Kontrola logu, děkuji :)

svasik · Příspěvekod **svasik** » 15 pro 2010 16:29

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:28:46, on 15.12.2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16671)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
C:\QIP 2010\qip.exe
C:\Windows\AsScrPro.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Users\Svasik\AppData\Roaming\QipGuard\QipGuard.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.qip.ru/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.qip.ru
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://qip.ru
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - - (no file)
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: comments (such as these) may be inserted on individual
O1 - Hosts: 91.121.75.194 L2authd.Lineage2.com l2authd.lineage2.com
O1 - Hosts: 216.107.250.194 nprotect.lineage2.com
O1 - Hosts: nProtect.lineage2.com
O1 - Hosts: 216.107.250.194 nprotect.lineage2.com
O1 - Hosts: nProtect.lineage2.com
O1 - Hosts: 216.107.250.194 nprotect.lineage2.com
O1 - Hosts: nProtect.lineage2.com
O1 - Hosts: 216.107.250.194 nprotect.lineage2.com
O1 - Hosts: nProtect.lineage2.com
O1 - Hosts: 216.107.250.194 nprotect.lineage2.com
O1 - Hosts: nProtect.lineage2.com
O1 - Hosts: 216.107.250.194 nprotect.lineage2.com
O1 - Hosts: nProtect.lineage2.com
O1 - Hosts: 216.107.250.194 nprotect.lineage2.com
O1 - Hosts: nProtect.lineage2.com
O1 - Hosts: 216.107.250.194 nprotect.lineage2.com
O1 - Hosts: nProtect.lineage2.com
O1 - Hosts: 216.107.250.194 nprotect.lineage2.com
O1 - Hosts: nProtect.lineage2.com
O1 - Hosts: 216.107.250.194 nprotect.lineage2.com
O1 - Hosts: nProtect.lineage2.com
O1 - Hosts: 216.107.250.194 nprotect.lineage2.com
O1 - Hosts: nProtect.lineage2.com
O1 - Hosts: 216.107.250.194 nprotect.lineage2.com
O1 - Hosts: nProtect.lineage2.com
O1 - Hosts: 216.107.250.194 nprotect.lineage2.com
O1 - Hosts: nProtect.lineage2.com
O1 - Hosts: 216.107.250.194 nprotect.lineage2.com
O1 - Hosts: nProtect.lineage2.com
O1 - Hosts: 216.107.250.194 nprotect.lineage2.com
O1 - Hosts: nProtect.lineage2.com
O1 - Hosts: 216.107.250.194 nprotect.lineage2.com
O1 - Hosts: nProtect.lineage2.com
O1 - Hosts: 216.107.250.194 nprotect.lineage2.com
O1 - Hosts: nProtect.lineage2.com
O1 - Hosts: 216.107.250.194 nprotect.lineage2.com
O1 - Hosts: nProtect.lineage2.com
O1 - Hosts: 216.107.250.194 nprotect.lineage2.com
O1 - Hosts: nProtect.lineage2.com
O1 - Hosts: 216.107.250.194 nprotect.lineage2.com
O1 - Hosts: nProtect.lineage2.com
O1 - Hosts: 216.107.250.194 nprotect.lineage2.com
O1 - Hosts: nProtect.lineage2.com
O1 - Hosts: 216.107.250.194 nprotect.lineage2.com
O1 - Hosts: nProtect.lineage2.com
O1 - Hosts: 216.107.250.194 nprotect.lineage2.com
O1 - Hosts: nProtect.lineage2.com
O1 - Hosts: 216.107.250.194 nprotect.lineage2.com
O1 - Hosts: nProtect.lineage2.com
O1 - Hosts: 216.107.250.194 nprotect.lineage2.com
O1 - Hosts: nProtect.lineage2.com
O1 - Hosts: 216.107.250.194 nprotect.lineage2.com
O1 - Hosts: nProtect.lineage2.com
O1 - Hosts: 216.107.250.194 nprotect.lineage2.com
O1 - Hosts: nProtect.lineage2.com
O1 - Hosts: 216.107.250.194 nprotect.lineage2.com
O1 - Hosts: nProtect.lineage2.com
O1 - Hosts: 216.107.250.194 nprotect.lineage2.com
O1 - Hosts: nProtect.lineage2.com
O1 - Hosts: 216.107.250.194 nprotect.lineage2.com
O1 - Hosts: nProtect.lineage2.com
O1 - Hosts: 216.107.250.194 nprotect.lineage2.com
O1 - Hosts: nProtect.lineage2.com
O1 - Hosts: 216.107.250.194 nprotect.lineage2.com
O1 - Hosts: nProtect.lineage2.com
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Pomocná služba pro přihlášení ke službě Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: QIPBHO - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Users\Svasik\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
O4 - HKLM\..\Run: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
O4 - HKLM\..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
O4 - HKLM\..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
O4 - HKLM\..\Run: [Setwallpaper] c:\programdata\SetWallpaper.cmd
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [Infium] "C:\QIP 2010\qip.exe" /autorun
O4 - HKCU\..\Run: [QIP Internet Guardian] C:\Users\Svasik\AppData\Roaming\QipGuard\QipGuard.exe /p
O4 - HKCU\..\Run: [ABUNINSTALLEX] c:\programdata\ab studio\ABUnInstallEx.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: CodeMeter Control Center.lnk = C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe
O4 - Global Startup: Akcelerátor spuštění AutoCADu.lnk = C:\Program Files (x86)\Common Files\Autodesk Shared\acstart17.exe
O4 - Global Startup: FancyStart daemon.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Přidat na blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Přidat na blog Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: AbSoftMgr4 - AB Studio - C:\Program Files\Common Files\AB Studio Shared\AbSoftMgr4.exe
O23 - Service: AFBAgent - Unknown owner - C:\Windows\system32\FBAgent.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: ASLDR Service (ASLDRService) - ASUS - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - ASUS - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: CodeMeter Runtime Server (CodeMeter.exe) - WIBU-SYSTEMS AG - C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: Sony Ericsson OMSI download service (OMSI download service) - Unknown owner - C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: QipGuard - Unknown owner - C:\Program Files (x86)\QipGuard\QipGuard.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files (x86)\WinPcap\rpcapd.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: ServiceLayer - Nokia - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 16808 bytes

Reklama

Příspěvekod **memphisto** » 15 pro 2010 17:30

fix:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.qip.ru/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.qip.ru
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - - (no file)
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: comments (such as these) may be inserted on individual
O1 - Hosts: 91.121.75.194 L2authd.Lineage2.com l2authd.lineage2.com
O1 - Hosts: 216.107.250.194 nprotect.lineage2.com
O1 - Hosts: nProtect.lineage2.com
O1 - Hosts: 216.107.250.194 nprotect.lineage2.com
O1 - Hosts: nProtect.lineage2.com
O1 - Hosts: 216.107.250.194 nprotect.lineage2.com
O1 - Hosts: nProtect.lineage2.com
O1 - Hosts: 216.107.250.194 nprotect.lineage2.com
O1 - Hosts: nProtect.lineage2.com
O1 - Hosts: 216.107.250.194 nprotect.lineage2.com
O1 - Hosts: nProtect.lineage2.com
O1 - Hosts: 216.107.250.194 nprotect.lineage2.com
O1 - Hosts: nProtect.lineage2.com
O1 - Hosts: 216.107.250.194 nprotect.lineage2.com
O1 - Hosts: nProtect.lineage2.com
O1 - Hosts: 216.107.250.194 nprotect.lineage2.com
O1 - Hosts: nProtect.lineage2.com
O1 - Hosts: 216.107.250.194 nprotect.lineage2.com
O1 - Hosts: nProtect.lineage2.com
O1 - Hosts: 216.107.250.194 nprotect.lineage2.com
O1 - Hosts: nProtect.lineage2.com
O1 - Hosts: 216.107.250.194 nprotect.lineage2.com
O1 - Hosts: nProtect.lineage2.com
O1 - Hosts: 216.107.250.194 nprotect.lineage2.com
O1 - Hosts: nProtect.lineage2.com
O1 - Hosts: 216.107.250.194 nprotect.lineage2.com
O1 - Hosts: nProtect.lineage2.com
O1 - Hosts: 216.107.250.194 nprotect.lineage2.com
O1 - Hosts: nProtect.lineage2.com
O1 - Hosts: 216.107.250.194 nprotect.lineage2.com
O1 - Hosts: nProtect.lineage2.com
O1 - Hosts: 216.107.250.194 nprotect.lineage2.com
O1 - Hosts: nProtect.lineage2.com
O1 - Hosts: 216.107.250.194 nprotect.lineage2.com
O1 - Hosts: nProtect.lineage2.com
O1 - Hosts: 216.107.250.194 nprotect.lineage2.com
O1 - Hosts: nProtect.lineage2.com
O1 - Hosts: 216.107.250.194 nprotect.lineage2.com
O1 - Hosts: nProtect.lineage2.com
O1 - Hosts: 216.107.250.194 nprotect.lineage2.com
O1 - Hosts: nProtect.lineage2.com
O1 - Hosts: 216.107.250.194 nprotect.lineage2.com
O1 - Hosts: nProtect.lineage2.com
O1 - Hosts: 216.107.250.194 nprotect.lineage2.com
O1 - Hosts: nProtect.lineage2.com
O1 - Hosts: 216.107.250.194 nprotect.lineage2.com
O1 - Hosts: nProtect.lineage2.com
O1 - Hosts: 216.107.250.194 nprotect.lineage2.com
O1 - Hosts: nProtect.lineage2.com
O1 - Hosts: 216.107.250.194 nprotect.lineage2.com
O1 - Hosts: nProtect.lineage2.com
O1 - Hosts: 216.107.250.194 nprotect.lineage2.com
O1 - Hosts: nProtect.lineage2.com
O1 - Hosts: 216.107.250.194 nprotect.lineage2.com
O1 - Hosts: nProtect.lineage2.com
O1 - Hosts: 216.107.250.194 nprotect.lineage2.com
O1 - Hosts: nProtect.lineage2.com
O1 - Hosts: 216.107.250.194 nprotect.lineage2.com
O1 - Hosts: nProtect.lineage2.com
O1 - Hosts: 216.107.250.194 nprotect.lineage2.com
O1 - Hosts: nProtect.lineage2.com
O1 - Hosts: 216.107.250.194 nprotect.lineage2.com
O1 - Hosts: nProtect.lineage2.com
O1 - Hosts: 216.107.250.194 nprotect.lineage2.com
O1 - Hosts: nProtect.lineage2.com
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: QIPBHO - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Users\Svasik\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.

Vypni si rez.ochrany i firewall.
Stáhni si Dr. Web CureIt
dej update , po aktualizaci dej start.
Tlacitky dole muzeš soubor léčit(systémové soubory), smazat, přesunout nebo přejmenovat

Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Update Malwarebytes' Anti-Malware (Aktualizace Malwarebytes' Anti-Malware) a Launch Malwarebytes' Anti-Malware (Spustit aplikaci Malwarebytes' Anti-Malware), pokud jo tak klikni na tlačítko Finish
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Perform Quick Scan (Provést rychlý sken) a klikni na tlačítko Scan (Skenovat)
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- pak zvol možnost Save Logfile a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.

svasik · Příspěvekod **svasik** » 15 pro 2010 21:24

Malwarebytes' Anti-Malware 1.50
www.malwarebytes.org

Verze databáze: 5322

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

15.12.2010 21:23:20
mbam-log-2010-12-15 (21-23-14).txt

Typ kontroly: Rychlý test
Testované objekty: 155006
Uplynulý čas: 10 minut, 10 sekund

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče v registru: 0
Infikované hodnoty v registru: 0
Infikované datové položky v registru: 0
Infikované složky: 0
Infikované soubory: 1

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované hodnoty v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované datové položky v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
c:\Users\Svasik\downloads\keymaker.exe (Malware.Packer.Gen) -> No action taken.

Příspěvekod **memphisto** » 15 pro 2010 22:29

- Takže spusť znovu MbAM a dej Scan
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- ujistit se že máš zatrhnuté všechny vypsané nálezy a klikni na tlačítko Remove Selected
- když skončí odstraňování tak se ti zobrazí log, tak ho sem dej.
- pak zvol v programu OK a pak program ukonči přes Exit

Vypni rezidentní štít antiviru a antispywaru
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

svasik · Příspěvekod **svasik** » 16 pro 2010 08:20

Malwarebytes' Anti-Malware 1.50
www.malwarebytes.org

Verze databáze: 5322

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

15.12.2010 22:59:09
mbam-log-2010-12-15 (22-59-09).txt

Typ kontroly: Rychlý test
Testované objekty: 154807
Uplynulý čas: 11 minut, 6 sekund

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče v registru: 0
Infikované hodnoty v registru: 0
Infikované datové položky v registru: 0
Infikované složky: 0
Infikované soubory: 0

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované hodnoty v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované datové položky v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
(Žádné škodlivé položky nebyly zjištěny)

...

ComboFix 10-12-15.04 - Svasik 15.12.2010 23:07:06.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1250.420.1029.18.4095.2766 [GMT 1:00]
Spuštěný z: c:\users\Svasik\Desktop\ComboFix.exe
AV: ESET Smart Security 4.2 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
FW: ESET personal firewall *Disabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
SP: ESET Smart Security 4.2 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\programdata\FullRemove.exe
c:\programdata\hpe32C4.dll
c:\windows\w32dasm8.ini

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-11-15 do 2010-12-15 )))))))))))))))))))))))))))))))
.

2010-12-15 22:19 . 2010-12-15 22:19 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-12-15 19:31 . 2010-12-15 19:36 -------- d-----w- c:\users\Svasik\DoctorWeb
2010-12-15 19:21 . 2010-12-15 19:21 -------- d-----w- c:\users\Svasik\AppData\Roaming\Malwarebytes
2010-12-15 19:21 . 2010-11-29 16:42 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2010-12-15 19:21 . 2010-12-15 19:21 -------- d-----w- c:\programdata\Malwarebytes
2010-12-15 19:21 . 2010-11-29 16:42 24152 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-15 19:21 . 2010-12-15 20:23 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2010-12-15 05:55 . 2010-12-15 05:55 388096 ----a-r- c:\users\Svasik\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-12-15 05:55 . 2010-12-15 05:55 -------- d-----w- c:\program files (x86)\Trend Micro
2010-12-14 16:31 . 2010-11-10 05:35 8199504 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{28CCD53F-F073-45A8-9F60-1B1B0F3E9571}\mpengine.dll
2010-12-13 05:40 . 2010-12-13 05:40 -------- d-----w- C:\ASUS WebStorage
2010-12-12 14:08 . 2009-07-22 08:17 78872 ----a-w- c:\windows\system32\perf-SQLAgent$SQLEXPRESS-sqlagtctr10.1.2531.0.dll
2010-12-12 14:08 . 2009-07-22 08:17 50200 ----a-w- c:\windows\SysWow64\perf-SQLAgent$SQLEXPRESS-sqlagtctr10.1.2531.0.dll
2010-12-12 14:08 . 2009-07-22 08:17 79896 ----a-w- c:\windows\SysWow64\perf-MSSQL$SQLEXPRESS-sqlctr10.1.2531.0.dll
2010-12-12 14:08 . 2009-07-22 08:17 111640 ----a-w- c:\windows\system32\perf-MSSQL$SQLEXPRESS-sqlctr10.1.2531.0.dll
2010-12-12 14:05 . 2010-12-12 14:05 -------- d-----w- c:\windows\system32\RsFx
2010-12-12 14:04 . 2010-12-12 14:04 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio 9.0
2010-12-12 14:04 . 2010-12-12 14:04 -------- d-----w- c:\program files\Microsoft Visual Studio 9.0
2010-12-12 14:04 . 2010-12-12 14:04 -------- d-----w- c:\windows\SysWow64\1033
2010-12-12 14:04 . 2010-12-12 14:04 -------- d-----w- c:\windows\system32\1033
2010-12-12 14:03 . 2010-12-12 14:03 -------- d-----w- c:\program files\Microsoft.NET
2010-12-12 14:01 . 2010-12-12 14:04 -------- d-----w- c:\program files (x86)\Microsoft SQL Server
2010-12-12 14:00 . 2010-12-12 14:05 -------- d-----w- c:\program files\Microsoft SQL Server
2010-12-12 13:58 . 2010-12-12 13:58 -------- d-----w- c:\program files\Microsoft Synchronization Services
2010-12-12 13:58 . 2010-12-12 13:58 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2010-12-12 13:58 . 2010-12-12 13:58 -------- d-----w- c:\program files (x86)\Microsoft Synchronization Services
2010-12-12 13:57 . 2010-12-12 13:57 112832 ----a-w- c:\programdata\Microsoft\VCExpress\10.0\1033\ResourceCache.dll
2010-12-12 13:53 . 2010-12-12 13:53 -------- d-----w- c:\program files (x86)\Common Files\Merge Modules
2010-12-12 13:53 . 2010-12-12 13:54 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio 10.0
2010-12-12 13:52 . 2010-12-12 13:52 -------- d-----w- c:\windows\symbols
2010-12-12 13:52 . 2010-12-12 13:52 -------- d-----w- c:\program files\Microsoft Visual Studio 10.0
2010-12-12 13:52 . 2010-12-12 13:52 -------- d-----w- c:\program files\Microsoft Help Viewer
2010-12-12 13:52 . 2010-12-12 13:52 -------- d-----w- c:\program files (x86)\Microsoft SDKs
2010-12-12 11:27 . 2009-04-06 08:08 5174 ----a-w- c:\windows\SysWow64\nppt9x.vxd
2010-12-12 11:27 . 2009-04-06 08:08 4682 ----a-w- c:\windows\SysWow64\npptNT2.sys
2010-12-10 10:03 . 2010-12-10 10:52 -------- d-----w- c:\program files\Valve Hammer Editor
2010-12-08 17:58 . 2010-12-08 17:58 -------- d-----w- c:\programdata\Electronic Arts
2010-12-08 17:58 . 2010-12-08 17:58 -------- d-----w- c:\programdata\EA Core
2010-12-08 16:17 . 2009-09-04 16:29 2475352 ----a-w- c:\windows\system32\D3DX9_42.dll
2010-12-08 16:17 . 2009-03-09 14:27 520544 ----a-w- c:\windows\system32\d3dx10_41.dll
2010-12-08 16:17 . 2009-03-09 14:27 453456 ----a-w- c:\windows\SysWow64\d3dx10_41.dll
2010-12-08 16:17 . 2009-03-09 14:27 2430312 ----a-w- c:\windows\system32\D3DCompiler_41.dll
2010-12-08 16:17 . 2009-03-09 14:27 1846632 ----a-w- c:\windows\SysWow64\D3DCompiler_41.dll
2010-12-08 16:15 . 2008-07-10 10:00 3851784 ----a-w- c:\windows\SysWow64\D3DX9_39.dll
2010-12-08 16:14 . 2007-01-24 14:27 393576 ----a-w- c:\windows\system32\xactengine2_6.dll
2010-12-08 16:13 . 2005-05-26 14:34 3767504 ----a-w- c:\windows\system32\d3dx9_26.dll
2010-12-08 16:13 . 2005-05-26 14:34 2297552 ----a-w- c:\windows\SysWow64\d3dx9_26.dll
2010-12-08 16:06 . 2010-12-08 16:06 -------- d-----w- c:\programdata\Solidshield
2010-12-08 15:23 . 2001-03-08 16:22 119296 ------r- c:\windows\SysWow64\nslock15vb6.ocx
2010-12-08 15:23 . 2001-05-23 16:30 49152 ------r- c:\windows\SysWow64\WaveToText.ocx
2010-12-08 15:23 . 2001-05-04 12:05 290869 ----a-w- c:\windows\SysWow64\msvcrt.001
2010-12-08 15:23 . 1998-05-06 23:00 174352 ----a-w- c:\windows\SysWow64\Riched32.001
2010-12-08 15:23 . 2000-05-22 15:58 198848 ----a-w- c:\windows\SysWow64\Mci32.ocx
2010-12-08 15:23 . 1998-05-30 23:00 22288 ----a-w- c:\windows\SysWow64\Comcat.001
2010-12-08 15:23 . 2000-01-19 22:11 614672 ----a-w- c:\windows\SysWow64\oleaut32.001
2010-12-08 15:22 . 2010-12-08 15:23 -------- d-----w- c:\windows\VoiceExplorer
2010-12-08 15:22 . 2010-12-08 15:28 -------- d-----w- c:\program files (x86)\Voice
2010-12-08 15:19 . 2010-12-08 15:19 796672 ----a-w- c:\windows\GPInstall.exe
2010-12-08 10:50 . 2008-05-30 13:11 540688 ----a-w- c:\windows\system32\d3dx10_38.dll
2010-12-08 10:50 . 2008-05-30 13:11 467984 ----a-w- c:\windows\SysWow64\d3dx10_38.dll
2010-12-08 10:50 . 2008-05-30 13:11 1941528 ----a-w- c:\windows\system32\D3DCompiler_38.dll
2010-12-08 10:50 . 2008-05-30 13:11 1491992 ----a-w- c:\windows\SysWow64\D3DCompiler_38.dll
2010-12-08 10:50 . 2008-05-30 13:11 4991496 ----a-w- c:\windows\system32\D3DX9_38.dll
2010-12-08 10:50 . 2008-05-30 13:11 3850760 ----a-w- c:\windows\SysWow64\D3DX9_38.dll
2010-12-08 10:50 . 2007-07-19 17:14 508264 ----a-w- c:\windows\system32\d3dx10_35.dll
2010-12-08 10:50 . 2007-07-19 17:14 444776 ----a-w- c:\windows\SysWow64\d3dx10_35.dll
2010-12-08 10:50 . 2007-07-19 17:14 1985904 ----a-w- c:\windows\system32\D3DCompiler_35.dll
2010-12-08 10:50 . 2007-07-19 17:14 1358192 ----a-w- c:\windows\SysWow64\D3DCompiler_35.dll
2010-12-08 10:50 . 2007-07-19 17:14 5073256 ----a-w- c:\windows\system32\d3dx9_35.dll
2010-12-08 10:50 . 2007-07-19 17:14 3727720 ----a-w- c:\windows\SysWow64\d3dx9_35.dll
2010-11-29 14:43 . 2010-12-01 20:49 -------- d-----w- c:\program files (x86)\yBook
2010-11-25 18:31 . 2010-11-25 18:31 -------- d-----w- C:\PFiles
2010-11-24 05:58 . 2010-10-19 08:47 7680 ----a-w- c:\program files\Internet Explorer\iecompat.dll
2010-11-24 05:58 . 2010-10-19 08:10 7680 ----a-w- c:\program files (x86)\Internet Explorer\iecompat.dll
2010-11-22 20:56 . 2010-11-22 20:56 -------- d-----w- c:\users\Svasik\AppData\Roaming\Ethereal
2010-11-22 20:54 . 2010-11-22 20:54 -------- d-----w- c:\program files (x86)\WinPcap
2010-11-22 20:45 . 2010-11-22 20:46 -------- d-----w- c:\program files (x86)\Ethereal
2010-11-22 15:20 . 2010-11-22 15:29 -------- d-----w- C:\390e439c99e910ae0d06
2010-11-18 21:07 . 2007-03-11 20:29 116736 ----a-w- c:\windows\SysWow64\RestoratorContextMenu.dll
2010-11-18 21:07 . 2010-11-18 21:07 -------- d-----w- c:\users\Svasik\AppData\Roaming\Thinstall
2010-11-18 20:39 . 2010-11-18 21:09 -------- d-----w- c:\program files (x86)\Restorator 2007
2010-11-17 20:39 . 2010-11-17 20:39 -------- d-----w- c:\users\Svasik\AppData\Roaming\dvdcss
2010-11-17 18:57 . 2010-12-11 22:02 -------- d-----w- c:\program files (x86)\Counter-Strike Source
2010-11-17 18:09 . 2010-11-17 18:09 -------- d-----w- c:\users\Svasik\AppData\Roaming\Unity
2010-11-17 18:03 . 2010-11-17 18:03 -------- d-----w- c:\users\Svasik\AppData\Local\Unity
2010-11-17 11:41 . 2010-11-17 11:41 -------- d-----w- c:\program files (x86)\AB Studio
2010-11-17 11:28 . 2010-11-17 11:28 -------- d-----w- c:\programdata\boost_interprocess
2010-11-17 10:43 . 2010-11-17 10:44 -------- d-----w- c:\program files\TeamSpeak 3 Client
2010-11-17 10:36 . 2010-11-17 10:36 -------- d-----w- c:\users\Svasik\AppData\Roaming\GlarySoft

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-11 17:47 . 2010-09-13 14:52 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\Markup.dll
2010-12-11 17:46 . 2010-09-20 14:31 484160 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2010-12-04 15:08 . 2010-08-06 15:20 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2010-11-17 11:36 . 2010-08-31 09:08 33344 ----a-w- c:\windows\system32\drivers\hamachi.sys
2010-11-14 15:35 . 2010-11-14 15:21 2829 ----a-w- c:\windows\War3Unin.pif
2010-11-14 15:35 . 2010-11-14 15:21 139264 ----a-w- c:\windows\War3Unin.exe
2010-10-26 16:42 . 2010-08-06 15:20 484160 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2010-10-19 09:41 . 2010-08-15 15:53 270720 ------w- c:\windows\system32\MpSigStub.exe
2010-10-12 08:23 . 2010-10-12 08:23 66872 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2010-10-07 17:50 . 2010-10-07 17:50 9216 ----a-r- c:\users\Svasik\AppData\Roaming\Microsoft\Installer\{7139D34E-5261-458E-96DC-9643D04356CB}\IconTmpl8.1992E333_D17A_448B_8484_ED047109D182.exe
2010-10-07 17:50 . 2010-10-07 17:50 8192 ----a-r- c:\users\Svasik\AppData\Roaming\Microsoft\Installer\{7139D34E-5261-458E-96DC-9643D04356CB}\IconTmpl1.108DF49C_3AB4_4A7D_B6FD_8B6286B317FA.exe
2010-10-07 17:50 . 2010-10-07 17:50 54784 ----a-r- c:\users\Svasik\AppData\Roaming\Microsoft\Installer\{7139D34E-5261-458E-96DC-9643D04356CB}\IconTmpl10.1992E333_D17A_448B_8484_ED047109D182.exe
2010-10-07 17:50 . 2010-10-07 17:50 14848 ----a-r- c:\users\Svasik\AppData\Roaming\Microsoft\Installer\{7139D34E-5261-458E-96DC-9643D04356CB}\IconTmpl6.1992E333_D17A_448B_8484_ED047109D182.exe
2010-09-20 18:12 . 2010-09-20 18:12 737280 ----a-w- c:\windows\iun6002.exe
.

Kód: Vybrat vše

<pre>
c:\program files (x86)\NCSoft\Lineage II\original_system\L2 .exe
</pre>

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PlayNC Launcher"="" [N/A]
"Infium"="c:\qip 2010\qip.exe" [2010-11-08 5837264]
"QIP Internet Guardian"="c:\users\Svasik\AppData\Roaming\QipGuard\QipGuard.exe" [2010-11-08 193488]
"ABUNINSTALLEX"="c:\programdata\ab studio\ABUnInstallEx.exe" [2007-07-03 263664]
"AdobeBridge"="" [N/A]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2009-10-27 6998656]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2009-08-20 170624]
"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"Setwallpaper"="c:\programdata\SetWallpaper.cmd" [N/A]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"AdobeCS4ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]

c:\users\Svasik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
CodeMeter Control Center.lnk - c:\program files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe [2009-8-19 6348800]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Akceler tor spuçtŘnˇ AutoCADu.lnk - c:\program files (x86)\Common Files\Autodesk Shared\acstart17.exe [2006-3-5 11000]
FancyStart daemon.lnk - c:\windows\Installer\{F0DF4513-3C4C-4EB8-8012-2C5F70AF3988}\_A1DDD39913A1970387B7B3.exe [2010-3-24 12862]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-23 135664]
R2 OMSI download service;Sony Ericsson OMSI download service;c:\program files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [2009-04-30 90112]
R2 QipGuard;QipGuard;c:\program files (x86)\QipGuard\QipGuard.exe [2010-11-08 193488]
R3 AbSoftMgr4;AbSoftMgr4;c:\program files\Common Files\AB Studio Shared\AbSoftMgr4.exe [2009-02-26 1039360]
R3 nmwcdcx64;Nokia USB Generic;c:\windows\system32\drivers\ccdcmbox64.sys [2010-02-26 25088]
R3 nmwcdx64;Nokia USB Phone Parent;c:\windows\system32\drivers\ccdcmbx64.sys [2010-02-26 19456]
R3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-06-25 35344]
R3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\DRIVERS\s1018bus.sys [2009-03-25 113704]
R3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s1018mdfl.sys [2009-03-25 19496]
R3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s1018mdm.sys [2009-03-25 153128]
R3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s1018mgmt.sys [2009-03-25 133160]
R3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\DRIVERS\s1018nd5.sys [2009-03-25 34856]
R3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s1018obex.sys [2009-03-25 128552]
R3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\DRIVERS\s1018unic.sys [2009-03-25 146472]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [2009-06-10 56832]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2010-08-08 1255736]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-22 61976]
R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [2009-03-30 311656]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 427880]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-09-12 52856]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-08-10 834544]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2010-04-28 139704]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [2009-09-17 359552]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-03 15416]
S2 CodeMeter.exe;CodeMeter Runtime Server;c:\program files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe [2009-08-19 1705280]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2010-06-24 166984]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe [2010-07-02 810144]
S2 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [2010-04-28 50600]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2009-10-15 117760]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2010-06-21 131688]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-06-23 344680]
S3 SPUVCbv;SPUVCb Driver Service;c:\windows\system32\Drivers\SPUVCbv_x64.sys [2010-01-31 2495944]

.
Obsah adresáře 'Naplánované úlohy'

2010-12-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-23 23:39]

2010-12-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-23 23:39]
.

--------- x86-64 -----------

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"
[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]
2009-11-26 05:49 70656 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{64174815-8D98-4CE6-8646-4C039977D808}"
[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]
2009-11-26 05:49 70656 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ASUS WebStorage"="c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe" [2009-12-24 1736704]
"ETDWare"="c:\program files\Elantech\ETDCtrl.exe" [2009-09-30 621440]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2009-09-01 323584]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2010-07-02 2903688]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SYSTEM32\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

Toolbar-Locked - (no file)
Toolbar-Locked - (no file)

.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-3175219004-2469363593-196463747-1000\Software\SecuROM\License information*]
"datasecu"=hex:09,95,a6,bc,88,70,28,4f,8d,4b,4f,9f,6a,83,2c,0e,b6,9c,b9,ad,06,
a6,bf,96,1b,b6,93,1b,c9,84,1a,00,a4,e5,61,1f,85,28,63,f6,68,de,66,5b,52,fc,\
"rkeysecu"=hex:5d,f3,42,92,98,94,a2,e5,87,4e,27,80,74,8c,9b,da

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2010-12-15 23:23:58
ComboFix-quarantined-files.txt 2010-12-15 22:23

Před spuštěním: Volných bajtů: 12 909 338 624
Po spuštění: Volných bajtů: 12 780 576 768

- - End Of File - - 40C9400706A591A15B591961408F7944

Příspěvekod **memphisto** » 16 pro 2010 19:47

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=-
"ConsentPromptBehaviorUser"=-
"EnableUIADesktopToggle"=-
"PromptOnSecureDesktop"=-

RegNull::
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

RegLock::
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu

svasik · Příspěvekod **svasik** » 23 pro 2010 19:58

ComboFix 10-12-16.01 - Svasik 17.12.2010 6:48.3.2 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1250.420.1029.18.4095.2802 [GMT 1:00]
Spuštěný z: c:\users\Svasik\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Svasik\Desktop\CFScript.txt
AV: ESET Smart Security 4.2 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
FW: ESET personal firewall *Disabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
SP: ESET Smart Security 4.2 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((( Soubory vytvořené od 2010-11-17 do 2010-12-17 )))))))))))))))))))))))))))))))
.

2010-12-17 06:03 . 2010-12-17 06:03 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-12-16 22:38 . 2010-12-16 22:38 -------- d-----w- c:\users\Svasik\AppData\Local\{05342B5F-665D-4C38-8C02-5F57C20669B6}
2010-12-16 22:26 . 2010-12-16 22:26 -------- d-----w- c:\windows\cs
2010-12-16 22:15 . 2010-12-16 22:15 -------- d-----w- c:\windows\PCHEALTH
2010-12-16 22:13 . 2010-12-16 22:16 -------- d-----w- c:\program files\Windows Live
2010-12-16 22:06 . 2010-08-11 05:13 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2010-12-16 22:06 . 2010-08-11 04:44 2983424 ----a-w- c:\windows\SysWow64\UIRibbon.dll
2010-12-16 22:06 . 2010-08-11 04:35 1164800 ----a-w- c:\windows\SysWow64\UIRibbonRes.dll
2010-12-16 22:06 . 2010-08-11 05:19 3860992 ----a-w- c:\windows\system32\UIRibbon.dll
2010-12-16 22:04 . 2010-12-16 22:04 15712 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\307c65701cb9d6d0b\MeshBetaRemover.exe
2010-12-16 22:04 . 2010-12-16 22:04 94040 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\254685f01cb9d6d0a\DSETUP.dll
2010-12-16 22:04 . 2010-12-16 22:04 525656 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\254685f01cb9d6d0a\DXSETUP.exe
2010-12-16 22:04 . 2010-12-16 22:04 1691480 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\254685f01cb9d6d0a\dsetup32.dll
2010-12-16 22:03 . 2010-12-16 22:03 94040 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\f4c74801cb9d6d09\DSETUP.dll
2010-12-16 22:03 . 2010-12-16 22:03 525656 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\f4c74801cb9d6d09\DXSETUP.exe
2010-12-16 22:03 . 2010-12-16 22:03 1691480 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\f4c74801cb9d6d09\dsetup32.dll
2010-12-16 22:00 . 2010-12-16 22:37 -------- d-----w- c:\users\Svasik\AppData\Local\Windows Live
2010-12-16 20:39 . 2010-12-16 20:40 -------- d-----w- c:\program files\Virtual DJ
2010-12-16 13:00 . 1996-10-31 11:47 22288 ----a-w- c:\windows\SysWow64\temp.004
2010-12-16 13:00 . 2010-12-16 13:00 -------- d-----w- c:\windows\SysWow64\BACKUP
2010-12-16 13:00 . 1997-07-19 14:55 1347344 ----a-w- c:\windows\SysWow64\MSVBVM50.DLL
2010-12-16 13:00 . 1997-07-07 10:33 109056 ----a-w- c:\windows\SysWow64\UNINSTAL.EXE
2010-12-16 13:00 . 1997-05-19 07:08 492304 ----a-w- c:\windows\SysWow64\temp.001
2010-12-16 13:00 . 1997-05-19 07:08 16896 ----a-w- c:\windows\SysWow64\temp.003
2010-12-16 13:00 . 1997-05-19 07:08 114960 ----a-w- c:\windows\SysWow64\temp.002
2010-12-16 13:00 . 1997-05-19 07:08 118544 ----a-w- c:\windows\SysWow64\temp.000
2010-12-16 08:34 . 2010-12-16 08:34 -------- d-----w- c:\users\Svasik\AppData\Roaming\IGN_DLM
2010-12-16 08:29 . 2010-12-16 08:29 -------- d-sh--w- c:\users\Svasik\PrivacIE
2010-12-16 08:29 . 2010-12-16 08:29 -------- d-sh--w- c:\users\Svasik\IECompatCache
2010-12-15 19:31 . 2010-12-15 19:36 -------- d-----w- c:\users\Svasik\DoctorWeb
2010-12-15 19:21 . 2010-12-15 19:21 -------- d-----w- c:\users\Svasik\AppData\Roaming\Malwarebytes
2010-12-15 19:21 . 2010-11-29 16:42 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2010-12-15 19:21 . 2010-12-15 19:21 -------- d-----w- c:\programdata\Malwarebytes
2010-12-15 19:21 . 2010-11-29 16:42 24152 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-15 19:21 . 2010-12-15 20:23 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2010-12-15 05:55 . 2010-12-15 05:55 388096 ----a-r- c:\users\Svasik\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-12-15 05:55 . 2010-12-15 05:55 -------- d-----w- c:\program files (x86)\Trend Micro
2010-12-14 16:31 . 2010-11-10 05:35 8199504 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{28CCD53F-F073-45A8-9F60-1B1B0F3E9571}\mpengine.dll
2010-12-13 05:40 . 2010-12-13 05:40 -------- d-----w- C:\ASUS WebStorage
2010-12-12 14:08 . 2009-07-22 08:17 78872 ----a-w- c:\windows\system32\perf-SQLAgent$SQLEXPRESS-sqlagtctr10.1.2531.0.dll
2010-12-12 14:08 . 2009-07-22 08:17 50200 ----a-w- c:\windows\SysWow64\perf-SQLAgent$SQLEXPRESS-sqlagtctr10.1.2531.0.dll
2010-12-12 14:08 . 2009-07-22 08:17 79896 ----a-w- c:\windows\SysWow64\perf-MSSQL$SQLEXPRESS-sqlctr10.1.2531.0.dll
2010-12-12 14:08 . 2009-07-22 08:17 111640 ----a-w- c:\windows\system32\perf-MSSQL$SQLEXPRESS-sqlctr10.1.2531.0.dll
2010-12-12 14:05 . 2010-12-12 14:05 -------- d-----w- c:\windows\system32\RsFx
2010-12-12 14:04 . 2010-12-12 14:04 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio 9.0
2010-12-12 14:04 . 2010-12-12 14:04 -------- d-----w- c:\program files\Microsoft Visual Studio 9.0
2010-12-12 14:04 . 2010-12-12 14:04 -------- d-----w- c:\windows\SysWow64\1033
2010-12-12 14:04 . 2010-12-12 14:04 -------- d-----w- c:\windows\system32\1033
2010-12-12 14:03 . 2010-12-12 14:03 -------- d-----w- c:\program files\Microsoft.NET
2010-12-12 14:01 . 2010-12-12 14:04 -------- d-----w- c:\program files (x86)\Microsoft SQL Server
2010-12-12 14:00 . 2010-12-12 14:05 -------- d-----w- c:\program files\Microsoft SQL Server
2010-12-12 13:58 . 2010-12-12 13:58 -------- d-----w- c:\program files\Microsoft Synchronization Services
2010-12-12 13:58 . 2010-12-12 13:58 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2010-12-12 13:58 . 2010-12-12 13:58 -------- d-----w- c:\program files (x86)\Microsoft Synchronization Services
2010-12-12 13:57 . 2010-12-12 13:57 112832 ----a-w- c:\programdata\Microsoft\VCExpress\10.0\1033\ResourceCache.dll
2010-12-12 13:53 . 2010-12-12 13:53 -------- d-----w- c:\program files (x86)\Common Files\Merge Modules
2010-12-12 13:53 . 2010-12-12 13:54 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio 10.0
2010-12-12 13:52 . 2010-12-12 13:52 -------- d-----w- c:\windows\symbols
2010-12-12 13:52 . 2010-12-12 13:52 -------- d-----w- c:\program files\Microsoft Visual Studio 10.0
2010-12-12 13:52 . 2010-12-12 13:52 -------- d-----w- c:\program files\Microsoft Help Viewer
2010-12-12 13:52 . 2010-12-12 13:52 -------- d-----w- c:\program files (x86)\Microsoft SDKs
2010-12-12 11:27 . 2009-04-06 08:08 5174 ----a-w- c:\windows\SysWow64\nppt9x.vxd
2010-12-12 11:27 . 2009-04-06 08:08 4682 ----a-w- c:\windows\SysWow64\npptNT2.sys
2010-12-10 10:03 . 2010-12-10 10:52 -------- d-----w- c:\program files\Valve Hammer Editor
2010-12-08 17:58 . 2010-12-08 17:58 -------- d-----w- c:\programdata\Electronic Arts
2010-12-08 17:58 . 2010-12-08 17:58 -------- d-----w- c:\programdata\EA Core
2010-12-08 16:17 . 2009-09-04 16:29 2475352 ----a-w- c:\windows\system32\D3DX9_42.dll
2010-12-08 16:17 . 2009-03-09 14:27 520544 ----a-w- c:\windows\system32\d3dx10_41.dll
2010-12-08 16:17 . 2009-03-09 14:27 453456 ----a-w- c:\windows\SysWow64\d3dx10_41.dll
2010-12-08 16:17 . 2009-03-09 14:27 2430312 ----a-w- c:\windows\system32\D3DCompiler_41.dll
2010-12-08 16:17 . 2009-03-09 14:27 1846632 ----a-w- c:\windows\SysWow64\D3DCompiler_41.dll
2010-12-08 16:15 . 2008-07-10 10:00 3851784 ----a-w- c:\windows\SysWow64\D3DX9_39.dll
2010-12-08 16:14 . 2007-01-24 14:27 393576 ----a-w- c:\windows\system32\xactengine2_6.dll
2010-12-08 16:13 . 2005-05-26 14:34 3767504 ----a-w- c:\windows\system32\d3dx9_26.dll
2010-12-08 16:13 . 2005-05-26 14:34 2297552 ----a-w- c:\windows\SysWow64\d3dx9_26.dll
2010-12-08 16:06 . 2010-12-08 16:06 -------- d-----w- c:\programdata\Solidshield
2010-12-08 15:23 . 2001-03-08 16:22 119296 ------r- c:\windows\SysWow64\nslock15vb6.ocx
2010-12-08 15:23 . 2001-05-23 16:30 49152 ------r- c:\windows\SysWow64\WaveToText.ocx
2010-12-08 15:23 . 2001-05-04 12:05 290869 ----a-w- c:\windows\SysWow64\msvcrt.001
2010-12-08 15:23 . 1998-05-06 23:00 174352 ----a-w- c:\windows\SysWow64\Riched32.001
2010-12-08 15:23 . 2000-05-22 15:58 198848 ----a-w- c:\windows\SysWow64\Mci32.ocx
2010-12-08 15:23 . 1998-05-30 23:00 22288 ----a-w- c:\windows\SysWow64\Comcat.001
2010-12-08 15:23 . 2000-01-19 22:11 614672 ----a-w- c:\windows\SysWow64\oleaut32.001
2010-12-08 15:22 . 2010-12-08 15:23 -------- d-----w- c:\windows\VoiceExplorer
2010-12-08 15:22 . 2010-12-08 15:28 -------- d-----w- c:\program files (x86)\Voice
2010-12-08 15:19 . 2010-12-08 15:19 796672 ----a-w- c:\windows\GPInstall.exe
2010-12-08 10:50 . 2008-05-30 13:11 540688 ----a-w- c:\windows\system32\d3dx10_38.dll
2010-12-08 10:50 . 2008-05-30 13:11 467984 ----a-w- c:\windows\SysWow64\d3dx10_38.dll
2010-12-08 10:50 . 2008-05-30 13:11 1941528 ----a-w- c:\windows\system32\D3DCompiler_38.dll
2010-12-08 10:50 . 2008-05-30 13:11 1491992 ----a-w- c:\windows\SysWow64\D3DCompiler_38.dll
2010-12-08 10:50 . 2008-05-30 13:11 4991496 ----a-w- c:\windows\system32\D3DX9_38.dll
2010-12-08 10:50 . 2008-05-30 13:11 3850760 ----a-w- c:\windows\SysWow64\D3DX9_38.dll
2010-12-08 10:50 . 2007-07-19 17:14 508264 ----a-w- c:\windows\system32\d3dx10_35.dll
2010-12-08 10:50 . 2007-07-19 17:14 444776 ----a-w- c:\windows\SysWow64\d3dx10_35.dll
2010-12-08 10:50 . 2007-07-19 17:14 1985904 ----a-w- c:\windows\system32\D3DCompiler_35.dll
2010-12-08 10:50 . 2007-07-19 17:14 1358192 ----a-w- c:\windows\SysWow64\D3DCompiler_35.dll
2010-12-08 10:50 . 2007-07-19 17:14 5073256 ----a-w- c:\windows\system32\d3dx9_35.dll
2010-12-08 10:50 . 2007-07-19 17:14 3727720 ----a-w- c:\windows\SysWow64\d3dx9_35.dll
2010-11-29 14:43 . 2010-12-01 20:49 -------- d-----w- c:\program files (x86)\yBook
2010-11-25 18:31 . 2010-11-25 18:31 -------- d-----w- C:\PFiles
2010-11-24 05:58 . 2010-10-19 08:47 7680 ----a-w- c:\program files\Internet Explorer\iecompat.dll
2010-11-24 05:58 . 2010-10-19 08:10 7680 ----a-w- c:\program files (x86)\Internet Explorer\iecompat.dll
2010-11-22 20:56 . 2010-11-22 20:56 -------- d-----w- c:\users\Svasik\AppData\Roaming\Ethereal
2010-11-22 20:54 . 2010-11-22 20:54 -------- d-----w- c:\program files (x86)\WinPcap
2010-11-22 20:45 . 2010-11-22 20:46 -------- d-----w- c:\program files (x86)\Ethereal
2010-11-22 15:20 . 2010-11-22 15:29 -------- d-----w- C:\390e439c99e910ae0d06
2010-11-18 21:07 . 2007-03-11 20:29 116736 ----a-w- c:\windows\SysWow64\RestoratorContextMenu.dll
2010-11-18 21:07 . 2010-11-18 21:07 -------- d-----w- c:\users\Svasik\AppData\Roaming\Thinstall
2010-11-18 20:39 . 2010-11-18 21:09 -------- d-----w- c:\program files (x86)\Restorator 2007
2010-11-17 20:39 . 2010-11-17 20:39 -------- d-----w- c:\users\Svasik\AppData\Roaming\dvdcss
2010-11-17 18:57 . 2010-12-11 22:02 -------- d-----w- c:\program files (x86)\Counter-Strike Source
2010-11-17 18:09 . 2010-11-17 18:09 -------- d-----w- c:\users\Svasik\AppData\Roaming\Unity
2010-11-17 18:03 . 2010-11-17 18:03 -------- d-----w- c:\users\Svasik\AppData\Local\Unity
2010-11-17 11:41 . 2010-11-17 11:41 -------- d-----w- c:\program files (x86)\AB Studio
2010-11-17 11:28 . 2010-11-17 11:28 -------- d-----w- c:\programdata\boost_interprocess
2010-11-17 10:43 . 2010-11-17 10:44 -------- d-----w- c:\program files\TeamSpeak 3 Client
2010-11-17 10:36 . 2010-11-17 10:36 -------- d-----w- c:\users\Svasik\AppData\Roaming\GlarySoft

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-11 17:47 . 2010-09-13 14:52 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\Markup.dll
2010-12-11 17:46 . 2010-09-20 14:31 484160 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2010-12-04 15:08 . 2010-08-06 15:20 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2010-11-17 11:36 . 2010-08-31 09:08 33344 ----a-w- c:\windows\system32\drivers\hamachi.sys
2010-11-14 15:35 . 2010-11-14 15:21 2829 ----a-w- c:\windows\War3Unin.pif
2010-11-14 15:35 . 2010-11-14 15:21 139264 ----a-w- c:\windows\War3Unin.exe
2010-11-10 01:28 . 2010-11-10 01:28 301936 ----a-w- c:\windows\WLXPGSS.SCR
2010-10-26 16:42 . 2010-08-06 15:20 484160 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2010-10-19 09:41 . 2010-08-15 15:53 270720 ------w- c:\windows\system32\MpSigStub.exe
2010-10-12 08:23 . 2010-10-12 08:23 66872 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2010-10-07 17:50 . 2010-10-07 17:50 9216 ----a-r- c:\users\Svasik\AppData\Roaming\Microsoft\Installer\{7139D34E-5261-458E-96DC-9643D04356CB}\IconTmpl8.1992E333_D17A_448B_8484_ED047109D182.exe
2010-10-07 17:50 . 2010-10-07 17:50 8192 ----a-r- c:\users\Svasik\AppData\Roaming\Microsoft\Installer\{7139D34E-5261-458E-96DC-9643D04356CB}\IconTmpl1.108DF49C_3AB4_4A7D_B6FD_8B6286B317FA.exe
2010-10-07 17:50 . 2010-10-07 17:50 54784 ----a-r- c:\users\Svasik\AppData\Roaming\Microsoft\Installer\{7139D34E-5261-458E-96DC-9643D04356CB}\IconTmpl10.1992E333_D17A_448B_8484_ED047109D182.exe
2010-10-07 17:50 . 2010-10-07 17:50 14848 ----a-r- c:\users\Svasik\AppData\Roaming\Microsoft\Installer\{7139D34E-5261-458E-96DC-9643D04356CB}\IconTmpl6.1992E333_D17A_448B_8484_ED047109D182.exe
2010-09-21 13:49 . 2010-09-21 13:49 252800 ----a-w- c:\windows\system32\LIVESSP.DLL
2010-09-21 13:03 . 2010-09-21 13:03 208768 ----a-w- c:\windows\SysWow64\LIVESSP.DLL
2010-09-20 18:12 . 2010-09-20 18:12 737280 ----a-w- c:\windows\iun6002.exe
.

Kód: Vybrat vše

<pre>
c:\program files (x86)\NCSoft\Lineage II\original_system\L2 .exe
</pre>

((((((((((((((((((((((((((((( SnapShot_2010-12-16_21.14.06 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-03-24 00:09 . 2010-12-17 05:32 43166 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2010-12-17 05:32 40566 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
- 2009-07-14 05:10 . 2010-12-16 19:06 40566 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-08-06 15:17 . 2010-12-17 05:32 12088 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3175219004-2469363593-196463747-1000_UserData.bin
+ 2010-08-07 00:06 . 2010-12-16 22:07 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-08-07 00:06 . 2010-12-16 19:50 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-08-07 00:06 . 2010-12-16 19:50 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-08-07 00:06 . 2010-12-16 22:07 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2010-12-16 19:50 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2010-12-16 22:07 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:46 . 2010-12-17 05:28 78512 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
- 2009-07-14 04:46 . 2010-12-16 19:08 78512 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
- 2010-08-06 15:11 . 2010-12-16 21:07 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-08-06 15:11 . 2010-12-17 05:26 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-08-06 15:11 . 2010-12-16 21:07 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-08-06 15:11 . 2010-12-17 05:26 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-12-16 22:21 . 2010-12-16 22:21 79872 c:\windows\Installer\b2c438.msi
+ 2010-12-16 22:20 . 2010-12-16 22:20 23552 c:\windows\Installer\b2c430.msp
+ 2010-12-16 22:20 . 2010-12-16 22:20 29696 c:\windows\Installer\b2c42b.msi
+ 2010-12-16 22:19 . 2010-12-16 22:19 62464 c:\windows\Installer\b2c426.msp
+ 2010-12-16 22:01 . 2010-12-16 22:01 69632 c:\windows\Installer\b2c3dd.msi
+ 2010-12-16 22:07 . 2010-12-16 22:07 37888 c:\windows\Installer\b2c28e.msi
+ 2010-12-16 22:07 . 2010-12-16 22:07 53248 c:\windows\Installer\b2c28a.msi
+ 2010-12-16 22:06 . 2010-12-16 22:06 39936 c:\windows\Installer\b2c282.msp
+ 2010-12-16 22:06 . 2010-12-16 22:06 74240 c:\windows\Installer\b2c27d.msi
+ 2010-12-16 22:05 . 2010-12-16 22:05 26112 c:\windows\Installer\b2c279.msi
+ 2010-12-16 21:42 . 2010-12-16 21:42 58945 c:\windows\Installer\{54FEAF1A-8F2A-44C1-95CA-5C1C21F4F934}\wlmail.exe
- 2010-08-06 15:19 . 2010-08-06 15:19 58945 c:\windows\Installer\{54FEAF1A-8F2A-44C1-95CA-5C1C21F4F934}\wlmail.exe
+ 2010-09-22 23:17 . 2010-09-22 23:17 86376 c:\windows\Installer\$PatchCache$\Managed\F132F0B0A6ECD384AA32773B467F9571\15.4.3502\startuplang.dll
+ 2010-09-22 23:32 . 2010-09-22 23:32 93552 c:\windows\Installer\$PatchCache$\Managed\B6ACDB9A3563B764CA384963D73AFB3E\15.4.3502\WLXImageTranscode.dll
+ 2010-09-22 23:32 . 2010-09-22 23:32 56176 c:\windows\Installer\$PatchCache$\Managed\B6ACDB9A3563B764CA384963D73AFB3E\15.4.3502\WindowsLivePhotoViewer.exe
+ 2010-09-22 23:37 . 2010-09-22 23:37 12144 c:\windows\Installer\$PatchCache$\Managed\B6ACDB9A3563B764CA384963D73AFB3E\15.4.3502\Microsoft.WindowsLive.SubscribePlugins.dll
+ 2010-09-22 23:37 . 2010-09-22 23:37 11632 c:\windows\Installer\$PatchCache$\Managed\B6ACDB9A3563B764CA384963D73AFB3E\15.4.3502\Microsoft.WindowsLive.PublishPlugins.dll
+ 2010-09-22 23:33 . 2010-09-22 23:33 68976 c:\windows\Installer\$PatchCache$\Managed\766F6333940964D4896BC447E3BE5C1B\15.4.3502\WLXVideoCameraAutoPlayManager.exe
+ 2010-09-22 23:33 . 2010-09-22 23:33 98160 c:\windows\Installer\$PatchCache$\Managed\766F6333940964D4896BC447E3BE5C1B\15.4.3502\WLXVideoAcquireWizardResources.dll
+ 2010-09-22 23:32 . 2010-09-22 23:32 49008 c:\windows\Installer\$PatchCache$\Managed\766F6333940964D4896BC447E3BE5C1B\15.4.3502\WLXQuickTimeShellExt.dll
+ 2010-09-22 23:32 . 2010-09-22 23:32 18288 c:\windows\Installer\$PatchCache$\Managed\766F6333940964D4896BC447E3BE5C1B\15.4.3502\WLXQuickTimeControlHostPS.dll
+ 2010-09-22 23:32 . 2010-09-22 23:32 19312 c:\windows\Installer\$PatchCache$\Managed\766F6333940964D4896BC447E3BE5C1B\15.4.3502\WLXPhotoGalleryRepair.exe
+ 2010-09-22 23:32 . 2010-09-22 23:32 78704 c:\windows\Installer\$PatchCache$\Managed\766F6333940964D4896BC447E3BE5C1B\15.4.3502\WLXPhotoClassic.dll
+ 2010-09-22 23:32 . 2010-09-22 23:32 82288 c:\windows\Installer\$PatchCache$\Managed\766F6333940964D4896BC447E3BE5C1B\15.4.3502\WLXPhotoCinematic.dll
+ 2010-09-22 23:32 . 2010-09-22 23:32 19824 c:\windows\Installer\$PatchCache$\Managed\766F6333940964D4896BC447E3BE5C1B\15.4.3502\WLXCodecHostPS.dll
+ 2010-09-22 23:32 . 2010-09-22 23:32 46960 c:\windows\Installer\$PatchCache$\Managed\766F6333940964D4896BC447E3BE5C1B\15.4.3502\WLXCodecHost.exe
+ 2010-09-22 23:32 . 2010-09-22 23:32 51568 c:\windows\Installer\$PatchCache$\Managed\766F6333940964D4896BC447E3BE5C1B\15.4.3502\PhotoViewerShimx64.dll
+ 2010-09-22 23:32 . 2010-09-22 23:32 43376 c:\windows\Installer\$PatchCache$\Managed\766F6333940964D4896BC447E3BE5C1B\15.4.3502\PhotoViewerShim.dll
+ 2010-09-22 23:32 . 2010-09-22 23:32 14704 c:\windows\Installer\$PatchCache$\Managed\766F6333940964D4896BC447E3BE5C1B\15.4.3502\NPWLPG.dll
+ 2010-09-22 23:32 . 2010-09-22 23:32 42864 c:\windows\Installer\$PatchCache$\Managed\766F6333940964D4896BC447E3BE5C1B\15.4.3502\AlbumDownloadProtocolHandler.dll
+ 2010-09-22 15:33 . 2010-09-22 15:33 55136 c:\windows\Installer\$PatchCache$\Managed\6116D6C8427B0184F8D20D746E7B6DE8\15.4.5722\utilclasses.dll
+ 2010-09-22 15:33 . 2010-09-22 15:33 91488 c:\windows\Installer\$PatchCache$\Managed\6116D6C8427B0184F8D20D746E7B6DE8\15.4.5722\TesClient.dll
+ 2010-09-22 15:33 . 2010-09-22 15:33 34144 c:\windows\Installer\$PatchCache$\Managed\6116D6C8427B0184F8D20D746E7B6DE8\15.4.5722\SqmWrapper.dll
+ 2010-09-22 15:33 . 2010-09-22 15:33 71520 c:\windows\Installer\$PatchCache$\Managed\6116D6C8427B0184F8D20D746E7B6DE8\15.4.5722\MOE.exe
+ 2010-09-22 15:32 . 2010-09-22 15:32 40800 c:\windows\Installer\$PatchCache$\Managed\6116D6C8427B0184F8D20D746E7B6DE8\15.4.5722\logging.dll
+ 2010-09-22 15:32 . 2010-09-22 15:32 77152 c:\windows\Installer\$PatchCache$\Managed\6116D6C8427B0184F8D20D746E7B6DE8\15.4.5722\lkrhwlc.dll
+ 2010-09-22 15:33 . 2010-09-22 15:33 97120 c:\windows\Installer\$PatchCache$\Managed\6116D6C8427B0184F8D20D746E7B6DE8\15.4.5722\esestore.dll
+ 2010-09-22 23:32 . 2010-09-22 23:32 17264 c:\windows\Installer\$PatchCache$\Managed\4314AE291D01A814191EA5403531A183\15.4.3502\MovieMakerPreviewClient.dll
+ 2010-12-17 05:54 . 2010-12-17 05:54 61440 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLiveWriter\2262978b12999e988af9d38941916e39\WindowsLiveWriter.ni.exe
+ 2010-12-17 05:54 . 2010-12-17 05:54 81408 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\b304506262078dabda9056b5a6b067d2\WindowsLive.Writer.Passport.ni.dll
+ 2010-12-17 05:22 . 2010-12-17 05:22 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2010-12-16 19:00 . 2010-12-16 19:00 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2010-12-16 19:00 . 2010-12-16 19:00 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-12-17 05:22 . 2010-12-17 05:22 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-09-22 23:17 . 2010-09-22 23:17 9576 c:\windows\Installer\$PatchCache$\Managed\F132F0B0A6ECD384AA32773B467F9571\15.4.3502\wlsettingslang.dll
+ 2010-09-22 23:17 . 2010-09-22 23:17 9064 c:\windows\Installer\$PatchCache$\Managed\F132F0B0A6ECD384AA32773B467F9571\15.4.3502\LangSelectorLang.dll
+ 2010-08-07 13:54 . 2010-12-16 22:36 326728 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2009-07-14 02:36 . 2010-12-16 22:32 717564 c:\windows\system32\perfh009.dat
+ 2009-08-03 20:00 . 2010-12-16 22:32 731860 c:\windows\system32\perfh005.dat
+ 2009-07-14 02:36 . 2010-12-16 22:32 145586 c:\windows\system32\perfc009.dat
+ 2009-08-03 20:00 . 2010-12-16 22:32 164614 c:\windows\system32\perfc005.dat
+ 2009-07-14 05:01 . 2010-12-16 22:55 540416 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2010-12-16 22:19 . 2010-12-16 22:19 160768 c:\windows\Installer\b2c421.msi
+ 2010-12-16 22:19 . 2010-12-16 22:19 516608 c:\windows\Installer\b2c40c.msp
+ 2010-12-16 22:18 . 2010-12-16 22:18 470016 c:\windows\Installer\b2c402.msp
+ 2010-12-16 22:18 . 2010-12-16 22:18 667136 c:\windows\Installer\b2c3f4.msp
+ 2010-12-16 22:18 . 2010-12-16 22:18 629760 c:\windows\Installer\b2c3ea.msp
+ 2010-12-16 22:17 . 2010-12-16 22:17 113664 c:\windows\Installer\b2c3d5.msp
+ 2010-12-16 22:17 . 2010-12-16 22:17 205312 c:\windows\Installer\b2c394.msp
+ 2010-12-16 22:16 . 2010-12-16 22:16 775168 c:\windows\Installer\b2c38b.msi
+ 2010-12-16 22:10 . 2010-12-16 22:10 136704 c:\windows\Installer\b2c2ce.msp
+ 2010-12-16 22:09 . 2010-12-16 22:09 429056 c:\windows\Installer\b2c2c9.msi
+ 2010-12-16 22:09 . 2010-12-16 22:09 147968 c:\windows\Installer\b2c2c5.msi
+ 2010-09-22 23:17 . 2010-09-22 23:17 827240 c:\windows\Installer\$PatchCache$\Managed\F132F0B0A6ECD384AA32773B467F9571\15.4.3502\wlupdate.dll
+ 2010-09-22 23:17 . 2010-09-22 23:17 618856 c:\windows\Installer\$PatchCache$\Managed\F132F0B0A6ECD384AA32773B467F9571\15.4.3502\wlstartup.exe
+ 2010-09-22 23:17 . 2010-09-22 23:17 138600 c:\windows\Installer\$PatchCache$\Managed\F132F0B0A6ECD384AA32773B467F9571\15.4.3502\wlsres.dll
+ 2010-09-22 23:17 . 2010-09-22 23:17 552296 c:\windows\Installer\$PatchCache$\Managed\F132F0B0A6ECD384AA32773B467F9571\15.4.3502\wlshim.dll
+ 2010-09-22 23:17 . 2010-09-22 23:17 265576 c:\windows\Installer\$PatchCache$\Managed\F132F0B0A6ECD384AA32773B467F9571\15.4.3502\wlsettingsres.dll
+ 2010-09-22 23:17 . 2010-09-22 23:17 493928 c:\windows\Installer\$PatchCache$\Managed\F132F0B0A6ECD384AA32773B467F9571\15.4.3502\wlsettings.exe
+ 2010-09-22 23:17 . 2010-09-22 23:17 166248 c:\windows\Installer\$PatchCache$\Managed\F132F0B0A6ECD384AA32773B467F9571\15.4.3502\wlbici.dll
+ 2010-09-22 23:17 . 2010-09-22 23:17 476008 c:\windows\Installer\$PatchCache$\Managed\F132F0B0A6ECD384AA32773B467F9571\15.4.3502\LangSelectorRes.dll
+ 2010-09-22 23:17 . 2010-09-22 23:17 345960 c:\windows\Installer\$PatchCache$\Managed\F132F0B0A6ECD384AA32773B467F9571\15.4.3502\LangSelector.exe
+ 2010-09-22 23:32 . 2010-09-22 23:32 822128 c:\windows\Installer\$PatchCache$\Managed\B6ACDB9A3563B764CA384963D73AFB3E\15.4.3502\WindowsLivePhotoViewerCore.dll
+ 2010-09-22 23:37 . 2010-09-22 23:37 104304 c:\windows\Installer\$PatchCache$\Managed\B6ACDB9A3563B764CA384963D73AFB3E\15.4.3502\SubscribePluginsInterop.dll
+ 2010-09-22 23:37 . 2010-09-22 23:37 103792 c:\windows\Installer\$PatchCache$\Managed\B6ACDB9A3563B764CA384963D73AFB3E\15.4.3502\PublishPluginsInterop.dll
+ 2010-09-22 23:32 . 2010-09-22 23:32 489840 c:\windows\Installer\$PatchCache$\Managed\766F6333940964D4896BC447E3BE5C1B\15.4.3502\WLXVideoTrim.dll
+ 2010-09-22 23:33 . 2010-09-22 23:33 684400 c:\windows\Installer\$PatchCache$\Managed\766F6333940964D4896BC447E3BE5C1B\15.4.3502\WLXVideoAcquireWizard.exe
+ 2010-09-22 23:32 . 2010-09-22 23:32 139120 c:\windows\Installer\$PatchCache$\Managed\766F6333940964D4896BC447E3BE5C1B\15.4.3502\WLXVAFilt.dll
+ 2010-09-22 23:32 . 2010-09-22 23:32 501616 c:\windows\Installer\$PatchCache$\Managed\766F6333940964D4896BC447E3BE5C1B\15.4.3502\WLXSlideshow.dll
+ 2010-09-22 23:32 . 2010-09-22 23:32 117616 c:\windows\Installer\$PatchCache$\Managed\766F6333940964D4896BC447E3BE5C1B\15.4.3502\WLXQuickTimeControlHost.exe
+ 2010-09-22 23:32 . 2010-09-22 23:32 731504 c:\windows\Installer\$PatchCache$\Managed\766F6333940964D4896BC447E3BE5C1B\15.4.3502\WLXPipetran.dll
+ 2010-09-22 23:32 . 2010-09-22 23:32 745328 c:\windows\Installer\$PatchCache$\Managed\766F6333940964D4896BC447E3BE5C1B\15.4.3502\WLXPipeline.dll
+ 2010-09-22 23:32 . 2010-09-22 23:32 785264 c:\windows\Installer\$PatchCache$\Managed\766F6333940964D4896BC447E3BE5C1B\15.4.3502\WLXPhotoLibraryDatabase.dll
+ 2010-09-22 23:32 . 2010-09-22 23:32 131440 c:\windows\Installer\$PatchCache$\Managed\766F6333940964D4896BC447E3BE5C1B\15.4.3502\WLXPhotoGallery.exe
+ 2010-09-22 23:32 . 2010-09-22 23:32 246640 c:\windows\Installer\$PatchCache$\Managed\766F6333940964D4896BC447E3BE5C1B\15.4.3502\WLXPhotoAcquireWizard.exe
+ 2010-09-22 23:32 . 2010-09-22 23:32 301936 c:\windows\Installer\$PatchCache$\Managed\766F6333940964D4896BC447E3BE5C1B\15.4.3502\WLXPGSS.SCR
+ 2010-09-22 23:32 . 2010-09-22 23:32 173424 c:\windows\Installer\$PatchCache$\Managed\766F6333940964D4896BC447E3BE5C1B\15.4.3502\WLXMP4Parser.dll
+ 2010-09-22 23:32 . 2010-09-22 23:32 130928 c:\windows\Installer\$PatchCache$\Managed\766F6333940964D4896BC447E3BE5C1B\15.4.3502\WLXGrinderScheduler.dll
+ 2010-09-22 23:32 . 2010-09-22 23:32 191344 c:\windows\Installer\$PatchCache$\Managed\766F6333940964D4896BC447E3BE5C1B\15.4.3502\WLXDSPA.dll
+ 2010-09-22 23:32 . 2010-09-22 23:32 237936 c:\windows\Installer\$PatchCache$\Managed\766F6333940964D4896BC447E3BE5C1B\15.4.3502\wlxclip.dll
+ 2010-09-22 23:32 . 2010-09-22 23:32 383344 c:\windows\Installer\$PatchCache$\Managed\766F6333940964D4896BC447E3BE5C1B\15.4.3502\WLXAlbumDownloadWizard.exe
+ 2010-09-22 15:31 . 2010-09-22 15:31 108384 c:\windows\Installer\$PatchCache$\Managed\6116D6C8427B0184F8D20D746E7B6DE8\15.4.5722\Microsoft.Web.dll
+ 2010-09-22 15:33 . 2010-09-22 15:33 953696 c:\windows\Installer\$PatchCache$\Managed\6116D6C8427B0184F8D20D746E7B6DE8\15.4.5722\MeshSessions.dll
+ 2010-09-22 15:33 . 2010-09-22 15:33 117600 c:\windows\Installer\$PatchCache$\Managed\6116D6C8427B0184F8D20D746E7B6DE8\15.4.5722\encoders.dll
+ 2010-09-22 15:32 . 2010-09-22 15:32 160608 c:\windows\Installer\$PatchCache$\Managed\6116D6C8427B0184F8D20D746E7B6DE8\15.4.5722\commengine.dll
+ 2010-09-22 15:32 . 2010-09-22 15:32 438112 c:\windows\Installer\$PatchCache$\Managed\6116D6C8427B0184F8D20D746E7B6DE8\15.4.5722\bitswarm.dll
+ 2010-12-17 05:54 . 2010-12-17 05:54 634368 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLiveLocal.Wr#\6a2f48fcae8404c0c10de4e13cb5af29\WindowsLiveLocal.WriterPlugin.ni.dll
+ 2010-12-17 05:54 . 2010-12-17 05:54 174080 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\e418a6685b4253814da6191fd78f79b7\WindowsLive.Writer.BrowserControl.ni.dll
+ 2010-12-17 05:54 . 2010-12-17 05:54 326144 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\dfb0296ba83900cc5cbfa4bcb7236486\WindowsLive.Writer.SpellChecker.ni.dll
+ 2010-12-17 05:54 . 2010-12-17 05:54 665600 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\cfa06c1fddf7c45baf303e79de21eca3\WindowsLive.Writer.Interop.ni.dll
+ 2010-12-17 05:54 . 2010-12-17 05:54 871424 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\b8aa36641d51f04182157a55125433e7\WindowsLive.Writer.BlogClient.ni.dll
+ 2010-12-17 05:54 . 2010-12-17 05:54 890880 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\a7743598117a3ee320ce0eb97bef7057\WindowsLive.Writer.HtmlEditor.ni.dll
+ 2010-12-17 05:54 . 2010-12-17 05:54 156672 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\9f43c866c978a7d94acbe07152d09dbb\WindowsLive.Writer.HtmlParser.ni.dll
+ 2010-12-17 05:54 . 2010-12-17 05:54 122368 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\7eee43209c6a790c3603763af3ed84c7\WindowsLive.Writer.Extensibility.ni.dll
+ 2010-12-17 05:54 . 2010-12-17 05:54 313856 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\7abb578755973294acbd415f67c5fbdb\WindowsLive.Writer.Interop.SHDocVw.ni.dll
+ 2010-12-17 05:54 . 2010-12-17 05:54 328192 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\6de735975970777cf1cd9224c2f588d3\WindowsLive.Writer.Mshtml.ni.dll
+ 2010-12-17 05:54 . 2010-12-17 05:54 146432 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\6ac0a06057639eab946d045bc6e26747\WindowsLive.Writer.Instrumentation.ni.dll
+ 2010-12-17 05:54 . 2010-12-17 05:54 374272 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\33110e3397af6f0518db5609fba433cb\WindowsLive.Writer.Interop.Mshtml.ni.dll
+ 2010-12-17 05:54 . 2010-12-17 05:54 780288 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\285b162ab2a67801e915f95882df3090\WindowsLive.Writer.Controls.ni.dll
+ 2010-12-17 05:54 . 2010-12-17 05:54 101376 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\1ed3d4ccf49a655a36caf81916db625e\WindowsLive.Writer.Api.ni.dll
+ 2010-12-17 05:54 . 2010-12-17 05:54 119296 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\03324d70889f19abefe6d6bf094fbc0b\WindowsLive.Writer.FileDestinations.ni.dll
+ 2010-12-17 05:54 . 2010-12-17 05:54 223232 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Client\f3216949ba2ade4fe1604f53e31c4fa4\WindowsLive.Client.ni.dll
- 2010-08-06 15:19 . 2010-08-06 15:19 236392 c:\windows\assembly\GAC_MSIL\System.Data.SqlServerCe\9.0.242.0__89845dcd8080cc91\System.Data.SqlServerCe.dll
+ 2010-12-16 22:22 . 2010-12-16 22:22 236392 c:\windows\assembly\GAC_MSIL\System.Data.SqlServerCe\9.0.242.0__89845dcd8080cc91\System.Data.SqlServerCe.dll
+ 2009-07-14 04:45 . 2010-12-17 05:22 5051000 c:\windows\system32\FNTCACHE.DAT
- 2009-07-14 04:45 . 2010-12-16 19:08 3798234 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2009-07-14 04:45 . 2010-12-17 05:28 3798234 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2010-12-16 22:21 . 2010-12-16 22:21 2633728 c:\windows\Installer\b2c434.msi
+ 2010-12-16 22:19 . 2010-12-16 22:19 2149888 c:\windows\Installer\b2c41c.msp
+ 2010-12-16 22:19 . 2010-12-16 22:19 4268032 c:\windows\Installer\b2c411.msi
+ 2010-12-16 22:18 . 2010-12-16 22:18 7407616 c:\windows\Installer\b2c407.msi
+ 2010-12-16 22:18 . 2010-12-16 22:18 1078272 c:\windows\Installer\b2c3f8.msi
+ 2010-12-16 22:18 . 2010-12-16 22:18 6635008 c:\windows\Installer\b2c3ee.msi
+ 2010-12-16 22:01 . 2010-12-16 22:01 1522176 c:\windows\Installer\b2c3e1.msi
+ 2010-12-16 22:17 . 2010-12-16 22:17 6195200 c:\windows\Installer\b2c3d9.msi
+ 2010-12-16 22:17 . 2010-12-16 22:17 6363136 c:\windows\Installer\b2c398.msi
+ 2010-12-16 22:16 . 2010-12-16 22:16 3733504 c:\windows\Installer\b2c386.msp
+ 2010-12-16 22:13 . 2010-12-16 22:13 1819136 c:\windows\Installer\b2c348.msi
+ 2010-12-16 22:13 . 2010-12-16 22:13 3314688 c:\windows\Installer\b2c343.msp
+ 2010-12-16 22:13 . 2010-12-16 22:13 8332288 c:\windows\Installer\b2c327.msi
+ 2010-12-16 22:13 . 2010-12-16 22:13 2958336 c:\windows\Installer\b2c323.msp
+ 2010-12-16 22:13 . 2010-12-16 22:13 8313856 c:\windows\Installer\b2c309.msi
+ 2010-12-16 22:12 . 2010-12-16 22:12 5870080 c:\windows\Installer\b2c305.msp
+ 2010-12-16 22:11 . 2010-12-16 22:11 3734016 c:\windows\Installer\b2c2ea.msi
+ 2010-12-16 22:11 . 2010-12-16 22:11 3664384 c:\windows\Installer\b2c2e6.msi
+ 2010-12-16 22:11 . 2010-12-16 22:11 2310656 c:\windows\Installer\b2c2e2.msi
+ 2010-12-16 22:10 . 2010-12-16 22:10 1139712 c:\windows\Installer\b2c2de.msp
+ 2010-12-16 22:10 . 2010-12-16 22:10 4004864 c:\windows\Installer\b2c2d2.msi
+ 2010-12-16 22:08 . 2010-12-16 22:08 2343936 c:\windows\Installer\b2c2c1.msi
+ 2010-12-16 22:08 . 2010-12-16 22:08 4680704 c:\windows\Installer\b2c2bd.msi
+ 2010-12-16 22:01 . 2010-12-16 22:01 2932736 c:\windows\Installer\b2c2b9.msp
+ 2010-12-16 22:01 . 2010-12-16 22:01 7710720 c:\windows\Installer\b2c2a5.msi
+ 2010-12-16 22:01 . 2010-12-16 22:01 4427776 c:\windows\Installer\b2c2a1.msp
+ 2010-12-16 22:00 . 2010-12-16 22:00 9433088 c:\windows\Installer\b2c292.msi
+ 2010-12-16 22:06 . 2010-12-16 22:06 2856448 c:\windows\Installer\b2c286.msi
+ 2010-12-16 22:05 . 2010-12-16 22:05 2081792 c:\windows\Installer\b2c275.msi
+ 2010-12-16 22:05 . 2010-12-16 22:05 4227072 c:\windows\Installer\b2c271.msi
+ 2010-12-16 22:04 . 2010-12-16 22:04 8810496 c:\windows\Installer\b2c26d.msi
+ 2010-09-22 23:17 . 2010-09-22 23:17 2668392 c:\windows\Installer\$PatchCache$\Managed\F132F0B0A6ECD384AA32773B467F9571\15.4.3502\startupres.dll
+ 2010-09-22 23:17 . 2010-09-22 23:17 1204584 c:\windows\Installer\$PatchCache$\Managed\B88C26EFB524EDB4B807DCA53E8B1367\15.4.3502\wlarp.exe
+ 2010-09-22 23:32 . 2010-09-22 23:32 1378160 c:\windows\Installer\$PatchCache$\Managed\B6ACDB9A3563B764CA384963D73AFB3E\15.4.3502\WLXMediaPublishSubscribe.dll
+ 2010-09-22 23:32 . 2010-09-22 23:32 1245552 c:\windows\Installer\$PatchCache$\Managed\766F6333940964D4896BC447E3BE5C1B\15.4.3502\WLXPhotoVoyager.dll
+ 2010-09-22 23:32 . 2010-09-22 23:32 1342320 c:\windows\Installer\$PatchCache$\Managed\766F6333940964D4896BC447E3BE5C1B\15.4.3502\WLXPhotoViewer.dll
+ 2010-09-22 23:32 . 2010-09-22 23:32 1877872 c:\windows\Installer\$PatchCache$\Managed\766F6333940964D4896BC447E3BE5C1B\15.4.3502\WLXPhotoAcq.dll
+ 2010-09-22 23:32 . 2010-09-22 23:32 4824432 c:\windows\Installer\$PatchCache$\Managed\766F6333940964D4896BC447E3BE5C1B\15.4.3502\WLXFaceRecognition.dll
+ 2010-09-22 23:32 . 2010-09-22 23:32 1507184 c:\windows\Installer\$PatchCache$\Managed\766F6333940964D4896BC447E3BE5C1B\15.4.3502\WLXAlbumDownloadWizardResources.dll
+ 2010-09-22 23:32 . 2010-09-22 23:32 7559024 c:\windows\Installer\$PatchCache$\Managed\766F6333940964D4896BC447E3BE5C1B\15.4.3502\Imaging.dll
+ 2010-09-22 22:28 . 2010-09-22 22:28 1043312 c:\windows\Installer\$PatchCache$\Managed\3D04254D3B6B9FF42B3445CE3E1E0066\15.4.3502\LivePlatform.dll
+ 2010-12-17 05:54 . 2010-12-17 05:54 1284608 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\d783923e055b112114e04e4b1ebf0296\WindowsLive.Writer.ApplicationFramework.ni.dll
+ 2010-12-17 05:54 . 2010-12-17 05:54 7024640 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\a818d0aa43943a6eae53b655cadbb7a6\WindowsLive.Writer.PostEditor.ni.dll
+ 2010-12-17 05:54 . 2010-12-17 05:54 2193408 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\8c7b067812c1400dafd0b6845b4ddc5a\WindowsLive.Writer.CoreServices.ni.dll
+ 2010-12-17 05:54 . 2010-12-17 05:54 1346560 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\3fa850dcd55a5b33c8538bb6071c21a0\WindowsLive.Writer.Localization.ni.dll
- 2009-07-14 02:34 . 2010-12-16 19:25 10223616 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
+ 2009-07-14 02:34 . 2010-12-17 05:37 10223616 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
+ 2010-12-16 22:16 . 2010-12-16 22:16 11846656 c:\windows\Installer\b2c37d.msi
+ 2010-12-16 22:14 . 2010-12-16 22:14 14617088 c:\windows\Installer\b2c378.msp
+ 2010-12-16 22:14 . 2010-12-16 22:14 34193408 c:\windows\Installer\b2c34c.msi
+ 2010-12-16 22:11 . 2010-12-16 22:11 13850624 c:\windows\Installer\b2c2ee.msi
.
-- Snímek resetován k současnému datu --
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PlayNC Launcher"="" [N/A]
"Infium"="c:\qip 2010\qip.exe" [2010-11-08 5837264]
"QIP Internet Guardian"="c:\users\Svasik\AppData\Roaming\QipGuard\QipGuard.exe" [2010-11-08 193488]
"ABUNINSTALLEX"="c:\programdata\ab studio\ABUnInstallEx.exe" [2007-07-03 263664]
"AdobeBridge"="" [N/A]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2009-10-27 6998656]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2009-08-20 170624]
"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"Setwallpaper"="c:\programdata\SetWallpaper.cmd" [N/A]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"AdobeCS4ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]

c:\users\Svasik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
CodeMeter Control Center.lnk - c:\program files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe [2009-8-19 6348800]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Akceler tor spuçtŘnˇ AutoCADu.lnk - c:\program files (x86)\Common Files\Autodesk Shared\acstart17.exe [2006-3-5 11000]
FancyStart daemon.lnk - c:\windows\Installer\{F0DF4513-3C4C-4EB8-8012-2C5F70AF3988}\_A1DDD39913A1970387B7B3.exe [2010-3-24 12862]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-23 135664]
R2 OMSI download service;Sony Ericsson OMSI download service;c:\program files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [2009-04-30 90112]
R2 QipGuard;QipGuard;c:\program files (x86)\QipGuard\QipGuard.exe [2010-11-08 193488]
R3 AbSoftMgr4;AbSoftMgr4;c:\program files\Common Files\AB Studio Shared\AbSoftMgr4.exe [2009-02-26 1039360]
R3 nmwcdcx64;Nokia USB Generic;c:\windows\system32\drivers\ccdcmbox64.sys [2010-02-26 25088]
R3 nmwcdx64;Nokia USB Phone Parent;c:\windows\system32\drivers\ccdcmbx64.sys [2010-02-26 19456]
R3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-06-25 35344]
R3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\DRIVERS\s1018bus.sys [2009-03-25 113704]
R3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s1018mdfl.sys [2009-03-25 19496]
R3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s1018mdm.sys [2009-03-25 153128]
R3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s1018mgmt.sys [2009-03-25 133160]
R3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\DRIVERS\s1018nd5.sys [2009-03-25 34856]
R3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s1018obex.sys [2009-03-25 128552]
R3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\DRIVERS\s1018unic.sys [2009-03-25 146472]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [2009-06-10 56832]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2010-08-08 1255736]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-22 61976]
R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [2009-03-30 311656]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 427880]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-09-12 52856]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-08-10 834544]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2010-04-28 139704]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [2009-09-17 359552]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-03 15416]
S2 CodeMeter.exe;CodeMeter Runtime Server;c:\program files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe [2009-08-19 1705280]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2010-06-24 166984]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe [2010-07-02 810144]
S2 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [2010-04-28 50600]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2009-10-15 117760]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2010-06-21 131688]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-06-23 344680]
S3 SPUVCbv;SPUVCb Driver Service;c:\windows\system32\Drivers\SPUVCbv_x64.sys [2010-01-31 2495944]

.
Obsah adresáře 'Naplánované úlohy'

2010-12-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-23 23:39]

2010-12-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-23 23:39]
.

--------- x86-64 -----------

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"
[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]
2009-11-26 05:49 70656 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{64174815-8D98-4CE6-8646-4C039977D808}"
[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]
2009-11-26 05:49 70656 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ASUS WebStorage"="c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe" [2009-12-24 1736704]
"ETDWare"="c:\program files\Elantech\ETDCtrl.exe" [2009-09-30 621440]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2009-09-01 323584]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2010-07-02 2903688]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SYSTEM32\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

Toolbar-Locked - (no file)

.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-3175219004-2469363593-196463747-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"

[HKEY_USERS\S-1-5-21-3175219004-2469363593-196463747-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"

[HKEY_USERS\S-1-5-21-3175219004-2469363593-196463747-1000\Software\SecuROM\License information*]
"datasecu"=hex:09,95,a6,bc,88,70,28,4f,8d,4b,4f,9f,6a,83,2c,0e,b6,9c,b9,ad,06,
a6,bf,96,1b,b6,93,1b,c9,84,1a,00,a4,e5,61,1f,85,28,63,f6,68,de,66,5b,52,fc,\
"rkeysecu"=hex:5d,f3,42,92,98,94,a2,e5,87,4e,27,80,74,8c,9b,da

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Celkový čas: 2010-12-17 07:08:05
ComboFix-quarantined-files.txt 2010-12-17 06:08
ComboFix2.txt 2010-12-16 21:18
ComboFix3.txt 2010-12-15 22:23

Před spuštěním: Volných bajtů: 12 193 980 416
Po spuštění: Volných bajtů: 11 822 649 344

- - End Of File - - 01BBA93BF6B8BE666B836962E8A7D2E4

Příspěvekod **jaro3** » 23 pro 2010 21:13

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

KillAll::
File::
c:\windows\iun6002.exe
c:\windows\system32\perfh009.dat
c:\windows\system32\perfh005.dat
c:\windows\system32\perfc009.dat
c:\windows\system32\perfc005.dat

RenV::
c:\program files (x86)\NCSoft\Lineage II\original_system\L2 .exe

RegNull::
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

RegLock::
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

Upozornění : Může se stát, že po aplikaci skriptu a restartu počítače Windows nenaběhnou, pak znovu restartuj počítač, mačkej F8 a pak zvol poslední známou funkční konfiguraci.

svasik · Příspěvekod **svasik** » 24 pro 2010 15:08

ComboFix 10-12-23.05 - Svasik 24.12.2010 14:24:20.4.2 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1250.420.1029.18.4095.2858 [GMT 1:00]
Spuštěný z: c:\users\Svasik\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Svasik\Desktop\CFScript.txt
AV: ESET Smart Security 4.2 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
FW: ESET personal firewall *Disabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
SP: ESET Smart Security 4.2 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FILE ::
"c:\windows\iun6002.exe"
"c:\windows\system32\perfc005.dat"
"c:\windows\system32\perfc009.dat"
"c:\windows\system32\perfh005.dat"
"c:\windows\system32\perfh009.dat"
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\iun6002.exe

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-11-24 do 2010-12-24 )))))))))))))))))))))))))))))))
.

2010-12-24 13:38 . 2010-12-24 13:38 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-12-24 10:20 . 2010-11-10 05:35 8199504 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0D573DE6-F70A-4B44-ADBB-57A13E52AD1F}\mpengine.dll
2010-12-24 10:06 . 2010-12-24 10:17 -------- d-----w- c:\users\Svasik\AppData\Roaming\vlc
2010-12-19 18:28 . 2010-12-19 18:28 -------- d-----w- c:\program files (x86)\3DJournal - FREE
2010-12-17 16:34 . 2010-12-17 16:34 -------- d-----w- c:\users\Svasik\AppData\Local\{224D4DB8-B8D7-4E61-90FB-9916471DDF8E}
2010-12-17 16:34 . 2010-12-17 16:34 -------- d-----w- c:\users\Svasik\AppData\Roaming\Windows Live Writer
2010-12-17 16:34 . 2010-12-17 16:34 -------- d-----w- c:\users\Svasik\AppData\Local\Windows Live Writer
2010-12-17 14:25 . 2010-12-17 14:25 -------- d-----w- c:\users\Svasik\AppData\Local\{1D3DEB6D-7CB8-4E0E-8D16-DB076DCF1C98}
2010-12-16 22:38 . 2010-12-16 22:38 -------- d-----w- c:\users\Svasik\AppData\Local\{05342B5F-665D-4C38-8C02-5F57C20669B6}
2010-12-16 22:26 . 2010-12-16 22:26 -------- d-----w- c:\windows\cs
2010-12-16 22:15 . 2010-12-16 22:15 -------- d-----w- c:\windows\PCHEALTH
2010-12-16 22:13 . 2010-12-16 22:16 -------- d-----w- c:\program files\Windows Live
2010-12-16 22:06 . 2010-08-11 04:44 2983424 ----a-w- c:\windows\SysWow64\UIRibbon.dll
2010-12-16 22:06 . 2010-08-11 04:35 1164800 ----a-w- c:\windows\SysWow64\UIRibbonRes.dll
2010-12-16 22:04 . 2010-12-16 22:04 15712 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\307c65701cb9d6d0b\MeshBetaRemover.exe
2010-12-16 22:04 . 2010-12-16 22:04 94040 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\254685f01cb9d6d0a\DSETUP.dll
2010-12-16 22:04 . 2010-12-16 22:04 525656 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\254685f01cb9d6d0a\DXSETUP.exe
2010-12-16 22:04 . 2010-12-16 22:04 1691480 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\254685f01cb9d6d0a\dsetup32.dll
2010-12-16 22:03 . 2010-12-16 22:03 94040 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\f4c74801cb9d6d09\DSETUP.dll
2010-12-16 22:03 . 2010-12-16 22:03 525656 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\f4c74801cb9d6d09\DXSETUP.exe
2010-12-16 22:03 . 2010-12-16 22:03 1691480 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\f4c74801cb9d6d09\dsetup32.dll
2010-12-16 22:00 . 2010-12-17 16:33 -------- d-----w- c:\users\Svasik\AppData\Local\Windows Live
2010-12-16 20:39 . 2010-12-16 20:40 -------- d-----w- c:\program files\Virtual DJ
2010-12-16 13:00 . 1996-10-31 11:47 22288 ----a-w- c:\windows\SysWow64\temp.004
2010-12-16 13:00 . 2010-12-16 13:00 -------- d-----w- c:\windows\SysWow64\BACKUP
2010-12-16 13:00 . 1997-07-19 14:55 1347344 ----a-w- c:\windows\SysWow64\MSVBVM50.DLL
2010-12-16 13:00 . 1997-07-07 10:33 109056 ----a-w- c:\windows\SysWow64\UNINSTAL.EXE
2010-12-16 13:00 . 1997-05-19 07:08 492304 ----a-w- c:\windows\SysWow64\temp.001
2010-12-16 13:00 . 1997-05-19 07:08 16896 ----a-w- c:\windows\SysWow64\temp.003
2010-12-16 13:00 . 1997-05-19 07:08 114960 ----a-w- c:\windows\SysWow64\temp.002
2010-12-16 13:00 . 1997-05-19 07:08 118544 ----a-w- c:\windows\SysWow64\temp.000
2010-12-16 08:34 . 2010-12-16 08:34 -------- d-----w- c:\users\Svasik\AppData\Roaming\IGN_DLM
2010-12-16 08:29 . 2010-12-16 08:29 -------- d-sh--w- c:\users\Svasik\PrivacIE
2010-12-16 08:29 . 2010-12-16 08:29 -------- d-sh--w- c:\users\Svasik\IECompatCache
2010-12-15 19:31 . 2010-12-15 19:36 -------- d-----w- c:\users\Svasik\DoctorWeb
2010-12-15 19:21 . 2010-12-15 19:21 -------- d-----w- c:\users\Svasik\AppData\Roaming\Malwarebytes
2010-12-15 19:21 . 2010-11-29 16:42 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2010-12-15 19:21 . 2010-12-15 19:21 -------- d-----w- c:\programdata\Malwarebytes
2010-12-15 19:21 . 2010-12-15 20:23 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2010-12-15 05:55 . 2010-12-15 05:55 388096 ----a-r- c:\users\Svasik\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-12-15 05:55 . 2010-12-15 05:55 -------- d-----w- c:\program files (x86)\Trend Micro
2010-12-13 05:40 . 2010-12-13 05:40 -------- d-----w- C:\ASUS WebStorage
2010-12-12 14:08 . 2009-07-22 08:17 50200 ----a-w- c:\windows\SysWow64\perf-SQLAgent$SQLEXPRESS-sqlagtctr10.1.2531.0.dll
2010-12-12 14:08 . 2009-07-22 08:17 79896 ----a-w- c:\windows\SysWow64\perf-MSSQL$SQLEXPRESS-sqlctr10.1.2531.0.dll
2010-12-12 14:04 . 2010-12-12 14:04 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio 9.0
2010-12-12 14:04 . 2010-12-12 14:04 -------- d-----w- c:\program files\Microsoft Visual Studio 9.0
2010-12-12 14:04 . 2010-12-12 14:04 -------- d-----w- c:\windows\SysWow64\1033
2010-12-12 14:03 . 2010-12-12 14:03 -------- d-----w- c:\program files\Microsoft.NET
2010-12-12 14:01 . 2010-12-12 14:04 -------- d-----w- c:\program files (x86)\Microsoft SQL Server
2010-12-12 14:00 . 2010-12-12 14:05 -------- d-----w- c:\program files\Microsoft SQL Server
2010-12-12 13:58 . 2010-12-12 13:58 -------- d-----w- c:\program files\Microsoft Synchronization Services
2010-12-12 13:58 . 2010-12-12 13:58 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2010-12-12 13:58 . 2010-12-12 13:58 -------- d-----w- c:\program files (x86)\Microsoft Synchronization Services
2010-12-12 13:57 . 2010-12-12 13:57 112832 ----a-w- c:\programdata\Microsoft\VCExpress\10.0\1033\ResourceCache.dll
2010-12-12 13:53 . 2010-12-12 13:53 -------- d-----w- c:\program files (x86)\Common Files\Merge Modules
2010-12-12 13:53 . 2010-12-12 13:54 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio 10.0
2010-12-12 13:52 . 2010-12-12 13:52 -------- d-----w- c:\windows\symbols
2010-12-12 13:52 . 2010-12-12 13:52 -------- d-----w- c:\program files\Microsoft Visual Studio 10.0
2010-12-12 13:52 . 2010-12-12 13:52 -------- d-----w- c:\program files\Microsoft Help Viewer
2010-12-12 13:52 . 2010-12-12 13:52 -------- d-----w- c:\program files (x86)\Microsoft SDKs
2010-12-12 11:27 . 2009-04-06 08:08 5174 ----a-w- c:\windows\SysWow64\nppt9x.vxd
2010-12-12 11:27 . 2009-04-06 08:08 4682 ----a-w- c:\windows\SysWow64\npptNT2.sys
2010-12-10 10:03 . 2010-12-10 10:52 -------- d-----w- c:\program files\Valve Hammer Editor
2010-12-08 17:58 . 2010-12-08 17:58 -------- d-----w- c:\programdata\Electronic Arts
2010-12-08 17:58 . 2010-12-08 17:58 -------- d-----w- c:\programdata\EA Core
2010-12-08 16:18 . 2010-02-04 09:01 74072 ----a-w- c:\windows\SysWow64\XAPOFX1_4.dll
2010-12-08 16:18 . 2010-02-04 09:01 528216 ----a-w- c:\windows\SysWow64\XAudio2_6.dll
2010-12-08 16:18 . 2010-02-04 09:01 238936 ----a-w- c:\windows\SysWow64\xactengine3_6.dll
2010-12-08 16:18 . 2010-02-04 09:01 22360 ----a-w- c:\windows\SysWow64\X3DAudio1_7.dll
2010-12-08 16:18 . 2009-09-04 16:44 515416 ----a-w- c:\windows\SysWow64\XAudio2_5.dll
2010-12-08 16:18 . 2009-09-04 16:44 238936 ----a-w- c:\windows\SysWow64\xactengine3_5.dll
2010-12-08 16:18 . 2009-09-04 16:29 1974616 ----a-w- c:\windows\SysWow64\D3DCompiler_42.dll
2010-12-08 16:18 . 2009-09-04 16:29 5501792 ----a-w- c:\windows\SysWow64\d3dcsx_42.dll
2010-12-08 16:18 . 2009-09-04 16:29 235344 ----a-w- c:\windows\SysWow64\d3dx11_42.dll
2010-12-08 16:18 . 2009-09-04 16:29 453456 ----a-w- c:\windows\SysWow64\d3dx10_42.dll
2010-12-08 16:17 . 2009-03-09 14:27 453456 ----a-w- c:\windows\SysWow64\d3dx10_41.dll
2010-12-08 16:17 . 2009-03-09 14:27 1846632 ----a-w- c:\windows\SysWow64\D3DCompiler_41.dll
2010-12-08 16:15 . 2008-07-10 10:00 3851784 ----a-w- c:\windows\SysWow64\D3DX9_39.dll
2010-12-08 16:14 . 2007-01-24 14:27 255848 ----a-w- c:\windows\SysWow64\xactengine2_6.dll
2010-12-08 16:13 . 2005-05-26 14:34 2297552 ----a-w- c:\windows\SysWow64\d3dx9_26.dll
2010-12-08 16:06 . 2010-12-08 16:06 -------- d-----w- c:\programdata\Solidshield
2010-12-08 15:23 . 2001-03-08 16:22 119296 ------r- c:\windows\SysWow64\nslock15vb6.ocx
2010-12-08 15:23 . 2001-05-23 16:30 49152 ------r- c:\windows\SysWow64\WaveToText.ocx
2010-12-08 15:23 . 2001-05-04 12:05 290869 ----a-w- c:\windows\SysWow64\msvcrt.001
2010-12-08 15:23 . 1998-05-06 23:00 174352 ----a-w- c:\windows\SysWow64\Riched32.001
2010-12-08 15:23 . 2000-05-22 15:58 198848 ----a-w- c:\windows\SysWow64\Mci32.ocx
2010-12-08 15:23 . 1998-05-30 23:00 22288 ----a-w- c:\windows\SysWow64\Comcat.001
2010-12-08 15:23 . 2000-01-19 22:11 614672 ----a-w- c:\windows\SysWow64\oleaut32.001
2010-12-08 15:22 . 2010-12-08 15:23 -------- d-----w- c:\windows\VoiceExplorer
2010-12-08 15:22 . 2010-12-08 15:28 -------- d-----w- c:\program files (x86)\Voice
2010-12-08 15:19 . 2010-12-08 15:19 796672 ----a-w- c:\windows\GPInstall.exe
2010-12-08 10:50 . 2008-05-30 13:11 467984 ----a-w- c:\windows\SysWow64\d3dx10_38.dll
2010-12-08 10:50 . 2008-05-30 13:11 1491992 ----a-w- c:\windows\SysWow64\D3DCompiler_38.dll
2010-12-08 10:50 . 2008-05-30 13:11 3850760 ----a-w- c:\windows\SysWow64\D3DX9_38.dll
2010-12-08 10:50 . 2007-07-19 17:14 444776 ----a-w- c:\windows\SysWow64\d3dx10_35.dll
2010-12-08 10:50 . 2007-07-19 17:14 1358192 ----a-w- c:\windows\SysWow64\D3DCompiler_35.dll
2010-12-08 10:50 . 2007-07-19 17:14 3727720 ----a-w- c:\windows\SysWow64\d3dx9_35.dll
2010-11-29 14:43 . 2010-12-01 20:49 -------- d-----w- c:\program files (x86)\yBook
2010-11-25 18:31 . 2010-11-25 18:31 -------- d-----w- C:\PFiles

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-11 17:47 . 2010-09-13 14:52 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\Markup.dll
2010-12-11 17:46 . 2010-09-20 14:31 484160 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2010-12-04 15:08 . 2010-08-06 15:20 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2010-11-14 15:35 . 2010-11-14 15:21 2829 ----a-w- c:\windows\War3Unin.pif
2010-11-14 15:35 . 2010-11-14 15:21 139264 ----a-w- c:\windows\War3Unin.exe
2010-11-10 01:28 . 2010-11-10 01:28 301936 ----a-w- c:\windows\WLXPGSS.SCR
2010-10-26 16:42 . 2010-08-06 15:20 484160 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2010-10-12 08:23 . 2010-10-12 08:23 66872 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2010-10-07 17:50 . 2010-10-07 17:50 9216 ----a-r- c:\users\Svasik\AppData\Roaming\Microsoft\Installer\{7139D34E-5261-458E-96DC-9643D04356CB}\IconTmpl8.1992E333_D17A_448B_8484_ED047109D182.exe
2010-10-07 17:50 . 2010-10-07 17:50 8192 ----a-r- c:\users\Svasik\AppData\Roaming\Microsoft\Installer\{7139D34E-5261-458E-96DC-9643D04356CB}\IconTmpl1.108DF49C_3AB4_4A7D_B6FD_8B6286B317FA.exe
2010-10-07 17:50 . 2010-10-07 17:50 54784 ----a-r- c:\users\Svasik\AppData\Roaming\Microsoft\Installer\{7139D34E-5261-458E-96DC-9643D04356CB}\IconTmpl10.1992E333_D17A_448B_8484_ED047109D182.exe
2010-10-07 17:50 . 2010-10-07 17:50 14848 ----a-r- c:\users\Svasik\AppData\Roaming\Microsoft\Installer\{7139D34E-5261-458E-96DC-9643D04356CB}\IconTmpl6.1992E333_D17A_448B_8484_ED047109D182.exe
.

((((((((((((((((((((((((((((( SnapShot_2010-12-17_06.04.04 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-08-07 00:06 . 2010-12-17 10:58 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-08-07 00:06 . 2010-12-16 22:07 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-08-07 00:06 . 2010-12-17 10:58 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-08-07 00:06 . 2010-12-16 22:07 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2010-12-16 22:07 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2010-12-17 10:58 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 02:36 . 2010-12-18 14:04 717564 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2010-12-16 22:32 717564 c:\windows\system32\perfh009.dat
+ 2009-08-03 20:00 . 2010-12-18 14:04 731860 c:\windows\system32\perfh005.dat
- 2009-08-03 20:00 . 2010-12-16 22:32 731860 c:\windows\system32\perfh005.dat
+ 2009-07-14 02:36 . 2010-12-18 14:04 145586 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2010-12-16 22:32 145586 c:\windows\system32\perfc009.dat
- 2009-08-03 20:00 . 2010-12-16 22:32 164614 c:\windows\system32\perfc005.dat
+ 2009-08-03 20:00 . 2010-12-18 14:04 164614 c:\windows\system32\perfc005.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Infium"="c:\qip 2010\qip.exe" [2010-11-08 5837264]
"QIP Internet Guardian"="c:\users\Svasik\AppData\Roaming\QipGuard\QipGuard.exe" [2010-11-08 193488]
"ABUNINSTALLEX"="c:\programdata\ab studio\ABUnInstallEx.exe" [2007-07-03 263664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2009-10-27 6998656]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2009-08-20 170624]
"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"AdobeCS4ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]

c:\users\Svasik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
CodeMeter Control Center.lnk - c:\program files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe [2009-8-19 6348800]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Akceler tor spuçtŘnˇ AutoCADu.lnk - c:\program files (x86)\Common Files\Autodesk Shared\acstart17.exe [2006-3-5 11000]
FancyStart daemon.lnk - c:\windows\Installer\{F0DF4513-3C4C-4EB8-8012-2C5F70AF3988}\_A1DDD39913A1970387B7B3.exe [2010-3-24 12862]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-23 135664]
R3 AbSoftMgr4;AbSoftMgr4;c:\program files\Common Files\AB Studio Shared\AbSoftMgr4.exe [2009-02-26 1039360]
R3 nmwcdcx64;Nokia USB Generic;c:\windows\system32\drivers\ccdcmbox64.sys [2010-02-26 25088]
R3 nmwcdx64;Nokia USB Phone Parent;c:\windows\system32\drivers\ccdcmbx64.sys [2010-02-26 19456]
R3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-06-25 35344]
R3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\DRIVERS\s1018bus.sys [2009-03-25 113704]
R3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s1018mdfl.sys [2009-03-25 19496]
R3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s1018mdm.sys [2009-03-25 153128]
R3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s1018mgmt.sys [2009-03-25 133160]
R3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\DRIVERS\s1018nd5.sys [2009-03-25 34856]
R3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s1018obex.sys [2009-03-25 128552]
R3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\DRIVERS\s1018unic.sys [2009-03-25 146472]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [2009-06-10 56832]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2010-08-08 1255736]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-22 61976]
R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [2009-03-30 311656]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 427880]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-09-12 52856]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-08-10 834544]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2010-04-28 139704]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [2009-09-17 359552]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-03 15416]
S2 CodeMeter.exe;CodeMeter Runtime Server;c:\program files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe [2009-08-19 1705280]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2010-06-24 166984]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe [2010-07-02 810144]
S2 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [2010-04-28 50600]
S2 OMSI download service;Sony Ericsson OMSI download service;c:\program files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [2009-04-30 90112]
S2 QipGuard;QipGuard;c:\program files (x86)\QipGuard\QipGuard.exe [2010-11-08 193488]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2009-10-15 117760]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2010-06-21 131688]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-06-23 344680]
S3 SPUVCbv;SPUVCb Driver Service;c:\windows\system32\Drivers\SPUVCbv_x64.sys [2010-01-31 2495944]

.
Obsah adresáře 'Naplánované úlohy'

2010-12-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-23 23:39]

2010-12-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-23 23:39]
.

--------- x86-64 -----------

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"
[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]
2009-11-26 05:49 70656 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{64174815-8D98-4CE6-8646-4C039977D808}"
[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]
2009-11-26 05:49 70656 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ASUS WebStorage"="c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe" [2009-12-24 1736704]
"ETDWare"="c:\program files\Elantech\ETDCtrl.exe" [2009-09-30 621440]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2009-09-01 323584]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2010-07-02 2903688]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SYSTEM32\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-PlayNC Launcher - (no file)
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
Wow6432Node-HKLM-Run-Setwallpaper - c:\programdata\SetWallpaper.cmd
AddRemove-Cool's_Codec_pack_4.12 - c:\windows\iun6002.exe

.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-3175219004-2469363593-196463747-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"

[HKEY_USERS\S-1-5-21-3175219004-2469363593-196463747-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"

[HKEY_USERS\S-1-5-21-3175219004-2469363593-196463747-1000\Software\SecuROM\License information*]
"datasecu"=hex:09,95,a6,bc,88,70,28,4f,8d,4b,4f,9f,6a,83,2c,0e,b6,9c,b9,ad,06,
a6,bf,96,1b,b6,93,1b,c9,84,1a,00,a4,e5,61,1f,85,28,63,f6,68,de,66,5b,52,fc,\
"rkeysecu"=hex:5d,f3,42,92,98,94,a2,e5,87,4e,27,80,74,8c,9b,da

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Google\Update\1.2.183.39\GoogleCrashHandler.exe
c:\program files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
c:\windows\AsScrPro.exe
c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe
c:\program files\ASUS\NB Probe\SPM\spmgr.exe
.
**************************************************************************
.
Celkový čas: 2010-12-24 15:00:42 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-12-24 14:00
ComboFix2.txt 2010-12-17 06:08
ComboFix3.txt 2010-12-16 21:18
ComboFix4.txt 2010-12-15 22:23

Před spuštěním: Volných bajtů: 12 779 044 864
Po spuštění: Volných bajtů: 12 589 875 200

- - End Of File - - A313BDA7388DCFD879CF293DFFE664CA

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:28:46, on 15.12.2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16671)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
C:\QIP 2010\qip.exe
C:\Windows\AsScrPro.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Users\Svasik\AppData\Roaming\QipGuard\QipGuard.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.qip.ru/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.qip.ru
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://qip.ru
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - - (no file)
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: comments (such as these) may be inserted on individual
O1 - Hosts: 91.121.75.194 L2authd.Lineage2.com l2authd.lineage2.com
O1 - Hosts: 216.107.250.194 nprotect.lineage2.com
O1 - Hosts: nProtect.lineage2.com
O1 - Hosts: 216.107.250.194 nprotect.lineage2.com
O1 - Hosts: nProtect.lineage2.com
O1 - Hosts: 216.107.250.194 nprotect.lineage2.com
O1 - Hosts: nProtect.lineage2.com
O1 - Hosts: 216.107.250.194 nprotect.lineage2.com
O1 - Hosts: nProtect.lineage2.com
O1 - Hosts: 216.107.250.194 nprotect.lineage2.com
O1 - Hosts: nProtect.lineage2.com
O1 - Hosts: 216.107.250.194 nprotect.lineage2.com
O1 - Hosts: nProtect.lineage2.com
O1 - Hosts: 216.107.250.194 nprotect.lineage2.com
O1 - Hosts: nProtect.lineage2.com
O1 - Hosts: 216.107.250.194 nprotect.lineage2.com
O1 - Hosts: nProtect.lineage2.com
O1 - Hosts: 216.107.250.194 nprotect.lineage2.com
O1 - Hosts: nProtect.lineage2.com
O1 - Hosts: 216.107.250.194 nprotect.lineage2.com
O1 - Hosts: nProtect.lineage2.com
O1 - Hosts: 216.107.250.194 nprotect.lineage2.com
O1 - Hosts: nProtect.lineage2.com
O1 - Hosts: 216.107.250.194 nprotect.lineage2.com
O1 - Hosts: nProtect.lineage2.com
O1 - Hosts: 216.107.250.194 nprotect.lineage2.com
O1 - Hosts: nProtect.lineage2.com
O1 - Hosts: 216.107.250.194 nprotect.lineage2.com
O1 - Hosts: nProtect.lineage2.com
O1 - Hosts: 216.107.250.194 nprotect.lineage2.com
O1 - Hosts: nProtect.lineage2.com
O1 - Hosts: 216.107.250.194 nprotect.lineage2.com
O1 - Hosts: nProtect.lineage2.com
O1 - Hosts: 216.107.250.194 nprotect.lineage2.com
O1 - Hosts: nProtect.lineage2.com
O1 - Hosts: 216.107.250.194 nprotect.lineage2.com
O1 - Hosts: nProtect.lineage2.com
O1 - Hosts: 216.107.250.194 nprotect.lineage2.com
O1 - Hosts: nProtect.lineage2.com
O1 - Hosts: 216.107.250.194 nprotect.lineage2.com
O1 - Hosts: nProtect.lineage2.com
O1 - Hosts: 216.107.250.194 nprotect.lineage2.com
O1 - Hosts: nProtect.lineage2.com
O1 - Hosts: 216.107.250.194 nprotect.lineage2.com
O1 - Hosts: nProtect.lineage2.com
O1 - Hosts: 216.107.250.194 nprotect.lineage2.com
O1 - Hosts: nProtect.lineage2.com
O1 - Hosts: 216.107.250.194 nprotect.lineage2.com
O1 - Hosts: nProtect.lineage2.com
O1 - Hosts: 216.107.250.194 nprotect.lineage2.com
O1 - Hosts: nProtect.lineage2.com
O1 - Hosts: 216.107.250.194 nprotect.lineage2.com
O1 - Hosts: nProtect.lineage2.com
O1 - Hosts: 216.107.250.194 nprotect.lineage2.com
O1 - Hosts: nProtect.lineage2.com
O1 - Hosts: 216.107.250.194 nprotect.lineage2.com
O1 - Hosts: nProtect.lineage2.com
O1 - Hosts: 216.107.250.194 nprotect.lineage2.com
O1 - Hosts: nProtect.lineage2.com
O1 - Hosts: 216.107.250.194 nprotect.lineage2.com
O1 - Hosts: nProtect.lineage2.com
O1 - Hosts: 216.107.250.194 nprotect.lineage2.com
O1 - Hosts: nProtect.lineage2.com
O1 - Hosts: 216.107.250.194 nprotect.lineage2.com
O1 - Hosts: nProtect.lineage2.com
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Pomocná služba pro přihlášení ke službě Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: QIPBHO - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Users\Svasik\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
O4 - HKLM\..\Run: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
O4 - HKLM\..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
O4 - HKLM\..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
O4 - HKLM\..\Run: [Setwallpaper] c:\programdata\SetWallpaper.cmd
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [Infium] "C:\QIP 2010\qip.exe" /autorun
O4 - HKCU\..\Run: [QIP Internet Guardian] C:\Users\Svasik\AppData\Roaming\QipGuard\QipGuard.exe /p
O4 - HKCU\..\Run: [ABUNINSTALLEX] c:\programdata\ab studio\ABUnInstallEx.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: CodeMeter Control Center.lnk = C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe
O4 - Global Startup: Akcelerátor spuštění AutoCADu.lnk = C:\Program Files (x86)\Common Files\Autodesk Shared\acstart17.exe
O4 - Global Startup: FancyStart daemon.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Přidat na blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Přidat na blog Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: AbSoftMgr4 - AB Studio - C:\Program Files\Common Files\AB Studio Shared\AbSoftMgr4.exe
O23 - Service: AFBAgent - Unknown owner - C:\Windows\system32\FBAgent.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: ASLDR Service (ASLDRService) - ASUS - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - ASUS - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: CodeMeter Runtime Server (CodeMeter.exe) - WIBU-SYSTEMS AG - C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: Sony Ericsson OMSI download service (OMSI download service) - Unknown owner - C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: QipGuard - Unknown owner - C:\Program Files (x86)\QipGuard\QipGuard.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files (x86)\WinPcap\rpcapd.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: ServiceLayer - Nokia - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 16808 bytes

Příspěvekod **jaro3** » 24 pro 2010 17:09

Log je starý , chci nový:
Scan saved at 16:28:46, on 15.12.2010

ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix /Uninstall

vyčisti systém CCleanerem

a použij i T-Cleaner
smaže vše po Combu,MWAVu atd.-stáhneš>spustíš

Jsou nějaké problémy?

Kontrola logu, děkuji :) Vyřešeno

Kontrola logu, děkuji :) Vyřešeno

Re: Kontrola logu, děkuji :)

Re: Kontrola logu, děkuji :)

Re: Kontrola logu, děkuji :)

Re: Kontrola logu, děkuji :)

Re: Kontrola logu, děkuji :)

Re: Kontrola logu, děkuji :)

Re: Kontrola logu, děkuji :)

Re: Kontrola logu, děkuji :)

Re: Kontrola logu, děkuji :)

Kdo je online