VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

WIN7 - všechny exe aplikace spouštějí windows media center

https://forum.viry.cz:443/viewtopic.php?t=104616

Stránka 1 z 3

WIN7 - všechny exe aplikace spouštějí windows media center

Napsal: 13 zář 2010 22:30
od MARKY79
Zdravím,

veškeré exe aplikace i odkazy na ně změnily ikony na windows media center a spouštějí WMC. Ale veškeré programy lze spustit otevřením souboru, který jim náleží např. docx spustí word, ale exe spustí WMC...

Díky.

Logfile of random's system information tool 1.08 (written by random/random)
Run by MARKY at 2010-09-13 23:14:10
Microsoft Windows 7 Ultimate
System drive C: has 50 GB (21%) free of 238 GB
Total RAM: 3071 MB (75% free)


======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-243422384-3159141069-1851493392-1001Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-243422384-3159141069-1851493392-1001UA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10EDB994-47F8-43F7-AE96-F2EA63E9F90F}]
QuickStores-Toolbar - C:\Windows\system32\mscoree.dll [2009-11-25 297808]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-06-19 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype add-on for Internet Explorer - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-02-08 804136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - QuickStores-Toolbar - C:\Windows\system32\mscoree.dll [2009-11-25 297808]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
egui=C:\Program Files\ESET\ESET Smart Security\egui.exe [2009-05-14 2029640]
= []
SMSERIAL=C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe [2009-05-05 1466368]
IAAnotif=C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [2009-08-07 186904]
IaNvSrv=C:\Program Files\Intel\Intel Matrix Storage Manager\OROM\IaNvSrv\IaNvSrv.exe [2009-10-06 33304]
RtHDVCpl=C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [2010-02-08 8505888]
Adobe ARM=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-06-09 976832]
Malwarebytes Anti-Malware (reboot)=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2010-04-29 1090952]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
Malwarebytes' Anti-Malware=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2010-04-29 437584]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
LightScribe Control Panel=C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2008-06-09 2363392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
{B5A7F190-DDA6-4420-B3BA-52453494E6CD}=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
ConsentPromptBehaviorAdmin=5
ConsentPromptBehaviorUser=3
EnableUIADesktopToggle=0
dontdisplaylastusername=0
legalnoticecaption=
legalnoticetext=
shutdownwithoutlogon=1
undockwithoutlogon=1
EnableLUA=2

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2010-09-13 23:14:10 ----D---- C:\rsit
2010-09-13 23:14:10 ----D---- C:\Program Files\trend micro
2010-09-13 22:22:03 ----HD---- C:\Windows\PIF
2010-09-13 22:19:27 ----D---- C:\trojan logs
2010-09-13 21:53:17 ----A---- C:\Windows\system32\drivers\qjhjggoc.sys
2010-09-13 20:59:23 ----D---- C:\Users\MARKY\AppData\Roaming\Malwarebytes
2010-09-13 20:59:08 ----D---- C:\ProgramData\Malwarebytes
2010-09-13 20:59:08 ----A---- C:\Windows\system32\drivers\mbamswissarmy.sys
2010-09-13 20:59:08 ----A---- C:\Windows\system32\drivers\mbam.sys
2010-09-13 20:59:07 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-09-13 20:57:52 ----A---- C:\Windows\ntbtlog.txt
2010-09-13 18:43:08 ----SHD---- C:\Config.Msi
2010-08-31 17:07:45 ----D---- C:\ProgramData\Protexis
2010-08-31 17:03:35 ----D---- C:\Program Files\Microsoft SDKs
2010-08-31 17:03:33 ----D---- C:\Program Files\Microsoft Visual Studio 9.0
2010-08-29 16:53:54 ----A---- C:\Windows\Qtw.ini
2010-08-28 08:32:16 ----D---- C:\tmpDownload
2010-08-28 08:32:12 ----D---- C:\YouTubeGet
2010-08-26 15:40:20 ----A---- C:\Windows\system32\oleaut32.dll
2010-08-25 23:27:10 ----D---- C:\ProgramData\LightScribe
2010-08-25 23:26:57 ----D---- C:\Users\MARKY\AppData\Roaming\Nero
2010-08-25 22:51:46 ----D---- C:\Program Files\Nero
2010-08-25 22:51:34 ----D---- C:\ProgramData\Nero
2010-08-25 22:51:34 ----D---- C:\Program Files\Common Files\Nero
2010-08-25 22:51:21 ----D---- C:\Program Files\Common Files\LightScribe
2010-08-22 13:40:05 ----D---- C:\Program Files\PlayReady
2010-08-14 09:17:09 ----D---- C:\Program Files\PhotoZoom Pro 3

======List of files/folders modified in the last 1 months======

2010-09-13 23:14:10 ----RD---- C:\Program Files
2010-09-13 23:14:04 ----D---- C:\Windows\Temp
2010-09-13 22:22:03 ----D---- C:\Windows
2010-09-13 21:53:17 ----D---- C:\Windows\system32\drivers
2010-09-13 21:53:17 ----D---- C:\Windows\LiveKernelReports
2010-09-13 20:59:38 ----D---- C:\Windows\system32\catroot2
2010-09-13 20:59:08 ----HD---- C:\ProgramData
2010-09-13 20:56:25 ----D---- C:\Windows\system32\config
2010-09-13 20:51:48 ----D---- C:\totalcmd
2010-09-13 20:40:16 ----D---- C:\Program Files\123 DVD Converter
2010-09-13 18:43:19 ----SHD---- C:\Windows\Installer
2010-09-13 18:39:31 ----SD---- C:\Users\MARKY\AppData\Roaming\Microsoft
2010-09-13 18:15:37 ----HD---- C:\Windows\system32\GroupPolicy
2010-09-13 17:47:43 ----D---- C:\Windows\Prefetch
2010-09-13 17:47:42 ----D---- C:\Windows\Downloaded Program Files
2010-09-13 17:47:41 ----D---- C:\Program Files\ESET
2010-09-13 17:18:59 ----D---- C:\Pošta old
2010-09-13 17:18:59 ----D---- C:\Pošta
2010-09-13 07:35:02 ----SHD---- C:\System Volume Information
2010-09-12 16:24:02 ----D---- C:\Windows\System32
2010-09-12 16:24:02 ----D---- C:\Windows\inf
2010-09-12 16:24:02 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-09-12 15:57:40 ----D---- C:\Windows\system32\NDF
2010-09-12 07:00:15 ----D---- C:\Users\MARKY\AppData\Roaming\uTorrent
2010-09-09 20:41:58 ----D---- C:\Program Files\Common Files\Steam
2010-09-09 20:41:56 ----D---- C:\Program Files\Steam
2010-09-09 14:07:17 ----D---- C:\Windows\system32\Tasks
2010-09-07 22:39:04 ----D---- C:\Program Files\uTorrent
2010-09-06 07:07:39 ----D---- C:\Program Files\Microsoft Silverlight
2010-08-31 17:47:27 ----D---- C:\Windows\Microsoft.NET
2010-08-31 17:47:26 ----RSD---- C:\Windows\assembly
2010-08-31 17:20:18 ----D---- C:\Storm Fashion
2010-08-31 17:07:33 ----D---- C:\Users\MARKY\AppData\Roaming\Corel
2010-08-31 17:06:10 ----D---- C:\ProgramData\Microsoft Help
2010-08-31 17:04:53 ----SD---- C:\ProgramData\Microsoft
2010-08-31 17:03:55 ----D---- C:\Program Files\Common Files\microsoft shared
2010-08-31 17:02:47 ----RSD---- C:\Windows\Fonts
2010-08-31 17:02:38 ----D---- C:\ProgramData\Corel
2010-08-31 16:59:17 ----D---- C:\Windows\winsxs
2010-08-31 16:58:00 ----D---- C:\Program Files\Corel
2010-08-31 10:04:00 ----D---- C:\Users\MARKY\AppData\Roaming\Vso
2010-08-29 14:52:30 ----D---- C:\Windows\system32\FxsTmp
2010-08-29 11:38:44 ----D---- C:\Downloads
2010-08-29 08:41:57 ----D---- C:\Windows\Minidump
2010-08-29 08:41:35 ----AD---- C:\ProgramData\TEMP
2010-08-29 02:03:27 ----D---- C:\ProgramData\vsosdk
2010-08-28 07:28:43 ----D---- C:\Windows\system32\cs-CZ
2010-08-28 07:26:47 ----D---- C:\Windows\system32\en-US
2010-08-28 07:26:45 ----D---- C:\Program Files\Microsoft.NET
2010-08-27 08:42:58 ----D---- C:\Users\MARKY\AppData\Roaming\Skype
2010-08-27 08:33:41 ----D---- C:\Users\MARKY\AppData\Roaming\skypePM
2010-08-26 15:41:35 ----D---- C:\Windows\AppPatch
2010-08-26 15:40:12 ----D---- C:\Windows\system32\catroot
2010-08-25 22:51:34 ----D---- C:\Program Files\Common Files
2010-08-24 18:57:22 ----D---- C:\DÁDA
2010-08-24 10:27:47 ----D---- C:\Windows\debug
2010-08-14 12:37:32 ----D---- C:\Users\MARKY\AppData\Roaming\Canon

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 iaNvStor;Intel(R) Turbo Memory Controller; C:\Windows\system32\DRIVERS\iaNvStor.sys [2009-08-21 232472]
R0 iaStor;Intel AHCI Controller; C:\Windows\system32\DRIVERS\iaStor.sys [2009-08-07 330264]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2009-07-14 173648]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2009-07-14 387584]
R2 rimmptsk;rimmptsk; C:\Windows\system32\DRIVERS\rimmptsk.sys [2007-02-24 39936]
R2 rimsptsk;rimsptsk; C:\Windows\system32\DRIVERS\rimsptsk.sys [2007-01-23 42496]
R2 rismxdp;Ricoh xD-Picture Card Driver; C:\Windows\system32\DRIVERS\rixdptsk.sys [2007-03-21 37376]
R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet - adaptér; C:\Windows\system32\DRIVERS\l160x86.sys [2009-07-14 47104]
R3 Epfwndis;Eset Personal Firewall; C:\Windows\system32\DRIVERS\Epfwndis.sys [2009-05-14 33096]
R3 KMWDFILTERx86;HIDServiceDesc; C:\Windows\system32\DRIVERS\KMWDFILTER.sys [2009-04-29 25088]
R3 lgbusenum;LG Bluetooth Bus Enumerator; C:\Windows\system32\DRIVERS\lgbtbus.sys [2009-06-19 10496]
R3 MTsensor;ATK0100 ACPI UTILITY; C:\Windows\system32\DRIVERS\ATKACPI.sys [2007-07-31 7680]
R3 netw5v32;Ovladač adaptéru Intel(R) Wireless WiFi Link pro systém Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\netw5v32.sys [2009-09-15 6000640]
R3 TPM;Čip TPM; C:\Windows\system32\drivers\tpm.sys [2009-07-14 30720]
S0 ovnbv;ovnbv; C:\Windows\System32\drivers\qjhjggoc.sys [2010-09-13 54016]
S0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2010-02-27 691696]
S1 ASPI32;ASPI32; C:\Windows\system32\drivers\ASPI32.sys [2002-07-17 16877]
S1 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [2009-05-14 107256]
S2 eamon;eamon; C:\Windows\system32\DRIVERS\eamon.sys [2009-05-14 114472]
S2 epfw;epfw; C:\Windows\system32\DRIVERS\epfw.sys [2009-05-14 133000]
S2 epfwwfp;epfwwfp; C:\Windows\system32\DRIVERS\epfwwfp.sys [2009-05-14 38240]
S2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]
S3 amdagp;AMD AGP Bus Filter Driver; C:\Windows\system32\DRIVERS\amdagp.sys [2009-07-14 53312]
S3 ATSwpWDF;AuthenTec TruePrint USB WBF WDF Driver; C:\Windows\System32\Drivers\ATSwpWDF.sys [2009-12-03 625224]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-14 229888]
S3 BthEnum;Ovladač pro Bluetooth Request Block; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-07-14 34816]
S3 BthPan;Zařízení Bluetooth (síť PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 93696]
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2009-07-14 392704]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2009-07-14 58880]
S3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2010-02-08 3019232]
S3 LgBttPort;LGE Bluetooth TransPort; C:\Windows\system32\DRIVERS\lgbtport.sys [2009-06-19 12032]
S3 LGVMODEM;LGE Virtual Modem; C:\Windows\system32\DRIVERS\lgvmodem.sys [2009-06-19 12928]
S3 mod7700;DiBcom DIB7700 based TV tuner device; C:\Windows\System32\Drivers\dvb7700all.sys [2007-10-26 483840]
S3 MODEMCSA;Unimodem Streaming Filter Device; C:\Windows\system32\drivers\MODEMCSA.sys [2009-07-14 18432]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [2009-07-14 12368]
S3 pcouffin;VSO Software pcouffin; C:\Windows\System32\Drivers\pcouffin.sys [2010-02-28 47360]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2009-07-14 133120]
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 129536]
S3 s3cap;s3cap; C:\Windows\system32\DRIVERS\vms3cap.sys [2009-07-14 5632]
S3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2009-10-10 84992]
S3 sisagp;SIS AGP Bus Filter; C:\Windows\system32\DRIVERS\sisagp.sys [2009-07-14 52304]
S3 smserial;smserial; C:\Windows\system32\DRIVERS\smserial.sys [2009-05-05 1095808]
S3 storvsc;storvsc; C:\Windows\system32\DRIVERS\storvsc.sys [2009-07-14 28224]
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2009-07-14 35840]
S3 viaagp;VIA AGP Bus Filter; C:\Windows\system32\DRIVERS\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]
S3 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\DRIVERS\vmbus.sys [2009-07-14 175824]
S3 VMBusHID;VMBusHID; C:\Windows\system32\DRIVERS\VMBusHID.sys [2009-07-14 17920]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

S2 ASLDRService;ASLDR Service; C:\Program Files\ATK Hotkey\ASLDRSrv.exe [2007-02-05 94208]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S2 ekrn;ESET Service; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2009-05-14 731840]
S2 IAANTMON;Intel(R) Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe [2009-08-07 354840]
S2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2008-06-09 73728]
S2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe [2008-09-29 935208]
S2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2010-03-16 129640]
S2 PSI_SVC_2;Protexis Licensing V2; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [2009-07-24 189728]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe [2009-05-14 20680]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 65888]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe []
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2009-10-27 657408]
S3 Steam Client Service;Steam Client Service; C:\Program Files\Common Files\Steam\SteamService.exe [2010-08-28 407336]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 20992]

-----------------EOF-----------------

Re: WIN7 - všechny exe aplikace spouštějí windows media cent

Napsal: 14 zář 2010 10:32
od eda
Dobrý den,

stahnete si OTL: http://oldtimer.geekstogo.com/OTL.exe a ulozte na plochu.
Pokud mate WIN 7 Nebo Vista spustte program Jako spravce.
Otevrete a zaskrtnete nasledujici polozky:
-Pro vsechny uzivatele
-Kontrola na havet "LOP"
-Kontrola na havet "Purity"
-stáří souborů dejte na 7.

Do spodniho okna pod modry napis Vlastní skenování a opravy vlozte tento script:

Kód: Vybrat vše

netsvcs
drivers32
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s
c:\windows\*.* /U
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys
symmpi.sys
adp3132.sys
mv61xx.sys
nvraid.sys
ndis.sys
winlogon.exe
explorer.exe
userinit.exe
lsass.exe
svchost.exe
smss.exe
hal.dll
ws2_32.dll
tcpip.sys
cryptsvc.dll
Changer.sys
JakNDis.sys
isapnp.sys
cdrom.sys
/md5stop
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c
%systemroot%\system32\drivers\*.sys /3
%systemroot%\system32\*.* /3
CREATERESTOREPOINT
Kliknete na Prohledat. Probehne scan - kolem 5 minut a potom sem vlozte oba logy, ktere na Vas vybafnou.

Re: WIN7 - všechny exe aplikace spouštějí windows media cent

Napsal: 14 zář 2010 11:26
od MARKY79
Zdravím,

tak výstup byl jen jeden soubor a pak se mi otevřel WMC... Tak snad to bude stačit...

Díky...

OTL logfile created on: 14.9.2010 11:43:08 - Run 2
OTL by OldTimer - Version 3.2.12.0 Folder = C:\Users\MARKY\Desktop
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 71,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 89,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232,79 Gb Total Space | 48,45 Gb Free Space | 20,82% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MARKY-PC
Current User Name: MARKY
Logged in as Administrator.

Current Boot Mode: SafeMode with Networking
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 7 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010.09.13 22:21:50 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Users\MARKY\Desktop\OTL.com
PRC - [2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe


========== Modules (SafeList) ==========

MOD - [2010.09.13 22:21:50 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Users\MARKY\Desktop\OTL.com
MOD - [2009.07.14 03:16:15 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspicli.dll
MOD - [2009.07.14 03:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sechost.dll
MOD - [2009.07.14 03:16:13 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\samcli.dll
MOD - [2009.07.14 03:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\profapi.dll
MOD - [2009.07.14 03:16:03 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netutils.dll
MOD - [2009.07.14 03:15:35 | 000,288,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\KernelBase.dll
MOD - [2009.07.14 03:15:11 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devobj.dll
MOD - [2009.07.14 03:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptbase.dll
MOD - [2009.07.14 03:15:02 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll
MOD - [2009.07.14 03:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx
MOD - [2009.07.14 03:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe -- (NMIndexingService)
SRV - [2010.08.28 23:59:40 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.10.27 10:26:36 | 000,657,408 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2009.08.07 13:29:36 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2009.07.24 19:38:50 | 000,189,728 | ---- | M] (Protexis Inc.) [Auto | Stopped] -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2009.07.14 03:16:21 | 000,185,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wwansvc.dll -- (WwanSvc)
SRV - [2009.07.14 03:16:17 | 000,151,552 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\wbiosrvc.dll -- (WbioSrvc)
SRV - [2009.07.14 03:16:17 | 000,119,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpo.dll -- (Power)
SRV - [2009.07.14 03:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\themeservice.dll -- (Themes)
SRV - [2009.07.14 03:16:15 | 000,053,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sppuinotify.dll -- (sppuinotify)
SRV - [2009.07.14 03:16:13 | 000,043,520 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 03:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpsvc.dll -- (PNRPsvc) Protokol PNRP (Peer Name Resolution Protocol)
SRV - [2009.07.14 03:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpsvc.dll -- (p2pimsvc)
SRV - [2009.07.14 03:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\provsvc.dll -- (HomeGroupProvider)
SRV - [2009.07.14 03:16:12 | 000,020,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009.07.14 03:15:36 | 000,194,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\ListSvc.dll -- (HomeGroupListener)
SRV - [2009.07.14 03:15:21 | 000,797,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009.07.14 03:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)
SRV - [2009.07.14 03:15:10 | 000,218,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\defragsvc.dll -- (defragsvc)
SRV - [2009.07.14 03:14:59 | 000,076,800 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\bdesvc.dll -- (BDESVC)
SRV - [2009.07.14 03:14:58 | 000,088,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AxInstSv.dll -- (AxInstSV) Instalační program ovládacích prvků ActiveX (AxInstSV)
SRV - [2009.07.14 03:14:53 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appidsvc.dll -- (AppIDSvc)
SRV - [2009.07.14 03:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\sppsvc.exe -- (sppsvc)
SRV - [2009.06.10 23:14:05 | 000,128,848 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2009.05.14 15:54:22 | 000,020,680 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe -- (EhttpSrv)
SRV - [2009.05.14 15:47:54 | 000,731,840 | ---- | M] (ESET) [Auto | Stopped] -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe -- (ekrn)
SRV - [2008.09.29 05:09:20 | 000,935,208 | ---- | M] (Nero AG) [Auto | Stopped] -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2007.02.05 19:13:14 | 000,094,208 | ---- | M] () [Auto | Stopped] -- C:\Program Files\ATK Hotkey\ASLDRSrv.exe -- (ASLDRService)


========== Driver Services (SafeList) ==========

DRV - [2010.03.17 02:01:53 | 011,597,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2010.02.27 01:15:06 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Stopped] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010.02.08 19:17:58 | 003,019,232 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2009.12.11 09:44:02 | 000,133,720 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\ksecpkg.sys -- (KSecPkg)
DRV - [2009.12.03 17:48:44 | 000,625,224 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ATSwpWDF.sys -- (ATSwpWDF)
DRV - [2009.10.22 13:54:18 | 000,037,392 | ---- | M] (Kaspersky Lab) [Kernel | Boot | Stopped] -- C:\Windows\system32\DRIVERS\94921902.sys -- (94921902)
DRV - [2009.10.09 23:31:02 | 000,311,312 | ---- | M] (Kaspersky Lab) [File_System | System | Stopped] -- C:\Windows\System32\drivers\9492190.sys -- (setup_9.0.0.722_13.09.2010_12-24drv)
DRV - [2009.09.25 17:59:42 | 000,128,016 | ---- | M] (Kaspersky Lab) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\94921901.sys -- (94921901)
DRV - [2009.09.15 21:34:14 | 006,000,640 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (netw5v32) Ovladač adaptéru Intel(R)
DRV - [2009.08.21 21:59:22 | 000,232,472 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\iaNvStor.sys -- (iaNvStor) Intel(R)
DRV - [2009.08.07 13:17:26 | 000,330,264 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\iaStor.sys -- (iaStor)
DRV - [2009.07.14 03:26:21 | 000,015,952 | ---- | M] (CMD Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\cmdide.sys -- (cmdide)
DRV - [2009.07.14 03:26:17 | 000,297,552 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpahci.sys -- (adpahci)
DRV - [2009.07.14 03:26:15 | 000,422,976 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adp94xx.sys -- (adp94xx)
DRV - [2009.07.14 03:26:15 | 000,159,312 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsbs.sys -- (amdsbs)
DRV - [2009.07.14 03:26:15 | 000,146,512 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpu320.sys -- (adpu320)
DRV - [2009.07.14 03:26:15 | 000,086,608 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arcsas.sys -- (arcsas)
DRV - [2009.07.14 03:26:15 | 000,079,952 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsata.sys -- (amdsata)
DRV - [2009.07.14 03:26:15 | 000,076,368 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arc.sys -- (arc)
DRV - [2009.07.14 03:26:15 | 000,023,616 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\amdxata.sys -- (amdxata)
DRV - [2009.07.14 03:26:15 | 000,014,400 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\aliide.sys -- (aliide)
DRV - [2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvstor.sys -- (nvstor)
DRV - [2009.07.14 03:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvraid.sys -- (nvraid)
DRV - [2009.07.14 03:20:44 | 000,044,624 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nfrd960.sys -- (nfrd960)
DRV - [2009.07.14 03:20:37 | 000,089,168 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas.sys -- (LSI_SAS)
DRV - [2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iaStorV.sys -- (iaStorV)
DRV - [2009.07.14 03:20:36 | 000,235,584 | ---- | M] (LSI Corporation, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MegaSR.sys -- (MegaSR)
DRV - [2009.07.14 03:20:36 | 000,096,848 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2009.07.14 03:20:36 | 000,095,824 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_fc.sys -- (LSI_FC)
DRV - [2009.07.14 03:20:36 | 000,054,864 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas2.sys -- (LSI_SAS2)
DRV - [2009.07.14 03:20:36 | 000,041,040 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iirsp.sys -- (iirsp)
DRV - [2009.07.14 03:20:36 | 000,030,800 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\megasas.sys -- (megasas)
DRV - [2009.07.14 03:20:36 | 000,013,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hwpolicy.sys -- (hwpolicy)
DRV - [2009.07.14 03:20:28 | 000,453,712 | ---- | M] (Emulex) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\elxstor.sys -- (elxstor)
DRV - [2009.07.14 03:20:28 | 000,070,720 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\djsvs.sys -- (aic78xx)
DRV - [2009.07.14 03:20:28 | 000,067,152 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HpSAMD.sys -- (HpSAMD)
DRV - [2009.07.14 03:20:28 | 000,046,160 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\fsdepends.sys -- (FsDepends)
DRV - [2009.07.14 03:19:11 | 000,141,904 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vsmraid.sys -- (vsmraid)
DRV - [2009.07.14 03:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)
DRV - [2009.07.14 03:19:10 | 000,159,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vhdmp.sys -- (vhdmp)
DRV - [2009.07.14 03:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt)
DRV - [2009.07.14 03:19:10 | 000,032,832 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vdrvroot.sys -- (vdrvroot)
DRV - [2009.07.14 03:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\wimmount.sys -- (WIMMount)
DRV - [2009.07.14 03:19:10 | 000,016,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\viaide.sys -- (viaide)
DRV - [2009.07.14 03:19:04 | 001,383,488 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql2300.sys -- (ql2300)
DRV - [2009.07.14 03:19:04 | 000,173,648 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\rdyboost.sys -- (rdyboost)
DRV - [2009.07.14 03:19:04 | 000,106,064 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql40xx.sys -- (ql40xx)
DRV - [2009.07.14 03:19:04 | 000,077,888 | ---- | M] (Silicon Integrated Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\sisraid4.sys -- (SiSRaid4)
DRV - [2009.07.14 03:19:04 | 000,043,088 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\pcw.sys -- (pcw)
DRV - [2009.07.14 03:19:04 | 000,040,016 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\SiSRaid2.sys -- (SiSRaid2)
DRV - [2009.07.14 03:19:04 | 000,021,072 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\stexstor.sys -- (stexstor)
DRV - [2009.07.14 03:17:54 | 000,369,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\cng.sys -- (CNG)
DRV - [2009.07.14 02:57:25 | 000,272,128 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\Brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2009.07.14 02:02:41 | 000,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rdpbus.sys -- (rdpbus)
DRV - [2009.07.14 02:01:41 | 000,007,168 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\RDPREFMP.sys -- (RDPREFMP)
DRV - [2009.07.14 01:55:25 | 000,018,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MODEMCSA.sys -- (MODEMCSA)
DRV - [2009.07.14 01:55:00 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2)
DRV - [2009.07.14 01:53:51 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\wfplwf.sys -- (WfpLwf)
DRV - [2009.07.14 01:52:44 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ndiscap.sys -- (NdisCap)
DRV - [2009.07.14 01:52:02 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifibus.sys -- (vwifibus)
DRV - [2009.07.14 01:52:00 | 000,163,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\1394ohci.sys -- (1394ohci)
DRV - [2009.07.14 01:51:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\umpass.sys -- (UmPass)
DRV - [2009.07.14 01:51:08 | 000,004,096 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mshidkmdf.sys -- (mshidkmdf)
DRV - [2009.07.14 01:46:55 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MTConfig.sys -- (MTConfig)
DRV - [2009.07.14 01:45:26 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CompositeBus.sys -- (CompositeBus)
DRV - [2009.07.14 01:36:52 | 000,050,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\appid.sys -- (AppID)
DRV - [2009.07.14 01:33:50 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] -- C:\Windows\System32\drivers\scfilter.sys -- (scfilter)
DRV - [2009.07.14 01:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)
DRV - [2009.07.14 01:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)
DRV - [2009.07.14 01:24:05 | 000,032,256 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\discache.sys -- (discache)
DRV - [2009.07.14 01:19:21 | 000,021,504 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HidBatt.sys -- (HidBatt)
DRV - [2009.07.14 01:16:36 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\acpipmi.sys -- (AcpiPmi)
DRV - [2009.07.14 01:12:52 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tpm.sys -- (TPM)
DRV - [2009.07.14 01:11:04 | 000,052,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdppm.sys -- (AmdPPM)
DRV - [2009.07.14 00:54:14 | 000,026,624 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009.07.14 00:53:33 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbMdm.sys -- (BrUsbMdm)
DRV - [2009.07.14 00:53:33 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbSer.sys -- (BrUsbSer)
DRV - [2009.07.14 00:53:32 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrSerWdm.sys -- (BrSerWdm)
DRV - [2009.07.14 00:53:28 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltLo.sys -- (BrFiltLo)
DRV - [2009.07.14 00:53:28 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltUp.sys -- (BrFiltUp)
DRV - [2009.07.14 00:02:49 | 000,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)
DRV - [2009.07.14 00:02:48 | 003,100,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\evbdx.sys -- (ebdrv)
DRV - [2009.07.14 00:02:48 | 000,430,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\bxvbdx.sys -- (b06bdrv)
DRV - [2009.07.14 00:02:46 | 000,047,104 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\l160x86.sys -- (AtcL001)
DRV - [2009.06.19 13:59:10 | 000,012,928 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgvmodem.sys -- (LGVMODEM)
DRV - [2009.06.19 13:59:04 | 000,012,032 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgbtport.sys -- (LgBttPort)
DRV - [2009.06.19 13:59:02 | 000,010,496 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\lgbtbus.sys -- (lgbusenum)
DRV - [2009.05.14 16:49:32 | 000,038,240 | ---- | M] (ESET) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\epfwwfp.sys -- (epfwwfp)
DRV - [2009.05.14 16:49:26 | 000,033,096 | ---- | M] (ESET) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\epfwndis.sys -- (Epfwndis)
DRV - [2009.05.14 16:49:22 | 000,133,000 | ---- | M] (ESET) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\epfw.sys -- (epfw)
DRV - [2009.05.14 16:47:14 | 000,107,256 | ---- | M] (ESET) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2009.05.14 16:41:10 | 000,114,472 | ---- | M] (ESET) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\eamon.sys -- (eamon)
DRV - [2009.05.05 13:15:58 | 001,095,808 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\smserial.sys -- (smserial)
DRV - [2009.04.29 16:37:26 | 000,025,088 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\KMWDFILTER.sys -- (KMWDFILTERx86)
DRV - [2008.08.26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2007.10.26 00:05:58 | 000,483,840 | ---- | M] (DiBcom) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dvb7700all.sys -- (mod7700)
DRV - [2007.07.31 03:39:00 | 000,007,680 | ---- | M] (ATK0100) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ATKACPI.sys -- (MTsensor)
DRV - [2007.03.21 23:02:04 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007.02.24 15:42:22 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007.01.23 17:40:20 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2002.07.17 08:53:02 | 000,016,877 | ---- | M] (Adaptec) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\Aspi32.sys -- (ASPI32)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========







IE - HKU\S-1-5-21-243422384-3159141069-1851493392-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
IE - HKU\S-1-5-21-243422384-3159141069-1851493392-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A2 12 93 4C 18 B7 CA 01 [binary data]
IE - HKU\S-1-5-21-243422384-3159141069-1851493392-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2010.09.13 18:43:13 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [IaNvSrv] C:\Program Files\Intel\Intel Matrix Storage Manager\OROM\IaNvSrv\IaNvSrv.exe (Intel Corporation)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)
O4 - HKLM..\RunOnce: [GrpConv] C:\Windows\System32\grpconv.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: C:\Users\MARKY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\setup_9.0.0.722_13.09.2010_12-24.lnk = C:\Users\MARKY\Desktop\Virus Removal Tool\setup_9.0.0.722_13.09.2010_12-24\startup.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 2
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - c:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{e82879e0-232c-11df-b408-001fc6583f3a}\Shell - "" = AutoRun
O33 - MountPoints2\{e82879e0-232c-11df-b408-001fc6583f3a}\Shell\AutoRun\command - "" = G:\start.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
NetSvcs: Themes - C:\Windows\System32\themeservice.dll (Microsoft Corporation)
NetSvcs: BDESVC - C:\Windows\System32\bdesvc.dll (Microsoft Corporation)

Drivers32: msacm.ac3filter - C:\Windows\System32\ac3filter.acm ()
Drivers32: msacm.avis - C:\Windows\System32\ff_acm.acm ()
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FFDS - C:\Windows\System32\ff_vfw.dll ()
Drivers32: vidc.XVID - C:\Windows\System32\xvidvfw.dll ()
Drivers32: wave1 - C:\Windows\System32\serwvdrv.dll (Microsoft Corporation)

========== Files/Folders - Created Within 7 Days ==========

[2010.09.14 07:20:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2010.09.14 07:20:27 | 000,311,312 | ---- | C] (Kaspersky Lab) -- C:\Windows\System32\drivers\9492190.sys
[2010.09.14 07:20:27 | 000,128,016 | ---- | C] (Kaspersky Lab) -- C:\Windows\System32\drivers\94921901.sys
[2010.09.14 07:20:27 | 000,037,392 | ---- | C] (Kaspersky Lab) -- C:\Windows\System32\drivers\94921902.sys
[2010.09.14 07:20:27 | 000,000,000 | ---D | C] -- C:\Users\MARKY\Desktop\Virus Removal Tool
[2010.09.14 01:19:58 | 075,245,600 | ---- | C] ( ) -- C:\Users\MARKY\Desktop\setup_9.0.0.722_13.09.2010_12-24.com
[2010.09.13 23:14:10 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2010.09.13 23:14:10 | 000,000,000 | ---D | C] -- C:\rsit
[2010.09.13 22:22:03 | 000,000,000 | -H-D | C] -- C:\Windows\PIF
[2010.09.13 22:21:42 | 000,576,000 | ---- | C] (OldTimer Tools) -- C:\Users\MARKY\Desktop\OTL.com
[2010.09.13 22:19:27 | 000,000,000 | ---D | C] -- C:\trojan logs
[2010.09.13 22:09:39 | 000,576,000 | ---- | C] (OldTimer Tools) -- C:\Users\MARKY\Desktop\OTL.exe
[2010.09.13 20:59:23 | 000,000,000 | ---D | C] -- C:\Users\MARKY\AppData\Roaming\Malwarebytes
[2010.09.13 20:59:08 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.09.13 20:59:08 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.09.13 20:59:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.09.13 20:59:07 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010.09.13 19:55:38 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\MARKY\Desktop\mbam-setup-1.46.exe
[2010.09.13 19:50:10 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\MARKY\Desktop\mbam-setup.com
[2010.09.13 18:43:08 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010.09.11 19:14:34 | 000,000,000 | ---D | C] -- C:\Users\MARKY\Desktop\AUKRO
[2010.05.16 21:32:34 | 000,099,840 | ---- | C] ( ) -- C:\Windows\ZIPDLL.DLL
[2010.02.28 12:47:36 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\MARKY\AppData\Roaming\pcouffin.sys
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 7 Days ==========

[2010.09.14 11:43:10 | 003,145,728 | -HS- | M] () -- C:\Users\MARKY\NTUSER.DAT
[2010.09.14 07:21:35 | 001,495,982 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.09.14 07:21:35 | 000,634,546 | ---- | M] () -- C:\Windows\System32\perfh005.dat
[2010.09.14 07:21:35 | 000,618,912 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.09.14 07:21:35 | 000,123,104 | ---- | M] () -- C:\Windows\System32\perfc005.dat
[2010.09.14 07:21:35 | 000,107,232 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.09.14 07:20:53 | 000,002,205 | ---- | M] () -- C:\Users\MARKY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\setup_9.0.0.722_13.09.2010_12-24.lnk
[2010.09.14 01:19:59 | 075,245,600 | ---- | M] ( ) -- C:\Users\MARKY\Desktop\setup_9.0.0.722_13.09.2010_12-24.com
[2010.09.13 23:13:43 | 000,339,991 | ---- | M] () -- C:\Users\MARKY\Desktop\RSIT.com
[2010.09.13 22:21:50 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Users\MARKY\Desktop\OTL.com
[2010.09.13 22:09:43 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Users\MARKY\Desktop\OTL.exe
[2010.09.13 21:53:17 | 000,054,016 | ---- | M] () -- C:\Windows\System32\drivers\qjhjggoc.sys
[2010.09.13 20:59:11 | 000,000,979 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.09.13 20:58:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.09.13 20:57:51 | 2415,321,088 | -HS- | M] () -- C:\hiberfil.sys
[2010.09.13 20:56:21 | 010,125,466 | -H-- | M] () -- C:\Users\MARKY\AppData\Local\IconCache.db
[2010.09.13 20:40:00 | 000,000,962 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-243422384-3159141069-1851493392-1001UA.job
[2010.09.13 19:55:46 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\MARKY\Desktop\mbam-setup-1.46.exe
[2010.09.13 19:50:18 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\MARKY\Desktop\mbam-setup.com
[2010.09.13 18:50:21 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010.09.13 18:50:21 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010.09.13 18:45:19 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.09.12 00:01:03 | 000,847,913 | ---- | M] () -- C:\Users\MARKY\Desktop\Hrádek-pohádka.jpg
[2010.09.11 23:30:25 | 000,003,088 | -HS- | M] () -- C:\ProgramData\KGyGaAvL.sys
[2010.09.11 22:40:00 | 000,000,910 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-243422384-3159141069-1851493392-1001Core.job
[2010.09.09 16:27:29 | 001,412,766 | ---- | M] () -- C:\Users\MARKY\Desktop\pozvánka_Praha_Jaro-léto 2011.pdf
[2010.09.09 16:26:39 | 000,053,041 | ---- | M] () -- C:\Users\MARKY\Desktop\pozvánka SS2011.cdr
[2010.09.09 08:09:46 | 002,265,713 | ---- | M] () -- C:\Users\MARKY\Desktop\dáda_plocha.jpg
[2010.09.09 07:55:28 | 001,154,836 | ---- | M] () -- C:\Users\MARKY\Desktop\dáda_diplom.jpg
[2010.09.08 22:34:41 | 004,940,013 | ---- | M] () -- C:\Users\MARKY\Desktop\PRODUCT10-11AW.pdf
[2010.09.08 21:59:50 | 000,053,895 | ---- | M] () -- C:\Users\MARKY\Desktop\Záloha_pozvánka SS2011.cdr
[2010.09.08 21:20:33 | 004,150,264 | ---- | M] () -- C:\Users\MARKY\Desktop\cross AW.pdf
[2010.09.08 17:17:47 | 000,092,366 | ---- | M] () -- C:\Users\MARKY\Desktop\Pozvánka SS2011.pdf
[2010.09.07 17:02:05 | 000,029,184 | ---- | M] () -- C:\Users\MARKY\Desktop\Poukaz_k_pobytu_Stillerova_19.7.-16.7.11.doc
[2010.09.07 16:54:08 | 000,182,313 | ---- | M] () -- C:\Users\MARKY\Desktop\složenka_dovolená_záloha_0001.pdf
[2010.09.07 16:53:31 | 000,626,190 | ---- | M] () -- C:\Users\MARKY\Desktop\složenka_dovolená_záloha.jpg
[2010.09.07 14:43:49 | 000,063,488 | ---- | M] () -- C:\Users\MARKY\Desktop\Kopie - Adresy obchodů.xls
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010.09.14 07:20:53 | 000,002,205 | ---- | C] () -- C:\Users\MARKY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\setup_9.0.0.722_13.09.2010_12-24.lnk
[2010.09.13 23:13:38 | 000,339,991 | ---- | C] () -- C:\Users\MARKY\Desktop\RSIT.com
[2010.09.13 21:53:17 | 000,054,016 | ---- | C] () -- C:\Windows\System32\drivers\qjhjggoc.sys
[2010.09.13 20:59:11 | 000,000,979 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.09.12 00:01:02 | 000,847,913 | ---- | C] () -- C:\Users\MARKY\Desktop\Hrádek-pohádka.jpg
[2010.09.09 08:09:37 | 002,265,713 | ---- | C] () -- C:\Users\MARKY\Desktop\dáda_plocha.jpg
[2010.09.09 07:55:28 | 001,154,836 | ---- | C] () -- C:\Users\MARKY\Desktop\dáda_diplom.jpg
[2010.09.08 22:33:17 | 004,940,013 | ---- | C] () -- C:\Users\MARKY\Desktop\PRODUCT10-11AW.pdf
[2010.09.08 22:00:19 | 001,412,766 | ---- | C] () -- C:\Users\MARKY\Desktop\pozvánka_Praha_Jaro-léto 2011.pdf
[2010.09.08 21:53:27 | 000,053,895 | ---- | C] () -- C:\Users\MARKY\Desktop\Záloha_pozvánka SS2011.cdr
[2010.09.08 21:38:15 | 000,053,041 | ---- | C] () -- C:\Users\MARKY\Desktop\pozvánka SS2011.cdr
[2010.09.08 21:20:33 | 004,150,264 | ---- | C] () -- C:\Users\MARKY\Desktop\cross AW.pdf
[2010.09.08 17:17:47 | 000,092,366 | ---- | C] () -- C:\Users\MARKY\Desktop\Pozvánka SS2011.pdf
[2010.09.07 17:02:03 | 000,029,184 | ---- | C] () -- C:\Users\MARKY\Desktop\Poukaz_k_pobytu_Stillerova_19.7.-16.7.11.doc
[2010.09.07 16:54:08 | 000,182,313 | ---- | C] () -- C:\Users\MARKY\Desktop\složenka_dovolená_záloha_0001.pdf
[2010.09.07 16:53:31 | 000,626,190 | ---- | C] () -- C:\Users\MARKY\Desktop\složenka_dovolená_záloha.jpg
[2010.09.07 14:43:49 | 000,063,488 | ---- | C] () -- C:\Users\MARKY\Desktop\Kopie - Adresy obchodů.xls
[2010.08.29 16:53:54 | 000,000,037 | ---- | C] () -- C:\Windows\Qtw.ini
[2010.08.26 09:12:14 | 000,000,167 | ---- | C] () -- C:\Users\MARKY\AppData\Roaming\default.rss
[2010.08.23 07:31:28 | 000,004,096 | -H-- | C] () -- C:\Users\MARKY\AppData\Local\keyfile3.drm
[2010.08.13 18:18:18 | 000,000,478 | ---- | C] () -- C:\Windows\ESIDATA.ini
[2010.08.05 08:43:46 | 000,000,092 | ---- | C] () -- C:\Windows\SILCOM_P.INI
[2010.06.21 18:03:45 | 000,000,017 | ---- | C] () -- C:\Users\MARKY\AppData\Local\resmon.resmoncfg
[2010.05.29 11:02:50 | 000,001,176 | ---- | C] () -- C:\Users\MARKY\AppData\Roaming\vso_ts_preview.xml
[2010.04.08 11:44:13 | 000,000,480 | ---- | C] () -- C:\ProgramData\Místní disk (C) – zástupce.lnk
[2010.03.04 12:17:43 | 000,012,800 | ---- | C] () -- C:\Users\MARKY\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.02.28 12:48:04 | 000,000,034 | ---- | C] () -- C:\Users\MARKY\AppData\Roaming\pcouffin.log
[2010.02.28 12:47:36 | 000,087,608 | ---- | C] () -- C:\Users\MARKY\AppData\Roaming\inst.exe
[2010.02.28 12:47:36 | 000,007,887 | ---- | C] () -- C:\Users\MARKY\AppData\Roaming\pcouffin.cat
[2010.02.28 12:47:36 | 000,001,144 | ---- | C] () -- C:\Users\MARKY\AppData\Roaming\pcouffin.inf
[2010.02.27 01:04:56 | 000,000,088 | RHS- | C] () -- C:\ProgramData\895007BE8D.sys
[2010.02.27 01:04:55 | 000,003,088 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2010.02.27 00:37:53 | 000,003,972 | ---- | C] () -- C:\Windows\System32\drivers\PciBus.sys
[2010.02.26 23:07:26 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.02.07 05:13:58 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2009.12.02 20:39:02 | 020,317,504 | ---- | C] () -- C:\Windows\System32\TrueSuiteCoInst02020000.dll
[2009.07.14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009.06.07 16:24:04 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009.06.07 16:16:12 | 000,819,200 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2009.01.28 20:50:44 | 000,153,088 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2007.02.05 20:05:26 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI
[2005.05.06 20:06:00 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll

Re: WIN7 - všechny exe aplikace spouštějí windows media cent

Napsal: 14 zář 2010 11:28
od MARKY79
a zbytek...


========== LOP Check ==========

[2010.06.11 22:45:43 | 000,000,000 | ---D | M] -- C:\Users\MARKY\AppData\Roaming\AVI ReComp
[2010.08.14 12:37:32 | 000,000,000 | ---D | M] -- C:\Users\MARKY\AppData\Roaming\Canon
[2010.02.27 01:19:59 | 000,000,000 | ---D | M] -- C:\Users\MARKY\AppData\Roaming\DAEMON Tools Lite
[2010.06.03 21:09:22 | 000,000,000 | ---D | M] -- C:\Users\MARKY\AppData\Roaming\DNA
[2010.02.26 19:56:09 | 000,000,000 | ---D | M] -- C:\Users\MARKY\AppData\Roaming\ESET
[2010.02.27 10:55:37 | 000,000,000 | ---D | M] -- C:\Users\MARKY\AppData\Roaming\GHISLER
[2010.05.04 08:24:21 | 000,000,000 | ---D | M] -- C:\Users\MARKY\AppData\Roaming\Happy Foto
[2010.02.27 10:02:53 | 000,000,000 | ---D | M] -- C:\Users\MARKY\AppData\Roaming\IrfanView
[2010.03.14 09:49:33 | 000,000,000 | ---D | M] -- C:\Users\MARKY\AppData\Roaming\Kastner software
[2009.12.01 23:18:24 | 000,000,000 | ---D | M] -- C:\Users\MARKY\AppData\Roaming\LG Electronics
[2009.12.01 23:06:39 | 000,000,000 | ---D | M] -- C:\Users\MARKY\AppData\Roaming\MOBILedit
[2010.03.07 14:59:55 | 000,000,000 | ---D | M] -- C:\Users\MARKY\AppData\Roaming\mojosoft
[2010.03.25 09:08:57 | 000,000,000 | ---D | M] -- C:\Users\MARKY\AppData\Roaming\Nokia
[2010.07.18 16:28:57 | 000,000,000 | ---D | M] -- C:\Users\MARKY\AppData\Roaming\PC Suite
[2010.04.14 06:55:09 | 000,000,000 | ---D | M] -- C:\Users\MARKY\AppData\Roaming\Photo DVD Maker
[2010.04.05 21:13:04 | 000,000,000 | ---D | M] -- C:\Users\MARKY\AppData\Roaming\QuickStoresToolbar
[2010.02.27 10:13:57 | 000,000,000 | ---D | M] -- C:\Users\MARKY\AppData\Roaming\TuneUp Software
[2010.03.25 08:06:07 | 000,000,000 | ---D | M] -- C:\Users\MARKY\AppData\Roaming\URSoft
[2010.09.12 07:00:15 | 000,000,000 | ---D | M] -- C:\Users\MARKY\AppData\Roaming\uTorrent
[2010.08.31 10:04:00 | 000,000,000 | ---D | M] -- C:\Users\MARKY\AppData\Roaming\Vso
[2010.02.27 11:00:35 | 000,000,000 | ---D | M] -- C:\Users\MARKY\AppData\Roaming\Win7codecs
[2010.03.19 21:29:28 | 000,000,000 | ---D | M] -- C:\Users\MARKY\AppData\Roaming\Youtube Downloader HD
[2009.12.01 23:18:24 | 000,000,000 | -H-D | M] -- C:\Users\MARKY\AppData\Roaming\{D94BA408-F110-488B-A65E-3AE7945F79E6}
[2010.07.17 11:39:03 | 000,032,560 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
LightScribe Control Panel = C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden -- [2008.06.09 10:16:32 | 002,363,392 | ---- | M] (Hewlett-Packard Company)

< c:\windows\*.* /U >
[2 c:\windows\*.tmp files -> c:\windows\*.tmp -> ]

< %SYSTEMDRIVE%\*.exe >

< %ALLUSERSPROFILE%\Application Data\*. >

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

< %APPDATA%\*. >
[2010.03.02 21:14:45 | 000,000,000 | ---D | M] -- C:\Users\MARKY\AppData\Roaming\Adobe
[2010.03.01 16:25:47 | 000,000,000 | ---D | M] -- C:\Users\MARKY\AppData\Roaming\Ahead
[2010.06.11 22:45:43 | 000,000,000 | ---D | M] -- C:\Users\MARKY\AppData\Roaming\AVI ReComp
[2010.08.14 12:37:32 | 000,000,000 | ---D | M] -- C:\Users\MARKY\AppData\Roaming\Canon
[2010.08.31 17:07:33 | 000,000,000 | ---D | M] -- C:\Users\MARKY\AppData\Roaming\Corel
[2010.02.27 01:19:59 | 000,000,000 | ---D | M] -- C:\Users\MARKY\AppData\Roaming\DAEMON Tools Lite
[2010.06.03 21:09:22 | 000,000,000 | ---D | M] -- C:\Users\MARKY\AppData\Roaming\DNA
[2010.02.26 19:56:09 | 000,000,000 | ---D | M] -- C:\Users\MARKY\AppData\Roaming\ESET
[2010.02.27 10:07:26 | 000,000,000 | ---D | M] -- C:\Users\MARKY\AppData\Roaming\FastStone
[2010.02.27 10:55:37 | 000,000,000 | ---D | M] -- C:\Users\MARKY\AppData\Roaming\GHISLER
[2010.05.04 08:24:21 | 000,000,000 | ---D | M] -- C:\Users\MARKY\AppData\Roaming\Happy Foto
[2010.02.26 19:43:08 | 000,000,000 | ---D | M] -- C:\Users\MARKY\AppData\Roaming\Identities
[2010.02.26 23:26:29 | 000,000,000 | ---D | M] -- C:\Users\MARKY\AppData\Roaming\InstallShield
[2010.02.27 10:02:53 | 000,000,000 | ---D | M] -- C:\Users\MARKY\AppData\Roaming\IrfanView
[2010.03.14 09:49:33 | 000,000,000 | ---D | M] -- C:\Users\MARKY\AppData\Roaming\Kastner software
[2009.12.01 23:18:24 | 000,000,000 | ---D | M] -- C:\Users\MARKY\AppData\Roaming\LG Electronics
[2010.02.26 21:53:56 | 000,000,000 | ---D | M] -- C:\Users\MARKY\AppData\Roaming\Macromedia
[2010.09.13 20:59:23 | 000,000,000 | ---D | M] -- C:\Users\MARKY\AppData\Roaming\Malwarebytes
[2009.07.14 11:20:06 | 000,000,000 | ---D | M] -- C:\Users\MARKY\AppData\Roaming\Media Center Programs
[2010.09.13 18:39:31 | 000,000,000 | --SD | M] -- C:\Users\MARKY\AppData\Roaming\Microsoft
[2009.12.01 23:06:39 | 000,000,000 | ---D | M] -- C:\Users\MARKY\AppData\Roaming\MOBILedit
[2010.03.07 14:59:55 | 000,000,000 | ---D | M] -- C:\Users\MARKY\AppData\Roaming\mojosoft
[2010.09.01 19:50:33 | 000,000,000 | ---D | M] -- C:\Users\MARKY\AppData\Roaming\Nero
[2010.03.25 09:08:57 | 000,000,000 | ---D | M] -- C:\Users\MARKY\AppData\Roaming\Nokia
[2010.06.02 20:41:47 | 000,000,000 | ---D | M] -- C:\Users\MARKY\AppData\Roaming\NVIDIA
[2010.07.18 16:28:57 | 000,000,000 | ---D | M] -- C:\Users\MARKY\AppData\Roaming\PC Suite
[2010.04.14 06:55:09 | 000,000,000 | ---D | M] -- C:\Users\MARKY\AppData\Roaming\Photo DVD Maker
[2010.04.05 21:13:04 | 000,000,000 | ---D | M] -- C:\Users\MARKY\AppData\Roaming\QuickStoresToolbar
[2010.03.04 21:48:35 | 000,000,000 | ---D | M] -- C:\Users\MARKY\AppData\Roaming\Real
[2010.03.04 22:43:05 | 000,000,000 | RH-D | M] -- C:\Users\MARKY\AppData\Roaming\SecuROM
[2010.08.27 08:42:58 | 000,000,000 | ---D | M] -- C:\Users\MARKY\AppData\Roaming\Skype
[2010.08.27 08:33:41 | 000,000,000 | ---D | M] -- C:\Users\MARKY\AppData\Roaming\skypePM
[2010.02.27 10:13:57 | 000,000,000 | ---D | M] -- C:\Users\MARKY\AppData\Roaming\TuneUp Software
[2010.03.25 08:06:07 | 000,000,000 | ---D | M] -- C:\Users\MARKY\AppData\Roaming\URSoft
[2010.09.12 07:00:15 | 000,000,000 | ---D | M] -- C:\Users\MARKY\AppData\Roaming\uTorrent
[2010.08.31 10:04:00 | 000,000,000 | ---D | M] -- C:\Users\MARKY\AppData\Roaming\Vso
[2010.02.27 11:00:35 | 000,000,000 | ---D | M] -- C:\Users\MARKY\AppData\Roaming\Win7codecs
[2010.02.28 13:58:27 | 000,000,000 | ---D | M] -- C:\Users\MARKY\AppData\Roaming\WinRAR
[2010.03.19 21:29:28 | 000,000,000 | ---D | M] -- C:\Users\MARKY\AppData\Roaming\Youtube Downloader HD
[2009.12.01 23:18:24 | 000,000,000 | -H-D | M] -- C:\Users\MARKY\AppData\Roaming\{D94BA408-F110-488B-A65E-3AE7945F79E6}

< %APPDATA%\*.exe /s >
[2010.05.29 11:02:24 | 000,087,608 | ---- | M] () -- C:\Users\MARKY\AppData\Roaming\inst.exe
[2009.12.17 12:46:22 | 024,701,952 | ---- | M] (KASTNER software s.r.o.) -- C:\Users\MARKY\AppData\Roaming\Kastner software\Form Studio\Backup\Prgs\FORMasistent.exe
[2009.12.17 12:44:14 | 033,053,696 | ---- | M] (KASTNER software s.r.o.) -- C:\Users\MARKY\AppData\Roaming\Kastner software\Form Studio\Backup\Prgs\FORMstudio.exe
[2009.12.16 15:06:30 | 003,479,040 | ---- | M] (KASTNER software s.r.o.) -- C:\Users\MARKY\AppData\Roaming\Kastner software\Form Studio\Backup\Prgs\FSUpdate.exe
[2010.03.14 09:41:19 | 001,188,437 | ---- | M] () -- C:\Users\MARKY\AppData\Roaming\Kastner software\Form Studio\Backup\Prgs\unins000.exe
[2009.11.06 11:17:52 | 003,965,440 | ---- | M] (Kastner software s.r.o.) -- C:\Users\MARKY\AppData\Roaming\Kastner software\Form Studio\Backup\Prgs\Upgrade.exe
[2010.03.01 19:27:15 | 000,038,784 | ---- | M] () -- C:\Users\MARKY\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
[2010.06.02 22:31:20 | 000,015,086 | R--- | M] () -- C:\Users\MARKY\AppData\Roaming\Microsoft\Installer\{EA027ED9-3A1E-426C-A8F1-D29B69C8E207}\ClickCleaner.exe
[2010.06.02 22:31:20 | 000,017,542 | R--- | M] () -- C:\Users\MARKY\AppData\Roaming\Microsoft\Installer\{EA027ED9-3A1E-426C-A8F1-D29B69C8E207}\ContextMenuManager.exe
[2010.06.02 22:31:20 | 000,017,542 | R--- | M] () -- C:\Users\MARKY\AppData\Roaming\Microsoft\Installer\{EA027ED9-3A1E-426C-A8F1-D29B69C8E207}\DesktopCleaner.exe
[2010.06.02 22:31:20 | 000,015,086 | R--- | M] () -- C:\Users\MARKY\AppData\Roaming\Microsoft\Installer\{EA027ED9-3A1E-426C-A8F1-D29B69C8E207}\DiskAnalyzer.exe
[2010.06.02 22:31:20 | 000,015,086 | R--- | M] () -- C:\Users\MARKY\AppData\Roaming\Microsoft\Installer\{EA027ED9-3A1E-426C-A8F1-D29B69C8E207}\DuplicateFilesFinder.exe
[2010.06.02 22:31:20 | 000,015,086 | R--- | M] () -- C:\Users\MARKY\AppData\Roaming\Microsoft\Installer\{EA027ED9-3A1E-426C-A8F1-D29B69C8E207}\FileSecurity.exe
[2010.06.02 22:31:20 | 000,015,086 | R--- | M] () -- C:\Users\MARKY\AppData\Roaming\Microsoft\Installer\{EA027ED9-3A1E-426C-A8F1-D29B69C8E207}\FileSplitter.exe
[2010.06.02 22:31:20 | 000,017,542 | R--- | M] () -- C:\Users\MARKY\AppData\Roaming\Microsoft\Installer\{EA027ED9-3A1E-426C-A8F1-D29B69C8E207}\FreeMemory.exe
[2010.06.02 22:31:20 | 000,015,086 | R--- | M] () -- C:\Users\MARKY\AppData\Roaming\Microsoft\Installer\{EA027ED9-3A1E-426C-A8F1-D29B69C8E207}\IEManager.exe
[2010.06.02 22:31:20 | 000,017,542 | R--- | M] () -- C:\Users\MARKY\AppData\Roaming\Microsoft\Installer\{EA027ED9-3A1E-426C-A8F1-D29B69C8E207}\IPSwitcher.exe
[2010.06.02 22:31:20 | 000,017,542 | R--- | M] () -- C:\Users\MARKY\AppData\Roaming\Microsoft\Installer\{EA027ED9-3A1E-426C-A8F1-D29B69C8E207}\JumpListQuickLauncher.exe
[2010.06.02 22:31:20 | 000,015,086 | R--- | M] () -- C:\Users\MARKY\AppData\Roaming\Microsoft\Installer\{EA027ED9-3A1E-426C-A8F1-D29B69C8E207}\JunkFileCleaner.exe
[2010.06.02 22:31:20 | 000,005,430 | R--- | M] () -- C:\Users\MARKY\AppData\Roaming\Microsoft\Installer\{EA027ED9-3A1E-426C-A8F1-D29B69C8E207}\LiveUpdate.exe
[2010.06.02 22:31:20 | 000,013,262 | R--- | M] () -- C:\Users\MARKY\AppData\Roaming\Microsoft\Installer\{EA027ED9-3A1E-426C-A8F1-D29B69C8E207}\OptimizationWizard.exe
[2010.06.02 22:31:20 | 000,015,086 | R--- | M] () -- C:\Users\MARKY\AppData\Roaming\Microsoft\Installer\{EA027ED9-3A1E-426C-A8F1-D29B69C8E207}\PrivacyProtector.exe
[2010.06.02 22:31:20 | 000,015,086 | R--- | M] () -- C:\Users\MARKY\AppData\Roaming\Microsoft\Installer\{EA027ED9-3A1E-426C-A8F1-D29B69C8E207}\ProcessManager.exe
[2010.06.02 22:31:20 | 000,015,086 | R--- | M] () -- C:\Users\MARKY\AppData\Roaming\Microsoft\Installer\{EA027ED9-3A1E-426C-A8F1-D29B69C8E207}\RegistryCleaner.exe
[2010.06.02 22:31:20 | 000,015,086 | R--- | M] () -- C:\Users\MARKY\AppData\Roaming\Microsoft\Installer\{EA027ED9-3A1E-426C-A8F1-D29B69C8E207}\RegistryDefrag.exe
[2010.06.02 22:31:20 | 000,015,086 | R--- | M] () -- C:\Users\MARKY\AppData\Roaming\Microsoft\Installer\{EA027ED9-3A1E-426C-A8F1-D29B69C8E207}\RepairCenter.exe
[2010.06.02 22:31:20 | 000,015,086 | R--- | M] () -- C:\Users\MARKY\AppData\Roaming\Microsoft\Installer\{EA027ED9-3A1E-426C-A8F1-D29B69C8E207}\RunShortcutCreator.exe
[2010.06.02 22:31:20 | 000,015,086 | R--- | M] () -- C:\Users\MARKY\AppData\Roaming\Microsoft\Installer\{EA027ED9-3A1E-426C-A8F1-D29B69C8E207}\ServiceManager.exe
[2010.06.02 22:31:20 | 000,017,542 | R--- | M] () -- C:\Users\MARKY\AppData\Roaming\Microsoft\Installer\{EA027ED9-3A1E-426C-A8F1-D29B69C8E207}\SmartUninstaller.exe
[2010.06.02 22:31:20 | 000,015,086 | R--- | M] () -- C:\Users\MARKY\AppData\Roaming\Microsoft\Installer\{EA027ED9-3A1E-426C-A8F1-D29B69C8E207}\StartupManager.exe
[2010.06.02 22:31:20 | 000,082,726 | R--- | M] () -- C:\Users\MARKY\AppData\Roaming\Microsoft\Installer\{EA027ED9-3A1E-426C-A8F1-D29B69C8E207}\SuperCopy.exe
[2010.06.02 22:31:20 | 000,014,534 | R--- | M] () -- C:\Users\MARKY\AppData\Roaming\Microsoft\Installer\{EA027ED9-3A1E-426C-A8F1-D29B69C8E207}\SystemFolder_msiexec.exe
[2010.06.02 22:31:20 | 000,007,886 | R--- | M] () -- C:\Users\MARKY\AppData\Roaming\Microsoft\Installer\{EA027ED9-3A1E-426C-A8F1-D29B69C8E207}\SystemInfo.exe
[2010.06.02 22:31:20 | 000,017,542 | R--- | M] () -- C:\Users\MARKY\AppData\Roaming\Microsoft\Installer\{EA027ED9-3A1E-426C-A8F1-D29B69C8E207}\TaskSchedulerManager.exe
[2010.06.02 22:31:20 | 000,017,542 | R--- | M] () -- C:\Users\MARKY\AppData\Roaming\Microsoft\Installer\{EA027ED9-3A1E-426C-A8F1-D29B69C8E207}\VisualCustomizer.exe
[2010.06.02 22:31:20 | 000,092,560 | R--- | M] () -- C:\Users\MARKY\AppData\Roaming\Microsoft\Installer\{EA027ED9-3A1E-426C-A8F1-D29B69C8E207}\Windows7Manager.exe
[2010.06.02 22:31:20 | 000,013,262 | R--- | M] () -- C:\Users\MARKY\AppData\Roaming\Microsoft\Installer\{EA027ED9-3A1E-426C-A8F1-D29B69C8E207}\WinUtilities.exe
[2010.02.26 23:34:24 | 000,057,344 | R--- | M] (Macrovision Corporation) -- C:\Users\MARKY\AppData\Roaming\Microsoft\Installer\{EB4DF30B-102B-4F0C-927A-D50E037A325D}\ARPPRODUCTICON.exe
[2010.04.01 21:50:54 | 001,716,392 | ---- | M] (TODO: <Company name>) -- C:\Users\MARKY\AppData\Roaming\MOBILedit\MOBILEditUpdate.exe
[2010.04.05 21:01:59 | 000,704,248 | ---- | M] () -- C:\Users\MARKY\AppData\Roaming\QuickStoresToolbar\unins000.exe
[2010.03.03 15:00:50 | 000,045,304 | ---- | M] (Andreas Breitschopp - Softwareentwicklung und -vertrieb) -- C:\Users\MARKY\AppData\Roaming\QuickStoresToolbar\Update.exe


< MD5 for: AGP440.SYS >
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Downloads\záloha ovladače\Driver Backup 2-26-2010-21825\Kanál IDE#1\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Downloads\záloha ovladače\Driver Backup 2-26-2010-21825\Kanál IDE#2\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Downloads\záloha ovladače\Driver Backup 2-26-2010-21825\Kanál IDE#3\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Downloads\záloha ovladače\Driver Backup 2-26-2010-21825\Kanál IDE\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Downloads\záloha ovladače\Driver Backup 2-26-2010-21825\Řadiče úložiště Intel(R) ICH8M v režimu Ultra ATA - 2850\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Downloads\záloha ovladače\Driver Backup 2-26-2010-21825\Standardní řadič AHCI 1.0 s rozhraním Serial ATA\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys

< MD5 for: CDROM.SYS >
[2009.07.14 01:11:26 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BA6E70AA0E6091BC39DE29477D866A77 -- C:\Downloads\záloha ovladače\Driver Backup 2-26-2010-21825\Jednotka CD-ROM\cdrom.sys
[2009.07.14 01:11:26 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BA6E70AA0E6091BC39DE29477D866A77 -- C:\Windows\System32\drivers\cdrom.sys
[2009.07.14 01:11:26 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BA6E70AA0E6091BC39DE29477D866A77 -- C:\Windows\System32\DriverStore\FileRepository\cdrom.inf_x86_neutral_db87d184bc84f910\cdrom.sys
[2009.07.14 01:11:26 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BA6E70AA0E6091BC39DE29477D866A77 -- C:\Windows\winsxs\x86_cdrom.inf_31bf3856ad364e35_6.1.7600.16385_none_5f7fb206051affbb\cdrom.sys

< MD5 for: CNGAUDIT.DLL >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll

< MD5 for: CRYPTSVC.DLL >
[2009.07.14 03:15:07 | 000,135,680 | ---- | M] (Microsoft Corporation) MD5=9C231178CE4FB385F4B54B0A9080B8A4 -- C:\Windows\System32\cryptsvc.dll
[2009.07.14 03:15:07 | 000,135,680 | ---- | M] (Microsoft Corporation) MD5=9C231178CE4FB385F4B54B0A9080B8A4 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.16385_none_75d5ef87fc22e35a\cryptsvc.dll

< MD5 for: EXPLORER.EXE >
[2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\explorer.exe
[2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2009.08.03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2009.08.03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2009.10.31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe

< MD5 for: HAL.DLL >
[2009.07.14 03:20:28 | 000,194,640 | ---- | M] (Microsoft Corporation) MD5=9A557EAE64ABAB3BA67A9BB035D24CB9 -- C:\Windows\System32\hal.dll
[2009.07.14 03:20:28 | 000,194,640 | ---- | M] (Microsoft Corporation) MD5=9A557EAE64ABAB3BA67A9BB035D24CB9 -- C:\Windows\winsxs\x86_microsoft-windows-hal_31bf3856ad364e35_6.1.7600.16385_none_aaff48c7bafdccc6\hal.dll

< MD5 for: IASTOR.SYS >
[2009.08.07 13:17:26 | 000,330,264 | ---- | M] (Intel Corporation) MD5=01446278D4563B3013C92830AE6CBB26 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver\IaStor.sys
[2009.08.07 13:17:26 | 000,330,264 | ---- | M] (Intel Corporation) MD5=01446278D4563B3013C92830AE6CBB26 -- C:\Users\MARKY\Dokumenty\DriverGenius\Temp\intel_turbomemory_11011002\intel_turbomemory_11011002\Winall\Driver\IaStor.sys
[2009.08.07 13:17:26 | 000,330,264 | ---- | M] (Intel Corporation) MD5=01446278D4563B3013C92830AE6CBB26 -- C:\Windows\System32\drivers\iaStor.sys
[2009.08.07 13:17:26 | 000,330,264 | ---- | M] (Intel Corporation) MD5=01446278D4563B3013C92830AE6CBB26 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_x86_neutral_c1e7c6170b79c26b\iaStor.sys
[2009.08.07 13:24:14 | 000,408,600 | ---- | M] (Intel Corporation) MD5=BBB3B6DF1ABB0FE35802EDE85CC1C011 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys
[2009.08.07 13:24:14 | 000,408,600 | ---- | M] (Intel Corporation) MD5=BBB3B6DF1ABB0FE35802EDE85CC1C011 -- C:\Users\MARKY\Dokumenty\DriverGenius\Temp\intel_turbomemory_11011002\intel_turbomemory_11011002\Winall\Driver64\IaStor.sys
[2007.09.29 23:03:12 | 000,308,248 | ---- | M] (Intel Corporation) MD5=E5A0034847537EAEE3C00349D5C34C5F -- C:\WD Passport\INSTAL\Install\řadič sata\IaStor.sys

< MD5 for: IASTORV.SYS >
[2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\drivers\iaStorV.sys
[2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_18cccb83b34e1453\iaStorV.sys
[2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys

< MD5 for: ISAPNP.SYS >
[2009.07.14 03:20:36 | 000,046,656 | ---- | M] (Microsoft Corporation) MD5=1F32BB6B38F62F7DF1A7AB7292638A35 -- C:\Windows\System32\drivers\isapnp.sys
[2009.07.14 03:20:36 | 000,046,656 | ---- | M] (Microsoft Corporation) MD5=1F32BB6B38F62F7DF1A7AB7292638A35 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\isapnp.sys
[2009.07.14 03:20:36 | 000,046,656 | ---- | M] (Microsoft Corporation) MD5=1F32BB6B38F62F7DF1A7AB7292638A35 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\isapnp.sys

< MD5 for: LSASS.EXE >
[2009.07.14 03:14:23 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=F42309C4191C506B71DB5D1126D26318 -- C:\Windows\System32\lsass.exe
[2009.07.14 03:14:23 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=F42309C4191C506B71DB5D1126D26318 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.16385_none_a620e0e5be1ecda7\lsass.exe
[2009.07.14 03:14:23 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=F42309C4191C506B71DB5D1126D26318 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.16484_none_a61fe281be1fb177\lsass.exe
[2009.07.14 03:14:23 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=F42309C4191C506B71DB5D1126D26318 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.20594_none_a69eaf60d7456d32\lsass.exe

< MD5 for: NDIS.SYS >
[2009.07.14 03:20:44 | 000,710,720 | ---- | M] (Microsoft Corporation) MD5=23759D175A0A9BAAF04D05047BC135A8 -- C:\Windows\System32\drivers\ndis.sys
[2009.07.14 03:20:44 | 000,710,720 | ---- | M] (Microsoft Corporation) MD5=23759D175A0A9BAAF04D05047BC135A8 -- C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.1.7600.16385_none_a79d81ea7d62a289\ndis.sys

< MD5 for: NETLOGON.DLL >
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\System32\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll

< MD5 for: NVRAID.SYS >
[2009.07.14 03:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) MD5=3F3D04B1D08D43C16EA7963954EC768D -- C:\Windows\System32\drivers\nvraid.sys
[2009.07.14 03:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) MD5=3F3D04B1D08D43C16EA7963954EC768D -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvraid.sys
[2009.07.14 03:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) MD5=3F3D04B1D08D43C16EA7963954EC768D -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvraid.sys

< MD5 for: NVSTOR.SYS >
[2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\drivers\nvstor.sys
[2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvstor.sys
[2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys

< MD5 for: SCECLI.DLL >
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\System32\scecli.dll
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll

< MD5 for: SMSS.EXE >
[2009.07.14 03:14:39 | 000,069,632 | ---- | M] (Microsoft Corporation) MD5=16742790895960690237A5143CEDEC8B -- C:\Windows\System32\smss.exe
[2009.07.14 03:14:39 | 000,069,632 | ---- | M] (Microsoft Corporation) MD5=16742790895960690237A5143CEDEC8B -- C:\Windows\winsxs\x86_microsoft-windows-smss_31bf3856ad364e35_6.1.7600.16385_none_ac10fe207a85352b\smss.exe

< MD5 for: SVCHOST.EXE >
[2009.07.14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\System32\svchost.exe
[2009.07.14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe

< MD5 for: TCPIP.SYS >
[2009.07.14 03:19:10 | 001,285,712 | ---- | M] (Microsoft Corporation) MD5=2CC3D75488ABD3EC628BBB9A4FC84EFC -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16385_none_b2f46875c7b9d667\tcpip.sys
[2010.06.14 08:06:58 | 001,288,576 | ---- | M] (Microsoft Corporation) MD5=A39EA325C081AD27461F630C8E3E56E0 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20733_none_b3b219fae0b0af43\tcpip.sys
[2010.06.14 08:12:30 | 001,286,016 | ---- | M] (Microsoft Corporation) MD5=BB7F39C31C4A4417FD318E7CD184E225 -- C:\Windows\System32\drivers\tcpip.sys
[2010.06.14 08:12:30 | 001,286,016 | ---- | M] (Microsoft Corporation) MD5=BB7F39C31C4A4417FD318E7CD184E225 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16610_none_b33b1c29c7858b92\tcpip.sys

< MD5 for: USERINIT.EXE >
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\System32\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\System32\winlogon.exe
[2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009.10.28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2009.07.14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe

< MD5 for: WS2_32.DLL >
[2009.07.14 03:16:20 | 000,206,336 | ---- | M] (Microsoft Corporation) MD5=DAAE8A9B8C0ACC7F858454132553C30D -- C:\Windows\System32\ws2_32.dll
[2009.07.14 03:16:20 | 000,206,336 | ---- | M] (Microsoft Corporation) MD5=DAAE8A9B8C0ACC7F858454132553C30D -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.1.7600.16385_none_f28e06e62fa99b35\ws2_32.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >

< %systemroot%\system32\*.dll /lockedfiles >

< reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c >

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c >
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WUAUSERV
IMAGEPATH REG_EXPAND_SZ %systemroot%\system32\svchost.exe -k netsvcs

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c >
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\BITS
IMAGEPATH REG_EXPAND_SZ %SystemRoot%\System32\svchost.exe -k netsvcs

< %systemroot%\system32\drivers\*.sys /3 >
[2010.09.13 21:53:17 | 000,054,016 | ---- | M] () -- C:\Windows\System32\drivers\qjhjggoc.sys

< %systemroot%\system32\*.* /3 >
[2010.09.13 18:50:21 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010.09.13 18:50:21 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010.09.14 07:21:35 | 000,123,104 | ---- | M] () -- C:\Windows\System32\perfc005.dat
[2010.09.14 07:21:35 | 000,107,232 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.09.14 07:21:35 | 000,634,546 | ---- | M] () -- C:\Windows\System32\perfh005.dat
[2010.09.14 07:21:35 | 000,618,912 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.09.14 07:21:35 | 001,495,982 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI

========== Alternate Data Streams ==========

@Alternate Data Stream - 97 bytes -> C:\ProgramData\TEMP:1EE00E38
@Alternate Data Stream - 182 bytes -> C:\ProgramData\TEMP:A31FAD21
@Alternate Data Stream - 170 bytes -> C:\ProgramData\TEMP:B3D74A13

< End of report >

Re: WIN7 - všechny exe aplikace spouštějí windows media cent

Napsal: 14 zář 2010 11:47
od eda
Spustte znovu OTL. Do toho sameho okna vlozte tento script:

Kód: Vybrat vše

:OTL
O4 - HKLM..\Run: [] File not found
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[2010.09.13 21:53:17 | 000,054,016 | ---- | C] () -- C:\Windows\System32\drivers\qjhjggoc.sys
@Alternate Data Stream - 97 bytes -> C:\ProgramData\TEMP:1EE00E38
@Alternate Data Stream - 182 bytes -> C:\ProgramData\TEMP:A31FAD21
@Alternate Data Stream - 170 bytes -> C:\ProgramData\TEMP:B3D74A13

:Services
qjhjggoc

:Files
C:\Windows\System32\drivers\qjhjggoc.sys

:commands
[EMPTYTEMP]
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
a dejte Opravit. po restartu by na vás měl vyběhnout log. Vložte ho sem.

Re: WIN7 - všechny exe aplikace spouštějí windows media cent

Napsal: 14 zář 2010 12:25
od MARKY79
Tak na ploše mám jen OTL.txt... :(

Re: WIN7 - všechny exe aplikace spouštějí windows media cent

Napsal: 14 zář 2010 12:37
od eda
Měl by být v C:\_OTL\MovedFiles

Re: WIN7 - všechny exe aplikace spouštějí windows media cent

Napsal: 14 zář 2010 12:46
od MARKY79
Tak tam už byl...

All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
C:\Windows\74224F8D4A1748169EDB7BB854DE532C.TMP\WiseCustomCalla.dll deleted successfully.
C:\Windows\74224F8D4A1748169EDB7BB854DE532C.TMP folder deleted successfully.
C:\Windows\msdownld.tmp folder deleted successfully.
C:\Windows\System32\drivers\qjhjggoc.sys moved successfully.
File C:\Windows\System32\drivers\qjhjggoc.sys not found.
ADS C:\ProgramData\TEMP:1EE00E38 deleted successfully.
ADS C:\ProgramData\TEMP:A31FAD21 deleted successfully.
ADS C:\ProgramData\TEMP:B3D74A13 deleted successfully.
========== SERVICES/DRIVERS ==========
Error: No service named qjhjggoc was found to stop!
Service\Driver key qjhjggoc not found.
========== FILES ==========
File\Folder C:\Windows\System32\drivers\qjhjggoc.sys not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 41620 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: MARKY
->Temp folder emptied: 59389011 bytes
->Temporary Internet Files folder emptied: 87469680 bytes
->Google Chrome cache emptied: 179709057 bytes
->Flash cache emptied: 47674 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 441944620 bytes
RecycleBin emptied: 774076 bytes

Total Files Cleaned = 734,00 mb


[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: MARKY
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0,00 mb



OTL by OldTimer - Version 3.2.12.0 log created on 09142010_130942

Re: WIN7 - všechny exe aplikace spouštějí windows media cent

Napsal: 14 zář 2010 14:04
od eda
Co na to počítač?

Re: WIN7 - všechny exe aplikace spouštějí windows media cent

Napsal: 14 zář 2010 14:13
od MARKY79
Jsem stále v nouzovém režimu a pořád jsou všude ikony WMC. Mám ho zkusit restartovat v norálním režimu? Já měl v normálním režimu problém zpustit i OTL adt. a při stahování jsem měnil koncovku na .com. Tak nevím...

Díky...

Re: WIN7 - všechny exe aplikace spouštějí windows media cent

Napsal: 14 zář 2010 15:10
od eda
stahnete a ulozte na plochu ComboFix

pote spustte aplikaci pod uctem s administratorskym opravnenim (nikoli pod uctem s omezenym opravnenim)

v operacnich systemech Windows Vista a Windows 7 spoustejte aplikaci jako spravce (kliknutim pravym mysitkem na ikonu aplikace a volbou "Spustit jako spravce" :!:

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano:

Obrázek

dale muze dojit k varovani ohledne rezidentniho stitu vaseho antiviru a upozorneni na nenainstalovanou konzoli pro zotaveni; tu zatim neinstalujte.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, deaktivujte jeho rezidentni stit, protoze dochazi pri skenu a vymazu pripadneho malware k nezadoucim kolizim Combofixu s rezidentem antispyware


po restartu aplikace vytvori log, ulozeny na C:/Combofix.txt (pri opakovanem pouziti jsou logy oznaceny Combofix2.txt atd.), jeho obsah vlozte sem



Můžete i v Nouzovém režimu.

Re: WIN7 - všechny exe aplikace spouštějí windows media cent

Napsal: 14 zář 2010 16:44
od MARKY79
Vše proběhlo...

ComboFix 10-09-13.02 - MARKY 14.09.2010 16:49:28.1.2 - x86 NETWORK
Microsoft Windows 7 Ultimate 6.1.7600.0.1250.420.1029.18.3071.2480 [GMT 2:00]
Spuštěný z: c:\users\MARKY\Desktop\ComboFix.com
* Vytvořen nový Bod Obnovení
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\MARKY\AppData\Roaming\inst.exe
c:\windows\ZIPDLL.DLL

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-08-14 do 2010-09-14 )))))))))))))))))))))))))))))))
.

2010-09-14 11:09 . 2010-09-14 11:09
2010-09-14 05:20 . 2010-09-14 05:20
2010-09-14 05:20 . 2009-10-22 11:54
2010-09-14 05:20 . 2009-10-09 21:31
2010-09-14 05:20 . 2009-09-25 15:59
2010-09-13 21:14 . 2010-09-13 21:14
2010-09-13 21:14 . 2010-09-13 21:14
2010-09-13 20:22 . 2010-09-13 20:22
2010-09-13 20:19 . 2010-09-13 20:19
2010-09-13 18:59 . 2010-09-13 18:59
2010-09-13 18:59 . 2010-09-13 18:59
2010-09-13 18:59 . 2010-04-29 13:39
2010-09-13 18:59 . 2010-04-29 13:39
2010-09-13 18:59 . 2010-09-13 18:59
2010-08-31 15:07 . 2010-09-09 14:24
2010-08-31 15:07 . 2010-08-31 15:07
2010-08-31 15:03 . 2010-08-31 15:03
2010-08-31 15:03 . 2010-08-31 15:03
2010-08-28 06:32 . 2010-08-28 06:32
2010-08-28 06:32 . 2010-08-28 06:35
2010-08-27 15:59 . 2010-08-27 15:59
2010-08-26 13:40 . 2010-04-07 07:10
2010-08-25 21:27 . 2010-08-25 21:27
2010-08-25 21:26 . 2010-09-01 17:50
2010-08-25 20:51 . 2010-08-25 21:00
2010-08-25 20:51 . 2010-08-25 21:05
2010-08-25 20:51 . 2010-08-25 20:56
2010-08-25 20:51 . 2010-08-25 20:51
2010-08-22 11:40 . 2010-08-22 11:40

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-14 07:38 . 2010-05-29 08:58
2010-09-14 05:21 . 2009-07-14 08:44
2010-09-14 05:21 . 2009-07-14 08:44
2010-09-13 15:47 . 2010-02-26 17:55
2010-09-12 05:00 . 2010-02-26 19:55
2010-09-11 21:30 . 2010-02-26 23:04
2010-09-11 21:30 . 2010-02-26 23:04
2010-09-09 18:41 . 2010-08-09 18:31
2010-09-09 18:41 . 2010-08-09 18:31
2010-09-07 20:39 . 2010-02-26 19:55
2010-09-06 05:07 . 2010-07-17 09:37
2010-08-31 16:10 . 2010-06-06 16:03
2010-08-31 15:07 . 2010-02-26 21:37
2010-08-31 15:07 . 2010-02-26 23:04
2010-08-31 15:06 . 2010-02-26 23:21
2010-08-31 15:02 . 2010-02-26 23:03
2010-08-31 14:58 . 2010-02-26 23:02
2010-08-31 08:04 . 2010-02-28 10:47
2010-08-30 17:01 . 2010-03-01 17:26
2010-08-29 00:03 . 2010-05-29 11:07
2010-08-28 05:26 . 2010-02-26 23:22
2010-08-27 16:07 . 2010-03-01 17:26
2010-08-27 06:42 . 2010-02-26 21:06
2010-08-27 06:33 . 2010-02-26 21:07
2010-08-14 10:37 . 2010-03-11 21:25
2010-08-14 07:17 . 2010-08-14 07:17
2010-08-08 11:04 . 2010-04-16 16:13
2010-08-05 06:56 . 2010-03-16 19:23
2010-08-05 06:43 . 2010-08-05 06:43
2010-08-05 06:43 . 2010-08-05 06:43
2010-08-05 06:43 . 2010-08-05 06:43
2010-07-29 06:30 . 2010-08-12 20:50
2010-07-29 06:30 . 2010-08-12 20:50
2010-07-18 14:28 . 2010-03-16 19:23
2010-06-30 06:25 . 2010-08-12 20:50
2010-06-22 02:47 . 2010-08-12 20:50
2010-06-22 02:47 . 2010-08-12 20:50
2010-06-22 02:47 . 2010-08-12 20:50
2010-06-19 06:33 . 2010-08-12 20:50
2010-06-19 06:33 . 2010-08-12 20:50
2010-06-19 06:23 . 2010-08-12 20:50
2010-06-19 04:07 . 2010-08-12 20:50
2009-06-10 21:26 . 2009-07-14 02:04
2009-07-14 01:14 . 2009-07-13 23:42
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
LightScribe Control Panel="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-06-09 2363392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
egui="c:\program files\ESET\ESET Smart Security\egui.exe" [2009-05-14 2029640]
SMSERIAL="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2009-05-05 1466368]
IAAnotif="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-08-07 186904]
IaNvSrv="c:\program files\Intel\Intel Matrix Storage Manager\OROM\IaNvSrv\IaNvSrv.exe" [2009-10-06 33304]
RtHDVCpl="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-02-08 8505888]
Adobe ARM="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
Malwarebytes Anti-Malware (reboot)="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
GrpConv="grpconv -o" [X]
Malwarebytes' Anti-Malware="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-04-29 437584]
OTL="c:\users\MARKY\Desktop\OTL.com" [2010-09-13 576000]

c:\users\MARKY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
setup_9.0.0.722_13.09.2010_12-24.lnk - c:\users\MARKY\Desktop\Virus Removal Tool\setup_9.0.0.722_13.09.2010_12-24\startup.exe [2010-9-14 72208]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
ConsentPromptBehaviorAdmin= 5 (0x5)
ConsentPromptBehaviorUser= 3 (0x3)
EnableUIADesktopToggle= 0 (0x0)
EnableLUA= 2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
aux=wdmaud.drv

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
Google Update="c:\users\MARKY\AppData\Local\Google\Update\GoogleUpdate.exe" /c

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
GrooveMonitor="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe"
Adobe Reader Speed Launcher="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

R0 ovnbv;ovnbv;c:\windows\System32\drivers\qjhjggoc.sys [x]
R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-02-26 691696]
R1 94921901;94921901;c:\windows\system32\DRIVERS\94921901.sys [2009-09-25 128016]
R1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2009-05-14 107256]
R1 setup_9.0.0.722_13.09.2010_12-24drv;setup_9.0.0.722_13.09.2010_12-24drv;c:\windows\system32\DRIVERS\9492190.sys [2009-10-09 311312]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2009-05-14 731840]
R2 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [2009-05-14 38240]
R3 ATSwpWDF;AuthenTec TruePrint USB WBF WDF Driver;c:\windows\system32\Drivers\ATSwpWDF.sys [2009-12-03 625224]
R3 KMWDFILTERx86;HIDServiceDesc;c:\windows\system32\DRIVERS\KMWDFILTER.sys [2009-04-29 25088]
R3 LgBttPort;LGE Bluetooth TransPort;c:\windows\system32\DRIVERS\lgbtport.sys [2009-06-19 12032]
R3 LGVMODEM;LGE Virtual Modem;c:\windows\system32\DRIVERS\lgvmodem.sys [2009-06-19 12928]
S0 94921902;94921902 Boot Guard Driver;c:\windows\system32\DRIVERS\94921902.sys [2009-10-22 37392]
S0 iaNvStor;Intel(R) Turbo Memory Controller;c:\windows\system32\DRIVERS\iaNvStor.sys [2009-08-21 232472]
S3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet - adaptér;c:\windows\system32\DRIVERS\l160x86.sys [2009-07-13 47104]
S3 lgbusenum;LG Bluetooth Bus Enumerator;c:\windows\system32\DRIVERS\lgbtbus.sys [2009-06-19 10496]
S3 netw5v32;Ovladač adaptéru Intel(R) Wireless WiFi Link pro systém Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-09-15 6000640]


--- Ostatní služby/ovladače v paměti ---

*NewlyCreated* - 94921902

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
9.6.2008 8:14
.
Obsah adresáře 'Naplánované úlohy'

2010-09-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-243422384-3159141069-1851493392-1001Core.job
- c:\users\MARKY\AppData\Local\Google\Update\GoogleUpdate.exe [2010-03-19 19:30]

2010-09-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-243422384-3159141069-1851493392-1001UA.job
- c:\users\MARKY\AppData\Local\Google\Update\GoogleUpdate.exe [2010-03-19 19:30]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

HKLM-RunOnce-<NO NAME> - (no file)
AddRemove-BitTorrent DNA - c:\users\MARKY\Program Files\DNA\btdna.exe


.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-243422384-3159141069-1851493392-1001\Software\SecuROM\License information*]
datasecu=hex:9d,8d,01,e2,24,b8,5b,fd,25,37,9e,6d,22,a0,a5,a1,e1,91,36,20,31,
d0,08,09,84,85,29,24,5d,65,09,d6,d2,f1,8a,ba,18,0b,7f,40,dc,67,db,41,ad,bc,\
rkeysecu=hex:4f,6c,7d,3e,8b,a0,5e,5e,23,38,b6,38,32,71,1e,0d

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
BlindDial=dword:00000000
MSCurrentCountry=dword:000000b5

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
BlindDial=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
BlindDial=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
BlindDial=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2010-09-14 16:57:05
ComboFix-quarantined-files.txt 2010-09-14 14:57

Před spuštěním: Volných bajtů: 52 739 182 592
Po spuštění: Volných bajtů: 52 638 744 576

- - End Of File - - 0D07404E27E15A1CCB30B3C652F21670

Re: WIN7 - všechny exe aplikace spouštějí windows media cent

Napsal: 14 zář 2010 17:40
od eda
pokud jste tak jeste neucinil, presunte Combofix na plochu

otevrete si Poznamkovy blok

do nej zkopirujte skript z nasledujiciho okna:

Kód: Vybrat vše

KILLALL::

Driver::
94921901
ovnbv
setup_9.0.0.722_13.09.2010_12-24drv
94921902

File::
c:\windows\System32\drivers\qjhjggoc.sys
c:\windows\system32\DRIVERS\9492190.sys
c:\windows\system32\DRIVERS\94921902.sys
c:\users\MARKY\Desktop\Virus Removal Tool\setup_9.0.0.722_13.09.2010_12-24\startup.exe
c:\windows\system32\DRIVERS\94921901.sys
ulozte vami vytvoreny textovy soubor jako CFScript.txt na plochu

po ulozeni uchopte vami vytvoreny skript levym tlacitkem mysi a presunte jej nad ikonu Combofixu, nad niz skript upustte:

Obrázek

po aplikaci by na vas mel vybafnout dalsi log, vlozte jej sem :)

Upozorneni: je mozne, ze po aplikaci skriptu a restartu nenabehnou Windows, v takovem pripade znovu restartujte, po restartu mackejte F8 a zvolte Posledni znamou fukncni konfiguraci :)

Re: WIN7 - všechny exe aplikace spouštějí windows media cent

Napsal: 14 zář 2010 21:26
od MARKY79
Zdravím,

tak win naběhl a při dokončování činnosti ComboFixu se několikrát spustil WMC... ComboFix vše dokončil, ale žádná extrémní změna... Tady je ten log...

ComboFix 10-09-13.02 - MARKY 14.09.2010 21:20:11.2.2 - x86 NETWORK
Microsoft Windows 7 Ultimate 6.1.7600.0.1250.420.1029.18.3071.2315 [GMT 2:00]
Spuštěný z: c:\users\MARKY\Desktop\ComboFix.com
Použité ovládací přepínače :: c:\users\MARKY\Desktop\CFScript.txt
* Vytvořen nový Bod Obnovení

FILE ::
"c:\users\MARKY\Desktop\Virus Removal Tool\setup_9.0.0.722_13.09.2010_12-24\startup.exe"
"c:\windows\system32\DRIVERS\9492190.sys"
"c:\windows\system32\DRIVERS\94921901.sys"
"c:\windows\system32\DRIVERS\94921902.sys"
"c:\windows\System32\drivers\qjhjggoc.sys"
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\MARKY\Desktop\Virus Removal Tool\setup_9.0.0.722_13.09.2010_12-24\startup.exe
c:\windows\system32\DRIVERS\9492190.sys
c:\windows\system32\DRIVERS\94921901.sys
c:\windows\system32\DRIVERS\94921902.sys

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_94921902
-------\Service_94921901
-------\Service_94921902
-------\Service_ovnbv
-------\Service_setup_9.0.0.722_13.09.2010_12-24drv


((((((((((((((((((((((((( Soubory vytvořené od 2010-08-14 do 2010-09-14 )))))))))))))))))))))))))))))))
.

2010-09-14 19:23 . 2010-09-14 19:25 -------- d-----w- c:\users\MARKY\AppData\Local\temp
2010-09-14 19:23 . 2010-09-14 19:23 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-09-14 11:09 . 2010-09-14 11:09 -------- d-----w- C:\_OTL
2010-09-14 05:20 . 2010-09-14 05:20 -------- d-----w- c:\programdata\Kaspersky Lab
2010-09-13 21:14 . 2010-09-13 21:14 -------- d-----w- C:\rsit
2010-09-13 21:14 . 2010-09-13 21:14 -------- d-----w- c:\program files\trend micro
2010-09-13 20:22 . 2010-09-13 20:22 -------- d--h--w- c:\windows\PIF
2010-09-13 20:19 . 2010-09-13 20:19 -------- d-----w- C:\trojan logs
2010-09-13 18:59 . 2010-09-13 18:59 -------- d-----w- c:\users\MARKY\AppData\Roaming\Malwarebytes
2010-09-13 18:59 . 2010-09-13 18:59 -------- d-----w- c:\programdata\Malwarebytes
2010-09-13 18:59 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-13 18:59 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-09-13 18:59 . 2010-09-13 18:59 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-31 15:07 . 2010-08-31 15:07 -------- d-----w- c:\programdata\Protexis
2010-08-31 15:03 . 2010-08-31 15:03 -------- d-----w- c:\program files\Microsoft SDKs
2010-08-31 15:03 . 2010-08-31 15:03 -------- d-----w- c:\program files\Microsoft Visual Studio 9.0
2010-08-28 06:32 . 2010-08-28 06:32 -------- d-----w- C:\tmpDownload
2010-08-28 06:32 . 2010-08-28 06:35 -------- d-----w- C:\YouTubeGet
2010-08-27 15:59 . 2010-08-27 15:59 -------- d-----w- c:\users\MARKY\AppData\Local\Canon Easy-PhotoPrint EX
2010-08-26 13:40 . 2010-04-07 07:10 571904 ----a-w- c:\windows\system32\oleaut32.dll
2010-08-25 21:27 . 2010-08-25 21:27 -------- d-----w- c:\programdata\LightScribe
2010-08-25 21:26 . 2010-09-01 17:50 -------- d-----w- c:\users\MARKY\AppData\Roaming\Nero
2010-08-25 20:51 . 2010-08-25 21:00 -------- d-----w- c:\program files\Nero
2010-08-25 20:51 . 2010-08-25 21:05 -------- d-----w- c:\program files\Common Files\Nero
2010-08-25 20:51 . 2010-08-25 20:56 -------- d-----w- c:\programdata\Nero
2010-08-25 20:51 . 2010-08-25 20:51 -------- d-----w- c:\program files\Common Files\LightScribe
2010-08-22 11:40 . 2010-08-22 11:40 -------- d-----w- c:\program files\PlayReady

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-14 07:38 . 2010-05-29 08:58 -------- d-----w- c:\program files\123 DVD Converter
2010-09-14 05:21 . 2009-07-14 08:44 634546 ----a-w- c:\windows\system32\perfh005.dat
2010-09-14 05:21 . 2009-07-14 08:44 123104 ----a-w- c:\windows\system32\perfc005.dat
2010-09-13 15:47 . 2010-02-26 17:55 -------- d-----w- c:\program files\ESET
2010-09-12 05:00 . 2010-02-26 19:55 -------- d-----w- c:\users\MARKY\AppData\Roaming\uTorrent
2010-09-11 21:30 . 2010-02-26 23:04 3088 --sha-w- c:\programdata\KGyGaAvL.sys
2010-09-11 21:30 . 2010-02-26 23:04 3088 --sha-w- c:\programdata\KGyGaAvL.sys
2010-09-09 18:41 . 2010-08-09 18:31 -------- d-----w- c:\program files\Common Files\Steam
2010-09-09 18:41 . 2010-08-09 18:31 -------- d-----w- c:\program files\Steam
2010-09-09 14:24 . 2010-08-31 15:07 2516 --sha-w- c:\programdata\Protexis\KGyGaAvL.sys
2010-09-07 20:39 . 2010-02-26 19:55 -------- d-----w- c:\program files\uTorrent
2010-09-06 05:07 . 2010-07-17 09:37 -------- d-----w- c:\program files\Microsoft Silverlight
2010-08-31 16:10 . 2010-06-06 16:03 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\Markup.dll
2010-08-31 15:07 . 2010-02-26 21:37 141016 ----a-w- c:\users\MARKY\AppData\Local\GDIPFONTCACHEV1.DAT
2010-08-31 15:07 . 2010-02-26 23:04 -------- d-----w- c:\users\MARKY\AppData\Roaming\Corel
2010-08-31 15:06 . 2010-02-26 23:21 -------- d-----w- c:\programdata\Microsoft Help
2010-08-31 15:02 . 2010-02-26 23:03 -------- d-----w- c:\programdata\Corel
2010-08-31 14:58 . 2010-02-26 23:02 -------- d-----w- c:\program files\Corel
2010-08-31 08:04 . 2010-02-28 10:47 -------- d-----w- c:\users\MARKY\AppData\Roaming\Vso
2010-08-30 17:01 . 2010-03-01 17:26 484160 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2010-08-29 00:03 . 2010-05-29 11:07 -------- d-----w- c:\programdata\vsosdk
2010-08-28 05:26 . 2010-02-26 23:22 -------- d-----w- c:\program files\Microsoft.NET
2010-08-27 16:07 . 2010-03-01 17:26 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2010-08-27 06:42 . 2010-02-26 21:06 -------- d-----w- c:\users\MARKY\AppData\Roaming\Skype
2010-08-27 06:33 . 2010-02-26 21:07 -------- d-----w- c:\users\MARKY\AppData\Roaming\skypePM
2010-08-14 10:37 . 2010-03-11 21:25 -------- d-----w- c:\users\MARKY\AppData\Roaming\Canon
2010-08-14 07:17 . 2010-08-14 07:17 -------- d-----w- c:\program files\PhotoZoom Pro 3
2010-08-08 11:04 . 2010-04-16 16:13 484160 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2010-08-05 06:56 . 2010-03-16 19:23 -------- d-----w- c:\programdata\PC Suite
2010-08-05 06:43 . 2010-08-05 06:43 -------- d-----w- c:\program files\Všeználek to ví
2010-08-05 06:43 . 2010-08-05 06:43 253952 ------w- c:\windows\Setup1.exe
2010-08-05 06:43 . 2010-08-05 06:43 73728 ----a-w- c:\windows\ST6UNST.EXE
2010-07-29 06:30 . 2010-08-12 20:50 197632 ----a-w- c:\windows\system32\ir32_32.dll
2010-07-29 06:30 . 2010-08-12 20:50 82944 ----a-w- c:\windows\system32\iccvid.dll
2010-07-18 14:28 . 2010-03-16 19:23 -------- d-----w- c:\users\MARKY\AppData\Roaming\PC Suite
2010-06-30 06:25 . 2010-08-12 20:50 978432 ----a-w- c:\windows\system32\wininet.dll
2010-06-22 02:47 . 2010-08-12 20:50 310784 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-22 02:47 . 2010-08-12 20:50 307200 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-06-22 02:47 . 2010-08-12 20:50 113664 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-06-19 06:33 . 2010-08-12 20:50 3955080 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-06-19 06:33 . 2010-08-12 20:50 3899784 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-06-19 06:23 . 2010-08-12 20:50 37376 ----a-w- c:\windows\system32\rtutils.dll
2010-06-19 04:07 . 2010-08-12 20:50 2326016 ----a-w- c:\windows\system32\win32k.sys
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-06-09 2363392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2009-05-14 2029640]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2009-05-05 1466368]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-08-07 186904]
"IaNvSrv"="c:\program files\Intel\Intel Matrix Storage Manager\OROM\IaNvSrv\IaNvSrv.exe" [2009-10-06 33304]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-02-08 8505888]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLUA"= 2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Google Update"="c:\users\MARKY\AppData\Local\Google\Update\GoogleUpdate.exe" /c

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe"
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S0 iaNvStor;Intel(R) Turbo Memory Controller;c:\windows\system32\DRIVERS\iaNvStor.sys [2009-08-21 232472]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-02-26 691696]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2009-05-14 107256]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2009-05-14 731840]
S2 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [2009-05-14 38240]
S3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet - adaptér;c:\windows\system32\DRIVERS\l160x86.sys [2009-07-13 47104]
S3 ATSwpWDF;AuthenTec TruePrint USB WBF WDF Driver;c:\windows\system32\Drivers\ATSwpWDF.sys [2009-12-03 625224]
S3 KMWDFILTERx86;HIDServiceDesc;c:\windows\system32\DRIVERS\KMWDFILTER.sys [2009-04-29 25088]
S3 LgBttPort;LGE Bluetooth TransPort;c:\windows\system32\DRIVERS\lgbtport.sys [2009-06-19 12032]
S3 lgbusenum;LG Bluetooth Bus Enumerator;c:\windows\system32\DRIVERS\lgbtbus.sys [2009-06-19 10496]
S3 LGVMODEM;LGE Virtual Modem;c:\windows\system32\DRIVERS\lgvmodem.sys [2009-06-19 12928]
S3 netw5v32;Ovladač adaptéru Intel(R) Wireless WiFi Link pro systém Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-09-15 6000640]


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-06-09 08:14 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Obsah adresáře 'Naplánované úlohy'

2010-09-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-243422384-3159141069-1851493392-1001Core.job
- c:\users\MARKY\AppData\Local\Google\Update\GoogleUpdate.exe [2010-03-19 19:30]

2010-09-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-243422384-3159141069-1851493392-1001UA.job
- c:\users\MARKY\AppData\Local\Google\Update\GoogleUpdate.exe [2010-03-19 19:30]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
.

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x8557D1F8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
IoDeviceObjectType -> DumpProcedure -> 0xe5726854
user & kernel MBR OK

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-243422384-3159141069-1851493392-1001\Software\SecuROM\License information*]
"datasecu"=hex:9d,8d,01,e2,24,b8,5b,fd,25,37,9e,6d,22,a0,a5,a1,e1,91,36,20,31,
d0,08,09,84,85,29,24,5d,65,09,d6,d2,f1,8a,ba,18,0b,7f,40,dc,67,db,41,ad,bc,\
"rkeysecu"=hex:4f,6c,7d,3e,8b,a0,5e,5e,23,38,b6,38,32,71,1e,0d

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'Explorer.exe'(3088)
c:\program files\Aberger\HfAsistent\FotoSync.dll
c:\program files\Aberger\HfAsistent\xerc2701.dll
c:\program files\Aberger\HfAsistent\fotosynr.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_cze.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\nvvsvc.exe
c:\program files\ATK Hotkey\ASLDRSrv.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\windows\system32\taskhost.exe
c:\windows\System32\rundll32.exe
c:\windows\system32\conhost.exe
c:\program files\ATK Hotkey\Hcontrol.exe
c:\program files\ATK Hotkey\ATKOSD.exe
c:\windows\ehome\ehRecvr.exe
c:\windows\system32\DllHost.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Celkový čas: 2010-09-14 21:30:49 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-09-14 19:30
ComboFix2.txt 2010-09-14 14:57

Před spuštěním: Volných bajtů: 52 689 756 160
Po spuštění: Volných bajtů: 50 327 027 712

- - End Of File - - 235A4B6892EB0926B292F47F7960789A

Re: WIN7 - všechny exe aplikace spouštějí windows media cent

Napsal: 14 zář 2010 22:36
od MARKY79
Zdravím,

trochu jsem zkoumal jaký soft jsem instaloval naposledy a vypadá to, že trojan byl v keygenu na Corel X5 a někteří ho identifikovali jako BackDoor.Generic 12 BHPE. Nevím jestli to může pomoci...

Díky...
Všechny časy jsou v UTC+01:00
Stránka 1 z 3

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz