Žádost o pomoc s odstraněním Live Security Platinum Vyřešeno

Místo pro vaše HiJackThis logy a logy z dalších programů…

Moderátoři: Mods_senior, Security team

Zamčeno
barreto.jose.ricardo
nováček
Příspěvky: 12
Registrován: září 12
Pohlaví: Muž
Stav:
Offline

Žádost o pomoc s odstraněním Live Security Platinum

Příspěvekod barreto.jose.ricardo » 04 zář 2012 09:44

Zdravím,
rád bych vás požádal o pomoc s odstraněním viru Live security platinum. Po předchozích radách zde na fóru jsem si stáhl a spustil ATF Cleaner a odstranil vše podle návodu. Po té jsem nainstaloval Malwarebytes antimalware, provedl kontrolu a uložil log:
Malwarebytes Anti-Malware (Zkušební verze Malwarebytes Anti-Malware) 1.62.0.1300
http://www.malwarebytes.org

Verze databáze: v2012.09.04.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Barreto :: BARRETO-PC [administrátor]

Ochrana: Povolena

4.9.2012 9:19:39
mbam-log-2012-09-04 (09-25-12).txt

Typ: Rychlá kontrola
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 192793
Uplynulý čas: 3 minut, 39 sekund

Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené klíče v registru: 1
HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Live Security Platinum (Rogue.LiveSecurityPlatinum) -> Žádná instrukce nebyla provedena.

Nalezené hodnoty v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené datové položky v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené složky: 1
C:\Users\Barreto\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Live Security Platinum (Rogue.LiveSecurityPlatinum) -> Žádná instrukce nebyla provedena.

Nalezené soubory: 1
C:\Users\Barreto\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Live Security Platinum\Live Security Platinum.lnk (Rogue.LiveSecurityPlatinum) -> Žádná instrukce nebyla provedena.

(konec)


Prosím o pomoc, počítač nutně potřebuju.
Nahoru
Reklama
Top
Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 43294
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž
Stav:
Offline

Re: žádost o pomoc s odstraněním LIVE SECURITY PLATINUM

Příspěvekod jaro3 » 04 zář 2012 10:14

Vlož log z HJT:
viewtopic.php?f=70&t=5119

. Takže spusť znovu MbAM a dej Scan
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Ukaž výsledky
- ujisti se že máš zatrhnuté všechny vypsané nálezy a klikni na tlačítko Odstranit označené
- když skončí odstraňování tak se ti zobrazí log, tak ho sem dej.
- pak zvol v programu OK a pak program ukonči přes Exit
Můžeš sem pak vložit nový log z MbAM.

Stáhni si TDSSKiller
Na svojí plochu.Ujisti se , že máš zavřeny všechny ostatní aplikace a prohlížeče. Rozbal soubor a spusť TDSSKiller.exe. Restartuj PC . Log z TDSSKilleru najdeš zde:
C:\TDSSKiller.2.2.7.1._(datum)_log.txt , vlož sem prosím celý obsah logu.

Vypni rez. ochranu u antiviru a antispywaru,příp. firewall..

Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Pokud budou problémy , spusť ho v nouz. režimu.

Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Nahoru
barreto.jose.ricardo
nováček
Příspěvky: 12
Registrován: září 12
Pohlaví: Muž
Stav:
Offline

Re: žádost o pomoc s odstraněním LIVE SECURITY PLATINUM

Příspěvekod barreto.jose.ricardo » 04 zář 2012 11:03

tak tady je log po odstranění v MbAM:


Malwarebytes Anti-Malware (Zkušební verze Malwarebytes Anti-Malware) 1.62.0.1300
www.malwarebytes.org

Verze databáze: v2012.09.04.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Barreto :: BARRETO-PC [administrátor]

Ochrana: Zakázána

4.9.2012 10:49:22
mbam-log-2012-09-04 (10-49-22).txt

Typ: Rychlá kontrola
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 192869
Uplynulý čas: 4 minut, 6 sekund

Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené klíče v registru: 1
HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Live Security Platinum (Rogue.LiveSecurityPlatinum) -> Umístnění do karantény a smazání se zdařilo.

Nalezené hodnoty v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené datové položky v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené složky: 1
C:\Users\Barreto\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Live Security Platinum (Rogue.LiveSecurityPlatinum) -> Umístnění do karantény a smazání se zdařilo.

Nalezené soubory: 1
C:\Users\Barreto\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Live Security Platinum\Live Security Platinum.lnk (Rogue.LiveSecurityPlatinum) -> Umístnění do karantény a smazání se zdařilo.

(konec)


Nevím proč, ale z HCT mi to nejde zkopírovat..dal jsem normálně do a system scan and save a logfile. Napíše mi to ale: For some reason

viz. link z Print screenu : http://www.pictureup.cz/verejne/462778-hjt

dal jsem ok a vyjede mi to. Ovšem nelze to označit Ctrl+a a pak zkopírovat..
tak ti to můžu ukázat alespoň zatim takhle: http://www.pictureup.cz/verejne/462779-hjt2
http://www.pictureup.cz/verejne/462780-hjt3

Jdu ted spustit ten TDSSKiller a pokračovat v návodu, snad to zvládnu, díky moc za pomoc. Za chvilku se zase ozvu
Nahoru
barreto.jose.ricardo
nováček
Příspěvky: 12
Registrován: září 12
Pohlaví: Muž
Stav:
Offline

Re: žádost o pomoc s odstraněním LIVE SECURITY PLATINUM

Příspěvekod barreto.jose.ricardo » 04 zář 2012 13:17

zde přikládám log z Combofix:


ComboFix 12-09-03.07 - Barreto 04.09.2012 13:05:29.1.2 - x64 NETWORK
Microsoft Windows 7 Ultimate 6.1.7601.1.1250.420.1029.18.4061.3265 [GMT 2:00]
Spuštěný z: c:\users\Barreto\Downloads\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: ESET NOD32 Antivirus 5.2 *Disabled/Outdated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
AV: Lavasoft Ad-Aware *Enabled/Updated* {445B48C3-0FA4-6B16-8F07-6506F305D800}
FW: Lavasoft Ad-Aware *Disabled* {7C60C9E6-45CB-6A4E-A458-CC330DD69F7B}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: ESET NOD32 Antivirus 5.2 *Disabled/Outdated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Lavasoft Ad-Aware *Enabled/Updated* {FF3AA927-299E-6498-B5B7-5E74888292BD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\users\Barreto\AppData\Roaming\adaware-installer-reboot-required.tmp
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-08-04 do 2012-09-04 )))))))))))))))))))))))))))))))
.
.
2012-09-04 11:10 . 2012-09-04 11:10 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-09-04 11:02 . 2012-09-04 11:02 -------- d-----w- c:\programdata\GFI Software
2012-09-04 10:28 . 2012-09-04 10:28 1445734 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2012-09-04 09:22 . 2012-09-04 09:22 208216 ----a-w- c:\windows\system32\drivers\99805103.sys
2012-09-04 09:17 . 2012-09-04 09:17 208216 ----a-w- c:\windows\system32\drivers\66180975.sys
2012-09-04 07:51 . 2012-09-04 07:54 -------- d-----w- c:\users\Barreto\AppData\Local\adaware
2012-09-04 07:27 . 2012-09-04 07:27 388096 ----a-r- c:\users\Barreto\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-09-04 07:27 . 2012-09-04 07:27 -------- d-----w- c:\program files (x86)\Trend Micro
2012-09-04 07:18 . 2012-09-04 07:18 -------- d-----w- c:\users\Barreto\AppData\Roaming\Malwarebytes
2012-09-04 07:18 . 2012-09-04 07:18 -------- d-----w- c:\programdata\Malwarebytes
2012-09-04 07:18 . 2012-09-04 07:18 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-09-04 07:18 . 2012-07-03 11:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-04 06:55 . 2012-09-04 06:55 -------- d-----w- c:\programdata\Lavasoft
2012-09-04 06:55 . 2012-09-04 11:02 -------- d-----w- c:\program files (x86)\Ad-Aware Antivirus
2012-09-04 06:54 . 2012-09-04 06:54 -------- d-----w- c:\users\Barreto\AppData\Local\Downloaded Installations
2012-09-04 06:54 . 2012-09-04 10:13 -------- d-----w- c:\programdata\Ad-Aware Browsing Protection
2012-09-04 06:54 . 2012-09-04 06:54 -------- d-----w- c:\program files (x86)\Toolbar Cleaner
2012-09-04 06:54 . 2012-09-04 06:54 -------- d-----w- c:\program files (x86)\adawaretb
2012-09-04 06:53 . 2012-09-04 09:21 -------- d-----w- c:\users\Barreto\AppData\Roaming\Ad-Aware Antivirus
2012-09-04 06:23 . 2012-08-21 09:12 285328 ----a-w- c:\windows\system32\aswBoot.exe
2012-09-04 06:22 . 2012-09-04 06:22 -------- d-----w- c:\programdata\AVAST Software
2012-09-04 06:22 . 2012-09-04 06:22 -------- d-----w- c:\program files\AVAST Software
2012-09-03 13:32 . 2012-09-04 06:49 -------- d-----w- c:\programdata\0C1CFB261656D4AFB51B22EFF875EF60
2012-08-31 07:42 . 2012-08-31 08:18 -------- d-----w- c:\windows\system32\appmgmt
2012-08-30 11:16 . 2009-09-04 15:29 1892184 ----a-w- c:\windows\SysWow64\D3DX9_42.dll
2012-08-30 11:16 . 2006-09-28 14:05 2414360 ----a-w- c:\windows\SysWow64\d3dx9_31.dll
2012-08-30 11:15 . 2012-08-30 11:15 -------- d-----w- c:\program files (x86)\Common Files\PX Storage Engine
2012-08-30 11:15 . 2012-08-30 11:20 -------- d-----w- c:\program files (x86)\Winamp
2012-08-30 10:30 . 2012-08-30 11:20 -------- d-----w- c:\users\Barreto\AppData\Roaming\vlc
2012-08-30 10:30 . 2012-08-30 10:30 -------- d-----w- c:\program files (x86)\VideoLAN
2012-08-29 14:40 . 2012-09-04 10:14 -------- d-----r- c:\users\Barreto\Dropbox
2012-08-29 14:38 . 2012-08-29 14:38 -------- d-----w- c:\programdata\McAfee Security Scan
2012-08-29 14:38 . 2012-08-29 14:38 -------- d-----w- c:\programdata\McAfee
2012-08-29 14:38 . 2012-08-31 16:03 -------- d-----w- c:\program files (x86)\McAfee Security Scan
2012-08-29 14:36 . 2012-09-04 10:14 -------- d-----w- c:\users\Barreto\AppData\Roaming\Dropbox
2012-08-27 11:22 . 2012-08-27 11:22 -------- d-----w- c:\users\Barreto\AppData\Roaming\MetaQuotes
2012-08-22 11:01 . 2012-08-22 11:01 -------- d-----w- c:\users\Barreto\AppData\Local\Plus500
2012-08-22 11:01 . 2012-08-22 11:01 -------- d-----w- c:\program files (x86)\Plus500
2012-08-20 17:15 . 2012-08-20 17:15 -------- d-----w- c:\users\Barreto\AppData\Roaming\Mozilla-Cache
2012-08-20 17:15 . 2012-08-20 17:15 -------- d-----w- c:\users\Barreto\AppData\Roaming\BWIN
2012-08-20 17:15 . 2012-08-20 17:15 -------- d-----w- C:\Programs
2012-08-19 09:03 . 2012-09-03 13:32 -------- d-----w- c:\users\Barreto\AppData\Roaming\Skype
2012-08-19 09:03 . 2012-08-19 09:03 -------- d-----w- c:\program files (x86)\Common Files\Skype
2012-08-19 09:03 . 2012-08-31 08:18 -------- d-----r- c:\program files (x86)\Skype
2012-08-19 09:03 . 2012-08-31 08:18 -------- d-----w- c:\programdata\Skype
2012-08-18 16:40 . 2012-08-18 16:40 -------- d-----w- c:\users\Barreto\AppData\Roaming\OpenOffice.org
2012-08-18 16:38 . 2012-08-18 16:39 -------- d-----w- c:\program files (x86)\OpenOffice.org 3
2012-08-15 12:16 . 2012-08-15 12:16 -------- d-----w- c:\program files (x86)\Common Files\SWF Studio
2012-08-15 12:16 . 2012-08-15 12:17 -------- d-----w- c:\program files (x86)\Ballance
2012-08-15 12:16 . 2012-08-15 12:16 -------- d--h--w- c:\program files (x86)\InstallShield Installation Information
2012-08-15 12:15 . 2012-08-15 12:15 -------- d-----w- c:\program files (x86)\Common Files\InstallShield
2012-08-15 12:13 . 2012-08-15 12:13 283200 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2012-08-15 12:13 . 2012-08-15 12:13 -------- d-----w- c:\program files (x86)\DAEMON Tools Lite
2012-08-14 10:43 . 2012-08-14 10:43 -------- d-----w- c:\users\Barreto\Realtimeforex
2012-08-14 10:33 . 2012-08-14 10:46 -------- d-----w- c:\program files (x86)\MMCIS MetaTrader 4 Client Terminal
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-29 14:38 . 2012-06-01 16:50 73416 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-29 14:38 . 2012-06-01 16:50 696520 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-20 10:00 . 2010-11-21 03:24 14848 ----a-w- c:\windows\system32\slwga.dll
2012-07-20 10:00 . 2010-11-21 03:24 419840 ----a-w- c:\windows\system32\systemcpl.dll
2012-07-20 10:00 . 2010-11-21 03:23 13824 ----a-w- c:\windows\SysWow64\slwga.dll
2012-07-05 20:06 . 2012-06-03 20:23 772544 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-07-05 20:06 . 2012-06-03 20:23 687544 ----a-w- c:\windows\SysWow64\deployJava1.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]
2012-04-11 20:08 87440 ----a-w- c:\program files (x86)\adawaretb\adawareDx.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{6c97a91e-4524-4019-86af-2aa2d567bf5c}"= "c:\program files (x86)\adawaretb\adawareDx.dll" [2012-04-11 87440]
.
[HKEY_CLASSES_ROOT\clsid\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 94208 ----a-w- c:\users\Barreto\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 94208 ----a-w- c:\users\Barreto\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 94208 ----a-w- c:\users\Barreto\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-04-17 3671872]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-07-13 17418928]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"Ad-Aware Browsing Protection"="c:\programdata\Ad-Aware Browsing Protection\adawarebp.exe" [2011-10-21 198032]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
.
c:\users\Barreto\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Barreto\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-8-27 26924984]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe [2011-6-17 272528]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-29 250568]
.
.
Obsah adresáře 'Naplánované úlohy'
.
2012-09-04 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-01 14:38]
.
2012-09-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-294199236-3898462869-2383419368-1001Core.job
- c:\users\Barreto\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-01 16:48]
.
2012-09-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-294199236-3898462869-2383419368-1001UA.job
- c:\users\Barreto\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-01 16:48]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 97792 ----a-w- c:\users\Barreto\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 97792 ----a-w- c:\users\Barreto\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 97792 ----a-w- c:\users\Barreto\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 97792 ----a-w- c:\users\Barreto\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2012-03-07 4081008]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 213.46.172.36 213.46.172.37
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Wow6432Node-HKLM-Run-WinampAgent - c:\program files (x86)\Winamp\winampa.exe
SafeBoot-59071232.sys
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2012-09-04 13:12:38
ComboFix-quarantined-files.txt 2012-09-04 11:12
.
Před spuštěním: Volných bajtů: 157 760 671 744
Po spuštění: Volných bajtů: 157 834 231 808
.
- - End Of File - - 2A641250400CA738CF13C1B01B5B6725
Nahoru
barreto.jose.ricardo
nováček
Příspěvky: 12
Registrován: září 12
Pohlaví: Muž
Stav:
Offline

Re: žádost o pomoc s odstraněním LIVE SECURITY PLATINUM

Příspěvekod barreto.jose.ricardo » 04 zář 2012 13:26

tak se mi konečně podařilo dostat log z HJT. šlo to až v nouzovém režimu.
zde je:


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:25:50, on 4.9.2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)
Boot mode: Safe mode with network support

Running processes:
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Ad-Aware Security Toolbar - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O3 - Toolbar: Ad-Aware Security Toolbar - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - Startup: Dropbox.lnk = Barreto\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe
O9 - Extra button: bwinCasino - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Users\Barreto\Desktop\bwin Download Casino.lnk (HKCU)
O9 - Extra 'Tools' menuitem: bwinCasino - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Users\Barreto\Desktop\bwin Download Casino.lnk (HKCU)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files (x86)\McAfee Security Scan\3.0.207\McCHSvc.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 6326 bytes
Nahoru
Uživatelský avatar
memphisto
Guru Level 13
Guru Level 13
Příspěvky: 21113
Registrován: září 06
Bydliště: Zlín - České Budějovice
Pohlaví: Muž
Stav:
Offline

Re: Žádost o pomoc s odstraněním Live Security Platinum

Příspěvekod memphisto » 04 zář 2012 16:58

Odkud ten Combofix spouštíš? Jasně bylo napsáno, že jej máš stáhnout na plochu. Co používáš za antivir? Máš jich tam několik.
PRAVIDLA PC-HELP.CZ, PRAVIDLA sekce HijackThis, HijackThis návod, Memtest, CCleaner
Logy z programu HijackThis neposílejte prosím přes SZ, ale vkládejte je do patřičné sekce. Děkuji
Nahoru
barreto.jose.ricardo
nováček
Příspěvky: 12
Registrován: září 12
Pohlaví: Muž
Stav:
Offline

Re: Žádost o pomoc s odstraněním Live Security Platinum

Příspěvekod barreto.jose.ricardo » 05 zář 2012 07:48

Tak tady je log znovu, tentokrát už jsem to spustil z plochy..Jinak mám Avast..NOD32 jsem už odinstaloval..

ComboFix 12-09-04.03 - Barreto 05.09.2012 7:35.2.2 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1250.420.1029.18.4061.2838 [GMT 2:00]
Spuštěný z: c:\users\Barreto\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-08-05 do 2012-09-05 )))))))))))))))))))))))))))))))
.
.
2012-09-05 05:44 . 2012-09-05 05:44 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-09-04 14:20 . 2012-09-04 14:20 -------- d-----w- c:\users\Barreto\AppData\Local\Adobe
2012-09-04 12:06 . 2012-08-21 09:13 359464 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-09-04 12:06 . 2012-08-21 09:13 25232 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-09-04 12:06 . 2012-08-21 09:13 54072 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-09-04 12:05 . 2012-08-21 09:13 59728 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-09-04 12:05 . 2012-08-21 09:13 969200 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-09-04 12:05 . 2012-08-21 09:13 71600 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-09-04 12:05 . 2012-09-04 12:30 -------- d-----w- c:\users\Barreto\AppData\Local\adaware
2012-09-04 12:05 . 2012-08-21 09:12 41224 ----a-w- c:\windows\avastSS.scr
2012-09-04 12:05 . 2012-08-21 09:12 227648 ----a-w- c:\windows\SysWow64\aswBoot.exe
2012-09-04 06:54 . 2012-09-04 06:54 -------- d-----w- c:\users\Barreto\AppData\Local\Downloaded Installations
2012-09-04 06:54 . 2012-09-05 05:32 -------- d-----w- c:\programdata\Ad-Aware Browsing Protection
2012-09-04 06:54 . 2012-09-04 06:54 -------- d-----w- c:\program files (x86)\Toolbar Cleaner
2012-09-04 06:54 . 2012-09-04 06:54 -------- d-----w- c:\program files (x86)\adawaretb
2012-09-04 06:53 . 2012-09-04 09:21 -------- d-----w- c:\users\Barreto\AppData\Roaming\Ad-Aware Antivirus
2012-09-04 06:23 . 2012-08-21 09:12 285328 ----a-w- c:\windows\system32\aswBoot.exe
2012-09-04 06:22 . 2012-09-04 12:05 -------- d-----w- c:\programdata\AVAST Software
2012-09-04 06:22 . 2012-09-04 12:05 -------- d-----w- c:\program files\AVAST Software
2012-09-03 13:32 . 2012-09-04 06:49 -------- d-----w- c:\programdata\0C1CFB261656D4AFB51B22EFF875EF60
2012-08-31 07:42 . 2012-08-31 08:18 -------- d-----w- c:\windows\system32\appmgmt
2012-08-30 11:16 . 2009-09-04 15:29 1892184 ----a-w- c:\windows\SysWow64\D3DX9_42.dll
2012-08-30 11:16 . 2006-09-28 14:05 2414360 ----a-w- c:\windows\SysWow64\d3dx9_31.dll
2012-08-30 11:15 . 2012-08-30 11:15 -------- d-----w- c:\program files (x86)\Common Files\PX Storage Engine
2012-08-30 11:15 . 2012-08-30 11:20 -------- d-----w- c:\program files (x86)\Winamp
2012-08-30 10:30 . 2012-08-30 11:20 -------- d-----w- c:\users\Barreto\AppData\Roaming\vlc
2012-08-30 10:30 . 2012-08-30 10:30 -------- d-----w- c:\program files (x86)\VideoLAN
2012-08-29 14:40 . 2012-09-05 05:32 -------- d-----r- c:\users\Barreto\Dropbox
2012-08-29 14:38 . 2012-08-29 14:38 -------- d-----w- c:\programdata\McAfee Security Scan
2012-08-29 14:38 . 2012-08-29 14:38 -------- d-----w- c:\programdata\McAfee
2012-08-29 14:38 . 2012-08-31 16:03 -------- d-----w- c:\program files (x86)\McAfee Security Scan
2012-08-29 14:36 . 2012-09-05 05:32 -------- d-----w- c:\users\Barreto\AppData\Roaming\Dropbox
2012-08-27 11:22 . 2012-08-27 11:22 -------- d-----w- c:\users\Barreto\AppData\Roaming\MetaQuotes
2012-08-22 11:01 . 2012-08-22 11:01 -------- d-----w- c:\users\Barreto\AppData\Local\Plus500
2012-08-22 11:01 . 2012-08-22 11:01 -------- d-----w- c:\program files (x86)\Plus500
2012-08-20 17:15 . 2012-08-20 17:15 -------- d-----w- c:\users\Barreto\AppData\Roaming\Mozilla-Cache
2012-08-20 17:15 . 2012-08-20 17:15 -------- d-----w- c:\users\Barreto\AppData\Roaming\BWIN
2012-08-20 17:15 . 2012-08-20 17:15 -------- d-----w- C:\Programs
2012-08-19 09:03 . 2012-09-04 22:02 -------- d-----w- c:\users\Barreto\AppData\Roaming\Skype
2012-08-19 09:03 . 2012-08-19 09:03 -------- d-----w- c:\program files (x86)\Common Files\Skype
2012-08-19 09:03 . 2012-08-31 08:18 -------- d-----r- c:\program files (x86)\Skype
2012-08-19 09:03 . 2012-08-31 08:18 -------- d-----w- c:\programdata\Skype
2012-08-18 16:40 . 2012-08-18 16:40 -------- d-----w- c:\users\Barreto\AppData\Roaming\OpenOffice.org
2012-08-18 16:38 . 2012-08-18 16:39 -------- d-----w- c:\program files (x86)\OpenOffice.org 3
2012-08-15 12:16 . 2012-08-15 12:16 -------- d-----w- c:\program files (x86)\Common Files\SWF Studio
2012-08-15 12:16 . 2012-08-15 12:17 -------- d-----w- c:\program files (x86)\Ballance
2012-08-15 12:16 . 2012-08-15 12:16 -------- d--h--w- c:\program files (x86)\InstallShield Installation Information
2012-08-15 12:15 . 2012-08-15 12:15 -------- d-----w- c:\program files (x86)\Common Files\InstallShield
2012-08-15 12:13 . 2012-08-15 12:13 283200 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2012-08-15 12:13 . 2012-08-15 12:13 -------- d-----w- c:\program files (x86)\DAEMON Tools Lite
2012-08-14 10:43 . 2012-08-14 10:43 -------- d-----w- c:\users\Barreto\Realtimeforex
2012-08-14 10:33 . 2012-08-14 10:46 -------- d-----w- c:\program files (x86)\MMCIS MetaTrader 4 Client Terminal
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-29 14:38 . 2012-06-01 16:50 73416 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-29 14:38 . 2012-06-01 16:50 696520 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-20 10:00 . 2010-11-21 03:24 14848 ----a-w- c:\windows\system32\slwga.dll
2012-07-20 10:00 . 2010-11-21 03:24 419840 ----a-w- c:\windows\system32\systemcpl.dll
2012-07-20 10:00 . 2010-11-21 03:23 13824 ----a-w- c:\windows\SysWow64\slwga.dll
2012-07-05 20:06 . 2012-06-03 20:23 772544 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-07-05 20:06 . 2012-06-03 20:23 687544 ----a-w- c:\windows\SysWow64\deployJava1.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-09-04_11.10.58 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-07-14 04:54 . 2012-09-04 10:12 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-09-05 05:33 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-09-04 10:12 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-09-05 05:33 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-09-04 10:12 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-09-05 05:33 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-11-21 03:09 . 2012-09-04 11:31 23200 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-09-05 05:33 41438 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
- 2009-07-14 05:30 . 2012-09-04 07:35 86016 c:\windows\system32\DriverStore\infpub.dat
+ 2009-07-14 05:30 . 2012-09-05 05:29 86016 c:\windows\system32\DriverStore\infpub.dat
+ 2012-06-01 16:46 . 2012-09-05 05:32 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2012-06-01 16:46 . 2012-09-04 10:14 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2012-06-01 16:46 . 2012-09-04 10:14 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2012-06-01 16:46 . 2012-09-05 05:32 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2012-06-01 16:46 . 2012-09-05 05:32 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2012-06-01 16:46 . 2012-09-04 10:14 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-06-01 18:55 . 2012-09-05 05:32 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2012-06-01 18:55 . 2012-09-04 10:20 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2012-06-01 18:55 . 2012-09-04 10:20 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-06-01 18:55 . 2012-09-05 05:32 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-06-02 08:10 . 2012-09-05 05:33 6878 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-294199236-3898462869-2383419368-1001_UserData.bin
+ 2012-09-05 05:31 . 2012-09-05 05:31 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-09-04 09:21 . 2012-09-04 10:54 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-09-05 05:31 . 2012-09-05 05:31 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-09-04 09:21 . 2012-09-04 10:54 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-06-01 18:55 . 2012-09-05 05:17 273580 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_FastS4.bin
+ 2009-07-14 02:36 . 2012-09-05 05:37 606992 c:\windows\system32\perfh009.dat
+ 2011-04-12 08:34 . 2012-09-05 05:37 622422 c:\windows\system32\perfh005.dat
+ 2009-07-14 02:36 . 2012-09-05 05:37 103370 c:\windows\system32\perfc009.dat
+ 2011-04-12 08:34 . 2012-09-05 05:37 118604 c:\windows\system32\perfc005.dat
+ 2009-07-14 05:30 . 2012-09-05 05:29 143360 c:\windows\system32\DriverStore\infstrng.dat
- 2009-07-14 05:30 . 2012-09-04 07:35 143360 c:\windows\system32\DriverStore\infstrng.dat
+ 2009-07-14 05:30 . 2012-09-05 05:29 143360 c:\windows\system32\DriverStore\infstor.dat
- 2009-07-14 05:30 . 2012-09-04 07:35 143360 c:\windows\system32\DriverStore\infstor.dat
+ 2009-07-14 05:01 . 2012-09-05 05:30 274764 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-09-04 09:21 274764 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]
2012-04-11 20:08 87440 ----a-w- c:\program files (x86)\adawaretb\adawareDx.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{6c97a91e-4524-4019-86af-2aa2d567bf5c}"= "c:\program files (x86)\adawaretb\adawareDx.dll" [2012-04-11 87440]
.
[HKEY_CLASSES_ROOT\clsid\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 94208 ----a-w- c:\users\Barreto\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 94208 ----a-w- c:\users\Barreto\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 94208 ----a-w- c:\users\Barreto\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-04-17 3671872]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-07-13 17418928]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"Ad-Aware Browsing Protection"="c:\programdata\Ad-Aware Browsing Protection\adawarebp.exe" [2011-10-21 198032]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-08-21 4282728]
.
c:\users\Barreto\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Barreto\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-8-27 26924984]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe [2011-6-17 272528]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-29 250568]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\3.0.207\McCHSvc.exe [2011-06-17 237008]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-21 20992]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [2010-11-21 88960]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-21 34816]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-21 117248]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-08-15 283200]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-08-21 71600]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]
S3 netr28x;Ralink 802.11n – bezdrátový ovladač pro systém Windows Vista;c:\windows\system32\DRIVERS\netr28x.sys [2009-06-10 620544]
S3 RTL8167;Ovladač Realtek 8167 NT;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-06-10 187392]
.
.
Obsah adresáře 'Naplánované úlohy'
.
2012-09-05 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-01 14:38]
.
2012-09-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-294199236-3898462869-2383419368-1001Core.job
- c:\users\Barreto\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-01 16:48]
.
2012-09-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-294199236-3898462869-2383419368-1001UA.job
- c:\users\Barreto\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-01 16:48]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-08-21 09:11 133400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 97792 ----a-w- c:\users\Barreto\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 97792 ----a-w- c:\users\Barreto\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 97792 ----a-w- c:\users\Barreto\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 97792 ----a-w- c:\users\Barreto\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 213.46.172.36 213.46.172.37
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2012-09-05 07:46:15
ComboFix-quarantined-files.txt 2012-09-05 05:46
ComboFix2.txt 2012-09-04 11:12
.
Před spuštěním: Volných bajtů: 158 051 958 784
Po spuštění: Volných bajtů: 158 002 921 472
.
- - End Of File - - 4E38CB8C720DB56CEBF81B3E4F1CEECA
Nahoru
Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 43294
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž
Stav:
Offline

Re: Žádost o pomoc s odstraněním Live Security Platinum

Příspěvekod jaro3 » 05 zář 2012 10:50

Odinstaloval si Ad-Aware a McAfee Security Scan? Pokud ne , odinstaluj nyní.

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:

Kód: Vybrat vše

ClearJavaCache::
KillAll::
File::
c:\program files (x86)\adawaretb\adawareDx.dll
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk
c:\program files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe
c:\windows\system32\drivers\SBREdrv.sys
c:\program files (x86)\Skype\Updater\Updater.exe
c:\program files (x86)\McAfee Security Scan\3.0.207\McCHSvc.exe
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-294199236-3898462869-2383419368-1001Core.job
c:\users\Barreto\AppData\Local\Google\Update\GoogleUpdate.exe
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-294199236-3898462869-2383419368-1001UA.job

Folder::
c:\programdata\Ad-Aware Browsing Protection
c:\program files (x86)\Toolbar Cleaner
c:\program files (x86)\adawaretb
c:\users\Barreto\AppData\Roaming\Ad-Aware Antivirus
c:\programdata\McAfee
c:\programdata\McAfee Security Scan
c:\program files (x86)\McAfee Security Scan
c:\users\Barreto\AppData\Local\Google\Update

DirLook::
c:\programdata\0C1CFB261656D4AFB51B22EFF875EF60

Driver::
SkypeUpdate
SBRE
McComponentHostService

Registry::
[-HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{6c97a91e-4524-4019-86af-2aa2d567bf5c}"=-
[-HKEY_CLASSES_ROOT\clsid\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]

RegLock::
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]


Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.

V možnostech složky si povol zobrazování skrytých souborů a složek+ odškrtni zatržítko skrýt chráněné soubory operačního systému

Toto otestuj na Virustotal
c:\windows\system32\slwga.dll

Klikni vpravo od okénka na Vybrat a v Exploreru najdi požadovaný soubor v Tvém PC. Označ ho myší a klikni na Otevřít , poté klikni na Send File. Pokud už byl soubor testován , objeví se okno ve kterém klikni na Reanalyze. Soubor se začne postupně testovat více antivirovými programy. Až skončí test posledního antiviru , objeví se nahoře result a červeně počet nákaz , např. 0/43 , nebo 1/43. Pak zkopíruj myší odkaz na tuto stránku a vlož ji do svého příspěvku.

Nebo na:
http://www.virscan.org/

Stáhni si aswMBR
na svojí plochu. Uzavři všechna okna , programy a prohlížeče. Poklepej na aswMBR.exe. Pokud se objeví hláška o možnosti stáhnutí databáze Avastu , klikni na NE. Poté klikni na „Scan“ . Po skenu klikni na „Save Log“ a ulož si log na plochu .Zkopíruj sem celý obsah toho logu. Pak klikni na „Exit“ k zavření programu.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Nahoru
barreto.jose.ricardo
nováček
Příspěvky: 12
Registrován: září 12
Pohlaví: Muž
Stav:
Offline

Re: Žádost o pomoc s odstraněním Live Security Platinum

Příspěvekod barreto.jose.ricardo » 05 zář 2012 16:07

zde je log z combofixu:


ComboFix 12-09-05.01 - Barreto 05.09.2012 15:38:24.3.2 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1250.420.1029.18.4061.2486 [GMT 2:00]
Spuštěný z: c:\users\Barreto\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Barreto\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\program files (x86)\adawaretb\adawareDx.dll"
"c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\adawaretb
c:\program files (x86)\adawaretb\adawareDx.dll
c:\program files (x86)\adawaretb\adawaretb.dll
c:\program files (x86)\adawaretb\components\windowmediator.js
c:\program files (x86)\adawaretb\dtUser.exe
c:\program files (x86)\adawaretb\chrome\content\custom.js
c:\program files (x86)\adawaretb\chrome\content\lib\about.xml
c:\program files (x86)\adawaretb\chrome\content\lib\dtxpanel.xul
c:\program files (x86)\adawaretb\chrome\content\lib\dtxpaneltransparent.xul
c:\program files (x86)\adawaretb\chrome\content\lib\dtxpanelwin.xul
c:\program files (x86)\adawaretb\chrome\content\lib\dtxprefwin.xul
c:\program files (x86)\adawaretb\chrome\content\lib\dtxtransparentwin.xul
c:\program files (x86)\adawaretb\chrome\content\lib\dtxwin.xul
c:\program files (x86)\adawaretb\chrome\content\lib\emailnotifierproviders.xml
c:\program files (x86)\adawaretb\chrome\content\lib\external.js
c:\program files (x86)\adawaretb\chrome\content\lib\neterror.xhtml
c:\program files (x86)\adawaretb\chrome\content\lib\rsspreview.html
c:\program files (x86)\adawaretb\chrome\content\lib\rsswin.xml
c:\program files (x86)\adawaretb\chrome\content\lib\rsswin.xsl
c:\program files (x86)\adawaretb\chrome\content\modules\datastore.jsm
c:\program files (x86)\adawaretb\chrome\content\modules\nsDragAndDrop.js
c:\program files (x86)\adawaretb\chrome\content\newtab\images\bullet.gif
c:\program files (x86)\adawaretb\chrome\content\newtab\images\field_bg.gif
c:\program files (x86)\adawaretb\chrome\content\newtab\images\powered_by_yahoo.gif
c:\program files (x86)\adawaretb\chrome\content\newtab\newtab.html
c:\program files (x86)\adawaretb\chrome\content\preferences.xml
c:\program files (x86)\adawaretb\chrome\content\toolbar.htm
c:\program files (x86)\adawaretb\chrome\content\toolbar.xul
c:\program files (x86)\adawaretb\chrome\content\widgets\net.vmn.www.BrowserDataCleaner\ClearBrowserDataDialog.xml
c:\program files (x86)\adawaretb\chrome\content\widgets\net.vmn.www.BrowserDataCleaner\tb_icon.png
c:\program files (x86)\adawaretb\chrome\content\widgets\net.vmn.www.BrowserDataCleaner\widget.js
c:\program files (x86)\adawaretb\chrome\content\widgets\net.vmn.www.BrowserDataCleaner\widget.xml
c:\program files (x86)\adawaretb\chrome\content\widgets\net.vmn.www.ToolbarCleaner\tb_icon.png
c:\program files (x86)\adawaretb\chrome\content\widgets\net.vmn.www.ToolbarCleaner\widget.js
c:\program files (x86)\adawaretb\chrome\content\widgets\net.vmn.www.ToolbarCleaner\widget.xml
c:\program files (x86)\adawaretb\chrome\data\search\engines.xml
c:\program files (x86)\adawaretb\chrome\data\search\search.xsl
c:\program files (x86)\adawaretb\chrome\locale\lib\de.js
c:\program files (x86)\adawaretb\chrome\locale\lib\en.js
c:\program files (x86)\adawaretb\chrome\locale\lib\es.js
c:\program files (x86)\adawaretb\chrome\locale\lib\fr.js
c:\program files (x86)\adawaretb\chrome\locale\lib\it.js
c:\program files (x86)\adawaretb\chrome\locale\toolbar\de.js
c:\program files (x86)\adawaretb\chrome\locale\toolbar\en.js
c:\program files (x86)\adawaretb\chrome\locale\toolbar\es.js
c:\program files (x86)\adawaretb\chrome\locale\toolbar\fr.js
c:\program files (x86)\adawaretb\chrome\locale\toolbar\it.js
c:\program files (x86)\adawaretb\chrome\skin\blekko16.png
c:\program files (x86)\adawaretb\chrome\skin\bluelite.gif
c:\program files (x86)\adawaretb\chrome\skin\bluesky.gif
c:\program files (x86)\adawaretb\chrome\skin\btn-safe-de.png
c:\program files (x86)\adawaretb\chrome\skin\btn-safe-en.png
c:\program files (x86)\adawaretb\chrome\skin\btn-safe-es.png
c:\program files (x86)\adawaretb\chrome\skin\btn-safe-fr.png
c:\program files (x86)\adawaretb\chrome\skin\btn-safe-it.png
c:\program files (x86)\adawaretb\chrome\skin\btn-safe.png
c:\program files (x86)\adawaretb\chrome\skin\btn-search-de.png
c:\program files (x86)\adawaretb\chrome\skin\btn-search-en.png
c:\program files (x86)\adawaretb\chrome\skin\btn-search-es.png
c:\program files (x86)\adawaretb\chrome\skin\btn-search-fr.png
c:\program files (x86)\adawaretb\chrome\skin\btn-search-it.png
c:\program files (x86)\adawaretb\chrome\skin\btn-settings-over.png
c:\program files (x86)\adawaretb\chrome\skin\btn-settings.png
c:\program files (x86)\adawaretb\chrome\skin\btn-unsafe-de.png
c:\program files (x86)\adawaretb\chrome\skin\btn-unsafe-en.png
c:\program files (x86)\adawaretb\chrome\skin\btn-unsafe-es.png
c:\program files (x86)\adawaretb\chrome\skin\btn-unsafe-fr.png
c:\program files (x86)\adawaretb\chrome\skin\btn-unsafe-it.png
c:\program files (x86)\adawaretb\chrome\skin\btn-unsafe.png
c:\program files (x86)\adawaretb\chrome\skin\custom.css
c:\program files (x86)\adawaretb\chrome\skin\dictionary.png
c:\program files (x86)\adawaretb\chrome\skin\downloadcom.png
c:\program files (x86)\adawaretb\chrome\skin\facebook.png
c:\program files (x86)\adawaretb\chrome\skin\games.png
c:\program files (x86)\adawaretb\chrome\skin\grey.gif
c:\program files (x86)\adawaretb\chrome\skin\ico-cleaner.png
c:\program files (x86)\adawaretb\chrome\skin\ico-clear.png
c:\program files (x86)\adawaretb\chrome\skin\images.png
c:\program files (x86)\adawaretb\chrome\skin\lib\add.png
c:\program files (x86)\adawaretb\chrome\skin\lib\aol.png
c:\program files (x86)\adawaretb\chrome\skin\lib\arrow-dn.gif
c:\program files (x86)\adawaretb\chrome\skin\lib\arrow-right-disabled.gif
c:\program files (x86)\adawaretb\chrome\skin\lib\arrow-right.gif
c:\program files (x86)\adawaretb\chrome\skin\lib\arrow-up.gif
c:\program files (x86)\adawaretb\chrome\skin\lib\bg-btn-end.png
c:\program files (x86)\adawaretb\chrome\skin\lib\bg-btn-mdl.png
c:\program files (x86)\adawaretb\chrome\skin\lib\bg-btn-mdl_ff.png
c:\program files (x86)\adawaretb\chrome\skin\lib\bg-btn-start.png
c:\program files (x86)\adawaretb\chrome\skin\lib\bg-btnover-end.png
c:\program files (x86)\adawaretb\chrome\skin\lib\bg-btnover-mdl.png
c:\program files (x86)\adawaretb\chrome\skin\lib\bg-btnover-mdl_ff.png
c:\program files (x86)\adawaretb\chrome\skin\lib\bg-btnover-start.png
c:\program files (x86)\adawaretb\chrome\skin\lib\blank.gif
c:\program files (x86)\adawaretb\chrome\skin\lib\btnback-down-vista.png
c:\program files (x86)\adawaretb\chrome\skin\lib\btnback-vista.png
c:\program files (x86)\adawaretb\chrome\skin\lib\btnleft-down-vista.png
c:\program files (x86)\adawaretb\chrome\skin\lib\btnleft-vista.png
c:\program files (x86)\adawaretb\chrome\skin\lib\btnright-down-vista.png
c:\program files (x86)\adawaretb\chrome\skin\lib\btnright-vista.png
c:\program files (x86)\adawaretb\chrome\skin\lib\button-splitter-down-vista.png
c:\program files (x86)\adawaretb\chrome\skin\lib\button-splitter-vista.png
c:\program files (x86)\adawaretb\chrome\skin\lib\collapse.png
c:\program files (x86)\adawaretb\chrome\skin\lib\comcast.png
c:\program files (x86)\adawaretb\chrome\skin\lib\dtx.css
c:\program files (x86)\adawaretb\chrome\skin\lib\edit-back-hot.png
c:\program files (x86)\adawaretb\chrome\skin\lib\edit-back.png
c:\program files (x86)\adawaretb\chrome\skin\lib\expand.png
c:\program files (x86)\adawaretb\chrome\skin\lib\found.png
c:\program files (x86)\adawaretb\chrome\skin\lib\gmail.png
c:\program files (x86)\adawaretb\chrome\skin\lib\highlight.png
c:\program files (x86)\adawaretb\chrome\skin\lib\highlight_blue.png
c:\program files (x86)\adawaretb\chrome\skin\lib\highlight_cyan.png
c:\program files (x86)\adawaretb\chrome\skin\lib\highlight_lime.png
c:\program files (x86)\adawaretb\chrome\skin\lib\highlight_magenta.png
c:\program files (x86)\adawaretb\chrome\skin\lib\highlight_yellow.png
c:\program files (x86)\adawaretb\chrome\skin\lib\hotmail.png
c:\program files (x86)\adawaretb\chrome\skin\lib\checkmark.png
c:\program files (x86)\adawaretb\chrome\skin\lib\chevron.png
c:\program files (x86)\adawaretb\chrome\skin\lib\imap.png
c:\program files (x86)\adawaretb\chrome\skin\lib\lastsearch-thumb-back.gif
c:\program files (x86)\adawaretb\chrome\skin\lib\loadingMid.gif
c:\program files (x86)\adawaretb\chrome\skin\lib\lock.png
c:\program files (x86)\adawaretb\chrome\skin\lib\mailcom.png
c:\program files (x86)\adawaretb\chrome\skin\lib\menu_bg-basic.png
c:\program files (x86)\adawaretb\chrome\skin\lib\menu_separator_bar.png
c:\program files (x86)\adawaretb\chrome\skin\lib\menuitem-splitter.png
c:\program files (x86)\adawaretb\chrome\skin\lib\menuitemback-down-vista.png
c:\program files (x86)\adawaretb\chrome\skin\lib\menuitemback-vista.png
c:\program files (x86)\adawaretb\chrome\skin\lib\menuitemleft-down-vista.png
c:\program files (x86)\adawaretb\chrome\skin\lib\menuitemleft-vista.png
c:\program files (x86)\adawaretb\chrome\skin\lib\menuitemright-down-vista.png
c:\program files (x86)\adawaretb\chrome\skin\lib\menuitemright-vista.png
c:\program files (x86)\adawaretb\chrome\skin\lib\modify.png
c:\program files (x86)\adawaretb\chrome\skin\lib\move.gif
c:\program files (x86)\adawaretb\chrome\skin\lib\movetarget.png
c:\program files (x86)\adawaretb\chrome\skin\lib\panels\css\popupAbout.css
c:\program files (x86)\adawaretb\chrome\skin\lib\panels\css\popupWidgets.css
c:\program files (x86)\adawaretb\chrome\skin\lib\panels\default\css\dialog.css
c:\program files (x86)\adawaretb\chrome\skin\lib\panels\default\images\bg.gif
c:\program files (x86)\adawaretb\chrome\skin\lib\panels\default\images\btn-wide-close-over.png
c:\program files (x86)\adawaretb\chrome\skin\lib\panels\default\images\btn-wide-close.png
c:\program files (x86)\adawaretb\chrome\skin\lib\panels\default\images\default.png
c:\program files (x86)\adawaretb\chrome\skin\lib\panels\default\images\transparent.gif
c:\program files (x86)\adawaretb\chrome\skin\lib\panels\default\images\win-btm-left.png
c:\program files (x86)\adawaretb\chrome\skin\lib\panels\default\images\win-btm-mdl.png
c:\program files (x86)\adawaretb\chrome\skin\lib\panels\default\images\win-btm-right-resize.png
c:\program files (x86)\adawaretb\chrome\skin\lib\panels\default\images\win-btm-right.png
c:\program files (x86)\adawaretb\chrome\skin\lib\panels\default\main.html
c:\program files (x86)\adawaretb\chrome\skin\lib\panels\default\scripts\defscript.js
c:\program files (x86)\adawaretb\chrome\skin\lib\panels\images\arrow-sml-drop.png
c:\program files (x86)\adawaretb\chrome\skin\lib\panels\images\arrow-sml.png
c:\program files (x86)\adawaretb\chrome\skin\lib\panels\images\arrowr-bluew5.png
c:\program files (x86)\adawaretb\chrome\skin\lib\panels\images\bg-aboutbox.png
c:\program files (x86)\adawaretb\chrome\skin\lib\panels\images\bg-btnover.png
c:\program files (x86)\adawaretb\chrome\skin\lib\panels\images\bg-pnl520x390.png
c:\program files (x86)\adawaretb\chrome\skin\lib\panels\images\btn-addtoolbar-left-over.png
c:\program files (x86)\adawaretb\chrome\skin\lib\panels\images\btn-addtoolbar-left.png
c:\program files (x86)\adawaretb\chrome\skin\lib\panels\images\btn-addtoolbar-right.png
c:\program files (x86)\adawaretb\chrome\skin\lib\panels\images\btn-close-grey.png
c:\program files (x86)\adawaretb\chrome\skin\lib\panels\images\btn-close-greyover.png
c:\program files (x86)\adawaretb\chrome\skin\lib\panels\images\btn-drag.png
c:\program files (x86)\adawaretb\chrome\skin\lib\panels\images\btn-mdl-over.png
c:\program files (x86)\adawaretb\chrome\skin\lib\panels\images\btn-mdl.png
c:\program files (x86)\adawaretb\chrome\skin\lib\panels\images\btn-next-over.png
c:\program files (x86)\adawaretb\chrome\skin\lib\panels\images\btn-next.png
c:\program files (x86)\adawaretb\chrome\skin\lib\panels\images\btn-previous-over.png
c:\program files (x86)\adawaretb\chrome\skin\lib\panels\images\btn-previous.png
c:\program files (x86)\adawaretb\chrome\skin\lib\panels\images\btn-right-over.png
c:\program files (x86)\adawaretb\chrome\skin\lib\panels\images\btn-search-pnlbtm-over.png
c:\program files (x86)\adawaretb\chrome\skin\lib\panels\images\btn-search-pnlbtm.png
c:\program files (x86)\adawaretb\chrome\skin\lib\panels\images\gamethumb-on.png
c:\program files (x86)\adawaretb\chrome\skin\lib\panels\images\ico-calendar.png
c:\program files (x86)\adawaretb\chrome\skin\lib\panels\images\ico-download.png
c:\program files (x86)\adawaretb\chrome\skin\lib\panels\images\ico-tags.png
c:\program files (x86)\adawaretb\chrome\skin\lib\panels\images\icon-Add.png
c:\program files (x86)\adawaretb\chrome\skin\lib\panels\images\icon-Info.png
c:\program files (x86)\adawaretb\chrome\skin\lib\panels\images\menul-bgon.png
c:\program files (x86)\adawaretb\chrome\skin\lib\panels\images\menul-bgover.png
c:\program files (x86)\adawaretb\chrome\skin\lib\panels\images\panel-botm-noscroll.png
c:\program files (x86)\adawaretb\chrome\skin\lib\panels\images\scroll-bg-206.png
c:\program files (x86)\adawaretb\chrome\skin\lib\panels\images\scroll-bg.png
c:\program files (x86)\adawaretb\chrome\skin\lib\panels\images\scroll-topwin.png
c:\program files (x86)\adawaretb\chrome\skin\lib\panels\images\scrollb-disable.png
c:\program files (x86)\adawaretb\chrome\skin\lib\panels\images\scrollb-down.png
c:\program files (x86)\adawaretb\chrome\skin\lib\panels\images\scrollb-over.png
c:\program files (x86)\adawaretb\chrome\skin\lib\panels\images\scrollb.png
c:\program files (x86)\adawaretb\chrome\skin\lib\panels\images\scrollt-disable.png
c:\program files (x86)\adawaretb\chrome\skin\lib\panels\images\scrollt-down.png
c:\program files (x86)\adawaretb\chrome\skin\lib\panels\images\scrollt-over.png
c:\program files (x86)\adawaretb\chrome\skin\lib\panels\images\scrollt.png
c:\program files (x86)\adawaretb\chrome\skin\lib\panels\images\searchbox-pnlbtm.png
c:\program files (x86)\adawaretb\chrome\skin\lib\panels\images\star_x_grey.png
c:\program files (x86)\adawaretb\chrome\skin\lib\panels\images\star_x_orange.png
c:\program files (x86)\adawaretb\chrome\skin\lib\panels\images\throbber.gif
c:\program files (x86)\adawaretb\chrome\skin\lib\panels\images\TRUSTe_about.png
c:\program files (x86)\adawaretb\chrome\skin\lib\panels\images\view-detailed-on.png
c:\program files (x86)\adawaretb\chrome\skin\lib\panels\images\view-detailed-over.png
c:\program files (x86)\adawaretb\chrome\skin\lib\panels\images\view-thumb-on.png
c:\program files (x86)\adawaretb\chrome\skin\lib\panels\images\view-thumb-over.png
c:\program files (x86)\adawaretb\chrome\skin\lib\panels\images\widgets-square-16px.png
c:\program files (x86)\adawaretb\chrome\skin\lib\panels\images\widgets-square-24px.png
c:\program files (x86)\adawaretb\chrome\skin\lib\panels\popupWidgets.html
c:\program files (x86)\adawaretb\chrome\skin\lib\pop.png
c:\program files (x86)\adawaretb\chrome\skin\lib\radio.png
c:\program files (x86)\adawaretb\chrome\skin\lib\reload.png
c:\program files (x86)\adawaretb\chrome\skin\lib\remove.png
c:\program files (x86)\adawaretb\chrome\skin\lib\rename.gif
c:\program files (x86)\adawaretb\chrome\skin\lib\resize-box.gif
c:\program files (x86)\adawaretb\chrome\skin\lib\rss.png
c:\program files (x86)\adawaretb\chrome\skin\lib\rsschannelback.png
c:\program files (x86)\adawaretb\chrome\skin\lib\RSSLogo.png
c:\program files (x86)\adawaretb\chrome\skin\lib\rsstabdivider.gif
c:\program files (x86)\adawaretb\chrome\skin\lib\scroll-left.png
c:\program files (x86)\adawaretb\chrome\skin\lib\scroll-right.png
c:\program files (x86)\adawaretb\chrome\skin\lib\search-go.png
c:\program files (x86)\adawaretb\chrome\skin\lib\search.png
c:\program files (x86)\adawaretb\chrome\skin\lib\text-ellipsis.xml
c:\program files (x86)\adawaretb\chrome\skin\lib\throbber.gif
c:\program files (x86)\adawaretb\chrome\skin\lib\toolbarsplitter.gif
c:\program files (x86)\adawaretb\chrome\skin\lib\transparent_1px.gif
c:\program files (x86)\adawaretb\chrome\skin\lib\uwa\border_02.png
c:\program files (x86)\adawaretb\chrome\skin\lib\uwa\border_03.png
c:\program files (x86)\adawaretb\chrome\skin\lib\uwa\border_04.png
c:\program files (x86)\adawaretb\chrome\skin\lib\uwa\border_06.png
c:\program files (x86)\adawaretb\chrome\skin\lib\uwa\border_07.png
c:\program files (x86)\adawaretb\chrome\skin\lib\uwa\border_08.png
c:\program files (x86)\adawaretb\chrome\skin\lib\uwa\border_09.png
c:\program files (x86)\adawaretb\chrome\skin\lib\uwa\border_10.png
c:\program files (x86)\adawaretb\chrome\skin\lib\uwa\border_11.png
c:\program files (x86)\adawaretb\chrome\skin\lib\uwa\border_12.png
c:\program files (x86)\adawaretb\chrome\skin\lib\uwa\border_13.png
c:\program files (x86)\adawaretb\chrome\skin\lib\uwa\border_14.png
c:\program files (x86)\adawaretb\chrome\skin\lib\uwa\border_15.png
c:\program files (x86)\adawaretb\chrome\skin\lib\uwa\border_16.png
c:\program files (x86)\adawaretb\chrome\skin\lib\uwa\border_18.png
c:\program files (x86)\adawaretb\chrome\skin\lib\uwa\border_19.png
c:\program files (x86)\adawaretb\chrome\skin\lib\uwa\border_20.png
c:\program files (x86)\adawaretb\chrome\skin\lib\uwa\border_21.png
c:\program files (x86)\adawaretb\chrome\skin\lib\uwa\btn-close-grey.png
c:\program files (x86)\adawaretb\chrome\skin\lib\uwa\btn-close-greyover.png
c:\program files (x86)\adawaretb\chrome\skin\lib\uwa\close-hot.png
c:\program files (x86)\adawaretb\chrome\skin\lib\uwa\close-normal.png
c:\program files (x86)\adawaretb\chrome\skin\lib\uwa\loadingMid.gif
c:\program files (x86)\adawaretb\chrome\skin\lib\uwa\paneltemplate.html
c:\program files (x86)\adawaretb\chrome\skin\lib\uwa\proxy.html
c:\program files (x86)\adawaretb\chrome\skin\lib\uwa\template.html
c:\program files (x86)\adawaretb\chrome\skin\lib\uwa\template.xml
c:\program files (x86)\adawaretb\chrome\skin\lib\uwa\templateFF.html
c:\program files (x86)\adawaretb\chrome\skin\lib\uwa\throbber.gif
c:\program files (x86)\adawaretb\chrome\skin\lib\weatherbutton\icons\cond999.png
c:\program files (x86)\adawaretb\chrome\skin\lib\weatherbutton\icons\icons.xml
c:\program files (x86)\adawaretb\chrome\skin\lib\weatherbutton\icons\na-s.png
c:\program files (x86)\adawaretb\chrome\skin\lib\weatherbutton\icons\na.png
c:\program files (x86)\adawaretb\chrome\skin\lib\weatherbutton\icons\weather.png
c:\program files (x86)\adawaretb\chrome\skin\lib\weatherbutton\panels\images\add.png
c:\program files (x86)\adawaretb\chrome\skin\lib\weatherbutton\panels\images\arrowr-bluew5.png
c:\program files (x86)\adawaretb\chrome\skin\lib\weatherbutton\panels\images\bg-pnl.png
c:\program files (x86)\adawaretb\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350blue-whitebg.png
c:\program files (x86)\adawaretb\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350blue.png
c:\program files (x86)\adawaretb\chrome\skin\lib\weatherbutton\panels\images\box-check.png
c:\program files (x86)\adawaretb\chrome\skin\lib\weatherbutton\panels\images\box-uncheck.png
c:\program files (x86)\adawaretb\chrome\skin\lib\weatherbutton\panels\images\btn-close-grey.png
c:\program files (x86)\adawaretb\chrome\skin\lib\weatherbutton\panels\images\btn-close-greyover.png
c:\program files (x86)\adawaretb\chrome\skin\lib\weatherbutton\panels\images\btn-delete.png
c:\program files (x86)\adawaretb\chrome\skin\lib\weatherbutton\panels\images\btn-search-pnlbtm.png
c:\program files (x86)\adawaretb\chrome\skin\lib\weatherbutton\panels\images\btnarrow-next-off.png
c:\program files (x86)\adawaretb\chrome\skin\lib\weatherbutton\panels\images\btnarrow-next.png
c:\program files (x86)\adawaretb\chrome\skin\lib\weatherbutton\panels\images\btnarrow-previous-off.png
c:\program files (x86)\adawaretb\chrome\skin\lib\weatherbutton\panels\images\btnarrow-previous.png
c:\program files (x86)\adawaretb\chrome\skin\lib\weatherbutton\panels\images\ico-hotandhumid-s.png
c:\program files (x86)\adawaretb\chrome\skin\lib\weatherbutton\panels\images\ico-hotandhumid.png
c:\program files (x86)\adawaretb\chrome\skin\lib\weatherbutton\panels\images\ico-check.png
c:\program files (x86)\adawaretb\chrome\skin\lib\weatherbutton\panels\images\options-weather.png
c:\program files (x86)\adawaretb\chrome\skin\lib\weatherbutton\panels\images\over-blue.png
c:\program files (x86)\adawaretb\chrome\skin\lib\weatherbutton\panels\images\over-orange.png
c:\program files (x86)\adawaretb\chrome\skin\lib\weatherbutton\panels\images\powered-by-weatherbug.png
c:\program files (x86)\adawaretb\chrome\skin\lib\weatherbutton\panels\images\powered-by-weatherbug2.png
c:\program files (x86)\adawaretb\chrome\skin\lib\weatherbutton\panels\images\radio-checked.png
c:\program files (x86)\adawaretb\chrome\skin\lib\weatherbutton\panels\images\radio-unchecked.png
c:\program files (x86)\adawaretb\chrome\skin\lib\weatherbutton\panels\images\searchbox-pnlbtm.png
c:\program files (x86)\adawaretb\chrome\skin\lib\weatherbutton\panels\images\weather-contour.png
c:\program files (x86)\adawaretb\chrome\skin\lib\weatherbutton\panels\popupWeather.css
c:\program files (x86)\adawaretb\chrome\skin\lib\weatherbutton\panels\popupWeather.html
c:\program files (x86)\adawaretb\chrome\skin\lib\yahoo.png
c:\program files (x86)\adawaretb\chrome\skin\lichen.gif
c:\program files (x86)\adawaretb\chrome\skin\logo-about.png
c:\program files (x86)\adawaretb\chrome\skin\logo.png
c:\program files (x86)\adawaretb\chrome\skin\modify-save.png
c:\program files (x86)\adawaretb\chrome\skin\modify.png
c:\program files (x86)\adawaretb\chrome\skin\music.png
c:\program files (x86)\adawaretb\chrome\skin\news.png
c:\program files (x86)\adawaretb\chrome\skin\options\options-main.png
c:\program files (x86)\adawaretb\chrome\skin\options\options-search.png
c:\program files (x86)\adawaretb\chrome\skin\options\options-weather.png
c:\program files (x86)\adawaretb\chrome\skin\options\options-widgets.png
c:\program files (x86)\adawaretb\chrome\skin\orange.gif
c:\program files (x86)\adawaretb\chrome\skin\search-background.png
c:\program files (x86)\adawaretb\chrome\skin\shopping.png
c:\program files (x86)\adawaretb\chrome\skin\skin-bluelite.png
c:\program files (x86)\adawaretb\chrome\skin\skin-bluesky.png
c:\program files (x86)\adawaretb\chrome\skin\skin-grey.png
c:\program files (x86)\adawaretb\chrome\skin\skin-lichen.png
c:\program files (x86)\adawaretb\chrome\skin\skin-orange.png
c:\program files (x86)\adawaretb\chrome\skin\skin-yellow.png
c:\program files (x86)\adawaretb\chrome\skin\technorati.png
c:\program files (x86)\adawaretb\chrome\skin\throbber.gif
c:\program files (x86)\adawaretb\chrome\skin\toolbarsplitter.png
c:\program files (x86)\adawaretb\chrome\skin\web.png
c:\program files (x86)\adawaretb\chrome\skin\wikipedia.png
c:\program files (x86)\adawaretb\chrome\skin\yellow.gif
c:\program files (x86)\adawaretb\chrome\skin\youtube.png
c:\program files (x86)\adawaretb\ieUtils.exe
c:\program files (x86)\adawaretb\install.ico
c:\program files (x86)\adawaretb\manifest.xml
c:\program files (x86)\adawaretb\uninstall.exe
c:\program files (x86)\McAfee Security Scan
c:\program files (x86)\McAfee Security Scan\3.0.207\AVScanComponent.dll
c:\program files (x86)\McAfee Security Scan\3.0.207\AVScanner.ini
c:\program files (x86)\McAfee Security Scan\3.0.207\avvclean.dat
c:\program files (x86)\McAfee Security Scan\3.0.207\avvnames.dat
c:\program files (x86)\McAfee Security Scan\3.0.207\avvscan.dat
c:\program files (x86)\McAfee Security Scan\3.0.207\config.dat
c:\program files (x86)\McAfee Security Scan\3.0.207\ftconfig.ini
c:\program files (x86)\McAfee Security Scan\3.0.207\McAfee.ico
c:\program files (x86)\McAfee Security Scan\3.0.207\mcbrwsr2.dll
c:\program files (x86)\McAfee Security Scan\3.0.207\MCCompHostConfig.ini
c:\program files (x86)\McAfee Security Scan\3.0.207\McCHSvc.exe
c:\program files (x86)\McAfee Security Scan\3.0.207\mcscan32.dll
c:\program files (x86)\McAfee Security Scan\3.0.207\mcuicnt.exe
c:\program files (x86)\McAfee Security Scan\3.0.207\McUpdater.dll
c:\program files (x86)\McAfee Security Scan\3.0.207\sa_cache_sqlite.dll
c:\program files (x86)\McAfee Security Scan\3.0.207\sa_http_win32.dll
c:\program files (x86)\McAfee Security Scan\3.0.207\sa_mbl.dll
c:\program files (x86)\McAfee Security Scan\3.0.207\sa_store_sqlite.dll
c:\program files (x86)\McAfee Security Scan\3.0.207\sacore.db
c:\program files (x86)\McAfee Security Scan\3.0.207\sacore.dll
c:\program files (x86)\McAfee Security Scan\3.0.207\sacoredata\uds_filetypes.txt
c:\program files (x86)\McAfee Security Scan\3.0.207\sacoredata\uds_hosting.txt
c:\program files (x86)\McAfee Security Scan\3.0.207\sacoredata\uds_tlds.txt
c:\program files (x86)\McAfee Security Scan\3.0.207\SecurityScanner.dll
c:\program files (x86)\McAfee Security Scan\3.0.207\SecurityScanner_LD.dll
c:\program files (x86)\McAfee Security Scan\3.0.207\signlic.txt
c:\program files (x86)\McAfee Security Scan\3.0.207\sqlite3.dll
c:\program files (x86)\McAfee Security Scan\3.0.207\SSCustom_LD.dll
c:\program files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe
c:\program files (x86)\McAfee Security Scan\3.0.207\WebInfoScanner.dll
c:\program files (x86)\McAfee Security Scan\3.0.207\WMIScanner.dll
c:\program files (x86)\McAfee Security Scan\3.0.207\WmiScanner.ini
c:\program files (x86)\McAfee Security Scan\uninstall.exe
c:\program files (x86)\Toolbar Cleaner
c:\program files (x86)\Toolbar Cleaner\guid.dat
c:\program files (x86)\Toolbar Cleaner\install.ico
c:\program files (x86)\Toolbar Cleaner\ToolbarCleaner.exe
c:\program files (x86)\Toolbar Cleaner\toolbarcleaner.ini
c:\program files (x86)\Toolbar Cleaner\uninstall.exe
c:\programdata\Ad-Aware Browsing Protection
c:\programdata\Ad-Aware Browsing Protection\adawarebp.dll
c:\programdata\Ad-Aware Browsing Protection\adawarebp.dll.nsu2B09.tmp
c:\programdata\Ad-Aware Browsing Protection\adawarebp.exe
c:\programdata\Ad-Aware Browsing Protection\adawarebp.exe.nsu2B09.tmp
c:\programdata\Ad-Aware Browsing Protection\guid.dat
c:\programdata\Ad-Aware Browsing Protection\uninstall.exe
c:\programdata\Ad-Aware Browsing Protection\uninstall.exe.nsu2B09.tmp
c:\programdata\McAfee Security Scan
c:\programdata\McAfee Security Scan\ftstate.ini
c:\programdata\McAfee
c:\programdata\McAfee\MCLOGS\Common\McCHSvc\McCHSvc000.log
c:\programdata\McAfee\MCLOGS\Common\McUicnt\McUicnt000.log
c:\programdata\McAfee\MCLOGS\McUICnt\McUicnt\McUicnt000.log
c:\programdata\McAfee\MCLOGS\PartnerCustom\McCHSvc\McCHSvc000.log
c:\programdata\McAfee\MCLOGS\PartnerCustom\McUicnt\McUicnt000.log
c:\programdata\McAfee\MCLOGS\PartnerCustom\SecurityScan_Release\SecurityScan_Release000.log
c:\programdata\McAfee\MCLOGS\PartnerCustom\SSScheduler\SSScheduler000.log
c:\programdata\McAfee\MCLOGS\SecurityScanner\McUicnt\McUicnt000.log
c:\users\Barreto\AppData\Local\Google\Update
c:\users\Barreto\AppData\Local\Google\Update\1.3.21.115\GoogleCrashHandler.exe
c:\users\Barreto\AppData\Local\Google\Update\1.3.21.115\GoogleCrashHandler64.exe
c:\users\Barreto\AppData\Local\Google\Update\1.3.21.115\GoogleUpdate.exe
c:\users\Barreto\AppData\Local\Google\Update\1.3.21.115\GoogleUpdateBroker.exe
c:\users\Barreto\AppData\Local\Google\Update\1.3.21.115\GoogleUpdateHelper.msi
c:\users\Barreto\AppData\Local\Google\Update\1.3.21.115\GoogleUpdateOnDemand.exe
c:\users\Barreto\AppData\Local\Google\Update\1.3.21.115\GoogleUpdateSetup.exe
c:\users\Barreto\AppData\Local\Google\Update\1.3.21.115\goopdate.dll
c:\users\Barreto\AppData\Local\Google\Update\1.3.21.115\goopdateres_am.dll
c:\users\Barreto\AppData\Local\Google\Update\1.3.21.115\goopdateres_ar.dll
c:\users\Barreto\AppData\Local\Google\Update\1.3.21.115\goopdateres_bg.dll
c:\users\Barreto\AppData\Local\Google\Update\1.3.21.115\goopdateres_bn.dll
c:\users\Barreto\AppData\Local\Google\Update\1.3.21.115\goopdateres_ca.dll
c:\users\Barreto\AppData\Local\Google\Update\1.3.21.115\goopdateres_cs.dll
c:\users\Barreto\AppData\Local\Google\Update\1.3.21.115\goopdateres_da.dll
c:\users\Barreto\AppData\Local\Google\Update\1.3.21.115\goopdateres_de.dll
c:\users\Barreto\AppData\Local\Google\Update\1.3.21.115\goopdateres_el.dll
c:\users\Barreto\AppData\Local\Google\Update\1.3.21.115\goopdateres_en-GB.dll
c:\users\Barreto\AppData\Local\Google\Update\1.3.21.115\goopdateres_en.dll
c:\users\Barreto\AppData\Local\Google\Update\1.3.21.115\goopdateres_es-419.dll
c:\users\Barreto\AppData\Local\Google\Update\1.3.21.115\goopdateres_es.dll
c:\users\Barreto\AppData\Local\Google\Update\1.3.21.115\goopdateres_et.dll
c:\users\Barreto\AppData\Local\Google\Update\1.3.21.115\goopdateres_fa.dll
c:\users\Barreto\AppData\Local\Google\Update\1.3.21.115\goopdateres_fi.dll
c:\users\Barreto\AppData\Local\Google\Update\1.3.21.115\goopdateres_fil.dll
c:\users\Barreto\AppData\Local\Google\Update\1.3.21.115\goopdateres_fr.dll
c:\users\Barreto\AppData\Local\Google\Update\1.3.21.115\goopdateres_gu.dll
c:\users\Barreto\AppData\Local\Google\Update\1.3.21.115\goopdateres_hi.dll
c:\users\Barreto\AppData\Local\Google\Update\1.3.21.115\goopdateres_hr.dll
c:\users\Barreto\AppData\Local\Google\Update\1.3.21.115\goopdateres_hu.dll
c:\users\Barreto\AppData\Local\Google\Update\1.3.21.115\goopdateres_id.dll
c:\users\Barreto\AppData\Local\Google\Update\1.3.21.115\goopdateres_is.dll
c:\users\Barreto\AppData\Local\Google\Update\1.3.21.115\goopdateres_it.dll
c:\users\Barreto\AppData\Local\Google\Update\1.3.21.115\goopdateres_iw.dll
c:\users\Barreto\AppData\Local\Google\Update\1.3.21.115\goopdateres_ja.dll
c:\users\Barreto\AppData\Local\Google\Update\1.3.21.115\goopdateres_kn.dll
c:\users\Barreto\AppData\Local\Google\Update\1.3.21.115\goopdateres_ko.dll
c:\users\Barreto\AppData\Local\Google\Update\1.3.21.115\goopdateres_lt.dll
c:\users\Barreto\AppData\Local\Google\Update\1.3.21.115\goopdateres_lv.dll
c:\users\Barreto\AppData\Local\Google\Update\1.3.21.115\goopdateres_ml.dll
c:\users\Barreto\AppData\Local\Google\Update\1.3.21.115\goopdateres_mr.dll
c:\users\Barreto\AppData\Local\Google\Update\1.3.21.115\goopdateres_ms.dll
c:\users\Barreto\AppData\Local\Google\Update\1.3.21.115\goopdateres_nl.dll
c:\users\Barreto\AppData\Local\Google\Update\1.3.21.115\goopdateres_no.dll
c:\users\Barreto\AppData\Local\Google\Update\1.3.21.115\goopdateres_pl.dll
c:\users\Barreto\AppData\Local\Google\Update\1.3.21.115\goopdateres_pt-BR.dll
c:\users\Barreto\AppData\Local\Google\Update\1.3.21.115\goopdateres_pt-PT.dll
c:\users\Barreto\AppData\Local\Google\Update\1.3.21.115\goopdateres_ro.dll
c:\users\Barreto\AppData\Local\Google\Update\1.3.21.115\goopdateres_ru.dll
c:\users\Barreto\AppData\Local\Google\Update\1.3.21.115\goopdateres_sk.dll
c:\users\Barreto\AppData\Local\Google\Update\1.3.21.115\goopdateres_sl.dll
c:\users\Barreto\AppData\Local\Google\Update\1.3.21.115\goopdateres_sr.dll
c:\users\Barreto\AppData\Local\Google\Update\1.3.21.115\goopdateres_sv.dll
c:\users\Barreto\AppData\Local\Google\Update\1.3.21.115\goopdateres_sw.dll
c:\users\Barreto\AppData\Local\Google\Update\1.3.21.115\goopdateres_ta.dll
c:\users\Barreto\AppData\Local\Google\Update\1.3.21.115\goopdateres_te.dll
c:\users\Barreto\AppData\Local\Google\Update\1.3.21.115\goopdateres_th.dll
c:\users\Barreto\AppData\Local\Google\Update\1.3.21.115\goopdateres_tr.dll
c:\users\Barreto\AppData\Local\Google\Update\1.3.21.115\goopdateres_uk.dll
c:\users\Barreto\AppData\Local\Google\Update\1.3.21.115\goopdateres_ur.dll
c:\users\Barreto\AppData\Local\Google\Update\1.3.21.115\goopdateres_vi.dll
c:\users\Barreto\AppData\Local\Google\Update\1.3.21.115\goopdateres_zh-CN.dll
c:\users\Barreto\AppData\Local\Google\Update\1.3.21.115\goopdateres_zh-TW.dll
c:\users\Barreto\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll
c:\users\Barreto\AppData\Local\Google\Update\1.3.21.115\psmachine.dll
c:\users\Barreto\AppData\Local\Google\Update\1.3.21.115\psuser.dll
c:\users\Barreto\AppData\Local\Google\Update\Download\{430FD4D0-B729-4F61-AA34-91526481799D}\1.3.21.115\GoogleUpdateSetup.exe
c:\users\Barreto\AppData\Local\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\21.0.1180.89\21.0.1180.89_21.0.1180.83_chrome_updater.exe
c:\users\Barreto\AppData\Local\Google\Update\GoogleUpdate.exe
c:\users\Barreto\AppData\Roaming\Ad-Aware Antivirus
c:\users\Barreto\AppData\Roaming\Ad-Aware Antivirus\application-settings.xml
c:\users\Barreto\AppData\Roaming\Ad-Aware Antivirus\definitions-date.xml
c:\users\Barreto\AppData\Roaming\Ad-Aware Antivirus\gaming-mode.xml
c:\users\Barreto\AppData\Roaming\Ad-Aware Antivirus\id-watch-dog.xml
c:\users\Barreto\AppData\Roaming\Ad-Aware Antivirus\Installer.xml
c:\users\Barreto\AppData\Roaming\Ad-Aware Antivirus\language.xml
c:\users\Barreto\AppData\Roaming\Ad-Aware Antivirus\Logs\20120904T065305.774790PID3952\GuiFramework.log
c:\users\Barreto\AppData\Roaming\Ad-Aware Antivirus\Logs\20120904T075104.624554PID3736\AdAware.log
c:\users\Barreto\AppData\Roaming\Ad-Aware Antivirus\Logs\20120904T075104.624554PID3736\GuiFramework.log
c:\users\Barreto\AppData\Roaming\Ad-Aware Antivirus\Logs\20120904T075104.624554PID3736\Sunbelt.log
c:\users\Barreto\AppData\Roaming\Ad-Aware Antivirus\Logs\20120904T081835.067229PID1692\AdAwareLauncher.log
c:\users\Barreto\AppData\Roaming\Ad-Aware Antivirus\Logs\20120904T081842.844041PID2336\AdAware.log
c:\users\Barreto\AppData\Roaming\Ad-Aware Antivirus\Logs\20120904T081842.844041PID2336\GuiFramework.log
c:\users\Barreto\AppData\Roaming\Ad-Aware Antivirus\Logs\20120904T081842.844041PID2336\Sunbelt.log
c:\users\Barreto\AppData\Roaming\Ad-Aware Antivirus\Logs\20120904T081849.257965PID108\AdAwareLauncher.log
c:\users\Barreto\AppData\Roaming\Ad-Aware Antivirus\Logs\20120904T091659.003230PID1584\AdAwareLauncher.log
c:\users\Barreto\AppData\Roaming\Ad-Aware Antivirus\Logs\20120904T091720.297699PID3188\AdAware.log
c:\users\Barreto\AppData\Roaming\Ad-Aware Antivirus\Logs\20120904T091720.297699PID3188\GuiFramework.log
c:\users\Barreto\AppData\Roaming\Ad-Aware Antivirus\Logs\20120904T091720.297699PID3188\Sunbelt.log
c:\users\Barreto\AppData\Roaming\Ad-Aware Antivirus\Logs\20120904T092214.152455PID2652\AdAwareLauncher.log
c:\users\Barreto\AppData\Roaming\Ad-Aware Antivirus\Logs\20120904T092216.196059PID2688\AdAware.log
c:\users\Barreto\AppData\Roaming\Ad-Aware Antivirus\Logs\20120904T092216.196059PID2688\GuiFramework.log
c:\users\Barreto\AppData\Roaming\Ad-Aware Antivirus\Logs\20120904T092216.196059PID2688\Sunbelt.log
c:\users\Barreto\AppData\Roaming\Ad-Aware Antivirus\Logs\20120904T092314.589118PID3872\AdAwareLauncher.log
c:\users\Barreto\AppData\Roaming\Ad-Aware Antivirus\Logs\20120904T101239.034430PID2176\AdAwareLauncher.log
c:\users\Barreto\AppData\Roaming\Ad-Aware Antivirus\Logs\20120904T101251.301667PID1464\AdAware.log
c:\users\Barreto\AppData\Roaming\Ad-Aware Antivirus\Logs\20120904T101251.301667PID1464\GuiFramework.log
c:\users\Barreto\AppData\Roaming\Ad-Aware Antivirus\Logs\20120904T101251.301667PID1464\Sunbelt.log
c:\users\Barreto\AppData\Roaming\Ad-Aware Antivirus\Logs\20120904T101252.721269PID3060\AdAwareLauncher.log
c:\users\Barreto\AppData\Roaming\Ad-Aware Antivirus\Logs\20120904T105745.855946PID864\AdAwareLauncher.log
c:\users\Barreto\AppData\Roaming\Ad-Aware Antivirus\protection-status.xml
c:\users\Barreto\AppData\Roaming\Ad-Aware Antivirus\update-parameters.xml
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_SBRE
-------\Service_McComponentHostService
-------\Service_SBRE
-------\Service_SkypeUpdate
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-08-05 do 2012-09-05 )))))))))))))))))))))))))))))))
.
.
2012-09-05 13:49 . 2012-09-05 13:49 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-09-04 14:20 . 2012-09-04 14:20 -------- d-----w- c:\users\Barreto\AppData\Local\Adobe
2012-09-04 12:06 . 2012-08-21 09:13 359464 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-09-04 12:06 . 2012-08-21 09:13 25232 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-09-04 12:06 . 2012-08-21 09:13 54072 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-09-04 12:05 . 2012-08-21 09:13 59728 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-09-04 12:05 . 2012-08-21 09:13 969200 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-09-04 12:05 . 2012-08-21 09:13 71600 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-09-04 12:05 . 2012-09-04 12:30 -------- d-----w- c:\users\Barreto\AppData\Local\adaware
2012-09-04 12:05 . 2012-08-21 09:12 41224 ----a-w- c:\windows\avastSS.scr
2012-09-04 12:05 . 2012-08-21 09:12 227648 ----a-w- c:\windows\SysWow64\aswBoot.exe
2012-09-04 06:54 . 2012-09-04 06:54 -------- d-----w- c:\users\Barreto\AppData\Local\Downloaded Installations
2012-09-04 06:23 . 2012-08-21 09:12 285328 ----a-w- c:\windows\system32\aswBoot.exe
2012-09-04 06:22 . 2012-09-04 12:05 -------- d-----w- c:\programdata\AVAST Software
2012-09-04 06:22 . 2012-09-04 12:05 -------- d-----w- c:\program files\AVAST Software
2012-09-03 13:32 . 2012-09-04 06:49 -------- d-----w- c:\programdata\0C1CFB261656D4AFB51B22EFF875EF60
2012-08-31 07:42 . 2012-08-31 08:18 -------- d-----w- c:\windows\system32\appmgmt
2012-08-30 11:16 . 2009-09-04 15:29 1892184 ----a-w- c:\windows\SysWow64\D3DX9_42.dll
2012-08-30 11:16 . 2006-09-28 14:05 2414360 ----a-w- c:\windows\SysWow64\d3dx9_31.dll
2012-08-30 11:15 . 2012-08-30 11:15 -------- d-----w- c:\program files (x86)\Common Files\PX Storage Engine
2012-08-30 11:15 . 2012-08-30 11:20 -------- d-----w- c:\program files (x86)\Winamp
2012-08-30 10:30 . 2012-08-30 11:20 -------- d-----w- c:\users\Barreto\AppData\Roaming\vlc
2012-08-30 10:30 . 2012-08-30 10:30 -------- d-----w- c:\program files (x86)\VideoLAN
2012-08-29 14:40 . 2012-09-05 05:32 -------- d-----r- c:\users\Barreto\Dropbox
2012-08-29 14:36 . 2012-09-05 05:32 -------- d-----w- c:\users\Barreto\AppData\Roaming\Dropbox
2012-08-27 11:22 . 2012-08-27 11:22 -------- d-----w- c:\users\Barreto\AppData\Roaming\MetaQuotes
2012-08-22 11:01 . 2012-08-22 11:01 -------- d-----w- c:\users\Barreto\AppData\Local\Plus500
2012-08-22 11:01 . 2012-08-22 11:01 -------- d-----w- c:\program files (x86)\Plus500
2012-08-20 17:15 . 2012-08-20 17:15 -------- d-----w- c:\users\Barreto\AppData\Roaming\Mozilla-Cache
2012-08-20 17:15 . 2012-08-20 17:15 -------- d-----w- c:\users\Barreto\AppData\Roaming\BWIN
2012-08-20 17:15 . 2012-08-20 17:15 -------- d-----w- C:\Programs
2012-08-19 09:03 . 2012-09-05 13:46 -------- d-----w- c:\users\Barreto\AppData\Roaming\Skype
2012-08-19 09:03 . 2012-08-19 09:03 -------- d-----w- c:\program files (x86)\Common Files\Skype
2012-08-19 09:03 . 2012-08-31 08:18 -------- d-----r- c:\program files (x86)\Skype
2012-08-19 09:03 . 2012-08-31 08:18 -------- d-----w- c:\programdata\Skype
2012-08-18 16:40 . 2012-08-18 16:40 -------- d-----w- c:\users\Barreto\AppData\Roaming\OpenOffice.org
2012-08-18 16:38 . 2012-08-18 16:39 -------- d-----w- c:\program files (x86)\OpenOffice.org 3
2012-08-15 12:16 . 2012-08-15 12:16 -------- d-----w- c:\program files (x86)\Common Files\SWF Studio
2012-08-15 12:16 . 2012-08-15 12:17 -------- d-----w- c:\program files (x86)\Ballance
2012-08-15 12:16 . 2012-08-15 12:16 -------- d--h--w- c:\program files (x86)\InstallShield Installation Information
2012-08-15 12:15 . 2012-08-15 12:15 -------- d-----w- c:\program files (x86)\Common Files\InstallShield
2012-08-15 12:13 . 2012-08-15 12:13 283200 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2012-08-15 12:13 . 2012-08-15 12:13 -------- d-----w- c:\program files (x86)\DAEMON Tools Lite
2012-08-14 10:43 . 2012-08-14 10:43 -------- d-----w- c:\users\Barreto\Realtimeforex
2012-08-14 10:33 . 2012-08-14 10:46 -------- d-----w- c:\program files (x86)\MMCIS MetaTrader 4 Client Terminal
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-29 14:38 . 2012-06-01 16:50 73416 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-29 14:38 . 2012-06-01 16:50 696520 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-20 10:00 . 2010-11-21 03:24 14848 ----a-w- c:\windows\system32\slwga.dll
2012-07-20 10:00 . 2010-11-21 03:24 419840 ----a-w- c:\windows\system32\systemcpl.dll
2012-07-20 10:00 . 2010-11-21 03:23 13824 ----a-w- c:\windows\SysWow64\slwga.dll
2012-07-05 20:06 . 2012-06-03 20:23 772544 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-07-05 20:06 . 2012-06-03 20:23 687544 ----a-w- c:\windows\SysWow64\deployJava1.dll
.
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\programdata\0C1CFB261656D4AFB51B22EFF875EF60 ----
.
2012-09-03 13:33 . 2012-09-04 06:16 1872 ----a-w- c:\programdata\0C1CFB261656D4AFB51B22EFF875EF60\0C1CFB261656D4AFB51B22EFF875EF60
2012-09-03 13:32 . 2012-09-03 13:32 4286 ----a-w- c:\programdata\0C1CFB261656D4AFB51B22EFF875EF60\0C1CFB261656D4AFB51B22EFF875EF60.ico
.
.
((((((((((((((((((((((((((((( SnapShot@2012-09-04_11.10.58 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-07-14 04:54 . 2012-09-04 10:12 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-09-05 13:51 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-09-04 10:12 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-09-05 13:51 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-09-04 10:12 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-09-05 13:51 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-11-21 03:09 . 2012-09-04 11:31 23200 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-09-05 05:33 41438 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
- 2009-07-14 05:30 . 2012-09-04 07:35 86016 c:\windows\system32\DriverStore\infpub.dat
+ 2009-07-14 05:30 . 2012-09-05 05:29 86016 c:\windows\system32\DriverStore\infpub.dat
+ 2012-06-01 16:46 . 2012-09-05 05:32 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2012-06-01 16:46 . 2012-09-04 10:14 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2012-06-01 16:46 . 2012-09-04 10:14 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2012-06-01 16:46 . 2012-09-05 05:32 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2012-06-01 16:46 . 2012-09-05 05:32 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2012-06-01 16:46 . 2012-09-04 10:14 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-06-01 18:55 . 2012-09-05 13:04 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2012-06-01 18:55 . 2012-09-04 10:20 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2012-06-01 18:55 . 2012-09-04 10:20 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-06-01 18:55 . 2012-09-05 13:04 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-06-02 08:10 . 2012-09-05 05:33 6878 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-294199236-3898462869-2383419368-1001_UserData.bin
+ 2012-09-05 13:51 . 2012-09-05 13:51 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-09-04 09:21 . 2012-09-04 10:54 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-09-05 13:51 . 2012-09-05 13:51 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-09-04 09:21 . 2012-09-04 10:54 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-06-01 18:55 . 2012-09-05 05:17 273580 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_FastS4.bin
+ 2009-07-14 02:36 . 2012-09-05 05:37 606992 c:\windows\system32\perfh009.dat
+ 2011-04-12 08:34 . 2012-09-05 05:37 622422 c:\windows\system32\perfh005.dat
+ 2009-07-14 02:36 . 2012-09-05 05:37 103370 c:\windows\system32\perfc009.dat
+ 2011-04-12 08:34 . 2012-09-05 05:37 118604 c:\windows\system32\perfc005.dat
+ 2009-07-14 05:30 . 2012-09-05 05:29 143360 c:\windows\system32\DriverStore\infstrng.dat
- 2009-07-14 05:30 . 2012-09-04 07:35 143360 c:\windows\system32\DriverStore\infstrng.dat
+ 2009-07-14 05:30 . 2012-09-05 05:29 143360 c:\windows\system32\DriverStore\infstor.dat
- 2009-07-14 05:30 . 2012-09-04 07:35 143360 c:\windows\system32\DriverStore\infstor.dat
+ 2009-07-14 05:01 . 2012-09-05 13:50 274764 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-09-04 09:21 274764 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 94208 ----a-w- c:\users\Barreto\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 94208 ----a-w- c:\users\Barreto\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 94208 ----a-w- c:\users\Barreto\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-04-17 3671872]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-07-13 17418928]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-08-21 4282728]
.
c:\users\Barreto\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Barreto\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-8-27 26924984]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-29 250568]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-21 20992]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [2010-11-21 88960]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-21 34816]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-21 117248]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-08-15 283200]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-08-21 71600]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]
S3 netr28x;Ralink 802.11n – bezdrátový ovladač pro systém Windows Vista;c:\windows\system32\DRIVERS\netr28x.sys [2009-06-10 620544]
S3 RTL8167;Ovladač Realtek 8167 NT;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-06-10 187392]
.
.
Obsah adresáře 'Naplánované úlohy'
.
2012-09-05 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-01 14:38]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-08-21 09:11 133400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 97792 ----a-w- c:\users\Barreto\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 97792 ----a-w- c:\users\Barreto\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 97792 ----a-w- c:\users\Barreto\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 97792 ----a-w- c:\users\Barreto\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"combofix"="c:\combofix\CF515.3XE" [2010-11-21 345088]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 213.46.172.36 213.46.172.37
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Wow6432Node-HKLM-Run-Ad-Aware Browsing Protection - c:\programdata\Ad-Aware Browsing Protection\adawarebp.exe
AddRemove-Ad-Aware Browsing Protection - c:\programdata\Ad-Aware Browsing Protection\uninstall.exe
AddRemove-adawaretb - c:\program files (x86)\adawaretb\uninstall.exe
AddRemove-McAfee Security Scan - c:\program files (x86)\McAfee Security Scan\uninstall.exe
AddRemove-Toolbar Cleaner - c:\program files (x86)\Toolbar Cleaner\uninstall.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
.
**************************************************************************
.
Celkový čas: 2012-09-05 16:01:40 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-09-05 14:01
ComboFix2.txt 2012-09-05 05:46
ComboFix3.txt 2012-09-04 11:12
.
Před spuštěním: Volných bajtů: 151 081 025 536
Po spuštění: Volných bajtů: 151 129 837 568
.
- - End Of File - - 0BF315B19556A0E6420C26A2F002FF35
Nahoru
barreto.jose.ricardo
nováček
Příspěvky: 12
Registrován: září 12
Pohlaví: Muž
Stav:
Offline

Re: Žádost o pomoc s odstraněním Live Security Platinum

Příspěvekod barreto.jose.ricardo » 05 zář 2012 16:14

zde je log z HJT:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:25:50, on 4.9.2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)
Boot mode: Safe mode with network support

Running processes:
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Ad-Aware Security Toolbar - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O3 - Toolbar: Ad-Aware Security Toolbar - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - Startup: Dropbox.lnk = Barreto\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe
O9 - Extra button: bwinCasino - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Users\Barreto\Desktop\bwin Download Casino.lnk (HKCU)
O9 - Extra 'Tools' menuitem: bwinCasino - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Users\Barreto\Desktop\bwin Download Casino.lnk (HKCU)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files (x86)\McAfee Security Scan\3.0.207\McCHSvc.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 6326 bytes
Nahoru
barreto.jose.ricardo
nováček
Příspěvky: 12
Registrován: září 12
Pohlaví: Muž
Stav:
Offline

Re: Žádost o pomoc s odstraněním Live Security Platinum

Příspěvekod barreto.jose.ricardo » 05 zář 2012 16:26

tady je link z virustotal:

https://www.virustotal.com/file/ed027f0 ... 346855090/
Nahoru
barreto.jose.ricardo
nováček
Příspěvky: 12
Registrován: září 12
Pohlaví: Muž
Stav:
Offline

Re: Žádost o pomoc s odstraněním Live Security Platinum

Příspěvekod barreto.jose.ricardo » 05 zář 2012 16:32

zde je log z aswMBR:


aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-09-05 16:29:10
-----------------------------
16:29:10.353 OS Version: Windows x64 6.1.7601 Service Pack 1
16:29:10.353 Number of processors: 2 586 0xF0D
16:29:10.353 ComputerName: BARRETO-PC UserName: Barreto
16:29:11.367 Initialize success
16:29:11.585 AVAST engine defs: 12090501
16:29:17.076 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
16:29:17.076 Disk 0 Vendor: WDC_WD5000AAKS-65A7B2 01.03B01 Size: 476940MB BusType: 11
16:29:17.092 Disk 0 MBR read successfully
16:29:17.108 Disk 0 MBR scan
16:29:17.108 Disk 0 Windows 7 default MBR code
16:29:17.108 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 461602 MB offset 63
16:29:17.154 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 15335 MB offset 945360990
16:29:17.232 Disk 0 scanning C:\Windows\system32\drivers
16:29:23.254 Service scanning
16:29:32.052 Modules scanning
16:29:32.052 Disk 0 trace - called modules:
16:29:32.084 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
16:29:32.084 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004861380]
16:29:32.099 3 CLASSPNP.SYS[fffff8800199d43f] -> nt!IofCallDriver -> [0xfffffa80046ad290]
16:29:32.099 5 ACPI.sys[fffff88000d577a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80046f31f0]
16:29:32.864 AVAST engine scan C:\Windows
16:29:35.204 AVAST engine scan C:\Windows\system32
16:30:55.512 AVAST engine scan C:\Windows\system32\drivers
16:31:01.831 AVAST engine scan C:\Users\Barreto
16:31:29.583 Disk 0 MBR has been saved successfully to "C:\Users\Barreto\Desktop\MBR.dat"
16:31:29.599 The log file has been saved successfully to "C:\Users\Barreto\Desktop\aswMBR.txt"
Nahoru
Zamčeno

Zpět na “HiJackThis”

Kdo je online

Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 116 hostů