Blokovani PC - Policie CR - Ipanema

[Ipanema]

Ahoj nebo dobrý den.

Měl jsem ten stejný problém. Děti hrály hru přes web hxxp://ilike.cz/onlinehry a najednou se objevilo stejné varování s doporučením, ať zaplatím 2000,- a do asi 5ti dnů se mi PC odblokuje. No dál to nebudu popisovat.
PC ani nezobrazil plochu, ihned se plocha překryla bílou stránkou s upozorněním a textem "od Policie". Když jsem vytáhnul síťovku, tak jen čistou bílou stránkou. Stav nouze zobrazil plochu asi na 5 vteřin a následoval samovolný restart. Jediné co mi pomohlo (ať už jsem to udělal správně nebo ne), tak bylo vložení orig. DVD s Windows 7, nabootování a výběr volby "opravit tento počítač". Potom jsem vybral "obnovení bitové kopie systému". Tak jsem vybral poslední automatický bod obnovení z 4.2.2013. Obnova se dokončila, restartoval jsem PC a píšu sem.
PC aktuálně jede a je bez poskvrnky a snad taky bude. Nainstaloval jsem RogueKiller a nechal pracovat.
Výsledek je:

RogueKiller V8.5.0 [Feb 9 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Podpora : http://www.geekstogo.com/forum/files/fi ... guekiller/
Webové stránky : http://tigzy.geekstogo.com/roguekiller.php
: http://tigzyrk.blogspot.com/

Operační systém : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Spuštěno v : Normální režim
Uživatel : Leoš [Práva správce]
Mód : Kontrola -- Datum : 02/09/2013 22:50:15
| ARK || FAK || MBR |

¤¤¤ Škodlivé procesy: : 0 ¤¤¤

¤¤¤ ¤¤¤ Záznamy Registrů: : 5 ¤¤¤
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> NALEZENO
[HJ] HKLM\[...]\System : EnableLUA (0) -> NALEZENO
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> NALEZENO
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> NALEZENO
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NALEZENO

¤¤¤ Zvláštní soubory / Složky: ¤¤¤

¤¤¤ Ovladač : [NAHRÁNO] ¤¤¤

¤¤¤ Soubor HOSTS: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost
127.0.0.1 activate.adobe.com
127.0.0.1 practivate.adobe.com
127.0.0.1 ereg.adobe.com
127.0.0.1 activate.wip3.adobe.com
127.0.0.1 wip3.adobe.com
127.0.0.1 3dns-3.adobe.com
127.0.0.1 3dns-2.adobe.com
127.0.0.1 adobe-dns.adobe.com
127.0.0.1 adobe-dns-2.adobe.com
127.0.0.1 adobe-dns-3.adobe.com
127.0.0.1 ereg.wip3.adobe.com
127.0.0.1 activate-sea.adobe.com
127.0.0.1 wwis-dubc1-vip60.adobe.com
127.0.0.1 activate-sjc0.adobe.com
::1 localhost
127.0.0.1 localhost127.0.0.1


¤¤¤ Kontrola MBR: ¤¤¤

+++++ PhysicalDrive0: ST375052 8AS SCSI Disk Device +++++
--- User ---
[MBR] 861e8129f000c83ca05a95beddc4376c
[BSP] 342022ac34332ca1e09426c7da13647c : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 99998 Mo
1 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 204796620 | Size: 615396 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Dokončeno : << RKreport[1]_S_02092013_02d2250.txt >>
RKreport[1]_S_02092013_02d2250.txt


a tento.
Je něco z toho, co už někdo zná a můžu to odstranit a je to kupříkladu něco z "upozornění od Policie"?

Web adresu píšu záměrně, nechci na nikoho ukazovat, ale už kdysi se mi PC zablokoval virem ihned po návštěvě na tento web a dnes se tento vir ukázal na obrazovce přímo v hraní hry. Pravidelně používám Eset Smart Security 5 (originální klíč) a Ad-Aware Free verze

Děkuji za případnou pomoc nebo radu.

[vyosek]

Zdravim

Prispevek jsem Vam oddelil od puvodniho, do cizich se neleze, jen vznika pak zmatek

Spustte znovu RogueKiller

• Pokud pouzivate Win Vista ci W7, kliknete na RogueKiller pravym a dejte Run As Administrator ci Spustit jako spravce
• Zvolte moznost Prohledat a pote Smazat a nasledne Zprava - otevre se log, ten sem vlozte
• Pak kliknete na Oprava Host a Zprava - otevre se log, ten sem vlozte

Dejte log z RSIT http://forum.viry.cz/viewtopic.php?f=13&t=105895

[Ipanema]

Omlouvám se za vlezení, ale jelikož je to prakticky stejný problém, tak jsem myslel, že to tak bude lepší.
Děkuji Vám za pomoc, doufám, že to udělám vše správně. PC zatím jede.

log po smazání
RogueKiller V8.5.0 [Feb 9 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Podpora : http://www.geekstogo.com/forum/files/fi ... guekiller/
Webové stránky : http://tigzy.geekstogo.com/roguekiller.php
: http://tigzyrk.blogspot.com/

Operační systém : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Spuštěno v : Normální režim
Uživatel : Leoš [Práva správce]
Mód : Odebrat -- Datum : 02/09/2013 23:31:44
| ARK || FAK || MBR |

¤¤¤ Škodlivé procesy: : 0 ¤¤¤

¤¤¤ ¤¤¤ Záznamy Registrů: : 5 ¤¤¤
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> NAHRAZENO (2)
[HJ] HKLM\[...]\System : EnableLUA (0) -> NAHRAZENO (1)
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> NAHRAZENO (1)
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> NAHRAZENO (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NAHRAZENO (0)

¤¤¤ Zvláštní soubory / Složky: ¤¤¤

¤¤¤ Ovladač : [NAHRÁNO] ¤¤¤

¤¤¤ Soubor HOSTS: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost
127.0.0.1 activate.adobe.com
127.0.0.1 practivate.adobe.com
127.0.0.1 ereg.adobe.com
127.0.0.1 activate.wip3.adobe.com
127.0.0.1 wip3.adobe.com
127.0.0.1 3dns-3.adobe.com
127.0.0.1 3dns-2.adobe.com
127.0.0.1 adobe-dns.adobe.com
127.0.0.1 adobe-dns-2.adobe.com
127.0.0.1 adobe-dns-3.adobe.com
127.0.0.1 ereg.wip3.adobe.com
127.0.0.1 activate-sea.adobe.com
127.0.0.1 wwis-dubc1-vip60.adobe.com
127.0.0.1 activate-sjc0.adobe.com
::1 localhost
127.0.0.1 localhost127.0.0.1


¤¤¤ Kontrola MBR: ¤¤¤

+++++ PhysicalDrive0: ST375052 8AS SCSI Disk Device +++++
--- User ---
[MBR] 861e8129f000c83ca05a95beddc4376c
[BSP] 342022ac34332ca1e09426c7da13647c : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 99998 Mo
1 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 204796620 | Size: 615396 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Dokončeno : << RKreport[2]_D_02092013_02d2331.txt >>
RKreport[1]_S_02092013_02d2330.txt ; RKreport[2]_D_02092013_02d2331.txt

log po opravě Host souboru
RogueKiller V8.5.0 [Feb 9 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Podpora : http://www.geekstogo.com/forum/files/fi ... guekiller/
Webové stránky : http://tigzy.geekstogo.com/roguekiller.php
: http://tigzyrk.blogspot.com/

Operační systém : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Spuštěno v : Normální režim
Uživatel : Leoš [Práva správce]
Mód : Oprava HOSTS -- Datum : 02/09/2013 23:33:11
| ARK || FAK || MBR |

¤¤¤ Škodlivé procesy: : 0 ¤¤¤

¤¤¤ ¤¤¤ Záznamy Registrů: : 0 ¤¤¤

¤¤¤ Ovladač : [NAHRÁNO] ¤¤¤

¤¤¤ Soubor HOSTS: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost
127.0.0.1 activate.adobe.com
127.0.0.1 practivate.adobe.com
127.0.0.1 ereg.adobe.com
127.0.0.1 activate.wip3.adobe.com
127.0.0.1 wip3.adobe.com
127.0.0.1 3dns-3.adobe.com
127.0.0.1 3dns-2.adobe.com
127.0.0.1 adobe-dns.adobe.com
127.0.0.1 adobe-dns-2.adobe.com
127.0.0.1 adobe-dns-3.adobe.com
127.0.0.1 ereg.wip3.adobe.com
127.0.0.1 activate-sea.adobe.com
127.0.0.1 wwis-dubc1-vip60.adobe.com
127.0.0.1 activate-sjc0.adobe.com
::1 localhost
127.0.0.1 localhost127.0.0.1


¤¤¤ Resetovaný HOSTS: ¤¤¤
127.0.0.1 localhost

Dokončeno : << RKreport[3]_H_02092013_02d2333.txt >>
RKreport[1]_S_02092013_02d2330.txt ; RKreport[2]_D_02092013_02d2331.txt ; RKreport[3]_H_02092013_02d2333.txt

log z RSIT
Logfile of random's system information tool 1.09 (written by random/random)
Run by Leoš at 2013-02-09 23:34:52
Microsoft Windows 7 Professional Service Pack 1
System drive C: has 31 GB (31%) free of 100 GB
Total RAM: 2047 MB (36% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 23:35:01, on 9.2.2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16448)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Opera\opera.exe
C:\Program Files\Adobe\Adobe Photoshop CS4\Photoshop.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Windows\system32\notepad.exe
C:\Windows\system32\notepad.exe
C:\Users\Leoš\AppData\Local\Opera\Opera\temporary_downloads\RSIT.exe
C:\Program Files\trend micro\Leoš.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Převést cíl vazby do Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Převést cíl vazby do existujícího PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Převést do Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Převést do existujícího PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Převést vybrané vazby do Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Převést vybrané vazby do existujícího PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Převést výběr do Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Převést výběr do existujícího PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} (Detekce zařízení) - http://www.logitech.com/devicedetector/ ... tion32.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS4 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft Limited - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Internet Pass-Through Service (PassThru Service) - Unknown owner - C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
O23 - Service: Poweroff - Jorgen Bosman - C:\Windows\system32\poweroff.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe

--
End of file - 7233 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 63136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre7\bin\ssv.dll [2012-11-22 449512]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17 441592]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
AcroIEToolbarHelper Class - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2004-12-14 225280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL [2010-12-21 561552]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2012-11-22 155384]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2004-12-14 225280]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"egui"=C:\Program Files\ESET\ESET Smart Security\egui.exe [2012-03-07 3117344]
"IntelliPoint"=C:\Program Files\Microsoft IntelliPoint\ipoint.exe [2011-08-01 1821576]
""= []
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [2012-06-11 10996368]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2013-01-08 18705664]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0]
C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe [2004-12-14 483328]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service]
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe [2012-06-29 403552]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AcronisTimounterMonitor]
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe [2012-06-29 1173224]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [2008-08-14 611712]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe_ID0ENQBO]
C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE [2008-08-15 378224]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [2012-05-30 59280]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2008-01-22 152872]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BrowserChoice]
C:\Windows\System32\browserchoice.exe [2010-02-11 293376]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HTC Sync Loader]
C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe [2012-09-25 655360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2012-06-07 421776]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2008-05-28 570664]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Common Files\Java\Java Update\jusched.exe [2012-07-03 252848]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrueImageMonitor.exe]
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe [2012-06-29 5980024]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\XNeat Windows Manager]
C:\Program Files\XNeat Windows Manager\xnViewer.exe [2008-03-03 77824]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Adobe Acrobat Speed Launcher.lnk - C:\Windows\Installer\{AC76BA86-1033-C740-7760-000000000002}\SC_Acrobat.exe
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableLinkedConnections"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\backitup.exe]
"Debugger=""C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccleaner.exe]
"Debugger=""C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cdspeed.exe]
"Debugger=""C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\coverdes.exe]
"Debugger=""C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\drivespeed.exe]
"Debugger=""C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\infotool.exe]
"Debugger=""C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mediabuilder.exe]
"Debugger=""C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nero.exe]
"Debugger=""C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\neroburnrights.exe]
"Debugger=""C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nerohome.exe]
"Debugger=""C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\neroscoutoptions.exe]
"Debugger=""C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nerostartsmart.exe]
"Debugger=""C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\neroupgrade.exe]
"Debugger=""C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\recode.exe]
"Debugger=""C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\setupneromobile.exe]
"Debugger=""C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\setupx.exe]
"Debugger=""C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\teamviewer.exe]
"Debugger=""C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\trueimagelauncher.exe]
"Debugger=""C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\trueimagetools.exe]
"Debugger=""C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\uninst.exe]
"Debugger=""C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"VIDC.I420"=lvcodec2.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=l3codecp.acm
"vidc.cvid"=iccvid.dll
"wave5"=wdmaud.drv
"midi5"=wdmaud.drv
"mixer5"=wdmaud.drv
"aux5"=wdmaud.drv
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"VIDC.FMVC"=fmcodec.dll
"wave6"=wdmaud.drv
"midi6"=wdmaud.drv
"mixer6"=wdmaud.drv
"aux1"=wdmaud.drv
"wave7"=wdmaud.drv
"midi7"=wdmaud.drv
"mixer7"=wdmaud.drv
"aux2"=wdmaud.drv
"VIDC.FFDS"=ff_vfw.dll
"VIDC.LAGS"=lagarith.dll
"VIDC.XVID"=xvidvfw.dll
"msacm.ac3acm"=ac3acm.acm
"MSVideo"=vfwwdm32.dll
"MSVideo8"=VfWWDM32.dll
"vidc.x264"=x264vfw.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave8"=wdmaud.drv
"midi8"=wdmaud.drv
"mixer8"=wdmaud.drv
"aux3"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2013-02-09 23:34:52 ----D---- C:\rsit
2013-02-09 23:34:52 ----D---- C:\Program Files\trend micro
2013-02-05 13:17:48 ----D---- C:\backup
2013-02-05 11:11:50 ----D---- C:\ProgramData\HTC
2013-02-05 11:11:38 ----D---- C:\Users\Leoš\AppData\Roaming\HTC Sync
2013-02-05 08:58:43 ----D---- C:\Program Files\Unlockroot
2013-02-05 08:55:32 ----D---- C:\ProgramData\Motorola
2013-02-05 08:55:26 ----D---- C:\Program Files\Common Files\Nero
2013-01-28 15:15:45 ----D---- C:\Program Files\Common Files\Skype
2013-01-28 15:15:35 ----RD---- C:\Program Files\Skype

======List of files/folders modified in the last 1 month======

2013-02-09 23:34:57 ----D---- C:\Windows\Temp
2013-02-09 23:34:52 ----RD---- C:\Program Files
2013-02-09 23:34:40 ----SHD---- C:\System Volume Information
2013-02-09 23:34:14 ----D---- C:\Windows\system32\drivers
2013-02-09 22:39:17 ----D---- C:\ProgramData\NVIDIA
2013-02-09 22:33:14 ----D---- C:\Windows\system32\config
2013-02-09 22:33:12 ----SHD---- C:\Windows\Installer
2013-02-09 22:33:12 ----D---- C:\Windows\Tasks
2013-02-09 22:33:12 ----D---- C:\Windows\system32\wfp
2013-02-09 22:33:12 ----D---- C:\Windows\system32\DriverStore
2013-02-09 22:33:12 ----D---- C:\Windows\system32\drivers\UMDF
2013-02-09 22:33:12 ----D---- C:\Windows\system32\CodeIntegrity
2013-02-09 22:33:12 ----D---- C:\Windows\system32\catroot2
2013-02-09 22:33:12 ----D---- C:\Windows\System32
2013-02-09 22:33:12 ----D---- C:\Windows\inf
2013-02-09 22:33:12 ----D---- C:\Windows\AppCompat
2013-02-09 22:33:12 ----D---- C:\Windows
2013-02-09 22:33:12 ----D---- C:\Users\Leoš\AppData\Roaming\XnView
2013-02-09 22:33:12 ----D---- C:\Users\Leoš\AppData\Roaming\Winamp
2013-02-09 22:33:11 ----HD---- C:\ProgramData
2013-02-09 22:33:11 ----D---- C:\Users\Leoš\AppData\Roaming\GHISLER
2013-02-09 22:33:11 ----D---- C:\ProgramData\FLEXnet
2013-02-09 22:33:11 ----D---- C:\Program Files\Spirent Communications
2013-02-09 22:33:11 ----D---- C:\Program Files\HTC
2013-02-09 22:33:08 ----D---- C:\Windows\system32\wbem
2013-02-09 22:33:07 ----D---- C:\Windows\winsxs
2013-02-09 22:33:07 ----D---- C:\Windows\registration
2013-02-09 22:33:02 ----D---- C:\Windows\system32\catroot
2013-02-09 22:32:58 ----D---- C:\Users\Leoš\AppData\Roaming\Skype
2013-02-09 22:32:52 ----D---- C:\Program Files\Common Files
2013-02-09 22:27:32 ----D---- C:\Windows\system32\LogFiles
2013-02-05 11:11:50 ----D---- C:\Users\Leoš\AppData\Roaming\HTC
2013-02-05 08:55:41 ----D---- C:\Users\Leoš\AppData\Roaming\Apple Computer
2013-02-04 13:33:14 ----A---- C:\Windows\system32\PerfStringBackup.INI
2013-01-31 23:27:18 ----D---- C:\Users\Leoš\AppData\Roaming\Dropbox
2013-01-30 14:25:14 ----D---- C:\Users\Leoš\AppData\Roaming\BSplayer PRO
2013-01-28 15:15:51 ----D---- C:\ProgramData\Skype
2013-01-22 14:19:11 ----RSD---- C:\Windows\Fonts
2013-01-17 08:33:22 ----D---- C:\ProgramData\Microsoft Help

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 epfwwfp;epfwwfp; C:\Windows\system32\DRIVERS\epfwwfp.sys [2012-03-14 50624]
R0 fltsrv;Acronis Storage Filter Management; C:\Windows\system32\DRIVERS\fltsrv.sys [2012-08-07 80416]
R0 m5287;m5287; C:\Windows\system32\drivers\m5287.sys [2005-09-23 103680]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 173440]
R0 snapman;Acronis Snapshots Manager; C:\Windows\system32\DRIVERS\snapman.sys [2012-08-07 177600]
R0 tdrpman;Acronis Try&Decide and Restore Points filter; C:\Windows\system32\DRIVERS\tdrpman.sys [2012-08-07 775232]
R0 timounter;Acronis Backup Archive Explorer; C:\Windows\system32\DRIVERS\timntr.sys [2012-08-07 614592]
R0 UliPnp;ULi PnP Driver; C:\Windows\system32\drivers\ulipnp.sys [2005-12-30 8064]
R0 vididr;Acronis Virtual Disk; C:\Windows\system32\DRIVERS\vididr.sys [2012-08-07 126880]
R0 vidsflt67;Acronis Disk Storage Filter (67); C:\Windows\system32\DRIVERS\vsflt67.sys [2012-08-07 86496]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-20 388096]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2012-08-07 242240]
R1 eamonm;eamonm; C:\Windows\system32\DRIVERS\eamonm.sys [2012-03-14 169080]
R1 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [2012-03-14 120152]
R1 EpfwLWF;Epfw NDIS LightWeight Filter; C:\Windows\system32\DRIVERS\EpfwLWF.sys [2012-03-14 33656]
R2 epfw;epfw; C:\Windows\system32\DRIVERS\epfw.sys [2012-03-14 148504]
R3 dc3d;MS Hardware Device Detection Driver (USB); C:\Windows\system32\DRIVERS\dc3d.sys [2011-08-01 45288]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2012-06-19 3240400]
R3 LVUSBSta;Logitech USB Monitor Filter; C:\Windows\system32\drivers\lvusbsta.sys [2006-11-10 40352]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\Windows\system32\DRIVERS\ASACPI.sys [2004-08-13 5810]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\Windows\system32\drivers\nvhda32v.sys [2012-04-18 148800]
R3 PID_PEPI;Logitech QuickCam IM(PID_PEPI); C:\Windows\system32\DRIVERS\LV302V32.SYS [2006-11-10 933536]
R3 Point32;Microsoft IntelliPoint Filter Driver; C:\Windows\system32\DRIVERS\point32.sys [2011-08-01 40936]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv; \??\C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys [2012-05-03 10064]
S2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
S3 afcdp;afcdp; C:\Windows\system32\DRIVERS\afcdp.sys [2012-08-07 234752]
S3 aic78xx;aic78xx; C:\Windows\system32\drivers\djsvs.sys [2009-07-14 70720]
S3 amdagp;AMD AGP Bus Filter Driver; C:\Windows\system32\drivers\amdagp.sys [2009-07-14 53312]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-13 229888]
S3 dmvsc;dmvsc; C:\Windows\system32\drivers\dmvsc.sys [2010-11-20 62464]
S3 HTCAND32;HTC Device Driver; C:\Windows\System32\Drivers\ANDROIDUSB.sys [2009-10-26 25088]
S3 htcnprot;HTC NDIS Protocol Driver; C:\Windows\system32\DRIVERS\htcnprot.sys [2010-06-23 23040]
S3 Lavasoft Kernexplorer;Lavasoft helper driver; \??\C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys [2012-03-20 15232]
S3 m5288;m5288; C:\Windows\system32\drivers\m5288.sys [2005-12-23 210304]
S3 m5289;m5289; C:\Windows\system32\drivers\m5289.sys [2005-07-04 52480]
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12368]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-20 133632]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-20 5632]
S3 sisagp;SIS AGP Bus Filter; C:\Windows\system32\drivers\sisagp.sys [2009-07-14 52304]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-20 28032]
S3 TsUsbFlt;@%SystemRoot%\system32\drivers\tsusbflt.sys,-1; C:\Windows\System32\drivers\tsusbflt.sys [2010-11-20 52224]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2012-04-25 43520]
S3 viaagp;VIA AGP Bus Filter; C:\Windows\system32\drivers\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\drivers\viac7.sys [2009-07-14 52736]
S3 vmbus;vmbus; C:\Windows\system32\drivers\vmbus.sys [2010-11-20 175360]
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-20 17920]
S3 WinUSB;Android USB Driver; C:\Windows\system32\DRIVERS\WinUSB.sys [2010-11-20 35968]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2012-03-07 913144]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2012-05-15 645440]
R2 PassThru Service;Internet Pass-Through Service; C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe [2012-04-13 88576]
R2 Poweroff;Poweroff; C:\Windows\system32\poweroff.exe [2003-08-16 172032]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service; C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-05-15 382272]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service; C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe [2012-07-04 1528672]
R2 UxTuneUp;@%SystemRoot%\System32\uxtuneup.dll,-4096; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2012-07-17 1713904]
R3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2012-08-07 655624]
R3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2012-08-07 2152720]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 SkypeUpdate;Skype Updater; C:\Program Files\Skype\Updater\Updater.exe [2013-01-08 161536]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2012-08-07 72704]
S3 Adobe Version Cue CS4;Adobe Version Cue CS4; C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2008-08-15 284016]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2010-03-18 35160]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2012-06-07 821648]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2012-08-06 1343400]
S4 AcrSch2Svc;Acronis Scheduler2 Service; C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [2012-06-29 821448]
S4 afcdpsrv;Acronis Nonstop Backup Service; C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe [2012-08-07 3454928]
S4 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2012-05-24 55184]
S4 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2011-08-30 390504]
S4 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2008-04-08 800040]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2008-01-22 275752]
S4 PLFlash DeviceIoControl Service;PLFlash DeviceIoControl Service; C:\Windows\system32\IoctlSvc.exe [2006-12-19 81920]
S4 syncagentsrv;Acronis Sync Agent Service; C:\Program Files\Common Files\Acronis\SyncAgent\syncagentsrv.exe [2012-06-29 5921736]
S4 TeamViewer7;TeamViewer 7; C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe [2012-07-16 2673064]

-----------------EOF-----------------

[vyosek]

Poprosim i o druhy log z RSIT s nazvem info.txt, je ulozen v c:\rsit

Jen se zeptam, na ten ESET je tam zakoupena licence

[Ipanema]

Dobrý den, NOD32 je legální, nepoužívám žádné vylepšovače, jestli se tím myslí to, co jsem myslel já...
Mně je spíš divné, že (asi může do PC projít vše, ale že) mi do PC prošlo něco takového při ESET Firewallu, ESET Antiviru a aspoň 1-2x měsíčně kontroluji přes Ad-Aware.
log je zde:

info.txt logfile of random's system information tool 1.09 2013-02-09 23:35:06

======Uninstall list======

-->C:\Program Files\Nero\Nero 7\\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\Windows\UNNeroBackItUp.exe /UNINSTALL
-->C:\Windows\UNRecode.exe /UNINSTALL
-->MsiExec /X{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}
7-Zip 9.20-->"C:\Program Files\7-Zip\Uninstall.exe"
Acronis True Image Home 2012-->C:\Program Files\Acronis\TrueImageHome\Uninstall.exe
Acronis True Image Home 2012-->MsiExec.exe /X{E8ECA955-8217-41C1-986D-C37775E716D6}
Ad-Aware-->MsiExec.exe /X{D0046F17-A170-4E07-A349-F1BCB3A8A8EB}
Adobe AIR-->c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{14DC0059-00F1-4F62-BD1A-AB23CD51A95E}
Adobe Anchor Service CS4-->MsiExec.exe /I{1618734A-3957-4ADD-8199-F973763109A8}
Adobe Asset Services CS4-->MsiExec.exe /I{B9F4561A-924D-4510-A85A-BB0960C338CB}
Adobe Bridge 1.0-->MsiExec.exe /I{B74D4E10-6884-0000-0000-000000000101}
Adobe Bridge CS4-->MsiExec.exe /I{83877DB1-8B77-45BC-AB43-2BAC22E093E0}
Adobe CMaps CS4-->MsiExec.exe /I{94D398EB-D2FD-4FD1-B8C4-592635E8A191}
Adobe Color - Photoshop Specific CS4-->MsiExec.exe /I{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}
Adobe Color EU Recommended Settings CS4-->MsiExec.exe /I{0DC0E85F-36E4-463B-B3EA-4CD8ED2222A1}
Adobe Color JA Extra Settings CS4-->MsiExec.exe /I{0D6013AB-A0C7-41DC-973C-E93129C9A29F}
Adobe Color NA Extra Settings CS4-->MsiExec.exe /I{098A2A49-7CF3-4F08-A38D-FB879117152A}
Adobe Color Video Profiles CS CS4-->MsiExec.exe /I{63C24A08-70F3-4C8E-B9FB-9F21A903801D}
Adobe Common File Installer-->MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5101}
Adobe Creative Suite 2-->C:\PROGRA~1\INSTAL~1\{0134A~1\setup.exe /relaunched/rootloc=e:\adobe creative suite 2.0/lang=0405
Adobe Creative Suite 4 Design Premium-->C:\Program Files\Common Files\Adobe\Installers\b421102ce31f2649ef3785f2a17166f\Setup.exe --uninstall=1
Adobe Creative Suite 4 Design Premium-->MsiExec.exe /I{83744391-B5A4-40E3-8A7D-E8BF39CB00ED}
Adobe CSI CS4-->MsiExec.exe /I{0F723FC1-7606-4867-866C-CE80AD292DAF}
Adobe Default Language CS4-->MsiExec.exe /I{C52E3EC1-048C-45E1-8D53-10B0C6509683}
Adobe Device Central CS4-->MsiExec.exe /I{67F0E67A-8E93-4C2C-B29D-47C48262738A}
Adobe ExtendScript Toolkit CS4-->MsiExec.exe /I{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}
Adobe Extension Manager CS4-->MsiExec.exe /I{054EFA56-2AC1-48F4-A883-0AB89874B972}
Adobe Flash Player 11 ActiveX-->C:\Windows\system32\Macromed\Flash\FlashUtil32_11_3_300_268_ActiveX.exe -maintain activex
Adobe Flash Player 11 Plugin-->C:\Windows\system32\Macromed\Flash\FlashUtil32_11_3_300_268_Plugin.exe -maintain plugin
Adobe Fonts All-->MsiExec.exe /I{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}
Adobe Help Center 1.0-->MsiExec.exe /I{E9787678-1033-0000-8E67-000000000001}
Adobe Illustrator CS4-->MsiExec.exe /I{87532CAB-7932-4F84-8937-823337622807}
Adobe InDesign CS4 Application Feature Set Files (Roman)-->MsiExec.exe /I{2BAF2B96-7560-48B4-87D4-10178DDBE217}
Adobe InDesign CS4 Common Base Files-->MsiExec.exe /I{7CC7BDD5-6F10-4724-96A1-EAC7D9F2831C}
Adobe InDesign CS4 Icon Handler-->MsiExec.exe /I{1E04CB54-AF4E-4AC3-B4B7-C0A160BE57F1}
Adobe InDesign CS4-->MsiExec.exe /I{1DCA3EAA-6EB5-4563-A970-EA14D75037BA}
Adobe Linguistics CS4-->MsiExec.exe /I{931AB7EA-3656-4BB7-864D-022B09E3DD67}
Adobe Media Encoder CS4 Importer-->MsiExec.exe /I{8186FF34-D389-4B7E-9A2F-C197585BCFBD}
Adobe Output Module-->MsiExec.exe /I{BB4E33EC-8181-4685-96F7-8554293DEC6A}
Adobe PDF Library Files CS4-->MsiExec.exe /I{F93C84A6-0DC6-42AF-89FA-776F7C377353}
Adobe Photoshop CS4 Support-->MsiExec.exe /I{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}
Adobe Photoshop CS4-->MsiExec.exe /I{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}
Adobe Search for Help-->MsiExec.exe /I{F0E64E2E-3A60-40D8-A55D-92F6831875DA}
Adobe Service Manager Extension-->MsiExec.exe /I{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}
Adobe Setup-->MsiExec.exe /I{425AD62D-5B16-494C-8AAB-6B3D0CF2527A}
Adobe SGM CS4-->MsiExec.exe /I{15BF7AAF-846C-4A6D-80E1-5D1FC7FB461B}
Adobe SING CS4-->MsiExec.exe /I{4A52555C-032A-4083-BDD9-6A85ABFB39A8}
Adobe Stock Photos 1.0-->MsiExec.exe /I{786C5747-1437-443D-B06E-79A00FE45110}
Adobe SVG Viewer 3.0-->C:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Winstall.exe -u -fC:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Install.log
Adobe Type Support CS4-->MsiExec.exe /I{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}
Adobe Update Manager CS4-->MsiExec.exe /I{05308C4E-7285-4066-BAE3-6B50DA6ED755}
Adobe Version Cue CS4 Server-->MsiExec.exe /I{1B7C06E1-4888-47A6-992A-0990B9683486}
Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}
Adobe XMP Panels CS4-->MsiExec.exe /I{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}
AdobeColorCommonSetCMYK-->MsiExec.exe /I{68243FF8-83CA-466B-B2B8-9F99DA5479C4}
AdobeColorCommonSetRGB-->MsiExec.exe /I{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}
Android SDK Tools-->C:\Program Files\Android\android-sdk\uninstall.exe
Apple Application Support-->MsiExec.exe /I{122ADF8C-DDA1-480C-9936-C88F2825B265}
Apple Mobile Device Support-->MsiExec.exe /I{8F1ADE4D-EFAC-4F5A-B346-23C2687FAF50}
Apple Software Update-->MsiExec.exe /I{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}
aTube Catcher-->C:\Program Files\DsNET Corp\aTube Catcher 2.0\uninstall.exe
Auto Hide IP-->"C:\Program Files\AutoHideIP\uninst.exe"
Bonjour-->MsiExec.exe /X{79155F2B-9895-49D7-8612-D92580E0DE5B}
BS.Player PRO-->"C:\Program Files\Webteh\BSplayerPro\uninstall.exe"
CCleaner-->"C:\Program Files\CCleaner\uninst.exe"
CDex - Open Source Digital Audio CD Extractor-->C:\Program Files\CDex\uninstall.exe
Connect-->MsiExec.exe /I{B29AD377-CC12-490A-A480-1452337C618D}
D3DX10-->MsiExec.exe /X{E09C4DB7-630C-4F06-A631-8EA7239923AF}
DAEMON Tools Lite-->C:\Program Files\DAEMON Tools Lite\uninst.exe
Definition update for Microsoft Office 2010 (KB982726)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-003D-0000-0000-0000000FF1CE}" "{E14AE329-F210-4EDD-B775-290821C66C1F}" "1029" "0"
DoublePlayer 1.00-->C:\Users\Leoš\Documents\DoublePlayer\Uninstall.exe
Freeware PDF Unlocker-->MsiExec.exe /X{010C0B4A-DC93-4BB4-893B-BDDE95355A3E}
HTC BMP USB Driver-->MsiExec.exe /I{31A559C1-9E4D-423B-9DD3-34A6C5398752}
HTC Driver Installer-->MsiExec.exe /X{6D6664A9-3342-4948-9B7E-034EFE366F0F}
HTC Sync-->MsiExec.exe /I{C71F947D-C500-4C00-AF0A-8B397A3F9DE5}
iTunes-->MsiExec.exe /I{6AD9F5F3-5BD0-4000-BD9C-B536CF86D988}
Java 7 Update 9-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83217009FF}
JavaFX 2.1.1-->MsiExec.exe /X{1111706F-666A-4037-7777-211328764D10}
Junk Mail filter update-->MsiExec.exe /I{400C31E4-796F-4E86-8FDC-C3C4FACC6847}
K-Lite Mega Codec Pack 9.1.0-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"
kuler-->MsiExec.exe /I{098727E1-775A-4450-B573-3F441F1CA243}
Mask My IP-->"C:\Program Files\MaskMyIP\uninst.exe"
Microsoft .NET Framework 4 Client Profile CSY Language Pack-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\ClientLP\Setup.exe /repair /x86 /lcid 1029 /parameterfolder ClientLP
Microsoft .NET Framework 4 Client Profile CSY Language Pack-->MsiExec.exe /X{7036A6F4-5DAD-3908-956D-1752CD7F7E5A}
Microsoft .NET Framework 4 Client Profile-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\Setup.exe /repair /x86 /parameterfolder Client
Microsoft .NET Framework 4 Client Profile-->MsiExec.exe /X{3C3901C5-3455-3E0A-A214-0B093A5070A6}
Microsoft .NET Framework 4 Extended CSY Language Pack-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\ExtendedLP\Setup.exe /repair /x86 /lcid 1029 /parameterfolder ExtendedLP
Microsoft .NET Framework 4 Extended CSY Language Pack-->MsiExec.exe /X{A2DE62D8-EF1B-36CB-B461-B1E221ED8608}
Microsoft .NET Framework 4 Extended-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Extended\Setup.exe /repair /x86 /parameterfolder Extended
Microsoft .NET Framework 4 Extended-->MsiExec.exe /X{0A0CADCF-78DA-33C4-A350-CD51849B9702}
Microsoft IntelliPoint 8.2-->msiexec.exe /I {942E5031-2BD6-4C1B-918C-C8A1CBAE7B8C}
Microsoft IntelliPoint 8.2-->MsiExec.exe /X{942E5031-2BD6-4C1B-918C-C8A1CBAE7B8C}
Microsoft Office 2010 pro podnikatele-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\setup.exe" /uninstall SINGLEIMAGE /dll OSETUP.DLL
Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0015-0405-0000-0000000FF1CE}" "{E6C0DAE8-3840-4117-AB4D-674930D0DDE9}" "1029" "0"
Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0016-0405-0000-0000000FF1CE}" "{E6C0DAE8-3840-4117-AB4D-674930D0DDE9}" "1029" "0"
Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0018-0405-0000-0000000FF1CE}" "{E6C0DAE8-3840-4117-AB4D-674930D0DDE9}" "1029" "0"
Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0019-0405-0000-0000000FF1CE}" "{E6C0DAE8-3840-4117-AB4D-674930D0DDE9}" "1029" "0"
Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001A-0405-0000-0000000FF1CE}" "{E6C0DAE8-3840-4117-AB4D-674930D0DDE9}" "1029" "0"
Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001B-0405-0000-0000000FF1CE}" "{E6C0DAE8-3840-4117-AB4D-674930D0DDE9}" "1029" "0"
Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001F-0405-0000-0000000FF1CE}" "{2304F942-79D2-46F7-A512-269A7F5B7EFC}" "1029" "0"
Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001F-0407-0000-0000000FF1CE}" "{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" "1029" "0"
Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001F-0409-0000-0000000FF1CE}" "{99ACCA38-6DD3-48A8-96AE-A283C9759279}" "1029" "0"
Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001F-041B-0000-0000000FF1CE}" "{A162C5E6-7778-4D5B-9F0A-38F0122DD859}" "1029" "0"
Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-002C-0405-0000-0000000FF1CE}" "{8148DB19-71B1-4415-8B26-DF5B9E873FC3}" "1029" "0"
Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-003D-0000-0000-0000000FF1CE}" "{047B0968-E622-4FAA-9B4B-121FA109EDDE}" "1029" "0"
Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-006E-0405-0000-0000000FF1CE}" "{EEF3E2C0-135B-44DC-BEDD-7F01CFBEFF46}" "1029" "0"
Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-00A1-0405-0000-0000000FF1CE}" "{E6C0DAE8-3840-4117-AB4D-674930D0DDE9}" "1029" "0"
Microsoft Office Access MUI (Czech) 2010-->MsiExec.exe /X{90140000-0015-0405-0000-0000000FF1CE}
Microsoft Office Excel MUI (Czech) 2010-->MsiExec.exe /X{90140000-0016-0405-0000-0000000FF1CE}
Microsoft Office OneNote MUI (Czech) 2010-->MsiExec.exe /X{90140000-00A1-0405-0000-0000000FF1CE}
Microsoft Office Outlook MUI (Czech) 2010-->MsiExec.exe /X{90140000-001A-0405-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (Czech) 2010-->MsiExec.exe /X{90140000-0018-0405-0000-0000000FF1CE}
Microsoft Office Proof (Czech) 2010-->MsiExec.exe /X{90140000-001F-0405-0000-0000000FF1CE}
Microsoft Office Proof (English) 2010-->MsiExec.exe /X{90140000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (German) 2010-->MsiExec.exe /X{90140000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Slovak) 2010-->MsiExec.exe /X{90140000-001F-041B-0000-0000000FF1CE}
Microsoft Office Proofing (Czech) 2010-->MsiExec.exe /X{90140000-002C-0405-0000-0000000FF1CE}
Microsoft Office Publisher MUI (Czech) 2010-->MsiExec.exe /X{90140000-0019-0405-0000-0000000FF1CE}
Microsoft Office Shared MUI (Czech) 2010-->MsiExec.exe /X{90140000-006E-0405-0000-0000000FF1CE}
Microsoft Office Single Image 2010-->MsiExec.exe /X{90140000-003D-0000-0000-0000000FF1CE}
Microsoft Office Word MUI (Czech) 2010-->MsiExec.exe /X{90140000-001B-0405-0000-0000000FF1CE}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319-->MsiExec.exe /X{196BB40D-1578-3D01-B289-BEFC77A11A1E}
MSVCRT-->MsiExec.exe /I{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}
MSVCRT110-->MsiExec.exe /I{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
MSXML 4.0 SP3 Parser-->MsiExec.exe /I{196467F1-C11F-4F76-858B-5812ADC83B94}
Nero 7 Premium-->MsiExec.exe /X{C6115A28-F277-4E82-B067-84D28BF21029}
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
NVIDIA Ovladač 3D Vision 301.42-->"C:\Windows\system32\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\installer.0\NVI2.DLL",UninstallPackage Display.3DVision
NVIDIA Ovladač HD audia 1.3.16.0-->"C:\Windows\system32\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\installer.0\NVI2.DLL",UninstallPackage HDAudio.Driver
NVIDIA Ovladač řídící jednotky 3D Vision 301.42-->"C:\Windows\system32\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\installer.0\NVI2.DLL",UninstallPackage Display.NVIRUSB
NVIDIA Ovladače grafiky 301.42-->"C:\Windows\system32\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\installer.0\NVI2.DLL",UninstallPackage Display.Driver
NVIDIA PhysX-->MsiExec.exe /X{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}
NVIDIA Stereoscopic 3D Driver-->"C:\Program Files\NVIDIA Corporation\3D Vision\nvStInst.exe" /uninstall /ask
NVIDIA Systémový software PhysX 9.12.0213-->"C:\Windows\system32\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\installer.0\NVI2.DLL",UninstallPackage Display.PhysX
Opera 12.12-->"C:\Program Files\Opera\Opera.exe" /uninstall
PDF Settings CS4-->MsiExec.exe /I{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}
Photo Common-->MsiExec.exe /X{EB91007A-0110-42A6-B869-2709955A9B2A}
Photoshop Camera Raw-->MsiExec.exe /I{CC75AB5C-2110-4A7F-AF52-708680D22FE8}
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -removeonly
Skype™ 6.1-->MsiExec.exe /X{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}
Suite Shared Configuration CS4-->MsiExec.exe /I{842B4B72-9E8F-4962-B3C1-1C422A5C4434}
Suite Specific-->MsiExec.exe /I{C49DAA9C-5BA8-459A-8244-E57B69DF0F04}
TeamViewer 7-->C:\Program Files\TeamViewer\Version7\uninstall.exe
Total Commander (Remove or Repair)-->c:\totalcmd\tcuninst.exe
TuneUp Utilities 2012-->C:\Program Files\TuneUp Utilities 2012\TUInstallHelper.exe --Trigger-Uninstall
Winamp-->"C:\Program Files\Winamp\UninstWA.exe"
Windows Live Communications Platform-->MsiExec.exe /I{0454BB9A-2A7A-4214-BDFF-937F7A711A44}
Windows Live Essentials-->C:\Program Files\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{797DC296-ADC5-4A08-8CBC-AEB0D6F4B249}
Windows Live ID Sign-in Assistant-->MsiExec.exe /I{8256F87F-8554-4457-8C3D-3F3324697D9F}
Windows Live Installer-->MsiExec.exe /I{C424CD5E-EA05-4D3E-B5DA-F9F149E1D3AC}
Windows Live Mail-->MsiExec.exe /I{00476F3E-3C4D-4E02-B8BB-125350157EB9}
Windows Live Mail-->MsiExec.exe /I{70854FE6-3BF1-4C69-94D0-BEB821102E34}
Windows Live MIME IFilter-->MsiExec.exe /I{1B947146-366B-42CD-86D5-219993CE3EE2}
Windows Live Photo Common-->MsiExec.exe /X{C9B6EFD0-4F01-4BBA-8374-39AD99A3ED72}
Windows Live PIMT Platform-->MsiExec.exe /I{6A8DB215-7BCD-4377-B015-2E4541A3E7C6}
Windows Live SOXE Definitions-->MsiExec.exe /I{8A642ACD-CE3A-4A23-A8B1-A0F7EB12B214}
Windows Live SOXE-->MsiExec.exe /I{FE7C0B3D-50B9-4951-BE78-A321CBF86552}
Windows Live UX Platform Language Pack-->MsiExec.exe /I{E18F981B-401C-4D90-BC57-D8903564D558}
Windows Live UX Platform-->MsiExec.exe /I{4CCBD1F4-CEEC-452A-9CB8-46564B501315}
Windows Live Writer Resources-->MsiExec.exe /X{3A9ECD64-DE00-4779-A89E-C878513B2B37}
Windows Live Writer-->MsiExec.exe /X{D2C146B1-948D-47EF-8387-5D1C6B980F7C}
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
WinRAR 4.20 (32-bit)-->C:\Program Files\WinRAR\uninstall.exe
XNeat Windows Manager-->C:\Program Files\XNeat Windows Manager\uninstall.exe
XnView 1.99.5-->"C:\Program Files\XnView\unins000.exe"

======Hosts File======

127.0.0.1 localhost

======System event log======

Computer Name: Leoš-PC
Event Code: 7036
Message: Stav služby ESET Service byl změněn na: Spuštěno
Record Number: 10523
Source Name: Service Control Manager
Time Written: 20120901055644.660156-000
Event Type: Informace
User:

Computer Name: Leoš-PC
Event Code: 7036
Message: Stav služby TeamViewer 7 byl změněn na: Spuštěno
Record Number: 10522
Source Name: Service Control Manager
Time Written: 20120901055644.009765-000
Event Type: Informace
User:

Computer Name: Leoš-PC
Event Code: 7036
Message: Stav služby Pomocná služba protokolu IP byl změněn na: Spuštěno
Record Number: 10521
Source Name: Service Control Manager
Time Written: 20120901055643.634765-000
Event Type: Informace
User:

Computer Name: Leoš-PC
Event Code: 7036
Message: Stav služby Windows Live ID Sign-in Assistant byl změněn na: Spuštěno
Record Number: 10520
Source Name: Service Control Manager
Time Written: 20120901055642.884765-000
Event Type: Informace
User:

Computer Name: Leoš-PC
Event Code: 7036
Message: Stav služby Acronis Sync Agent Service byl změněn na: Spuštěno
Record Number: 10519
Source Name: Service Control Manager
Time Written: 20120901055639.554687-000
Event Type: Informace
User:

=====Application event log=====

Computer Name: Leoš-PC
Event Code: 2
Message: The NVIDIA OpenGL driver has encountered
an out of memory error. This application might
behave inconsistently and fail.
Record Number: 761137
Source Name: NVIDIA OpenGL Driver
Time Written: 20120914140306.000000-000
Event Type: Upozornění
User:

Computer Name: Leoš-PC
Event Code: 2
Message: The NVIDIA OpenGL driver has encountered
an out of memory error. This application might
behave inconsistently and fail.
Record Number: 761136
Source Name: NVIDIA OpenGL Driver
Time Written: 20120914140306.000000-000
Event Type: Upozornění
User:

Computer Name: Leoš-PC
Event Code: 2
Message: The NVIDIA OpenGL driver has encountered
an out of memory error. This application might
behave inconsistently and fail.
Record Number: 761135
Source Name: NVIDIA OpenGL Driver
Time Written: 20120914140306.000000-000
Event Type: Upozornění
User:

Computer Name: Leoš-PC
Event Code: 2
Message: The NVIDIA OpenGL driver has encountered
an out of memory error. This application might
behave inconsistently and fail.
Record Number: 761134
Source Name: NVIDIA OpenGL Driver
Time Written: 20120914140306.000000-000
Event Type: Upozornění
User:

Computer Name: Leoš-PC
Event Code: 2
Message: The NVIDIA OpenGL driver has encountered
an out of memory error. This application might
behave inconsistently and fail.
Record Number: 761133
Source Name: NVIDIA OpenGL Driver
Time Written: 20120914140306.000000-000
Event Type: Upozornění
User:

=====Security event log=====

Computer Name: Leoš-PC
Event Code: 4608
Message: Spouští se systém Windows.

Tato událost je zaznamenána při spuštění procesu LSASS.EXE a inicializaci kontrolního podsystému.
Record Number: 2880
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20120823054847.359375-000
Event Type: Úspěšný audit
User:

Computer Name: Leoš-PC
Event Code: 1100
Message: Služba protokolování událostí byla ukončena.
Record Number: 2879
Source Name: Microsoft-Windows-Eventlog
Time Written: 20120822191214.576171-000
Event Type: Úspěšný audit
User:

Computer Name: Leoš-PC
Event Code: 4647
Message: Odhlášení spuštěné uživatelem:

Předmět:
ID zabezpečení: S-1-5-21-404923333-3352241284-1934808718-1001
Název účtu: Leoš
Doména účtu: Leoš-PC
ID přihlášení: 0x1baae

Tato událost je generována, pokud je spuštěno odhlášení. Není povolena žádná další uživatelem spuštěná akce. Tuto událost lze interpretovat jako událost odhlášení.
Record Number: 2878
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20120822191212.450195-000
Event Type: Úspěšný audit
User:

Computer Name: Leoš-PC
Event Code: 4648
Message: Došlo k pokusu o přihlášení pomocí explicitního pověření.

Předmět:
ID zabezpečení: S-1-5-21-404923333-3352241284-1934808718-1001
Název účtu: Leoš
Doména účtu: Leoš-PC
ID přihlášení: 0x1baae
GUID přihlášení: {00000000-0000-0000-0000-000000000000}

Účet, jehož pověření bylo použito:
Název účtu: ********
Doména účtu:
GUID přihlášení: {00000000-0000-0000-0000-000000000000}

Cílový server:
Název cílového serveru: 41VM4U.hosting4u.s4u
Další informace: 41VM4U.hosting4u.s4u

Informace o procesu:
ID procesu: 0x144c
Název procesu: C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE

Informace o síti:
Síťová adresa: -
Port: -

Tato událost je generována, pokud se proces pokusí přihlásit k účtu explicitním zadáním pověření tohoto účtu. K tomu nejčastěji dochází v dávkových konfiguracích, například naplánovaných úlohách, nebo při použití příkazu RUNAS.
Record Number: 2877
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20120822185010.280273-000
Event Type: Úspěšný audit
User:

Computer Name: Leoš-PC
Event Code: 4648
Message: Došlo k pokusu o přihlášení pomocí explicitního pověření.

Předmět:
ID zabezpečení: S-1-5-21-404923333-3352241284-1934808718-1001
Název účtu: Leoš
Doména účtu: Leoš-PC
ID přihlášení: 0x1baae
GUID přihlášení: {00000000-0000-0000-0000-000000000000}

Účet, jehož pověření bylo použito:
Název účtu: ********
Doména účtu:
GUID přihlášení: {00000000-0000-0000-0000-000000000000}

Cílový server:
Název cílového serveru: 41VM4U.hosting4u.s4u
Další informace: 41VM4U.hosting4u.s4u

Informace o procesu:
ID procesu: 0x144c
Název procesu: C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE

Informace o síti:
Síťová adresa: -
Port: -

Tato událost je generována, pokud se proces pokusí přihlásit k účtu explicitním zadáním pověření tohoto účtu. K tomu nejčastěji dochází v dávkových konfiguracích, například naplánovaných úlohách, nebo při použití příkazu RUNAS.
Record Number: 2876
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20120822185010.203125-000
Event Type: Úspěšný audit
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files\NVIDIA Corporation\PhysX\Common;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files\Common Files\Adobe\AGL;C:\Program Files\Common Files\Acronis\SnapAPI\;C:\Program Files\Acronis\TrueImageHome\;C:\Program Files\Windows Live\Shared
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\
"NUMBER_OF_PROCESSORS"=2
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 4 Stepping 3, GenuineIntel
"PROCESSOR_REVISION"=0403
"windows_tracing_logfile"=C:\BVTBin\Tests\installpackage\csilogfile.log
"windows_tracing_flags"=3
"asl.log"=Destination=file

-----------------EOF-----------------

[vyosek]

Ad-Ware uz je tak trochu za zenitem sve slavy a neni schopen celiti aktualnim hrozbam

Bohuzel tento typ malware (ransomware) je hodne agresivni a dostane se i pres bezpecnostni PC

PC se mi zda cisty, a je to i tim, ze jste obnovil jeho puvodni kopii, ono je tam hodne zpusobu reseni, toto je jeden z nich, ale lze to i beze straty dat a programu

T-Cleaner http://vyosek.ic.cz/pro_usery/T-Cleaner.exe

• Stahnete a spustte
• Pro potvrzeni volby mackejte A, Enter
• Po pouziti utilitu smazte
• Antiviry touhou utilitu chybne oznacit jako vir - jedna se o falesny poplach - takze v pohode stahnete (pripadne vypnete pri stahovani antivir)

OTC http://oldtimer.geekstogo.com/OTC.exe

• Stahnete a spustte
• Kliknete na CleanUp a potvrdte YES
• Program uklidi a restartuje PC

TFC http://oldtimer.geekstogo.com/TFC.exe

• Stahnete a spustte
• Kliknete na Start a potvrdte OK
• Program uklidi a restartuje pc
• Po pouziti utilitu smazte

Stahnete Ccleaner http://forum.viry.cz/viewtopic.php?t=7478
Panel èistiè

• Vse nechte jak je, jen dejte Analyzovat a pote Spustit CCleaner

Panel registry

• dejte Hledej problémy
• nasledne Opravit problémy - zalohu registru doporucuji udelat, opravte vsechny problemy
• postup opakujte dokud nebude bez problemu - vetsinou cca 3x

Panel nástroje

• Zde muzete odinstalovat nepotrebne programy

CCleaner doporucuji pouzivat cca jednou za tyden

A pokud nejsou problemy ci dotazy, je to z me strany vse

[Ipanema]

Děkuji za pomoc.
Je pravda, že nevím proč, ale zatím jsem přišel na 3 programy, které se nechtějí spustit. Takže ono to obnovení není zase až tak hladké, na druhou stranu zatím opravdu vše jede zpět ve starých kolejích.
Co mi doporučíte vy jako zkušenější jako náhradu za Ad-Aware? Jsou s něčím dobré zkušenosti Něco na rootkity, spyware a malware v jednom...? Je něco k doporučení?

[vyosek]

Rootkity obecne se velmi tezce detekuji a je na to treba nekolik specifickych utilit, antiviry vetsinou ale zaznamenaji ze by tam mohl byt, maji ale problemy s presnou identifikaci a lecenim

Dobry je MBAM http://forum.viry.cz/viewtopic.php?f=29&t=115222 ci SAS http://forum.viry.cz/viewtopic.php?f=29&t=51359 , na obcasny sken, vypnout po startu

[Ipanema]

Vše jsem udělal a vše OK, jen MBAM mi zahlásil:

Nalezené soubory: 1
C:\Users\Leoš\AppData\Roaming\msconfig.ini (Trojan.Agent) -> Nebyla provedena žádná instrukce.

Nejsem si jistý, že když toto odstraním, tak se mi právě některá funkce ve WIN "nepoláme"....

[vyosek]

Nalez MBAMu muzete smazat, je to pozustatek...