Automatic Updates nefungují

Příspěvekod **jaro3** » 05 srp 2011 14:58

Jo , ale nejsou to soubory , ale programy.

Reklama

mambo158 · Příspěvekod **mambo158** » 05 srp 2011 21:11

ComboFix 11-08-03.03 - marek 05.08.2011 14:58:29.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1250.421.1033.18.3071.2178 [GMT 2:00]
Running from: c:\documents and settings\marek\My Documents\Downloads\ComboFix.exe
Command switches used :: c:\documents and settings\marek\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
FILE ::
"c:\windows\system32\ConduitEngine.tmp"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\LocalService\Local Settings\Application Data\ESET
c:\documents and settings\marek\Application Data\PriceGong
c:\documents and settings\marek\Application Data\PriceGong\Data\1.xml
c:\documents and settings\marek\Application Data\PriceGong\Data\a.xml
c:\documents and settings\marek\Application Data\PriceGong\Data\b.xml
c:\documents and settings\marek\Application Data\PriceGong\Data\c.xml
c:\documents and settings\marek\Application Data\PriceGong\Data\d.xml
c:\documents and settings\marek\Application Data\PriceGong\Data\e.xml
c:\documents and settings\marek\Application Data\PriceGong\Data\f.xml
c:\documents and settings\marek\Application Data\PriceGong\Data\g.xml
c:\documents and settings\marek\Application Data\PriceGong\Data\h.xml
c:\documents and settings\marek\Application Data\PriceGong\Data\i.xml
c:\documents and settings\marek\Application Data\PriceGong\Data\J.xml
c:\documents and settings\marek\Application Data\PriceGong\Data\k.xml
c:\documents and settings\marek\Application Data\PriceGong\Data\l.xml
c:\documents and settings\marek\Application Data\PriceGong\Data\m.xml
c:\documents and settings\marek\Application Data\PriceGong\Data\mru.xml
c:\documents and settings\marek\Application Data\PriceGong\Data\n.xml
c:\documents and settings\marek\Application Data\PriceGong\Data\o.xml
c:\documents and settings\marek\Application Data\PriceGong\Data\p.xml
c:\documents and settings\marek\Application Data\PriceGong\Data\q.xml
c:\documents and settings\marek\Application Data\PriceGong\Data\r.xml
c:\documents and settings\marek\Application Data\PriceGong\Data\s.xml
c:\documents and settings\marek\Application Data\PriceGong\Data\t.xml
c:\documents and settings\marek\Application Data\PriceGong\Data\u.xml
c:\documents and settings\marek\Application Data\PriceGong\Data\v.xml
c:\documents and settings\marek\Application Data\PriceGong\Data\w.xml
c:\documents and settings\marek\Application Data\PriceGong\Data\x.xml
c:\documents and settings\marek\Application Data\PriceGong\Data\y.xml
c:\documents and settings\marek\Application Data\PriceGong\Data\z.xml
c:\documents and settings\marek\Local Settings\Application Data\ESET
c:\documents and settings\NetworkService\Local Settings\Application Data\ESET
c:\program files\ConduitEngine
c:\windows\system32\ConduitEngine.tmp
.
---- Previous Run -------
.
c:\cflog\CrashLog_20101225.txt
c:\cflog\CrashLog_20101228.txt
c:\cflog\CrashLog_20101229.txt
c:\cflog\CrashLog_20101230.txt
c:\cflog\CrashLog_20110101.txt
c:\cflog\CrashLog_20110105.txt
c:\cflog\CrashLog_20110107.txt
c:\cflog\CrashLog_20110114.txt
c:\cflog\CrashLog_20110115.txt
c:\cflog\CrashLog_20110117.txt
c:\cflog\CrashLog_20110128.txt
c:\cflog\CrashLog_20110131.txt
c:\cflog\CrashLog_20110201.txt
c:\cflog\CrashLog_20110202.txt
c:\cflog\CrashLog_20110203.txt
c:\cflog\CrashLog_20110204.txt
c:\cflog\CrashLog_20110206.txt
c:\cflog\CrashLog_20110208.txt
c:\cflog\CrashLog_20110209.txt
c:\cflog\CrashLog_20110210.txt
c:\cflog\CrashLog_20110211.txt
c:\cflog\CrashLog_20110212.txt
c:\cflog\CrashLog_20110213.txt
c:\cflog\CrashLog_20110214.txt
c:\cflog\CrashLog_20110215.txt
c:\cflog\CrashLog_20110216.txt
c:\cflog\CrashLog_20110217.txt
c:\cflog\CrashLog_20110218.txt
c:\cflog\CrashLog_20110219.txt
c:\cflog\CrashLog_20110221.txt
c:\cflog\CrashLog_20110303.txt
c:\cflog\CrashLog_20110305.txt
c:\cflog\CrashLog_20110318.txt
c:\cflog\CrashLog_20110323.txt
c:\documents and settings\All Users\Start Menu\Programs\Internet Explorer.lnk
c:\documents and settings\marek\Application Data\PriceGong\Data\1.xml
c:\documents and settings\marek\Application Data\PriceGong\Data\a.xml
c:\documents and settings\marek\Application Data\PriceGong\Data\b.xml
c:\documents and settings\marek\Application Data\PriceGong\Data\c.xml
c:\documents and settings\marek\Application Data\PriceGong\Data\d.xml
c:\documents and settings\marek\Application Data\PriceGong\Data\e.xml
c:\documents and settings\marek\Application Data\PriceGong\Data\f.xml
c:\documents and settings\marek\Application Data\PriceGong\Data\g.xml
c:\documents and settings\marek\Application Data\PriceGong\Data\h.xml
c:\documents and settings\marek\Application Data\PriceGong\Data\i.xml
c:\documents and settings\marek\Application Data\PriceGong\Data\J.xml
c:\documents and settings\marek\Application Data\PriceGong\Data\k.xml
c:\documents and settings\marek\Application Data\PriceGong\Data\l.xml
c:\documents and settings\marek\Application Data\PriceGong\Data\m.xml
c:\documents and settings\marek\Application Data\PriceGong\Data\mru.xml
c:\documents and settings\marek\Application Data\PriceGong\Data\n.xml
c:\documents and settings\marek\Application Data\PriceGong\Data\o.xml
c:\documents and settings\marek\Application Data\PriceGong\Data\p.xml
c:\documents and settings\marek\Application Data\PriceGong\Data\q.xml
c:\documents and settings\marek\Application Data\PriceGong\Data\r.xml
c:\documents and settings\marek\Application Data\PriceGong\Data\s.xml
c:\documents and settings\marek\Application Data\PriceGong\Data\t.xml
c:\documents and settings\marek\Application Data\PriceGong\Data\u.xml
c:\documents and settings\marek\Application Data\PriceGong\Data\v.xml
c:\documents and settings\marek\Application Data\PriceGong\Data\w.xml
c:\documents and settings\marek\Application Data\PriceGong\Data\x.xml
c:\documents and settings\marek\Application Data\PriceGong\Data\y.xml
c:\documents and settings\marek\Application Data\PriceGong\Data\z.xml
c:\documents and settings\marek\Application Data\Uninstal.exe
c:\documents and settings\marek\Desktop\Setup.exe
c:\program files\messenger\msmsgsin.exe
c:\windows\IsUn0407.exe
c:\windows\system32\hookdll.dll
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
-------\Legacy_XDVA379
-------\Legacy_XDVA380
-------\Legacy_XDVA382
-------\Legacy_XDVA383
-------\Legacy_XDVA384
-------\Legacy_XDVA386
-------\Legacy_XDVA387
-------\Legacy_XDVA388
-------\Service_XDva379
-------\Service_XDva380
-------\Service_XDva382
-------\Service_XDva383
-------\Service_XDva384
-------\Service_XDva386
-------\Service_XDva387
-------\Service_XDva388
.
.
((((((((((((((((((((((((( Files Created from 2011-07-05 to 2011-08-05 )))))))))))))))))))))))))))))))
.
.
2011-08-05 13:06 . 2011-08-05 13:06 28752 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{BC92E789-EAB2-4F83-90AE-C96A4FA6E6EB}\MpKsl74df9f8e.sys
2011-08-05 07:18 . 2011-08-05 07:18 28752 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{BC92E789-EAB2-4F83-90AE-C96A4FA6E6EB}\MpKsl7df59001.sys
2011-08-03 18:25 . 2011-08-03 18:25 -------- d-----w- c:\documents and settings\marek\Application Data\Ventrilo
2011-08-03 11:20 . 2011-07-13 03:39 6881616 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{BC92E789-EAB2-4F83-90AE-C96A4FA6E6EB}\mpengine.dll
2011-08-02 18:40 . 2011-08-02 18:40 -------- d-----w- c:\documents and settings\marek\Application Data\Xfire
2011-08-02 18:40 . 2011-08-02 18:40 -------- d-----w- c:\program files\Xfire
2011-08-02 18:39 . 2011-08-02 18:39 -------- d-----w- c:\program files\Common Files\Steam
2011-08-01 11:42 . 2011-08-01 11:42 -------- d-----w- C:\Fraps
2011-07-28 19:45 . 2011-08-05 13:06 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\LogMeIn Hamachi
2011-07-28 19:45 . 2011-08-03 14:30 -------- d-----w- c:\documents and settings\marek\Local Settings\Application Data\LogMeIn Hamachi
2011-07-28 19:45 . 2011-07-28 19:45 -------- d-----w- c:\program files\LogMeIn Hamachi
2011-07-20 20:09 . 2011-07-20 20:09 -------- d-----w- c:\documents and settings\marek\Local Settings\Application Data\Threat Expert
2011-07-18 09:45 . 2011-07-18 09:45 -------- d-----w- c:\documents and settings\marek\Application Data\SUPERAntiSpyware.com
2011-07-18 09:41 . 2011-08-03 15:13 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-07-18 09:35 . 2011-07-18 09:35 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2011-07-18 09:32 . 2011-08-03 15:12 21064 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-07-18 09:32 . 2011-07-18 09:32 -------- d-----w- c:\program files\Hitman Pro 3.5
2011-07-18 09:32 . 2011-07-18 09:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Hitman Pro
2011-07-18 09:31 . 2011-07-18 09:31 -------- d-----w- c:\documents and settings\marek\Application Data\Malwarebytes
2011-07-18 09:31 . 2011-07-06 17:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-18 09:31 . 2011-07-18 09:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-07-18 09:31 . 2011-07-06 17:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-18 09:31 . 2011-07-18 10:10 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-07-15 09:48 . 2011-07-15 09:48 -------- d-----w- c:\documents and settings\marek\Local Settings\Application Data\Max Secure Software
2011-07-14 12:16 . 2011-07-14 12:44 -------- d-----w- c:\documents and settings\marek\Application Data\Hamachi
2011-07-14 11:26 . 2011-07-14 11:26 -------- d-----w- c:\documents and settings\marek\Local Settings\Application Data\Babylon
2011-07-14 11:26 . 2011-07-14 11:26 -------- d-----w- c:\documents and settings\marek\Application Data\Babylon
2011-07-14 11:26 . 2011-07-14 11:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Babylon
2011-07-13 16:50 . 2011-08-03 20:16 -------- d-----w- c:\documents and settings\marek\Application Data\.minecraft
2011-07-13 08:30 . 2011-07-13 08:30 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Application Updater
2011-07-13 08:26 . 2011-07-13 19:32 -------- d-----w- c:\documents and settings\All Users\Application Data\IObit
2011-07-13 08:26 . 2011-07-13 19:27 -------- d-----w- c:\program files\IObit
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-03 19:19 . 2011-05-13 18:57 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-14 11:43 . 2009-03-13 08:49 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-07-14 11:43 . 2011-01-27 13:13 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-07-13 03:39 . 2010-12-26 07:18 6881616 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-06-02 14:02 . 2003-03-31 12:00 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-05-28 12:56 . 2011-05-28 12:56 65536 ----a-w- c:\windows\system32\frapsvid.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB2509553\SP3QFE\tcpip.sys
[-] 2008-06-20 . 4AFB3B0919649F95C1964AA1FAD27D73 . 361600 . . [5.1.2600.5625] . . c:\windows\$NtUninstallKB2509553$\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
[-] 2008-06-20 . 4AFB3B0919649F95C1964AA1FAD27D73 . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((( SnapShot@2011-08-04_12.04.10 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-08-05 13:06 . 2011-08-05 13:06 16384 c:\windows\temp\Perflib_Perfdata_69c.dat
+ 2005-08-17 10:22 . 2011-08-05 13:08 171483 c:\windows\system32\inetsrv\MetaBase.bin
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Advanced SystemCare 4"="c:\program files\IObit\Advanced SystemCare 4\ASCTray.exe" [2011-05-28 412560]
"msseces.exe"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-06 449584]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-03 435096]
.
c:\documents and settings\marek\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-8-24 101784]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2007-02-05 294400]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0R\0???\0\0M_Finish=Konec
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1644491937-616249376-682003330-1188\Scripts\Logon\0\0]
"Script"=login.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1644491937-616249376-682003330-1225\Scripts\Logon\0\0]
"Script"=login.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1644491937-616249376-682003330-3148\Scripts\Logon\0\0]
"Script"=login.vbs
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2006-09-01 13:57 282624 ----a-w- e:\program files\QuickTime\qttask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Synchronization Manager]
2008-04-14 00:12 143360 ----a-w- c:\windows\system32\mobsync.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Counter-Strike\\hl.exe"=
"c:\\Program Files\\Z8Games\\CrossFire\\CF_G4box.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
.
R1 MpKsl74df9f8e;MpKsl74df9f8e;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{BC92E789-EAB2-4F83-90AE-C96A4FA6E6EB}\MpKsl74df9f8e.sys [5.8.2011 15:06 28752]
R1 MpKsl7df59001;MpKsl7df59001;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{BC92E789-EAB2-4F83-90AE-C96A4FA6E6EB}\MpKsl7df59001.sys [5.8.2011 9:18 28752]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [12.7.2011 23:55 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [12.7.2011 23:55 67664]
R2 AdvancedSystemCareService;Advanced SystemCare Service;c:\program files\IObit\Advanced SystemCare 4\ASCService.exe [13.7.2011 21:27 353168]
R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [25.5.2011 17:29 1336712]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [18.7.2011 11:31 366640]
R2 NCS;Numega Control Service;c:\progra~1\COMPUW~1\PCShared\NCS.EXE [23.8.2005 13:37 45107]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [18.7.2011 11:31 22712]
S1 MpKsl174d4eed;MpKsl174d4eed;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8BB65545-0923-413E-BD06-DD8787978B98}\MpKsl174d4eed.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8BB65545-0923-413E-BD06-DD8787978B98}\MpKsl174d4eed.sys [?]
S1 MpKsl1d3c6dd4;MpKsl1d3c6dd4;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{BC92E789-EAB2-4F83-90AE-C96A4FA6E6EB}\MpKsl1d3c6dd4.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{BC92E789-EAB2-4F83-90AE-C96A4FA6E6EB}\MpKsl1d3c6dd4.sys [?]
S1 MpKsl263a9f09;MpKsl263a9f09;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4724EAE8-3722-4888-B96E-6C48A6F14D2E}\MpKsl263a9f09.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4724EAE8-3722-4888-B96E-6C48A6F14D2E}\MpKsl263a9f09.sys [?]
S1 MpKsl3c8fefe3;MpKsl3c8fefe3;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F9B942C8-AFCD-4676-A93B-6CA07175E380}\MpKsl3c8fefe3.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F9B942C8-AFCD-4676-A93B-6CA07175E380}\MpKsl3c8fefe3.sys [?]
S1 MpKsl6b4a4b7e;MpKsl6b4a4b7e;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4724EAE8-3722-4888-B96E-6C48A6F14D2E}\MpKsl6b4a4b7e.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4724EAE8-3722-4888-B96E-6C48A6F14D2E}\MpKsl6b4a4b7e.sys [?]
S1 MpKsl6c8fb4c6;MpKsl6c8fb4c6;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E7D71074-8161-4BE5-B430-0233AC62D109}\MpKsl6c8fb4c6.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E7D71074-8161-4BE5-B430-0233AC62D109}\MpKsl6c8fb4c6.sys [?]
S1 MpKsl702921f5;MpKsl702921f5;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4724EAE8-3722-4888-B96E-6C48A6F14D2E}\MpKsl702921f5.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4724EAE8-3722-4888-B96E-6C48A6F14D2E}\MpKsl702921f5.sys [?]
S1 MpKsl85b2e1c5;MpKsl85b2e1c5;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E7D71074-8161-4BE5-B430-0233AC62D109}\MpKsl85b2e1c5.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E7D71074-8161-4BE5-B430-0233AC62D109}\MpKsl85b2e1c5.sys [?]
S1 MpKsl90b2957a;MpKsl90b2957a;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4724EAE8-3722-4888-B96E-6C48A6F14D2E}\MpKsl90b2957a.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4724EAE8-3722-4888-B96E-6C48A6F14D2E}\MpKsl90b2957a.sys [?]
S1 MpKsla20c5850;MpKsla20c5850;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{BC92E789-EAB2-4F83-90AE-C96A4FA6E6EB}\MpKsla20c5850.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{BC92E789-EAB2-4F83-90AE-C96A4FA6E6EB}\MpKsla20c5850.sys [?]
S1 MpKsla5b8f81f;MpKsla5b8f81f;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{BC92E789-EAB2-4F83-90AE-C96A4FA6E6EB}\MpKsla5b8f81f.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{BC92E789-EAB2-4F83-90AE-C96A4FA6E6EB}\MpKsla5b8f81f.sys [?]
S1 MpKsla9e72041;MpKsla9e72041;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4724EAE8-3722-4888-B96E-6C48A6F14D2E}\MpKsla9e72041.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4724EAE8-3722-4888-B96E-6C48A6F14D2E}\MpKsla9e72041.sys [?]
S1 MpKslac824ad4;MpKslac824ad4;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{BC92E789-EAB2-4F83-90AE-C96A4FA6E6EB}\MpKslac824ad4.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{BC92E789-EAB2-4F83-90AE-C96A4FA6E6EB}\MpKslac824ad4.sys [?]
S1 MpKslb4f92f1e;MpKslb4f92f1e;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4724EAE8-3722-4888-B96E-6C48A6F14D2E}\MpKslb4f92f1e.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4724EAE8-3722-4888-B96E-6C48A6F14D2E}\MpKslb4f92f1e.sys [?]
S1 MpKsldad4879b;MpKsldad4879b;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{CA72756D-3417-4852-8E7B-EB92D5005A7D}\MpKsldad4879b.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{CA72756D-3417-4852-8E7B-EB92D5005A7D}\MpKsldad4879b.sys [?]
S1 MpKsle3d6094c;MpKsle3d6094c;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{BC92E789-EAB2-4F83-90AE-C96A4FA6E6EB}\MpKsle3d6094c.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{BC92E789-EAB2-4F83-90AE-C96A4FA6E6EB}\MpKsle3d6094c.sys [?]
S1 MpKslf7300e6c;MpKslf7300e6c;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4724EAE8-3722-4888-B96E-6C48A6F14D2E}\MpKslf7300e6c.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4724EAE8-3722-4888-B96E-6C48A6F14D2E}\MpKslf7300e6c.sys [?]
S3 mach5;mach5;c:\windows\system32\mach5.sys [23.8.2005 13:37 20125]
S3 VNA;Check Point Virtual Network Adapter;c:\windows\system32\drivers\vna.sys [5.7.2005 18:27 108400]
S3 VSPerfDrv90;Performance Tools Driver 9.0;\??\e:\program files\Microsoft Visual Studio 9.0\Team Tools\Performance Tools\VSPerfDrv90.sys --> e:\program files\Microsoft Visual Studio 9.0\Team Tools\Performance Tools\VSPerfDrv90.sys [?]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MPKSL74DF9F8E
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder
.
2011-08-03 c:\windows\Tasks\ASC4_AutoUpdate.job
- c:\program files\IObit\Advanced SystemCare 4\AutoUpdate.exe [2011-07-13 12:46]
.
2011-08-03 c:\windows\Tasks\ASC4_PerformanceMonitor.job
- c:\program files\IObit\Advanced SystemCare 4\PMonitor.exe [2011-07-13 12:46]
.
2011-08-05 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2010-11-11 11:26]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
DPF: Microsoft XML Parser for Java
FF - ProfilePath - c:\documents and settings\marek\Application Data\Mozilla\Firefox\Profiles\0vi9jf7s.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.google.sk/
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: browser.xul.error_pages.enabled - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 3000000
FF - user.js: content.maxtextrun - 8191
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 32
FF - user.js: network.http.max-connections-per-server - 8
FF - user.js: network.http.max-persistent-connections-per-proxy - 8
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - (no file)
BHO-{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - (no file)
Toolbar-{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - (no file)
WebBrowser-{414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3} - (no file)
AddRemove-MinecraftCrack1.0 - c:\minecraftcrack\uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-08-05 15:07
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Toolbar\QuickComplete]
@DACL=(02 0000)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(860)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(3140)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\System32\inetsrv\inetinfo.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\McAfee\Common Framework\FrameworkService.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\program files\VMware\VMware Converter Hosted Agent\vmware-ufad.exe
c:\program files\McAfee\Common Framework\naPrdMgr.exe
c:\program files\McAfee\Common Framework\UdaterUI.exe
c:\program files\McAfee\Common Framework\McTray.exe
.
**************************************************************************
.
Completion time: 2011-08-05 15:14:06 - machine was rebooted
ComboFix-quarantined-files.txt 2011-08-05 13:14
.
Pre-Run: 2 008 879 104 bytes free
Post-Run: 2 021 064 704 bytes free
.
- - End Of File - - BA7B6C104EE8BEA86068E30CC3963751

Příspěvekod **jaro3** » 05 srp 2011 22:18

c:\program files\McAfee--- to sis nainstaloval? Doporučuji odinstalaci.

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

REGEDIT4

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
"BootExecute"=hex(7):61,75,74,6f,63,68,65,63,6b,20,61,75,74,6f,63,68,6b,20,2a,00,00

Zvol uložit na plochu, jako název dej: fix.reg , typ: všechny soubory.
Najdi na ploše tento soubor , poklepej na něj a potvrď do registru.

Jak to vypadá s PC?

mambo158 · Příspěvekod **mambo158** » 06 srp 2011 10:54

Takže :
Po spustení PC musím čakať cca 45 sec. na plochu (najskôr mi to načíta iba obrázok mojej obrazovky ani štart nemám až po 45 sec sa mi načítajú programy) ...

A tie Fix.reg môžem potom vymazať ? [v PC mám ešte nejaké pretože po XP security 2012 (Vírus) sa mi pokazili exe súbory tak tam mám ešte nejaké na ich opravu...]

McAfee nejde odinštalovať cez Add or Remove programs lebo píše že je používaný...

bledulka · Příspěvekod **bledulka** » 06 srp 2011 11:19

Ahoj,
zkus ten program odinstalovat v nouzovém režimu.

Stáhni OTL
http://oldtimer.geekstogo.com/OTL.exe
-do spodního okénka vlož tento skript:

Kód: Vybrat vše

netsvcs
drivers32
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s
c:\windows\*.* /U
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys
symmpi.sys
ndis.sys
winlogon.exe
explorer.exe
userinit.exe
lsass.exe
svchost.exe
smss.exe
hal.dll
ws2_32.dll
/md5stop
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\system32\*.dll /lockedfiles
reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c

-dej fajfku do čtverečku u řádku Pro všechny uživatele
-nech ostatní položky jak je nastaveno na screenu
- potvrď tlačítko Prohledat.
-provede se sken, log OTL.Txt sem vlož

mambo158 · Příspěvekod **mambo158** » 06 srp 2011 12:24

tu to je :

OTL logfile created on: 6.8.2011 12:10:01 - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\marek\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000041B | Country: Slovakia | Language: SKY | Date Format: d.M.yyyy

3,00 Gb Total Physical Memory | 2,19 Gb Available Physical Memory | 72,86% Memory free
2,85 Gb Paging File | 2,26 Gb Available in Paging File | 79,51% Paging File free
Paging file location(s): [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 19,53 Gb Total Space | 1,91 Gb Free Space | 9,79% Space Free | Partition Type: NTFS
Drive E: | 92,26 Gb Total Space | 70,12 Gb Free Space | 76,01% Space Free | Partition Type: NTFS

Computer Name: MAREK-PC | User Name: marek | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011.07.08 09:16:28 | 000,924,632 | ---- | M] (Mozilla Corporation) -- E:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011.07.07 06:47:11 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\marek\My Documents\Downloads\OTL.exe
PRC - [2011.07.06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011.05.28 14:46:56 | 000,803,728 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 4\PMonitor.exe
PRC - [2011.05.28 14:46:56 | 000,412,560 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 4\ASCTray.exe
PRC - [2011.05.28 14:46:56 | 000,353,168 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe
PRC - [2011.05.25 17:29:48 | 001,336,712 | ---- | M] (LogMeIn Inc.) -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
PRC - [2011.05.06 10:07:18 | 000,477,912 | ---- | M] (Auslogics) -- C:\Program Files\Auslogics\Auslogics Disk Defrag\DiskDefrag.exe
PRC - [2010.11.30 14:20:36 | 000,997,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2010.11.11 13:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2009.10.12 14:33:10 | 000,191,024 | ---- | M] (VMware, Inc.) -- C:\Program Files\VMware\VMware Converter Hosted Agent\vmware-ufad.exe
PRC - [2009.01.16 17:00:00 | 000,226,624 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
PRC - [2009.01.16 17:00:00 | 000,136,512 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\UdaterUI.exe
PRC - [2009.01.16 17:00:00 | 000,103,744 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe
PRC - [2009.01.16 17:00:00 | 000,091,456 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\McTray.exe
PRC - [2008.04.14 02:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe
PRC - [2008.04.14 02:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2002.09.20 16:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
PRC - [2001.03.15 02:58:50 | 000,045,107 | ---- | M] (Compuware Corporation - NuMega Lab) -- C:\Program Files\Compuware\PCShared\NCS.exe

========== Modules (SafeList) ==========

MOD - [2011.07.07 06:47:11 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\marek\My Documents\Downloads\OTL.exe
MOD - [2010.08.23 18:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (msvsmon90)
SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2011.07.06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011.05.28 14:46:56 | 000,353,168 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe -- (AdvancedSystemCareService)
SRV - [2011.05.25 17:29:48 | 001,336,712 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2011.03.16 10:42:06 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010.11.11 13:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2009.10.12 14:33:10 | 000,191,024 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files\VMware\VMware Converter Hosted Agent\vmware-ufad.exe -- (ufad-ws60)
SRV - [2009.01.16 17:00:00 | 000,103,744 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework)
SRV - [2008.04.14 02:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (MSFtpsvc)
SRV - [2008.04.14 02:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (IISADMIN)
SRV - [2002.09.20 16:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) [Auto | Running] -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default))
SRV - [2001.04.06 14:57:46 | 000,238,080 | ---- | M] (O&O Software GmbH) [Auto | Stopped] -- C:\WINDOWS\System32\OOD2000.exe -- (OOD2000)
SRV - [2001.03.15 02:58:50 | 000,045,107 | ---- | M] (Compuware Corporation - NuMega Lab) [Auto | Running] -- C:\Program Files\Compuware\PCShared\NCS.exe -- (NCS)
SRV - [1998.06.06 00:00:00 | 000,034,036 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Visual Studio\Common\Tools\VS-Ent98\Vanalyzr\VARPC.EXE -- (Visual Studio Analyzer RPC bridge)

========== Driver Services (SafeList) ==========

DRV - [2011.08.06 11:47:38 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{CB3447AE-FF81-4400-BE71-2A1670959CFD}\MpKsla1736127.sys -- (MpKsla1736127)
DRV - [2011.08.06 11:43:37 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{CB3447AE-FF81-4400-BE71-2A1670959CFD}\MpKsle3c908fd.sys -- (MpKsle3c908fd)
DRV - [2011.08.06 10:41:53 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{CB3447AE-FF81-4400-BE71-2A1670959CFD}\MpKsl19bdbcf4.sys -- (MpKsl19bdbcf4)
DRV - [2011.08.06 10:29:52 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{CB3447AE-FF81-4400-BE71-2A1670959CFD}\MpKsl102b1f91.sys -- (MpKsl102b1f91)
DRV - [2011.07.12 23:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011.07.12 23:55:22 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011.07.06 19:52:42 | 000,022,712 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2009.10.12 14:31:52 | 000,022,448 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Program Files\VMware\VMware Converter Hosted Agent\vstor2-ws60.sys -- (vstor2-ws60)
DRV - [2009.03.18 17:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
DRV - [2009.02.09 08:37:46 | 000,017,664 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2008.09.15 08:56:34 | 000,008,064 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2008.09.15 08:56:24 | 000,008,064 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2008.04.13 20:53:09 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2006.02.21 21:46:26 | 001,505,792 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005.07.05 18:27:18 | 000,108,400 | ---- | M] (Check Point Software Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vna.sys -- (VNA)
DRV - [2005.05.17 04:51:34 | 000,005,315 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2004.06.26 14:22:00 | 000,004,736 | ---- | M] (RDV Soft) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vncdrv.sys -- (vncdrv)
DRV - [2003.11.21 15:20:10 | 000,113,152 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2001.03.15 03:30:58 | 000,020,125 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\mach5.sys -- (mach5)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-796845957-602609370-725345543-1020\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-21-796845957-602609370-725345543-1020\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-796845957-602609370-725345543-1020\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 54 24 EB 31 9F A3 CB 01 [binary data]
IE - HKU\S-1-5-21-796845957-602609370-725345543-1020\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=382950"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.startup.homepage: "http://www.google.sk/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}:3.2.5.2
FF - prefs.js..extensions.enabledItems: {7b13ec3e-999a-4b70-b9cb-2617b8323822}:2.7.1.3
FF - prefs.js..extensions.enabledItems: m3ffxtbr@mywebsearch.com:1.2
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: sk@dictionaries.addons.mozilla.org:2.03.2

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=0.9.8a: E:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0.1\extensions\\Components: E:\Program Files\Mozilla Firefox\components [2011.08.05 20:53:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0.1\extensions\\Plugins: E:\Program Files\Mozilla Firefox\plugins [2011.07.13 21:36:28 | 000,000,000 | ---D | M]

[2010.12.24 20:24:40 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\marek\Application Data\Mozilla\Extensions
[2011.08.06 11:57:37 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\marek\Application Data\Mozilla\Firefox\Profiles\0vi9jf7s.default\extensions
[2010.12.24 21:33:16 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\marek\Application Data\Mozilla\Firefox\Profiles\0vi9jf7s.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.08.03 07:48:53 | 000,000,000 | ---D | M] (Softonic-Eng7 Community Toolbar) -- C:\Documents and Settings\marek\Application Data\Mozilla\Firefox\Profiles\0vi9jf7s.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}
[2011.07.11 14:48:12 | 000,000,000 | ---D | M] (Zynga Community Toolbar) -- C:\Documents and Settings\marek\Application Data\Mozilla\Firefox\Profiles\0vi9jf7s.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
[2011.07.18 21:54:32 | 000,000,000 | ---D | M] (Babylon) -- C:\Documents and Settings\marek\Application Data\Mozilla\Firefox\Profiles\0vi9jf7s.default\extensions\ffxtlbr@babylon.com
[2011.05.18 17:59:52 | 000,000,000 | ---D | M] (SlovnĂky slovenskĂ©ho pravopisu) -- C:\Documents and Settings\marek\Application Data\Mozilla\Firefox\Profiles\0vi9jf7s.default\extensions\sk@dictionaries.addons.mozilla.org
[2011.02.11 22:55:28 | 000,009,924 | ---- | M] () -- C:\Documents and Settings\marek\Application Data\Mozilla\Firefox\Profiles\0vi9jf7s.default\searchplugins\mywebsearch.xml
File not found (No name found) --
() (No name found) -- C:\DOCUMENTS AND SETTINGS\MAREK\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\0VI9JF7S.DEFAULT\EXTENSIONS\{DDC359D1-844A-42A7-9AA1-88A850A938A8}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\MAREK\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\0VI9JF7S.DEFAULT\EXTENSIONS\FASTERFOX_LITE@BIGREDBRENT.XPI
[2011.07.14 13:43:15 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2009.03.13 10:49:55 | 000,000,000 | ---D | M] (Java Console) -- E:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
[2011.01.27 15:13:41 | 000,000,000 | ---D | M] (Java Console) -- E:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011.03.16 15:47:15 | 000,000,000 | ---D | M] (Java Console) -- E:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011.07.14 13:43:35 | 000,000,000 | ---D | M] (Java Console) -- E:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}

O1 HOSTS File: ([2011.08.05 15:06:25 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - E:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (no name) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - No CLSID value found.
O2 - BHO: (no name) - {CE92F0E4-87AD-11D3-B713-00C04F8F6C86} - No CLSID value found.
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKU\S-1-5-21-796845957-602609370-725345543-1020..\Run: [Advanced SystemCare 4] C:\Program Files\IObit\Advanced SystemCare 4\ASCTray.exe (IObit)
O4 - HKU\S-1-5-21-796845957-602609370-725345543-1020..\Run: [msseces.exe] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoComputersNearMe = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disablecad = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-796845957-602609370-725345543-1020\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-796845957-602609370-725345543-1020\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-796845957-602609370-725345543-1020\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetHood = 0
O7 - HKU\S-1-5-21-796845957-602609370-725345543-1020\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoComputersNearMe = 0
O7 - HKU\S-1-5-21-796845957-602609370-725345543-1020\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-796845957-602609370-725345543-1020\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/ ... mv9VCM.CAB (Reg Error: Key error.)
O16 - DPF: {33564D57-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/ ... mv9dmo.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {B4CB50E4-0309-4906-86EA-10B6641C8392} https://213.47.210.152/SNX/extender.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab (Shockwave Flash Object)
O16 - DPF: Microsoft XML Parser for Java Reg Error: Value error. (Reg Error: Key error.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\WINDOWS\TopThemes Wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\TopThemes Wallpaper.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004.10.19 09:33:48 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKU\S-1-5-21-796845957-602609370-725345543-1020..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-796845957-602609370-725345543-1020\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: msacm.voxacm160 - vct3216.acm File not found
Drivers32: MSVideo - vfwwdm32.dll File not found
Drivers32: MSVideo8 - VfWWDM32.dll File not found
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - DivX.dll File not found
Drivers32: VIDC.DRAW - DVIDEO.DLL File not found
Drivers32: VIDC.FPS1 - C:\WINDOWS\System32\frapsvid.dll (Beepa P/L)
Drivers32: vidc.I420 - i420vfw.dll File not found
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.MSUD - msulvc05.dll File not found
Drivers32: VIDC.VP40 - vp4vfw.dll File not found
Drivers32: vidc.VP60 - vp6vfw.dll File not found
Drivers32: vidc.VP61 - vp6vfw.dll File not found
Drivers32: vidc.VP62 - vp6vfw.dll File not found
Drivers32: vidc.VP70 - vp7vfw.dll File not found
Drivers32: VIDC.WMV3 - C:\WINDOWS\System32\wmv9vcm.dll (Microsoft Corporation)
Drivers32: vidc.X264 - x264vfw.dll File not found
Drivers32: VIDC.XFR1 - C:\WINDOWS\System32\xfcodec.dll ()
Drivers32: VIDC.YV12 - yv12vfw.dll File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011.08.06 11:58:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\marek\Application Data\Auslogics
[2011.08.06 11:52:30 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\GroupPolicy
[2011.08.06 11:28:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Wise Registry Cleaner Free
[2011.08.06 11:28:50 | 000,000,000 | ---D | C] -- C:\Program Files\Wise Registry Cleaner
[2011.08.06 11:25:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Auslogics
[2011.08.06 11:25:03 | 000,000,000 | ---D | C] -- C:\Program Files\Auslogics
[2011.08.06 11:18:36 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\marek\Recent
[2011.08.06 11:10:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
[2011.08.06 11:10:50 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011.08.06 11:00:05 | 000,000,000 | ---D | C] -- C:\Program Files\Zrychlenie PC
[2011.08.06 10:58:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\marek\Application Data\IObit
[2011.08.05 20:41:16 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011.08.05 15:05:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011.08.04 13:54:14 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011.08.04 13:51:40 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011.08.04 13:51:40 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011.08.04 13:51:39 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011.08.04 13:51:39 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011.08.04 13:51:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011.08.04 13:49:13 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011.08.04 13:49:08 | 000,000,000 | --SD | C] -- C:\Documents and Settings\marek\Start Menu\Programs\Administrative Tools
[2011.08.03 21:28:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\marek\Start Menu\Programs\Google Chrome
[2011.08.03 20:25:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\marek\Application Data\Ventrilo
[2011.08.02 20:40:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\marek\Application Data\Xfire
[2011.08.02 20:40:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Xfire
[2011.08.02 20:40:06 | 000,000,000 | ---D | C] -- C:\Program Files\Xfire
[2011.08.02 20:39:00 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Steam
[2011.08.01 13:42:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\marek\Start Menu\Programs\Minecraft
[2011.08.01 13:42:22 | 000,000,000 | ---D | C] -- C:\Fraps
[2011.07.28 21:55:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Minecraft
[2011.07.28 21:45:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\marek\Local Settings\Application Data\LogMeIn Hamachi
[2011.07.28 21:45:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\LogMeIn Hamachi
[2011.07.28 21:45:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\LogMeIn Hamachi
[2011.07.28 21:45:27 | 000,000,000 | ---D | C] -- C:\Program Files\LogMeIn Hamachi
[2011.07.28 21:34:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\marek\Desktop\New Folder (3)
[2011.07.20 22:09:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\marek\Local Settings\Application Data\Threat Expert
[2011.07.18 21:54:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\marek\Application Data\BabylonToolbar
[2011.07.18 15:14:07 | 000,600,912 | ---- | C] (Safer Networking Ltd.) -- C:\Documents and Settings\marek\Desktop\SDWinSec.exe
[2011.07.18 11:45:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\marek\Application Data\SUPERAntiSpyware.com
[2011.07.18 11:42:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\marek\Start Menu\Programs\SUPERAntiSpyware
[2011.07.18 11:41:53 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011.07.18 11:35:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2011.07.18 11:32:51 | 000,000,000 | ---D | C] -- C:\Program Files\Hitman Pro 3.5
[2011.07.18 11:32:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2011.07.18 11:31:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\marek\Application Data\Malwarebytes
[2011.07.18 11:31:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.07.18 11:31:43 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011.07.18 11:31:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011.07.18 11:31:34 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011.07.18 11:31:33 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011.07.15 11:48:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\marek\Local Settings\Application Data\Max Secure Software
[2011.07.14 14:16:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\marek\Application Data\Hamachi
[2011.07.14 13:43:33 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011.07.14 13:43:33 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011.07.14 13:43:32 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011.07.14 13:26:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\marek\Local Settings\Application Data\Babylon
[2011.07.14 13:26:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\marek\Application Data\Babylon
[2011.07.14 13:26:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Babylon
[2011.07.13 21:27:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Advanced SystemCare 4
[2011.07.13 18:50:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\marek\Application Data\.minecraft
[2011.07.13 10:26:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Game Booster
[2011.07.13 10:26:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\IObit
[2011.07.13 10:26:10 | 000,000,000 | ---D | C] -- C:\Program Files\IObit
[2010.11.03 12:33:35 | 000,695,296 | ---- | C] (AnjoCaido) -- C:\Documents and Settings\marek\Application Data\MinecraftSP.exe
[2005.11.04 15:10:05 | 000,127,059 | R--- | C] ( ) -- C:\WINDOWS\System32\DSLLK189.dll
[1996.11.13 04:25:44 | 000,018,944 | ---- | C] ( ) -- C:\WINDOWS\System32\implode.dll
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011.08.06 11:52:38 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011.08.06 11:48:12 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011.08.06 11:47:40 | 000,000,270 | ---- | M] () -- C:\WINDOWS\tasks\ASC4_PerformanceMonitor.job
[2011.08.06 11:47:29 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011.08.06 11:29:02 | 000,000,833 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Wise Registry Cleaner.lnk
[2011.08.06 11:25:05 | 000,000,904 | ---- | M] () -- C:\Documents and Settings\marek\Desktop\Auslogics Disk Defrag.lnk
[2011.08.06 11:10:57 | 000,000,687 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2011.08.06 10:27:08 | 000,000,166 | ---- | M] () -- C:\Documents and Settings\marek\Desktop\fix.reg
[2011.08.05 20:53:30 | 000,000,610 | ---- | M] () -- C:\Documents and Settings\marek\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011.08.05 20:53:30 | 000,000,610 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011.08.05 15:06:25 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011.08.04 13:54:23 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011.08.04 13:00:52 | 000,014,848 | ---- | M] () -- C:\Documents and Settings\marek\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.08.03 21:28:59 | 000,002,289 | ---- | M] () -- C:\Documents and Settings\marek\Desktop\Google Chrome.lnk
[2011.08.03 21:28:59 | 000,002,267 | ---- | M] () -- C:\Documents and Settings\marek\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011.08.03 21:19:05 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011.08.03 20:29:50 | 000,002,957 | ---- | M] () -- C:\Documents and Settings\marek\_viminfo
[2011.08.03 18:17:58 | 000,000,838 | ---- | M] () -- C:\Documents and Settings\marek\Desktop\WinASO Registry Optimizer.lnk
[2011.08.03 17:12:35 | 000,021,064 | ---- | M] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2011.08.03 17:00:02 | 000,000,292 | ---- | M] () -- C:\WINDOWS\tasks\ASC4_AutoUpdate.job
[2011.08.02 20:40:21 | 000,000,643 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Xfire.lnk
[2011.08.01 15:40:00 | 003,932,214 | ---- | M] () -- C:\Documents and Settings\marek\Desktop\untitled.bmp
[2011.08.01 13:42:37 | 000,000,483 | ---- | M] () -- C:\Documents and Settings\marek\Desktop\Fraps.lnk
[2011.07.29 14:02:33 | 000,002,283 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2011.07.28 21:45:28 | 000,000,690 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\LogMeIn Hamachi.lnk
[2011.07.18 12:10:51 | 000,000,789 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.07.18 11:42:05 | 000,001,683 | ---- | M] () -- C:\Documents and Settings\marek\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011.07.15 15:44:49 | 000,012,946 | -HS- | M] () -- C:\Documents and Settings\marek\Local Settings\Application Data\inndsakwwyxu
[2011.07.15 15:44:49 | 000,012,946 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\inndsakwwyxu
[2011.07.14 17:28:37 | 000,303,566 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110718-154701.backup
[2011.07.14 17:27:52 | 000,303,566 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110714-172837.backup
[2011.07.14 13:43:11 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011.07.14 13:43:11 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011.07.14 13:43:11 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011.07.14 13:43:11 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2011.07.14 13:43:10 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2011.07.14 10:23:47 | 000,299,640 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011.07.13 21:27:41 | 000,000,879 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Advanced SystemCare 4.lnk
[2011.07.13 20:09:00 | 000,000,872 | ---- | M] () -- C:\Documents and Settings\marek\Local Settings\Application Data\SRDownloader.nast
[2011.07.13 10:27:54 | 000,000,832 | ---- | M] () -- C:\Documents and Settings\marek\Application Data\Microsoft\Internet Explorer\Quick Launch\Game Booster.lnk
[2011.07.13 10:27:54 | 000,000,814 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Game Booster.lnk
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011.08.06 11:29:02 | 000,000,833 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Wise Registry Cleaner.lnk
[2011.08.06 11:25:05 | 000,000,904 | ---- | C] () -- C:\Documents and Settings\marek\Desktop\Auslogics Disk Defrag.lnk
[2011.08.06 11:10:57 | 000,000,687 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2011.08.06 10:27:08 | 000,000,166 | ---- | C] () -- C:\Documents and Settings\marek\Desktop\fix.reg
[2011.08.04 13:54:23 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011.08.04 13:54:19 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011.08.04 13:51:40 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011.08.04 13:51:40 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011.08.04 13:51:40 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011.08.04 13:51:40 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011.08.04 13:51:40 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011.08.03 21:28:59 | 000,002,289 | ---- | C] () -- C:\Documents and Settings\marek\Desktop\Google Chrome.lnk
[2011.08.03 21:28:59 | 000,002,267 | ---- | C] () -- C:\Documents and Settings\marek\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011.08.03 16:42:40 | 000,000,292 | ---- | C] () -- C:\WINDOWS\tasks\ASC4_AutoUpdate.job
[2011.08.03 09:51:36 | 000,000,794 | ---- | C] () -- C:\Documents and Settings\marek\Desktop\CrossFire.lnk
[2011.08.02 20:40:21 | 000,000,643 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Xfire.lnk
[2011.08.01 15:40:00 | 003,932,214 | ---- | C] () -- C:\Documents and Settings\marek\Desktop\untitled.bmp
[2011.08.01 13:42:37 | 000,000,483 | ---- | C] () -- C:\Documents and Settings\marek\Desktop\Fraps.lnk
[2011.07.31 16:45:12 | 000,287,000 | ---- | C] () -- C:\Documents and Settings\marek\Desktop\SoftonicDownloader_for_camstudio.exe
[2011.07.28 21:45:28 | 000,000,690 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\LogMeIn Hamachi.lnk
[2011.07.18 16:33:43 | 000,000,560 | ---- | C] () -- C:\Documents and Settings\marek\Desktop\Spybots.sbi
[2011.07.18 11:42:05 | 000,001,683 | ---- | C] () -- C:\Documents and Settings\marek\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011.07.18 11:32:56 | 000,021,064 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2011.07.18 11:31:44 | 000,000,789 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.07.14 17:40:40 | 000,001,685 | ---- | C] () -- C:\Documents and Settings\marek\Desktop\Microsoft Security Essentials.lnk
[2011.07.14 17:04:58 | 000,012,946 | -HS- | C] () -- C:\Documents and Settings\marek\Local Settings\Application Data\inndsakwwyxu
[2011.07.14 17:04:58 | 000,012,946 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\inndsakwwyxu
[2011.07.13 21:28:15 | 000,000,270 | ---- | C] () -- C:\WINDOWS\tasks\ASC4_PerformanceMonitor.job
[2011.07.13 21:27:41 | 000,000,879 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Advanced SystemCare 4.lnk
[2011.07.13 10:26:17 | 000,000,832 | ---- | C] () -- C:\Documents and Settings\marek\Application Data\Microsoft\Internet Explorer\Quick Launch\Game Booster.lnk
[2011.07.13 10:26:17 | 000,000,814 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Game Booster.lnk
[2011.07.11 14:47:05 | 000,000,610 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2011.06.20 21:49:26 | 000,172,264 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011.01.16 22:06:39 | 000,014,848 | ---- | C] () -- C:\Documents and Settings\marek\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.12.27 15:36:21 | 000,000,872 | ---- | C] () -- C:\Documents and Settings\marek\Local Settings\Application Data\SRDownloader.nast
[2010.05.28 02:04:46 | 000,041,872 | ---- | C] () -- C:\WINDOWS\System32\xfcodec.dll
[2008.09.08 15:15:57 | 000,001,984 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2008.07.02 17:38:19 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2008.04.08 11:49:55 | 000,000,032 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ezsid.dat
[2008.01.08 11:28:57 | 000,029,272 | ---- | C] () -- C:\WINDOWS\System32\OOD2KBS.exe
[2008.01.08 11:28:57 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\ood2kmsg.dll
[2008.01.08 11:28:55 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\OODCSPRO.dll
[2007.07.04 16:54:53 | 000,000,019 | ---- | C] () -- C:\WINDOWS\SoundConverter.INI
[2007.05.14 12:07:46 | 000,000,280 | ---- | C] () -- C:\WINDOWS\System32\epoPGPsdk.dll.sig
[2007.05.07 09:48:41 | 000,241,920 | ---- | C] () -- C:\WINDOWS\System32\worldclk.dat
[2007.02.05 14:24:28 | 000,018,271 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2007.02.05 14:24:26 | 000,099,999 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2007.01.03 11:24:36 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007.01.03 11:22:46 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007.01.03 11:22:14 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2006.12.20 20:19:52 | 000,001,751 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006.04.20 08:34:24 | 000,193,584 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll
[2006.02.13 14:29:26 | 000,121,995 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2006.01.11 09:59:29 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005.12.18 21:14:24 | 000,027,648 | ---- | C] () -- C:\WINDOWS\Alt+Q Hotkey.exe
[2005.11.14 18:33:10 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2005.08.23 13:37:23 | 003,661,072 | ---- | C] () -- C:\WINDOWS\System32\Mso97rt.dll
[2005.08.23 13:37:23 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\NMEVTRPT.dll
[2005.08.23 13:37:05 | 000,020,125 | ---- | C] () -- C:\WINDOWS\System32\mach5.sys
[2005.08.17 12:22:03 | 000,012,089 | ---- | C] () -- C:\WINDOWS\System32\ftpctrs.ini
[2005.08.17 12:21:54 | 000,017,590 | ---- | C] () -- C:\WINDOWS\System32\infoctrs.ini
[2005.06.15 16:08:13 | 000,000,082 | ---- | C] () -- C:\WINDOWS\WiseHook.ini
[2005.05.19 09:59:07 | 000,000,335 | ---- | C] () -- C:\WINDOWS\mozregistry.dat
[2005.05.12 15:49:57 | 000,001,640 | ---- | C] () -- C:\WINDOWS\WINCMD.INI
[2004.12.22 18:51:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\wfwi.INI
[2004.12.09 16:43:33 | 000,001,160 | ---- | C] () -- C:\WINDOWS\WiseExp.ini
[2004.10.22 11:25:14 | 000,000,155 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2004.10.19 15:37:41 | 000,000,126 | ---- | C] () -- C:\WINDOWS\mdm.ini
[2004.10.19 12:56:25 | 000,000,878 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004.10.19 12:46:06 | 000,107,132 | ---- | C] () -- C:\WINDOWS\UninstallThunderbird.exe
[2004.10.19 12:41:12 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\msssc.dll
[2004.10.19 12:38:45 | 000,516,096 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
[2004.10.19 12:17:15 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2004.10.19 12:17:13 | 000,107,132 | ---- | C] () -- C:\WINDOWS\UninstallFirefox.exe
[2004.10.19 12:15:39 | 000,019,103 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2004.10.19 12:15:29 | 000,000,172 | ---- | C] () -- C:\WINDOWS\hpbafd.ini
[2004.10.19 11:07:23 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004.10.19 11:06:26 | 000,299,640 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004.10.19 09:35:44 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004.10.19 09:31:12 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004.08.02 15:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2003.03.31 14:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2003.03.31 14:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2003.03.31 14:00:00 | 000,465,816 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2003.03.31 14:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2003.03.31 14:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2003.03.31 14:00:00 | 000,078,268 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2003.03.31 14:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2003.03.31 14:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2003.03.31 14:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2003.03.31 14:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2003.03.31 14:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2002.03.19 17:30:00 | 000,045,632 | ---- | C] () -- C:\WINDOWS\System32\TaskSwitch.exe
[1999.07.30 08:24:34 | 000,000,218 | ---- | C] () -- C:\WINDOWS\oraodbc.ini
[1998.12.06 16:56:04 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\verinst.exe
[1998.06.10 00:00:00 | 000,015,120 | ---- | C] () -- C:\WINDOWS\System32\REPUTIL.DLL
[1998.05.18 00:00:00 | 000,014,017 | ---- | C] () -- C:\WINDOWS\JAUTOEXP.INI
[1997.01.12 08:15:18 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\dtctrace.dll

========== Custom Scans ==========

< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"Advanced SystemCare 4" = C:\Program Files\IObit\Advanced SystemCare 4\ASCTray.exe -- [2011.05.28 14:46:56 | 000,412,560 | ---- | M] (IObit)
"msseces.exe" = C:\Program Files\Microsoft Security Client\msseces.exe -- [2010.11.30 14:20:36 | 000,997,408 | ---- | M] (Microsoft Corporation)
"ctfmon.exe" = C:\WINDOWS\system32\ctfmon.exe -- [2008.04.14 02:12:16 | 000,015,360 | ---- | M] (Microsoft Corporation)

< c:\windows\*.* /U >
[2 c:\windows\*.tmp files -> c:\windows\*.tmp -> ]

< MD5 for: AGP440.SYS >
[2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys
[2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004.08.04 00:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\system32\ReinstallBackups\0003\DriverFiles\i386\AGP440.SYS

< MD5 for: ATAPI.SYS >
[2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008.04.14 02:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008.04.14 02:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll

< MD5 for: EXPLORER.EXE >
[2008.04.14 02:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ERDNT\cache\explorer.exe
[2008.04.14 02:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe

< MD5 for: HAL.DLL >
[2008.04.13 20:31:28 | 000,134,400 | ---- | M] (Microsoft Corporation) MD5=4329EE7D502C9113EBA0F9570392F5EE -- C:\WINDOWS\system32\HAL.DLL

< MD5 for: LSASS.EXE >
[2008.04.14 02:12:24 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=BF2466B3E18E970D8A976FB95FC1CA85 -- C:\WINDOWS\ERDNT\cache\lsass.exe
[2008.04.14 02:12:24 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=BF2466B3E18E970D8A976FB95FC1CA85 -- C:\WINDOWS\system32\lsass.exe

< MD5 for: NDIS.SYS >
[2008.04.13 21:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\ERDNT\cache\ndis.sys
[2008.04.13 21:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\drivers\ndis.sys

< MD5 for: NETLOGON.DLL >
[2008.04.14 02:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008.04.14 02:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: SCECLI.DLL >
[2008.04.14 02:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008.04.14 02:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< MD5 for: SMSS.EXE >
[2008.04.14 02:12:36 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=5F816C1F539266D2D4C78694239DA0B5 -- C:\WINDOWS\system32\smss.exe
[2004.08.04 00:56:58 | 000,152,576 | ---- | M] (Microsoft Corporation) MD5=DA5CF1C368B33D75602FD6B3A7F5E0C6 -- C:\cmdcons\SYSTEM32\SMSS.EXE

< MD5 for: SVCHOST.EXE >
[2008.04.14 02:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ERDNT\cache\svchost.exe
[2008.04.14 02:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe

< MD5 for: USERINIT.EXE >
[2008.04.14 02:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ERDNT\cache\userinit.exe
[2008.04.14 02:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2008.04.14 02:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ERDNT\cache\winlogon.exe
[2008.04.14 02:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< MD5 for: WS2_32.DLL >
[2008.04.14 02:12:10 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\ERDNT\cache\ws2_32.dll
[2008.04.14 02:12:10 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\system32\ws2_32.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON

========== Alternate Data Streams ==========

@Alternate Data Stream - 256 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1489AFE4
@Alternate Data Stream - 145 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8

< End of report >

bledulka · Příspěvekod **bledulka** » 06 srp 2011 22:53

Spusť OTL
-do bílého okna dole zkopíruj:

Kód: Vybrat vše

:OTL
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
@Alternate Data Stream - 256 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1489AFE4
@Alternate Data Stream - 145 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
O2 - BHO: (no name) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - No CLSID value found.
O2 - BHO: (no name) - {CE92F0E4-87AD-11D3-B713-00C04F8F6C86} - No CLSID value found.

:files
C:\WINDOWS\System32\ezsidmv.dat

:COMMANDS
[emptytemp]
[EMPTYFLASH]
[reboot]

-klikni na tlačítko opravit.
-log vlož zde

mambo158 · Příspěvekod **mambo158** » 07 srp 2011 21:03

All processes killed
========== OTL ==========
No active process named explorer.exe was found!
ADS C:\Documents and Settings\All Users\Application Data\TEMP:1489AFE4 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8 deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CC59E0F9-7E43-44FA-9FAA-8377850BF205}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CC59E0F9-7E43-44FA-9FAA-8377850BF205}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CE92F0E4-87AD-11D3-B713-00C04F8F6C86}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CE92F0E4-87AD-11D3-B713-00C04F8F6C86}\ not found.
========== FILES ==========
C:\WINDOWS\System32\ezsidmv.dat moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 84 bytes

User: install
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User:...
->Temp folder emptied: 19654755 bytes
->Temporary Internet Files folder emptied: 1222050 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 99675524 bytes
->Google Chrome cache emptied: 6729346 bytes
->Flash cache emptied: 1311 bytes

User: NetworkService
->Temp folder emptied: 29762 bytes
->Temporary Internet Files folder emptied: 67 bytes

User:........ENTERPRISE
->Temp folder emptied: 5478 bytes
->Temporary Internet Files folder emptied: 67 bytes
->FireFox cache emptied: 60863054 bytes
->Google Chrome cache emptied: 79437172 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 1099790 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 369841 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 68149 bytes
RecycleBin emptied: 7676334 bytes

Total Files Cleaned = 264,00 mb

[EMPTYFLASH]

User: Administrator

User: All Users

User: Default User
->Flash cache emptied: 0 bytes

User: install

User: LocalService

User: .....
->Flash cache emptied: 0 bytes

User: NetworkService

User: zeithamo.ENTERPRISE
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0,00 mb

OTL by OldTimer - Version 3.2.26.1 log created on 08072011_205948

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

bledulka · Příspěvekod **bledulka** » 07 srp 2011 21:05

Jak je na tom počítač?

mambo158 · Příspěvekod **mambo158** » 08 srp 2011 14:52

Automatic Updates zapnuté,Štart compu v pohode

Moc Ď. všetkým trom

bledulka · Příspěvekod **bledulka** » 08 srp 2011 19:55

Odinstaluj combofix přes
Start >> Spustit zkopíruj do okénka:
ComboFix /Uninstall

stiskni Enter
-To odinstaluje ComboFix a smaže s ním související soubory a složky.

**********************************************

Stáhni T-Cleaner
http://tharifas.sweb.cz/T-Cleaner.exe

-Spusť,pro potvrzení volby mačkej klávesu A, Enter
-po použití prográmek vymaž.Pozor,antiviry ho mohou falešně označit za vir

**********************************************

Vlož ještě nový log z HJT

mambo158 · Příspěvekod **mambo158** » 09 srp 2011 13:43

Kde nájdem ten Log ?

Automatic Updates nefungují Vyřešeno

Re: Automatic Updates

Re: Automatic Updates nefungují

Re: Automatic Updates nefungují

Re: Automatic Updates nefungují

Re: Automatic Updates nefungují

Re: Automatic Updates nefungují

Re: Automatic Updates nefungují

Re: Automatic Updates nefungují

Re: Automatic Updates nefungují

Re: Automatic Updates nefungují

Re: Automatic Updates nefungují

Re: Automatic Updates nefungují

Kdo je online