Security Shield

Zpráva

nejep · #1 Příspěvek od **nejep** » 04 dub 2012 00:11

Dobrý den,
prosím o kontrolu logu po odstranění spyware Security Shield. Ten byl odstraněn Nodem, teda alespoň doufám - již neběží na pozadí a neotravují všelijaká planná varování.

Děkuji.

Zde log z RSIT:

Logfile of random's system information tool 1.09 (written by random/random)
Run by KAREL at 2012-04-04 01:00:08
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 53 GB (65%) free of 82 GB
Total RAM: 3037 MB (65% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 1:00:49, on 4.4.2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\System Control Manager\MGSysCtrl.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Classic Start Menu\ClassicStartMenu.exe
D:\Karel\QuietHDD\quietHDD.exe
C:\Program Files\Elantech\ETDCtrlHelper.exe
C:\windows\system32\wbem\unsecapp.exe
D:\RSIT.exe
C:\Program Files\trend micro\KAREL.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O1 - Hosts: ˙ţ127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Pomocník pro přihlášení ke službě Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: MegaIEMn - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [BTMTrayAgent] rundll32.exe "C:\Program Files\Motorola\Bluetooth\btmshell.dll",TrayApp
O4 - HKLM\..\Run: [MGSysCtrl] C:\Program Files\System Control Manager\MGSysCtrl.exe
O4 - HKLM\..\Run: [ETDWare] %ProgramFiles%\Elantech\ETDCtrl.exe
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKLM\..\Run: [HotKeysCmds] C:\windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [pdfFactory Pro Dispatcher v3] "C:\windows\system32\spool\DRIVERS\W32X86\3\fppdis3a.exe" /source=HKLM
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [ClassicStartMenu] C:\Program Files\Classic Start Menu\ClassicStartMenu.exe
O4 - Startup: quietHDD – zástupce.lnk = D:\Karel\QuietHDD\quietHDD.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Přidat na blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Přidat na blog Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/s ... wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E256BE53-440F-4382-832B-D8395A83F958}: NameServer = 192.168.2.1
O23 - Service: AMD External Events Utility - AMD - C:\windows\system32\atiesrxx.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Bluetooth Device Manager - Motorola, Inc. - C:\Program Files\Motorola\Bluetooth\devmgrsrv.exe
O23 - Service: Bluetooth Media Service - Motorola, Inc. - C:\Program Files\Motorola\Bluetooth\audiosrv.exe
O23 - Service: Bluetooth OBEX Service - Motorola, Inc. - C:\Program Files\Motorola\Bluetooth\obexsrv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Connectify - Connectify - C:\Program Files\Connectify\Connectifyd.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Micro Star SCM - Micro-Star International Co., Ltd. - C:\Program Files\System Control Manager\MSIService.exe
O23 - Service: Ralink Registry Writer (RalinkRegistryWriter) - Ralink Technology, Corp. - C:\Program Files\ZyXEL\NWD2105\Common\RaRegistry.exe
O23 - Service: Aktivátor Správce výběru OS Acronis (Správce výběru OS) - Unknown owner - C:\Program Files\Acronis\DiskDirector\OSS\reinstall_svc.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

--
End of file - 6267 bytes

=========Mozilla firefox=========

ProfilePath - C:\Users\KAREL\AppData\Roaming\Mozilla\Firefox\Profiles\ixftlnai.default

prefs.js - "browser.search.useDBForOrder" - true
prefs.js - "browser.startup.homepage" - "http://www.seznam.cz/"
prefs.js - "extensions.enabledItems" - "noia2_option@kk.noia:3.76, {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.10, {1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}:4.1.3.1, {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.28, {9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e}:3.76"

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\windows\system32\Macromed\Flash\NPSWF32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Apple.com/iTunes,version=]
"Description"=iTunes Detector Plug-in
"Path"=

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Apple.com/iTunes,version=1.0]
"Description"=
"Path"=C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Google.com/GoogleEarthPlugin]
"Description"=Google Earth in your browser
"Path"=C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@pandonetworks.com/PandoWebPlugin]
"Description"=This plugin detects and launches Pando Media Booster
"Path"=C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}
{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}

C:\Program Files\Mozilla Firefox\components\
browser.xpt
browserdirprovider.dll
brwsrcmp.dll
components.list
FeedConverter.js
FeedProcessor.js
FeedWriter.js
fuelApplication.js
GPSDGeolocationProvider.js
jsconsole-clhandler.js
NetworkGeolocationProvider.js
npww.xpt
nsAddonRepository.js
nsBadCertHandler.js
nsBlocklistService.js
nsBrowserContentHandler.js
nsBrowserGlue.js
nsContentDispatchChooser.js
nsContentPrefService.js
nsDefaultCLH.js
nsDownloadManagerUI.js
nsExtensionManager.js
nsFormAutoComplete.js
nsHandlerService.js
nsHelperAppDlg.js
nsINIProcessor.js
nsIQTScriptablePlugin.xpt
nsLivemarkService.js
nsLoginInfo.js
nsLoginManager.js
nsLoginManagerPrompter.js
nsMicrosummaryService.js
nsPlacesAutoComplete.js
nsPlacesDBFlush.js
nsPlacesTransactionsService.js
nsPrivateBrowsingService.js
nsProxyAutoConfig.js
nsSafebrowsingApplication.js
nsSearchService.js
nsSearchSuggestions.js
nsSessionStartup.js
nsSessionStore.js
nsSetDefaultBrowser.js
nsSidebar.js
nsTaggingService.js
nsTryToClose.js
nsUpdateService.js
nsUpdateServiceStub.js
nsUpdateTimerManager.js
nsUrlClassifierLib.js
nsUrlClassifierListManager.js
nsURLFormatter.js
nsWebHandlerApp.js
pluginGlue.js
storage-Legacy.js
storage-mozStorage.js
txEXSLTRegExFunctions.js
WebContentConverter.js

C:\Program Files\Mozilla Firefox\plugins\
npdeployJava1.dll
npnul32.dll
NPOFF12.DLL
nppdf32.dll
npqtplugin.dll
npqtplugin2.dll
npqtplugin3.dll
npqtplugin4.dll
npqtplugin5.dll
npqtplugin6.dll
npqtplugin7.dll
npwachk.dll
npww.dll
QuickTimePlugin.class

C:\Program Files\Mozilla Firefox\searchplugins\
google.xml
jyxo-cz.xml
mall-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml

C:\Users\KAREL\AppData\Roaming\Mozilla\Firefox\Profiles\ixftlnai.default\extensions\
noia2_option@kk.noia
{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}
{9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e}
{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}

C:\Users\KAREL\AppData\Roaming\Mozilla\Firefox\Profiles\ixftlnai.default\searchplugins\
vyhledvn-vide-ve-slub-youtube.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-01-03 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll [2009-01-14 92504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocník pro přihlášení ke službě Windows Live - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bf00e119-21a3-4fd1-b178-3b8537e75c92}]
IeMonitorBho Class - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll [2011-07-26 109568]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-12-14 42272]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"=C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [2009-10-13 186904]
"BTMTrayAgent"=C:\Program Files\Motorola\Bluetooth\btmshell.dll [2009-11-06 18216200]
"MGSysCtrl"=C:\Program Files\System Control Manager\MGSysCtrl.exe [2010-01-29 2408448]
"ETDWare"=C:\Program Files\Elantech\ETDCtrl.exe [2010-01-13 509320]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [2010-01-12 8423968]
"HotKeysCmds"=C:\windows\system32\hkcmd.exe [2010-01-19 174104]
"APSDaemon"=C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [2011-09-27 59240]
"pdfFactory Pro Dispatcher v3"=C:\windows\system32\spool\DRIVERS\W32X86\3\fppdis3a.exe [2009-02-26 593920]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-01-02 843712]
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2011-09-22 3080264]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ClassicStartMenu"=C:\Program Files\Classic Start Menu\ClassicStartMenu.exe [2011-05-24 4203936]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareTerminatorShield]
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareTerminatorUpdater]
C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe []

C:\Users\KAREL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
quietHDD – zástupce.lnk - D:\Karel\QuietHDD\quietHDD.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\windows\system32\igfxdev.dll [2010-01-19 217088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=0xB1000000

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"msacm.siren"=sirenacm.dll
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"aux2"=wdmaud.drv
"wave3"=wdmaud.drv
"mixer3"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll
"wave4"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer4"=wdmaud.drv
"aux3"=wdmaud.drv
"wave5"=wdmaud.drv
"mixer5"=wdmaud.drv
"wave6"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer6"=wdmaud.drv
"aux4"=wdmaud.drv
"wave7"=wdmaud.drv
"mixer7"=wdmaud.drv
"midi5"=wdmaud.drv
"wave8"=wdmaud.drv
"midi6"=wdmaud.drv
"mixer8"=wdmaud.drv
"aux5"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2012-04-04 01:00:08 ----D---- C:\rsit
2012-04-04 00:01:59 ----D---- C:\Program Files\Common Files\PC Tools
2012-04-04 00:01:52 ----D---- C:\Program Files\Spyware Doctor
2012-04-04 00:01:39 ----AD---- C:\ProgramData\TEMP
2012-03-24 18:24:30 ----D---- C:\Users\KAREL\AppData\Roaming\LolClient
2012-03-24 15:03:59 ----A---- C:\windows\system32\d3dx10_39.dll
2012-03-24 15:03:59 ----A---- C:\windows\system32\D3DCompiler_39.dll
2012-03-24 15:03:57 ----A---- C:\windows\system32\D3DX9_39.dll
2012-03-24 14:41:45 ----D---- C:\ProgramData\PMB Files
2012-03-24 14:41:33 ----D---- C:\Program Files\Pando Networks
2012-03-14 15:00:30 ----A---- C:\windows\system32\ntkrnlpa.exe
2012-03-14 15:00:27 ----A---- C:\windows\system32\ntoskrnl.exe
2012-03-14 09:06:57 ----A---- C:\windows\system32\win32k.sys
2012-03-14 09:06:54 ----A---- C:\windows\system32\DWrite.dll
2012-03-14 09:06:36 ----A---- C:\windows\system32\rdpcore.dll
2012-03-14 09:06:35 ----A---- C:\windows\system32\drivers\tdtcp.sys
2012-03-14 09:06:35 ----A---- C:\windows\system32\drivers\rdpwd.sys
2012-03-14 09:06:34 ----A---- C:\windows\system32\rdrmemptylst.exe
2012-03-14 09:06:33 ----A---- C:\windows\system32\rdpwsx.dll
2012-03-14 09:06:33 ----A---- C:\windows\system32\rdpcorekmts.dll
2012-03-11 23:05:17 ----D---- C:\windows\usb-audio.deReloopCONTOUR
2012-03-11 23:03:54 ----A---- C:\windows\system32\drivers\rlcont_u.sys
2012-03-11 23:03:54 ----A---- C:\windows\system32\drivers\rlcont_m.sys
2012-03-11 23:03:54 ----A---- C:\windows\system32\drivers\rlcont_a.sys

======List of files/folders modified in the last 1 month======

2012-04-04 01:00:12 ----D---- C:\Program Files\trend micro
2012-04-04 01:00:11 ----D---- C:\windows\Temp
2012-04-04 00:58:24 ----D---- C:\windows\system32\config
2012-04-04 00:45:19 ----D---- C:\windows\System32
2012-04-04 00:45:19 ----A---- C:\windows\system32\PerfStringBackup.INI
2012-04-04 00:45:18 ----D---- C:\windows\inf
2012-04-04 00:43:57 ----D---- C:\windows\SoftwareDistribution
2012-04-04 00:43:10 ----HD---- C:\Windows
2012-04-04 00:42:36 ----D---- C:\Users\KAREL\AppData\Roaming\Winamp
2012-04-04 00:42:36 ----D---- C:\Users\KAREL\AppData\Roaming\uTorrent
2012-04-04 00:40:09 ----D---- C:\Program Files\Connectify
2012-04-04 00:39:54 ----HD---- C:\ProgramData
2012-04-04 00:39:54 ----D---- C:\windows\system32\drivers
2012-04-04 00:39:33 ----D---- C:\windows\system32\wdi
2012-04-04 00:38:37 ----D---- C:\Users\KAREL\AppData\Roaming\Classic Start Menu
2012-04-04 00:02:10 ----SHD---- C:\windows\Installer
2012-04-04 00:01:59 ----D---- C:\Program Files\Common Files
2012-04-04 00:01:52 ----RD---- C:\Program Files
2012-04-03 23:59:29 ----D---- C:\windows\Prefetch
2012-04-02 21:28:56 ----D---- C:\Program Files\Mozilla Firefox
2012-03-27 18:36:22 ----D---- C:\windows\Logs
2012-03-24 15:00:31 ----HD---- C:\Program Files\InstallShield Installation Information
2012-03-23 19:14:33 ----D---- C:\windows\debug
2012-03-15 11:36:08 ----D---- C:\windows\system32\catroot2
2012-03-14 15:40:08 ----D---- C:\windows\winsxs
2012-03-14 15:01:30 ----A---- C:\windows\system32\MRT.exe
2012-03-14 15:01:24 ----D---- C:\windows\system32\catroot
2012-03-14 15:01:06 ----D---- C:\ProgramData\Microsoft Help
2012-03-11 23:05:14 ----D---- C:\windows\system32\DriverStore
2012-03-11 10:31:50 ----D---- C:\ProgramData\FLEXnet
2012-03-10 10:01:03 ----D---- C:\windows\system32\NDF
2012-03-08 19:16:28 ----D---- C:\windows\LiveKernelReports

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 iaStor;Intel AHCI Controller; C:\windows\system32\DRIVERS\iaStor.sys [2009-10-13 331288]
R0 PxHelp20;PxHelp20; C:\windows\System32\Drivers\PxHelp20.sys [2006-08-25 36528]
R0 rdyboost;ReadyBoost; C:\windows\System32\drivers\rdyboost.sys [2010-11-20 173440]
R0 snapman;Acronis Snapshots Manager; C:\windows\system32\DRIVERS\snapman.sys [2010-11-20 170080]
R0 sptd;sptd; C:\windows\System32\Drivers\sptd.sys [2011-10-22 443448]
R1 ehdrv;ehdrv; C:\windows\system32\DRIVERS\ehdrv.sys [2011-08-04 118104]
R1 ElbyCDIO;ElbyCDIO Driver; C:\windows\System32\Drivers\ElbyCDIO.sys [2010-12-17 31088]
R1 vwififlt;Virtual WiFi Filter Driver; C:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 48128]
R2 eamonm;eamonm; C:\windows\system32\DRIVERS\eamonm.sys [2011-08-09 163424]
R2 epfwwfpr;epfwwfpr; C:\windows\system32\DRIVERS\epfwwfpr.sys [2011-08-04 103112]
R3 amdkmdag;amdkmdag; C:\windows\system32\DRIVERS\atipmdag.sys [2010-01-08 5191168]
R3 amdkmdap;amdkmdap; C:\windows\system32\DRIVERS\atikmpag.sys [2010-01-08 125440]
R3 connctfyMP;connctfyMP; C:\windows\system32\DRIVERS\connctfy.sys [2010-08-11 29248]
R3 ElbyCDFL;ElbyCDFL; C:\windows\System32\Drivers\ElbyCDFL.sys [2007-02-16 34760]
R3 ETD;ELAN PS/2 Port Input Device; C:\windows\system32\DRIVERS\ETD.sys [2010-01-18 102400]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\windows\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\windows\system32\drivers\RTKVHDA.sys [2010-01-12 2988640]
R3 intelkmd;intelkmd; C:\windows\system32\DRIVERS\igdpmd32.sys [2010-01-19 5946368]
R3 NETw5s32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit; C:\windows\system32\DRIVERS\NETw5s32.sys [2009-12-18 6114816]
R3 pfc;Padus ASPI Shell; C:\windows\system32\drivers\pfc.sys [2010-11-20 9856]
R3 RTHDMIAzAudService;Service for HDMI; C:\windows\system32\drivers\RtHDMIV.sys [2009-12-02 168480]
R3 RTL8167;Realtek 8167 NT Driver; C:\windows\system32\DRIVERS\Rt86win7.sys [2011-06-10 394856]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 14336]
S2 Parvdm;Parvdm; C:\windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
S3 aic78xx;aic78xx; C:\windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]
S3 amdagp;Ovladač filtru AMD portu AGP; C:\windows\system32\drivers\amdagp.sys [2009-07-14 53312]
S3 androidusb;ADB Interface Driver; C:\windows\System32\Drivers\androidusb.sys [2010-04-29 26112]
S3 anq9pe7r;anq9pe7r; C:\windows\system32\drivers\anq9pe7r.sys []
S3 AX88772;ASIX AX88772 USB2.0 to Fast Ethernet Adapter; C:\windows\system32\DRIVERS\ax88772.sys [2009-06-10 60928]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\windows\system32\DRIVERS\b57nd60x.sys [2009-07-14 229888]
S3 BTMCOM;Bluetooth Serial Port; C:\windows\System32\Drivers\btmcom.sys [2009-07-10 40448]
S3 btmhid;btmhid; C:\windows\system32\DRIVERS\btmhid.sys [2009-06-29 27008]
S3 BTMUSB;Motorola Bluetooth Radio Service; C:\windows\System32\Drivers\btmusb.sys [2009-10-22 520960]
S3 connctfy;Connectify Service; C:\windows\system32\DRIVERS\connctfy.sys [2010-08-11 29248]
S3 EUCR;EUCR; C:\windows\system32\DRIVERS\EUCR6SK.SYS [2009-12-05 82128]
S3 igfx;igfx; C:\windows\system32\DRIVERS\igdkmd32.sys [2010-01-19 5946368]
S3 MAYA44;usb-audio.de driver for Maya44; C:\windows\System32\Drivers\Maya44.sys [2009-10-30 384064]
S3 Netaapl;Apple Mobile Device Ethernet Service; C:\windows\system32\DRIVERS\netaapl.sys [2011-05-10 18432]
S3 netr28u;%Generic.Service.DispName%; C:\windows\system32\DRIVERS\netr28u.sys [2010-07-27 945504]
S3 pciide;pciide; C:\windows\system32\drivers\pciide.sys [2009-07-14 12368]
S3 pgusbmme;usb-audio.de MME-Adapter; C:\windows\system32\drivers\pgusbmm3.sys [2009-10-30 39488]
S3 RELOOP_CONTOUR;Reloop CONTOUR USB driver; C:\windows\System32\Drivers\rlcont_u.sys [2010-05-14 330304]
S3 RELOOP_CONTOUR_MIDI;Reloop CONTOUR WDM MIDI Device; C:\windows\system32\drivers\rlcont_m.sys [2010-05-14 26688]
S3 RELOOP_CONTOUR_WDM;Reloop CONTOUR WDM; C:\windows\system32\drivers\rlcont_a.sys [2010-05-14 40000]
S3 sdbus;sdbus; C:\windows\system32\drivers\sdbus.sys [2010-11-20 84992]
S3 sisagp;Filtr SIS sběrnice AGP; C:\windows\system32\drivers\sisagp.sys [2009-07-14 52304]
S3 smserial;smserial; C:\windows\system32\DRIVERS\smserial.sys [2009-07-14 1068032]
S3 TsUsbFlt;@%SystemRoot%\system32\drivers\tsusbflt.sys,-1; C:\windows\System32\drivers\tsusbflt.sys [2010-11-20 52224]
S3 USBAAPL;Apple Mobile USB Driver; C:\windows\System32\Drivers\usbaapl.sys [2011-05-10 42496]
S3 viaagp;Filtr VIA sběrnice AGP; C:\windows\system32\drivers\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]
S3 WinUsb;WinUsb; C:\windows\system32\DRIVERS\WinUsb.sys [2010-11-20 35968]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AMD External Events Utility;AMD External Events Utility; C:\windows\system32\atiesrxx.exe [2010-01-08 172032]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2011-10-09 55144]
R2 Bluetooth OBEX Service;Bluetooth OBEX Service; C:\Program Files\Motorola\Bluetooth\obexsrv.exe [2009-10-20 480520]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2011-08-30 390504]
R2 Connectify;Connectify; C:\Program Files\Connectify\Connectifyd.exe [2011-03-10 892992]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2011-09-22 974944]
R2 IAANTMON;Intel(R) Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe [2009-10-13 354840]
R2 Micro Star SCM;Micro Star SCM; C:\Program Files\System Control Manager\MSIService.exe [2009-07-10 160768]
R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-01-14 226656]
R2 Správce výběru OS;Aktivátor Správce výběru OS Acronis; C:\Program Files\Acronis\DiskDirector\OSS\reinstall_svc.exe [2010-07-07 2156952]
R3 Bluetooth Device Manager;Bluetooth Device Manager; C:\Program Files\Motorola\Bluetooth\devmgrsrv.exe [2009-10-22 3473672]
R3 Bluetooth Media Service;Bluetooth Media Service; C:\Program Files\Motorola\Bluetooth\audiosrv.exe [2009-08-15 709384]
R3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2010-03-05 647680]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 RalinkRegistryWriter;Ralink Registry Writer; C:\Program Files\ZyXEL\NWD2105\Common\RaRegistry.exe [2009-07-14 185632]
S3 Autodesk Licensing Service;Autodesk Licensing Service; C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe [2010-11-20 85096]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2011-10-09 821608]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 Steam Client Service;Steam Client Service; C:\Program Files\Common Files\Steam\SteamService.exe [2009-07-16 316664]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\windows\system32\Wat\WatAdminSvc.exe [2010-11-17 1343400]

-----------------EOF-----------------

#2 Příspěvek od **vyosek** » 04 dub 2012 07:43

Zdravim a pekny den preji

Poprosim i o druhy log z RSIT s nazvem info.txt, jd ulozen v c:\rsit

Stahnete RogueKiller http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe

Ukoncete vsechny programy
Pokud pouzivate Win Vista ci W7, kliknete na RogueKiller pravym a dejte Run As Administrator ci Spustit jako spravce
Pockejte na dokonceni PreScanu
Zvolte moznost Prohledat (scan)
Po dokonceni skenu kliknete na Zpráva (Report)- otevre se log, ten sem vlozte

nejep · #3 Příspěvek od **nejep** » 04 dub 2012 18:02

Zde druhý log:

info.txt logfile of random's system information tool 1.09 2012-04-04 01:00:51

======Uninstall list======

Update for Microsoft Office 2007 (KB2508958)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}
-->MsiExec /X{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}
-->MsiExec.exe /I{9A346205-EA92-4406-B1AB-50379DA3F057}
µTorrent-->"C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
ACDSee 6.0 Standard-->MsiExec.exe /I{FD88D501-1F0A-4DA4-A13A-6437411EE0C3}
Acronis Disk Director Home-->MsiExec.exe /X{9CCC78EF-027E-40E0-9B61-39932C65E3FE}
Adobe Flash Player 10 ActiveX-->C:\windows\system32\Macromed\Flash\FlashUtil10m_ActiveX.exe -maintain activex
Adobe Flash Player 11 Plugin-->C:\windows\system32\Macromed\Flash\FlashUtil11g_Plugin.exe -maintain plugin
Adobe Photoshop CS-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EFB21DE7-8C19-4A88-BB28-A766E16493BC}\setup.exe" -l0x5
Adobe Reader 9.5.0 - Czech-->MsiExec.exe /I{AC76BA86-7AD7-1029-7B44-A95000000001}
Aktualizace produktu Microsoft Office Excel 2007 Help (KB963678)-->msiexec /package {90120000-0016-0405-0000-0000000FF1CE} /uninstall {0A1FAC46-B899-421D-B1A2-470896DC45DB}
Aktualizace produktu Microsoft Office Powerpoint 2007 Help (KB963669)-->msiexec /package {90120000-0018-0405-0000-0000000FF1CE} /uninstall {5260BB53-C1F7-4A3B-9AEB-3EC9B37FF194}
Aktualizace produktu Microsoft Office Word 2007 Help (KB963665)-->msiexec /package {90120000-001B-0405-0000-0000000FF1CE} /uninstall {E68DD413-B834-4923-8181-0A03B7555187}
AMD APP SDK Runtime-->MsiExec.exe /I{A25FF1C0-80B6-4B8B-A551-DC525697A408}
AMD Catalyst Install Manager-->msiexec /q/x{AF79E1E0-EB3B-A08A-624B-08F7296DFD65} REBOOT=ReallySuppress
Apple Application Support-->MsiExec.exe /I{A83279FD-CA4B-4206-9535-90974DE76654}
Apple Mobile Device Support-->MsiExec.exe /I{A00B9A50-3090-4CFF-9CDA-82DA0BEDAA21}
Apple Software Update-->MsiExec.exe /I{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}
Ashampoo Burning Studio 10.0.7-->"C:\Program Files\Ashampoo\Ashampoo Burning Studio 10\unins000.exe"
Asistent pro přihlášení ke službě Windows Live-->MsiExec.exe /I{3E62B27C-342F-4B44-9331-CA4BC59A586F}
AutoCAD 2008 - Český SP1-->Msiexec.exe /uninstall {1C500B62-B044-4216-8011-604640F4F925} /package {5783F2D7-6001-0405-0002-0060B0CE6BBA} /qb
AutoCAD 2008 - Český-->C:\Program Files\AutoCAD 2008\Setup\Setup.exe /P {5783F2D7-6001-0405-0002-0060B0CE6BBA} /M ACAD
Autodesk DWF Viewer 7-->MsiExec.exe /I{9A346205-EA92-4406-B1AB-50379DA3F057}
AX88772A-->"C:\Program Files\InstallShield Installation Information\{CAAF899F-D15F-480F-AF10-22B1431A5E9F}\setup.exe" -runfromtemp -l0x0409 -removeonly
Bonjour-->MsiExec.exe /X{79155F2B-9895-49D7-8612-D92580E0DE5B}
Breach-->"D:\Karel\Steam\steam.exe" steam://uninstall/72300
BS.Player PRO-->"C:\Program Files\Webteh\BSplayerPro\uninstall.exe"
BurnRecovery-->MsiExec.exe /I{2892E1B7-E24D-4CCB-B8A7-B63D4B66F89F}
Call of Duty Modern Warfare 2-->"D:\Soubory\Hry\Modern Warfare 2\unins000.exe"
Call of Duty Modern Warfare 3 version 1.0-->"D:\Soubory\Hry\Call of Duty Modern Warfare 3\unins000.exe"
Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch-->C:\Program Files\InstallShield Installation Information\{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}\setup.exe -runfromtemp -l0x0409
Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch-->C:\Program Files\InstallShield Installation Information\{931C37FC-594D-43A9-B10F-A2F2B1F03498}\setup.exe -runfromtemp -l0x0409
Call of Duty(R) 4 - Modern Warfare(TM)-->C:\Program Files\InstallShield Installation Information\{E48469CC-635E-4FD5-A122-1497C286D217}\setup.exe -runfromtemp -l0x0409
Catalyst Control Center - Branding-->MsiExec.exe /I{0E33EC53-22CE-426C-A88B-2AAC231BAC85}
CCleaner-->"C:\Program Files\CCleaner\uninst.exe"
Cisco EAP-FAST Module-->MsiExec.exe /I{415B2719-AD3A-4944-B404-C472DB6085B3}
Cisco LEAP Module-->MsiExec.exe /I{83770D14-21B9-44B3-8689-F7B523F94560}
Cisco PEAP Module-->MsiExec.exe /I{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}
Classic Start Menu 3.88-->"C:\Program Files\Classic Start Menu\unins000.exe"
CloneCD-->"C:\Program Files\SlySoft\CloneCD\ccd-uninst.exe" /D="C:\Program Files\SlySoft\CloneCD"
CloneDVD2-->"C:\Program Files\CloneDVD2\CloneDVD2-uninst.exe" /D="C:\Program Files\CloneDVD2"
Codec Pack - All In 1 6.0.3.0-->C:\windows\iun6002.exe "C:\Program Files\Codec Pack - All In 1\irunin.ini"
Connectify-->C:\Program Files\Connectify\Uninstall.exe
Counter-Strike: Source-->"D:\Karel\Steam\steam.exe" steam://uninstall/240
DAEMON Tools Lite-->C:\Program Files\DAEMON Tools Lite\uninst.exe
Defraggler-->"C:\Program Files\Defraggler\uninst.exe"
EasyRecovery Professional Trial-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{A45F4518-0DC7-474A-BBE1-F04CC2D6FD93} /l1033
ETDWare PS/2-x86 7.0.5.10_WHQL-->%ProgramFiles%\Elantech\ETDUn_inst.exe
Fotolab Fotosvet 4-->"C:\Program Files\Fotolab\Fotolab Fotosvet 4\uninstall.exe"
FreeSpace 2-->C:\WINDOWS\ISUNINST.EXE -fd:\soubory\hry\freespace 2\Uninst.isu -cd:\soubory\hry\freespace 2\fs2uninst.dll
Google Earth-->MsiExec.exe /X{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Intel® Matrix Storage Manager-->C:\Program Files\Intel\Intel Matrix Storage Manager\Uninstall\imsmudlg.exe -uninstall
iTunes-->MsiExec.exe /I{29ED20C9-5E15-4969-9279-25BF3727A3DA}
Java(TM) 6 Update 29-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216029FF}
Junk Mail filter update-->MsiExec.exe /I{E2DFE069-083E-4631-9B6C-43C48E991DE5}
League of Legends-->"C:\Program Files\InstallShield Installation Information\{92606477-9366-4D3B-8AE3-6BE4B29727AB}\setup.exe" -runfromtemp -l0x0409 -removeonly
Maya44 USB ASIO driver-->C:\windows\usb-audio.deMaya44\Setup.exe /l1
Mega Manager-->"C:\Program Files\InstallShield Installation Information\{3B6E3FC6-274C-4B6C-BC85-5C3B15DE18E2}\setup.exe" -runfromtemp -l0x0409 -removeonly
Microsoft .NET Framework 4 Client Profile CSY Language Pack-->C:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\ClientLP\Setup.exe /repair /x86 /lcid 1029 /parameterfolder ClientLP
Microsoft .NET Framework 4 Client Profile CSY Language Pack-->MsiExec.exe /X{7036A6F4-5DAD-3908-956D-1752CD7F7E5A}
Microsoft .NET Framework 4 Client Profile-->C:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\Setup.exe /repair /x86 /parameterfolder Client
Microsoft .NET Framework 4 Client Profile-->MsiExec.exe /X{3C3901C5-3455-3E0A-A214-0B093A5070A6}
Microsoft Games for Windows - LIVE Redistributable-->MsiExec.exe /X{8FB1B528-E260-451E-9B55-E9152F94B80B}
Microsoft Games for Windows - LIVE-->MsiExec.exe /X{F97E3841-CA9D-4964-9D64-26066241D26F}
Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}
Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-0015-0405-0000-0000000FF1CE} /uninstall {3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}
Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-0016-0405-0000-0000000FF1CE} /uninstall {3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}
Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-0018-0405-0000-0000000FF1CE} /uninstall {3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}
Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-0019-0405-0000-0000000FF1CE} /uninstall {3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}
Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-001A-0405-0000-0000000FF1CE} /uninstall {3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}
Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-001B-0405-0000-0000000FF1CE} /uninstall {3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}
Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {6E107EB7-8B55-48BF-ACCB-199F86A2CD93}
Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-0044-0405-0000-0000000FF1CE} /uninstall {3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}
Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-006E-0405-0000-0000000FF1CE} /uninstall {A0AAD4D5-9F9C-49BB-AB64-0FD4695424E8}
Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-00A1-0405-0000-0000000FF1CE} /uninstall {3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}
Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-00BA-0405-0000-0000000FF1CE} /uninstall {3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}
Microsoft Office Access MUI (Czech) 2007-->MsiExec.exe /X{90120000-0015-0405-0000-0000000FF1CE}
Microsoft Office Enterprise 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (Czech) 2007-->MsiExec.exe /X{90120000-0016-0405-0000-0000000FF1CE}
Microsoft Office File Validation Add-In-->MsiExec.exe /I{90140000-2005-0000-0000-0000000FF1CE}
Microsoft Office Groove MUI (Czech) 2007-->MsiExec.exe /X{90120000-00BA-0405-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (Czech) 2007-->MsiExec.exe /X{90120000-0044-0405-0000-0000000FF1CE}
Microsoft Office OneNote MUI (Czech) 2007-->MsiExec.exe /X{90120000-00A1-0405-0000-0000000FF1CE}
Microsoft Office Outlook MUI (Czech) 2007-->MsiExec.exe /X{90120000-001A-0405-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (Czech) 2007-->MsiExec.exe /X{90120000-0018-0405-0000-0000000FF1CE}
Microsoft Office Proof (Czech) 2007-->MsiExec.exe /X{90120000-001F-0405-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Slovak) 2007-->MsiExec.exe /X{90120000-001F-041B-0000-0000000FF1CE}
Microsoft Office Proofing (Czech) 2007-->MsiExec.exe /X{90120000-002C-0405-0000-0000000FF1CE}
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-001F-0405-0000-0000000FF1CE} /uninstall {0B7A4B67-2A38-42B1-9857-662FAB361E08}
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {928D7B99-2BEA-49F9-83B8-20FA57860643}
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {1FF96026-A04A-4C3E-B50A-BB7022654D0F}
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-001F-041B-0000-0000000FF1CE} /uninstall {FDF9A959-241A-4662-A8DE-7DED9C22D160}
Microsoft Office Publisher MUI (Czech) 2007-->MsiExec.exe /X{90120000-0019-0405-0000-0000000FF1CE}
Microsoft Office Shared MUI (Czech) 2007-->MsiExec.exe /X{90120000-006E-0405-0000-0000000FF1CE}
Microsoft Office Word MUI (Czech) 2007-->MsiExec.exe /X{90120000-001B-0405-0000-0000000FF1CE}
Microsoft Search Enhancement Pack-->MsiExec.exe /I{9C9CEB9D-53FD-49A7-85D2-FE674F72F24E}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft Sync Framework Runtime Native v1.0 (x86)-->MsiExec.exe /I{8A74E887-8F0F-4017-AF53-CBA42211AAA5}
Microsoft Sync Framework Services Native v1.0 (x86)-->MsiExec.exe /I{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570-->MsiExec.exe /X{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161-->MsiExec.exe /X{9BE518E6-ECC6-35A9-88E4-87755C07200F}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729-->MsiExec.exe /X{6AFCA4E1-9B78-3640-8F72-A7BF33448200}
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319-->MsiExec.exe /X{196BB40D-1578-3D01-B289-BEFC77A11A1E}
Motorola Bluetooth-->"C:\Program Files\Motorola\Bluetooth\unins000.exe"
Mozilla Firefox (3.6.28)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
msi Software Install-->MsiExec.exe /I{07690F1C-04B1-4060-9691-6748ED1826B9}
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP3 Parser (KB973685)-->MsiExec.exe /I{859DFA95-E4A6-48CD-B88E-A3E483E89B44}
Nástroj pro odesílání služby Windows Live-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Native Instruments Service Center-->"C:\ProgramData\{D7CFB71A-972A-44FF-AE44-8780EB53ABB2}\Service Center Setup.exe" REMOVE=TRUE MODIFY=FALSE
Native Instruments Service Center-->C:\ProgramData\{D7CFB71A-972A-44FF-AE44-8780EB53ABB2}\Service Center Setup.exe
Native Instruments Traktor 2-->"C:\ProgramData\{4A818508-3355-4FBC-B302-D53B599DD9D5}\Traktor 2 Setup PC.exe" REMOVE=TRUE MODIFY=FALSE
Native Instruments Traktor 2-->C:\ProgramData\{4A818508-3355-4FBC-B302-D53B599DD9D5}\Traktor 2 Setup PC.exe
Native Instruments Traktor-->"C:\ProgramData\{BC13C66E-D01E-4443-A1D1-35EEDF3A964A}\Traktor Setup.exe" REMOVE=TRUE MODIFY=FALSE
Native Instruments Traktor-->C:\ProgramData\{BC13C66E-D01E-4443-A1D1-35EEDF3A964A}\Traktor Setup.exe
NVIDIA PhysX-->MsiExec.exe /X{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}
Pando Media Booster-->C:\Program Files\Pando Networks\Media Booster\uninst.exe
pdfFactory Pro-->C:\windows\system32\spool\DRIVERS\W32X86\3\fppinst3.exe /uninstall
QuickTime-->MsiExec.exe /I{C9E14402-3631-4182-B377-6B0DFB1C0339}
RapidShare Manager 2-->C:\Program Files\RapidShareManager\uninstall.exe
Realtek Ethernet Controller Driver-->C:\Program Files\InstallShield Installation Information\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}\setup.exe -runfromtemp -removeonly
Realtek HDMI Audio Driver for ATI-->C:\Program Files\Realtek\Audio\HDA\RtkUpd.exe -k -m -nrg2709
Realtek High Definition Audio Driver-->C:\Program Files\Realtek\Audio\HDA\RtlUpd.exe -r -m -nrg2709
Recuva-->"C:\Program Files\Recuva\uninst.exe"
Reloop CONTOUR USB ASIO driver-->C:\windows\usb-audio.deReloopCONTOUR\Setup.exe /l1
SC Ver 2.71-->D:\Karel\SuperCard\SC\unins000.exe
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)-->C:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {3E0806DB-3085-378A-840A-F0D3AE3609D1} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)-->C:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {728D9A6A-2206-31E8-9F65-C3EABEFCF53E} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)-->C:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {2CE2EB39-45C8-32D4-8A99-5529C38F1B99} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)-->C:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {7E97AB83-C1FE-38DE-B848-877E0A4BD81E} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)-->C:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {DB31DEDD-BF95-31E7-A9B7-5480561CEFF3} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)-->C:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {8DDEFC7E-0C61-3D11-AFC6-5414F2DAFD01} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)-->C:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {4952F442-5C1A-38EB-8C23-B18EFE77E20C} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile CSY Language Pack (KB2478663)-->C:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\ClientLP\setup.exe /uninstallpatch {728D9A6A-2206-31E8-9F65-C3EABEFCF53E} /parameterfolder ClientLP
Security Update for Microsoft .NET Framework 4 Client Profile CSY Language Pack (KB2518870)-->C:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\ClientLP\setup.exe /uninstallpatch {2CE2EB39-45C8-32D4-8A99-5529C38F1B99} /parameterfolder ClientLP
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {A0D5F849-D9D5-48ED-99D0-C74D7BFA6A09}
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {AEA16A27-0B97-4670-818F-A98D06EC0A6F}
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {0EF0D4FB-BB23-4515-AAEA-1240AC2DA525}
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {5A8732F0-C20F-4A9B-A2A9-66FE7A586C35}
Speccy-->"C:\Program Files\Speccy\uninst.exe"
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
SRS Premium Sound Control Panel-->MsiExec.exe /I{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}
StarCraft II-->C:\Program Files\Common Files\Blizzard Entertainment\StarCraft II\Uninstall.exe
Steam-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
Subtitle Workshop 2.51-->"C:\Program Files\Subtitle Workshop\uninstall.exe"
System Control Manager-->C:\Program Files\InstallShield Installation Information\{ED9C5D25-55DF-48D8-9328-2AC0D75DE5D8}\setup.exe -runfromtemp -l0x0009 -removeonly
Team Fortress 2 Beta-->"D:\Karel\Steam\steam.exe" steam://uninstall/520
Team Fortress 2-->"D:\Karel\Steam\steam.exe" steam://uninstall/440
The KMPlayer (remove only)-->"C:\Program Files\The KMPlayer\uninstall.exe"
Total Commander (Remove or Repair)-->C:\Program Files\totalcmd\tcuninst.exe
TradeManager 2010 Beta1-->C:\Program Files\trademanager\Uninstall.exe
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)-->C:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {5E9CF3A4-ADB3-3080-A8BF-976A28340758} /parameterfolder Client
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)-->C:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {81EBB9D7-173C-32E3-B477-149C8DE075E4} /parameterfolder Client
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)-->C:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {5D9961AC-7C99-36A2-9EF0-34678AED5384} /parameterfolder Client
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {B7873DF5-9E1C-45EE-8895-D29C6AE01202}
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {C20964A7-5181-45E5-9E82-72F5D400DEBF}
Update for Microsoft Office 2007 suites (KB2597970) 32-Bit Edition-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {91E130AA-C37F-42D8-9D5D-397B3416A7F2}
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {567103D1-96CD-4B76-93B9-2681A187DEFF}
Winamp-->"C:\Program Files\Winamp\UninstWA.exe"
Windows Driver Package - ENE (EUCR) USB (12/04/2009 5.89.0.64)-->C:\PROGRA~1\DIFX\198A84B0EB590201\DPInst.exe /u C:\windows\System32\DriverStore\FileRepository\eucr6sk.inf_x86_neutral_129d3214cf706f40\eucr6sk.inf
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Essentials-->C:\Program Files\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{E3F328E4-EB9F-4ABF-8FF3-5AD0472743D8}
Windows Live Fotogalerie-->MsiExec.exe /X{1D097338-B4FA-4F29-9C43-8D7A970A007E}
Windows Live Mail-->MsiExec.exe /I{E5A10EF8-DBF3-4251-A9CA-423311DBBFC8}
Windows Live Messenger-->MsiExec.exe /X{71E40B32-5173-4538-8996-5822DD18E8D4}
Windows Live Movie Maker-->MsiExec.exe /X{B0490CEE-D5ED-431A-88EB-772D9DB70C0C}
Windows Live Sync-->MsiExec.exe /X{068B46A0-8858-4CEB-80BC-A4AE787A05FC}
Windows Live Toolbar-->MsiExec.exe /X{6E257F26-57FA-4BC9-AE3B-D50AF937DA7F}
Windows Live Writer-->MsiExec.exe /X{479A749B-1684-4881-8266-BF8DD22251E7}
WinRAR archiver-->C:\Program Files\WinRAR 3.61 Multi\Uninstall.exe
Wireless N-lite USB Adapter Utility-->C:\Program Files\InstallShield Installation Information\{091B9E08-5E3E-43CE-B3BA-B9A9ACBE668F}\setup.exe -runfromtemp -l0x0009 -removeonly

======Hosts File======

::1 localhost

======System event log======

Computer Name: KAREL-msi
Event Code: 62464
Message: UVD Information
Record Number: 185708
Source Name: amdkmdag
Time Written: 20120118194116.824497-000
Event Type: Informace
User:

Computer Name: KAREL-msi
Event Code: 62464
Message: UVD Information
Record Number: 185707
Source Name: amdkmdag
Time Written: 20120118194116.823497-000
Event Type: Informace
User:

Computer Name: KAREL-msi
Event Code: 62464
Message: UVD Information
Record Number: 185706
Source Name: amdkmdag
Time Written: 20120118194116.823497-000
Event Type: Informace
User:

Computer Name: KAREL-msi
Event Code: 62464
Message: UVD Information
Record Number: 185705
Source Name: amdkmdag
Time Written: 20120118194116.823497-000
Event Type: Informace
User:

Computer Name: KAREL-msi
Event Code: 62464
Message: UVD Information
Record Number: 185704
Source Name: amdkmdag
Time Written: 20120118194116.823497-000
Event Type: Informace
User:

=====Application event log=====

Computer Name: WIN-36TA4QOUMNL
Event Code: 12306
Message: Úspěšné obnovení aktivačního období pro ID aplikace = 55c92734-d682-4d71-983e-d6ec3f16059f, ID jednotky SKU = (null). Zbývající počet obnovení aktivačního období: 1
Record Number: 1048
Source Name: Microsoft-Windows-Security-SPP
Time Written: 20100305195759.000000-000
Event Type: Informace
User:

Computer Name: WIN-36TA4QOUMNL
Event Code: 8224
Message: Služba VSS bude ukončena z důvodu vypršení časového limitu nečinnosti.
Record Number: 1047
Source Name: VSS
Time Written: 20100305195738.000000-000
Event Type: Informace
User:

Computer Name: WIN-36TA4QOUMNL
Event Code: 1003
Message: Služba Windows Search byla spuštěna.

Record Number: 1046
Source Name: Microsoft-Windows-Search
Time Written: 20100305195434.000000-000
Event Type: Informace
User:

Computer Name: WIN-36TA4QOUMNL
Event Code: 1013
Message: Služba Windows Search byla řádně zastavena.

Record Number: 1045
Source Name: Microsoft-Windows-Search
Time Written: 20100305195433.000000-000
Event Type: Informace
User:

Computer Name: WIN-36TA4QOUMNL
Event Code: 103
Message: Windows (3512) Windows: Databázový stroj zastavil instanci (0).
Record Number: 1044
Source Name: ESENT
Time Written: 20100305195433.000000-000
Event Type: Informace
User:

=====Security event log=====

Computer Name: KAREL-msi
Event Code: 4907
Message: Nastavení auditu objektu se změnila.

Předmět:
ID zabezpečení: S-1-5-18
Název účtu: KAREL-MSI$
Doména účtu: WORKGROUP
ID přihlášení: 0x3e7

Objekt:
Server objektu: Security
Typ objektu: File
Název objektu: C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
ID popisovače: 0x18

Informace o procesu:
ID procesu: 0x11b4
Název procesu: C:\Windows\System32\poqexec.exe

Nastavení auditu:
Původní popisovač zabezpečení:
Nový popisovač zabezpečení: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Record Number: 15964
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20110417160758.888586-000
Event Type: Úspěšný audit
User:

Computer Name: KAREL-msi
Event Code: 4647
Message: Odhlášení spuštěné uživatelem:

Předmět:
ID zabezpečení: S-1-5-21-2246954196-3409421779-4005953494-1001
Název účtu: KAREL
Doména účtu: KAREL-msi
ID přihlášení: 0x18d6f

Tato událost je generována, pokud je spuštěno odhlášení. Není povolena žádná další uživatelem spuštěná akce. Tuto událost lze interpretovat jako událost odhlášení.
Record Number: 15963
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20110417160757.515783-000
Event Type: Úspěšný audit
User:

Computer Name: KAREL-msi
Event Code: 4672
Message: Novému přihlášení byla přiřazena zvláštní oprávnění.

Předmět:
ID zabezpečení: S-1-5-18
Název účtu: SYSTEM
Doména účtu: NT AUTHORITY
ID přihlášení: 0x3e7

Oprávnění: SeAssignPrimaryTokenPrivilege
SeTcbPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege
Record Number: 15962
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20110417160757.032183-000
Event Type: Úspěšný audit
User:

Computer Name: KAREL-msi
Event Code: 4624
Message: Účet byl úspěšně přihlášen.

Předmět:
ID zabezpečení: S-1-5-18
Název účtu: KAREL-MSI$
Doména účtu: WORKGROUP
ID přihlášení: 0x3e7

Typ přihlášení: 5

Nové přihlášení:
ID zabezpečení: S-1-5-18
Název účtu: SYSTEM
Doména účtu: NT AUTHORITY
ID přihlášení: 0x3e7
GUID přihlášení: {00000000-0000-0000-0000-000000000000}

Informace o procesu:
ID procesu: 0x27c
Název procesu: C:\Windows\System32\services.exe

Informace o síti:
Název pracovní stanice:
Adresa zdrojové sítě -
Zdrojový port: -

Podrobné informace o ověření:
Proces přihlášení: Advapi
Balíček ověření: Negotiate
Přenosové služby: -
Název balíčku (pouze NTLM): -
Délka klíče: 0

Tato událost je generována po vytvoření relace přihlášení. Je generována v počítači, ke kterému byl získán přístup.

Pole s předmětem označují účet v místním systému, který požadoval přihlášení. Jedná se nejčastěji o službu, například službu serveru nebo místní proces, například Winlogon.exe nebo Services.exe.

Pole Typ přihlášení označuje, k jakému typu přihlášení došlo. Nejběžnější typy jsou 2 (interaktivní) a 3 (síť).

Pole Nové přihlášení označují účet, pro který bylo nové přihlášení vytvořeno, tj. účet, který byl přihlášen.

Pole Síť označují původ požadavku na vzdálené přihlášení. Název pracovní stanice není vždy k dispozici a v některých případech může být toto pole prázdné.

Pole s informacemi o ověření poskytují podrobné informace o tomto konkrétním požadavku na přihlášení.
- GUID přihlášení je jednoznačný identifikátor, který je možné použít ke spojení této události s událostí KDC.
- Přenosové služby označují, které pomocné služby se podílely na tomto požadavku na přihlášení.
- Název balíčku označuje, který dílčí protokol z protokolů NTLM byl použit.
- Délka klíče označuje délku generovaného klíče relace. Tato hodnota bude 0, pokud nebyl požadován žádný klíč relace.
Record Number: 15961
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20110417160757.032183-000
Event Type: Úspěšný audit
User:

Computer Name: KAREL-msi
Event Code: 4672
Message: Novému přihlášení byla přiřazena zvláštní oprávnění.

Předmět:
ID zabezpečení: S-1-5-18
Název účtu: SYSTEM
Doména účtu: NT AUTHORITY
ID přihlášení: 0x3e7

Oprávnění: SeAssignPrimaryTokenPrivilege
SeTcbPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege
Record Number: 15960
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20110417160523.512313-000
Event Type: Úspěšný audit
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=C:\Program Files\AMD APP\bin\x86;C:\Program Files\NVIDIA Corporation\PhysX\Common;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\Common Files\Acronis\SnapAPI\;C:\Program Files\QuickTime\QTSystem\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\
"NUMBER_OF_PROCESSORS"=2
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 23 Stepping 10, GenuineIntel
"PROCESSOR_REVISION"=170a
"configsetroot"=%SystemRoot%\ConfigSetRoot
"asl.log"=Destination=file
"CLASSPATH"=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip
"QTJAVA"=C:\Program Files\QuickTime\QTSystem\QTJava.zip
"AMDAPPSDKROOT"=C:\Program Files\AMD APP\

-----------------EOF-----------------

#4 Příspěvek od **vyosek** » 04 dub 2012 18:08

OK, nyni poprosim o RogueKiller

nejep · #5 Příspěvek od **nejep** » 04 dub 2012 18:28

RogueKiller V7.3.2 [03/20/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Podpora: http://www.geekstogo.com/forum/files/fi ... guekiller/
Operační systém: Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Spuštěno v: Normální režim
Uživatel: KAREL [Práva správce]
Mód: Kontrola -- Datum: 04/04/2012 19:27:39

¤¤¤ Škodlivé procesy: 0 ¤¤¤

¤¤¤ Záznamy Registrů: 6 ¤¤¤
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HIDDEN KEY] HKLM\[...]\services : S () -> FOUND
[HIDDEN KEY] HKLM\[...]\services : S () -> FOUND

¤¤¤ Zvláštní soubory / Složky: ¤¤¤

¤¤¤ Ovladač: [NAHRÁNO] ¤¤¤

¤¤¤ Nákaza : ¤¤¤

¤¤¤ Soubor HOSTS: ¤¤¤
ÿþ1

¤¤¤ Kontrola MBR: ¤¤¤

+++++ PhysicalDrive0: WDC WD5000BEVT-22A0RT0 +++++
--- User ---
[MBR] 6c77fca25de99063088ddb8dd76fcd07
[BSP] eec4af6b9a3f65eddf13fb032542facc : Windows 7 MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 10240 Mo
1 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 20973568 | Size: 100 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 21178368 | Size: 81920 Mo
3 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 188950528 | Size: 384678 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Dokončeno : << RKreport[1].txt >>
RKreport[1].txt

#6 Příspěvek od **vyosek** » 04 dub 2012 18:31

Spustte znovu RogueKiller

Pokud pouzivate Win Vista ci W7, kliknete na RogueKiller pravym a dejte Run As Administrator ci Spustit jako spravce
Zvolte moznost Prohledat a pote Smazat a nasledne Zprava - otevre se log, ten sem vlozte
Pak kliknete na Oprava Host a Zprava - otevre se log, ten sem vlozte

PROSIM CTETE DUKLADNE NAVOD - TATO UTILITA MA VELKOU SCHOPNOST MAZAT A JE NUTNE JI APLIKOVAT JEN NA DOPORUCENI, JINAK VAM MUZE JIT SYSTEM DO KYTEK

Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.
Pokud mate Win XP spustte pod uctem Spravce\Administratora
Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte
Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix

nejep · #7 Příspěvek od **nejep** » 04 dub 2012 19:44

Rogue Killer LOG 3:

RogueKiller V7.3.2 [03/20/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Podpora: http://www.geekstogo.com/forum/files/fi ... guekiller/
Operační systém: Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Spuštěno v: Normální režim
Uživatel: KAREL [Práva správce]
Mód: Odebrat -- Datum: 04/04/2012 20:16:33

¤¤¤ Škodlivé procesy: 0 ¤¤¤

¤¤¤ Záznamy Registrů: 6 ¤¤¤
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> REPLACED (2)
[HJ] HKLM\[...]\System : EnableLUA (0) -> REPLACED (1)
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[HIDDEN KEY] HKLM\[...]\services : S () -> DELETED
[HIDDEN KEY] HKLM\[...]\services : S () -> DELETED

¤¤¤ Zvláštní soubory / Složky: ¤¤¤

¤¤¤ Ovladač: [NAHRÁNO] ¤¤¤

¤¤¤ Nákaza : ¤¤¤

¤¤¤ Soubor HOSTS: ¤¤¤
ÿþ1

¤¤¤ Kontrola MBR: ¤¤¤

+++++ PhysicalDrive0: WDC WD5000BEVT-22A0RT0 +++++
--- User ---
[MBR] 6c77fca25de99063088ddb8dd76fcd07
[BSP] eec4af6b9a3f65eddf13fb032542facc : Windows 7 MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 10240 Mo
1 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 20973568 | Size: 100 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 21178368 | Size: 81920 Mo
3 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 188950528 | Size: 384678 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Dokončeno : << RKreport[3].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt

Rogue Killer LOG 4:

RogueKiller V7.3.2 [03/20/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Podpora: http://www.geekstogo.com/forum/files/fi ... guekiller/
Operační systém: Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Spuštěno v: Normální režim
Uživatel: KAREL [Práva správce]
Mód: Oprava HOSTS -- Datum: 04/04/2012 20:16:46

¤¤¤ Škodlivé procesy: 0 ¤¤¤

¤¤¤ Ovladač: [NAHRÁNO] ¤¤¤

¤¤¤ Soubor HOSTS: ¤¤¤
ÿþ1

¤¤¤ Resetovaný HOSTS: ¤¤¤
127.0.0.1 localhost

Dokončeno : << RKreport[4].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt

Combo Fix LOG:

ComboFix 12-04-04.02 - KAREL 04.04.2012 20:22:29.1.2 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.3037.1982 [GMT 2:00]
Spuštěný z: c:\users\KAREL\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 5.0 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET NOD32 Antivirus 5.0 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-03-04 do 2012-04-04 )))))))))))))))))))))))))))))))
.
.
2012-04-04 18:31 . 2012-04-04 18:31 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-04 18:29 . 2012-04-04 18:29 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1EF7CAB7-8B74-4DE4-95B5-D28BF357999C}\offreg.dll
2012-04-03 23:00 . 2012-04-03 23:00 -------- d-----w- C:\rsit
2012-04-03 22:01 . 2012-04-03 22:40 -------- d-----w- c:\program files\Common Files\PC Tools
2012-04-03 22:01 . 2012-04-03 22:40 -------- d-----w- c:\program files\Spyware Doctor
2012-04-03 06:55 . 2012-03-14 02:15 6582328 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1EF7CAB7-8B74-4DE4-95B5-D28BF357999C}\mpengine.dll
2012-03-24 16:25 . 2012-04-01 19:28 -------- d-----w- c:\users\KAREL\riotsGamesLogs
2012-03-24 16:24 . 2012-03-24 16:24 -------- d-----w- c:\users\KAREL\AppData\Roaming\LolClient
2012-03-24 13:03 . 2008-07-12 07:18 467984 ----a-w- c:\windows\system32\d3dx10_39.dll
2012-03-24 13:03 . 2008-07-12 07:18 1493528 ----a-w- c:\windows\system32\D3DCompiler_39.dll
2012-03-24 13:03 . 2008-07-12 07:18 3851784 ----a-w- c:\windows\system32\D3DX9_39.dll
2012-03-24 12:41 . 2012-04-01 20:08 -------- d-----w- c:\users\KAREL\AppData\Local\PMB Files
2012-03-24 12:41 . 2012-04-01 20:08 -------- d-----w- c:\programdata\PMB Files
2012-03-24 12:41 . 2012-03-24 12:41 -------- d-----w- c:\program files\Pando Networks
2012-03-14 13:00 . 2011-11-19 14:50 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-03-14 13:00 . 2011-11-19 14:50 3913584 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-14 07:06 . 2012-02-03 03:54 2343424 ----a-w- c:\windows\system32\win32k.sys
2012-03-14 07:06 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\system32\DWrite.dll
2012-03-14 07:06 . 2012-02-17 05:34 826880 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-14 07:06 . 2012-02-17 04:14 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-14 07:06 . 2012-02-17 04:13 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-03-14 07:06 . 2012-01-25 05:27 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-14 07:06 . 2012-01-25 05:32 58880 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-14 07:06 . 2012-01-25 05:32 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-11 21:05 . 2012-03-11 21:05 -------- d-----w- c:\windows\usb-audio.deReloopCONTOUR
2012-03-11 21:03 . 2010-05-14 19:37 26688 ----a-w- c:\windows\system32\drivers\rlcont_m.sys
2012-03-11 21:03 . 2010-05-14 19:37 40000 ----a-w- c:\windows\system32\drivers\rlcont_a.sys
2012-03-11 21:03 . 2010-05-14 19:37 330304 ----a-w- c:\windows\system32\drivers\rlcont_u.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-24 08:17 . 2011-05-15 10:24 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-23 08:18 . 2010-11-17 21:11 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-01-17 22:11 . 2012-01-17 22:11 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ClassicStartMenu"="c:\program files\Classic Start Menu\ClassicStartMenu.exe" [2011-05-24 4203936]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-10-13 186904]
"BTMTrayAgent"="c:\program files\Motorola\Bluetooth\btmshell.dll" [2009-11-05 18216200]
"MGSysCtrl"="c:\program files\System Control Manager\MGSysCtrl.exe" [2010-01-29 2408448]
"ETDWare"="c:\program files\Elantech\ETDCtrl.exe" [2010-01-13 509320]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-01-12 8423968]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-01-19 174104]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"pdfFactory Pro Dispatcher v3"="c:\windows\system32\spool\DRIVERS\W32X86\3\fppdis3a.exe" [2009-02-26 593920]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2011-09-22 3080264]
.
c:\users\KAREL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
quietHDD – zástupce.lnk - d:\karel\QuietHDD\quietHDD.exe [2010-11-20 61440]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 androidusb;ADB Interface Driver;c:\windows\system32\Drivers\androidusb.sys [2010-04-29 26112]
R3 BTMCOM;Bluetooth Serial Port;c:\windows\System32\Drivers\btmcom.sys [2009-07-10 40448]
R3 btmhid;btmhid;c:\windows\system32\DRIVERS\btmhid.sys [2009-06-29 27008]
R3 BTMUSB;Motorola Bluetooth Radio Service;c:\windows\system32\Drivers\btmusb.sys [2009-10-22 520960]
R3 connctfy;Connectify Service;c:\windows\system32\DRIVERS\connctfy.sys [2010-08-11 29248]
R3 EUCR;EUCR;c:\windows\system32\DRIVERS\EUCR6SK.SYS [2009-12-05 82128]
R3 MAYA44;usb-audio.de driver for Maya44;c:\windows\system32\Drivers\Maya44.sys [2009-10-30 384064]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl.sys [2011-05-10 18432]
R3 netr28u;%Generic.Service.DispName%;c:\windows\system32\DRIVERS\netr28u.sys [2010-07-27 945504]
R3 pgusbmme;usb-audio.de MME-Adapter;c:\windows\system32\drivers\pgusbmm3.sys [2009-10-30 39488]
R3 RELOOP_CONTOUR;Reloop CONTOUR USB driver;c:\windows\system32\Drivers\rlcont_u.sys [2010-05-14 330304]
R3 RELOOP_CONTOUR_MIDI;Reloop CONTOUR WDM MIDI Device;c:\windows\system32\drivers\rlcont_m.sys [2010-05-14 26688]
R3 RELOOP_CONTOUR_WDM;Reloop CONTOUR WDM;c:\windows\system32\drivers\rlcont_a.sys [2010-05-14 40000]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2011-08-04 118104]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-01-08 172032]
S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files\Motorola\Bluetooth\obexsrv.exe [2009-10-20 480520]
S2 Connectify;Connectify;c:\program files\Connectify\Connectifyd.exe [2011-03-09 892992]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2011-08-09 163424]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2011-09-22 974944]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2011-08-04 103112]
S2 Micro Star SCM;Micro Star SCM;c:\program files\System Control Manager\MSIService.exe [2009-07-09 160768]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [2010-01-08 5191168]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-01-08 125440]
S3 Bluetooth Device Manager;Bluetooth Device Manager;c:\program files\Motorola\Bluetooth\devmgrsrv.exe [2009-10-22 3473672]
S3 Bluetooth Media Service;Bluetooth Media Service;c:\program files\Motorola\Bluetooth\audiosrv.exe [2009-08-15 709384]
S3 connctfyMP;connctfyMP;c:\windows\system32\DRIVERS\connctfy.sys [2010-08-11 29248]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2010-01-18 102400]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd32.sys [2010-01-19 5946368]
S3 NETw5s32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\DRIVERS\NETw5s32.sys [2009-12-18 6114816]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2011-06-10 394856]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - TRUESIGHT
*Deregistered* - TrueSight
.
.
------- Doplňkový sken -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: alipay.com
Trusted Zone: alisoft.com
Trusted Zone: taobao.com
TCP: DhcpNameServer = 213.46.172.36 213.46.172.37
TCP: Interfaces\{E256BE53-440F-4382-832B-D8395A83F958}: NameServer = 192.168.2.1
FF - ProfilePath - c:\users\KAREL\AppData\Roaming\Mozilla\Firefox\Profiles\ixftlnai.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
FF - Ext: Noia 2.0 eXtreme OPT: noia2_option@kk.noia - %profile%\extensions\noia2_option@kk.noia
FF - Ext: IE Tab 2 (FF 3.6+): {1BC9BA34-1EED-42ca-A505-6D2F1A935BBB} - %profile%\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}
FF - Ext: Noia 2.0 (eXtreme): {9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e} - %profile%\extensions\{9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e}
FF - Ext: Download Statusbar: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} - %profile%\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Toolbar-Locked - (no file)
MSConfigStartUp-SpywareTerminatorShield - c:\program files\Spyware Terminator\SpywareTerminatorShield.exe
MSConfigStartUp-SpywareTerminatorUpdater - c:\program files\Spyware Terminator\SpywareTerminatorUpdate.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'Explorer.exe'(5976)
c:\program files\Classic Start Menu\VistaStartMenu.dll
.
Celkový čas: 2012-04-04 20:35:17
ComboFix-quarantined-files.txt 2012-04-04 18:35
.
Před spuštěním: Volných bajtů: 55 242 022 912
Po spuštění: Volných bajtů: 55 119 896 576
.
- - End Of File - - 994994C8C13EACCAAC75B429B9ED1A75

#8 Příspěvek od **vyosek** » 05 dub 2012 09:19

Pokud nemate, tak presunte Combofix na plochu

Spustte poznamkovy blok (Start-spustit-notepad)
Zkopirujte skript nize

Kód: Vybrat vše

KillAll::

RegLock::
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

DDS::
Trusted Zone: alipay.com
Trusted Zone: alisoft.com
Trusted Zone: taobao.com

Reboot::

Ulozte vytvoreny TXT jako CFScript.txt
Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte

Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci

nejep · #9 Příspěvek od **nejep** » 05 dub 2012 22:58

ComboFix 12-04-04.02 - KAREL 05.04.2012 23:36:41.2.2 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.3037.1950 [GMT 2:00]
Spuštěný z: c:\users\KAREL\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\KAREL\Desktop\CFScript.txt
AV: ESET NOD32 Antivirus 5.0 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET NOD32 Antivirus 5.0 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-03-05 do 2012-04-05 )))))))))))))))))))))))))))))))
.
.
2012-04-03 23:00 . 2012-04-03 23:00 -------- d-----w- C:\rsit
2012-04-03 22:01 . 2012-04-03 22:40 -------- d-----w- c:\program files\Common Files\PC Tools
2012-04-03 22:01 . 2012-04-03 22:40 -------- d-----w- c:\program files\Spyware Doctor
2012-04-03 06:55 . 2012-03-14 02:15 6582328 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1EF7CAB7-8B74-4DE4-95B5-D28BF357999C}\mpengine.dll
2012-03-24 16:25 . 2012-04-04 19:06 -------- d-----w- c:\users\KAREL\riotsGamesLogs
2012-03-24 16:24 . 2012-03-24 16:24 -------- d-----w- c:\users\KAREL\AppData\Roaming\LolClient
2012-03-24 13:03 . 2008-07-12 07:18 467984 ----a-w- c:\windows\system32\d3dx10_39.dll
2012-03-24 13:03 . 2008-07-12 07:18 1493528 ----a-w- c:\windows\system32\D3DCompiler_39.dll
2012-03-24 13:03 . 2008-07-12 07:18 3851784 ----a-w- c:\windows\system32\D3DX9_39.dll
2012-03-24 12:41 . 2012-04-04 21:34 -------- d-----w- c:\users\KAREL\AppData\Local\PMB Files
2012-03-24 12:41 . 2012-04-04 21:34 -------- d-----w- c:\programdata\PMB Files
2012-03-24 12:41 . 2012-03-24 12:41 -------- d-----w- c:\program files\Pando Networks
2012-03-14 13:00 . 2011-11-19 14:50 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-03-14 13:00 . 2011-11-19 14:50 3913584 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-14 07:06 . 2012-02-03 03:54 2343424 ----a-w- c:\windows\system32\win32k.sys
2012-03-14 07:06 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\system32\DWrite.dll
2012-03-14 07:06 . 2012-02-17 05:34 826880 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-14 07:06 . 2012-02-17 04:14 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-14 07:06 . 2012-02-17 04:13 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-03-14 07:06 . 2012-01-25 05:27 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-14 07:06 . 2012-01-25 05:32 58880 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-14 07:06 . 2012-01-25 05:32 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-11 21:05 . 2012-03-11 21:05 -------- d-----w- c:\windows\usb-audio.deReloopCONTOUR
2012-03-11 21:03 . 2010-05-14 19:37 26688 ----a-w- c:\windows\system32\drivers\rlcont_m.sys
2012-03-11 21:03 . 2010-05-14 19:37 40000 ----a-w- c:\windows\system32\drivers\rlcont_a.sys
2012-03-11 21:03 . 2010-05-14 19:37 330304 ----a-w- c:\windows\system32\drivers\rlcont_u.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-24 08:17 . 2011-05-15 10:24 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-23 08:18 . 2010-11-17 21:11 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-01-17 22:11 . 2012-01-17 22:11 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ClassicStartMenu"="c:\program files\Classic Start Menu\ClassicStartMenu.exe" [2011-05-24 4203936]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-10-13 186904]
"BTMTrayAgent"="c:\program files\Motorola\Bluetooth\btmshell.dll" [2009-11-05 18216200]
"MGSysCtrl"="c:\program files\System Control Manager\MGSysCtrl.exe" [2010-01-29 2408448]
"ETDWare"="c:\program files\Elantech\ETDCtrl.exe" [2010-01-13 509320]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-01-12 8423968]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-01-19 174104]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"pdfFactory Pro Dispatcher v3"="c:\windows\system32\spool\DRIVERS\W32X86\3\fppdis3a.exe" [2009-02-26 593920]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2011-09-22 3080264]
.
c:\users\KAREL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
quietHDD – zástupce.lnk - d:\karel\QuietHDD\quietHDD.exe [2010-11-20 61440]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 androidusb;ADB Interface Driver;c:\windows\system32\Drivers\androidusb.sys [2010-04-29 26112]
R3 BTMCOM;Bluetooth Serial Port;c:\windows\System32\Drivers\btmcom.sys [2009-07-10 40448]
R3 btmhid;btmhid;c:\windows\system32\DRIVERS\btmhid.sys [2009-06-29 27008]
R3 BTMUSB;Motorola Bluetooth Radio Service;c:\windows\system32\Drivers\btmusb.sys [2009-10-22 520960]
R3 connctfy;Connectify Service;c:\windows\system32\DRIVERS\connctfy.sys [2010-08-11 29248]
R3 EUCR;EUCR;c:\windows\system32\DRIVERS\EUCR6SK.SYS [2009-12-05 82128]
R3 MAYA44;usb-audio.de driver for Maya44;c:\windows\system32\Drivers\Maya44.sys [2009-10-30 384064]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl.sys [2011-05-10 18432]
R3 netr28u;%Generic.Service.DispName%;c:\windows\system32\DRIVERS\netr28u.sys [2010-07-27 945504]
R3 pgusbmme;usb-audio.de MME-Adapter;c:\windows\system32\drivers\pgusbmm3.sys [2009-10-30 39488]
R3 RELOOP_CONTOUR;Reloop CONTOUR USB driver;c:\windows\system32\Drivers\rlcont_u.sys [2010-05-14 330304]
R3 RELOOP_CONTOUR_MIDI;Reloop CONTOUR WDM MIDI Device;c:\windows\system32\drivers\rlcont_m.sys [2010-05-14 26688]
R3 RELOOP_CONTOUR_WDM;Reloop CONTOUR WDM;c:\windows\system32\drivers\rlcont_a.sys [2010-05-14 40000]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2010-11-17 1343400]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2011-08-04 118104]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-01-08 172032]
S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files\Motorola\Bluetooth\obexsrv.exe [2009-10-20 480520]
S2 Connectify;Connectify;c:\program files\Connectify\Connectifyd.exe [2011-03-09 892992]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2011-08-09 163424]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2011-09-22 974944]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2011-08-04 103112]
S2 Micro Star SCM;Micro Star SCM;c:\program files\System Control Manager\MSIService.exe [2009-07-09 160768]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [2010-01-08 5191168]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-01-08 125440]
S3 Bluetooth Device Manager;Bluetooth Device Manager;c:\program files\Motorola\Bluetooth\devmgrsrv.exe [2009-10-22 3473672]
S3 Bluetooth Media Service;Bluetooth Media Service;c:\program files\Motorola\Bluetooth\audiosrv.exe [2009-08-15 709384]
S3 connctfyMP;connctfyMP;c:\windows\system32\DRIVERS\connctfy.sys [2010-08-11 29248]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2010-01-18 102400]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd32.sys [2010-01-19 5946368]
S3 NETw5s32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\DRIVERS\NETw5s32.sys [2009-12-18 6114816]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2011-06-10 394856]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
.
.
.
------- Doplňkový sken -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 213.46.172.36 213.46.172.37
TCP: Interfaces\{E256BE53-440F-4382-832B-D8395A83F958}: NameServer = 192.168.2.1
FF - ProfilePath - c:\users\KAREL\AppData\Roaming\Mozilla\Firefox\Profiles\ixftlnai.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
FF - Ext: Noia 2.0 eXtreme OPT: noia2_option@kk.noia - %profile%\extensions\noia2_option@kk.noia
FF - Ext: IE Tab 2 (FF 3.6+): {1BC9BA34-1EED-42ca-A505-6D2F1A935BBB} - %profile%\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}
FF - Ext: Noia 2.0 (eXtreme): {9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e} - %profile%\extensions\{9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e}
FF - Ext: Download Statusbar: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} - %profile%\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
.
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'Explorer.exe'(2356)
c:\program files\Classic Start Menu\VistaStartMenu.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\atieclxx.exe
c:\windows\system32\taskhost.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
c:\windows\servicing\TrustedInstaller.exe
c:\windows\system32\conhost.exe
c:\windows\System32\rundll32.exe
c:\windows\System32\rundll32.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Elantech\ETDCtrlHelper.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\sppsvc.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
.
**************************************************************************
.
Celkový čas: 2012-04-05 23:53:52 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-04-05 21:53
ComboFix2.txt 2012-04-04 18:35
.
Před spuštěním: Volných bajtů: 55 025 315 840
Po spuštění: Volných bajtů: 55 115 640 832
.
- - End Of File - - 41D5F9BE38134A6DA70EAEE1EF87D593

#10 Příspěvek od **vyosek** » 06 dub 2012 08:34

Log se zda OK, co nas pacient

nejep · #11 Příspěvek od **nejep** » 06 dub 2012 17:08

Skvělé, děkuji!

Jen se zeptám, je nějaký způsob, jak zabránit případné další samoinstalaci programu "Security Shield"? Chytnul jsem ho při procházení úplně obyčejného fóra - najednou se spustila java, a šup a byl tam. Přes Javu se asi nainstaloval.

Díky za případné info.

#12 Příspěvek od **vyosek** » 07 dub 2012 06:59

Tak jeste uklidime

Odinstalujte Combofix

Prejmenujte ComboFix na Uninstall
Spustte jej
Tohle smaze Combofix a jeho slozky

T-Cleaner http://vyosek.ic.cz/pro_usery/T-Cleaner.exe

Stahnete a spustte
Pro potvrzeni volby mackejte A, Enter
Po pouziti utilitu smazte
Antiviry touhou utilitu chybne oznacit jako vir - jedna se o falesny poplach - takze v pohode stahnete (pripadne vypnete pri stahovani antivir)

OTC http://oldtimer.geekstogo.com/OTC.exe

Stahnete a spustte
Kliknete na CleanUp a potvrdte YES
Program uklidi a restartuje PC

TFC http://oldtimer.geekstogo.com/TFC.exe

Stahnete a spustte
Kliknete na Start a potvrdte OK
Program uklidi a restartuje pc
Po pouziti utilitu smazte

Stahnete Ccleaner http://forum.viry.cz/viewtopic.php?t=7478
Panel čistič

Vse nechte jak je, jen dejte Analyzovat a pote Spustit CCleaner

Panel registry

dejte Hledej problémy
nasledne Opravit problémy - zalohu registru doporucuji udelat, opravte vsechny problemy
postup opakujte dokud nebude bez problemu - vetsinou cca 3x

Panel nástroje

Zde muzete odinstalovat nepotrebne programy

CCleaner doporucuji pouzivat cca jednou za tyden

A pokud nejsou problemy ci dotazy, je to z me strany vse

VIRY.CZ

Security Shield

Security Shield

Re: Security Shield

Re: Security Shield

Re: Security Shield

Re: Security Shield

Re: Security Shield

Re: Security Shield

Re: Security Shield

Re: Security Shield

Re: Security Shield

Re: Security Shield

Re: Security Shield