Win32/Remtasu Troják

Zpráva

kodl74 · #1 Příspěvek od **kodl74** » 04 lis 2012 22:23

To to mi nachází Nod: soubor Operační paměť » svchost.exe(5640) varianta infiltrace Win32/Remtasu.V trojský kůň nelze léčit

Posílám log: Jinak děkuji za kontrolu

Logfile of random's system information tool 1.08 (written by random/random)
Run by rodina Plachá at 2012-11-04 22:22:27
Microsoft Windows 7 Ultimate Service Pack 1
System drive C: has 207 GB (69%) free of 300 GB
Total RAM: 3326 MB (57% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:22:35, on 4.11.2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16450)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Program Files\GIGABYTE\ET6\GUI.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Winstep\Nexus.exe
D:\HTC Hodiny 3.0\Clock.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\rodina Plachá\Documents\RSIT\RSIT.exe
C:\Program Files\trend micro\rodina Plachá.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [KMPlayer] C:\Windows\system32\nivida\KMPlayer.exe
O4 - HKLM\..\RunOnce: [EasyTuneVI] C:\Program Files\GIGABYTE\ET6\ETCall.exe
O4 - HKCU\..\Run: [Nexus] C:\Program Files\Winstep\Nexus.exe autostart
O4 - HKCU\..\Run: [Clock Widget (HTC Home)] "D:\HTC Hodiny 3.0\Clock.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [KMPlayer] C:\Windows\system32\nivida\KMPlayer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: KM Player.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Zobrazit nebo skrýt HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: CLHNServiceForPowerDVD12 - CyberLink Corp. - C:\Program Files\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe
O23 - Service: CyberLink PowerDVD 12 Media Server Monitor Service - CyberLink - C:\Program Files\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe
O23 - Service: CyberLink PowerDVD 12 Media Server Service - CyberLink - C:\Program Files\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: Sony PC Companion - Avanquest Software - C:\Program Files\Sony\Sony PC Companion\PCCService.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: Winstep Xtreme Service - Unknown owner - C:\Program.exe (file missing)

--
End of file - 7415 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0347C33E-8762-4905-BF09-768834316C61}]
HP Print Enhancer - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-09-20 328248]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26 2217832]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre7\bin\ssv.dll [2012-06-19 453104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28 441216]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2012-06-19 157680]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}]
HP Smart BHO Class - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-09-20 509496]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2010-09-30 98304]
"egui"=C:\Program Files\ESET\ESET Smart Security\egui.exe [2012-03-07 3117344]
"KMPlayer"=C:\Windows\system32\nivida\KMPlayer.exe [2012-11-03 568832]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"EasyTuneVI"=C:\Program Files\GIGABYTE\ET6\ETCall.exe [2007-07-26 20480]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Nexus"=C:\Program Files\Winstep\Nexus.exe [2011-07-05 13283456]
"Clock Widget (HTC Home)"=D:\HTC Hodiny 3.0\Clock.exe [2011-05-25 1981952]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\DTLite.exe [2012-01-19 3477312]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2010-10-11 14940040]
"KMPlayer"=C:\Windows\system32\nivida\KMPlayer.exe [2012-11-03 568832]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [2012-08-27 59280]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2012-09-09 421776]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^rodina Plachá^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^PNotes.lnk]
D:\PNotes1\PNotes.exe [2011-11-12 934912]

C:\Users\rodina Plachá\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
KM Player.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26 2217832]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2012-11-04 10:18:38 ----RSHD---- C:\Windows\system32\nivida
2012-11-02 19:04:48 ----D---- C:\Program Files\Farming Simulator 2013
2012-10-27 14:38:13 ----D---- C:\Program Files\Mozilla Firefox
2012-10-26 15:49:22 ----D---- C:\Users\rodina Plachá\AppData\Roaming\SPORE
2012-10-26 13:27:31 ----D---- C:\MediaServer
2012-10-26 13:27:09 ----D---- C:\ProgramData\PDVD
2012-10-26 13:26:54 ----D---- C:\ProgramData\CyberLink
2012-10-26 13:25:27 ----D---- C:\ProgramData\Temp
2012-10-26 13:25:26 ----D---- C:\ProgramData\install_clap
2012-10-10 18:02:34 ----D---- C:\Users\rodina Plachá\AppData\Roaming\Rovio
2012-10-10 08:43:16 ----A---- C:\Windows\system32\wintrust.dll
2012-10-10 08:43:13 ----A---- C:\Windows\system32\tzres.dll
2012-10-10 08:42:59 ----A---- C:\Windows\system32\KernelBase.dll
2012-10-10 08:42:59 ----A---- C:\Windows\system32\kernel32.dll
2012-10-10 08:42:58 ----AH---- C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2012-10-10 08:42:58 ----AH---- C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2012-10-10 08:42:58 ----AH---- C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2012-10-10 08:42:58 ----AH---- C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-10-10 08:42:58 ----AH---- C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2012-10-10 08:42:58 ----AH---- C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2012-10-10 08:42:58 ----AH---- C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2012-10-10 08:42:58 ----AH---- C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2012-10-10 08:42:58 ----A---- C:\Windows\system32\winsrv.dll
2012-10-10 08:42:58 ----A---- C:\Windows\system32\conhost.exe
2012-10-10 08:42:57 ----AH---- C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2012-10-10 08:42:57 ----AH---- C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2012-10-10 08:42:57 ----AH---- C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2012-10-10 08:42:57 ----AH---- C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2012-10-10 08:42:57 ----AH---- C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2012-10-10 08:42:57 ----AH---- C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2012-10-10 08:42:57 ----AH---- C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2012-10-10 08:42:57 ----AH---- C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2012-10-10 08:42:57 ----AH---- C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2012-10-10 08:42:57 ----AH---- C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2012-10-10 08:42:57 ----AH---- C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2012-10-10 08:42:57 ----AH---- C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2012-10-10 08:42:57 ----AH---- C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2012-10-10 08:42:57 ----AH---- C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2012-10-10 08:42:56 ----AH---- C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2012-10-10 08:42:56 ----AH---- C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2012-10-10 08:42:56 ----AH---- C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2012-10-10 08:42:56 ----AH---- C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2012-10-10 08:42:56 ----AH---- C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2012-10-10 08:42:56 ----AH---- C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2012-10-10 08:42:48 ----A---- C:\Windows\system32\crypt32.dll
2012-10-10 08:42:47 ----A---- C:\Windows\system32\cryptsvc.dll
2012-10-10 08:42:47 ----A---- C:\Windows\system32\cryptnet.dll
2012-10-10 08:42:41 ----A---- C:\Windows\system32\drivers\ntfs.sys
2012-10-10 08:42:40 ----A---- C:\Windows\system32\kerberos.dll
2012-10-10 08:42:34 ----A---- C:\Windows\system32\ntoskrnl.exe
2012-10-10 08:42:34 ----A---- C:\Windows\system32\ntkrnlpa.exe

======List of files/folders modified in the last 1 months======

2012-11-04 22:22:35 ----D---- C:\Windows\Prefetch
2012-11-04 22:22:31 ----D---- C:\Program Files\trend micro
2012-11-04 22:22:29 ----D---- C:\Windows\Temp
2012-11-04 22:22:24 ----D---- C:\Users\rodina Plachá\AppData\Roaming\uTorrent
2012-11-04 22:08:15 ----D---- C:\Users\rodina Plachá\AppData\Roaming\Skype
2012-11-04 22:01:19 ----D---- C:\torrent
2012-11-04 17:27:15 ----D---- C:\Windows\system32\config
2012-11-04 14:09:05 ----D---- C:\Windows\System32
2012-11-04 14:09:05 ----D---- C:\Windows\inf
2012-11-04 14:09:05 ----A---- C:\Windows\system32\PerfStringBackup.INI
2012-11-04 10:22:28 ----RD---- C:\Program Files
2012-11-03 23:46:48 ----SHD---- C:\System Volume Information
2012-11-02 12:43:31 ----D---- C:\Windows\system32\catroot2
2012-11-02 11:17:26 ----D---- C:\Windows
2012-11-02 11:17:09 ----HD---- C:\Program Files\InstallShield Installation Information
2012-10-29 21:38:52 ----D---- C:\Virtuální hry
2012-10-28 20:41:52 ----D---- C:\Windows\Logs
2012-10-28 08:21:08 ----D---- C:\Program Files\Mozilla Maintenance Service
2012-10-27 23:03:01 ----D---- C:\Windows\system32\catroot
2012-10-27 23:02:12 ----D---- C:\ProgramData\Sony Ericsson
2012-10-27 23:02:04 ----D---- C:\Program Files\Sony Ericsson
2012-10-26 15:41:34 ----D---- C:\Program Files\Electronic Arts
2012-10-26 14:30:50 ----D---- C:\Users\rodina Plachá\AppData\Roaming\Mp3tag
2012-10-26 14:01:03 ----D---- C:\Záloha registru
2012-10-26 13:55:08 ----SHD---- C:\Windows\Installer
2012-10-26 13:55:08 ----D---- C:\Program Files\CyberLink
2012-10-26 13:55:06 ----HD---- C:\Config.Msi
2012-10-26 13:35:19 ----D---- C:\Windows\pss
2012-10-26 13:33:17 ----D---- C:\Users\rodina Plachá\AppData\Roaming\CyberLink
2012-10-26 13:32:13 ----D---- C:\Windows\system32\Tasks
2012-10-26 13:27:09 ----HD---- C:\ProgramData
2012-10-26 13:26:00 ----D---- C:\Windows\winsxs
2012-10-23 16:15:07 ----D---- C:\Users\rodina Plachá\AppData\Roaming\Zoner
2012-10-23 16:15:05 ----D---- C:\Program Files\Zoner
2012-10-22 19:57:49 ----D---- C:\Program Files\Common Files\Steam
2012-10-22 19:57:47 ----D---- C:\Program Files\Steam
2012-10-21 19:44:02 ----RSD---- C:\Windows\Fonts
2012-10-16 18:12:03 ----D---- C:\Windows\system32\drivers
2012-10-11 15:27:36 ----D---- C:\Windows\rescache
2012-10-11 07:49:46 ----D---- C:\Windows\system32\cs-CZ
2012-10-10 22:25:07 ----D---- C:\ProgramData\Microsoft Help
2012-10-10 22:23:00 ----D---- C:\Windows\debug
2012-10-10 22:22:59 ----A---- C:\Windows\system32\MRT.exe
2012-10-10 20:39:27 ----D---- C:\Program Files\Mp3tag
2012-10-09 14:32:07 ----A---- C:\Windows\system32\FlashPlayerApp.exe
2012-10-07 10:31:26 ----D---- C:\Program Files\Opera
2012-10-06 10:46:43 ----D---- C:\ProgramData\boost_interprocess

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 epfwwfp;epfwwfp; C:\Windows\system32\DRIVERS\epfwwfp.sys [2012-03-14 50624]
R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12368]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 173440]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2012-01-20 428088]
R0 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\drivers\vmbus.sys [2010-11-20 175360]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-20 388096]
R1 eamonm;eamonm; C:\Windows\system32\DRIVERS\eamonm.sys [2012-03-14 169080]
R1 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [2012-03-14 120152]
R1 EpfwLWF;Epfw NDIS LightWeight Filter; C:\Windows\system32\DRIVERS\EpfwLWF.sys [2012-03-14 33656]
R2 atksgt;atksgt; C:\Windows\system32\DRIVERS\atksgt.sys [2011-12-18 281760]
R2 epfw;epfw; C:\Windows\system32\DRIVERS\epfw.sys [2012-03-14 148504]
R2 lirsgt;lirsgt; C:\Windows\system32\DRIVERS\lirsgt.sys [2011-12-18 25888]
R2 ntk_PowerDVD12;ntk_PowerDVD12; \??\C:\Program Files\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\ntk_PowerDVD12.sys [2012-06-20 121208]
R2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2010-09-28 6472192]
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2010-09-28 228352]
R3 AODDriver;AODDriver; \??\C:\Program Files\GIGABYTE\ET6\i386\AODDriver.sys [2010-03-12 36864]
R3 BthEnum;Ovladač pro Bluetooth Request Block; C:\Windows\system32\drivers\BthEnum.sys [2009-07-14 34816]
R3 BthPan;Zařízení Bluetooth (síť PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 93696]
R3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2011-04-28 60416]
R3 gdrv;gdrv; \??\C:\Windows\gdrv.sys [2012-11-04 17488]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2012-08-21 26840]
R3 GVTDrv;GVTDrv; \??\C:\Windows\system32\Drivers\GVTDrv.sys [2012-11-04 24944]
R3 LVPr2Mon;Logitech LVPr2Mon Driver; C:\Windows\system32\DRIVERS\LVPr2Mon.sys [2009-10-07 25752]
R3 LVRS;Logitech RightSound Filter Driver; C:\Windows\system32\DRIVERS\lvrs.sys [2009-05-01 265496]
R3 LVUSBSta;Logitech USB Monitor Filter; C:\Windows\system32\drivers\LVUSBSta.sys [2008-07-26 41752]
R3 pepifilter;Volume Adapter; C:\Windows\system32\DRIVERS\lv302af.sys [2009-04-30 13976]
R3 PID_PEPI;Logitech QuickCam IM(PID_PEPI); C:\Windows\system32\DRIVERS\LV302V32.SYS [2009-04-30 2687512]
R3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 129536]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt86win7.sys [2010-03-22 278560]
S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]
S3 ALSysIO;ALSysIO; \??\C:\Users\RODINA~1\AppData\Local\Temp\ALSysIO.sys []
S3 amdagp;Ovladač filtru AMD portu AGP; C:\Windows\system32\drivers\amdagp.sys [2009-07-14 53312]
S3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2010-09-28 6472192]
S3 AVerPola;AVerMedia USB Polaris Series Capture Service; C:\Windows\system32\DRIVERS\AVerPola.sys [2011-09-20 523904]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-13 229888]
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2012-07-06 393728]
S3 Dot4;MS IEEE-1284.4 Driver; C:\Windows\system32\DRIVERS\Dot4.sys [2009-07-14 131072]
S3 Dot4Print;Print Class Driver for IEEE-1284.4; C:\Windows\system32\drivers\Dot4Prt.sys [2010-11-20 16384]
S3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys [2009-07-14 36864]
S3 EagleNT;EagleNT; \??\C:\Windows\system32\drivers\EagleNT.sys []
S3 etdrv;etdrv; \??\C:\Windows\etdrv.sys [2012-08-12 17488]
S3 ggflt;SEMC USB Flash Driver Filter; C:\Windows\system32\DRIVERS\ggflt.sys [2012-07-29 12400]
S3 ggsemc;SEMC USB Flash Driver; C:\Windows\system32\DRIVERS\ggsemc.sys [2012-07-29 25200]
S3 HTCAND32;HTC Device Driver; C:\Windows\System32\Drivers\ANDROIDUSB.sys [2009-10-26 25088]
S3 LVHybrid;LVHybrid service; C:\Windows\system32\DRIVERS\LVHybrid.sys [2005-07-25 800000]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-20 133632]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2010-11-20 15872]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-20 5632]
S3 sisagp;Filtr SIS sběrnice AGP; C:\Windows\system32\drivers\sisagp.sys [2009-07-14 52304]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-20 28032]
S3 Synth3dVsc;Synth3dVsc; C:\Windows\System32\drivers\synth3dvsc.sys []
S3 TsUsbFlt;@%SystemRoot%\system32\drivers\tsusbflt.sys,-1; C:\Windows\System32\drivers\tsusbflt.sys [2010-11-20 52224]
S3 tsusbhub;@%SystemRoot%\system32\drivers\tsusbhub.sys,-1; C:\Windows\system32\drivers\tsusbhub.sys []
S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2012-07-09 44032]
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2009-07-14 35840]
S3 VGPU;VGPU; C:\Windows\System32\drivers\rdvgkmd.sys []
S3 viaagp;Filtr VIA sběrnice AGP; C:\Windows\system32\drivers\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-20 17920]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-20 35968]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2010-09-28 176128]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2012-08-11 55184]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2011-08-30 390504]
R2 Capture Device Service;Capture Device Service; C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe [2007-03-06 198168]
R2 CLHNServiceForPowerDVD12;CLHNServiceForPowerDVD12; C:\Program Files\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe [2012-09-19 90640]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 CyberLink PowerDVD 12 Media Server Monitor Service;CyberLink PowerDVD 12 Media Server Monitor Service; C:\Program Files\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe [2012-09-19 78352]
R2 CyberLink PowerDVD 12 Media Server Service;CyberLink PowerDVD 12 Media Server Service; C:\Program Files\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe [2012-09-19 295440]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2012-03-07 913144]
R2 hpqddsvc;Služba HP CUE DeviceDiscovery; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R2 LVPrcSrv;Process Monitor; C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2009-10-07 154136]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared files\RichVideo.exe [2010-08-19 247152]
R2 Winstep Xtreme Service;Winstep Xtreme Service; C:\Program Files\Winstep\WsxService []
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2011-03-28 1713536]
R3 hpqcxs08;hpqcxs08; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-09 250808]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2009-06-10 31064]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2012-09-09 821648]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2009-02-26 64856]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2012-10-27 115168]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 Sony PC Companion;Sony PC Companion; C:\Program Files\Sony\Sony PC Companion\PCCService.exe [2012-01-18 155320]
S3 Steam Client Service;Steam Client Service; C:\Program Files\Common Files\Steam\SteamService.exe [2012-10-22 529744]
S3 SwitchBoard;SwitchBoard; C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2011-02-11 1343400]

-----------------EOF-----------------

#2 Příspěvek od **vyosek** » 04 lis 2012 22:26

Zdravim

Poprosim i o druhy log z RSIT s nazvem info.txt, je ulozen v c:\rsit

Stahnete MBRScan http://eric71.geekstogo.com/tools/MbrScan.exe

Ulozte nejlepe na plochu
Pokud pouzivate Win Vista ci W7, kliknete na MBRScan pravym a dejte Run As Administrator ci Spustit jako spravce
Kliknete na Report
Po chvilce se objevi log do souboru MBRScan.txt, ten sem vlozte

Stahnete RogueKiller http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe

Ukoncete vsechny programy
Pokud pouzivate Win Vista ci W7, kliknete na RogueKiller pravym a dejte Run As Administrator ci Spustit jako spravce
Pockejte na dokonceni PreScanu
Zvolte moznost Prohledat (scan)
Po dokonceni skenu kliknete na Zpráva (Report)- otevre se log, ten sem vlozte
Detailni postup vc. obrazku mate zde http://forum.viry.cz/viewtopic.php?f=24&t=120452

kodl74 · #3 Příspěvek od **kodl74** » 04 lis 2012 22:30

Zde je:
Logfile of random's system information tool 1.08 (written by random/random)
Run by rodina Plachá at 2012-11-04 22:22:27
Microsoft Windows 7 Ultimate Service Pack 1
System drive C: has 207 GB (69%) free of 300 GB
Total RAM: 3326 MB (57% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:22:35, on 4.11.2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16450)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Program Files\GIGABYTE\ET6\GUI.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Winstep\Nexus.exe
D:\HTC Hodiny 3.0\Clock.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\rodina Plachá\Documents\RSIT\RSIT.exe
C:\Program Files\trend micro\rodina Plachá.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [KMPlayer] C:\Windows\system32\nivida\KMPlayer.exe
O4 - HKLM\..\RunOnce: [EasyTuneVI] C:\Program Files\GIGABYTE\ET6\ETCall.exe
O4 - HKCU\..\Run: [Nexus] C:\Program Files\Winstep\Nexus.exe autostart
O4 - HKCU\..\Run: [Clock Widget (HTC Home)] "D:\HTC Hodiny 3.0\Clock.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [KMPlayer] C:\Windows\system32\nivida\KMPlayer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: KM Player.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Zobrazit nebo skrýt HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: CLHNServiceForPowerDVD12 - CyberLink Corp. - C:\Program Files\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe
O23 - Service: CyberLink PowerDVD 12 Media Server Monitor Service - CyberLink - C:\Program Files\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe
O23 - Service: CyberLink PowerDVD 12 Media Server Service - CyberLink - C:\Program Files\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: Sony PC Companion - Avanquest Software - C:\Program Files\Sony\Sony PC Companion\PCCService.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: Winstep Xtreme Service - Unknown owner - C:\Program.exe (file missing)

--
End of file - 7415 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0347C33E-8762-4905-BF09-768834316C61}]
HP Print Enhancer - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-09-20 328248]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26 2217832]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre7\bin\ssv.dll [2012-06-19 453104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28 441216]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2012-06-19 157680]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}]
HP Smart BHO Class - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-09-20 509496]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2010-09-30 98304]
"egui"=C:\Program Files\ESET\ESET Smart Security\egui.exe [2012-03-07 3117344]
"KMPlayer"=C:\Windows\system32\nivida\KMPlayer.exe [2012-11-03 568832]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"EasyTuneVI"=C:\Program Files\GIGABYTE\ET6\ETCall.exe [2007-07-26 20480]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Nexus"=C:\Program Files\Winstep\Nexus.exe [2011-07-05 13283456]
"Clock Widget (HTC Home)"=D:\HTC Hodiny 3.0\Clock.exe [2011-05-25 1981952]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\DTLite.exe [2012-01-19 3477312]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2010-10-11 14940040]
"KMPlayer"=C:\Windows\system32\nivida\KMPlayer.exe [2012-11-03 568832]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [2012-08-27 59280]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2012-09-09 421776]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^rodina Plachá^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^PNotes.lnk]
D:\PNotes1\PNotes.exe [2011-11-12 934912]

C:\Users\rodina Plachá\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
KM Player.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26 2217832]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2012-11-04 10:18:38 ----RSHD---- C:\Windows\system32\nivida
2012-11-02 19:04:48 ----D---- C:\Program Files\Farming Simulator 2013
2012-10-27 14:38:13 ----D---- C:\Program Files\Mozilla Firefox
2012-10-26 15:49:22 ----D---- C:\Users\rodina Plachá\AppData\Roaming\SPORE
2012-10-26 13:27:31 ----D---- C:\MediaServer
2012-10-26 13:27:09 ----D---- C:\ProgramData\PDVD
2012-10-26 13:26:54 ----D---- C:\ProgramData\CyberLink
2012-10-26 13:25:27 ----D---- C:\ProgramData\Temp
2012-10-26 13:25:26 ----D---- C:\ProgramData\install_clap
2012-10-10 18:02:34 ----D---- C:\Users\rodina Plachá\AppData\Roaming\Rovio
2012-10-10 08:43:16 ----A---- C:\Windows\system32\wintrust.dll
2012-10-10 08:43:13 ----A---- C:\Windows\system32\tzres.dll
2012-10-10 08:42:59 ----A---- C:\Windows\system32\KernelBase.dll
2012-10-10 08:42:59 ----A---- C:\Windows\system32\kernel32.dll
2012-10-10 08:42:58 ----AH---- C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2012-10-10 08:42:58 ----AH---- C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2012-10-10 08:42:58 ----AH---- C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2012-10-10 08:42:58 ----AH---- C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-10-10 08:42:58 ----AH---- C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2012-10-10 08:42:58 ----AH---- C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2012-10-10 08:42:58 ----AH---- C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2012-10-10 08:42:58 ----AH---- C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2012-10-10 08:42:58 ----A---- C:\Windows\system32\winsrv.dll
2012-10-10 08:42:58 ----A---- C:\Windows\system32\conhost.exe
2012-10-10 08:42:57 ----AH---- C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2012-10-10 08:42:57 ----AH---- C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2012-10-10 08:42:57 ----AH---- C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2012-10-10 08:42:57 ----AH---- C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2012-10-10 08:42:57 ----AH---- C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2012-10-10 08:42:57 ----AH---- C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2012-10-10 08:42:57 ----AH---- C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2012-10-10 08:42:57 ----AH---- C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2012-10-10 08:42:57 ----AH---- C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2012-10-10 08:42:57 ----AH---- C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2012-10-10 08:42:57 ----AH---- C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2012-10-10 08:42:57 ----AH---- C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2012-10-10 08:42:57 ----AH---- C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2012-10-10 08:42:57 ----AH---- C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2012-10-10 08:42:56 ----AH---- C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2012-10-10 08:42:56 ----AH---- C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2012-10-10 08:42:56 ----AH---- C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2012-10-10 08:42:56 ----AH---- C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2012-10-10 08:42:56 ----AH---- C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2012-10-10 08:42:56 ----AH---- C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2012-10-10 08:42:48 ----A---- C:\Windows\system32\crypt32.dll
2012-10-10 08:42:47 ----A---- C:\Windows\system32\cryptsvc.dll
2012-10-10 08:42:47 ----A---- C:\Windows\system32\cryptnet.dll
2012-10-10 08:42:41 ----A---- C:\Windows\system32\drivers\ntfs.sys
2012-10-10 08:42:40 ----A---- C:\Windows\system32\kerberos.dll
2012-10-10 08:42:34 ----A---- C:\Windows\system32\ntoskrnl.exe
2012-10-10 08:42:34 ----A---- C:\Windows\system32\ntkrnlpa.exe

======List of files/folders modified in the last 1 months======

2012-11-04 22:22:35 ----D---- C:\Windows\Prefetch
2012-11-04 22:22:31 ----D---- C:\Program Files\trend micro
2012-11-04 22:22:29 ----D---- C:\Windows\Temp
2012-11-04 22:22:24 ----D---- C:\Users\rodina Plachá\AppData\Roaming\uTorrent
2012-11-04 22:08:15 ----D---- C:\Users\rodina Plachá\AppData\Roaming\Skype
2012-11-04 22:01:19 ----D---- C:\torrent
2012-11-04 17:27:15 ----D---- C:\Windows\system32\config
2012-11-04 14:09:05 ----D---- C:\Windows\System32
2012-11-04 14:09:05 ----D---- C:\Windows\inf
2012-11-04 14:09:05 ----A---- C:\Windows\system32\PerfStringBackup.INI
2012-11-04 10:22:28 ----RD---- C:\Program Files
2012-11-03 23:46:48 ----SHD---- C:\System Volume Information
2012-11-02 12:43:31 ----D---- C:\Windows\system32\catroot2
2012-11-02 11:17:26 ----D---- C:\Windows
2012-11-02 11:17:09 ----HD---- C:\Program Files\InstallShield Installation Information
2012-10-29 21:38:52 ----D---- C:\Virtuální hry
2012-10-28 20:41:52 ----D---- C:\Windows\Logs
2012-10-28 08:21:08 ----D---- C:\Program Files\Mozilla Maintenance Service
2012-10-27 23:03:01 ----D---- C:\Windows\system32\catroot
2012-10-27 23:02:12 ----D---- C:\ProgramData\Sony Ericsson
2012-10-27 23:02:04 ----D---- C:\Program Files\Sony Ericsson
2012-10-26 15:41:34 ----D---- C:\Program Files\Electronic Arts
2012-10-26 14:30:50 ----D---- C:\Users\rodina Plachá\AppData\Roaming\Mp3tag
2012-10-26 14:01:03 ----D---- C:\Záloha registru
2012-10-26 13:55:08 ----SHD---- C:\Windows\Installer
2012-10-26 13:55:08 ----D---- C:\Program Files\CyberLink
2012-10-26 13:55:06 ----HD---- C:\Config.Msi
2012-10-26 13:35:19 ----D---- C:\Windows\pss
2012-10-26 13:33:17 ----D---- C:\Users\rodina Plachá\AppData\Roaming\CyberLink
2012-10-26 13:32:13 ----D---- C:\Windows\system32\Tasks
2012-10-26 13:27:09 ----HD---- C:\ProgramData
2012-10-26 13:26:00 ----D---- C:\Windows\winsxs
2012-10-23 16:15:07 ----D---- C:\Users\rodina Plachá\AppData\Roaming\Zoner
2012-10-23 16:15:05 ----D---- C:\Program Files\Zoner
2012-10-22 19:57:49 ----D---- C:\Program Files\Common Files\Steam
2012-10-22 19:57:47 ----D---- C:\Program Files\Steam
2012-10-21 19:44:02 ----RSD---- C:\Windows\Fonts
2012-10-16 18:12:03 ----D---- C:\Windows\system32\drivers
2012-10-11 15:27:36 ----D---- C:\Windows\rescache
2012-10-11 07:49:46 ----D---- C:\Windows\system32\cs-CZ
2012-10-10 22:25:07 ----D---- C:\ProgramData\Microsoft Help
2012-10-10 22:23:00 ----D---- C:\Windows\debug
2012-10-10 22:22:59 ----A---- C:\Windows\system32\MRT.exe
2012-10-10 20:39:27 ----D---- C:\Program Files\Mp3tag
2012-10-09 14:32:07 ----A---- C:\Windows\system32\FlashPlayerApp.exe
2012-10-07 10:31:26 ----D---- C:\Program Files\Opera
2012-10-06 10:46:43 ----D---- C:\ProgramData\boost_interprocess

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 epfwwfp;epfwwfp; C:\Windows\system32\DRIVERS\epfwwfp.sys [2012-03-14 50624]
R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12368]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 173440]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2012-01-20 428088]
R0 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\drivers\vmbus.sys [2010-11-20 175360]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-20 388096]
R1 eamonm;eamonm; C:\Windows\system32\DRIVERS\eamonm.sys [2012-03-14 169080]
R1 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [2012-03-14 120152]
R1 EpfwLWF;Epfw NDIS LightWeight Filter; C:\Windows\system32\DRIVERS\EpfwLWF.sys [2012-03-14 33656]
R2 atksgt;atksgt; C:\Windows\system32\DRIVERS\atksgt.sys [2011-12-18 281760]
R2 epfw;epfw; C:\Windows\system32\DRIVERS\epfw.sys [2012-03-14 148504]
R2 lirsgt;lirsgt; C:\Windows\system32\DRIVERS\lirsgt.sys [2011-12-18 25888]
R2 ntk_PowerDVD12;ntk_PowerDVD12; \??\C:\Program Files\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\ntk_PowerDVD12.sys [2012-06-20 121208]
R2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2010-09-28 6472192]
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2010-09-28 228352]
R3 AODDriver;AODDriver; \??\C:\Program Files\GIGABYTE\ET6\i386\AODDriver.sys [2010-03-12 36864]
R3 BthEnum;Ovladač pro Bluetooth Request Block; C:\Windows\system32\drivers\BthEnum.sys [2009-07-14 34816]
R3 BthPan;Zařízení Bluetooth (síť PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 93696]
R3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2011-04-28 60416]
R3 gdrv;gdrv; \??\C:\Windows\gdrv.sys [2012-11-04 17488]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2012-08-21 26840]
R3 GVTDrv;GVTDrv; \??\C:\Windows\system32\Drivers\GVTDrv.sys [2012-11-04 24944]
R3 LVPr2Mon;Logitech LVPr2Mon Driver; C:\Windows\system32\DRIVERS\LVPr2Mon.sys [2009-10-07 25752]
R3 LVRS;Logitech RightSound Filter Driver; C:\Windows\system32\DRIVERS\lvrs.sys [2009-05-01 265496]
R3 LVUSBSta;Logitech USB Monitor Filter; C:\Windows\system32\drivers\LVUSBSta.sys [2008-07-26 41752]
R3 pepifilter;Volume Adapter; C:\Windows\system32\DRIVERS\lv302af.sys [2009-04-30 13976]
R3 PID_PEPI;Logitech QuickCam IM(PID_PEPI); C:\Windows\system32\DRIVERS\LV302V32.SYS [2009-04-30 2687512]
R3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 129536]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt86win7.sys [2010-03-22 278560]
S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]
S3 ALSysIO;ALSysIO; \??\C:\Users\RODINA~1\AppData\Local\Temp\ALSysIO.sys []
S3 amdagp;Ovladač filtru AMD portu AGP; C:\Windows\system32\drivers\amdagp.sys [2009-07-14 53312]
S3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2010-09-28 6472192]
S3 AVerPola;AVerMedia USB Polaris Series Capture Service; C:\Windows\system32\DRIVERS\AVerPola.sys [2011-09-20 523904]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-13 229888]
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2012-07-06 393728]
S3 Dot4;MS IEEE-1284.4 Driver; C:\Windows\system32\DRIVERS\Dot4.sys [2009-07-14 131072]
S3 Dot4Print;Print Class Driver for IEEE-1284.4; C:\Windows\system32\drivers\Dot4Prt.sys [2010-11-20 16384]
S3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys [2009-07-14 36864]
S3 EagleNT;EagleNT; \??\C:\Windows\system32\drivers\EagleNT.sys []
S3 etdrv;etdrv; \??\C:\Windows\etdrv.sys [2012-08-12 17488]
S3 ggflt;SEMC USB Flash Driver Filter; C:\Windows\system32\DRIVERS\ggflt.sys [2012-07-29 12400]
S3 ggsemc;SEMC USB Flash Driver; C:\Windows\system32\DRIVERS\ggsemc.sys [2012-07-29 25200]
S3 HTCAND32;HTC Device Driver; C:\Windows\System32\Drivers\ANDROIDUSB.sys [2009-10-26 25088]
S3 LVHybrid;LVHybrid service; C:\Windows\system32\DRIVERS\LVHybrid.sys [2005-07-25 800000]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-20 133632]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2010-11-20 15872]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-20 5632]
S3 sisagp;Filtr SIS sběrnice AGP; C:\Windows\system32\drivers\sisagp.sys [2009-07-14 52304]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-20 28032]
S3 Synth3dVsc;Synth3dVsc; C:\Windows\System32\drivers\synth3dvsc.sys []
S3 TsUsbFlt;@%SystemRoot%\system32\drivers\tsusbflt.sys,-1; C:\Windows\System32\drivers\tsusbflt.sys [2010-11-20 52224]
S3 tsusbhub;@%SystemRoot%\system32\drivers\tsusbhub.sys,-1; C:\Windows\system32\drivers\tsusbhub.sys []
S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2012-07-09 44032]
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2009-07-14 35840]
S3 VGPU;VGPU; C:\Windows\System32\drivers\rdvgkmd.sys []
S3 viaagp;Filtr VIA sběrnice AGP; C:\Windows\system32\drivers\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-20 17920]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-20 35968]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2010-09-28 176128]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2012-08-11 55184]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2011-08-30 390504]
R2 Capture Device Service;Capture Device Service; C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe [2007-03-06 198168]
R2 CLHNServiceForPowerDVD12;CLHNServiceForPowerDVD12; C:\Program Files\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe [2012-09-19 90640]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 CyberLink PowerDVD 12 Media Server Monitor Service;CyberLink PowerDVD 12 Media Server Monitor Service; C:\Program Files\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe [2012-09-19 78352]
R2 CyberLink PowerDVD 12 Media Server Service;CyberLink PowerDVD 12 Media Server Service; C:\Program Files\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe [2012-09-19 295440]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2012-03-07 913144]
R2 hpqddsvc;Služba HP CUE DeviceDiscovery; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R2 LVPrcSrv;Process Monitor; C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2009-10-07 154136]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared files\RichVideo.exe [2010-08-19 247152]
R2 Winstep Xtreme Service;Winstep Xtreme Service; C:\Program Files\Winstep\WsxService []
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2011-03-28 1713536]
R3 hpqcxs08;hpqcxs08; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-09 250808]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2009-06-10 31064]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2012-09-09 821648]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2009-02-26 64856]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2012-10-27 115168]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 Sony PC Companion;Sony PC Companion; C:\Program Files\Sony\Sony PC Companion\PCCService.exe [2012-01-18 155320]
S3 Steam Client Service;Steam Client Service; C:\Program Files\Common Files\Steam\SteamService.exe [2012-10-22 529744]
S3 SwitchBoard;SwitchBoard; C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2011-02-11 1343400]

-----------------EOF-----------------

kodl74 · #4 Příspěvek od **kodl74** » 04 lis 2012 22:31

Pardon překlep
info.txt logfile of random's system information tool 1.08 2011-06-05 10:56:53

======Uninstall list======

Update for Microsoft Office 2007 (KB2508958)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}
µTorrent-->"C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-0015-0405-0000-0000000FF1CE} /uninstall {1FC5BC34-0301-40D2-9432-05BA220277B8}
2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-0016-0405-0000-0000000FF1CE} /uninstall {1FC5BC34-0301-40D2-9432-05BA220277B8}
2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-0018-0405-0000-0000000FF1CE} /uninstall {1FC5BC34-0301-40D2-9432-05BA220277B8}
2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-0019-0405-0000-0000000FF1CE} /uninstall {1FC5BC34-0301-40D2-9432-05BA220277B8}
2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-001A-0405-0000-0000000FF1CE} /uninstall {1FC5BC34-0301-40D2-9432-05BA220277B8}
2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-001B-0405-0000-0000000FF1CE} /uninstall {1FC5BC34-0301-40D2-9432-05BA220277B8}
2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0405-0000-0000000FF1CE} /uninstall {294B4278-CF7B-40B9-86A1-2D3FF0C2C524}
2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {A0516415-ED61-419A-981D-93596DA74165}
2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045}
2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-001F-041B-0000-0000000FF1CE} /uninstall {10EC59E5-9BCE-4884-BB1A-E28627220232}
2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}
2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-0044-0405-0000-0000000FF1CE} /uninstall {1FC5BC34-0301-40D2-9432-05BA220277B8}
2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-006E-0405-0000-0000000FF1CE} /uninstall {E12F9D31-4025-4BC6-B1B2-AB262C5580B0}
2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-00A1-0405-0000-0000000FF1CE} /uninstall {1FC5BC34-0301-40D2-9432-05BA220277B8}
2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-00BA-0405-0000-0000000FF1CE} /uninstall {1FC5BC34-0301-40D2-9432-05BA220277B8}
32 Bit HP CIO Components Installer-->MsiExec.exe /I{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}
Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\FlashUtil10m_ActiveX.exe -maintain activex
Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\FlashUtil10q_Plugin.exe -maintain plugin
Adobe Reader 9.4.4 - Czech-->MsiExec.exe /I{AC76BA86-7AD7-1029-7B44-A94000000001}
Aktualizace produktu Microsoft Office Excel 2007 Help (KB963678)-->msiexec /package {90120000-0016-0405-0000-0000000FF1CE} /uninstall {0A1FAC46-B899-421D-B1A2-470896DC45DB}
Aktualizace produktu Microsoft Office Powerpoint 2007 Help (KB963669)-->msiexec /package {90120000-0018-0405-0000-0000000FF1CE} /uninstall {5260BB53-C1F7-4A3B-9AEB-3EC9B37FF194}
Aktualizace produktu Microsoft Office Word 2007 Help (KB963665)-->msiexec /package {90120000-001B-0405-0000-0000000FF1CE} /uninstall {E68DD413-B834-4923-8181-0A03B7555187}
Any DVD Converter Professional 4.2.1-->"C:\Program Files\AnvSoft\Any DVD Converter Professional\unins000.exe"
Apple Application Support-->MsiExec.exe /I{EE6097DD-05F4-4178-9719-D3170BF098E8}
Apple Mobile Device Support-->MsiExec.exe /I{5BF5F9C5-E95B-4AFA-94BE-F2A9CA73B61D}
Apple Software Update-->MsiExec.exe /I{C41300B9-185D-475E-BFEC-39EF732F19B1}
Ashampoo Burning Studio 10 v.10.0.10-->"C:\Program Files\Ashampoo\Ashampoo Burning Studio 10\unins000.exe"
Assassin's Creed-->C:\Program Files\InstallShield Installation Information\{8CFA9151-6404-409A-AF22-4632D04582FD}\setup.exe -runfromtemp -l0x0005 -removeonly
ATI Catalyst Install Manager-->msiexec /q/x{865F8014-4DED-B63D-832A-3FB08FC38479} REBOOT=ReallySuppress
Bambulky 1.0-->"C:\Program Files\Bambulky\unins000.exe"
Bonjour-->MsiExec.exe /X{2A981294-F14C-4F0F-9627-D793270922F8}
Call of Duty(R) 4 - Modern Warfare(TM)-->C:\Program Files\InstallShield Installation Information\{E48469CC-635E-4FD5-A122-1497C286D217}\setup.exe -runfromtemp -l0x0409
Catalyst Control Center - Branding-->MsiExec.exe /I{46CF6A90-7EFB-47E3-9B14-FBCEFA9F9982}
CCleaner-->"C:\Program Files\CCleaner\uninst.exe"
Combined Community Codec Pack 2009-09-09-->"C:\Program Files\Combined Community Codec Pack\unins000.exe"
Cosmo Player 2.1.1-->"C:\Program Files\CosmoSoftware\CosmoPlayer\CosmoPlayer\uninstall.exe"
Crysis(R)-->MsiExec.exe /I{000E79B7-E725-4F01-870A-C12942B7F8E4}
CyberLink PowerDVD 10.0.1516.51 - odinstalovat češtinu-->C:\Program Files\CyberLink\PowerDVD10\odinstalovat_cz.exe
CyberLink PowerDVD 10-->"C:\Program Files\InstallShield Installation Information\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}\Setup.exe" /z-uninstall
CyberLink PowerDVD 10-->"C:\Program Files\InstallShield Installation Information\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}\Setup.exe" /z-uninstall
D3DX10-->MsiExec.exe /X{E09C4DB7-630C-4F06-A631-8EA7239923AF}
Defraggler-->"C:\Program Files\Defraggler\uninst.exe"
DjVuLibre+DjView-->C:\Program Files\DjVuZone\DjVuLibre\uninst.exe
Dream Aquarium 1.234-->rundll32.exe advpack,LaunchINFSection C:\Windows\INF\dream.inf,Uninstall
DVDFab 8.0.5.0 (18/11/2010)-->"C:\Program Files\DVDFab 8\unins000.exe"
Easy Tune 6 B10.0728.1-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{457D7505-D665-4F95-91C3-ECB8C56E9ACA}
EVEREST Ultimate Edition v5.02-->"C:\Program Files\Lavalys\EVEREST Ultimate Edition\unins000.exe"
FlatOut Ultimate Carnage-->C:\Program Files\Empire Interactive\FlatOut Ultimate Carnage\Uninstall.exe
Hard Disk Sentinel PRO-->"C:\Program Files\Hard Disk Sentinel\unins000.exe"
HP Customer Participation Program 13.0-->C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat -forcereboot
HP Imaging Device Functions 13.0-->C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP Photosmart C5300 All-In-One Driver Software 13.0 Rel. 4-->C:\Program Files\HP\Digital Imaging\{6FA29B87-FED3-45A1-8A95-2FDEE0F6DD18}\setup\hpzscr01.exe -datfile hposcr32.dat -onestop -forcereboot
HP Photosmart Essential 3.5-->C:\Program Files\HP\Digital Imaging\PhotosmartEssential\hpzscr01.exe -datfile hpqbud13.dat
HP Smart Web Printing 4.51-->C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpzscr01.exe -datfile hpqbud15.dat
HP Solution Center 13.0-->C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat -forcereboot
HP Update-->MsiExec.exe /X{7059BDA7-E1DB-442C-B7A1-6144596720A4}
HPDiagnosticAlert-->MsiExec.exe /I{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}
InterVideo DeviceService-->MsiExec.exe /I{521AAD14-5030-44BB-8B0E-5CE65FCE57E0}
iTunes-->MsiExec.exe /I{AAD47011-8518-4608-9656-951DA35B587B}
Kyodai Mahjongg 2006 v1.0-->"C:\Program Files\Kyodai Mahjongg 2006\unins000.exe"
LEGO® Harry Potter™: Léta 1–4-->MsiExec.exe /X{EDADEAB8-3E3E-4171-A299-FD7F3D574C8F}
Malwarebytes' Anti-Malware verze 1.51.0.1200-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 4 Client Profile CSY Language Pack-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\ClientLP\Setup.exe /repair /x86 /lcid 1029 /parameterfolder ClientLP
Microsoft .NET Framework 4 Client Profile CSY Language Pack-->MsiExec.exe /X{7036A6F4-5DAD-3908-956D-1752CD7F7E5A}
Microsoft .NET Framework 4 Client Profile-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\Setup.exe /repair /x86 /parameterfolder Client
Microsoft .NET Framework 4 Client Profile-->MsiExec.exe /X{3C3901C5-3455-3E0A-A214-0B093A5070A6}
Microsoft Games for Windows - LIVE Redistributable-->MsiExec.exe /X{F2508213-9989-4E85-A078-72BE483917EF}
Microsoft Games for Windows Marketplace-->MsiExec.exe /X{4CB0307C-565E-4441-86BE-0DF2E4FB828C}
Microsoft Office Access MUI (Czech) 2007-->MsiExec.exe /X{90120000-0015-0405-0000-0000000FF1CE}
Microsoft Office Enterprise 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (Czech) 2007-->MsiExec.exe /X{90120000-0016-0405-0000-0000000FF1CE}
Microsoft Office Groove MUI (Czech) 2007-->MsiExec.exe /X{90120000-00BA-0405-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (Czech) 2007-->MsiExec.exe /X{90120000-0044-0405-0000-0000000FF1CE}
Microsoft Office OneNote MUI (Czech) 2007-->MsiExec.exe /X{90120000-00A1-0405-0000-0000000FF1CE}
Microsoft Office Outlook MUI (Czech) 2007-->MsiExec.exe /X{90120000-001A-0405-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (Czech) 2007-->MsiExec.exe /X{90120000-0018-0405-0000-0000000FF1CE}
Microsoft Office Proof (Czech) 2007-->MsiExec.exe /X{90120000-001F-0405-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Slovak) 2007-->MsiExec.exe /X{90120000-001F-041B-0000-0000000FF1CE}
Microsoft Office Proofing (Czech) 2007-->MsiExec.exe /X{90120000-002C-0405-0000-0000000FF1CE}
Microsoft Office Publisher MUI (Czech) 2007-->MsiExec.exe /X{90120000-0019-0405-0000-0000000FF1CE}
Microsoft Office Shared MUI (Czech) 2007-->MsiExec.exe /X{90120000-006E-0405-0000-0000000FF1CE}
Microsoft Office Word MUI (Czech) 2007-->MsiExec.exe /X{90120000-001B-0405-0000-0000000FF1CE}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft Visual C++ 2005 Redistributable - KB2467175-->MsiExec.exe /X{a0fe116e-9a8a-466f-aee0-625cb7c207e3}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148-->MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570-->MsiExec.exe /X{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022-->MsiExec.exe /X{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
Moorfrosch XXL-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{852DBAD9-ECAC-48FD-99D8-775CF9BFD42C}\Setup.exe" -l0x7
Mozilla Firefox (3.6.17)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MPEG Video Wizard DVD 4.0.4.114 (06/2009)-->"C:\Program Files\Womble Multimedia\MPEG Video Wizard DVD\unins000.exe"
MSVCRT-->MsiExec.exe /I{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
Next Generation Visualisations-->MsiExec.exe /I{2E376AD9-5C49-4F7D-A0BA-6A44E8FA5A3B}
PhotoFiltre-->"C:\Program Files\PhotoFiltre\Uninst.exe"
Polární dobrodružství 2-->C:\Program Files\Polární dobrodružství 2\Uninstall.exe
PunkBuster Services-->C:\Windows\system32\pbsvc.exe -u
QuickTime-->MsiExec.exe /I{57752979-A1C9-4C02-856B-FBB27AC4E02C}
Realtek Ethernet Controller Driver For Windows 7-->C:\Program Files\InstallShield Installation Information\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}\Setup.Exe -runfromtemp -removeonly
Security Update for 2007 Microsoft Office System (KB2288621)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {5C497F0B-2061-4CC9-A61C-6B45B867354D}
Security Update for 2007 Microsoft Office System (KB2288931)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {CD769337-C8AC-46DB-A7DC-643E50089263}
Security Update for 2007 Microsoft Office System (KB2345043)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {536FB502-775F-4494-BACE-C02CC90B7A5B}
Security Update for 2007 Microsoft Office System (KB2466156)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {CEF209AB-F96D-404F-B5CC-44057C057CA3}
Security Update for 2007 Microsoft Office System (KB2509488)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {AD0DE453-0804-4495-9C91-33D0F9AA5463}
Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
Security Update for 2007 Microsoft Office System (KB976321)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {7F207DCA-3399-40CB-A968-6E5991B1421A}
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)-->c:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {3E0806DB-3085-378A-840A-F0D3AE3609D1} /parameterfolder Client
Security Update for Microsoft Office Access 2007 (KB979440)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {1142CCEC-ACA9-484B-BA90-C3A5CA1988C5}
Security Update for Microsoft Office Access 2007 (KB979440)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {5A4E43D5-858F-49BD-BA72-8F30E1793060}
Security Update for Microsoft Office Excel 2007 (KB2464583)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {151E2FEA-C3A6-4CB6-BE6B-16651FDF04BE}
Security Update for Microsoft Office Groove 2007 (KB2494047)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {B91E2AEC-7F93-4E33-ACF6-EC90640CBE4F}
Security Update for Microsoft Office InfoPath 2007 (KB979441)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {1109D0B3-EFA3-4553-AAED-4C3E9AD130E8}
Security Update for Microsoft Office InfoPath 2007 (KB979441)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {8CCB781A-CF6B-4FCB-B6D8-59C64DF5C6DB}
Security Update for Microsoft Office PowerPoint 2007 (KB2535818)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {8588DD11-6BD7-4400-B55C-DD5AB74B43E1}
Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {D75E6D0C-BADF-4F41-98B2-0C0F02C15062}
Security Update for Microsoft Office Publisher 2007 (KB2284697)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {3A4CDE54-2403-483D-8D9A-15E3264410DF}
Security Update for Microsoft Office system 2007 (972581)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {3D019598-7B59-447A-80AE-815B703B84FF}
Security Update for Microsoft Office system 2007 (KB974234)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {FCD742B9-7A55-44BC-A776-F795F21FEDDC}
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {71127777-8B2C-4F97-AF7A-6CF8CAC8224D}
Security Update for Microsoft Office Word 2007 (KB2344993)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {7A5B74FA-7A92-4FC9-821A-2DD5D4E73E48}
Serious Sam 2-->C:\Program Files\Serious Sam 2\Bin\Uninstall.exe
Shop for HP Supplies-->C:\Program Files\HP\Digital Imaging\HPSSupply\hpzscr01.exe -datfile hpqbud16.dat
Skype™ 5.3-->MsiExec.exe /X{5335DADB-34BA-4AE8-A519-648D78498846}
SmartSound Quicktracks Plugin-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}
SolSuite 2010 v10.0-->"C:\Program Files\SolSuite\unins000.exe"
TimeShift-->C:\Program Files\InstallShield Installation Information\{1367FA2F-2B3D-430F-872F-588B93420BFC}\setup.exe -runfromtemp -l0x0005 -removeonly
TmUnitedForever Update 2010-03-15-->"C:\Program Files\TmUnitedForever\unins000.exe"
Tomb Raider: Anniversary 1.0-->C:\Program Files\Tomb Raider - Anniversary\uninsttra.exe
Torchlight-->C:\Program Files\InstallShield Installation Information\{4991FCCE-1131-4B92-B697-9EC0FCAFDA5B}\setup.exe -runfromtemp -l0x0005 -removeonly
Total Commander (Remove or Repair)-->c:\totalcmd\tcuninst.exe
Tropico 3-->C:\Program Files\InstallShield Installation Information\{6CA1CD8C-2D65-491E-9467-00A3ACA4A0A9}\setup.exe -runfromtemp -l0x0005 -removeonly
TS Český jazyk 4 (minimální instalace)-->C:\Program Files\Terasoft\CJ4\Uninstal.exe
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for Microsoft Office OneNote 2007 (KB980729)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {329050A9-EF80-40F9-B633-74508F54C1FF}
Update for Microsoft Office Outlook 2007 (KB2509470)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {1365864D-4C58-489D-9982-844D75691CCC}
Update for Outlook 2007 Junk Email Filter (KB2536413)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {95DF5260-331D-4FFD-A2D5-C64164751945}
Windows Live Communications Platform-->MsiExec.exe /I{D45240D3-B6B3-4FF9-B243-54ECE3E10066}
Windows Live Essentials-->C:\Program Files\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{FE62C88B-425B-4BDE-8B70-CD5AE3B83176}
Windows Live Fotogalerie-->MsiExec.exe /X{FB79FDB7-4DE1-453D-99FE-9A880F57380E}
Windows Live ID Sign-in Assistant-->MsiExec.exe /I{61AD15B2-50DB-4686-A739-14FE180D4429}
Windows Live Installer-->MsiExec.exe /I{0B0F231F-CE6A-483D-AA23-77B364F75917}
Windows Live Movie Maker-->MsiExec.exe /X{64B2D6B3-71AC-45A7-A6A1-2E07ABF58341}
Windows Live Movie Maker-->MsiExec.exe /X{92EA4134-10D1-418A-91E1-5A0453131A38}
Windows Live Photo Common-->MsiExec.exe /X{78906B56-0E81-42A7-AC25-F54C946E1538}
Windows Live Photo Common-->MsiExec.exe /X{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}
Windows Live Photo Gallery-->MsiExec.exe /X{3336F667-9049-4D46-98B6-4C743EEBC5B1}
Windows Live PIMT Platform-->MsiExec.exe /I{83C292B7-38A5-440B-A731-07070E81A64F}
Windows Live SOXE Definitions-->MsiExec.exe /I{200FEC62-3C34-4D60-9CE8-EC372E01C08F}
Windows Live SOXE-->MsiExec.exe /I{682B3E4F-696A-42DE-A41C-4C07EA1678B4}
Windows Live UX Platform Language Pack-->MsiExec.exe /I{1DA6D447-C54D-4833-84D4-3EA31CAECE9B}
Windows Live UX Platform-->MsiExec.exe /I{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}
WinRAR-->C:\Program Files\WinRAR\uninstall.exe
Zoner Photo Studio 13-->"C:\Program Files\Zoner\Photo Studio 13\unins000.exe" /SILENT

======Hosts File======

127.0.0.1 serial.alcohol-soft.com
127.0.0.1 www.alcohol-soft.com
127.0.0.1 images.alcohol-soft.com
127.0.0.1 trial.alcohol-soft.com
127.0.0.1 alcohol-soft.com

======System event log======

Computer Name: rodinaPlachá-PC
Event Code: 62464
Message: UVD Information
Record Number: 36927
Source Name: amdkmdag
Time Written: 20110404210228.163221-000
Event Type: Informace
User:

Computer Name: rodinaPlachá-PC
Event Code: 62464
Message: UVD Information
Record Number: 36926
Source Name: amdkmdag
Time Written: 20110404210228.163221-000
Event Type: Informace
User:

Computer Name: rodinaPlachá-PC
Event Code: 62464
Message: UVD Information
Record Number: 36925
Source Name: amdkmdag
Time Written: 20110404210228.163221-000
Event Type: Informace
User:

Computer Name: rodinaPlachá-PC
Event Code: 62464
Message: UVD Information
Record Number: 36924
Source Name: amdkmdag
Time Written: 20110404210228.163221-000
Event Type: Informace
User:

Computer Name: rodinaPlachá-PC
Event Code: 62464
Message: UVD Information
Record Number: 36923
Source Name: amdkmdag
Time Written: 20110404210228.153221-000
Event Type: Informace
User:

=====Application event log=====

Computer Name: 37L4247D28-05
Event Code: 1001
Message: Chybný blok , typ 0
Název události: PnPDriverNotFound
Reakce: Není k dispozici
ID souboru CAB: 0

Podpis problému:
P1: x86
P2: PCI\VEN_10EC&DEV_8168&SUBSYS_E0001458&REV_06
P3:
P4:
P5:
P6:
P7:
P8:
P9:
P10:

Připojené soubory:
C:\Windows\Temp\DMICE94.tmp.log.xml

Tyto soubory mohou být k dispozici zde:
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_x86_b8a16bf2892a94666b4cb91d18c18cf91b5e_cab_0369cee2

Symbol analýzy:
Opětovné hledání řešení: 0
ID hlášení: cf0e5b60-352a-11e0-8d9d-da0009c4d00d
Stav hlášení: 6
Record Number: 5
Source Name: Windows Error Reporting
Time Written: 20110210153121.000000-000
Event Type: Informace
User:

Computer Name: 37L4247D28-05
Event Code: 5617
Message: Windows Management Instrumentation Service subsystems initialized successfully
Record Number: 4
Source Name: Microsoft-Windows-WMI
Time Written: 20110210153026.000000-000
Event Type: Informace
User:

Computer Name: 37L4247D28-05
Event Code: 5615
Message: Windows Management Instrumentation Service started sucessfully
Record Number: 3
Source Name: Microsoft-Windows-WMI
Time Written: 20110210153023.000000-000
Event Type: Informace
User:

Computer Name: 37L4247D28-05
Event Code: 1531
Message: Služba Profil uživatele byla úspěšně spuštěna.

Record Number: 2
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20110210153019.909698-000
Event Type: Informace
User: NT AUTHORITY\SYSTEM

Computer Name: 37L4247D28-05
Event Code: 4625
Message: Subsystém EventSystem zabraňuje vytváření duplicitních záznamů v protokolu událostí po dobu 86400 sekund. Tuto dobu lze změnit pomocí hodnoty REG_DWORD s názvem SuppressDuplicateDuration v následujícím klíči registru: HKLM\Software\Microsoft\EventSystem\EventLog.
Record Number: 1
Source Name: Microsoft-Windows-EventSystem
Time Written: 20110210153020.000000-000
Event Type: Informace
User:

=====Security event log=====

Computer Name: 37L4247D28-05
Event Code: 4735
Message: Byla změněna zabezpečená místní skupina.

Předmět:
ID zabezpečení: S-1-5-18
Název účtu: 37L4247D28-05$
Doména účtu: WORKGROUP
ID přihlášení: 0x3e7

Skupina:
ID zabezpečení: S-1-5-32-551
Název skupiny: Backup Operators
Doména skupiny: Builtin

Změněné atributy:
Název účtu SAM: -
Historie identifikátoru zabezpečení: -

Další informace:
Oprávnění: -
Record Number: 5
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20110210152957.320859-000
Event Type: Úspěšný audit
User:

Computer Name: 37L4247D28-05
Event Code: 4731
Message: Byla vytvořena zabezpečená místní skupina.

Předmět:
ID zabezpečení: S-1-5-18
Název účtu: 37L4247D28-05$
Doména účtu: WORKGROUP
ID přihlášení: 0x3e7

Nová skupina:
ID zabezpečení: S-1-5-32-551
Název skupiny: Backup Operators
Doména skupiny: Builtin

Atributy:
Název účtu SAM: Backup Operators
Historie identifikátoru zabezpečení: -

Další informace:
Oprávnění: -
Record Number: 4
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20110210152957.320859-000
Event Type: Úspěšný audit
User:

Computer Name: 37L4247D28-05
Event Code: 4902
Message: Tabulka zásad auditu pro jednotlivé uživatele byla vytvořena.

Počet prvků: 0
ID zásady: 0x23eeb
Record Number: 3
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20110210152956.993258-000
Event Type: Úspěšný audit
User:

Computer Name: 37L4247D28-05
Event Code: 4624
Message: Účet byl úspěšně přihlášen.

Předmět:
ID zabezpečení: S-1-0-0
Název účtu: -
Doména účtu: -
ID přihlášení: 0x0

Typ přihlášení: 0

Nové přihlášení:
ID zabezpečení: S-1-5-18
Název účtu: SYSTEM
Doména účtu: NT AUTHORITY
ID přihlášení: 0x3e7
GUID přihlášení: {00000000-0000-0000-0000-000000000000}

Informace o procesu:
ID procesu: 0x4
Název procesu:

Informace o síti:
Název pracovní stanice: -
Adresa zdrojové sítě -
Zdrojový port: -

Podrobné informace o ověření:
Proces přihlášení: -
Balíček ověření: -
Přenosové služby: -
Název balíčku (pouze NTLM): -
Délka klíče: 0

Tato událost je generována po vytvoření relace přihlášení. Je generována v počítači, ke kterému byl získán přístup.

Pole s předmětem označují účet v místním systému, který požadoval přihlášení. Jedná se nejčastěji o službu, například službu serveru nebo místní proces, například Winlogon.exe nebo Services.exe.

Pole Typ přihlášení označuje, k jakému typu přihlášení došlo. Nejběžnější typy jsou 2 (interaktivní) a 3 (síť).

Pole Nové přihlášení označují účet, pro který bylo nové přihlášení vytvořeno, tj. účet, který byl přihlášen.

Pole Síť označují původ požadavku na vzdálené přihlášení. Název pracovní stanice není vždy k dispozici a v některých případech může být toto pole prázdné.

Pole s informacemi o ověření poskytují podrobné informace o tomto konkrétním požadavku na přihlášení.
- GUID přihlášení je jednoznačný identifikátor, který je možné použít ke spojení této události s událostí KDC.
- Přenosové služby označují, které pomocné služby se podílely na tomto požadavku na přihlášení.
- Název balíčku označuje, který dílčí protokol z protokolů NTLM byl použit.
- Délka klíče označuje délku generovaného klíče relace. Tato hodnota bude 0, pokud nebyl požadován žádný klíč relace.
Record Number: 2
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20110210152955.183655-000
Event Type: Úspěšný audit
User:

Computer Name: 37L4247D28-05
Event Code: 4608
Message: Spouští se systém Windows.

Tato událost je zaznamenána při spuštění procesu LSASS.EXE a inicializaci kontrolního podsystému.
Record Number: 1
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20110210152955.090055-000
Event Type: Úspěšný audit
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=C:\Program Files\Common Files\Microsoft Shared\Windows Live;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\Windows Live\Shared;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Common Files\Ulead Systems\MPEG
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\
"NUMBER_OF_PROCESSORS"=3
"PROCESSOR_LEVEL"=16
"PROCESSOR_IDENTIFIER"=x86 Family 16 Model 5 Stepping 3, AuthenticAMD
"PROCESSOR_REVISION"=0503
"asl.log"=Destination=file
"CLASSPATH"=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip
"QTJAVA"=C:\Program Files\QuickTime\QTSystem\QTJava.zip

-----------------EOF-----------------

#5 Příspěvek od **vyosek** » 04 lis 2012 22:36

Fajn, ted MBRScan a RogueKiller

kodl74 · #6 Příspěvek od **kodl74** » 04 lis 2012 22:46

1 log:

RogueKiller V8.2.2 [11/03/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Podpora: http://www.geekstogo.com/forum/files/fi ... guekiller/
Website: http://tigzy.geekstogo.com/roguekiller.php
Operační systém: Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Spuštěno v : Normální režim
Uživatel : rodina Plachá [Práva správce]
Mód : Kontrola -- Datum : 11/04/2012 22:43:06

¤¤¤ Škodlivé procesy: : 1 ¤¤¤
[SVCHOST] svchost.exe -- C:\Windows\System32\svchost.exe -> SMAZÁNO [TermProc]

¤¤¤ ¤¤¤ Záznamy Registrů: : 11 ¤¤¤
[Services][ROGUE ST] HKLM\[...]\ControlSet001\Services\{73526619-C24F-470B-9BED-53D455FBB5C6} (\??\C:\Program Files\CyberLink\PowerDVD12\Common\NavFilter\000.fcl) -> NALEZENO
[Services][ROGUE ST] HKLM\[...]\ControlSet002\Services\{73526619-C24F-470B-9BED-53D455FBB5C6} (\??\C:\Program Files\CyberLink\PowerDVD12\Common\NavFilter\000.fcl) -> NALEZENO
[TASK][SUSP PATH] {08DBEDF1-0846-4428-BFF9-D5FC5E023D38} : C:\Users\rodina Plachá\Desktop\Hd-Tune_2.55.exe -> NALEZENO
[TASK][SUSP PATH] {A7A9E85D-734A-453E-8B4A-206EC46A5B3C} : C:\Users\rodina Plachá\Desktop\Hd-Tune_2.55.exe -> NALEZENO
[TASK][SUSP PATH] {C91AEDA8-FC81-457F-AB25-A77D22D2898D} : C:\Users\rodina Plachá\Desktop\dvdshrink32setup.exe -> NALEZENO
[STARTUP][SUSP PATH] KM Player.exe @rodina Plachá : C:\Users\rodina Plachá\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\KM Player.exe -> NALEZENO
[HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NALEZENO
[HJ DESK] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NALEZENO
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> NALEZENO
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NALEZENO
[SCREENSV][SUSP PATH] HKCU\[...]\Desktop (C:\Windows\DREAMA~1.SCR) -> NALEZENO

¤¤¤ Zvláštní soubory / Složky: ¤¤¤

¤¤¤ Ovladač : [NAHRÁNO] ¤¤¤
IRP[IRP_MJ_CREATE] : \SystemRoot\system32\drivers\winhv.sys -> HOOKED ([MAJOR] Unknown @ 0x857381E8)
IRP[IRP_MJ_CLOSE] : \SystemRoot\system32\drivers\winhv.sys -> HOOKED ([MAJOR] Unknown @ 0x857381E8)
IRP[IRP_MJ_DEVICE_CONTROL] : \SystemRoot\system32\drivers\winhv.sys -> HOOKED ([MAJOR] Unknown @ 0x857381E8)
IRP[IRP_MJ_INTERNAL_DEVICE_CONTROL] : \SystemRoot\system32\drivers\winhv.sys -> HOOKED ([MAJOR] Unknown @ 0x857381E8)
IRP[IRP_MJ_POWER] : \SystemRoot\system32\drivers\winhv.sys -> HOOKED ([MAJOR] Unknown @ 0x857381E8)
IRP[IRP_MJ_SYSTEM_CONTROL] : \SystemRoot\system32\drivers\winhv.sys -> HOOKED ([MAJOR] Unknown @ 0x857381E8)
IRP[IRP_MJ_PNP] : \SystemRoot\system32\drivers\winhv.sys -> HOOKED ([MAJOR] Unknown @ 0x857381E8)

¤¤¤ Soubor HOSTS: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 serial.alcohol-soft.com
127.0.0.1 www.alcohol-soft.com
127.0.0.1 images.alcohol-soft.com
127.0.0.1 trial.alcohol-soft.com
127.0.0.1 alcohol-soft.com

¤¤¤ Kontrola MBR: ¤¤¤

+++++ PhysicalDrive0: SAMSUNG HD642JJ ATA Device +++++
--- User ---
[MBR] 5486261ca6ca79c2ad9ea671ed99bfaf
[BSP] 731363b89cf1faada901f2fff36f303a : Windows 7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 300002 Mo
1 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 614405925 | Size: 310467 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Dokončeno : << RKreport[1]_S_11042012_02d2243.txt >>
RKreport[1]_S_11042012_02d2243.txt

2 log:

Kód: Vybrat vše

MBRScan v1.1.1

OS             : Windows 7 Service Pack 1 (32 bit)
PROCESSOR      : x86 Family 16 Model 5 Stepping 3, AuthenticAMD
BOOT           : Normal Boot
DATE           : 2012/11/04 (ISO 8601) at 22:45:23
________________________________________________________________________________

DISK           : Device\Harddisk0\DR0 __SAMSUNG HD642JJ (1AA01112)
BUS_TYPE       : (0x03)  P-ATA
USE_PIO        : NO
MAX_TRANSFER   : 128 Kb
ALIGNMENT_MASK : word aligned
________________________________________________________________________________

Device\Harddisk0\DR0	596.2 Go  [Fixed] ==> 7 MBR Code

MBR_MD5   : 5486261CA6CA79C2AD9EA671ED99BFAF
MBR_SHA1  : EF9A8BB9336730699400655A5E283499197DD4F2

Device\Harddisk0\Partition1	293.0 Go  	0x07 NTFS / HPFS __ BOOTABLE __
Device\Harddisk0\Partition2	303.2 Go  	0x07 NTFS / HPFS
________________________________________________________________________________

############################### Additional scan ################################

DRIVER  : C:\Windows\System32\Drivers\sptd.sys => LOCKED!
ADDRESS : 0x8BC24000
SIZE    : 1.06 Mo

DRIVER  : C:\Windows\System32\Drivers\dump_dumpata.sys => Invisible on the disk
ADDRESS : 0x98F44000
SIZE    : 44.0 Ko

DRIVER  : C:\Windows\System32\Drivers\dump_atapi.sys => Invisible on the disk
ADDRESS : 0x98F4F000
SIZE    : 36.0 Ko

DRIVER  : C:\Windows\System32\Drivers\dump_dumpfve.sys => Invisible on the disk
ADDRESS : 0x98F58000
SIZE    : 68.0 Ko

DRIVER  : C:\Windows\system32\drivers\TrueSight.sys => Invisible on the disk
ADDRESS : 0xD0AED000
SIZE    : 16.0 Ko

BCD EmsSettings {0CE4991B-E6B3-4B16-B23C-5E0D9250E5D9} => BcdLibraryBoolean_EmsEnabled (16000020)

SystemStartOptions :  NOEXECUTE=OPTIN

________________________________________________________________________________

_______MBR   \Device\Harddisk0\DR0  

0x00000000   33 C0 8E D0 BC 00 7C 8E C0 8E D8 BE 00 7C BF 00   3À.Ð¼.|.À.Ø¾.|¿.
0x00000010   06 B9 00 02 FC F3 A4 50 68 1C 06 CB FB B9 04 00   .¹..üó¤Ph..Ëû¹..
0x00000020   BD BE 07 80 7E 00 00 7C 0B 0F 85 0E 01 83 C5 10   ½¾..~..|......Å.
0x00000030   E2 F1 CD 18 88 56 00 55 C6 46 11 05 C6 46 10 00   âñÍ..V.UÆF..ÆF..
0x00000040   B4 41 BB AA 55 CD 13 5D 72 0F 81 FB 55 AA 75 09   ´A»ªUÍ.]r..ûUªu.
0x00000050   F7 C1 01 00 74 03 FE 46 10 66 60 80 7E 10 00 74   ÷Á..t.þF.f`.~..t
0x00000060   26 66 68 00 00 00 00 66 FF 76 08 68 00 00 68 00   &fh....f.v.h..h.
0x00000070   7C 68 01 00 68 10 00 B4 42 8A 56 00 8B F4 CD 13   |h..h..´B.V..ôÍ.
0x00000080   9F 83 C4 10 9E EB 14 B8 01 02 BB 00 7C 8A 56 00   ..Ä..ë.¸..».|.V.
0x00000090   8A 76 01 8A 4E 02 8A 6E 03 CD 13 66 61 73 1C FE   .v..N..n.Í.fas.þ
0x000000A0   4E 11 75 0C 80 7E 00 80 0F 84 8A 00 B2 80 EB 84   N.u..~......².ë.
0x000000B0   55 32 E4 8A 56 00 CD 13 5D EB 9E 81 3E FE 7D 55   U2ä.V.Í.]ë..>þ}U
0x000000C0   AA 75 6E FF 76 00 E8 8D 00 75 17 FA B0 D1 E6 64   ªun.v.è..u.ú°Ñæd
0x000000D0   E8 83 00 B0 DF E6 60 E8 7C 00 B0 FF E6 64 E8 75   è..°ßæ`è|.°.ædèu
0x000000E0   00 FB B8 00 BB CD 1A 66 23 C0 75 3B 66 81 FB 54   .û¸.»Í.f#Àu;f.ûT
0x000000F0   43 50 41 75 32 81 F9 02 01 72 2C 66 68 07 BB 00   CPAu2.ù..r,fh.».
0x00000100   00 66 68 00 02 00 00 66 68 08 00 00 00 66 53 66   .fh....fh....fSf
0x00000110   53 66 55 66 68 00 00 00 00 66 68 00 7C 00 00 66   SfUfh....fh.|..f
0x00000120   61 68 00 00 07 CD 1A 5A 32 F6 EA 00 7C 00 00 CD   ah...Í.Z2öê.|..Í
0x00000130   18 A0 B7 07 EB 08 A0 B6 07 EB 03 A0 B5 07 32 E4   ..·.ë..¶.ë..µ.2ä
0x00000140   05 00 07 8B F0 AC 3C 00 74 09 BB 07 00 B4 0E CD   ....ð¬<.t.»..´.Í
0x00000150   10 EB F2 F4 EB FD 2B C9 E4 64 EB 00 24 02 E0 F8   .ëòôëý+Éädë.$.àø
0x00000160   24 02 C3 49 6E 76 61 6C 69 64 20 70 61 72 74 69   $.ÃInvalid parti
0x00000170   74 69 6F 6E 20 74 61 62 6C 65 00 45 72 72 6F 72   tion table.Error
0x00000180   20 6C 6F 61 64 69 6E 67 20 6F 70 65 72 61 74 69    loading operati
0x00000190   6E 67 20 73 79 73 74 65 6D 00 4D 69 73 73 69 6E   ng system.Missin
0x000001A0   67 20 6F 70 65 72 61 74 69 6E 67 20 73 79 73 74   g operating syst
0x000001B0   65 6D 00 00 00 63 7B 9A 2B C6 2B C6 00 00 80 01   em...c{.+Æ+Æ....
0x000001C0   01 00 07 FE FF FF 3F 00 00 00 E6 16 9F 24 00 FE   ...þ..?...æ..$.þ
0x000001D0   FF FF 0F FE FF FF 25 17 9F 24 DB 18 E6 25 00 00   ...þ..%..$Û.æ%..
0x000001E0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x000001F0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 AA   ..............Uª

#7 Příspěvek od **vyosek** » 04 lis 2012 22:48

Stahnete RKill http://download.bleepingcomputer.com/grinler/rkill.com

Pokud ho havet blokuje, pouzijte jeden z nasledujicich - i ty prejmenovane
Rkill EXE:
http://download.bleepingcomputer.com/grinler/rkill.exe

Rkill iExplore.exe:
http://download.bleepingcomputer.com/gr ... xplore.exe

Rkill uSeRiNiT.exe:
http://download.bleepingcomputer.com/gr ... eRiNiT.exe

Rkill WiNlOgOn.exe:
http://download.bleepingcomputer.com/gr ... NlOgOn.exe
Ulozte nejlepena plochu a ukoncete vsechny aplikace (jinak to udela RKill za Vas)
Spustte tradicne dvojklikem - program probehne do par sekund a ukonci i svou cinnost
RKill ukonci vsechny ne-systemove procesy - tedy i procesy, pod kterymi bezi havet
Na plose vznikne log Rkill.txt ten mi sem vlozte
Ted nerestartujte PC - prisli byste o ucinek RKillu

PROSIM CTETE DUKLADNE NAVOD - TATO UTILITA MA VELKOU SCHOPNOST MAZAT A JE NUTNE JI APLIKOVAT JEN NA DOPORUCENI, JINAK VAM MUZE JIT SYSTEM DO KYTEK

Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.
Pokud mate Win XP spustte pod uctem Spravce\Administratora
Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte
Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix

kodl74 · #8 Příspěvek od **kodl74** » 04 lis 2012 22:54

Tady je:

Rkill 2.4.4 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 11/04/2012 10:53:06 PM in x86 mode.
Windows Version: Windows 7 Ultimate Service Pack 1

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* No malware processes found to kill.

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* Windows Firewall Disabled

[HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = dword:00000000

Checking Windows Service Integrity:

* No issues found.

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* HOSTS file entries found:

127.0.0.1 serial.alcohol-soft.com
127.0.0.1 www.alcohol-soft.com
127.0.0.1 images.alcohol-soft.com
127.0.0.1 trial.alcohol-soft.com
127.0.0.1 alcohol-soft.com

Program finished at: 11/04/2012 10:53:16 PM
Execution time: 0 hours(s), 0 minute(s), and 10 seconds(s)

#9 Příspěvek od **vyosek** » 04 lis 2012 22:55

Fajn, soupnete tam ComboFix

kodl74 · #10 Příspěvek od **kodl74** » 04 lis 2012 23:20

ComboFix 12-11-04.01 - rodina Plachá 04.11.2012 23:07:32.1.3 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1250.420.1029.18.3326.1818 [GMT 1:00]
Spuštěný z: c:\users\rodina Plachß\Desktop\ComboFix.exe
AV: ESET Smart Security 5.2 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
FW: ESET personal firewall *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
SP: ESET Smart Security 5.2 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\users\rodina Plachá\AppData\Roaming\Microsoft\Windows\h0zMgUiAj.cfg
c:\users\rodina Plachá\AppData\Roaming\Microsoft\Windows\h0zMgUiAj.dat
c:\users\rodina Plachá\AppData\Roaming\Microsoft\Windows\h0zMgUiAj.xtr
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\ST6UNST.000
c:\windows\system32\drivers\RKHit.sys
c:\windows\system32\nivida\KMPlayer.exe
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\regtlib.exe
c:\windows\TEMP\logishrd\LVPrcInj01.dll
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_RKHIT
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-10-04 do 2012-11-04 )))))))))))))))))))))))))))))))
.
.
2012-11-04 22:15 . 2011-02-11 06:54 5943120 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{86007F9F-75AE-4610-A395-1F119E29A1C1}\mpengine.dll
2012-11-04 22:14 . 2012-11-04 22:14 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-11-04 09:21 . 2012-11-04 09:21 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0BB22F52-AE35-4393-B6F3-8D0E214EF1B6}\offreg.dll
2012-11-04 09:18 . 2012-11-04 22:13 -------- d-sh--r- c:\windows\system32\nivida
2012-11-04 09:18 . 2012-11-03 04:12 568832 ----a-w- c:\users\rodina Plachá\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\KM Player.exe
2012-11-02 18:04 . 2012-11-02 18:08 -------- d-----w- c:\program files\Farming Simulator 2013
2012-11-02 11:41 . 2012-10-12 05:56 6918632 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0BB22F52-AE35-4393-B6F3-8D0E214EF1B6}\mpengine.dll
2012-10-28 11:07 . 2012-10-28 11:07 -------- d-----w- c:\users\rodina Plachá\AppData\Local\ElevatedDiagnostics
2012-10-26 14:49 . 2012-10-26 14:49 -------- d-----w- c:\users\rodina Plachá\AppData\Roaming\SPORE
2012-10-26 12:33 . 2012-10-26 12:33 -------- d-----w- c:\users\rodina Plachá\AppData\Local\MediaShow
2012-10-26 12:27 . 2012-10-26 12:27 -------- d-----w- C:\MediaServer
2012-10-26 12:27 . 2012-10-26 12:27 -------- d-----w- c:\users\rodina Plachá\AppData\Local\MediaServer
2012-10-26 12:27 . 2012-10-26 12:27 -------- d-----w- c:\programdata\PDVD
2012-10-26 12:26 . 2012-10-26 12:33 -------- d-----w- c:\programdata\CyberLink
2012-10-26 12:25 . 2012-10-26 12:25 -------- d-----w- c:\programdata\install_clap
2012-10-10 17:02 . 2012-10-10 17:02 -------- d-----w- c:\users\rodina Plachá\AppData\Roaming\Rovio
2012-10-10 07:43 . 2012-08-24 16:57 172544 ----a-w- c:\windows\system32\wintrust.dll
2012-10-10 07:43 . 2012-09-14 18:28 2048 ----a-w- c:\windows\system32\tzres.dll
2012-10-06 11:29 . 2012-10-06 11:29 -------- d-----w- c:\users\rodina Plachá\AppData\Local\Activision
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-04 22:16 . 2011-02-10 15:55 24944 ----a-w- c:\windows\system32\drivers\GVTDrv.sys
2012-11-04 22:15 . 2011-02-10 15:54 17488 ----a-w- c:\windows\gdrv.sys
2012-11-03 04:12 . 2012-11-04 09:18 568832 ----a-w- c:\users\rodina Plachá\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\KM Player.exe
2012-11-03 04:12 . 2012-11-04 09:18 568832 ----a-w- c:\users\rodina Plachá\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\KM Player.exe
2012-10-09 13:32 . 2012-04-12 08:25 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-09 13:32 . 2011-05-22 09:18 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-25 18:44 . 2011-03-13 13:32 81920 ----a-w- c:\windows\system32\OpenAL32.dll
2012-09-07 15:04 . 2011-02-16 08:13 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-24 06:59 . 2012-09-22 22:38 1800704 ----a-w- c:\windows\system32\jscript9.dll
2012-08-24 06:51 . 2012-09-22 22:38 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-08-24 06:51 . 2012-09-22 22:38 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-08-24 06:47 . 2012-09-22 22:38 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-08-24 06:47 . 2012-09-22 22:38 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-08-24 06:43 . 2012-09-22 22:38 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-08-22 17:16 . 2012-09-12 10:41 1292144 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-08-22 17:16 . 2012-09-12 10:41 712048 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-08-22 17:16 . 2012-09-12 10:41 240496 ----a-w- c:\windows\system32\drivers\netio.sys
2012-08-22 17:16 . 2012-09-12 10:41 187760 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-08-21 20:12 . 2012-09-26 07:49 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
2012-08-21 11:01 . 2012-09-17 18:40 26840 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-08-21 11:01 . 2012-03-18 08:54 106928 ----a-w- c:\windows\system32\GEARAspi.dll
2012-08-12 18:00 . 2011-02-11 14:04 17488 ----a-w- c:\windows\etdrv.sys
2012-10-27 13:38 . 2012-10-27 13:38 261600 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Nexus"="c:\program files\Winstep\Nexus.exe" [2011-07-05 13283456]
"Clock Widget (HTC Home)"="d:\htc hodiny 3.0\Clock.exe" [2011-05-25 1981952]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2012-01-19 3477312]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-10-11 14940040]
"KMPlayer"="c:\users\rodina Plachá\AppData\Roaming\nivida\KMPlayer.exe" [2012-11-03 568832]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-09-30 98304]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2012-03-07 3117344]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"EasyTuneVI"="c:\program files\GIGABYTE\ET6\ETCall.exe" [2007-07-26 20480]
.
c:\users\rodina Plachá\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
KM Player.exe [2012-11-3 568832]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKLM\~\startupfolder\C:^Users^rodina Plachá^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^PNotes.lnk]
path=c:\users\rodina Plachá\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PNotes.lnk
backup=c:\windows\pss\PNotes.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2012-08-27 19:32 59280 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-09-09 21:30 421776 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
R3 ALSysIO;ALSysIO;c:\users\RODINA~1\AppData\Local\Temp\ALSysIO.sys [x]
R3 AVerPola;AVerMedia USB Polaris Series Capture Service;c:\windows\system32\DRIVERS\AVerPola.sys [x]
R3 etdrv;etdrv;c:\windows\etdrv.sys [x]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [x]
R3 HTCAND32;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [x]
R3 LVHybrid;LVHybrid service;c:\windows\system32\DRIVERS\LVHybrid.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 Sony PC Companion;Sony PC Companion;c:\program files\Sony\Sony PC Companion\PCCService.exe [x]
R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [x]
S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys [x]
S2 {73526619-C24F-470B-9BED-53D455FBB5C6};Power Control [2012/10/26 14:32];c:\program files\CyberLink\PowerDVD12\Common\NavFilter\000.fcl [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 CLHNServiceForPowerDVD12;CLHNServiceForPowerDVD12;c:\program files\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe [x]
S2 CyberLink PowerDVD 12 Media Server Monitor Service;CyberLink PowerDVD 12 Media Server Monitor Service;c:\program files\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe [x]
S2 CyberLink PowerDVD 12 Media Server Service;CyberLink PowerDVD 12 Media Server Service;c:\program files\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [x]
S2 ntk_PowerDVD12;ntk_PowerDVD12;c:\program files\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\ntk_PowerDVD12.sys [x]
S2 Winstep Xtreme Service;Winstep Xtreme Service;c:\program files\Winstep\WsxService [x]
S3 AODDriver;AODDriver;c:\program files\GIGABYTE\ET6\i386\AODDriver.sys [x]
S3 GVTDrv;GVTDrv;c:\windows\system32\Drivers\GVTDrv.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - AODDRIVER
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Obsah adresáře 'Naplánované úlohy'
.
2012-11-04 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-12 13:32]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uInternet Settings,ProxyOverride = *.local
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 62.240.178.250 192.168.0.1
FF - ProfilePath - c:\users\rodina Plachá\AppData\Roaming\Mozilla\Firefox\Profiles\x9tqjkm2.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
HKLM-Run-KMPlayer - c:\windows\system32\nivida\KMPlayer.exe
AddRemove-OpenAL - c:\program files\OpenAL\OpenAL 2.0.7.0
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Winstep Xtreme Service]
"ImagePath"="c:\program files\Winstep\WsxService"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{73526619-C24F-470B-9BED-53D455FBB5C6}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD12\Common\NavFilter\000.fcl"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-1286337246-397317185-390026832-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{21BB7A1C-8533-92DB-3761-4772D00C2C79}*]
"jaiohbaimlpcamdbgnaj"=hex:62,61,6f,68,00,00
"iaipelbodgkhldcimm"=hex:6b,61,64,69,6f,6e,70,6b,67,63,6f,6d,69,6e,6a,6f,68,68,
6b,6a,62,63,00,03
"hamnlbhcoonlgahe"=hex:6b,61,66,70,6d,6a,66,65,6d,63,62,70,67,62,6e,62,6e,6e,
66,69,67,6b,00,04
"jannkchcplbgjjfobfdi"=hex:6f,61,70,6e,68,6e,6d,6f,6e,6e,68,70,6b,68,63,6b,69,
68,66,70,6b,69,6e,6e,68,6a,6b,66,6b,64,00,00
"jaiohbaimlpcamdbgnmi"=hex:62,61,6d,68,00,00
"hagpkkjnmhcjaafl"=hex:6b,61,64,69,6f,6e,70,6b,6d,62,6a,6c,65,6f,6a,6f,66,61,
63,69,64,6f,00,03
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\atieclxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\InterVideo\DeviceService\DevSvc.exe
c:\windows\system32\taskhost.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\CyberLink\Shared files\RichVideo.exe
c:\program files\Winstep\WsxService.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\conhost.exe
c:\program files\GIGABYTE\ET6\GUI.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\users\rodina Plachá\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\KM Player.exe
c:\windows\system32\sppsvc.exe
.
**************************************************************************
.
Celkový čas: 2012-11-04 23:19:29 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-11-04 22:19
.
Před spuštěním: Volných bajtů: 216 645 943 296
Po spuštění: Volných bajtů: 216 547 041 280
.
- - End Of File - - 804779B56F239BFDED77A44586F14C6C

#11 Příspěvek od **vyosek** » 04 lis 2012 23:25

Nasledujici soubory otestujte na VirusTotalu https://www.virustotal.com/cs/

c:\users\rodina Plachá\AppData\Roaming\nivida\KMPlayer.exe
c:\users\rodina Plachá\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\KM Player.exe
Kliknete na Choose file
Soubor nehledejte, jen vlozte cestu souboru, ktery chci otestovat
Kliknete na Scan It
Pokud na Vas vyskoci obrazovka jako je nize, tak kliknete na ReAnalyse
Vysledek analyzy sem vlozte (jako odkaz)

kodl74 · #12 Příspěvek od **kodl74** » 04 lis 2012 23:43

https://www.virustotal.com/file/a9de812 ... 352068618/

c:\users\rodina Plachá\AppData\Roaming\nivida\KMPlayer.exe / složku nvidia tam nemám

#13 Příspěvek od **vyosek** » 04 lis 2012 23:44

Stahnete SytemLook http://jpshortstuff.247fixes.com/SystemLook.exe a ulozte jej na plochu

Do okna vlozte skript nize
Kód: Vybrat vše
```
:filefind
KMPlayer.exe
```
Kliknete na Look
Tlacitko Look se zmeni na Scanning a zsedne
Pockejte pokud se tlacitko Scanning opet nezmeni na Look - tak poznate ze SystemLook dokoncil svou praci
Vyskoci na Vas log s nazvem SystemLook (pripadne bude ulozen na plose), jeho obsah mi sem vlozte

kodl74 · #14 Příspěvek od **kodl74** » 04 lis 2012 23:50

SystemLook 30.07.11 by jpshortstuff
Log created at 23:49 on 04/11/2012 by rodina Plachá
Administrator - Elevation successful

========== filefind ==========

Searching for "KMPlayer.exe"
C:\Users\rodina Plachá\AppData\Roaming\nivida\KMPlayer.exe -rahs-- 568832 bytes [22:16 04/11/2012] [04:12 03/11/2012] 639D0A29F5239209394D9089042BFBFF

-= EOF =-

#15 Příspěvek od **vyosek** » 04 lis 2012 23:55

Stahnete OTL http://oldtimer.geekstogo.com/OTL.exe a ulozte jej na plochu

Pokud pouzivate Win Vista ci W7, kliknete na OTL pravym a dejte Run As Administrator ci Spustit jako spravce
Pokud pouzivate 64bitovy OS, zkontrolujte, zda-li je zaskrtnuty ctverecek u Pro 64 bitové OS, pokud ne, zaskrtnete jej
Zaskrtnete okenko Pro vsechny uzivatele
Zaskrtnete okenko Kontrola na havet "LOP"
Zaskrtnete okenko Kontrola na havet "Purity"
Stari souboru zmente z 30 dnu na 7 dnu
Do spodniho okenka Vlastni skenovani/opravy vlozte skript nize

Kód: Vybrat vše

CREATERESTOREPOINT

netsvcs
drivers32
savembr:0

/md5start
KM Player.exe
atapi.sys
autochk.exe
cdrom.sys
explorer.exe
hal.dll
scecli.dll
services.exe
svchost.exe
tcpip.sys
userinit.exe
winlogon.exe
/md5stop

c:\windows\system32\nivida\*.*
%systemroot%*.* /U /s
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\system32\drivers\*.sys /3
%systemroot%\system32\*.* /3
%SYSTEMDRIVE%\*.exe

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s

%PROGRAMFILES%\Mozilla Firefox\firefox.exe /md5
%PROGRAMFILES%\Internet Explorer\iexplore.exe /md5
%PROGRAMFILES%\Opera\opera.exe /md5
%PROGRAMFILES%\Google\Chrome\Application\chrome.exe /md5

%SystemDrive%\PhysicalMBR.bin /md5 

*crack* /s
*keygen* /s
*loader* /s

Kliknete na tlacitko Prohledat
Po dokonceni skenu (cca 10 az 15 min) se objevi logy OTL.txt a Extras.txt, oba sem vlozte
Pokud budou logy dlouhe (forum bude kricet o prekroceni maximalniho poctu znaku), tak je rozdelte do vice prispevku

VIRY.CZ

Win32/Remtasu Troják

Win32/Remtasu Troják

Re: Win32/Remtasu Troják

Re: Win32/Remtasu Troják

Re: Win32/Remtasu Troják

Re: Win32/Remtasu Troják

Re: Win32/Remtasu Troják

Re: Win32/Remtasu Troják

Re: Win32/Remtasu Troják

Re: Win32/Remtasu Troják

Re: Win32/Remtasu Troják

Re: Win32/Remtasu Troják

Re: Win32/Remtasu Troják

Re: Win32/Remtasu Troják

Re: Win32/Remtasu Troják

Re: Win32/Remtasu Troják