Proces PING.EXE – 100% vytížení procesoru

[Koky999]

Zdravím.

Dnes jsem si náhodou všiml, že procesor je neustále vytížený na 100%. Začal jsem tedy pátrat, v čem je problém. Našel jsem proces PING.EXE, který jej vytěžuje na 100%. Samozřejmě nic takového běžet. Pokud proces odstřelím, po chvíli se spustí znovu. Má jej tedy něco na vědomí. Sám jsem nenašel příčinu. Zkoušel jsem ESET Online Scanner a nic. Navíc PING.exe nedělá nic, pak zase začne zatěžovat systém na 100 % (teď ho alespoň škrtím na jedno jádro, tedy pouze 25 % celého CPU). V logu z RSIT však není.

Předem děkuji za pomoc.

P.S.: Ignorujte prosím volné místo na disku C, to je můj vlastní problém.

Zde je log z RSIT:

Logfile of random's system information tool 1.09 (written by random/random)
Run by Koky at 2011-09-27 18:02:01
Microsoft Windows 7 Ultimate
System drive C: has 75 MB (0%) free of 41 GB
Total RAM: 3063 MB (28% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:02:13, on 27.9.2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16839)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\MSI Afterburner\MSIAfterburner.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files\VMware\VMware Workstation\vmware-tray.exe
C:\Program Files\Logitech\Gaming Software\LWEMon.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe
D:\Steam\steam.exe
C:\Program Files\GRemote Pro\GRemoteServer.exe
C:\Program Files\QIP 2010\qip.exe
C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\GmoteServer\GmoteServer.exe
C:\Program Files\TweetDeck\TweetDeck.exe
C:\Program Files\Microsoft Garage\Mouse without Borders\DDHelper.exe
C:\Program Files\AIDA64 Extreme Edition\aida64.exe
C:\Program Files\Java\jre6\bin\javaw.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Windows\system32\taskmgr.exe
C:\Users\Koky\Desktop\RSIT.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\trend micro\Koky.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:55273
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F3 - REG:win.ini: load=C:\Users\Koky\AppData\Local\Temp\csrss.exe
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MIF5BA~1\Office14\GROOVEEX.DLL
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MIF5BA~1\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [NUSB3MON] "C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
O4 - HKLM\..\Run: [vmware-tray] "C:\Program Files\VMware\VMware Workstation\vmware-tray.exe"
O4 - HKLM\..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui
O4 - HKLM\..\Run: [Nikon Message Center 2] C:\Program Files\Nikon\Nikon Message Center 2\NkMC2.exe -s
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [conhost] C:\Users\Koky\AppData\Roaming\Microsoft\conhost.exe
O4 - HKCU\..\Run: [Steam] "D:\Steam\steam.exe" -silent
O4 - HKCU\..\Run: [PC Remote Controller] C:\Program Files\PC Remote Controller\PC Remote Controller.exe
O4 - HKCU\..\Run: [GRemoteServer Pro] C:\Program Files\GRemote Pro\GRemoteServer.exe
O4 - HKCU\..\Run: [Infium] "C:\Program Files\QIP 2010\qip.exe" /autorun
O4 - HKCU\..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
O4 - HKCU\..\Run: [KiesPDLR] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
O4 - HKCU\..\Run: [KiesHelper] C:\Program Files\Samsung\Kies\KiesHelper.exe /s
O4 - HKCU\..\Run: [default drivers checker] %TEMP%\rhgpv.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-3131825473-1351495870-3026366775-1005\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-3131825473-1351495870-3026366775-1005\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
O4 - Startup: GmoteServer.lnk = C:\Program Files\GmoteServer\GmoteServer.exe
O4 - Startup: HALpro.lnk = ?
O4 - Startup: TweetDeck.lnk = C:\Program Files\TweetDeck\TweetDeck.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MIF5BA~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://C:\PROGRA~1\MIF5BA~1\Office14\ONBttnIE.dll/105
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\vmware\vmware workstation\vsocklib.dll
O10 - Unknown file in Winsock LSP: c:\program files\vmware\vmware workstation\vsocklib.dll
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} (JuniperSetupClientControl Class) - https://sslvpn.cez.cz/dana-cached/sc/Ju ... Client.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Acronis OS Selector Reinstall Service (AcronisOSSReinstallSvc) - Unknown owner - C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall_svc.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: AppleChargerSrv - Unknown owner - C:\Windows\system32\AppleChargerSrv.exe
O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - Firebird Project - C:\Program Files\Firebird\Firebird_2_5\bin\fbguard.exe
O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - Firebird Project - C:\Program Files\Firebird\Firebird_2_5\bin\fbserver.exe
O23 - Service: FsUsbExService - Teruten - C:\Windows\system32\FsUsbExService.Exe
O23 - Service: Futuremark SystemInfo Service - Futuremark Corporation - C:\Program Files\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Nalpeiron Licensing Service (nlsX86cc) - Nalpeiron Ltd. - C:\Windows\system32\nlssrv32.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Samsung AllShare PC Service (SamsungAllShare) - Unknown owner - C:\Program Files\Samsung\AllShare\AllShareDMS\WiselinkPro.exe (file missing)
O23 - Service: SimpleSlideShowServer - Unknown owner - C:\Program Files\Samsung\AllShare\AllShareSlideShowService.exe (file missing)
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: TeamViewer 6 (TeamViewer6) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-ufad.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\Windows\system32\vmnetdhcp.exe
O23 - Service: VMware USB Arbitration Service (VMUSBArbService) - VMware, Inc. - C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\Windows\system32\vmnat.exe
O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.17\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.5.8\bin\mysqld.exe

--
End of file - 11470 bytes

======Scheduled tasks folder======

C:\Windows\tasks\AutoKMS.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

=========Mozilla firefox=========

ProfilePath - C:\Users\Koky\AppData\Roaming\Mozilla\Firefox\Profiles\phxgzdhd.default

prefs.js - "browser.startup.homepage" - "http://pctuning.tyden.cz/"
prefs.js - "extensions.enabledItems" - "{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}:6.0.16, {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}:6.0.17, {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}:6.0.19, {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20, {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21, {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22, {ea614400-e918-4741-9a97-7a972ff7c30b}:2.1.14, {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.4, {1280606b-2510-4fe0-97ef-9b5a22eafe30}:0.7.5, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.16"

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Google.com/GoogleEarthPlugin]
"Description"=Google Earth in your browser
"Path"=C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=C:\Windows\system32\Wat\npWatWeb.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=C:\PROGRA~1\MIF5BA~1\Office14\NPAUTHZ.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\PROGRA~1\MIF5BA~1\Office14\NPSPWRAP.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@nvidia.com/3DVision]
"Description"=NVIDIA stereo images plugin for Mozilla browsers
"Path"=C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@nvidia.com/3DVisionStreaming]
"Description"=NVIDIA 3D Vision Streaming plugin for Mozilla browsers
"Path"=C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}
{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}

C:\Program Files\Mozilla Firefox\components\
binary.manifest
browsercomps.dll
nsIQTScriptablePlugin.xpt

C:\Program Files\Mozilla Firefox\plugins\
np-mswmp.dll
npqtplugin.dll
npqtplugin2.dll
npqtplugin3.dll
npqtplugin4.dll
npqtplugin5.dll
npqtplugin6.dll
npqtplugin7.dll
QuickTimePlugin.class
WMP Firefox Plugin License.rtf
WMP Firefox Plugin RelNotes.txt

C:\Program Files\Mozilla Firefox\searchplugins\
google.xml
heureka-cz.xml
jyxo-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml

C:\Users\Koky\AppData\Roaming\Mozilla\Firefox\Profiles\phxgzdhd.default\extensions\
battlefieldplay4free@ea.com
{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
{ea614400-e918-4741-9a97-7a972ff7c30b}

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MIF5BA~1\Office14\GROOVEEX.DLL [2011-06-12 4221328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18 403840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Browser Helper - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2011-05-16 1164680]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MIF5BA~1\Office14\URLREDIR.DLL [2010-02-28 561552]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-04-30 41760]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [2010-03-26 8546848]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2010-11-30 281768]
"BCSSync"=C:\Program Files\Microsoft Office\Office14\BCSSync.exe [2010-03-13 91520]
"NUSB3MON"=C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [2010-11-17 113288]
"vmware-tray"=C:\Program Files\VMware\VMware Workstation\vmware-tray.exe [2010-01-22 129584]
"Start WingMan Profiler"=C:\Program Files\Logitech\Gaming Software\LWEMon.exe [2009-01-21 92168]
"Nikon Message Center 2"=C:\Program Files\Nikon\Nikon Message Center 2\NkMC2.exe [2010-05-25 619008]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2011-01-07 253672]
"LogMeIn Hamachi Ui"=C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe [2011-08-04 1955208]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-11-10 417792]
"conhost"=C:\Users\Koky\AppData\Roaming\Microsoft\conhost.exe []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Steam"=D:\Steam\steam.exe [2011-08-02 1242448]
"PC Remote Controller"=C:\Program Files\PC Remote Controller\PC Remote Controller.exe [2011-01-26 135680]
"GRemoteServer Pro"=C:\Program Files\GRemote Pro\GRemoteServer.exe [2010-10-18 2641888]
"Infium"=C:\Program Files\QIP 2010\qip.exe [2011-05-10 6789504]
"KiesTrayAgent"=C:\Program Files\Samsung\Kies\KiesTrayAgent.exe [2011-09-21 3508112]
"KiesPDLR"=C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [2011-09-21 20880]
"KiesHelper"=C:\Program Files\Samsung\Kies\KiesHelper.exe [2011-09-21 929680]
"default drivers checker"=C:\Users\Koky\AppData\Local\Temp\rhgpv.exe []

C:\Users\Koky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
GmoteServer.lnk - C:\Program Files\GmoteServer\GmoteServer.exe
HALpro.lnk - D:\HALpro.exe
TweetDeck.lnk - C:\Program Files\TweetDeck\TweetDeck.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MIF5BA~1\Office14\GROOVEEX.DLL [2011-06-12 4221328]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Hamachi2Svc]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=255

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"msacm.ac3filter"=ac3filter.acm
"VIDC.FPS1"=frapsvid.dll
"VIDC.RTV1"=rtvcvfw32.dll
"VIDC.VMnc"=vmnc.dll
"MSVideo8"=VfWWDM32.dll
"vidc.XVID"=xvidvfw.dll
"VIDC.IV41"=IR41_32.AX
"msacm.voxacm160"=vct3216.acm
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"aux2"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"aux3"=wdmaud.drv
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv
"aux4"=wdmaud.drv
"VIDC.mcsv"=prodad-mercalli-10-codec.dll

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - "C:\Program Files\Adobe\Adobe Dreamweaver CS5\Dreamweaver.exe","%1"
.vbs - open - %SystemRoot%\System32\CScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2011-09-27 18:02:03 ----D---- C:\Program Files\trend micro
2011-09-27 18:02:01 ----D---- C:\rsit
2011-09-27 15:19:12 ----D---- C:\Program Files\ESET
2011-09-22 18:42:35 ----A---- C:\AILog.txt
2011-09-16 18:41:53 ----D---- C:\Users\Koky\AppData\Roaming\proDAD
2011-09-16 18:41:41 ----A---- C:\Windows\system32\prodad-mercalli-10-codec.dll
2011-09-16 18:24:57 ----D---- C:\Program Files\Sony
2011-09-16 17:42:30 ----D---- C:\Program Files\Apple Software Update
2011-09-16 12:40:16 ----D---- C:\Program Files\Microsoft Garage
2011-09-14 18:37:09 ----A---- C:\Windows\system32\drivers\VBoxDrv.sys
2011-09-14 18:37:05 ----A---- C:\Windows\system32\drivers\VBoxUSBMon.sys
2011-09-14 18:37:04 ----D---- C:\Program Files\VirtualBox
2011-09-06 16:24:18 ----D---- C:\Users\Koky\AppData\Roaming\AdobeMuse
2011-09-06 15:57:38 ----D---- C:\Program Files\KaraFun
2011-09-06 11:48:19 ----D---- C:\ProgramData\Recisio
2011-09-06 11:48:19 ----D---- C:\Program Files\KaraFun Player
2011-09-05 14:48:25 ----D---- C:\ProgramData\Banamalon
2011-09-05 14:47:58 ----D---- C:\Program Files\Windows Remote Service
2011-09-05 14:11:08 ----D---- C:\Program Files\Winamp
2011-09-04 13:02:43 ----D---- C:\wamp
2011-09-02 15:23:00 ----D---- C:\Program Files\LogMeIn Hamachi
2011-08-30 20:22:27 ----D---- C:\Program Files\Subtitle Workshop 2.5
2011-08-28 14:54:39 ----A---- C:\Windows\system32\OpenCL.dll
2011-08-28 14:54:38 ----A---- C:\Windows\system32\nvoglv32.dll
2011-08-28 14:54:37 ----A---- C:\Windows\system32\drivers\nvlddmkm.sys
2011-08-28 14:54:36 ----A---- C:\Windows\system32\nvcuvid.dll
2011-08-28 14:54:36 ----A---- C:\Windows\system32\nvcuvenc.dll
2011-08-28 14:54:36 ----A---- C:\Windows\system32\nvcuda.dll
2011-08-28 14:54:35 ----A---- C:\Windows\system32\nvcompiler.dll
2011-08-28 14:47:35 ----A---- C:\Windows\system32\nvsvcr.dll
2011-08-28 14:47:35 ----A---- C:\Windows\system32\nvsvc.dll
2011-08-28 14:47:35 ----A---- C:\Windows\system32\nvshext.dll
2011-08-28 14:47:35 ----A---- C:\Windows\system32\nvmctray.dll
2011-08-28 14:47:35 ----A---- C:\Windows\system32\nvcpl.dll
2011-08-28 14:43:53 ----A---- C:\Windows\system32\nvgenco32.dll
2011-08-28 14:43:53 ----A---- C:\Windows\system32\nvdispco32.dll

======List of files/folders modified in the last 1 month======

2011-09-27 18:02:05 ----D---- C:\Windows\Temp
2011-09-27 18:02:03 ----RD---- C:\Program Files
2011-09-27 17:55:07 ----AD---- C:\Windows
2011-09-27 15:34:34 ----D---- C:\ProgramData\VMware
2011-09-27 15:34:27 ----D---- C:\ProgramData\NVIDIA
2011-09-27 15:26:36 ----SD---- C:\Users\Koky\AppData\Roaming\Microsoft
2011-09-27 15:15:57 ----D---- C:\Windows\system32\config
2011-09-27 15:13:02 ----D---- C:\Windows\Prefetch
2011-09-27 15:10:18 ----D---- C:\Program Files\GmoteServer
2011-09-27 14:46:26 ----D---- C:\Windows\system32\drivers\etc
2011-09-25 19:37:42 ----D---- C:\Users\Koky\AppData\Roaming\Media Player Classic
2011-09-22 18:36:22 ----D---- C:\Windows\System32
2011-09-22 18:36:22 ----D---- C:\Windows\inf
2011-09-22 18:36:22 ----A---- C:\Windows\system32\PerfStringBackup.INI
2011-09-17 15:26:50 ----D---- C:\Program Files\MSI Afterburner
2011-09-16 21:23:41 ----SHD---- C:\System Volume Information
2011-09-16 19:54:09 ----SHD---- C:\Windows\Installer
2011-09-16 19:54:03 ----SHD---- C:\Config.Msi
2011-09-16 19:52:00 ----SHD---- C:\$Recycle.Bin
2011-09-16 19:51:19 ----RD---- C:\Users
2011-09-16 19:13:39 ----D---- C:\Program Files\3GP Video Converter 3
2011-09-16 18:41:40 ----D---- C:\Users\Koky\AppData\Roaming\Sony
2011-09-16 18:24:52 ----D---- C:\Windows\winsxs
2011-09-16 17:43:58 ----D---- C:\Program Files\QuickTime
2011-09-16 17:43:46 ----D---- C:\ProgramData\Apple Computer
2011-09-16 17:39:42 ----D---- C:\Windows\debug
2011-09-16 12:11:38 ----RSD---- C:\Windows\assembly
2011-09-16 12:11:38 ----D---- C:\Windows\Microsoft.NET
2011-09-16 00:18:47 ----D---- C:\ProgramData\Microsoft Help
2011-09-16 00:17:23 ----A---- C:\Windows\system32\MRT.exe
2011-09-16 00:12:45 ----D---- C:\Windows\system32\catroot
2011-09-14 21:28:32 ----D---- C:\Windows\system32\catroot2
2011-09-14 18:37:25 ----AD---- C:\Windows\system32\drivers
2011-09-14 18:37:24 ----D---- C:\Windows\system32\DriverStore
2011-09-14 18:37:09 ----DC---- C:\Windows\system32\DRVSTORE
2011-09-14 18:18:37 ----D---- C:\Users\Koky\AppData\Roaming\VMware
2011-09-10 10:02:25 ----HD---- C:\ProgramData
2011-09-08 14:03:44 ----D---- C:\Program Files\Mozilla Firefox
2011-09-06 16:24:21 ----D---- C:\ProgramData\Adobe
2011-09-06 16:24:19 ----D---- C:\Users\Koky\AppData\Roaming\Adobe
2011-09-06 16:24:13 ----D---- C:\Program Files\Adobe
2011-09-05 17:03:01 ----D---- C:\Users\Koky\AppData\Roaming\Skype
2011-09-05 14:11:11 ----D---- C:\Program Files\Common Files\PX Storage Engine
2011-08-31 19:06:49 ----D---- C:\Windows\system32\Tasks
2011-08-30 14:09:58 ----D---- C:\Users\Koky\AppData\Roaming\NVIDIA
2011-08-28 14:58:38 ----D---- C:\Program Files\NVIDIA Corporation

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 giveio;giveio; C:\Windows\system32\giveio.sys [1996-04-03 5248]
R0 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [2009-07-14 12368]
R0 PxHelp20;PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [2011-03-04 45648]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2009-07-14 173648]
R0 snapman;Acronis Snapshots Manager; C:\Windows\system32\DRIVERS\snapman.sys [2011-06-27 114048]
R0 speedfan;speedfan; C:\Windows\system32\speedfan.sys [2010-12-18 21696]
R1 AppleCharger;AppleCharger; C:\Windows\system32\DRIVERS\AppleCharger.sys [2010-04-27 19496]
R1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [2011-06-29 138192]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2009-07-14 387584]
R1 NEOFLTR_700_17289;Juniper Networks TDI Filter Driver (NEOFLTR_700_17289); \??\C:\Windows\system32\Drivers\NEOFLTR_700_17289.SYS [2010-12-16 84336]
R1 ssmdrv;ssmdrv; C:\Windows\system32\DRIVERS\ssmdrv.sys [2010-06-17 28520]
R1 VBoxDrv;VirtualBox Service; C:\Windows\system32\DRIVERS\VBoxDrv.sys [2011-08-15 158512]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver; C:\Windows\system32\DRIVERS\VBoxUSBMon.sys [2011-08-15 90928]
R1 vpcnfltr;Virtual PC Network Filter Driver; C:\Windows\system32\DRIVERS\vpcnfltr.sys [2009-09-23 55040]
R1 vpcvmm;@%SystemRoot%\system32\drivers\vpcvmm.sys,-100; C:\Windows\system32\drivers\vpcvmm.sys [2009-09-23 294912]
R2 atksgt;atksgt; C:\Windows\system32\DRIVERS\atksgt.sys [2010-12-30 281760]
R2 avgntflt;avgntflt; C:\Windows\system32\DRIVERS\avgntflt.sys [2011-06-29 66616]
R2 cpuz134;cpuz134; \??\C:\Windows\system32\drivers\cpuz134_x32.sys [2010-07-09 20328]
R2 hcmon;VMware hcmon; \??\C:\Windows\system32\drivers\hcmon.sys [2010-01-22 32304]
R2 lirsgt;lirsgt; C:\Windows\system32\DRIVERS\lirsgt.sys [2010-12-30 25888]
R2 vmci;VMware vmci; \??\C:\Windows\system32\Drivers\vmci.sys [2010-01-22 70704]
R2 VMnetBridge;VMware Bridge Protocol; C:\Windows\system32\DRIVERS\vmnetbridge.sys [2010-01-22 36400]
R2 VMnetuserif;VMware Network Application Interface; \??\C:\Windows\system32\drivers\vmnetuserif.sys [2010-01-22 26288]
R2 vmx86;VMware vmx86; \??\C:\Windows\system32\Drivers\vmx86.sys [2010-01-22 854192]
R2 vstor2-ws60;Vstor2 WS60 Virtual Storage Driver; \??\C:\Program Files\VMware\VMware Workstation\vstor2-ws60.sys [2009-10-12 22448]
R3 Afc;PPdus ASPI Shell; C:\Windows\system32\drivers\Afc.sys [2005-02-23 11776]
R3 AIDA64Driver;FinalWire AIDA64 Kernel Driver; \??\C:\Program Files\AIDA64 Extreme Edition\kerneld.x32 [2010-12-09 28312]
R3 FsUsbExDisk;FsUsbExDisk; \??\C:\Windows\system32\FsUsbExDisk.SYS [2011-01-05 42112]
R3 GRemoteBus;GRemote virtual joystick Bus Enumerator; C:\Windows\system32\DRIVERS\GRemoteBus.sys [2009-08-05 23368]
R3 GRemoteJoy;GRemote virtual joystick Device Driver; C:\Windows\system32\DRIVERS\GRemoteJoy.sys [2009-08-05 39112]
R3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2009-03-18 26176]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2010-03-26 3048096]
R3 LUsbFilt;Logitech SetPoint KMDF USB Filter; C:\Windows\System32\Drivers\LUsbFilt.Sys [2008-02-29 28944]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver; C:\Windows\system32\DRIVERS\nusb3hub.sys [2010-11-19 62208]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver; C:\Windows\system32\DRIVERS\nusb3xhc.sys [2010-11-19 141568]
R3 RTCore32;RTCore32; \??\C:\Program Files\MSI Afterburner\RTCore32.sys [2005-05-25 4608]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt86win7.sys [2010-03-04 277536]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter; C:\Windows\system32\DRIVERS\VBoxNetAdp.sys [2011-08-15 104752]
R3 VBoxNetFlt;VirtualBox Bridged Networking Service; C:\Windows\system32\DRIVERS\VBoxNetFlt.sys [2011-08-15 116016]
R3 vmkbd;VMware kbd; \??\C:\Windows\system32\drivers\VMkbd.sys [2010-01-22 23216]
R3 VMnetAdapter;VMware Virtual Ethernet Adapter Driver; C:\Windows\system32\DRIVERS\vmnetadapter.sys [2010-01-22 16560]
R3 vpcbus;Služba hostitelské sběrnice programu Virtual PC; C:\Windows\system32\DRIVERS\vpchbus.sys [2009-09-23 165376]
R3 vpcusb;Služba konektoru virtualizace rozhraní USB; C:\Windows\system32\DRIVERS\vpcusb.sys [2009-09-23 78336]
S2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
S3 AF15BDA;AF9015 BDA Device; C:\Windows\system32\DRIVERS\AF15BDA.sys [2011-05-02 483200]
S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]
S3 amdagp;AMD AGP Bus Filter Driver; C:\Windows\system32\DRIVERS\amdagp.sys [2009-07-14 53312]
S3 AmdLLD;AMD Low Level Device Driver; C:\Windows\system32\DRIVERS\AmdLLD.sys []
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver; C:\Windows\System32\Drivers\ssadadb.sys [2011-07-20 30312]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-14 229888]
S3 CEBDADTV;C&E DVB-T device; C:\Windows\system32\DRIVERS\CEBDA150.sys [2005-08-29 43264]
S3 cpuz135;cpuz135; \??\C:\Windows\TEMP\cpuz135\cpuz135_x32.sys []
S3 CrystalSysInfo;CrystalSysInfo; \??\C:\Program Files\MediaCoder\SysInfo.sys []
S3 dgderdrv;dgderdrv; C:\Windows\System32\drivers\dgderdrv.sys []
S3 DTT200ULD;DTT200U DVB-T USB receiver firmware loader; C:\Windows\System32\Drivers\DTT200ULD.sys [2005-06-22 18560]
S3 gdrv;gdrv; \??\C:\Windows\gdrv.sys []
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2009-07-14 133120]
S3 s3cap;s3cap; C:\Windows\system32\DRIVERS\vms3cap.sys [2009-07-14 5632]
S3 sisagp;SIS AGP Bus Filter; C:\Windows\system32\DRIVERS\sisagp.sys [2009-07-14 52304]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM); C:\Windows\system32\DRIVERS\ssadbus.sys [2011-07-20 121064]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter); C:\Windows\system32\DRIVERS\ssadmdfl.sys [2011-07-20 12776]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers; C:\Windows\system32\DRIVERS\ssadmdm.sys [2011-07-20 136808]
S3 sscdbus;SAMSUNG USB Composite Device driver (WDM); C:\Windows\system32\DRIVERS\sscdbus.sys [2011-07-20 104648]
S3 sscdmdfl;SAMSUNG Mobile Modem Filter; C:\Windows\system32\DRIVERS\sscdmdfl.sys [2011-07-20 14920]
S3 sscdmdm;SAMSUNG Mobile Modem Drivers; C:\Windows\system32\DRIVERS\sscdmdm.sys [2011-07-20 132424]
S3 storvsc;storvsc; C:\Windows\system32\DRIVERS\storvsc.sys [2009-07-14 28224]
S3 usb_rndisx;Adaptér USB RNDIS; C:\Windows\system32\DRIVERS\usb8023x.sys [2009-07-14 15872]
S3 Usbnic;OTi Network Driver Module; C:\Windows\system32\DRIVERS\Usbnic.sys []
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2009-07-14 35840]
S3 viaagp;VIA AGP Bus Filter; C:\Windows\system32\DRIVERS\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]
S3 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\DRIVERS\vmbus.sys [2009-07-14 175824]
S3 VMBusHID;VMBusHID; C:\Windows\system32\DRIVERS\VMBusHID.sys [2009-07-14 17920]
S3 vpcuxd;Služba zástupné procedury virtualizace rozhraní USB; C:\Windows\system32\DRIVERS\vpcuxd.sys [2009-09-23 12800]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2011-06-29 269480]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2011-04-28 136360]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance; C:\Program Files\Firebird\Firebird_2_5\bin\fbguard.exe [2010-09-17 98304]
R2 FsUsbExService;FsUsbExService; C:\Windows\system32\FsUsbExService.Exe [2011-01-05 222568]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine; C:\Program Files\LogMeIn Hamachi\hamachi-2.exe [2011-08-04 1361288]
R2 nlsX86cc;Nalpeiron Licensing Service; C:\Windows\system32\nlssrv32.exe [2009-12-01 57344]
R2 NVSvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2011-08-03 599144]
R2 nvUpdatusService;NVIDIA Update Service Daemon; C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-08-03 2255464]
R2 PnkBstrA;PnkBstrA; C:\Windows\system32\PnkBstrA.exe [2011-04-27 75136]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service; C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-03-26 378472]
R2 TeamViewer6;TeamViewer 6; C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe [2010-12-07 2228008]
R2 VMAuthdService;VMware Authorization Service; C:\Program Files\VMware\VMware Workstation\vmware-authd.exe [2010-01-22 113200]
R2 VMnetDHCP;VMware DHCP Service; C:\Windows\system32\vmnetdhcp.exe [2010-01-22 334384]
R2 VMUSBArbService;VMware USB Arbitration Service; C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe [2010-01-22 563760]
R2 VMware NAT Service;VMware NAT Service; C:\Windows\system32\vmnat.exe [2010-01-22 395824]
R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance; C:\Program Files\Firebird\Firebird_2_5\bin\fbserver.exe [2010-09-17 3735552]
R3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
S2 AcronisOSSReinstallSvc;Acronis OS Selector Reinstall Service; C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall_svc.exe [2007-03-15 2233400]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-04-30 136176]
S2 MouseWithoutBordersSvc;Mouse without Borders Service; C:\Program Files\Microsoft Garage\Mouse without Borders\MouseWithoutBordersSvc.exe [2011-08-31 17920]
S2 SimpleSlideShowServer;SimpleSlideShowServer; C:\Program Files\Samsung\AllShare\AllShareSlideShowService.exe []
S3 AppleChargerSrv;AppleChargerSrv; C:\Windows\system32\AppleChargerSrv.exe [2010-04-06 31272]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 Futuremark SystemInfo Service;Futuremark SystemInfo Service; C:\Program Files\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe [2011-01-13 129440]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-04-30 136176]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service; C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 SamsungAllShare;Samsung AllShare PC Service; C:\Program Files\Samsung\AllShare\AllShareDMS\WiselinkPro.exe []
S3 ufad-ws60;VMware Agent Service; C:\Program Files\VMware\VMware Workstation\vmware-ufad.exe [2009-10-12 191024]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 wampapache;wampapache; c:\wamp\bin\apache\apache2.2.17\bin\httpd.exe [2010-12-31 20549]
S3 wampmysqld;wampmysqld; c:\wamp\bin\mysql\mysql5.5.8\bin\mysqld.exe [2010-12-31 8133120]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2010-12-18 1343400]

-----------------EOF-----------------

[Rudy]

Váš PC je zavirován. Dejte log z ComboFix.

Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se

jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine

aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode,

pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k

nezadoucim kolizim s rezidentem antispyware

[Koky999]

Zde je log z ComboFixu

ComboFix 11-09-27.01 - Koky 27.09.2011 19:26:26.1.4 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1250.420.1029.18.3063.747 [GMT 2:00]
Spuštěný z: c:\users\Koky\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Outdated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Outdated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Koky\AppData\Local\Temp\ae201572-4813-4010-9ed2-ee29ddec066a\CliSecureRT.dll
c:\users\Koky\AppData\Local\Temp\jna782728436761540943.tmp
c:\users\Koky\AppData\Roaming\2ACC.23D
c:\windows\iun6002.exe
c:\windows\system32\AF15BDAEX.dll
c:\windows\system32\muzapp.exe
c:\windows\system32\system32
c:\windows\system32\system32\3DAudio.ax
c:\windows\system32\system32\avrt.dll
c:\windows\system32\system32\cis-2.4.dll
c:\windows\system32\system32\issacapi_bs-2.3.dll
c:\windows\system32\system32\issacapi_pe-2.3.dll
c:\windows\system32\system32\issacapi_se-2.3.dll
c:\windows\system32\system32\MACXMLProto.dll
c:\windows\system32\system32\MaDRM.dll
c:\windows\system32\system32\MaJGUILib.dll
c:\windows\system32\system32\MAMACExtract.dll
c:\windows\system32\system32\MASetupCleaner.exe
c:\windows\system32\system32\MaXMLProto.dll
c:\windows\system32\system32\mfplat.dll
c:\windows\system32\system32\MK_Lyric.dll
c:\windows\system32\system32\MSCLib.dll
c:\windows\system32\system32\MSFLib.dll
c:\windows\system32\system32\MSLUR71.dll
c:\windows\system32\system32\msvcp60.dll
c:\windows\system32\system32\MTTELECHIP.dll
c:\windows\system32\system32\MTXSYNCICON.dll
c:\windows\system32\system32\muzaf1.dll
c:\windows\system32\system32\muzapp.dll
c:\windows\system32\system32\muzapp.exe
c:\windows\system32\system32\muzdecode.ax
c:\windows\system32\system32\muzeffect.ax
c:\windows\system32\system32\muzmp4sp.ax
c:\windows\system32\system32\muzmpgsp.ax
c:\windows\system32\system32\muzoggsp.ax
c:\windows\system32\system32\muzwmts.dll
c:\windows\system32\system32\psapi.dll
c:\windows\system32\zip32.dll
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-08-27 do 2011-09-27 )))))))))))))))))))))))))))))))
.
.
2011-09-27 17:31 . 2011-09-27 17:31 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2011-09-27 17:31 . 2011-09-27 17:31 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-09-27 16:02 . 2011-09-27 16:02 -------- d-----w- c:\program files\trend micro
2011-09-27 16:02 . 2011-09-27 16:02 -------- d-----w- C:\rsit
2011-09-27 13:12 . 2011-09-27 17:33 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7D565034-B8B4-440C-8D96-631E8AAEFBBB}\offreg.dll
2011-09-27 12:18 . 2011-09-21 07:00 7269712 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7D565034-B8B4-440C-8D96-631E8AAEFBBB}\mpengine.dll
2011-09-16 17:51 . 2011-09-16 17:52 -------- d-----w- c:\users\PCTuning
2011-09-16 16:41 . 2011-09-16 16:41 -------- d-----w- c:\users\Koky\AppData\Roaming\proDAD
2011-09-16 16:41 . 2010-08-18 13:27 68096 ----a-w- c:\windows\system32\prodad-mercalli-10-codec.dll
2011-09-16 16:24 . 2011-09-16 16:24 -------- d-----w- c:\program files\Sony
2011-09-16 15:42 . 2011-09-16 15:42 -------- d-----w- c:\users\Koky\AppData\Local\Apple
2011-09-16 15:42 . 2011-09-16 15:42 -------- d-----w- c:\program files\Apple Software Update
2011-09-16 10:40 . 2011-09-16 10:40 -------- d-----w- c:\program files\Microsoft Garage
2011-09-14 16:58 . 2011-09-14 16:58 98304 ----a-r- c:\users\Koky\AppData\Roaming\Microsoft\Installer\{3577E42B-3347-4EB8-BFDA-D36E8ED3C519}\icons.exe
2011-09-14 16:37 . 2011-08-15 13:06 158512 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys
2011-09-14 16:37 . 2011-08-15 13:06 90928 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys
2011-09-14 16:37 . 2011-09-14 16:37 -------- d-----w- c:\program files\VirtualBox
2011-09-06 14:24 . 2011-09-06 14:24 -------- d-----w- c:\users\Koky\AppData\Roaming\AdobeMuse
2011-09-06 13:57 . 2011-09-06 14:13 -------- d-----w- c:\program files\KaraFun
2011-09-06 09:48 . 2011-09-06 09:48 -------- d-----w- c:\program files\KaraFun Player
2011-09-06 09:48 . 2011-09-06 09:48 -------- d-----w- c:\programdata\Recisio
2011-09-05 12:48 . 2011-09-05 12:48 -------- d-----w- c:\users\Koky\AppData\Local\Banamalon
2011-09-05 12:48 . 2011-09-05 12:48 -------- d-----w- c:\programdata\Banamalon
2011-09-05 12:47 . 2011-09-05 19:57 -------- d-----w- c:\program files\Windows Remote Service
2011-09-05 12:11 . 2011-09-05 12:20 -------- d-----w- c:\program files\Winamp
2011-09-04 11:02 . 2011-09-04 11:03 -------- d-----w- C:\wamp
2011-09-02 13:23 . 2011-09-02 13:23 -------- d-----w- c:\program files\LogMeIn Hamachi
2011-08-30 18:22 . 2011-08-30 18:28 -------- d-----w- c:\program files\Subtitle Workshop 2.5
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-15 13:06 . 2011-08-15 13:06 116016 ----a-w- c:\windows\system32\drivers\VBoxNetFlt.sys
2011-08-15 13:06 . 2011-08-15 13:06 104752 ----a-w- c:\windows\system32\drivers\VBoxNetAdp.sys
2011-08-15 13:06 . 2011-08-15 13:06 135472 ----a-w- c:\windows\system32\VBoxNetFltNobj.dll
2011-08-03 11:50 . 2011-08-28 12:54 57960 ----a-w- c:\windows\system32\OpenCL.dll
2011-08-03 11:50 . 2011-08-28 12:54 16595560 ----a-w- c:\windows\system32\nvoglv32.dll
2011-08-03 11:50 . 2011-08-28 12:54 10304104 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2011-08-03 11:50 . 2011-08-28 12:54 5404776 ----a-w- c:\windows\system32\nvcuda.dll
2011-08-03 11:50 . 2011-08-28 12:54 2391656 ----a-w- c:\windows\system32\nvcuvid.dll
2011-08-03 11:50 . 2011-08-28 12:54 2090088 ----a-w- c:\windows\system32\nvcuvenc.dll
2011-08-03 11:50 . 2011-08-28 12:54 17193576 ----a-w- c:\windows\system32\nvcompiler.dll
2011-08-03 11:50 . 2011-08-28 12:47 66664 ----a-w- c:\windows\system32\nvshext.dll
2011-08-03 11:50 . 2011-08-28 12:47 3730024 ----a-w- c:\windows\system32\nvcpl.dll
2011-08-03 11:50 . 2011-08-28 12:47 2560616 ----a-w- c:\windows\system32\nvsvcr.dll
2011-08-03 11:50 . 2011-08-28 12:47 2558568 ----a-w- c:\windows\system32\nvsvc.dll
2011-08-03 11:50 . 2011-08-28 12:47 111208 ----a-w- c:\windows\system32\nvmctray.dll
2011-08-03 11:50 . 2011-08-28 12:43 914024 ----a-w- c:\windows\system32\nvdispco32.dll
2011-08-03 11:50 . 2011-08-28 12:43 875112 ----a-w- c:\windows\system32\nvgenco32.dll
2011-08-03 11:50 . 2011-03-26 00:24 600680 ----a-w- c:\windows\system32\easyUpdatusAPIU.dll
2011-08-03 11:50 . 2011-03-26 00:24 599144 ----a-w- c:\windows\system32\nvvsvc.exe
2011-08-03 11:50 . 2010-12-16 20:50 6613096 ----a-w- c:\windows\system32\nvwgf2um.dll
2011-08-03 11:50 . 2010-12-16 20:50 12636776 ----a-w- c:\windows\system32\nvd3dum.dll
2011-08-03 11:50 . 2010-12-16 20:50 2412136 ----a-w- c:\windows\system32\nvapi.dll
2011-07-26 15:26 . 2011-01-06 20:44 4659712 ----a-w- c:\windows\system32\Redemption.dll
2011-07-26 15:26 . 2011-07-26 15:26 90112 ----a-w- c:\windows\MAMCityDownload.ocx
2011-07-26 15:26 . 2011-07-26 15:26 325552 ----a-w- c:\windows\MASetupCaller.dll
2011-07-26 15:26 . 2011-07-26 15:26 30568 ----a-w- c:\windows\MusiccityDownload.exe
2011-07-26 15:26 . 2011-08-14 18:03 821824 ----a-w- c:\windows\system32\dgderapi.dll
2011-07-22 04:56 . 2011-08-14 14:47 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-07-20 07:46 . 2011-08-15 20:29 14920 ----a-w- c:\windows\system32\drivers\sscdmdfl.sys
2011-07-20 07:46 . 2011-08-15 20:29 132424 ----a-w- c:\windows\system32\drivers\sscdmdm.sys
2011-07-20 07:46 . 2011-08-15 20:29 12616 ----a-w- c:\windows\system32\drivers\sscdcmnt.sys
2011-07-20 07:46 . 2011-08-15 20:29 12616 ----a-w- c:\windows\system32\drivers\sscdcm.sys
2011-07-20 07:46 . 2011-08-15 20:29 12488 ----a-w- c:\windows\system32\drivers\sscdwhnt.sys
2011-07-20 07:46 . 2011-08-15 20:29 12488 ----a-w- c:\windows\system32\drivers\sscdwh.sys
2011-07-20 07:46 . 2011-08-15 20:29 104648 ----a-w- c:\windows\system32\drivers\sscdbus.sys
2011-07-20 07:45 . 2011-08-15 20:29 30312 ----a-w- c:\windows\system32\drivers\ssadadb.sys
2011-07-20 07:45 . 2011-08-15 20:29 136808 ----a-w- c:\windows\system32\drivers\ssadmdm.sys
2011-07-20 07:45 . 2011-08-15 20:29 12776 ----a-w- c:\windows\system32\drivers\ssadmdfl.sys
2011-07-20 07:45 . 2011-08-15 20:29 121064 ----a-w- c:\windows\system32\drivers\ssadbus.sys
2011-07-20 07:45 . 2011-08-15 20:29 10472 ----a-w- c:\windows\system32\drivers\ssadcmnt.sys
2011-07-20 07:45 . 2011-08-15 20:29 10472 ----a-w- c:\windows\system32\drivers\ssadcm.sys
2011-07-20 07:45 . 2011-08-15 20:29 10344 ----a-w- c:\windows\system32\drivers\ssadwhnt.sys
2011-07-20 07:45 . 2011-08-15 20:29 10344 ----a-w- c:\windows\system32\drivers\ssadwh.sys
2011-07-16 16:35 . 2011-05-16 09:10 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-16 04:37 . 2011-08-14 14:47 169984 ----a-w- c:\windows\system32\winsrv.dll
2011-07-16 04:34 . 2011-08-14 14:47 290816 ----a-w- c:\windows\system32\KernelBase.dll
2011-07-16 04:31 . 2011-08-14 14:47 271360 ----a-w- c:\windows\system32\conhost.exe
2011-07-16 04:19 . 2011-08-14 14:47 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2011-07-16 04:19 . 2011-08-14 14:47 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2011-07-16 04:19 . 2011-08-14 14:47 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2011-07-16 04:19 . 2011-08-14 14:47 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2011-07-16 04:19 . 2011-08-14 14:47 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2011-07-16 04:19 . 2011-08-14 14:47 4096 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2011-07-16 04:19 . 2011-08-14 14:47 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2011-07-16 04:19 . 2011-08-14 14:47 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2011-07-16 04:19 . 2011-08-14 14:47 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2011-07-16 04:19 . 2011-08-14 14:47 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2011-07-16 04:19 . 2011-08-14 14:47 3072 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2011-07-16 04:19 . 2011-08-14 14:47 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2011-07-16 04:19 . 2011-08-14 14:47 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2011-07-16 04:19 . 2011-08-14 14:47 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2011-07-16 04:19 . 2011-08-14 14:47 3584 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2011-07-16 04:19 . 2011-08-14 14:47 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2011-07-16 04:19 . 2011-08-14 14:47 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2011-07-16 04:19 . 2011-08-14 14:47 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2011-07-16 04:19 . 2011-08-14 14:47 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2011-07-16 04:19 . 2011-08-14 14:47 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2011-07-16 04:19 . 2011-08-14 14:47 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2011-07-16 04:19 . 2011-08-14 14:47 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2011-07-16 04:19 . 2011-08-14 14:47 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2011-07-16 04:19 . 2011-08-14 14:47 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2011-07-16 02:21 . 2011-08-14 14:47 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2011-07-16 02:21 . 2011-08-14 14:47 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-16 02:21 . 2011-08-14 14:47 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2011-07-16 02:21 . 2011-08-14 14:47 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2011-07-09 04:30 . 2011-08-24 07:43 2048 ----a-w- c:\windows\system32\tzres.dll
2011-07-09 02:26 . 2011-08-14 14:47 222720 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2005-09-14 09:58 . 2005-09-09 11:08 20480 ----a-w- c:\program files\Common Files\UninstallDrv.exe
2011-09-08 12:03 . 2011-03-24 14:31 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Koky\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Koky\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Koky\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Koky\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="d:\steam\steam.exe" [2011-08-02 1242448]
"PC Remote Controller"="c:\program files\PC Remote Controller\PC Remote Controller.exe" [2011-01-26 135680]
"GRemoteServer Pro"="c:\program files\GRemote Pro\GRemoteServer.exe" [2010-10-18 2641888]
"Infium"="c:\program files\QIP 2010\qip.exe" [2011-05-10 6789504]
"KiesTrayAgent"="c:\program files\Samsung\Kies\KiesTrayAgent.exe" [2011-09-21 3508112]
"KiesPDLR"="c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2011-09-21 20880]
"KiesHelper"="c:\program files\Samsung\Kies\KiesHelper.exe" [2011-09-21 929680]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-03-26 8546848]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-30 281768]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"NUSB3MON"="c:\program files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
"vmware-tray"="c:\program files\VMware\VMware Workstation\vmware-tray.exe" [2010-01-22 129584]
"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2009-01-21 92168]
"Nikon Message Center 2"="c:\program files\Nikon\Nikon Message Center 2\NkMC2.exe" [2010-05-25 619008]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-01-07 253672]
"LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2011-08-04 1955208]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-10 417792]
.
c:\users\Koky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
GmoteServer.lnk - c:\program files\GmoteServer\GmoteServer.exe [2011-5-21 451584]
HALpro.lnk - D:\HALpro.exe [N/A]
TweetDeck.lnk - c:\program files\TweetDeck\TweetDeck.exe [2011-7-28 142848]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"DisableCAD"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux4"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-04-30 136176]
R2 MouseWithoutBordersSvc;Mouse without Borders Service;c:\program files\Microsoft Garage\Mouse without Borders\MouseWithoutBordersSvc.exe [2011-08-31 17920]
R2 SimpleSlideShowServer;SimpleSlideShowServer;c:\program files\Samsung\AllShare\AllShareSlideShowService.exe [x]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [2011-07-20 30312]
R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe [2010-04-06 31272]
R3 CEBDADTV;C&E DVB-T device;c:\windows\system32\DRIVERS\CEBDA150.sys [2005-08-29 43264]
R3 cpuz135;cpuz135;c:\windows\TEMP\cpuz135\cpuz135_x32.sys [x]
R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [x]
R3 DTT200ULD;DTT200U DVB-T USB receiver firmware loader;c:\windows\system32\Drivers\DTT200ULD.sys [2005-06-22 18560]
R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe [2011-01-13 129440]
R3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-04-30 136176]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
R3 SamsungAllShare;Samsung AllShare PC Service;c:\program files\Samsung\AllShare\AllShareDMS\WiselinkPro.exe [x]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2011-07-20 121064]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2011-07-20 12776]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2011-07-20 136808]
R3 Usbnic;OTi Network Driver Module;c:\windows\system32\DRIVERS\Usbnic.sys [x]
R3 vpcuxd;Služba zástupné procedury virtualizace rozhraní USB;c:\windows\system32\DRIVERS\vpcuxd.sys [2009-09-23 12800]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2010-12-18 1343400]
S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys [2010-04-27 19496]
S1 NEOFLTR_700_17289;Juniper Networks TDI Filter Driver (NEOFLTR_700_17289);c:\windows\system32\Drivers\NEOFLTR_700_17289.SYS [2010-12-16 84336]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [2011-08-15 158512]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [2011-08-15 90928]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-04-28 136360]
S2 cpuz134;cpuz134;c:\windows\system32\drivers\cpuz134_x32.sys [2010-07-09 20328]
S2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\program files\Firebird\Firebird_2_5\bin\fbguard.exe [2010-09-17 98304]
S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2011-01-05 222568]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [2011-08-04 1361288]
S2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\system32\nlssrv32.exe [2009-12-01 57344]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-08-03 2255464]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-03-25 378472]
S2 TeamViewer6;TeamViewer 6;c:\program files\TeamViewer\Version6\TeamViewer_Service.exe [2010-12-07 2228008]
S2 vmci;VMware vmci;c:\windows\system32\Drivers\vmci.sys [2010-01-22 70704]
S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files\Common Files\VMware\USB\vmware-usbarbitrator.exe [2010-01-22 563760]
S3 AIDA64Driver;FinalWire AIDA64 Kernel Driver;c:\program files\AIDA64 Extreme Edition\kerneld.x32 [2010-12-09 28312]
S3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files\Firebird\Firebird_2_5\bin\fbserver.exe [2010-09-17 3735552]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2011-01-05 42112]
S3 GRemoteBus;GRemote virtual joystick Bus Enumerator;c:\windows\system32\DRIVERS\GRemoteBus.sys [2009-08-05 23368]
S3 GRemoteJoy;GRemote virtual joystick Device Driver;c:\windows\system32\DRIVERS\GRemoteJoy.sys [2009-08-05 39112]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-11-19 62208]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-11-19 141568]
S3 RTCore32;RTCore32;c:\program files\MSI Afterburner\RTCore32.sys [2005-05-25 4608]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2010-03-04 277536]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2011-08-15 104752]
S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [2011-08-15 116016]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - AIDA64DRIVER
.
Obsah adresáře 'Naplánované úlohy'
.
2011-09-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-16 20:51]
.
2011-09-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-16 20:51]
.
.
------- Doplňkový sken -------
.
uInternet Settings,ProxyServer = http=127.0.0.1:55273
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MIF5BA~1\Office14\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~1\MIF5BA~1\Office14\ONBttnIE.dll/105
LSP: c:\program files\VMware\VMware Workstation\vsocklib.dll
FF - ProfilePath - c:\users\Koky\AppData\Roaming\Mozilla\Firefox\Profiles\phxgzdhd.default\
FF - prefs.js: browser.startup.homepage - hxxp://pctuning.tyden.cz/
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 55273
FF - prefs.js: network.proxy.type - 0
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
HKCU-Run-default drivers checker - c:\users\Koky\AppData\Local\Temp\rhgpv.exe
AddRemove-AndreaMosaicVersion3 - c:\windows\iun6002.exe
AddRemove-DTV_1.0 - c:\windows\iun6002.exe
AddRemove-PunkBusterSvc - d:\battlefield play4free\pbsvc_p4f.exe
AddRemove-01_Simmental - c:\program files\SAMSUNG\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - c:\program files\SAMSUNG\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - c:\program files\SAMSUNG\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - c:\program files\SAMSUNG\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-05_Sloan - c:\program files\SAMSUNG\USB Drivers\05_Sloan\Uninstall.exe
AddRemove-06_Spencer - c:\program files\SAMSUNG\USB Drivers\06_Spencer\Uninstall.exe
AddRemove-07_Schorl - c:\program files\SAMSUNG\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-08_EMPChipset - c:\program files\SAMSUNG\USB Drivers\08_EMPChipset\Uninstall.exe
AddRemove-09_Hsp - c:\program files\SAMSUNG\USB Drivers\09_Hsp\Uninstall.exe
AddRemove-11_HSP_Plus_Default - c:\program files\SAMSUNG\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
AddRemove-16_Shrewsbury - c:\program files\SAMSUNG\USB Drivers\16_Shrewsbury\Uninstall.exe
AddRemove-17_EMP_Chipset2 - c:\program files\SAMSUNG\USB Drivers\17_EMP_Chipset2\Uninstall.exe
AddRemove-18_Zinia_Serial_Driver - c:\program files\SAMSUNG\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe
AddRemove-19_VIA_driver - c:\program files\SAMSUNG\USB Drivers\19_VIA_driver\Uninstall.exe
AddRemove-20_NXP_Driver - c:\program files\SAMSUNG\USB Drivers\20_NXP_Driver\Uninstall.exe
AddRemove-21_Searsburg - c:\program files\SAMSUNG\USB Drivers\21_Searsburg\Uninstall.exe
AddRemove-22_WiBro_WiMAX - c:\program files\SAMSUNG\USB Drivers\22_WiBro_WiMAX\Uninstall.exe
AddRemove-24_flashusbdriver - c:\program files\SAMSUNG\USB Drivers\24_flashusbdriver\Uninstall.exe
AddRemove-25_escape - c:\program files\SAMSUNG\USB Drivers\25_escape\Uninstall.exe
AddRemove-26_VIA_driver2 - c:\program files\SAMSUNG\USB Drivers\26_VIA_driver2\Uninstall.exe
AddRemove-ImTOO Music CD Burner 6 - c:\program files\ImTOO\Music CD Burner 6\Uninstall.exe
.
.
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'Explorer.exe'(1364)
c:\users\Koky\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
c:\program files\WinSCP\DragExt.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\NVIDIA Corporation\Display\nvxdsync.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\conhost.exe
c:\program files\Microsoft Garage\Mouse without Borders\MouseWithoutBorders.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\MSI Afterburner\MSIAfterburner.exe
c:\program files\Microsoft Garage\Mouse without Borders\MouseWithoutBorders.exe
c:\windows\system32\vmnat.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\VMware\VMware Workstation\vmware-authd.exe
c:\windows\system32\conhost.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\vmnetdhcp.exe
c:\program files\AIDA64 Extreme Edition\aida64.exe
c:\program files\Microsoft Garage\Mouse without Borders\DDHelper.exe
c:\program files\Java\jre6\bin\javaw.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\sppsvc.exe
c:\windows\system32\taskmgr.exe
c:\windows\System32\ping.exe
c:\windows\system32\conhost.exe
.
**************************************************************************
.
Celkový čas: 2011-09-27 19:40:10 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-09-27 17:40
.
Před spuštěním: 63 168 512
Po spuštění: 63 733 760
.
- - End Of File - - EAB4D9D6E9191E5EE49C04045FBEBF1D

[Rudy]

CF nákazu smazal, zbytek logu vypadá čistý. Nastala nějaká změna?

[Koky999]

Ne. Po restartu se opět proces PING.EXE se zatížením celého procesoru spustil.

[Rudy]

Podívejte se do Taskmanageru (Ctrl>Alt>Del), kde se proces ping.exe nachází. Jestli v system32, je regulérní.

[Koky999]

Ano, spouští se ze System32. Musí to být nějaký vir, který jej spouští s nějakými parametry.

[Rudy]

Šmejdy, které byly v systému odstranil ComboFix. Podívejte se přes Startmenu>přík řádek>(napsat) msconfig>OK, záložky služby a po spuštění, zda se tam nachází. V případě, že ano, zakažte jeho spouštění odstraněním zatržítka. Uložet, zavřete a restartujte PC.

[Koky999]

V MSconfigu jsem nic nenašel. Nakonec jsem ještě někde našel radu použít TDSSKiller.exe. Zkusil jsem ho tedy a nalezl problém, který odstranil. Po restartu se zdá být problém vyřešen.

Děkuji mockrát za pomoc.

[Rudy]

Ano, to je možné, že jste měl TDLrootkit. Pokud ho TDSSKiller opravdu odstranil, je to OK:

[rel7]

tak jsem měl stejný problém a vyzkoušel jsem msconfig (nic jsem nenašel) tak TDSSKiller (taky nic nenašel) až při použití ComboFix to konečně zabralo, sice se soubor Ping.exe pořád nachází a nejde smazat (důvod proč píšu) v System32 ale už se nespouští a nevytěžuju CPU
a ted k tomu problému, chci se zeptat jak takovéto souboty smazat? (ping.exe) když to zkusím tak mi to napíše abych se obrátil na TrustedInstaller aby mi byly přiděleny příslušné oprávnění, neví někdo co s tím?
předem děkuji za každou radu

[Rudy]

2rel7: Založte si, prosím, vlastní topic. Děkujeme.