Podezření na rootkit

[savetr]

Dobrý den..Na mém notebooku (asus k61IC) se začal trhat strašně zvuk..dělá to každou půlminutu. Mám podezření na rootkit. Doposud jsem nenašel žádný program který by mi udělal log..program buď v pulce hledání spadl nebo se nespustil vůbec. Co myslíte jaká je pravděpodobnost že je to rootkit ? Už mi to jednou dělalo ale nepomohlo nic, pomohl jen reinstal windows (7,32-bit) myslel jsem že budu mít pokoj a teď to dělá znovu. díky za odpověď.

[Rudy]

Zdravím. Zkuste sken RSIT: http://www.viry.cz/forum/viewtopic.php?f=13&t=105895 v nouz. režimu. Dejte log.

[savetr]

Logfile of random's system information tool 1.08 (written by random/random)
Run by Pavel at 2011-06-17 22:15:07
Microsoft Windows 7 Home Premium
System drive C: has 90 GB (75%) free of 119 GB
Total RAM: 3583 MB (62% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:15:41, on 17.6.2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
D:\Programy\HControlUser.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel.exe
C:\Windows\system32\taskeng.exe
D:\Programy\Power4gear\BatteryLife.exe
C:\Users\Pavel\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\rundll32.exe
C:\Users\Pavel\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Pavel\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Pavel\Desktop\RSIT (1).exe
C:\Program Files\trend micro\Pavel.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
R3 - URLSearchHook: (no name) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: GamePlayLabsBHO - {984A9162-8891-4D19-8CFE-17648BB4E1EC} - C:\Users\Pavel\AppData\Local\Browser Plugin\BHO.dll (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [HControlUser] D:\Programy\HControlUser.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKLM\..\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Google Update] "C:\Users\Pavel\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Global Startup: SRS Premium Sound.lnk = ?
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Pavel\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: ASLDR Service (ASLDRService) - ASUS - D:\Programy\ASLDRSrv.exe
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: IQZNUDXIK - Sysinternals - www.sysinternals.com - C:\Users\Pavel\AppData\Local\Temp\IQZNUDXIK.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: WHZFDWJUAF - Sysinternals - www.sysinternals.com - C:\Users\Pavel\AppData\Local\Temp\WHZFDWJUAF.exe

--
End of file - 6363 bytes

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2734244089-3060300865-4267197301-1001Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2734244089-3060300865-4267197301-1001UA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18 403840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{984A9162-8891-4D19-8CFE-17648BB4E1EC}]
GamePlayLabsBHO Class - C:\Users\Pavel\AppData\Local\Browser Plugin\BHO.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-02-16 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{CCC7A320-B3CA-4199-B1A6-9F516DD69829}

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2009-08-15 13797920]
"HControlUser"=D:\Programy\HControlUser.exe [2009-06-19 105016]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2008-10-25 31072]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [2009-09-11 7739936]
"MSC"=C:\Program Files\Microsoft Security Client\msseces.exe [2010-11-30 997408]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-07-14 1173504]
"Google Update"=C:\Users\Pavel\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-12 136176]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-09-21 932288]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2011-01-31 35760]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
D:\Programy\DAEMON Tools Lite\DTLite.exe [2011-01-20 1305408]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
C:\Users\Pavel\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-12 136176]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RGSC]
D:\Hry\GTA\Rockstar Games Social Club\RGSCLauncher.exe [2008-11-14 305064]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-10-29 249064]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
SRS Premium Sound.lnk - C:\Windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut4_E9C83B3EDF9141A39DA5EC05C79BBB91.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 3 months======

2011-06-17 22:15:07 ----D---- C:\rsit
2011-06-17 22:15:07 ----D---- C:\Program Files\trend micro
2011-06-16 20:46:33 ----N---- C:\Windows\system32\SAVRKBootTasks.sys
2011-06-16 20:10:05 ----A---- C:\Windows\system32\drivers\rspSanity32.sys
2011-06-16 07:14:03 ----A---- C:\Windows\system32\mshtmled.dll
2011-06-16 07:14:02 ----A---- C:\Windows\system32\jscript9.dll
2011-06-16 07:14:02 ----A---- C:\Windows\system32\jscript.dll
2011-06-16 07:14:02 ----A---- C:\Windows\system32\ieui.dll
2011-06-16 07:14:02 ----A---- C:\Windows\system32\iertutil.dll
2011-06-16 07:14:00 ----A---- C:\Windows\system32\urlmon.dll
2011-06-16 07:14:00 ----A---- C:\Windows\system32\mshtml.dll
2011-06-16 07:14:00 ----A---- C:\Windows\system32\ieframe.dll
2011-06-16 06:21:32 ----A---- C:\Windows\system32\drivers\srvnet.sys
2011-06-16 06:21:32 ----A---- C:\Windows\system32\drivers\srv2.sys
2011-06-16 06:21:32 ----A---- C:\Windows\system32\drivers\srv.sys
2011-06-16 06:21:31 ----A---- C:\Windows\system32\drivers\tcpip.sys
2011-06-16 06:21:30 ----A---- C:\Windows\system32\drivers\afd.sys
2011-06-16 06:21:23 ----A---- C:\Windows\system32\oleaut32.dll
2011-06-16 06:21:22 ----A---- C:\Windows\system32\drivers\dfsc.sys
2011-06-16 06:21:21 ----A---- C:\Windows\system32\inetcomm.dll
2011-06-16 06:21:20 ----A---- C:\Windows\system32\drivers\mrxsmb10.sys
2011-06-16 06:21:19 ----A---- C:\Windows\system32\drivers\mrxsmb20.sys
2011-06-16 06:21:19 ----A---- C:\Windows\system32\drivers\mrxsmb.sys
2011-06-15 17:11:00 ----D---- C:\Windows\Minidump
2011-06-10 18:58:30 ----D---- C:\Users\Pavel\AppData\Roaming\vlc
2011-06-10 05:53:44 ----D---- C:\Program Files\Microsoft Security Client
2011-06-10 05:53:33 ----A---- C:\Windows\system32\drivers\netio.sys
2011-06-07 14:12:17 ----A---- C:\Windows\system32\drivers\VBoxDrv.sys
2011-06-07 14:12:11 ----DC---- C:\Windows\system32\DRVSTORE
2011-06-07 14:12:11 ----A---- C:\Windows\system32\drivers\VBoxUSBMon.sys
2011-06-07 14:12:07 ----D---- C:\Program Files\Oracle
2011-06-01 18:24:13 ----D---- C:\Program Files\Sony Ericsson
2011-05-27 23:59:41 ----A---- C:\Windows\IS_FLOCX.exe
2011-05-27 23:59:38 ----D---- C:\Windows\2011 Michal Seps Uninstaller
2011-05-25 05:37:31 ----A---- C:\Windows\system32\drivers\Diskdump.sys
2011-05-19 07:04:32 ----A---- C:\Windows\system32\poqexec.exe
2011-05-18 19:45:38 ----D---- C:\Program Files\NVIDIA Corporation
2011-05-18 19:43:49 ----A---- C:\Windows\system32\XAudio2_7.dll
2011-05-18 19:43:49 ----A---- C:\Windows\system32\XAudio2_6.dll
2011-05-18 19:43:49 ----A---- C:\Windows\system32\XAPOFX1_5.dll
2011-05-18 19:43:49 ----A---- C:\Windows\system32\XAPOFX1_4.dll
2011-05-18 19:43:49 ----A---- C:\Windows\system32\xactengine3_7.dll
2011-05-18 19:43:49 ----A---- C:\Windows\system32\D3DX9_43.dll
2011-05-18 19:43:49 ----A---- C:\Windows\system32\d3dx11_43.dll
2011-05-18 19:43:49 ----A---- C:\Windows\system32\d3dx10_43.dll
2011-05-18 19:43:49 ----A---- C:\Windows\system32\d3dcsx_43.dll
2011-05-18 19:43:49 ----A---- C:\Windows\system32\D3DCompiler_43.dll
2011-05-18 19:43:48 ----A---- C:\Windows\system32\XAudio2_5.dll
2011-05-18 19:43:48 ----A---- C:\Windows\system32\xactengine3_6.dll
2011-05-18 19:43:48 ----A---- C:\Windows\system32\xactengine3_5.dll
2011-05-18 19:43:48 ----A---- C:\Windows\system32\X3DAudio1_7.dll
2011-05-18 19:43:48 ----A---- C:\Windows\system32\d3dx11_42.dll
2011-05-18 19:43:48 ----A---- C:\Windows\system32\d3dcsx_42.dll
2011-05-18 19:43:48 ----A---- C:\Windows\system32\D3DCompiler_42.dll
2011-05-18 19:43:47 ----A---- C:\Windows\system32\XAudio2_4.dll
2011-05-18 19:43:47 ----A---- C:\Windows\system32\XAPOFX1_3.dll
2011-05-18 19:43:47 ----A---- C:\Windows\system32\xactengine3_4.dll
2011-05-18 19:43:47 ----A---- C:\Windows\system32\X3DAudio1_6.dll
2011-05-18 19:43:47 ----A---- C:\Windows\system32\D3DX9_41.dll
2011-05-18 19:43:47 ----A---- C:\Windows\system32\d3dx10_41.dll
2011-05-18 19:43:47 ----A---- C:\Windows\system32\D3DCompiler_41.dll
2011-05-18 19:43:46 ----A---- C:\Windows\system32\XAudio2_3.dll
2011-05-18 19:43:46 ----A---- C:\Windows\system32\XAPOFX1_2.dll
2011-05-18 19:43:46 ----A---- C:\Windows\system32\xactengine3_3.dll
2011-05-18 19:43:46 ----A---- C:\Windows\system32\X3DAudio1_5.dll
2011-05-18 19:43:46 ----A---- C:\Windows\system32\D3DX9_40.dll
2011-05-18 19:43:46 ----A---- C:\Windows\system32\d3dx10_40.dll
2011-05-18 19:43:46 ----A---- C:\Windows\system32\D3DCompiler_40.dll
2011-05-18 19:43:45 ----A---- C:\Windows\system32\XAudio2_2.dll
2011-05-18 19:43:45 ----A---- C:\Windows\system32\XAPOFX1_1.dll
2011-05-18 19:43:45 ----A---- C:\Windows\system32\xactengine3_2.dll
2011-05-18 19:43:45 ----A---- C:\Windows\system32\D3DX9_39.dll
2011-05-18 19:43:45 ----A---- C:\Windows\system32\d3dx10_39.dll
2011-05-18 19:43:45 ----A---- C:\Windows\system32\D3DCompiler_39.dll
2011-05-16 19:01:00 ----A---- C:\Windows\system32\drivers\VBoxNetFlt.sys
2011-05-16 19:01:00 ----A---- C:\Windows\system32\drivers\VBoxNetAdp.sys
2011-05-16 19:00:58 ----A---- C:\Windows\system32\VBoxNetFltNotify.dll
2011-05-11 19:40:47 ----A---- C:\Windows\system32\D3DX9_42.dll
2011-05-11 19:40:47 ----A---- C:\Windows\system32\d3dx10_42.dll
2011-05-11 19:22:21 ----A---- C:\Windows\system32\Msvcr71.dll
2011-05-11 19:22:21 ----A---- C:\Windows\system32\mfc71.dll
2011-05-11 19:22:21 ----A---- C:\Windows\system32\gdiplus.dll
2011-05-11 19:20:35 ----A---- C:\Windows\system32\CmdLineExt.dll
2011-05-11 19:20:21 ----A---- C:\Windows\system32\XAudio2_1.dll
2011-05-11 19:20:21 ----A---- C:\Windows\system32\XAudio2_0.dll
2011-05-11 19:20:21 ----A---- C:\Windows\system32\XAPOFX1_0.dll
2011-05-11 19:20:21 ----A---- C:\Windows\system32\xactengine3_1.dll
2011-05-11 19:20:21 ----A---- C:\Windows\system32\X3DAudio1_4.dll
2011-05-11 19:20:21 ----A---- C:\Windows\system32\d3dx10_38.dll
2011-05-11 19:20:21 ----A---- C:\Windows\system32\D3DCompiler_38.dll
2011-05-11 19:20:20 ----A---- C:\Windows\system32\xactengine3_0.dll
2011-05-11 19:20:20 ----A---- C:\Windows\system32\xactengine2_10.dll
2011-05-11 19:20:20 ----A---- C:\Windows\system32\X3DAudio1_3.dll
2011-05-11 19:20:19 ----A---- C:\Windows\system32\xactengine2_9.dll
2011-05-11 19:20:19 ----A---- C:\Windows\system32\d3dx9_36.dll
2011-05-11 19:20:19 ----A---- C:\Windows\system32\d3dx9_35.dll
2011-05-11 19:20:19 ----A---- C:\Windows\system32\d3dx10_36.dll
2011-05-11 19:20:19 ----A---- C:\Windows\system32\d3dx10_35.dll
2011-05-11 19:20:19 ----A---- C:\Windows\system32\D3DCompiler_36.dll
2011-05-11 19:20:19 ----A---- C:\Windows\system32\D3DCompiler_35.dll
2011-05-11 19:20:18 ----A---- C:\Windows\system32\xactengine2_8.dll
2011-05-11 19:20:18 ----A---- C:\Windows\system32\xactengine2_7.dll
2011-05-11 19:20:18 ----A---- C:\Windows\system32\X3DAudio1_2.dll
2011-05-11 19:20:18 ----A---- C:\Windows\system32\d3dx9_34.dll
2011-05-11 19:20:18 ----A---- C:\Windows\system32\d3dx10_34.dll
2011-05-11 19:20:18 ----A---- C:\Windows\system32\d3dx10_33.dll
2011-05-11 19:20:18 ----A---- C:\Windows\system32\D3DCompiler_34.dll
2011-05-11 19:20:18 ----A---- C:\Windows\system32\D3DCompiler_33.dll
2011-05-11 19:20:17 ----A---- C:\Windows\system32\xactengine2_6.dll
2011-05-11 19:20:17 ----A---- C:\Windows\system32\xactengine2_5.dll
2011-05-11 19:20:17 ----A---- C:\Windows\system32\xactengine2_4.dll
2011-05-11 19:20:17 ----A---- C:\Windows\system32\x3daudio1_1.dll
2011-05-11 19:20:17 ----A---- C:\Windows\system32\d3dx9_33.dll
2011-05-11 19:20:17 ----A---- C:\Windows\system32\d3dx9_32.dll
2011-05-11 19:20:17 ----A---- C:\Windows\system32\d3dx9_31.dll
2011-05-11 19:20:17 ----A---- C:\Windows\system32\d3dx10.dll
2011-05-11 19:20:16 ----A---- C:\Windows\system32\xinput1_2.dll
2011-05-11 19:20:16 ----A---- C:\Windows\system32\xinput1_1.dll
2011-05-11 19:20:16 ----A---- C:\Windows\system32\xactengine2_3.dll
2011-05-11 19:20:16 ----A---- C:\Windows\system32\xactengine2_2.dll
2011-05-11 19:20:16 ----A---- C:\Windows\system32\xactengine2_1.dll
2011-05-11 19:20:13 ----A---- C:\Windows\system32\xactengine2_0.dll
2011-05-11 19:20:13 ----A---- C:\Windows\system32\x3daudio1_0.dll
2011-05-11 19:20:13 ----A---- C:\Windows\system32\d3dx9_29.dll
2011-05-11 19:20:13 ----A---- C:\Windows\system32\d3dx9_28.dll
2011-05-11 19:20:13 ----A---- C:\Windows\system32\d3dx9_27.dll
2011-05-11 19:20:13 ----A---- C:\Windows\system32\d3dx9_26.dll
2011-05-11 19:20:12 ----A---- C:\Windows\system32\d3dx9_25.dll
2011-05-11 19:20:12 ----A---- C:\Windows\system32\d3dx9_24.dll
2011-05-11 19:03:01 ----A---- C:\Windows\system32\xinput1_3.dll
2011-05-11 19:03:01 ----A---- C:\Windows\system32\D3DX9_37.dll
2011-05-11 19:03:01 ----A---- C:\Windows\system32\d3dx10_37.dll
2011-05-11 19:03:01 ----A---- C:\Windows\system32\D3DCompiler_37.dll
2011-05-11 19:02:39 ----D---- C:\Windows\system32\xlive
2011-05-11 19:02:39 ----D---- C:\Program Files\Microsoft Games for Windows - LIVE
2011-05-11 19:00:13 ----A---- C:\Windows\system32\drivers\usbuhci.sys
2011-05-11 19:00:13 ----A---- C:\Windows\system32\drivers\usbport.sys
2011-05-11 19:00:13 ----A---- C:\Windows\system32\drivers\usbohci.sys
2011-05-11 19:00:13 ----A---- C:\Windows\system32\drivers\usbhub.sys
2011-05-11 19:00:13 ----A---- C:\Windows\system32\drivers\usbehci.sys
2011-05-11 19:00:13 ----A---- C:\Windows\system32\drivers\usbd.sys
2011-05-11 19:00:13 ----A---- C:\Windows\system32\drivers\usbccgp.sys
2011-05-11 19:00:11 ----A---- C:\Windows\system32\ntkrnlpa.exe
2011-05-11 19:00:10 ----A---- C:\Windows\system32\ntoskrnl.exe
2011-05-06 16:17:15 ----D---- C:\Windows\pss
2011-04-29 18:12:03 ----D---- C:\Users\Pavel\AppData\Roaming\Real
2011-04-27 14:55:17 ----A---- C:\Windows\system32\drivers\nvstor.sys
2011-04-27 14:55:17 ----A---- C:\Windows\system32\drivers\ntfs.sys
2011-04-27 14:55:16 ----A---- C:\Windows\system32\fsutil.exe
2011-04-27 14:55:16 ----A---- C:\Windows\system32\esent.dll
2011-04-27 14:55:16 ----A---- C:\Windows\system32\drivers\USBSTOR.SYS
2011-04-27 14:55:16 ----A---- C:\Windows\system32\drivers\storport.sys
2011-04-27 14:55:16 ----A---- C:\Windows\system32\drivers\nvraid.sys
2011-04-27 14:55:16 ----A---- C:\Windows\system32\drivers\iaStorV.sys
2011-04-27 14:55:16 ----A---- C:\Windows\system32\drivers\amdxata.sys
2011-04-27 14:55:16 ----A---- C:\Windows\system32\drivers\amdsata.sys
2011-04-27 14:55:11 ----A---- C:\Windows\system32\prevhost.exe
2011-04-27 14:55:10 ----A---- C:\Windows\system32\XpsPrint.dll
2011-04-27 14:55:08 ----A---- C:\Windows\explorer.exe
2011-04-19 17:24:57 ----D---- C:\Program Files\ICQ7.5
2011-04-15 22:01:17 ----A---- C:\Windows\system32\wininet.dll
2011-04-15 22:01:17 ----A---- C:\Windows\system32\SetIEInstalledDate.exe
2011-04-15 22:01:17 ----A---- C:\Windows\system32\RegisterIEPKEYs.exe
2011-04-15 22:01:17 ----A---- C:\Windows\system32\msrating.dll
2011-04-15 22:01:17 ----A---- C:\Windows\system32\msls31.dll
2011-04-15 22:01:17 ----A---- C:\Windows\system32\mshtmler.dll
2011-04-15 22:01:17 ----A---- C:\Windows\system32\msfeedssync.exe
2011-04-15 22:01:17 ----A---- C:\Windows\system32\msfeedsbs.dll
2011-04-15 22:01:17 ----A---- C:\Windows\system32\jsproxy.dll
2011-04-15 22:01:17 ----A---- C:\Windows\system32\iesysprep.dll
2011-04-15 22:01:17 ----A---- C:\Windows\system32\ieapfltr.dll
2011-04-15 22:01:17 ----A---- C:\Windows\system32\ieakeng.dll
2011-04-15 22:01:17 ----A---- C:\Windows\system32\IEAdvpack.dll
2011-04-15 22:01:17 ----A---- C:\Windows\system32\ie4uinit.exe
2011-04-15 22:01:17 ----A---- C:\Windows\system32\icardie.dll
2011-04-15 22:01:17 ----A---- C:\Windows\system32\dxtrans.dll
2011-04-15 22:01:17 ----A---- C:\Windows\system32\dxtmsft.dll
2011-04-15 22:01:16 ----A---- C:\Windows\system32\wextract.exe
2011-04-15 22:01:16 ----A---- C:\Windows\system32\webcheck.dll
2011-04-15 22:01:16 ----A---- C:\Windows\system32\vbscript.dll
2011-04-15 22:01:16 ----A---- C:\Windows\system32\url.dll
2011-04-15 22:01:16 ----A---- C:\Windows\system32\pngfilt.dll
2011-04-15 22:01:16 ----A---- C:\Windows\system32\occache.dll
2011-04-15 22:01:16 ----A---- C:\Windows\system32\mshta.exe
2011-04-15 22:01:16 ----A---- C:\Windows\system32\msfeeds.dll
2011-04-15 22:01:16 ----A---- C:\Windows\system32\licmgr10.dll
2011-04-15 22:01:16 ----A---- C:\Windows\system32\inseng.dll
2011-04-15 22:01:16 ----A---- C:\Windows\system32\imgutil.dll
2011-04-15 22:01:16 ----A---- C:\Windows\system32\iexpress.exe
2011-04-15 22:01:16 ----A---- C:\Windows\system32\ieUnatt.exe
2011-04-15 22:01:16 ----A---- C:\Windows\system32\iesetup.dll
2011-04-15 22:01:16 ----A---- C:\Windows\system32\iernonce.dll
2011-04-15 22:01:16 ----A---- C:\Windows\system32\iepeers.dll
2011-04-15 22:01:16 ----A---- C:\Windows\system32\iedkcs32.dll
2011-04-15 22:01:16 ----A---- C:\Windows\system32\ieakui.dll
2011-04-15 22:01:16 ----A---- C:\Windows\system32\ieaksie.dll
2011-04-15 22:01:16 ----A---- C:\Windows\system32\admparse.dll
2011-04-14 21:38:49 ----A---- C:\Windows\system32\wininet.dll_old0
2011-04-14 21:38:49 ----A---- C:\Windows\system32\urlmon.dll_old0
2011-04-14 21:38:48 ----A---- C:\Windows\system32\iertutil.dll_old0
2011-04-14 14:29:17 ----A---- C:\Windows\system32\atmlib.dll
2011-04-14 14:29:17 ----A---- C:\Windows\system32\atmfd.dll
2011-04-14 14:29:16 ----A---- C:\Windows\system32\dnsrslvr.dll
2011-04-14 14:29:16 ----A---- C:\Windows\system32\dnsapi.dll
2011-04-14 14:29:15 ----A---- C:\Windows\system32\dnscacheugc.exe
2011-04-14 14:28:36 ----A---- C:\Windows\system32\win32k.sys
2011-04-14 14:28:29 ----A---- C:\Windows\system32\FXSCOVER.exe
2011-04-14 14:28:28 ----A---- C:\Windows\system32\XpsGdiConverter.dll
2011-04-14 14:28:27 ----A---- C:\Windows\system32\mfc42u.dll
2011-04-14 14:28:27 ----A---- C:\Windows\system32\mfc42.dll
2011-04-14 14:28:26 ----A---- C:\Windows\system32\drivers\bowser.sys
2011-04-09 18:55:44 ----A---- C:\Windows\system32\xlive.dll
2011-04-09 18:55:42 ----A---- C:\Windows\system32\xlivefnt.dll
2011-04-09 18:55:28 ----A---- C:\Windows\system32\xlive.dll.cat
2011-04-08 16:00:13 ----HD---- C:\$AVG
2011-04-05 16:22:30 ----D---- C:\Program Files\Google
2011-04-01 17:34:33 ----D---- C:\Windows\system32\SPReview
2011-04-01 17:34:07 ----D---- C:\Windows\system32\EventProviders
2011-03-19 13:43:55 ----A---- C:\Windows\system32\E_FLBCAE.DLL
2011-03-19 13:43:55 ----A---- C:\Windows\system32\E_DCINST.DLL
2011-03-19 13:43:54 ----A---- C:\Windows\system32\E_FD4BCAE.DLL
2011-03-19 13:43:37 ----D---- C:\ProgramData\EPSON
2011-03-18 19:23:27 ----D---- C:\Program Files\Microsoft Silverlight

======List of files/folders modified in the last 3 months======

2011-06-17 22:15:22 ----D---- C:\Windows\Prefetch
2011-06-17 22:15:07 ----RD---- C:\Program Files
2011-06-17 22:00:15 ----D---- C:\Windows\Temp
2011-06-17 17:30:20 ----D---- C:\Windows\system32\config
2011-06-17 17:25:51 ----SHD---- C:\System Volume Information
2011-06-17 16:04:43 ----D---- C:\Windows\Microsoft.NET
2011-06-17 16:04:42 ----RSD---- C:\Windows\assembly
2011-06-17 15:25:30 ----D---- C:\Windows\System32
2011-06-17 15:25:30 ----D---- C:\Windows\inf
2011-06-17 15:25:30 ----A---- C:\Windows\system32\PerfStringBackup.INI
2011-06-16 20:14:53 ----SD---- C:\ProgramData\Microsoft
2011-06-16 20:10:23 ----D---- C:\Windows\system32\drivers
2011-06-16 15:33:56 ----D---- C:\Windows\winsxs
2011-06-16 15:18:05 ----D---- C:\Program Files\Internet Explorer
2011-06-16 07:18:05 ----SHD---- C:\Windows\Installer
2011-06-16 07:18:02 ----D---- C:\ProgramData\Microsoft Help
2011-06-16 07:16:03 ----D---- C:\Windows\debug
2011-06-16 07:16:02 ----A---- C:\Windows\system32\MRT.exe
2011-06-16 07:14:16 ----D---- C:\Windows\system32\catroot
2011-06-16 06:21:10 ----D---- C:\Windows\system32\catroot2
2011-06-15 17:19:48 ----D---- C:\Windows
2011-06-13 19:59:17 ----SHD---- C:\$Recycle.Bin
2011-06-10 21:03:05 ----D---- C:\Users\Pavel\AppData\Roaming\ICQ
2011-06-10 18:56:53 ----D---- C:\Users\Pavel\AppData\Roaming\uTorrent
2011-06-10 05:49:18 ----D---- C:\ProgramData\AVG10
2011-06-10 05:48:36 ----D---- C:\ProgramData\MFAData
2011-06-10 05:46:04 ----HD---- C:\ProgramData
2011-06-07 14:13:26 ----D---- C:\Windows\system32\DriverStore
2011-06-06 19:20:46 ----SD---- C:\Users\Pavel\AppData\Roaming\Microsoft
2011-06-01 18:34:34 ----HD---- C:\Program Files\InstallShield Installation Information
2011-05-30 18:52:31 ----D---- C:\Users\Pavel\AppData\Roaming\Skype
2011-05-30 18:46:13 ----D---- C:\Users\Pavel\AppData\Roaming\skypePM
2011-05-18 19:42:56 ----D---- C:\Windows\Logs
2011-05-16 13:59:27 ----D---- C:\Windows\system32\Tasks
2011-05-14 18:35:41 ----D---- C:\Windows\system32\LogFiles
2011-05-11 19:40:50 ----D---- C:\Program Files\Common Files\microsoft shared
2011-04-27 21:24:20 ----D---- C:\Windows\rescache
2011-04-27 20:44:49 ----D---- C:\Windows\system32\cs-CZ
2011-04-27 20:44:49 ----D---- C:\Windows\AppPatch
2011-04-21 18:02:54 ----D---- C:\Windows\SoftwareDistribution
2011-04-15 22:02:19 ----D---- C:\Windows\servicing
2011-04-15 22:01:31 ----D---- C:\Windows\system32\migration
2011-04-15 22:01:31 ----D---- C:\Windows\system32\en-US
2011-04-15 22:01:31 ----D---- C:\Windows\PolicyDefinitions
2011-04-05 16:22:36 ----D---- C:\Windows\Tasks
2011-03-26 16:56:47 ----D---- C:\Program Files\Common Files\DVDVideoSoft
2011-03-25 16:41:25 ----D---- C:\Program Files\Common Files\InstallShield

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 nvstor32;nvstor32; C:\Windows\system32\DRIVERS\nvstor32.sys [2011-02-11 213024]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2009-07-14 173648]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2011-02-12 218688]
R1 MpFilter;Microsoft Malware Protection Driver; C:\Windows\system32\DRIVERS\MpFilter.sys [2010-10-24 165264]
R1 MpKsl9db9fa9f;MpKsl9db9fa9f; \??\C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{F15588FD-EDD8-43E4-A214-7A56DE5FC64B}\MpKsl9db9fa9f.sys [2011-06-17 28752]
R1 SAVRKBootTasks;Boot Tasks Driver; \??\C:\Windows\system32\SAVRKBootTasks.sys [2009-06-18 18816]
R1 VBoxDrv;VirtualBox Service; C:\Windows\system32\DRIVERS\VBoxDrv.sys [2011-05-16 162544]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver; C:\Windows\system32\DRIVERS\VBoxUSBMon.sys [2011-05-16 44720]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 48128]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2009-10-05 1221632]
R3 BthEnum;Služba Bluetooth Enumerator; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-07-14 34816]
R3 BthPan;Zařízení Bluetooth (síť PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 93696]
R3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2009-07-14 58880]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2009-09-11 2769120]
R3 MpNWMon;Microsoft Malware Protection Network Driver; C:\Windows\system32\DRIVERS\MpNWMon.sys [2010-10-24 43392]
R3 MTsensor;ATK0100 ACPI UTILITY; C:\Windows\system32\DRIVERS\ATKACPI.sys [2007-07-31 7680]
R3 NisDrv;Microsoft Network Inspection System; C:\Windows\system32\DRIVERS\NisDrvWFP.sys [2010-10-24 54144]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\Windows\system32\drivers\nvhda32v.sys [2011-02-11 64032]
R3 nvsmu;nvsmu; C:\Windows\system32\DRIVERS\nvsmu.sys [2011-02-11 17920]
R3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 129536]
R3 RTL8167;Ovladač Realtek 8167 NT; C:\Windows\system32\DRIVERS\Rt86win7.sys [2009-07-14 139776]
R3 SNP2UVC;USB2.0 PC Camera (SNP2UVC); C:\Windows\system32\DRIVERS\snp2uvc.sys [2009-06-06 1766592]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter; C:\Windows\system32\DRIVERS\VBoxNetAdp.sys [2011-05-16 111280]
R3 VBoxNetFlt;VBoxNetFlt Service; C:\Windows\system32\DRIVERS\VBoxNetFlt.sys [2011-05-16 122224]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-14 14336]
S2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]
S3 amdagp;AMD AGP Bus Filter Driver; C:\Windows\system32\DRIVERS\amdagp.sys [2009-07-14 53312]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-14 229888]
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2009-07-14 392704]
S3 EagleNT;EagleNT; \??\C:\Windows\system32\drivers\EagleNT.sys []
S3 MEMSWEEP2;MEMSWEEP2; \??\C:\Windows\system32\2B25.tmp []
S3 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [2009-07-14 12368]
S3 rspSanity;rspSanity; C:\Windows\system32\DRIVERS\rspSanity32.sys [2011-05-04 27192]
S3 sisagp;SIS AGP Bus Filter; C:\Windows\system32\DRIVERS\sisagp.sys [2009-07-14 52304]
S3 SRS_PremiumSound_Service;SRS Labs Premium Sound; C:\Windows\system32\drivers\srs_PremiumSound_i386.sys [2009-04-01 233128]
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2009-07-14 35840]
S3 viaagp;VIA AGP Bus Filter; C:\Windows\system32\DRIVERS\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2009-07-14 34944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ASLDRService;ASLDR Service; D:\Programy\ASLDRSrv.exe [2009-06-15 84536]
R2 EPSON_PM_RPCV4_01;EPSON V3 Service4(01); C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE [2007-01-11 113664]
R2 MsMpSvc;Microsoft Antimalware Service; C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe [2010-11-11 11736]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2009-08-15 211488]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-08-18 1529728]
R3 NisSrv;@C:\Program Files\Microsoft Security Client\Antimalware\MpAsDesc.dll,-243; C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 206360]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2011-04-05 136176]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2011-04-05 136176]
S3 IQZNUDXIK;IQZNUDXIK; C:\Users\Pavel\AppData\Local\Temp\IQZNUDXIK.exe [2011-06-16 420736]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 65888]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2011-02-12 1343400]
S3 WHZFDWJUAF;WHZFDWJUAF; C:\Users\Pavel\AppData\Local\Temp\WHZFDWJUAF.exe [2011-06-16 396160]
S4 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe [2009-07-29 935208]

-----------------EOF-----------------

info.txt logfile of random's system information tool 1.08 2011-06-17 22:15:42

======Uninstall list======

Update for Microsoft Office 2007 (KB2508958)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}
-->MsiExec /X{F9835182-794B-4F24-902A-E2CA9D43380F}
2011 Michal Seps-->"C:\Windows\2011 Michal Seps Uninstaller\unins000.exe"
Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\FlashUtil10p_ActiveX.exe -maintain activex
Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\FlashUtil10q_Plugin.exe -maintain plugin
Adobe Reader 9.4.4 - Czech-->MsiExec.exe /I{AC76BA86-7AD7-1029-7B44-A94000000001}
Advertising Center-->MsiExec.exe /X{b2ec4a38-b545-4a00-8214-13fe0e915e6d}
Aktualizace produktu Microsoft Office Excel 2007 Help (KB963678)-->msiexec /package {90120000-0016-0405-0000-0000000FF1CE} /uninstall {0A1FAC46-B899-421D-B1A2-470896DC45DB}
Aktualizace produktu Microsoft Office Powerpoint 2007 Help (KB963669)-->msiexec /package {90120000-0018-0405-0000-0000000FF1CE} /uninstall {5260BB53-C1F7-4A3B-9AEB-3EC9B37FF194}
Aktualizace produktu Microsoft Office Word 2007 Help (KB963665)-->msiexec /package {90120000-001B-0405-0000-0000000FF1CE} /uninstall {E68DD413-B834-4923-8181-0A03B7555187}
ASUS LifeFrame3-->MsiExec.exe /I{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}
ASUS Power4Gear Hybrid-->MsiExec.exe /I{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}
aTube Catcher-->D:\Programy\aTube Catcher 2.0\uninstall.exe
DAEMON Tools Lite-->D:\Programy\DAEMON Tools Lite\uninst.exe
DolbyFiles-->MsiExec.exe /X{b1adf008-e898-4fe2-8a1f-690d9a06acaf}
Google Earth-->MsiExec.exe /X{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Grand Theft Auto IV-->"C:\Program Files\InstallShield Installation Information\{579BA58C-F33D-4970-9953-B94B43768AC3}\setup.exe" -runfromtemp -l0x0009 -removeonly
ICQ7.5-->"C:\Program Files\InstallShield Installation Information\{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}\ICQ7.exe" -runfromtemp -l0x0009 -removeonly
InCD Help-->MsiExec.exe /X{b86754dd-2ddb-4ac0-9015-cb487277254e}
Java(TM) 6 Update 24-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216024FF}
MediaInfo 0.7.44-->D:\Programy\MediaInfo\uninst.exe
Metin2-->"D:\Hry\Metin2\unins000.exe"
Microsoft .NET Framework 4 Client Profile CSY Language Pack-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\ClientLP\Setup.exe /repair /x86 /lcid 1029 /parameterfolder ClientLP
Microsoft .NET Framework 4 Client Profile CSY Language Pack-->MsiExec.exe /X{7036A6F4-5DAD-3908-956D-1752CD7F7E5A}
Microsoft .NET Framework 4 Client Profile-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\Setup.exe /repair /x86 /parameterfolder Client
Microsoft .NET Framework 4 Client Profile-->MsiExec.exe /X{3C3901C5-3455-3E0A-A214-0B093A5070A6}
Microsoft Antimalware Service CS-CZ Language Pack-->MsiExec.exe /X{F6197679-051D-4E3E-9757-4D5CDA6D658B}
Microsoft Antimalware-->MsiExec.exe /X{774088D4-0777-4D78-904D-E435B318F5D2}
Microsoft Games for Windows - LIVE Redistributable-->MsiExec.exe /X{F2508213-9989-4E85-A078-72BE483917EF}
Microsoft Games for Windows Marketplace-->MsiExec.exe /X{4CB0307C-565E-4441-86BE-0DF2E4FB828C}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0015-0405-0000-0000000FF1CE} /uninstall {1FC5BC34-0301-40D2-9432-05BA220277B8}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0016-0405-0000-0000000FF1CE} /uninstall {1FC5BC34-0301-40D2-9432-05BA220277B8}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0018-0405-0000-0000000FF1CE} /uninstall {1FC5BC34-0301-40D2-9432-05BA220277B8}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0019-0405-0000-0000000FF1CE} /uninstall {1FC5BC34-0301-40D2-9432-05BA220277B8}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001A-0405-0000-0000000FF1CE} /uninstall {1FC5BC34-0301-40D2-9432-05BA220277B8}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001B-0405-0000-0000000FF1CE} /uninstall {1FC5BC34-0301-40D2-9432-05BA220277B8}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0044-0405-0000-0000000FF1CE} /uninstall {1FC5BC34-0301-40D2-9432-05BA220277B8}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-0405-0000-0000000FF1CE} /uninstall {E12F9D31-4025-4BC6-B1B2-AB262C5580B0}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00A1-0405-0000-0000000FF1CE} /uninstall {1FC5BC34-0301-40D2-9432-05BA220277B8}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00BA-0405-0000-0000000FF1CE} /uninstall {1FC5BC34-0301-40D2-9432-05BA220277B8}
Microsoft Office Access MUI (Czech) 2007-->MsiExec.exe /X{90120000-0015-0405-0000-0000000FF1CE}
Microsoft Office Enterprise 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (Czech) 2007-->MsiExec.exe /X{90120000-0016-0405-0000-0000000FF1CE}
Microsoft Office Groove MUI (Czech) 2007-->MsiExec.exe /X{90120000-00BA-0405-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (Czech) 2007-->MsiExec.exe /X{90120000-0044-0405-0000-0000000FF1CE}
Microsoft Office OneNote MUI (Czech) 2007-->MsiExec.exe /X{90120000-00A1-0405-0000-0000000FF1CE}
Microsoft Office Outlook MUI (Czech) 2007-->MsiExec.exe /X{90120000-001A-0405-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (Czech) 2007-->MsiExec.exe /X{90120000-0018-0405-0000-0000000FF1CE}
Microsoft Office Proof (Czech) 2007-->MsiExec.exe /X{90120000-001F-0405-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Slovak) 2007-->MsiExec.exe /X{90120000-001F-041B-0000-0000000FF1CE}
Microsoft Office Proofing (Czech) 2007-->MsiExec.exe /X{90120000-002C-0405-0000-0000000FF1CE}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0405-0000-0000000FF1CE} /uninstall {294B4278-CF7B-40B9-86A1-2D3FF0C2C524}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {A0516415-ED61-419A-981D-93596DA74165}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-041B-0000-0000000FF1CE} /uninstall {10EC59E5-9BCE-4884-BB1A-E28627220232}
Microsoft Office Publisher MUI (Czech) 2007-->MsiExec.exe /X{90120000-0019-0405-0000-0000000FF1CE}
Microsoft Office Shared MUI (Czech) 2007-->MsiExec.exe /X{90120000-006E-0405-0000-0000000FF1CE}
Microsoft Office Word MUI (Czech) 2007-->MsiExec.exe /X{90120000-001B-0405-0000-0000000FF1CE}
Microsoft Security Client CS-CZ Language Pack-->MsiExec.exe /I{859B9BCA-5376-4566-9F88-C6C9DAA7A925}
Microsoft Security Client-->MsiExec.exe /I{77A776C4-D10F-416D-88F0-53F2D9DCD9B3}
Microsoft Security Essentials-->C:\Program Files\Microsoft Security Client\Setup.exe /x
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570-->MsiExec.exe /X{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161-->MsiExec.exe /X{9BE518E6-ECC6-35A9-88E4-87755C07200F}
Mozilla Firefox 4.0 (x86 cs)-->D:\Programy\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
Nero 9 Essentials-->C:\Program Files\Common Files\Nero\Nero ProductInstaller 4\SetupX.exe REMOVESERIALNUMBER="2M0M-K08C-2LTT-MKWH-MM4K-6767-6TT9-C0XM-U6EE-P288-08EX-HU66-4602-2WM2-0LCE-M69L-L0CA-225W-213L-392Z-4UA0-1U89-3T7H-884M-774W-3C00"
Nero BurnRights Help-->MsiExec.exe /X{f6bdd7c5-89ed-4569-9318-469aa9732572}
Nero BurnRights-->MsiExec.exe /X{7829db6f-a066-4e40-8912-cb07887c20bb}
Nero ControlCenter-->MsiExec.exe /X{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}
Nero ControlCenter-->MsiExec.exe /X{f4041dce-3fe1-4e18-8a9e-9de65231ee36}
Nero CoverDesigner Help-->MsiExec.exe /X{ce96f5a5-584d-4f8f-aa3e-9baed413db72}
Nero CoverDesigner-->MsiExec.exe /X{62ac81f6-bdd3-4110-9d36-3e9eaab40999}
Nero Disc Copy Gadget Help-->MsiExec.exe /X{60c731fb-c951-41ce-ad41-8e54c8594609}
Nero Disc Copy Gadget-->MsiExec.exe /X{f1861f30-3419-44db-b2a1-c274825698b3}
Nero DiscSpeed Help-->MsiExec.exe /X{cc019e3f-59d2-4486-8d4b-878105b62a71}
Nero DiscSpeed-->MsiExec.exe /X{869200db-287a-4dc0-b02b-2b6787fbcd4c}
Nero DriveSpeed Help-->MsiExec.exe /X{e5c7d048-f9b4-4219-b323-8bdb01a2563d}
Nero DriveSpeed-->MsiExec.exe /X{33cf58f5-48d8-4575-83d6-96f574e4d83a}
Nero Express Help-->MsiExec.exe /X{83202942-84b3-4c50-8622-b8c0aa2d2885}
Nero InfoTool Help-->MsiExec.exe /X{20400dbd-e6db-45b8-9b6b-1dd7033818ec}
Nero InfoTool-->MsiExec.exe /X{fbcdfd61-7dcf-4e71-9226-873ba0053139}
Nero Installer-->MsiExec.exe /X{e8a80433-302b-4ff1-815d-fcc8eac482ff}
Nero Online Upgrade-->MsiExec.exe /X{dba84796-8503-4ff0-af57-1747dd9a166d}
Nero PhotoSnap Help-->MsiExec.exe /X{1c00c7c5-e615-4139-b817-7f4003de68c0}
Nero PhotoSnap-->MsiExec.exe /X{9e82b934-9a25-445b-b8df-8012808074ac}
Nero Recode Help-->MsiExec.exe /X{ad6bc5cc-2ef0-49c4-b33d-cdc8b2c4dc80}
Nero Recode-->MsiExec.exe /X{359cfc0a-beb1-440d-95ba-cf63a86da34f}
Nero ShowTime-->MsiExec.exe /X{02627ee5-eaca-4742-a9cc-e687631773e4}
Nero ShowTime-->MsiExec.exe /X{d9dcf92e-72eb-412d-ac71-3b01276e5f8b}
Nero StartSmart Help-->MsiExec.exe /X{2348b586-c9ae-46ce-936c-a68e9426e214}
Nero StartSmart OEM-->MsiExec.exe /X{4D43D635-6FDA-4fa5-AA9B-23CF73D058EA}
Nero StartSmart-->MsiExec.exe /X{7748ac8c-18e3-43bb-959b-088faea16fb2}
Nero Vision Help-->MsiExec.exe /X{5d9be3c1-8ba4-4e7e-82fd-9f74fa6815d1}
Nero Vision-->MsiExec.exe /X{43e39830-1826-415d-8bae-86845787b54b}
NeroExpress-->MsiExec.exe /X{595a3116-40bb-4e0f-a2e8-d7951da56270}
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
NVIDIA Drivers-->C:\Windows\system32\nvuninst.exe UninstallGUI
NVIDIA PhysX-->MsiExec.exe /X{F9835182-794B-4F24-902A-E2CA9D43380F}
Oracle VM VirtualBox 4.0.8-->MsiExec.exe /I{D0A42145-3A8A-45C1-BF07-7855A6E91020}
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -removeonly
Rockstar Games Social Club-->"C:\Program Files\InstallShield Installation Information\{08B3869E-D282-424C-9AFC-870E04A4BA14}\setup.exe" -runfromtemp -l0x0009 -removeonly
Samsung S5230 Wallpaper Creator-->MsiExec.exe /I{88BFE745-3D1F-4B80-8C40-E626E5A8E613}
Security Update for 2007 Microsoft Office System (KB2288621)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {5C497F0B-2061-4CC9-A61C-6B45B867354D}
Security Update for 2007 Microsoft Office System (KB2288931)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {CD769337-C8AC-46DB-A7DC-643E50089263}
Security Update for 2007 Microsoft Office System (KB2345043)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {536FB502-775F-4494-BACE-C02CC90B7A5B}
Security Update for 2007 Microsoft Office System (KB2509488)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {AD0DE453-0804-4495-9C91-33D0F9AA5463}
Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
Security Update for 2007 Microsoft Office System (KB976321)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {7F207DCA-3399-40CB-A968-6E5991B1421A}
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {3E0806DB-3085-378A-840A-F0D3AE3609D1} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {728D9A6A-2206-31E8-9F65-C3EABEFCF53E} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {2CE2EB39-45C8-32D4-8A99-5529C38F1B99} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile CSY Language Pack (KB2478663)-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\ClientLP\setup.exe /uninstallpatch {728D9A6A-2206-31E8-9F65-C3EABEFCF53E} /parameterfolder ClientLP
Security Update for Microsoft .NET Framework 4 Client Profile CSY Language Pack (KB2518870)-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\ClientLP\setup.exe /uninstallpatch {2CE2EB39-45C8-32D4-8A99-5529C38F1B99} /parameterfolder ClientLP
Security Update for Microsoft Office 2007 System (KB2541012)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {CD907315-705A-4475-A1A0-2A1245803E4D}
Security Update for Microsoft Office Access 2007 (KB979440)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {1142CCEC-ACA9-484B-BA90-C3A5CA1988C5}
Security Update for Microsoft Office Access 2007 (KB979440)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {5A4E43D5-858F-49BD-BA72-8F30E1793060}
Security Update for Microsoft Office Excel 2007 (KB2541007)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {A0173254-F442-4D04-9154-43FA157B83D0}
Security Update for Microsoft Office Groove 2007 (KB2494047)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {B91E2AEC-7F93-4E33-ACF6-EC90640CBE4F}
Security Update for Microsoft Office InfoPath 2007 (KB2510061)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {5D930261-AA5B-48D1-931F-425C9D767490}
Security Update for Microsoft Office InfoPath 2007 (KB979441)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {1109D0B3-EFA3-4553-AAED-4C3E9AD130E8}
Security Update for Microsoft Office InfoPath 2007 (KB979441)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {8CCB781A-CF6B-4FCB-B6D8-59C64DF5C6DB}
Security Update for Microsoft Office PowerPoint 2007 (KB2535818)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {8588DD11-6BD7-4400-B55C-DD5AB74B43E1}
Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {D75E6D0C-BADF-4F41-98B2-0C0F02C15062}
Security Update for Microsoft Office Publisher 2007 (KB2284697)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {3A4CDE54-2403-483D-8D9A-15E3264410DF}
Security Update for Microsoft Office system 2007 (972581)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {3D019598-7B59-447A-80AE-815B703B84FF}
Security Update for Microsoft Office system 2007 (KB974234)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {FCD742B9-7A55-44BC-A776-F795F21FEDDC}
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {71127777-8B2C-4F97-AF7A-6CF8CAC8224D}
Security Update for Microsoft Office Word 2007 (KB2344993)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {7A5B74FA-7A92-4FC9-821A-2DD5D4E73E48}
Shrek 2-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{7774A6A9-CE0D-4544-9A29-84351BAE184A}
Skype™ 5.1-->MsiExec.exe /X{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}
Software tiskárny EPSON-->C:\Windows\system32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
Sophos Anti-Rootkit 1.5.0-->D:\antiroot\helper.exe remove
SRS Premium Sound Control Panel-->MsiExec.exe /I{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}
Uninstall 1.0.0.1-->"C:\Program Files\Common Files\DVDVideoSoft\unins000.exe"
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for Microsoft Office 2007 System (KB2539530)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {0B4CEEAE-AA88-490C-BCB2-AAC3421981A4}
Update for Microsoft Office OneNote 2007 (KB980729)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {329050A9-EF80-40F9-B633-74508F54C1FF}
Update for Microsoft Office Outlook 2007 (KB2509470)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {1365864D-4C58-489D-9982-844D75691CCC}
Update for Outlook 2007 Junk Email Filter (KB2536413)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {95DF5260-331D-4FFD-A2D5-C64164751945}
USB 2.0 1.3M UVC WebCam-->C:\Windows\Uninstsxga.bat
VLC media player 1.1.10-->D:\Programy\VLC\uninstall.exe
Windows Live ID Sign-in Assistant-->MsiExec.exe /X{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
WinRAR-->C:\Program Files\WinRAR\uninstall.exe
World of Warcraft-->C:\Program Files\Common Files\Blizzard Entertainment\World of Warcraft\Uninstall.exe

======System event log======

Computer Name: 37L4247D28-05
Event Code: 7036
Message: Stav služby Distributed Link Tracking Client byl změněn na: stopped
Record Number: 5
Source Name: Service Control Manager
Time Written: 20090714045645.074339-000
Event Type: Informace
User:

Computer Name: 37L4247D28-05
Event Code: 7036
Message: Stav služby Security Center byl změněn na: stopped
Record Number: 4
Source Name: Service Control Manager
Time Written: 20090714045645.074339-000
Event Type: Informace
User:

Computer Name: 37L4247D28-05
Event Code: 7036
Message: Stav služby Desktop Window Manager Session Manager byl změněn na: stopped
Record Number: 3
Source Name: Service Control Manager
Time Written: 20090714045645.074339-000
Event Type: Informace
User:

Computer Name: 37L4247D28-05
Event Code: 7036
Message: Stav služby Diagnostic Policy Service byl změněn na: stopped
Record Number: 2
Source Name: Service Control Manager
Time Written: 20090714045645.074339-000
Event Type: Informace
User:

Computer Name: 37L4247D28-05
Event Code: 7036
Message: Stav služby Microsoft Software Shadow Copy Provider byl změněn na: stopped
Record Number: 1
Source Name: Service Control Manager
Time Written: 20090714045645.074339-000
Event Type: Informace
User:

=====Application event log=====

Computer Name: 37L4247D28-05
Event Code: 1001
Message: Chybný blok , typ 0
Název události: PnPDriverNotFound
Reakce: Není k dispozici
ID souboru CAB: 0

Podpis problému:
P1: x86
P2: ACPI\ATK0100
P3:
P4:
P5:
P6:
P7:
P8:
P9:
P10:

Připojené soubory:
C:\Windows\Temp\DMI82A6.tmp.log.xml

Tyto soubory mohou být k dispozici zde:
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_x86_e3aed78fa5326e284d9379e9e532681a71d64aea_cab_072d8342

Symbol analýzy:
Opětovné hledání řešení: 0
ID hlášení: 34383340-360d-11e0-8a49-ed1b27063b1d
Stav hlášení: 6
Record Number: 5
Source Name: Windows Error Reporting
Time Written: 20110211183157.000000-000
Event Type: Informace
User:

Computer Name: 37L4247D28-05
Event Code: 5617
Message: Windows Management Instrumentation Service subsystems initialized successfully
Record Number: 4
Source Name: Microsoft-Windows-WMI
Time Written: 20110211183120.000000-000
Event Type: Informace
User:

Computer Name: 37L4247D28-05
Event Code: 5615
Message: Windows Management Instrumentation Service started sucessfully
Record Number: 3
Source Name: Microsoft-Windows-WMI
Time Written: 20110211183118.000000-000
Event Type: Informace
User:

Computer Name: 37L4247D28-05
Event Code: 1531
Message: Služba Profil uživatele byla úspěšně spuštěna.


Record Number: 2
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20110211183115.800400-000
Event Type: Informace
User: NT AUTHORITY\SYSTEM

Computer Name: 37L4247D28-05
Event Code: 4625
Message: Subsystém EventSystem zabraňuje vytváření duplicitních záznamů v protokolu událostí po dobu 86400 sekund. Tuto dobu lze změnit pomocí hodnoty REG_DWORD s názvem SuppressDuplicateDuration v následujícím klíči registru: HKLM\Software\Microsoft\EventSystem\EventLog.
Record Number: 1
Source Name: Microsoft-Windows-EventSystem
Time Written: 20110211183115.000000-000
Event Type: Informace
User:

=====Security event log=====

Computer Name: 37L4247D28-05
Event Code: 4672
Message: Novému přihlášení byla přiřazena zvláštní oprávnění.

Předmět:
ID zabezpečení: S-1-5-18
Název účtu: SYSTEM
Doména účtu: NT AUTHORITY
ID přihlášení: 0x3e7

Oprávnění: SeAssignPrimaryTokenPrivilege
SeTcbPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege
Record Number: 5
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20110211183059.248800-000
Event Type: Úspěšný audit
User:

Computer Name: 37L4247D28-05
Event Code: 4624
Message: Účet byl úspěšně přihlášen.

Předmět:
ID zabezpečení: S-1-5-18
Název účtu: 37L4247D28-05$
Doména účtu: WORKGROUP
ID přihlášení: 0x3e7

Typ přihlášení: 5

Nové přihlášení:
ID zabezpečení: S-1-5-18
Název účtu: SYSTEM
Doména účtu: NT AUTHORITY
ID přihlášení: 0x3e7
GUID přihlášení: {00000000-0000-0000-0000-000000000000}

Informace o procesu:
ID procesu: 0x1bc
Název procesu: C:\Windows\System32\services.exe

Informace o síti:
Název pracovní stanice:
Adresa zdrojové sítě -
Zdrojový port: -

Podrobné informace o ověření:
Proces přihlášení: Advapi
Balíček ověření: Negotiate
Přenosové služby: -
Název balíčku (pouze NTLM): -
Délka klíče: 0

Tato událost je generována po vytvoření relace přihlášení. Je generována v počítači, ke kterému byl získán přístup.

Pole s předmětem označují účet v místním systému, který požadoval přihlášení. Jedná se nejčastěji o službu, například službu serveru nebo místní proces, například Winlogon.exe nebo Services.exe.

Pole Typ přihlášení označuje, k jakému typu přihlášení došlo. Nejběžnější typy jsou 2 (interaktivní) a 3 (síť).

Pole Nové přihlášení označují účet, pro který bylo nové přihlášení vytvořeno, tj. účet, který byl přihlášen.

Pole Síť označují původ požadavku na vzdálené přihlášení. Název pracovní stanice není vždy k dispozici a v některých případech může být toto pole prázdné.

Pole s informacemi o ověření poskytují podrobné informace o tomto konkrétním požadavku na přihlášení.
- GUID přihlášení je jednoznačný identifikátor, který je možné použít ke spojení této události s událostí KDC.
- Přenosové služby označují, které pomocné služby se podílely na tomto požadavku na přihlášení.
- Název balíčku označuje, který dílčí protokol z protokolů NTLM byl použit.
- Délka klíče označuje délku generovaného klíče relace. Tato hodnota bude 0, pokud nebyl požadován žádný klíč relace.
Record Number: 4
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20110211183059.248800-000
Event Type: Úspěšný audit
User:

Computer Name: 37L4247D28-05
Event Code: 4902
Message: Tabulka zásad auditu pro jednotlivé uživatele byla vytvořena.

Počet prvků: 0
ID zásady: 0x22a95
Record Number: 3
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20110211183053.398800-000
Event Type: Úspěšný audit
User:

Computer Name: 37L4247D28-05
Event Code: 4624
Message: Účet byl úspěšně přihlášen.

Předmět:
ID zabezpečení: S-1-0-0
Název účtu: -
Doména účtu: -
ID přihlášení: 0x0

Typ přihlášení: 0

Nové přihlášení:
ID zabezpečení: S-1-5-18
Název účtu: SYSTEM
Doména účtu: NT AUTHORITY
ID přihlášení: 0x3e7
GUID přihlášení: {00000000-0000-0000-0000-000000000000}

Informace o procesu:
ID procesu: 0x4
Název procesu:

Informace o síti:
Název pracovní stanice: -
Adresa zdrojové sítě -
Zdrojový port: -

Podrobné informace o ověření:
Proces přihlášení: -
Balíček ověření: -
Přenosové služby: -
Název balíčku (pouze NTLM): -
Délka klíče: 0

Tato událost je generována po vytvoření relace přihlášení. Je generována v počítači, ke kterému byl získán přístup.

Pole s předmětem označují účet v místním systému, který požadoval přihlášení. Jedná se nejčastěji o službu, například službu serveru nebo místní proces, například Winlogon.exe nebo Services.exe.

Pole Typ přihlášení označuje, k jakému typu přihlášení došlo. Nejběžnější typy jsou 2 (interaktivní) a 3 (síť).

Pole Nové přihlášení označují účet, pro který bylo nové přihlášení vytvořeno, tj. účet, který byl přihlášen.

Pole Síť označují původ požadavku na vzdálené přihlášení. Název pracovní stanice není vždy k dispozici a v některých případech může být toto pole prázdné.

Pole s informacemi o ověření poskytují podrobné informace o tomto konkrétním požadavku na přihlášení.
- GUID přihlášení je jednoznačný identifikátor, který je možné použít ke spojení této události s událostí KDC.
- Přenosové služby označují, které pomocné služby se podílely na tomto požadavku na přihlášení.
- Název balíčku označuje, který dílčí protokol z protokolů NTLM byl použit.
- Délka klíče označuje délku generovaného klíče relace. Tato hodnota bude 0, pokud nebyl požadován žádný klíč relace.
Record Number: 2
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20110211183052.384800-000
Event Type: Úspěšný audit
User:

Computer Name: 37L4247D28-05
Event Code: 4608
Message: Spouští se systém Windows.

Tato událost je zaznamenána při spuštění procesu LSASS.EXE a inicializaci kontrolního podsystému.
Record Number: 1
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20110211183052.338000-000
Event Type: Úspěšný audit
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=C:\Program Files\NVIDIA Corporation\PhysX\Common;%CommonProgramFiles%\Microsoft Shared\Windows Live;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\
"NUMBER_OF_PROCESSORS"=2
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 13, GenuineIntel
"PROCESSOR_REVISION"=0f0d
"RGSCLauncher"=D:\Hry\GTA\Rockstar Games Social Club
"RGSC"=D:\Hry\GTA\Rockstar Games Social Club\1_0_0_0
"VBOX_INSTALL_PATH"=C:\Program Files\Oracle\VirtualBox\

-----------------EOF-----------------

[Rudy]

Toto je OK. Ještě poprosím o log z ComboFix.

Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se

jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine

aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode,

pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k

nezadoucim kolizim s rezidentem antispyware

[savetr]

tady to je jinak zatim diky moc


ComboFix 11-06-17.04 - Pavel 17.06.2011 23:59:13.1.2 - x86
Microsoft Windows 7 Home Premium 6.1.7600.0.1250.420.1029.18.3583.2407 [GMT 2:00]
Spuštěný z: c:\users\Pavel\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-05-17 do 2011-06-17 )))))))))))))))))))))))))))))))
.
.
2011-06-17 22:04 . 2011-06-17 22:04 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-06-17 20:15 . 2011-06-17 20:15 -------- d-----w- C:\rsit
2011-06-17 20:15 . 2011-06-17 20:15 -------- d-----w- c:\program files\trend micro
2011-06-17 13:31 . 2011-06-17 13:31 28752 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F15588FD-EDD8-43E4-A214-7A56DE5FC64B}\MpKsl9db9fa9f.sys
2011-06-17 13:30 . 2011-05-09 11:46 6962000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F15588FD-EDD8-43E4-A214-7A56DE5FC64B}\mpengine.dll
2011-06-16 18:46 . 2009-06-18 10:55 18816 ------w- c:\windows\system32\SAVRKBootTasks.sys
2011-06-16 18:10 . 2011-05-04 09:36 27192 ----a-w- c:\windows\system32\drivers\rspSanity32.sys
2011-06-16 05:14 . 2011-04-25 15:29 141104 ----a-w- c:\program files\Internet Explorer\sqmapi.dll
2011-06-16 05:14 . 2011-04-22 23:25 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-06-16 05:14 . 2011-04-22 23:35 1797632 ----a-w- c:\windows\system32\jscript9.dll
2011-06-16 04:21 . 2011-04-29 02:57 311296 ----a-w- c:\windows\system32\drivers\srv.sys
2011-06-16 04:21 . 2011-04-29 02:57 309760 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-06-16 04:21 . 2011-04-29 02:57 114176 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-06-16 04:21 . 2011-04-25 04:56 1286016 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-06-16 04:21 . 2011-04-25 02:35 338944 ----a-w- c:\windows\system32\drivers\afd.sys
2011-06-16 04:21 . 2010-12-18 05:31 571904 ----a-w- c:\windows\system32\oleaut32.dll
2011-06-16 04:21 . 2011-04-27 02:33 78336 ----a-w- c:\windows\system32\drivers\dfsc.sys
2011-06-16 04:21 . 2011-05-03 04:50 740864 ----a-w- c:\windows\system32\inetcomm.dll
2011-06-16 04:21 . 2011-05-04 02:43 222720 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-06-16 04:21 . 2011-05-04 02:43 96256 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-06-16 04:21 . 2011-05-04 02:43 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-06-12 18:46 . 2011-05-09 11:46 6962000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-06-10 16:58 . 2011-06-15 17:35 -------- d-----w- c:\users\Pavel\AppData\Roaming\vlc
2011-06-10 04:07 . 2011-06-10 04:07 439632 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2ECF932E-7D6F-4B7C-AC9C-02F7BED17B86}\gapaengine.dll
2011-06-10 03:53 . 2011-06-10 03:54 -------- d-----w- c:\program files\Microsoft Security Client
2011-06-10 03:53 . 2010-04-09 07:24 240008 ----a-w- c:\windows\system32\drivers\netio.sys
2011-06-07 12:16 . 2011-06-07 12:16 -------- d-----w- c:\users\Pavel\VirtualBox VMs
2011-06-07 12:14 . 2011-06-09 14:34 -------- d-----w- c:\users\Pavel\.VirtualBox
2011-06-07 12:12 . 2011-05-16 17:01 162544 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys
2011-06-07 12:12 . 2011-06-07 12:12 -------- dc----w- c:\windows\system32\DRVSTORE
2011-06-07 12:12 . 2011-05-16 17:01 44720 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys
2011-06-07 12:12 . 2011-06-07 12:12 -------- d-----w- c:\program files\Oracle
2011-06-01 16:24 . 2011-06-01 16:34 -------- d-----w- c:\program files\Sony Ericsson
2011-05-27 21:59 . 2011-04-29 10:33 2871968 ----a-w- c:\windows\IS_FLOCX.exe
2011-05-27 21:59 . 2011-05-27 21:59 -------- d-----w- c:\windows\2011 Michal Seps Uninstaller
2011-05-27 21:59 . 2011-05-02 06:51 20288643 ----a-w- c:\windows\2011 Michal Seps.scr
2011-05-26 18:17 . 2011-05-26 18:17 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-25 03:37 . 2011-04-22 19:36 26496 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2011-05-22 12:06 . 2011-05-22 12:06 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\Markup.dll
2011-05-22 12:06 . 2011-05-22 12:06 484160 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2011-05-19 05:04 . 2011-04-09 05:56 123904 ----a-w- c:\windows\system32\poqexec.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-24 13:56 . 2011-05-15 14:51 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2011-05-16 17:01 . 2011-05-16 17:01 122224 ----a-w- c:\windows\system32\drivers\VBoxNetFlt.sys
2011-05-16 17:01 . 2011-05-16 17:01 111280 ----a-w- c:\windows\system32\drivers\VBoxNetAdp.sys
2011-05-16 17:00 . 2011-05-16 17:00 135472 ----a-w- c:\windows\system32\VBoxNetFltNotify.dll
2011-05-15 14:51 . 2011-05-15 14:51 484160 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-05-11 17:22 . 2011-05-11 17:22 348160 ----a-w- c:\windows\system32\Msvcr71.dll
2011-05-11 17:22 . 2011-05-11 17:22 1700352 ----a-w- c:\windows\system32\gdiplus.dll
2011-05-11 17:22 . 2011-05-11 17:22 1060864 ----a-w- c:\windows\system32\mfc71.dll
2011-05-11 17:20 . 2011-05-11 17:20 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2011-04-15 20:01 . 2011-04-15 20:01 86528 ----a-w- c:\windows\system32\iesysprep.dll
2011-04-15 20:01 . 2011-04-15 20:01 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-04-15 20:01 . 2011-04-15 20:01 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-04-15 20:01 . 2011-04-15 20:01 63488 ----a-w- c:\windows\system32\tdc.ocx
2011-04-15 20:01 . 2011-04-15 20:01 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-04-15 20:01 . 2011-04-15 20:01 367104 ----a-w- c:\windows\system32\html.iec
2011-04-15 20:01 . 2011-04-15 20:01 161792 ----a-w- c:\windows\system32\msls31.dll
2011-04-15 20:01 . 2011-04-15 20:01 1126912 ----a-w- c:\windows\system32\wininet.dll
2011-04-15 20:01 . 2011-04-15 20:01 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-04-15 20:01 . 2011-04-15 20:01 74752 ----a-w- c:\windows\system32\iesetup.dll
2011-04-15 20:01 . 2011-04-15 20:01 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-04-15 20:01 . 2011-04-15 20:01 35840 ----a-w- c:\windows\system32\imgutil.dll
2011-04-15 20:01 . 2011-04-15 20:01 23552 ----a-w- c:\windows\system32\licmgr10.dll
2011-04-15 20:01 . 2011-04-15 20:01 152064 ----a-w- c:\windows\system32\wextract.exe
2011-04-15 20:01 . 2011-04-15 20:01 150528 ----a-w- c:\windows\system32\iexpress.exe
2011-04-15 20:01 . 2011-04-15 20:01 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2011-04-15 20:01 . 2011-04-15 20:01 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2011-04-15 20:01 . 2011-04-15 20:01 11776 ----a-w- c:\windows\system32\mshta.exe
2011-04-15 20:01 . 2011-04-15 20:01 101888 ----a-w- c:\windows\system32\admparse.dll
2011-04-09 16:55 . 2011-04-09 16:55 15453336 ----a-w- c:\windows\system32\xlive.dll
2011-04-09 16:55 . 2011-04-09 16:55 13642904 ----a-w- c:\windows\system32\xlivefnt.dll
2011-04-09 06:13 . 2011-05-11 17:00 3957632 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-04-09 06:13 . 2011-05-11 17:00 3901824 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-03-25 03:06 . 2011-05-11 17:00 258560 ----a-w- c:\windows\system32\drivers\usbhub.sys
2011-03-25 03:06 . 2011-05-11 17:00 284160 ----a-w- c:\windows\system32\drivers\usbport.sys
2011-03-25 03:06 . 2011-05-11 17:00 75776 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2011-03-25 03:06 . 2011-05-11 17:00 43008 ----a-w- c:\windows\system32\drivers\usbehci.sys
2011-03-25 03:06 . 2011-05-11 17:00 20480 ----a-w- c:\windows\system32\drivers\usbohci.sys
2011-03-25 03:06 . 2011-05-11 17:00 24064 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2011-03-25 03:06 . 2011-05-11 17:00 5888 ----a-w- c:\windows\system32\drivers\usbd.sys
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-08-15 13797920]
"HControlUser"="d:\programy\HControlUser.exe" [2009-06-19 105016]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-09-11 7739936]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
SRS Premium Sound.lnk - c:\windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut4_E9C83B3EDF9141A39DA5EC05C79BBB91.exe [2011-2-16 156880]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-20 22:07 932288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-01-31 08:44 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2011-01-20 09:20 1305408 ----a-w- d:\programy\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2011-02-11 22:16 136176 ----atw- c:\users\Pavel\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RGSC]
2008-11-14 12:35 305064 ----a-r- d:\hry\GTA\Rockstar Games Social Club\RGSCLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-10-29 13:49 249064 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-04-05 136176]
R3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-04-05 136176]
R3 IQZNUDXIK;IQZNUDXIK;c:\users\Pavel\AppData\Local\Temp\IQZNUDXIK.exe [x]
R3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\2B25.tmp [x]
R3 rspSanity;rspSanity;c:\windows\system32\DRIVERS\rspSanity32.sys [2011-05-04 27192]
R3 SRS_PremiumSound_Service;SRS Labs Premium Sound;c:\windows\system32\drivers\srs_PremiumSound_i386.sys [2009-04-01 233128]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2011-02-12 1343400]
R3 WHZFDWJUAF;WHZFDWJUAF;c:\users\Pavel\AppData\Local\Temp\WHZFDWJUAF.exe [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-02-12 218688]
S1 MpKsl9db9fa9f;MpKsl9db9fa9f;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F15588FD-EDD8-43E4-A214-7A56DE5FC64B}\MpKsl9db9fa9f.sys [2011-06-17 28752]
S1 SAVRKBootTasks;Boot Tasks Driver;c:\windows\system32\SAVRKBootTasks.sys [2009-06-18 18816]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [2011-05-16 162544]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [2011-05-16 44720]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-10-24 43392]
S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2010-10-24 54144]
S3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 206360]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2011-02-11 64032]
S3 RTL8167;Ovladač Realtek 8167 NT;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2011-05-16 111280]
S3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [2011-05-16 122224]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - MPKSL9DB9FA9F
.
Obsah adresáře 'Naplánované úlohy'
.
2011-06-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-04-05 14:22]
.
2011-06-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-04-05 14:22]
.
2011-06-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2734244089-3060300865-4267197301-1001Core.job
- c:\users\Pavel\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-11 22:16]
.
2011-06-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2734244089-3060300865-4267197301-1001UA.job
- c:\users\Pavel\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-11 22:16]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://seznam.cz/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Free YouTube to MP3 Converter - c:\users\Pavel\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files\ICQ7.5\ICQ.exe
TCP: DhcpNameServer = 193.168.1.1
FF - ProfilePath - c:\users\Pavel\AppData\Roaming\Mozilla\Firefox\Profiles\wozofu9e.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4dd3ee51&v=7.004.022.004&i=26&tp=ab&iy=&ychte=us&lng=cs&q=
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
URLSearchHooks-{A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
URLSearchHooks-{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - (no file)
WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\2B25.tmp"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'Explorer.exe'(3964)
c:\program files\Nero\Nero 9\Nero CoverDesigner\CoverEdExtension.dll
c:\windows\system32\CmdLineExt.dll
.
Celkový čas: 2011-06-18 00:06:58
ComboFix-quarantined-files.txt 2011-06-17 22:06
.
Před spuštěním: Volných bajtů: 93 941 055 488
Po spuštění: Volných bajtů: 93 992 775 680
.
- - End Of File - - 77B19A799DB95FCFBF214002A4242194

[Rudy]

Otevřte poznámkový blok a zkopírujte do něj:

Collect::
c:\users\Pavel\AppData\Local\Temp\IQZNUDXIK.exe
c:\windows\system32\2B25.tmp

Driver::
IQZNUDXIK
MEMSWEEP2

Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.

[savetr]

Tady to je, a ještě bych chtěl říct že když spustím pc tak se zvuk nedá poslouchat vůbec trhá se to pořád. Asi tak po 10 minutách to začne trhat cca jen po půl minutě. těch 10 minut je využití procesou 100%

ComboFix 11-06-17.04 - Pavel 18.06.2011 13:39:58.2.2 - x86
Microsoft Windows 7 Home Premium 6.1.7600.0.1250.420.1029.18.3583.2417 [GMT 2:00]
Spuštěný z: c:\users\Pavel\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Pavel\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_MEMSWEEP2
-------\Service_IQZNUDXIK
-------\Service_MEMSWEEP2
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-05-18 do 2011-06-18 )))))))))))))))))))))))))))))))
.
.
2011-06-18 11:46 . 2011-06-18 11:46 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-06-18 11:38 . 2011-06-18 11:38 28752 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F15588FD-EDD8-43E4-A214-7A56DE5FC64B}\MpKslf27302e9.sys
2011-06-18 11:30 . 2011-06-18 11:30 28752 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F15588FD-EDD8-43E4-A214-7A56DE5FC64B}\MpKsl276fb1ba.sys
2011-06-17 20:15 . 2011-06-17 20:15 -------- d-----w- c:\program files\trend micro
2011-06-17 13:30 . 2011-05-09 11:46 6962000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F15588FD-EDD8-43E4-A214-7A56DE5FC64B}\mpengine.dll
2011-06-16 18:46 . 2009-06-18 10:55 18816 ------w- c:\windows\system32\SAVRKBootTasks.sys
2011-06-16 18:10 . 2011-05-04 09:36 27192 ----a-w- c:\windows\system32\drivers\rspSanity32.sys
2011-06-16 05:14 . 2011-04-25 15:29 141104 ----a-w- c:\program files\Internet Explorer\sqmapi.dll
2011-06-16 05:14 . 2011-04-22 23:25 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-06-16 05:14 . 2011-04-22 23:35 1797632 ----a-w- c:\windows\system32\jscript9.dll
2011-06-16 04:21 . 2011-04-29 02:57 311296 ----a-w- c:\windows\system32\drivers\srv.sys
2011-06-16 04:21 . 2011-04-29 02:57 309760 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-06-16 04:21 . 2011-04-29 02:57 114176 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-06-16 04:21 . 2011-04-25 04:56 1286016 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-06-16 04:21 . 2011-04-25 02:35 338944 ----a-w- c:\windows\system32\drivers\afd.sys
2011-06-16 04:21 . 2010-12-18 05:31 571904 ----a-w- c:\windows\system32\oleaut32.dll
2011-06-16 04:21 . 2011-04-27 02:33 78336 ----a-w- c:\windows\system32\drivers\dfsc.sys
2011-06-16 04:21 . 2011-05-03 04:50 740864 ----a-w- c:\windows\system32\inetcomm.dll
2011-06-16 04:21 . 2011-05-04 02:43 222720 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-06-16 04:21 . 2011-05-04 02:43 96256 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-06-16 04:21 . 2011-05-04 02:43 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-06-12 18:46 . 2011-05-09 11:46 6962000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-06-10 16:58 . 2011-06-15 17:35 -------- d-----w- c:\users\Pavel\AppData\Roaming\vlc
2011-06-10 04:07 . 2011-06-10 04:07 439632 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2ECF932E-7D6F-4B7C-AC9C-02F7BED17B86}\gapaengine.dll
2011-06-10 03:53 . 2011-06-10 03:54 -------- d-----w- c:\program files\Microsoft Security Client
2011-06-10 03:53 . 2010-04-09 07:24 240008 ----a-w- c:\windows\system32\drivers\netio.sys
2011-06-07 12:16 . 2011-06-07 12:16 -------- d-----w- c:\users\Pavel\VirtualBox VMs
2011-06-07 12:14 . 2011-06-09 14:34 -------- d-----w- c:\users\Pavel\.VirtualBox
2011-06-07 12:12 . 2011-05-16 17:01 162544 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys
2011-06-07 12:12 . 2011-06-07 12:12 -------- dc----w- c:\windows\system32\DRVSTORE
2011-06-07 12:12 . 2011-05-16 17:01 44720 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys
2011-06-07 12:12 . 2011-06-07 12:12 -------- d-----w- c:\program files\Oracle
2011-06-01 16:24 . 2011-06-01 16:34 -------- d-----w- c:\program files\Sony Ericsson
2011-05-27 21:59 . 2011-04-29 10:33 2871968 ----a-w- c:\windows\IS_FLOCX.exe
2011-05-27 21:59 . 2011-05-27 21:59 -------- d-----w- c:\windows\2011 Michal Seps Uninstaller
2011-05-27 21:59 . 2011-05-02 06:51 20288643 ----a-w- c:\windows\2011 Michal Seps.scr
2011-05-26 18:17 . 2011-05-26 18:17 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-25 03:37 . 2011-04-22 19:36 26496 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2011-05-22 12:06 . 2011-05-22 12:06 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\Markup.dll
2011-05-22 12:06 . 2011-05-22 12:06 484160 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-24 13:56 . 2011-05-15 14:51 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2011-05-16 17:01 . 2011-05-16 17:01 122224 ----a-w- c:\windows\system32\drivers\VBoxNetFlt.sys
2011-05-16 17:01 . 2011-05-16 17:01 111280 ----a-w- c:\windows\system32\drivers\VBoxNetAdp.sys
2011-05-16 17:00 . 2011-05-16 17:00 135472 ----a-w- c:\windows\system32\VBoxNetFltNotify.dll
2011-05-15 14:51 . 2011-05-15 14:51 484160 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-05-11 17:22 . 2011-05-11 17:22 348160 ----a-w- c:\windows\system32\Msvcr71.dll
2011-05-11 17:22 . 2011-05-11 17:22 1700352 ----a-w- c:\windows\system32\gdiplus.dll
2011-05-11 17:22 . 2011-05-11 17:22 1060864 ----a-w- c:\windows\system32\mfc71.dll
2011-05-11 17:20 . 2011-05-11 17:20 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2011-04-15 20:01 . 2011-04-15 20:01 86528 ----a-w- c:\windows\system32\iesysprep.dll
2011-04-15 20:01 . 2011-04-15 20:01 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-04-15 20:01 . 2011-04-15 20:01 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-04-15 20:01 . 2011-04-15 20:01 63488 ----a-w- c:\windows\system32\tdc.ocx
2011-04-15 20:01 . 2011-04-15 20:01 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-04-15 20:01 . 2011-04-15 20:01 367104 ----a-w- c:\windows\system32\html.iec
2011-04-15 20:01 . 2011-04-15 20:01 161792 ----a-w- c:\windows\system32\msls31.dll
2011-04-15 20:01 . 2011-04-15 20:01 1126912 ----a-w- c:\windows\system32\wininet.dll
2011-04-15 20:01 . 2011-04-15 20:01 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-04-15 20:01 . 2011-04-15 20:01 74752 ----a-w- c:\windows\system32\iesetup.dll
2011-04-15 20:01 . 2011-04-15 20:01 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-04-15 20:01 . 2011-04-15 20:01 35840 ----a-w- c:\windows\system32\imgutil.dll
2011-04-15 20:01 . 2011-04-15 20:01 23552 ----a-w- c:\windows\system32\licmgr10.dll
2011-04-15 20:01 . 2011-04-15 20:01 152064 ----a-w- c:\windows\system32\wextract.exe
2011-04-15 20:01 . 2011-04-15 20:01 150528 ----a-w- c:\windows\system32\iexpress.exe
2011-04-15 20:01 . 2011-04-15 20:01 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2011-04-15 20:01 . 2011-04-15 20:01 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2011-04-15 20:01 . 2011-04-15 20:01 11776 ----a-w- c:\windows\system32\mshta.exe
2011-04-15 20:01 . 2011-04-15 20:01 101888 ----a-w- c:\windows\system32\admparse.dll
2011-04-09 16:55 . 2011-04-09 16:55 15453336 ----a-w- c:\windows\system32\xlive.dll
2011-04-09 16:55 . 2011-04-09 16:55 13642904 ----a-w- c:\windows\system32\xlivefnt.dll
2011-04-09 06:13 . 2011-05-11 17:00 3957632 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-04-09 06:13 . 2011-05-11 17:00 3901824 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-04-09 05:56 . 2011-05-19 05:04 123904 ----a-w- c:\windows\system32\poqexec.exe
2011-03-25 03:06 . 2011-05-11 17:00 258560 ----a-w- c:\windows\system32\drivers\usbhub.sys
2011-03-25 03:06 . 2011-05-11 17:00 284160 ----a-w- c:\windows\system32\drivers\usbport.sys
2011-03-25 03:06 . 2011-05-11 17:00 75776 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2011-03-25 03:06 . 2011-05-11 17:00 43008 ----a-w- c:\windows\system32\drivers\usbehci.sys
2011-03-25 03:06 . 2011-05-11 17:00 20480 ----a-w- c:\windows\system32\drivers\usbohci.sys
2011-03-25 03:06 . 2011-05-11 17:00 24064 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2011-03-25 03:06 . 2011-05-11 17:00 5888 ----a-w- c:\windows\system32\drivers\usbd.sys
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-08-15 13797920]
"HControlUser"="d:\programy\HControlUser.exe" [2009-06-19 105016]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-09-11 7739936]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
SRS Premium Sound.lnk - c:\windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut4_E9C83B3EDF9141A39DA5EC05C79BBB91.exe [2011-2-16 156880]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-20 22:07 932288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-01-31 08:44 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2011-01-20 09:20 1305408 ----a-w- d:\programy\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2011-02-11 22:16 136176 ----atw- c:\users\Pavel\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RGSC]
2008-11-14 12:35 305064 ----a-r- d:\hry\GTA\Rockstar Games Social Club\RGSCLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-10-29 13:49 249064 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-04-05 136176]
R3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-04-05 136176]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-10-24 43392]
R3 rspSanity;rspSanity;c:\windows\system32\DRIVERS\rspSanity32.sys [2011-05-04 27192]
R3 SRS_PremiumSound_Service;SRS Labs Premium Sound;c:\windows\system32\drivers\srs_PremiumSound_i386.sys [2009-04-01 233128]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2011-02-12 1343400]
R3 WHZFDWJUAF;WHZFDWJUAF;c:\users\Pavel\AppData\Local\Temp\WHZFDWJUAF.exe [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-02-12 218688]
S1 MpKsl276fb1ba;MpKsl276fb1ba;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F15588FD-EDD8-43E4-A214-7A56DE5FC64B}\MpKsl276fb1ba.sys [2011-06-18 28752]
S1 MpKsld9e6f0ef;MpKsld9e6f0ef;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F15588FD-EDD8-43E4-A214-7A56DE5FC64B}\MpKsld9e6f0ef.sys [2011-06-18 28752]
S1 MpKslf27302e9;MpKslf27302e9;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F15588FD-EDD8-43E4-A214-7A56DE5FC64B}\MpKslf27302e9.sys [2011-06-18 28752]
S1 SAVRKBootTasks;Boot Tasks Driver;c:\windows\system32\SAVRKBootTasks.sys [2009-06-18 18816]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [2011-05-16 162544]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [2011-05-16 44720]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2010-10-24 54144]
S3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 206360]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2011-02-11 64032]
S3 RTL8167;Ovladač Realtek 8167 NT;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2011-05-16 111280]
S3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [2011-05-16 122224]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - MPKSLD9E6F0EF
.
Obsah adresáře 'Naplánované úlohy'
.
2011-06-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-04-05 14:22]
.
2011-06-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-04-05 14:22]
.
2011-06-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2734244089-3060300865-4267197301-1001Core.job
- c:\users\Pavel\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-11 22:16]
.
2011-06-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2734244089-3060300865-4267197301-1001UA.job
- c:\users\Pavel\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-11 22:16]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://seznam.cz/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Free YouTube to MP3 Converter - c:\users\Pavel\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files\ICQ7.5\ICQ.exe
TCP: DhcpNameServer = 193.168.1.1
FF - ProfilePath - c:\users\Pavel\AppData\Roaming\Mozilla\Firefox\Profiles\wozofu9e.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4dd3ee51&v=7.004.022.004&i=26&tp=ab&iy=&ychte=us&lng=cs&q=
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
AddRemove-Sophos-AntiRootkit - d:\antiroot\helper.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
d:\programy\ASLDRSrv.exe
c:\windows\system32\nvvsvc.exe
c:\windows\system32\taskhost.exe
c:\programdata\EPSON\EPW!3 SSRP\E_S40RP7.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
d:\programy\HControl.exe
d:\programy\ATKOSD.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
d:\programy\WDC.exe
d:\programy\Power4gear\BatteryLife.exe
c:\windows\System32\rundll32.exe
c:\windows\system32\conhost.exe
c:\windows\system32\DllHost.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\sppsvc.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
.
**************************************************************************
.
Celkový čas: 2011-06-18 13:52:52 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-06-18 11:52
.
Před spuštěním: Volných bajtů: 94 050 885 632
Po spuštění: Volných bajtů: 93 820 960 768
.
- - End Of File - - 1E4552875F38BB33CC9B700F747307EC

[Rudy]

Smazáno, log již vypadá čistý. Problém se zvukem máte i po skenu CF?

[savetr]

Pořád to blbne. Tak jsem asi předpokládal blbě že je to rootkit. Ale i tak moc díky

[Rudy]

1. PC vyčistěte od balastu CCleanerem: http://viry.cz/forum/viewtopic.php?f=46&t=7478 .
2. Přeinstalujte kodeky. Použijte pouze jeden balík kodeků, předejdete tím eventuálnímu sw konfliktu.
3. Přeinstalujte ovladač zv. karty.

[savetr]

1. vyčištěno
2.kodeky jsem tam nikdy žádné neinstaloval..zatím mi všechno šlo
3. přeinstalován ovladač zvukové karty

Výsledek = nic se nezměnilo pořád se to trhá
Zjistil jsem že mám skoro nepřetržitě využití procesoru 100%....procesy svchost.exe, které tam mám asi 6x
Když to náhodou klesne na 80% a méně tak to neblbne...

[Rudy]

Vícenásobné spuštění procesu svchost je normální (obsluhuje síť. služby) a jeho počet koresponduje s počtem těch služeb. Který z procesů nejvíce procesor vytěžuje?

[savetr]

Nejvíce ho vytěžují právě ty procesy svchost..

[Rudy]

Na zkoušku vypněte aut. aktualizace.

[savetr]

Ani to nepomohlo