Ahoj, mamina má notebook, který při spuštění normálního režimu windows se seká hned od startu. V nouzovém režimu je to zdá se OK. Přikládám log z HJT, ovšem byl dělán v nouzovém režimu a vyhodil dvě chyby.
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:50:55, on 24.2.2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\F-Secure\common\FSM32.EXE
C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\TVAgent.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\Alice Shy\Downloads\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... on&pf=cnnb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... on&pf=cnnb
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... on&pf=cnnb
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)
R3 - URLSearchHook: (no name) - {cd90bf73-20f6-44ef-993d-bb920303bd2e} - (no file)
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: DigitalPersona Personal Extension - {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files (x86)\DigitalPersona\Bin\DpOtsPluginIe8.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Pomocná služba pro přihlášení ke službě Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [HPCam_Menu] "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam" UpdateWithCreateOnce "Software\Hewlett-Packard\Media\Webcam"
O4 - HKLM\..\Run: [UpdatePRCShortCut] "C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Recovery" UpdateWithCreateOnce "Software\CyberLink\PowerRecover"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files (x86)\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files (x86)\F-Secure\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Odeslat obrázek do zařízení &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Odeslat stránku do zařízení &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O8 - Extra context menu item: Search the Web - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\menuext.html
O8 - Extra context menu item: WikiKomentáře Google... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: Odeslat do zařízení Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Odeslat do zařízení &Bluetooth... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: @C:\Program Files (x86)\DigitalPersona\Bin\DpHostW.exe,-128 (DpHost) - DigitalPersona, Inc. - C:\Program Files (x86)\DigitalPersona\Bin\DpHostW.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - Unknown owner - C:\Program Files (x86)\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: Služba F-Secure Network Request Broker (F-Secure Network Request Broker) - F-Secure Corporation - C:\Program Files (x86)\F-Secure\Common\FNRB32.EXE
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files (x86)\F-Secure\Common\FSMA32.EXE
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\STacSV64.exe
O23 - Service: TV Background Capture Service (TVBCS) (TVCapSvc) - Unknown owner - c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\Kernel\TV\TVCapSvc.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Validity VCS Fingerprint Service (vcsFPService) - Validity Sensors, Inc. - C:\Windows\system32\vcsFPService.exe
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 12232 bytes
kontrola HJT firemního notebooku
kontrola HJT firemního notebooku
AMD Phenom II 955 BE, CM hyper 212 plus; Gigabyte MA770-T-UD3P; 2x2GB RAM Kingstone Hyper X DDR3 1600MHz; nVIDIA GeForce GT730
- Žbeky
- Moderátor
-
Guru Level 13
- Příspěvky: 22288
- Registrován: květen 08
- Bydliště: Vsetín - Pardubice
- Pohlaví:
- Stav:
Offline
Re: kontrola HJT firemního notebooku
Jaké chyby?
Fixni:
Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
- Pokud používáš Firefox, klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
- Pokud používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected.
- Pokud používáš Chrome, nic dalšího nevybírej a dej Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.
Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Update Malwarebytes' Anti-Malware (Aktualizace Malwarebytes' Anti-Malware) a Launch Malwarebytes' Anti-Malware (Spustit aplikaci Malwarebytes' Anti-Malware), pokud jo tak klikni na tlačítko Finish
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Perform Quick Scan (Provést rychlý sken) a klikni na tlačítko Scan (Skenovat)
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- pak zvol možnost Save Logfile a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(ZATÍM SÁM NIC NEMAŽ!).
Vlož sem pak obsah toho logu.
Fixni:
Kód: Vybrat vše
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... on&pf=cnnb
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... on&pf=cnnb
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... on&pf=cnnb
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)
R3 - URLSearchHook: (no name) - {cd90bf73-20f6-44ef-993d-bb920303bd2e} - (no file)
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
- Pokud používáš Firefox, klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
- Pokud používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected.
- Pokud používáš Chrome, nic dalšího nevybírej a dej Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.
Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Update Malwarebytes' Anti-Malware (Aktualizace Malwarebytes' Anti-Malware) a Launch Malwarebytes' Anti-Malware (Spustit aplikaci Malwarebytes' Anti-Malware), pokud jo tak klikni na tlačítko Finish
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Perform Quick Scan (Provést rychlý sken) a klikni na tlačítko Scan (Skenovat)
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- pak zvol možnost Save Logfile a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(ZATÍM SÁM NIC NEMAŽ!).
Vlož sem pak obsah toho logu.
V SZ řeším jen záležitosti týkající se fóra. Na prosby a žádosti o technickou podporu nereaguji. Díky za pochopení.
HiJackThis + návod - HW Monitor - Jak označit příspěvek za vyřešený - Pravidla fóra
HiJackThis + návod - HW Monitor - Jak označit příspěvek za vyřešený - Pravidla fóra
Re: kontrola HJT firemního notebooku
Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org
Verze databáze: v2012.02.24.01
Windows 7 Service Pack 1 x64 NTFS (Safe Mode s podporou sítě)
Internet Explorer 8.0.7601.17514
Alice Shy :: USER-PC [administrátor]
24.2.2012 15:24:05
mbam-log-2012-02-24 (15-24-05).txt
Typ: Rychlá kontrola
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 186719
Uplynulý čas: 4 minut, 12 sekund
Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené klíče v registru: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené hodnoty v registru: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené datové položky v registru: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené složky: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené soubory: 0
(Žádné škodlivé položky nebyly zjištěny)
(konec)
Problém stále přetrvává.
www.malwarebytes.org
Verze databáze: v2012.02.24.01
Windows 7 Service Pack 1 x64 NTFS (Safe Mode s podporou sítě)
Internet Explorer 8.0.7601.17514
Alice Shy :: USER-PC [administrátor]
24.2.2012 15:24:05
mbam-log-2012-02-24 (15-24-05).txt
Typ: Rychlá kontrola
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 186719
Uplynulý čas: 4 minut, 12 sekund
Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené klíče v registru: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené hodnoty v registru: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené datové položky v registru: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené složky: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené soubory: 0
(Žádné škodlivé položky nebyly zjištěny)
(konec)
Problém stále přetrvává.
AMD Phenom II 955 BE, CM hyper 212 plus; Gigabyte MA770-T-UD3P; 2x2GB RAM Kingstone Hyper X DDR3 1600MHz; nVIDIA GeForce GT730
- Žbeky
- Moderátor
-
Guru Level 13
- Příspěvky: 22288
- Registrován: květen 08
- Bydliště: Vsetín - Pardubice
- Pohlaví:
- Stav:
Offline
Re: kontrola HJT firemního notebooku
Do CF na firemním ntb se mi moc nechce. Stává se to opravdu jen jednou za 10 let, ale s naším štěstím se něco podělá zrovna tady.
Buď to dej firemnímu technikovi nebo udělej CF, děláš to ale na své vlastní triko.
Vypni rezidentní štít antiviru a antispywaru
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Pokud bude po kontrole problém spustit aplikace nebo bude vyskakovat hláška o pokusu použít neplatnou operaci na klíč registru, který je označen pro odstranění, stačí restartovat počítač.
Buď to dej firemnímu technikovi nebo udělej CF, děláš to ale na své vlastní triko.
Vypni rezidentní štít antiviru a antispywaru
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Pokud bude po kontrole problém spustit aplikace nebo bude vyskakovat hláška o pokusu použít neplatnou operaci na klíč registru, který je označen pro odstranění, stačí restartovat počítač.
V SZ řeším jen záležitosti týkající se fóra. Na prosby a žádosti o technickou podporu nereaguji. Díky za pochopení.
HiJackThis + návod - HW Monitor - Jak označit příspěvek za vyřešený - Pravidla fóra
HiJackThis + návod - HW Monitor - Jak označit příspěvek za vyřešený - Pravidla fóra
Re: kontrola HJT firemního notebooku
ComboFix 12-02-24.02 - Alice Shy 24.02.2012 17:21:51.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.4092.2836 [GMT 1:00]
Spuštěný z: F:\ComboFix.exe
AV: F-Secure Anti-Virus for Workstations 9.01 *Disabled/Updated* {15414183-282E-D62C-CA37-EF24860A2F17}
SP: F-Secure Anti-Virus for Workstations 9.01 *Disabled/Updated* {AE20A067-0E14-D9A2-F087-D456FD8D65AA}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\SysWow64\muzapp.exe
c:\windows\SysWow64\system32
c:\windows\SysWow64\system32\3DAudio.ax
c:\windows\SysWow64\system32\avrt.dll
c:\windows\SysWow64\system32\cis-2.4.dll
c:\windows\SysWow64\system32\issacapi_bs-2.3.dll
c:\windows\SysWow64\system32\issacapi_pe-2.3.dll
c:\windows\SysWow64\system32\issacapi_se-2.3.dll
c:\windows\SysWow64\system32\MACXMLProto.dll
c:\windows\SysWow64\system32\MaDRM.dll
c:\windows\SysWow64\system32\MaJGUILib.dll
c:\windows\SysWow64\system32\MAMACExtract.dll
c:\windows\SysWow64\system32\MASetupCleaner.exe
c:\windows\SysWow64\system32\MaXMLProto.dll
c:\windows\SysWow64\system32\mfplat.dll
c:\windows\SysWow64\system32\MK_Lyric.dll
c:\windows\SysWow64\system32\MSCLib.dll
c:\windows\SysWow64\system32\MSFLib.dll
c:\windows\SysWow64\system32\MSLUR71.dll
c:\windows\SysWow64\system32\msvcp60.dll
c:\windows\SysWow64\system32\MTTELECHIP.dll
c:\windows\SysWow64\system32\MTXSYNCICON.dll
c:\windows\SysWow64\system32\muzaf1.dll
c:\windows\SysWow64\system32\muzapp.dll
c:\windows\SysWow64\system32\muzapp.exe
c:\windows\SysWow64\system32\muzdecode.ax
c:\windows\SysWow64\system32\muzeffect.ax
c:\windows\SysWow64\system32\muzmp4sp.ax
c:\windows\SysWow64\system32\muzmpgsp.ax
c:\windows\SysWow64\system32\muzoggsp.ax
c:\windows\SysWow64\system32\muzwmts.dll
c:\windows\SysWow64\system32\psapi.dll
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-01-24 do 2012-02-24 )))))))))))))))))))))))))))))))
.
.
2012-02-24 16:37 . 2012-02-24 16:37 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-02-24 13:42 . 2012-02-24 13:42 -------- d-----w- c:\users\Alice Shy\AppData\Roaming\Malwarebytes
2012-02-24 13:42 . 2012-02-24 13:42 -------- d-----w- c:\programdata\Malwarebytes
2012-02-24 13:42 . 2012-02-24 13:42 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-02-24 13:42 . 2011-12-10 14:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-24 09:37 . 2012-02-24 09:37 -------- d-----w- C:\b9805ad3dbe23fe7943a
2012-02-22 07:32 . 2012-02-22 07:32 -------- d-----w- C:\597fc85747b80d72ac5b
2012-02-17 15:35 . 2012-01-04 10:44 509952 ----a-w- c:\windows\system32\ntshrui.dll
2012-02-17 15:35 . 2012-01-04 08:58 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll
2012-02-17 15:33 . 2012-01-14 04:06 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-02-17 15:33 . 2011-12-16 08:46 634880 ----a-w- c:\windows\system32\msvcrt.dll
2012-02-17 15:33 . 2011-12-16 07:52 690688 ----a-w- c:\windows\SysWow64\msvcrt.dll
2012-02-17 15:33 . 2011-12-30 06:26 515584 ----a-w- c:\windows\system32\timedate.cpl
2012-02-17 15:33 . 2011-12-30 05:27 478720 ----a-w- c:\windows\SysWow64\timedate.cpl
2012-02-17 15:33 . 2011-12-28 03:59 498688 ----a-w- c:\windows\system32\drivers\afd.sys
2012-02-15 17:58 . 2012-02-15 17:58 -------- d-----w- c:\users\Alice Shy\AppData\Local\Solid State Networks
2012-01-29 11:27 . 2012-01-29 11:27 -------- d-----w- c:\users\Alice Shy\AppData\Roaming\COWON
2012-01-29 11:25 . 2012-01-29 11:25 -------- d-----w- c:\program files (x86)\Common Files\COWON
2012-01-29 11:24 . 2012-01-29 11:26 -------- d-----w- c:\program files (x86)\JetAudio
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-18 13:01 . 2011-05-27 18:52 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-02 98304]
"HPCam_Menu"="c:\program files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" [2009-02-25 218408]
"UpdatePRCShortCut"="c:\program files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"WirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-07-23 498744]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"F-Secure Manager"="c:\program files (x86)\F-Secure\Common\FSM32.EXE" [2010-05-31 301744]
"F-Secure TNB"="c:\program files (x86)\F-Secure\FSGUI\TNBUtil.exe" [2010-05-31 1653424]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-7-1 1079584]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"WallpaperStyle"= 2
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 gupdate;Služba Google Update (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-29 135664]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-06-21 85560]
R3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-05-05 228408]
R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [x]
R3 gupdatem;Služba Google Update (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-29 135664]
R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 TFsExDisk;TFsExDisk;c:\windows\System32\Drivers\TFsExDisk.sys [2011-01-20 16392]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 fsvista;F-Secure Vista Support Driver;c:\program files (x86)\F-Secure\Anti-Virus\minifilter\fsvista.sys [2010-05-31 14904]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe [2009-03-02 89600]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x]
S2 TVCapSvc;TV Background Capture Service (TVBCS);c:\program files (x86)\Hewlett-Packard\Media\Live TV\Kernel\TV\TVCapSvc.exe [2009-07-24 275840]
S2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe [2009-07-12 1924400]
S3 AVerAF15;HP DVB-T TV Tuner;c:\windows\system32\Drivers\AVerAF15.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [x]
S3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files (x86)\F-Secure\Anti-Virus\minifilter\fsgk.sys [2011-09-08 198808]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-06-17 11:11 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2012-02-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-29 19:22]
.
2012-02-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-29 19:22]
.
2012-02-06 c:\windows\Tasks\HPCeeScheduleForAlice Shy.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2009-10-07 03:22]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"combofix"="c:\combofix\CF18808.3XE" [2010-11-20 345088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.cz/
mLocal Page = c:\windows\SYSTEM32\blank.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: Odeslat obrázek do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odeslat stránku do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: Search the Web - c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\menuext.html
IE: WikiKomentáře Google... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.10.1
FF - ProfilePath - c:\users\Alice Shy\AppData\Roaming\Mozilla\Firefox\Profiles\1ag1t18x.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://home.sweetim.com
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
WebBrowser-{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - (no file)
WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
WebBrowser-{CD90BF73-20F6-44EF-993D-BB920303BD2E} - (no file)
WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-CodInstl - c:\windows\system32\CDUninst.isu
AddRemove-{CA43FE4F-9FF2-4AD7-88F0-CC3BAC17B226} - c:\program files (x86)\InstallShield Installation Information\{CA43FE4F-9FF2-4AD7-88F0-CC3BAC17B226}\setup.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\DigitalPersona\Bin\DpHostW.exe
c:\program files (x86)\F-Secure\Common\FSMA32.EXE
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files (x86)\F-Secure\Common\FSHDLL32.EXE
c:\program files (x86)\CyberLink\Shared files\RichVideo.exe
c:\program files (x86)\F-Secure\Common\FNRB32.EXE
c:\program files (x86)\F-Secure\Common\FIH32.EXE
c:\program files (x86)\Hewlett-Packard\Media\Live TV\TVAgent.exe
c:\program files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
c:\program files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
.
**************************************************************************
.
Celkový čas: 2012-02-24 17:56:54 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-02-24 16:56
.
Před spuštěním: Volných bajtů: 428 825 083 904
Po spuštění: Volných bajtů: 429 125 730 304
.
- - End Of File - - 123AA8182FA8E7FDF4B5C4105531D8E3
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.4092.2836 [GMT 1:00]
Spuštěný z: F:\ComboFix.exe
AV: F-Secure Anti-Virus for Workstations 9.01 *Disabled/Updated* {15414183-282E-D62C-CA37-EF24860A2F17}
SP: F-Secure Anti-Virus for Workstations 9.01 *Disabled/Updated* {AE20A067-0E14-D9A2-F087-D456FD8D65AA}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\SysWow64\muzapp.exe
c:\windows\SysWow64\system32
c:\windows\SysWow64\system32\3DAudio.ax
c:\windows\SysWow64\system32\avrt.dll
c:\windows\SysWow64\system32\cis-2.4.dll
c:\windows\SysWow64\system32\issacapi_bs-2.3.dll
c:\windows\SysWow64\system32\issacapi_pe-2.3.dll
c:\windows\SysWow64\system32\issacapi_se-2.3.dll
c:\windows\SysWow64\system32\MACXMLProto.dll
c:\windows\SysWow64\system32\MaDRM.dll
c:\windows\SysWow64\system32\MaJGUILib.dll
c:\windows\SysWow64\system32\MAMACExtract.dll
c:\windows\SysWow64\system32\MASetupCleaner.exe
c:\windows\SysWow64\system32\MaXMLProto.dll
c:\windows\SysWow64\system32\mfplat.dll
c:\windows\SysWow64\system32\MK_Lyric.dll
c:\windows\SysWow64\system32\MSCLib.dll
c:\windows\SysWow64\system32\MSFLib.dll
c:\windows\SysWow64\system32\MSLUR71.dll
c:\windows\SysWow64\system32\msvcp60.dll
c:\windows\SysWow64\system32\MTTELECHIP.dll
c:\windows\SysWow64\system32\MTXSYNCICON.dll
c:\windows\SysWow64\system32\muzaf1.dll
c:\windows\SysWow64\system32\muzapp.dll
c:\windows\SysWow64\system32\muzapp.exe
c:\windows\SysWow64\system32\muzdecode.ax
c:\windows\SysWow64\system32\muzeffect.ax
c:\windows\SysWow64\system32\muzmp4sp.ax
c:\windows\SysWow64\system32\muzmpgsp.ax
c:\windows\SysWow64\system32\muzoggsp.ax
c:\windows\SysWow64\system32\muzwmts.dll
c:\windows\SysWow64\system32\psapi.dll
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-01-24 do 2012-02-24 )))))))))))))))))))))))))))))))
.
.
2012-02-24 16:37 . 2012-02-24 16:37 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-02-24 13:42 . 2012-02-24 13:42 -------- d-----w- c:\users\Alice Shy\AppData\Roaming\Malwarebytes
2012-02-24 13:42 . 2012-02-24 13:42 -------- d-----w- c:\programdata\Malwarebytes
2012-02-24 13:42 . 2012-02-24 13:42 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-02-24 13:42 . 2011-12-10 14:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-24 09:37 . 2012-02-24 09:37 -------- d-----w- C:\b9805ad3dbe23fe7943a
2012-02-22 07:32 . 2012-02-22 07:32 -------- d-----w- C:\597fc85747b80d72ac5b
2012-02-17 15:35 . 2012-01-04 10:44 509952 ----a-w- c:\windows\system32\ntshrui.dll
2012-02-17 15:35 . 2012-01-04 08:58 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll
2012-02-17 15:33 . 2012-01-14 04:06 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-02-17 15:33 . 2011-12-16 08:46 634880 ----a-w- c:\windows\system32\msvcrt.dll
2012-02-17 15:33 . 2011-12-16 07:52 690688 ----a-w- c:\windows\SysWow64\msvcrt.dll
2012-02-17 15:33 . 2011-12-30 06:26 515584 ----a-w- c:\windows\system32\timedate.cpl
2012-02-17 15:33 . 2011-12-30 05:27 478720 ----a-w- c:\windows\SysWow64\timedate.cpl
2012-02-17 15:33 . 2011-12-28 03:59 498688 ----a-w- c:\windows\system32\drivers\afd.sys
2012-02-15 17:58 . 2012-02-15 17:58 -------- d-----w- c:\users\Alice Shy\AppData\Local\Solid State Networks
2012-01-29 11:27 . 2012-01-29 11:27 -------- d-----w- c:\users\Alice Shy\AppData\Roaming\COWON
2012-01-29 11:25 . 2012-01-29 11:25 -------- d-----w- c:\program files (x86)\Common Files\COWON
2012-01-29 11:24 . 2012-01-29 11:26 -------- d-----w- c:\program files (x86)\JetAudio
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-18 13:01 . 2011-05-27 18:52 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-02 98304]
"HPCam_Menu"="c:\program files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" [2009-02-25 218408]
"UpdatePRCShortCut"="c:\program files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"WirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-07-23 498744]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"F-Secure Manager"="c:\program files (x86)\F-Secure\Common\FSM32.EXE" [2010-05-31 301744]
"F-Secure TNB"="c:\program files (x86)\F-Secure\FSGUI\TNBUtil.exe" [2010-05-31 1653424]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-7-1 1079584]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"WallpaperStyle"= 2
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 gupdate;Služba Google Update (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-29 135664]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-06-21 85560]
R3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-05-05 228408]
R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [x]
R3 gupdatem;Služba Google Update (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-29 135664]
R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 TFsExDisk;TFsExDisk;c:\windows\System32\Drivers\TFsExDisk.sys [2011-01-20 16392]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 fsvista;F-Secure Vista Support Driver;c:\program files (x86)\F-Secure\Anti-Virus\minifilter\fsvista.sys [2010-05-31 14904]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe [2009-03-02 89600]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x]
S2 TVCapSvc;TV Background Capture Service (TVBCS);c:\program files (x86)\Hewlett-Packard\Media\Live TV\Kernel\TV\TVCapSvc.exe [2009-07-24 275840]
S2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe [2009-07-12 1924400]
S3 AVerAF15;HP DVB-T TV Tuner;c:\windows\system32\Drivers\AVerAF15.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [x]
S3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files (x86)\F-Secure\Anti-Virus\minifilter\fsgk.sys [2011-09-08 198808]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-06-17 11:11 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2012-02-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-29 19:22]
.
2012-02-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-29 19:22]
.
2012-02-06 c:\windows\Tasks\HPCeeScheduleForAlice Shy.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2009-10-07 03:22]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"combofix"="c:\combofix\CF18808.3XE" [2010-11-20 345088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.cz/
mLocal Page = c:\windows\SYSTEM32\blank.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: Odeslat obrázek do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odeslat stránku do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: Search the Web - c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\menuext.html
IE: WikiKomentáře Google... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.10.1
FF - ProfilePath - c:\users\Alice Shy\AppData\Roaming\Mozilla\Firefox\Profiles\1ag1t18x.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://home.sweetim.com
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
WebBrowser-{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - (no file)
WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
WebBrowser-{CD90BF73-20F6-44EF-993D-BB920303BD2E} - (no file)
WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-CodInstl - c:\windows\system32\CDUninst.isu
AddRemove-{CA43FE4F-9FF2-4AD7-88F0-CC3BAC17B226} - c:\program files (x86)\InstallShield Installation Information\{CA43FE4F-9FF2-4AD7-88F0-CC3BAC17B226}\setup.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\DigitalPersona\Bin\DpHostW.exe
c:\program files (x86)\F-Secure\Common\FSMA32.EXE
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files (x86)\F-Secure\Common\FSHDLL32.EXE
c:\program files (x86)\CyberLink\Shared files\RichVideo.exe
c:\program files (x86)\F-Secure\Common\FNRB32.EXE
c:\program files (x86)\F-Secure\Common\FIH32.EXE
c:\program files (x86)\Hewlett-Packard\Media\Live TV\TVAgent.exe
c:\program files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
c:\program files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
.
**************************************************************************
.
Celkový čas: 2012-02-24 17:56:54 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-02-24 16:56
.
Před spuštěním: Volných bajtů: 428 825 083 904
Po spuštění: Volných bajtů: 429 125 730 304
.
- - End Of File - - 123AA8182FA8E7FDF4B5C4105531D8E3
AMD Phenom II 955 BE, CM hyper 212 plus; Gigabyte MA770-T-UD3P; 2x2GB RAM Kingstone Hyper X DDR3 1600MHz; nVIDIA GeForce GT730
- Žbeky
- Moderátor
-
Guru Level 13
- Příspěvky: 22288
- Registrován: květen 08
- Bydliště: Vsetín - Pardubice
- Pohlaví:
- Stav:
Offline
Re: kontrola HJT firemního notebooku
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE
Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE
Kód: Vybrat vše
KillAll::
DirLook::
C:\b9805ad3dbe23fe7943a
C:\597fc85747b80d72ac5b
Folder::
c:\program files (x86)\McAfee Security Scan
File::
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
Driver::
McComponentHostService
Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"combofix"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=-
DDS::
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SYSTEM32\blank.htm
Firefox::
FF - ProfilePath - c:\users\Alice Shy\AppData\Roaming\Mozilla\Firefox\Profiles\1ag1t18x.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.startup.homepage - hxxp://home.sweetim.com
RegLock::
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
RegNull::
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu
V SZ řeším jen záležitosti týkající se fóra. Na prosby a žádosti o technickou podporu nereaguji. Díky za pochopení.
HiJackThis + návod - HW Monitor - Jak označit příspěvek za vyřešený - Pravidla fóra
HiJackThis + návod - HW Monitor - Jak označit příspěvek za vyřešený - Pravidla fóra
Re: kontrola HJT firemního notebooku
Tak jsem to spustil, ale nevim nevim jestli to něco dělá. zelený oproužek už dlouho stojí asi centimetr od levého okraje.
AMD Phenom II 955 BE, CM hyper 212 plus; Gigabyte MA770-T-UD3P; 2x2GB RAM Kingstone Hyper X DDR3 1600MHz; nVIDIA GeForce GT730
- Žbeky
- Moderátor
-
Guru Level 13
- Příspěvky: 22288
- Registrován: květen 08
- Bydliště: Vsetín - Pardubice
- Pohlaví:
- Stav:
Offline
Re: kontrola HJT firemního notebooku
Dej tomu ještě chvilku. Kdyžtak to pak udělej v nouzáku
V SZ řeším jen záležitosti týkající se fóra. Na prosby a žádosti o technickou podporu nereaguji. Díky za pochopení.
HiJackThis + návod - HW Monitor - Jak označit příspěvek za vyřešený - Pravidla fóra
HiJackThis + návod - HW Monitor - Jak označit příspěvek za vyřešený - Pravidla fóra
Re: kontrola HJT firemního notebooku
ComboFix 12-02-24.02 - Alice Shy 24.02.2012 21:49:39.2.2 - x64 NETWORK
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.4092.3000 [GMT 1:00]
Spuštěný z: c:\users\Alice Shy\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Alice Shy\Desktop\CFScript.txt
AV: F-Secure Anti-Virus for Workstations 9.01 *Disabled/Outdated* {15414183-282E-D62C-CA37-EF24860A2F17}
SP: F-Secure Anti-Virus for Workstations 9.01 *Disabled/Outdated* {AE20A067-0E14-D9A2-F087-D456FD8D65AA}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
FILE ::
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\McAfee Security Scan
c:\program files (x86)\McAfee Security Scan\2.0.181\AVScanComponent.dll
c:\program files (x86)\McAfee Security Scan\2.0.181\AVScanner.ini
c:\program files (x86)\McAfee Security Scan\2.0.181\avvclean.dat
c:\program files (x86)\McAfee Security Scan\2.0.181\avvnames.dat
c:\program files (x86)\McAfee Security Scan\2.0.181\avvscan.dat
c:\program files (x86)\McAfee Security Scan\2.0.181\config.dat
c:\program files (x86)\McAfee Security Scan\2.0.181\ftconfig.ini
c:\program files (x86)\McAfee Security Scan\2.0.181\McAfee.ico
c:\program files (x86)\McAfee Security Scan\2.0.181\mcbrwsr2.dll
c:\program files (x86)\McAfee Security Scan\2.0.181\MCCompHostConfig.ini
c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe
c:\program files (x86)\McAfee Security Scan\2.0.181\mcscan32.dll
c:\program files (x86)\McAfee Security Scan\2.0.181\mcuicnt.exe
c:\program files (x86)\McAfee Security Scan\2.0.181\McUpdater.dll
c:\program files (x86)\McAfee Security Scan\2.0.181\sa_cache_sqlite.dll
c:\program files (x86)\McAfee Security Scan\2.0.181\sa_http_win32.dll
c:\program files (x86)\McAfee Security Scan\2.0.181\sa_mbl.dll
c:\program files (x86)\McAfee Security Scan\2.0.181\sa_store_sqlite.dll
c:\program files (x86)\McAfee Security Scan\2.0.181\sacore.db
c:\program files (x86)\McAfee Security Scan\2.0.181\sacore.dll
c:\program files (x86)\McAfee Security Scan\2.0.181\sacoredata\uds_filetypes.txt
c:\program files (x86)\McAfee Security Scan\2.0.181\sacoredata\uds_hosting.txt
c:\program files (x86)\McAfee Security Scan\2.0.181\sacoredata\uds_tlds.txt
c:\program files (x86)\McAfee Security Scan\2.0.181\SecurityScanner.dll
c:\program files (x86)\McAfee Security Scan\2.0.181\SecurityScanner_LD.dll
c:\program files (x86)\McAfee Security Scan\2.0.181\sqlite3.dll
c:\program files (x86)\McAfee Security Scan\2.0.181\SSCustom_LD.dll
c:\program files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
c:\program files (x86)\McAfee Security Scan\2.0.181\WebInfoScanner.dll
c:\program files (x86)\McAfee Security Scan\2.0.181\WMIScanner.dll
c:\program files (x86)\McAfee Security Scan\uninstall.exe
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_McComponentHostService
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-01-24 do 2012-02-24 )))))))))))))))))))))))))))))))
.
.
2012-02-24 13:42 . 2012-02-24 13:42 -------- d-----w- c:\users\Alice Shy\AppData\Roaming\Malwarebytes
2012-02-24 13:42 . 2012-02-24 13:42 -------- d-----w- c:\programdata\Malwarebytes
2012-02-24 13:42 . 2012-02-24 13:42 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-02-24 13:42 . 2011-12-10 14:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-24 09:37 . 2012-02-24 09:37 -------- d-----w- C:\b9805ad3dbe23fe7943a
2012-02-22 07:32 . 2012-02-22 07:32 -------- d-----w- C:\597fc85747b80d72ac5b
2012-02-17 15:35 . 2012-01-04 10:44 509952 ----a-w- c:\windows\system32\ntshrui.dll
2012-02-17 15:35 . 2012-01-04 08:58 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll
2012-02-17 15:33 . 2012-01-14 04:06 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-02-17 15:33 . 2011-12-16 08:46 634880 ----a-w- c:\windows\system32\msvcrt.dll
2012-02-17 15:33 . 2011-12-16 07:52 690688 ----a-w- c:\windows\SysWow64\msvcrt.dll
2012-02-17 15:33 . 2011-12-30 06:26 515584 ----a-w- c:\windows\system32\timedate.cpl
2012-02-17 15:33 . 2011-12-30 05:27 478720 ----a-w- c:\windows\SysWow64\timedate.cpl
2012-02-17 15:33 . 2011-12-28 03:59 498688 ----a-w- c:\windows\system32\drivers\afd.sys
2012-02-15 17:58 . 2012-02-15 17:58 -------- d-----w- c:\users\Alice Shy\AppData\Local\Solid State Networks
2012-01-29 11:27 . 2012-01-29 11:27 -------- d-----w- c:\users\Alice Shy\AppData\Roaming\COWON
2012-01-29 11:25 . 2012-01-29 11:25 -------- d-----w- c:\program files (x86)\Common Files\COWON
2012-01-29 11:24 . 2012-01-29 11:26 -------- d-----w- c:\program files (x86)\JetAudio
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-18 13:01 . 2011-05-27 18:52 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
.
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of C:\597fc85747b80d72ac5b ----
.
2011-12-26 05:29 . 2011-12-26 05:29 37132 ----a-w- c:\597fc85747b80d72ac5b\1045\LocalizedData.xml
2011-12-26 05:29 . 2011-12-26 05:29 36530 ----a-w- c:\597fc85747b80d72ac5b\1046\LocalizedData.xml
2011-12-26 05:29 . 2011-12-26 05:29 37394 ----a-w- c:\597fc85747b80d72ac5b\1049\LocalizedData.xml
2011-12-26 05:29 . 2011-12-26 05:29 37676 ----a-w- c:\597fc85747b80d72ac5b\1036\LocalizedData.xml
2011-12-26 05:29 . 2011-12-26 05:29 33028 ----a-w- c:\597fc85747b80d72ac5b\1037\LocalizedData.xml
2011-12-26 05:29 . 2011-12-26 05:29 37692 ----a-w- c:\597fc85747b80d72ac5b\1038\LocalizedData.xml
2011-12-26 05:29 . 2011-12-26 05:29 37048 ----a-w- c:\597fc85747b80d72ac5b\1040\LocalizedData.xml
2011-12-26 05:29 . 2011-12-26 05:29 31424 ----a-w- c:\597fc85747b80d72ac5b\1041\LocalizedData.xml
2011-12-26 05:29 . 2011-12-26 05:29 30504 ----a-w- c:\597fc85747b80d72ac5b\1042\LocalizedData.xml
2011-12-26 05:29 . 2011-12-26 05:29 36850 ----a-w- c:\597fc85747b80d72ac5b\1043\LocalizedData.xml
2011-12-26 05:29 . 2011-12-26 05:29 36546 ----a-w- c:\597fc85747b80d72ac5b\1044\LocalizedData.xml
2011-12-26 05:29 . 2011-12-26 05:29 34118 ----a-w- c:\597fc85747b80d72ac5b\1025\LocalizedData.xml
2011-12-26 05:29 . 2011-12-26 05:29 28422 ----a-w- c:\597fc85747b80d72ac5b\1028\LocalizedData.xml
2011-12-26 05:29 . 2011-12-26 05:29 36716 ----a-w- c:\597fc85747b80d72ac5b\1029\LocalizedData.xml
2011-12-26 05:29 . 2011-12-26 05:29 36020 ----a-w- c:\597fc85747b80d72ac5b\1030\LocalizedData.xml
2011-12-26 05:29 . 2011-12-26 05:29 37858 ----a-w- c:\597fc85747b80d72ac5b\1031\LocalizedData.xml
2011-12-26 05:29 . 2011-12-26 05:29 38668 ----a-w- c:\597fc85747b80d72ac5b\1032\LocalizedData.xml
2011-12-26 05:29 . 2011-12-26 05:29 36066 ----a-w- c:\597fc85747b80d72ac5b\1035\LocalizedData.xml
2011-12-26 05:29 . 2011-12-26 05:29 27846 ----a-w- c:\597fc85747b80d72ac5b\ParameterInfo.xml
2011-12-26 05:29 . 2011-12-26 05:29 35802 ----a-w- c:\597fc85747b80d72ac5b\1033\LocalizedData.xml
2011-12-26 05:24 . 2011-12-26 05:24 8835072 ----a-w- c:\597fc85747b80d72ac5b\NDP40-KB2656351.msp
2011-12-26 04:09 . 2011-12-26 04:09 3628 ----a-w- c:\597fc85747b80d72ac5b\header.bmp
2011-12-26 04:09 . 2011-12-26 04:09 196662 ----a-w- c:\597fc85747b80d72ac5b\SplashScreen.bmp
2011-12-26 04:09 . 2011-12-26 04:09 13606 ----a-w- c:\597fc85747b80d72ac5b\Strings.xml
2011-12-26 04:09 . 2011-12-26 04:09 36180 ----a-w- c:\597fc85747b80d72ac5b\UiInfo.xml
2011-12-26 04:09 . 2011-12-26 04:09 104072 ----a-w- c:\597fc85747b80d72ac5b\watermark.bmp
2011-12-26 04:09 . 2011-12-26 04:09 123035 ----a-w- c:\597fc85747b80d72ac5b\1025\eula.rtf
2011-12-26 04:09 . 2011-12-26 04:09 128333 ----a-w- c:\597fc85747b80d72ac5b\1028\eula.rtf
2011-12-26 04:09 . 2011-12-26 04:09 101146 ----a-w- c:\597fc85747b80d72ac5b\1029\eula.rtf
2011-12-26 04:09 . 2011-12-26 04:09 109464 ----a-w- c:\597fc85747b80d72ac5b\1030\eula.rtf
2011-12-26 04:09 . 2011-12-26 04:09 91719 ----a-w- c:\597fc85747b80d72ac5b\1031\eula.rtf
2011-12-26 04:09 . 2011-12-26 04:09 102048 ----a-w- c:\597fc85747b80d72ac5b\1032\eula.rtf
2011-12-26 04:09 . 2011-12-26 04:09 138595 ----a-w- c:\597fc85747b80d72ac5b\1033\eula.rtf
2011-12-26 04:09 . 2011-12-26 04:09 111176 ----a-w- c:\597fc85747b80d72ac5b\1035\eula.rtf
2011-12-26 04:09 . 2011-12-26 04:09 133172 ----a-w- c:\597fc85747b80d72ac5b\1036\eula.rtf
2011-12-26 04:09 . 2011-12-26 04:09 125351 ----a-w- c:\597fc85747b80d72ac5b\1037\eula.rtf
2011-12-26 04:09 . 2011-12-26 04:09 110879 ----a-w- c:\597fc85747b80d72ac5b\1038\eula.rtf
2011-12-26 04:09 . 2011-12-26 04:09 124974 ----a-w- c:\597fc85747b80d72ac5b\1040\eula.rtf
2011-12-26 04:09 . 2011-12-26 04:09 111958 ----a-w- c:\597fc85747b80d72ac5b\1041\eula.rtf
2011-12-26 04:09 . 2011-12-26 04:09 149503 ----a-w- c:\597fc85747b80d72ac5b\1042\eula.rtf
2011-12-26 04:09 . 2011-12-26 04:09 35285 ----a-w- c:\597fc85747b80d72ac5b\1043\eula.rtf
2011-12-26 04:09 . 2011-12-26 04:09 36083 ----a-w- c:\597fc85747b80d72ac5b\1044\eula.rtf
2011-12-26 04:09 . 2011-12-26 04:09 126541 ----a-w- c:\597fc85747b80d72ac5b\1045\eula.rtf
2011-12-26 04:09 . 2011-12-26 04:09 109574 ----a-w- c:\597fc85747b80d72ac5b\1046\eula.rtf
2011-12-26 04:09 . 2011-12-26 04:09 49319 ----a-w- c:\597fc85747b80d72ac5b\1049\eula.rtf
2011-12-26 02:51 . 2011-12-26 02:51 18712 ----a-w- c:\597fc85747b80d72ac5b\1046\SetupResources.dll
2011-12-26 02:51 . 2011-12-26 02:51 19224 ----a-w- c:\597fc85747b80d72ac5b\1049\SetupResources.dll
2011-12-26 02:51 . 2011-12-26 02:51 18712 ----a-w- c:\597fc85747b80d72ac5b\1045\SetupResources.dll
2011-12-26 02:51 . 2011-12-26 02:51 19736 ----a-w- c:\597fc85747b80d72ac5b\1043\SetupResources.dll
2011-12-26 02:51 . 2011-12-26 02:51 18200 ----a-w- c:\597fc85747b80d72ac5b\1044\SetupResources.dll
2011-12-26 02:51 . 2011-12-26 02:51 15640 ----a-w- c:\597fc85747b80d72ac5b\1042\SetupResources.dll
2011-12-26 02:51 . 2011-12-26 02:51 18712 ----a-w- c:\597fc85747b80d72ac5b\1040\SetupResources.dll
2011-12-26 02:51 . 2011-12-26 02:51 16152 ----a-w- c:\597fc85747b80d72ac5b\1041\SetupResources.dll
2011-12-26 02:51 . 2011-12-26 02:51 19224 ----a-w- c:\597fc85747b80d72ac5b\1038\SetupResources.dll
2011-12-26 02:51 . 2011-12-26 02:51 19224 ----a-w- c:\597fc85747b80d72ac5b\1036\SetupResources.dll
2011-12-26 02:51 . 2011-12-26 02:51 17176 ----a-w- c:\597fc85747b80d72ac5b\1037\SetupResources.dll
2011-12-26 02:51 . 2011-12-26 02:51 18712 ----a-w- c:\597fc85747b80d72ac5b\1035\SetupResources.dll
2011-12-26 02:51 . 2011-12-26 02:51 19736 ----a-w- c:\597fc85747b80d72ac5b\1032\SetupResources.dll
2011-12-26 02:51 . 2011-12-26 02:51 17688 ----a-w- c:\597fc85747b80d72ac5b\1033\SetupResources.dll
2011-12-26 02:51 . 2011-12-26 02:51 19224 ----a-w- c:\597fc85747b80d72ac5b\1031\SetupResources.dll
2011-12-26 02:51 . 2011-12-26 02:51 18712 ----a-w- c:\597fc85747b80d72ac5b\1030\SetupResources.dll
2011-12-26 02:51 . 2011-12-26 02:51 14616 ----a-w- c:\597fc85747b80d72ac5b\1028\SetupResources.dll
2011-12-26 02:51 . 2011-12-26 02:51 18712 ----a-w- c:\597fc85747b80d72ac5b\1029\SetupResources.dll
2011-12-26 02:51 . 2011-12-26 02:51 17688 ----a-w- c:\597fc85747b80d72ac5b\1025\SetupResources.dll
2011-12-26 02:51 . 2011-12-26 02:51 810256 ----a-w- c:\597fc85747b80d72ac5b\SetupEngine.dll
2011-12-26 02:51 . 2011-12-26 02:51 296712 ----a-w- c:\597fc85747b80d72ac5b\SetupUi.dll
2011-12-26 02:51 . 2011-12-26 02:51 79112 ----a-w- c:\597fc85747b80d72ac5b\Setup.exe
2011-12-26 02:38 . 2011-12-26 02:38 16118 ----a-w- c:\597fc85747b80d72ac5b\DHtmlHeader.html
2011-12-26 02:38 . 2011-12-26 02:38 30120 ----a-w- c:\597fc85747b80d72ac5b\SetupUi.xsd
2011-12-26 02:38 . 2011-12-26 02:38 196416 ----a-w- c:\597fc85747b80d72ac5b\sqmapi.dll
2011-12-25 22:00 . 2011-12-25 22:00 97048 ----a-w- c:\597fc85747b80d72ac5b\SetupUtility.exe
.
---- Directory of C:\b9805ad3dbe23fe7943a ----
.
2012-02-24 09:37 . 2012-02-24 09:37 788 ---ha-w- c:\b9805ad3dbe23fe7943a\$shtdwn$.req
2011-12-26 05:29 . 2011-12-26 05:29 37132 ----a-w- c:\b9805ad3dbe23fe7943a\1045\LocalizedData.xml
2011-12-26 05:29 . 2011-12-26 05:29 36530 ----a-w- c:\b9805ad3dbe23fe7943a\1046\LocalizedData.xml
2011-12-26 05:29 . 2011-12-26 05:29 37394 ----a-w- c:\b9805ad3dbe23fe7943a\1049\LocalizedData.xml
2011-12-26 05:29 . 2011-12-26 05:29 36014 ----a-w- c:\b9805ad3dbe23fe7943a\1053\LocalizedData.xml
2011-12-26 05:29 . 2011-12-26 05:29 36274 ----a-w- c:\b9805ad3dbe23fe7943a\1055\LocalizedData.xml
2011-12-26 05:29 . 2011-12-26 05:29 28414 ----a-w- c:\b9805ad3dbe23fe7943a\2052\LocalizedData.xml
2011-12-26 05:29 . 2011-12-26 05:29 37332 ----a-w- c:\b9805ad3dbe23fe7943a\2070\LocalizedData.xml
2011-12-26 05:29 . 2011-12-26 05:29 37096 ----a-w- c:\b9805ad3dbe23fe7943a\3082\LocalizedData.xml
2011-12-26 05:29 . 2011-12-26 05:29 37676 ----a-w- c:\b9805ad3dbe23fe7943a\1036\LocalizedData.xml
2011-12-26 05:29 . 2011-12-26 05:29 33028 ----a-w- c:\b9805ad3dbe23fe7943a\1037\LocalizedData.xml
2011-12-26 05:29 . 2011-12-26 05:29 37692 ----a-w- c:\b9805ad3dbe23fe7943a\1038\LocalizedData.xml
2011-12-26 05:29 . 2011-12-26 05:29 37048 ----a-w- c:\b9805ad3dbe23fe7943a\1040\LocalizedData.xml
2011-12-26 05:29 . 2011-12-26 05:29 31424 ----a-w- c:\b9805ad3dbe23fe7943a\1041\LocalizedData.xml
2011-12-26 05:29 . 2011-12-26 05:29 30504 ----a-w- c:\b9805ad3dbe23fe7943a\1042\LocalizedData.xml
2011-12-26 05:29 . 2011-12-26 05:29 36850 ----a-w- c:\b9805ad3dbe23fe7943a\1043\LocalizedData.xml
2011-12-26 05:29 . 2011-12-26 05:29 36546 ----a-w- c:\b9805ad3dbe23fe7943a\1044\LocalizedData.xml
2011-12-26 05:29 . 2011-12-26 05:29 34118 ----a-w- c:\b9805ad3dbe23fe7943a\1025\LocalizedData.xml
2011-12-26 05:29 . 2011-12-26 05:29 28422 ----a-w- c:\b9805ad3dbe23fe7943a\1028\LocalizedData.xml
2011-12-26 05:29 . 2011-12-26 05:29 36716 ----a-w- c:\b9805ad3dbe23fe7943a\1029\LocalizedData.xml
2011-12-26 05:29 . 2011-12-26 05:29 36020 ----a-w- c:\b9805ad3dbe23fe7943a\1030\LocalizedData.xml
2011-12-26 05:29 . 2011-12-26 05:29 37858 ----a-w- c:\b9805ad3dbe23fe7943a\1031\LocalizedData.xml
2011-12-26 05:29 . 2011-12-26 05:29 38668 ----a-w- c:\b9805ad3dbe23fe7943a\1032\LocalizedData.xml
2011-12-26 05:29 . 2011-12-26 05:29 36066 ----a-w- c:\b9805ad3dbe23fe7943a\1035\LocalizedData.xml
2011-12-26 05:29 . 2011-12-26 05:29 28422 ----a-w- c:\b9805ad3dbe23fe7943a\3076\LocalizedData.xml
2011-12-26 05:29 . 2011-12-26 05:29 27846 ----a-w- c:\b9805ad3dbe23fe7943a\ParameterInfo.xml
2011-12-26 05:29 . 2011-12-26 05:29 35802 ----a-w- c:\b9805ad3dbe23fe7943a\1033\LocalizedData.xml
2011-12-26 05:24 . 2011-12-26 05:24 8835072 ----a-w- c:\b9805ad3dbe23fe7943a\NDP40-KB2656351.msp
2011-12-26 04:09 . 2011-12-26 04:09 3628 ----a-w- c:\b9805ad3dbe23fe7943a\header.bmp
2011-12-26 04:09 . 2011-12-26 04:09 196662 ----a-w- c:\b9805ad3dbe23fe7943a\SplashScreen.bmp
2011-12-26 04:09 . 2011-12-26 04:09 13606 ----a-w- c:\b9805ad3dbe23fe7943a\Strings.xml
2011-12-26 04:09 . 2011-12-26 04:09 36180 ----a-w- c:\b9805ad3dbe23fe7943a\UiInfo.xml
2011-12-26 04:09 . 2011-12-26 04:09 104072 ----a-w- c:\b9805ad3dbe23fe7943a\watermark.bmp
2011-12-26 04:09 . 2011-12-26 04:09 123035 ----a-w- c:\b9805ad3dbe23fe7943a\1025\eula.rtf
2011-12-26 04:09 . 2011-12-26 04:09 128333 ----a-w- c:\b9805ad3dbe23fe7943a\1028\eula.rtf
2011-12-26 04:09 . 2011-12-26 04:09 101146 ----a-w- c:\b9805ad3dbe23fe7943a\1029\eula.rtf
2011-12-26 04:09 . 2011-12-26 04:09 109464 ----a-w- c:\b9805ad3dbe23fe7943a\1030\eula.rtf
2011-12-26 04:09 . 2011-12-26 04:09 91719 ----a-w- c:\b9805ad3dbe23fe7943a\1031\eula.rtf
2011-12-26 04:09 . 2011-12-26 04:09 102048 ----a-w- c:\b9805ad3dbe23fe7943a\1032\eula.rtf
2011-12-26 04:09 . 2011-12-26 04:09 138595 ----a-w- c:\b9805ad3dbe23fe7943a\1033\eula.rtf
2011-12-26 04:09 . 2011-12-26 04:09 111176 ----a-w- c:\b9805ad3dbe23fe7943a\1035\eula.rtf
2011-12-26 04:09 . 2011-12-26 04:09 133172 ----a-w- c:\b9805ad3dbe23fe7943a\1036\eula.rtf
2011-12-26 04:09 . 2011-12-26 04:09 125351 ----a-w- c:\b9805ad3dbe23fe7943a\1037\eula.rtf
2011-12-26 04:09 . 2011-12-26 04:09 110879 ----a-w- c:\b9805ad3dbe23fe7943a\1038\eula.rtf
2011-12-26 04:09 . 2011-12-26 04:09 124974 ----a-w- c:\b9805ad3dbe23fe7943a\1040\eula.rtf
2011-12-26 04:09 . 2011-12-26 04:09 111958 ----a-w- c:\b9805ad3dbe23fe7943a\1041\eula.rtf
2011-12-26 04:09 . 2011-12-26 04:09 149503 ----a-w- c:\b9805ad3dbe23fe7943a\1042\eula.rtf
2011-12-26 04:09 . 2011-12-26 04:09 35285 ----a-w- c:\b9805ad3dbe23fe7943a\1043\eula.rtf
2011-12-26 04:09 . 2011-12-26 04:09 36083 ----a-w- c:\b9805ad3dbe23fe7943a\1044\eula.rtf
2011-12-26 04:09 . 2011-12-26 04:09 126541 ----a-w- c:\b9805ad3dbe23fe7943a\1045\eula.rtf
2011-12-26 04:09 . 2011-12-26 04:09 109574 ----a-w- c:\b9805ad3dbe23fe7943a\1046\eula.rtf
2011-12-26 04:09 . 2011-12-26 04:09 49319 ----a-w- c:\b9805ad3dbe23fe7943a\1049\eula.rtf
2011-12-26 04:09 . 2011-12-26 04:09 125073 ----a-w- c:\b9805ad3dbe23fe7943a\1053\eula.rtf
2011-12-26 04:09 . 2011-12-26 04:09 112947 ----a-w- c:\b9805ad3dbe23fe7943a\1055\eula.rtf
2011-12-26 04:09 . 2011-12-26 04:09 110754 ----a-w- c:\b9805ad3dbe23fe7943a\2052\eula.rtf
2011-12-26 04:09 . 2011-12-26 04:09 125196 ----a-w- c:\b9805ad3dbe23fe7943a\2070\eula.rtf
2011-12-26 04:09 . 2011-12-26 04:09 2060 ----a-w- c:\b9805ad3dbe23fe7943a\3076\eula.rtf
2011-12-26 04:09 . 2011-12-26 04:09 108174 ----a-w- c:\b9805ad3dbe23fe7943a\3082\eula.rtf
2011-12-26 02:51 . 2011-12-26 02:51 19224 ----a-w- c:\b9805ad3dbe23fe7943a\3082\SetupResources.dll
2011-12-26 02:51 . 2011-12-26 02:51 14616 ----a-w- c:\b9805ad3dbe23fe7943a\2052\SetupResources.dll
2011-12-26 02:51 . 2011-12-26 02:51 19224 ----a-w- c:\b9805ad3dbe23fe7943a\2070\SetupResources.dll
2011-12-26 02:51 . 2011-12-26 02:51 18200 ----a-w- c:\b9805ad3dbe23fe7943a\1053\SetupResources.dll
2011-12-26 02:51 . 2011-12-26 02:51 18200 ----a-w- c:\b9805ad3dbe23fe7943a\1055\SetupResources.dll
2011-12-26 02:51 . 2011-12-26 02:51 18712 ----a-w- c:\b9805ad3dbe23fe7943a\1046\SetupResources.dll
2011-12-26 02:51 . 2011-12-26 02:51 19224 ----a-w- c:\b9805ad3dbe23fe7943a\1049\SetupResources.dll
2011-12-26 02:51 . 2011-12-26 02:51 18712 ----a-w- c:\b9805ad3dbe23fe7943a\1045\SetupResources.dll
2011-12-26 02:51 . 2011-12-26 02:51 19736 ----a-w- c:\b9805ad3dbe23fe7943a\1043\SetupResources.dll
2011-12-26 02:51 . 2011-12-26 02:51 18200 ----a-w- c:\b9805ad3dbe23fe7943a\1044\SetupResources.dll
2011-12-26 02:51 . 2011-12-26 02:51 15640 ----a-w- c:\b9805ad3dbe23fe7943a\1042\SetupResources.dll
2011-12-26 02:51 . 2011-12-26 02:51 18712 ----a-w- c:\b9805ad3dbe23fe7943a\1040\SetupResources.dll
2011-12-26 02:51 . 2011-12-26 02:51 16152 ----a-w- c:\b9805ad3dbe23fe7943a\1041\SetupResources.dll
2011-12-26 02:51 . 2011-12-26 02:51 19224 ----a-w- c:\b9805ad3dbe23fe7943a\1038\SetupResources.dll
2011-12-26 02:51 . 2011-12-26 02:51 19224 ----a-w- c:\b9805ad3dbe23fe7943a\1036\SetupResources.dll
2011-12-26 02:51 . 2011-12-26 02:51 17176 ----a-w- c:\b9805ad3dbe23fe7943a\1037\SetupResources.dll
2011-12-26 02:51 . 2011-12-26 02:51 18712 ----a-w- c:\b9805ad3dbe23fe7943a\1035\SetupResources.dll
2011-12-26 02:51 . 2011-12-26 02:51 19736 ----a-w- c:\b9805ad3dbe23fe7943a\1032\SetupResources.dll
2011-12-26 02:51 . 2011-12-26 02:51 17688 ----a-w- c:\b9805ad3dbe23fe7943a\1033\SetupResources.dll
2011-12-26 02:51 . 2011-12-26 02:51 19224 ----a-w- c:\b9805ad3dbe23fe7943a\1031\SetupResources.dll
2011-12-26 02:51 . 2011-12-26 02:51 18712 ----a-w- c:\b9805ad3dbe23fe7943a\1030\SetupResources.dll
2011-12-26 02:51 . 2011-12-26 02:51 14616 ----a-w- c:\b9805ad3dbe23fe7943a\1028\SetupResources.dll
2011-12-26 02:51 . 2011-12-26 02:51 18712 ----a-w- c:\b9805ad3dbe23fe7943a\1029\SetupResources.dll
2011-12-26 02:51 . 2011-12-26 02:51 14616 ----a-w- c:\b9805ad3dbe23fe7943a\3076\SetupResources.dll
2011-12-26 02:51 . 2011-12-26 02:51 17688 ----a-w- c:\b9805ad3dbe23fe7943a\1025\SetupResources.dll
2011-12-26 02:51 . 2011-12-26 02:51 810256 ----a-w- c:\b9805ad3dbe23fe7943a\SetupEngine.dll
2011-12-26 02:51 . 2011-12-26 02:51 296712 ----a-w- c:\b9805ad3dbe23fe7943a\SetupUi.dll
2011-12-26 02:51 . 2011-12-26 02:51 79112 ----a-w- c:\b9805ad3dbe23fe7943a\Setup.exe
2011-12-26 02:38 . 2011-12-26 02:38 16118 ----a-w- c:\b9805ad3dbe23fe7943a\DHtmlHeader.html
2011-12-26 02:38 . 2011-12-26 02:38 30120 ----a-w- c:\b9805ad3dbe23fe7943a\SetupUi.xsd
2011-12-26 02:38 . 2011-12-26 02:38 196416 ----a-w- c:\b9805ad3dbe23fe7943a\sqmapi.dll
2011-12-25 22:00 . 2011-12-25 22:00 97048 ----a-w- c:\b9805ad3dbe23fe7943a\SetupUtility.exe
2011-12-25 21:57 . 2011-12-25 21:57 1150 ----a-w- c:\b9805ad3dbe23fe7943a\Graphics\Print.ico
2011-12-25 21:57 . 2011-12-25 21:57 894 ----a-w- c:\b9805ad3dbe23fe7943a\Graphics\Rotate1.ico
2011-12-25 21:57 . 2011-12-25 21:57 894 ----a-w- c:\b9805ad3dbe23fe7943a\Graphics\Rotate2.ico
2011-12-25 21:57 . 2011-12-25 21:57 894 ----a-w- c:\b9805ad3dbe23fe7943a\Graphics\Rotate3.ico
2011-12-25 21:57 . 2011-12-25 21:57 894 ----a-w- c:\b9805ad3dbe23fe7943a\Graphics\Rotate4.ico
2011-12-25 21:57 . 2011-12-25 21:57 894 ----a-w- c:\b9805ad3dbe23fe7943a\Graphics\Rotate5.ico
2011-12-25 21:57 . 2011-12-25 21:57 894 ----a-w- c:\b9805ad3dbe23fe7943a\Graphics\Rotate6.ico
2011-12-25 21:57 . 2011-12-25 21:57 894 ----a-w- c:\b9805ad3dbe23fe7943a\Graphics\Rotate7.ico
2011-12-25 21:57 . 2011-12-25 21:57 894 ----a-w- c:\b9805ad3dbe23fe7943a\Graphics\Rotate8.ico
2011-12-25 21:57 . 2011-12-25 21:57 1150 ----a-w- c:\b9805ad3dbe23fe7943a\Graphics\Save.ico
2011-12-25 21:57 . 2011-12-25 21:57 36710 ----a-w- c:\b9805ad3dbe23fe7943a\Graphics\Setup.ico
2011-12-25 21:57 . 2011-12-25 21:57 10134 ----a-w- c:\b9805ad3dbe23fe7943a\Graphics\stop.ico
2011-12-25 21:57 . 2011-12-25 21:57 1150 ----a-w- c:\b9805ad3dbe23fe7943a\Graphics\SysReqMet.ico
2011-12-25 21:57 . 2011-12-25 21:57 1150 ----a-w- c:\b9805ad3dbe23fe7943a\Graphics\SysReqNotMet.ico
2011-12-25 21:57 . 2011-12-25 21:57 10134 ----a-w- c:\b9805ad3dbe23fe7943a\Graphics\warn.ico
.
.
((((((((((((((((((((((((((((( SnapShot@2012-02-24_16.40.53 )))))))))))))))))))))))))))))))))))))))))
.
- 2010-01-28 19:20 . 2012-02-24 16:12 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-01-28 19:20 . 2012-02-24 19:12 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-01-28 19:20 . 2012-02-24 16:12 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-01-28 19:20 . 2012-02-24 19:12 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-11-09 23:21 . 2012-02-24 17:10 3279 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Bluetooth\bthservsdp.dat
- 2009-11-09 23:21 . 2012-02-24 16:38 3279 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Bluetooth\bthservsdp.dat
- 2012-02-24 16:40 . 2012-02-24 16:40 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-02-24 20:58 . 2012-02-24 20:58 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-02-24 16:40 . 2012-02-24 16:40 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-02-24 20:58 . 2012-02-24 20:58 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-14 05:01 . 2012-02-24 17:10 399108 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-02-24 16:39 399108 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-06-28 20:09 . 2012-02-24 17:10 1743569 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-4066432908-1446298234-410416423-1000-12288.dat
- 2011-06-28 20:09 . 2012-02-15 15:13 1743569 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-4066432908-1446298234-410416423-1000-12288.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-02 98304]
"HPCam_Menu"="c:\program files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" [2009-02-25 218408]
"UpdatePRCShortCut"="c:\program files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"WirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-07-23 498744]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"F-Secure Manager"="c:\program files (x86)\F-Secure\Common\FSM32.EXE" [2010-05-31 301744]
"F-Secure TNB"="c:\program files (x86)\F-Secure\FSGUI\TNBUtil.exe" [2010-05-31 1653424]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-7-1 1079584]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"WallpaperStyle"= 2
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 gupdate;Služba Google Update (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-29 135664]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-06-21 85560]
R3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-05-05 228408]
R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [x]
R3 gupdatem;Služba Google Update (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-29 135664]
R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [x]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 TFsExDisk;TFsExDisk;c:\windows\System32\Drivers\TFsExDisk.sys [2011-01-20 16392]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 fsvista;F-Secure Vista Support Driver;c:\program files (x86)\F-Secure\Anti-Virus\minifilter\fsvista.sys [2010-05-31 14904]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe [2009-03-02 89600]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x]
S2 TVCapSvc;TV Background Capture Service (TVBCS);c:\program files (x86)\Hewlett-Packard\Media\Live TV\Kernel\TV\TVCapSvc.exe [2009-07-24 275840]
S2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe [2009-07-12 1924400]
S3 AVerAF15;HP DVB-T TV Tuner;c:\windows\system32\Drivers\AVerAF15.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [x]
S3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files (x86)\F-Secure\Anti-Virus\minifilter\fsgk.sys [2011-09-08 198808]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-06-17 11:11 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2012-02-06 c:\windows\Tasks\HPCeeScheduleForAlice Shy.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2009-10-07 03:22]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"combofix"="c:\combofix\CF5811.3XE" [2010-11-20 345088]
.
------- Doplňkový sken -------
.
uLocal Page = %SystemRoot%\system32\blank.htm
uStart Page = hxxp://www.google.cz/
mLocal Page = %SystemRoot%\system32\blank.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: Odeslat obrázek do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odeslat stránku do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: Search the Web - c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\menuext.html
IE: WikiKomentáře Google... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.10.1
FF - ProfilePath - c:\users\Alice Shy\AppData\Roaming\Mozilla\Firefox\Profiles\1ag1t18x.default\
FF - prefs.js: browser.search.selectedEngine - Google
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
WebBrowser-{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - (no file)
WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
WebBrowser-{CD90BF73-20F6-44EF-993D-BB920303BD2E} - (no file)
WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
AddRemove-McAfee Security Scan - c:\program files (x86)\McAfee Security Scan\uninstall.exe
.
.
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\DigitalPersona\Bin\DpHostW.exe
c:\program files (x86)\F-Secure\Common\FSMA32.EXE
c:\program files (x86)\F-Secure\Common\FSHDLL32.EXE
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files (x86)\CyberLink\Shared files\RichVideo.exe
c:\program files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
c:\program files (x86)\Hewlett-Packard\Media\Live TV\TVAgent.exe
c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
c:\program files (x86)\F-Secure\Common\FNRB32.EXE
c:\program files (x86)\F-Secure\Common\FIH32.EXE
c:\program files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
.
**************************************************************************
.
Celkový čas: 2012-02-24 22:05:19 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-02-24 21:05
ComboFix2.txt 2012-02-24 16:57
.
Před spuštěním: Volných bajtů: 429 046 059 008
Po spuštění: Volných bajtů: 428 962 168 832
.
- - End Of File - - 472AF3433757C4B17AD7666B202B030F
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.4092.3000 [GMT 1:00]
Spuštěný z: c:\users\Alice Shy\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Alice Shy\Desktop\CFScript.txt
AV: F-Secure Anti-Virus for Workstations 9.01 *Disabled/Outdated* {15414183-282E-D62C-CA37-EF24860A2F17}
SP: F-Secure Anti-Virus for Workstations 9.01 *Disabled/Outdated* {AE20A067-0E14-D9A2-F087-D456FD8D65AA}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
FILE ::
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\McAfee Security Scan
c:\program files (x86)\McAfee Security Scan\2.0.181\AVScanComponent.dll
c:\program files (x86)\McAfee Security Scan\2.0.181\AVScanner.ini
c:\program files (x86)\McAfee Security Scan\2.0.181\avvclean.dat
c:\program files (x86)\McAfee Security Scan\2.0.181\avvnames.dat
c:\program files (x86)\McAfee Security Scan\2.0.181\avvscan.dat
c:\program files (x86)\McAfee Security Scan\2.0.181\config.dat
c:\program files (x86)\McAfee Security Scan\2.0.181\ftconfig.ini
c:\program files (x86)\McAfee Security Scan\2.0.181\McAfee.ico
c:\program files (x86)\McAfee Security Scan\2.0.181\mcbrwsr2.dll
c:\program files (x86)\McAfee Security Scan\2.0.181\MCCompHostConfig.ini
c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe
c:\program files (x86)\McAfee Security Scan\2.0.181\mcscan32.dll
c:\program files (x86)\McAfee Security Scan\2.0.181\mcuicnt.exe
c:\program files (x86)\McAfee Security Scan\2.0.181\McUpdater.dll
c:\program files (x86)\McAfee Security Scan\2.0.181\sa_cache_sqlite.dll
c:\program files (x86)\McAfee Security Scan\2.0.181\sa_http_win32.dll
c:\program files (x86)\McAfee Security Scan\2.0.181\sa_mbl.dll
c:\program files (x86)\McAfee Security Scan\2.0.181\sa_store_sqlite.dll
c:\program files (x86)\McAfee Security Scan\2.0.181\sacore.db
c:\program files (x86)\McAfee Security Scan\2.0.181\sacore.dll
c:\program files (x86)\McAfee Security Scan\2.0.181\sacoredata\uds_filetypes.txt
c:\program files (x86)\McAfee Security Scan\2.0.181\sacoredata\uds_hosting.txt
c:\program files (x86)\McAfee Security Scan\2.0.181\sacoredata\uds_tlds.txt
c:\program files (x86)\McAfee Security Scan\2.0.181\SecurityScanner.dll
c:\program files (x86)\McAfee Security Scan\2.0.181\SecurityScanner_LD.dll
c:\program files (x86)\McAfee Security Scan\2.0.181\sqlite3.dll
c:\program files (x86)\McAfee Security Scan\2.0.181\SSCustom_LD.dll
c:\program files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
c:\program files (x86)\McAfee Security Scan\2.0.181\WebInfoScanner.dll
c:\program files (x86)\McAfee Security Scan\2.0.181\WMIScanner.dll
c:\program files (x86)\McAfee Security Scan\uninstall.exe
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_McComponentHostService
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-01-24 do 2012-02-24 )))))))))))))))))))))))))))))))
.
.
2012-02-24 13:42 . 2012-02-24 13:42 -------- d-----w- c:\users\Alice Shy\AppData\Roaming\Malwarebytes
2012-02-24 13:42 . 2012-02-24 13:42 -------- d-----w- c:\programdata\Malwarebytes
2012-02-24 13:42 . 2012-02-24 13:42 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-02-24 13:42 . 2011-12-10 14:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-24 09:37 . 2012-02-24 09:37 -------- d-----w- C:\b9805ad3dbe23fe7943a
2012-02-22 07:32 . 2012-02-22 07:32 -------- d-----w- C:\597fc85747b80d72ac5b
2012-02-17 15:35 . 2012-01-04 10:44 509952 ----a-w- c:\windows\system32\ntshrui.dll
2012-02-17 15:35 . 2012-01-04 08:58 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll
2012-02-17 15:33 . 2012-01-14 04:06 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-02-17 15:33 . 2011-12-16 08:46 634880 ----a-w- c:\windows\system32\msvcrt.dll
2012-02-17 15:33 . 2011-12-16 07:52 690688 ----a-w- c:\windows\SysWow64\msvcrt.dll
2012-02-17 15:33 . 2011-12-30 06:26 515584 ----a-w- c:\windows\system32\timedate.cpl
2012-02-17 15:33 . 2011-12-30 05:27 478720 ----a-w- c:\windows\SysWow64\timedate.cpl
2012-02-17 15:33 . 2011-12-28 03:59 498688 ----a-w- c:\windows\system32\drivers\afd.sys
2012-02-15 17:58 . 2012-02-15 17:58 -------- d-----w- c:\users\Alice Shy\AppData\Local\Solid State Networks
2012-01-29 11:27 . 2012-01-29 11:27 -------- d-----w- c:\users\Alice Shy\AppData\Roaming\COWON
2012-01-29 11:25 . 2012-01-29 11:25 -------- d-----w- c:\program files (x86)\Common Files\COWON
2012-01-29 11:24 . 2012-01-29 11:26 -------- d-----w- c:\program files (x86)\JetAudio
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-18 13:01 . 2011-05-27 18:52 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
.
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of C:\597fc85747b80d72ac5b ----
.
2011-12-26 05:29 . 2011-12-26 05:29 37132 ----a-w- c:\597fc85747b80d72ac5b\1045\LocalizedData.xml
2011-12-26 05:29 . 2011-12-26 05:29 36530 ----a-w- c:\597fc85747b80d72ac5b\1046\LocalizedData.xml
2011-12-26 05:29 . 2011-12-26 05:29 37394 ----a-w- c:\597fc85747b80d72ac5b\1049\LocalizedData.xml
2011-12-26 05:29 . 2011-12-26 05:29 37676 ----a-w- c:\597fc85747b80d72ac5b\1036\LocalizedData.xml
2011-12-26 05:29 . 2011-12-26 05:29 33028 ----a-w- c:\597fc85747b80d72ac5b\1037\LocalizedData.xml
2011-12-26 05:29 . 2011-12-26 05:29 37692 ----a-w- c:\597fc85747b80d72ac5b\1038\LocalizedData.xml
2011-12-26 05:29 . 2011-12-26 05:29 37048 ----a-w- c:\597fc85747b80d72ac5b\1040\LocalizedData.xml
2011-12-26 05:29 . 2011-12-26 05:29 31424 ----a-w- c:\597fc85747b80d72ac5b\1041\LocalizedData.xml
2011-12-26 05:29 . 2011-12-26 05:29 30504 ----a-w- c:\597fc85747b80d72ac5b\1042\LocalizedData.xml
2011-12-26 05:29 . 2011-12-26 05:29 36850 ----a-w- c:\597fc85747b80d72ac5b\1043\LocalizedData.xml
2011-12-26 05:29 . 2011-12-26 05:29 36546 ----a-w- c:\597fc85747b80d72ac5b\1044\LocalizedData.xml
2011-12-26 05:29 . 2011-12-26 05:29 34118 ----a-w- c:\597fc85747b80d72ac5b\1025\LocalizedData.xml
2011-12-26 05:29 . 2011-12-26 05:29 28422 ----a-w- c:\597fc85747b80d72ac5b\1028\LocalizedData.xml
2011-12-26 05:29 . 2011-12-26 05:29 36716 ----a-w- c:\597fc85747b80d72ac5b\1029\LocalizedData.xml
2011-12-26 05:29 . 2011-12-26 05:29 36020 ----a-w- c:\597fc85747b80d72ac5b\1030\LocalizedData.xml
2011-12-26 05:29 . 2011-12-26 05:29 37858 ----a-w- c:\597fc85747b80d72ac5b\1031\LocalizedData.xml
2011-12-26 05:29 . 2011-12-26 05:29 38668 ----a-w- c:\597fc85747b80d72ac5b\1032\LocalizedData.xml
2011-12-26 05:29 . 2011-12-26 05:29 36066 ----a-w- c:\597fc85747b80d72ac5b\1035\LocalizedData.xml
2011-12-26 05:29 . 2011-12-26 05:29 27846 ----a-w- c:\597fc85747b80d72ac5b\ParameterInfo.xml
2011-12-26 05:29 . 2011-12-26 05:29 35802 ----a-w- c:\597fc85747b80d72ac5b\1033\LocalizedData.xml
2011-12-26 05:24 . 2011-12-26 05:24 8835072 ----a-w- c:\597fc85747b80d72ac5b\NDP40-KB2656351.msp
2011-12-26 04:09 . 2011-12-26 04:09 3628 ----a-w- c:\597fc85747b80d72ac5b\header.bmp
2011-12-26 04:09 . 2011-12-26 04:09 196662 ----a-w- c:\597fc85747b80d72ac5b\SplashScreen.bmp
2011-12-26 04:09 . 2011-12-26 04:09 13606 ----a-w- c:\597fc85747b80d72ac5b\Strings.xml
2011-12-26 04:09 . 2011-12-26 04:09 36180 ----a-w- c:\597fc85747b80d72ac5b\UiInfo.xml
2011-12-26 04:09 . 2011-12-26 04:09 104072 ----a-w- c:\597fc85747b80d72ac5b\watermark.bmp
2011-12-26 04:09 . 2011-12-26 04:09 123035 ----a-w- c:\597fc85747b80d72ac5b\1025\eula.rtf
2011-12-26 04:09 . 2011-12-26 04:09 128333 ----a-w- c:\597fc85747b80d72ac5b\1028\eula.rtf
2011-12-26 04:09 . 2011-12-26 04:09 101146 ----a-w- c:\597fc85747b80d72ac5b\1029\eula.rtf
2011-12-26 04:09 . 2011-12-26 04:09 109464 ----a-w- c:\597fc85747b80d72ac5b\1030\eula.rtf
2011-12-26 04:09 . 2011-12-26 04:09 91719 ----a-w- c:\597fc85747b80d72ac5b\1031\eula.rtf
2011-12-26 04:09 . 2011-12-26 04:09 102048 ----a-w- c:\597fc85747b80d72ac5b\1032\eula.rtf
2011-12-26 04:09 . 2011-12-26 04:09 138595 ----a-w- c:\597fc85747b80d72ac5b\1033\eula.rtf
2011-12-26 04:09 . 2011-12-26 04:09 111176 ----a-w- c:\597fc85747b80d72ac5b\1035\eula.rtf
2011-12-26 04:09 . 2011-12-26 04:09 133172 ----a-w- c:\597fc85747b80d72ac5b\1036\eula.rtf
2011-12-26 04:09 . 2011-12-26 04:09 125351 ----a-w- c:\597fc85747b80d72ac5b\1037\eula.rtf
2011-12-26 04:09 . 2011-12-26 04:09 110879 ----a-w- c:\597fc85747b80d72ac5b\1038\eula.rtf
2011-12-26 04:09 . 2011-12-26 04:09 124974 ----a-w- c:\597fc85747b80d72ac5b\1040\eula.rtf
2011-12-26 04:09 . 2011-12-26 04:09 111958 ----a-w- c:\597fc85747b80d72ac5b\1041\eula.rtf
2011-12-26 04:09 . 2011-12-26 04:09 149503 ----a-w- c:\597fc85747b80d72ac5b\1042\eula.rtf
2011-12-26 04:09 . 2011-12-26 04:09 35285 ----a-w- c:\597fc85747b80d72ac5b\1043\eula.rtf
2011-12-26 04:09 . 2011-12-26 04:09 36083 ----a-w- c:\597fc85747b80d72ac5b\1044\eula.rtf
2011-12-26 04:09 . 2011-12-26 04:09 126541 ----a-w- c:\597fc85747b80d72ac5b\1045\eula.rtf
2011-12-26 04:09 . 2011-12-26 04:09 109574 ----a-w- c:\597fc85747b80d72ac5b\1046\eula.rtf
2011-12-26 04:09 . 2011-12-26 04:09 49319 ----a-w- c:\597fc85747b80d72ac5b\1049\eula.rtf
2011-12-26 02:51 . 2011-12-26 02:51 18712 ----a-w- c:\597fc85747b80d72ac5b\1046\SetupResources.dll
2011-12-26 02:51 . 2011-12-26 02:51 19224 ----a-w- c:\597fc85747b80d72ac5b\1049\SetupResources.dll
2011-12-26 02:51 . 2011-12-26 02:51 18712 ----a-w- c:\597fc85747b80d72ac5b\1045\SetupResources.dll
2011-12-26 02:51 . 2011-12-26 02:51 19736 ----a-w- c:\597fc85747b80d72ac5b\1043\SetupResources.dll
2011-12-26 02:51 . 2011-12-26 02:51 18200 ----a-w- c:\597fc85747b80d72ac5b\1044\SetupResources.dll
2011-12-26 02:51 . 2011-12-26 02:51 15640 ----a-w- c:\597fc85747b80d72ac5b\1042\SetupResources.dll
2011-12-26 02:51 . 2011-12-26 02:51 18712 ----a-w- c:\597fc85747b80d72ac5b\1040\SetupResources.dll
2011-12-26 02:51 . 2011-12-26 02:51 16152 ----a-w- c:\597fc85747b80d72ac5b\1041\SetupResources.dll
2011-12-26 02:51 . 2011-12-26 02:51 19224 ----a-w- c:\597fc85747b80d72ac5b\1038\SetupResources.dll
2011-12-26 02:51 . 2011-12-26 02:51 19224 ----a-w- c:\597fc85747b80d72ac5b\1036\SetupResources.dll
2011-12-26 02:51 . 2011-12-26 02:51 17176 ----a-w- c:\597fc85747b80d72ac5b\1037\SetupResources.dll
2011-12-26 02:51 . 2011-12-26 02:51 18712 ----a-w- c:\597fc85747b80d72ac5b\1035\SetupResources.dll
2011-12-26 02:51 . 2011-12-26 02:51 19736 ----a-w- c:\597fc85747b80d72ac5b\1032\SetupResources.dll
2011-12-26 02:51 . 2011-12-26 02:51 17688 ----a-w- c:\597fc85747b80d72ac5b\1033\SetupResources.dll
2011-12-26 02:51 . 2011-12-26 02:51 19224 ----a-w- c:\597fc85747b80d72ac5b\1031\SetupResources.dll
2011-12-26 02:51 . 2011-12-26 02:51 18712 ----a-w- c:\597fc85747b80d72ac5b\1030\SetupResources.dll
2011-12-26 02:51 . 2011-12-26 02:51 14616 ----a-w- c:\597fc85747b80d72ac5b\1028\SetupResources.dll
2011-12-26 02:51 . 2011-12-26 02:51 18712 ----a-w- c:\597fc85747b80d72ac5b\1029\SetupResources.dll
2011-12-26 02:51 . 2011-12-26 02:51 17688 ----a-w- c:\597fc85747b80d72ac5b\1025\SetupResources.dll
2011-12-26 02:51 . 2011-12-26 02:51 810256 ----a-w- c:\597fc85747b80d72ac5b\SetupEngine.dll
2011-12-26 02:51 . 2011-12-26 02:51 296712 ----a-w- c:\597fc85747b80d72ac5b\SetupUi.dll
2011-12-26 02:51 . 2011-12-26 02:51 79112 ----a-w- c:\597fc85747b80d72ac5b\Setup.exe
2011-12-26 02:38 . 2011-12-26 02:38 16118 ----a-w- c:\597fc85747b80d72ac5b\DHtmlHeader.html
2011-12-26 02:38 . 2011-12-26 02:38 30120 ----a-w- c:\597fc85747b80d72ac5b\SetupUi.xsd
2011-12-26 02:38 . 2011-12-26 02:38 196416 ----a-w- c:\597fc85747b80d72ac5b\sqmapi.dll
2011-12-25 22:00 . 2011-12-25 22:00 97048 ----a-w- c:\597fc85747b80d72ac5b\SetupUtility.exe
.
---- Directory of C:\b9805ad3dbe23fe7943a ----
.
2012-02-24 09:37 . 2012-02-24 09:37 788 ---ha-w- c:\b9805ad3dbe23fe7943a\$shtdwn$.req
2011-12-26 05:29 . 2011-12-26 05:29 37132 ----a-w- c:\b9805ad3dbe23fe7943a\1045\LocalizedData.xml
2011-12-26 05:29 . 2011-12-26 05:29 36530 ----a-w- c:\b9805ad3dbe23fe7943a\1046\LocalizedData.xml
2011-12-26 05:29 . 2011-12-26 05:29 37394 ----a-w- c:\b9805ad3dbe23fe7943a\1049\LocalizedData.xml
2011-12-26 05:29 . 2011-12-26 05:29 36014 ----a-w- c:\b9805ad3dbe23fe7943a\1053\LocalizedData.xml
2011-12-26 05:29 . 2011-12-26 05:29 36274 ----a-w- c:\b9805ad3dbe23fe7943a\1055\LocalizedData.xml
2011-12-26 05:29 . 2011-12-26 05:29 28414 ----a-w- c:\b9805ad3dbe23fe7943a\2052\LocalizedData.xml
2011-12-26 05:29 . 2011-12-26 05:29 37332 ----a-w- c:\b9805ad3dbe23fe7943a\2070\LocalizedData.xml
2011-12-26 05:29 . 2011-12-26 05:29 37096 ----a-w- c:\b9805ad3dbe23fe7943a\3082\LocalizedData.xml
2011-12-26 05:29 . 2011-12-26 05:29 37676 ----a-w- c:\b9805ad3dbe23fe7943a\1036\LocalizedData.xml
2011-12-26 05:29 . 2011-12-26 05:29 33028 ----a-w- c:\b9805ad3dbe23fe7943a\1037\LocalizedData.xml
2011-12-26 05:29 . 2011-12-26 05:29 37692 ----a-w- c:\b9805ad3dbe23fe7943a\1038\LocalizedData.xml
2011-12-26 05:29 . 2011-12-26 05:29 37048 ----a-w- c:\b9805ad3dbe23fe7943a\1040\LocalizedData.xml
2011-12-26 05:29 . 2011-12-26 05:29 31424 ----a-w- c:\b9805ad3dbe23fe7943a\1041\LocalizedData.xml
2011-12-26 05:29 . 2011-12-26 05:29 30504 ----a-w- c:\b9805ad3dbe23fe7943a\1042\LocalizedData.xml
2011-12-26 05:29 . 2011-12-26 05:29 36850 ----a-w- c:\b9805ad3dbe23fe7943a\1043\LocalizedData.xml
2011-12-26 05:29 . 2011-12-26 05:29 36546 ----a-w- c:\b9805ad3dbe23fe7943a\1044\LocalizedData.xml
2011-12-26 05:29 . 2011-12-26 05:29 34118 ----a-w- c:\b9805ad3dbe23fe7943a\1025\LocalizedData.xml
2011-12-26 05:29 . 2011-12-26 05:29 28422 ----a-w- c:\b9805ad3dbe23fe7943a\1028\LocalizedData.xml
2011-12-26 05:29 . 2011-12-26 05:29 36716 ----a-w- c:\b9805ad3dbe23fe7943a\1029\LocalizedData.xml
2011-12-26 05:29 . 2011-12-26 05:29 36020 ----a-w- c:\b9805ad3dbe23fe7943a\1030\LocalizedData.xml
2011-12-26 05:29 . 2011-12-26 05:29 37858 ----a-w- c:\b9805ad3dbe23fe7943a\1031\LocalizedData.xml
2011-12-26 05:29 . 2011-12-26 05:29 38668 ----a-w- c:\b9805ad3dbe23fe7943a\1032\LocalizedData.xml
2011-12-26 05:29 . 2011-12-26 05:29 36066 ----a-w- c:\b9805ad3dbe23fe7943a\1035\LocalizedData.xml
2011-12-26 05:29 . 2011-12-26 05:29 28422 ----a-w- c:\b9805ad3dbe23fe7943a\3076\LocalizedData.xml
2011-12-26 05:29 . 2011-12-26 05:29 27846 ----a-w- c:\b9805ad3dbe23fe7943a\ParameterInfo.xml
2011-12-26 05:29 . 2011-12-26 05:29 35802 ----a-w- c:\b9805ad3dbe23fe7943a\1033\LocalizedData.xml
2011-12-26 05:24 . 2011-12-26 05:24 8835072 ----a-w- c:\b9805ad3dbe23fe7943a\NDP40-KB2656351.msp
2011-12-26 04:09 . 2011-12-26 04:09 3628 ----a-w- c:\b9805ad3dbe23fe7943a\header.bmp
2011-12-26 04:09 . 2011-12-26 04:09 196662 ----a-w- c:\b9805ad3dbe23fe7943a\SplashScreen.bmp
2011-12-26 04:09 . 2011-12-26 04:09 13606 ----a-w- c:\b9805ad3dbe23fe7943a\Strings.xml
2011-12-26 04:09 . 2011-12-26 04:09 36180 ----a-w- c:\b9805ad3dbe23fe7943a\UiInfo.xml
2011-12-26 04:09 . 2011-12-26 04:09 104072 ----a-w- c:\b9805ad3dbe23fe7943a\watermark.bmp
2011-12-26 04:09 . 2011-12-26 04:09 123035 ----a-w- c:\b9805ad3dbe23fe7943a\1025\eula.rtf
2011-12-26 04:09 . 2011-12-26 04:09 128333 ----a-w- c:\b9805ad3dbe23fe7943a\1028\eula.rtf
2011-12-26 04:09 . 2011-12-26 04:09 101146 ----a-w- c:\b9805ad3dbe23fe7943a\1029\eula.rtf
2011-12-26 04:09 . 2011-12-26 04:09 109464 ----a-w- c:\b9805ad3dbe23fe7943a\1030\eula.rtf
2011-12-26 04:09 . 2011-12-26 04:09 91719 ----a-w- c:\b9805ad3dbe23fe7943a\1031\eula.rtf
2011-12-26 04:09 . 2011-12-26 04:09 102048 ----a-w- c:\b9805ad3dbe23fe7943a\1032\eula.rtf
2011-12-26 04:09 . 2011-12-26 04:09 138595 ----a-w- c:\b9805ad3dbe23fe7943a\1033\eula.rtf
2011-12-26 04:09 . 2011-12-26 04:09 111176 ----a-w- c:\b9805ad3dbe23fe7943a\1035\eula.rtf
2011-12-26 04:09 . 2011-12-26 04:09 133172 ----a-w- c:\b9805ad3dbe23fe7943a\1036\eula.rtf
2011-12-26 04:09 . 2011-12-26 04:09 125351 ----a-w- c:\b9805ad3dbe23fe7943a\1037\eula.rtf
2011-12-26 04:09 . 2011-12-26 04:09 110879 ----a-w- c:\b9805ad3dbe23fe7943a\1038\eula.rtf
2011-12-26 04:09 . 2011-12-26 04:09 124974 ----a-w- c:\b9805ad3dbe23fe7943a\1040\eula.rtf
2011-12-26 04:09 . 2011-12-26 04:09 111958 ----a-w- c:\b9805ad3dbe23fe7943a\1041\eula.rtf
2011-12-26 04:09 . 2011-12-26 04:09 149503 ----a-w- c:\b9805ad3dbe23fe7943a\1042\eula.rtf
2011-12-26 04:09 . 2011-12-26 04:09 35285 ----a-w- c:\b9805ad3dbe23fe7943a\1043\eula.rtf
2011-12-26 04:09 . 2011-12-26 04:09 36083 ----a-w- c:\b9805ad3dbe23fe7943a\1044\eula.rtf
2011-12-26 04:09 . 2011-12-26 04:09 126541 ----a-w- c:\b9805ad3dbe23fe7943a\1045\eula.rtf
2011-12-26 04:09 . 2011-12-26 04:09 109574 ----a-w- c:\b9805ad3dbe23fe7943a\1046\eula.rtf
2011-12-26 04:09 . 2011-12-26 04:09 49319 ----a-w- c:\b9805ad3dbe23fe7943a\1049\eula.rtf
2011-12-26 04:09 . 2011-12-26 04:09 125073 ----a-w- c:\b9805ad3dbe23fe7943a\1053\eula.rtf
2011-12-26 04:09 . 2011-12-26 04:09 112947 ----a-w- c:\b9805ad3dbe23fe7943a\1055\eula.rtf
2011-12-26 04:09 . 2011-12-26 04:09 110754 ----a-w- c:\b9805ad3dbe23fe7943a\2052\eula.rtf
2011-12-26 04:09 . 2011-12-26 04:09 125196 ----a-w- c:\b9805ad3dbe23fe7943a\2070\eula.rtf
2011-12-26 04:09 . 2011-12-26 04:09 2060 ----a-w- c:\b9805ad3dbe23fe7943a\3076\eula.rtf
2011-12-26 04:09 . 2011-12-26 04:09 108174 ----a-w- c:\b9805ad3dbe23fe7943a\3082\eula.rtf
2011-12-26 02:51 . 2011-12-26 02:51 19224 ----a-w- c:\b9805ad3dbe23fe7943a\3082\SetupResources.dll
2011-12-26 02:51 . 2011-12-26 02:51 14616 ----a-w- c:\b9805ad3dbe23fe7943a\2052\SetupResources.dll
2011-12-26 02:51 . 2011-12-26 02:51 19224 ----a-w- c:\b9805ad3dbe23fe7943a\2070\SetupResources.dll
2011-12-26 02:51 . 2011-12-26 02:51 18200 ----a-w- c:\b9805ad3dbe23fe7943a\1053\SetupResources.dll
2011-12-26 02:51 . 2011-12-26 02:51 18200 ----a-w- c:\b9805ad3dbe23fe7943a\1055\SetupResources.dll
2011-12-26 02:51 . 2011-12-26 02:51 18712 ----a-w- c:\b9805ad3dbe23fe7943a\1046\SetupResources.dll
2011-12-26 02:51 . 2011-12-26 02:51 19224 ----a-w- c:\b9805ad3dbe23fe7943a\1049\SetupResources.dll
2011-12-26 02:51 . 2011-12-26 02:51 18712 ----a-w- c:\b9805ad3dbe23fe7943a\1045\SetupResources.dll
2011-12-26 02:51 . 2011-12-26 02:51 19736 ----a-w- c:\b9805ad3dbe23fe7943a\1043\SetupResources.dll
2011-12-26 02:51 . 2011-12-26 02:51 18200 ----a-w- c:\b9805ad3dbe23fe7943a\1044\SetupResources.dll
2011-12-26 02:51 . 2011-12-26 02:51 15640 ----a-w- c:\b9805ad3dbe23fe7943a\1042\SetupResources.dll
2011-12-26 02:51 . 2011-12-26 02:51 18712 ----a-w- c:\b9805ad3dbe23fe7943a\1040\SetupResources.dll
2011-12-26 02:51 . 2011-12-26 02:51 16152 ----a-w- c:\b9805ad3dbe23fe7943a\1041\SetupResources.dll
2011-12-26 02:51 . 2011-12-26 02:51 19224 ----a-w- c:\b9805ad3dbe23fe7943a\1038\SetupResources.dll
2011-12-26 02:51 . 2011-12-26 02:51 19224 ----a-w- c:\b9805ad3dbe23fe7943a\1036\SetupResources.dll
2011-12-26 02:51 . 2011-12-26 02:51 17176 ----a-w- c:\b9805ad3dbe23fe7943a\1037\SetupResources.dll
2011-12-26 02:51 . 2011-12-26 02:51 18712 ----a-w- c:\b9805ad3dbe23fe7943a\1035\SetupResources.dll
2011-12-26 02:51 . 2011-12-26 02:51 19736 ----a-w- c:\b9805ad3dbe23fe7943a\1032\SetupResources.dll
2011-12-26 02:51 . 2011-12-26 02:51 17688 ----a-w- c:\b9805ad3dbe23fe7943a\1033\SetupResources.dll
2011-12-26 02:51 . 2011-12-26 02:51 19224 ----a-w- c:\b9805ad3dbe23fe7943a\1031\SetupResources.dll
2011-12-26 02:51 . 2011-12-26 02:51 18712 ----a-w- c:\b9805ad3dbe23fe7943a\1030\SetupResources.dll
2011-12-26 02:51 . 2011-12-26 02:51 14616 ----a-w- c:\b9805ad3dbe23fe7943a\1028\SetupResources.dll
2011-12-26 02:51 . 2011-12-26 02:51 18712 ----a-w- c:\b9805ad3dbe23fe7943a\1029\SetupResources.dll
2011-12-26 02:51 . 2011-12-26 02:51 14616 ----a-w- c:\b9805ad3dbe23fe7943a\3076\SetupResources.dll
2011-12-26 02:51 . 2011-12-26 02:51 17688 ----a-w- c:\b9805ad3dbe23fe7943a\1025\SetupResources.dll
2011-12-26 02:51 . 2011-12-26 02:51 810256 ----a-w- c:\b9805ad3dbe23fe7943a\SetupEngine.dll
2011-12-26 02:51 . 2011-12-26 02:51 296712 ----a-w- c:\b9805ad3dbe23fe7943a\SetupUi.dll
2011-12-26 02:51 . 2011-12-26 02:51 79112 ----a-w- c:\b9805ad3dbe23fe7943a\Setup.exe
2011-12-26 02:38 . 2011-12-26 02:38 16118 ----a-w- c:\b9805ad3dbe23fe7943a\DHtmlHeader.html
2011-12-26 02:38 . 2011-12-26 02:38 30120 ----a-w- c:\b9805ad3dbe23fe7943a\SetupUi.xsd
2011-12-26 02:38 . 2011-12-26 02:38 196416 ----a-w- c:\b9805ad3dbe23fe7943a\sqmapi.dll
2011-12-25 22:00 . 2011-12-25 22:00 97048 ----a-w- c:\b9805ad3dbe23fe7943a\SetupUtility.exe
2011-12-25 21:57 . 2011-12-25 21:57 1150 ----a-w- c:\b9805ad3dbe23fe7943a\Graphics\Print.ico
2011-12-25 21:57 . 2011-12-25 21:57 894 ----a-w- c:\b9805ad3dbe23fe7943a\Graphics\Rotate1.ico
2011-12-25 21:57 . 2011-12-25 21:57 894 ----a-w- c:\b9805ad3dbe23fe7943a\Graphics\Rotate2.ico
2011-12-25 21:57 . 2011-12-25 21:57 894 ----a-w- c:\b9805ad3dbe23fe7943a\Graphics\Rotate3.ico
2011-12-25 21:57 . 2011-12-25 21:57 894 ----a-w- c:\b9805ad3dbe23fe7943a\Graphics\Rotate4.ico
2011-12-25 21:57 . 2011-12-25 21:57 894 ----a-w- c:\b9805ad3dbe23fe7943a\Graphics\Rotate5.ico
2011-12-25 21:57 . 2011-12-25 21:57 894 ----a-w- c:\b9805ad3dbe23fe7943a\Graphics\Rotate6.ico
2011-12-25 21:57 . 2011-12-25 21:57 894 ----a-w- c:\b9805ad3dbe23fe7943a\Graphics\Rotate7.ico
2011-12-25 21:57 . 2011-12-25 21:57 894 ----a-w- c:\b9805ad3dbe23fe7943a\Graphics\Rotate8.ico
2011-12-25 21:57 . 2011-12-25 21:57 1150 ----a-w- c:\b9805ad3dbe23fe7943a\Graphics\Save.ico
2011-12-25 21:57 . 2011-12-25 21:57 36710 ----a-w- c:\b9805ad3dbe23fe7943a\Graphics\Setup.ico
2011-12-25 21:57 . 2011-12-25 21:57 10134 ----a-w- c:\b9805ad3dbe23fe7943a\Graphics\stop.ico
2011-12-25 21:57 . 2011-12-25 21:57 1150 ----a-w- c:\b9805ad3dbe23fe7943a\Graphics\SysReqMet.ico
2011-12-25 21:57 . 2011-12-25 21:57 1150 ----a-w- c:\b9805ad3dbe23fe7943a\Graphics\SysReqNotMet.ico
2011-12-25 21:57 . 2011-12-25 21:57 10134 ----a-w- c:\b9805ad3dbe23fe7943a\Graphics\warn.ico
.
.
((((((((((((((((((((((((((((( SnapShot@2012-02-24_16.40.53 )))))))))))))))))))))))))))))))))))))))))
.
- 2010-01-28 19:20 . 2012-02-24 16:12 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-01-28 19:20 . 2012-02-24 19:12 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-01-28 19:20 . 2012-02-24 16:12 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-01-28 19:20 . 2012-02-24 19:12 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-11-09 23:21 . 2012-02-24 17:10 3279 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Bluetooth\bthservsdp.dat
- 2009-11-09 23:21 . 2012-02-24 16:38 3279 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Bluetooth\bthservsdp.dat
- 2012-02-24 16:40 . 2012-02-24 16:40 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-02-24 20:58 . 2012-02-24 20:58 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-02-24 16:40 . 2012-02-24 16:40 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-02-24 20:58 . 2012-02-24 20:58 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-14 05:01 . 2012-02-24 17:10 399108 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-02-24 16:39 399108 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-06-28 20:09 . 2012-02-24 17:10 1743569 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-4066432908-1446298234-410416423-1000-12288.dat
- 2011-06-28 20:09 . 2012-02-15 15:13 1743569 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-4066432908-1446298234-410416423-1000-12288.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-02 98304]
"HPCam_Menu"="c:\program files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" [2009-02-25 218408]
"UpdatePRCShortCut"="c:\program files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"WirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-07-23 498744]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"F-Secure Manager"="c:\program files (x86)\F-Secure\Common\FSM32.EXE" [2010-05-31 301744]
"F-Secure TNB"="c:\program files (x86)\F-Secure\FSGUI\TNBUtil.exe" [2010-05-31 1653424]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-7-1 1079584]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"WallpaperStyle"= 2
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 gupdate;Služba Google Update (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-29 135664]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-06-21 85560]
R3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-05-05 228408]
R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [x]
R3 gupdatem;Služba Google Update (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-29 135664]
R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [x]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 TFsExDisk;TFsExDisk;c:\windows\System32\Drivers\TFsExDisk.sys [2011-01-20 16392]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 fsvista;F-Secure Vista Support Driver;c:\program files (x86)\F-Secure\Anti-Virus\minifilter\fsvista.sys [2010-05-31 14904]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe [2009-03-02 89600]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x]
S2 TVCapSvc;TV Background Capture Service (TVBCS);c:\program files (x86)\Hewlett-Packard\Media\Live TV\Kernel\TV\TVCapSvc.exe [2009-07-24 275840]
S2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe [2009-07-12 1924400]
S3 AVerAF15;HP DVB-T TV Tuner;c:\windows\system32\Drivers\AVerAF15.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [x]
S3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files (x86)\F-Secure\Anti-Virus\minifilter\fsgk.sys [2011-09-08 198808]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-06-17 11:11 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2012-02-06 c:\windows\Tasks\HPCeeScheduleForAlice Shy.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2009-10-07 03:22]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"combofix"="c:\combofix\CF5811.3XE" [2010-11-20 345088]
.
------- Doplňkový sken -------
.
uLocal Page = %SystemRoot%\system32\blank.htm
uStart Page = hxxp://www.google.cz/
mLocal Page = %SystemRoot%\system32\blank.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: Odeslat obrázek do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odeslat stránku do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: Search the Web - c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\menuext.html
IE: WikiKomentáře Google... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.10.1
FF - ProfilePath - c:\users\Alice Shy\AppData\Roaming\Mozilla\Firefox\Profiles\1ag1t18x.default\
FF - prefs.js: browser.search.selectedEngine - Google
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
WebBrowser-{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - (no file)
WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
WebBrowser-{CD90BF73-20F6-44EF-993D-BB920303BD2E} - (no file)
WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
AddRemove-McAfee Security Scan - c:\program files (x86)\McAfee Security Scan\uninstall.exe
.
.
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\DigitalPersona\Bin\DpHostW.exe
c:\program files (x86)\F-Secure\Common\FSMA32.EXE
c:\program files (x86)\F-Secure\Common\FSHDLL32.EXE
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files (x86)\CyberLink\Shared files\RichVideo.exe
c:\program files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
c:\program files (x86)\Hewlett-Packard\Media\Live TV\TVAgent.exe
c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
c:\program files (x86)\F-Secure\Common\FNRB32.EXE
c:\program files (x86)\F-Secure\Common\FIH32.EXE
c:\program files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
.
**************************************************************************
.
Celkový čas: 2012-02-24 22:05:19 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-02-24 21:05
ComboFix2.txt 2012-02-24 16:57
.
Před spuštěním: Volných bajtů: 429 046 059 008
Po spuštění: Volných bajtů: 428 962 168 832
.
- - End Of File - - 472AF3433757C4B17AD7666B202B030F
AMD Phenom II 955 BE, CM hyper 212 plus; Gigabyte MA770-T-UD3P; 2x2GB RAM Kingstone Hyper X DDR3 1600MHz; nVIDIA GeForce GT730
- jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43298
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: kontrola HJT firemního notebooku
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE
Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT
Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.
V možnostech složky si povol zobrazování skrytých souborů a složek+ odškrtni zatržítko skrýt chráněné soubory operačního systému
Toto otestuj na Virustotal
c:\windows\system32\msvcrt.dll
Klikni vpravo od okénka na Vybrat a v Exploreru najdi požadovaný soubor v Tvém PC. Označ ho myší a klikni na Otevřít , poté klikni na Send File. Pokud už byl soubor testován , objeví se okno ve kterém klikni na Reanalyze. Soubor se začne postupně testovat více antivirovými programy. Až skončí test posledního antiviru , objeví se nahoře result a červeně počet nákaz , např. 0/43 , nebo 1/43. Pak zkopíruj myší odkaz na tuto stránku a vlož ji do svého příspěvku.
Stáhni si CrystalDiskInfo
Spusť program a klikni na Úpravy-Kopírovat. Poté sem vlož pomocí Ctrl+V obsah logu.
Stáhni si Memtest:
Do políčka vlož největší velikost Tvé jednotlivé paměti RAM (256,512 nebo 1024,2048) dej Start , nech nejméně 2h běžet , pokud bude po 2h stále 0 errors , jsou v pořádku.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE
Kód: Vybrat vše
Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"combofix"=-
Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT
Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.
V možnostech složky si povol zobrazování skrytých souborů a složek+ odškrtni zatržítko skrýt chráněné soubory operačního systému
Toto otestuj na Virustotal
c:\windows\system32\msvcrt.dll
Klikni vpravo od okénka na Vybrat a v Exploreru najdi požadovaný soubor v Tvém PC. Označ ho myší a klikni na Otevřít , poté klikni na Send File. Pokud už byl soubor testován , objeví se okno ve kterém klikni na Reanalyze. Soubor se začne postupně testovat více antivirovými programy. Až skončí test posledního antiviru , objeví se nahoře result a červeně počet nákaz , např. 0/43 , nebo 1/43. Pak zkopíruj myší odkaz na tuto stránku a vlož ji do svého příspěvku.
Stáhni si CrystalDiskInfo
Spusť program a klikni na Úpravy-Kopírovat. Poté sem vlož pomocí Ctrl+V obsah logu.
Stáhni si Memtest:
Do políčka vlož největší velikost Tvé jednotlivé paměti RAM (256,512 nebo 1024,2048) dej Start , nech nejméně 2h běžet , pokud bude po 2h stále 0 errors , jsou v pořádku.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Re: kontrola HJT firemního notebooku
ComboFix 12-02-24.02 - Alice Shy 25.02.2012 22:12:24.3.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.4092.2757 [GMT 1:00]
Spuštěný z: c:\users\Alice Shy\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Alice Shy\Desktop\CFScript.txt
AV: F-Secure Anti-Virus for Workstations 9.01 *Disabled/Updated* {15414183-282E-D62C-CA37-EF24860A2F17}
SP: F-Secure Anti-Virus for Workstations 9.01 *Disabled/Updated* {AE20A067-0E14-D9A2-F087-D456FD8D65AA}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-01-25 do 2012-02-25 )))))))))))))))))))))))))))))))
.
.
2012-02-25 21:24 . 2012-02-25 21:24 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-02-24 13:42 . 2012-02-24 13:42 -------- d-----w- c:\users\Alice Shy\AppData\Roaming\Malwarebytes
2012-02-24 13:42 . 2012-02-24 13:42 -------- d-----w- c:\programdata\Malwarebytes
2012-02-24 13:42 . 2012-02-24 13:42 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-02-24 13:42 . 2011-12-10 14:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-24 09:37 . 2012-02-24 09:37 -------- d-----w- C:\b9805ad3dbe23fe7943a
2012-02-22 07:32 . 2012-02-22 07:32 -------- d-----w- C:\597fc85747b80d72ac5b
2012-02-17 15:35 . 2012-01-04 10:44 509952 ----a-w- c:\windows\system32\ntshrui.dll
2012-02-17 15:35 . 2012-01-04 08:58 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll
2012-02-17 15:33 . 2012-01-14 04:06 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-02-17 15:33 . 2011-12-16 08:46 634880 ----a-w- c:\windows\system32\msvcrt.dll
2012-02-17 15:33 . 2011-12-16 07:52 690688 ----a-w- c:\windows\SysWow64\msvcrt.dll
2012-02-17 15:33 . 2011-12-30 06:26 515584 ----a-w- c:\windows\system32\timedate.cpl
2012-02-17 15:33 . 2011-12-30 05:27 478720 ----a-w- c:\windows\SysWow64\timedate.cpl
2012-02-17 15:33 . 2011-12-28 03:59 498688 ----a-w- c:\windows\system32\drivers\afd.sys
2012-02-15 17:58 . 2012-02-15 17:58 -------- d-----w- c:\users\Alice Shy\AppData\Local\Solid State Networks
2012-01-29 11:27 . 2012-01-29 11:27 -------- d-----w- c:\users\Alice Shy\AppData\Roaming\COWON
2012-01-29 11:25 . 2012-01-29 11:25 -------- d-----w- c:\program files (x86)\Common Files\COWON
2012-01-29 11:24 . 2012-01-29 11:26 -------- d-----w- c:\program files (x86)\JetAudio
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-18 13:01 . 2011-05-27 18:52 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
.
.
((((((((((((((((((((((((((((( SnapShot@2012-02-24_16.40.53 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-09-06 01:29 . 2012-02-25 21:07 58652 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-02-25 21:07 64424 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-01-29 19:07 . 2012-02-25 21:07 17408 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4066432908-1446298234-410416423-1000_UserData.bin
- 2010-01-28 19:20 . 2012-02-24 16:12 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-01-28 19:20 . 2012-02-25 21:11 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-01-28 19:20 . 2012-02-24 16:12 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-01-28 19:20 . 2012-02-25 21:11 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-11-09 23:21 . 2012-02-24 21:31 3279 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Bluetooth\bthservsdp.dat
- 2009-11-09 23:21 . 2012-02-24 16:38 3279 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Bluetooth\bthservsdp.dat
- 2012-02-24 16:40 . 2012-02-24 16:40 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-02-25 21:05 . 2012-02-25 21:05 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-02-25 21:05 . 2012-02-25 21:05 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-02-24 16:40 . 2012-02-24 16:40 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 02:36 . 2012-02-24 16:18 656888 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-02-25 21:10 656888 c:\windows\system32\perfh009.dat
+ 2009-09-06 11:13 . 2012-02-25 21:10 671184 c:\windows\system32\perfh005.dat
- 2009-09-06 11:13 . 2012-02-24 16:18 671184 c:\windows\system32\perfh005.dat
- 2009-07-14 02:36 . 2012-02-24 16:18 123338 c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2012-02-25 21:10 123338 c:\windows\system32\perfc009.dat
+ 2009-09-06 11:13 . 2012-02-25 21:10 142366 c:\windows\system32\perfc005.dat
- 2009-09-06 11:13 . 2012-02-24 16:18 142366 c:\windows\system32\perfc005.dat
- 2009-07-14 05:01 . 2012-02-24 16:39 399108 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-02-24 21:31 399108 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-06-28 20:09 . 2012-02-24 21:31 1743569 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-4066432908-1446298234-410416423-1000-12288.dat
- 2011-06-28 20:09 . 2012-02-15 15:13 1743569 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-4066432908-1446298234-410416423-1000-12288.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-02 98304]
"HPCam_Menu"="c:\program files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" [2009-02-25 218408]
"UpdatePRCShortCut"="c:\program files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"WirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-07-23 498744]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"F-Secure Manager"="c:\program files (x86)\F-Secure\Common\FSM32.EXE" [2010-05-31 301744]
"F-Secure TNB"="c:\program files (x86)\F-Secure\FSGUI\TNBUtil.exe" [2010-05-31 1653424]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-7-1 1079584]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"WallpaperStyle"= 2
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 gupdate;Služba Google Update (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-29 135664]
R3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-05-05 228408]
R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [x]
R3 gupdatem;Služba Google Update (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-29 135664]
R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [x]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 TFsExDisk;TFsExDisk;c:\windows\System32\Drivers\TFsExDisk.sys [2011-01-20 16392]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 fsvista;F-Secure Vista Support Driver;c:\program files (x86)\F-Secure\Anti-Virus\minifilter\fsvista.sys [2010-05-31 14904]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe [2009-03-02 89600]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-06-21 85560]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x]
S2 TVCapSvc;TV Background Capture Service (TVBCS);c:\program files (x86)\Hewlett-Packard\Media\Live TV\Kernel\TV\TVCapSvc.exe [2009-07-24 275840]
S2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe [2009-07-12 1924400]
S3 AVerAF15;HP DVB-T TV Tuner;c:\windows\system32\Drivers\AVerAF15.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [x]
S3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files (x86)\F-Secure\Anti-Virus\minifilter\fsgk.sys [2011-09-08 198808]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-06-17 11:11 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2012-02-06 c:\windows\Tasks\HPCeeScheduleForAlice Shy.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2009-10-07 03:22]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
.
------- Doplňkový sken -------
.
uLocal Page = %SystemRoot%\system32\blank.htm
uStart Page = hxxp://www.google.cz/
mLocal Page = %SystemRoot%\system32\blank.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: Odeslat obrázek do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odeslat stránku do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: Search the Web - c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\menuext.html
IE: WikiKomentáře Google... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.10.1
FF - ProfilePath - c:\users\Alice Shy\AppData\Roaming\Mozilla\Firefox\Profiles\1ag1t18x.default\
FF - prefs.js: browser.search.selectedEngine - Google
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
WebBrowser-{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - (no file)
WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
WebBrowser-{CD90BF73-20F6-44EF-993D-BB920303BD2E} - (no file)
WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
.
.
.
Celkový čas: 2012-02-25 22:44:17
ComboFix-quarantined-files.txt 2012-02-25 21:44
ComboFix2.txt 2012-02-24 21:05
ComboFix3.txt 2012-02-24 16:57
.
Před spuštěním: Volných bajtů: 429 003 894 784
Po spuštění: Volných bajtů: 428 959 563 776
.
- - End Of File - - CBC0F80FB4617EA59BE6D80CDC360309
Zatím mám jen log z combofixu, zítra dodám zbytek, sem ted dost časově vytížený, takže díky že jste na mě nezapomněli.
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.4092.2757 [GMT 1:00]
Spuštěný z: c:\users\Alice Shy\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Alice Shy\Desktop\CFScript.txt
AV: F-Secure Anti-Virus for Workstations 9.01 *Disabled/Updated* {15414183-282E-D62C-CA37-EF24860A2F17}
SP: F-Secure Anti-Virus for Workstations 9.01 *Disabled/Updated* {AE20A067-0E14-D9A2-F087-D456FD8D65AA}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-01-25 do 2012-02-25 )))))))))))))))))))))))))))))))
.
.
2012-02-25 21:24 . 2012-02-25 21:24 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-02-24 13:42 . 2012-02-24 13:42 -------- d-----w- c:\users\Alice Shy\AppData\Roaming\Malwarebytes
2012-02-24 13:42 . 2012-02-24 13:42 -------- d-----w- c:\programdata\Malwarebytes
2012-02-24 13:42 . 2012-02-24 13:42 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-02-24 13:42 . 2011-12-10 14:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-24 09:37 . 2012-02-24 09:37 -------- d-----w- C:\b9805ad3dbe23fe7943a
2012-02-22 07:32 . 2012-02-22 07:32 -------- d-----w- C:\597fc85747b80d72ac5b
2012-02-17 15:35 . 2012-01-04 10:44 509952 ----a-w- c:\windows\system32\ntshrui.dll
2012-02-17 15:35 . 2012-01-04 08:58 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll
2012-02-17 15:33 . 2012-01-14 04:06 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-02-17 15:33 . 2011-12-16 08:46 634880 ----a-w- c:\windows\system32\msvcrt.dll
2012-02-17 15:33 . 2011-12-16 07:52 690688 ----a-w- c:\windows\SysWow64\msvcrt.dll
2012-02-17 15:33 . 2011-12-30 06:26 515584 ----a-w- c:\windows\system32\timedate.cpl
2012-02-17 15:33 . 2011-12-30 05:27 478720 ----a-w- c:\windows\SysWow64\timedate.cpl
2012-02-17 15:33 . 2011-12-28 03:59 498688 ----a-w- c:\windows\system32\drivers\afd.sys
2012-02-15 17:58 . 2012-02-15 17:58 -------- d-----w- c:\users\Alice Shy\AppData\Local\Solid State Networks
2012-01-29 11:27 . 2012-01-29 11:27 -------- d-----w- c:\users\Alice Shy\AppData\Roaming\COWON
2012-01-29 11:25 . 2012-01-29 11:25 -------- d-----w- c:\program files (x86)\Common Files\COWON
2012-01-29 11:24 . 2012-01-29 11:26 -------- d-----w- c:\program files (x86)\JetAudio
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-18 13:01 . 2011-05-27 18:52 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
.
.
((((((((((((((((((((((((((((( SnapShot@2012-02-24_16.40.53 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-09-06 01:29 . 2012-02-25 21:07 58652 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-02-25 21:07 64424 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-01-29 19:07 . 2012-02-25 21:07 17408 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4066432908-1446298234-410416423-1000_UserData.bin
- 2010-01-28 19:20 . 2012-02-24 16:12 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-01-28 19:20 . 2012-02-25 21:11 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-01-28 19:20 . 2012-02-24 16:12 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-01-28 19:20 . 2012-02-25 21:11 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-11-09 23:21 . 2012-02-24 21:31 3279 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Bluetooth\bthservsdp.dat
- 2009-11-09 23:21 . 2012-02-24 16:38 3279 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Bluetooth\bthservsdp.dat
- 2012-02-24 16:40 . 2012-02-24 16:40 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-02-25 21:05 . 2012-02-25 21:05 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-02-25 21:05 . 2012-02-25 21:05 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-02-24 16:40 . 2012-02-24 16:40 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 02:36 . 2012-02-24 16:18 656888 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-02-25 21:10 656888 c:\windows\system32\perfh009.dat
+ 2009-09-06 11:13 . 2012-02-25 21:10 671184 c:\windows\system32\perfh005.dat
- 2009-09-06 11:13 . 2012-02-24 16:18 671184 c:\windows\system32\perfh005.dat
- 2009-07-14 02:36 . 2012-02-24 16:18 123338 c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2012-02-25 21:10 123338 c:\windows\system32\perfc009.dat
+ 2009-09-06 11:13 . 2012-02-25 21:10 142366 c:\windows\system32\perfc005.dat
- 2009-09-06 11:13 . 2012-02-24 16:18 142366 c:\windows\system32\perfc005.dat
- 2009-07-14 05:01 . 2012-02-24 16:39 399108 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-02-24 21:31 399108 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-06-28 20:09 . 2012-02-24 21:31 1743569 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-4066432908-1446298234-410416423-1000-12288.dat
- 2011-06-28 20:09 . 2012-02-15 15:13 1743569 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-4066432908-1446298234-410416423-1000-12288.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-02 98304]
"HPCam_Menu"="c:\program files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" [2009-02-25 218408]
"UpdatePRCShortCut"="c:\program files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"WirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-07-23 498744]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"F-Secure Manager"="c:\program files (x86)\F-Secure\Common\FSM32.EXE" [2010-05-31 301744]
"F-Secure TNB"="c:\program files (x86)\F-Secure\FSGUI\TNBUtil.exe" [2010-05-31 1653424]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-7-1 1079584]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"WallpaperStyle"= 2
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 gupdate;Služba Google Update (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-29 135664]
R3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-05-05 228408]
R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [x]
R3 gupdatem;Služba Google Update (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-29 135664]
R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [x]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 TFsExDisk;TFsExDisk;c:\windows\System32\Drivers\TFsExDisk.sys [2011-01-20 16392]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 fsvista;F-Secure Vista Support Driver;c:\program files (x86)\F-Secure\Anti-Virus\minifilter\fsvista.sys [2010-05-31 14904]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe [2009-03-02 89600]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-06-21 85560]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x]
S2 TVCapSvc;TV Background Capture Service (TVBCS);c:\program files (x86)\Hewlett-Packard\Media\Live TV\Kernel\TV\TVCapSvc.exe [2009-07-24 275840]
S2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe [2009-07-12 1924400]
S3 AVerAF15;HP DVB-T TV Tuner;c:\windows\system32\Drivers\AVerAF15.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [x]
S3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files (x86)\F-Secure\Anti-Virus\minifilter\fsgk.sys [2011-09-08 198808]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-06-17 11:11 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2012-02-06 c:\windows\Tasks\HPCeeScheduleForAlice Shy.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2009-10-07 03:22]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
.
------- Doplňkový sken -------
.
uLocal Page = %SystemRoot%\system32\blank.htm
uStart Page = hxxp://www.google.cz/
mLocal Page = %SystemRoot%\system32\blank.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: Odeslat obrázek do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odeslat stránku do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: Search the Web - c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\menuext.html
IE: WikiKomentáře Google... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.10.1
FF - ProfilePath - c:\users\Alice Shy\AppData\Roaming\Mozilla\Firefox\Profiles\1ag1t18x.default\
FF - prefs.js: browser.search.selectedEngine - Google
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
WebBrowser-{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - (no file)
WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
WebBrowser-{CD90BF73-20F6-44EF-993D-BB920303BD2E} - (no file)
WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
.
.
.
Celkový čas: 2012-02-25 22:44:17
ComboFix-quarantined-files.txt 2012-02-25 21:44
ComboFix2.txt 2012-02-24 21:05
ComboFix3.txt 2012-02-24 16:57
.
Před spuštěním: Volných bajtů: 429 003 894 784
Po spuštění: Volných bajtů: 428 959 563 776
.
- - End Of File - - CBC0F80FB4617EA59BE6D80CDC360309
Zatím mám jen log z combofixu, zítra dodám zbytek, sem ted dost časově vytížený, takže díky že jste na mě nezapomněli.
AMD Phenom II 955 BE, CM hyper 212 plus; Gigabyte MA770-T-UD3P; 2x2GB RAM Kingstone Hyper X DDR3 1600MHz; nVIDIA GeForce GT730
- Žbeky
- Moderátor
-
Guru Level 13
- Příspěvky: 22288
- Registrován: květen 08
- Bydliště: Vsetín - Pardubice
- Pohlaví:
- Stav:
Offline
Re: kontrola HJT firemního notebooku
POKUD BUDE VIRUSTOTAL BEZ NÁLEZU:
ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix /Uninstall
vyčisti systém CCleanerem
a použij i T-Cleaner
smaže vše po Combu,MWAVu atd.-stáhneš>spustíš
pozn. před stažením T-Cleaneru a po dobu čištění deaktivuj AVG , Avast,Avira či Microsoft Security Essentials následně T-Cleaner smaž a zapni si AVG , Avast, Avira či Microsoft Security Essentials
+ Nový log z HJT
Jak se chová PC?
ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix /Uninstall
vyčisti systém CCleanerem
a použij i T-Cleaner
smaže vše po Combu,MWAVu atd.-stáhneš>spustíš
pozn. před stažením T-Cleaneru a po dobu čištění deaktivuj AVG , Avast,Avira či Microsoft Security Essentials následně T-Cleaner smaž a zapni si AVG , Avast, Avira či Microsoft Security Essentials
+ Nový log z HJT
Jak se chová PC?
V SZ řeším jen záležitosti týkající se fóra. Na prosby a žádosti o technickou podporu nereaguji. Díky za pochopení.
HiJackThis + návod - HW Monitor - Jak označit příspěvek za vyřešený - Pravidla fóra
HiJackThis + návod - HW Monitor - Jak označit příspěvek za vyřešený - Pravidla fóra
Kdo je online
Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 10 hostů