Nejde Centrum zabezpečení systému ani antivir

Zpráva

tomnes · #1 Příspěvek od **tomnes** » 04 srp 2011 17:24

Hezký den,
před několika dny jsem obnovil PC ze spánku a najednou nešlo spustit Centrum zabezpečení systému ani Security Essentials. Včera jsem si chtěl vytisknout pár stránek a najednou se odinstalovala tiskárna a zablokovala služba "zařazování tisku". Můžete prosím pomoct?
Zde je log z RSIT:

Logfile of random's system information tool 1.09 (written by random/random)
Run by Tomáš at 2011-08-04 18:15:37
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 11 GB (6%) free of 183 GB
Total RAM: 3956 MB (51% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:15:43, on 4.8.2011
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files\Mouse\Amoumain.exe
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
C:\Windows\OETRN.EXE
C:\Users\Tomáš\AppData\Local\Google\Update\1.3.21.57\GoogleCrashHandler.exe
C:\Program Files (x86)\Mouse Driver\StartAutorun.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Mouse Driver\KMConfig.exe
C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe
C:\Program Files (x86)\Mouse Driver\KMProcess.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe
C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe
C:\Program Files (x86)\Samsung\Movie Color Enhancer\MovieColorEnhancer.exe
C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe
C:\Program Files (x86)\Samsung\Samsung Update Plus\SUPBackground.exe
C:\Program Files (x86)\Opera\opera.exe
C:\Program Files\trend micro\Tomáš.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.qip.ru/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.qip.ru
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://samsung.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: QIPBHO Class - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Users\Tomáš\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll
R3 - URLSearchHook: (no name) - - (no file)
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\Windows\WebIE.dll
O2 - BHO: Pomocná služba pro přihlášení ke službě Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O2 - BHO: QIPBHO - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Users\Tomáš\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll
O2 - BHO: W2PBrowser Browser Helper - {AA609D72-8482-4076-8991-8CDAE5B93BCB} - C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\Windows\WebIE.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [KMCONFIG] C:\Program Files (x86)\Mouse Driver\StartAutorun.exe KMConfig.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [OEXPRESS] C:\Windows\OETRN.EXE
O4 - HKCU\..\Run: [Google Update] "C:\Users\Tomáš\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-1604290871-1745575891-3147878822-1013\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-1604290871-1745575891-3147878822-1013\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
O4 - Startup: Dropbox.lnk = ?
O4 - Global Startup: Bluetooth.lnk.disabled
O4 - Global Startup: SRS Premium Sound.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Odeslat obrázek do zařízení &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Odeslat stránku do zařízení &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
O9 - Extra button: Samsung AnyWeb Print - {328ECD19-C167-40eb-A0C7-16FE7634105E} - C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll
O9 - Extra button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - (no file)
O9 - Extra 'Tools' menuitem: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - (no file)
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\Windows\WebIE.dll
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\Windows\WebIE.dll
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\Windows\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\Windows\WebIE.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\Windows\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\Windows\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\Windows\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\Windows\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\Windows\WebIE.dll
O9 - Extra button: Odeslat do zařízení Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm (file missing)
O9 - Extra 'Tools' menuitem: Odeslat do zařízení &Bluetooth... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm (file missing)
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O17 - HKLM\System\CCS\Services\Tcpip\..\{F2044D22-CA22-4DAD-80D3-6D56F41F1E20}: NameServer = 83.240.0.135,83.240.0.215
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: ABBYY FineReader 10 CE Licensing Service (ABBYY.Licensing.FineReader.Corporate.10.0) - ABBYY - C:\Program Files (x86)\Common Files\ABBYY\FineReader\10.00\Licensing\CE\NetworkLicenseServer.exe
O23 - Service: Advanced SystemCare Service (AdvancedSystemCareService) - IObit - C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: KMService - Unknown owner - C:\Windows\system32\srvany.exe
O23 - Service: Keyboard And Mouse Communication Service (KMWDSERVICE) - UASSOFT.COM - C:\Program Files (x86)\Mouse Driver\KMWDSrv.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
O23 - Service: O&O Defrag (OODefragAgent) - O&O Software GmbH - C:\Program Files\OO Software\Defrag\oodag.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Samsung UPD Service - Unknown owner - C:\Windows\System32\SUPDSvc.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: TeamViewer 6 (TeamViewer6) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
O23 - Service: Intel(R) Turbo Boost Technology Monitor (TurboBoost) - Intel(R) Corporation - C:\Program Files\Intel\TurboBoost\TurboBoost.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Novell XTier Service Manager (XTSvcMgr) - Unknown owner - C:\Program Files (x86)\Novell\Client\XTier\Services\XTSvcMgr.exe (file missing)

--
End of file - 14757 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
winlogon.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe 30363856
\??\C:\Windows\system32\conhost.exe "851074954659795861-31270135915306144791633893956-1492656924-1812175019-1070565893
taskeng.exe {54E6DC30-0012-4AB9-B19D-BD2F9C29FD2A}
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files\Novell\Client\XTier\Services\XTSvcMgr.exe"
C:\Windows\system32\rundll32.exe "C:\Windows\SysWOW64\wusau.dll",iocmsliqn
C:\Windows\system32\rundll32.exe "C:\Windows\SysWOW64\wusau.dll",iocmsliqn
"C:\Program Files (x86)\Common Files\ABBYY\FineReader\10.00\Licensing\CE\NetworkLicenseServer.exe" -service
"C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe"
C:\Windows\system32\nvvsvc.exe -session -first
"C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCService.exe"
"C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe"
C:\Windows\SysWOW64\srvany.exe
"C:\Program Files (x86)\Mouse Driver\KMWDSrv.exe"
C:\Windows\KMService.exe
\??\C:\Windows\system32\conhost.exe "-13843853582138979979509909498-2142590805202217020781752578-1937520523-313557774
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe"
"C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS
"C:\Program Files\OO Software\Defrag\oodag.exe"
C:\Windows\SysWOW64\PnkBstrA.exe
"C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe"
"C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe"
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe"
"C:\Program Files\Intel\TurboBoost\TurboBoost.exe"
"taskhost.exe"
"C:\Windows\system32\Dwm.exe"
taskeng.exe {A5A21EA4-AB0C-4EFF-B6D7-D326E34826A2}
C:\Windows\Explorer.EXE
"C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
WLIDSvcM.exe 1996
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
"C:\Program Files\Elantech\ETDCtrl.exe"
"C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
"C:\Program Files\Mouse\Amoumain.exe"
"C:\Program Files\OO Software\Defrag\oodtray.exe"
"C:\Windows\System32\nwtray.exe"
"C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
"C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun
"C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
"C:\Program Files\Elantech\ETDCtrlHelper.exe"
"C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe"
"C:\Windows\OETRN.EXE"
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:/Program Files/NVIDIA Corporation/Display/nvtray.exe" -user_has_logged_in 1
"C:\Windows\System32\StikyNot.exe"
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Users\Tomáš\AppData\Local\Google\Update\1.3.21.57\GoogleCrashHandler.exe" /crashhandler
"C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel_64.exe" /f=srs_premium_sound_nopreset.zip /h
"C:\Program Files (x86)\Mouse Driver\StartAutorun.exe" KMConfig.exe
"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
KMConfig.exe
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
"C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe"
"C:\Program Files (x86)\Mouse Driver\KMProcess.exe"
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe /Processid:{30D49246-D217-465F-B00B-AC9DDD652EB7}
"C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe"
"C:\Program Files\Samsung\SamsungFastStart\SmartRestarter.exe"
"C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
"C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe"
"C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe"
"C:\Program Files (x86)\Samsung\Movie Color Enhancer\MovieColorEnhancer.exe"
"C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe"
"C:\Program Files (x86)\Samsung\Samsung Update Plus\SUPBackground.exe"
"C:\Program Files (x86)\Opera\opera.exe"
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe4_ Global\UsGthrCtrlFltPipeMssGthrPipe4 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Windows\system32\SearchFilterHost.exe" 0 520 524 532 65536 528
"C:\Users\Tomáš\Desktop\RSITx64.exe"
C:\Windows\system32\wbem\wmiprvse.exe

======Scheduled tasks folder======

C:\Windows\tasks\anpzviwruz.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1604290871-1745575891-3147878822-1000Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1604290871-1745575891-3147878822-1000UA.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1604290871-1745575891-3147878822-1012Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1604290871-1745575891-3147878822-1012UA.job

=========Mozilla firefox=========

ProfilePath - C:\Users\Tomáš\AppData\Roaming\Mozilla\Firefox\Profiles\cimzyjxj.default

prefs.js - "browser.startup.homepage" - "www.google.cz"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL

C:\Program Files (x86)\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}
{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}

C:\Program Files (x86)\Mozilla Firefox\components\
binary.manifest
browsercomps.dll

C:\Program Files (x86)\Mozilla Firefox\searchplugins\
google.xml
heureka-cz.xml
jyxo-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 529280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL [2010-01-16 688528]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2DB66063-BB98-466A-AA0D-3E7ACF5ED853}]
WebTransBHO Class - C:\Windows\WebIE.dll [2010-12-25 491520]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocná služba pro přihlášení ke službě Windows Live ID - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 439168]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9FDDE16B-836F-4806-AB1F-1455CBEFF289}]
Windows Live Messenger Companion Helper - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll [2010-11-10 393600]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}]
QIPBHO Class - C:\Users\Tomáš\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll [2011-02-01 150400]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA609D72-8482-4076-8991-8CDAE5B93BCB}]
W2PBrowser Class - C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll [2010-08-23 1236992]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL [2010-01-16 561552]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2011-07-09 42272]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{BFC32E1D-EE75-4A48-BC60-104E11EE2431} - WebTranslator - C:\Windows\WebIE.dll [2010-12-25 491520]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2010-08-04 11106408]
"ETDCtrl"=C:\Program Files\Elantech\ETDCtrl.exe [2010-08-05 2586504]
"AdobeAAMUpdater-1.0"=C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-12-25 500208]
"IntelliPoint"=C:\Program Files\Microsoft IntelliPoint\ipoint.exe [2010-07-21 2327952]
"WheelMouse"=C:\Program Files\Mouse\Amoumain.exe [2008-03-03 196608]
"OODefragTray"=C:\Program Files\OO Software\Defrag\oodtray.exe [2011-01-12 4012360]
"NWTRAY"=C:\Windows\system32\NWTRAY.EXE [2009-12-27 37400]
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2011-01-12 2918656]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2010-11-20 1475584]
"DAEMON Tools Lite"=C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [2010-04-01 357696]
"OEXPRESS"=C:\Windows\OETRN.EXE [2010-12-25 26624]
"Google Update"=C:\Users\Tomáš\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-26 136176]
"RESTART_STICKY_NOTES"=C:\Windows\System32\StikyNot.exe [2009-07-14 427520]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\boinctray]
C:\Program Files (x86)\BOINC\boinctray.exe [2010-09-23 58112]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"=C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [2011-06-08 37296]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2011-03-30 937920]
"BCSSync"=C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [2010-01-21 91520]
"SwitchBoard"=C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
"AdobeCS5ServiceManager"=C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [2010-07-22 402432]
"KMCONFIG"=C:\Program Files (x86)\Mouse Driver\StartAutorun.exe [2008-05-30 212992]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2011-04-08 254696]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Bluetooth.lnk.disabled - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
SRS Premium Sound.lnk - C:\Windows\Installer\{340BE65B-7621-4B0B-B0F9-DBCCD8D70887}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe

C:\Users\Tomáš\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Dropbox.lnk - C:\Users\Tomáš\AppData\Roaming\Dropbox\bin\Dropbox.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
ncv1_0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"MSVideo8"=VfWWDM32.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave5"=wdmaud.drv
"midi5"=wdmaud.drv
"mixer5"=wdmaud.drv
"wave6"=wdmaud.drv
"midi6"=wdmaud.drv
"mixer6"=wdmaud.drv
"wave7"=wdmaud.drv
"midi7"=wdmaud.drv
"mixer7"=wdmaud.drv
"wave8"=wdmaud.drv
"midi8"=wdmaud.drv
"mixer8"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv
"wave9"=wdmaud.drv
"midi9"=wdmaud.drv
"mixer9"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2011-08-04 18:15:37 ----D---- C:\rsit
2011-08-04 18:15:37 ----D---- C:\Program Files\trend micro
2011-08-02 20:35:36 ----D---- C:\Program Files (x86)\EPSON_P1
2011-07-31 12:29:08 ----D---- C:\ProgramData\ESET
2011-07-31 12:29:08 ----D---- C:\Program Files\ESET
2011-07-31 11:20:24 ----RASH---- C:\Windows\SYSWOW64\wusau.dll
2011-07-16 14:51:08 ----D---- C:\ProgramData\NVIDIA
2011-07-16 14:51:06 ----D---- C:\Program Files (x86)\NVIDIA Corporation
2011-07-16 14:50:52 ----A---- C:\Windows\system32\nvshext.dll
2011-07-16 14:50:51 ----A---- C:\Windows\system32\nvvsvc.exe
2011-07-16 14:50:51 ----A---- C:\Windows\system32\nvsvcr.dll
2011-07-16 14:50:51 ----A---- C:\Windows\system32\nvsvc64.dll
2011-07-16 14:50:51 ----A---- C:\Windows\system32\nvcpl.dll
2011-07-16 14:50:50 ----A---- C:\Windows\system32\nvmctray.dll
2011-07-16 14:50:50 ----A---- C:\Windows\system32\easyupdatusapiu64.dll
2011-07-16 14:50:32 ----D---- C:\ProgramData\NVIDIA Corporation
2011-07-16 14:45:22 ----A---- C:\Windows\system32\nvhdap64.dll
2011-07-16 14:45:22 ----A---- C:\Windows\system32\nvhdagenco642040.dll
2011-07-16 14:45:22 ----A---- C:\Windows\system32\drivers\nvhda64v.sys
2011-07-16 14:45:15 ----A---- C:\Windows\SYSWOW64\OpenCL.dll
2011-07-16 14:45:15 ----A---- C:\Windows\SYSWOW64\nvwgf2um.dll
2011-07-16 14:45:15 ----A---- C:\Windows\SYSWOW64\nvoglv32.dll
2011-07-16 14:45:15 ----A---- C:\Windows\SYSWOW64\nvd3dum.dll
2011-07-16 14:45:15 ----A---- C:\Windows\SYSWOW64\nvcuvid.dll
2011-07-16 14:45:15 ----A---- C:\Windows\SYSWOW64\nvcuvenc.dll
2011-07-16 14:45:15 ----A---- C:\Windows\SYSWOW64\nvcuda.dll
2011-07-16 14:45:15 ----A---- C:\Windows\SYSWOW64\nvcompiler.dll
2011-07-16 14:45:15 ----A---- C:\Windows\SYSWOW64\nvapi.dll
2011-07-16 14:45:15 ----A---- C:\Windows\system32\OpenCL.dll
2011-07-16 14:45:15 ----A---- C:\Windows\system32\nvwgf2umx.dll
2011-07-16 14:45:15 ----A---- C:\Windows\system32\nvoglv64.dll
2011-07-16 14:45:15 ----A---- C:\Windows\system32\nvgenco642090.dll
2011-07-16 14:45:15 ----A---- C:\Windows\system32\nvdispco6420150.dll
2011-07-16 14:45:15 ----A---- C:\Windows\system32\nvd3dumx.dll
2011-07-16 14:45:15 ----A---- C:\Windows\system32\nvcuvid.dll
2011-07-16 14:45:15 ----A---- C:\Windows\system32\nvcuvenc.dll
2011-07-16 14:45:15 ----A---- C:\Windows\system32\nvcuda.dll
2011-07-16 14:45:15 ----A---- C:\Windows\system32\nvcompiler.dll
2011-07-16 14:45:15 ----A---- C:\Windows\system32\nvapi64.dll
2011-07-16 14:45:15 ----A---- C:\Windows\system32\drivers\nvlddmkm.sys
2011-07-16 14:32:57 ----A---- C:\Windows\SYSWOW64\PnkBstrB.exe
2011-07-16 14:32:56 ----A---- C:\Windows\SYSWOW64\PnkBstrA.exe
2011-07-16 14:32:54 ----A---- C:\Windows\SYSWOW64\pbsvc.exe
2011-07-13 17:39:06 ----A---- C:\Windows\system32\KernelBase.dll
2011-07-13 17:39:05 ----A---- C:\Windows\SYSWOW64\KernelBase.dll
2011-07-13 17:39:04 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2011-07-13 17:39:04 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2011-07-13 17:39:04 ----AH---- C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2011-07-13 17:39:04 ----AH---- C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2011-07-13 17:39:04 ----AH---- C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2011-07-13 17:39:03 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-13 17:39:03 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2011-07-13 17:39:03 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-synch-l1-1-0.dll
2011-07-13 17:39:03 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2011-07-13 17:39:03 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-misc-l1-1-0.dll
2011-07-13 17:39:03 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2011-07-13 17:39:03 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-heap-l1-1-0.dll
2011-07-13 17:39:03 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-handle-l1-1-0.dll
2011-07-13 17:39:03 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-file-l1-1-0.dll
2011-07-13 17:39:03 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-fibers-l1-1-0.dll
2011-07-13 17:39:03 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2011-07-13 17:39:03 ----AH---- C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2011-07-13 17:39:03 ----AH---- C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2011-07-13 17:39:03 ----AH---- C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2011-07-13 17:39:03 ----AH---- C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2011-07-13 17:39:03 ----AH---- C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2011-07-13 17:39:03 ----AH---- C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2011-07-13 17:39:03 ----AH---- C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2011-07-13 17:39:03 ----AH---- C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2011-07-13 17:39:03 ----AH---- C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2011-07-13 17:39:03 ----AH---- C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2011-07-13 17:39:03 ----AH---- C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2011-07-13 17:39:02 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-delayload-l1-1-0.dll
2011-07-13 17:39:02 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-debug-l1-1-0.dll
2011-07-13 17:39:02 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-datetime-l1-1-0.dll
2011-07-13 17:39:02 ----AH---- C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2011-07-13 17:39:02 ----AH---- C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2011-07-13 17:39:02 ----AH---- C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2011-07-13 17:39:02 ----AH---- C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2011-07-13 17:39:01 ----AH---- C:\Windows\SYSWOW64\api-ms-win-security-base-l1-1-0.dll
2011-07-13 17:39:01 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-xstate-l1-1-0.dll
2011-07-13 17:39:01 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-util-l1-1-0.dll
2011-07-13 17:39:01 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-string-l1-1-0.dll
2011-07-13 17:39:01 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2011-07-13 17:39:01 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-profile-l1-1-0.dll
2011-07-13 17:39:01 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2011-07-13 17:39:01 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2011-07-13 17:39:01 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-memory-l1-1-0.dll
2011-07-13 17:39:01 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localization-l1-1-0.dll
2011-07-13 17:39:01 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-io-l1-1-0.dll
2011-07-13 17:39:01 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-console-l1-1-0.dll
2011-07-13 17:39:01 ----AH---- C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2011-07-13 17:39:01 ----AH---- C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2011-07-13 17:39:01 ----AH---- C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-13 17:39:01 ----AH---- C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2011-07-13 17:39:01 ----AH---- C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2011-07-13 17:39:01 ----AH---- C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2011-07-13 17:39:01 ----AH---- C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2011-07-13 17:39:01 ----AH---- C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2011-07-13 17:39:01 ----AH---- C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2011-07-13 17:39:01 ----AH---- C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2011-07-13 17:38:57 ----A---- C:\Windows\system32\wow64win.dll
2011-07-13 17:38:57 ----A---- C:\Windows\system32\kernel32.dll
2011-07-13 17:38:57 ----A---- C:\Windows\system32\conhost.exe
2011-07-13 17:38:56 ----A---- C:\Windows\SYSWOW64\wow32.dll
2011-07-13 17:38:56 ----A---- C:\Windows\SYSWOW64\setup16.exe
2011-07-13 17:38:56 ----A---- C:\Windows\SYSWOW64\ntvdm64.dll
2011-07-13 17:38:56 ----A---- C:\Windows\SYSWOW64\kernel32.dll
2011-07-13 17:38:56 ----A---- C:\Windows\SYSWOW64\instnm.exe
2011-07-13 17:38:56 ----A---- C:\Windows\system32\wow64cpu.dll
2011-07-13 17:38:56 ----A---- C:\Windows\system32\wow64.dll
2011-07-13 17:38:56 ----A---- C:\Windows\system32\winsrv.dll
2011-07-13 17:38:56 ----A---- C:\Windows\system32\ntvdm64.dll
2011-07-13 17:38:54 ----A---- C:\Windows\SYSWOW64\user.exe
2011-07-13 17:38:49 ----A---- C:\Windows\system32\drivers\BTHUSB.SYS
2011-07-13 17:38:49 ----A---- C:\Windows\system32\drivers\bthport.sys
2011-07-13 17:38:48 ----A---- C:\Windows\system32\win32k.sys
2011-07-09 16:44:17 ----A---- C:\Windows\SYSWOW64\javaws.exe
2011-07-09 16:44:17 ----A---- C:\Windows\SYSWOW64\javaw.exe
2011-07-09 16:44:17 ----A---- C:\Windows\SYSWOW64\java.exe

======List of files/folders modified in the last 1 month======

2011-08-04 18:15:43 ----D---- C:\Windows\Prefetch
2011-08-04 18:15:38 ----D---- C:\Windows\Temp
2011-08-04 18:15:37 ----RD---- C:\Program Files
2011-08-02 20:37:36 ----D---- C:\Windows\System32
2011-08-02 20:37:35 ----D---- C:\Windows\twain_32
2011-08-02 20:37:35 ----D---- C:\Windows\SysWOW64
2011-08-02 20:37:35 ----D---- C:\Windows\inf
2011-08-02 20:37:32 ----D---- C:\Windows\system32\DriverStore
2011-08-02 20:36:50 ----SHD---- C:\Windows\Installer
2011-08-02 20:36:50 ----D---- C:\Windows\system32\catroot
2011-08-02 20:35:36 ----D---- C:\Program Files (x86)
2011-08-02 20:34:56 ----D---- C:\Users\Tomáš\AppData\Roaming\Dropbox
2011-08-02 20:34:20 ----D---- C:\Windows\system32\config
2011-08-02 20:33:57 ----A---- C:\Windows\SYSWOW64\log.txt
2011-08-02 20:30:51 ----D---- C:\Windows\system32\catroot2
2011-08-02 20:25:06 ----A---- C:\Windows\system32\PerfStringBackup.INI
2011-07-31 14:29:18 ----SHD---- C:\System Volume Information
2011-07-31 14:22:53 ----D---- C:\Windows\system32\drivers
2011-07-31 13:26:16 ----D---- C:\Program Files (x86)\Codemasters
2011-07-31 12:29:08 ----HD---- C:\ProgramData
2011-07-31 12:08:34 ----A---- C:\Windows\SYSWOW64\PerfStringBackup.INI
2011-07-31 12:07:45 ----D---- C:\Windows
2011-07-31 12:05:19 ----D---- C:\Windows\system32\Tasks
2011-07-31 12:00:04 ----HD---- C:\Windows\system32\GroupPolicy
2011-07-31 11:49:03 ----D---- C:\Users\Tomáš\AppData\Roaming\Skype
2011-07-31 11:48:52 ----D---- C:\Users\Tomáš\AppData\Roaming\skypePM
2011-07-31 11:20:24 ----D---- C:\Windows\Tasks
2011-07-31 11:15:47 ----A---- C:\Windows\WDICT32.INI
2011-07-26 22:02:52 ----D---- C:\Program Files (x86)\Microsoft Antimalware
2011-07-25 21:24:20 ----D---- C:\Users\Tomáš\AppData\Roaming\XnView
2011-07-23 14:59:05 ----D---- C:\Program Files (x86)\XnView
2011-07-17 14:26:43 ----D---- C:\Windows\debug
2011-07-16 14:52:37 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2011-07-16 14:52:08 ----D---- C:\Program Files\NVIDIA Corporation
2011-07-16 14:51:08 ----RD---- C:\Users
2011-07-16 14:50:44 ----D---- C:\Windows\Help
2011-07-16 14:32:54 ----D---- C:\Windows\system32\LogFiles
2011-07-16 14:23:23 ----D---- C:\Windows\winsxs
2011-07-15 18:11:51 ----D---- C:\Users\Tomáš\AppData\Roaming\Media Player Classic
2011-07-15 17:26:47 ----D---- C:\Program Files (x86)\IObit
2011-07-14 19:25:43 ----RSD---- C:\Windows\assembly
2011-07-14 18:39:19 ----D---- C:\Windows\AppPatch
2011-07-13 17:40:07 ----A---- C:\Windows\system32\MRT.exe
2011-07-09 16:44:33 ----D---- C:\Program Files (x86)\Common Files
2011-07-09 16:44:01 ----A---- C:\Windows\SYSWOW64\deployJava1.dll
2011-07-07 19:58:40 ----D---- C:\Program Files (x86)\ABBYY FineReader 10
2011-07-06 12:41:03 ----A---- C:\Windows\MAILTRAN.INI

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 iaStor;Intel AHCI Controller; C:\Windows\system32\DRIVERS\iaStor.sys [2010-04-27 540696]
R0 NCFilter;Novell UNC Filter - Filter; C:\Windows\system32\DRIVERS\NCFilter.sys [2009-12-27 113176]
R0 NCRecognizer;Novell UNC Filter - Recognizer; C:\Windows\system32\DRIVERS\NCRecognizer.sys [2009-12-27 119320]
R0 NCUncFilter;Novell UNC Filter - UNC Filter; C:\Windows\system32\DRIVERS\NCUncFilter.sys [2009-12-27 26136]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2010-12-11 834544]
R1 Amfilter;Compatible Mouse Filter Driver; C:\Windows\system32\DRIVERS\Amfltx64.sys [2007-10-15 12288]
R1 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [2010-12-21 141264]
R1 NICM;Novell XTCOM Driver; \??\C:\Program Files\Novell\Client\XTier\Drivers\nicm.sys [2009-12-27 31256]
R1 SABI;SAMSUNG Kernel Driver For Windows 7; \??\C:\Windows\system32\Drivers\SABI.sys [2009-05-28 13824]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R2 atksgt;atksgt; C:\Windows\system32\DRIVERS\atksgt.sys [2011-01-17 314016]
R2 eamonm;eamonm; C:\Windows\system32\DRIVERS\eamonm.sys [2010-12-21 170640]
R2 epfwwfpr;epfwwfpr; C:\Windows\system32\DRIVERS\epfwwfpr.sys [2010-12-21 125296]
R2 lirsgt;lirsgt; C:\Windows\system32\DRIVERS\lirsgt.sys [2011-01-17 43680]
R2 NCFSD;Novell Client File System Redirector; \??\C:\Program Files\Novell\Client\XTier\Drivers\ncfsd.sys [2009-12-27 96792]
R2 NCIOCTL;Novell Xplat IoCtl Driver; \??\C:\Program Files\Novell\Client\XTier\Drivers\ncioctl.sys [2009-12-27 83480]
R2 SSPORT;SSPORT; \??\C:\Windows\system32\Drivers\SSPORT.sys [2009-08-07 11576]
R2 TurboB;Turbo Boost UI Monitor driver; C:\Windows\system32\DRIVERS\TurboB.sys [2010-04-16 13832]
R3 BCM43XX;Broadcom 802.11 Network Adapter Driver; C:\Windows\system32\DRIVERS\bcmwl664.sys [2010-07-29 3065408]
R3 BthEnum;Ovladač pro Bluetooth Request Block; C:\Windows\system32\drivers\BthEnum.sys [2009-07-14 41984]
R3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 118784]
R3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2011-04-28 80384]
R3 btwampfl;Bluetooth AMP USB Filter; C:\Windows\system32\drivers\btwampfl.sys [2010-07-14 344616]
R3 ETD;ELAN PS/2 Port Input Device; C:\Windows\system32\DRIVERS\ETD.sys [2010-08-10 111616]
R3 HECIx64;Intel(R) Management Engine Interface; C:\Windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
R3 Impcd;Impcd; C:\Windows\system32\DRIVERS\Impcd.sys [2010-02-27 158976]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2010-08-04 2447592]
R3 KMWDFILTER;HIDServiceDesc; C:\Windows\system32\DRIVERS\KMWDFILTER.sys [2009-04-30 30208]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver; C:\Windows\system32\DRIVERS\nusb3hub.sys [2010-04-27 83080]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver; C:\Windows\system32\DRIVERS\nusb3xhc.sys [2010-04-27 184968]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\Windows\system32\drivers\nvhda64v.sys [2011-05-10 174184]
R3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 158720]
R3 StillCam;Ovladač digitálního fotoaparátu pro sériový port; C:\Windows\system32\DRIVERS\serscan.sys [2009-07-14 12288]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
S3 Amusbprt;USB HID-compliant Mouse Driver; C:\Windows\system32\DRIVERS\Amusbx64.sys [2008-02-13 17920]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver; C:\Windows\System32\Drivers\ssadadb.sys [2010-12-21 36328]
S3 AVerFx2hbtv64;AVerMedia USB SW Hybrid Tuner; C:\Windows\system32\drivers\AVerFx2hbtv64.sys [2009-05-05 508672]
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2011-04-28 552960]
S3 btwaudio;Bluetooth Audio Device Service; C:\Windows\system32\drivers\btwaudio.sys []
S3 btwavdt;Bluetooth AVDT Service; C:\Windows\system32\DRIVERS\btwavdt.sys []
S3 btwl2cap;Bluetooth L2CAP Service; C:\Windows\system32\DRIVERS\btwl2cap.sys []
S3 btwrchid;btwrchid; C:\Windows\system32\DRIVERS\btwrchid.sys []
S3 cpuz130;cpuz130; \??\C:\Users\TOM~1\AppData\Local\Temp\cpuz130\cpuz_x64.sys []
S3 dc3d;MS Hardware Device Detection Driver (USB); C:\Windows\system32\DRIVERS\dc3d.sys [2010-07-21 51600]
S3 fssfltr;FssFltr; C:\Windows\system32\DRIVERS\fssfltr.sys [2010-09-23 48488]
S3 gHidPnp;USB Device Enhanced Function Driver; C:\Windows\System32\Drivers\gHidPnp.Sys []
S3 gMouPS2;PS2 Scroll Mouse Device; C:\Windows\system32\DRIVERS\gMouPS2.sys []
S3 gMouUsb;USB Mouse Device Drv; C:\Windows\system32\DRIVERS\gMouUsb.sys []
S3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [2009-06-10 6108416]
S3 NuidFltr;NUID filter driver; C:\Windows\system32\DRIVERS\NuidFltr.sys [2010-07-21 23952]
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 Point64;Microsoft IntelliPoint Filter Driver; C:\Windows\system32\DRIVERS\point64.sys [2010-07-21 45456]
S3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2009-06-10 187392]
S3 rtport;rtport; \??\C:\Windows\SysWOW64\drivers\rtport.sys [2010-10-14 15144]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM); C:\Windows\system32\DRIVERS\ssadbus.sys [2011-01-03 157160]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter); C:\Windows\system32\DRIVERS\ssadmdfl.sys [2011-01-03 16872]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers; C:\Windows\system32\DRIVERS\ssadmdm.sys [2011-01-03 177128]
S3 sscdbus;SAMSUNG USB Composite Device driver (WDM); C:\Windows\system32\DRIVERS\sscdbus.sys [2010-12-21 136264]
S3 sscdmdfl;SAMSUNG Mobile Modem Filter; C:\Windows\system32\DRIVERS\sscdmdfl.sys [2010-12-21 19016]
S3 sscdmdm;SAMSUNG Mobile Modem Drivers; C:\Windows\system32\DRIVERS\sscdmdm.sys [2010-12-21 172104]
S3 TFsExDisk;TFsExDisk; \??\C:\Windows\System32\Drivers\TFsExDisk.sys [2011-01-04 16392]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2009-07-14 41984]
S4 RsFx0103;RsFx0103 Driver; C:\Windows\system32\DRIVERS\RsFx0103.sys [2009-03-30 311656]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ABBYY.Licensing.FineReader.Corporate.10.0;ABBYY FineReader 10 CE Licensing Service; C:\Program Files (x86)\Common Files\ABBYY\FineReader\10.00\Licensing\CE\NetworkLicenseServer.exe [2010-05-07 814344]
R2 AdvancedSystemCareService;Advanced SystemCare Service; C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCService.exe [2011-05-28 353168]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2011-01-12 810144]
R2 KMService;KMService; C:\Windows\syswow64\srvany.exe [2010-12-25 8192]
R2 KMWDSERVICE;Keyboard And Mouse Communication Service; C:\Program Files (x86)\Mouse Driver\KMWDSrv.exe [2009-08-31 1821184]
R2 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2010-02-04 268824]
R2 MSSQL$SQLEXPRESS;SQL Server (SQLEXPRESS); C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [2010-09-17 57966424]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2011-05-21 1016936]
R2 nvUpdatusService;NVIDIA Update Service Daemon; C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-05-21 2214504]
R2 OODefragAgent;O&O Defrag; C:\Program Files\OO Software\Defrag\oodag.exe [2011-01-12 3134792]
R2 PnkBstrA;PnkBstrA; C:\Windows\syswow64\PnkBstrA.exe [2011-07-16 66872]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [2009-07-07 247152]
R2 SQLWriter;SQL Server VSS Writer; C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2010-09-17 154968]
R2 TeamViewer6;TeamViewer 6; C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-04-15 2280312]
R2 TurboBoost;Intel(R) Turbo Boost Technology Monitor; C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-04-16 134928]
R2 UNS;Intel(R) Management & Security Application User Notification Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-02-04 2320920]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 SBSDWSCService;SBSD Security Center Service; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2010-03-18 44376]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2011-01-12 42360]
S3 fsssvc;Windows Live Family Safety Service; C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-09-23 1493352]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
S3 Samsung UPD Service;Samsung UPD Service; C:\Windows\System32\SUPDSvc.exe [2010-08-09 166704]
S3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2010-12-25 403240]
S3 SwitchBoard;SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2010-12-19 1255736]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service; C:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-22 61976]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 QipGuard;QipGuard; C:\Program Files (x86)\QipGuard\QipGuard.exe [2011-02-01 187776]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS); C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2010-09-17 430424]
S4 SQLBrowser;SQL Server Browser; C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2009-03-30 254808]

-----------------EOF-----------------

#2 Příspěvek od **Rudy** » 04 srp 2011 18:04

Hezký den i vám!
Poprosím, ještě o log z ComboFix.

Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se

jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine

aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode,

pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k

nezadoucim kolizim s rezidentem antispyware

tomnes · #3 Příspěvek od **tomnes** » 04 srp 2011 19:18

Zde je log z ComboFix:

ComboFix 11-08-04.01 - Tomáš 04.08.2011 19:41:48.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.3956.2045 [GMT 2:00]
Spuštěný z: c:\users\TomßÜ\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 4.2 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET NOD32 Antivirus 4.2 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\SysWow64\Ijl11.dll
c:\windows\SysWow64\muzapp.exe
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_Copyright (C) 1997-2008 Mark Russinovich
-------\Service_Handle v3.42
-------\Service_rundll32.exe pid: 1656 30: c:\windows\System32\cs-CZ\rundll32.exe.mui
-------\Service_rundll32.exe pid: 1728 58: c:\windows\SysWOW64\cs-CZ\rundll32.exe.mui
-------\Service_sidebar.exe pid: 4064 D8: c:\program files\Windows Sidebar\sidebar.exe
-------\Service_StikyNot.exe pid: 3888 44: c:\windows\System32\cs-CZ\StikyNot.exe.mui
-------\Service_Sysinternals - www.sysinternals.com
-------\Service_wlanext.exe pid: 1244 44: c:\windows\System32\cs-CZ\wlanext.exe.mui
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-07-04 do 2011-08-04 )))))))))))))))))))))))))))))))
.
.
2011-08-04 17:57 . 2011-08-04 17:57 -------- d-----w- c:\users\Dirt3\AppData\Local\temp
2011-08-04 17:57 . 2011-08-04 17:57 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-08-04 16:15 . 2011-08-04 16:26 -------- d-----w- C:\rsit
2011-08-04 16:15 . 2011-08-04 16:15 -------- d-----w- c:\program files\trend micro
2011-08-02 18:35 . 2011-08-02 18:35 -------- d-----w- c:\program files (x86)\EPSON_P1
2011-07-31 11:00 . 2011-07-31 11:00 -------- d-----w- c:\users\Tomáš\AppData\Local\ESET
2011-07-31 10:29 . 2011-07-31 10:29 -------- d-----w- c:\program files\ESET
2011-07-31 09:20 . 2011-07-31 09:20 63488 --sha-r- c:\windows\SysWow64\wusau.dll
2011-07-16 19:14 . 2011-07-16 19:14 -------- d-----w- c:\users\Dirt3\AppData\Roaming\GRETECH
2011-07-16 12:51 . 2011-07-16 12:54 -------- d-----w- c:\programdata\NVIDIA
2011-07-16 12:51 . 2011-07-16 12:51 -------- d-----w- c:\users\UpdatusUser
2011-07-16 12:51 . 2011-07-16 12:51 -------- d-----w- c:\program files (x86)\NVIDIA Corporation
2011-07-16 12:50 . 2011-05-21 06:01 61544 ----a-w- c:\windows\system32\nvshext.dll
2011-07-16 12:50 . 2011-05-21 06:01 6300776 ----a-w- c:\windows\system32\nvcpl.dll
2011-07-16 12:50 . 2011-05-21 06:01 3040872 ----a-w- c:\windows\system32\nvsvc64.dll
2011-07-16 12:50 . 2011-05-21 06:01 2560616 ----a-w- c:\windows\system32\nvsvcr.dll
2011-07-16 12:50 . 2011-05-21 06:01 1016936 ----a-w- c:\windows\system32\nvvsvc.exe
2011-07-16 12:50 . 2011-05-21 06:01 739432 ----a-w- c:\windows\system32\easyupdatusapiu64.dll
2011-07-16 12:50 . 2011-05-21 06:01 117864 ----a-w- c:\windows\system32\nvmctray.dll
2011-07-16 12:50 . 2011-07-16 12:50 -------- d-----w- c:\programdata\NVIDIA Corporation
2011-07-16 12:32 . 2011-07-16 12:33 103736 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2011-07-16 12:32 . 2011-07-16 12:32 66872 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2011-07-16 12:32 . 2011-07-16 12:32 669184 ----a-w- c:\windows\SysWow64\pbsvc.exe
2011-07-16 12:20 . 2011-07-20 18:40 -------- d-----w- c:\users\Dirt3\AppData\Local\CrashDumps
2011-07-14 17:46 . 2011-07-14 17:46 -------- d-----w- c:\users\Dirt3\AppData\Roaming\NVIDIA
2011-07-13 15:38 . 2011-06-03 06:57 362496 ----a-w- c:\windows\system32\wow64win.dll
2011-07-09 14:44 . 2011-07-09 14:44 -------- d-----w- c:\program files (x86)\Common Files\Java
2011-07-06 10:41 . 2011-07-06 10:42 -------- d-----w- c:\users\Dirt3\AppData\Local\Google
2011-07-06 10:41 . 2011-07-06 10:41 -------- d-----w- c:\users\Dirt3\AppData\Local\Apps
2011-07-06 10:41 . 2011-07-06 10:41 -------- d-----w- c:\users\Dirt3\AppData\Local\Deployment
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-09 14:44 . 2010-12-10 19:50 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-06-27 16:08 . 2011-05-21 09:53 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-06-15 17:42 . 2011-01-05 22:15 2377696 ----a-w- c:\programdata\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll
2011-06-09 17:37 . 2011-06-09 17:37 65536 ----a-w- c:\windows\TADSUINS.EXE
2011-06-03 05:57 . 2011-07-13 15:38 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2011-06-02 07:49 . 2010-12-10 18:36 122904 ----a-w- c:\windows\system32\OpenAL32.dll
2011-06-02 07:49 . 2010-12-10 18:36 109080 ----a-w- c:\windows\SysWow64\OpenAL32.dll
2011-06-01 19:18 . 2011-06-01 19:18 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-05-24 11:42 . 2011-06-29 17:05 404480 ----a-w- c:\windows\system32\umpnpmgr.dll
2011-05-24 10:40 . 2011-06-29 17:05 64512 ----a-w- c:\windows\SysWow64\devobj.dll
2011-05-24 10:40 . 2011-06-29 17:05 44544 ----a-w- c:\windows\SysWow64\devrtl.dll
2011-05-24 10:39 . 2011-06-29 17:05 145920 ----a-w- c:\windows\SysWow64\cfgmgr32.dll
2011-05-24 10:37 . 2011-06-29 17:05 252928 ----a-w- c:\windows\SysWow64\drvinst.exe
2011-05-18 21:28 . 2011-05-12 16:56 8107 ----a-w- c:\windows\w7dsd.reg
2011-05-18 21:28 . 2011-05-12 16:56 8089 ----a-w- c:\windows\w7dse.reg
2011-05-12 16:56 . 2011-05-12 16:56 275360 ----a-w- c:\windows\system32\DreamScene.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Tomáš\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Tomáš\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Tomáš\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Tomáš\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
"OEXPRESS"="c:\windows\OETRN.EXE" [2010-12-25 26624]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-01-21 91520]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-22 402432]
"KMCONFIG"="c:\program files (x86)\Mouse Driver\StartAutorun.exe" [2008-05-30 212992]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
.
c:\users\Tom ç\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Tom ç\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-5-25 24176560]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk.disabled [2010-12-11 834]
SRS Premium Sound.lnk - c:\windows\Installer\{340BE65B-7621-4B0B-B0F9-DBCCD8D70887}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe [2010-8-31 156952]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Bonus.SSR.FR10"="c:\program files (x86)\ABBYY FineReader 10\Bonus.ScreenshotReader.exe" /autorun
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [x]
R3 AVerFx2hbtv64;AVerMedia USB SW Hybrid Tuner;c:\windows\system32\drivers\AVerFx2hbtv64.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
R3 cpuz130;cpuz130;c:\users\TOM~1\AppData\Local\Temp\cpuz130\cpuz_x64.sys [x]
R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [x]
R3 gHidPnp;USB Device Enhanced Function Driver;c:\windows\system32\Drivers\gHidPnp.Sys [x]
R3 gMouPS2;PS2 Scroll Mouse Device;c:\windows\system32\DRIVERS\gMouPS2.sys [x]
R3 gMouUsb;USB Mouse Device Drv;c:\windows\system32\DRIVERS\gMouUsb.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
R3 Samsung UPD Service;Samsung UPD Service;c:\windows\System32\SUPDSvc.exe [x]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [x]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [x]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TFsExDisk;TFsExDisk;c:\windows\System32\Drivers\TFsExDisk.sys [2011-01-04 16392]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-22 61976]
R4 QipGuard;QipGuard;c:\program files (x86)\QipGuard\QipGuard.exe [2011-02-01 187776]
R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [x]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2010-09-17 430424]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 NCFilter;Novell UNC Filter - Filter;c:\windows\system32\DRIVERS\NCFilter.sys [x]
S0 NCRecognizer;Novell UNC Filter - Recognizer;c:\windows\system32\DRIVERS\NCRecognizer.sys [x]
S0 NCUncFilter;Novell UNC Filter - UNC Filter;c:\windows\system32\DRIVERS\NCUncFilter.sys [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [x]
S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 ABBYY.Licensing.FineReader.Corporate.10.0;ABBYY FineReader 10 CE Licensing Service;c:\program files (x86)\Common Files\ABBYY\FineReader\10.00\Licensing\CE\NetworkLicenseServer.exe [2010-05-07 814344]
S2 AdvancedSystemCareService;Advanced SystemCare Service;c:\program files (x86)\IObit\Advanced SystemCare 4\ASCService.exe [2011-05-28 353168]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2011-01-12 810144]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [x]
S2 KMWDSERVICE;Keyboard And Mouse Communication Service;c:\program files (x86)\Mouse Driver\KMWDSrv.exe [2009-08-31 1821184]
S2 NCFSD;Novell Client File System Redirector;c:\program files\Novell\Client\XTier\Drivers\ncfsd.sys [2009-12-27 96792]
S2 NCIOCTL;Novell Xplat IoCtl Driver;c:\program files\Novell\Client\XTier\Drivers\ncioctl.sys [2009-12-27 83480]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-05-21 2214504]
S2 OODefragAgent;O&O Defrag;c:\program files\OO Software\Defrag\oodag.exe [2011-01-12 3134792]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [x]
S2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-04-15 2280312]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [x]
S2 TurboBoost;Intel(R) Turbo Boost Technology Monitor;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-04-16 134928]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-02-03 2320920]
S2 XTSvcMgr;Novell XTier Service Manager;c:\program files\Novell\Client\XTier\Services\XTSvcMgr.exe [2009-12-27 21016]
S3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*Deregistered* - nciom
*Deregistered* - ncp
*Deregistered* - ncpl
*Deregistered* - ndm
*Deregistered* - ndmndap
*Deregistered* - ndslpp
*Deregistered* - niam
*Deregistered* - nipctl
*Deregistered* - nscm
*Deregistered* - nsns
*Deregistered* - nsvccost
*Deregistered* - xtxplat
.
Obsah adresáře 'Naplánované úlohy'
.
2011-08-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1604290871-1745575891-3147878822-1012Core.job
- c:\users\Dirt3\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-06 10:41]
.
2011-08-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1604290871-1745575891-3147878822-1012UA.job
- c:\users\Dirt3\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-06 10:41]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\Tomáš\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\Tomáš\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\Tomáš\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\Tomáš\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"combofix"="c:\combofix\CF16190.cfxxe" [X]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-08-04 11106408]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-12-25 500208]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2010-07-21 2327952]
"WheelMouse"="c:\program files\Mouse\Amoumain.exe" [2008-03-03 196608]
"OODefragTray"="c:\program files\OO Software\Defrag\oodtray.exe" [2011-01-12 4012360]
"NWTRAY"="NWTRAY.EXE" [2009-12-27 37400]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2011-01-12 2918656]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://google.cz/
uDefault_Search_URL = hxxp://search.qip.ru
mStart Page = hxxp://samsung.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uSearchAssistant = hxxp://search.qip.ru/ie
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Odeslat obrázek do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odeslat stránku do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {{328ECD19-C167-40eb-A0C7-16FE7634105E} - {94BB0C4C-B957-479A-85E4-42F53B89F681} - c:\program files\Samsung AnyWeb Print\W2PBrowser.dll
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\windows\WebIE.dll
TCP: DhcpNameServer = 83.240.0.214 83.240.0.215
TCP: Interfaces\{F2044D22-CA22-4DAD-80D3-6D56F41F1E20}: NameServer = 83.240.0.135,83.240.0.215
FF - ProfilePath - c:\users\Tomáš\AppData\Roaming\Mozilla\Firefox\Profiles\cimzyjxj.default\
FF - prefs.js: browser.startup.homepage - www.google.cz
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-RESTART_STICKY_NOTES - c:\windows\System32\StikyNot.exe
Toolbar-Locked - (no file)
HKLM-Run-ETDCtrl - c:\program files (x86)\Elantech\ETDCtrl.exe
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
AddRemove-QipGuard - c:\users\Tomáš\AppData\Roaming\QipGuard\QipGuard.exe
.
.
"ImagePath"="\??\c:\windows\SysWOW64\drivers\rtport.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\rundll32.exe pid: 1656 30: C:]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\rundll32.exe pid: 1728 58: C:]
--
"ServiceDll"="%SystemRoot%\System32\shsvcs.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\sidebar.exe pid: 4064 D8: C:]
--
"ImagePath"="\SystemRoot\system32\DRIVERS\stexstor.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\StikyNot.exe pid: 3888 44: C:]
--
"ImagePath"="system32\DRIVERS\WinUsb.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wlanext.exe pid: 1244 44: C:]
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-1604290871-1745575891-3147878822-1000\Software\SecuROM\License information*]
"datasecu"=hex:01,cf,30,dd,35,c7,89,ff,0e,85,26,c1,06,cf,90,9f,b0,54,ec,1d,05,
5b,a8,fa,da,e7,64,f2,37,44,24,61,47,11,cc,3c,c1,4a,ad,e8,c6,f2,df,f9,bb,99,\
"rkeysecu"=hex:29,23,be,84,e1,6c,d6,ae,52,90,49,f1,f1,bb,e9,eb
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10t_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10t_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG14.00.00.01PROFESSIONAL"="5A6814099012A162168A624585D5184EB04798B7DFE3855D92A7424CB0FD56C04D915FDBDDB0A1F90D6C035B8141E69B59D1382614A4A298334FBBD2E80FAA1D703B031CFE08E386729217D3971BBC57AFF2BB6DA58C044E0197E7110CA9837E4AE98CC2A51FF205EE2C319AA563BA3F15A45B8A42B4809E3A60413332210B07988A5B4EF8206F39DA4DB79E80BE14D621BFA0FC0BDA02EE53ED996CEBEA8099CB6AA63F93DA8BA744EBE1D0EF7591E61C07E9C694DE0467746C136D3921B4DF883A741C06C18F1C6A64C028B07210F8089EEB71684797F2F767A6F291FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B98089DB7CE019D40AA5CBA7FD869164D67949DB7CE019D40AA5C645128DF0F2839451E1C43F02793833FA42E8A4C8800C23D7F7538339749D3E804FA0308239380AB9337A7A2EB4A99ECE8AF8C77B0611CA06B676B86D671681EA09E94A41A2289D4A167398D4CDD093F2802CDCAACDED5B7A90FF36449843F117F8FFEEA6E7DF58124B57BC3ADBDA3637805D3D6EBCD14BFA8C279FB855AEA2809372A4503A2E6671BBEB68DD92EBC7D15A867DFBE577B66F9E6E5AE862201C04711C0531B660530ADB5F6E57F462E215AF494DF5CF6B450D6F76691AADC1CAA6C2EB2675EEEFCF823DD0CFC2D71D3D9CB04AE02E07FED1319856D6E37E0DC2A4AB2B2875A37FCD069910BB6D9EF0FA50E03C9A64813593A3FB2B14253D763F5DA56376FFE0DB9BE903DCA29DFD544756AB5BEE3F6AC2DC46CB62DBE0A3ED8BBB8657B0C2015EA3ACDE3E8A1FA8ADB30D0712B013117A125E7DB9D4A4A67669A23400080F644CA327A98459ECD4AC130D1A0F07AA37575449C8306FCE8F83AA67F5B07239F669985920603535DA3E8C12442B3025ABA697A981F2BA69B6C0867553F977F1A199B8BB7698BA892FBC22AA0E6DCFA4AB1C3988F359846FD8F865A50877D53CCD0190B2E9389B83A0ACB9BC5371A7D48744E6159649C9210836FEDBF65C690FC53DBC25F6A6E53875A7DC235EA5DD70F74560B6E59C77436408108981CC7DED83C356259E5EDFB8F4C59BC3552D9083D782D42EED7F00BB58C017F730597187179788F4A94006B4A92649B2F4F8A465418A8A41F37B3263C083220898B90CBB9CD7CE30A97E08B96B72865B1D72BF63C3FA34563E26BCB5623E1A93C2F523A0B4F9CEB0F24117D35942F94EE753EB9BDAFF9ACC85A3D367A26DD511007BF5CA16BB9A7F78355134C5A0B973B4887DD88FD8ED37DAF0DD07E28F7BEACB8FE5B9C5E378E841234D5E30CD1CD928012672F9147AAD28C06C09D18080DDC817E9603BB7C8799C1FAFEE9839A1090E5A810262A8C1542A916D7F63868CD92B16A9FBA6A75EF4198B87F30E902A87952DD"
"OODEFRAG12.00.00.01PROFESSIONAL"="65BB4635D789B3206AABE192F25F06E3D9F1713436F0FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B98089DB7CE019D40AA5CBA7FD869164D67948EDD5E5BE2F6E6670DFE14C9E1DF0FD3E934BFEA822EE1ACBB289CC170D7B07E2C3796859BC30D380C13A989B66E5F8B7462894C7889F8C63B6A931C3B386FBD2FD2154BDD52C3492A725E7007BA66C972AB283A20C8FD4BE8DD49CE393B09A58C613643AD41C3424A98DD9B190EE9DB988CC4DB2506C35F709D022B9EEAFC56073E7D88E0ABD75D61C4070D0AB6243333473C3B88DE0F50910FB962EFD6C012708E2196A1B24276F7FA6F294902C2E59EE09EC69FF49D0C1E551C0E86103BC2B33A0B4DF0F9B7902D845CBB1B4868AE4E21B0D013ED1D247F5D0B29103048724AEADAF09FA7E14E30EDCBEE95DE2AE9C716EA115EF3B151AED31C128F4EB9D2C51162AAD4E85EF9C706E955A6A5921BA611F82053B4F0ED3C2A990DD98B51B5C95FA7070B6C3B004C619C668C7A20E718A73CFC18E0E5F84B1801C0190A4895104CE5F592E6806FAB59FBF7DB4344985DB1C98AA3AE911592970239C96F4B8C63138BCB8C8EA580660751CAFB68E41DCE4DE88FC1D7E389DEE584653FE7F8D925B33BC07020198B12CD1E7D2857DC06555C9634161A47408D8520191FA1E5E3C8F04CF1895BB98BD9D09518F17F780A708203891336144913BD238BE24E99B057D1C7DFF5035F22F7F71D023BD67C03B1A8148082731BD6761610D7D8A4916CEC226CEDA8DF5094BE6E530ABC541C6EBE7D62EE81991E4052DF9AFE21E03C67B8702D64E73C4B4B94A68560827683ED53F1B79180F75401D7AAAEE1B2C07F95000FB0F1CEE880D47152399A6BBC4FC73CB997844460E936484E664A5786B10E1B1751A3CCB815DFE26B24B2AB2C9266DCCFB4CBE4A6FCA47BE396612D791F8E76E11DF0A30423C20C2D3206CACCD1D6A96FF84C502620B15D4AC2B8A56387741210D7306BA636759E188255252C094CAF9B7ED2C6BA5BE9EC23A5C1071420450183F61F0D7FCF95E6F06A466ADAA51B0B99988ADC48A9F9BCD42C55695E90296D64255DC9F1E564C03EEFE21EEC083D6F704B877A32F837758977AEBB97F36A921DC0EF326760C49ECDCE98987B885222ED4E40DE64AD97D02F5EEC401A5BFAC15DDC3DADC81C4204AE77B784A3709BFDA40E10984B1E351FF869130C47CAEC5E97409477096A888BB50CF562057CFC71692BB28D5894CF435BD50988FD3979DF8365259D1991E7617AE5ED854460037DD3FACDF581D04A3411959975A8147CD41DF9038371C85649D98D9B170B41DAB9C205E45F4007AA7E1ACEF4E12F3AF4DB22E0A7600E3F6C1573C56191853A545057066429135C1DBF355A2E350100862916"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\SysWOW64\rundll32.exe
c:\windows\SysWOW64\srvany.exe
c:\windows\KMService.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\CyberLink\Shared files\RichVideo.exe
c:\program files (x86)\Mouse Driver\KMConfig.exe
c:\program files (x86)\Samsung\Easy Display Manager\dmhkcore.exe
c:\program files (x86)\Mouse Driver\KMProcess.exe
c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe
c:\program files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe
c:\program files (x86)\Samsung\Movie Color Enhancer\MovieColorEnhancer.exe
c:\program files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe
c:\program files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe
c:\program files (x86)\Samsung\Samsung Update Plus\SUPBackground.exe
.
**************************************************************************
.
Celkový čas: 2011-08-04 20:15:40 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-08-04 18:15
.
Před spuštěním: Volných bajtů: 11 166 404 608
Po spuštění: Volných bajtů: 11 070 615 552
.
- - End Of File - - 5EA29715D78540AA5B4A164A63DE5426

#4 Příspěvek od **Rudy** » 04 srp 2011 19:53

Několik položek CF smazal, zbytek logu vypadá čistý. Nastala nějaká změna?

tomnes · #5 Příspěvek od **tomnes** » 05 srp 2011 15:42

Zatím to vypadá tak, že Centrum zabezpečení systému jede (centrum akcí mi nehlásí že by nejelo).

Security Essentials jsem nezkoušel, ale myslím, že by jet mělo.

S tiskárnou je to stále stejné, ale nevím čím to je, že nejde správně, jestli to způsobil vir nebo je to nějaký problém ovladačů - ikdyž nikdy s nimi problém nebyl (proč by taky vypínali službu "zařazování tisku" (dále jen szt)...). Včera jsem náhodou přišel na to, že když změním kvalitu tisku na 600x600 dpi, tak to vyhodí szt a zmizí tiskárny (jakoby se odinstalovaly). Po restartu tiskárny a znovu zapnutí szt, se už toto samovolně nevypíná a tiskárny se objeví. Ale to už bude asi problém Microsoftu.

Každopádně mockrát vám děkuji za pomoc!

#6 Příspěvek od **Rudy** » 05 srp 2011 16:27

Zkuste reinstal ovladačů k tiskárně. Nejlépe asi bude je odinstalovat a pak nainstalovat zcela nově.

tomnes · #7 Příspěvek od **tomnes** » 05 srp 2011 16:52

To už jsem zkoušel, ani tak to nefunguje. Pro jistotu jsem teď restartoval několikrát PC a problém je zpět - zase nejde Centrum zabezpečení... je zakázáno, musím jej spustit manuálně. NOD32 nebyl aktivní. Po zapnutí všeho už se nevypíná, ale jinak problém bohužel přetrval.

#8 Příspěvek od **Rudy** » 05 srp 2011 17:34

Zkuste Start>spustit>(napsat) services.msc>OK. Otevře se okno správy služeb a v něm nastavte službu NOD a centra zabezpečení na "Automaticky".

Ovladač tiskárny znovu odinstalujte a podle návodu: http://www.viry.cz/forum/viewtopic.php?f=11&t=2791 vymeťte z registry vše, co s tiskárnou souvisí. Pak znovu ovladač nainstalujte.

tomnes · #9 Příspěvek od **tomnes** » 05 srp 2011 18:12

Tiskárna tedy funguje (prozatím).

S NODem jsem to zkoušel už předtím a byl nastavený na Automaticky... nic jsem nezměnil a teď už se zapíná automaticky.

Všechno teď "vypadá", že je OK, i když jsem neudělal na nic kromě smazání registrů od tiskárny EPSON (všechny, které šly). Doufám, že se to zase nevrátí. Ale pořád mám pocit, že to není dořešeno.

#10 Příspěvek od **Rudy** » 05 srp 2011 18:58

1. Můžeme PC ještě zkontrolovat pomocí MBR: http://www2.gmer.net/mbr/mbr.exe . Utilitu po stažení spusťte. Vytvoří krátký log, který sem zkopírujte.

2. Udělejte sken AVPTool: http://www.viry.cz/forum/viewtopic.php?f=29&t=58179 a dejte log.

tomnes · #11 Příspěvek od **tomnes** » 06 srp 2011 20:17

Tak tady je MBR:

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.1.7601

device: opened successfully
user: error reading MBR
error: Read Neplatný popisovač.
kernel: error reading MBR

A tady AVPTool:

Status: Disinfected (events: 3)
6.8.2011 19:18:50 Disinfected Trojan program Exploit.Linux.Lotoor.u D:\Samsung\FLASH\Darkys_v10.1_Extreme_Edition.zip/data/app/com.darkyrom.darkyconfig-1.apk/assets/raw/asroot High
6.8.2011 19:19:44 Disinfected Trojan program Exploit.Linux.Lotoor.u D:\Samsung\FLASH\Darkys_v10.1_Extreme_Edition.zip/data/app/com.darkyrom.darkyconfig-1.apk High
6.8.2011 19:19:44 Disinfected Trojan program Exploit.Linux.Lotoor.u D:\Samsung\FLASH\Darkys_v10.1_Extreme_Edition.zip High

...ale nemyslím si, že by tyto 3 věci měly něco společného s problémy s centrem zabezpečení atd. (je to ROM pro Android pro můj mobil)

#12 Příspěvek od **Rudy** » 06 srp 2011 20:33

AVPTool smazal 3 trojáky. MBR zjistil chybu MBR, kterou bude třeba opravit (chba je buď poškozený MBR, nebo je v něm MBR rootkit). Použijte návod: http://www.viry.cz/forum/viewtopic.php?f=46&t=106339 - viz oprava spouštění systému.

tomnes · #13 Příspěvek od **tomnes** » 07 srp 2011 17:05

Vyzkouším to. Bude třeba zálohovat data před tím, než se pustím do opravy?

#14 Příspěvek od **Rudy** » 07 srp 2011 17:54

Zálohovat je vždy dobré, pokud odvirováváte PC. Mám to i podpisu. Pokud vše půjde dobře, neměl byste o data přijít.

tomnes · #15 Příspěvek od **tomnes** » 08 srp 2011 19:02

OK, ale bude chvilku trvat než seženu HDD, pak řeknu výsledek.

VIRY.CZ

Nejde Centrum zabezpečení systému ani antivir

Nejde Centrum zabezpečení systému ani antivir

Re: Nejde Centrum zabezpečení systému ani antivir

Re: Nejde Centrum zabezpečení systému ani antivir

Re: Nejde Centrum zabezpečení systému ani antivir

Re: Nejde Centrum zabezpečení systému ani antivir

Re: Nejde Centrum zabezpečení systému ani antivir

Re: Nejde Centrum zabezpečení systému ani antivir

Re: Nejde Centrum zabezpečení systému ani antivir

Re: Nejde Centrum zabezpečení systému ani antivir

Re: Nejde Centrum zabezpečení systému ani antivir

Re: Nejde Centrum zabezpečení systému ani antivir

Re: Nejde Centrum zabezpečení systému ani antivir

Re: Nejde Centrum zabezpečení systému ani antivir

Re: Nejde Centrum zabezpečení systému ani antivir

Re: Nejde Centrum zabezpečení systému ani antivir