nejede internet

[johny-d]

Ahoj program win defender mi odebral nějaký škodlivý soubor a od té doby mi nefunguje internet. Jak to prosím opravit?
OS: windows 7
přikládám log, děkuji za každou radu
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:20:10, on 30.5.2011
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe
C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe
C:\Program Files\Acer\OrbiCam10\OrbiCam.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\System32\pukzw.exe
C:\Windows\system32\taskeng.exe
G:\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:62485
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F3 - REG:win.ini: load=C:\Users\MONIKA~1\AppData\Local\Temp\csrss.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove Folder Synchronization - {259214EB-781C-344D-3101-65933DDB243B} - C:\Windows\system32\inpuut.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe"
O4 - HKLM\..\Run: [AcerOrbicamRibbon] "C:\Program Files\Acer\OrbiCam10\OrbiCam.exe" /hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [reset] regedit /s reset.reg
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [conhost] C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\conhost.exe
O4 - HKLM\..\Run: [cftmon] C:\Windows\system32\pukzw.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\Moniška\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [506E7F4A_0] C:\Users\MONIKA~1\AppData\Local\Temp\AdobeUpdate.exe
O4 - HKCU\..\Run: [4ECYTQ9SIC] C:\Users\MONIKA~1\AppData\Local\Temp\Kff.exe
O4 - HKCU\..\Run: [conhost] C:\Users\Moniška\AppData\Roaming\Microsoft\conhost.exe
O4 - HKCU\..\Run: [tcactive] C:\Program Files\The Cleaner\tcap.exe
O4 - HKUS\S-1-5-18\..\Run: [506E7F4A_0] C:\Users\MONIKA~1\AppData\Local\Temp\AdobeUpdate.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [4ECYTQ9SIC] C:\Windows\TEMP\Kff.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [OPLE7CLDO2] C:\Windows\TEMP\Kfd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [506E7F4A_0] C:\Users\MONIKA~1\AppData\Local\Temp\AdobeUpdate.exe (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

--
End of file - 6614 bytes

[vyosek]

Zdravim a pekny den preji

Ono je tam jeste spoooousty haveti

Dejte prosim log z RSIT - viz muj podpis - je podrobenejsi nez HJT - a poprosim o oba logy z nej (log.txt i info.txt), budou ulozeny v c:\rsit

[johny-d]

ano dám děkuji a ten defender odstranil blackdoor win32

[johny-d]

info.txt logfile of random's system information tool 1.08 2011-05-30 18:49:41

======Uninstall list======

µTorrent-->"C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
Acer OrbiCam Application-->MsiExec.exe /X{0F79C1B2-36B2-4B62-8221-42721CF54638}
Adobe AIR-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{A2BCA9F1-566C-4805-97D1-7FDC93386723}
Adobe Community Help-->msiexec /qb /x {0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}
Adobe Community Help-->MsiExec.exe /I{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}
Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\FlashUtil10q_ActiveX.exe -maintain activex
Adobe Media Player-->msiexec /qb /x {DE3A9DC5-9A5D-6485-9662-347162C7E4CA}
Adobe Media Player-->MsiExec.exe /I{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}
Adobe Photoshop CS5-->C:\Program Files\Common Files\Adobe\OOBE\PDApp\core\PDApp.exe --appletID="DWA_UI" --appletVersion="1.0" --mode="Uninstall" --mediaSignature="{15FEDA5F-141C-4127-8D7E-B962D1742728}"
Adobe Reader X (10.0.1) - Czech-->MsiExec.exe /I{AC76BA86-7AD7-1029-7B44-AA0000000001}
Airport Mania 2 Wild Trips - Premium Edition-->"C:\Windows\Airport Mania 2 Wild Trips - Premium Edition\uninstall.exe" "/U:C:\Program Files\Airport Mania 2 Wild Trips - Premium Edition\Uninstall\uninstall.xml"
Amelies Cafe Halloween-->"C:\Program Files\Amelies Cafe Halloween\uninstall.exe" "/U:C:\Program Files\Amelies Cafe Halloween\Uninstall\uninstall.xml"
Amelies Cafe Summer Time 1.00-->C:\Program Files\Games\Amelies Cafe Summer Time\Uninstall.exe
Atlantic Quest-->"C:\Program Files\Atlantic Quest\uninstall.exe" "/U:C:\Program Files\Atlantic Quest\Uninstall\uninstall.xml"
Cake Mania - To the Max-->"C:\Windows\Cake Mania - To the Max\uninstall.exe" "/U:C:\Program Files\Cake Mania - To the Max\Uninstall\uninstall.xml"
Everything Nice-->"C:\Windows\Everything Nice\uninstall.exe" "/U:C:\Program Files\Everything Nice\Uninstall\uninstall.xml"
Farm Frenzy 3-->"C:\Windows\Farm Frenzy 3\uninstall.exe" "/U:C:\Program Files\Farm Frenzy 3\Uninstall\uninstall.xml"
Farm Frenzy Ancient Rome-->"C:\Windows\Farm Frenzy Ancient Rome\uninstall.exe" "/U:C:\Program Files\Farm Frenzy Ancient Rome\Uninstall\uninstall.xml"
Fitness Dash-->"C:\Windows\Fitness Dash\uninstall.exe" "/U:C:\Program Files\Fitness Dash\Uninstall\uninstall.xml"
Go-Go Gourmet-->"C:\Windows\Go-Go Gourmet\uninstall.exe" "/U:C:\Program Files\Go-Go Gourmet\Uninstall\uninstall.xml"
Green Valley Fun on the Farm-->"C:\Windows\Green Valley Fun on the Farm\uninstall.exe" "/U:C:\Program Files\Green Valley Fun on the Farm\Uninstall\uninstall.xml"
Heart's Medicine - Season One Just For Fun Games-->C:\Program Files\Heart's Medicine - Season One\Uninstall.exe
Hotel Mogul - Las Vegas-->"C:\Program Files\FishBone Games\Hotel Mogul - Las Vegas\uninstall.exe" "/U:C:\Program Files\FishBone Games\Hotel Mogul - Las Vegas\Uninstall\uninstall.xml"
Îňĺëü Äćĺéí-->"C:\Program Files\Games\Îňĺëü Äćĺéí\unins000.exe"
Intel(R) Graphics Media Accelerator Driver-->C:\Windows\system32\igxpun.exe -uninstall
Janes Hotel Mania 1.00-->C:\Program Files\Games\Janes Hotel Mania\Uninstall.exe
Jane's Hotel. Family Hero-->"C:\Windows\Jane's Hotel. Family Hero\uninstall.exe" "/U:C:\Program Files\Jane's Hotel. Family Hero\Uninstall\uninstall.xml"
Java(TM) 6 Update 25-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216025FF}
Jewel Keepers Easter Island 1.00-->C:\Program Files\Games\Jewel Keepers Easter Island\Uninstall.exe
Jewel Match 3 1.00-->C:\Program Files\Games\Jewel Match 3\Uninstall.exe
Jewel Quest Mysteries The Seventh Gate Collectors Edition 1.27-->C:\Program Files\Games\Jewel Quest Mysteries The Seventh Gate Collectors Edition\Uninstall.exe
Microsoft .NET Framework 4 Client Profile CSY Language Pack-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\ClientLP\Setup.exe /repair /x86 /lcid 1029 /parameterfolder ClientLP
Microsoft .NET Framework 4 Client Profile CSY Language Pack-->MsiExec.exe /X{7036A6F4-5DAD-3908-956D-1752CD7F7E5A}
Microsoft .NET Framework 4 Client Profile-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\Setup.exe /repair /x86 /parameterfolder Client
Microsoft .NET Framework 4 Client Profile-->MsiExec.exe /X{3C3901C5-3455-3E0A-A214-0B093A5070A6}
Microsoft Office Access MUI (Czech) 2010-->MsiExec.exe /X{90140000-0015-0405-0000-0000000FF1CE}
Microsoft Office Excel MUI (Czech) 2010-->MsiExec.exe /X{90140000-0016-0405-0000-0000000FF1CE}
Microsoft Office Groove MUI (Czech) 2010-->MsiExec.exe /X{90140000-00BA-0405-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (Czech) 2010-->MsiExec.exe /X{90140000-0044-0405-0000-0000000FF1CE}
Microsoft Office OneNote MUI (Czech) 2010-->MsiExec.exe /X{90140000-00A1-0405-0000-0000000FF1CE}
Microsoft Office Outlook MUI (Czech) 2010-->MsiExec.exe /X{90140000-001A-0405-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (Czech) 2010-->MsiExec.exe /X{90140000-0018-0405-0000-0000000FF1CE}
Microsoft Office Professional Plus 2010-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\setup.exe" /uninstall PROPLUSR /dll OSETUP.DLL
Microsoft Office Professional Plus 2010-->MsiExec.exe /X{91140000-0011-0000-0000-0000000FF1CE}
Microsoft Office Proof (Czech) 2010-->MsiExec.exe /X{90140000-001F-0405-0000-0000000FF1CE}
Microsoft Office Proof (English) 2010-->MsiExec.exe /X{90140000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (German) 2010-->MsiExec.exe /X{90140000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Slovak) 2010-->MsiExec.exe /X{90140000-001F-041B-0000-0000000FF1CE}
Microsoft Office Proofing (Czech) 2010-->MsiExec.exe /X{90140000-002C-0405-0000-0000000FF1CE}
Microsoft Office Publisher MUI (Czech) 2010-->MsiExec.exe /X{90140000-0019-0405-0000-0000000FF1CE}
Microsoft Office Shared MUI (Czech) 2010-->MsiExec.exe /X{90140000-006E-0405-0000-0000000FF1CE}
Microsoft Office Word MUI (Czech) 2010-->MsiExec.exe /X{90140000-001B-0405-0000-0000000FF1CE}
Microsoft_VC80_ATL_x86-->MsiExec.exe /I{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}
Microsoft_VC80_CRT_x86-->MsiExec.exe /I{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}
Microsoft_VC80_MFC_x86-->MsiExec.exe /I{D1A19B02-817E-4296-A45B-07853FD74D57}
Microsoft_VC80_MFCLOC_x86-->MsiExec.exe /I{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}
Microsoft_VC90_ATL_x86-->MsiExec.exe /I{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}
Microsoft_VC90_CRT_x86-->MsiExec.exe /I{08D2E121-7F6A-43EB-97FD-629B44903403}
Microsoft_VC90_MFC_x86-->MsiExec.exe /I{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}
Miriels Enchanted Mystery-->"C:\Windows\Miriels Enchanted Mystery\uninstall.exe" "/U:C:\Program Files\Miriels Enchanted Mystery\Uninstall\uninstall.xml"
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
PDF Settings CS5-->MsiExec.exe /I{A78FE97A-C0C8-49CE-89D0-EDD524A17392}
Rachel's Retreat-->"C:\Program Files\Rachel's Retreat\uninstall.exe" "/U:C:\Program Files\Rachel's Retreat\Uninstall\uninstall.xml"
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {3E0806DB-3085-378A-840A-F0D3AE3609D1} /parameterfolder Client
Soap Opera Dash-->"C:\Windows\Soap Opera Dash\uninstall.exe" "/U:C:\Program Files\Soap Opera Dash\Uninstall\uninstall.xml"
Spa Mania 2 1.00-->C:\Program Files\Games\Spa Mania 2\Uninstall.exe
Spring Bonus-->"C:\Program Files\Spring Bonus\uninstall.exe" "/U:C:\Program Files\Spring Bonus\Uninstall\uninstall.xml"
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Tasty Turbo Trio 1.00-->C:\Program Files\Games\Tasty Turbo Trio\Uninstall.exe
The Cleaner 2012-->"C:\Program Files\The Cleaner\unins000.exe"
The Legend of the Golden Tome 1.00-->C:\Program Files\Games\The Legend of the Golden Tome\Uninstall.exe
Travel Agency-->"C:\Windows\Travel Agency\uninstall.exe" "/U:C:\Program Files\Travel Agency\Uninstall\uninstall.xml"
Wedding Dash 4 Ever 1.00-->C:\Program Files\Games\Wedding Dash 4 Ever\Uninstall.exe
WinRAR 4.00 (32-bit)-->C:\Program Files\WinRAR\uninstall.exe

Hosts File Missing
======System event log======

Computer Name: 37L4247D28-05
Event Code: 7036
Message: Stav služby Distributed Link Tracking Client byl změněn na: stopped
Record Number: 5
Source Name: Service Control Manager
Time Written: 20090714045645.074339-000
Event Type: Informace
User:

Computer Name: 37L4247D28-05
Event Code: 7036
Message: Stav služby Security Center byl změněn na: stopped
Record Number: 4
Source Name: Service Control Manager
Time Written: 20090714045645.074339-000
Event Type: Informace
User:

Computer Name: 37L4247D28-05
Event Code: 7036
Message: Stav služby Desktop Window Manager Session Manager byl změněn na: stopped
Record Number: 3
Source Name: Service Control Manager
Time Written: 20090714045645.074339-000
Event Type: Informace
User:

Computer Name: 37L4247D28-05
Event Code: 7036
Message: Stav služby Diagnostic Policy Service byl změněn na: stopped
Record Number: 2
Source Name: Service Control Manager
Time Written: 20090714045645.074339-000
Event Type: Informace
User:

Computer Name: 37L4247D28-05
Event Code: 7036
Message: Stav služby Microsoft Software Shadow Copy Provider byl změněn na: stopped
Record Number: 1
Source Name: Service Control Manager
Time Written: 20090714045645.074339-000
Event Type: Informace
User:

=====Application event log=====

Computer Name: 37L4247D28-05
Event Code: 1001
Message: Chybný blok , typ 0
Název události: PnPDriverNotFound
Reakce: Není k dispozici
ID souboru CAB: 0

Podpis problému:
P1: x86
P2: PCI\VEN_1524&DEV_0520&SUBSYS_00901025&REV_01
P3:
P4:
P5:
P6:
P7:
P8:
P9:
P10:

Připojené soubory:
C:\Windows\Temp\DMIBECB.tmp.log.xml

Tyto soubory mohou být k dispozici zde:
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_x86_96a8e62c9ac3a4f80e6c71d30c36fce67137ee2_cab_0672bf29

Symbol analýzy:
Opětovné hledání řešení: 0
ID hlášení: e331984c-7d33-11e0-ac61-8d6f088e1a5a
Stav hlášení: 6
Record Number: 5
Source Name: Windows Error Reporting
Time Written: 20110513073743.000000-000
Event Type: Informace
User:

Computer Name: 37L4247D28-05
Event Code: 5617
Message: Windows Management Instrumentation Service subsystems initialized successfully
Record Number: 4
Source Name: Microsoft-Windows-WMI
Time Written: 20110513073610.000000-000
Event Type: Informace
User:

Computer Name: 37L4247D28-05
Event Code: 5615
Message: Windows Management Instrumentation Service started sucessfully
Record Number: 3
Source Name: Microsoft-Windows-WMI
Time Written: 20110513073603.000000-000
Event Type: Informace
User:

Computer Name: 37L4247D28-05
Event Code: 1531
Message: Služba Profil uživatele byla úspěšně spuštěna.


Record Number: 2
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20110513073558.525326-000
Event Type: Informace
User: NT AUTHORITY\SYSTEM

Computer Name: 37L4247D28-05
Event Code: 4625
Message: Subsystém EventSystem zabraňuje vytváření duplicitních záznamů v protokolu událostí po dobu 86400 sekund. Tuto dobu lze změnit pomocí hodnoty REG_DWORD s názvem SuppressDuplicateDuration v následujícím klíči registru: HKLM\Software\Microsoft\EventSystem\EventLog.
Record Number: 1
Source Name: Microsoft-Windows-EventSystem
Time Written: 20110513073558.000000-000
Event Type: Informace
User:

=====Security event log=====

Computer Name: 37L4247D28-05
Event Code: 4735
Message: Byla změněna zabezpečená místní skupina.

Předmět:
ID zabezpečení: S-1-5-18
Název účtu: 37L4247D28-05$
Doména účtu: WORKGROUP
ID přihlášení: 0x3e7

Skupina:
ID zabezpečení: S-1-5-32-551
Název skupiny: Backup Operators
Doména skupiny: Builtin

Změněné atributy:
Název účtu SAM: -
Historie identifikátoru zabezpečení: -

Další informace:
Oprávnění: -
Record Number: 5
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20110513073529.212875-000
Event Type: Úspěšný audit
User:

Computer Name: 37L4247D28-05
Event Code: 4731
Message: Byla vytvořena zabezpečená místní skupina.

Předmět:
ID zabezpečení: S-1-5-18
Název účtu: 37L4247D28-05$
Doména účtu: WORKGROUP
ID přihlášení: 0x3e7

Nová skupina:
ID zabezpečení: S-1-5-32-551
Název skupiny: Backup Operators
Doména skupiny: Builtin

Atributy:
Název účtu SAM: Backup Operators
Historie identifikátoru zabezpečení: -

Další informace:
Oprávnění: -
Record Number: 4
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20110513073529.181675-000
Event Type: Úspěšný audit
User:

Computer Name: 37L4247D28-05
Event Code: 4902
Message: Tabulka zásad auditu pro jednotlivé uživatele byla vytvořena.

Počet prvků: 0
ID zásady: 0x23cc6
Record Number: 3
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20110513073528.885274-000
Event Type: Úspěšný audit
User:

Computer Name: 37L4247D28-05
Event Code: 4624
Message: Účet byl úspěšně přihlášen.

Předmět:
ID zabezpečení: S-1-0-0
Název účtu: -
Doména účtu: -
ID přihlášení: 0x0

Typ přihlášení: 0

Nové přihlášení:
ID zabezpečení: S-1-5-18
Název účtu: SYSTEM
Doména účtu: NT AUTHORITY
ID přihlášení: 0x3e7
GUID přihlášení: {00000000-0000-0000-0000-000000000000}

Informace o procesu:
ID procesu: 0x4
Název procesu:

Informace o síti:
Název pracovní stanice: -
Adresa zdrojové sítě -
Zdrojový port: -

Podrobné informace o ověření:
Proces přihlášení: -
Balíček ověření: -
Přenosové služby: -
Název balíčku (pouze NTLM): -
Délka klíče: 0

Tato událost je generována po vytvoření relace přihlášení. Je generována v počítači, ke kterému byl získán přístup.

Pole s předmětem označují účet v místním systému, který požadoval přihlášení. Jedná se nejčastěji o službu, například službu serveru nebo místní proces, například Winlogon.exe nebo Services.exe.

Pole Typ přihlášení označuje, k jakému typu přihlášení došlo. Nejběžnější typy jsou 2 (interaktivní) a 3 (síť).

Pole Nové přihlášení označují účet, pro který bylo nové přihlášení vytvořeno, tj. účet, který byl přihlášen.

Pole Síť označují původ požadavku na vzdálené přihlášení. Název pracovní stanice není vždy k dispozici a v některých případech může být toto pole prázdné.

Pole s informacemi o ověření poskytují podrobné informace o tomto konkrétním požadavku na přihlášení.
- GUID přihlášení je jednoznačný identifikátor, který je možné použít ke spojení této události s událostí KDC.
- Přenosové služby označují, které pomocné služby se podílely na tomto požadavku na přihlášení.
- Název balíčku označuje, který dílčí protokol z protokolů NTLM byl použit.
- Délka klíče označuje délku generovaného klíče relace. Tato hodnota bude 0, pokud nebyl požadován žádný klíč relace.
Record Number: 2
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20110513073526.623270-000
Event Type: Úspěšný audit
User:

Computer Name: 37L4247D28-05
Event Code: 4608
Message: Spouští se systém Windows.

Tato událost je zaznamenána při spuštění procesu LSASS.EXE a inicializaci kontrolního podsystému.
Record Number: 1
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20110513073526.482870-000
Event Type: Úspěšný audit
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\
"NUMBER_OF_PROCESSORS"=2
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 6, GenuineIntel
"PROCESSOR_REVISION"=0f06

-----------------EOF-----------------


Logfile of random's system information tool 1.08 (written by random/random)
Run by Moniška at 2011-05-30 18:50:21
Microsoft Windows 7 Ultimate
System drive C: has 27 GB (45%) free of 59 GB
Total RAM: 1014 MB (52% free)

HijackThis download failed

======Scheduled tasks folder======

C:\Windows\tasks\AutoKMS.job
C:\Windows\tasks\AutoKMSDaily.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2173421848-1481650145-3515745033-1000Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2173421848-1481650145-3515745033-1000UA.job
C:\Windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
C:\Windows\tasks\{810401E2-DDE0-454e-B0E2-AA89C9E5967C}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2011-01-30 62376]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{259214EB-781C-344D-3101-65933DDB243B}]
Groove Folder Synchronization - C:\Windows\system32\inpuut.dll [2009-07-14 204800]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [2010-03-25 4222864]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL [2010-02-28 561552]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-05-14 41760]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"LogitechCommunicationsManager"=C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe [2006-10-31 304664]
"LVCOMSX"=C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe [2006-11-28 244512]
"AcerOrbicamRibbon"=C:\Program Files\Acer\OrbiCam10\OrbiCam.exe [2006-11-28 754712]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2006-10-23 815104]
"reset"=regedit /s reset.reg []
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2009-09-23 141848]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2009-09-23 173592]
"Persistence"=C:\Windows\system32\igfxpers.exe [2009-09-23 150552]
"egui"=C:\Program Files\ESET\ESET Smart Security\egui.exe [2009-05-14 2029640]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2011-01-07 253672]
"BCSSync"=C:\Program Files\Microsoft Office\Office14\BCSSync.exe [2010-03-13 91520]
"AdobeAAMUpdater-1.0"=C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2011-05-20 500208]
"SwitchBoard"=C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
"AdobeCS5ServiceManager"=C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [2010-02-22 406992]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe [2011-01-30 35736]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-11-15 932288]
"conhost"=C:\Windows\system32\config\system [2011-05-30 12058624]
"cftmon"=C:\Windows\system32\pukzw.exe [2011-05-30 389120]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Google Update"=C:\Users\Moniška\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-16 136176]
"506E7F4A_0"=C:\Users\MONIKA~1\AppData\Local\Temp\AdobeUpdate.exe [2011-05-30 393728]
"4ECYTQ9SIC"=C:\Users\MONIKA~1\AppData\Local\Temp\Kff.exe [2011-05-30 154112]
"conhost"=C:\Users\Moniška\AppData\Roaming\Microsoft\conhost.exe []
"tcactive"=C:\Program Files\The Cleaner\tcap.exe [2011-05-03 4993776]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2009-09-23 218112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [2010-03-25 4222864]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\srv524]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2011-05-30 18:49:26 ----D---- C:\Program Files\trend micro
2011-05-30 18:49:21 ----D---- C:\rsit
2011-05-30 15:49:20 ----D---- C:\Users\Moniška\AppData\Roaming\thecleaner
2011-05-30 15:48:53 ----D---- C:\Program Files\The Cleaner
2011-05-30 15:28:34 ----A---- C:\Windows\system32\pukzw.exe
2011-05-30 15:28:34 ----A---- C:\Windows\system32\delme.bat
2011-05-30 15:24:13 ----D---- C:\Windows\Minidump
2011-05-30 14:55:39 ----D---- C:\Users\Moniška\AppData\Roaming\Jane s Hotel
2011-05-30 14:44:25 ----D---- C:\Windows\Fitness Dash
2011-05-30 14:44:23 ----D---- C:\Program Files\Fitness Dash
2011-05-30 14:44:13 ----A---- C:\Windows\Kgymaa.exe
2011-05-30 14:44:09 ----A---- C:\Windows\Fitness Dash Setup Log.txt
2011-05-30 14:43:28 ----A---- C:\Windows\system32\nqhjr.exe
2011-05-30 14:43:21 ----A---- C:\Windows\system32\winset.ini
2011-05-30 14:41:10 ----D---- C:\Program Files\FishBone Games
2011-05-30 14:41:08 ----D---- C:\Downloads
2011-05-30 00:19:01 ----D---- C:\ProgramData\GameHouse
2011-05-29 23:23:08 ----D---- C:\ProgramData\Intenium
2011-05-25 16:39:47 ----A---- C:\Windows\system32\drivers\Diskdump.sys
2011-05-22 20:28:15 ----D---- C:\Users\Moniška\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
2011-05-22 20:28:15 ----D---- C:\Users\Moniška\AppData\Roaming\Adobe Mini Bridge CS5
2011-05-22 19:52:58 ----D---- C:\Users\Moniška\AppData\Roaming\iWin
2011-05-22 19:52:58 ----D---- C:\ProgramData\iWin
2011-05-21 16:45:18 ----D---- C:\Users\Moniška\AppData\Roaming\Boolat Games
2011-05-21 08:11:33 ----D---- C:\Program Files\Rachel's Retreat
2011-05-21 08:10:58 ----D---- C:\Windows\system32\2031
2011-05-20 21:42:11 ----D---- C:\ProgramData\regid.1986-12.com.adobe
2011-05-20 21:31:49 ----D---- C:\Program Files\Adobe Media Player
2011-05-20 21:29:36 ----D---- C:\Program Files\Common Files\Adobe AIR
2011-05-20 21:29:33 ----D---- C:\Program Files\Adobe
2011-05-20 21:28:43 ----D---- C:\ProgramData\Adobe
2011-05-20 21:26:42 ----D---- C:\Program Files\Common Files\Adobe
2011-05-20 21:22:40 ----A---- C:\Windows\AutoKMS.ini
2011-05-20 21:22:40 ----A---- C:\Windows\AutoKMS.exe
2011-05-20 21:21:47 ----A---- C:\Windows\KMSEmulator.exe
2011-05-20 21:19:12 ----D---- C:\Program Files\Amelies Cafe Halloween
2011-05-20 21:16:11 ----D---- C:\Program Files\Heart's Medicine - Season One
2011-05-20 21:14:43 ----D---- C:\Windows\Go-Go Gourmet
2011-05-20 21:14:43 ----D---- C:\Program Files\Go-Go Gourmet
2011-05-20 21:14:35 ----A---- C:\Windows\Go-Go Gourmet Setup Log.txt
2011-05-20 21:14:04 ----D---- C:\Windows\Miriels Enchanted Mystery
2011-05-20 21:14:03 ----D---- C:\Program Files\Miriels Enchanted Mystery
2011-05-20 21:13:55 ----A---- C:\Windows\Miriels Enchanted Mystery Setup Log.txt
2011-05-20 20:47:12 ----D---- C:\Program Files\Microsoft Synchronization Services
2011-05-20 20:47:10 ----D---- C:\Program Files\Common Files\DESIGNER
2011-05-20 20:46:35 ----D---- C:\Windows\PCHEALTH
2011-05-20 20:46:35 ----D---- C:\Program Files\Microsoft Sync Framework
2011-05-20 20:46:35 ----D---- C:\Program Files\Microsoft SQL Server Compact Edition
2011-05-20 20:44:35 ----D---- C:\Program Files\Microsoft Visual Studio 8
2011-05-20 20:42:56 ----D---- C:\Program Files\Microsoft Analysis Services
2011-05-20 20:42:04 ----D---- C:\Program Files\Microsoft Office
2011-05-20 20:42:03 ----D---- C:\ProgramData\Microsoft Help
2011-05-20 20:41:24 ----RHD---- C:\MSOCache
2011-05-20 20:38:03 ----D---- C:\Users\Moniška\AppData\Roaming\WinRAR
2011-05-20 20:37:56 ----D---- C:\Program Files\WinRAR
2011-05-20 20:37:13 ----A---- C:\Windows\system32\poqexec.exe
2011-05-17 21:17:17 ----D---- C:\ProgramData\Grey Alien Games
2011-05-16 18:24:48 ----D---- C:\Users\Moniška\AppData\Roaming\Jane s Hotel Family Hero
2011-05-16 15:20:49 ----D---- C:\Users\Moniška\AppData\Roaming\Jewel Keepers Easter Island
2011-05-16 15:15:49 ----D---- C:\Users\Moniška\AppData\Roaming\aliasworlds
2011-05-16 15:15:49 ----D---- C:\ProgramData\aliasworlds
2011-05-14 23:21:32 ----D---- C:\ProgramData\Sun
2011-05-14 23:21:31 ----D---- C:\Program Files\Common Files\Java
2011-05-14 23:20:59 ----A---- C:\Windows\system32\javaws.exe
2011-05-14 23:20:59 ----A---- C:\Windows\system32\javaw.exe
2011-05-14 23:20:59 ----A---- C:\Windows\system32\java.exe
2011-05-14 23:20:59 ----A---- C:\Windows\system32\deployJava1.dll
2011-05-14 23:20:31 ----D---- C:\Program Files\Java
2011-05-14 15:33:44 ----D---- C:\Users\Moniška\AppData\Roaming\Macromedia
2011-05-14 15:33:44 ----D---- C:\Users\Moniška\AppData\Roaming\Adobe
2011-05-14 15:33:41 ----D---- C:\Windows\system32\Macromed
2011-05-14 09:52:56 ----D---- C:\Windows\system32\Wat
2011-05-14 09:50:27 ----D---- C:\Program Files\Microsoft.NET
2011-05-14 09:49:14 ----D---- C:\6084457f3ccbcf8f9f
2011-05-14 09:45:24 ----D---- C:\Program Files\Spring Bonus
2011-05-14 09:45:14 ----D---- C:\Windows\system32\3081
2011-05-14 09:44:47 ----D---- C:\Windows\Soap Opera Dash
2011-05-14 09:44:47 ----D---- C:\Program Files\Soap Opera Dash
2011-05-14 09:44:41 ----A---- C:\Windows\Soap Opera Dash Setup Log.txt
2011-05-14 09:42:18 ----D---- C:\Program Files\Games
2011-05-14 09:41:42 ----D---- C:\Windows\Cake Mania - To the Max
2011-05-14 09:41:42 ----D---- C:\Program Files\Cake Mania - To the Max
2011-05-14 09:41:37 ----A---- C:\Windows\Cake Mania - To the Max Setup Log.txt
2011-05-14 09:41:01 ----D---- C:\Windows\Everything Nice
2011-05-14 09:41:00 ----D---- C:\Program Files\Everything Nice
2011-05-14 09:40:57 ----A---- C:\Windows\Everything Nice Setup Log.txt
2011-05-14 09:40:44 ----D---- C:\Windows\Travel Agency
2011-05-14 09:40:43 ----D---- C:\Program Files\Travel Agency
2011-05-14 09:40:37 ----A---- C:\Windows\Travel Agency Setup Log.txt
2011-05-14 09:39:36 ----D---- C:\Windows\Jane's Hotel. Family Hero
2011-05-14 09:39:36 ----D---- C:\Program Files\Jane's Hotel. Family Hero
2011-05-14 09:39:28 ----A---- C:\Windows\Jane's Hotel. Family Hero Setup Log.txt
2011-05-14 09:39:03 ----D---- C:\Windows\Green Valley Fun on the Farm
2011-05-14 09:39:03 ----D---- C:\Program Files\Green Valley Fun on the Farm
2011-05-14 09:38:56 ----A---- C:\Windows\Green Valley Fun on the Farm Setup Log.txt
2011-05-14 09:38:29 ----D---- C:\Program Files\Atlantic Quest
2011-05-14 09:37:19 ----D---- C:\Windows\Farm Frenzy 3
2011-05-14 09:37:19 ----D---- C:\Program Files\Farm Frenzy 3
2011-05-14 09:37:12 ----D---- C:\Windows\system32\3034
2011-05-14 09:37:11 ----A---- C:\Windows\Farm Frenzy 3 Setup Log.txt
2011-05-14 09:36:44 ----D---- C:\Windows\Airport Mania 2 Wild Trips - Premium Edition
2011-05-14 09:36:44 ----D---- C:\Program Files\Airport Mania 2 Wild Trips - Premium Edition
2011-05-14 09:36:37 ----A---- C:\Windows\Airport Mania 2 Wild Trips - Premium Edition Setup Log.txt
2011-05-14 09:35:36 ----D---- C:\Windows\Farm Frenzy Ancient Rome
2011-05-14 09:35:36 ----D---- C:\Program Files\Farm Frenzy Ancient Rome
2011-05-14 09:35:29 ----A---- C:\Windows\Farm Frenzy Ancient Rome Setup Log.txt
2011-05-14 09:03:40 ----D---- C:\Program Files\uTorrent
2011-05-14 09:02:51 ----D---- C:\Users\Moniška\AppData\Roaming\uTorrent
2011-05-13 11:14:37 ----A---- C:\Windows\system32\wininet.dll
2011-05-13 11:14:37 ----A---- C:\Windows\system32\urlmon.dll
2011-05-13 11:14:37 ----A---- C:\Windows\system32\SetIEInstalledDate.exe
2011-05-13 11:14:37 ----A---- C:\Windows\system32\RegisterIEPKEYs.exe
2011-05-13 11:14:37 ----A---- C:\Windows\system32\msrating.dll
2011-05-13 11:14:37 ----A---- C:\Windows\system32\msls31.dll
2011-05-13 11:14:37 ----A---- C:\Windows\system32\mshtmler.dll
2011-05-13 11:14:37 ----A---- C:\Windows\system32\msfeedssync.exe
2011-05-13 11:14:37 ----A---- C:\Windows\system32\msfeedsbs.dll
2011-05-13 11:14:37 ----A---- C:\Windows\system32\jsproxy.dll
2011-05-13 11:14:37 ----A---- C:\Windows\system32\ieui.dll
2011-05-13 11:14:37 ----A---- C:\Windows\system32\iesysprep.dll
2011-05-13 11:14:37 ----A---- C:\Windows\system32\iertutil.dll
2011-05-13 11:14:37 ----A---- C:\Windows\system32\ieframe.dll
2011-05-13 11:14:37 ----A---- C:\Windows\system32\ieakeng.dll
2011-05-13 11:14:37 ----A---- C:\Windows\system32\IEAdvpack.dll
2011-05-13 11:14:36 ----A---- C:\Windows\system32\webcheck.dll
2011-05-13 11:14:36 ----A---- C:\Windows\system32\url.dll
2011-05-13 11:14:36 ----A---- C:\Windows\system32\mshtmled.dll
2011-05-13 11:14:36 ----A---- C:\Windows\system32\licmgr10.dll
2011-05-13 11:14:36 ----A---- C:\Windows\system32\inseng.dll
2011-05-13 11:14:36 ----A---- C:\Windows\system32\iesetup.dll
2011-05-13 11:14:36 ----A---- C:\Windows\system32\iernonce.dll
2011-05-13 11:14:36 ----A---- C:\Windows\system32\iedkcs32.dll
2011-05-13 11:14:36 ----A---- C:\Windows\system32\ieapfltr.dll
2011-05-13 11:14:36 ----A---- C:\Windows\system32\ie4uinit.exe
2011-05-13 11:14:36 ----A---- C:\Windows\system32\icardie.dll
2011-05-13 11:14:36 ----A---- C:\Windows\system32\dxtrans.dll
2011-05-13 11:14:36 ----A---- C:\Windows\system32\dxtmsft.dll
2011-05-13 11:14:35 ----A---- C:\Windows\system32\wextract.exe
2011-05-13 11:14:35 ----A---- C:\Windows\system32\vbscript.dll
2011-05-13 11:14:35 ----A---- C:\Windows\system32\pngfilt.dll
2011-05-13 11:14:35 ----A---- C:\Windows\system32\occache.dll
2011-05-13 11:14:35 ----A---- C:\Windows\system32\mshtml.dll
2011-05-13 11:14:35 ----A---- C:\Windows\system32\mshta.exe
2011-05-13 11:14:35 ----A---- C:\Windows\system32\msfeeds.dll
2011-05-13 11:14:35 ----A---- C:\Windows\system32\jscript9.dll
2011-05-13 11:14:35 ----A---- C:\Windows\system32\jscript.dll
2011-05-13 11:14:35 ----A---- C:\Windows\system32\imgutil.dll
2011-05-13 11:14:35 ----A---- C:\Windows\system32\iexpress.exe
2011-05-13 11:14:35 ----A---- C:\Windows\system32\ieUnatt.exe
2011-05-13 11:14:35 ----A---- C:\Windows\system32\iepeers.dll
2011-05-13 11:14:35 ----A---- C:\Windows\system32\ieakui.dll
2011-05-13 11:14:35 ----A---- C:\Windows\system32\ieaksie.dll
2011-05-13 11:14:35 ----A---- C:\Windows\system32\admparse.dll
2011-05-13 11:09:18 ----D---- C:\Users\Moniška\AppData\Roaming\ESET
2011-05-13 10:52:57 ----A---- C:\Windows\system32\msv1_0.dll
2011-05-13 10:49:02 ----A---- C:\Windows\system32\PresentationHostProxy.dll
2011-05-13 10:49:02 ----A---- C:\Windows\system32\PresentationHost.exe
2011-05-13 10:49:02 ----A---- C:\Windows\system32\mscoree.dll
2011-05-13 10:49:01 ----A---- C:\Windows\system32\netfxperf.dll
2011-05-13 10:49:01 ----A---- C:\Windows\system32\dfshim.dll
2011-05-13 10:48:05 ----A---- C:\Windows\system32\MRT.exe
2011-05-13 10:45:08 ----D---- C:\Windows\system32\x64
2011-05-13 10:45:08 ----A---- C:\Windows\system32\igxpun.exe
2011-05-13 10:37:08 ----A---- C:\Windows\system32\browserchoice.exe
2011-05-13 10:35:27 ----A---- C:\Windows\system32\drivers\ks.sys
2011-05-13 10:34:57 ----D---- C:\Program Files\MSXML 4.0
2011-05-13 10:34:43 ----A---- C:\Windows\system32\wcncsvc.dll
2011-05-13 10:34:07 ----D---- C:\Windows\Panther
2011-05-13 10:33:52 ----A---- C:\Windows\system32\XpsPrint.dll
2011-05-13 10:33:49 ----A---- C:\Windows\system32\prevhost.exe
2011-05-13 10:33:38 ----A---- C:\Windows\explorer.exe
2011-05-13 10:33:37 ----A---- C:\Windows\system32\XpsGdiConverter.dll
2011-05-13 10:33:25 ----A---- C:\Windows\system32\drivers\fvevol.sys
2011-05-13 10:33:23 ----A---- C:\Windows\system32\ole32.dll
2011-05-13 10:33:10 ----A---- C:\Windows\system32\drivers\srv2.sys
2011-05-13 10:33:10 ----A---- C:\Windows\system32\drivers\srv.sys
2011-05-13 10:33:09 ----A---- C:\Windows\system32\drivers\srvnet.sys
2011-05-13 10:33:01 ----A---- C:\Windows\system32\spoolsv.exe
2011-05-13 10:32:59 ----A---- C:\Windows\system32\wmicmiplugin.dll
2011-05-13 10:32:59 ----A---- C:\Windows\system32\taskschd.dll
2011-05-13 10:32:59 ----A---- C:\Windows\system32\taskeng.exe
2011-05-13 10:32:59 ----A---- C:\Windows\system32\taskcomp.dll
2011-05-13 10:32:59 ----A---- C:\Windows\system32\schtasks.exe
2011-05-13 10:32:59 ----A---- C:\Windows\system32\schedsvc.dll
2011-05-13 10:32:58 ----A---- C:\Windows\system32\drivers\tcpip.sys
2011-05-13 10:32:45 ----A---- C:\Windows\system32\odbc32.dll
2011-05-13 10:31:48 ----A---- C:\Windows\system32\CertEnroll.dll
2011-05-13 10:31:47 ----A---- C:\Windows\system32\winload.exe
2011-05-13 10:31:46 ----A---- C:\Windows\system32\winresume.exe
2011-05-13 10:31:38 ----A---- C:\Windows\system32\msdri.dll
2011-05-13 10:31:37 ----A---- C:\Windows\system32\psisdecd.dll
2011-05-13 10:31:17 ----A---- C:\Windows\system32\lsasrv.dll
2011-05-13 10:31:17 ----A---- C:\Windows\system32\drivers\ksecpkg.sys
2011-05-13 10:31:01 ----A---- C:\Windows\system32\win32k.sys
2011-05-13 10:30:50 ----A---- C:\Windows\system32\ir32_32.dll
2011-05-13 10:30:50 ----A---- C:\Windows\system32\iccvid.dll
2011-05-13 10:30:49 ----A---- C:\Windows\system32\mfc40u.dll
2011-05-13 10:30:49 ----A---- C:\Windows\system32\mfc40.dll
2011-05-13 10:30:47 ----A---- C:\Windows\system32\winlogon.exe
2011-05-13 10:30:45 ----A---- C:\Windows\system32\atmlib.dll
2011-05-13 10:30:45 ----A---- C:\Windows\system32\atmfd.dll
2011-05-13 10:30:39 ----A---- C:\Windows\system32\kerberos.dll
2011-05-13 10:30:36 ----A---- C:\Windows\system32\upnp.dll
2011-05-13 10:30:35 ----A---- C:\Windows\system32\wscsvc.dll
2011-05-13 10:30:35 ----A---- C:\Windows\system32\wscapi.dll
2011-05-13 10:30:35 ----A---- C:\Windows\system32\winhttp.dll
2011-05-13 10:30:35 ----A---- C:\Windows\system32\WebClnt.dll
2011-05-13 10:30:35 ----A---- C:\Windows\system32\slwga.dll
2011-05-13 10:30:35 ----A---- C:\Windows\system32\msxml6.dll
2011-05-13 10:30:35 ----A---- C:\Windows\system32\msxml3.dll
2011-05-13 10:30:35 ----A---- C:\Windows\system32\davclnt.dll
2011-05-13 10:30:33 ----A---- C:\Windows\system32\tzres.dll
2011-05-13 10:30:27 ----A---- C:\Windows\system32\wmp.dll
2011-05-13 10:30:23 ----A---- C:\Windows\system32\wmploc.DLL
2011-05-13 10:30:21 ----A---- C:\Windows\system32\schannel.dll
2011-05-13 10:30:21 ----A---- C:\Windows\system32\rtutils.dll
2011-05-13 10:30:13 ----A---- C:\Windows\system32\dnsrslvr.dll
2011-05-13 10:30:13 ----A---- C:\Windows\system32\dnscacheugc.exe
2011-05-13 10:30:13 ----A---- C:\Windows\system32\dnsapi.dll
2011-05-13 10:30:10 ----A---- C:\Windows\system32\asycfilt.dll
2011-05-13 10:30:09 ----A---- C:\Windows\system32\kernel32.dll
2011-05-13 10:30:08 ----A---- C:\Windows\system32\apphelp.dll
2011-05-13 10:30:07 ----A---- C:\Windows\system32\FXSCOVER.exe
2011-05-13 10:30:06 ----A---- C:\Windows\system32\fontsub.dll
2011-05-13 10:30:05 ----A---- C:\Windows\system32\msasn1.dll
2011-05-13 10:30:04 ----A---- C:\Windows\system32\t2embed.dll
2011-05-13 10:30:03 ----A---- C:\Windows\system32\comctl32.dll
2011-05-13 10:29:53 ----A---- C:\Windows\system32\d3d10warp.dll
2011-05-13 10:29:52 ----A---- C:\Windows\system32\mf.dll
2011-05-13 10:29:52 ----A---- C:\Windows\system32\FntCache.dll
2011-05-13 10:29:52 ----A---- C:\Windows\system32\DWrite.dll
2011-05-13 10:29:52 ----A---- C:\Windows\system32\d2d1.dll
2011-05-13 10:29:51 ----A---- C:\Windows\system32\WMVDECOD.DLL
2011-05-13 10:29:50 ----A---- C:\Windows\system32\XpsRasterService.dll
2011-05-13 10:29:50 ----A---- C:\Windows\system32\mfreadwrite.dll
2011-05-13 10:29:50 ----A---- C:\Windows\system32\ExplorerFrame.dll
2011-05-13 10:29:50 ----A---- C:\Windows\system32\d3d10_1core.dll
2011-05-13 10:29:50 ----A---- C:\Windows\system32\d3d10_1.dll
2011-05-13 10:29:48 ----A---- C:\Windows\system32\mfc42u.dll
2011-05-13 10:29:48 ----A---- C:\Windows\system32\mfc42.dll
2011-05-13 10:29:43 ----A---- C:\Windows\system32\ntdll.dll
2011-05-13 10:29:41 ----A---- C:\Windows\system32\EncDec.dll
2011-05-13 10:29:41 ----A---- C:\Windows\system32\CPFilters.dll
2011-05-13 10:29:40 ----A---- C:\Windows\system32\sbe.dll
2011-05-13 10:29:37 ----A---- C:\Windows\system32\ntoskrnl.exe
2011-05-13 10:29:37 ----A---- C:\Windows\system32\ntkrnlpa.exe
2011-05-13 10:29:35 ----A---- C:\Windows\system32\drivers\mrxsmb20.sys
2011-05-13 10:29:35 ----A---- C:\Windows\system32\drivers\mrxsmb10.sys
2011-05-13 10:29:35 ----A---- C:\Windows\system32\drivers\mrxsmb.sys
2011-05-13 10:29:35 ----A---- C:\Windows\system32\drivers\bowser.sys
2011-05-13 10:29:33 ----A---- C:\Windows\system32\secproc_isv.dll
2011-05-13 10:29:33 ----A---- C:\Windows\system32\secproc.dll
2011-05-13 10:29:32 ----A---- C:\Windows\system32\secproc_ssp_isv.dll
2011-05-13 10:29:32 ----A---- C:\Windows\system32\secproc_ssp.dll
2011-05-13 10:29:32 ----A---- C:\Windows\system32\RMActivate_ssp_isv.exe
2011-05-13 10:29:32 ----A---- C:\Windows\system32\RMActivate_ssp.exe
2011-05-13 10:29:32 ----A---- C:\Windows\system32\RMActivate_isv.exe
2011-05-13 10:29:32 ----A---- C:\Windows\system32\RMActivate.exe
2011-05-13 10:29:31 ----A---- C:\Windows\system32\shell32.dll
2011-05-13 10:29:28 ----A---- C:\Windows\system32\inetcomm.dll
2011-05-13 10:29:27 ----A---- C:\Windows\system32\wmpmde.dll
2011-05-13 10:29:26 ----A---- C:\Windows\system32\mstscax.dll
2011-05-13 10:29:26 ----A---- C:\Windows\system32\mstsc.exe
2011-05-13 10:29:25 ----A---- C:\Windows\system32\oleaut32.dll
2011-05-13 10:29:24 ----A---- C:\Windows\system32\StructuredQuery.dll
2011-05-13 10:29:22 ----A---- C:\Windows\system32\srvsvc.dll
2011-05-13 10:29:20 ----A---- C:\Windows\system32\tsbyuv.dll
2011-05-13 10:29:20 ----A---- C:\Windows\system32\quartz.dll
2011-05-13 10:29:20 ----A---- C:\Windows\system32\msyuv.dll
2011-05-13 10:29:20 ----A---- C:\Windows\system32\msvidc32.dll
2011-05-13 10:29:20 ----A---- C:\Windows\system32\msrle32.dll
2011-05-13 10:29:20 ----A---- C:\Windows\system32\mciavi32.dll
2011-05-13 10:29:20 ----A---- C:\Windows\system32\iyuv_32.dll
2011-05-13 10:29:20 ----A---- C:\Windows\system32\avifil32.dll
2011-05-13 10:29:19 ----A---- C:\Windows\system32\webio.dll
2011-05-13 10:29:18 ----A---- C:\Windows\system32\consent.exe
2011-05-13 10:27:34 ----D---- C:\Program Files\ESET
2011-05-13 10:16:41 ----A---- C:\Windows\system32\drivers\dxgkrnl.sys
2011-05-13 10:16:40 ----A---- C:\Windows\system32\drivers\dxgmms1.sys
2011-05-13 10:16:40 ----A---- C:\Windows\system32\cdd.dll
2011-05-13 10:15:30 ----HD---- C:\ProgramData\CanonBJ
2011-05-13 10:09:37 ----D---- C:\Users\Moniška\AppData\Roaming\Farm Mania 2.1
2011-05-13 10:07:58 ----D---- C:\Users\Moniška\AppData\Roaming\PlayFirst
2011-05-13 10:07:58 ----D---- C:\ProgramData\PlayFirst
2011-05-13 10:07:54 ----AD---- C:\ProgramData\TEMP
2011-05-13 10:07:05 ----D---- C:\ProgramData\Fugazo
2011-05-13 10:04:22 ----N---- C:\Windows\system32\MpSigStub.exe
2011-05-13 10:03:34 ----A---- C:\Windows\system32\cabview.dll
2011-05-13 10:03:30 ----A---- C:\Windows\system32\wintrust.dll
2011-05-13 09:51:08 ----D---- C:\Intel
2011-05-13 09:50:45 ----D---- C:\Program Files\Synaptics
2011-05-13 09:50:03 ----D---- C:\Program Files\Intel
2011-05-13 09:48:31 ----D---- C:\Program Files\Common Files\Logitech
2011-05-13 09:48:30 ----D---- C:\Program Files\Acer
2011-05-13 09:48:25 ----A---- C:\Windows\system32\PerfStringBackup.INI
2011-05-13 09:47:40 ----A---- C:\Windows\EMCRI.dll
2011-05-13 09:46:57 ----D---- C:\Program Files\Common Files\InstallShield
2011-05-13 09:46:24 ----D---- C:\ProgramData\ESET
2011-05-13 09:45:19 ----SHD---- C:\Windows\Installer
2011-05-13 09:43:59 ----D---- C:\Users\Moniška\AppData\Roaming\Identities
2011-05-13 09:43:34 ----SD---- C:\Users\Moniška\AppData\Roaming\Microsoft
2011-05-13 09:43:34 ----D---- C:\Users\Moniška\AppData\Roaming\Media Center Programs
2011-05-13 09:42:05 ----SHD---- C:\Recovery
2011-05-13 09:42:04 ----SHD---- C:\ProgramData\Šablony
2011-05-13 09:42:04 ----SHD---- C:\ProgramData\Plocha
2011-05-13 09:42:04 ----SHD---- C:\ProgramData\Oblíbené položky
2011-05-13 09:42:04 ----SHD---- C:\ProgramData\Nabídka Start
2011-05-13 09:42:04 ----SHD---- C:\ProgramData\Dokumenty
2011-05-13 09:42:04 ----SHD---- C:\ProgramData\Data aplikací
2011-05-13 09:38:13 ----D---- C:\Windows\SoftwareDistribution
2011-05-13 09:35:27 ----D---- C:\Windows\Prefetch
2011-05-13 09:35:05 ----ASH---- C:\pagefile.sys
2011-05-13 09:35:02 ----SHD---- C:\System Volume Information
2011-05-13 09:35:02 ----ASH---- C:\hiberfil.sys
2011-05-13 09:24:44 ----A---- C:\Windows\system32\WdfCoInstaller01000.dll
2011-05-13 09:24:44 ----A---- C:\Windows\system32\SynTPCo4.dll
2011-05-13 09:24:44 ----A---- C:\Windows\system32\SynTPAPI.dll
2011-05-13 09:24:44 ----A---- C:\Windows\system32\SynCtrl.dll
2011-05-13 09:24:44 ----A---- C:\Windows\system32\SynCOM.dll
2011-05-13 09:24:44 ----A---- C:\Windows\system32\drivers\SynTP.sys
2011-05-13 09:24:36 ----A---- C:\Windows\system32\drivers\ESM7SK.sys
2011-05-13 09:24:36 ----A---- C:\Windows\system32\drivers\ESD7SK.sys
2011-05-13 09:24:36 ----A---- C:\Windows\system32\drivers\EMS7SK.sys
2011-05-13 08:53:04 ----D---- C:\hry

======List of files/folders modified in the last 1 months======

2011-05-30 18:50:19 ----D---- C:\Windows\Temp
2011-05-30 18:49:26 ----RD---- C:\Program Files
2011-05-30 18:27:52 ----D---- C:\Windows\system32\drivers\etc
2011-05-30 18:22:02 ----D---- C:\Windows\system32\Tasks
2011-05-30 18:22:00 ----D---- C:\Windows\Tasks
2011-05-30 18:04:13 ----D---- C:\Windows
2011-05-30 15:58:56 ----D---- C:\Windows\system32\config
2011-05-30 15:43:31 ----D---- C:\Windows\system32\drivers
2011-05-30 15:42:07 ----D---- C:\Windows\System32
2011-05-30 14:40:28 ----D---- C:\Windows\system32\sysprep
2011-05-30 14:37:17 ----D---- C:\Windows\inf
2011-05-30 00:19:01 ----HD---- C:\ProgramData
2011-05-26 19:42:22 ----D---- C:\Windows\system32\wdi
2011-05-26 09:54:19 ----D---- C:\Windows\winsxs
2011-05-25 16:52:49 ----SD---- C:\ProgramData\Microsoft
2011-05-25 16:52:44 ----D---- C:\Windows\system32\drivers\UMDF
2011-05-25 16:39:13 ----D---- C:\Windows\system32\catroot
2011-05-20 21:46:12 ----D---- C:\Program Files\Internet Explorer
2011-05-20 21:40:15 ----D---- C:\Windows\Microsoft.NET
2011-05-20 21:40:14 ----RSD---- C:\Windows\assembly
2011-05-20 21:33:26 ----RSD---- C:\Windows\Fonts
2011-05-20 21:29:36 ----D---- C:\Program Files\Common Files
2011-05-20 20:48:32 ----D---- C:\Windows\ShellNew
2011-05-20 20:48:24 ----D---- C:\Program Files\Common Files\microsoft shared
2011-05-20 20:48:07 ----D---- C:\Program Files\MSBuild
2011-05-20 20:44:10 ----A---- C:\Windows\win.ini
2011-05-20 20:44:06 ----D---- C:\Program Files\Common Files\System
2011-05-20 20:36:02 ----D---- C:\Windows\system32\catroot2
2011-05-14 15:33:44 ----D---- C:\Windows\Downloaded Program Files
2011-05-14 12:40:57 ----D---- C:\Windows\rescache
2011-05-14 09:56:14 ----D---- C:\Windows\Logs
2011-05-14 09:56:10 ----D---- C:\Windows\servicing
2011-05-14 09:53:49 ----D---- C:\Windows\system32\cs-CZ
2011-05-14 09:52:58 ----D---- C:\Windows\AppPatch
2011-05-14 09:52:46 ----D---- C:\Windows\system32\migration
2011-05-14 09:52:46 ----D---- C:\Windows\PolicyDefinitions
2011-05-14 09:52:43 ----D---- C:\Windows\system32\en-US
2011-05-13 11:08:13 ----D---- C:\Windows\system32\DriverStore
2011-05-13 11:02:30 ----D---- C:\Windows\ehome
2011-05-13 11:02:30 ----D---- C:\Program Files\Windows Mail
2011-05-13 11:02:29 ----D---- C:\Windows\system32\Boot
2011-05-13 11:02:27 ----D---- C:\Program Files\Windows Media Player
2011-05-13 10:48:06 ----D---- C:\Windows\debug
2011-05-13 10:33:46 ----D---- C:\Windows\Setup
2011-05-13 09:53:13 ----D---- C:\Windows\system32\CodeIntegrity
2011-05-13 09:47:30 ----D---- C:\Windows\system32\wbem
2011-05-13 09:45:36 ----D---- C:\Windows\system32\restore
2011-05-13 09:43:46 ----SHD---- C:\$Recycle.Bin
2011-05-13 09:43:33 ----RD---- C:\Users
2011-05-13 09:42:05 ----D---- C:\Program Files\Windows NT
2011-05-13 09:35:58 ----D---- C:\Windows\CSC

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [2009-07-14 12368]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2009-07-14 173648]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2009-07-14 387584]
R1 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [2009-05-14 107256]
R2 eamon;eamon; C:\Windows\system32\DRIVERS\eamon.sys [2009-05-14 114472]
R2 epfw;epfw; C:\Windows\system32\DRIVERS\epfw.sys [2009-05-14 133000]
R2 epfwwfp;epfwwfp; C:\Windows\system32\DRIVERS\epfwwfp.sys [2009-05-14 38240]
R3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\Windows\system32\DRIVERS\bcm4sbxp.sys [2009-07-14 46080]
R3 EMSCR;EMSCR; C:\Windows\system32\DRIVERS\EMS7SK.sys [2006-10-25 62208]
R3 Epfwndis;Eset Personal Firewall; C:\Windows\system32\DRIVERS\Epfwndis.sys [2009-05-14 33096]
R3 ESDCR;ESDCR; C:\Windows\system32\DRIVERS\ESD7SK.sys [2006-10-25 42240]
R3 ESMCR;ESMCR; C:\Windows\system32\DRIVERS\ESM7SK.sys [2006-10-25 76928]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2009-09-23 4808192]
R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series – ovladač adaptéru pro 32bitový systém Windows Vista; C:\Windows\system32\DRIVERS\netw5v32.sys [2009-07-14 4231168]
R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2009-07-14 84992]
R3 SrvHsfHDA;SrvHsfHDA; C:\Windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-14 207360]
R3 SrvHsfV92;SrvHsfV92; C:\Windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-14 980992]
R3 SrvHsfWinac;SrvHsfWinac; C:\Windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-14 661504]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2006-10-23 179896]
S2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]
S3 amdagp;AMD AGP Bus Filter Driver; C:\Windows\system32\DRIVERS\amdagp.sys [2009-07-14 53312]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-14 229888]
S3 BthEnum;Služba Bluetooth Enumerator; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-07-14 34816]
S3 BthPan;Zařízení Bluetooth (síť PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 93696]
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2009-07-14 392704]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2009-07-14 58880]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2009-07-14 133120]
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 129536]
S3 s3cap;s3cap; C:\Windows\system32\DRIVERS\vms3cap.sys [2009-07-14 5632]
S3 sisagp;SIS AGP Bus Filter; C:\Windows\system32\DRIVERS\sisagp.sys [2009-07-14 52304]
S3 storvsc;storvsc; C:\Windows\system32\DRIVERS\storvsc.sys [2009-07-14 28224]
S3 viaagp;VIA AGP Bus Filter; C:\Windows\system32\DRIVERS\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]
S3 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\DRIVERS\vmbus.sys [2009-07-14 175824]
S3 VMBusHID;VMBusHID; C:\Windows\system32\DRIVERS\VMBusHID.sys [2009-07-14 17920]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2009-05-14 731840]
R3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 srv524;srv524; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe [2009-05-14 20680]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service; C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 SwitchBoard;SwitchBoard; C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2011-05-14 1343400]

-----------------EOF-----------------

[vyosek]

Vzhledem k tomu, ze pouzivate nelegalni SW se nedivim, ze jste navstevnikem naseho fora
Dle pravidel fora (viz zde a a zde bod c.3 ) se vsak nelegalnim SW nezabyvame, jelikoz nelegalni programy jsou vetsinou zdrojem haveti. Navic tim porusujete i autorska prava , pachate trestny cin a ten jako takovy nebude nasim forem podporovan. Uvedomte si, ze jste na bezpecnostnim foru - podpora warezu (zvlaste bezpecnostnich programu) by byla zcela proti logice fora

Takze co s tim nelegalnim ESET Smart Security udelame

[johny-d]

To je počítač známé, myslel jsem, že má zkušební verzi esetu, zítra jí to řeknu, omlouvám se

[vyosek]

To uz jsem tu slysel tolikrat...

Obstarejte si legalni ochranu Vaseho PC (antivir), pote sem vlozte novy log z RSITu a CKScanneru - viz nize.

Osobne Vam doporucuji Avast, Aviru nebo MSE. Prehled antiviru mate ZDE a firewallu TADY.

Log z RSITu - viz muj podpis
Stahnete na plochu CKScanner

• Spustte a kliknete na Search for files
• Po dokonceni skenu kliknete na Save List to File a nasledne OK
• Na plose se Vam vytvori log s nazvem ckfiles.txt, jeho obsah mi sem vlozte

[johny-d]

Dobře nahraju ji tam nějaký co jste doporučil. Na osvoji obhajobu bych chtěl říct, že nejsem Moniška jak je vidět i v logu Ale chápu, že jste to slyšel hodněkrát. Každopádně moc děkuji za pomoc.

[vyosek]

Prozatim neni zac, az tu bude log s legalnim zabezpecenim, pujdeme dale...

[johny-d]

posílám nové log
CKScanner - Additional Security Risks - These are not necessarily bad
c:\program files\go-go gourmet\sound\firecracks.ogg
scanner sequence 3.AP.11
----- EOF -----
info.txt logfile of random's system information tool 1.08 2011-05-30 20:57:03

======Uninstall list======

Acer OrbiCam Application-->MsiExec.exe /X{0F79C1B2-36B2-4B62-8221-42721CF54638}
Adobe AIR-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{A2BCA9F1-566C-4805-97D1-7FDC93386723}
Adobe Community Help-->msiexec /qb /x {0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}
Adobe Community Help-->MsiExec.exe /I{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}
Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\FlashUtil10q_ActiveX.exe -maintain activex
Adobe Media Player-->msiexec /qb /x {DE3A9DC5-9A5D-6485-9662-347162C7E4CA}
Adobe Media Player-->MsiExec.exe /I{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}
Adobe Photoshop CS5-->C:\Program Files\Common Files\Adobe\OOBE\PDApp\core\PDApp.exe --appletID="DWA_UI" --appletVersion="1.0" --mode="Uninstall" --mediaSignature="{15FEDA5F-141C-4127-8D7E-B962D1742728}"
Adobe Reader X (10.0.1) - Czech-->MsiExec.exe /I{AC76BA86-7AD7-1029-7B44-AA0000000001}
Airport Mania 2 Wild Trips - Premium Edition-->"C:\Windows\Airport Mania 2 Wild Trips - Premium Edition\uninstall.exe" "/U:C:\Program Files\Airport Mania 2 Wild Trips - Premium Edition\Uninstall\uninstall.xml"
Amelies Cafe Halloween-->"C:\Program Files\Amelies Cafe Halloween\uninstall.exe" "/U:C:\Program Files\Amelies Cafe Halloween\Uninstall\uninstall.xml"
Amelies Cafe Summer Time 1.00-->C:\Program Files\Games\Amelies Cafe Summer Time\Uninstall.exe
Atlantic Quest-->"C:\Program Files\Atlantic Quest\uninstall.exe" "/U:C:\Program Files\Atlantic Quest\Uninstall\uninstall.xml"
Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir Desktop\setup.exe /REMOVE
Cake Mania - To the Max-->"C:\Windows\Cake Mania - To the Max\uninstall.exe" "/U:C:\Program Files\Cake Mania - To the Max\Uninstall\uninstall.xml"
Everything Nice-->"C:\Windows\Everything Nice\uninstall.exe" "/U:C:\Program Files\Everything Nice\Uninstall\uninstall.xml"
Farm Frenzy 3-->"C:\Windows\Farm Frenzy 3\uninstall.exe" "/U:C:\Program Files\Farm Frenzy 3\Uninstall\uninstall.xml"
Farm Frenzy Ancient Rome-->"C:\Windows\Farm Frenzy Ancient Rome\uninstall.exe" "/U:C:\Program Files\Farm Frenzy Ancient Rome\Uninstall\uninstall.xml"
Fitness Dash-->"C:\Windows\Fitness Dash\uninstall.exe" "/U:C:\Program Files\Fitness Dash\Uninstall\uninstall.xml"
Go-Go Gourmet-->"C:\Windows\Go-Go Gourmet\uninstall.exe" "/U:C:\Program Files\Go-Go Gourmet\Uninstall\uninstall.xml"
Green Valley Fun on the Farm-->"C:\Windows\Green Valley Fun on the Farm\uninstall.exe" "/U:C:\Program Files\Green Valley Fun on the Farm\Uninstall\uninstall.xml"
Heart's Medicine - Season One Just For Fun Games-->C:\Program Files\Heart's Medicine - Season One\Uninstall.exe
Hotel Mogul - Las Vegas-->"C:\Program Files\FishBone Games\Hotel Mogul - Las Vegas\uninstall.exe" "/U:C:\Program Files\FishBone Games\Hotel Mogul - Las Vegas\Uninstall\uninstall.xml"
Îňĺëü Äćĺéí-->"C:\Program Files\Games\Îňĺëü Äćĺéí\unins000.exe"
Intel(R) Graphics Media Accelerator Driver-->C:\Windows\system32\igxpun.exe -uninstall
Janes Hotel Mania 1.00-->C:\Program Files\Games\Janes Hotel Mania\Uninstall.exe
Jane's Hotel. Family Hero-->"C:\Windows\Jane's Hotel. Family Hero\uninstall.exe" "/U:C:\Program Files\Jane's Hotel. Family Hero\Uninstall\uninstall.xml"
Java(TM) 6 Update 25-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216025FF}
Jewel Keepers Easter Island 1.00-->C:\Program Files\Games\Jewel Keepers Easter Island\Uninstall.exe
Jewel Match 3 1.00-->C:\Program Files\Games\Jewel Match 3\Uninstall.exe
Jewel Quest Mysteries The Seventh Gate Collectors Edition 1.27-->C:\Program Files\Games\Jewel Quest Mysteries The Seventh Gate Collectors Edition\Uninstall.exe
Microsoft .NET Framework 4 Client Profile CSY Language Pack-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\ClientLP\Setup.exe /repair /x86 /lcid 1029 /parameterfolder ClientLP
Microsoft .NET Framework 4 Client Profile CSY Language Pack-->MsiExec.exe /X{7036A6F4-5DAD-3908-956D-1752CD7F7E5A}
Microsoft .NET Framework 4 Client Profile-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\Setup.exe /repair /x86 /parameterfolder Client
Microsoft .NET Framework 4 Client Profile-->MsiExec.exe /X{3C3901C5-3455-3E0A-A214-0B093A5070A6}
Microsoft Office Access MUI (Czech) 2010-->MsiExec.exe /X{90140000-0015-0405-0000-0000000FF1CE}
Microsoft Office Excel MUI (Czech) 2010-->MsiExec.exe /X{90140000-0016-0405-0000-0000000FF1CE}
Microsoft Office Groove MUI (Czech) 2010-->MsiExec.exe /X{90140000-00BA-0405-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (Czech) 2010-->MsiExec.exe /X{90140000-0044-0405-0000-0000000FF1CE}
Microsoft Office OneNote MUI (Czech) 2010-->MsiExec.exe /X{90140000-00A1-0405-0000-0000000FF1CE}
Microsoft Office Outlook MUI (Czech) 2010-->MsiExec.exe /X{90140000-001A-0405-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (Czech) 2010-->MsiExec.exe /X{90140000-0018-0405-0000-0000000FF1CE}
Microsoft Office Professional Plus 2010-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\setup.exe" /uninstall PROPLUSR /dll OSETUP.DLL
Microsoft Office Professional Plus 2010-->MsiExec.exe /X{91140000-0011-0000-0000-0000000FF1CE}
Microsoft Office Proof (Czech) 2010-->MsiExec.exe /X{90140000-001F-0405-0000-0000000FF1CE}
Microsoft Office Proof (English) 2010-->MsiExec.exe /X{90140000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (German) 2010-->MsiExec.exe /X{90140000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Slovak) 2010-->MsiExec.exe /X{90140000-001F-041B-0000-0000000FF1CE}
Microsoft Office Proofing (Czech) 2010-->MsiExec.exe /X{90140000-002C-0405-0000-0000000FF1CE}
Microsoft Office Publisher MUI (Czech) 2010-->MsiExec.exe /X{90140000-0019-0405-0000-0000000FF1CE}
Microsoft Office Shared MUI (Czech) 2010-->MsiExec.exe /X{90140000-006E-0405-0000-0000000FF1CE}
Microsoft Office Word MUI (Czech) 2010-->MsiExec.exe /X{90140000-001B-0405-0000-0000000FF1CE}
Microsoft_VC80_ATL_x86-->MsiExec.exe /I{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}
Microsoft_VC80_CRT_x86-->MsiExec.exe /I{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}
Microsoft_VC80_MFC_x86-->MsiExec.exe /I{D1A19B02-817E-4296-A45B-07853FD74D57}
Microsoft_VC80_MFCLOC_x86-->MsiExec.exe /I{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}
Microsoft_VC90_ATL_x86-->MsiExec.exe /I{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}
Microsoft_VC90_CRT_x86-->MsiExec.exe /I{08D2E121-7F6A-43EB-97FD-629B44903403}
Microsoft_VC90_MFC_x86-->MsiExec.exe /I{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}
Miriels Enchanted Mystery-->"C:\Windows\Miriels Enchanted Mystery\uninstall.exe" "/U:C:\Program Files\Miriels Enchanted Mystery\Uninstall\uninstall.xml"
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
PDF Settings CS5-->MsiExec.exe /I{A78FE97A-C0C8-49CE-89D0-EDD524A17392}
Rachel's Retreat-->"C:\Program Files\Rachel's Retreat\uninstall.exe" "/U:C:\Program Files\Rachel's Retreat\Uninstall\uninstall.xml"
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {3E0806DB-3085-378A-840A-F0D3AE3609D1} /parameterfolder Client
Soap Opera Dash-->"C:\Windows\Soap Opera Dash\uninstall.exe" "/U:C:\Program Files\Soap Opera Dash\Uninstall\uninstall.xml"
Spa Mania 2 1.00-->C:\Program Files\Games\Spa Mania 2\Uninstall.exe
Spring Bonus-->"C:\Program Files\Spring Bonus\uninstall.exe" "/U:C:\Program Files\Spring Bonus\Uninstall\uninstall.xml"
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Tasty Turbo Trio 1.00-->C:\Program Files\Games\Tasty Turbo Trio\Uninstall.exe
The Cleaner 2012-->"C:\Program Files\The Cleaner\unins000.exe"
The Legend of the Golden Tome 1.00-->C:\Program Files\Games\The Legend of the Golden Tome\Uninstall.exe
Travel Agency-->"C:\Windows\Travel Agency\uninstall.exe" "/U:C:\Program Files\Travel Agency\Uninstall\uninstall.xml"
Wedding Dash 4 Ever 1.00-->C:\Program Files\Games\Wedding Dash 4 Ever\Uninstall.exe
WinRAR 4.00 (32-bit)-->C:\Program Files\WinRAR\uninstall.exe

Hosts File Missing
======System event log======

Computer Name: 37L4247D28-05
Event Code: 7036
Message: Stav služby Distributed Link Tracking Client byl změněn na: stopped
Record Number: 5
Source Name: Service Control Manager
Time Written: 20090714045645.074339-000
Event Type: Informace
User:

Computer Name: 37L4247D28-05
Event Code: 7036
Message: Stav služby Security Center byl změněn na: stopped
Record Number: 4
Source Name: Service Control Manager
Time Written: 20090714045645.074339-000
Event Type: Informace
User:

Computer Name: 37L4247D28-05
Event Code: 7036
Message: Stav služby Desktop Window Manager Session Manager byl změněn na: stopped
Record Number: 3
Source Name: Service Control Manager
Time Written: 20090714045645.074339-000
Event Type: Informace
User:

Computer Name: 37L4247D28-05
Event Code: 7036
Message: Stav služby Diagnostic Policy Service byl změněn na: stopped
Record Number: 2
Source Name: Service Control Manager
Time Written: 20090714045645.074339-000
Event Type: Informace
User:

Computer Name: 37L4247D28-05
Event Code: 7036
Message: Stav služby Microsoft Software Shadow Copy Provider byl změněn na: stopped
Record Number: 1
Source Name: Service Control Manager
Time Written: 20090714045645.074339-000
Event Type: Informace
User:

=====Application event log=====

Computer Name: 37L4247D28-05
Event Code: 1001
Message: Chybný blok , typ 0
Název události: PnPDriverNotFound
Reakce: Není k dispozici
ID souboru CAB: 0

Podpis problému:
P1: x86
P2: PCI\VEN_1524&DEV_0520&SUBSYS_00901025&REV_01
P3:
P4:
P5:
P6:
P7:
P8:
P9:
P10:

Připojené soubory:
C:\Windows\Temp\DMIBECB.tmp.log.xml

Tyto soubory mohou být k dispozici zde:
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_x86_96a8e62c9ac3a4f80e6c71d30c36fce67137ee2_cab_0672bf29

Symbol analýzy:
Opětovné hledání řešení: 0
ID hlášení: e331984c-7d33-11e0-ac61-8d6f088e1a5a
Stav hlášení: 6
Record Number: 5
Source Name: Windows Error Reporting
Time Written: 20110513073743.000000-000
Event Type: Informace
User:

Computer Name: 37L4247D28-05
Event Code: 5617
Message: Windows Management Instrumentation Service subsystems initialized successfully
Record Number: 4
Source Name: Microsoft-Windows-WMI
Time Written: 20110513073610.000000-000
Event Type: Informace
User:

Computer Name: 37L4247D28-05
Event Code: 5615
Message: Windows Management Instrumentation Service started sucessfully
Record Number: 3
Source Name: Microsoft-Windows-WMI
Time Written: 20110513073603.000000-000
Event Type: Informace
User:

Computer Name: 37L4247D28-05
Event Code: 1531
Message: Služba Profil uživatele byla úspěšně spuštěna.


Record Number: 2
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20110513073558.525326-000
Event Type: Informace
User: NT AUTHORITY\SYSTEM

Computer Name: 37L4247D28-05
Event Code: 4625
Message: Subsystém EventSystem zabraňuje vytváření duplicitních záznamů v protokolu událostí po dobu 86400 sekund. Tuto dobu lze změnit pomocí hodnoty REG_DWORD s názvem SuppressDuplicateDuration v následujícím klíči registru: HKLM\Software\Microsoft\EventSystem\EventLog.
Record Number: 1
Source Name: Microsoft-Windows-EventSystem
Time Written: 20110513073558.000000-000
Event Type: Informace
User:

=====Security event log=====

Computer Name: 37L4247D28-05
Event Code: 4735
Message: Byla změněna zabezpečená místní skupina.

Předmět:
ID zabezpečení: S-1-5-18
Název účtu: 37L4247D28-05$
Doména účtu: WORKGROUP
ID přihlášení: 0x3e7

Skupina:
ID zabezpečení: S-1-5-32-551
Název skupiny: Backup Operators
Doména skupiny: Builtin

Změněné atributy:
Název účtu SAM: -
Historie identifikátoru zabezpečení: -

Další informace:
Oprávnění: -
Record Number: 5
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20110513073529.212875-000
Event Type: Úspěšný audit
User:

Computer Name: 37L4247D28-05
Event Code: 4731
Message: Byla vytvořena zabezpečená místní skupina.

Předmět:
ID zabezpečení: S-1-5-18
Název účtu: 37L4247D28-05$
Doména účtu: WORKGROUP
ID přihlášení: 0x3e7

Nová skupina:
ID zabezpečení: S-1-5-32-551
Název skupiny: Backup Operators
Doména skupiny: Builtin

Atributy:
Název účtu SAM: Backup Operators
Historie identifikátoru zabezpečení: -

Další informace:
Oprávnění: -
Record Number: 4
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20110513073529.181675-000
Event Type: Úspěšný audit
User:

Computer Name: 37L4247D28-05
Event Code: 4902
Message: Tabulka zásad auditu pro jednotlivé uživatele byla vytvořena.

Počet prvků: 0
ID zásady: 0x23cc6
Record Number: 3
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20110513073528.885274-000
Event Type: Úspěšný audit
User:

Computer Name: 37L4247D28-05
Event Code: 4624
Message: Účet byl úspěšně přihlášen.

Předmět:
ID zabezpečení: S-1-0-0
Název účtu: -
Doména účtu: -
ID přihlášení: 0x0

Typ přihlášení: 0

Nové přihlášení:
ID zabezpečení: S-1-5-18
Název účtu: SYSTEM
Doména účtu: NT AUTHORITY
ID přihlášení: 0x3e7
GUID přihlášení: {00000000-0000-0000-0000-000000000000}

Informace o procesu:
ID procesu: 0x4
Název procesu:

Informace o síti:
Název pracovní stanice: -
Adresa zdrojové sítě -
Zdrojový port: -

Podrobné informace o ověření:
Proces přihlášení: -
Balíček ověření: -
Přenosové služby: -
Název balíčku (pouze NTLM): -
Délka klíče: 0

Tato událost je generována po vytvoření relace přihlášení. Je generována v počítači, ke kterému byl získán přístup.

Pole s předmětem označují účet v místním systému, který požadoval přihlášení. Jedná se nejčastěji o službu, například službu serveru nebo místní proces, například Winlogon.exe nebo Services.exe.

Pole Typ přihlášení označuje, k jakému typu přihlášení došlo. Nejběžnější typy jsou 2 (interaktivní) a 3 (síť).

Pole Nové přihlášení označují účet, pro který bylo nové přihlášení vytvořeno, tj. účet, který byl přihlášen.

Pole Síť označují původ požadavku na vzdálené přihlášení. Název pracovní stanice není vždy k dispozici a v některých případech může být toto pole prázdné.

Pole s informacemi o ověření poskytují podrobné informace o tomto konkrétním požadavku na přihlášení.
- GUID přihlášení je jednoznačný identifikátor, který je možné použít ke spojení této události s událostí KDC.
- Přenosové služby označují, které pomocné služby se podílely na tomto požadavku na přihlášení.
- Název balíčku označuje, který dílčí protokol z protokolů NTLM byl použit.
- Délka klíče označuje délku generovaného klíče relace. Tato hodnota bude 0, pokud nebyl požadován žádný klíč relace.
Record Number: 2
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20110513073526.623270-000
Event Type: Úspěšný audit
User:

Computer Name: 37L4247D28-05
Event Code: 4608
Message: Spouští se systém Windows.

Tato událost je zaznamenána při spuštění procesu LSASS.EXE a inicializaci kontrolního podsystému.
Record Number: 1
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20110513073526.482870-000
Event Type: Úspěšný audit
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\
"NUMBER_OF_PROCESSORS"=2
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 6, GenuineIntel
"PROCESSOR_REVISION"=0f06

-----------------EOF-----------------

Logfile of random's system information tool 1.08 (written by random/random)
Run by Moniška at 2011-05-30 20:57:00
Microsoft Windows 7 Ultimate
System drive C: has 28 GB (46%) free of 59 GB
Total RAM: 1014 MB (36% free)

HijackThis download failed

======Scheduled tasks folder======

C:\Windows\tasks\AutoKMS.job
C:\Windows\tasks\AutoKMSDaily.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2173421848-1481650145-3515745033-1000Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2173421848-1481650145-3515745033-1000UA.job
C:\Windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
C:\Windows\tasks\{810401E2-DDE0-454e-B0E2-AA89C9E5967C}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2011-01-30 62376]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{259214EB-781C-344D-3101-65933DDB243B}]
Groove Folder Synchronization - C:\Windows\system32\inpuut.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [2010-03-25 4222864]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL [2010-02-28 561552]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-05-14 41760]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"LogitechCommunicationsManager"=C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe [2006-10-31 304664]
"LVCOMSX"=C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe [2006-11-28 244512]
"AcerOrbicamRibbon"=C:\Program Files\Acer\OrbiCam10\OrbiCam.exe [2006-11-28 754712]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2006-10-23 815104]
"reset"=regedit /s reset.reg []
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2009-09-23 141848]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2009-09-23 173592]
"Persistence"=C:\Windows\system32\igfxpers.exe [2009-09-23 150552]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2011-01-07 253672]
"BCSSync"=C:\Program Files\Microsoft Office\Office14\BCSSync.exe [2010-03-13 91520]
"AdobeAAMUpdater-1.0"=C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2011-05-20 500208]
"SwitchBoard"=C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
"AdobeCS5ServiceManager"=C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [2010-02-22 406992]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe [2011-01-30 35736]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-11-15 932288]
"conhost"=C:\Windows\system32\config\system [2011-05-30 12058624]
"cftmon"=C:\Windows\system32\pukzw.exe [2011-05-30 389120]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2011-03-28 281768]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Google Update"=C:\Users\Moniška\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-16 136176]
"506E7F4A_0"=C:\Users\MONIKA~1\AppData\Local\Temp\AdobeUpdate.exe [2011-05-30 393728]
"4ECYTQ9SIC"=C:\Users\MONIKA~1\AppData\Local\Temp\Kff.exe [2011-05-30 154112]
"conhost"=C:\Users\Moniška\AppData\Roaming\Microsoft\conhost.exe []
"tcactive"=C:\Program Files\The Cleaner\tcap.exe [2011-05-03 4993776]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2009-09-23 218112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [2010-03-25 4222864]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\srv524]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2011-05-30 20:53:31 ----A---- C:\Windows\system32\drivers\ssmdrv.sys
2011-05-30 20:53:31 ----A---- C:\Windows\system32\drivers\avipbb.sys
2011-05-30 20:53:30 ----D---- C:\ProgramData\Avira
2011-05-30 20:53:30 ----D---- C:\Program Files\Avira
2011-05-30 20:53:30 ----A---- C:\Windows\system32\drivers\avgntflt.sys
2011-05-30 18:49:26 ----D---- C:\Program Files\trend micro
2011-05-30 18:49:21 ----D---- C:\rsit
2011-05-30 15:49:20 ----D---- C:\Users\Moniška\AppData\Roaming\thecleaner
2011-05-30 15:48:53 ----D---- C:\Program Files\The Cleaner
2011-05-30 15:28:34 ----A---- C:\Windows\system32\pukzw.exe
2011-05-30 15:28:34 ----A---- C:\Windows\system32\delme.bat
2011-05-30 15:24:13 ----D---- C:\Windows\Minidump
2011-05-30 14:55:39 ----D---- C:\Users\Moniška\AppData\Roaming\Jane s Hotel
2011-05-30 14:44:25 ----D---- C:\Windows\Fitness Dash
2011-05-30 14:44:23 ----D---- C:\Program Files\Fitness Dash
2011-05-30 14:44:13 ----A---- C:\Windows\Kgymaa.exe
2011-05-30 14:44:09 ----A---- C:\Windows\Fitness Dash Setup Log.txt
2011-05-30 14:43:28 ----A---- C:\Windows\system32\nqhjr.exe
2011-05-30 14:43:21 ----A---- C:\Windows\system32\winset.ini
2011-05-30 14:41:10 ----D---- C:\Program Files\FishBone Games
2011-05-30 14:41:08 ----D---- C:\Downloads
2011-05-30 00:19:01 ----D---- C:\ProgramData\GameHouse
2011-05-29 23:23:08 ----D---- C:\ProgramData\Intenium
2011-05-25 16:39:47 ----A---- C:\Windows\system32\drivers\Diskdump.sys
2011-05-22 20:28:15 ----D---- C:\Users\Moniška\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
2011-05-22 20:28:15 ----D---- C:\Users\Moniška\AppData\Roaming\Adobe Mini Bridge CS5
2011-05-22 19:52:58 ----D---- C:\Users\Moniška\AppData\Roaming\iWin
2011-05-22 19:52:58 ----D---- C:\ProgramData\iWin
2011-05-21 16:45:18 ----D---- C:\Users\Moniška\AppData\Roaming\Boolat Games
2011-05-21 08:11:33 ----D---- C:\Program Files\Rachel's Retreat
2011-05-21 08:10:58 ----D---- C:\Windows\system32\2031
2011-05-20 21:42:11 ----D---- C:\ProgramData\regid.1986-12.com.adobe
2011-05-20 21:31:49 ----D---- C:\Program Files\Adobe Media Player
2011-05-20 21:29:36 ----D---- C:\Program Files\Common Files\Adobe AIR
2011-05-20 21:29:33 ----D---- C:\Program Files\Adobe
2011-05-20 21:28:43 ----D---- C:\ProgramData\Adobe
2011-05-20 21:26:42 ----D---- C:\Program Files\Common Files\Adobe
2011-05-20 21:22:40 ----A---- C:\Windows\AutoKMS.ini
2011-05-20 21:22:40 ----A---- C:\Windows\AutoKMS.exe
2011-05-20 21:21:47 ----A---- C:\Windows\KMSEmulator.exe
2011-05-20 21:19:12 ----D---- C:\Program Files\Amelies Cafe Halloween
2011-05-20 21:16:11 ----D---- C:\Program Files\Heart's Medicine - Season One
2011-05-20 21:14:43 ----D---- C:\Windows\Go-Go Gourmet
2011-05-20 21:14:43 ----D---- C:\Program Files\Go-Go Gourmet
2011-05-20 21:14:35 ----A---- C:\Windows\Go-Go Gourmet Setup Log.txt
2011-05-20 21:14:04 ----D---- C:\Windows\Miriels Enchanted Mystery
2011-05-20 21:14:03 ----D---- C:\Program Files\Miriels Enchanted Mystery
2011-05-20 21:13:55 ----A---- C:\Windows\Miriels Enchanted Mystery Setup Log.txt
2011-05-20 20:47:12 ----D---- C:\Program Files\Microsoft Synchronization Services
2011-05-20 20:47:10 ----D---- C:\Program Files\Common Files\DESIGNER
2011-05-20 20:46:35 ----D---- C:\Windows\PCHEALTH
2011-05-20 20:46:35 ----D---- C:\Program Files\Microsoft Sync Framework
2011-05-20 20:46:35 ----D---- C:\Program Files\Microsoft SQL Server Compact Edition
2011-05-20 20:44:35 ----D---- C:\Program Files\Microsoft Visual Studio 8
2011-05-20 20:42:56 ----D---- C:\Program Files\Microsoft Analysis Services
2011-05-20 20:42:04 ----D---- C:\Program Files\Microsoft Office
2011-05-20 20:42:03 ----D---- C:\ProgramData\Microsoft Help
2011-05-20 20:41:24 ----RHD---- C:\MSOCache
2011-05-20 20:38:03 ----D---- C:\Users\Moniška\AppData\Roaming\WinRAR
2011-05-20 20:37:56 ----D---- C:\Program Files\WinRAR
2011-05-20 20:37:13 ----A---- C:\Windows\system32\poqexec.exe
2011-05-17 21:17:17 ----D---- C:\ProgramData\Grey Alien Games
2011-05-16 18:24:48 ----D---- C:\Users\Moniška\AppData\Roaming\Jane s Hotel Family Hero
2011-05-16 15:20:49 ----D---- C:\Users\Moniška\AppData\Roaming\Jewel Keepers Easter Island
2011-05-16 15:15:49 ----D---- C:\Users\Moniška\AppData\Roaming\aliasworlds
2011-05-16 15:15:49 ----D---- C:\ProgramData\aliasworlds
2011-05-14 23:21:32 ----D---- C:\ProgramData\Sun
2011-05-14 23:21:31 ----D---- C:\Program Files\Common Files\Java
2011-05-14 23:20:59 ----A---- C:\Windows\system32\javaws.exe
2011-05-14 23:20:59 ----A---- C:\Windows\system32\javaw.exe
2011-05-14 23:20:59 ----A---- C:\Windows\system32\java.exe
2011-05-14 23:20:59 ----A---- C:\Windows\system32\deployJava1.dll
2011-05-14 23:20:31 ----D---- C:\Program Files\Java
2011-05-14 15:33:44 ----D---- C:\Users\Moniška\AppData\Roaming\Macromedia
2011-05-14 15:33:44 ----D---- C:\Users\Moniška\AppData\Roaming\Adobe
2011-05-14 15:33:41 ----D---- C:\Windows\system32\Macromed
2011-05-14 09:52:56 ----D---- C:\Windows\system32\Wat
2011-05-14 09:50:27 ----D---- C:\Program Files\Microsoft.NET
2011-05-14 09:49:14 ----D---- C:\6084457f3ccbcf8f9f
2011-05-14 09:45:24 ----D---- C:\Program Files\Spring Bonus
2011-05-14 09:45:14 ----D---- C:\Windows\system32\3081
2011-05-14 09:44:47 ----D---- C:\Windows\Soap Opera Dash
2011-05-14 09:44:47 ----D---- C:\Program Files\Soap Opera Dash
2011-05-14 09:44:41 ----A---- C:\Windows\Soap Opera Dash Setup Log.txt
2011-05-14 09:42:18 ----D---- C:\Program Files\Games
2011-05-14 09:41:42 ----D---- C:\Windows\Cake Mania - To the Max
2011-05-14 09:41:42 ----D---- C:\Program Files\Cake Mania - To the Max
2011-05-14 09:41:37 ----A---- C:\Windows\Cake Mania - To the Max Setup Log.txt
2011-05-14 09:41:01 ----D---- C:\Windows\Everything Nice
2011-05-14 09:41:00 ----D---- C:\Program Files\Everything Nice
2011-05-14 09:40:57 ----A---- C:\Windows\Everything Nice Setup Log.txt
2011-05-14 09:40:44 ----D---- C:\Windows\Travel Agency
2011-05-14 09:40:43 ----D---- C:\Program Files\Travel Agency
2011-05-14 09:40:37 ----A---- C:\Windows\Travel Agency Setup Log.txt
2011-05-14 09:39:36 ----D---- C:\Windows\Jane's Hotel. Family Hero
2011-05-14 09:39:36 ----D---- C:\Program Files\Jane's Hotel. Family Hero
2011-05-14 09:39:28 ----A---- C:\Windows\Jane's Hotel. Family Hero Setup Log.txt
2011-05-14 09:39:03 ----D---- C:\Windows\Green Valley Fun on the Farm
2011-05-14 09:39:03 ----D---- C:\Program Files\Green Valley Fun on the Farm
2011-05-14 09:38:56 ----A---- C:\Windows\Green Valley Fun on the Farm Setup Log.txt
2011-05-14 09:38:29 ----D---- C:\Program Files\Atlantic Quest
2011-05-14 09:37:19 ----D---- C:\Windows\Farm Frenzy 3
2011-05-14 09:37:19 ----D---- C:\Program Files\Farm Frenzy 3
2011-05-14 09:37:12 ----D---- C:\Windows\system32\3034
2011-05-14 09:37:11 ----A---- C:\Windows\Farm Frenzy 3 Setup Log.txt
2011-05-14 09:36:44 ----D---- C:\Windows\Airport Mania 2 Wild Trips - Premium Edition
2011-05-14 09:36:44 ----D---- C:\Program Files\Airport Mania 2 Wild Trips - Premium Edition
2011-05-14 09:36:37 ----A---- C:\Windows\Airport Mania 2 Wild Trips - Premium Edition Setup Log.txt
2011-05-14 09:35:36 ----D---- C:\Windows\Farm Frenzy Ancient Rome
2011-05-14 09:35:36 ----D---- C:\Program Files\Farm Frenzy Ancient Rome
2011-05-14 09:35:29 ----A---- C:\Windows\Farm Frenzy Ancient Rome Setup Log.txt
2011-05-13 11:14:37 ----A---- C:\Windows\system32\wininet.dll
2011-05-13 11:14:37 ----A---- C:\Windows\system32\urlmon.dll
2011-05-13 11:14:37 ----A---- C:\Windows\system32\SetIEInstalledDate.exe
2011-05-13 11:14:37 ----A---- C:\Windows\system32\RegisterIEPKEYs.exe
2011-05-13 11:14:37 ----A---- C:\Windows\system32\msrating.dll
2011-05-13 11:14:37 ----A---- C:\Windows\system32\msls31.dll
2011-05-13 11:14:37 ----A---- C:\Windows\system32\mshtmler.dll
2011-05-13 11:14:37 ----A---- C:\Windows\system32\msfeedssync.exe
2011-05-13 11:14:37 ----A---- C:\Windows\system32\msfeedsbs.dll
2011-05-13 11:14:37 ----A---- C:\Windows\system32\jsproxy.dll
2011-05-13 11:14:37 ----A---- C:\Windows\system32\ieui.dll
2011-05-13 11:14:37 ----A---- C:\Windows\system32\iesysprep.dll
2011-05-13 11:14:37 ----A---- C:\Windows\system32\iertutil.dll
2011-05-13 11:14:37 ----A---- C:\Windows\system32\ieframe.dll
2011-05-13 11:14:37 ----A---- C:\Windows\system32\ieakeng.dll
2011-05-13 11:14:37 ----A---- C:\Windows\system32\IEAdvpack.dll
2011-05-13 11:14:36 ----A---- C:\Windows\system32\webcheck.dll
2011-05-13 11:14:36 ----A---- C:\Windows\system32\url.dll
2011-05-13 11:14:36 ----A---- C:\Windows\system32\mshtmled.dll
2011-05-13 11:14:36 ----A---- C:\Windows\system32\licmgr10.dll
2011-05-13 11:14:36 ----A---- C:\Windows\system32\inseng.dll
2011-05-13 11:14:36 ----A---- C:\Windows\system32\iesetup.dll
2011-05-13 11:14:36 ----A---- C:\Windows\system32\iernonce.dll
2011-05-13 11:14:36 ----A---- C:\Windows\system32\iedkcs32.dll
2011-05-13 11:14:36 ----A---- C:\Windows\system32\ieapfltr.dll
2011-05-13 11:14:36 ----A---- C:\Windows\system32\ie4uinit.exe
2011-05-13 11:14:36 ----A---- C:\Windows\system32\icardie.dll
2011-05-13 11:14:36 ----A---- C:\Windows\system32\dxtrans.dll
2011-05-13 11:14:36 ----A---- C:\Windows\system32\dxtmsft.dll
2011-05-13 11:14:35 ----A---- C:\Windows\system32\wextract.exe
2011-05-13 11:14:35 ----A---- C:\Windows\system32\vbscript.dll
2011-05-13 11:14:35 ----A---- C:\Windows\system32\pngfilt.dll
2011-05-13 11:14:35 ----A---- C:\Windows\system32\occache.dll
2011-05-13 11:14:35 ----A---- C:\Windows\system32\mshtml.dll
2011-05-13 11:14:35 ----A---- C:\Windows\system32\mshta.exe
2011-05-13 11:14:35 ----A---- C:\Windows\system32\msfeeds.dll
2011-05-13 11:14:35 ----A---- C:\Windows\system32\jscript9.dll
2011-05-13 11:14:35 ----A---- C:\Windows\system32\jscript.dll
2011-05-13 11:14:35 ----A---- C:\Windows\system32\imgutil.dll
2011-05-13 11:14:35 ----A---- C:\Windows\system32\iexpress.exe
2011-05-13 11:14:35 ----A---- C:\Windows\system32\ieUnatt.exe
2011-05-13 11:14:35 ----A---- C:\Windows\system32\iepeers.dll
2011-05-13 11:14:35 ----A---- C:\Windows\system32\ieakui.dll
2011-05-13 11:14:35 ----A---- C:\Windows\system32\ieaksie.dll
2011-05-13 11:14:35 ----A---- C:\Windows\system32\admparse.dll
2011-05-13 11:09:18 ----D---- C:\Users\Moniška\AppData\Roaming\ESET
2011-05-13 10:52:57 ----A---- C:\Windows\system32\msv1_0.dll
2011-05-13 10:49:02 ----A---- C:\Windows\system32\PresentationHostProxy.dll
2011-05-13 10:49:02 ----A---- C:\Windows\system32\PresentationHost.exe
2011-05-13 10:49:02 ----A---- C:\Windows\system32\mscoree.dll
2011-05-13 10:49:01 ----A---- C:\Windows\system32\netfxperf.dll
2011-05-13 10:49:01 ----A---- C:\Windows\system32\dfshim.dll
2011-05-13 10:48:05 ----A---- C:\Windows\system32\MRT.exe
2011-05-13 10:45:08 ----D---- C:\Windows\system32\x64
2011-05-13 10:45:08 ----A---- C:\Windows\system32\igxpun.exe
2011-05-13 10:37:08 ----A---- C:\Windows\system32\browserchoice.exe
2011-05-13 10:35:27 ----A---- C:\Windows\system32\drivers\ks.sys
2011-05-13 10:34:57 ----D---- C:\Program Files\MSXML 4.0
2011-05-13 10:34:43 ----A---- C:\Windows\system32\wcncsvc.dll
2011-05-13 10:34:07 ----D---- C:\Windows\Panther
2011-05-13 10:33:52 ----A---- C:\Windows\system32\XpsPrint.dll
2011-05-13 10:33:49 ----A---- C:\Windows\system32\prevhost.exe
2011-05-13 10:33:38 ----A---- C:\Windows\explorer.exe
2011-05-13 10:33:37 ----A---- C:\Windows\system32\XpsGdiConverter.dll
2011-05-13 10:33:25 ----A---- C:\Windows\system32\drivers\fvevol.sys
2011-05-13 10:33:23 ----A---- C:\Windows\system32\ole32.dll
2011-05-13 10:33:10 ----A---- C:\Windows\system32\drivers\srv2.sys
2011-05-13 10:33:10 ----A---- C:\Windows\system32\drivers\srv.sys
2011-05-13 10:33:09 ----A---- C:\Windows\system32\drivers\srvnet.sys
2011-05-13 10:33:01 ----A---- C:\Windows\system32\spoolsv.exe
2011-05-13 10:32:59 ----A---- C:\Windows\system32\wmicmiplugin.dll
2011-05-13 10:32:59 ----A---- C:\Windows\system32\taskschd.dll
2011-05-13 10:32:59 ----A---- C:\Windows\system32\taskeng.exe
2011-05-13 10:32:59 ----A---- C:\Windows\system32\taskcomp.dll
2011-05-13 10:32:59 ----A---- C:\Windows\system32\schtasks.exe
2011-05-13 10:32:59 ----A---- C:\Windows\system32\schedsvc.dll
2011-05-13 10:32:58 ----A---- C:\Windows\system32\drivers\tcpip.sys
2011-05-13 10:32:45 ----A---- C:\Windows\system32\odbc32.dll
2011-05-13 10:31:48 ----A---- C:\Windows\system32\CertEnroll.dll
2011-05-13 10:31:47 ----A---- C:\Windows\system32\winload.exe
2011-05-13 10:31:46 ----A---- C:\Windows\system32\winresume.exe
2011-05-13 10:31:38 ----A---- C:\Windows\system32\msdri.dll
2011-05-13 10:31:37 ----A---- C:\Windows\system32\psisdecd.dll
2011-05-13 10:31:17 ----A---- C:\Windows\system32\lsasrv.dll
2011-05-13 10:31:17 ----A---- C:\Windows\system32\drivers\ksecpkg.sys
2011-05-13 10:31:01 ----A---- C:\Windows\system32\win32k.sys
2011-05-13 10:30:50 ----A---- C:\Windows\system32\ir32_32.dll
2011-05-13 10:30:50 ----A---- C:\Windows\system32\iccvid.dll
2011-05-13 10:30:49 ----A---- C:\Windows\system32\mfc40u.dll
2011-05-13 10:30:49 ----A---- C:\Windows\system32\mfc40.dll
2011-05-13 10:30:47 ----A---- C:\Windows\system32\winlogon.exe
2011-05-13 10:30:45 ----A---- C:\Windows\system32\atmlib.dll
2011-05-13 10:30:45 ----A---- C:\Windows\system32\atmfd.dll
2011-05-13 10:30:39 ----A---- C:\Windows\system32\kerberos.dll
2011-05-13 10:30:36 ----A---- C:\Windows\system32\upnp.dll
2011-05-13 10:30:35 ----A---- C:\Windows\system32\wscsvc.dll
2011-05-13 10:30:35 ----A---- C:\Windows\system32\wscapi.dll
2011-05-13 10:30:35 ----A---- C:\Windows\system32\winhttp.dll
2011-05-13 10:30:35 ----A---- C:\Windows\system32\WebClnt.dll
2011-05-13 10:30:35 ----A---- C:\Windows\system32\slwga.dll
2011-05-13 10:30:35 ----A---- C:\Windows\system32\msxml6.dll
2011-05-13 10:30:35 ----A---- C:\Windows\system32\msxml3.dll
2011-05-13 10:30:35 ----A---- C:\Windows\system32\davclnt.dll
2011-05-13 10:30:33 ----A---- C:\Windows\system32\tzres.dll
2011-05-13 10:30:27 ----A---- C:\Windows\system32\wmp.dll
2011-05-13 10:30:23 ----A---- C:\Windows\system32\wmploc.DLL
2011-05-13 10:30:21 ----A---- C:\Windows\system32\schannel.dll
2011-05-13 10:30:21 ----A---- C:\Windows\system32\rtutils.dll
2011-05-13 10:30:13 ----A---- C:\Windows\system32\dnsrslvr.dll
2011-05-13 10:30:13 ----A---- C:\Windows\system32\dnscacheugc.exe
2011-05-13 10:30:13 ----A---- C:\Windows\system32\dnsapi.dll
2011-05-13 10:30:10 ----A---- C:\Windows\system32\asycfilt.dll
2011-05-13 10:30:09 ----A---- C:\Windows\system32\kernel32.dll
2011-05-13 10:30:08 ----A---- C:\Windows\system32\apphelp.dll
2011-05-13 10:30:07 ----A---- C:\Windows\system32\FXSCOVER.exe
2011-05-13 10:30:06 ----A---- C:\Windows\system32\fontsub.dll
2011-05-13 10:30:05 ----A---- C:\Windows\system32\msasn1.dll
2011-05-13 10:30:04 ----A---- C:\Windows\system32\t2embed.dll
2011-05-13 10:30:03 ----A---- C:\Windows\system32\comctl32.dll
2011-05-13 10:29:53 ----A---- C:\Windows\system32\d3d10warp.dll
2011-05-13 10:29:52 ----A---- C:\Windows\system32\mf.dll
2011-05-13 10:29:52 ----A---- C:\Windows\system32\FntCache.dll
2011-05-13 10:29:52 ----A---- C:\Windows\system32\DWrite.dll
2011-05-13 10:29:52 ----A---- C:\Windows\system32\d2d1.dll
2011-05-13 10:29:51 ----A---- C:\Windows\system32\WMVDECOD.DLL
2011-05-13 10:29:50 ----A---- C:\Windows\system32\XpsRasterService.dll
2011-05-13 10:29:50 ----A---- C:\Windows\system32\mfreadwrite.dll
2011-05-13 10:29:50 ----A---- C:\Windows\system32\ExplorerFrame.dll
2011-05-13 10:29:50 ----A---- C:\Windows\system32\d3d10_1core.dll
2011-05-13 10:29:50 ----A---- C:\Windows\system32\d3d10_1.dll
2011-05-13 10:29:48 ----A---- C:\Windows\system32\mfc42u.dll
2011-05-13 10:29:48 ----A---- C:\Windows\system32\mfc42.dll
2011-05-13 10:29:43 ----A---- C:\Windows\system32\ntdll.dll
2011-05-13 10:29:41 ----A---- C:\Windows\system32\EncDec.dll
2011-05-13 10:29:41 ----A---- C:\Windows\system32\CPFilters.dll
2011-05-13 10:29:40 ----A---- C:\Windows\system32\sbe.dll
2011-05-13 10:29:37 ----A---- C:\Windows\system32\ntoskrnl.exe
2011-05-13 10:29:37 ----A---- C:\Windows\system32\ntkrnlpa.exe
2011-05-13 10:29:35 ----A---- C:\Windows\system32\drivers\mrxsmb20.sys
2011-05-13 10:29:35 ----A---- C:\Windows\system32\drivers\mrxsmb10.sys
2011-05-13 10:29:35 ----A---- C:\Windows\system32\drivers\mrxsmb.sys
2011-05-13 10:29:35 ----A---- C:\Windows\system32\drivers\bowser.sys
2011-05-13 10:29:33 ----A---- C:\Windows\system32\secproc_isv.dll
2011-05-13 10:29:33 ----A---- C:\Windows\system32\secproc.dll
2011-05-13 10:29:32 ----A---- C:\Windows\system32\secproc_ssp_isv.dll
2011-05-13 10:29:32 ----A---- C:\Windows\system32\secproc_ssp.dll
2011-05-13 10:29:32 ----A---- C:\Windows\system32\RMActivate_ssp_isv.exe
2011-05-13 10:29:32 ----A---- C:\Windows\system32\RMActivate_ssp.exe
2011-05-13 10:29:32 ----A---- C:\Windows\system32\RMActivate_isv.exe
2011-05-13 10:29:32 ----A---- C:\Windows\system32\RMActivate.exe
2011-05-13 10:29:31 ----A---- C:\Windows\system32\shell32.dll
2011-05-13 10:29:28 ----A---- C:\Windows\system32\inetcomm.dll
2011-05-13 10:29:27 ----A---- C:\Windows\system32\wmpmde.dll
2011-05-13 10:29:26 ----A---- C:\Windows\system32\mstscax.dll
2011-05-13 10:29:26 ----A---- C:\Windows\system32\mstsc.exe
2011-05-13 10:29:25 ----A---- C:\Windows\system32\oleaut32.dll
2011-05-13 10:29:24 ----A---- C:\Windows\system32\StructuredQuery.dll
2011-05-13 10:29:22 ----A---- C:\Windows\system32\srvsvc.dll
2011-05-13 10:29:20 ----A---- C:\Windows\system32\tsbyuv.dll
2011-05-13 10:29:20 ----A---- C:\Windows\system32\quartz.dll
2011-05-13 10:29:20 ----A---- C:\Windows\system32\msyuv.dll
2011-05-13 10:29:20 ----A---- C:\Windows\system32\msvidc32.dll
2011-05-13 10:29:20 ----A---- C:\Windows\system32\msrle32.dll
2011-05-13 10:29:20 ----A---- C:\Windows\system32\mciavi32.dll
2011-05-13 10:29:20 ----A---- C:\Windows\system32\iyuv_32.dll
2011-05-13 10:29:20 ----A---- C:\Windows\system32\avifil32.dll
2011-05-13 10:29:19 ----A---- C:\Windows\system32\webio.dll
2011-05-13 10:29:18 ----A---- C:\Windows\system32\consent.exe
2011-05-13 10:16:41 ----A---- C:\Windows\system32\drivers\dxgkrnl.sys
2011-05-13 10:16:40 ----A---- C:\Windows\system32\drivers\dxgmms1.sys
2011-05-13 10:16:40 ----A---- C:\Windows\system32\cdd.dll
2011-05-13 10:15:30 ----HD---- C:\ProgramData\CanonBJ
2011-05-13 10:09:37 ----D---- C:\Users\Moniška\AppData\Roaming\Farm Mania 2.1
2011-05-13 10:07:58 ----D---- C:\Users\Moniška\AppData\Roaming\PlayFirst
2011-05-13 10:07:58 ----D---- C:\ProgramData\PlayFirst
2011-05-13 10:07:54 ----AD---- C:\ProgramData\TEMP
2011-05-13 10:07:05 ----D---- C:\ProgramData\Fugazo
2011-05-13 10:04:22 ----N---- C:\Windows\system32\MpSigStub.exe
2011-05-13 10:03:34 ----A---- C:\Windows\system32\cabview.dll
2011-05-13 10:03:30 ----A---- C:\Windows\system32\wintrust.dll
2011-05-13 09:51:08 ----D---- C:\Intel
2011-05-13 09:50:45 ----D---- C:\Program Files\Synaptics
2011-05-13 09:50:03 ----D---- C:\Program Files\Intel
2011-05-13 09:48:31 ----D---- C:\Program Files\Common Files\Logitech
2011-05-13 09:48:30 ----D---- C:\Program Files\Acer
2011-05-13 09:48:25 ----A---- C:\Windows\system32\PerfStringBackup.INI
2011-05-13 09:47:40 ----A---- C:\Windows\EMCRI.dll
2011-05-13 09:46:57 ----D---- C:\Program Files\Common Files\InstallShield
2011-05-13 09:46:24 ----D---- C:\ProgramData\ESET
2011-05-13 09:45:19 ----SHD---- C:\Windows\Installer
2011-05-13 09:43:59 ----D---- C:\Users\Moniška\AppData\Roaming\Identities
2011-05-13 09:43:34 ----SD---- C:\Users\Moniška\AppData\Roaming\Microsoft
2011-05-13 09:43:34 ----D---- C:\Users\Moniška\AppData\Roaming\Media Center Programs
2011-05-13 09:42:05 ----SHD---- C:\Recovery
2011-05-13 09:42:04 ----SHD---- C:\ProgramData\Šablony
2011-05-13 09:42:04 ----SHD---- C:\ProgramData\Plocha
2011-05-13 09:42:04 ----SHD---- C:\ProgramData\Oblíbené položky
2011-05-13 09:42:04 ----SHD---- C:\ProgramData\Nabídka Start
2011-05-13 09:42:04 ----SHD---- C:\ProgramData\Dokumenty
2011-05-13 09:42:04 ----SHD---- C:\ProgramData\Data aplikací
2011-05-13 09:38:13 ----D---- C:\Windows\SoftwareDistribution
2011-05-13 09:35:27 ----D---- C:\Windows\Prefetch
2011-05-13 09:35:05 ----ASH---- C:\pagefile.sys
2011-05-13 09:35:02 ----SHD---- C:\System Volume Information
2011-05-13 09:35:02 ----ASH---- C:\hiberfil.sys
2011-05-13 09:24:44 ----A---- C:\Windows\system32\WdfCoInstaller01000.dll
2011-05-13 09:24:44 ----A---- C:\Windows\system32\SynTPCo4.dll
2011-05-13 09:24:44 ----A---- C:\Windows\system32\SynTPAPI.dll
2011-05-13 09:24:44 ----A---- C:\Windows\system32\SynCtrl.dll
2011-05-13 09:24:44 ----A---- C:\Windows\system32\SynCOM.dll
2011-05-13 09:24:44 ----A---- C:\Windows\system32\drivers\SynTP.sys
2011-05-13 09:24:36 ----A---- C:\Windows\system32\drivers\ESM7SK.sys
2011-05-13 09:24:36 ----A---- C:\Windows\system32\drivers\ESD7SK.sys
2011-05-13 09:24:36 ----A---- C:\Windows\system32\drivers\EMS7SK.sys
2011-05-13 08:53:04 ----D---- C:\hry

======List of files/folders modified in the last 1 months======

2011-05-30 20:57:00 ----D---- C:\Windows\Temp
2011-05-30 20:55:12 ----D---- C:\Windows\System32
2011-05-30 20:53:31 ----D---- C:\Windows\system32\drivers
2011-05-30 20:53:30 ----RD---- C:\Program Files
2011-05-30 20:53:30 ----HD---- C:\ProgramData
2011-05-30 20:52:17 ----D---- C:\Windows\system32\Tasks
2011-05-30 20:52:16 ----D---- C:\Windows\Tasks
2011-05-30 20:52:09 ----D---- C:\Windows
2011-05-30 20:50:09 ----D---- C:\Windows\system32\config
2011-05-30 20:49:32 ----D---- C:\Windows\system32\DriverStore
2011-05-30 20:49:32 ----D---- C:\Windows\system32\catroot
2011-05-30 20:49:31 ----D---- C:\Windows\inf
2011-05-30 18:27:52 ----D---- C:\Windows\system32\drivers\etc
2011-05-30 14:40:28 ----D---- C:\Windows\system32\sysprep
2011-05-26 19:42:22 ----D---- C:\Windows\system32\wdi
2011-05-26 09:54:19 ----D---- C:\Windows\winsxs
2011-05-25 16:52:49 ----SD---- C:\ProgramData\Microsoft
2011-05-25 16:52:44 ----D---- C:\Windows\system32\drivers\UMDF
2011-05-20 21:46:12 ----D---- C:\Program Files\Internet Explorer
2011-05-20 21:40:15 ----D---- C:\Windows\Microsoft.NET
2011-05-20 21:40:14 ----RSD---- C:\Windows\assembly
2011-05-20 21:33:26 ----RSD---- C:\Windows\Fonts
2011-05-20 21:29:36 ----D---- C:\Program Files\Common Files
2011-05-20 20:48:32 ----D---- C:\Windows\ShellNew
2011-05-20 20:48:24 ----D---- C:\Program Files\Common Files\microsoft shared
2011-05-20 20:48:07 ----D---- C:\Program Files\MSBuild
2011-05-20 20:44:10 ----A---- C:\Windows\win.ini
2011-05-20 20:44:06 ----D---- C:\Program Files\Common Files\System
2011-05-20 20:36:02 ----D---- C:\Windows\system32\catroot2
2011-05-14 15:33:44 ----D---- C:\Windows\Downloaded Program Files
2011-05-14 12:40:57 ----D---- C:\Windows\rescache
2011-05-14 09:56:14 ----D---- C:\Windows\Logs
2011-05-14 09:56:10 ----D---- C:\Windows\servicing
2011-05-14 09:53:49 ----D---- C:\Windows\system32\cs-CZ
2011-05-14 09:52:58 ----D---- C:\Windows\AppPatch
2011-05-14 09:52:46 ----D---- C:\Windows\system32\migration
2011-05-14 09:52:46 ----D---- C:\Windows\PolicyDefinitions
2011-05-14 09:52:43 ----D---- C:\Windows\system32\en-US
2011-05-13 11:02:30 ----D---- C:\Windows\ehome
2011-05-13 11:02:30 ----D---- C:\Program Files\Windows Mail
2011-05-13 11:02:29 ----D---- C:\Windows\system32\Boot
2011-05-13 11:02:27 ----D---- C:\Program Files\Windows Media Player
2011-05-13 10:48:06 ----D---- C:\Windows\debug
2011-05-13 10:33:46 ----D---- C:\Windows\Setup
2011-05-13 09:53:13 ----D---- C:\Windows\system32\CodeIntegrity
2011-05-13 09:47:30 ----D---- C:\Windows\system32\wbem
2011-05-13 09:45:36 ----D---- C:\Windows\system32\restore
2011-05-13 09:43:46 ----SHD---- C:\$Recycle.Bin
2011-05-13 09:43:33 ----RD---- C:\Users
2011-05-13 09:42:05 ----D---- C:\Program Files\Windows NT
2011-05-13 09:35:58 ----D---- C:\Windows\CSC

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [2009-07-14 12368]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2009-07-14 173648]
R1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [2011-04-01 137656]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2009-07-14 387584]
R2 avgntflt;avgntflt; C:\Windows\system32\DRIVERS\avgntflt.sys [2011-04-01 61960]
R3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\Windows\system32\DRIVERS\bcm4sbxp.sys [2009-07-14 46080]
R3 EMSCR;EMSCR; C:\Windows\system32\DRIVERS\EMS7SK.sys [2006-10-25 62208]
R3 ESDCR;ESDCR; C:\Windows\system32\DRIVERS\ESD7SK.sys [2006-10-25 42240]
R3 ESMCR;ESMCR; C:\Windows\system32\DRIVERS\ESM7SK.sys [2006-10-25 76928]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2009-09-23 4808192]
R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series – ovladač adaptéru pro 32bitový systém Windows Vista; C:\Windows\system32\DRIVERS\netw5v32.sys [2009-07-14 4231168]
R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2009-07-14 84992]
R3 SrvHsfHDA;SrvHsfHDA; C:\Windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-14 207360]
R3 SrvHsfV92;SrvHsfV92; C:\Windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-14 980992]
R3 SrvHsfWinac;SrvHsfWinac; C:\Windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-14 661504]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2006-10-23 179896]
S1 ssmdrv;ssmdrv; C:\Windows\system32\DRIVERS\ssmdrv.sys [2010-06-17 28520]
S2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]
S3 amdagp;AMD AGP Bus Filter Driver; C:\Windows\system32\DRIVERS\amdagp.sys [2009-07-14 53312]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-14 229888]
S3 BthEnum;Služba Bluetooth Enumerator; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-07-14 34816]
S3 BthPan;Zařízení Bluetooth (síť PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 93696]
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2009-07-14 392704]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2009-07-14 58880]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2009-07-14 133120]
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 129536]
S3 s3cap;s3cap; C:\Windows\system32\DRIVERS\vms3cap.sys [2009-07-14 5632]
S3 sisagp;SIS AGP Bus Filter; C:\Windows\system32\DRIVERS\sisagp.sys [2009-07-14 52304]
S3 storvsc;storvsc; C:\Windows\system32\DRIVERS\storvsc.sys [2009-07-14 28224]
S3 viaagp;VIA AGP Bus Filter; C:\Windows\system32\DRIVERS\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]
S3 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\DRIVERS\vmbus.sys [2009-07-14 175824]
S3 VMBusHID;VMBusHID; C:\Windows\system32\DRIVERS\VMBusHID.sys [2009-07-14 17920]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2011-03-28 269480]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2011-03-28 136360]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 srv524;srv524; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service; C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 SwitchBoard;SwitchBoard; C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2011-05-14 1343400]

-----------------EOF-----------------

[vyosek]

Stahnete RKill http://download.bleepingcomputer.com/grinler/rkill.com

• Pokud ho havet blokuje, pouzijte jeden z nasledujicich

  Rkill EXE:
  http://download.bleepingcomputer.com/grinler/rkill.exe
  
  Rkill SCR:
  http://download.bleepingcomputer.com/grinler/rkill.scr
  
  Rkill PIF:
  http://download.bleepingcomputer.com/grinler/rkill.pif

• Ulozte nejlepena plochu a ukoncete vsechny aplikace (jinak to udela RKill za Vas)
• Spustte tradicne dvojklikem - program probehne temer okamzite a ukonci i svou cinnost
• RKill ukonci vsechny ne-systemove procesy - tedy i procesy, pod kterymi bezi havet
• Ted nerestartujte PC - prisli byste o ucinek RKillu

PROSIM CTETE DUKLADNE NAVOD - TATO UTILITA MA VELKOU SCHOPNOST MAZAT A JE NUTNE JI APLIKOVAT JEN NA DOPORUCENI, JINAK VAM MUZE JIT SYSTEM DO KYTEK
Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe

• Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.
• Pokud mate Win XP spustte pod uctem Spravce\Administratora
• Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
• Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
• Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
• Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
• Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
• Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte
• Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix

[johny-d]

Internet jí už jede, děkuji, ale zatím ho radši nemám připojený. Jste velký odborník, děkuji

ComboFix 11-05-30.04 - Moniška 30.05.2011 23:37:05.1.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1250.420.1029.18.1014.485 [GMT 2:00]
Spuštěný z: g:\opeava\ComboFix.exe
AV: AntiVir Desktop *Disabled/Outdated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Outdated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\MONIKA~1\AppData\Local\Temp\srv524.tmp
c:\windows\system32\delme.bat
c:\windows\system32\winset.ini
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_srv524
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-04-28 do 2011-05-30 )))))))))))))))))))))))))))))))
.
.
2011-05-30 21:45 . 2011-05-30 21:45 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-05-30 18:53 . 2011-04-01 15:07 137656 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-05-30 18:53 . 2011-05-30 18:53 -------- d-----w- c:\programdata\Avira
2011-05-30 18:53 . 2011-05-30 18:53 -------- d-----w- c:\program files\Avira
2011-05-30 18:53 . 2011-04-01 15:07 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-05-30 16:49 . 2011-05-30 16:49 -------- d-----w- c:\program files\trend micro
2011-05-30 16:49 . 2011-05-30 18:57 -------- d-----w- C:\rsit
2011-05-30 13:48 . 2011-05-30 16:21 -------- d-----w- c:\program files\The Cleaner
2011-05-30 13:28 . 2011-05-30 13:28 389120 ----a-w- c:\windows\system32\pukzw.exe
2011-05-30 12:44 . 2011-05-30 12:44 -------- d-----w- c:\windows\Fitness Dash
2011-05-30 12:44 . 2011-05-30 12:44 -------- d-----w- c:\program files\Fitness Dash
2011-05-30 12:44 . 2011-05-30 12:43 155648 ----a-w- c:\windows\Kgymaa.exe
2011-05-30 12:43 . 2011-05-30 12:43 389120 ----a-w- c:\windows\system32\nqhjr.exe
2011-05-30 12:41 . 2011-05-30 12:41 -------- d-----w- c:\program files\FishBone Games
2011-05-30 12:41 . 2011-05-30 12:41 -------- d-----w- C:\Downloads
2011-05-29 22:19 . 2011-05-29 22:19 -------- d-----w- c:\programdata\GameHouse
2011-05-29 21:23 . 2011-05-29 21:23 -------- d-----w- c:\programdata\Intenium
2011-05-27 08:48 . 2011-05-09 20:46 6962000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{925EADA2-1CE7-4637-92FF-A627CFEBB9B0}\mpengine.dll
2011-05-25 14:39 . 2011-04-22 19:36 26496 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2011-05-22 17:52 . 2011-05-22 17:52 -------- d-----w- c:\programdata\iWin
2011-05-21 06:11 . 2011-05-21 06:12 -------- d-----w- c:\program files\Rachel's Retreat
2011-05-21 06:10 . 2011-05-21 06:10 -------- d-----w- c:\windows\system32\2031
2011-05-20 19:42 . 2011-05-20 19:42 -------- d-----w- c:\programdata\regid.1986-12.com.adobe
2011-05-20 19:31 . 2011-05-20 19:31 -------- d-----w- c:\program files\Adobe Media Player
2011-05-20 19:29 . 2011-05-20 19:29 -------- d-----w- c:\program files\Common Files\Adobe AIR
2011-05-20 19:26 . 2011-05-24 08:38 -------- d-----w- c:\program files\Common Files\Adobe
2011-05-20 19:22 . 2011-05-20 19:22 647168 ----a-w- c:\windows\AutoKMS.exe
2011-05-20 19:21 . 2011-05-30 21:48 78848 ----a-w- c:\windows\KMSEmulator.exe
2011-05-20 19:19 . 2011-05-20 19:19 -------- d-----w- c:\program files\Amelies Cafe Halloween
2011-05-20 19:16 . 2011-05-20 19:17 -------- d-----w- c:\program files\Heart's Medicine - Season One
2011-05-20 19:14 . 2011-05-20 19:14 -------- d-----w- c:\program files\Go-Go Gourmet
2011-05-20 19:14 . 2011-05-20 19:14 -------- d-----w- c:\windows\Go-Go Gourmet
2011-05-20 19:14 . 2011-05-20 19:14 -------- d-----w- c:\windows\Miriels Enchanted Mystery
2011-05-20 19:14 . 2011-05-20 19:14 -------- d-----w- c:\program files\Miriels Enchanted Mystery
2011-05-20 18:47 . 2011-05-20 18:47 -------- d-----w- c:\program files\Microsoft Synchronization Services
2011-05-20 18:46 . 2011-05-20 18:46 -------- d-----w- c:\windows\PCHEALTH
2011-05-20 18:46 . 2011-05-20 18:46 -------- d-----w- c:\program files\Microsoft Sync Framework
2011-05-20 18:46 . 2011-05-20 18:46 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2011-05-20 18:44 . 2011-05-20 18:44 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2011-05-20 18:42 . 2011-05-20 18:42 -------- d-----w- c:\program files\Microsoft Analysis Services
2011-05-20 18:42 . 2011-05-20 18:56 -------- d-----w- c:\programdata\Microsoft Help
2011-05-20 18:41 . 2011-05-20 18:41 -------- d-----r- C:\MSOCache
2011-05-20 18:37 . 2011-04-09 05:56 123904 ----a-w- c:\windows\system32\poqexec.exe
2011-05-17 19:17 . 2011-05-17 19:17 -------- d-----w- c:\programdata\Grey Alien Games
2011-05-16 13:15 . 2011-05-16 13:15 -------- d-----w- c:\programdata\aliasworlds
2011-05-14 21:21 . 2011-05-14 21:21 -------- d-----w- c:\program files\Common Files\Java
2011-05-14 21:20 . 2011-05-14 21:20 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-05-14 21:20 . 2011-05-14 21:20 -------- d-----w- c:\program files\Java
2011-05-14 13:33 . 2011-05-14 13:33 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-14 13:33 . 2011-05-14 13:33 -------- d-----w- c:\windows\system32\Macromed
2011-05-14 07:52 . 2011-05-14 07:52 -------- d-----w- c:\windows\system32\Wat
2011-05-14 07:50 . 2011-05-20 18:46 -------- d-----w- c:\program files\Microsoft.NET
2011-05-14 07:49 . 2011-05-14 07:53 -------- d-----w- C:\6084457f3ccbcf8f9f
2011-05-14 07:45 . 2011-05-14 07:45 -------- d-----w- c:\program files\Spring Bonus
2011-05-14 07:45 . 2011-05-14 07:45 -------- d-----w- c:\windows\system32\3081
2011-05-14 07:44 . 2011-05-14 07:45 -------- d-----w- c:\program files\Soap Opera Dash
2011-05-14 07:44 . 2011-05-14 07:44 -------- d-----w- c:\windows\Soap Opera Dash
2011-05-14 07:42 . 2011-05-30 12:54 -------- d-----w- c:\program files\Games
2011-05-14 07:41 . 2011-05-14 07:41 -------- d-----w- c:\program files\Cake Mania - To the Max
2011-05-14 07:41 . 2011-05-14 07:41 -------- d-----w- c:\windows\Cake Mania - To the Max
2011-05-14 07:41 . 2011-05-14 07:41 -------- d-----w- c:\windows\Everything Nice
2011-05-14 07:41 . 2011-05-14 07:41 -------- d-----w- c:\program files\Everything Nice
2011-05-14 07:40 . 2011-05-14 07:40 -------- d-----w- c:\windows\Travel Agency
2011-05-14 07:40 . 2011-05-14 07:40 -------- d-----w- c:\program files\Travel Agency
2011-05-14 07:39 . 2011-05-14 07:40 -------- d-----w- c:\program files\Jane's Hotel. Family Hero
2011-05-14 07:39 . 2011-05-14 07:39 -------- d-----w- c:\windows\Jane's Hotel. Family Hero
2011-05-14 07:39 . 2011-05-14 07:39 -------- d-----w- c:\program files\Green Valley Fun on the Farm
2011-05-14 07:39 . 2011-05-14 07:39 -------- d-----w- c:\windows\Green Valley Fun on the Farm
2011-05-14 07:38 . 2011-05-14 07:38 -------- d-----w- c:\program files\Atlantic Quest
2011-05-14 07:37 . 2011-05-14 07:37 -------- d-----w- c:\program files\Farm Frenzy 3
2011-05-14 07:37 . 2011-05-14 07:37 -------- d-----w- c:\windows\Farm Frenzy 3
2011-05-14 07:37 . 2011-05-14 07:37 -------- d-----w- c:\windows\system32\3034
2011-05-14 07:36 . 2011-05-14 07:36 -------- d-----w- c:\program files\Airport Mania 2 Wild Trips - Premium Edition
2011-05-14 07:36 . 2011-05-14 07:36 -------- d-----w- c:\windows\Airport Mania 2 Wild Trips - Premium Edition
2011-05-14 07:35 . 2011-05-14 07:35 -------- d-----w- c:\program files\Farm Frenzy Ancient Rome
2011-05-14 07:35 . 2011-05-14 07:35 -------- d-----w- c:\windows\Farm Frenzy Ancient Rome
2011-05-13 08:52 . 2009-09-10 05:52 257024 ----a-w- c:\windows\system32\msv1_0.dll
2011-05-13 08:49 . 2009-11-25 10:47 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2011-05-13 08:49 . 2009-11-25 10:47 297808 ----a-w- c:\windows\system32\mscoree.dll
2011-05-13 08:49 . 2009-11-25 10:47 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2011-05-13 08:49 . 2009-11-25 10:47 49472 ----a-w- c:\windows\system32\netfxperf.dll
2011-05-13 08:49 . 2009-11-25 10:47 1130824 ----a-w- c:\windows\system32\dfshim.dll
2011-05-13 08:45 . 2011-05-13 08:45 -------- d-----w- c:\windows\system32\x64
2011-05-13 08:45 . 2009-09-23 17:30 1002008 ----a-w- c:\windows\system32\igxpun.exe
2011-05-13 08:37 . 2010-02-11 07:10 293376 ----a-w- c:\windows\system32\browserchoice.exe
2011-05-13 08:35 . 2010-03-04 03:57 190976 ----a-w- c:\windows\system32\drivers\ks.sys
2011-05-13 08:34 . 2011-05-13 08:34 -------- d-----w- c:\program files\MSXML 4.0
2011-05-13 08:34 . 2010-09-14 06:07 276992 ----a-w- c:\windows\system32\wcncsvc.dll
2011-05-13 08:34 . 2011-05-13 07:42 -------- d-----w- c:\windows\Panther
2011-05-13 08:33 . 2011-03-12 11:31 442880 ----a-w- c:\windows\system32\XpsPrint.dll
2011-05-13 08:33 . 2011-02-18 05:33 31232 ----a-w- c:\windows\system32\prevhost.exe
2011-05-13 08:33 . 2011-02-26 05:33 2614784 ----a-w- c:\windows\explorer.exe
2011-05-13 08:33 . 2011-02-24 05:32 288256 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-05-13 08:33 . 2009-09-26 05:58 194488 ----a-w- c:\windows\system32\drivers\fvevol.sys
2011-05-13 08:33 . 2010-06-29 05:02 1413632 ----a-w- c:\windows\system32\ole32.dll
2011-05-13 08:33 . 2010-06-29 04:57 4247040 ----a-w- c:\program files\Windows NT\Accessories\wordpad.exe
2011-05-13 08:33 . 2011-02-23 05:06 311296 ----a-w- c:\windows\system32\drivers\srv.sys
2011-05-13 08:33 . 2011-02-23 05:05 309760 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-05-13 08:33 . 2011-02-23 05:05 113664 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-05-13 08:33 . 2010-08-21 05:32 316928 ----a-w- c:\windows\system32\spoolsv.exe
2011-05-13 08:32 . 2010-11-02 04:41 351232 ----a-w- c:\windows\system32\wmicmiplugin.dll
2011-05-13 08:32 . 2010-11-02 04:40 496128 ----a-w- c:\windows\system32\taskschd.dll
2011-05-13 08:32 . 2010-11-02 04:40 305152 ----a-w- c:\windows\system32\taskcomp.dll
2011-05-13 08:32 . 2010-11-02 04:39 749056 ----a-w- c:\windows\system32\schedsvc.dll
2011-05-13 08:32 . 2010-11-02 04:34 192000 ----a-w- c:\windows\system32\taskeng.exe
2011-05-13 08:32 . 2010-11-02 04:34 179712 ----a-w- c:\windows\system32\schtasks.exe
2011-05-13 08:32 . 2010-06-14 06:12 1286016 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-05-13 08:32 . 2010-10-16 04:34 573440 ----a-w- c:\windows\system32\odbc32.dll
2011-05-13 08:32 . 2010-10-16 04:33 372736 ----a-w- c:\program files\Common Files\System\ado\msadox.dll
2011-05-13 08:32 . 2010-10-16 04:33 352256 ----a-w- c:\program files\Common Files\System\ado\msadomd.dll
2011-05-13 08:32 . 2010-10-16 04:33 987136 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
2011-05-13 08:32 . 2010-10-16 04:33 208896 ----a-w- c:\program files\Common Files\System\msadc\msadco.dll
2011-05-13 08:31 . 2009-09-03 07:04 1320960 ----a-w- c:\windows\system32\CertEnroll.dll
2011-05-13 08:31 . 2009-08-19 07:20 507568 ----a-w- c:\windows\system32\winload.exe
2011-05-13 08:31 . 2009-08-19 07:20 442920 ----a-w- c:\windows\system32\winresume.exe
2011-05-13 08:31 . 2010-08-04 06:17 417792 ----a-w- c:\windows\system32\msdri.dll
2011-05-13 08:31 . 2010-08-04 06:15 204288 ----a-w- c:\windows\system32\MSNP.ax
2011-05-13 08:31 . 2009-12-13 09:30 465408 ----a-w- c:\windows\system32\psisdecd.dll
2011-05-13 08:31 . 2009-12-11 07:44 133720 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2011-05-13 08:31 . 2009-12-11 07:38 1037312 ----a-w- c:\windows\system32\lsasrv.dll
2011-05-13 08:31 . 2011-03-03 03:31 2331136 ----a-w- c:\windows\system32\win32k.sys
2011-05-13 08:29 . 2010-11-02 04:35 1170944 ----a-w- c:\windows\system32\d3d10warp.dll
2011-05-13 08:23 . 2009-09-02 08:20 652 ----a-w- c:\windows\FIX.reg
2011-05-13 08:23 . 2008-11-01 11:23 280 ----a-w- c:\windows\reset.reg
2011-05-13 08:16 . 2010-11-02 04:46 728448 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-13 09:14 . 2011-05-13 09:14 203776 ----a-w- c:\windows\system32\webcheck.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"tcactive"="c:\program files\The Cleaner\tcap.exe" [2011-05-03 4993776]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"reset"="regedit" [X]
"LogitechCommunicationsManager"="c:\program files\Common Files\Logitech\LComMgr\Communications_Helper.exe" [2006-10-30 304664]
"LVCOMSX"="c:\program files\Common Files\Logitech\LComMgr\LVComSX.exe" [2006-11-28 244512]
"AcerOrbicamRibbon"="c:\program files\Acer\OrbiCam10\OrbiCam.exe" [2006-11-28 754712]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-23 815104]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 150552]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-01-07 253672]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-05-20 500208]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-15 932288]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-03-28 281768]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208]
R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2011-05-14 1343400]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-03-28 136360]
S3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series – ovladač adaptéru pro 32bitový systém Windows Vista;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - SSMDRV
.
Obsah adresáře 'Naplánované úlohy'
.
2011-05-30 c:\windows\Tasks\AutoKMS.job
- c:\windows\AutoKMS.exe [2011-05-20 19:22]
.
2011-05-30 c:\windows\Tasks\AutoKMSDaily.job
- c:\windows\AutoKMS.exe [2011-05-20 19:22]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.2.1
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
BHO-{259214EB-781C-344D-3101-65933DDB243B} - c:\windows\system32\inpuut.dll
HKCU-Run-conhost - c:\users\Moniška\AppData\Roaming\Microsoft\conhost.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{259214EB-781C-344D-3101-65933DDB243B}"=hex:51,66,7a,6c,4c,1d,38,12,85,17,81,
21,2e,36,23,71,4e,17,26,d3,38,85,60,2f
"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,
76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a
"{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,38,12,5b,ab,e0,
b0,13,40,37,0c,c5,34,01,f3,05,d0,46,eb
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,
2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:53,0d,45,49,cf,1e,cc,01
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\taskhost.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\conhost.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\conhost.exe
c:\windows\system32\sppsvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\DllHost.exe
.
**************************************************************************
.
Celkový čas: 2011-05-30 23:53:02 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-05-30 21:53
.
Před spuštěním: Volných bajtů: 30 706 339 840
Po spuštění: Volných bajtů: 31 947 124 736
.
- - End Of File - - 09AB8EA7ED562C71CE52FCC386C1CDD0

[johny-d]

teď jsem si uvědomil, že jsem ten combofix zapomněl pustit jako správce, mám ho pustit znovu? Ona má sice jen jeden účet, ale nevím zda to má vliv

[vyosek]

Ne neni treba...dejte mi chvli nez napisi dalsi postup...

[vyosek]

Pokud nemate, tak presunte Combofix na plochu

• Spustte poznamkovy blok (Start-spustit-notepad)
• Zkopirujte skript nize

• Kód: Vybrat vše

  KillAll::
  
  RegLock::
  [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
  [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
  [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
  [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
  
  File::
  c:\windows\AutoKMS.exe
  c:\windows\Tasks\AutoKMSDaily.job
  c:\windows\Tasks\AutoKMS.job
  c:\windows\FIX.reg
  c:\windows\reset.reg
  c:\windows\system32\pukzw.exe
  c:\windows\Kgymaa.exe
  c:\windows\system32\nqhjr.exe
  c:\programdata\regid.1986-12.com.adobe
  c:\windows\KMSEmulator.exe
  C:\Windows\AutoKMS.ini
  C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2173421848-1481650145-3515745033-1000Core.job
  C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2173421848-1481650145-3515745033-1000UA.job
  C:\Windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
  C:\Windows\tasks\{810401E2-DDE0-454e-B0E2-AA89C9E5967C}.job
  
  DirLook::
  C:\Windows\system32\2031
  
  Folder::
  c:\program files\The Cleaner
  c:\programdata\regid.1986-12.com.adobe
  C:\ProgramData\ESET
  C:\Users\Moniška\AppData\Roaming\ESET
  
  Registry::
  [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  "reset"=-
  "SunJavaUpdateSched"=-
  "AdobeAAMUpdater-1.0"=-
  "SwitchBoard"=-
  "AdobeCS5ServiceManager"=-
  "Adobe Reader Speed Launcher"=-
  "Adobe ARM"=-
  "conhost"=-
  "cftmon"=-
  [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
  "506E7F4A_0"=-
  "4ECYTQ9SIC"=-
  "conhost"=-
  "tcactive"=-
  [HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows]
  "load"=""
  
  Reboot::

• Ulozte vytvoreny TXT jako CFScript.txt
• Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
  
• Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte

Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci