Drivers32: msacm.dvacm - C:\Program Files\Common Files\Ulead Systems\vio\DVACM.acm (Ulead Systems, Inc.)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
Drivers32: VIDC.MKVC - C:\Windows\System32\KMVIDC32.DLL ()
Drivers32: vidc.xvid - C:\Windows\System32\xvidvfw.dll ()
Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.)
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
========== Files/Folders - Created Within 7 Days ==========
[2010.09.09 22:00:10 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Users\PC\Desktop\OTL.exe
[2010.09.09 20:16:02 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2010.09.09 20:16:02 | 000,000,000 | ---D | C] -- C:\rsit
[2010.09.06 20:36:14 | 000,000,000 | ---D | C] -- C:\Users\PC\AppData\Local\Ahead
[2010.09.06 20:27:52 | 000,000,000 | ---D | C] -- C:\Program Files\Nero
[2010.09.06 20:27:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Nero
[2010.09.06 20:22:13 | 000,000,000 | ---D | C] -- C:\Program Files\AskTBar
[2010.09.06 19:46:57 | 000,000,000 | ---D | C] -- C:\Program Files\JDownloader
[2010.09.03 20:29:34 | 000,000,000 | -H-D | C] -- C:\$AVG8.VAULT$
[2010.09.03 19:32:49 | 000,032,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msonpmon.dll
[2010.09.03 19:28:35 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Works
[2010.09.03 19:27:17 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio
[2010.09.03 19:27:16 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2010.09.03 19:25:48 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2010.09.03 19:21:37 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 8
[2010.09.03 19:20:19 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2010.09.03 19:19:26 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2010.09.03 18:37:57 | 000,000,000 | ---D | C] -- C:\ProgramData\FLEXnet
[2010.09.03 18:37:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2010.09.03 17:21:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2010.09.03 17:00:58 | 000,000,000 | ---D | C] -- C:\ProgramData\LangSoft
[2010.09.03 13:24:33 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2008.12.31 02:24:27 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\PC\AppData\Roaming\pcouffin.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files - Modified Within 7 Days ==========
[2010.09.09 22:06:04 | 005,242,880 | -HS- | M] () -- C:\Users\PC\ntuser.dat
[2010.09.09 22:05:27 | 000,000,412 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{E64889E6-8E50-47D7-B06E-4A07FD979A46}.job
[2010.09.09 22:00:23 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\PC\Desktop\OTL.exe
[2010.09.09 21:54:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.09.09 21:42:00 | 000,000,940 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.09.09 21:23:50 | 000,003,952 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.09.09 21:23:50 | 000,003,952 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.09.09 20:42:00 | 000,000,936 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.09.09 18:07:24 | 064,468,357 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2010.09.09 17:04:26 | 000,429,008 | ---- | M] () -- C:\Users\PC\Desktop\2_lekce.docx
[2010.09.09 17:04:22 | 000,147,432 | ---- | M] () -- C:\Users\PC\AppData\Local\GDIPFONTCACHEV1.DAT
[2010.09.09 16:59:38 | 000,033,754 | ---- | M] () -- C:\Users\PC\Desktop\1_lekce.docx
[2010.09.09 15:28:28 | 001,478,430 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.09.09 15:28:28 | 000,628,204 | ---- | M] () -- C:\Windows\System32\perfh005.dat
[2010.09.09 15:28:28 | 000,616,730 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.09.09 15:28:28 | 000,126,646 | ---- | M] () -- C:\Windows\System32\perfc005.dat
[2010.09.09 15:28:28 | 000,112,598 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.09.09 15:23:49 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.09.09 15:23:46 | 002,397,944 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010.09.09 15:23:14 | 2136,961,024 | -HS- | M] () -- C:\hiberfil.sys
[2010.09.09 13:49:52 | 000,524,288 | -HS- | M] () -- C:\Users\PC\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010.09.09 13:49:52 | 000,065,536 | -HS- | M] () -- C:\Users\PC\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010.09.09 13:49:39 | 001,468,414 | -H-- | M] () -- C:\Users\PC\AppData\Local\IconCache.db
[2010.09.09 13:33:16 | 000,010,266 | ---- | M] () -- C:\Users\PC\Desktop\Pisemná elektronická komunikace.docx
[2010.09.09 12:31:16 | 000,000,000 | ---- | M] () -- C:\Windows\XXLGSC
[2010.09.09 11:53:30 | 000,010,096 | ---- | M] () -- C:\Users\PC\Desktop\Angličtina.docx
[2010.09.09 11:06:29 | 000,011,605 | ---- | M] () -- C:\Users\PC\Desktop\Matematika.docx
[2010.09.09 10:27:31 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2010.09.09 09:50:38 | 000,002,281 | ---- | M] () -- C:\Users\Public\Desktop\SAFARI.lnk
[2010.09.06 20:35:29 | 000,002,523 | ---- | M] () -- C:\Users\Public\Desktop\Nero StartSmart.lnk
[2010.09.06 20:31:05 | 000,001,024 | ---- | M] () -- C:\Users\PC\.rnd
[2010.09.06 19:47:17 | 000,000,827 | ---- | M] () -- C:\Users\PC\Desktop\JDownloader.lnk
[2010.09.05 00:30:31 | 000,222,208 | ---- | M] () -- C:\Users\PC\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.09.03 19:49:59 | 000,000,985 | ---- | M] () -- C:\Users\PC\Desktop\WINWORD.lnk
[2010.09.03 19:43:52 | 000,000,992 | ---- | M] () -- C:\Users\PC\Desktop\POWERPNT.lnk
[2010.09.03 19:42:02 | 000,000,973 | ---- | M] () -- C:\Users\PC\Desktop\EXCEL.lnk
[2010.09.03 19:21:12 | 000,000,219 | ---- | M] () -- C:\Windows\win.ini
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files Created - No Company Name ==========
[2010.09.09 17:04:21 | 000,429,008 | ---- | C] () -- C:\Users\PC\Desktop\2_lekce.docx
[2010.09.09 16:59:29 | 000,033,754 | ---- | C] () -- C:\Users\PC\Desktop\1_lekce.docx
[2010.09.09 13:04:58 | 000,010,266 | ---- | C] () -- C:\Users\PC\Desktop\Pisemná elektronická komunikace.docx
[2010.09.09 11:53:29 | 000,010,096 | ---- | C] () -- C:\Users\PC\Desktop\Angličtina.docx
[2010.09.09 09:09:25 | 000,011,605 | ---- | C] () -- C:\Users\PC\Desktop\Matematika.docx
[2010.09.06 20:35:29 | 000,002,523 | ---- | C] () -- C:\Users\Public\Desktop\Nero StartSmart.lnk
[2010.09.06 20:31:03 | 000,001,024 | ---- | C] () -- C:\Users\PC\.rnd
[2010.09.06 19:47:17 | 000,000,827 | ---- | C] () -- C:\Users\PC\Desktop\JDownloader.lnk
[2010.09.03 19:49:59 | 000,000,985 | ---- | C] () -- C:\Users\PC\Desktop\WINWORD.lnk
[2010.09.03 19:43:52 | 000,000,992 | ---- | C] () -- C:\Users\PC\Desktop\POWERPNT.lnk
[2010.09.03 19:42:02 | 000,000,973 | ---- | C] () -- C:\Users\PC\Desktop\EXCEL.lnk
[2009.10.04 23:28:12 | 000,000,085 | ---- | C] () -- C:\Users\PC\AppData\Roaming\downloads.m3u
[2009.09.24 20:48:35 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.07.21 17:00:50 | 000,237,568 | ---- | C] () -- C:\Windows\System32\qtmlClient.dll
[2009.07.21 17:00:50 | 000,000,000 | ---- | C] () -- C:\Windows\Graffiti5.2Pin.ini
[2009.06.30 22:54:22 | 000,005,632 | ---- | C] () -- C:\Windows\System32\CNMVS3w.DLL
[2009.03.21 20:50:42 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2009.03.06 19:10:24 | 000,000,058 | ---- | C] () -- C:\Windows\nfsc_patch.ini
[2009.02.01 12:56:42 | 000,002,686 | ---- | C] () -- C:\Windows\TRNCOM.INI
[2009.02.01 12:55:08 | 000,000,034 | ---- | C] () -- C:\Windows\WTRDCTM.INI
[2008.12.31 02:25:27 | 000,000,671 | ---- | C] () -- C:\Users\PC\AppData\Roaming\vso_ts_preview.xml
[2008.12.31 02:25:15 | 000,000,034 | ---- | C] () -- C:\Users\PC\AppData\Roaming\pcouffin.log
[2008.12.31 02:24:27 | 000,007,887 | ---- | C] () -- C:\Users\PC\AppData\Roaming\pcouffin.cat
[2008.12.31 02:24:27 | 000,001,144 | ---- | C] () -- C:\Users\PC\AppData\Roaming\pcouffin.inf
[2008.12.31 01:02:55 | 002,255,360 | ---- | C] () -- C:\Windows\System32\libavcodec.dll
[2008.12.31 01:02:55 | 000,395,776 | ---- | C] () -- C:\Windows\System32\libmplayer.dll
[2008.12.31 01:02:55 | 000,262,144 | ---- | C] () -- C:\Windows\System32\TomsMoComp_ff.dll
[2008.12.31 01:02:55 | 000,112,640 | ---- | C] () -- C:\Windows\System32\libmpeg2_ff.dll
[2008.12.31 01:00:38 | 000,000,680 | ---- | C] () -- C:\Users\PC\AppData\Local\d3d9caps.dat
[2008.12.18 15:05:45 | 000,000,131 | ---- | C] () -- C:\Users\PC\AppData\Roaming\default.rss
[2008.12.11 21:56:21 | 000,000,039 | ---- | C] () -- C:\Windows\Irremote.ini
[2008.11.11 18:48:10 | 000,141,312 | ---- | C] () -- C:\Windows\System32\drivers\sp_rsdrv2.sys
[2008.11.11 18:33:45 | 000,162,304 | ---- | C] () -- C:\Windows\System32\ztvunrar36.dll
[2008.11.01 20:21:21 | 000,047,104 | ---- | C] () -- C:\Windows\System32\KMVIDC32.DLL
[2008.09.16 20:54:06 | 000,222,208 | ---- | C] () -- C:\Users\PC\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.09.15 12:53:13 | 000,131,072 | ---- | C] () -- C:\Windows\System32\EnumDevLib.dll
[2008.09.15 12:52:48 | 000,010,129 | ---- | C] () -- C:\Windows\System32\tosmreg.ini
[2008.09.15 12:52:47 | 000,128,113 | ---- | C] () -- C:\Windows\System32\csellang.ini
[2008.09.15 12:52:47 | 000,045,056 | ---- | C] () -- C:\Windows\System32\csellang.dll
[2008.09.15 12:52:47 | 000,007,671 | ---- | C] () -- C:\Windows\System32\cseltbl.ini
[2008.03.19 17:17:06 | 000,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll
[2008.03.19 17:17:06 | 000,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll
[2008.03.19 17:17:06 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll
[2008.03.19 17:17:06 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll
[2008.03.19 17:17:06 | 000,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll
[2008.03.19 17:17:06 | 000,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll
[2008.03.19 14:46:45 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2008.03.19 14:45:22 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1329.dll
[2008.03.19 14:45:21 | 001,238,832 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll
[2008.03.19 14:45:21 | 000,249,856 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2008.03.19 14:45:21 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll
[2008.01.28 18:01:42 | 000,057,344 | ---- | C] () -- C:\Windows\System32\SmartFaceVCapt.dll
[2008.01.28 18:01:06 | 000,471,040 | ---- | C] () -- C:\Windows\System32\SmartFaceVCP.dll
[2008.01.28 17:53:02 | 006,701,056 | ---- | C] () -- C:\Windows\System32\FaceHI.dll
[2008.01.28 17:53:02 | 000,995,328 | ---- | C] () -- C:\Windows\System32\FaceRec.dll
[2008.01.28 17:53:02 | 000,126,976 | ---- | C] () -- C:\Windows\System32\SmartFaceVCtrl.dll
[2008.01.28 17:52:28 | 000,094,208 | ---- | C] () -- C:\Windows\System32\IppLib.dll
[2007.11.26 22:56:28 | 000,151,415 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2005.10.14 12:56:50 | 000,921,600 | ---- | C] () -- C:\Windows\System32\VorbisEnc.dll
[2005.10.14 12:56:50 | 000,237,568 | ---- | C] () -- C:\Windows\System32\OggDS.dll
[2005.10.14 12:56:50 | 000,188,416 | ---- | C] () -- C:\Windows\System32\vorbis.dll
[2005.10.14 12:56:50 | 000,155,136 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2005.10.14 12:56:50 | 000,045,056 | ---- | C] () -- C:\Windows\System32\ogg.dll
[2005.04.06 17:27:14 | 000,237,568 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2005.04.06 17:24:40 | 001,216,512 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
========== Custom Scans ==========
< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"Sidebar" = C:\Program Files\Windows Sidebar\sidebar.exe -- [2009.04.11 08:28:03 | 001,233,920 | ---- | M] (Microsoft Corporation)
"WindowsWelcomeCenter" = rundll32.exe oobefldr.dll,ShowWelcomeCenter -- [2009.04.11 08:28:23 | 002,153,472 | ---- | M] (Microsoft Corporation)
"ehTray.exe" = C:\Windows\ehome\ehTray.exe -- [2008.01.19 09:33:09 | 000,125,952 | ---- | M] (Microsoft Corporation)
"WMPNSCFG" = C:\Program Files\Windows Media Player\WMPNSCFG.exe -- [2008.01.19 09:33:39 | 000,202,240 | ---- | M] (Microsoft Corporation)
"Skype" = "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized -- [2010.05.14 09:27:02 | 026,191,144 | R--- | M] (Skype Technologies S.A.)
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}" = "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020 -- [2008.06.24 16:06:06 | 001,840,424 | ---- | M] (Nero AG)
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\AdobeUpdater]
"" =
< c:\windows\*.* /U >
[1 c:\windows\*.tmp files -> c:\windows\*.tmp -> ]
< MD5 for: AGP440.SYS >
[2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\ERDNT\cache\AGP440.sys
[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys
[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
< MD5 for: ATAPI.SYS >
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\ERDNT\cache\atapi.sys
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008.01.19 09:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008.01.19 09:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2008.10.26 08:10:27 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys
[2008.10.26 08:10:27 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys
[2008.10.26 08:10:26 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys
< MD5 for: CNGAUDIT.DLL >
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\ERDNT\cache\cngaudit.dll
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
< MD5 for: EXPLORER.EXE >
[2008.10.29 08:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008.10.29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008.10.30 05:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2008.03.19 16:07:10 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe
[2008.03.19 16:07:10 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe
[2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\ERDNT\cache\explorer.exe
[2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008.10.28 04:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2006.11.02 11:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe
[2008.01.19 09:33:10 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe
< MD5 for: HAL.DLL >
[2009.04.11 08:32:46 | 000,177,128 | ---- | M] (Microsoft Corporation) MD5=B8D52005181A15D7D1470CBF2AF214DD -- C:\Windows\System32\hal.dll
< MD5 for: IASTOR.SYS >
[2007.09.29 23:03:32 | 000,384,024 | ---- | M] (Intel Corporation) MD5=16A4671255CFB842225F0FDB6DBDB414 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys
[2007.09.29 23:03:12 | 000,308,248 | ---- | M] (Intel Corporation) MD5=E5A0034847537EAEE3C00349D5C34C5F -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver\IaStor.sys
[2007.09.29 23:03:12 | 000,308,248 | ---- | M] (Intel Corporation) MD5=E5A0034847537EAEE3C00349D5C34C5F -- C:\Windows\System32\drivers\iaStor.sys
[2007.09.29 23:03:12 | 000,308,248 | ---- | M] (Intel Corporation) MD5=E5A0034847537EAEE3C00349D5C34C5F -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_7baf6192\iaStor.sys
< MD5 for: IASTORV.SYS >
[2008.01.19 09:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008.01.19 09:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys
[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
< MD5 for: LSASS.EXE >
[2009.06.15 14:51:56 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=203D86EBD6D8E4C8501B222421E81506 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6002.22152_none_a886901f7335e2fc\lsass.exe
[2009.09.10 16:44:14 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=2D3AC5E7AC01E905F3ABD2D745FE3A9B -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6002.22223_none_a8a80213731ca5a7\lsass.exe
[2009.06.15 14:48:49 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=3978F3540329E16C0AC3BCF677E5669F -- C:\Windows\ERDNT\cache\lsass.exe
[2009.06.15 14:48:49 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=3978F3540329E16C0AC3BCF677E5669F -- C:\Windows\System32\lsass.exe
[2009.06.15 14:48:49 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=3978F3540329E16C0AC3BCF677E5669F -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6002.18051_none_a7fbf30a5a1929db\lsass.exe
[2009.02.13 09:26:04 | 000,007,680 | ---- | M] (Microsoft Corporation) MD5=59DE082968FDD257FFF0D209B9A5B460 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.16820_none_a44eb0105fb4d975\lsass.exe
[2006.11.02 11:45:21 | 000,007,680 | ---- | M] (Microsoft Corporation) MD5=6A0E382E74280E4CC0DF17FE2661D003 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.16386_none_a413c8c65fe02762\lsass.exe
[2009.06.15 15:03:38 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=6F1F23D3599EAE17734451936B7F17C6 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.22450_none_a69e1da376115b2a\lsass.exe
[2009.06.15 14:57:59 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=A911ECAC81F94ADEAFBE8E3F7873EDB0 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.18272_none_a600dfae5d0228c9\lsass.exe
[2009.02.13 06:58:37 | 000,007,680 | ---- | M] (Microsoft Corporation) MD5=AFF8A58280863629CA4FFA9E0B259F1E -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.21010_none_a4e2f4e978ca9090\lsass.exe
[2009.06.15 14:59:08 | 000,007,680 | ---- | M] (Microsoft Corporation) MD5=BA9A67672E025078C77967731BCFC560 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.21067_none_a4b3e75378eccda6\lsass.exe
[2009.06.15 15:10:12 | 000,007,680 | ---- | M] (Microsoft Corporation) MD5=C731B1FE449D4E9CEA358C9D55B69BE9 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.16870_none_a418a0745fdd652a\lsass.exe
[2009.09.09 13:09:38 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=CB7E838C140B4087B2DA323F2D4523C5 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.22518_none_a6d1618975e9b345\lsass.exe
[2009.09.10 16:47:51 | 000,007,680 | ---- | M] (Microsoft Corporation) MD5=D09A5DA84B7C9CA9B02EBCD7FAE41C8D -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.21125_none_a4dd285578ce285b\lsass.exe
[2008.01.19 09:33:14 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=DCF733788C7D088D814E5F80EB4B3E0F -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.18000_none_a64a8ac25ccb3836\lsass.exe
[2008.01.19 09:33:14 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=DCF733788C7D088D814E5F80EB4B3E0F -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.18215_none_a644c0145ccecd28\lsass.exe
[2008.01.19 09:33:14 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=DCF733788C7D088D814E5F80EB4B3E0F -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6002.18005_none_a83603ce59ed0382\lsass.exe
[2009.02.13 10:20:29 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=F4C62B07E5BF96F1FDCA9DB393ECED22 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.22376_none_a68e7da1761c2def\lsass.exe
< MD5 for: NDIS.SYS >
[2009.04.11 08:32:49 | 000,527,848 | ---- | M] (Microsoft Corporation) MD5=1357274D1883F68300AEADD15D7BBB42 -- C:\Windows\ERDNT\cache\ndis.sys
[2009.04.11 08:32:49 | 000,527,848 | ---- | M] (Microsoft Corporation) MD5=1357274D1883F68300AEADD15D7BBB42 -- C:\Windows\System32\drivers\ndis.sys
[2009.04.11 08:32:49 | 000,527,848 | ---- | M] (Microsoft Corporation) MD5=1357274D1883F68300AEADD15D7BBB42 -- C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.0.6002.18005_none_a9b2a4d31930d864\ndis.sys
[2006.11.02 11:51:42 | 000,500,840 | ---- | M] (Microsoft Corporation) MD5=227C11E1E7CF6EF8AFB2A238D209760C -- C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.0.6000.16386_none_a59069cb1f23fc44\ndis.sys
[2008.01.19 09:43:31 | 000,529,464 | ---- | M] (Microsoft Corporation) MD5=9BDC71790FA08F0A0B5F10462B1BD0B1 -- C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.0.6001.18000_none_a7c72bc71c0f0d18\ndis.sys
[2008.03.19 15:04:47 | 000,503,480 | ---- | M] (Microsoft Corporation) MD5=FFFE00134C554E113EE186EEDDB0FF30 -- C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.0.6000.20509_none_a67388ba37fe05b2\ndis.sys
< MD5 for: NETLOGON.DLL >
[2006.11.02 11:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll
[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\ERDNT\cache\netlogon.dll
[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008.01.19 09:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
< MD5 for: NVSTOR.SYS >
[2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys
[2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008.01.19 09:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008.01.19 09:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
< MD5 for: SCECLI.DLL >
[2008.01.19 09:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2006.11.02 11:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\ERDNT\cache\scecli.dll
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
< MD5 for: SMSS.EXE >
[2008.01.19 09:33:31 | 000,064,000 | ---- | M] (Microsoft Corporation) MD5=6701DDAF68BEDE6BBEEA9D514D73A35B -- C:\Windows\winsxs\x86_microsoft-windows-smss_31bf3856ad364e35_6.0.6001.18000_none_ac3aa7fd19319fba\smss.exe
[2009.04.11 08:28:04 | 000,064,000 | ---- | M] (Microsoft Corporation) MD5=98AF15A94CD6AC37248E72E5FE789B35 -- C:\Windows\System32\smss.exe
[2009.04.11 08:28:04 | 000,064,000 | ---- | M] (Microsoft Corporation) MD5=98AF15A94CD6AC37248E72E5FE789B35 -- C:\Windows\winsxs\x86_microsoft-windows-smss_31bf3856ad364e35_6.0.6002.18005_none_ae26210916536b06\smss.exe
[2006.11.02 11:45:45 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=CAA75757BB3695478C23CB0624342A61 -- C:\Windows\winsxs\x86_microsoft-windows-smss_31bf3856ad364e35_6.0.6000.16386_none_aa03e6011c468ee6\smss.exe
< MD5 for: SVCHOST.EXE >
[2006.11.02 11:45:47 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=10DA15933D582D2FEDCF705EFE394B09 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6000.16386_none_b38497a50862ad11\svchost.exe
[2008.01.19 09:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\ERDNT\cache\svchost.exe
[2008.01.19 09:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\System32\svchost.exe
[2008.01.19 09:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe
< MD5 for: USERINIT.EXE >
[2008.01.19 09:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\ERDNT\cache\userinit.exe
[2008.01.19 09:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.19 09:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2006.11.02 11:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe
< MD5 for: WINLOGON.EXE >
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\ERDNT\cache\winlogon.exe
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2006.11.02 11:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2008.01.19 09:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
< MD5 for: WS2_32.DLL >
[2008.01.19 09:37:09 | 000,179,200 | ---- | M] (Microsoft Corporation) MD5=B304D47D5744BA20FCB99FB8B2C07B0B -- C:\Windows\ERDNT\cache\ws2_32.dll
[2006.11.02 11:46:14 | 000,178,688 | ---- | M] (Microsoft Corporation) MD5=D99A071C1018BB3D4ABAAD4B62048AC2 -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.0.6000.16386_none_f080eec6d16af4f0\ws2_32.dll
[2008.01.19 09:37:09 | 000,179,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\ws2_32.dll
[2008.01.19 09:37:09 | 000,179,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.0.6001.18000_none_f2b7b0c2ce5605c4\ws2_32.dll
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.dll /lockedfiles >
[2009.03.08 13:31:42 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtmsft.dll
[2009.03.08 13:31:37 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtrans.dll
[2009.04.11 08:27:47 | 000,241,128 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll
[2009.04.11 08:28:23 | 000,228,352 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll
[2010.03.05 16:01:02 | 000,420,352 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\vbscript.dll
< reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c >
< End of report >
Prosím o kontrolu Logu !
Prosím o kontrolu Logu !
Naposledy upravil(a) ivosek.i dne 09 zář 2010 22:36, celkem upraveno 2 x.
Re: Prosím o kontrolu Logu !
Ahoj,
prosím tě vlož sem ten druhý log z názvem log.txt
prosím tě vlož sem ten druhý log z názvem log.txt
Re: Prosím o kontrolu Logu !
-edit-
Re: Prosím o kontrolu Logu !
Já chtěla log ze Rsitu s názvem txt, abych viděla, co jsi vyváděl s tím combofixem. HJT mi toho moc neřekne, zvlášt když jsi použil combofix a určitě jsi smazal i qoobox 
. Takto mi kryješ stopy v registru 
.
Stáhni OTL
http://oldtimer.geekstogo.com/OTL.exe
-do spodního okénka vlož tento skript:
-dej fajfku do čtverečku u řádku Pro všechny uživatele
-nech ostatní položky jak je nastaveno na screenu
- potvrď tlačítko Prohledat.
-provede se sken, log OTL.Txt sem vlož
Stahni Mbam http://download.cnet.com/3001-8022_4-10 ... l-10804572
-nainstaluj, aktualizuj
-udělej uplný sken a vlož sem log
. Takto mi kryješ stopy v registru .Stáhni OTL
http://oldtimer.geekstogo.com/OTL.exe
-do spodního okénka vlož tento skript:
Kód: Vybrat vše
netsvcs
drivers32
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s
c:\windows\*.* /U
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys
symmpi.sys
ndis.sys
winlogon.exe
explorer.exe
userinit.exe
lsass.exe
svchost.exe
smss.exe
hal.dll
ws2_32.dll
/md5stop
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\system32\*.dll /lockedfiles
reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c
-dej fajfku do čtverečku u řádku Pro všechny uživatele
-nech ostatní položky jak je nastaveno na screenu
- potvrď tlačítko Prohledat.
-provede se sken, log OTL.Txt sem vlož
Stahni Mbam http://download.cnet.com/3001-8022_4-10 ... l-10804572
-nainstaluj, aktualizuj
-udělej uplný sken a vlož sem log
Re: Prosím o kontrolu Logu !
Prosím tě, needituj mi tady logy a vždy použij tlačítko odpovědět. Díky.
Otestuj na http://www.virustotal.com
C:\Users\PC\.rnd
-Do okénka zkopíruj cestu k souboru , pokud napíše, že soubor byl už testován, dej otestovat znovu.
-Sem vlož link s výsledky.
Otestuj na http://www.virustotal.com
C:\Users\PC\.rnd
-Do okénka zkopíruj cestu k souboru , pokud napíše, že soubor byl už testován, dej otestovat znovu.
-Sem vlož link s výsledky.
Re: Prosím o kontrolu Logu !
Co ten mbam?
Re: Prosím o kontrolu Logu !
Ve složce "Malwarebytes" je mbam-log-2010-09-10 (06-31-03).txt, ten tedy zkopirovat?
Re: Prosím o kontrolu Logu !
Tedy to je:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Verze databáze: 4584
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18943
10.9.2010 06:31:03
mbam-log-2010-09-10 (06-31-03).txt
Typ skenu: Úplný sken (C:\|E:\|)
Skenované objekty: 301131
Uplynulý čas: 2 hodina(y), 15 minuta(y), 17 sekunda(y)
Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 2
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované složky: 0
Infikované soubory: 0
Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)
Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)
Infikované klíče registru:
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{DC1E4629-CB2E-4AC9-A533-D3795B8DB715}_is1 (Rogue.LarkAntiSpyware) -> No action taken.
Infikované hodnoty registru:
(Žádné škodlivé položky nebyly zjištěny)
Infikované datové položky registru:
(Žádné škodlivé položky nebyly zjištěny)
Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)
Infikované soubory:
(Žádné škodlivé položky nebyly zjištěny)
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Verze databáze: 4584
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18943
10.9.2010 06:31:03
mbam-log-2010-09-10 (06-31-03).txt
Typ skenu: Úplný sken (C:\|E:\|)
Skenované objekty: 301131
Uplynulý čas: 2 hodina(y), 15 minuta(y), 17 sekunda(y)
Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 2
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované složky: 0
Infikované soubory: 0
Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)
Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)
Infikované klíče registru:
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{DC1E4629-CB2E-4AC9-A533-D3795B8DB715}_is1 (Rogue.LarkAntiSpyware) -> No action taken.
Infikované hodnoty registru:
(Žádné škodlivé položky nebyly zjištěny)
Infikované datové položky registru:
(Žádné škodlivé položky nebyly zjištěny)
Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)
Infikované soubory:
(Žádné škodlivé položky nebyly zjištěny)
Re: Prosím o kontrolu Logu !
Předpokládám, že jsi to smazal.
Odinstaluj AVG.
Stahni OTC
http://oldtimer.geekstogo.com/OTC.exe
-spusť
-počítač se restartuje
-tímto programem se vyčistí tempy a zbytky po programech
-po použití ho můžeš vymazat
Stáhni na plochu ComboFix - http://download.bleepingcomputer.com/sUBs/ComboFix.exe
- Před použitím vypni všechny rezidentní bezpečnostní programy - antiviry, firewally, antispywary
-Zavři všechna aktivní okna a spusť ho pod učtem s právy administrátora
- Po spuštění se zobrazí podmínky použití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování, se vytvoří log C:\ComboFix.txt, zkopíruj celý jeho obsah sem.
Odinstaluj AVG.
Stahni OTC
http://oldtimer.geekstogo.com/OTC.exe
-spusť
-počítač se restartuje
-tímto programem se vyčistí tempy a zbytky po programech
-po použití ho můžeš vymazat
Stáhni na plochu ComboFix - http://download.bleepingcomputer.com/sUBs/ComboFix.exe
- Před použitím vypni všechny rezidentní bezpečnostní programy - antiviry, firewally, antispywary
-Zavři všechna aktivní okna a spusť ho pod učtem s právy administrátora
- Po spuštění se zobrazí podmínky použití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování, se vytvoří log C:\ComboFix.txt, zkopíruj celý jeho obsah sem.
Re: Prosím o kontrolu Logu !
ComboFix 10-09-09.04 - PC 10.09.2010 20:21:12.3.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.420.1029.18.2037.1071 [GMT 2:00]
Spuštěný z: c:\users\PC\Desktop\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\spool\prtprocs\w32x86\CNMPP3w.DLL
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-08-10 do 2010-09-10 )))))))))))))))))))))))))))))))
.
2010-09-10 18:33 . 2010-09-10 18:34 -------- d-----w- c:\users\PC\AppData\Local\temp
2010-09-10 18:33 . 2010-09-10 18:33 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-09-10 18:33 . 2010-09-10 18:33 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-09-09 20:42 . 2010-09-09 20:42 -------- d-----w- c:\users\PC\AppData\Roaming\Malwarebytes
2010-09-09 20:42 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-09 20:42 . 2010-09-10 04:31 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-09-09 20:42 . 2010-09-09 20:42 -------- d-----w- c:\programdata\Malwarebytes
2010-09-09 20:42 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-09-09 18:16 . 2010-09-09 18:16 -------- d-----w- c:\program files\trend micro
2010-09-06 18:36 . 2010-09-06 18:36 -------- d-----w- c:\users\PC\AppData\Local\Ahead
2010-09-06 18:27 . 2010-09-06 18:27 -------- d-----w- c:\program files\Nero
2010-09-06 18:27 . 2010-09-06 18:27 -------- d-----w- c:\programdata\Nero
2010-09-06 18:22 . 2010-09-06 18:22 -------- d-----w- c:\program files\AskTBar
2010-09-06 17:46 . 2010-09-08 15:53 -------- d-----w- c:\program files\JDownloader
2010-09-03 17:32 . 2006-10-26 17:56 33104 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\msonpppr.dll
2010-09-03 17:32 . 2006-10-26 17:56 32592 ----a-w- c:\windows\system32\msonpmon.dll
2010-09-03 17:28 . 2010-09-03 17:28 -------- d-----w- c:\program files\Microsoft Works
2010-09-03 17:25 . 2010-09-03 17:25 -------- d-----w- c:\windows\PCHEALTH
2010-09-03 17:21 . 2010-09-03 17:21 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2010-09-03 17:19 . 2010-09-03 17:19 -------- d-----r- C:\MSOCache
2010-09-03 16:37 . 2010-09-03 16:37 -------- d-----w- c:\programdata\FLEXnet
2010-09-03 15:21 . 2010-09-10 14:32 -------- d-----w- c:\programdata\Microsoft Help
2010-09-03 15:00 . 2010-09-03 15:00 -------- d-----w- c:\programdata\LangSoft
2010-09-03 11:24 . 2010-09-03 15:32 -------- d-----w- c:\program files\Microsoft.NET
2010-09-02 15:21 . 2010-09-04 16:53 -------- d-----w- c:\programdata\Apple Computer
2010-09-01 10:06 . 2010-09-01 10:06 -------- d-----w- c:\program files\Common Files\Skype
2010-09-01 10:06 . 2010-09-01 10:06 -------- d-----w- c:\programdata\Skype
2010-08-31 21:18 . 2010-08-31 21:18 -------- d--ha-w- c:\programdata\ToshibaEurope
2010-08-31 11:39 . 2010-08-31 11:39 -------- d-----w- c:\users\PC\AppData\Local\Eraser 6
2010-08-30 23:54 . 2010-08-30 23:54 -------- d-----w- c:\users\PC\AppData\Roaming\EMCO
2010-08-30 23:15 . 2010-08-30 23:16 -------- d-----w- c:\program files\Total Uninstall 5
2010-08-30 21:45 . 2010-08-30 21:45 -------- d-----w- c:\program files\CCleaner
2010-08-30 19:50 . 2010-08-30 19:50 -------- d-----w- c:\program files\iPod
2010-08-30 19:50 . 2010-08-30 19:51 -------- d-----w- c:\program files\iTunes
2010-08-29 17:19 . 2010-08-29 17:28 -------- d-----w- c:\program files\Safari
2010-08-29 17:17 . 2010-08-29 17:18 -------- d-----w- c:\program files\Apple
2010-08-27 20:29 . 2010-08-27 20:29 -------- d--h--r- c:\windows\system32\wgp.exe
2010-08-27 20:29 . 2010-08-27 20:29 -------- d--h--r- c:\windows\system32\CmdLineExt.dll
2010-08-27 19:56 . 2010-08-27 19:56 -------- d-----w- c:\program files\Lark Anti-Spyware
2010-08-23 16:57 . 2009-09-04 15:29 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2010-08-23 16:56 . 2010-08-29 17:14 -------- d-----w- c:\program files\Winamp
2010-08-23 16:56 . 2010-08-23 18:19 -------- d-----w- c:\users\PC\AppData\Roaming\Winamp
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-10 18:17 . 2008-10-26 14:55 -------- d-----w- c:\users\PC\AppData\Roaming\Skype
2010-09-10 18:14 . 2008-09-15 10:50 147432 ----a-w- c:\users\PC\AppData\Local\GDIPFONTCACHEV1.DAT
2010-09-10 18:06 . 2007-01-08 21:09 628204 ----a-w- c:\windows\system32\perfh005.dat
2010-09-10 18:06 . 2007-01-08 21:09 126646 ----a-w- c:\windows\system32\perfc005.dat
2010-09-10 17:39 . 2008-10-26 14:07 -------- d-----w- c:\users\PC\AppData\Roaming\ICQ
2010-09-10 15:08 . 2008-10-26 14:56 -------- d-----w- c:\users\PC\AppData\Roaming\skypePM
2010-09-06 18:32 . 2008-12-11 20:22 -------- d-----w- c:\users\PC\AppData\Roaming\Nero
2010-09-06 18:29 . 2008-12-11 19:35 -------- d-----w- c:\program files\Common Files\Nero
2010-09-04 15:03 . 2009-09-21 17:42 -------- d-----w- c:\users\PC\AppData\Roaming\vlc
2010-09-03 17:48 . 2009-02-01 10:54 -------- d-----w- c:\program files\TRANSLAT
2010-09-03 17:28 . 2006-11-02 12:37 -------- d-----w- c:\program files\MSBuild
2010-09-01 10:07 . 2009-05-15 17:08 -------- d-----r- c:\program files\Skype
2010-08-31 20:47 . 2009-04-25 10:49 -------- d-----w- c:\users\PC\AppData\Roaming\Apple Computer
2010-08-30 22:16 . 2009-04-15 12:06 12 ----a-w- c:\windows\bthservsdp.dat
2010-08-29 17:26 . 2009-12-24 14:08 -------- d-----w- c:\program files\DAEMON Tools Toolbar
2010-08-29 17:19 . 2009-10-19 20:18 -------- d-----w- c:\program files\Sony
2010-08-29 17:16 . 2010-03-30 16:53 -------- d-----w- c:\program files\NCH Software
2010-08-27 10:58 . 2008-03-19 15:28 -------- d-----w- c:\program files\Google
2010-08-26 20:15 . 2010-06-11 15:09 -------- d-----w- c:\program files\Common Files\Real
2010-08-23 12:18 . 2010-01-26 17:15 -------- d-----w- c:\program files\ICQ7.0
2010-08-17 16:20 . 2009-09-20 15:57 -------- d-----w- c:\users\PC\AppData\Roaming\dvdcss
2010-08-11 15:48 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-07-25 20:22 . 2009-09-25 20:16 -------- d-----w- c:\program files\TeamViewer
2010-07-14 22:26 . 2008-11-01 09:12 -------- d-----w- c:\users\PC\AppData\Roaming\uTorrent
2010-06-26 06:05 . 2010-08-11 15:47 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-26 06:02 . 2010-08-11 15:47 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-06-26 06:02 . 2010-08-11 15:47 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-06-26 04:25 . 2010-08-11 15:47 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-06-21 13:37 . 2010-08-11 15:47 2037760 ----a-w- c:\windows\system32\win32k.sys
2010-06-18 17:31 . 2010-08-11 15:47 36864 ----a-w- c:\windows\system32\rtutils.dll
2010-06-18 15:04 . 2010-08-11 15:46 302080 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-18 15:04 . 2010-08-11 15:46 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-06-16 16:04 . 2010-08-11 15:46 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"WindowsWelcomeCenter"="oobefldr.dll" [2009-04-11 2153472]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-05-14 26191144]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-06-24 1840424]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinGuard Pro"="nul" [X]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-04 149280]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-05 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-05 154136]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-05 129560]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-29 4911104]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-08-14 1348904]
"topi"="c:\program files\TOSHIBA\Toshiba Online Product Information\topi.exe" [2007-07-10 581632]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2008-01-17 431456]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2008-01-25 509816]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2008-01-22 712704]
"Toshiba Registration"="c:\program files\Toshiba\Registration\ToshibaRegistration.exe" [2007-05-04 571024]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-06-15 47408]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-06-15 141624]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-06-08 2221352]
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - c:\program files\TOSHIBA\TRDCReminder\TRDCReminder.exe [2007-7-27 389120]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"FirewallOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1361979577-284012002-682792221-1000]
"EnableNotificationsRef"=dword:00000001
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate1ca753daafc9fd0;Služba Google Update (gupdate1ca753daafc9fd0);c:\program files\Google\Update\GoogleUpdate.exe [2009-12-04 133104]
R3 TeamViewer5;TeamViewer 5;c:\program files\TeamViewer\Version5\TeamViewer_Service.exe [2010-07-06 173352]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2009-12-24 691696]
S1 RtlProt;Realtke RtlProt WLAN Utility Protocol Driver;c:\windows\system32\DRIVERS\rtlprot.sys [2007-04-23 25896]
S1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [2008-11-11 141312]
S2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [2007-12-25 40960]
S2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [2007-12-03 126976]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [2006-11-20 7168]
S3 RTL8187B;Síťový adaptér Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0;c:\windows\system32\DRIVERS\RTL8187B.sys [2007-12-26 290304]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Obsah adresáře 'Naplánované úlohy'
2010-09-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-04 23:58]
2010-09-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-04 23:58]
2010-09-10 c:\windows\Tasks\User_Feed_Synchronization-{E64889E6-8E50-47D7-B06E-4A07FD979A46}.job
- c:\windows\system32\msfeedssync.exe [2010-08-11 04:24]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uInternet Settings,ProxyServer = socks=
uInternet Settings,ProxyOverride = plimus.com,www.plimus.com,regnow.com,www.regnow.com,;*.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: Crawler Search - tbr:iemenu
IE: Download all by Rapidown... - c:\program files\Rapidown\rapidownGetAll.htm
IE: Download by Rapidown... - c:\program files\Rapidown\rapidownGet.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Export do &Tahiti - c:\program files\LightComp\ePapersScanDemo\iehelper.html
IE: {{76577871-04EC-495E-A12B-91F7C3600AFA} - http://www.webtip.ch/cgi-bin/toshiba/tracker_url2.pl?CZ
IE: {{8A918C1D-E123-4E36-B562-5C1519E434CE} - http://www.amazon.co.uk/exec/obidos/red ... &site=home
IE: {{0E46D7B6-887D-4F81-B4CA-FCC92AF73610} - {0E46D7B6-887D-4F81-B4CA-FCC92AF73610} -
Trusted Zone: cyberspacehq.com\linktrader
FF - ProfilePath - c:\users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\77tztn9w.default\
FF - prefs.js: browser.startup.homepage - www.seznam.cz
FF - prefs.js: keyword.URL - hxxp://www.webhledani.cz/results.aspx?i=42&tp=ab&q=
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
URLSearchHooks-855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
URLSearchHooks-CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
HKLM-Run-UnlockerAssistant - c:\program files\Unlocker\UnlockerAssistant.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-10 20:34
Windows 6.0.6002 Service Pack 2 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Celkový čas: 2010-09-10 20:38:46
ComboFix-quarantined-files.txt 2010-09-10 18:38
Před spuštěním: Volných bajtů: 34 339 598 336
Po spuštění: Volných bajtů: 35 008 749 568
- - End Of File - - 85E31A6D74E913D1C8D92CEDC71C18AF
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.420.1029.18.2037.1071 [GMT 2:00]
Spuštěný z: c:\users\PC\Desktop\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\spool\prtprocs\w32x86\CNMPP3w.DLL
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-08-10 do 2010-09-10 )))))))))))))))))))))))))))))))
.
2010-09-10 18:33 . 2010-09-10 18:34 -------- d-----w- c:\users\PC\AppData\Local\temp
2010-09-10 18:33 . 2010-09-10 18:33 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-09-10 18:33 . 2010-09-10 18:33 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-09-09 20:42 . 2010-09-09 20:42 -------- d-----w- c:\users\PC\AppData\Roaming\Malwarebytes
2010-09-09 20:42 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-09 20:42 . 2010-09-10 04:31 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-09-09 20:42 . 2010-09-09 20:42 -------- d-----w- c:\programdata\Malwarebytes
2010-09-09 20:42 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-09-09 18:16 . 2010-09-09 18:16 -------- d-----w- c:\program files\trend micro
2010-09-06 18:36 . 2010-09-06 18:36 -------- d-----w- c:\users\PC\AppData\Local\Ahead
2010-09-06 18:27 . 2010-09-06 18:27 -------- d-----w- c:\program files\Nero
2010-09-06 18:27 . 2010-09-06 18:27 -------- d-----w- c:\programdata\Nero
2010-09-06 18:22 . 2010-09-06 18:22 -------- d-----w- c:\program files\AskTBar
2010-09-06 17:46 . 2010-09-08 15:53 -------- d-----w- c:\program files\JDownloader
2010-09-03 17:32 . 2006-10-26 17:56 33104 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\msonpppr.dll
2010-09-03 17:32 . 2006-10-26 17:56 32592 ----a-w- c:\windows\system32\msonpmon.dll
2010-09-03 17:28 . 2010-09-03 17:28 -------- d-----w- c:\program files\Microsoft Works
2010-09-03 17:25 . 2010-09-03 17:25 -------- d-----w- c:\windows\PCHEALTH
2010-09-03 17:21 . 2010-09-03 17:21 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2010-09-03 17:19 . 2010-09-03 17:19 -------- d-----r- C:\MSOCache
2010-09-03 16:37 . 2010-09-03 16:37 -------- d-----w- c:\programdata\FLEXnet
2010-09-03 15:21 . 2010-09-10 14:32 -------- d-----w- c:\programdata\Microsoft Help
2010-09-03 15:00 . 2010-09-03 15:00 -------- d-----w- c:\programdata\LangSoft
2010-09-03 11:24 . 2010-09-03 15:32 -------- d-----w- c:\program files\Microsoft.NET
2010-09-02 15:21 . 2010-09-04 16:53 -------- d-----w- c:\programdata\Apple Computer
2010-09-01 10:06 . 2010-09-01 10:06 -------- d-----w- c:\program files\Common Files\Skype
2010-09-01 10:06 . 2010-09-01 10:06 -------- d-----w- c:\programdata\Skype
2010-08-31 21:18 . 2010-08-31 21:18 -------- d--ha-w- c:\programdata\ToshibaEurope
2010-08-31 11:39 . 2010-08-31 11:39 -------- d-----w- c:\users\PC\AppData\Local\Eraser 6
2010-08-30 23:54 . 2010-08-30 23:54 -------- d-----w- c:\users\PC\AppData\Roaming\EMCO
2010-08-30 23:15 . 2010-08-30 23:16 -------- d-----w- c:\program files\Total Uninstall 5
2010-08-30 21:45 . 2010-08-30 21:45 -------- d-----w- c:\program files\CCleaner
2010-08-30 19:50 . 2010-08-30 19:50 -------- d-----w- c:\program files\iPod
2010-08-30 19:50 . 2010-08-30 19:51 -------- d-----w- c:\program files\iTunes
2010-08-29 17:19 . 2010-08-29 17:28 -------- d-----w- c:\program files\Safari
2010-08-29 17:17 . 2010-08-29 17:18 -------- d-----w- c:\program files\Apple
2010-08-27 20:29 . 2010-08-27 20:29 -------- d--h--r- c:\windows\system32\wgp.exe
2010-08-27 20:29 . 2010-08-27 20:29 -------- d--h--r- c:\windows\system32\CmdLineExt.dll
2010-08-27 19:56 . 2010-08-27 19:56 -------- d-----w- c:\program files\Lark Anti-Spyware
2010-08-23 16:57 . 2009-09-04 15:29 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2010-08-23 16:56 . 2010-08-29 17:14 -------- d-----w- c:\program files\Winamp
2010-08-23 16:56 . 2010-08-23 18:19 -------- d-----w- c:\users\PC\AppData\Roaming\Winamp
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-10 18:17 . 2008-10-26 14:55 -------- d-----w- c:\users\PC\AppData\Roaming\Skype
2010-09-10 18:14 . 2008-09-15 10:50 147432 ----a-w- c:\users\PC\AppData\Local\GDIPFONTCACHEV1.DAT
2010-09-10 18:06 . 2007-01-08 21:09 628204 ----a-w- c:\windows\system32\perfh005.dat
2010-09-10 18:06 . 2007-01-08 21:09 126646 ----a-w- c:\windows\system32\perfc005.dat
2010-09-10 17:39 . 2008-10-26 14:07 -------- d-----w- c:\users\PC\AppData\Roaming\ICQ
2010-09-10 15:08 . 2008-10-26 14:56 -------- d-----w- c:\users\PC\AppData\Roaming\skypePM
2010-09-06 18:32 . 2008-12-11 20:22 -------- d-----w- c:\users\PC\AppData\Roaming\Nero
2010-09-06 18:29 . 2008-12-11 19:35 -------- d-----w- c:\program files\Common Files\Nero
2010-09-04 15:03 . 2009-09-21 17:42 -------- d-----w- c:\users\PC\AppData\Roaming\vlc
2010-09-03 17:48 . 2009-02-01 10:54 -------- d-----w- c:\program files\TRANSLAT
2010-09-03 17:28 . 2006-11-02 12:37 -------- d-----w- c:\program files\MSBuild
2010-09-01 10:07 . 2009-05-15 17:08 -------- d-----r- c:\program files\Skype
2010-08-31 20:47 . 2009-04-25 10:49 -------- d-----w- c:\users\PC\AppData\Roaming\Apple Computer
2010-08-30 22:16 . 2009-04-15 12:06 12 ----a-w- c:\windows\bthservsdp.dat
2010-08-29 17:26 . 2009-12-24 14:08 -------- d-----w- c:\program files\DAEMON Tools Toolbar
2010-08-29 17:19 . 2009-10-19 20:18 -------- d-----w- c:\program files\Sony
2010-08-29 17:16 . 2010-03-30 16:53 -------- d-----w- c:\program files\NCH Software
2010-08-27 10:58 . 2008-03-19 15:28 -------- d-----w- c:\program files\Google
2010-08-26 20:15 . 2010-06-11 15:09 -------- d-----w- c:\program files\Common Files\Real
2010-08-23 12:18 . 2010-01-26 17:15 -------- d-----w- c:\program files\ICQ7.0
2010-08-17 16:20 . 2009-09-20 15:57 -------- d-----w- c:\users\PC\AppData\Roaming\dvdcss
2010-08-11 15:48 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-07-25 20:22 . 2009-09-25 20:16 -------- d-----w- c:\program files\TeamViewer
2010-07-14 22:26 . 2008-11-01 09:12 -------- d-----w- c:\users\PC\AppData\Roaming\uTorrent
2010-06-26 06:05 . 2010-08-11 15:47 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-26 06:02 . 2010-08-11 15:47 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-06-26 06:02 . 2010-08-11 15:47 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-06-26 04:25 . 2010-08-11 15:47 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-06-21 13:37 . 2010-08-11 15:47 2037760 ----a-w- c:\windows\system32\win32k.sys
2010-06-18 17:31 . 2010-08-11 15:47 36864 ----a-w- c:\windows\system32\rtutils.dll
2010-06-18 15:04 . 2010-08-11 15:46 302080 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-18 15:04 . 2010-08-11 15:46 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-06-16 16:04 . 2010-08-11 15:46 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"WindowsWelcomeCenter"="oobefldr.dll" [2009-04-11 2153472]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-05-14 26191144]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-06-24 1840424]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinGuard Pro"="nul" [X]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-04 149280]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-05 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-05 154136]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-05 129560]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-29 4911104]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-08-14 1348904]
"topi"="c:\program files\TOSHIBA\Toshiba Online Product Information\topi.exe" [2007-07-10 581632]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2008-01-17 431456]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2008-01-25 509816]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2008-01-22 712704]
"Toshiba Registration"="c:\program files\Toshiba\Registration\ToshibaRegistration.exe" [2007-05-04 571024]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-06-15 47408]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-06-15 141624]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-06-08 2221352]
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - c:\program files\TOSHIBA\TRDCReminder\TRDCReminder.exe [2007-7-27 389120]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"FirewallOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1361979577-284012002-682792221-1000]
"EnableNotificationsRef"=dword:00000001
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate1ca753daafc9fd0;Služba Google Update (gupdate1ca753daafc9fd0);c:\program files\Google\Update\GoogleUpdate.exe [2009-12-04 133104]
R3 TeamViewer5;TeamViewer 5;c:\program files\TeamViewer\Version5\TeamViewer_Service.exe [2010-07-06 173352]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2009-12-24 691696]
S1 RtlProt;Realtke RtlProt WLAN Utility Protocol Driver;c:\windows\system32\DRIVERS\rtlprot.sys [2007-04-23 25896]
S1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [2008-11-11 141312]
S2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [2007-12-25 40960]
S2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [2007-12-03 126976]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [2006-11-20 7168]
S3 RTL8187B;Síťový adaptér Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0;c:\windows\system32\DRIVERS\RTL8187B.sys [2007-12-26 290304]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Obsah adresáře 'Naplánované úlohy'
2010-09-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-04 23:58]
2010-09-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-04 23:58]
2010-09-10 c:\windows\Tasks\User_Feed_Synchronization-{E64889E6-8E50-47D7-B06E-4A07FD979A46}.job
- c:\windows\system32\msfeedssync.exe [2010-08-11 04:24]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uInternet Settings,ProxyServer = socks=
uInternet Settings,ProxyOverride = plimus.com,www.plimus.com,regnow.com,www.regnow.com,;*.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: Crawler Search - tbr:iemenu
IE: Download all by Rapidown... - c:\program files\Rapidown\rapidownGetAll.htm
IE: Download by Rapidown... - c:\program files\Rapidown\rapidownGet.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Export do &Tahiti - c:\program files\LightComp\ePapersScanDemo\iehelper.html
IE: {{76577871-04EC-495E-A12B-91F7C3600AFA} - http://www.webtip.ch/cgi-bin/toshiba/tracker_url2.pl?CZ
IE: {{8A918C1D-E123-4E36-B562-5C1519E434CE} - http://www.amazon.co.uk/exec/obidos/red ... &site=home
IE: {{0E46D7B6-887D-4F81-B4CA-FCC92AF73610} - {0E46D7B6-887D-4F81-B4CA-FCC92AF73610} -
Trusted Zone: cyberspacehq.com\linktrader
FF - ProfilePath - c:\users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\77tztn9w.default\
FF - prefs.js: browser.startup.homepage - www.seznam.cz
FF - prefs.js: keyword.URL - hxxp://www.webhledani.cz/results.aspx?i=42&tp=ab&q=
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
URLSearchHooks-855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
URLSearchHooks-CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
HKLM-Run-UnlockerAssistant - c:\program files\Unlocker\UnlockerAssistant.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-10 20:34
Windows 6.0.6002 Service Pack 2 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Celkový čas: 2010-09-10 20:38:46
ComboFix-quarantined-files.txt 2010-09-10 18:38
Před spuštěním: Volných bajtů: 34 339 598 336
Po spuštění: Volných bajtů: 35 008 749 568
- - End Of File - - 85E31A6D74E913D1C8D92CEDC71C18AF
Re: Prosím o kontrolu Logu !
Combofix přesuň na plochu
-otevři si Poznámkový blok
-Do něj zkopíruj text z tohoto okénka
-vytvořený TXT soubor ulož jako CFScript.txt na plochu a levým myšítkem přesuň nad ikonu Combofixu, kde ho upustíš
-Po proběhnutí skenu a ukončení combofixu by se měl objevit log, vlož ho zde.
Upozornění : Může se stát, že po aplikaci skriptu a restartu počítače Windows nenaběhnou, pak znovu restartuj počítač, mačkej F8 a pak zvol poslední známou funkční konfiguraci.
-otevři si Poznámkový blok
-Do něj zkopíruj text z tohoto okénka
Kód: Vybrat vše
Folder::
c:\program files\AskTBar
c:\program files\DAEMON Tools Toolbar
registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinGuard Pro"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"FirewallOverride"=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1361979577-284012002-682792221-1000]
"EnableNotificationsRef"=dword:00000000
-vytvořený TXT soubor ulož jako CFScript.txt na plochu a levým myšítkem přesuň nad ikonu Combofixu, kde ho upustíš
-Po proběhnutí skenu a ukončení combofixu by se měl objevit log, vlož ho zde.
Upozornění : Může se stát, že po aplikaci skriptu a restartu počítače Windows nenaběhnou, pak znovu restartuj počítač, mačkej F8 a pak zvol poslední známou funkční konfiguraci.
Kdo je online
Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 83 hostů