10-07 283648]
"MSSE"=c:\Program Files\Microsoft Security Essentials\msseces.exe -hide -runkey []
"SweetIM"=C:\Program Files\SweetIM\Messenger\SweetIM.exe [2009-10-20 111928]
"Adobe Photo Downloader"=C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.2\apdproxy.exe [2007-08-30 61440]
"Media Codec Update Service"=C:\Program Files\Essentials Codec Pack\update.exe -silent []
"tray_ico"= []
"tray_ico1"= []
"tray_ico2"= []
"tray_ico3"= []
"tray_ico4"= []
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-07-14 1173504]
"ATnotes.exe"=C:\Program Files\ATnotes\ATnotes.exe [2005-01-05 1015808]
"ALLUpdate"=D:\Stažený\OpenSubtitlesPlayer\ALLUpdate.exe sleep []
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
AsusVibeLauncher.lnk - C:\Program Files\ASUS\AsusVibe\AsusVibeLauncher.exe
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wxpdrivers]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\wxpdrivers]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableSecureUIAPaths"=0
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"MSVideo8"=VfWWDM32.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"vidc.iv50"=ir50_32.dll
"msacm.siren"=sirenacm.dll
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
======List of files/folders created in the last 1 month======
2011-10-27 23:44:47 ----D---- C:\Program Files\trend micro
2011-10-27 23:44:46 ----D---- C:\rsit
2011-10-27 23:41:44 ----A---- C:\windows\system32\drivers\TrueSight.sys
2011-10-27 02:12:19 ----D---- C:\windows\ufa
2011-10-27 01:05:42 ----A---- C:\windows\wininit.ini
2011-10-26 20:15:03 ----D---- C:\windows\rpcminer
2011-10-26 20:15:03 ----D---- C:\windows\phoenix
2011-10-26 20:12:50 ----A---- C:\windows\btc_client_iplist.txt
2011-10-26 20:12:05 ----A---- C:\windows\l1rezerv.exe
2011-10-26 20:11:47 ----HD---- C:\windows\update.7.1
2011-10-26 20:11:37 ----HD---- C:\windows\update.5.0
2011-10-26 20:11:08 ----HD---- C:\windows\update.8.1
2011-10-26 20:10:55 ----A---- C:\windows\systemup.exe
2011-10-26 20:10:39 ----A---- C:\windows\iecheck_iplist.txt
2011-10-26 20:10:15 ----A---- C:\windows\unrar.exe
2011-10-26 20:10:07 ----HD---- C:\windows\update.2
2011-10-26 20:09:37 ----A---- C:\windows\iplist.txt
2011-10-26 20:09:14 ----A---- C:\windows\sysdriver32_.exe
2011-10-26 20:09:08 ----D---- C:\Users\Žaneta\AppData\Roaming\Update
2011-10-26 20:08:44 ----D---- C:\Users\Žaneta\AppData\Roaming\BS_Temp
2011-10-26 20:08:38 ----A---- C:\windows\sysdriver32.exe
2011-10-26 20:08:29 ----A---- C:\Users\Žaneta\AppData\Roaming\client.db
2011-10-26 20:08:15 ----D---- C:\windows\av_ico
2011-10-26 20:08:08 ----A---- C:\windows\front_ip_list.txt
2011-10-26 20:05:55 ----HD---- C:\windows\update.1
2011-10-26 20:05:48 ----HD---- C:\windows\update.tray-14-0-lnk
2011-10-26 20:05:48 ----HD---- C:\windows\update.tray-14-0
2011-10-26 19:51:35 ----A---- C:\windows\winlog-ids.txt
2011-10-26 19:51:34 ----A---- C:\windows\winlog-dirs.txt
2011-10-02 16:14:52 ----D---- C:\AsusVibeData
2011-10-02 16:06:29 ----D---- C:\ProgramData\ASUS WebStorage
======List of files/folders modified in the last 1 month======
2011-10-27 23:44:47 ----AD---- C:\Program Files
2011-10-27 23:43:54 ----D---- C:\windows\system32\config
2011-10-27 23:41:44 ----D---- C:\windows\system32\drivers
2011-10-27 23:37:29 ----D---- C:\windows\Temp
2011-10-27 02:12:19 ----D---- C:\Windows
2011-10-27 02:01:30 ----D---- C:\windows\winsxs
2011-10-27 01:47:52 ----SHD---- C:\windows\Installer
2011-10-27 01:46:56 ----SHD---- C:\System Volume Information
2011-10-27 01:45:40 ----D---- C:\Program Files\MOBILedit!
2011-10-27 01:36:04 ----SD---- C:\ProgramData\Microsoft
2011-10-27 01:23:45 ----D---- C:\windows\System32
2011-10-27 01:08:54 ----D---- C:\Program Files\Movie Subtitles Searcher
2011-10-27 01:05:53 ----D---- C:\Users\Žaneta\AppData\Roaming\ScanMaster-ELM
2011-10-27 01:05:11 ----D---- C:\Program Files\Common Files\InstallShield
2011-10-27 01:04:54 ----HD---- C:\Program Files\InstallShield Installation Information
2011-10-27 01:04:54 ----D---- C:\Program Files\ASUS
2011-10-27 01:03:46 ----D---- C:\windows\Prefetch
2011-10-27 01:03:11 ----D---- C:\windows\system32\ASUS_EeePC_1201HA_Screensaver dir
2011-10-27 01:00:59 ----D---- C:\Users\Žaneta\AppData\Roaming\Asus WebStorage
2011-10-26 23:49:58 ----D---- C:\Users\Žaneta\AppData\Roaming\vlc
2011-10-26 22:24:10 ----D---- C:\Users\Žaneta\AppData\Roaming\uTorrent
2011-10-26 20:10:36 ----D---- C:\windows\system32\drivers\etc
2011-10-26 20:05:54 ----D---- C:\Program Files\Microsoft Security Essentials
2011-10-23 21:17:24 ----D---- C:\Users\Žaneta\AppData\Roaming\Skype
2011-10-19 11:03:29 ----D---- C:\windows\system32\catroot2
2011-10-12 12:20:02 ----D---- C:\windows\system32\catroot
2011-10-09 13:27:37 ----A---- C:\windows\system32\PerfStringBackup.INI
2011-10-09 13:27:32 ----D---- C:\windows\inf
2011-10-06 19:27:16 ----D---- C:\Program Files\Mozilla Firefox
2011-10-02 16:06:29 ----HD---- C:\ProgramData
2011-10-02 16:06:09 ----RSD---- C:\windows\assembly
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 pciide;pciide; C:\windows\system32\DRIVERS\pciide.sys [2009-07-14 12368]
R0 PxHelp20;PxHelp20; C:\windows\System32\Drivers\PxHelp20.sys [2007-08-30 43528]
R0 rdyboost;ReadyBoost; C:\windows\System32\drivers\rdyboost.sys [2009-07-14 173648]
R1 AsUpIO;AsUpIO; C:\windows\system32\drivers\AsUpIO.sys [2009-10-06 11448]
R1 MpFilter;Microsoft Malware Protection Driver; C:\windows\system32\DRIVERS\MpFilter.sys [2010-03-25 151216]
R1 vwififlt;Virtual WiFi Filter Driver; C:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 48128]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\windows\system32\DRIVERS\athr.sys [2009-10-05 1221632]
R3 igd;igd; C:\windows\system32\DRIVERS\igdkmd32.sys [2009-08-27 635168]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\windows\system32\drivers\RTKVHDA.sys [2009-09-11 2769120]
R3 kbfiltr;Keyboard Filter; C:\windows\system32\DRIVERS\kbfiltr.sys [2009-07-20 13880]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller; C:\windows\system32\DRIVERS\L1C62x86.sys [2009-11-13 58368]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver; C:\windows\system32\DRIVERS\ManyCam.sys [2008-01-14 21632]
R3 SynTP;Synaptics TouchPad Driver; C:\windows\system32\DRIVERS\SynTP.sys [2009-07-20 213552]
R3 TrueSight;TrueSight; \??\c:\windows\system32\drivers\TrueSight.sys [2011-10-27 111872]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 14336]
S1 MpKsl30c532b7;MpKsl30c532b7; \??\C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{6676F5EB-F7F0-4AEB-932F-1A87CAAFD3DF}\MpKsl30c532b7.sys []
S1 MpKsl59dcd385;MpKsl59dcd385; \??\C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{1047F72A-E1D4-453F-861B-B3453B2A9FFD}\MpKsl59dcd385.sys []
S1 MpKsl623ffcc4;MpKsl623ffcc4; \??\C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{33B6700C-0E18-4407-AA48-4F65150A5B44}\MpKsl623ffcc4.sys []
S1 MpKsl6b7d7827;MpKsl6b7d7827; \??\C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{33B6700C-0E18-4407-AA48-4F65150A5B44}\MpKsl6b7d7827.sys []
S1 MpKslf05a7b99;MpKslf05a7b99; \??\C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{D2CD5EC0-A960-4640-8A4F-2AA4E87D67CC}\MpKslf05a7b99.sys []
S2 Parvdm;Parvdm; C:\windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
S3 aic78xx;aic78xx; C:\windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]
S3 amdagp;AMD AGP Bus Filter Driver; C:\windows\system32\DRIVERS\amdagp.sys [2009-07-14 53312]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\windows\system32\DRIVERS\b57nd60x.sys [2009-07-14 229888]
S3 BthEnum;Bluetooth Enumerator Service; C:\windows\system32\DRIVERS\BthEnum.sys [2009-07-14 34816]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\windows\system32\DRIVERS\bthpan.sys [2009-07-14 93696]
S3 BTHPORT;Bluetooth Port Driver; C:\windows\System32\Drivers\BTHport.sys [2009-07-14 392704]
S3 BTHUSB;Bluetooth Radio USB Driver; C:\windows\System32\Drivers\BTHUSB.sys [2009-07-14 58880]
S3 btusbflt;Bluetooth USB Filter; C:\windows\system32\drivers\btusbflt.sys [2009-07-01 43944]
S3 btwaudio;Bluetooth Audio Device Service; C:\windows\system32\drivers\btwaudio.sys [2009-07-01 86056]
S3 btwavdt;Bluetooth AVDT Service; C:\windows\system32\drivers\btwavdt.sys [2009-07-01 108072]
S3 btwl2cap;Bluetooth L2CAP Service; C:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 29472]
S3 btwrchid;btwrchid; C:\windows\system32\DRIVERS\btwrchid.sys [2009-07-01 18344]
S3 fssfltr;FssFltr; C:\windows\system32\DRIVERS\fssfltr.sys [2010-09-23 39272]
S3 FTDIBUS;USB Serial Converter Driver; C:\windows\system32\drivers\ftdibus.sys [2011-03-18 61704]
S3 FTSER2K;USB Serial Port Driver; C:\windows\system32\drivers\ftser2k.sys [2011-03-18 73096]
S3 igfx;igfx; C:\windows\system32\DRIVERS\igdkmd32.sys [2009-08-27 635168]
S3 MpNWMon;Microsoft Malware Protection Network Driver; C:\windows\system32\DRIVERS\MpNWMon.sys [2010-03-25 42368]
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\windows\system32\DRIVERS\rfcomm.sys [2009-07-14 129536]
S3 sisagp;SIS AGP Bus Filter; C:\windows\system32\DRIVERS\sisagp.sys [2009-07-14 52304]
S3 viaagp;VIA AGP Bus Filter; C:\windows\system32\DRIVERS\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]
S3 WinUsb;WinUsb; C:\windows\system32\DRIVERS\WinUsb.sys [2009-07-14 34944]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AsusService;Asus Launcher Service; C:\Windows\System32\AsusService.exe [2009-08-19 219136]
R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe [2009-07-02 582944]
R2 ddservice;ddservice; C:\windows\update.7.1\svchostdriver.exe [2011-10-26 376832]
R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2010-09-22 249136]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2010-09-21 1710464]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-05-19 136176]
S2 MsMpSvc;Microsoft Antimalware Service; c:\Program Files\Microsoft Security Essentials\MsMpEng.exe [2010-03-25 17904]
S3 fsssvc;Služba Windows Live Zabezpečení rodiny; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2009-08-05 704864]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-05-19 136176]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\windows\system32\Wat\WatAdminSvc.exe [2010-07-26 1343400]
-----------------EOF-----------------
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
FB vir (ufa)
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Re: FB vir (ufa)
Dobrý večer 
Stahněte MBAM z mého podpisu
-Nainstalujte,dejte úplný sken
NIC NEMAZAT
-MBAM má občas falešné detekce,proto budeme mazat až po kontrole logu.
-Log zkopírujte sem.
Stahněte MBAM z mého podpisu-Nainstalujte,dejte úplný sken
NIC NEMAZAT
-MBAM má občas falešné detekce,proto budeme mazat až po kontrole logu.
-Log zkopírujte sem.
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Re: FB vir (ufa)
Malwarebytes' Anti-Malware 1.50
www.malwarebytes.org
Verze databáze: 8032
Windows 6.1.7600
Internet Explorer 9.0.8112.16421
28.10.2011 1:43:56
mbam-log-2011-10-28 (01-43-49).txt
Typ kontroly: Rychlý test
Testované objekty: 169019
Uplynulý čas: 12 minut, 5 sekund
Infikované procesy v paměti: 3
Infikované moduly v paměti: 0
Infikované klíče v registru: 8
Infikované hodnoty v registru: 2
Infikované datové položky v registru: 1
Infikované složky: 1
Infikované soubory: 46
Infikované procesy v paměti:
c:\Windows\update.7.1\svchostdriver.exe (Spyware.Agent) -> 1748 -> No action taken.
c:\Windows\update.7.1\svchostdriver.exe (Spyware.Agent) -> 1420 -> No action taken.
c:\Windows\ufa\ufa.exe (PUP.BitMiner) -> 5244 -> No action taken.
Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)
Infikované klíče v registru:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ddservice (Spyware.Agent) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\sysdriver32.exe (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\systeminfog (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\SERVICES32.EXE (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wxpdrivers (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\wxpdrivers (Trojan.Agent) -> No action taken.
Infikované hodnoty v registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Services32.exe\close (Trojan.Agent) -> Value: close -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ddservice\ImagePath (Trojan.Agent) -> Value: ImagePath -> No action taken.
Infikované datové položky v registru:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SAFEBOOT\AlternateShell (Hijack.Altshell) -> Bad: (services32.exe) Good: (cmd.exe) -> No action taken.
Infikované složky:
c:\Windows\rpcminer (Trojan.BCMiner) -> No action taken.
Infikované soubory:
c:\Windows\update.7.1\svchostdriver.exe (Spyware.Agent) -> No action taken.
c:\Windows\ufa\ufa.exe (PUP.BitMiner) -> No action taken.
c:\$Recycle.Bin\s-1-5-21-2992750339-3050355781-2338329336-1001\$R31E6TV\ufa.exe (PUP.BitMiner) -> No action taken.
c:\$Recycle.Bin\s-1-5-21-2992750339-3050355781-2338329336-1001\$RF4PVJW\ufa.exe (PUP.BitMiner) -> No action taken.
c:\$Recycle.Bin\s-1-5-21-2992750339-3050355781-2338329336-1001\$RMCIUTR\ufa.exe (PUP.BitMiner) -> No action taken.
c:\$Recycle.Bin\s-1-5-21-2992750339-3050355781-2338329336-1001\$RWS05J9\ufa.exe (PUP.BitMiner) -> No action taken.
c:\Users\Žaneta\AppData\Local\Temp\lfuukqmn.exe.part (Trojan.BHO) -> No action taken.
c:\Windows\Temp\1425698.exe (Trojan.Agent) -> No action taken.
c:\Windows\Temp\1831923.exe (Spyware.Agent) -> No action taken.
c:\Windows\Temp\32025_myunrar2.exe (Trojan.Dropper) -> No action taken.
c:\Windows\Temp\33427_myunrar2.exe (Trojan.Dropper) -> No action taken.
c:\Windows\Temp\52322_myunrar2.exe (Trojan.Dropper) -> No action taken.
c:\Windows\Temp\7179_myunrar2.exe (Trojan.Dropper) -> No action taken.
c:\Windows\Temp\83162_myunrar2.exe (Trojan.Dropper) -> No action taken.
c:\Windows\systemup.exe (Trojan.Agent.Gen) -> No action taken.
c:\Users\Žaneta\AppData\Local\Temp\5223861.exe (Trojan.Agent) -> No action taken.
c:\Windows\Temp\1677126.exe (Trojan.Agent) -> No action taken.
c:\Windows\Temp\2000914.exe (Trojan.Agent) -> No action taken.
c:\Windows\Temp\4413218.exe (Trojan.Agent) -> No action taken.
c:\Windows\Temp\4999611.exe (Trojan.Agent) -> No action taken.
c:\Windows\Temp\5268747.exe (Trojan.Agent) -> No action taken.
c:\Windows\Temp\5458177.exe (Trojan.Agent) -> No action taken.
c:\Windows\Temp\5539113.exe (Trojan.Agent) -> No action taken.
c:\Windows\Temp\6173027.exe (Trojan.Agent) -> No action taken.
c:\Windows\Temp\6944911.exe (Trojan.Agent) -> No action taken.
c:\Windows\Temp\8812113.exe (Trojan.Agent) -> No action taken.
c:\Windows\Temp\924556542.exe (Trojan.FakeAlert.Gen) -> No action taken.
c:\Windows\l1rezerv.exe (Trojan.Agent) -> No action taken.
c:\Windows\sysdriver32.exe (Trojan.Delf) -> No action taken.
c:\Windows\sysdriver32_.exe (Trojan.Delf) -> No action taken.
c:\Windows\update.2\svchost.exe (Backdoor.Agent) -> No action taken.
c:\Windows\update.5.0\svchost.exe (Trojan.Downloader) -> No action taken.
c:\Windows\rpcminer\bitcoinmineropencl.cl (Trojan.BCMiner) -> No action taken.
c:\Windows\rpcminer\bitcoinminercuda_10.cubin (Trojan.BCMiner) -> No action taken.
c:\Windows\rpcminer\bitcoinminercuda_11.cubin (Trojan.BCMiner) -> No action taken.
c:\Windows\rpcminer\bitcoinminercuda_20.cubin (Trojan.BCMiner) -> No action taken.
c:\Windows\rpcminer\cudart32_32_16.dll (Trojan.BCMiner) -> No action taken.
c:\Windows\rpcminer\curllib.dll (Trojan.BCMiner) -> No action taken.
c:\Windows\rpcminer\libeay32.dll (Trojan.BCMiner) -> No action taken.
c:\Windows\rpcminer\libsasl.dll (Trojan.BCMiner) -> No action taken.
c:\Windows\rpcminer\openldap.dll (Trojan.BCMiner) -> No action taken.
c:\Windows\rpcminer\rpcminer-4way.exe (Trojan.BCMiner) -> No action taken.
c:\Windows\rpcminer\rpcminer-cpu.exe (Trojan.BCMiner) -> No action taken.
c:\Windows\rpcminer\rpcminer-cuda.exe (Trojan.BCMiner) -> No action taken.
c:\Windows\rpcminer\rpcminer-opencl.exe (Trojan.BCMiner) -> No action taken.
c:\Windows\rpcminer\ssleay32.dll (Trojan.BCMiner) -> No action taken.
www.malwarebytes.org
Verze databáze: 8032
Windows 6.1.7600
Internet Explorer 9.0.8112.16421
28.10.2011 1:43:56
mbam-log-2011-10-28 (01-43-49).txt
Typ kontroly: Rychlý test
Testované objekty: 169019
Uplynulý čas: 12 minut, 5 sekund
Infikované procesy v paměti: 3
Infikované moduly v paměti: 0
Infikované klíče v registru: 8
Infikované hodnoty v registru: 2
Infikované datové položky v registru: 1
Infikované složky: 1
Infikované soubory: 46
Infikované procesy v paměti:
c:\Windows\update.7.1\svchostdriver.exe (Spyware.Agent) -> 1748 -> No action taken.
c:\Windows\update.7.1\svchostdriver.exe (Spyware.Agent) -> 1420 -> No action taken.
c:\Windows\ufa\ufa.exe (PUP.BitMiner) -> 5244 -> No action taken.
Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)
Infikované klíče v registru:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ddservice (Spyware.Agent) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\sysdriver32.exe (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\systeminfog (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\SERVICES32.EXE (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wxpdrivers (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\wxpdrivers (Trojan.Agent) -> No action taken.
Infikované hodnoty v registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Services32.exe\close (Trojan.Agent) -> Value: close -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ddservice\ImagePath (Trojan.Agent) -> Value: ImagePath -> No action taken.
Infikované datové položky v registru:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SAFEBOOT\AlternateShell (Hijack.Altshell) -> Bad: (services32.exe) Good: (cmd.exe) -> No action taken.
Infikované složky:
c:\Windows\rpcminer (Trojan.BCMiner) -> No action taken.
Infikované soubory:
c:\Windows\update.7.1\svchostdriver.exe (Spyware.Agent) -> No action taken.
c:\Windows\ufa\ufa.exe (PUP.BitMiner) -> No action taken.
c:\$Recycle.Bin\s-1-5-21-2992750339-3050355781-2338329336-1001\$R31E6TV\ufa.exe (PUP.BitMiner) -> No action taken.
c:\$Recycle.Bin\s-1-5-21-2992750339-3050355781-2338329336-1001\$RF4PVJW\ufa.exe (PUP.BitMiner) -> No action taken.
c:\$Recycle.Bin\s-1-5-21-2992750339-3050355781-2338329336-1001\$RMCIUTR\ufa.exe (PUP.BitMiner) -> No action taken.
c:\$Recycle.Bin\s-1-5-21-2992750339-3050355781-2338329336-1001\$RWS05J9\ufa.exe (PUP.BitMiner) -> No action taken.
c:\Users\Žaneta\AppData\Local\Temp\lfuukqmn.exe.part (Trojan.BHO) -> No action taken.
c:\Windows\Temp\1425698.exe (Trojan.Agent) -> No action taken.
c:\Windows\Temp\1831923.exe (Spyware.Agent) -> No action taken.
c:\Windows\Temp\32025_myunrar2.exe (Trojan.Dropper) -> No action taken.
c:\Windows\Temp\33427_myunrar2.exe (Trojan.Dropper) -> No action taken.
c:\Windows\Temp\52322_myunrar2.exe (Trojan.Dropper) -> No action taken.
c:\Windows\Temp\7179_myunrar2.exe (Trojan.Dropper) -> No action taken.
c:\Windows\Temp\83162_myunrar2.exe (Trojan.Dropper) -> No action taken.
c:\Windows\systemup.exe (Trojan.Agent.Gen) -> No action taken.
c:\Users\Žaneta\AppData\Local\Temp\5223861.exe (Trojan.Agent) -> No action taken.
c:\Windows\Temp\1677126.exe (Trojan.Agent) -> No action taken.
c:\Windows\Temp\2000914.exe (Trojan.Agent) -> No action taken.
c:\Windows\Temp\4413218.exe (Trojan.Agent) -> No action taken.
c:\Windows\Temp\4999611.exe (Trojan.Agent) -> No action taken.
c:\Windows\Temp\5268747.exe (Trojan.Agent) -> No action taken.
c:\Windows\Temp\5458177.exe (Trojan.Agent) -> No action taken.
c:\Windows\Temp\5539113.exe (Trojan.Agent) -> No action taken.
c:\Windows\Temp\6173027.exe (Trojan.Agent) -> No action taken.
c:\Windows\Temp\6944911.exe (Trojan.Agent) -> No action taken.
c:\Windows\Temp\8812113.exe (Trojan.Agent) -> No action taken.
c:\Windows\Temp\924556542.exe (Trojan.FakeAlert.Gen) -> No action taken.
c:\Windows\l1rezerv.exe (Trojan.Agent) -> No action taken.
c:\Windows\sysdriver32.exe (Trojan.Delf) -> No action taken.
c:\Windows\sysdriver32_.exe (Trojan.Delf) -> No action taken.
c:\Windows\update.2\svchost.exe (Backdoor.Agent) -> No action taken.
c:\Windows\update.5.0\svchost.exe (Trojan.Downloader) -> No action taken.
c:\Windows\rpcminer\bitcoinmineropencl.cl (Trojan.BCMiner) -> No action taken.
c:\Windows\rpcminer\bitcoinminercuda_10.cubin (Trojan.BCMiner) -> No action taken.
c:\Windows\rpcminer\bitcoinminercuda_11.cubin (Trojan.BCMiner) -> No action taken.
c:\Windows\rpcminer\bitcoinminercuda_20.cubin (Trojan.BCMiner) -> No action taken.
c:\Windows\rpcminer\cudart32_32_16.dll (Trojan.BCMiner) -> No action taken.
c:\Windows\rpcminer\curllib.dll (Trojan.BCMiner) -> No action taken.
c:\Windows\rpcminer\libeay32.dll (Trojan.BCMiner) -> No action taken.
c:\Windows\rpcminer\libsasl.dll (Trojan.BCMiner) -> No action taken.
c:\Windows\rpcminer\openldap.dll (Trojan.BCMiner) -> No action taken.
c:\Windows\rpcminer\rpcminer-4way.exe (Trojan.BCMiner) -> No action taken.
c:\Windows\rpcminer\rpcminer-cpu.exe (Trojan.BCMiner) -> No action taken.
c:\Windows\rpcminer\rpcminer-cuda.exe (Trojan.BCMiner) -> No action taken.
c:\Windows\rpcminer\rpcminer-opencl.exe (Trojan.BCMiner) -> No action taken.
c:\Windows\rpcminer\ssleay32.dll (Trojan.BCMiner) -> No action taken.
Re: FB vir (ufa)
V mbamu vše smažte. Budu tu zítra asi až večer
Stáhněte na plochu, ukončete všechna aktivní okna a spusťte ComboFix - http://download.bleepingcomputer.com/sUBs/ComboFix.exe
- ComboFix je třeba spustit pod účtem s právy administrátora
- Před použitím vypněte všechny rezidentní bezpečnostní programy - antiviry, firewally, antispywary
- Po spuštění se zobrazí podmínky užití, potvrďte je stiskem tlačítka Ano
- Dále postupujte dle pokynů, během aplikování ComboFixu neklikejte do zobrazujícího se okna
- Po dokončení skenování, trvajícího maximálně 10 minut, by měl program vytvořit log - C:\ComboFix.txt, zkopírujte celý jeho obsah sem
Stáhněte na plochu, ukončete všechna aktivní okna a spusťte ComboFix - http://download.bleepingcomputer.com/sUBs/ComboFix.exe - ComboFix je třeba spustit pod účtem s právy administrátora
- Před použitím vypněte všechny rezidentní bezpečnostní programy - antiviry, firewally, antispywary
- Po spuštění se zobrazí podmínky užití, potvrďte je stiskem tlačítka Ano
- Dále postupujte dle pokynů, během aplikování ComboFixu neklikejte do zobrazujícího se okna
- Po dokončení skenování, trvajícího maximálně 10 minut, by měl program vytvořit log - C:\ComboFix.txt, zkopírujte celý jeho obsah sem
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Re: FB vir (ufa)
ComboFix 11-10-27.06 - Žaneta 28.10.2011 2:06.1.2 - x86
Microsoft Windows 7 Home Premium 6.1.7600.0.1250.420.1029.18.2038.1239 [GMT 2:00]
Spuštěný z: c:\users\Äaneta\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {BF5CEBDC-F2D3-7540-343C-F0CE11FD6E66}
SP: Microsoft Security Essentials *Disabled/Updated* {043D0A38-D4E9-7ACE-0E8C-CBBC6A7A24DB}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\PFRO.log
c:\windows\phoenix
c:\windows\phoenix\kernels\phatk\__init__.py
c:\windows\phoenix\kernels\phatk\__init__.pyc
c:\windows\phoenix\kernels\phatk\BFIPatcher.py
c:\windows\phoenix\kernels\phatk\kernel.cl
c:\windows\phoenix\kernels\poclbm\__init__.py
c:\windows\phoenix\kernels\poclbm\__init__.pyc
c:\windows\phoenix\kernels\poclbm\BFIPatcher.py
c:\windows\phoenix\kernels\poclbm\kernel.cl
c:\windows\phoenix\phoenix.exe
c:\windows\system32\detoured.dll
c:\windows\update.1
c:\windows\update.1\svchost.exe
c:\windows\update.2
c:\windows\update.5.0
c:\windows\update.7.1
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_ddservice
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-09-28 do 2011-10-28 )))))))))))))))))))))))))))))))
.
.
2011-10-28 00:25 . 2011-10-28 00:30 -------- d-----w- c:\users\Žaneta\AppData\Local\temp
2011-10-28 00:25 . 2011-10-28 00:25 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-10-27 23:57 . 2011-10-27 23:57 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{06DA2C2C-7A2E-46AC-B1DC-6DFE9A97E1BF}\offreg.dll
2011-10-27 23:28 . 2011-10-27 23:28 -------- d-----w- c:\users\Žaneta\AppData\Roaming\Malwarebytes
2011-10-27 23:28 . 2010-11-29 15:42 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-10-27 23:28 . 2011-10-27 23:28 -------- d-----w- c:\programdata\Malwarebytes
2011-10-27 23:28 . 2011-10-27 23:28 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-10-27 23:28 . 2010-11-29 15:42 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-10-27 21:52 . 2011-10-18 00:28 6668624 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{06DA2C2C-7A2E-46AC-B1DC-6DFE9A97E1BF}\mpengine.dll
2011-10-27 21:44 . 2011-10-27 21:50 -------- d-----w- c:\program files\trend micro
2011-10-27 21:44 . 2011-10-27 21:45 -------- d-----w- C:\rsit
2011-10-27 21:41 . 2011-10-27 21:44 111872 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2011-10-27 00:12 . 2011-10-27 23:53 -------- d-----w- c:\windows\ufa
2011-10-26 18:11 . 2011-10-26 18:11 -------- d--h--w- c:\windows\update.8.1
2011-10-26 18:10 . 2011-10-27 00:12 246272 ----a-w- c:\windows\unrar.exe
2011-10-26 18:09 . 2011-10-26 18:09 -------- d-----w- c:\users\Žaneta\AppData\Roaming\Update
2011-10-26 18:08 . 2011-10-26 18:08 -------- d-----w- c:\users\Žaneta\AppData\Roaming\BS_Temp
2011-10-26 18:08 . 2011-10-26 18:08 -------- d-----w- c:\windows\av_ico
2011-10-26 18:05 . 2011-10-26 18:05 -------- d--h--w- c:\windows\update.tray-14-0
2011-10-26 18:05 . 2011-10-26 18:05 -------- d--h--w- c:\windows\update.tray-14-0-lnk
2011-10-25 12:12 . 2011-10-07 03:48 6668624 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D2CD5EC0-A960-4640-8A4F-2AA4E87D67CC}\mpengine.dll
2011-10-06 17:27 . 2010-01-16 03:11 23000 ----a-w- c:\program files\Mozilla Firefox\components\browserdirprovider.dll
2011-10-06 17:27 . 2010-01-16 03:11 138712 ----a-w- c:\program files\Mozilla Firefox\components\brwsrcmp.dll
2011-10-06 17:27 . 2010-01-16 03:11 64984 ----a-w- c:\program files\Mozilla Firefox\plugins\npnul32.dll
2011-10-06 17:27 . 2010-01-16 03:11 458200 ----a-w- c:\program files\Mozilla Firefox\sqlite3.dll
2011-10-06 17:27 . 2010-01-16 03:11 1014232 ----a-w- c:\program files\Mozilla Firefox\js3250.dll
2011-10-02 14:14 . 2011-10-21 21:47 -------- d-----w- C:\AsusVibeData
2011-10-02 14:06 . 2011-10-02 14:06 -------- d-----w- c:\programdata\ASUS WebStorage
2011-10-01 12:01 . 2011-09-29 07:07 134104 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
2011-10-01 12:01 . 2011-09-29 07:07 773080 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll
2011-10-01 12:01 . 2011-09-29 07:07 16856 ----a-w- c:\program files\Mozilla Firefox\plugin-container.exe
2011-10-01 12:01 . 2011-09-29 07:07 719832 ----a-w- c:\program files\Mozilla Firefox\mozcpp19.dll
2011-10-01 12:01 . 2011-09-29 07:07 1833944 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll
2011-10-01 12:01 . 2011-09-29 07:07 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll
2011-10-01 12:01 . 2011-09-29 07:07 89048 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll
2011-10-01 12:01 . 2011-09-29 07:07 478168 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll
2011-10-01 12:01 . 2011-09-29 00:26 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll
2011-10-01 12:01 . 2011-09-29 00:26 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-07 03:48 . 2009-12-26 22:10 6668624 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-09-29 07:07 . 2011-10-01 12:01 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files\uTorrentBar\tbuTor.dll" [2010-12-09 3911776]
"{EEE6C35D-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll" [2009-10-19 187192]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_CLASSES_ROOT\clsid\{eee6c35d-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-12-09 11:51 3911776 ----a-w- c:\program files\ConduitEngine\ConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3CF7606-E683-4375-A372-96B75DA0AEF7}]
2010-02-11 07:58 185856 ----a-w- c:\program files\Get Styles\enlbrdr.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
2010-12-09 11:51 3911776 ----a-w- c:\program files\uTorrentBar\tbuTor.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2009-10-19 15:15 1345336 ----a-w- c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2009-10-19 1345336]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files\uTorrentBar\tbuTor.dll" [2010-12-09 3911776]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-12-09 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}"= "c:\program files\uTorrentBar\tbuTor.dll" [2010-12-09 3911776]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2009-10-19 1345336]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-12-09 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
"ATnotes.exe"="c:\program files\ATnotes\ATnotes.exe" [2005-01-05 1015808]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-07-20 1545512]
"HotkeyService"="AsusSender.exe" [2009-09-11 33768]
"HotKeyMon"="AsusSender.exe" [2009-09-11 33768]
"SuperHybridEngine"="AsusSender.exe" [2009-09-11 33768]
"ASUS Screen Saver Protector"="c:\windows\AsScrPro.exe" [2009-10-14 3058304]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]
"EeeStorageBackup"="c:\program files\ASUS\Asus WebStorage\BackupService.exe" [2009-08-25 947472]
"Eee Docking"="c:\program files\ASUS\Eee Docking\Eee Docking.exe" [2009-09-25 402608]
"LiveUpdate"="AsusSender.exe" [2009-09-11 33768]
"SynAsusAcpi"="c:\program files\Synaptics\SynTP\SynAsusAcpi.exe" [2009-07-20 83240]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-01 137752]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-01 354840]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-09-11 7739936]
"DigitalZoomControl"="c:\program files\ASUS\DigitalZoomControl\DigitalZoomControl.exe" [2009-10-07 283648]
"SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2009-10-20 111928]
"Adobe Photo Downloader"="c:\program files\Adobe\Adobe Photoshop Lightroom 1.2\apdproxy.exe" [2007-08-30 61440]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-11-29 963976]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AsusVibeLauncher.lnk - c:\program files\ASUS\AsusVibe\AsusVibeLauncher.exe [2011-10-2 549040]
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-7-2 795936]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableSecureUIAPaths"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
"DisableThumbnailCache"=dword:00000001
.
R1 MpKsl30c532b7;MpKsl30c532b7;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6676F5EB-F7F0-4AEB-932F-1A87CAAFD3DF}\MpKsl30c532b7.sys [x]
R1 MpKsl59dcd385;MpKsl59dcd385;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1047F72A-E1D4-453F-861B-B3453B2A9FFD}\MpKsl59dcd385.sys [x]
R1 MpKsl623ffcc4;MpKsl623ffcc4;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{33B6700C-0E18-4407-AA48-4F65150A5B44}\MpKsl623ffcc4.sys [x]
R1 MpKsl6b7d7827;MpKsl6b7d7827;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{33B6700C-0E18-4407-AA48-4F65150A5B44}\MpKsl6b7d7827.sys [x]
R1 MpKslf05a7b99;MpKslf05a7b99;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D2CD5EC0-A960-4640-8A4F-2AA4E87D67CC}\MpKslf05a7b99.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-05-19 136176]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2009-07-01 43944]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 29472]
R3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-05-19 136176]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-03-25 42368]
R3 TrueSight;TrueSight;c:\windows\system32\drivers\TrueSight.sys [2011-10-27 111872]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2010-07-25 1343400]
S1 AsUpIO;AsUpIO;c:\windows\system32\drivers\AsUpIO.sys [2009-10-06 11448]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AsusService;Asus Launcher Service;c:\windows\System32\AsusService.exe [2009-08-19 219136]
S3 igd;igd;c:\windows\system32\DRIVERS\igdkmd32.sys [2009-08-27 635168]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x86.sys [2009-11-13 58368]
S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam.sys [2008-01-14 21632]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
.
.
Obsah adresáře 'Naplánované úlohy'
.
2011-10-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-19 17:29]
.
2011-10-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-19 17:29]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://start.icq.com/sm
mStart Page = hxxp://home.sweetim.com
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files\ICQ7.5\ICQ.exe
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Žaneta\AppData\Roaming\Mozilla\Firefox\Profiles\kr76fxqc.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.3.3&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZLfox000&ptb=33gjpuxEiu2hmb69R.GwLg&ind=2010112106&ptnrS=ZLfox000&si=&n=77cfe06a&psa=&st=kwd&searchfor=
FF - Ext: ICQ Toolbar: {800b5000-a755-47e1-992b-48a1c1357f07} - c:\program files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com
FF - Ext: Get Styles: {6236BA26-C117-4007-928C-DE0716C7FA80} - %profile%\extensions\{6236BA26-C117-4007-928C-DE0716C7FA80}
FF - Ext: Usage Stat: {6236BA26-C117-4007-928C-DE0716C7FA96} - %profile%\extensions\{6236BA26-C117-4007-928C-DE0716C7FA96}
FF - Ext: FBFan: {6236BA26-C117-4007-928C-DE0716C7FA99} - %profile%\extensions\{6236BA26-C117-4007-928C-DE0716C7FA99}
FF - Ext: QAssistant: {63414328-3ab4-2c84-6c41-5a473c4b2ff7} - %profile%\extensions\{63414328-3ab4-2c84-6c41-5a473c4b2ff7}
FF - Ext: QAssistant: {63414328-3ab4-2c84-6c41-5a473c4b2ff7} - %profile%\extensions\{63414328-3ab4-2c84-6c41-5a473c4b2ff7}
FF - Ext: U Flv: {7645f4b1-1f19-13dd-2d6b-0200600c2a56} - %profile%\extensions\{7645f4b1-1f19-13dd-2d6b-0200600c2a56}
FF - Ext: {7645f4b1-1f19-13dd-2d6b-0200600c2a56}: {7645f4b1-1f19-13dd-2d6b-0200600c2a56} - %profile%\extensions\{7645f4b1-1f19-13dd-2d6b-0200600c2a56}
FF - Ext: ICQ Toolbar: {800b5000-a755-47e1-992b-48a1c1357f07} - %profile%\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
FF - Ext: KFD Flv: {8675f4b3-2f19-11ed-2d6b-0800600c0a16} - %profile%\extensions\{8675f4b3-2f19-11ed-2d6b-0800600c0a16}
FF - Ext: {8675f4b3-2f19-11ed-2d6b-0800600c0a16}: {8675f4b3-2f19-11ed-2d6b-0800600c0a16} - %profile%\extensions\{8675f4b3-2f19-11ed-2d6b-0800600c0a16}
FF - Ext: VFD Flv: {8675f4b3-2f19-11ed-2d6b-0800600c0a17} - %profile%\extensions\{8675f4b3-2f19-11ed-2d6b-0800600c0a17}
FF - Ext: {8675f4b3-2f19-11ed-2d6b-0800600c0a17}: {8675f4b3-2f19-11ed-2d6b-0800600c0a17} - %profile%\extensions\{8675f4b3-2f19-11ed-2d6b-0800600c0a17}
FF - Ext: uTorrentBar Community Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - %profile%\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
FF - Ext: NoScript: {73a6fe31-595d-460b-a920-fcc0f8843232} - %profile%\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: SweetIM Toolbar for Firefox: {EEE6C361-6118-11DC-9C72-001320C79847} - %profile%\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Toolbar-Locked - (no file)
HKCU-Run-ALLUpdate - d:\stažený\OpenSubtitlesPlayer\ALLUpdate.exe
HKLM-Run-MSSE - c:\program files\Microsoft Security Essentials\msseces.exe
HKLM-Run-Media Codec Update Service - c:\program files\Essentials Codec Pack\update.exe
HKLM-Run-tray_ico - (no file)
HKLM-Run-tray_ico1 - (no file)
HKLM-Run-tray_ico2 - (no file)
HKLM-Run-tray_ico3 - (no file)
HKLM-Run-tray_ico4 - (no file)
AddRemove-FRC - Football Result Creator - c:\users\Žaneta\Desktop\FRC\FRC - Football Result Creator\uninstall.exe
AddRemove-Microsoft Security Essentials - c:\program files\Microsoft Security Essentials\setup.exe
AddRemove-Windows Essentials Media Codec Pack - c:\program files\Essentials Codec Pack\uninst.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-2992750339-3050355781-2338329336-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-2992750339-3050355781-2338329336-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'Explorer.exe'(3304)
c:\program files\WIDCOMM\Bluetooth Software\btmmhook.dll
c:\program files\WIDCOMM\Bluetooth Software\btncopy.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\WIDCOMM\Bluetooth Software\btwdins.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\system32\taskhost.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\servicing\TrustedInstaller.exe
c:\windows\system32\conhost.exe
c:\program files\EeePC\HotkeyService\HotkeyService.exe
c:\program files\EeePC\SHE\SuperHybridEngine.exe
c:\program files\EeePC\HotkeyService\HotKeyMon.exe
c:\program files\Asus\LiveUpdate\LiveUpdate.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\DllHost.exe
.
**************************************************************************
.
Celkový čas: 2011-10-28 02:40:40 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-10-28 00:40
.
Před spuštěním: Volných bajtů: 79 137 456 128
Po spuštění: Volných bajtů: 79 761 321 984
.
- - End Of File - - 2A38166D28FB6BF32F3CDB13D6AA8703
Microsoft Windows 7 Home Premium 6.1.7600.0.1250.420.1029.18.2038.1239 [GMT 2:00]
Spuštěný z: c:\users\Äaneta\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {BF5CEBDC-F2D3-7540-343C-F0CE11FD6E66}
SP: Microsoft Security Essentials *Disabled/Updated* {043D0A38-D4E9-7ACE-0E8C-CBBC6A7A24DB}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\PFRO.log
c:\windows\phoenix
c:\windows\phoenix\kernels\phatk\__init__.py
c:\windows\phoenix\kernels\phatk\__init__.pyc
c:\windows\phoenix\kernels\phatk\BFIPatcher.py
c:\windows\phoenix\kernels\phatk\kernel.cl
c:\windows\phoenix\kernels\poclbm\__init__.py
c:\windows\phoenix\kernels\poclbm\__init__.pyc
c:\windows\phoenix\kernels\poclbm\BFIPatcher.py
c:\windows\phoenix\kernels\poclbm\kernel.cl
c:\windows\phoenix\phoenix.exe
c:\windows\system32\detoured.dll
c:\windows\update.1
c:\windows\update.1\svchost.exe
c:\windows\update.2
c:\windows\update.5.0
c:\windows\update.7.1
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_ddservice
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-09-28 do 2011-10-28 )))))))))))))))))))))))))))))))
.
.
2011-10-28 00:25 . 2011-10-28 00:30 -------- d-----w- c:\users\Žaneta\AppData\Local\temp
2011-10-28 00:25 . 2011-10-28 00:25 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-10-27 23:57 . 2011-10-27 23:57 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{06DA2C2C-7A2E-46AC-B1DC-6DFE9A97E1BF}\offreg.dll
2011-10-27 23:28 . 2011-10-27 23:28 -------- d-----w- c:\users\Žaneta\AppData\Roaming\Malwarebytes
2011-10-27 23:28 . 2010-11-29 15:42 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-10-27 23:28 . 2011-10-27 23:28 -------- d-----w- c:\programdata\Malwarebytes
2011-10-27 23:28 . 2011-10-27 23:28 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-10-27 23:28 . 2010-11-29 15:42 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-10-27 21:52 . 2011-10-18 00:28 6668624 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{06DA2C2C-7A2E-46AC-B1DC-6DFE9A97E1BF}\mpengine.dll
2011-10-27 21:44 . 2011-10-27 21:50 -------- d-----w- c:\program files\trend micro
2011-10-27 21:44 . 2011-10-27 21:45 -------- d-----w- C:\rsit
2011-10-27 21:41 . 2011-10-27 21:44 111872 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2011-10-27 00:12 . 2011-10-27 23:53 -------- d-----w- c:\windows\ufa
2011-10-26 18:11 . 2011-10-26 18:11 -------- d--h--w- c:\windows\update.8.1
2011-10-26 18:10 . 2011-10-27 00:12 246272 ----a-w- c:\windows\unrar.exe
2011-10-26 18:09 . 2011-10-26 18:09 -------- d-----w- c:\users\Žaneta\AppData\Roaming\Update
2011-10-26 18:08 . 2011-10-26 18:08 -------- d-----w- c:\users\Žaneta\AppData\Roaming\BS_Temp
2011-10-26 18:08 . 2011-10-26 18:08 -------- d-----w- c:\windows\av_ico
2011-10-26 18:05 . 2011-10-26 18:05 -------- d--h--w- c:\windows\update.tray-14-0
2011-10-26 18:05 . 2011-10-26 18:05 -------- d--h--w- c:\windows\update.tray-14-0-lnk
2011-10-25 12:12 . 2011-10-07 03:48 6668624 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D2CD5EC0-A960-4640-8A4F-2AA4E87D67CC}\mpengine.dll
2011-10-06 17:27 . 2010-01-16 03:11 23000 ----a-w- c:\program files\Mozilla Firefox\components\browserdirprovider.dll
2011-10-06 17:27 . 2010-01-16 03:11 138712 ----a-w- c:\program files\Mozilla Firefox\components\brwsrcmp.dll
2011-10-06 17:27 . 2010-01-16 03:11 64984 ----a-w- c:\program files\Mozilla Firefox\plugins\npnul32.dll
2011-10-06 17:27 . 2010-01-16 03:11 458200 ----a-w- c:\program files\Mozilla Firefox\sqlite3.dll
2011-10-06 17:27 . 2010-01-16 03:11 1014232 ----a-w- c:\program files\Mozilla Firefox\js3250.dll
2011-10-02 14:14 . 2011-10-21 21:47 -------- d-----w- C:\AsusVibeData
2011-10-02 14:06 . 2011-10-02 14:06 -------- d-----w- c:\programdata\ASUS WebStorage
2011-10-01 12:01 . 2011-09-29 07:07 134104 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
2011-10-01 12:01 . 2011-09-29 07:07 773080 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll
2011-10-01 12:01 . 2011-09-29 07:07 16856 ----a-w- c:\program files\Mozilla Firefox\plugin-container.exe
2011-10-01 12:01 . 2011-09-29 07:07 719832 ----a-w- c:\program files\Mozilla Firefox\mozcpp19.dll
2011-10-01 12:01 . 2011-09-29 07:07 1833944 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll
2011-10-01 12:01 . 2011-09-29 07:07 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll
2011-10-01 12:01 . 2011-09-29 07:07 89048 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll
2011-10-01 12:01 . 2011-09-29 07:07 478168 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll
2011-10-01 12:01 . 2011-09-29 00:26 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll
2011-10-01 12:01 . 2011-09-29 00:26 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-07 03:48 . 2009-12-26 22:10 6668624 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-09-29 07:07 . 2011-10-01 12:01 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files\uTorrentBar\tbuTor.dll" [2010-12-09 3911776]
"{EEE6C35D-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll" [2009-10-19 187192]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_CLASSES_ROOT\clsid\{eee6c35d-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-12-09 11:51 3911776 ----a-w- c:\program files\ConduitEngine\ConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3CF7606-E683-4375-A372-96B75DA0AEF7}]
2010-02-11 07:58 185856 ----a-w- c:\program files\Get Styles\enlbrdr.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
2010-12-09 11:51 3911776 ----a-w- c:\program files\uTorrentBar\tbuTor.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2009-10-19 15:15 1345336 ----a-w- c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2009-10-19 1345336]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files\uTorrentBar\tbuTor.dll" [2010-12-09 3911776]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-12-09 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}"= "c:\program files\uTorrentBar\tbuTor.dll" [2010-12-09 3911776]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2009-10-19 1345336]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-12-09 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
"ATnotes.exe"="c:\program files\ATnotes\ATnotes.exe" [2005-01-05 1015808]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-07-20 1545512]
"HotkeyService"="AsusSender.exe" [2009-09-11 33768]
"HotKeyMon"="AsusSender.exe" [2009-09-11 33768]
"SuperHybridEngine"="AsusSender.exe" [2009-09-11 33768]
"ASUS Screen Saver Protector"="c:\windows\AsScrPro.exe" [2009-10-14 3058304]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]
"EeeStorageBackup"="c:\program files\ASUS\Asus WebStorage\BackupService.exe" [2009-08-25 947472]
"Eee Docking"="c:\program files\ASUS\Eee Docking\Eee Docking.exe" [2009-09-25 402608]
"LiveUpdate"="AsusSender.exe" [2009-09-11 33768]
"SynAsusAcpi"="c:\program files\Synaptics\SynTP\SynAsusAcpi.exe" [2009-07-20 83240]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-01 137752]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-01 354840]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-09-11 7739936]
"DigitalZoomControl"="c:\program files\ASUS\DigitalZoomControl\DigitalZoomControl.exe" [2009-10-07 283648]
"SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2009-10-20 111928]
"Adobe Photo Downloader"="c:\program files\Adobe\Adobe Photoshop Lightroom 1.2\apdproxy.exe" [2007-08-30 61440]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-11-29 963976]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AsusVibeLauncher.lnk - c:\program files\ASUS\AsusVibe\AsusVibeLauncher.exe [2011-10-2 549040]
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-7-2 795936]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableSecureUIAPaths"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
"DisableThumbnailCache"=dword:00000001
.
R1 MpKsl30c532b7;MpKsl30c532b7;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6676F5EB-F7F0-4AEB-932F-1A87CAAFD3DF}\MpKsl30c532b7.sys [x]
R1 MpKsl59dcd385;MpKsl59dcd385;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1047F72A-E1D4-453F-861B-B3453B2A9FFD}\MpKsl59dcd385.sys [x]
R1 MpKsl623ffcc4;MpKsl623ffcc4;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{33B6700C-0E18-4407-AA48-4F65150A5B44}\MpKsl623ffcc4.sys [x]
R1 MpKsl6b7d7827;MpKsl6b7d7827;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{33B6700C-0E18-4407-AA48-4F65150A5B44}\MpKsl6b7d7827.sys [x]
R1 MpKslf05a7b99;MpKslf05a7b99;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D2CD5EC0-A960-4640-8A4F-2AA4E87D67CC}\MpKslf05a7b99.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-05-19 136176]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2009-07-01 43944]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 29472]
R3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-05-19 136176]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-03-25 42368]
R3 TrueSight;TrueSight;c:\windows\system32\drivers\TrueSight.sys [2011-10-27 111872]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2010-07-25 1343400]
S1 AsUpIO;AsUpIO;c:\windows\system32\drivers\AsUpIO.sys [2009-10-06 11448]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AsusService;Asus Launcher Service;c:\windows\System32\AsusService.exe [2009-08-19 219136]
S3 igd;igd;c:\windows\system32\DRIVERS\igdkmd32.sys [2009-08-27 635168]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x86.sys [2009-11-13 58368]
S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam.sys [2008-01-14 21632]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
.
.
Obsah adresáře 'Naplánované úlohy'
.
2011-10-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-19 17:29]
.
2011-10-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-19 17:29]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://start.icq.com/sm
mStart Page = hxxp://home.sweetim.com
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files\ICQ7.5\ICQ.exe
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Žaneta\AppData\Roaming\Mozilla\Firefox\Profiles\kr76fxqc.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.3.3&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZLfox000&ptb=33gjpuxEiu2hmb69R.GwLg&ind=2010112106&ptnrS=ZLfox000&si=&n=77cfe06a&psa=&st=kwd&searchfor=
FF - Ext: ICQ Toolbar: {800b5000-a755-47e1-992b-48a1c1357f07} - c:\program files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com
FF - Ext: Get Styles: {6236BA26-C117-4007-928C-DE0716C7FA80} - %profile%\extensions\{6236BA26-C117-4007-928C-DE0716C7FA80}
FF - Ext: Usage Stat: {6236BA26-C117-4007-928C-DE0716C7FA96} - %profile%\extensions\{6236BA26-C117-4007-928C-DE0716C7FA96}
FF - Ext: FBFan: {6236BA26-C117-4007-928C-DE0716C7FA99} - %profile%\extensions\{6236BA26-C117-4007-928C-DE0716C7FA99}
FF - Ext: QAssistant: {63414328-3ab4-2c84-6c41-5a473c4b2ff7} - %profile%\extensions\{63414328-3ab4-2c84-6c41-5a473c4b2ff7}
FF - Ext: QAssistant: {63414328-3ab4-2c84-6c41-5a473c4b2ff7} - %profile%\extensions\{63414328-3ab4-2c84-6c41-5a473c4b2ff7}
FF - Ext: U Flv: {7645f4b1-1f19-13dd-2d6b-0200600c2a56} - %profile%\extensions\{7645f4b1-1f19-13dd-2d6b-0200600c2a56}
FF - Ext: {7645f4b1-1f19-13dd-2d6b-0200600c2a56}: {7645f4b1-1f19-13dd-2d6b-0200600c2a56} - %profile%\extensions\{7645f4b1-1f19-13dd-2d6b-0200600c2a56}
FF - Ext: ICQ Toolbar: {800b5000-a755-47e1-992b-48a1c1357f07} - %profile%\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
FF - Ext: KFD Flv: {8675f4b3-2f19-11ed-2d6b-0800600c0a16} - %profile%\extensions\{8675f4b3-2f19-11ed-2d6b-0800600c0a16}
FF - Ext: {8675f4b3-2f19-11ed-2d6b-0800600c0a16}: {8675f4b3-2f19-11ed-2d6b-0800600c0a16} - %profile%\extensions\{8675f4b3-2f19-11ed-2d6b-0800600c0a16}
FF - Ext: VFD Flv: {8675f4b3-2f19-11ed-2d6b-0800600c0a17} - %profile%\extensions\{8675f4b3-2f19-11ed-2d6b-0800600c0a17}
FF - Ext: {8675f4b3-2f19-11ed-2d6b-0800600c0a17}: {8675f4b3-2f19-11ed-2d6b-0800600c0a17} - %profile%\extensions\{8675f4b3-2f19-11ed-2d6b-0800600c0a17}
FF - Ext: uTorrentBar Community Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - %profile%\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
FF - Ext: NoScript: {73a6fe31-595d-460b-a920-fcc0f8843232} - %profile%\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: SweetIM Toolbar for Firefox: {EEE6C361-6118-11DC-9C72-001320C79847} - %profile%\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Toolbar-Locked - (no file)
HKCU-Run-ALLUpdate - d:\stažený\OpenSubtitlesPlayer\ALLUpdate.exe
HKLM-Run-MSSE - c:\program files\Microsoft Security Essentials\msseces.exe
HKLM-Run-Media Codec Update Service - c:\program files\Essentials Codec Pack\update.exe
HKLM-Run-tray_ico - (no file)
HKLM-Run-tray_ico1 - (no file)
HKLM-Run-tray_ico2 - (no file)
HKLM-Run-tray_ico3 - (no file)
HKLM-Run-tray_ico4 - (no file)
AddRemove-FRC - Football Result Creator - c:\users\Žaneta\Desktop\FRC\FRC - Football Result Creator\uninstall.exe
AddRemove-Microsoft Security Essentials - c:\program files\Microsoft Security Essentials\setup.exe
AddRemove-Windows Essentials Media Codec Pack - c:\program files\Essentials Codec Pack\uninst.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-2992750339-3050355781-2338329336-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-2992750339-3050355781-2338329336-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'Explorer.exe'(3304)
c:\program files\WIDCOMM\Bluetooth Software\btmmhook.dll
c:\program files\WIDCOMM\Bluetooth Software\btncopy.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\WIDCOMM\Bluetooth Software\btwdins.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\system32\taskhost.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\servicing\TrustedInstaller.exe
c:\windows\system32\conhost.exe
c:\program files\EeePC\HotkeyService\HotkeyService.exe
c:\program files\EeePC\SHE\SuperHybridEngine.exe
c:\program files\EeePC\HotkeyService\HotKeyMon.exe
c:\program files\Asus\LiveUpdate\LiveUpdate.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\DllHost.exe
.
**************************************************************************
.
Celkový čas: 2011-10-28 02:40:40 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-10-28 00:40
.
Před spuštěním: Volných bajtů: 79 137 456 128
Po spuštění: Volných bajtů: 79 761 321 984
.
- - End Of File - - 2A38166D28FB6BF32F3CDB13D6AA8703
Re: FB vir (ufa)
Pokud nemáte, přesuňte Combofix na plochu-otevřete si Poznámkový blok
-Do něj zkopírujte text z tohoto okénka
Kód: Vybrat vše
Registry::
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"=-
[-HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=-
[-HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[-HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=-
[-HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[-HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
Folder::
c:\program files\SweetIM\Messenger
c:\program files\uTorrentBar
c:\program files\ConduitEngine
c:\windows\ufa
c:\windows\update.8.1
c:\users\Žaneta\AppData\Roaming\Update
c:\users\Žaneta\AppData\Roaming\BS_Temp
c:\windows\av_ico
c:\windows\update.tray-14-0
c:\windows\update.tray-14-0-lnk
File::
c:\windows\unrar.exe
DDS::
uStart Page = hxxp://start.icq.com/sm
mStart Page = hxxp://home.sweetim.com
Firefox::
FF - ProfilePath - c:\users\Žaneta\AppData\Roaming\Mozilla\Firefox\Profiles\kr76fxqc.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.icq.com/search/afe_result ... r=1.3.3&q=
FF - prefs.js: keyword.URL - hxxp://search.mywebsearch.com/mywebsear ... searchfor=
FF - Ext: ICQ Toolbar: {800b5000-a755-47e1-992b-48a1c1357f07} - c:\program files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com
FF - Ext: uTorrentBar Community Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - %profile%\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
FF - Ext: SweetIM Toolbar for Firefox: {EEE6C361-6118-11DC-9C72-001320C79847} - %profile%\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}
-po uložení uchopte vámi vytvořený skript levým myšítkem a -přesuňte ho nad ikonu Combofixu, kde ho upustíte:
-po aplikaci na Vás vypadne další log,vložte ho sem
Upozornění : může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou, v tom případě znovu restartujte a přitom mačkejte F8, pak zvolte Poslední známou funkční konfiguraci
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Re: FB vir (ufa)
Provedeno, zde log:
ComboFix 11-10-27.06 - Žaneta 28.10.2011 15:03:43.2.2 - x86
Microsoft Windows 7 Home Premium 6.1.7600.0.1250.420.1029.18.2038.1030 [GMT 2:00]
Spuštěný z: c:\users\Äaneta\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Äaneta\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {BF5CEBDC-F2D3-7540-343C-F0CE11FD6E66}
SP: Microsoft Security Essentials *Disabled/Updated* {043D0A38-D4E9-7ACE-0E8C-CBBC6A7A24DB}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-09-28 do 2011-10-28 )))))))))))))))))))))))))))))))
.
.
2011-10-28 13:19 . 2011-10-28 13:19 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-10-28 00:40 . 2011-10-28 13:19 -------- d-----w- c:\users\Žaneta\AppData\Local\temp
2011-10-27 23:57 . 2011-10-28 00:33 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{06DA2C2C-7A2E-46AC-B1DC-6DFE9A97E1BF}\offreg.dll
2011-10-27 23:28 . 2011-10-27 23:28 -------- d-----w- c:\users\Žaneta\AppData\Roaming\Malwarebytes
2011-10-27 23:28 . 2010-11-29 15:42 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-10-27 23:28 . 2011-10-27 23:28 -------- d-----w- c:\programdata\Malwarebytes
2011-10-27 23:28 . 2011-10-27 23:28 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-10-27 23:28 . 2010-11-29 15:42 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-10-27 21:52 . 2011-10-18 00:28 6668624 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{06DA2C2C-7A2E-46AC-B1DC-6DFE9A97E1BF}\mpengine.dll
2011-10-27 21:44 . 2011-10-27 21:50 -------- d-----w- c:\program files\trend micro
2011-10-27 21:44 . 2011-10-27 21:45 -------- d-----w- C:\rsit
2011-10-27 21:41 . 2011-10-27 21:44 111872 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2011-10-27 00:12 . 2011-10-27 23:53 -------- d-----w- c:\windows\ufa
2011-10-26 18:11 . 2011-10-26 18:11 -------- d--h--w- c:\windows\update.8.1
2011-10-26 18:10 . 2011-10-27 00:12 246272 ----a-w- c:\windows\unrar.exe
2011-10-26 18:09 . 2011-10-26 18:09 -------- d-----w- c:\users\Žaneta\AppData\Roaming\Update
2011-10-26 18:08 . 2011-10-26 18:08 -------- d-----w- c:\users\Žaneta\AppData\Roaming\BS_Temp
2011-10-26 18:08 . 2011-10-26 18:08 -------- d-----w- c:\windows\av_ico
2011-10-26 18:05 . 2011-10-26 18:05 -------- d--h--w- c:\windows\update.tray-14-0
2011-10-26 18:05 . 2011-10-26 18:05 -------- d--h--w- c:\windows\update.tray-14-0-lnk
2011-10-25 12:12 . 2011-10-07 03:48 6668624 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D2CD5EC0-A960-4640-8A4F-2AA4E87D67CC}\mpengine.dll
2011-10-06 17:27 . 2010-01-16 03:11 23000 ----a-w- c:\program files\Mozilla Firefox\components\browserdirprovider.dll
2011-10-06 17:27 . 2010-01-16 03:11 138712 ----a-w- c:\program files\Mozilla Firefox\components\brwsrcmp.dll
2011-10-06 17:27 . 2010-01-16 03:11 64984 ----a-w- c:\program files\Mozilla Firefox\plugins\npnul32.dll
2011-10-06 17:27 . 2010-01-16 03:11 458200 ----a-w- c:\program files\Mozilla Firefox\sqlite3.dll
2011-10-06 17:27 . 2010-01-16 03:11 1014232 ----a-w- c:\program files\Mozilla Firefox\js3250.dll
2011-10-02 14:14 . 2011-10-21 21:47 -------- d-----w- C:\AsusVibeData
2011-10-02 14:06 . 2011-10-02 14:06 -------- d-----w- c:\programdata\ASUS WebStorage
2011-10-01 12:01 . 2011-09-29 07:07 134104 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
2011-10-01 12:01 . 2011-09-29 07:07 773080 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll
2011-10-01 12:01 . 2011-09-29 07:07 16856 ----a-w- c:\program files\Mozilla Firefox\plugin-container.exe
2011-10-01 12:01 . 2011-09-29 07:07 719832 ----a-w- c:\program files\Mozilla Firefox\mozcpp19.dll
2011-10-01 12:01 . 2011-09-29 07:07 1833944 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll
2011-10-01 12:01 . 2011-09-29 07:07 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll
2011-10-01 12:01 . 2011-09-29 07:07 89048 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll
2011-10-01 12:01 . 2011-09-29 07:07 478168 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll
2011-10-01 12:01 . 2011-09-29 00:26 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll
2011-10-01 12:01 . 2011-09-29 00:26 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-07 03:48 . 2009-12-26 22:10 6668624 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-09-29 07:07 . 2011-10-01 12:01 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files\uTorrentBar\tbuTor.dll" [2010-12-09 3911776]
"{EEE6C35D-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll" [2009-10-19 187192]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_CLASSES_ROOT\clsid\{eee6c35d-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-12-09 11:51 3911776 ----a-w- c:\program files\ConduitEngine\ConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3CF7606-E683-4375-A372-96B75DA0AEF7}]
2010-02-11 07:58 185856 ----a-w- c:\program files\Get Styles\enlbrdr.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
2010-12-09 11:51 3911776 ----a-w- c:\program files\uTorrentBar\tbuTor.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2009-10-19 15:15 1345336 ----a-w- c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2009-10-19 1345336]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files\uTorrentBar\tbuTor.dll" [2010-12-09 3911776]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-12-09 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}"= "c:\program files\uTorrentBar\tbuTor.dll" [2010-12-09 3911776]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2009-10-19 1345336]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-12-09 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
"ATnotes.exe"="c:\program files\ATnotes\ATnotes.exe" [2005-01-05 1015808]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-07-20 1545512]
"HotkeyService"="AsusSender.exe" [2009-09-11 33768]
"HotKeyMon"="AsusSender.exe" [2009-09-11 33768]
"SuperHybridEngine"="AsusSender.exe" [2009-09-11 33768]
"ASUS Screen Saver Protector"="c:\windows\AsScrPro.exe" [2009-10-14 3058304]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]
"EeeStorageBackup"="c:\program files\ASUS\Asus WebStorage\BackupService.exe" [2009-08-25 947472]
"Eee Docking"="c:\program files\ASUS\Eee Docking\Eee Docking.exe" [2009-09-25 402608]
"LiveUpdate"="AsusSender.exe" [2009-09-11 33768]
"SynAsusAcpi"="c:\program files\Synaptics\SynTP\SynAsusAcpi.exe" [2009-07-20 83240]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-01 137752]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-01 354840]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-09-11 7739936]
"DigitalZoomControl"="c:\program files\ASUS\DigitalZoomControl\DigitalZoomControl.exe" [2009-10-07 283648]
"SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2009-10-20 111928]
"Adobe Photo Downloader"="c:\program files\Adobe\Adobe Photoshop Lightroom 1.2\apdproxy.exe" [2007-08-30 61440]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-11-29 963976]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AsusVibeLauncher.lnk - c:\program files\ASUS\AsusVibe\AsusVibeLauncher.exe [2011-10-2 549040]
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-7-2 795936]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableSecureUIAPaths"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
"DisableThumbnailCache"=dword:00000001
.
R1 MpKsl30c532b7;MpKsl30c532b7;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6676F5EB-F7F0-4AEB-932F-1A87CAAFD3DF}\MpKsl30c532b7.sys [x]
R1 MpKsl59dcd385;MpKsl59dcd385;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1047F72A-E1D4-453F-861B-B3453B2A9FFD}\MpKsl59dcd385.sys [x]
R1 MpKsl623ffcc4;MpKsl623ffcc4;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{33B6700C-0E18-4407-AA48-4F65150A5B44}\MpKsl623ffcc4.sys [x]
R1 MpKsl6b7d7827;MpKsl6b7d7827;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{33B6700C-0E18-4407-AA48-4F65150A5B44}\MpKsl6b7d7827.sys [x]
R1 MpKslf05a7b99;MpKslf05a7b99;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D2CD5EC0-A960-4640-8A4F-2AA4E87D67CC}\MpKslf05a7b99.sys [x]
R2 AsusService;Asus Launcher Service;c:\windows\System32\AsusService.exe [2009-08-19 219136]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-05-19 136176]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2009-07-01 43944]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 29472]
R3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-05-19 136176]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-03-25 42368]
R3 TrueSight;TrueSight;c:\windows\system32\drivers\TrueSight.sys [2011-10-27 111872]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2010-07-25 1343400]
S1 AsUpIO;AsUpIO;c:\windows\system32\drivers\AsUpIO.sys [2009-10-06 11448]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S3 igd;igd;c:\windows\system32\DRIVERS\igdkmd32.sys [2009-08-27 635168]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x86.sys [2009-11-13 58368]
S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam.sys [2008-01-14 21632]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
.
.
Obsah adresáře 'Naplánované úlohy'
.
2011-10-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-19 17:29]
.
2011-10-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-19 17:29]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://start.icq.com/sm
mStart Page = hxxp://home.sweetim.com
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files\ICQ7.5\ICQ.exe
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Žaneta\AppData\Roaming\Mozilla\Firefox\Profiles\kr76fxqc.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.3.3&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZLfox000&ptb=33gjpuxEiu2hmb69R.GwLg&ind=2010112106&ptnrS=ZLfox000&si=&n=77cfe06a&psa=&st=kwd&searchfor=
FF - Ext: ICQ Toolbar: {800b5000-a755-47e1-992b-48a1c1357f07} - c:\program files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com
FF - Ext: Get Styles: {6236BA26-C117-4007-928C-DE0716C7FA80} - %profile%\extensions\{6236BA26-C117-4007-928C-DE0716C7FA80}
FF - Ext: Usage Stat: {6236BA26-C117-4007-928C-DE0716C7FA96} - %profile%\extensions\{6236BA26-C117-4007-928C-DE0716C7FA96}
FF - Ext: FBFan: {6236BA26-C117-4007-928C-DE0716C7FA99} - %profile%\extensions\{6236BA26-C117-4007-928C-DE0716C7FA99}
FF - Ext: QAssistant: {63414328-3ab4-2c84-6c41-5a473c4b2ff7} - %profile%\extensions\{63414328-3ab4-2c84-6c41-5a473c4b2ff7}
FF - Ext: QAssistant: {63414328-3ab4-2c84-6c41-5a473c4b2ff7} - %profile%\extensions\{63414328-3ab4-2c84-6c41-5a473c4b2ff7}
FF - Ext: U Flv: {7645f4b1-1f19-13dd-2d6b-0200600c2a56} - %profile%\extensions\{7645f4b1-1f19-13dd-2d6b-0200600c2a56}
FF - Ext: {7645f4b1-1f19-13dd-2d6b-0200600c2a56}: {7645f4b1-1f19-13dd-2d6b-0200600c2a56} - %profile%\extensions\{7645f4b1-1f19-13dd-2d6b-0200600c2a56}
FF - Ext: ICQ Toolbar: {800b5000-a755-47e1-992b-48a1c1357f07} - %profile%\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
FF - Ext: KFD Flv: {8675f4b3-2f19-11ed-2d6b-0800600c0a16} - %profile%\extensions\{8675f4b3-2f19-11ed-2d6b-0800600c0a16}
FF - Ext: {8675f4b3-2f19-11ed-2d6b-0800600c0a16}: {8675f4b3-2f19-11ed-2d6b-0800600c0a16} - %profile%\extensions\{8675f4b3-2f19-11ed-2d6b-0800600c0a16}
FF - Ext: VFD Flv: {8675f4b3-2f19-11ed-2d6b-0800600c0a17} - %profile%\extensions\{8675f4b3-2f19-11ed-2d6b-0800600c0a17}
FF - Ext: {8675f4b3-2f19-11ed-2d6b-0800600c0a17}: {8675f4b3-2f19-11ed-2d6b-0800600c0a17} - %profile%\extensions\{8675f4b3-2f19-11ed-2d6b-0800600c0a17}
FF - Ext: uTorrentBar Community Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - %profile%\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
FF - Ext: NoScript: {73a6fe31-595d-460b-a920-fcc0f8843232} - %profile%\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: SweetIM Toolbar for Firefox: {EEE6C361-6118-11DC-9C72-001320C79847} - %profile%\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-2992750339-3050355781-2338329336-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-2992750339-3050355781-2338329336-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'Explorer.exe'(2772)
c:\program files\WIDCOMM\Bluetooth Software\btmmhook.dll
.
Celkový čas: 2011-10-28 15:25:05
ComboFix-quarantined-files.txt 2011-10-28 13:25
ComboFix2.txt 2011-10-28 00:40
.
Před spuštěním: Volných bajtů: 79 869 632 512
Po spuštění: Volných bajtů: 79 817 486 336
.
- - End Of File - - E443FD2D4991EE13CD4A26E73CA33A02
ComboFix 11-10-27.06 - Žaneta 28.10.2011 15:03:43.2.2 - x86
Microsoft Windows 7 Home Premium 6.1.7600.0.1250.420.1029.18.2038.1030 [GMT 2:00]
Spuštěný z: c:\users\Äaneta\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Äaneta\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {BF5CEBDC-F2D3-7540-343C-F0CE11FD6E66}
SP: Microsoft Security Essentials *Disabled/Updated* {043D0A38-D4E9-7ACE-0E8C-CBBC6A7A24DB}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-09-28 do 2011-10-28 )))))))))))))))))))))))))))))))
.
.
2011-10-28 13:19 . 2011-10-28 13:19 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-10-28 00:40 . 2011-10-28 13:19 -------- d-----w- c:\users\Žaneta\AppData\Local\temp
2011-10-27 23:57 . 2011-10-28 00:33 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{06DA2C2C-7A2E-46AC-B1DC-6DFE9A97E1BF}\offreg.dll
2011-10-27 23:28 . 2011-10-27 23:28 -------- d-----w- c:\users\Žaneta\AppData\Roaming\Malwarebytes
2011-10-27 23:28 . 2010-11-29 15:42 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-10-27 23:28 . 2011-10-27 23:28 -------- d-----w- c:\programdata\Malwarebytes
2011-10-27 23:28 . 2011-10-27 23:28 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-10-27 23:28 . 2010-11-29 15:42 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-10-27 21:52 . 2011-10-18 00:28 6668624 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{06DA2C2C-7A2E-46AC-B1DC-6DFE9A97E1BF}\mpengine.dll
2011-10-27 21:44 . 2011-10-27 21:50 -------- d-----w- c:\program files\trend micro
2011-10-27 21:44 . 2011-10-27 21:45 -------- d-----w- C:\rsit
2011-10-27 21:41 . 2011-10-27 21:44 111872 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2011-10-27 00:12 . 2011-10-27 23:53 -------- d-----w- c:\windows\ufa
2011-10-26 18:11 . 2011-10-26 18:11 -------- d--h--w- c:\windows\update.8.1
2011-10-26 18:10 . 2011-10-27 00:12 246272 ----a-w- c:\windows\unrar.exe
2011-10-26 18:09 . 2011-10-26 18:09 -------- d-----w- c:\users\Žaneta\AppData\Roaming\Update
2011-10-26 18:08 . 2011-10-26 18:08 -------- d-----w- c:\users\Žaneta\AppData\Roaming\BS_Temp
2011-10-26 18:08 . 2011-10-26 18:08 -------- d-----w- c:\windows\av_ico
2011-10-26 18:05 . 2011-10-26 18:05 -------- d--h--w- c:\windows\update.tray-14-0
2011-10-26 18:05 . 2011-10-26 18:05 -------- d--h--w- c:\windows\update.tray-14-0-lnk
2011-10-25 12:12 . 2011-10-07 03:48 6668624 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D2CD5EC0-A960-4640-8A4F-2AA4E87D67CC}\mpengine.dll
2011-10-06 17:27 . 2010-01-16 03:11 23000 ----a-w- c:\program files\Mozilla Firefox\components\browserdirprovider.dll
2011-10-06 17:27 . 2010-01-16 03:11 138712 ----a-w- c:\program files\Mozilla Firefox\components\brwsrcmp.dll
2011-10-06 17:27 . 2010-01-16 03:11 64984 ----a-w- c:\program files\Mozilla Firefox\plugins\npnul32.dll
2011-10-06 17:27 . 2010-01-16 03:11 458200 ----a-w- c:\program files\Mozilla Firefox\sqlite3.dll
2011-10-06 17:27 . 2010-01-16 03:11 1014232 ----a-w- c:\program files\Mozilla Firefox\js3250.dll
2011-10-02 14:14 . 2011-10-21 21:47 -------- d-----w- C:\AsusVibeData
2011-10-02 14:06 . 2011-10-02 14:06 -------- d-----w- c:\programdata\ASUS WebStorage
2011-10-01 12:01 . 2011-09-29 07:07 134104 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
2011-10-01 12:01 . 2011-09-29 07:07 773080 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll
2011-10-01 12:01 . 2011-09-29 07:07 16856 ----a-w- c:\program files\Mozilla Firefox\plugin-container.exe
2011-10-01 12:01 . 2011-09-29 07:07 719832 ----a-w- c:\program files\Mozilla Firefox\mozcpp19.dll
2011-10-01 12:01 . 2011-09-29 07:07 1833944 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll
2011-10-01 12:01 . 2011-09-29 07:07 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll
2011-10-01 12:01 . 2011-09-29 07:07 89048 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll
2011-10-01 12:01 . 2011-09-29 07:07 478168 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll
2011-10-01 12:01 . 2011-09-29 00:26 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll
2011-10-01 12:01 . 2011-09-29 00:26 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-07 03:48 . 2009-12-26 22:10 6668624 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-09-29 07:07 . 2011-10-01 12:01 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files\uTorrentBar\tbuTor.dll" [2010-12-09 3911776]
"{EEE6C35D-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll" [2009-10-19 187192]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_CLASSES_ROOT\clsid\{eee6c35d-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-12-09 11:51 3911776 ----a-w- c:\program files\ConduitEngine\ConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3CF7606-E683-4375-A372-96B75DA0AEF7}]
2010-02-11 07:58 185856 ----a-w- c:\program files\Get Styles\enlbrdr.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
2010-12-09 11:51 3911776 ----a-w- c:\program files\uTorrentBar\tbuTor.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2009-10-19 15:15 1345336 ----a-w- c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2009-10-19 1345336]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files\uTorrentBar\tbuTor.dll" [2010-12-09 3911776]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-12-09 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}"= "c:\program files\uTorrentBar\tbuTor.dll" [2010-12-09 3911776]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2009-10-19 1345336]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-12-09 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
"ATnotes.exe"="c:\program files\ATnotes\ATnotes.exe" [2005-01-05 1015808]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-07-20 1545512]
"HotkeyService"="AsusSender.exe" [2009-09-11 33768]
"HotKeyMon"="AsusSender.exe" [2009-09-11 33768]
"SuperHybridEngine"="AsusSender.exe" [2009-09-11 33768]
"ASUS Screen Saver Protector"="c:\windows\AsScrPro.exe" [2009-10-14 3058304]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]
"EeeStorageBackup"="c:\program files\ASUS\Asus WebStorage\BackupService.exe" [2009-08-25 947472]
"Eee Docking"="c:\program files\ASUS\Eee Docking\Eee Docking.exe" [2009-09-25 402608]
"LiveUpdate"="AsusSender.exe" [2009-09-11 33768]
"SynAsusAcpi"="c:\program files\Synaptics\SynTP\SynAsusAcpi.exe" [2009-07-20 83240]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-01 137752]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-01 354840]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-09-11 7739936]
"DigitalZoomControl"="c:\program files\ASUS\DigitalZoomControl\DigitalZoomControl.exe" [2009-10-07 283648]
"SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2009-10-20 111928]
"Adobe Photo Downloader"="c:\program files\Adobe\Adobe Photoshop Lightroom 1.2\apdproxy.exe" [2007-08-30 61440]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-11-29 963976]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AsusVibeLauncher.lnk - c:\program files\ASUS\AsusVibe\AsusVibeLauncher.exe [2011-10-2 549040]
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-7-2 795936]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableSecureUIAPaths"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
"DisableThumbnailCache"=dword:00000001
.
R1 MpKsl30c532b7;MpKsl30c532b7;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6676F5EB-F7F0-4AEB-932F-1A87CAAFD3DF}\MpKsl30c532b7.sys [x]
R1 MpKsl59dcd385;MpKsl59dcd385;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1047F72A-E1D4-453F-861B-B3453B2A9FFD}\MpKsl59dcd385.sys [x]
R1 MpKsl623ffcc4;MpKsl623ffcc4;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{33B6700C-0E18-4407-AA48-4F65150A5B44}\MpKsl623ffcc4.sys [x]
R1 MpKsl6b7d7827;MpKsl6b7d7827;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{33B6700C-0E18-4407-AA48-4F65150A5B44}\MpKsl6b7d7827.sys [x]
R1 MpKslf05a7b99;MpKslf05a7b99;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D2CD5EC0-A960-4640-8A4F-2AA4E87D67CC}\MpKslf05a7b99.sys [x]
R2 AsusService;Asus Launcher Service;c:\windows\System32\AsusService.exe [2009-08-19 219136]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-05-19 136176]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2009-07-01 43944]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 29472]
R3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-05-19 136176]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-03-25 42368]
R3 TrueSight;TrueSight;c:\windows\system32\drivers\TrueSight.sys [2011-10-27 111872]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2010-07-25 1343400]
S1 AsUpIO;AsUpIO;c:\windows\system32\drivers\AsUpIO.sys [2009-10-06 11448]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S3 igd;igd;c:\windows\system32\DRIVERS\igdkmd32.sys [2009-08-27 635168]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x86.sys [2009-11-13 58368]
S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam.sys [2008-01-14 21632]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
.
.
Obsah adresáře 'Naplánované úlohy'
.
2011-10-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-19 17:29]
.
2011-10-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-19 17:29]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://start.icq.com/sm
mStart Page = hxxp://home.sweetim.com
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files\ICQ7.5\ICQ.exe
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Žaneta\AppData\Roaming\Mozilla\Firefox\Profiles\kr76fxqc.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.3.3&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZLfox000&ptb=33gjpuxEiu2hmb69R.GwLg&ind=2010112106&ptnrS=ZLfox000&si=&n=77cfe06a&psa=&st=kwd&searchfor=
FF - Ext: ICQ Toolbar: {800b5000-a755-47e1-992b-48a1c1357f07} - c:\program files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com
FF - Ext: Get Styles: {6236BA26-C117-4007-928C-DE0716C7FA80} - %profile%\extensions\{6236BA26-C117-4007-928C-DE0716C7FA80}
FF - Ext: Usage Stat: {6236BA26-C117-4007-928C-DE0716C7FA96} - %profile%\extensions\{6236BA26-C117-4007-928C-DE0716C7FA96}
FF - Ext: FBFan: {6236BA26-C117-4007-928C-DE0716C7FA99} - %profile%\extensions\{6236BA26-C117-4007-928C-DE0716C7FA99}
FF - Ext: QAssistant: {63414328-3ab4-2c84-6c41-5a473c4b2ff7} - %profile%\extensions\{63414328-3ab4-2c84-6c41-5a473c4b2ff7}
FF - Ext: QAssistant: {63414328-3ab4-2c84-6c41-5a473c4b2ff7} - %profile%\extensions\{63414328-3ab4-2c84-6c41-5a473c4b2ff7}
FF - Ext: U Flv: {7645f4b1-1f19-13dd-2d6b-0200600c2a56} - %profile%\extensions\{7645f4b1-1f19-13dd-2d6b-0200600c2a56}
FF - Ext: {7645f4b1-1f19-13dd-2d6b-0200600c2a56}: {7645f4b1-1f19-13dd-2d6b-0200600c2a56} - %profile%\extensions\{7645f4b1-1f19-13dd-2d6b-0200600c2a56}
FF - Ext: ICQ Toolbar: {800b5000-a755-47e1-992b-48a1c1357f07} - %profile%\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
FF - Ext: KFD Flv: {8675f4b3-2f19-11ed-2d6b-0800600c0a16} - %profile%\extensions\{8675f4b3-2f19-11ed-2d6b-0800600c0a16}
FF - Ext: {8675f4b3-2f19-11ed-2d6b-0800600c0a16}: {8675f4b3-2f19-11ed-2d6b-0800600c0a16} - %profile%\extensions\{8675f4b3-2f19-11ed-2d6b-0800600c0a16}
FF - Ext: VFD Flv: {8675f4b3-2f19-11ed-2d6b-0800600c0a17} - %profile%\extensions\{8675f4b3-2f19-11ed-2d6b-0800600c0a17}
FF - Ext: {8675f4b3-2f19-11ed-2d6b-0800600c0a17}: {8675f4b3-2f19-11ed-2d6b-0800600c0a17} - %profile%\extensions\{8675f4b3-2f19-11ed-2d6b-0800600c0a17}
FF - Ext: uTorrentBar Community Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - %profile%\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
FF - Ext: NoScript: {73a6fe31-595d-460b-a920-fcc0f8843232} - %profile%\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: SweetIM Toolbar for Firefox: {EEE6C361-6118-11DC-9C72-001320C79847} - %profile%\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-2992750339-3050355781-2338329336-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-2992750339-3050355781-2338329336-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'Explorer.exe'(2772)
c:\program files\WIDCOMM\Bluetooth Software\btmmhook.dll
.
Celkový čas: 2011-10-28 15:25:05
ComboFix-quarantined-files.txt 2011-10-28 13:25
ComboFix2.txt 2011-10-28 00:40
.
Před spuštěním: Volných bajtů: 79 869 632 512
Po spuštění: Volných bajtů: 79 817 486 336
.
- - End Of File - - E443FD2D4991EE13CD4A26E73CA33A02
Re: FB vir (ufa)
Nepovedlo se to, zkuste ještě jendou. Asi bude problém v názvu učtu, nebere ten háček 
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Re: FB vir (ufa)
nový pokus, kdyby to nešlo, tak můžu přejmenovat uživatele, což by mohlo pomoct?
ComboFix 11-10-27.06 - Žaneta 28.10.2011 19:20:39.3.2 - x86
Microsoft Windows 7 Home Premium 6.1.7600.0.1250.420.1029.18.2038.1046 [GMT 2:00]
Spuštěný z: c:\users\Äaneta\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Äaneta\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {BF5CEBDC-F2D3-7540-343C-F0CE11FD6E66}
SP: Microsoft Security Essentials *Disabled/Updated* {043D0A38-D4E9-7ACE-0E8C-CBBC6A7A24DB}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-09-28 do 2011-10-28 )))))))))))))))))))))))))))))))
.
.
2011-10-28 17:36 . 2011-10-28 17:36 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-10-28 13:25 . 2011-10-28 17:36 -------- d-----w- c:\users\Žaneta\AppData\Local\temp
2011-10-27 23:57 . 2011-10-28 00:33 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{06DA2C2C-7A2E-46AC-B1DC-6DFE9A97E1BF}\offreg.dll
2011-10-27 23:28 . 2011-10-27 23:28 -------- d-----w- c:\users\Žaneta\AppData\Roaming\Malwarebytes
2011-10-27 23:28 . 2010-11-29 15:42 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-10-27 23:28 . 2011-10-27 23:28 -------- d-----w- c:\programdata\Malwarebytes
2011-10-27 23:28 . 2011-10-27 23:28 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-10-27 23:28 . 2010-11-29 15:42 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-10-27 21:52 . 2011-10-18 00:28 6668624 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{06DA2C2C-7A2E-46AC-B1DC-6DFE9A97E1BF}\mpengine.dll
2011-10-27 21:44 . 2011-10-27 21:50 -------- d-----w- c:\program files\trend micro
2011-10-27 21:44 . 2011-10-27 21:45 -------- d-----w- C:\rsit
2011-10-27 21:41 . 2011-10-27 21:44 111872 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2011-10-27 00:12 . 2011-10-27 23:53 -------- d-----w- c:\windows\ufa
2011-10-26 18:11 . 2011-10-26 18:11 -------- d--h--w- c:\windows\update.8.1
2011-10-26 18:10 . 2011-10-27 00:12 246272 ----a-w- c:\windows\unrar.exe
2011-10-26 18:09 . 2011-10-26 18:09 -------- d-----w- c:\users\Žaneta\AppData\Roaming\Update
2011-10-26 18:08 . 2011-10-26 18:08 -------- d-----w- c:\users\Žaneta\AppData\Roaming\BS_Temp
2011-10-26 18:08 . 2011-10-26 18:08 -------- d-----w- c:\windows\av_ico
2011-10-26 18:05 . 2011-10-26 18:05 -------- d--h--w- c:\windows\update.tray-14-0
2011-10-26 18:05 . 2011-10-26 18:05 -------- d--h--w- c:\windows\update.tray-14-0-lnk
2011-10-25 12:12 . 2011-10-07 03:48 6668624 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D2CD5EC0-A960-4640-8A4F-2AA4E87D67CC}\mpengine.dll
2011-10-06 17:27 . 2010-01-16 03:11 23000 ----a-w- c:\program files\Mozilla Firefox\components\browserdirprovider.dll
2011-10-06 17:27 . 2010-01-16 03:11 138712 ----a-w- c:\program files\Mozilla Firefox\components\brwsrcmp.dll
2011-10-06 17:27 . 2010-01-16 03:11 64984 ----a-w- c:\program files\Mozilla Firefox\plugins\npnul32.dll
2011-10-06 17:27 . 2010-01-16 03:11 458200 ----a-w- c:\program files\Mozilla Firefox\sqlite3.dll
2011-10-06 17:27 . 2010-01-16 03:11 1014232 ----a-w- c:\program files\Mozilla Firefox\js3250.dll
2011-10-02 14:14 . 2011-10-21 21:47 -------- d-----w- C:\AsusVibeData
2011-10-02 14:06 . 2011-10-02 14:06 -------- d-----w- c:\programdata\ASUS WebStorage
2011-10-01 12:01 . 2011-09-29 07:07 134104 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
2011-10-01 12:01 . 2011-09-29 07:07 773080 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll
2011-10-01 12:01 . 2011-09-29 07:07 16856 ----a-w- c:\program files\Mozilla Firefox\plugin-container.exe
2011-10-01 12:01 . 2011-09-29 07:07 719832 ----a-w- c:\program files\Mozilla Firefox\mozcpp19.dll
2011-10-01 12:01 . 2011-09-29 07:07 1833944 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll
2011-10-01 12:01 . 2011-09-29 07:07 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll
2011-10-01 12:01 . 2011-09-29 07:07 89048 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll
2011-10-01 12:01 . 2011-09-29 07:07 478168 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll
2011-10-01 12:01 . 2011-09-29 00:26 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll
2011-10-01 12:01 . 2011-09-29 00:26 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-07 03:48 . 2009-12-26 22:10 6668624 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-09-29 07:07 . 2011-10-01 12:01 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files\uTorrentBar\tbuTor.dll" [2010-12-09 3911776]
"{EEE6C35D-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll" [2009-10-19 187192]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_CLASSES_ROOT\clsid\{eee6c35d-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-12-09 11:51 3911776 ----a-w- c:\program files\ConduitEngine\ConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3CF7606-E683-4375-A372-96B75DA0AEF7}]
2010-02-11 07:58 185856 ----a-w- c:\program files\Get Styles\enlbrdr.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
2010-12-09 11:51 3911776 ----a-w- c:\program files\uTorrentBar\tbuTor.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2009-10-19 15:15 1345336 ----a-w- c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2009-10-19 1345336]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files\uTorrentBar\tbuTor.dll" [2010-12-09 3911776]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-12-09 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}"= "c:\program files\uTorrentBar\tbuTor.dll" [2010-12-09 3911776]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2009-10-19 1345336]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-12-09 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
"ATnotes.exe"="c:\program files\ATnotes\ATnotes.exe" [2005-01-05 1015808]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-07-20 1545512]
"HotkeyService"="AsusSender.exe" [2009-09-11 33768]
"HotKeyMon"="AsusSender.exe" [2009-09-11 33768]
"SuperHybridEngine"="AsusSender.exe" [2009-09-11 33768]
"ASUS Screen Saver Protector"="c:\windows\AsScrPro.exe" [2009-10-14 3058304]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]
"EeeStorageBackup"="c:\program files\ASUS\Asus WebStorage\BackupService.exe" [2009-08-25 947472]
"Eee Docking"="c:\program files\ASUS\Eee Docking\Eee Docking.exe" [2009-09-25 402608]
"LiveUpdate"="AsusSender.exe" [2009-09-11 33768]
"SynAsusAcpi"="c:\program files\Synaptics\SynTP\SynAsusAcpi.exe" [2009-07-20 83240]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-01 137752]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-01 354840]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-09-11 7739936]
"DigitalZoomControl"="c:\program files\ASUS\DigitalZoomControl\DigitalZoomControl.exe" [2009-10-07 283648]
"SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2009-10-20 111928]
"Adobe Photo Downloader"="c:\program files\Adobe\Adobe Photoshop Lightroom 1.2\apdproxy.exe" [2007-08-30 61440]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-11-29 963976]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AsusVibeLauncher.lnk - c:\program files\ASUS\AsusVibe\AsusVibeLauncher.exe [2011-10-2 549040]
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-7-2 795936]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableSecureUIAPaths"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
"DisableThumbnailCache"=dword:00000001
.
R1 MpKsl30c532b7;MpKsl30c532b7;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6676F5EB-F7F0-4AEB-932F-1A87CAAFD3DF}\MpKsl30c532b7.sys [x]
R1 MpKsl59dcd385;MpKsl59dcd385;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1047F72A-E1D4-453F-861B-B3453B2A9FFD}\MpKsl59dcd385.sys [x]
R1 MpKsl623ffcc4;MpKsl623ffcc4;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{33B6700C-0E18-4407-AA48-4F65150A5B44}\MpKsl623ffcc4.sys [x]
R1 MpKsl6b7d7827;MpKsl6b7d7827;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{33B6700C-0E18-4407-AA48-4F65150A5B44}\MpKsl6b7d7827.sys [x]
R1 MpKslf05a7b99;MpKslf05a7b99;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D2CD5EC0-A960-4640-8A4F-2AA4E87D67CC}\MpKslf05a7b99.sys [x]
R2 AsusService;Asus Launcher Service;c:\windows\System32\AsusService.exe [2009-08-19 219136]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-05-19 136176]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2009-07-01 43944]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 29472]
R3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-05-19 136176]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-03-25 42368]
R3 TrueSight;TrueSight;c:\windows\system32\drivers\TrueSight.sys [2011-10-27 111872]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2010-07-25 1343400]
S1 AsUpIO;AsUpIO;c:\windows\system32\drivers\AsUpIO.sys [2009-10-06 11448]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S3 igd;igd;c:\windows\system32\DRIVERS\igdkmd32.sys [2009-08-27 635168]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x86.sys [2009-11-13 58368]
S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam.sys [2008-01-14 21632]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
.
.
Obsah adresáře 'Naplánované úlohy'
.
2011-10-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-19 17:29]
.
2011-10-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-19 17:29]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://start.icq.com/sm
mStart Page = hxxp://home.sweetim.com
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files\ICQ7.5\ICQ.exe
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Žaneta\AppData\Roaming\Mozilla\Firefox\Profiles\kr76fxqc.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.3.3&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZLfox000&ptb=33gjpuxEiu2hmb69R.GwLg&ind=2010112106&ptnrS=ZLfox000&si=&n=77cfe06a&psa=&st=kwd&searchfor=
FF - Ext: ICQ Toolbar: {800b5000-a755-47e1-992b-48a1c1357f07} - c:\program files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com
FF - Ext: Get Styles: {6236BA26-C117-4007-928C-DE0716C7FA80} - %profile%\extensions\{6236BA26-C117-4007-928C-DE0716C7FA80}
FF - Ext: Usage Stat: {6236BA26-C117-4007-928C-DE0716C7FA96} - %profile%\extensions\{6236BA26-C117-4007-928C-DE0716C7FA96}
FF - Ext: FBFan: {6236BA26-C117-4007-928C-DE0716C7FA99} - %profile%\extensions\{6236BA26-C117-4007-928C-DE0716C7FA99}
FF - Ext: QAssistant: {63414328-3ab4-2c84-6c41-5a473c4b2ff7} - %profile%\extensions\{63414328-3ab4-2c84-6c41-5a473c4b2ff7}
FF - Ext: QAssistant: {63414328-3ab4-2c84-6c41-5a473c4b2ff7} - %profile%\extensions\{63414328-3ab4-2c84-6c41-5a473c4b2ff7}
FF - Ext: U Flv: {7645f4b1-1f19-13dd-2d6b-0200600c2a56} - %profile%\extensions\{7645f4b1-1f19-13dd-2d6b-0200600c2a56}
FF - Ext: {7645f4b1-1f19-13dd-2d6b-0200600c2a56}: {7645f4b1-1f19-13dd-2d6b-0200600c2a56} - %profile%\extensions\{7645f4b1-1f19-13dd-2d6b-0200600c2a56}
FF - Ext: ICQ Toolbar: {800b5000-a755-47e1-992b-48a1c1357f07} - %profile%\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
FF - Ext: KFD Flv: {8675f4b3-2f19-11ed-2d6b-0800600c0a16} - %profile%\extensions\{8675f4b3-2f19-11ed-2d6b-0800600c0a16}
FF - Ext: {8675f4b3-2f19-11ed-2d6b-0800600c0a16}: {8675f4b3-2f19-11ed-2d6b-0800600c0a16} - %profile%\extensions\{8675f4b3-2f19-11ed-2d6b-0800600c0a16}
FF - Ext: VFD Flv: {8675f4b3-2f19-11ed-2d6b-0800600c0a17} - %profile%\extensions\{8675f4b3-2f19-11ed-2d6b-0800600c0a17}
FF - Ext: {8675f4b3-2f19-11ed-2d6b-0800600c0a17}: {8675f4b3-2f19-11ed-2d6b-0800600c0a17} - %profile%\extensions\{8675f4b3-2f19-11ed-2d6b-0800600c0a17}
FF - Ext: uTorrentBar Community Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - %profile%\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
FF - Ext: NoScript: {73a6fe31-595d-460b-a920-fcc0f8843232} - %profile%\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: SweetIM Toolbar for Firefox: {EEE6C361-6118-11DC-9C72-001320C79847} - %profile%\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-2992750339-3050355781-2338329336-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-2992750339-3050355781-2338329336-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'Explorer.exe'(3060)
c:\program files\WIDCOMM\Bluetooth Software\btmmhook.dll
.
Celkový čas: 2011-10-28 19:42:22
ComboFix-quarantined-files.txt 2011-10-28 17:42
ComboFix2.txt 2011-10-28 13:25
ComboFix3.txt 2011-10-28 00:40
.
Před spuštěním: Volných bajtů: 79 294 861 312
Po spuštění: Volných bajtů: 79 011 323 904
.
- - End Of File - - 58E2678E4828E0851F3356C47F9E6D73
ComboFix 11-10-27.06 - Žaneta 28.10.2011 19:20:39.3.2 - x86
Microsoft Windows 7 Home Premium 6.1.7600.0.1250.420.1029.18.2038.1046 [GMT 2:00]
Spuštěný z: c:\users\Äaneta\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Äaneta\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {BF5CEBDC-F2D3-7540-343C-F0CE11FD6E66}
SP: Microsoft Security Essentials *Disabled/Updated* {043D0A38-D4E9-7ACE-0E8C-CBBC6A7A24DB}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-09-28 do 2011-10-28 )))))))))))))))))))))))))))))))
.
.
2011-10-28 17:36 . 2011-10-28 17:36 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-10-28 13:25 . 2011-10-28 17:36 -------- d-----w- c:\users\Žaneta\AppData\Local\temp
2011-10-27 23:57 . 2011-10-28 00:33 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{06DA2C2C-7A2E-46AC-B1DC-6DFE9A97E1BF}\offreg.dll
2011-10-27 23:28 . 2011-10-27 23:28 -------- d-----w- c:\users\Žaneta\AppData\Roaming\Malwarebytes
2011-10-27 23:28 . 2010-11-29 15:42 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-10-27 23:28 . 2011-10-27 23:28 -------- d-----w- c:\programdata\Malwarebytes
2011-10-27 23:28 . 2011-10-27 23:28 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-10-27 23:28 . 2010-11-29 15:42 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-10-27 21:52 . 2011-10-18 00:28 6668624 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{06DA2C2C-7A2E-46AC-B1DC-6DFE9A97E1BF}\mpengine.dll
2011-10-27 21:44 . 2011-10-27 21:50 -------- d-----w- c:\program files\trend micro
2011-10-27 21:44 . 2011-10-27 21:45 -------- d-----w- C:\rsit
2011-10-27 21:41 . 2011-10-27 21:44 111872 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2011-10-27 00:12 . 2011-10-27 23:53 -------- d-----w- c:\windows\ufa
2011-10-26 18:11 . 2011-10-26 18:11 -------- d--h--w- c:\windows\update.8.1
2011-10-26 18:10 . 2011-10-27 00:12 246272 ----a-w- c:\windows\unrar.exe
2011-10-26 18:09 . 2011-10-26 18:09 -------- d-----w- c:\users\Žaneta\AppData\Roaming\Update
2011-10-26 18:08 . 2011-10-26 18:08 -------- d-----w- c:\users\Žaneta\AppData\Roaming\BS_Temp
2011-10-26 18:08 . 2011-10-26 18:08 -------- d-----w- c:\windows\av_ico
2011-10-26 18:05 . 2011-10-26 18:05 -------- d--h--w- c:\windows\update.tray-14-0
2011-10-26 18:05 . 2011-10-26 18:05 -------- d--h--w- c:\windows\update.tray-14-0-lnk
2011-10-25 12:12 . 2011-10-07 03:48 6668624 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D2CD5EC0-A960-4640-8A4F-2AA4E87D67CC}\mpengine.dll
2011-10-06 17:27 . 2010-01-16 03:11 23000 ----a-w- c:\program files\Mozilla Firefox\components\browserdirprovider.dll
2011-10-06 17:27 . 2010-01-16 03:11 138712 ----a-w- c:\program files\Mozilla Firefox\components\brwsrcmp.dll
2011-10-06 17:27 . 2010-01-16 03:11 64984 ----a-w- c:\program files\Mozilla Firefox\plugins\npnul32.dll
2011-10-06 17:27 . 2010-01-16 03:11 458200 ----a-w- c:\program files\Mozilla Firefox\sqlite3.dll
2011-10-06 17:27 . 2010-01-16 03:11 1014232 ----a-w- c:\program files\Mozilla Firefox\js3250.dll
2011-10-02 14:14 . 2011-10-21 21:47 -------- d-----w- C:\AsusVibeData
2011-10-02 14:06 . 2011-10-02 14:06 -------- d-----w- c:\programdata\ASUS WebStorage
2011-10-01 12:01 . 2011-09-29 07:07 134104 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
2011-10-01 12:01 . 2011-09-29 07:07 773080 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll
2011-10-01 12:01 . 2011-09-29 07:07 16856 ----a-w- c:\program files\Mozilla Firefox\plugin-container.exe
2011-10-01 12:01 . 2011-09-29 07:07 719832 ----a-w- c:\program files\Mozilla Firefox\mozcpp19.dll
2011-10-01 12:01 . 2011-09-29 07:07 1833944 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll
2011-10-01 12:01 . 2011-09-29 07:07 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll
2011-10-01 12:01 . 2011-09-29 07:07 89048 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll
2011-10-01 12:01 . 2011-09-29 07:07 478168 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll
2011-10-01 12:01 . 2011-09-29 00:26 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll
2011-10-01 12:01 . 2011-09-29 00:26 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-07 03:48 . 2009-12-26 22:10 6668624 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-09-29 07:07 . 2011-10-01 12:01 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files\uTorrentBar\tbuTor.dll" [2010-12-09 3911776]
"{EEE6C35D-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll" [2009-10-19 187192]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_CLASSES_ROOT\clsid\{eee6c35d-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-12-09 11:51 3911776 ----a-w- c:\program files\ConduitEngine\ConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3CF7606-E683-4375-A372-96B75DA0AEF7}]
2010-02-11 07:58 185856 ----a-w- c:\program files\Get Styles\enlbrdr.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
2010-12-09 11:51 3911776 ----a-w- c:\program files\uTorrentBar\tbuTor.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2009-10-19 15:15 1345336 ----a-w- c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2009-10-19 1345336]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files\uTorrentBar\tbuTor.dll" [2010-12-09 3911776]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-12-09 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}"= "c:\program files\uTorrentBar\tbuTor.dll" [2010-12-09 3911776]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2009-10-19 1345336]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-12-09 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
"ATnotes.exe"="c:\program files\ATnotes\ATnotes.exe" [2005-01-05 1015808]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-07-20 1545512]
"HotkeyService"="AsusSender.exe" [2009-09-11 33768]
"HotKeyMon"="AsusSender.exe" [2009-09-11 33768]
"SuperHybridEngine"="AsusSender.exe" [2009-09-11 33768]
"ASUS Screen Saver Protector"="c:\windows\AsScrPro.exe" [2009-10-14 3058304]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]
"EeeStorageBackup"="c:\program files\ASUS\Asus WebStorage\BackupService.exe" [2009-08-25 947472]
"Eee Docking"="c:\program files\ASUS\Eee Docking\Eee Docking.exe" [2009-09-25 402608]
"LiveUpdate"="AsusSender.exe" [2009-09-11 33768]
"SynAsusAcpi"="c:\program files\Synaptics\SynTP\SynAsusAcpi.exe" [2009-07-20 83240]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-01 137752]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-01 354840]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-09-11 7739936]
"DigitalZoomControl"="c:\program files\ASUS\DigitalZoomControl\DigitalZoomControl.exe" [2009-10-07 283648]
"SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2009-10-20 111928]
"Adobe Photo Downloader"="c:\program files\Adobe\Adobe Photoshop Lightroom 1.2\apdproxy.exe" [2007-08-30 61440]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-11-29 963976]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AsusVibeLauncher.lnk - c:\program files\ASUS\AsusVibe\AsusVibeLauncher.exe [2011-10-2 549040]
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-7-2 795936]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableSecureUIAPaths"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
"DisableThumbnailCache"=dword:00000001
.
R1 MpKsl30c532b7;MpKsl30c532b7;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6676F5EB-F7F0-4AEB-932F-1A87CAAFD3DF}\MpKsl30c532b7.sys [x]
R1 MpKsl59dcd385;MpKsl59dcd385;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1047F72A-E1D4-453F-861B-B3453B2A9FFD}\MpKsl59dcd385.sys [x]
R1 MpKsl623ffcc4;MpKsl623ffcc4;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{33B6700C-0E18-4407-AA48-4F65150A5B44}\MpKsl623ffcc4.sys [x]
R1 MpKsl6b7d7827;MpKsl6b7d7827;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{33B6700C-0E18-4407-AA48-4F65150A5B44}\MpKsl6b7d7827.sys [x]
R1 MpKslf05a7b99;MpKslf05a7b99;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D2CD5EC0-A960-4640-8A4F-2AA4E87D67CC}\MpKslf05a7b99.sys [x]
R2 AsusService;Asus Launcher Service;c:\windows\System32\AsusService.exe [2009-08-19 219136]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-05-19 136176]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2009-07-01 43944]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 29472]
R3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-05-19 136176]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-03-25 42368]
R3 TrueSight;TrueSight;c:\windows\system32\drivers\TrueSight.sys [2011-10-27 111872]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2010-07-25 1343400]
S1 AsUpIO;AsUpIO;c:\windows\system32\drivers\AsUpIO.sys [2009-10-06 11448]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S3 igd;igd;c:\windows\system32\DRIVERS\igdkmd32.sys [2009-08-27 635168]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x86.sys [2009-11-13 58368]
S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam.sys [2008-01-14 21632]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
.
.
Obsah adresáře 'Naplánované úlohy'
.
2011-10-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-19 17:29]
.
2011-10-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-19 17:29]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://start.icq.com/sm
mStart Page = hxxp://home.sweetim.com
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files\ICQ7.5\ICQ.exe
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Žaneta\AppData\Roaming\Mozilla\Firefox\Profiles\kr76fxqc.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.3.3&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZLfox000&ptb=33gjpuxEiu2hmb69R.GwLg&ind=2010112106&ptnrS=ZLfox000&si=&n=77cfe06a&psa=&st=kwd&searchfor=
FF - Ext: ICQ Toolbar: {800b5000-a755-47e1-992b-48a1c1357f07} - c:\program files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com
FF - Ext: Get Styles: {6236BA26-C117-4007-928C-DE0716C7FA80} - %profile%\extensions\{6236BA26-C117-4007-928C-DE0716C7FA80}
FF - Ext: Usage Stat: {6236BA26-C117-4007-928C-DE0716C7FA96} - %profile%\extensions\{6236BA26-C117-4007-928C-DE0716C7FA96}
FF - Ext: FBFan: {6236BA26-C117-4007-928C-DE0716C7FA99} - %profile%\extensions\{6236BA26-C117-4007-928C-DE0716C7FA99}
FF - Ext: QAssistant: {63414328-3ab4-2c84-6c41-5a473c4b2ff7} - %profile%\extensions\{63414328-3ab4-2c84-6c41-5a473c4b2ff7}
FF - Ext: QAssistant: {63414328-3ab4-2c84-6c41-5a473c4b2ff7} - %profile%\extensions\{63414328-3ab4-2c84-6c41-5a473c4b2ff7}
FF - Ext: U Flv: {7645f4b1-1f19-13dd-2d6b-0200600c2a56} - %profile%\extensions\{7645f4b1-1f19-13dd-2d6b-0200600c2a56}
FF - Ext: {7645f4b1-1f19-13dd-2d6b-0200600c2a56}: {7645f4b1-1f19-13dd-2d6b-0200600c2a56} - %profile%\extensions\{7645f4b1-1f19-13dd-2d6b-0200600c2a56}
FF - Ext: ICQ Toolbar: {800b5000-a755-47e1-992b-48a1c1357f07} - %profile%\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
FF - Ext: KFD Flv: {8675f4b3-2f19-11ed-2d6b-0800600c0a16} - %profile%\extensions\{8675f4b3-2f19-11ed-2d6b-0800600c0a16}
FF - Ext: {8675f4b3-2f19-11ed-2d6b-0800600c0a16}: {8675f4b3-2f19-11ed-2d6b-0800600c0a16} - %profile%\extensions\{8675f4b3-2f19-11ed-2d6b-0800600c0a16}
FF - Ext: VFD Flv: {8675f4b3-2f19-11ed-2d6b-0800600c0a17} - %profile%\extensions\{8675f4b3-2f19-11ed-2d6b-0800600c0a17}
FF - Ext: {8675f4b3-2f19-11ed-2d6b-0800600c0a17}: {8675f4b3-2f19-11ed-2d6b-0800600c0a17} - %profile%\extensions\{8675f4b3-2f19-11ed-2d6b-0800600c0a17}
FF - Ext: uTorrentBar Community Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - %profile%\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
FF - Ext: NoScript: {73a6fe31-595d-460b-a920-fcc0f8843232} - %profile%\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: SweetIM Toolbar for Firefox: {EEE6C361-6118-11DC-9C72-001320C79847} - %profile%\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-2992750339-3050355781-2338329336-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-2992750339-3050355781-2338329336-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'Explorer.exe'(3060)
c:\program files\WIDCOMM\Bluetooth Software\btmmhook.dll
.
Celkový čas: 2011-10-28 19:42:22
ComboFix-quarantined-files.txt 2011-10-28 17:42
ComboFix2.txt 2011-10-28 13:25
ComboFix3.txt 2011-10-28 00:40
.
Před spuštěním: Volných bajtů: 79 294 861 312
Po spuštění: Volných bajtů: 79 011 323 904
.
- - End Of File - - 58E2678E4828E0851F3356C47F9E6D73
Re: FB vir (ufa)
Nepomohlo, zkuste Äaneta přejmenovat třeba jen na Zanetu bez háčku.
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Re: FB vir (ufa)
Změnil jsem uživatele na Zaneta. Restartoval počítač a upravil script. Vypadá to, že to nepomohlo.
ComboFix 11-10-27.06 - Žaneta 28.10.2011 23:03:23.4.2 - x86
Microsoft Windows 7 Home Premium 6.1.7600.0.1250.420.1029.18.2038.1209 [GMT 2:00]
Spuštěný z: c:\users\Äaneta\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Äaneta\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {BF5CEBDC-F2D3-7540-343C-F0CE11FD6E66}
SP: Microsoft Security Essentials *Disabled/Updated* {043D0A38-D4E9-7ACE-0E8C-CBBC6A7A24DB}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-09-28 do 2011-10-28 )))))))))))))))))))))))))))))))
.
.
2011-10-28 21:19 . 2011-10-28 21:19 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-10-28 20:56 . 2011-10-28 20:56 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{06DA2C2C-7A2E-46AC-B1DC-6DFE9A97E1BF}\offreg.dll
2011-10-28 17:42 . 2011-10-28 21:19 -------- d-----w- c:\users\Žaneta\AppData\Local\temp
2011-10-27 23:28 . 2011-10-27 23:28 -------- d-----w- c:\users\Žaneta\AppData\Roaming\Malwarebytes
2011-10-27 23:28 . 2010-11-29 15:42 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-10-27 23:28 . 2011-10-27 23:28 -------- d-----w- c:\programdata\Malwarebytes
2011-10-27 23:28 . 2011-10-27 23:28 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-10-27 23:28 . 2010-11-29 15:42 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-10-27 21:52 . 2011-10-18 00:28 6668624 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{06DA2C2C-7A2E-46AC-B1DC-6DFE9A97E1BF}\mpengine.dll
2011-10-27 21:44 . 2011-10-27 21:50 -------- d-----w- c:\program files\trend micro
2011-10-27 21:44 . 2011-10-27 21:45 -------- d-----w- C:\rsit
2011-10-27 21:41 . 2011-10-27 21:44 111872 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2011-10-27 00:12 . 2011-10-27 23:53 -------- d-----w- c:\windows\ufa
2011-10-26 18:11 . 2011-10-26 18:11 -------- d--h--w- c:\windows\update.8.1
2011-10-26 18:10 . 2011-10-27 00:12 246272 ----a-w- c:\windows\unrar.exe
2011-10-26 18:09 . 2011-10-26 18:09 -------- d-----w- c:\users\Žaneta\AppData\Roaming\Update
2011-10-26 18:08 . 2011-10-26 18:08 -------- d-----w- c:\users\Žaneta\AppData\Roaming\BS_Temp
2011-10-26 18:08 . 2011-10-26 18:08 -------- d-----w- c:\windows\av_ico
2011-10-26 18:05 . 2011-10-26 18:05 -------- d--h--w- c:\windows\update.tray-14-0
2011-10-26 18:05 . 2011-10-26 18:05 -------- d--h--w- c:\windows\update.tray-14-0-lnk
2011-10-25 12:12 . 2011-10-07 03:48 6668624 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D2CD5EC0-A960-4640-8A4F-2AA4E87D67CC}\mpengine.dll
2011-10-06 17:27 . 2010-01-16 03:11 23000 ----a-w- c:\program files\Mozilla Firefox\components\browserdirprovider.dll
2011-10-06 17:27 . 2010-01-16 03:11 138712 ----a-w- c:\program files\Mozilla Firefox\components\brwsrcmp.dll
2011-10-06 17:27 . 2010-01-16 03:11 64984 ----a-w- c:\program files\Mozilla Firefox\plugins\npnul32.dll
2011-10-06 17:27 . 2010-01-16 03:11 458200 ----a-w- c:\program files\Mozilla Firefox\sqlite3.dll
2011-10-06 17:27 . 2010-01-16 03:11 1014232 ----a-w- c:\program files\Mozilla Firefox\js3250.dll
2011-10-02 14:14 . 2011-10-21 21:47 -------- d-----w- C:\AsusVibeData
2011-10-02 14:06 . 2011-10-02 14:06 -------- d-----w- c:\programdata\ASUS WebStorage
2011-10-01 12:01 . 2011-09-29 07:07 134104 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
2011-10-01 12:01 . 2011-09-29 07:07 773080 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll
2011-10-01 12:01 . 2011-09-29 07:07 16856 ----a-w- c:\program files\Mozilla Firefox\plugin-container.exe
2011-10-01 12:01 . 2011-09-29 07:07 719832 ----a-w- c:\program files\Mozilla Firefox\mozcpp19.dll
2011-10-01 12:01 . 2011-09-29 07:07 1833944 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll
2011-10-01 12:01 . 2011-09-29 07:07 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll
2011-10-01 12:01 . 2011-09-29 07:07 89048 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll
2011-10-01 12:01 . 2011-09-29 07:07 478168 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll
2011-10-01 12:01 . 2011-09-29 00:26 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll
2011-10-01 12:01 . 2011-09-29 00:26 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-07 03:48 . 2009-12-26 22:10 6668624 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-09-29 07:07 . 2011-10-01 12:01 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files\uTorrentBar\tbuTor.dll" [2010-12-09 3911776]
"{EEE6C35D-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll" [2009-10-19 187192]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_CLASSES_ROOT\clsid\{eee6c35d-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-12-09 11:51 3911776 ----a-w- c:\program files\ConduitEngine\ConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3CF7606-E683-4375-A372-96B75DA0AEF7}]
2010-02-11 07:58 185856 ----a-w- c:\program files\Get Styles\enlbrdr.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
2010-12-09 11:51 3911776 ----a-w- c:\program files\uTorrentBar\tbuTor.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2009-10-19 15:15 1345336 ----a-w- c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2009-10-19 1345336]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files\uTorrentBar\tbuTor.dll" [2010-12-09 3911776]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-12-09 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}"= "c:\program files\uTorrentBar\tbuTor.dll" [2010-12-09 3911776]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2009-10-19 1345336]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-12-09 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
"ATnotes.exe"="c:\program files\ATnotes\ATnotes.exe" [2005-01-05 1015808]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-07-20 1545512]
"HotkeyService"="AsusSender.exe" [2009-09-11 33768]
"HotKeyMon"="AsusSender.exe" [2009-09-11 33768]
"SuperHybridEngine"="AsusSender.exe" [2009-09-11 33768]
"ASUS Screen Saver Protector"="c:\windows\AsScrPro.exe" [2009-10-14 3058304]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]
"EeeStorageBackup"="c:\program files\ASUS\Asus WebStorage\BackupService.exe" [2009-08-25 947472]
"Eee Docking"="c:\program files\ASUS\Eee Docking\Eee Docking.exe" [2009-09-25 402608]
"LiveUpdate"="AsusSender.exe" [2009-09-11 33768]
"SynAsusAcpi"="c:\program files\Synaptics\SynTP\SynAsusAcpi.exe" [2009-07-20 83240]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-01 137752]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-01 354840]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-09-11 7739936]
"DigitalZoomControl"="c:\program files\ASUS\DigitalZoomControl\DigitalZoomControl.exe" [2009-10-07 283648]
"SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2009-10-20 111928]
"Adobe Photo Downloader"="c:\program files\Adobe\Adobe Photoshop Lightroom 1.2\apdproxy.exe" [2007-08-30 61440]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-11-29 963976]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AsusVibeLauncher.lnk - c:\program files\ASUS\AsusVibe\AsusVibeLauncher.exe [2011-10-2 549040]
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-7-2 795936]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableSecureUIAPaths"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
"DisableThumbnailCache"=dword:00000001
.
R1 MpKsl30c532b7;MpKsl30c532b7;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6676F5EB-F7F0-4AEB-932F-1A87CAAFD3DF}\MpKsl30c532b7.sys [x]
R1 MpKsl59dcd385;MpKsl59dcd385;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1047F72A-E1D4-453F-861B-B3453B2A9FFD}\MpKsl59dcd385.sys [x]
R1 MpKsl623ffcc4;MpKsl623ffcc4;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{33B6700C-0E18-4407-AA48-4F65150A5B44}\MpKsl623ffcc4.sys [x]
R1 MpKsl6b7d7827;MpKsl6b7d7827;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{33B6700C-0E18-4407-AA48-4F65150A5B44}\MpKsl6b7d7827.sys [x]
R1 MpKslf05a7b99;MpKslf05a7b99;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D2CD5EC0-A960-4640-8A4F-2AA4E87D67CC}\MpKslf05a7b99.sys [x]
R2 AsusService;Asus Launcher Service;c:\windows\System32\AsusService.exe [2009-08-19 219136]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-05-19 136176]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2009-07-01 43944]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 29472]
R3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-05-19 136176]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-03-25 42368]
R3 TrueSight;TrueSight;c:\windows\system32\drivers\TrueSight.sys [2011-10-27 111872]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2010-07-25 1343400]
S1 AsUpIO;AsUpIO;c:\windows\system32\drivers\AsUpIO.sys [2009-10-06 11448]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S3 igd;igd;c:\windows\system32\DRIVERS\igdkmd32.sys [2009-08-27 635168]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x86.sys [2009-11-13 58368]
S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam.sys [2008-01-14 21632]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
.
.
Obsah adresáře 'Naplánované úlohy'
.
2011-10-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-19 17:29]
.
2011-10-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-19 17:29]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://start.icq.com/sm
mStart Page = hxxp://home.sweetim.com
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files\ICQ7.5\ICQ.exe
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Žaneta\AppData\Roaming\Mozilla\Firefox\Profiles\kr76fxqc.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.3.3&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZLfox000&ptb=33gjpuxEiu2hmb69R.GwLg&ind=2010112106&ptnrS=ZLfox000&si=&n=77cfe06a&psa=&st=kwd&searchfor=
FF - Ext: ICQ Toolbar: {800b5000-a755-47e1-992b-48a1c1357f07} - c:\program files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com
FF - Ext: Get Styles: {6236BA26-C117-4007-928C-DE0716C7FA80} - %profile%\extensions\{6236BA26-C117-4007-928C-DE0716C7FA80}
FF - Ext: Usage Stat: {6236BA26-C117-4007-928C-DE0716C7FA96} - %profile%\extensions\{6236BA26-C117-4007-928C-DE0716C7FA96}
FF - Ext: FBFan: {6236BA26-C117-4007-928C-DE0716C7FA99} - %profile%\extensions\{6236BA26-C117-4007-928C-DE0716C7FA99}
FF - Ext: QAssistant: {63414328-3ab4-2c84-6c41-5a473c4b2ff7} - %profile%\extensions\{63414328-3ab4-2c84-6c41-5a473c4b2ff7}
FF - Ext: QAssistant: {63414328-3ab4-2c84-6c41-5a473c4b2ff7} - %profile%\extensions\{63414328-3ab4-2c84-6c41-5a473c4b2ff7}
FF - Ext: U Flv: {7645f4b1-1f19-13dd-2d6b-0200600c2a56} - %profile%\extensions\{7645f4b1-1f19-13dd-2d6b-0200600c2a56}
FF - Ext: {7645f4b1-1f19-13dd-2d6b-0200600c2a56}: {7645f4b1-1f19-13dd-2d6b-0200600c2a56} - %profile%\extensions\{7645f4b1-1f19-13dd-2d6b-0200600c2a56}
FF - Ext: ICQ Toolbar: {800b5000-a755-47e1-992b-48a1c1357f07} - %profile%\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
FF - Ext: KFD Flv: {8675f4b3-2f19-11ed-2d6b-0800600c0a16} - %profile%\extensions\{8675f4b3-2f19-11ed-2d6b-0800600c0a16}
FF - Ext: {8675f4b3-2f19-11ed-2d6b-0800600c0a16}: {8675f4b3-2f19-11ed-2d6b-0800600c0a16} - %profile%\extensions\{8675f4b3-2f19-11ed-2d6b-0800600c0a16}
FF - Ext: VFD Flv: {8675f4b3-2f19-11ed-2d6b-0800600c0a17} - %profile%\extensions\{8675f4b3-2f19-11ed-2d6b-0800600c0a17}
FF - Ext: {8675f4b3-2f19-11ed-2d6b-0800600c0a17}: {8675f4b3-2f19-11ed-2d6b-0800600c0a17} - %profile%\extensions\{8675f4b3-2f19-11ed-2d6b-0800600c0a17}
FF - Ext: uTorrentBar Community Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - %profile%\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
FF - Ext: NoScript: {73a6fe31-595d-460b-a920-fcc0f8843232} - %profile%\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: SweetIM Toolbar for Firefox: {EEE6C361-6118-11DC-9C72-001320C79847} - %profile%\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-2992750339-3050355781-2338329336-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-2992750339-3050355781-2338329336-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'Explorer.exe'(4048)
c:\program files\WIDCOMM\Bluetooth Software\btmmhook.dll
.
Celkový čas: 2011-10-28 23:26:23
ComboFix-quarantined-files.txt 2011-10-28 21:26
ComboFix2.txt 2011-10-28 17:42
ComboFix3.txt 2011-10-28 13:25
ComboFix4.txt 2011-10-28 00:40
.
Před spuštěním: Volných bajtů: 79 015 837 696
Po spuštění: Volných bajtů: 78 973 386 752
.
- - End Of File - - 336115764186EF0E5091DC02A844B4CD
ComboFix 11-10-27.06 - Žaneta 28.10.2011 23:03:23.4.2 - x86
Microsoft Windows 7 Home Premium 6.1.7600.0.1250.420.1029.18.2038.1209 [GMT 2:00]
Spuštěný z: c:\users\Äaneta\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Äaneta\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {BF5CEBDC-F2D3-7540-343C-F0CE11FD6E66}
SP: Microsoft Security Essentials *Disabled/Updated* {043D0A38-D4E9-7ACE-0E8C-CBBC6A7A24DB}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-09-28 do 2011-10-28 )))))))))))))))))))))))))))))))
.
.
2011-10-28 21:19 . 2011-10-28 21:19 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-10-28 20:56 . 2011-10-28 20:56 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{06DA2C2C-7A2E-46AC-B1DC-6DFE9A97E1BF}\offreg.dll
2011-10-28 17:42 . 2011-10-28 21:19 -------- d-----w- c:\users\Žaneta\AppData\Local\temp
2011-10-27 23:28 . 2011-10-27 23:28 -------- d-----w- c:\users\Žaneta\AppData\Roaming\Malwarebytes
2011-10-27 23:28 . 2010-11-29 15:42 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-10-27 23:28 . 2011-10-27 23:28 -------- d-----w- c:\programdata\Malwarebytes
2011-10-27 23:28 . 2011-10-27 23:28 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-10-27 23:28 . 2010-11-29 15:42 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-10-27 21:52 . 2011-10-18 00:28 6668624 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{06DA2C2C-7A2E-46AC-B1DC-6DFE9A97E1BF}\mpengine.dll
2011-10-27 21:44 . 2011-10-27 21:50 -------- d-----w- c:\program files\trend micro
2011-10-27 21:44 . 2011-10-27 21:45 -------- d-----w- C:\rsit
2011-10-27 21:41 . 2011-10-27 21:44 111872 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2011-10-27 00:12 . 2011-10-27 23:53 -------- d-----w- c:\windows\ufa
2011-10-26 18:11 . 2011-10-26 18:11 -------- d--h--w- c:\windows\update.8.1
2011-10-26 18:10 . 2011-10-27 00:12 246272 ----a-w- c:\windows\unrar.exe
2011-10-26 18:09 . 2011-10-26 18:09 -------- d-----w- c:\users\Žaneta\AppData\Roaming\Update
2011-10-26 18:08 . 2011-10-26 18:08 -------- d-----w- c:\users\Žaneta\AppData\Roaming\BS_Temp
2011-10-26 18:08 . 2011-10-26 18:08 -------- d-----w- c:\windows\av_ico
2011-10-26 18:05 . 2011-10-26 18:05 -------- d--h--w- c:\windows\update.tray-14-0
2011-10-26 18:05 . 2011-10-26 18:05 -------- d--h--w- c:\windows\update.tray-14-0-lnk
2011-10-25 12:12 . 2011-10-07 03:48 6668624 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D2CD5EC0-A960-4640-8A4F-2AA4E87D67CC}\mpengine.dll
2011-10-06 17:27 . 2010-01-16 03:11 23000 ----a-w- c:\program files\Mozilla Firefox\components\browserdirprovider.dll
2011-10-06 17:27 . 2010-01-16 03:11 138712 ----a-w- c:\program files\Mozilla Firefox\components\brwsrcmp.dll
2011-10-06 17:27 . 2010-01-16 03:11 64984 ----a-w- c:\program files\Mozilla Firefox\plugins\npnul32.dll
2011-10-06 17:27 . 2010-01-16 03:11 458200 ----a-w- c:\program files\Mozilla Firefox\sqlite3.dll
2011-10-06 17:27 . 2010-01-16 03:11 1014232 ----a-w- c:\program files\Mozilla Firefox\js3250.dll
2011-10-02 14:14 . 2011-10-21 21:47 -------- d-----w- C:\AsusVibeData
2011-10-02 14:06 . 2011-10-02 14:06 -------- d-----w- c:\programdata\ASUS WebStorage
2011-10-01 12:01 . 2011-09-29 07:07 134104 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
2011-10-01 12:01 . 2011-09-29 07:07 773080 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll
2011-10-01 12:01 . 2011-09-29 07:07 16856 ----a-w- c:\program files\Mozilla Firefox\plugin-container.exe
2011-10-01 12:01 . 2011-09-29 07:07 719832 ----a-w- c:\program files\Mozilla Firefox\mozcpp19.dll
2011-10-01 12:01 . 2011-09-29 07:07 1833944 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll
2011-10-01 12:01 . 2011-09-29 07:07 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll
2011-10-01 12:01 . 2011-09-29 07:07 89048 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll
2011-10-01 12:01 . 2011-09-29 07:07 478168 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll
2011-10-01 12:01 . 2011-09-29 00:26 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll
2011-10-01 12:01 . 2011-09-29 00:26 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-07 03:48 . 2009-12-26 22:10 6668624 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-09-29 07:07 . 2011-10-01 12:01 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files\uTorrentBar\tbuTor.dll" [2010-12-09 3911776]
"{EEE6C35D-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll" [2009-10-19 187192]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_CLASSES_ROOT\clsid\{eee6c35d-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-12-09 11:51 3911776 ----a-w- c:\program files\ConduitEngine\ConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3CF7606-E683-4375-A372-96B75DA0AEF7}]
2010-02-11 07:58 185856 ----a-w- c:\program files\Get Styles\enlbrdr.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
2010-12-09 11:51 3911776 ----a-w- c:\program files\uTorrentBar\tbuTor.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2009-10-19 15:15 1345336 ----a-w- c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2009-10-19 1345336]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files\uTorrentBar\tbuTor.dll" [2010-12-09 3911776]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-12-09 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}"= "c:\program files\uTorrentBar\tbuTor.dll" [2010-12-09 3911776]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2009-10-19 1345336]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-12-09 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
"ATnotes.exe"="c:\program files\ATnotes\ATnotes.exe" [2005-01-05 1015808]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-07-20 1545512]
"HotkeyService"="AsusSender.exe" [2009-09-11 33768]
"HotKeyMon"="AsusSender.exe" [2009-09-11 33768]
"SuperHybridEngine"="AsusSender.exe" [2009-09-11 33768]
"ASUS Screen Saver Protector"="c:\windows\AsScrPro.exe" [2009-10-14 3058304]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]
"EeeStorageBackup"="c:\program files\ASUS\Asus WebStorage\BackupService.exe" [2009-08-25 947472]
"Eee Docking"="c:\program files\ASUS\Eee Docking\Eee Docking.exe" [2009-09-25 402608]
"LiveUpdate"="AsusSender.exe" [2009-09-11 33768]
"SynAsusAcpi"="c:\program files\Synaptics\SynTP\SynAsusAcpi.exe" [2009-07-20 83240]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-01 137752]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-01 354840]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-09-11 7739936]
"DigitalZoomControl"="c:\program files\ASUS\DigitalZoomControl\DigitalZoomControl.exe" [2009-10-07 283648]
"SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2009-10-20 111928]
"Adobe Photo Downloader"="c:\program files\Adobe\Adobe Photoshop Lightroom 1.2\apdproxy.exe" [2007-08-30 61440]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-11-29 963976]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AsusVibeLauncher.lnk - c:\program files\ASUS\AsusVibe\AsusVibeLauncher.exe [2011-10-2 549040]
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-7-2 795936]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableSecureUIAPaths"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
"DisableThumbnailCache"=dword:00000001
.
R1 MpKsl30c532b7;MpKsl30c532b7;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6676F5EB-F7F0-4AEB-932F-1A87CAAFD3DF}\MpKsl30c532b7.sys [x]
R1 MpKsl59dcd385;MpKsl59dcd385;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1047F72A-E1D4-453F-861B-B3453B2A9FFD}\MpKsl59dcd385.sys [x]
R1 MpKsl623ffcc4;MpKsl623ffcc4;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{33B6700C-0E18-4407-AA48-4F65150A5B44}\MpKsl623ffcc4.sys [x]
R1 MpKsl6b7d7827;MpKsl6b7d7827;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{33B6700C-0E18-4407-AA48-4F65150A5B44}\MpKsl6b7d7827.sys [x]
R1 MpKslf05a7b99;MpKslf05a7b99;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D2CD5EC0-A960-4640-8A4F-2AA4E87D67CC}\MpKslf05a7b99.sys [x]
R2 AsusService;Asus Launcher Service;c:\windows\System32\AsusService.exe [2009-08-19 219136]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-05-19 136176]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2009-07-01 43944]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 29472]
R3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-05-19 136176]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-03-25 42368]
R3 TrueSight;TrueSight;c:\windows\system32\drivers\TrueSight.sys [2011-10-27 111872]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2010-07-25 1343400]
S1 AsUpIO;AsUpIO;c:\windows\system32\drivers\AsUpIO.sys [2009-10-06 11448]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S3 igd;igd;c:\windows\system32\DRIVERS\igdkmd32.sys [2009-08-27 635168]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x86.sys [2009-11-13 58368]
S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam.sys [2008-01-14 21632]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
.
.
Obsah adresáře 'Naplánované úlohy'
.
2011-10-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-19 17:29]
.
2011-10-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-19 17:29]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://start.icq.com/sm
mStart Page = hxxp://home.sweetim.com
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files\ICQ7.5\ICQ.exe
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Žaneta\AppData\Roaming\Mozilla\Firefox\Profiles\kr76fxqc.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.3.3&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZLfox000&ptb=33gjpuxEiu2hmb69R.GwLg&ind=2010112106&ptnrS=ZLfox000&si=&n=77cfe06a&psa=&st=kwd&searchfor=
FF - Ext: ICQ Toolbar: {800b5000-a755-47e1-992b-48a1c1357f07} - c:\program files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com
FF - Ext: Get Styles: {6236BA26-C117-4007-928C-DE0716C7FA80} - %profile%\extensions\{6236BA26-C117-4007-928C-DE0716C7FA80}
FF - Ext: Usage Stat: {6236BA26-C117-4007-928C-DE0716C7FA96} - %profile%\extensions\{6236BA26-C117-4007-928C-DE0716C7FA96}
FF - Ext: FBFan: {6236BA26-C117-4007-928C-DE0716C7FA99} - %profile%\extensions\{6236BA26-C117-4007-928C-DE0716C7FA99}
FF - Ext: QAssistant: {63414328-3ab4-2c84-6c41-5a473c4b2ff7} - %profile%\extensions\{63414328-3ab4-2c84-6c41-5a473c4b2ff7}
FF - Ext: QAssistant: {63414328-3ab4-2c84-6c41-5a473c4b2ff7} - %profile%\extensions\{63414328-3ab4-2c84-6c41-5a473c4b2ff7}
FF - Ext: U Flv: {7645f4b1-1f19-13dd-2d6b-0200600c2a56} - %profile%\extensions\{7645f4b1-1f19-13dd-2d6b-0200600c2a56}
FF - Ext: {7645f4b1-1f19-13dd-2d6b-0200600c2a56}: {7645f4b1-1f19-13dd-2d6b-0200600c2a56} - %profile%\extensions\{7645f4b1-1f19-13dd-2d6b-0200600c2a56}
FF - Ext: ICQ Toolbar: {800b5000-a755-47e1-992b-48a1c1357f07} - %profile%\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
FF - Ext: KFD Flv: {8675f4b3-2f19-11ed-2d6b-0800600c0a16} - %profile%\extensions\{8675f4b3-2f19-11ed-2d6b-0800600c0a16}
FF - Ext: {8675f4b3-2f19-11ed-2d6b-0800600c0a16}: {8675f4b3-2f19-11ed-2d6b-0800600c0a16} - %profile%\extensions\{8675f4b3-2f19-11ed-2d6b-0800600c0a16}
FF - Ext: VFD Flv: {8675f4b3-2f19-11ed-2d6b-0800600c0a17} - %profile%\extensions\{8675f4b3-2f19-11ed-2d6b-0800600c0a17}
FF - Ext: {8675f4b3-2f19-11ed-2d6b-0800600c0a17}: {8675f4b3-2f19-11ed-2d6b-0800600c0a17} - %profile%\extensions\{8675f4b3-2f19-11ed-2d6b-0800600c0a17}
FF - Ext: uTorrentBar Community Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - %profile%\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
FF - Ext: NoScript: {73a6fe31-595d-460b-a920-fcc0f8843232} - %profile%\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: SweetIM Toolbar for Firefox: {EEE6C361-6118-11DC-9C72-001320C79847} - %profile%\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-2992750339-3050355781-2338329336-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-2992750339-3050355781-2338329336-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'Explorer.exe'(4048)
c:\program files\WIDCOMM\Bluetooth Software\btmmhook.dll
.
Celkový čas: 2011-10-28 23:26:23
ComboFix-quarantined-files.txt 2011-10-28 21:26
ComboFix2.txt 2011-10-28 17:42
ComboFix3.txt 2011-10-28 13:25
ComboFix4.txt 2011-10-28 00:40
.
Před spuštěním: Volných bajtů: 79 015 837 696
Po spuštění: Volných bajtů: 78 973 386 752
.
- - End Of File - - 336115764186EF0E5091DC02A844B4CD
Re: FB vir (ufa)
Zkusíme to jinak
Stahněte OTL http://oldtimer.geekstogo.com/OTL.exe
-uložte ho na plochu a spustte soubor OTL.exe.
-do bílého okna dole skopírujte tento skript:
- zaškrtněte okénko Pro všechny uživatele.
-označte okénka Kontrola na havěť "LOP" a Kontrola na havěť "Purity"
- Klikněte na tlačítko Prohledat
-po dokončení skenu se objeví logy OTL.Txt a Extras.txt, vložte je zde
Stahněte OTL http://oldtimer.geekstogo.com/OTL.exe-uložte ho na plochu a spustte soubor OTL.exe.
-do bílého okna dole skopírujte tento skript:
Kód: Vybrat vše
netsvcs
drivers32
savembr:0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s
/md5start
cngaudit.dll
cryptsvc.dll
eNetHook.dll
eventlog.dll
hal.dll
logevent.dll
netlogon.dll
ntelogon.dll
scecli.dll
sceclt.dll
ws2_32.dll
autochk.exe
csrss.exe
explorer.exe
lsass.exe
services.exe
smss.exe
spoolsv.exe
svchost.exe
userinit.exe
winlogon.exe
adp3132.sys
AGP440.sys
ahcix86.sys
ahcix86s.sys
atapi.sys
cdrom.sys
Changer.sys
fastfat.sys
iaStor.sys
iastorv.sys
IdeChnDr.sys
isapnp.sys
JakNDis.sys
KR10N.sys
mv61xx.sys
ndis.sys
ntfs.sys
nvata.sys
nvatabus.sys
nvgts.sys
nvraid.sys
nvrd32.sys
nvstor.sys
nvstor32.sys
symmpi.sys
tcpip.sys
vaxscsi.sys
viamraid.sys
viasraid.sys
ViPrt.sys
/md5stop
C:\windows\system32\spool\prtprocs|dll;true;true;true /FP
%systemroot%\system32\drivers\*.sys /5
%systemroot%\system32\drivers\*.sys /X
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\system32\*.* /5
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\system32\config\*.sav
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\*.* /U /s
%systemroot%\*. /mp /s
%ALLUSERSPROFILE%\Data Aplikací\*.*
%ALLUSERSPROFILE%\Data Aplikací\*.exe /s
%ALLUSERSPROFILE%\Dáta aplikácií\*.*
%ALLUSERSPROFILE%\Dáta aplikácií\*.exe /s
%APPDATA%\*.
%APPDATA%\*.*
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU /s
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\BITS /s
reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c
reg query "HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager" /v BootExecute /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager" /v "PendingFileRenameOperations" /c
type c:\boot.ini >> test.txt /c
%SystemDrive%\PhysicalMBR.bin /md5
-označte okénka Kontrola na havěť "LOP" a Kontrola na havěť "Purity"
- Klikněte na tlačítko Prohledat
-po dokončení skenu se objeví logy OTL.Txt a Extras.txt, vložte je zde
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Re: FB vir (ufa)
extras:
OTL Extras logfile created on: 10/30/2011 12:33:18 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Žaneta\Desktop
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy
1.99 Gb Total Physical Memory | 0.75 Gb Available Physical Memory | 37.53% Memory free
3.98 Gb Paging File | 2.75 Gb Available in Paging File | 69.17% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 100.00 Gb Total Space | 73.69 Gb Free Space | 73.69% Space Free | Partition Type: NTFS
Drive D: | 122.87 Gb Total Space | 43.97 Gb Free Space | 35.79% Space Free | Partition Type: NTFS
Computer Name: EEEPC | User Name: Žaneta | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
[HKEY_USERS\S-1-5-21-2992750339-3050355781-2338329336-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallOverride" = 1
"DisableThumbnailCache" = 1
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{068B46A0-8858-4CEB-80BC-A4AE787A05FC}" = Windows Live Sync
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Panel nástrojů Bing
"{185AFA7A-F63E-450B-94AA-011CAC18090E}" = E-Cam
"{1D097338-B4FA-4F29-9C43-8D7A970A007E}" = Windows Live Fotogalerie
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{31CF6C0E-51F0-41D2-B088-A6A143C4303C}" = SweetIM Toolbar for Internet Explorer 3.6
"{32E2F180-247C-4077-B06A-20F9868568E0}_is1" = UltraMixer 2.3.7.1
"{359D2A79-64C6-4824-83CE-B053297DED6A}" = Adobe Photoshop Lightroom
"{38E5A3B1-ADF1-47E0-8024-76310A30EB36}" = LiveUpdate
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{479A749B-1684-4881-8266-BF8DD22251E7}" = Windows Live Writer
"{4F62B1AE-E778-49E2-9C57-C1C65A122098}" = Zoner Callisto 5
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{65C0025A-2CDE-43C5-82D0-C7A56EF0DB39}" = Bing Bar Platform
"{7036A6F4-5DAD-3908-956D-1752CD7F7E5A}" = Microsoft .NET Framework 4 Client Profile CSY Language Pack
"{71C0E38E-09F2-4386-9977-404D4F6640CD}" = Hotkey Service
"{71E40B32-5173-4538-8996-5822DD18E8D4}" = Windows Live Messenger
"{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}" = ICQ7.5
"{75E9CAA3-B336-439D-85FB-7C7B2ACA1A16}" = Digital Zoom Control
"{824BADF8-9A1B-4D07-8817-8DDDC8543F23}" = OpenOffice.org 3.1
"{88F08F98-12BC-4613-81A2-8F9B88CFC73E}" = Super Hybrid Engine
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8FC4F1DD-F7FD-4766-804D-3C8FF1D309B0}" = Ralink RT2860 Wireless LAN Card
"{9370105C-71BB-4FF9-A85B-36D79B95457A}_is1" = ALLConverter PRO 1.1
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9D3D8C60-A55F-4fed-B2B9-173F09590E16}" = REALTEK Wireless LAN Driver
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = WIDCOMM Bluetooth Software
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9F6CFB0-806D-11E0-8EA1-B8AC6F97B88E}" = Google Earth Plug-in
"{AC3D1245-A848-4BAB-A9CA-BFF3EB90E6AF}" = HeySmile Studio 3.0
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.1 MUI
"{B0490CEE-D5ED-431A-88EB-772D9DB70C0C}" = Windows Live Movie Maker
"{C73B5B3B-F974-48CA-8B91-3E8A432AEA5B}" = Microsoft Works
"{CFF8B8E8-E086-4DE0-935F-FE22CAB54F80}" = Microsoft Search Enhancement Pack
"{D6F879CC-59D6-4D4B-AE9B-D761E48D25ED}" = Skype™ 5.3
"{DF6F459C-8B89-4F88-B63F-A2E136BB6B79}" = SweetIM for Messenger 2.8
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E3F328E4-EB9F-4ABF-8FF3-5AD0472743D8}" = Windows Live Essentials
"{E5A10EF8-DBF3-4251-A9CA-423311DBBFC8}" = Windows Live Mail
"{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}" = SRS Premium Sound Control Panel
"{E62A1F01-07B7-4541-A835-EE5B0BF064C2}" = Microsoft Antimalware
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{EF98A02A-1748-4762-9B7D-5ED1600520D5}" = Microsoft Security Essentials
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3D2DEDC-4732-4188-8A3A-1A3FFBD4D6C8}" = ebi.BookReader3J
"{F86AD773-5BC0-499B-9F48-4E0D5FED759D}" = Windows Live Zabezpečení rodiny
"{FAD8718D-950E-468D-BDE2-17D4D6F1EA6A}" = FontResizer
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Asus Vibe2.0" = AsusVibe2.0
"ATnotes_is1" = ATnotes Version 9.5
"BatteryBar" = BatteryBar (remove only)
"BitComet FLV Converter" = BitComet FLV Converter 1.0
"BSPlayer1" = BSPlayer
"BSPlayerf" = BS.Player FREE
"conduitEngine" = Conduit Engine
"DreamAqua" = Dream Aquarium
"Eee Docking_is1" = Eee Docking 3.3.0
"FormatFactory" = FormatFactory 2.30
"Get Styles" = Get Styles
"Google Chrome" = Google Chrome
"LPCO" = Intel(R) Graphics Media Accelerator 500
"Machinarium" = Machinarium
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"ManyCam" = ManyCam 2.4 (remove only)
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile CSY Language Pack" = Microsoft .NET Framework 4 Client Profile CSY Language Pack
"Mozilla Firefox (3.6)" = Mozilla Firefox (3.6)
"Mp3Player" = Mp3Player
"rajče.net_is1" = rajče verze 58 sestavení 205
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TextBlue Bluetooth Proximity Marketing_is1" = TextBlue Bluetooth Proximity Marketing 6.8.2.0
"uTorrent" = µTorrent
"uTorrentBar Toolbar" = uTorrentBar Toolbar
"Video to Flash Converter_is1" = Video to Flash Converter
"VLC media player" = VLC media player 1.0.3
"WinGimp-2.0_is1" = GIMP 2.6.8
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"ZonerPhotoStudio12_CZ_is1" = Zoner Photo Studio 12
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-2992750339-3050355781-2338329336-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"PhotoFiltre Studio X" = PhotoFiltre Studio X
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 10/7/2010 1:03:29 PM | Computer Name = EeePC | Source = SideBySide | ID = 16842785
Description = Generování kontextu aktivace pro C:\Program Files\WIDCOMM\Bluetooth
Software\BtwNamespaceExt.dll se nezdařilo. Závislé sestavení Microsoft.VC80.ATL,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
nelze najít. Podrobnější diagnostické údaje získáte pomocí programu sxstrace.exe.
Error - 10/7/2010 1:03:29 PM | Computer Name = EeePC | Source = SideBySide | ID = 16842785
Description = Generování kontextu aktivace pro C:\Program Files\WIDCOMM\Bluetooth
Software\BtwNamespaceExt.dll se nezdařilo. Závislé sestavení Microsoft.VC80.ATL,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
nelze najít. Podrobnější diagnostické údaje získáte pomocí programu sxstrace.exe.
Error - 10/7/2010 1:03:29 PM | Computer Name = EeePC | Source = SideBySide | ID = 16842785
Description = Generování kontextu aktivace pro C:\Program Files\WIDCOMM\Bluetooth
Software\BtwNamespaceExt.dll se nezdařilo. Závislé sestavení Microsoft.VC80.ATL,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
nelze najít. Podrobnější diagnostické údaje získáte pomocí programu sxstrace.exe.
Error - 10/7/2010 1:03:29 PM | Computer Name = EeePC | Source = SideBySide | ID = 16842785
Description = Generování kontextu aktivace pro C:\Program Files\WIDCOMM\Bluetooth
Software\BtwNamespaceExt.dll se nezdařilo. Závislé sestavení Microsoft.VC80.ATL,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
nelze najít. Podrobnější diagnostické údaje získáte pomocí programu sxstrace.exe.
Error - 10/7/2010 1:03:29 PM | Computer Name = EeePC | Source = SideBySide | ID = 16842785
Description = Generování kontextu aktivace pro C:\Program Files\WIDCOMM\Bluetooth
Software\BtwNamespaceExt.dll se nezdařilo. Závislé sestavení Microsoft.VC80.ATL,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
nelze najít. Podrobnější diagnostické údaje získáte pomocí programu sxstrace.exe.
Error - 10/7/2010 1:03:30 PM | Computer Name = EeePC | Source = SideBySide | ID = 16842785
Description = Generování kontextu aktivace pro C:\Program Files\WIDCOMM\Bluetooth
Software\BtwNamespaceExt.dll se nezdařilo. Závislé sestavení Microsoft.VC80.ATL,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
nelze najít. Podrobnější diagnostické údaje získáte pomocí programu sxstrace.exe.
Error - 10/7/2010 1:03:30 PM | Computer Name = EeePC | Source = SideBySide | ID = 16842785
Description = Generování kontextu aktivace pro C:\Program Files\WIDCOMM\Bluetooth
Software\BtwNamespaceExt.dll se nezdařilo. Závislé sestavení Microsoft.VC80.ATL,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
nelze najít. Podrobnější diagnostické údaje získáte pomocí programu sxstrace.exe.
Error - 10/7/2010 1:03:30 PM | Computer Name = EeePC | Source = SideBySide | ID = 16842785
Description = Generování kontextu aktivace pro C:\Program Files\WIDCOMM\Bluetooth
Software\BtwNamespaceExt.dll se nezdařilo. Závislé sestavení Microsoft.VC80.ATL,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
nelze najít. Podrobnější diagnostické údaje získáte pomocí programu sxstrace.exe.
Error - 10/7/2010 1:03:30 PM | Computer Name = EeePC | Source = SideBySide | ID = 16842785
Description = Generování kontextu aktivace pro C:\Program Files\WIDCOMM\Bluetooth
Software\BtwNamespaceExt.dll se nezdařilo. Závislé sestavení Microsoft.VC80.ATL,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
nelze najít. Podrobnější diagnostické údaje získáte pomocí programu sxstrace.exe.
Error - 10/7/2010 1:03:30 PM | Computer Name = EeePC | Source = SideBySide | ID = 16842785
Description = Generování kontextu aktivace pro C:\Program Files\WIDCOMM\Bluetooth
Software\BtwNamespaceExt.dll se nezdařilo. Závislé sestavení Microsoft.VC80.ATL,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
nelze najít. Podrobnější diagnostické údaje získáte pomocí programu sxstrace.exe.
[ Media Center Events ]
Error - 4/20/2010 10:19:28 AM | Computer Name = EeePC | Source = MCUpdate | ID = 0
Description = 16:19:27 - Chyba při připojování k Internetu 16:19:27 - Nelze kontaktovat
server..
Error - 4/20/2010 10:19:39 AM | Computer Name = EeePC | Source = MCUpdate | ID = 0
Description = 16:19:33 - Chyba při připojování k Internetu 16:19:33 - Nelze kontaktovat
server..
Error - 4/20/2010 11:22:50 AM | Computer Name = EeePC | Source = MCUpdate | ID = 0
Description = 17:22:50 - Chyba při připojování k Internetu 17:22:50 - Nelze kontaktovat
server..
Error - 4/20/2010 11:23:03 AM | Computer Name = EeePC | Source = MCUpdate | ID = 0
Description = 17:22:56 - Chyba při připojování k Internetu 17:22:56 - Nelze kontaktovat
server..
Error - 4/22/2010 10:43:59 AM | Computer Name = EeePC | Source = MCUpdate | ID = 0
Description = 16:43:58 - Chyba při připojování k Internetu 16:43:58 - Nelze kontaktovat
server..
Error - 4/22/2010 10:44:50 AM | Computer Name = EeePC | Source = MCUpdate | ID = 0
Description = 16:44:28 - Chyba při připojování k Internetu 16:44:28 - Nelze kontaktovat
server..
Error - 4/29/2010 11:00:03 AM | Computer Name = EeePC | Source = MCUpdate | ID = 0
Description = 17:00:02 - Chyba při připojování k Internetu 17:00:03 - Nelze kontaktovat
server..
Error - 4/29/2010 11:00:15 AM | Computer Name = EeePC | Source = MCUpdate | ID = 0
Description = 17:00:08 - Chyba při připojování k Internetu 17:00:09 - Nelze kontaktovat
server..
[ System Events ]
Error - 1/29/2011 7:20:12 AM | Computer Name = EeePC | Source = Service Control Manager | ID = 7011
Description = Při čekání na odezvu transakce služby Wlansvc bylo dosaženo časového
limitu (30000 ms).
Error - 1/30/2011 9:29:41 AM | Computer Name = EeePC | Source = Service Control Manager | ID = 7011
Description = Při čekání na odezvu transakce služby Netman bylo dosaženo časového
limitu (30000 ms).
Error - 1/30/2011 5:34:39 PM | Computer Name = EeePC | Source = Service Control Manager | ID = 7011
Description = Při čekání na odezvu transakce služby Netman bylo dosaženo časového
limitu (30000 ms).
Error - 1/30/2011 5:34:39 PM | Computer Name = EeePC | Source = Service Control Manager | ID = 7011
Description = Při čekání na odezvu transakce služby NlaSvc bylo dosaženo časového
limitu (30000 ms).
Error - 1/31/2011 8:33:26 AM | Computer Name = EeePC | Source = Service Control Manager | ID = 7011
Description = Při čekání na odezvu transakce služby ShellHWDetection bylo dosaženo
časového limitu (30000 ms).
Error - 1/31/2011 2:25:01 PM | Computer Name = EeePC | Source = Service Control Manager | ID = 7011
Description = Při čekání na odezvu transakce služby SysMain bylo dosaženo časového
limitu (30000 ms).
Error - 2/3/2011 8:38:03 AM | Computer Name = EeePC | Source = Service Control Manager | ID = 7011
Description = Při čekání na odezvu transakce služby ShellHWDetection bylo dosaženo
časového limitu (30000 ms).
Error - 2/3/2011 4:01:41 PM | Computer Name = EeePC | Source = Service Control Manager | ID = 7011
Description = Při čekání na odezvu transakce služby ShellHWDetection bylo dosaženo
časového limitu (30000 ms).
Error - 2/3/2011 4:48:18 PM | Computer Name = EeePC | Source = Service Control Manager | ID = 7011
Description = Při čekání na odezvu transakce služby ShellHWDetection bylo dosaženo
časového limitu (30000 ms).
Error - 2/4/2011 7:18:47 AM | Computer Name = EeePC | Source = Service Control Manager | ID = 7011
Description = Při čekání na odezvu transakce služby Schedule bylo dosaženo časového
limitu (30000 ms).
< End of report >
OTL Extras logfile created on: 10/30/2011 12:33:18 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Žaneta\Desktop
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy
1.99 Gb Total Physical Memory | 0.75 Gb Available Physical Memory | 37.53% Memory free
3.98 Gb Paging File | 2.75 Gb Available in Paging File | 69.17% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 100.00 Gb Total Space | 73.69 Gb Free Space | 73.69% Space Free | Partition Type: NTFS
Drive D: | 122.87 Gb Total Space | 43.97 Gb Free Space | 35.79% Space Free | Partition Type: NTFS
Computer Name: EEEPC | User Name: Žaneta | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
[HKEY_USERS\S-1-5-21-2992750339-3050355781-2338329336-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallOverride" = 1
"DisableThumbnailCache" = 1
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{068B46A0-8858-4CEB-80BC-A4AE787A05FC}" = Windows Live Sync
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Panel nástrojů Bing
"{185AFA7A-F63E-450B-94AA-011CAC18090E}" = E-Cam
"{1D097338-B4FA-4F29-9C43-8D7A970A007E}" = Windows Live Fotogalerie
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{31CF6C0E-51F0-41D2-B088-A6A143C4303C}" = SweetIM Toolbar for Internet Explorer 3.6
"{32E2F180-247C-4077-B06A-20F9868568E0}_is1" = UltraMixer 2.3.7.1
"{359D2A79-64C6-4824-83CE-B053297DED6A}" = Adobe Photoshop Lightroom
"{38E5A3B1-ADF1-47E0-8024-76310A30EB36}" = LiveUpdate
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{479A749B-1684-4881-8266-BF8DD22251E7}" = Windows Live Writer
"{4F62B1AE-E778-49E2-9C57-C1C65A122098}" = Zoner Callisto 5
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{65C0025A-2CDE-43C5-82D0-C7A56EF0DB39}" = Bing Bar Platform
"{7036A6F4-5DAD-3908-956D-1752CD7F7E5A}" = Microsoft .NET Framework 4 Client Profile CSY Language Pack
"{71C0E38E-09F2-4386-9977-404D4F6640CD}" = Hotkey Service
"{71E40B32-5173-4538-8996-5822DD18E8D4}" = Windows Live Messenger
"{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}" = ICQ7.5
"{75E9CAA3-B336-439D-85FB-7C7B2ACA1A16}" = Digital Zoom Control
"{824BADF8-9A1B-4D07-8817-8DDDC8543F23}" = OpenOffice.org 3.1
"{88F08F98-12BC-4613-81A2-8F9B88CFC73E}" = Super Hybrid Engine
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8FC4F1DD-F7FD-4766-804D-3C8FF1D309B0}" = Ralink RT2860 Wireless LAN Card
"{9370105C-71BB-4FF9-A85B-36D79B95457A}_is1" = ALLConverter PRO 1.1
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9D3D8C60-A55F-4fed-B2B9-173F09590E16}" = REALTEK Wireless LAN Driver
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = WIDCOMM Bluetooth Software
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9F6CFB0-806D-11E0-8EA1-B8AC6F97B88E}" = Google Earth Plug-in
"{AC3D1245-A848-4BAB-A9CA-BFF3EB90E6AF}" = HeySmile Studio 3.0
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.1 MUI
"{B0490CEE-D5ED-431A-88EB-772D9DB70C0C}" = Windows Live Movie Maker
"{C73B5B3B-F974-48CA-8B91-3E8A432AEA5B}" = Microsoft Works
"{CFF8B8E8-E086-4DE0-935F-FE22CAB54F80}" = Microsoft Search Enhancement Pack
"{D6F879CC-59D6-4D4B-AE9B-D761E48D25ED}" = Skype™ 5.3
"{DF6F459C-8B89-4F88-B63F-A2E136BB6B79}" = SweetIM for Messenger 2.8
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E3F328E4-EB9F-4ABF-8FF3-5AD0472743D8}" = Windows Live Essentials
"{E5A10EF8-DBF3-4251-A9CA-423311DBBFC8}" = Windows Live Mail
"{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}" = SRS Premium Sound Control Panel
"{E62A1F01-07B7-4541-A835-EE5B0BF064C2}" = Microsoft Antimalware
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{EF98A02A-1748-4762-9B7D-5ED1600520D5}" = Microsoft Security Essentials
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3D2DEDC-4732-4188-8A3A-1A3FFBD4D6C8}" = ebi.BookReader3J
"{F86AD773-5BC0-499B-9F48-4E0D5FED759D}" = Windows Live Zabezpečení rodiny
"{FAD8718D-950E-468D-BDE2-17D4D6F1EA6A}" = FontResizer
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Asus Vibe2.0" = AsusVibe2.0
"ATnotes_is1" = ATnotes Version 9.5
"BatteryBar" = BatteryBar (remove only)
"BitComet FLV Converter" = BitComet FLV Converter 1.0
"BSPlayer1" = BSPlayer
"BSPlayerf" = BS.Player FREE
"conduitEngine" = Conduit Engine
"DreamAqua" = Dream Aquarium
"Eee Docking_is1" = Eee Docking 3.3.0
"FormatFactory" = FormatFactory 2.30
"Get Styles" = Get Styles
"Google Chrome" = Google Chrome
"LPCO" = Intel(R) Graphics Media Accelerator 500
"Machinarium" = Machinarium
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"ManyCam" = ManyCam 2.4 (remove only)
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile CSY Language Pack" = Microsoft .NET Framework 4 Client Profile CSY Language Pack
"Mozilla Firefox (3.6)" = Mozilla Firefox (3.6)
"Mp3Player" = Mp3Player
"rajče.net_is1" = rajče verze 58 sestavení 205
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TextBlue Bluetooth Proximity Marketing_is1" = TextBlue Bluetooth Proximity Marketing 6.8.2.0
"uTorrent" = µTorrent
"uTorrentBar Toolbar" = uTorrentBar Toolbar
"Video to Flash Converter_is1" = Video to Flash Converter
"VLC media player" = VLC media player 1.0.3
"WinGimp-2.0_is1" = GIMP 2.6.8
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"ZonerPhotoStudio12_CZ_is1" = Zoner Photo Studio 12
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-2992750339-3050355781-2338329336-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"PhotoFiltre Studio X" = PhotoFiltre Studio X
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 10/7/2010 1:03:29 PM | Computer Name = EeePC | Source = SideBySide | ID = 16842785
Description = Generování kontextu aktivace pro C:\Program Files\WIDCOMM\Bluetooth
Software\BtwNamespaceExt.dll se nezdařilo. Závislé sestavení Microsoft.VC80.ATL,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
nelze najít. Podrobnější diagnostické údaje získáte pomocí programu sxstrace.exe.
Error - 10/7/2010 1:03:29 PM | Computer Name = EeePC | Source = SideBySide | ID = 16842785
Description = Generování kontextu aktivace pro C:\Program Files\WIDCOMM\Bluetooth
Software\BtwNamespaceExt.dll se nezdařilo. Závislé sestavení Microsoft.VC80.ATL,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
nelze najít. Podrobnější diagnostické údaje získáte pomocí programu sxstrace.exe.
Error - 10/7/2010 1:03:29 PM | Computer Name = EeePC | Source = SideBySide | ID = 16842785
Description = Generování kontextu aktivace pro C:\Program Files\WIDCOMM\Bluetooth
Software\BtwNamespaceExt.dll se nezdařilo. Závislé sestavení Microsoft.VC80.ATL,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
nelze najít. Podrobnější diagnostické údaje získáte pomocí programu sxstrace.exe.
Error - 10/7/2010 1:03:29 PM | Computer Name = EeePC | Source = SideBySide | ID = 16842785
Description = Generování kontextu aktivace pro C:\Program Files\WIDCOMM\Bluetooth
Software\BtwNamespaceExt.dll se nezdařilo. Závislé sestavení Microsoft.VC80.ATL,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
nelze najít. Podrobnější diagnostické údaje získáte pomocí programu sxstrace.exe.
Error - 10/7/2010 1:03:29 PM | Computer Name = EeePC | Source = SideBySide | ID = 16842785
Description = Generování kontextu aktivace pro C:\Program Files\WIDCOMM\Bluetooth
Software\BtwNamespaceExt.dll se nezdařilo. Závislé sestavení Microsoft.VC80.ATL,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
nelze najít. Podrobnější diagnostické údaje získáte pomocí programu sxstrace.exe.
Error - 10/7/2010 1:03:30 PM | Computer Name = EeePC | Source = SideBySide | ID = 16842785
Description = Generování kontextu aktivace pro C:\Program Files\WIDCOMM\Bluetooth
Software\BtwNamespaceExt.dll se nezdařilo. Závislé sestavení Microsoft.VC80.ATL,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
nelze najít. Podrobnější diagnostické údaje získáte pomocí programu sxstrace.exe.
Error - 10/7/2010 1:03:30 PM | Computer Name = EeePC | Source = SideBySide | ID = 16842785
Description = Generování kontextu aktivace pro C:\Program Files\WIDCOMM\Bluetooth
Software\BtwNamespaceExt.dll se nezdařilo. Závislé sestavení Microsoft.VC80.ATL,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
nelze najít. Podrobnější diagnostické údaje získáte pomocí programu sxstrace.exe.
Error - 10/7/2010 1:03:30 PM | Computer Name = EeePC | Source = SideBySide | ID = 16842785
Description = Generování kontextu aktivace pro C:\Program Files\WIDCOMM\Bluetooth
Software\BtwNamespaceExt.dll se nezdařilo. Závislé sestavení Microsoft.VC80.ATL,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
nelze najít. Podrobnější diagnostické údaje získáte pomocí programu sxstrace.exe.
Error - 10/7/2010 1:03:30 PM | Computer Name = EeePC | Source = SideBySide | ID = 16842785
Description = Generování kontextu aktivace pro C:\Program Files\WIDCOMM\Bluetooth
Software\BtwNamespaceExt.dll se nezdařilo. Závislé sestavení Microsoft.VC80.ATL,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
nelze najít. Podrobnější diagnostické údaje získáte pomocí programu sxstrace.exe.
Error - 10/7/2010 1:03:30 PM | Computer Name = EeePC | Source = SideBySide | ID = 16842785
Description = Generování kontextu aktivace pro C:\Program Files\WIDCOMM\Bluetooth
Software\BtwNamespaceExt.dll se nezdařilo. Závislé sestavení Microsoft.VC80.ATL,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
nelze najít. Podrobnější diagnostické údaje získáte pomocí programu sxstrace.exe.
[ Media Center Events ]
Error - 4/20/2010 10:19:28 AM | Computer Name = EeePC | Source = MCUpdate | ID = 0
Description = 16:19:27 - Chyba při připojování k Internetu 16:19:27 - Nelze kontaktovat
server..
Error - 4/20/2010 10:19:39 AM | Computer Name = EeePC | Source = MCUpdate | ID = 0
Description = 16:19:33 - Chyba při připojování k Internetu 16:19:33 - Nelze kontaktovat
server..
Error - 4/20/2010 11:22:50 AM | Computer Name = EeePC | Source = MCUpdate | ID = 0
Description = 17:22:50 - Chyba při připojování k Internetu 17:22:50 - Nelze kontaktovat
server..
Error - 4/20/2010 11:23:03 AM | Computer Name = EeePC | Source = MCUpdate | ID = 0
Description = 17:22:56 - Chyba při připojování k Internetu 17:22:56 - Nelze kontaktovat
server..
Error - 4/22/2010 10:43:59 AM | Computer Name = EeePC | Source = MCUpdate | ID = 0
Description = 16:43:58 - Chyba při připojování k Internetu 16:43:58 - Nelze kontaktovat
server..
Error - 4/22/2010 10:44:50 AM | Computer Name = EeePC | Source = MCUpdate | ID = 0
Description = 16:44:28 - Chyba při připojování k Internetu 16:44:28 - Nelze kontaktovat
server..
Error - 4/29/2010 11:00:03 AM | Computer Name = EeePC | Source = MCUpdate | ID = 0
Description = 17:00:02 - Chyba při připojování k Internetu 17:00:03 - Nelze kontaktovat
server..
Error - 4/29/2010 11:00:15 AM | Computer Name = EeePC | Source = MCUpdate | ID = 0
Description = 17:00:08 - Chyba při připojování k Internetu 17:00:09 - Nelze kontaktovat
server..
[ System Events ]
Error - 1/29/2011 7:20:12 AM | Computer Name = EeePC | Source = Service Control Manager | ID = 7011
Description = Při čekání na odezvu transakce služby Wlansvc bylo dosaženo časového
limitu (30000 ms).
Error - 1/30/2011 9:29:41 AM | Computer Name = EeePC | Source = Service Control Manager | ID = 7011
Description = Při čekání na odezvu transakce služby Netman bylo dosaženo časového
limitu (30000 ms).
Error - 1/30/2011 5:34:39 PM | Computer Name = EeePC | Source = Service Control Manager | ID = 7011
Description = Při čekání na odezvu transakce služby Netman bylo dosaženo časového
limitu (30000 ms).
Error - 1/30/2011 5:34:39 PM | Computer Name = EeePC | Source = Service Control Manager | ID = 7011
Description = Při čekání na odezvu transakce služby NlaSvc bylo dosaženo časového
limitu (30000 ms).
Error - 1/31/2011 8:33:26 AM | Computer Name = EeePC | Source = Service Control Manager | ID = 7011
Description = Při čekání na odezvu transakce služby ShellHWDetection bylo dosaženo
časového limitu (30000 ms).
Error - 1/31/2011 2:25:01 PM | Computer Name = EeePC | Source = Service Control Manager | ID = 7011
Description = Při čekání na odezvu transakce služby SysMain bylo dosaženo časového
limitu (30000 ms).
Error - 2/3/2011 8:38:03 AM | Computer Name = EeePC | Source = Service Control Manager | ID = 7011
Description = Při čekání na odezvu transakce služby ShellHWDetection bylo dosaženo
časového limitu (30000 ms).
Error - 2/3/2011 4:01:41 PM | Computer Name = EeePC | Source = Service Control Manager | ID = 7011
Description = Při čekání na odezvu transakce služby ShellHWDetection bylo dosaženo
časového limitu (30000 ms).
Error - 2/3/2011 4:48:18 PM | Computer Name = EeePC | Source = Service Control Manager | ID = 7011
Description = Při čekání na odezvu transakce služby ShellHWDetection bylo dosaženo
časového limitu (30000 ms).
Error - 2/4/2011 7:18:47 AM | Computer Name = EeePC | Source = Service Control Manager | ID = 7011
Description = Při čekání na odezvu transakce služby Schedule bylo dosaženo časového
limitu (30000 ms).
< End of report >
Re: FB vir (ufa)
otl část 1:
OTL logfile created on: 10/30/2011 12:33:18 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Žaneta\Desktop
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy
1.99 Gb Total Physical Memory | 0.75 Gb Available Physical Memory | 37.53% Memory free
3.98 Gb Paging File | 2.75 Gb Available in Paging File | 69.17% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 100.00 Gb Total Space | 73.69 Gb Free Space | 73.69% Space Free | Partition Type: NTFS
Drive D: | 122.87 Gb Total Space | 43.97 Gb Free Space | 35.79% Space Free | Partition Type: NTFS
Computer Name: EEEPC | User Name: Žaneta | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2011/10/30 00:31:49 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Žaneta\Desktop\OTL.exe
PRC - [2011/05/13 14:23:42 | 000,399,736 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\uTorrent\uTorrent.exe
PRC - [2011/02/26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/01/16 05:11:42 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/10/14 18:30:41 | 003,058,304 | ---- | M] (ASUS) -- C:\Windows\AsScrPro.exe
PRC - [2009/09/24 01:05:44 | 000,752,056 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\EeePC\HotkeyService\HotkeyService.exe
PRC - [2009/09/11 20:41:02 | 000,100,328 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\EeePC\HotkeyService\HotKeyMon.exe
PRC - [2009/09/09 20:15:12 | 000,413,688 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\EeePC\SHE\SuperHybridEngine.exe
PRC - [2009/08/28 00:38:28 | 000,803,304 | ---- | M] () -- C:\Program Files\ASUS\LiveUpdate\LiveUpdate.exe
PRC - [2009/07/20 11:47:14 | 000,083,240 | ---- | M] (Synaptics Incorporated) -- C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe
PRC - [2009/07/14 03:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/07/02 03:03:12 | 000,795,936 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2009/07/02 03:03:12 | 000,582,944 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
========== Modules (No Company Name) ==========
MOD - [2011/08/14 16:02:21 | 012,430,848 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\e4ea95056046fdf87f06ae807308b627\System.Windows.Forms.ni.dll
MOD - [2011/08/14 16:01:41 | 001,586,688 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\2a34e74599686e7383ae90670a994cdf\System.Drawing.ni.dll
MOD - [2011/08/14 16:00:17 | 007,949,312 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\50c67f851ae3df2d0ab7d86fd1c5c7e0\System.ni.dll
MOD - [2011/08/14 15:59:51 | 000,025,600 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\11ebcba65c931267301739008a883e60\Accessibility.ni.dll
MOD - [2011/08/14 15:59:49 | 011,490,304 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\ebdaeaeb9f66c9035b5f11431f10cda4\mscorlib.ni.dll
MOD - [2010/01/16 05:11:42 | 001,014,232 | ---- | M] () -- C:\Program Files\Mozilla Firefox\js3250.dll
MOD - [2009/07/02 03:03:24 | 000,132,384 | ---- | M] () -- C:\Program Files\WIDCOMM\Bluetooth Software\BTKeyInd.dll
========== Win32 Services (SafeList) ==========
SRV - [2010/07/26 00:17:02 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/03/25 21:40:44 | 000,017,904 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc)
SRV - [2009/08/19 02:35:56 | 000,219,136 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\AsusService.exe -- (AsusService)
SRV - [2009/07/14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/07/02 03:03:12 | 000,582,944 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Running] -- -- (catchme)
DRV - [2011/10/27 23:44:18 | 000,111,872 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TrueSight.sys -- (TrueSight)
DRV - [2011/03/18 13:46:26 | 000,061,704 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ftdibus.sys -- (FTDIBUS)
DRV - [2011/03/18 13:46:10 | 000,073,096 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ftser2k.sys -- (FTSER2K)
DRV - [2010/03/25 21:30:22 | 000,042,368 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2009/11/13 10:47:50 | 000,058,368 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1C62x86.sys -- (L1C)
DRV - [2009/10/06 12:34:00 | 000,011,448 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\AsUpIO.sys -- (AsUpIO)
DRV - [2009/10/05 18:31:50 | 001,221,632 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009/07/20 11:29:40 | 000,013,880 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\kbfiltr.sys -- (kbfiltr)
DRV - [2009/07/14 01:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/07/14 01:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/07/01 06:46:20 | 000,043,944 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btusbflt.sys -- (btusbflt)
DRV - [2008/01/14 12:06:32 | 000,021,632 | ---- | M] (ManyCam LLC.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ManyCam.sys -- (ManyCam)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
IE - HKLM\..\URLSearchHook: - No CLSID value found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found
IE - HKLM\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTor.dll (Conduit Ltd.)
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2992750339-3050355781-2338329336-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://eeepc.asus.com [binary data]
IE - HKU\S-1-5-21-2992750339-3050355781-2338329336-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/sm
IE - HKU\S-1-5-21-2992750339-3050355781-2338329336-1001\..\URLSearchHook: - No CLSID value found
IE - HKU\S-1-5-21-2992750339-3050355781-2338329336-1001\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTor.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-2992750339-3050355781-2338329336-1001\..\URLSearchHook: {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll (SweetIM Technologies Ltd.)
IE - HKU\S-1-5-21-2992750339-3050355781-2338329336-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.defaultthis.engineName: "Conduit Engine Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.icq.com/search/afe_result ... r=1.3.3&q="
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.seznam.cz/"
FF - prefs.js..extensions.enabledItems: {6236BA26-C117-4007-928C-DE0716C7FA80}:1.0.24
FF - prefs.js..extensions.enabledItems: {6236BA26-C117-4007-928C-DE0716C7FA96}:1.0.7
FF - prefs.js..extensions.enabledItems: {6236BA26-C117-4007-928C-DE0716C7FA99}:1.0.1
FF - prefs.js..extensions.enabledItems: {63414328-3ab4-2c84-6c41-5a473c4b2ff7}:1.0
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.1.4
FF - prefs.js..extensions.enabledItems: {7645f4b1-1f19-13dd-2d6b-0200600c2a56}:1.0
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.3.3
FF - prefs.js..extensions.enabledItems: {8675f4b3-2f19-11ed-2d6b-0800600c0a16}:1.0
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.10
FF - prefs.js..extensions.enabledItems: {EEE6C361-6118-11DC-9C72-001320C79847}:1.2.0.2
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2
FF - prefs.js..extensions.enabledItems: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}:3.7.0.6
FF - prefs.js..extensions.enabledItems: {8675f4b3-2f19-11ed-2d6b-0800600c0a17}:1.0
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.11
FF - prefs.js..keyword.URL: "http://search.mywebsearch.com/mywebsear ... searchfor="
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.seznam.cz/"
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "http://search.icq.com/search/afe_result ... cqskins&q="
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60310.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.0.3: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/10/06 19:27:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/10/06 19:27:07 | 000,000,000 | ---D | M]
[2009/12/24 21:54:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Žaneta\AppData\Roaming\mozilla\Extensions
[2011/10/30 00:30:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Žaneta\AppData\Roaming\mozilla\Firefox\Profiles\kr76fxqc.default\extensions
[2011/06/10 15:33:26 | 000,000,000 | ---D | M] ("Get Styles") -- C:\Users\Žaneta\AppData\Roaming\mozilla\Firefox\Profiles\kr76fxqc.default\extensions\{6236BA26-C117-4007-928C-DE0716C7FA80}
[2011/06/10 15:33:27 | 000,000,000 | ---D | M] ("Usage Stat") -- C:\Users\Žaneta\AppData\Roaming\mozilla\Firefox\Profiles\kr76fxqc.default\extensions\{6236BA26-C117-4007-928C-DE0716C7FA96}
[2010/03/08 15:28:38 | 000,000,000 | ---D | M] (FBFan) -- C:\Users\Žaneta\AppData\Roaming\mozilla\Firefox\Profiles\kr76fxqc.default\extensions\{6236BA26-C117-4007-928C-DE0716C7FA99}
[2010/06/05 13:04:36 | 000,000,000 | ---D | M] (QAssistant) -- C:\Users\Žaneta\AppData\Roaming\mozilla\Firefox\Profiles\kr76fxqc.default\extensions\{63414328-3ab4-2c84-6c41-5a473c4b2ff7}
[2011/10/06 19:29:48 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\Žaneta\AppData\Roaming\mozilla\Firefox\Profiles\kr76fxqc.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2010/03/21 01:32:58 | 000,000,000 | ---D | M] (U Flv) -- C:\Users\Žaneta\AppData\Roaming\mozilla\Firefox\Profiles\kr76fxqc.default\extensions\{7645f4b1-1f19-13dd-2d6b-0200600c2a56}
[2011/10/01 14:04:24 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\Žaneta\AppData\Roaming\mozilla\Firefox\Profiles\kr76fxqc.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2011/03/15 12:19:09 | 000,000,000 | ---D | M] (KFD Flv) -- C:\Users\Žaneta\AppData\Roaming\mozilla\Firefox\Profiles\kr76fxqc.default\extensions\{8675f4b3-2f19-11ed-2d6b-0800600c0a16}
[2011/06/10 15:34:11 | 000,000,000 | ---D | M] (VFD Flv) -- C:\Users\Žaneta\AppData\Roaming\mozilla\Firefox\Profiles\kr76fxqc.default\extensions\{8675f4b3-2f19-11ed-2d6b-0800600c0a17}
[2011/10/03 15:45:25 | 000,000,000 | ---D | M] (uTorrentBar Community Toolbar) -- C:\Users\Žaneta\AppData\Roaming\mozilla\Firefox\Profiles\kr76fxqc.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
[2011/10/06 19:29:52 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Žaneta\AppData\Roaming\mozilla\Firefox\Profiles\kr76fxqc.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2011/10/01 23:38:58 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Žaneta\AppData\Roaming\mozilla\Firefox\Profiles\kr76fxqc.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2011/10/06 19:30:00 | 000,000,000 | ---D | M] (SweetIM Toolbar for Firefox) -- C:\Users\Žaneta\AppData\Roaming\mozilla\Firefox\Profiles\kr76fxqc.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}
[2011/05/13 14:23:37 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Žaneta\AppData\Roaming\mozilla\Firefox\Profiles\kr76fxqc.default\extensions\engine@conduit.com
[2011/10/28 01:25:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Žaneta\AppData\Roaming\mozilla\Firefox\Profiles\kr76fxqc.default\extensions\staged-xpis
[2011/05/13 14:23:37 | 000,000,913 | ---- | M] () -- C:\Users\Žaneta\AppData\Roaming\Mozilla\Firefox\Profiles\kr76fxqc.default\searchplugins\conduit.xml
[2011/10/26 19:53:12 | 000,000,950 | ---- | M] () -- C:\Users\Žaneta\AppData\Roaming\Mozilla\Firefox\Profiles\kr76fxqc.default\searchplugins\icqplugin-1.xml
[2010/01/06 18:46:38 | 000,000,947 | ---- | M] () -- C:\Users\Žaneta\AppData\Roaming\Mozilla\Firefox\Profiles\kr76fxqc.default\searchplugins\icqplugin-2.xml
[2010/03/21 01:32:54 | 000,000,947 | ---- | M] () -- C:\Users\Žaneta\AppData\Roaming\Mozilla\Firefox\Profiles\kr76fxqc.default\searchplugins\icqplugin-3.xml
[2011/10/06 19:30:22 | 000,000,950 | ---- | M] () -- C:\Users\Žaneta\AppData\Roaming\Mozilla\Firefox\Profiles\kr76fxqc.default\searchplugins\icqplugin-4.xml
[2011/09/25 17:27:46 | 000,000,168 | ---- | M] () -- C:\Users\Žaneta\AppData\Roaming\Mozilla\Firefox\Profiles\kr76fxqc.default\searchplugins\icqplugin.gif
[2011/09/25 17:27:46 | 000,000,618 | ---- | M] () -- C:\Users\Žaneta\AppData\Roaming\Mozilla\Firefox\Profiles\kr76fxqc.default\searchplugins\icqplugin.src
[2011/03/30 15:14:34 | 000,001,042 | ---- | M] () -- C:\Users\Žaneta\AppData\Roaming\Mozilla\Firefox\Profiles\kr76fxqc.default\searchplugins\icqplugin.xml
[2010/11/21 15:05:47 | 000,010,017 | ---- | M] () -- C:\Users\Žaneta\AppData\Roaming\Mozilla\Firefox\Profiles\kr76fxqc.default\searchplugins\mywebsearch.xml
[2010/01/25 20:37:15 | 000,001,392 | ---- | M] () -- C:\Users\Žaneta\AppData\Roaming\Mozilla\Firefox\Profiles\kr76fxqc.default\searchplugins\wikipedie-cs.xml
[2011/10/01 14:01:25 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2009/12/25 00:09:36 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
File not found (No name found) -- C:\USERS\ŽANETA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KR76FXQC.DEFAULT\EXTENSIONS\{6236BA26-C117-4007-928C-DE0716C7FA80}
File not found (No name found) -- C:\USERS\ŽANETA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KR76FXQC.DEFAULT\EXTENSIONS\{6236BA26-C117-4007-928C-DE0716C7FA96}
File not found (No name found) -- C:\USERS\ŽANETA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KR76FXQC.DEFAULT\EXTENSIONS\{6236BA26-C117-4007-928C-DE0716C7FA99}
File not found (No name found) -- C:\USERS\ŽANETA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KR76FXQC.DEFAULT\EXTENSIONS\{63414328-3AB4-2C84-6C41-5A473C4B2FF7}
File not found (No name found) -- C:\USERS\ŽANETA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KR76FXQC.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}
File not found (No name found) -- C:\USERS\ŽANETA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KR76FXQC.DEFAULT\EXTENSIONS\{7645F4B1-1F19-13DD-2D6B-0200600C2A56}
File not found (No name found) -- C:\USERS\ŽANETA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KR76FXQC.DEFAULT\EXTENSIONS\{800B5000-A755-47E1-992B-48A1C1357F07}
File not found (No name found) -- C:\USERS\ŽANETA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KR76FXQC.DEFAULT\EXTENSIONS\{8675F4B3-2F19-11ED-2D6B-0800600C0A16}
File not found (No name found) -- C:\USERS\ŽANETA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KR76FXQC.DEFAULT\EXTENSIONS\{8675F4B3-2F19-11ED-2D6B-0800600C0A17}
File not found (No name found) -- C:\USERS\ŽANETA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KR76FXQC.DEFAULT\EXTENSIONS\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}
File not found (No name found) -- C:\USERS\ŽANETA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KR76FXQC.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}
File not found (No name found) -- C:\USERS\ŽANETA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KR76FXQC.DEFAULT\EXTENSIONS\{E4A8A97B-F2ED-450B-B12D-EE082BA24781}
File not found (No name found) -- C:\USERS\ŽANETA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KR76FXQC.DEFAULT\EXTENSIONS\{EEE6C361-6118-11DC-9C72-001320C79847}
File not found (No name found) -- C:\USERS\ŽANETA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KR76FXQC.DEFAULT\EXTENSIONS\ENGINE@CONDUIT.COM
[2011/09/29 09:07:26 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/01/16 02:50:40 | 000,000,638 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\jyxo-cz.xml
[2010/01/16 02:50:40 | 000,001,687 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\mall-cz.xml
[2010/01/16 02:50:40 | 000,001,367 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\seznam-cz.xml
[2010/01/16 02:50:40 | 000,000,654 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\slunecnice-cz.xml
[2010/01/16 02:50:40 | 000,001,179 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-cz.xml
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\14.0.835.202\pdf.dll
CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Program Files\Google\Chrome\Application\14.0.835.202\gears.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\14.0.835.202\gcswf32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
CHR - plugin: My Web Search Plugin Stub (Enabled) = C:\Program Files\MyWebSearch\bar\1.bin\NPMyWebS.dll
CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: Windows Live Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.50917.0\npctrl.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Facemoods = C:\Users\Žaneta\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihflimipbcaljfnojhhknppphnnciiif\1.2.1_0\
CHR - Extension: Late Night = C:\Users\Žaneta\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgbdhkpacgdhfabeceekiafonfkipohm\1.0_0\
O1 HOSTS File: ([2011/10/28 02:29:32 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (GdfrDUEn Class) - {A3CF7606-E683-4375-A372-96B75DA0AEF7} - C:\Program Files\Get Styles\enlbrdr.dll (TODO: <Company name>)
O2 - BHO: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTor.dll (Conduit Ltd.)
O2 - BHO: (SweetIM Toolbar Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTor.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKU\S-1-5-21-2992750339-3050355781-2338329336-1001\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-2992750339-3050355781-2338329336-1001\..\Toolbar\WebBrowser: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-2992750339-3050355781-2338329336-1001\..\Toolbar\WebBrowser: (uTorrentBar Toolbar) - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - C:\Program Files\uTorrentBar\tbuTor.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-2992750339-3050355781-2338329336-1001\..\Toolbar\WebBrowser: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.2\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ASUS Screen Saver Protector] C:\Windows\AsScrPro.exe (ASUS)
O4 - HKLM..\Run: [DigitalZoomControl] C:\Program Files\ASUS\DigitalZoomControl\DigitalZoomControl.exe (ASUSTek)
O4 - HKLM..\Run: [Eee Docking] C:\Program Files\ASUS\Eee Docking\Eee Docking.exe ()
O4 - HKLM..\Run: [EeeStorageBackup] C:\Program Files\ASUS\Asus WebStorage\BackupService.exe (ECAREME)
O4 - HKLM..\Run: [HotKeyMon] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [HotkeyService] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [LiveUpdate] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [SuperHybridEngine] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: [SynAsusAcpi] C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe (Synaptics Incorporated)
O4 - HKU\S-1-5-21-2992750339-3050355781-2338329336-1001..\Run: [ATnotes.exe] C:\Program Files\ATnotes\ATnotes.exe (Thomas Ascher)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2992750339-3050355781-2338329336-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2992750339-3050355781-2338329336-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2992750339-3050355781-2338329336-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{68859C07-8B42-4E5D-A41E-FB9D25C31880}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FAF662BE-BE70-4666-A960-D02B135270A4}: DhcpNameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv50 - C:\windows\System32\ir50_32.dll (Intel Corporation)
PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin
========== Files/Folders - Created Within 30 Days ==========
[2011/10/30 00:31:38 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Žaneta\Desktop\OTL.exe
[2011/10/28 23:26:27 | 000,000,000 | ---D | C] -- C:\Users\Žaneta\AppData\Local\temp
[2011/10/28 23:24:06 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/10/28 23:19:52 | 000,000,000 | ---D | C] -- C:\windows\temp
[2011/10/28 02:01:09 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe
[2011/10/28 02:01:09 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe
[2011/10/28 02:01:09 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe
[2011/10/28 02:00:51 | 000,000,000 | ---D | C] -- C:\windows\ERDNT
[2011/10/28 02:00:35 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/10/28 01:57:43 | 004,274,254 | R--- | C] (Swearware) -- C:\Users\Žaneta\Desktop\ComboFix.exe
[2011/10/28 01:28:46 | 000,000,000 | ---D | C] -- C:\Users\Žaneta\AppData\Roaming\Malwarebytes
[2011/10/28 01:28:16 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbamswissarmy.sys
[2011/10/28 01:28:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/10/28 01:28:10 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys
[2011/10/28 01:28:10 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/10/27 23:44:47 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2011/10/27 23:44:46 | 000,000,000 | ---D | C] -- C:\rsit
[2011/10/27 23:41:43 | 000,000,000 | ---D | C] -- C:\Users\Žaneta\Desktop\RK_Quarantine
[2011/10/27 02:12:19 | 000,000,000 | ---D | C] -- C:\windows\ufa
[2011/10/26 20:11:08 | 000,000,000 | -H-D | C] -- C:\windows\update.8.1
[2011/10/26 20:09:08 | 000,000,000 | ---D | C] -- C:\Users\Žaneta\AppData\Roaming\Update
[2011/10/26 20:08:44 | 000,000,000 | ---D | C] -- C:\Users\Žaneta\AppData\Roaming\BS_Temp
[2011/10/26 20:08:15 | 000,000,000 | ---D | C] -- C:\windows\av_ico
[2011/10/26 20:05:48 | 000,000,000 | -H-D | C] -- C:\windows\update.tray-14-0-lnk
[2011/10/26 20:05:48 | 000,000,000 | -H-D | C] -- C:\windows\update.tray-14-0
[2011/10/09 00:53:40 | 000,000,000 | ---D | C] -- C:\Users\Žaneta\Desktop\Honey 2- Soundtrack
[2011/10/06 19:27:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox
[2011/10/02 16:14:52 | 000,000,000 | ---D | C] -- C:\AsusVibeData
[2011/10/02 16:06:29 | 000,000,000 | ---D | C] -- C:\ProgramData\ASUS WebStorage
[2009/10/10 12:33:36 | 000,013,880 | ---- | C] ( ) -- C:\windows\System32\drivers\kbfiltr.sys
========== Files - Modified Within 30 Days ==========
[2011/10/30 00:39:21 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2011/10/30 00:31:49 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Žaneta\Desktop\OTL.exe
[2011/10/30 00:07:01 | 000,000,940 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/10/29 18:07:00 | 000,000,936 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/10/29 14:28:35 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2011/10/28 23:01:04 | 000,009,920 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/10/28 23:01:03 | 000,009,920 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/10/28 22:53:26 | 1602,691,072 | -HS- | M] () -- C:\hiberfil.sys
[2011/10/28 02:37:39 | 000,631,292 | ---- | M] () -- C:\windows\System32\perfh005.dat
[2011/10/28 02:37:39 | 000,616,008 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2011/10/28 02:37:39 | 000,121,914 | ---- | M] () -- C:\windows\System32\perfc005.dat
[2011/10/28 02:37:39 | 000,106,388 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2011/10/28 02:29:32 | 000,000,027 | ---- | M] () -- C:\windows\System32\drivers\etc\hosts
[2011/10/28 01:58:20 | 004,274,254 | R--- | M] (Swearware) -- C:\Users\Žaneta\Desktop\ComboFix.exe
[2011/10/28 01:28:16 | 000,001,031 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/10/27 23:44:18 | 000,111,872 | ---- | M] () -- C:\windows\System32\drivers\TrueSight.sys
[2011/10/27 23:40:23 | 000,781,383 | ---- | M] () -- C:\Users\Žaneta\Desktop\RSIT.exe
[2011/10/27 23:38:59 | 000,719,360 | ---- | M] () -- C:\Users\Žaneta\Desktop\RogueKiller.exe
[2011/10/27 23:35:19 | 000,000,734 | ---- | M] () -- C:\windows\System32\drivers\etc\hîsts
[2011/10/27 23:34:51 | 000,000,225 | ---- | M] () -- C:\windows\info1
[2011/10/27 23:34:04 | 000,001,908 | ---- | M] () -- C:\Users\Public\Desktop\Microsoft Security Essentials.lnk
[2011/10/27 02:12:18 | 005,589,370 | ---- | M] () -- C:\windows\phoenix.rar
[2011/10/27 02:12:18 | 001,075,284 | ---- | M] () -- C:\windows\rpcminer.rar
[2011/10/27 02:12:18 | 000,246,272 | ---- | M] () -- C:\windows\unrar.exe
[2011/10/27 02:12:18 | 000,182,617 | ---- | M] () -- C:\windows\ufa.rar
[2011/10/27 01:36:21 | 000,002,098 | ---- | M] () -- C:\windows\epplauncher.mif
[2011/10/27 01:05:42 | 000,000,048 | ---- | M] () -- C:\windows\wininit.ini
[2011/10/26 21:24:15 | 000,010,441 | ---- | M] () -- C:\Users\Žaneta\Desktop\1.jpg
[2011/10/26 20:10:15 | 000,904,792 | ---- | M] () -- C:\windows\geoiplist.rar
[2011/10/26 20:09:15 | 000,000,000 | ---- | M] () -- C:\windows\loader2.exe_ok
[2011/10/24 16:13:13 | 004,668,846 | ---- | M] () -- C:\Users\Žaneta\Desktop\Keri-Hilson,-Lil-Kim,-&-Teyana-Taylor-Turn-My-Swag-On-[Girl-Version].mp3
[2011/10/24 16:11:45 | 005,377,382 | ---- | M] () -- C:\Users\Žaneta\Desktop\20---Soulja-Boy-Tellem---Turn-My-Swag-On.mp3
[2011/10/08 00:07:58 | 000,002,290 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2011/10/06 19:27:19 | 000,001,849 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/10/02 16:15:14 | 000,001,894 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AsusVibeLauncher.lnk
[2011/10/02 16:15:13 | 000,001,862 | ---- | M] () -- C:\Users\Public\Desktop\ASUS Vibe Fun Center.lnk
========== Files Created - No Company Name ==========
[2011/10/30 00:39:21 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2011/10/28 02:01:09 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe
[2011/10/28 02:01:09 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe
[2011/10/28 02:01:09 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
[2011/10/28 02:01:09 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
[2011/10/28 02:01:09 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
[2011/10/28 01:28:16 | 000,001,031 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/10/27 23:41:44 | 000,111,872 | ---- | C] () -- C:\windows\System32\drivers\TrueSight.sys
[2011/10/27 23:40:14 | 000,781,383 | ---- | C] () -- C:\Users\Žaneta\Desktop\RSIT.exe
[2011/10/27 23:38:46 | 000,719,360 | ---- | C] () -- C:\Users\Žaneta\Desktop\RogueKiller.exe
[2011/10/27 02:12:18 | 000,182,617 | ---- | C] () -- C:\windows\ufa.rar
[2011/10/27 01:36:21 | 000,002,098 | ---- | C] () -- C:\windows\epplauncher.mif
[2011/10/27 01:05:42 | 000,000,048 | ---- | C] () -- C:\windows\wininit.ini
[2011/10/26 21:39:34 | 000,010,441 | ---- | C] () -- C:\Users\Žaneta\Desktop\1.jpg
[2011/10/26 20:15:02 | 005,589,370 | ---- | C] () -- C:\windows\phoenix.rar
[2011/10/26 20:15:01 | 001,075,284 | ---- | C] () -- C:\windows\rpcminer.rar
[2011/10/26 20:10:17 | 004,636,907 | ---- | C] () -- C:\windows\geoiplist
[2011/10/26 20:10:15 | 000,904,792 | ---- | C] () -- C:\windows\geoiplist.rar
[2011/10/26 20:10:15 | 000,246,272 | ---- | C] () -- C:\windows\unrar.exe
[2011/10/26 20:10:07 | 000,000,225 | ---- | C] () -- C:\windows\info1
[2011/10/26 20:09:15 | 000,000,000 | ---- | C] () -- C:\windows\loader2.exe_ok
[2011/10/26 20:08:29 | 000,020,480 | ---- | C] () -- C:\Users\Žaneta\AppData\Roaming\client.db
[2011/10/24 16:12:24 | 004,668,846 | ---- | C] () -- C:\Users\Žaneta\Desktop\Keri-Hilson,-Lil-Kim,-&-Teyana-Taylor-Turn-My-Swag-On-[Girl-Version].mp3
[2011/10/24 16:10:26 | 005,377,382 | ---- | C] () -- C:\Users\Žaneta\Desktop\20---Soulja-Boy-Tellem---Turn-My-Swag-On.mp3
[2011/10/02 16:15:14 | 000,001,894 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AsusVibeLauncher.lnk
[2011/10/02 16:15:13 | 000,001,862 | ---- | C] () -- C:\Users\Public\Desktop\ASUS Vibe Fun Center.lnk
[2011/10/01 14:01:37 | 000,001,072 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2010/12/17 18:17:12 | 001,196,032 | ---- | C] () -- C:\Users\Žaneta\AppData\Roaming\TextBlue.fdb
[2010/05/21 16:25:01 | 000,003,584 | ---- | C] () -- C:\Users\Žaneta\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/10 17:28:16 | 000,000,038 | ---- | C] () -- C:\windows\AviSplitter.INI
[2010/03/12 20:13:47 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/01/04 19:35:47 | 000,000,204 | ---- | C] () -- C:\Users\Žaneta\AppData\Roaming\wklnhst.dat
[2009/12/25 18:32:18 | 000,000,017 | ---- | C] () -- C:\Users\Žaneta\AppData\Local\resmon.resmoncfg
[2009/12/25 12:15:45 | 000,006,144 | ---- | C] () -- C:\windows\System32\drivers\ASUSHWIO.SYS
[2009/10/14 18:53:23 | 000,011,448 | ---- | C] () -- C:\windows\System32\drivers\AsUpIO.sys
[2009/10/14 18:53:09 | 000,001,769 | ---- | C] () -- C:\windows\Language_trs.ini
[2009/10/14 18:27:18 | 000,219,136 | ---- | C] () -- C:\windows\System32\AsusService.exe
[2009/10/14 18:27:18 | 000,021,864 | ---- | C] () -- C:\windows\AsAcpiSvrLang.ini
[2009/10/14 18:26:19 | 000,451,072 | ---- | C] () -- C:\windows\System32\ISSRemoveSP.exe
[2009/10/14 18:25:53 | 000,013,931 | ---- | C] () -- C:\windows\System32\RaCoInst.dat
[2009/10/14 18:21:56 | 000,004,692 | ---- | C] () -- C:\windows\System32\drivers\SamSfPa.dat
[2009/10/14 18:21:38 | 000,013,020 | ---- | C] () -- C:\windows\System32\lpgun.ini
[2009/07/14 06:57:37 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat
[2009/07/14 06:33:53 | 000,436,552 | ---- | C] () -- C:\windows\System32\FNTCACHE.DAT
[2009/07/14 04:05:48 | 000,616,008 | ---- | C] () -- C:\windows\System32\perfh009.dat
[2009/07/14 04:05:48 | 000,291,294 | ---- | C] () -- C:\windows\System32\perfi009.dat
[2009/07/14 04:05:48 | 000,106,388 | ---- | C] () -- C:\windows\System32\perfc009.dat
[2009/07/14 04:05:48 | 000,031,548 | ---- | C] () -- C:\windows\System32\perfd009.dat
[2009/07/14 04:05:05 | 000,000,741 | ---- | C] () -- C:\windows\System32\NOISE.DAT
[2009/07/14 04:04:11 | 000,215,943 | ---- | C] () -- C:\windows\System32\dssec.dat
[2009/07/14 01:55:01 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin
[2009/07/14 01:51:43 | 000,073,728 | ---- | C] () -- C:\windows\System32\BthpanContextHandler.dll
[2009/07/14 01:42:10 | 000,064,000 | ---- | C] () -- C:\windows\System32\BWContextHandler.dll
[2009/06/20 21:14:36 | 000,292,004 | ---- | C] () -- C:\windows\System32\perfi005.dat
[2009/06/20 21:14:35 | 000,631,292 | ---- | C] () -- C:\windows\System32\perfh005.dat
[2009/06/20 21:14:35 | 000,121,914 | ---- | C] () -- C:\windows\System32\perfc005.dat
[2009/06/20 21:14:35 | 000,036,232 | ---- | C] () -- C:\windows\System32\perfd005.dat
[2009/06/10 23:26:10 | 000,673,088 | ---- | C] () -- C:\windows\System32\mlang.dat
[2009/02/26 08:50:32 | 000,000,176 | ---- | C] () -- C:\windows\explorer.exe.config
[1993/07/23 20:31:02 | 000,210,944 | ---- | C] () -- C:\windows\System32\Msvcrt10.dll
========== LOP Check ==========
[2009/10/14 18:55:27 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\Asus WebStorage
[2009/10/14 18:55:27 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\Asus WebStorage
[2010/09/01 12:49:19 | 000,000,000 | ---D | M] -- C:\Users\Žaneta\AppData\Roaming\Asus
[2011/10/27 01:00:59 | 000,000,000 | ---D | M] -- C:\Users\Žaneta\AppData\Roaming\Asus WebStorage
[2011/10/26 20:08:44 | 000,000,000 | ---D | M] -- C:\Users\Žaneta\AppData\Roaming\BS_Temp
[2010/04/15 18:22:38 | 000,000,000 | ---D | M] -- C:\Users\Žaneta\AppData\Roaming\Dream Aquarium
[2010/09/01 12:50:22 | 000,000,000 | ---D | M] -- C:\Users\Žaneta\AppData\Roaming\EeeStorageUploader
[2010/01/06 19:27:18 | 000,000,000 | ---D | M] -- C:\Users\Žaneta\AppData\Roaming\Exec
[2010/06/23 20:57:38 | 000,000,000 | ---D | M] -- C:\Users\Žaneta\AppData\Roaming\GeoVid
[2010/06/03 15:18:19 | 000,000,000 | ---D | M] -- C:\Users\Žaneta\AppData\Roaming\gtk-2.0
[2011/09/21 14:36:03 | 000,000,000 | ---D | M] -- C:\Users\Žaneta\AppData\Roaming\ICQ
[2010/02/20 18:07:17 | 000,000,000 | ---D | M] -- C:\Users\Žaneta\AppData\Roaming\ManyCam
[2010/01/22 22:59:45 | 000,000,000 | ---D | M] -- C:\Users\Žaneta\AppData\Roaming\NCH Swift Sound
[2009/12/24 23:17:23 | 000,000,000 | ---D | M] -- C:\Users\Žaneta\AppData\Roaming\OpenOffice.org
[2010/01/21 17:59:00 | 000,000,000 | ---D | M] -- C:\Users\Žaneta\AppData\Roaming\PhotoFiltre Studio X
[2010/01/21 18:09:30 | 000,000,000 | ---D | M] -- C:\Users\Žaneta\AppData\Roaming\RetouchPilot
[2011/10/27 01:05:53 | 000,000,000 | ---D | M] -- C:\Users\Žaneta\AppData\Roaming\ScanMaster-ELM
[2011/09/10 19:38:22 | 000,000,000 | ---D | M] -- C:\Users\Žaneta\AppData\Roaming\Template
[2010/12/17 18:17:34 | 000,000,000 | ---D | M] -- C:\Users\Žaneta\AppData\Roaming\TextBlue
[2011/10/26 20:09:08 | 000,000,000 | ---D | M] -- C:\Users\Žaneta\AppData\Roaming\Update
[2011/10/30 00:34:43 | 000,000,000 | ---D | M] -- C:\Users\Žaneta\AppData\Roaming\uTorrent
[2010/06/03 15:27:35 | 000,000,000 | ---D | M] -- C:\Users\Žaneta\AppData\Roaming\Zoner
[2009/07/14 06:53:46 | 000,025,808 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
========== Custom Scans ==========
< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"Sidebar" = C:\Program Files\Windows Sidebar\sidebar.exe /autoRun -- [2009/07/14 03:14:38 | 001,173,504 | ---- | M] (Microsoft Corporation)
"ATnotes.exe" = C:\Program Files\ATnotes\ATnotes.exe -- [2005/01/05 15:45:36 | 001,015,808 | ---- | M] (Thomas Ascher)
< >
< MD5 for: AGP440.SYS >
[2009/07/14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\ERDNT\cache\AGP440.sys
[2009/07/14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009/07/14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\AGP440.sys
[2009/07/14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys
[2009/07/14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys
< MD5 for: ATAPI.SYS >
[2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\ERDNT\cache\atapi.sys
[2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys
[2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
[2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys
< MD5 for: AUTOCHK.EXE >
[2009/07/14 03:14:12 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=41E4C8EBA464E7D6A5BA5E8827732AEB -- C:\Windows\System32\autochk.exe
[2009/07/14 03:14:12 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=41E4C8EBA464E7D6A5BA5E8827732AEB -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.1.7600.16385_none_e1ca436d2314b860\autochk.exe
[2010/11/20 14:16:54 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=F88A52EB62019D6A62FDD9E08034DBD8 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-autochk_31bf3856ad364e35_6.1.7601.17514_none_e3fb573520033bfa\autochk.exe
< MD5 for: CDROM.SYS >
[2009/07/14 01:11:26 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BA6E70AA0E6091BC39DE29477D866A77 -- C:\Windows\System32\drivers\cdrom.sys
[2009/07/14 01:11:26 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BA6E70AA0E6091BC39DE29477D866A77 -- C:\Windows\System32\DriverStore\FileRepository\cdrom.inf_x86_neutral_db87d184bc84f910\cdrom.sys
[2009/07/14 01:11:26 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BA6E70AA0E6091BC39DE29477D866A77 -- C:\Windows\winsxs\x86_cdrom.inf_31bf3856ad364e35_6.1.7600.16385_none_5f7fb206051affbb\cdrom.sys
[2010/11/20 10:38:10 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BE167ED0FDB9C1FA1133953C18D5A6C9 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_cdrom.inf_31bf3856ad364e35_6.1.7601.17514_none_61b0c5ce02098355\cdrom.sys
< MD5 for: CNGAUDIT.DLL >
[2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\ERDNT\cache\cngaudit.dll
[2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
< MD5 for: CRYPTSVC.DLL >
[2009/07/14 03:15:07 | 000,135,680 | ---- | M] (Microsoft Corporation) MD5=9C231178CE4FB385F4B54B0A9080B8A4 -- C:\Windows\ERDNT\cache\cryptsvc.dll
[2009/07/14 03:15:07 | 000,135,680 | ---- | M] (Microsoft Corporation) MD5=9C231178CE4FB385F4B54B0A9080B8A4 -- C:\Windows\System32\cryptsvc.dll
[2009/07/14 03:15:07 | 000,135,680 | ---- | M] (Microsoft Corporation) MD5=9C231178CE4FB385F4B54B0A9080B8A4 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.16385_none_75d5ef87fc22e35a\cryptsvc.dll
[2010/11/20 14:18:24 | 000,136,192 | ---- | M] (Microsoft Corporation) MD5=A585BEBF7D054BD9618EDA0922D5484A -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17514_none_7807034ff91166f4\cryptsvc.dll
< MD5 for: CSRSS.EXE >
[2009/07/14 03:14:16 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=342271F6142E7C70805B8A81E1BA5F5C -- C:\Windows\System32\csrss.exe
[2009/07/14 03:14:16 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=342271F6142E7C70805B8A81E1BA5F5C -- C:\Windows\winsxs\x86_microsoft-windows-csrss_31bf3856ad364e35_6.1.7600.16385_none_58ba39fb456943bd\csrss.exe
< MD5 for: EXPLORER.EXE >
[2011/02/26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2009/07/14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2011/02/26 07:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe
[2009/10/31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2011/02/26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\ERDNT\cache\explorer.exe
[2011/02/26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\explorer.exe
[2011/02/26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe
[2010/11/20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2011/02/25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
[2009/08/03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2009/08/03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2009/10/31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe
< MD5 for: FASTFAT.SYS >
[2009/07/14 01:14:02 | 000,148,480 | ---- | M] (Microsoft Corporation) MD5=7E0AB74553476622FB6AE36F73D97D35 -- C:\Windows\System32\drivers\fastfat.sys
[2009/07/14 01:14:02 | 000,148,480 | ---- | M] (Microsoft Corporation) MD5=7E0AB74553476622FB6AE36F73D97D35 -- C:\Windows\winsxs\x86_microsoft-windows-fat_31bf3856ad364e35_6.1.7600.16385_none_ae8981a3b8b7be50\fastfat.sys
< MD5 for: HAL.DLL >
[2010/11/20 14:29:53 | 000,194,432 | ---- | M] (Microsoft Corporation) MD5=1BF0D4727FDB437D513CFF8A9359C050 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-hal_31bf3856ad364e35_6.1.7601.17514_none_ad305c8fb7ec5060\hal.dll
[2009/07/14 03:20:28 | 000,194,640 | ---- | M] (Microsoft Corporation) MD5=9A557EAE64ABAB3BA67A9BB035D24CB9 -- C:\Windows\System32\hal.dll
[2009/07/14 03:20:28 | 000,194,640 | ---- | M] (Microsoft Corporation) MD5=9A557EAE64ABAB3BA67A9BB035D24CB9 -- C:\Windows\winsxs\x86_microsoft-windows-hal_31bf3856ad364e35_6.1.7600.16385_none_aaff48c7bafdccc6\hal.dll
< MD5 for: IASTORV.SYS >
[2009/07/14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\drivers\iaStorV.sys
[2009/07/14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_18cccb83b34e1453\iaStorV.sys
[2009/07/14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys
[2010/11/20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys
< MD5 for: ISAPNP.SYS >
[2009/07/14 03:20:36 | 000,046,656 | ---- | M] (Microsoft Corporation) MD5=1F32BB6B38F62F7DF1A7AB7292638A35 -- C:\Windows\System32\drivers\isapnp.sys
[2009/07/14 03:20:36 | 000,046,656 | ---- | M] (Microsoft Corporation) MD5=1F32BB6B38F62F7DF1A7AB7292638A35 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\isapnp.sys
[2009/07/14 03:20:36 | 000,046,656 | ---- | M] (Microsoft Corporation) MD5=1F32BB6B38F62F7DF1A7AB7292638A35 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\isapnp.sys
[2009/07/14 03:20:36 | 000,046,656 | ---- | M] (Microsoft Corporation) MD5=1F32BB6B38F62F7DF1A7AB7292638A35 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\isapnp.sys
< MD5 for: LSASS.EXE >
[2009/07/14 03:14:23 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=F42309C4191C506B71DB5D1126D26318 -- C:\Windows\ERDNT\cache\lsass.exe
[2009/07/14 03:14:23 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=F42309C4191C506B71DB5D1126D26318 -- C:\Windows\System32\lsass.exe
[2009/07/14 03:14:23 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=F42309C4191C506B71DB5D1126D26318 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.16385_none_a620e0e5be1ecda7\lsass.exe
[2009/07/14 03:14:23 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=F42309C4191C506B71DB5D1126D26318 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.16484_none_a61fe281be1fb177\lsass.exe
[2009/07/14 03:14:23 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=F42309C4191C506B71DB5D1126D26318 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.20594_none_a69eaf60d7456d32\lsass.exe
[2009/07/14 03:14:23 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=F42309C4191C506B71DB5D1126D26318 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.17514_none_a851f4adbb0d5141\lsass.exe
< MD5 for: NDIS.SYS >
[2009/07/14 03:20:44 | 000,710,720 | ---- | M] (Microsoft Corporation) MD5=23759D175A0A9BAAF04D05047BC135A8 -- C:\Windows\ERDNT\cache\ndis.sys
[2009/07/14 03:20:44 | 000,710,720 | ---- | M] (Microsoft Corporation) MD5=23759D175A0A9BAAF04D05047BC135A8 -- C:\Windows\System32\drivers\ndis.sys
[2009/07/14 03:20:44 | 000,710,720 | ---- | M] (Microsoft Corporation) MD5=23759D175A0A9BAAF04D05047BC135A8 -- C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.1.7600.16385_none_a79d81ea7d62a289\ndis.sys
[2010/11/20 14:30:06 | 000,712,576 | ---- | M] (Microsoft Corporation) MD5=E7C54812A2AAF43316EB6930C1FFA108 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-ndis_31bf3856ad364e35_6.1.7601.17514_none_a9ce95b27a512623\ndis.sys
< MD5 for: NETLOGON.DLL >
[2010/11/20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll
[2009/07/14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\ERDNT\cache\netlogon.dll
[2009/07/14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\System32\netlogon.dll
[2009/07/14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll
< MD5 for: NTFS.SYS >
[2010/11/20 14:30:06 | 001,211,264 | ---- | M] (Microsoft Corporation) MD5=33C3093D09017CFE2E219F2472BFF6EB -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7601.17514_none_a87893a87b2db29e\ntfs.sys
[2009/07/14 03:20:44 | 001,210,432 | ---- | M] (Microsoft Corporation) MD5=3795DCD21F740EE799FB7223234215AF -- C:\Windows\ERDNT\cache\ntfs.sys
[2009/07/14 03:20:44 | 001,210,432 | ---- | M] (Microsoft Corporation) MD5=3795DCD21F740EE799FB7223234215AF -- C:\Windows\System32\drivers\ntfs.sys
[2009/07/14 03:20:44 | 001,210,432 | ---- | M] (Microsoft Corporation) MD5=3795DCD21F740EE799FB7223234215AF -- C:\Windows\winsxs\x86_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7600.16385_none_a6477fe07e3f2f04\ntfs.sys
< MD5 for: NVRAID.SYS >
[2009/07/14 03:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) MD5=3F3D04B1D08D43C16EA7963954EC768D -- C:\Windows\System32\drivers\nvraid.sys
[2009/07/14 03:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) MD5=3F3D04B1D08D43C16EA7963954EC768D -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvraid.sys
[2009/07/14 03:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) MD5=3F3D04B1D08D43C16EA7963954EC768D -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvraid.sys
[2010/11/20 14:30:06 | 000,117,120 | ---- | M] (NVIDIA Corporation) MD5=AF2EEC9580C1D32FB7EAF105D9784061 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvraid.sys
< MD5 for: NVSTOR.SYS >
[2010/11/20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys
[2009/07/14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\drivers\nvstor.sys
[2009/07/14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvstor.sys
[2009/07/14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys
< MD5 for: SCECLI.DLL >
[2009/07/14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\ERDNT\cache\scecli.dll
[2009/07/14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\System32\scecli.dll
[2009/07/14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll
[2010/11/20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll
< MD5 for: SERVICES.EXE >
[2009/07/14 03:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\ERDNT\cache\services.exe
[2009/07/14 03:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\System32\services.exe
[2009/07/14 03:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe
< MD5 for: SMSS.EXE >
[2009/07/14 03:14:39 | 000,069,632 | ---- | M] (Microsoft Corporation) MD5=16742790895960690237A5143CEDEC8B -- C:\Windows\System32\smss.exe
[2009/07/14 03:14:39 | 000,069,632 | ---- | M] (Microsoft Corporation) MD5=16742790895960690237A5143CEDEC8B -- C:\Windows\winsxs\x86_microsoft-windows-smss_31bf3856ad364e35_6.1.7600.16385_none_ac10fe207a85352b\smss.exe
< MD5 for: SPOOLSV.EXE >
[2010/08/20 06:25:14 | 000,316,928 | ---- | M] (Microsoft Corporation) MD5=2FB4CE429488156B19C0D8E5C4552043 -- C:\Windows\winsxs\x86_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.1.7600.20785_none_d6ab9bc23bf9f1c6\spoolsv.exe
[2009/07/14 03:14:41 | 000,316,416 | ---- | M] (Microsoft Corporation) MD5=49B6DD6AB3715B7A67965F17194E98A9 -- C:\Windows\winsxs\x86_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.1.7600.16385_none_d621f94522dc5a87\spoolsv.exe
[2010/11/20 14:17:45 | 000,317,440 | ---- | M] (Microsoft Corporation) MD5=866A43013535DC8587C258E43579C764 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.1.7601.17514_none_d8530d0d1fcade21\spoolsv.exe
[2010/08/21 07:32:37 | 000,316,928 | ---- | M] (Microsoft Corporation) MD5=D1BB750EB51694DE183E08B9C33BE5B2 -- C:\Windows\ERDNT\cache\spoolsv.exe
[2010/08/21 07:32:37 | 000,316,928 | ---- | M] (Microsoft Corporation) MD5=D1BB750EB51694DE183E08B9C33BE5B2 -- C:\Windows\System32\spoolsv.exe
[2010/08/21 07:32:37 | 000,316,928 | ---- | M] (Microsoft Corporation) MD5=D1BB750EB51694DE183E08B9C33BE5B2 -- C:\Windows\winsxs\x86_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.1.7600.16661_none_d6339da722cfb4be\spoolsv.exe
< MD5 for: SVCHOST.EXE >
[2011/10/26 19:50:35 | 001,198,080 | -H-- | M] (Cronosoft) MD5=1502C61D2D762708C0B47606708ADBD7 -- C:\Windows\update.tray-14-0\svchost.exe
[2011/10/26 19:50:35 | 001,198,080 | -H-- | M] (Cronosoft) MD5=1502C61D2D762708C0B47606708ADBD7 -- C:\Windows\update.tray-14-0-lnk\svchost.exe
[2009/07/14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\ERDNT\cache\svchost.exe
[2009/07/14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\System32\svchost.exe
[2009/07/14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
< MD5 for: TCPIP.SYS >
[2011/04/25 06:56:06 | 001,286,016 | ---- | M] (Microsoft Corporation) MD5=0158D5E9982E9D6A90DFC802F618E130 -- C:\Windows\SoftwareDistribution\Download\919003e3012e674674fc2a83c2329826\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16802_none_b347f075c77b9c9d\tcpip.sys
[2011/06/21 07:34:23 | 001,290,624 | ---- | M] (Microsoft Corporation) MD5=04E4A7D53A7ACE02E8C55B17A498F631 -- C:\Windows\SoftwareDistribution\Download\6392315e009bc41cb48cdfafa6d1fcc1\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17638_none_b513df73c4b4f466\tcpip.sys
[2011/04/25 06:31:30 | 001,290,624 | ---- | M] (Microsoft Corporation) MD5=24326784DF8F3D5F5BBB9F878CE33C14 -- C:\Windows\SoftwareDistribution\Download\919003e3012e674674fc2a83c2329826\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17603_none_b52f4dc5c4a121e0\tcpip.sys
[2009/07/14 03:19:10 | 001,285,712 | ---- | M] (Microsoft Corporation) MD5=2CC3D75488ABD3EC628BBB9A4FC84EFC -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16385_none_b2f46875c7b9d667\tcpip.sys
[2010/11/20 14:30:12 | 001,290,112 | ---- | M] (Microsoft Corporation) MD5=37E8FA3779668837CA9E2C36D2415949 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17514_none_b5257c3dc4a85a01\tcpip.sys
[2011/04/25 08:31:09 | 001,301,376 | ---- | M] (Microsoft Corporation) MD5=6D4728CFF2724FF3A4654971D61D0F1C -- C:\Windows\SoftwareDistribution\Download\919003e3012e674674fc2a83c2329826\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21712_none_b5ad1a5addc7c444\tcpip.sys
[2011/04/25 06:44:18 | 001,298,816 | ---- | M] (Microsoft Corporation) MD5=8861B9A06BA99C6E1D62D0C86DFAB86C -- C:\Windows\SoftwareDistribution\Download\919003e3012e674674fc2a83c2329826\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20951_none_b39a7d5ae0c2aec5\tcpip.sys
[2011/06/21 07:30:45 | 001,301,376 | ---- | M] (Microsoft Corporation) MD5=93C444D118B184452132357C322124CD -- C:\Windows\SoftwareDistribution\Download\6392315e009bc41cb48cdfafa6d1fcc1\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20992_none_b3703df4e0e237e0\tcpip.sys
[2010/06/14 08:06:58 | 001,288,576 | ---- | M] (Microsoft Corporation) MD5=A39EA325C081AD27461F630C8E3E56E0 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20733_none_b3b219fae0b0af43\tcpip.sys
[2010/06/14 08:12:30 | 001,286,016 | ---- | M] (Microsoft Corporation) MD5=BB7F39C31C4A4417FD318E7CD184E225 -- C:\Windows\ERDNT\cache\tcpip.sys
[2010/06/14 08:12:30 | 001,286,016 | ---- | M] (Microsoft Corporation) MD5=BB7F39C31C4A4417FD318E7CD184E225 -- C:\Windows\System32\drivers\tcpip.sys
[2010/06/14 08:12:30 | 001,286,016 | ---- | M] (Microsoft Corporation) MD5=BB7F39C31C4A4417FD318E7CD184E225 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16610_none_b33b1c29c7858b92\tcpip.sys
[2011/06/21 07:39:53 | 001,286,016 | ---- | M] (Microsoft Corporation) MD5=C2DAAEB48F3A47C410B041A0D2382EE1 -- C:\Windows\SoftwareDistribution\Download\6392315e009bc41cb48cdfafa6d1fcc1\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16839_none_b32e82b7c78da1d1\tcpip.sys
[2011/06/21 08:54:00 | 001,303,424 | ---- | M] (Microsoft Corporation) MD5=DEC4940487050AE13C60C86F40E07E75 -- C:\Windows\SoftwareDistribution\Download\6392315e009bc41cb48cdfafa6d1fcc1\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21754_none_b583db3edde666b6\tcpip.sys
< MD5 for: USERINIT.EXE >
[2010/11/20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\ERDNT\cache\userinit.exe
[2009/07/14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\System32\userinit.exe
[2009/07/14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
< MD5 for: WINLOGON.EXE >
[2009/10/28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\ERDNT\cache\winlogon.exe
[2009/10/28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\System32\winlogon.exe
[2009/10/28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009/10/28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2010/11/20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009/07/14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
< MD5 for: WS2_32.DLL >
[2010/11/20 14:21:38 | 000,206,848 | ---- | M] (Microsoft Corporation) MD5=7FF15A4F092CD4A96055BA69F903E3E9 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.1.7601.17514_none_f4bf1aae2c981ecf\ws2_32.dll
[2009/07/14 03:16:20 | 000,206,336 | ---- | M] (Microsoft Corporation) MD5=DAAE8A9B8C0ACC7F858454132553C30D -- C:\Windows\ERDNT\cache\ws2_32.dll
[2009/07/14 03:16:20 | 000,206,336 | ---- | M] (Microsoft Corporation) MD5=DAAE8A9B8C0ACC7F858454132553C30D -- C:\Windows\System32\ws2_32.dll
[2009/07/14 03:16:20 | 000,206,336 | ---- | M] (Microsoft Corporation) MD5=DAAE8A9B8C0ACC7F858454132553C30D -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.1.7600.16385_none_f28e06e62fa99b35\ws2_32.dll
< >
< C:\windows\system32\spool\prtprocs|dll;true;true;true /FP >
[2006/10/27 04:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\msonpppr.dll
[2009/07/14 03:16:19 | 000,029,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\winprint.dll
[2009/06/20 21:13:45 | 000,003,584 | ---- | M] (Lexmark International Inc.) -- C:\Windows\System32\spool\prtprocs\w32x86\cs-CZ\LXKPTPRC.DLL.mui
< %systemroot%\system32\drivers\*.sys /5 >
[2011/10/27 23:44:18 | 000,111,872 | ---- | M] () -- C:\windows\system32\drivers\TrueSight.sys
< %systemroot%\system32\drivers\*.sys /X >
[2009/06/10 23:14:29 | 003,440,660 | ---- | M] () -- C:\windows\system32\drivers\gm.dls
[2009/06/10 23:14:29 | 000,000,646 | ---- | M] () -- C:\windows\system32\drivers\gmreadme.txt
[2009/06/10 23:27:38 | 000,000,003 | ---- | M] () -- C:\windows\system32\drivers\MsftWdf_Kernel_01009_Inbox_Critical.Wdf
[2009/10/14 18:23:50 | 000,000,000 | -H-- | M] () -- C:\windows\system32\drivers\Msft_Kernel_SynTP_01007.Wdf
[2009/07/26 22:44:04 | 000,000,000 | -H-- | M] () -- C:\windows\system32\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2011/03/23 19:33:41 | 000,000,000 | -H-- | M] () -- C:\windows\system32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2009/07/28 05:36:30 | 000,004,692 | ---- | M] () -- C:\windows\system32\drivers\SamSfPa.dat
< %systemroot%\system32\drivers\*.sys /lockedfiles >
< %systemroot%\system32\*.* /5 >
[2011/10/28 23:01:03 | 000,009,920 | -H-- | M] () -- C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/10/28 23:01:04 | 000,009,920 | -H-- | M] () -- C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/10/28 02:37:39 | 000,121,914 | ---- | M] () -- C:\windows\system32\perfc005.dat
[2011/10/28 02:37:39 | 000,106,388 | ---- | M] () -- C:\windows\system32\perfc009.dat
[2011/10/28 02:37:39 | 000,631,292 | ---- | M] () -- C:\windows\system32\perfh005.dat
[2011/10/28 02:37:39 | 000,616,008 | ---- | M] () -- C:\windows\system32\perfh009.dat
[2011/10/28 02:37:38 | 001,469,888 | ---- | M] () -- C:\windows\system32\PerfStringBackup.INI
< %systemroot%\system32\*.dll /lockedfiles >
[2011/06/05 20:37:00 | 000,353,792 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\windows\system32\dxtmsft.dll
[2011/06/05 20:37:00 | 000,223,232 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\windows\system32\dxtrans.dll
[2009/07/14 03:15:36 | 000,226,816 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\windows\system32\LocationApi.dll
< %systemroot%\system32\config\*.sav >
< %systemroot%\Tasks\*.job /lockedfiles >
< %systemroot%\*.* /U /s >
[16 C:\windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp files -> C:\windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp -> ]
[2 C:\windows\Installer\*.tmp files -> C:\windows\Installer\*.tmp -> ]
[2 C:\windows\SoftwareDistribution\AuthCabs\7971f918-a847-4430-9279-4a52d1efe18d\*.tmp files -> C:\windows\SoftwareDistribution\AuthCabs\7971f918-a847-4430-9279-4a52d1efe18d\*.tmp -> ]
[1 C:\windows\SoftwareDistribution\Download\479350944817218ad9fa95e3cf43ca56\*.tmp files -> C:\windows\SoftwareDistribution\Download\479350944817218ad9fa95e3cf43ca56\*.tmp -> ]
[1 C:\windows\SoftwareDistribution\Download\587f3a11faf5cac4a06ef15f712c5545\*.tmp files -> C:\windows\SoftwareDistribution\Download\587f3a11faf5cac4a06ef15f712c5545\*.tmp -> ]
[1 C:\windows\SoftwareDistribution\Download\ab12ed88e57ff0d91c87b2b030a9f868\*.tmp files -> C:\windows\SoftwareDistribution\Download\ab12ed88e57ff0d91c87b2b030a9f868\*.tmp -> ]
[1 C:\windows\SoftwareDistribution\Download\d9ad0644b362e8208605baad436c65c0\*.tmp files -> C:\windows\SoftwareDistribution\Download\d9ad0644b362e8208605baad436c65c0\*.tmp -> ]
[1 C:\windows\SoftwareDistribution\Download\e007d7ad07e48875479a88f5d051704d\*.tmp files -> C:\windows\SoftwareDistribution\Download\e007d7ad07e48875479a88f5d051704d\*.tmp -> ]
[1 C:\windows\SoftwareDistribution\Download\ec2cc6ab7853f7f87c73b2f137bf7916\*.tmp files -> C:\windows\SoftwareDistribution\Download\ec2cc6ab7853f7f87c73b2f137bf7916\*.tmp -> ]
[1 C:\windows\temp\*.tmp files -> C:\windows\temp\*.tmp -> ]
< %systemroot%\*. /mp /s >
< %ALLUSERSPROFILE%\Data Aplikací\*.* >
< %ALLUSERSPROFILE%\Data Aplikací\*.exe /s >
< %ALLUSERSPROFILE%\Dáta aplikácií\*.* >
< %ALLUSERSPROFILE%\Dáta aplikácií\*.exe /s >
< %APPDATA%\*. >
OTL logfile created on: 10/30/2011 12:33:18 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Žaneta\Desktop
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy
1.99 Gb Total Physical Memory | 0.75 Gb Available Physical Memory | 37.53% Memory free
3.98 Gb Paging File | 2.75 Gb Available in Paging File | 69.17% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 100.00 Gb Total Space | 73.69 Gb Free Space | 73.69% Space Free | Partition Type: NTFS
Drive D: | 122.87 Gb Total Space | 43.97 Gb Free Space | 35.79% Space Free | Partition Type: NTFS
Computer Name: EEEPC | User Name: Žaneta | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2011/10/30 00:31:49 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Žaneta\Desktop\OTL.exe
PRC - [2011/05/13 14:23:42 | 000,399,736 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\uTorrent\uTorrent.exe
PRC - [2011/02/26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/01/16 05:11:42 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/10/14 18:30:41 | 003,058,304 | ---- | M] (ASUS) -- C:\Windows\AsScrPro.exe
PRC - [2009/09/24 01:05:44 | 000,752,056 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\EeePC\HotkeyService\HotkeyService.exe
PRC - [2009/09/11 20:41:02 | 000,100,328 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\EeePC\HotkeyService\HotKeyMon.exe
PRC - [2009/09/09 20:15:12 | 000,413,688 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\EeePC\SHE\SuperHybridEngine.exe
PRC - [2009/08/28 00:38:28 | 000,803,304 | ---- | M] () -- C:\Program Files\ASUS\LiveUpdate\LiveUpdate.exe
PRC - [2009/07/20 11:47:14 | 000,083,240 | ---- | M] (Synaptics Incorporated) -- C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe
PRC - [2009/07/14 03:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/07/02 03:03:12 | 000,795,936 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2009/07/02 03:03:12 | 000,582,944 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
========== Modules (No Company Name) ==========
MOD - [2011/08/14 16:02:21 | 012,430,848 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\e4ea95056046fdf87f06ae807308b627\System.Windows.Forms.ni.dll
MOD - [2011/08/14 16:01:41 | 001,586,688 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\2a34e74599686e7383ae90670a994cdf\System.Drawing.ni.dll
MOD - [2011/08/14 16:00:17 | 007,949,312 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\50c67f851ae3df2d0ab7d86fd1c5c7e0\System.ni.dll
MOD - [2011/08/14 15:59:51 | 000,025,600 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\11ebcba65c931267301739008a883e60\Accessibility.ni.dll
MOD - [2011/08/14 15:59:49 | 011,490,304 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\ebdaeaeb9f66c9035b5f11431f10cda4\mscorlib.ni.dll
MOD - [2010/01/16 05:11:42 | 001,014,232 | ---- | M] () -- C:\Program Files\Mozilla Firefox\js3250.dll
MOD - [2009/07/02 03:03:24 | 000,132,384 | ---- | M] () -- C:\Program Files\WIDCOMM\Bluetooth Software\BTKeyInd.dll
========== Win32 Services (SafeList) ==========
SRV - [2010/07/26 00:17:02 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/03/25 21:40:44 | 000,017,904 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc)
SRV - [2009/08/19 02:35:56 | 000,219,136 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\AsusService.exe -- (AsusService)
SRV - [2009/07/14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/07/02 03:03:12 | 000,582,944 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Running] -- -- (catchme)
DRV - [2011/10/27 23:44:18 | 000,111,872 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TrueSight.sys -- (TrueSight)
DRV - [2011/03/18 13:46:26 | 000,061,704 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ftdibus.sys -- (FTDIBUS)
DRV - [2011/03/18 13:46:10 | 000,073,096 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ftser2k.sys -- (FTSER2K)
DRV - [2010/03/25 21:30:22 | 000,042,368 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2009/11/13 10:47:50 | 000,058,368 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1C62x86.sys -- (L1C)
DRV - [2009/10/06 12:34:00 | 000,011,448 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\AsUpIO.sys -- (AsUpIO)
DRV - [2009/10/05 18:31:50 | 001,221,632 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009/07/20 11:29:40 | 000,013,880 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\kbfiltr.sys -- (kbfiltr)
DRV - [2009/07/14 01:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/07/14 01:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/07/01 06:46:20 | 000,043,944 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btusbflt.sys -- (btusbflt)
DRV - [2008/01/14 12:06:32 | 000,021,632 | ---- | M] (ManyCam LLC.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ManyCam.sys -- (ManyCam)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
IE - HKLM\..\URLSearchHook: - No CLSID value found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found
IE - HKLM\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTor.dll (Conduit Ltd.)
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2992750339-3050355781-2338329336-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://eeepc.asus.com [binary data]
IE - HKU\S-1-5-21-2992750339-3050355781-2338329336-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/sm
IE - HKU\S-1-5-21-2992750339-3050355781-2338329336-1001\..\URLSearchHook: - No CLSID value found
IE - HKU\S-1-5-21-2992750339-3050355781-2338329336-1001\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTor.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-2992750339-3050355781-2338329336-1001\..\URLSearchHook: {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll (SweetIM Technologies Ltd.)
IE - HKU\S-1-5-21-2992750339-3050355781-2338329336-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.defaultthis.engineName: "Conduit Engine Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.icq.com/search/afe_result ... r=1.3.3&q="
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.seznam.cz/"
FF - prefs.js..extensions.enabledItems: {6236BA26-C117-4007-928C-DE0716C7FA80}:1.0.24
FF - prefs.js..extensions.enabledItems: {6236BA26-C117-4007-928C-DE0716C7FA96}:1.0.7
FF - prefs.js..extensions.enabledItems: {6236BA26-C117-4007-928C-DE0716C7FA99}:1.0.1
FF - prefs.js..extensions.enabledItems: {63414328-3ab4-2c84-6c41-5a473c4b2ff7}:1.0
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.1.4
FF - prefs.js..extensions.enabledItems: {7645f4b1-1f19-13dd-2d6b-0200600c2a56}:1.0
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.3.3
FF - prefs.js..extensions.enabledItems: {8675f4b3-2f19-11ed-2d6b-0800600c0a16}:1.0
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.10
FF - prefs.js..extensions.enabledItems: {EEE6C361-6118-11DC-9C72-001320C79847}:1.2.0.2
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2
FF - prefs.js..extensions.enabledItems: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}:3.7.0.6
FF - prefs.js..extensions.enabledItems: {8675f4b3-2f19-11ed-2d6b-0800600c0a17}:1.0
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.11
FF - prefs.js..keyword.URL: "http://search.mywebsearch.com/mywebsear ... searchfor="
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.seznam.cz/"
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "http://search.icq.com/search/afe_result ... cqskins&q="
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60310.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.0.3: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/10/06 19:27:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/10/06 19:27:07 | 000,000,000 | ---D | M]
[2009/12/24 21:54:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Žaneta\AppData\Roaming\mozilla\Extensions
[2011/10/30 00:30:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Žaneta\AppData\Roaming\mozilla\Firefox\Profiles\kr76fxqc.default\extensions
[2011/06/10 15:33:26 | 000,000,000 | ---D | M] ("Get Styles") -- C:\Users\Žaneta\AppData\Roaming\mozilla\Firefox\Profiles\kr76fxqc.default\extensions\{6236BA26-C117-4007-928C-DE0716C7FA80}
[2011/06/10 15:33:27 | 000,000,000 | ---D | M] ("Usage Stat") -- C:\Users\Žaneta\AppData\Roaming\mozilla\Firefox\Profiles\kr76fxqc.default\extensions\{6236BA26-C117-4007-928C-DE0716C7FA96}
[2010/03/08 15:28:38 | 000,000,000 | ---D | M] (FBFan) -- C:\Users\Žaneta\AppData\Roaming\mozilla\Firefox\Profiles\kr76fxqc.default\extensions\{6236BA26-C117-4007-928C-DE0716C7FA99}
[2010/06/05 13:04:36 | 000,000,000 | ---D | M] (QAssistant) -- C:\Users\Žaneta\AppData\Roaming\mozilla\Firefox\Profiles\kr76fxqc.default\extensions\{63414328-3ab4-2c84-6c41-5a473c4b2ff7}
[2011/10/06 19:29:48 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\Žaneta\AppData\Roaming\mozilla\Firefox\Profiles\kr76fxqc.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2010/03/21 01:32:58 | 000,000,000 | ---D | M] (U Flv) -- C:\Users\Žaneta\AppData\Roaming\mozilla\Firefox\Profiles\kr76fxqc.default\extensions\{7645f4b1-1f19-13dd-2d6b-0200600c2a56}
[2011/10/01 14:04:24 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\Žaneta\AppData\Roaming\mozilla\Firefox\Profiles\kr76fxqc.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2011/03/15 12:19:09 | 000,000,000 | ---D | M] (KFD Flv) -- C:\Users\Žaneta\AppData\Roaming\mozilla\Firefox\Profiles\kr76fxqc.default\extensions\{8675f4b3-2f19-11ed-2d6b-0800600c0a16}
[2011/06/10 15:34:11 | 000,000,000 | ---D | M] (VFD Flv) -- C:\Users\Žaneta\AppData\Roaming\mozilla\Firefox\Profiles\kr76fxqc.default\extensions\{8675f4b3-2f19-11ed-2d6b-0800600c0a17}
[2011/10/03 15:45:25 | 000,000,000 | ---D | M] (uTorrentBar Community Toolbar) -- C:\Users\Žaneta\AppData\Roaming\mozilla\Firefox\Profiles\kr76fxqc.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
[2011/10/06 19:29:52 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Žaneta\AppData\Roaming\mozilla\Firefox\Profiles\kr76fxqc.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2011/10/01 23:38:58 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Žaneta\AppData\Roaming\mozilla\Firefox\Profiles\kr76fxqc.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2011/10/06 19:30:00 | 000,000,000 | ---D | M] (SweetIM Toolbar for Firefox) -- C:\Users\Žaneta\AppData\Roaming\mozilla\Firefox\Profiles\kr76fxqc.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}
[2011/05/13 14:23:37 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Žaneta\AppData\Roaming\mozilla\Firefox\Profiles\kr76fxqc.default\extensions\engine@conduit.com
[2011/10/28 01:25:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Žaneta\AppData\Roaming\mozilla\Firefox\Profiles\kr76fxqc.default\extensions\staged-xpis
[2011/05/13 14:23:37 | 000,000,913 | ---- | M] () -- C:\Users\Žaneta\AppData\Roaming\Mozilla\Firefox\Profiles\kr76fxqc.default\searchplugins\conduit.xml
[2011/10/26 19:53:12 | 000,000,950 | ---- | M] () -- C:\Users\Žaneta\AppData\Roaming\Mozilla\Firefox\Profiles\kr76fxqc.default\searchplugins\icqplugin-1.xml
[2010/01/06 18:46:38 | 000,000,947 | ---- | M] () -- C:\Users\Žaneta\AppData\Roaming\Mozilla\Firefox\Profiles\kr76fxqc.default\searchplugins\icqplugin-2.xml
[2010/03/21 01:32:54 | 000,000,947 | ---- | M] () -- C:\Users\Žaneta\AppData\Roaming\Mozilla\Firefox\Profiles\kr76fxqc.default\searchplugins\icqplugin-3.xml
[2011/10/06 19:30:22 | 000,000,950 | ---- | M] () -- C:\Users\Žaneta\AppData\Roaming\Mozilla\Firefox\Profiles\kr76fxqc.default\searchplugins\icqplugin-4.xml
[2011/09/25 17:27:46 | 000,000,168 | ---- | M] () -- C:\Users\Žaneta\AppData\Roaming\Mozilla\Firefox\Profiles\kr76fxqc.default\searchplugins\icqplugin.gif
[2011/09/25 17:27:46 | 000,000,618 | ---- | M] () -- C:\Users\Žaneta\AppData\Roaming\Mozilla\Firefox\Profiles\kr76fxqc.default\searchplugins\icqplugin.src
[2011/03/30 15:14:34 | 000,001,042 | ---- | M] () -- C:\Users\Žaneta\AppData\Roaming\Mozilla\Firefox\Profiles\kr76fxqc.default\searchplugins\icqplugin.xml
[2010/11/21 15:05:47 | 000,010,017 | ---- | M] () -- C:\Users\Žaneta\AppData\Roaming\Mozilla\Firefox\Profiles\kr76fxqc.default\searchplugins\mywebsearch.xml
[2010/01/25 20:37:15 | 000,001,392 | ---- | M] () -- C:\Users\Žaneta\AppData\Roaming\Mozilla\Firefox\Profiles\kr76fxqc.default\searchplugins\wikipedie-cs.xml
[2011/10/01 14:01:25 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2009/12/25 00:09:36 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
File not found (No name found) -- C:\USERS\ŽANETA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KR76FXQC.DEFAULT\EXTENSIONS\{6236BA26-C117-4007-928C-DE0716C7FA80}
File not found (No name found) -- C:\USERS\ŽANETA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KR76FXQC.DEFAULT\EXTENSIONS\{6236BA26-C117-4007-928C-DE0716C7FA96}
File not found (No name found) -- C:\USERS\ŽANETA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KR76FXQC.DEFAULT\EXTENSIONS\{6236BA26-C117-4007-928C-DE0716C7FA99}
File not found (No name found) -- C:\USERS\ŽANETA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KR76FXQC.DEFAULT\EXTENSIONS\{63414328-3AB4-2C84-6C41-5A473C4B2FF7}
File not found (No name found) -- C:\USERS\ŽANETA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KR76FXQC.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}
File not found (No name found) -- C:\USERS\ŽANETA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KR76FXQC.DEFAULT\EXTENSIONS\{7645F4B1-1F19-13DD-2D6B-0200600C2A56}
File not found (No name found) -- C:\USERS\ŽANETA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KR76FXQC.DEFAULT\EXTENSIONS\{800B5000-A755-47E1-992B-48A1C1357F07}
File not found (No name found) -- C:\USERS\ŽANETA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KR76FXQC.DEFAULT\EXTENSIONS\{8675F4B3-2F19-11ED-2D6B-0800600C0A16}
File not found (No name found) -- C:\USERS\ŽANETA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KR76FXQC.DEFAULT\EXTENSIONS\{8675F4B3-2F19-11ED-2D6B-0800600C0A17}
File not found (No name found) -- C:\USERS\ŽANETA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KR76FXQC.DEFAULT\EXTENSIONS\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}
File not found (No name found) -- C:\USERS\ŽANETA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KR76FXQC.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}
File not found (No name found) -- C:\USERS\ŽANETA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KR76FXQC.DEFAULT\EXTENSIONS\{E4A8A97B-F2ED-450B-B12D-EE082BA24781}
File not found (No name found) -- C:\USERS\ŽANETA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KR76FXQC.DEFAULT\EXTENSIONS\{EEE6C361-6118-11DC-9C72-001320C79847}
File not found (No name found) -- C:\USERS\ŽANETA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KR76FXQC.DEFAULT\EXTENSIONS\ENGINE@CONDUIT.COM
[2011/09/29 09:07:26 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/01/16 02:50:40 | 000,000,638 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\jyxo-cz.xml
[2010/01/16 02:50:40 | 000,001,687 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\mall-cz.xml
[2010/01/16 02:50:40 | 000,001,367 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\seznam-cz.xml
[2010/01/16 02:50:40 | 000,000,654 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\slunecnice-cz.xml
[2010/01/16 02:50:40 | 000,001,179 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-cz.xml
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\14.0.835.202\pdf.dll
CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Program Files\Google\Chrome\Application\14.0.835.202\gears.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\14.0.835.202\gcswf32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
CHR - plugin: My Web Search Plugin Stub (Enabled) = C:\Program Files\MyWebSearch\bar\1.bin\NPMyWebS.dll
CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: Windows Live Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.50917.0\npctrl.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Facemoods = C:\Users\Žaneta\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihflimipbcaljfnojhhknppphnnciiif\1.2.1_0\
CHR - Extension: Late Night = C:\Users\Žaneta\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgbdhkpacgdhfabeceekiafonfkipohm\1.0_0\
O1 HOSTS File: ([2011/10/28 02:29:32 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (GdfrDUEn Class) - {A3CF7606-E683-4375-A372-96B75DA0AEF7} - C:\Program Files\Get Styles\enlbrdr.dll (TODO: <Company name>)
O2 - BHO: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTor.dll (Conduit Ltd.)
O2 - BHO: (SweetIM Toolbar Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTor.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKU\S-1-5-21-2992750339-3050355781-2338329336-1001\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-2992750339-3050355781-2338329336-1001\..\Toolbar\WebBrowser: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-2992750339-3050355781-2338329336-1001\..\Toolbar\WebBrowser: (uTorrentBar Toolbar) - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - C:\Program Files\uTorrentBar\tbuTor.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-2992750339-3050355781-2338329336-1001\..\Toolbar\WebBrowser: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.2\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ASUS Screen Saver Protector] C:\Windows\AsScrPro.exe (ASUS)
O4 - HKLM..\Run: [DigitalZoomControl] C:\Program Files\ASUS\DigitalZoomControl\DigitalZoomControl.exe (ASUSTek)
O4 - HKLM..\Run: [Eee Docking] C:\Program Files\ASUS\Eee Docking\Eee Docking.exe ()
O4 - HKLM..\Run: [EeeStorageBackup] C:\Program Files\ASUS\Asus WebStorage\BackupService.exe (ECAREME)
O4 - HKLM..\Run: [HotKeyMon] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [HotkeyService] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [LiveUpdate] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [SuperHybridEngine] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: [SynAsusAcpi] C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe (Synaptics Incorporated)
O4 - HKU\S-1-5-21-2992750339-3050355781-2338329336-1001..\Run: [ATnotes.exe] C:\Program Files\ATnotes\ATnotes.exe (Thomas Ascher)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2992750339-3050355781-2338329336-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2992750339-3050355781-2338329336-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2992750339-3050355781-2338329336-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{68859C07-8B42-4E5D-A41E-FB9D25C31880}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FAF662BE-BE70-4666-A960-D02B135270A4}: DhcpNameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv50 - C:\windows\System32\ir50_32.dll (Intel Corporation)
PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin
========== Files/Folders - Created Within 30 Days ==========
[2011/10/30 00:31:38 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Žaneta\Desktop\OTL.exe
[2011/10/28 23:26:27 | 000,000,000 | ---D | C] -- C:\Users\Žaneta\AppData\Local\temp
[2011/10/28 23:24:06 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/10/28 23:19:52 | 000,000,000 | ---D | C] -- C:\windows\temp
[2011/10/28 02:01:09 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe
[2011/10/28 02:01:09 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe
[2011/10/28 02:01:09 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe
[2011/10/28 02:00:51 | 000,000,000 | ---D | C] -- C:\windows\ERDNT
[2011/10/28 02:00:35 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/10/28 01:57:43 | 004,274,254 | R--- | C] (Swearware) -- C:\Users\Žaneta\Desktop\ComboFix.exe
[2011/10/28 01:28:46 | 000,000,000 | ---D | C] -- C:\Users\Žaneta\AppData\Roaming\Malwarebytes
[2011/10/28 01:28:16 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbamswissarmy.sys
[2011/10/28 01:28:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/10/28 01:28:10 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys
[2011/10/28 01:28:10 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/10/27 23:44:47 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2011/10/27 23:44:46 | 000,000,000 | ---D | C] -- C:\rsit
[2011/10/27 23:41:43 | 000,000,000 | ---D | C] -- C:\Users\Žaneta\Desktop\RK_Quarantine
[2011/10/27 02:12:19 | 000,000,000 | ---D | C] -- C:\windows\ufa
[2011/10/26 20:11:08 | 000,000,000 | -H-D | C] -- C:\windows\update.8.1
[2011/10/26 20:09:08 | 000,000,000 | ---D | C] -- C:\Users\Žaneta\AppData\Roaming\Update
[2011/10/26 20:08:44 | 000,000,000 | ---D | C] -- C:\Users\Žaneta\AppData\Roaming\BS_Temp
[2011/10/26 20:08:15 | 000,000,000 | ---D | C] -- C:\windows\av_ico
[2011/10/26 20:05:48 | 000,000,000 | -H-D | C] -- C:\windows\update.tray-14-0-lnk
[2011/10/26 20:05:48 | 000,000,000 | -H-D | C] -- C:\windows\update.tray-14-0
[2011/10/09 00:53:40 | 000,000,000 | ---D | C] -- C:\Users\Žaneta\Desktop\Honey 2- Soundtrack
[2011/10/06 19:27:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox
[2011/10/02 16:14:52 | 000,000,000 | ---D | C] -- C:\AsusVibeData
[2011/10/02 16:06:29 | 000,000,000 | ---D | C] -- C:\ProgramData\ASUS WebStorage
[2009/10/10 12:33:36 | 000,013,880 | ---- | C] ( ) -- C:\windows\System32\drivers\kbfiltr.sys
========== Files - Modified Within 30 Days ==========
[2011/10/30 00:39:21 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2011/10/30 00:31:49 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Žaneta\Desktop\OTL.exe
[2011/10/30 00:07:01 | 000,000,940 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/10/29 18:07:00 | 000,000,936 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/10/29 14:28:35 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2011/10/28 23:01:04 | 000,009,920 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/10/28 23:01:03 | 000,009,920 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/10/28 22:53:26 | 1602,691,072 | -HS- | M] () -- C:\hiberfil.sys
[2011/10/28 02:37:39 | 000,631,292 | ---- | M] () -- C:\windows\System32\perfh005.dat
[2011/10/28 02:37:39 | 000,616,008 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2011/10/28 02:37:39 | 000,121,914 | ---- | M] () -- C:\windows\System32\perfc005.dat
[2011/10/28 02:37:39 | 000,106,388 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2011/10/28 02:29:32 | 000,000,027 | ---- | M] () -- C:\windows\System32\drivers\etc\hosts
[2011/10/28 01:58:20 | 004,274,254 | R--- | M] (Swearware) -- C:\Users\Žaneta\Desktop\ComboFix.exe
[2011/10/28 01:28:16 | 000,001,031 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/10/27 23:44:18 | 000,111,872 | ---- | M] () -- C:\windows\System32\drivers\TrueSight.sys
[2011/10/27 23:40:23 | 000,781,383 | ---- | M] () -- C:\Users\Žaneta\Desktop\RSIT.exe
[2011/10/27 23:38:59 | 000,719,360 | ---- | M] () -- C:\Users\Žaneta\Desktop\RogueKiller.exe
[2011/10/27 23:35:19 | 000,000,734 | ---- | M] () -- C:\windows\System32\drivers\etc\hîsts
[2011/10/27 23:34:51 | 000,000,225 | ---- | M] () -- C:\windows\info1
[2011/10/27 23:34:04 | 000,001,908 | ---- | M] () -- C:\Users\Public\Desktop\Microsoft Security Essentials.lnk
[2011/10/27 02:12:18 | 005,589,370 | ---- | M] () -- C:\windows\phoenix.rar
[2011/10/27 02:12:18 | 001,075,284 | ---- | M] () -- C:\windows\rpcminer.rar
[2011/10/27 02:12:18 | 000,246,272 | ---- | M] () -- C:\windows\unrar.exe
[2011/10/27 02:12:18 | 000,182,617 | ---- | M] () -- C:\windows\ufa.rar
[2011/10/27 01:36:21 | 000,002,098 | ---- | M] () -- C:\windows\epplauncher.mif
[2011/10/27 01:05:42 | 000,000,048 | ---- | M] () -- C:\windows\wininit.ini
[2011/10/26 21:24:15 | 000,010,441 | ---- | M] () -- C:\Users\Žaneta\Desktop\1.jpg
[2011/10/26 20:10:15 | 000,904,792 | ---- | M] () -- C:\windows\geoiplist.rar
[2011/10/26 20:09:15 | 000,000,000 | ---- | M] () -- C:\windows\loader2.exe_ok
[2011/10/24 16:13:13 | 004,668,846 | ---- | M] () -- C:\Users\Žaneta\Desktop\Keri-Hilson,-Lil-Kim,-&-Teyana-Taylor-Turn-My-Swag-On-[Girl-Version].mp3
[2011/10/24 16:11:45 | 005,377,382 | ---- | M] () -- C:\Users\Žaneta\Desktop\20---Soulja-Boy-Tellem---Turn-My-Swag-On.mp3
[2011/10/08 00:07:58 | 000,002,290 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2011/10/06 19:27:19 | 000,001,849 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/10/02 16:15:14 | 000,001,894 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AsusVibeLauncher.lnk
[2011/10/02 16:15:13 | 000,001,862 | ---- | M] () -- C:\Users\Public\Desktop\ASUS Vibe Fun Center.lnk
========== Files Created - No Company Name ==========
[2011/10/30 00:39:21 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2011/10/28 02:01:09 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe
[2011/10/28 02:01:09 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe
[2011/10/28 02:01:09 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
[2011/10/28 02:01:09 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
[2011/10/28 02:01:09 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
[2011/10/28 01:28:16 | 000,001,031 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/10/27 23:41:44 | 000,111,872 | ---- | C] () -- C:\windows\System32\drivers\TrueSight.sys
[2011/10/27 23:40:14 | 000,781,383 | ---- | C] () -- C:\Users\Žaneta\Desktop\RSIT.exe
[2011/10/27 23:38:46 | 000,719,360 | ---- | C] () -- C:\Users\Žaneta\Desktop\RogueKiller.exe
[2011/10/27 02:12:18 | 000,182,617 | ---- | C] () -- C:\windows\ufa.rar
[2011/10/27 01:36:21 | 000,002,098 | ---- | C] () -- C:\windows\epplauncher.mif
[2011/10/27 01:05:42 | 000,000,048 | ---- | C] () -- C:\windows\wininit.ini
[2011/10/26 21:39:34 | 000,010,441 | ---- | C] () -- C:\Users\Žaneta\Desktop\1.jpg
[2011/10/26 20:15:02 | 005,589,370 | ---- | C] () -- C:\windows\phoenix.rar
[2011/10/26 20:15:01 | 001,075,284 | ---- | C] () -- C:\windows\rpcminer.rar
[2011/10/26 20:10:17 | 004,636,907 | ---- | C] () -- C:\windows\geoiplist
[2011/10/26 20:10:15 | 000,904,792 | ---- | C] () -- C:\windows\geoiplist.rar
[2011/10/26 20:10:15 | 000,246,272 | ---- | C] () -- C:\windows\unrar.exe
[2011/10/26 20:10:07 | 000,000,225 | ---- | C] () -- C:\windows\info1
[2011/10/26 20:09:15 | 000,000,000 | ---- | C] () -- C:\windows\loader2.exe_ok
[2011/10/26 20:08:29 | 000,020,480 | ---- | C] () -- C:\Users\Žaneta\AppData\Roaming\client.db
[2011/10/24 16:12:24 | 004,668,846 | ---- | C] () -- C:\Users\Žaneta\Desktop\Keri-Hilson,-Lil-Kim,-&-Teyana-Taylor-Turn-My-Swag-On-[Girl-Version].mp3
[2011/10/24 16:10:26 | 005,377,382 | ---- | C] () -- C:\Users\Žaneta\Desktop\20---Soulja-Boy-Tellem---Turn-My-Swag-On.mp3
[2011/10/02 16:15:14 | 000,001,894 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AsusVibeLauncher.lnk
[2011/10/02 16:15:13 | 000,001,862 | ---- | C] () -- C:\Users\Public\Desktop\ASUS Vibe Fun Center.lnk
[2011/10/01 14:01:37 | 000,001,072 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2010/12/17 18:17:12 | 001,196,032 | ---- | C] () -- C:\Users\Žaneta\AppData\Roaming\TextBlue.fdb
[2010/05/21 16:25:01 | 000,003,584 | ---- | C] () -- C:\Users\Žaneta\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/10 17:28:16 | 000,000,038 | ---- | C] () -- C:\windows\AviSplitter.INI
[2010/03/12 20:13:47 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/01/04 19:35:47 | 000,000,204 | ---- | C] () -- C:\Users\Žaneta\AppData\Roaming\wklnhst.dat
[2009/12/25 18:32:18 | 000,000,017 | ---- | C] () -- C:\Users\Žaneta\AppData\Local\resmon.resmoncfg
[2009/12/25 12:15:45 | 000,006,144 | ---- | C] () -- C:\windows\System32\drivers\ASUSHWIO.SYS
[2009/10/14 18:53:23 | 000,011,448 | ---- | C] () -- C:\windows\System32\drivers\AsUpIO.sys
[2009/10/14 18:53:09 | 000,001,769 | ---- | C] () -- C:\windows\Language_trs.ini
[2009/10/14 18:27:18 | 000,219,136 | ---- | C] () -- C:\windows\System32\AsusService.exe
[2009/10/14 18:27:18 | 000,021,864 | ---- | C] () -- C:\windows\AsAcpiSvrLang.ini
[2009/10/14 18:26:19 | 000,451,072 | ---- | C] () -- C:\windows\System32\ISSRemoveSP.exe
[2009/10/14 18:25:53 | 000,013,931 | ---- | C] () -- C:\windows\System32\RaCoInst.dat
[2009/10/14 18:21:56 | 000,004,692 | ---- | C] () -- C:\windows\System32\drivers\SamSfPa.dat
[2009/10/14 18:21:38 | 000,013,020 | ---- | C] () -- C:\windows\System32\lpgun.ini
[2009/07/14 06:57:37 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat
[2009/07/14 06:33:53 | 000,436,552 | ---- | C] () -- C:\windows\System32\FNTCACHE.DAT
[2009/07/14 04:05:48 | 000,616,008 | ---- | C] () -- C:\windows\System32\perfh009.dat
[2009/07/14 04:05:48 | 000,291,294 | ---- | C] () -- C:\windows\System32\perfi009.dat
[2009/07/14 04:05:48 | 000,106,388 | ---- | C] () -- C:\windows\System32\perfc009.dat
[2009/07/14 04:05:48 | 000,031,548 | ---- | C] () -- C:\windows\System32\perfd009.dat
[2009/07/14 04:05:05 | 000,000,741 | ---- | C] () -- C:\windows\System32\NOISE.DAT
[2009/07/14 04:04:11 | 000,215,943 | ---- | C] () -- C:\windows\System32\dssec.dat
[2009/07/14 01:55:01 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin
[2009/07/14 01:51:43 | 000,073,728 | ---- | C] () -- C:\windows\System32\BthpanContextHandler.dll
[2009/07/14 01:42:10 | 000,064,000 | ---- | C] () -- C:\windows\System32\BWContextHandler.dll
[2009/06/20 21:14:36 | 000,292,004 | ---- | C] () -- C:\windows\System32\perfi005.dat
[2009/06/20 21:14:35 | 000,631,292 | ---- | C] () -- C:\windows\System32\perfh005.dat
[2009/06/20 21:14:35 | 000,121,914 | ---- | C] () -- C:\windows\System32\perfc005.dat
[2009/06/20 21:14:35 | 000,036,232 | ---- | C] () -- C:\windows\System32\perfd005.dat
[2009/06/10 23:26:10 | 000,673,088 | ---- | C] () -- C:\windows\System32\mlang.dat
[2009/02/26 08:50:32 | 000,000,176 | ---- | C] () -- C:\windows\explorer.exe.config
[1993/07/23 20:31:02 | 000,210,944 | ---- | C] () -- C:\windows\System32\Msvcrt10.dll
========== LOP Check ==========
[2009/10/14 18:55:27 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\Asus WebStorage
[2009/10/14 18:55:27 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\Asus WebStorage
[2010/09/01 12:49:19 | 000,000,000 | ---D | M] -- C:\Users\Žaneta\AppData\Roaming\Asus
[2011/10/27 01:00:59 | 000,000,000 | ---D | M] -- C:\Users\Žaneta\AppData\Roaming\Asus WebStorage
[2011/10/26 20:08:44 | 000,000,000 | ---D | M] -- C:\Users\Žaneta\AppData\Roaming\BS_Temp
[2010/04/15 18:22:38 | 000,000,000 | ---D | M] -- C:\Users\Žaneta\AppData\Roaming\Dream Aquarium
[2010/09/01 12:50:22 | 000,000,000 | ---D | M] -- C:\Users\Žaneta\AppData\Roaming\EeeStorageUploader
[2010/01/06 19:27:18 | 000,000,000 | ---D | M] -- C:\Users\Žaneta\AppData\Roaming\Exec
[2010/06/23 20:57:38 | 000,000,000 | ---D | M] -- C:\Users\Žaneta\AppData\Roaming\GeoVid
[2010/06/03 15:18:19 | 000,000,000 | ---D | M] -- C:\Users\Žaneta\AppData\Roaming\gtk-2.0
[2011/09/21 14:36:03 | 000,000,000 | ---D | M] -- C:\Users\Žaneta\AppData\Roaming\ICQ
[2010/02/20 18:07:17 | 000,000,000 | ---D | M] -- C:\Users\Žaneta\AppData\Roaming\ManyCam
[2010/01/22 22:59:45 | 000,000,000 | ---D | M] -- C:\Users\Žaneta\AppData\Roaming\NCH Swift Sound
[2009/12/24 23:17:23 | 000,000,000 | ---D | M] -- C:\Users\Žaneta\AppData\Roaming\OpenOffice.org
[2010/01/21 17:59:00 | 000,000,000 | ---D | M] -- C:\Users\Žaneta\AppData\Roaming\PhotoFiltre Studio X
[2010/01/21 18:09:30 | 000,000,000 | ---D | M] -- C:\Users\Žaneta\AppData\Roaming\RetouchPilot
[2011/10/27 01:05:53 | 000,000,000 | ---D | M] -- C:\Users\Žaneta\AppData\Roaming\ScanMaster-ELM
[2011/09/10 19:38:22 | 000,000,000 | ---D | M] -- C:\Users\Žaneta\AppData\Roaming\Template
[2010/12/17 18:17:34 | 000,000,000 | ---D | M] -- C:\Users\Žaneta\AppData\Roaming\TextBlue
[2011/10/26 20:09:08 | 000,000,000 | ---D | M] -- C:\Users\Žaneta\AppData\Roaming\Update
[2011/10/30 00:34:43 | 000,000,000 | ---D | M] -- C:\Users\Žaneta\AppData\Roaming\uTorrent
[2010/06/03 15:27:35 | 000,000,000 | ---D | M] -- C:\Users\Žaneta\AppData\Roaming\Zoner
[2009/07/14 06:53:46 | 000,025,808 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
========== Custom Scans ==========
< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"Sidebar" = C:\Program Files\Windows Sidebar\sidebar.exe /autoRun -- [2009/07/14 03:14:38 | 001,173,504 | ---- | M] (Microsoft Corporation)
"ATnotes.exe" = C:\Program Files\ATnotes\ATnotes.exe -- [2005/01/05 15:45:36 | 001,015,808 | ---- | M] (Thomas Ascher)
< >
< MD5 for: AGP440.SYS >
[2009/07/14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\ERDNT\cache\AGP440.sys
[2009/07/14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009/07/14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\AGP440.sys
[2009/07/14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys
[2009/07/14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys
< MD5 for: ATAPI.SYS >
[2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\ERDNT\cache\atapi.sys
[2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys
[2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
[2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys
< MD5 for: AUTOCHK.EXE >
[2009/07/14 03:14:12 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=41E4C8EBA464E7D6A5BA5E8827732AEB -- C:\Windows\System32\autochk.exe
[2009/07/14 03:14:12 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=41E4C8EBA464E7D6A5BA5E8827732AEB -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.1.7600.16385_none_e1ca436d2314b860\autochk.exe
[2010/11/20 14:16:54 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=F88A52EB62019D6A62FDD9E08034DBD8 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-autochk_31bf3856ad364e35_6.1.7601.17514_none_e3fb573520033bfa\autochk.exe
< MD5 for: CDROM.SYS >
[2009/07/14 01:11:26 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BA6E70AA0E6091BC39DE29477D866A77 -- C:\Windows\System32\drivers\cdrom.sys
[2009/07/14 01:11:26 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BA6E70AA0E6091BC39DE29477D866A77 -- C:\Windows\System32\DriverStore\FileRepository\cdrom.inf_x86_neutral_db87d184bc84f910\cdrom.sys
[2009/07/14 01:11:26 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BA6E70AA0E6091BC39DE29477D866A77 -- C:\Windows\winsxs\x86_cdrom.inf_31bf3856ad364e35_6.1.7600.16385_none_5f7fb206051affbb\cdrom.sys
[2010/11/20 10:38:10 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BE167ED0FDB9C1FA1133953C18D5A6C9 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_cdrom.inf_31bf3856ad364e35_6.1.7601.17514_none_61b0c5ce02098355\cdrom.sys
< MD5 for: CNGAUDIT.DLL >
[2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\ERDNT\cache\cngaudit.dll
[2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
< MD5 for: CRYPTSVC.DLL >
[2009/07/14 03:15:07 | 000,135,680 | ---- | M] (Microsoft Corporation) MD5=9C231178CE4FB385F4B54B0A9080B8A4 -- C:\Windows\ERDNT\cache\cryptsvc.dll
[2009/07/14 03:15:07 | 000,135,680 | ---- | M] (Microsoft Corporation) MD5=9C231178CE4FB385F4B54B0A9080B8A4 -- C:\Windows\System32\cryptsvc.dll
[2009/07/14 03:15:07 | 000,135,680 | ---- | M] (Microsoft Corporation) MD5=9C231178CE4FB385F4B54B0A9080B8A4 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.16385_none_75d5ef87fc22e35a\cryptsvc.dll
[2010/11/20 14:18:24 | 000,136,192 | ---- | M] (Microsoft Corporation) MD5=A585BEBF7D054BD9618EDA0922D5484A -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17514_none_7807034ff91166f4\cryptsvc.dll
< MD5 for: CSRSS.EXE >
[2009/07/14 03:14:16 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=342271F6142E7C70805B8A81E1BA5F5C -- C:\Windows\System32\csrss.exe
[2009/07/14 03:14:16 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=342271F6142E7C70805B8A81E1BA5F5C -- C:\Windows\winsxs\x86_microsoft-windows-csrss_31bf3856ad364e35_6.1.7600.16385_none_58ba39fb456943bd\csrss.exe
< MD5 for: EXPLORER.EXE >
[2011/02/26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2009/07/14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2011/02/26 07:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe
[2009/10/31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2011/02/26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\ERDNT\cache\explorer.exe
[2011/02/26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\explorer.exe
[2011/02/26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe
[2010/11/20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2011/02/25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
[2009/08/03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2009/08/03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2009/10/31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe
< MD5 for: FASTFAT.SYS >
[2009/07/14 01:14:02 | 000,148,480 | ---- | M] (Microsoft Corporation) MD5=7E0AB74553476622FB6AE36F73D97D35 -- C:\Windows\System32\drivers\fastfat.sys
[2009/07/14 01:14:02 | 000,148,480 | ---- | M] (Microsoft Corporation) MD5=7E0AB74553476622FB6AE36F73D97D35 -- C:\Windows\winsxs\x86_microsoft-windows-fat_31bf3856ad364e35_6.1.7600.16385_none_ae8981a3b8b7be50\fastfat.sys
< MD5 for: HAL.DLL >
[2010/11/20 14:29:53 | 000,194,432 | ---- | M] (Microsoft Corporation) MD5=1BF0D4727FDB437D513CFF8A9359C050 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-hal_31bf3856ad364e35_6.1.7601.17514_none_ad305c8fb7ec5060\hal.dll
[2009/07/14 03:20:28 | 000,194,640 | ---- | M] (Microsoft Corporation) MD5=9A557EAE64ABAB3BA67A9BB035D24CB9 -- C:\Windows\System32\hal.dll
[2009/07/14 03:20:28 | 000,194,640 | ---- | M] (Microsoft Corporation) MD5=9A557EAE64ABAB3BA67A9BB035D24CB9 -- C:\Windows\winsxs\x86_microsoft-windows-hal_31bf3856ad364e35_6.1.7600.16385_none_aaff48c7bafdccc6\hal.dll
< MD5 for: IASTORV.SYS >
[2009/07/14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\drivers\iaStorV.sys
[2009/07/14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_18cccb83b34e1453\iaStorV.sys
[2009/07/14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys
[2010/11/20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys
< MD5 for: ISAPNP.SYS >
[2009/07/14 03:20:36 | 000,046,656 | ---- | M] (Microsoft Corporation) MD5=1F32BB6B38F62F7DF1A7AB7292638A35 -- C:\Windows\System32\drivers\isapnp.sys
[2009/07/14 03:20:36 | 000,046,656 | ---- | M] (Microsoft Corporation) MD5=1F32BB6B38F62F7DF1A7AB7292638A35 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\isapnp.sys
[2009/07/14 03:20:36 | 000,046,656 | ---- | M] (Microsoft Corporation) MD5=1F32BB6B38F62F7DF1A7AB7292638A35 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\isapnp.sys
[2009/07/14 03:20:36 | 000,046,656 | ---- | M] (Microsoft Corporation) MD5=1F32BB6B38F62F7DF1A7AB7292638A35 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\isapnp.sys
< MD5 for: LSASS.EXE >
[2009/07/14 03:14:23 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=F42309C4191C506B71DB5D1126D26318 -- C:\Windows\ERDNT\cache\lsass.exe
[2009/07/14 03:14:23 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=F42309C4191C506B71DB5D1126D26318 -- C:\Windows\System32\lsass.exe
[2009/07/14 03:14:23 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=F42309C4191C506B71DB5D1126D26318 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.16385_none_a620e0e5be1ecda7\lsass.exe
[2009/07/14 03:14:23 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=F42309C4191C506B71DB5D1126D26318 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.16484_none_a61fe281be1fb177\lsass.exe
[2009/07/14 03:14:23 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=F42309C4191C506B71DB5D1126D26318 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.20594_none_a69eaf60d7456d32\lsass.exe
[2009/07/14 03:14:23 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=F42309C4191C506B71DB5D1126D26318 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.17514_none_a851f4adbb0d5141\lsass.exe
< MD5 for: NDIS.SYS >
[2009/07/14 03:20:44 | 000,710,720 | ---- | M] (Microsoft Corporation) MD5=23759D175A0A9BAAF04D05047BC135A8 -- C:\Windows\ERDNT\cache\ndis.sys
[2009/07/14 03:20:44 | 000,710,720 | ---- | M] (Microsoft Corporation) MD5=23759D175A0A9BAAF04D05047BC135A8 -- C:\Windows\System32\drivers\ndis.sys
[2009/07/14 03:20:44 | 000,710,720 | ---- | M] (Microsoft Corporation) MD5=23759D175A0A9BAAF04D05047BC135A8 -- C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.1.7600.16385_none_a79d81ea7d62a289\ndis.sys
[2010/11/20 14:30:06 | 000,712,576 | ---- | M] (Microsoft Corporation) MD5=E7C54812A2AAF43316EB6930C1FFA108 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-ndis_31bf3856ad364e35_6.1.7601.17514_none_a9ce95b27a512623\ndis.sys
< MD5 for: NETLOGON.DLL >
[2010/11/20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll
[2009/07/14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\ERDNT\cache\netlogon.dll
[2009/07/14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\System32\netlogon.dll
[2009/07/14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll
< MD5 for: NTFS.SYS >
[2010/11/20 14:30:06 | 001,211,264 | ---- | M] (Microsoft Corporation) MD5=33C3093D09017CFE2E219F2472BFF6EB -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7601.17514_none_a87893a87b2db29e\ntfs.sys
[2009/07/14 03:20:44 | 001,210,432 | ---- | M] (Microsoft Corporation) MD5=3795DCD21F740EE799FB7223234215AF -- C:\Windows\ERDNT\cache\ntfs.sys
[2009/07/14 03:20:44 | 001,210,432 | ---- | M] (Microsoft Corporation) MD5=3795DCD21F740EE799FB7223234215AF -- C:\Windows\System32\drivers\ntfs.sys
[2009/07/14 03:20:44 | 001,210,432 | ---- | M] (Microsoft Corporation) MD5=3795DCD21F740EE799FB7223234215AF -- C:\Windows\winsxs\x86_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7600.16385_none_a6477fe07e3f2f04\ntfs.sys
< MD5 for: NVRAID.SYS >
[2009/07/14 03:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) MD5=3F3D04B1D08D43C16EA7963954EC768D -- C:\Windows\System32\drivers\nvraid.sys
[2009/07/14 03:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) MD5=3F3D04B1D08D43C16EA7963954EC768D -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvraid.sys
[2009/07/14 03:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) MD5=3F3D04B1D08D43C16EA7963954EC768D -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvraid.sys
[2010/11/20 14:30:06 | 000,117,120 | ---- | M] (NVIDIA Corporation) MD5=AF2EEC9580C1D32FB7EAF105D9784061 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvraid.sys
< MD5 for: NVSTOR.SYS >
[2010/11/20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys
[2009/07/14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\drivers\nvstor.sys
[2009/07/14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvstor.sys
[2009/07/14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys
< MD5 for: SCECLI.DLL >
[2009/07/14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\ERDNT\cache\scecli.dll
[2009/07/14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\System32\scecli.dll
[2009/07/14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll
[2010/11/20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll
< MD5 for: SERVICES.EXE >
[2009/07/14 03:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\ERDNT\cache\services.exe
[2009/07/14 03:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\System32\services.exe
[2009/07/14 03:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe
< MD5 for: SMSS.EXE >
[2009/07/14 03:14:39 | 000,069,632 | ---- | M] (Microsoft Corporation) MD5=16742790895960690237A5143CEDEC8B -- C:\Windows\System32\smss.exe
[2009/07/14 03:14:39 | 000,069,632 | ---- | M] (Microsoft Corporation) MD5=16742790895960690237A5143CEDEC8B -- C:\Windows\winsxs\x86_microsoft-windows-smss_31bf3856ad364e35_6.1.7600.16385_none_ac10fe207a85352b\smss.exe
< MD5 for: SPOOLSV.EXE >
[2010/08/20 06:25:14 | 000,316,928 | ---- | M] (Microsoft Corporation) MD5=2FB4CE429488156B19C0D8E5C4552043 -- C:\Windows\winsxs\x86_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.1.7600.20785_none_d6ab9bc23bf9f1c6\spoolsv.exe
[2009/07/14 03:14:41 | 000,316,416 | ---- | M] (Microsoft Corporation) MD5=49B6DD6AB3715B7A67965F17194E98A9 -- C:\Windows\winsxs\x86_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.1.7600.16385_none_d621f94522dc5a87\spoolsv.exe
[2010/11/20 14:17:45 | 000,317,440 | ---- | M] (Microsoft Corporation) MD5=866A43013535DC8587C258E43579C764 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.1.7601.17514_none_d8530d0d1fcade21\spoolsv.exe
[2010/08/21 07:32:37 | 000,316,928 | ---- | M] (Microsoft Corporation) MD5=D1BB750EB51694DE183E08B9C33BE5B2 -- C:\Windows\ERDNT\cache\spoolsv.exe
[2010/08/21 07:32:37 | 000,316,928 | ---- | M] (Microsoft Corporation) MD5=D1BB750EB51694DE183E08B9C33BE5B2 -- C:\Windows\System32\spoolsv.exe
[2010/08/21 07:32:37 | 000,316,928 | ---- | M] (Microsoft Corporation) MD5=D1BB750EB51694DE183E08B9C33BE5B2 -- C:\Windows\winsxs\x86_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.1.7600.16661_none_d6339da722cfb4be\spoolsv.exe
< MD5 for: SVCHOST.EXE >
[2011/10/26 19:50:35 | 001,198,080 | -H-- | M] (Cronosoft) MD5=1502C61D2D762708C0B47606708ADBD7 -- C:\Windows\update.tray-14-0\svchost.exe
[2011/10/26 19:50:35 | 001,198,080 | -H-- | M] (Cronosoft) MD5=1502C61D2D762708C0B47606708ADBD7 -- C:\Windows\update.tray-14-0-lnk\svchost.exe
[2009/07/14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\ERDNT\cache\svchost.exe
[2009/07/14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\System32\svchost.exe
[2009/07/14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
< MD5 for: TCPIP.SYS >
[2011/04/25 06:56:06 | 001,286,016 | ---- | M] (Microsoft Corporation) MD5=0158D5E9982E9D6A90DFC802F618E130 -- C:\Windows\SoftwareDistribution\Download\919003e3012e674674fc2a83c2329826\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16802_none_b347f075c77b9c9d\tcpip.sys
[2011/06/21 07:34:23 | 001,290,624 | ---- | M] (Microsoft Corporation) MD5=04E4A7D53A7ACE02E8C55B17A498F631 -- C:\Windows\SoftwareDistribution\Download\6392315e009bc41cb48cdfafa6d1fcc1\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17638_none_b513df73c4b4f466\tcpip.sys
[2011/04/25 06:31:30 | 001,290,624 | ---- | M] (Microsoft Corporation) MD5=24326784DF8F3D5F5BBB9F878CE33C14 -- C:\Windows\SoftwareDistribution\Download\919003e3012e674674fc2a83c2329826\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17603_none_b52f4dc5c4a121e0\tcpip.sys
[2009/07/14 03:19:10 | 001,285,712 | ---- | M] (Microsoft Corporation) MD5=2CC3D75488ABD3EC628BBB9A4FC84EFC -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16385_none_b2f46875c7b9d667\tcpip.sys
[2010/11/20 14:30:12 | 001,290,112 | ---- | M] (Microsoft Corporation) MD5=37E8FA3779668837CA9E2C36D2415949 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17514_none_b5257c3dc4a85a01\tcpip.sys
[2011/04/25 08:31:09 | 001,301,376 | ---- | M] (Microsoft Corporation) MD5=6D4728CFF2724FF3A4654971D61D0F1C -- C:\Windows\SoftwareDistribution\Download\919003e3012e674674fc2a83c2329826\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21712_none_b5ad1a5addc7c444\tcpip.sys
[2011/04/25 06:44:18 | 001,298,816 | ---- | M] (Microsoft Corporation) MD5=8861B9A06BA99C6E1D62D0C86DFAB86C -- C:\Windows\SoftwareDistribution\Download\919003e3012e674674fc2a83c2329826\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20951_none_b39a7d5ae0c2aec5\tcpip.sys
[2011/06/21 07:30:45 | 001,301,376 | ---- | M] (Microsoft Corporation) MD5=93C444D118B184452132357C322124CD -- C:\Windows\SoftwareDistribution\Download\6392315e009bc41cb48cdfafa6d1fcc1\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20992_none_b3703df4e0e237e0\tcpip.sys
[2010/06/14 08:06:58 | 001,288,576 | ---- | M] (Microsoft Corporation) MD5=A39EA325C081AD27461F630C8E3E56E0 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20733_none_b3b219fae0b0af43\tcpip.sys
[2010/06/14 08:12:30 | 001,286,016 | ---- | M] (Microsoft Corporation) MD5=BB7F39C31C4A4417FD318E7CD184E225 -- C:\Windows\ERDNT\cache\tcpip.sys
[2010/06/14 08:12:30 | 001,286,016 | ---- | M] (Microsoft Corporation) MD5=BB7F39C31C4A4417FD318E7CD184E225 -- C:\Windows\System32\drivers\tcpip.sys
[2010/06/14 08:12:30 | 001,286,016 | ---- | M] (Microsoft Corporation) MD5=BB7F39C31C4A4417FD318E7CD184E225 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16610_none_b33b1c29c7858b92\tcpip.sys
[2011/06/21 07:39:53 | 001,286,016 | ---- | M] (Microsoft Corporation) MD5=C2DAAEB48F3A47C410B041A0D2382EE1 -- C:\Windows\SoftwareDistribution\Download\6392315e009bc41cb48cdfafa6d1fcc1\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16839_none_b32e82b7c78da1d1\tcpip.sys
[2011/06/21 08:54:00 | 001,303,424 | ---- | M] (Microsoft Corporation) MD5=DEC4940487050AE13C60C86F40E07E75 -- C:\Windows\SoftwareDistribution\Download\6392315e009bc41cb48cdfafa6d1fcc1\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21754_none_b583db3edde666b6\tcpip.sys
< MD5 for: USERINIT.EXE >
[2010/11/20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\ERDNT\cache\userinit.exe
[2009/07/14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\System32\userinit.exe
[2009/07/14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
< MD5 for: WINLOGON.EXE >
[2009/10/28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\ERDNT\cache\winlogon.exe
[2009/10/28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\System32\winlogon.exe
[2009/10/28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009/10/28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2010/11/20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009/07/14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
< MD5 for: WS2_32.DLL >
[2010/11/20 14:21:38 | 000,206,848 | ---- | M] (Microsoft Corporation) MD5=7FF15A4F092CD4A96055BA69F903E3E9 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.1.7601.17514_none_f4bf1aae2c981ecf\ws2_32.dll
[2009/07/14 03:16:20 | 000,206,336 | ---- | M] (Microsoft Corporation) MD5=DAAE8A9B8C0ACC7F858454132553C30D -- C:\Windows\ERDNT\cache\ws2_32.dll
[2009/07/14 03:16:20 | 000,206,336 | ---- | M] (Microsoft Corporation) MD5=DAAE8A9B8C0ACC7F858454132553C30D -- C:\Windows\System32\ws2_32.dll
[2009/07/14 03:16:20 | 000,206,336 | ---- | M] (Microsoft Corporation) MD5=DAAE8A9B8C0ACC7F858454132553C30D -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.1.7600.16385_none_f28e06e62fa99b35\ws2_32.dll
< >
< C:\windows\system32\spool\prtprocs|dll;true;true;true /FP >
[2006/10/27 04:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\msonpppr.dll
[2009/07/14 03:16:19 | 000,029,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\winprint.dll
[2009/06/20 21:13:45 | 000,003,584 | ---- | M] (Lexmark International Inc.) -- C:\Windows\System32\spool\prtprocs\w32x86\cs-CZ\LXKPTPRC.DLL.mui
< %systemroot%\system32\drivers\*.sys /5 >
[2011/10/27 23:44:18 | 000,111,872 | ---- | M] () -- C:\windows\system32\drivers\TrueSight.sys
< %systemroot%\system32\drivers\*.sys /X >
[2009/06/10 23:14:29 | 003,440,660 | ---- | M] () -- C:\windows\system32\drivers\gm.dls
[2009/06/10 23:14:29 | 000,000,646 | ---- | M] () -- C:\windows\system32\drivers\gmreadme.txt
[2009/06/10 23:27:38 | 000,000,003 | ---- | M] () -- C:\windows\system32\drivers\MsftWdf_Kernel_01009_Inbox_Critical.Wdf
[2009/10/14 18:23:50 | 000,000,000 | -H-- | M] () -- C:\windows\system32\drivers\Msft_Kernel_SynTP_01007.Wdf
[2009/07/26 22:44:04 | 000,000,000 | -H-- | M] () -- C:\windows\system32\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2011/03/23 19:33:41 | 000,000,000 | -H-- | M] () -- C:\windows\system32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2009/07/28 05:36:30 | 000,004,692 | ---- | M] () -- C:\windows\system32\drivers\SamSfPa.dat
< %systemroot%\system32\drivers\*.sys /lockedfiles >
< %systemroot%\system32\*.* /5 >
[2011/10/28 23:01:03 | 000,009,920 | -H-- | M] () -- C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/10/28 23:01:04 | 000,009,920 | -H-- | M] () -- C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/10/28 02:37:39 | 000,121,914 | ---- | M] () -- C:\windows\system32\perfc005.dat
[2011/10/28 02:37:39 | 000,106,388 | ---- | M] () -- C:\windows\system32\perfc009.dat
[2011/10/28 02:37:39 | 000,631,292 | ---- | M] () -- C:\windows\system32\perfh005.dat
[2011/10/28 02:37:39 | 000,616,008 | ---- | M] () -- C:\windows\system32\perfh009.dat
[2011/10/28 02:37:38 | 001,469,888 | ---- | M] () -- C:\windows\system32\PerfStringBackup.INI
< %systemroot%\system32\*.dll /lockedfiles >
[2011/06/05 20:37:00 | 000,353,792 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\windows\system32\dxtmsft.dll
[2011/06/05 20:37:00 | 000,223,232 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\windows\system32\dxtrans.dll
[2009/07/14 03:15:36 | 000,226,816 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\windows\system32\LocationApi.dll
< %systemroot%\system32\config\*.sav >
< %systemroot%\Tasks\*.job /lockedfiles >
< %systemroot%\*.* /U /s >
[16 C:\windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp files -> C:\windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp -> ]
[2 C:\windows\Installer\*.tmp files -> C:\windows\Installer\*.tmp -> ]
[2 C:\windows\SoftwareDistribution\AuthCabs\7971f918-a847-4430-9279-4a52d1efe18d\*.tmp files -> C:\windows\SoftwareDistribution\AuthCabs\7971f918-a847-4430-9279-4a52d1efe18d\*.tmp -> ]
[1 C:\windows\SoftwareDistribution\Download\479350944817218ad9fa95e3cf43ca56\*.tmp files -> C:\windows\SoftwareDistribution\Download\479350944817218ad9fa95e3cf43ca56\*.tmp -> ]
[1 C:\windows\SoftwareDistribution\Download\587f3a11faf5cac4a06ef15f712c5545\*.tmp files -> C:\windows\SoftwareDistribution\Download\587f3a11faf5cac4a06ef15f712c5545\*.tmp -> ]
[1 C:\windows\SoftwareDistribution\Download\ab12ed88e57ff0d91c87b2b030a9f868\*.tmp files -> C:\windows\SoftwareDistribution\Download\ab12ed88e57ff0d91c87b2b030a9f868\*.tmp -> ]
[1 C:\windows\SoftwareDistribution\Download\d9ad0644b362e8208605baad436c65c0\*.tmp files -> C:\windows\SoftwareDistribution\Download\d9ad0644b362e8208605baad436c65c0\*.tmp -> ]
[1 C:\windows\SoftwareDistribution\Download\e007d7ad07e48875479a88f5d051704d\*.tmp files -> C:\windows\SoftwareDistribution\Download\e007d7ad07e48875479a88f5d051704d\*.tmp -> ]
[1 C:\windows\SoftwareDistribution\Download\ec2cc6ab7853f7f87c73b2f137bf7916\*.tmp files -> C:\windows\SoftwareDistribution\Download\ec2cc6ab7853f7f87c73b2f137bf7916\*.tmp -> ]
[1 C:\windows\temp\*.tmp files -> C:\windows\temp\*.tmp -> ]
< %systemroot%\*. /mp /s >
< %ALLUSERSPROFILE%\Data Aplikací\*.* >
< %ALLUSERSPROFILE%\Data Aplikací\*.exe /s >
< %ALLUSERSPROFILE%\Dáta aplikácií\*.* >
< %ALLUSERSPROFILE%\Dáta aplikácií\*.exe /s >
< %APPDATA%\*. >
Re: FB vir (ufa)
otl část 2:
[2010/01/22 23:27:43 | 000,000,000 | ---D | M] -- C:\Users\Žaneta\AppData\Roaming\Adobe
[2010/09/01 12:49:19 | 000,000,000 | ---D | M] -- C:\Users\Žaneta\AppData\Roaming\Asus
[2011/10/27 01:00:59 | 000,000,000 | ---D | M] -- C:\Users\Žaneta\AppData\Roaming\Asus WebStorage
[2011/10/26 20:08:44 | 000,000,000 | ---D | M] -- C:\Users\Žaneta\AppData\Roaming\BS_Temp
[2010/04/15 18:22:38 | 000,000,000 | ---D | M] -- C:\Users\Žaneta\AppData\Roaming\Dream Aquarium
[2011/05/14 19:35:08 | 000,000,000 | ---D | M] -- C:\Users\Žaneta\AppData\Roaming\dvdcss
[2010/09/01 12:50:22 | 000,000,000 | ---D | M] -- C:\Users\Žaneta\AppData\Roaming\EeeStorageUploader
[2010/01/06 19:27:18 | 000,000,000 | ---D | M] -- C:\Users\Žaneta\AppData\Roaming\Exec
[2010/06/23 20:57:38 | 000,000,000 | ---D | M] -- C:\Users\Žaneta\AppData\Roaming\GeoVid
[2010/06/03 15:18:19 | 000,000,000 | ---D | M] -- C:\Users\Žaneta\AppData\Roaming\gtk-2.0
[2011/09/21 14:36:03 | 000,000,000 | ---D | M] -- C:\Users\Žaneta\AppData\Roaming\ICQ
[2010/01/21 17:54:00 | 000,000,000 | ---D | M] -- C:\Users\Žaneta\AppData\Roaming\Identities
[2009/10/14 18:24:46 | 000,000,000 | ---D | M] -- C:\Users\Žaneta\AppData\Roaming\InstallShield
[2009/10/14 18:32:37 | 000,000,000 | ---D | M] -- C:\Users\Žaneta\AppData\Roaming\Macromedia
[2011/10/28 01:28:46 | 000,000,000 | ---D | M] -- C:\Users\Žaneta\AppData\Roaming\Malwarebytes
[2010/02/20 18:07:17 | 000,000,000 | ---D | M] -- C:\Users\Žaneta\AppData\Roaming\ManyCam
[2010/05/02 21:09:19 | 000,000,000 | ---D | M] -- C:\Users\Žaneta\AppData\Roaming\Media Player Classic
[2011/09/10 19:38:23 | 000,000,000 | --SD | M] -- C:\Users\Žaneta\AppData\Roaming\Microsoft
[2009/12/24 21:54:30 | 000,000,000 | ---D | M] -- C:\Users\Žaneta\AppData\Roaming\Mozilla
[2010/01/22 22:59:45 | 000,000,000 | ---D | M] -- C:\Users\Žaneta\AppData\Roaming\NCH Swift Sound
[2009/12/24 23:17:23 | 000,000,000 | ---D | M] -- C:\Users\Žaneta\AppData\Roaming\OpenOffice.org
[2010/01/21 17:59:00 | 000,000,000 | ---D | M] -- C:\Users\Žaneta\AppData\Roaming\PhotoFiltre Studio X
[2010/01/21 18:09:30 | 000,000,000 | ---D | M] -- C:\Users\Žaneta\AppData\Roaming\RetouchPilot
[2011/10/27 01:05:53 | 000,000,000 | ---D | M] -- C:\Users\Žaneta\AppData\Roaming\ScanMaster-ELM
[2011/10/23 21:17:24 | 000,000,000 | ---D | M] -- C:\Users\Žaneta\AppData\Roaming\Skype
[2011/06/18 20:27:17 | 000,000,000 | ---D | M] -- C:\Users\Žaneta\AppData\Roaming\skypePM
[2011/09/10 19:38:22 | 000,000,000 | ---D | M] -- C:\Users\Žaneta\AppData\Roaming\Template
[2010/12/17 18:17:34 | 000,000,000 | ---D | M] -- C:\Users\Žaneta\AppData\Roaming\TextBlue
[2011/10/26 20:09:08 | 000,000,000 | ---D | M] -- C:\Users\Žaneta\AppData\Roaming\Update
[2011/10/30 01:34:59 | 000,000,000 | ---D | M] -- C:\Users\Žaneta\AppData\Roaming\uTorrent
[2011/10/26 23:49:58 | 000,000,000 | ---D | M] -- C:\Users\Žaneta\AppData\Roaming\vlc
[2010/12/21 23:27:08 | 000,000,000 | ---D | M] -- C:\Users\Žaneta\AppData\Roaming\WinRAR
[2010/06/03 15:27:35 | 000,000,000 | ---D | M] -- C:\Users\Žaneta\AppData\Roaming\Zoner
< %APPDATA%\*.* >
[2010/04/22 08:52:40 | 000,020,480 | ---- | M] () -- C:\Users\Žaneta\AppData\Roaming\client.db
[2010/12/17 18:20:29 | 001,196,032 | ---- | M] () -- C:\Users\Žaneta\AppData\Roaming\TextBlue.fdb
[2010/02/11 23:14:57 | 000,000,204 | ---- | M] () -- C:\Users\Žaneta\AppData\Roaming\wklnhst.dat
< %APPDATA%\*.exe /s >
[2011/07/31 01:29:16 | 000,827,192 | ---- | M] (ASUSTEK ) -- C:\Users\Žaneta\AppData\Roaming\Asus\ASUS Vibe\ASUSVibeSetup.exe
< %SYSTEMDRIVE%\*.exe >
< >
< >
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU /s >
[2010/01/22 23:27:43 | 000,000,000 | ---D | M] -- C:\Users\Žaneta\AppData\Roaming\Adobe
[2010/09/01 12:49:19 | 000,000,000 | ---D | M] -- C:\Users\Žaneta\AppData\Roaming\Asus
[2011/10/27 01:00:59 | 000,000,000 | ---D | M] -- C:\Users\Žaneta\AppData\Roaming\Asus WebStorage
[2011/10/26 20:08:44 | 000,000,000 | ---D | M] -- C:\Users\Žaneta\AppData\Roaming\BS_Temp
[2010/04/15 18:22:38 | 000,000,000 | ---D | M] -- C:\Users\Žaneta\AppData\Roaming\Dream Aquarium
[2011/05/14 19:35:08 | 000,000,000 | ---D | M] -- C:\Users\Žaneta\AppData\Roaming\dvdcss
[2010/09/01 12:50:22 | 000,000,000 | ---D | M] -- C:\Users\Žaneta\AppData\Roaming\EeeStorageUploader
[2010/01/06 19:27:18 | 000,000,000 | ---D | M] -- C:\Users\Žaneta\AppData\Roaming\Exec
[2010/06/23 20:57:38 | 000,000,000 | ---D | M] -- C:\Users\Žaneta\AppData\Roaming\GeoVid
[2010/06/03 15:18:19 | 000,000,000 | ---D | M] -- C:\Users\Žaneta\AppData\Roaming\gtk-2.0
[2011/09/21 14:36:03 | 000,000,000 | ---D | M] -- C:\Users\Žaneta\AppData\Roaming\ICQ
[2010/01/21 17:54:00 | 000,000,000 | ---D | M] -- C:\Users\Žaneta\AppData\Roaming\Identities
[2009/10/14 18:24:46 | 000,000,000 | ---D | M] -- C:\Users\Žaneta\AppData\Roaming\InstallShield
[2009/10/14 18:32:37 | 000,000,000 | ---D | M] -- C:\Users\Žaneta\AppData\Roaming\Macromedia
[2011/10/28 01:28:46 | 000,000,000 | ---D | M] -- C:\Users\Žaneta\AppData\Roaming\Malwarebytes
[2010/02/20 18:07:17 | 000,000,000 | ---D | M] -- C:\Users\Žaneta\AppData\Roaming\ManyCam
[2010/05/02 21:09:19 | 000,000,000 | ---D | M] -- C:\Users\Žaneta\AppData\Roaming\Media Player Classic
[2011/09/10 19:38:23 | 000,000,000 | --SD | M] -- C:\Users\Žaneta\AppData\Roaming\Microsoft
[2009/12/24 21:54:30 | 000,000,000 | ---D | M] -- C:\Users\Žaneta\AppData\Roaming\Mozilla
[2010/01/22 22:59:45 | 000,000,000 | ---D | M] -- C:\Users\Žaneta\AppData\Roaming\NCH Swift Sound
[2009/12/24 23:17:23 | 000,000,000 | ---D | M] -- C:\Users\Žaneta\AppData\Roaming\OpenOffice.org
[2010/01/21 17:59:00 | 000,000,000 | ---D | M] -- C:\Users\Žaneta\AppData\Roaming\PhotoFiltre Studio X
[2010/01/21 18:09:30 | 000,000,000 | ---D | M] -- C:\Users\Žaneta\AppData\Roaming\RetouchPilot
[2011/10/27 01:05:53 | 000,000,000 | ---D | M] -- C:\Users\Žaneta\AppData\Roaming\ScanMaster-ELM
[2011/10/23 21:17:24 | 000,000,000 | ---D | M] -- C:\Users\Žaneta\AppData\Roaming\Skype
[2011/06/18 20:27:17 | 000,000,000 | ---D | M] -- C:\Users\Žaneta\AppData\Roaming\skypePM
[2011/09/10 19:38:22 | 000,000,000 | ---D | M] -- C:\Users\Žaneta\AppData\Roaming\Template
[2010/12/17 18:17:34 | 000,000,000 | ---D | M] -- C:\Users\Žaneta\AppData\Roaming\TextBlue
[2011/10/26 20:09:08 | 000,000,000 | ---D | M] -- C:\Users\Žaneta\AppData\Roaming\Update
[2011/10/30 01:34:59 | 000,000,000 | ---D | M] -- C:\Users\Žaneta\AppData\Roaming\uTorrent
[2011/10/26 23:49:58 | 000,000,000 | ---D | M] -- C:\Users\Žaneta\AppData\Roaming\vlc
[2010/12/21 23:27:08 | 000,000,000 | ---D | M] -- C:\Users\Žaneta\AppData\Roaming\WinRAR
[2010/06/03 15:27:35 | 000,000,000 | ---D | M] -- C:\Users\Žaneta\AppData\Roaming\Zoner
< %APPDATA%\*.* >
[2010/04/22 08:52:40 | 000,020,480 | ---- | M] () -- C:\Users\Žaneta\AppData\Roaming\client.db
[2010/12/17 18:20:29 | 001,196,032 | ---- | M] () -- C:\Users\Žaneta\AppData\Roaming\TextBlue.fdb
[2010/02/11 23:14:57 | 000,000,204 | ---- | M] () -- C:\Users\Žaneta\AppData\Roaming\wklnhst.dat
< %APPDATA%\*.exe /s >
[2011/07/31 01:29:16 | 000,827,192 | ---- | M] (ASUSTEK ) -- C:\Users\Žaneta\AppData\Roaming\Asus\ASUS Vibe\ASUSVibeSetup.exe
< %SYSTEMDRIVE%\*.exe >
< >
< >
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU /s >
Přispějete na provoz fóra?