nejde spustit centrum zabezpeceni, antivir atd. prosím pomoz

Zpráva

leos · #1 Příspěvek od **leos** » 04 kvě 2011 14:18

Zdravím vás,
asi jsem se nakazil, mám vyplé Centrum zabezpečení, nejde spustit, nejede antivir - MS Essentials, některé weby jsou blokovány. Posílám logy z CF a HJT. Děkuju za pomoc.

ComboFix 11-05-03.04 - leos 04.05.2011 15:01:57.1.2 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1250.420.1029.18.4095.2634 [GMT 2:00]
Spuštěný z: c:\users\leos\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-04-04 do 2011-05-04 )))))))))))))))))))))))))))))))
.
.
2011-05-04 13:07 . 2011-05-04 13:07 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-05-04 12:32 . 2011-05-04 12:32 -------- d-----w- c:\program files (x86)\Ultimate Process Manager
2011-05-04 12:23 . 2011-05-04 12:23 -------- d-----w- c:\program files\CCleaner
2011-05-04 09:47 . 2011-05-04 12:26 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-05-04 09:47 . 2011-05-04 09:47 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2011-05-04 09:15 . 2011-05-04 09:15 302592 ----a-w- c:\windows\SysWow64\cmd.execf
2011-05-04 09:14 . 2011-05-04 09:14 -------- d-----w- C:\!KillBox
2011-05-04 07:35 . 2011-05-04 07:35 -------- d-----w- c:\users\leos\AppData\Local\{91B0354A-175D-495A-B911-88F940598E62}
2011-05-03 19:34 . 2011-05-03 19:34 -------- d-----w- c:\users\leos\AppData\Local\{A6079B27-9836-4EE1-A6B6-93C94FE32319}
2011-05-03 19:02 . 2011-05-03 19:02 70656 --sha-r- c:\windows\SysWow64\dbnetlibn.dll
2011-05-03 19:01 . 2011-05-03 19:01 138752 ----a-w- c:\windows\Ujatua.exe
2011-05-03 18:24 . 2011-05-03 18:24 -------- d-----w- c:\users\leos\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
2011-05-03 18:24 . 2011-05-03 18:24 -------- d-----w- c:\program files (x86)\Adobe Download Assistant
2011-05-03 07:34 . 2011-05-03 07:34 -------- d-----w- c:\users\leos\AppData\Local\{F186731D-0639-4ED5-8B48-EFEED8E7067F}
2011-05-03 07:23 . 2011-04-11 08:21 8802128 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6CC9D6E9-3471-4758-AD28-B14FE6322E1A}\mpengine.dll
2011-05-02 18:38 . 2011-05-02 18:38 -------- d-----w- c:\users\leos\AppData\Local\{B2948F2F-52E2-45C5-BC76-5E4E1091451F}
2011-05-02 06:37 . 2011-05-02 06:37 -------- d-----w- c:\users\leos\AppData\Local\{28FE4A28-09B2-4B4B-BB66-5C86BE5AFAC4}
2011-05-01 05:58 . 2011-05-01 17:59 -------- d-----w- c:\users\leos\AppData\Local\{808736A6-54E8-47E2-8EBA-E04C57F5F41E}
2011-04-29 07:15 . 2011-04-29 07:15 -------- d-----w- c:\users\leos\AppData\Local\{BB825A1D-27AC-4216-87AF-D6C588942EB3}
2011-04-28 13:45 . 2011-02-25 06:19 2871808 ----a-w- c:\windows\explorer.exe
2011-04-28 13:45 . 2011-02-25 05:30 2616320 ----a-w- c:\windows\SysWow64\explorer.exe
2011-04-28 13:45 . 2011-03-12 12:08 1465344 ----a-w- c:\windows\system32\XpsPrint.dll
2011-04-28 13:45 . 2011-03-12 11:23 870912 ----a-w- c:\windows\SysWow64\XpsPrint.dll
2011-04-28 13:30 . 2011-04-28 13:31 -------- d-----w- c:\users\leos\AppData\Local\{FC665189-E32E-4847-A5F3-5593B273B19F}
2011-04-27 07:33 . 2011-04-27 07:34 -------- d-----w- c:\users\leos\AppData\Local\{BA36AFDB-3C83-4113-876B-80164D7C5024}
2011-04-26 19:33 . 2011-04-26 19:33 -------- d-----w- c:\users\leos\AppData\Local\{9E3211B2-015F-46A2-B190-5C17EDB75E0D}
2011-04-26 06:40 . 2011-04-26 06:40 -------- d-----w- c:\users\leos\AppData\Local\{300A511A-1E73-4ACE-83C3-E9452C8F107E}
2011-04-25 09:31 . 2011-04-25 09:32 -------- d-----w- c:\users\leos\AppData\Local\{0D777D4C-5486-44B0-A34B-F93E3E7AA423}
2011-04-24 04:32 . 2011-04-24 04:33 -------- d-----w- c:\users\leos\AppData\Local\{374099E8-1792-4E80-8106-F801975F564A}
2011-04-23 18:55 . 2011-01-17 11:09 197120 ----a-w- c:\windows\system32\d3d10_1.dll
2011-04-23 18:55 . 2011-01-17 05:47 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll
2011-04-23 13:56 . 2011-04-23 13:56 -------- d-----w- c:\users\leos\AppData\Local\{F3C022CA-FC63-4A9F-9706-338EA3247DC4}
2011-04-22 08:48 . 2011-04-22 20:51 -------- d-----w- c:\users\leos\AppData\Local\{9F38E500-2373-43AE-98C9-625274BE2E3A}
2011-04-21 16:01 . 2011-04-21 16:01 -------- d-----w- c:\users\leos\AppData\Local\{81C964FC-9DDA-4D39-9642-B669C798E3BB}
2011-04-20 14:47 . 2011-04-20 14:47 -------- d-----w- c:\program files (x86)\WinPcap
2011-04-20 14:47 . 2011-04-28 13:38 -------- d-----w- c:\program files (x86)\Cain
2011-04-20 07:10 . 2011-04-20 07:10 -------- d-----w- c:\users\leos\AppData\Local\{FC45E52F-AD75-42D7-8D2C-0D86E5BA7C43}
2011-04-19 07:08 . 2011-04-19 19:10 -------- d-----w- c:\users\leos\AppData\Local\{DE1DAE1E-5876-47E4-A92B-8AEEB4DF764F}
2011-04-18 09:36 . 2011-04-18 09:36 -------- d-----w- c:\users\leos\AppData\Local\{F90CCA55-720F-40AB-B88D-67C4DB1E1345}
2011-04-16 08:14 . 2011-04-16 20:15 -------- d-----w- c:\users\leos\AppData\Local\{5AC6FC81-D559-4AC9-9ECC-E240469AB476}
2011-04-15 11:29 . 2011-04-15 11:29 135568 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2011-04-15 10:31 . 2011-02-12 11:34 267776 ----a-w- c:\windows\system32\FXSCOVER.exe
2011-04-15 10:31 . 2011-02-23 04:56 158208 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-15 10:31 . 2011-02-23 04:55 287744 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-04-15 10:31 . 2011-02-23 04:55 128000 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-04-15 10:31 . 2011-02-23 04:55 90624 ----a-w- c:\windows\system32\drivers\bowser.sys
2011-04-15 07:27 . 2011-04-15 07:27 -------- d-----w- c:\users\leos\AppData\Local\{11E58601-BB3C-454C-9751-CC814114BE5A}
2011-04-14 19:27 . 2011-04-14 19:27 -------- d-----w- c:\users\leos\AppData\Local\{100FE17F-84CC-46CA-8CB5-7480D78C3820}
2011-04-14 06:36 . 2011-04-14 06:36 -------- d-----w- c:\users\leos\AppData\Local\{D378CE3E-802C-494C-BF2C-297FDCBA613F}
2011-04-14 04:37 . 2011-04-14 04:37 -------- d-----w- c:\users\leos\AppData\Local\{FCDC1EF3-88D0-416B-8401-515A44F30A1F}
2011-04-13 10:06 . 2011-04-13 10:06 -------- d-----w- c:\users\leos\AppData\Local\{A4F6296C-253F-4C85-A846-B78B63FB814B}
2011-04-12 06:59 . 2011-04-12 06:59 -------- d-----w- c:\users\leos\AppData\Local\{CAA5D69C-53B0-45D7-AF0C-A97199EFB1A9}
2011-04-11 18:58 . 2011-04-11 18:58 -------- d-----w- c:\users\leos\AppData\Local\{89420228-C886-499E-8D6A-B7BBE136779F}
2011-04-11 06:58 . 2011-04-11 06:58 -------- d-----w- c:\users\leos\AppData\Local\{CD99D0B5-869D-4AAC-951A-B789BDDF3E50}
2011-04-09 17:16 . 2011-04-09 17:16 -------- d-----w- c:\users\leos\AppData\Local\{4D4FE7D2-FECA-4055-A495-1B35BE5DCA8A}
2011-04-08 08:11 . 2011-04-08 08:11 -------- d-----w- c:\users\leos\AppData\Local\{874B1DBD-5E91-443E-AC25-990F8DB77DD7}
2011-04-07 18:40 . 2011-04-07 18:40 -------- d-----w- c:\users\leos\AppData\Local\{772343AF-13E2-4764-A548-6D9214A18E41}
2011-04-07 06:39 . 2011-04-07 06:39 -------- d-----w- c:\users\leos\AppData\Local\{8F59E3DA-4C0D-4698-87DA-0072AE0F4AFE}
2011-04-06 06:46 . 2011-04-06 06:46 -------- d-----w- c:\users\leos\AppData\Local\{AD2BB2FB-5318-4FC7-BAAE-2F24AE7C51D6}
2011-04-05 08:59 . 2010-12-22 09:01 601424 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{DEABAC62-07A1-4A80-B4B3-9563D1ECECAD}\gapaengine.dll
2011-04-05 08:51 . 2011-04-05 08:51 -------- d-----w- c:\users\leos\AppData\Local\{E28401DA-8FF3-4EA3-AF84-FA60292AC96C}
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-11 08:21 . 2010-08-13 14:31 8802128 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-03-15 09:48 . 2011-03-15 09:48 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-03-15 09:48 . 2011-03-15 09:48 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-03-15 09:48 . 2011-03-15 09:48 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2011-03-15 09:48 . 2011-03-15 09:48 85504 ----a-w- c:\windows\system32\iesetup.dll
2011-03-15 09:48 . 2011-03-15 09:48 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2011-03-15 09:48 . 2011-03-15 09:48 76800 ----a-w- c:\windows\system32\tdc.ocx
2011-03-15 09:48 . 2011-03-15 09:48 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2011-03-15 09:48 . 2011-03-15 09:48 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2011-03-15 09:48 . 2011-03-15 09:48 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2011-03-15 09:48 . 2011-03-15 09:48 603648 ----a-w- c:\windows\system32\vbscript.dll
2011-03-15 09:48 . 2011-03-15 09:48 49664 ----a-w- c:\windows\system32\imgutil.dll
2011-03-15 09:48 . 2011-03-15 09:48 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2011-03-15 09:48 . 2011-03-15 09:48 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-03-15 09:48 . 2011-03-15 09:48 448512 ----a-w- c:\windows\system32\html.iec
2011-03-15 09:48 . 2011-03-15 09:48 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2011-03-15 09:48 . 2011-03-15 09:48 367104 ----a-w- c:\windows\SysWow64\html.iec
2011-03-15 09:48 . 2011-03-15 09:48 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2011-03-15 09:48 . 2011-03-15 09:48 30720 ----a-w- c:\windows\system32\licmgr10.dll
2011-03-15 09:48 . 2011-03-15 09:48 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-03-15 09:48 . 2011-03-15 09:48 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-03-15 09:48 . 2011-03-15 09:48 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2011-03-15 09:48 . 2011-03-15 09:48 2303488 ----a-w- c:\windows\system32\jscript9.dll
2011-03-15 09:48 . 2011-03-15 09:48 222208 ----a-w- c:\windows\system32\msls31.dll
2011-03-15 09:48 . 2011-03-15 09:48 1797632 ----a-w- c:\windows\SysWow64\jscript9.dll
2011-03-15 09:48 . 2011-03-15 09:48 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2011-03-15 09:48 . 2011-03-15 09:48 165888 ----a-w- c:\windows\system32\iexpress.exe
2011-03-15 09:48 . 2011-03-15 09:48 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2011-03-15 09:48 . 2011-03-15 09:48 160256 ----a-w- c:\windows\system32\wextract.exe
2011-03-15 09:48 . 2011-03-15 09:48 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2011-03-15 09:48 . 2011-03-15 09:48 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2011-03-15 09:48 . 2011-03-15 09:48 1492992 ----a-w- c:\windows\system32\inetcpl.cpl
2011-03-15 09:48 . 2011-03-15 09:48 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2011-03-15 09:48 . 2011-03-15 09:48 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2011-03-15 09:48 . 2011-03-15 09:48 1389056 ----a-w- c:\windows\system32\wininet.dll
2011-03-15 09:48 . 2011-03-15 09:48 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-03-15 09:48 . 2011-03-15 09:48 12288 ----a-w- c:\windows\system32\mshta.exe
2011-03-15 09:48 . 2011-03-15 09:48 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2011-03-15 09:48 . 2011-03-15 09:48 114176 ----a-w- c:\windows\system32\admparse.dll
2011-03-15 09:48 . 2011-03-15 09:48 1126912 ----a-w- c:\windows\SysWow64\wininet.dll
2011-03-15 09:48 . 2011-03-15 09:48 111616 ----a-w- c:\windows\system32\iesysprep.dll
2011-03-15 09:48 . 2011-03-15 09:48 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2011-03-15 09:48 . 2011-03-15 09:48 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2011-03-10 21:56 . 2010-10-08 18:59 57344 ----a-r- c:\users\leos\AppData\Roaming\Microsoft\Installer\{87441A59-5E64-4096-A170-14EFE67200C3}\ARPPRODUCTICON.exe
2011-03-09 07:07 . 2010-06-24 09:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-03-04 06:19 . 2011-04-28 13:44 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2011-03-04 06:19 . 2011-04-28 13:44 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2011-02-26 19:35 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2011-02-26 19:35 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2011-02-19 12:05 . 2011-03-09 07:13 1139200 ----a-w- c:\windows\system32\FntCache.dll
2011-02-19 12:04 . 2011-03-09 07:13 1544192 ----a-w- c:\windows\system32\DWrite.dll
2011-02-19 12:04 . 2011-03-09 07:13 902656 ----a-w- c:\windows\system32\d2d1.dll
2011-02-19 06:30 . 2011-03-09 07:13 1076736 ----a-w- c:\windows\SysWow64\DWrite.dll
2011-02-19 06:30 . 2011-03-09 07:13 739840 ----a-w- c:\windows\SysWow64\d2d1.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM Startup"="c:\program files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-08-11 249856]
"Adobe Acrobat Synchronizer"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\AdobeCollabSync.exe" [2011-01-30 1219488]
"WLSync"="c:\program files (x86)\Windows Live\Mesh\WLSync.exe" [2010-09-22 1448800]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HControlUser"="c:\program files (x86)\ASUS\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Media\DMedia.exe" [2009-08-19 170624]
"ATKOSD2"="c:\program files (x86)\ASUS\ATKOSD2\ATKOSD2.exe" [2009-08-17 6859392]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-07-06 98304]
"BTCentre"="c:\genius\ioCentre4D\gBTMouseTask.exe" [2008-05-13 483328]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-09-08 421888]
"ISUSScheduler"="c:\program files (x86)\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\Update\realsched.exe" [2010-11-25 274608]
"PWRISOVM.EXE"="c:\program files (x86)\PowerISO\PWRISOVM.EXE" [2010-04-12 180224]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2009-12-14 515560]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-01-08 392424]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-10-25 932288]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2011-01-30 36760]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2011-01-30 821144]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"Nikon Message Center 2"="c:\program files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe" [2010-05-25 619008]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-7-1 1079584]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Služba Google Update (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-19 136176]
R3 gupdatem;Služba Google Update (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-19 136176]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series – ovladač adaptéru pro 64bitový systém Windows Vista;c:\windows\system32\DRIVERS\netw5v64.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 282616]
R3 RDPDISPM;RDPDISPM;c:\windows\system32\DRIVERS\rdpdispm.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2009-12-14 515560]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 ASMMAP64;ASMMAP64;c:\program files\ATKGFNEX\ASMMAP64.sys [2007-07-24 14904]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 ATSwpWDF;AuthenTec TruePrint USB WBF WDF Driver;c:\windows\system32\Drivers\ATSwpWDF.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
S3 itecir;ITECIR Infrared Receiver;c:\windows\system32\DRIVERS\itecir.sys [x]
S3 NETw5s64;Ovladač adaptéru Intel(R) Wireless WiFi Link pro systém Windows 7 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
Obsah adresáře 'Naplánované úlohy'
.
2011-05-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-19 06:13]
.
2011-05-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-19 06:13]
.
2011-05-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2479704082-1258413198-3447999778-1001Core.job
- c:\users\leos\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-12 17:04]
.
2011-05-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2479704082-1258413198-3447999778-1001UA.job
- c:\users\leos\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-12 17:04]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-08-12 8114720]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-09-16 497648]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 1436224]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyServer = proxy.ihzsmsk.cz:3128
uInternet Settings,ProxyOverride = <local>
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: Odeslat obrázek do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odeslat stránku do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
FF - ProfilePath - c:\users\leos\AppData\Roaming\Mozilla\Firefox\Profiles\ftkg3inl.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig?t=0
.
.
------- Asociace souborů -------
.
txtfile="c:\program files (x86)\PSPad editor\PSPad.exe" "%1"
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
HKLM-Run-SynTPEnh - %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-(Výchozí) - (no file)
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2011-05-04 15:10:23
ComboFix-quarantined-files.txt 2011-05-04 13:10
.
Před spuštěním: Volných bajtů: 75 804 856 320
Po spuštění: Volných bajtů: 75 173 130 240
.
- - End Of File - - 82E5AB5D4D8369A42219BD760DEFAFEA

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 14:55:40, on 4.5.2011
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
C:\Genius\ioCentre4D\gBTMouseTask.exe
C:\Genius\ioCentre4D\gBTAutoScroll.exe
C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Users\leos\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.ihzsmsk.cz:3128
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Pomocná služba pro přihlášení ke službě Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
O4 - HKLM\..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [BTCentre] C:\Genius\ioCentre4D\gBTMouseTask.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Nikon Message Center 2] C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe -s
O4 - HKCU\..\Run: [Google Update] "C:\Users\leos\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [ISUSPM Startup] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKCU\..\Run: [Adobe Acrobat Synchronizer] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\AdobeCollabSync.exe"
O4 - HKCU\..\Run: [WLSync] "C:\Program Files (x86)\Windows Live\Mesh\WLSync.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Odeslat obrázek do zařízení &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Odeslat stránku do zařízení &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Odeslat do zařízení Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Odeslat do zařízení &Bluetooth... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: ASLDR Service (ASLDRService) - ASUS - C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files (x86)\WinPcap\rpcapd.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 13259 bytes

#2 Příspěvek od **motji** » 04 kvě 2011 14:31

Zdravím,

Pozor, soubor je skrytý, takže cestu k němu nakopírujte do spodního okénka na virustotalu

Otestujte na www.virustotal.com

c:\windows\SysWow64\dbnetlibn.dll

-Do okénka zkopírujte cestu k souboru , pokud napíše, že soubor byl už testován, dejte otestovat znovu.
-Sem vložte link s výsledky.

leos · #3 Příspěvek od **leos** » 04 kvě 2011 14:34

Píše mi to, že nemám oprávnění!!!! Jak to obejdu?

#4 Příspěvek od **motji** » 04 kvě 2011 14:39

Nijak

je to šmejd a brání se

Pokud nemáte, přesuňte Combofix na plochu
-otevřete si Poznámkový blok
-Do něj zkopírujte text z tohoto okénka

Kód: Vybrat vše

KillAll::

Collect::
c:\windows\SysWow64\dbnetlibn.dll
c:\windows\Ujatua.exe

Dirlook::
c:\users\leos\AppData\Local\{91B0354A-175D-495A-B911-88F940598E62}
 c:\users\leos\AppData\Local\{A6079B27-9836-4EE1-A6B6-93C94FE32319}

-uložte Vámi vytvořený TXT soubor jako CFScript.txt na plochu
-po uložení uchopte vámi vytvořený skript levým myšítkem a -přesuňte ho nad ikonu Combofixu, kde ho upustíte:

Obrázek

-po aplikaci na Vás vypadne další log,vložte ho sem

Upozornění : může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou, v tom případě znovu restartujte a přitom mačkejte F8, pak zvolte Poslední známou funkční konfiguraci

leos · #5 Příspěvek od **leos** » 04 kvě 2011 15:02

posílám další log:

ComboFix 11-05-03.04 - leos 04.05.2011 15:46:09.2.2 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1250.420.1029.18.4095.2753 [GMT 2:00]
Spuštěný z: c:\users\leos\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\leos\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\SysWow64\dbnetlibn.dll
c:\windows\Ujatua.exe
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-04-04 do 2011-05-04 )))))))))))))))))))))))))))))))
.
.
2011-05-04 12:32 . 2011-05-04 12:32 -------- d-----w- c:\program files (x86)\Ultimate Process Manager
2011-05-04 12:23 . 2011-05-04 12:23 -------- d-----w- c:\program files\CCleaner
2011-05-04 09:47 . 2011-05-04 12:26 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-05-04 09:47 . 2011-05-04 09:47 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2011-05-04 09:15 . 2011-05-04 09:15 302592 ----a-w- c:\windows\SysWow64\cmd.execf
2011-05-04 09:14 . 2011-05-04 09:14 -------- d-----w- C:\!KillBox
2011-05-04 07:35 . 2011-05-04 07:35 -------- d-----w- c:\users\leos\AppData\Local\{91B0354A-175D-495A-B911-88F940598E62}
2011-05-03 19:34 . 2011-05-03 19:34 -------- d-----w- c:\users\leos\AppData\Local\{A6079B27-9836-4EE1-A6B6-93C94FE32319}
2011-05-03 18:24 . 2011-05-03 18:24 -------- d-----w- c:\users\leos\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
2011-05-03 18:24 . 2011-05-03 18:24 -------- d-----w- c:\program files (x86)\Adobe Download Assistant
2011-05-03 07:34 . 2011-05-03 07:34 -------- d-----w- c:\users\leos\AppData\Local\{F186731D-0639-4ED5-8B48-EFEED8E7067F}
2011-05-03 07:23 . 2011-04-11 08:21 8802128 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6CC9D6E9-3471-4758-AD28-B14FE6322E1A}\mpengine.dll
2011-05-02 18:38 . 2011-05-02 18:38 -------- d-----w- c:\users\leos\AppData\Local\{B2948F2F-52E2-45C5-BC76-5E4E1091451F}
2011-05-02 06:37 . 2011-05-02 06:37 -------- d-----w- c:\users\leos\AppData\Local\{28FE4A28-09B2-4B4B-BB66-5C86BE5AFAC4}
2011-05-01 05:58 . 2011-05-01 17:59 -------- d-----w- c:\users\leos\AppData\Local\{808736A6-54E8-47E2-8EBA-E04C57F5F41E}
2011-04-29 07:15 . 2011-04-29 07:15 -------- d-----w- c:\users\leos\AppData\Local\{BB825A1D-27AC-4216-87AF-D6C588942EB3}
2011-04-28 13:45 . 2011-02-25 06:19 2871808 ----a-w- c:\windows\explorer.exe
2011-04-28 13:45 . 2011-02-25 05:30 2616320 ----a-w- c:\windows\SysWow64\explorer.exe
2011-04-28 13:45 . 2011-03-12 12:08 1465344 ----a-w- c:\windows\system32\XpsPrint.dll
2011-04-28 13:45 . 2011-03-12 11:23 870912 ----a-w- c:\windows\SysWow64\XpsPrint.dll
2011-04-28 13:30 . 2011-04-28 13:31 -------- d-----w- c:\users\leos\AppData\Local\{FC665189-E32E-4847-A5F3-5593B273B19F}
2011-04-27 07:33 . 2011-04-27 07:34 -------- d-----w- c:\users\leos\AppData\Local\{BA36AFDB-3C83-4113-876B-80164D7C5024}
2011-04-26 19:33 . 2011-04-26 19:33 -------- d-----w- c:\users\leos\AppData\Local\{9E3211B2-015F-46A2-B190-5C17EDB75E0D}
2011-04-26 06:40 . 2011-04-26 06:40 -------- d-----w- c:\users\leos\AppData\Local\{300A511A-1E73-4ACE-83C3-E9452C8F107E}
2011-04-25 09:31 . 2011-04-25 09:32 -------- d-----w- c:\users\leos\AppData\Local\{0D777D4C-5486-44B0-A34B-F93E3E7AA423}
2011-04-24 04:32 . 2011-04-24 04:33 -------- d-----w- c:\users\leos\AppData\Local\{374099E8-1792-4E80-8106-F801975F564A}
2011-04-23 18:55 . 2011-01-17 11:09 197120 ----a-w- c:\windows\system32\d3d10_1.dll
2011-04-23 18:55 . 2011-01-17 05:47 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll
2011-04-23 13:56 . 2011-04-23 13:56 -------- d-----w- c:\users\leos\AppData\Local\{F3C022CA-FC63-4A9F-9706-338EA3247DC4}
2011-04-22 08:48 . 2011-04-22 20:51 -------- d-----w- c:\users\leos\AppData\Local\{9F38E500-2373-43AE-98C9-625274BE2E3A}
2011-04-21 16:01 . 2011-04-21 16:01 -------- d-----w- c:\users\leos\AppData\Local\{81C964FC-9DDA-4D39-9642-B669C798E3BB}
2011-04-20 14:47 . 2011-04-20 14:47 -------- d-----w- c:\program files (x86)\WinPcap
2011-04-20 14:47 . 2011-04-28 13:38 -------- d-----w- c:\program files (x86)\Cain
2011-04-20 07:10 . 2011-04-20 07:10 -------- d-----w- c:\users\leos\AppData\Local\{FC45E52F-AD75-42D7-8D2C-0D86E5BA7C43}
2011-04-19 07:08 . 2011-04-19 19:10 -------- d-----w- c:\users\leos\AppData\Local\{DE1DAE1E-5876-47E4-A92B-8AEEB4DF764F}
2011-04-18 09:36 . 2011-04-18 09:36 -------- d-----w- c:\users\leos\AppData\Local\{F90CCA55-720F-40AB-B88D-67C4DB1E1345}
2011-04-16 08:14 . 2011-04-16 20:15 -------- d-----w- c:\users\leos\AppData\Local\{5AC6FC81-D559-4AC9-9ECC-E240469AB476}
2011-04-15 11:29 . 2011-04-15 11:29 135568 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2011-04-15 10:31 . 2011-02-12 11:34 267776 ----a-w- c:\windows\system32\FXSCOVER.exe
2011-04-15 10:31 . 2011-02-23 04:56 158208 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-15 10:31 . 2011-02-23 04:55 287744 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-04-15 10:31 . 2011-02-23 04:55 128000 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-04-15 10:31 . 2011-02-23 04:55 90624 ----a-w- c:\windows\system32\drivers\bowser.sys
2011-04-15 07:27 . 2011-04-15 07:27 -------- d-----w- c:\users\leos\AppData\Local\{11E58601-BB3C-454C-9751-CC814114BE5A}
2011-04-14 19:27 . 2011-04-14 19:27 -------- d-----w- c:\users\leos\AppData\Local\{100FE17F-84CC-46CA-8CB5-7480D78C3820}
2011-04-14 06:36 . 2011-04-14 06:36 -------- d-----w- c:\users\leos\AppData\Local\{D378CE3E-802C-494C-BF2C-297FDCBA613F}
2011-04-14 04:37 . 2011-04-14 04:37 -------- d-----w- c:\users\leos\AppData\Local\{FCDC1EF3-88D0-416B-8401-515A44F30A1F}
2011-04-13 10:06 . 2011-04-13 10:06 -------- d-----w- c:\users\leos\AppData\Local\{A4F6296C-253F-4C85-A846-B78B63FB814B}
2011-04-12 06:59 . 2011-04-12 06:59 -------- d-----w- c:\users\leos\AppData\Local\{CAA5D69C-53B0-45D7-AF0C-A97199EFB1A9}
2011-04-11 18:58 . 2011-04-11 18:58 -------- d-----w- c:\users\leos\AppData\Local\{89420228-C886-499E-8D6A-B7BBE136779F}
2011-04-11 06:58 . 2011-04-11 06:58 -------- d-----w- c:\users\leos\AppData\Local\{CD99D0B5-869D-4AAC-951A-B789BDDF3E50}
2011-04-09 17:16 . 2011-04-09 17:16 -------- d-----w- c:\users\leos\AppData\Local\{4D4FE7D2-FECA-4055-A495-1B35BE5DCA8A}
2011-04-08 08:11 . 2011-04-08 08:11 -------- d-----w- c:\users\leos\AppData\Local\{874B1DBD-5E91-443E-AC25-990F8DB77DD7}
2011-04-07 18:40 . 2011-04-07 18:40 -------- d-----w- c:\users\leos\AppData\Local\{772343AF-13E2-4764-A548-6D9214A18E41}
2011-04-07 06:39 . 2011-04-07 06:39 -------- d-----w- c:\users\leos\AppData\Local\{8F59E3DA-4C0D-4698-87DA-0072AE0F4AFE}
2011-04-06 06:46 . 2011-04-06 06:46 -------- d-----w- c:\users\leos\AppData\Local\{AD2BB2FB-5318-4FC7-BAAE-2F24AE7C51D6}
2011-04-05 08:59 . 2010-12-22 09:01 601424 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{DEABAC62-07A1-4A80-B4B3-9563D1ECECAD}\gapaengine.dll
2011-04-05 08:51 . 2011-04-05 08:51 -------- d-----w- c:\users\leos\AppData\Local\{E28401DA-8FF3-4EA3-AF84-FA60292AC96C}
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-11 08:21 . 2010-08-13 14:31 8802128 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-03-15 09:48 . 2011-03-15 09:48 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-03-15 09:48 . 2011-03-15 09:48 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-03-15 09:48 . 2011-03-15 09:48 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2011-03-15 09:48 . 2011-03-15 09:48 85504 ----a-w- c:\windows\system32\iesetup.dll
2011-03-15 09:48 . 2011-03-15 09:48 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2011-03-15 09:48 . 2011-03-15 09:48 76800 ----a-w- c:\windows\system32\tdc.ocx
2011-03-15 09:48 . 2011-03-15 09:48 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2011-03-15 09:48 . 2011-03-15 09:48 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2011-03-15 09:48 . 2011-03-15 09:48 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2011-03-15 09:48 . 2011-03-15 09:48 603648 ----a-w- c:\windows\system32\vbscript.dll
2011-03-15 09:48 . 2011-03-15 09:48 49664 ----a-w- c:\windows\system32\imgutil.dll
2011-03-15 09:48 . 2011-03-15 09:48 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2011-03-15 09:48 . 2011-03-15 09:48 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-03-15 09:48 . 2011-03-15 09:48 448512 ----a-w- c:\windows\system32\html.iec
2011-03-15 09:48 . 2011-03-15 09:48 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2011-03-15 09:48 . 2011-03-15 09:48 367104 ----a-w- c:\windows\SysWow64\html.iec
2011-03-15 09:48 . 2011-03-15 09:48 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2011-03-15 09:48 . 2011-03-15 09:48 30720 ----a-w- c:\windows\system32\licmgr10.dll
2011-03-15 09:48 . 2011-03-15 09:48 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-03-15 09:48 . 2011-03-15 09:48 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-03-15 09:48 . 2011-03-15 09:48 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2011-03-15 09:48 . 2011-03-15 09:48 2303488 ----a-w- c:\windows\system32\jscript9.dll
2011-03-15 09:48 . 2011-03-15 09:48 222208 ----a-w- c:\windows\system32\msls31.dll
2011-03-15 09:48 . 2011-03-15 09:48 1797632 ----a-w- c:\windows\SysWow64\jscript9.dll
2011-03-15 09:48 . 2011-03-15 09:48 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2011-03-15 09:48 . 2011-03-15 09:48 165888 ----a-w- c:\windows\system32\iexpress.exe
2011-03-15 09:48 . 2011-03-15 09:48 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2011-03-15 09:48 . 2011-03-15 09:48 160256 ----a-w- c:\windows\system32\wextract.exe
2011-03-15 09:48 . 2011-03-15 09:48 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2011-03-15 09:48 . 2011-03-15 09:48 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2011-03-15 09:48 . 2011-03-15 09:48 1492992 ----a-w- c:\windows\system32\inetcpl.cpl
2011-03-15 09:48 . 2011-03-15 09:48 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2011-03-15 09:48 . 2011-03-15 09:48 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2011-03-15 09:48 . 2011-03-15 09:48 1389056 ----a-w- c:\windows\system32\wininet.dll
2011-03-15 09:48 . 2011-03-15 09:48 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-03-15 09:48 . 2011-03-15 09:48 12288 ----a-w- c:\windows\system32\mshta.exe
2011-03-15 09:48 . 2011-03-15 09:48 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2011-03-15 09:48 . 2011-03-15 09:48 114176 ----a-w- c:\windows\system32\admparse.dll
2011-03-15 09:48 . 2011-03-15 09:48 1126912 ----a-w- c:\windows\SysWow64\wininet.dll
2011-03-15 09:48 . 2011-03-15 09:48 111616 ----a-w- c:\windows\system32\iesysprep.dll
2011-03-15 09:48 . 2011-03-15 09:48 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2011-03-15 09:48 . 2011-03-15 09:48 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2011-03-10 21:56 . 2010-10-08 18:59 57344 ----a-r- c:\users\leos\AppData\Roaming\Microsoft\Installer\{87441A59-5E64-4096-A170-14EFE67200C3}\ARPPRODUCTICON.exe
2011-03-09 07:07 . 2010-06-24 09:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-03-04 06:19 . 2011-04-28 13:44 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2011-03-04 06:19 . 2011-04-28 13:44 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2011-02-26 19:35 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2011-02-26 19:35 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2011-02-19 12:05 . 2011-03-09 07:13 1139200 ----a-w- c:\windows\system32\FntCache.dll
2011-02-19 12:04 . 2011-03-09 07:13 1544192 ----a-w- c:\windows\system32\DWrite.dll
2011-02-19 12:04 . 2011-03-09 07:13 902656 ----a-w- c:\windows\system32\d2d1.dll
2011-02-19 06:30 . 2011-03-09 07:13 1076736 ----a-w- c:\windows\SysWow64\DWrite.dll
2011-02-19 06:30 . 2011-03-09 07:13 739840 ----a-w- c:\windows\SysWow64\d2d1.dll
.
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\users\leos\AppData\Local\{91B0354A-175D-495A-B911-88F940598E62} ----
.
.
---- Directory of c:\users\leos\AppData\Local\{A6079B27-9836-4EE1-A6B6-93C94FE32319} ----
.
.
.
((((((((((((((((((((((((((((( SnapShot@2011-05-04_13.08.01 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-08-12 13:25 . 2011-05-04 13:53 46130 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
- 2009-07-14 05:10 . 2011-05-04 12:05 44974 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-05-04 13:53 44974 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-08-12 13:25 . 2011-05-04 13:53 16458 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2479704082-1258413198-3447999778-1001_UserData.bin
- 2011-05-04 12:03 . 2011-05-04 12:03 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-05-04 13:51 . 2011-05-04 13:51 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-05-04 12:03 . 2011-05-04 12:03 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-05-04 13:51 . 2011-05-04 13:51 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 05:01 . 2011-05-04 12:02 479784 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2011-05-04 13:50 479784 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-04-20 18:30 . 2011-05-04 13:50 998040 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2479704082-1258413198-3447999778-1001-12288.dat
- 2011-04-20 18:30 . 2011-05-04 12:02 998040 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2479704082-1258413198-3447999778-1001-12288.dat
+ 2010-10-19 12:16 . 2011-05-04 13:50 14414608 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2479704082-1258413198-3447999778-1001-8192.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM Startup"="c:\program files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-08-11 249856]
"Adobe Acrobat Synchronizer"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\AdobeCollabSync.exe" [2011-01-30 1219488]
"WLSync"="c:\program files (x86)\Windows Live\Mesh\WLSync.exe" [2010-09-22 1448800]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HControlUser"="c:\program files (x86)\ASUS\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Media\DMedia.exe" [2009-08-19 170624]
"ATKOSD2"="c:\program files (x86)\ASUS\ATKOSD2\ATKOSD2.exe" [2009-08-17 6859392]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-07-06 98304]
"BTCentre"="c:\genius\ioCentre4D\gBTMouseTask.exe" [2008-05-13 483328]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-09-08 421888]
"ISUSScheduler"="c:\program files (x86)\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\Update\realsched.exe" [2010-11-25 274608]
"PWRISOVM.EXE"="c:\program files (x86)\PowerISO\PWRISOVM.EXE" [2010-04-12 180224]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2009-12-14 515560]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-01-08 392424]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-10-25 932288]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2011-01-30 36760]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2011-01-30 821144]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"Nikon Message Center 2"="c:\program files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe" [2010-05-25 619008]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-7-1 1079584]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Služba Google Update (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-19 136176]
R3 gupdatem;Služba Google Update (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-19 136176]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series – ovladač adaptéru pro 64bitový systém Windows Vista;c:\windows\system32\DRIVERS\netw5v64.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 282616]
R3 RDPDISPM;RDPDISPM;c:\windows\system32\DRIVERS\rdpdispm.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2009-12-14 515560]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 ASMMAP64;ASMMAP64;c:\program files\ATKGFNEX\ASMMAP64.sys [2007-07-24 14904]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 ATSwpWDF;AuthenTec TruePrint USB WBF WDF Driver;c:\windows\system32\Drivers\ATSwpWDF.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
S3 itecir;ITECIR Infrared Receiver;c:\windows\system32\DRIVERS\itecir.sys [x]
S3 NETw5s64;Ovladač adaptéru Intel(R) Wireless WiFi Link pro systém Windows 7 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
Obsah adresáře 'Naplánované úlohy'
.
2011-05-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-19 06:13]
.
2011-05-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-19 06:13]
.
2011-05-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2479704082-1258413198-3447999778-1001Core.job
- c:\users\leos\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-12 17:04]
.
2011-05-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2479704082-1258413198-3447999778-1001UA.job
- c:\users\leos\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-12 17:04]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-08-12 8114720]
"SynTPEnh"="%ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe" [BU]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-09-16 497648]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 1436224]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyServer = proxy.ihzsmsk.cz:3128
uInternet Settings,ProxyOverride = <local>
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: Odeslat obrázek do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odeslat stránku do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
FF - ProfilePath - c:\users\leos\AppData\Roaming\Mozilla\Firefox\Profiles\ftkg3inl.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig?t=0
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe
c:\program files\ATKGFNEX\GFNEXSrv.exe
c:\program files (x86)\ASUS\ATK Hotkey\HControl.exe
c:\program files (x86)\ASUS\ATK Hotkey\ATKOSD.exe
c:\program files (x86)\ASUS\ATK Hotkey\KBFiltr.exe
c:\program files (x86)\ASUS\ATK Hotkey\WDC.exe
.
**************************************************************************
.
Celkový čas: 2011-05-04 15:58:25 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-05-04 13:58
ComboFix2.txt 2011-05-04 13:10
.
Před spuštěním: Volných bajtů: 75 010 539 520
Po spuštění: Volných bajtů: 74 682 814 464
.
- - End Of File - - 90A12CD2EF7B8EC7BC8DBF3B58136D83
Nahr nˇ probŘhlo ŁspŘçnŘ

#6 Příspěvek od **motji** » 04 kvě 2011 15:05

Jak to vypadá s počítačem?

leos · #7 Příspěvek od **leos** » 04 kvě 2011 15:12

po restartu na mne vybafl, že mam zmeny v registrech - nejdou spustit prohlizece internetu, pak jsem firefox spustil jako administrator, po druhem restartu na mne vybafl spybot, ze se provadi zmeny v registrech, zda je chci povolit ci ne, dal jsem NE.
Antivir nejde spustit stale. Prý není povolen...

#8 Příspěvek od **motji** » 04 kvě 2011 15:13

Spybota vyhodte, at nám nevrací zpět změny.

Stahněte MBAM z mého podpisu
-Nainstalujte,dejte úplný sken

NIC NEMAZAT

-MBAM má občas falešné detekce,proto budeme mazat až po kontrole logu.
-Log zkopírujte sem.

leos · #9 Příspěvek od **leos** » 04 kvě 2011 16:58

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Verze databáze: 6504

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

4.5.2011 17:56:18
mbam-log-2011-05-04 (17-56-12).txt

Typ kontroly: Úplný test (C:\|D:\|E:\|F:\|)
Testované objekty: 772356
Uplynulý čas: 1 hodin, 31 minut, 16 sekund

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče v registru: 2
Infikované hodnoty v registru: 0
Infikované datové položky v registru: 0
Infikované složky: 0
Infikované soubory: 11

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče v registru:
HKEY_CURRENT_USER\SOFTWARE\ICS5R7Y0OS (Trojan.FakeAlert.SA) -> No action taken.
HKEY_CURRENT_USER\Software\R8388QA8U8 (Malware.Trace) -> No action taken.

Infikované hodnoty v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované datové položky v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
c:\program files\Adobe\adobe photoshop lightroom 3.4\CORE10k.EXE (Dont.Steal.Our.Software) -> No action taken.
c:\Qoobox\quarantine\C\Windows\ujatua.exe.vir (Trojan.Downloader) -> No action taken.
c:\Users\leos\downloads\torrent-complete\adobe photoshop cs5 cz\Crack\adobe_ps_cs5_keygen.exe (Malware.Packer.Gen) -> No action taken.
c:\Users\leos\downloads\torrent-complete\adobe.acrobat.pro.x.v10.0.multilingual.incl.keymaker-core\CORE10k.EXE (Dont.Steal.Our.Software) -> No action taken.
c:\Users\leos\downloads\torrent-complete\adobe.acrobat.pro.x.v10.0.multilingual.incl.keymaker-core\keygen.exe (RiskWare.Tool.CK) -> No action taken.
c:\Users\leos\downloads\torrent-complete\adobe.photoshop.lightroom.v3.4.multilingual.2011\CORE10k.EXE (Dont.Steal.Our.Software) -> No action taken.
e:\adobe cs4\lifetimecs4mastercollectionlicenseworkaround\adobe-master-cs4pre-keygen.exe (Trojan.Dropper) -> No action taken.
e:\adobe cs5\adobe cs5 master collection\activator\adobe.cs5.all-products.activator.exe (RiskWare.Tool.CK) -> No action taken.
e:\adobe cs5\adobe cs5 master collection\adobe cs5 activator [2010] - www.gurufuel.com\adobe cs5 activator.exe (RiskWare.Tool.CK) -> No action taken.
e:\adobe cs5\adobe cs5 master collection\adobe.acrobat.pro.x.v10.0.multilingual.incl.keymaker-core\CORE10k.EXE (Dont.Steal.Our.Software) -> No action taken.
e:\adobe cs5\adobe cs5 master collection\adobe.acrobat.pro.x.v10.0.multilingual.incl.keymaker-core\keygen.exe (RiskWare.Tool.CK) -> No action taken.

#10 Příspěvek od **motji** » 04 kvě 2011 17:47

Vše smazat. PC plné cracků a pak se divíte

.
Pak nahlaste stav počítače.

leos · #11 Příspěvek od **leos** » 04 kvě 2011 18:01

fuj, to bylo špíny, já toho kluka zabiju....
díky za pomoc, myslím, že už to bude ok, jen jsem musel ručně pozapínat některé služby - kontrolu spywaru, atd

Myslite, že je to 100% cisté?

#12 Příspěvek od **motji** » 04 kvě 2011 19:44

Antivir a ostatní už jdou?

Odinstalujte combofix přes Start - Spustit
- zkopírujte do okénka:

ComboFix /Uninstall

-stiskněte Enter
-To odinstaluje ComboFix a smaže s ním související soubory a složky.

***********

Stáhněte T-Cleaner
http://tharifas.sweb.cz/T-Cleaner.exe

-Spusťte,pro potvrzení volby mačkejte klávesu A, Enter
-po použití prográmek vymažte.Pozor,antiviry ho mohou falešně označit za vir

***********

Z mého podpisu stahněte Ccleaner
- nainstalujte, při výběru, co se má nainstalovat, dejte pryč fajfku u instalace yahoo toolbaru

Obrázek

záložka čistič
- nechejte v levém sloupečku zatrhnuté vše jak je, klikněte na analyzovat
- po analýze klikněte na Spustit Ccleaner

Obrázek

záložka Registry
- klikněte na hledej problémy
- pak klikněte na opravit vybrané problémy -- udělat zálohu registrů - nemusíte
- kliknete opravit všechny problémy

ok

zavřít

Záložka Nástroje
- zde můžete odinstalovat programy. Je to důkladnější odinstalace než u přidat/odebrat programy ve Windows.

Ccleaner - čistič doporučuji používat, krásně pročistí pc od dočasných souborů.
Registry pročistí třeba po odinstalaci nějakého programu.

***********

Stahněte OTC a použijte
http://oldtimer.geekstogo.com/OTC.exe
-vyčistí tempy a po použitých programech

***********

Vložte nový log ze RSIT a řekněte co počítač, jak se chová, už je vše v pořádku?

leos · #13 Příspěvek od **leos** » 04 kvě 2011 21:04

Myslím, že pc se jeví ok. díky moc.

info.txt logfile of random's system information tool 1.08 2011-05-04 21:55:56

======Uninstall list======

Update for Microsoft Office 2007 (KB2508958)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}
-->C:\Program Files (x86)\InstallShield Installation Information\{98768626-C30D-49CA-A7C7-35722E439F6E}\Setup.exe -runfromtemp -l0x0405 /removeonly
µTorrent-->"C:\Program Files (x86)\uTorrent\uTorrent.exe" /UNINSTALL
Adobe Acrobat X Pro - English, Français, Deutsch-->MsiExec.exe /I{AC76BA86-1033-F400-7760-000000000005}
Adobe AIR-->C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}
Adobe Community Help-->msiexec /qb /x {0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}
Adobe Community Help-->MsiExec.exe /I{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}
Adobe Creative Suite 5 Master Collection-->C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\core\PDApp.exe --appletID="DWA_UI" --appletVersion="1.0" --mode="Uninstall" --mediaSignature="{952D88D2-3E6F-4E40-8553-8070FEFCE5CD}"
Adobe Download Assistant-->msiexec /qb /x {66336E9B-5482-B5FB-94F0-405874EE3541}
Adobe Download Assistant-->MsiExec.exe /I{66336E9B-5482-B5FB-94F0-405874EE3541}
Adobe Flash Player 10 ActiveX-->C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10l_ActiveX.exe -maintain activex
Adobe Flash Player 10 Plugin-->C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10p_Plugin.exe -maintain plugin
Adobe Media Player-->msiexec /qb /x {DE3A9DC5-9A5D-6485-9662-347162C7E4CA}
Adobe Media Player-->MsiExec.exe /I{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}
Adobe Photoshop Lightroom 3.4 64-bit-->MsiExec.exe /I{1D5CE83C-BFDD-4668-8BCB-E8614334A657}
Aktualizace ovladače pro aplikaci Centrum zařízení Windows Mobile-->MsiExec.exe /X{92DBCA36-9B41-4DD1-941A-AED149DD37F0}
Aktualizace produktu Microsoft Office Excel 2007 Help (KB963678)-->msiexec /package {90120000-0016-0405-0000-0000000FF1CE} /uninstall {0A1FAC46-B899-421D-B1A2-470896DC45DB}
Aktualizace produktu Microsoft Office Powerpoint 2007 Help (KB963669)-->msiexec /package {90120000-0018-0405-0000-0000000FF1CE} /uninstall {5260BB53-C1F7-4A3B-9AEB-3EC9B37FF194}
Aktualizace produktu Microsoft Office Word 2007 Help (KB963665)-->msiexec /package {90120000-001B-0405-0000-0000000FF1CE} /uninstall {E68DD413-B834-4923-8181-0A03B7555187}
Apple Application Support-->MsiExec.exe /I{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
ASUS Splendid Video Enhancement Technology-->MsiExec.exe /I{0969AF05-4FF6-4C00-9406-43599238DE0D}
ATI Catalyst Install Manager-->msiexec /q/x{F8597D20-ACC7-FD03-56FA-23894108BA06} REBOOT=ReallySuppress
ATK Generic Function Service-->C:\Program Files (x86)\InstallShield Installation Information\{D3D54F3E-C5C3-443D-978F-87A72E5616E8}\SETUP.exe -runfromtemp -l0x0009 -removeonly
ATK Hotkey-->MsiExec.exe /I{7C05592D-424B-46CB-B505-E0013E8E75C9}
ATK Media-->MsiExec.exe /I{D1E5870E-E3E5-4475-98A6-ADD614524ADF}
ATKOSD2-->MsiExec.exe /I{3B05F2FB-745B-4012-ADF2-439F36B2E70B}
AuthenTec TrueSuite-->MsiExec.exe /X{3C81B6D3-9E2C-4A06-8FDE-3FAC39E3E45D}
Cain & Abel v4.9.40-->C:\PROGRA~2\Cain\UNINSTAL.EXE C:\PROGRA~2\Cain\Install.log
Camera Control Pro 2-->MsiExec.exe /X{FE96C49B-DB90-405E-A00E-09E38372F880}
Capture NX 2-->C:\Program Files (x86)\Nikon\Capture NX 2\uninstall.exe
CCleaner-->"C:\Program Files\CCleaner\uninst.exe"
Centrum zařízení Windows Mobile-->MsiExec.exe /X{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}
CorelDRAW Graphics Suite X3-->MsiExec.exe /I{7C5123A9-30A8-4C44-89CA-A8C87A1FCC91}
CZ-->MsiExec.exe /I{CCF7074B-BE72-44E1-9CAC-3FFAC582C692}
D3DX10-->MsiExec.exe /X{E09C4DB7-630C-4F06-A631-8EA7239923AF}
FontNav-->MsiExec.exe /I{4E98F23B-1328-4322-A6EC-2EDC8FC3A4FE}
Google Earth-->MsiExec.exe /X{C768790F-04FB-11E0-9B2C-001AA037B01E}
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
ioCentre4D-->C:\Program Files (x86)\InstallShield Installation Information\{36E782E5-95A5-4B32-B493-DA05F9A6B560}\setup.exe -runfromtemp -l0x0009 -removeonly
IrfanView (remove only)-->C:\Program Files (x86)\IrfanView\iv_uninstall.exe
ITECIR-->C:\Program Files (x86)\InstallShield Installation Information\{40580068-9B10-40B5-9548-536CE88AB23C}\SETUP.exe -runfromtemp -l0x0005 -removeonly
Java(TM) 6 Update 24-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216022FF}
KeePass Password Safe 2.08-->"C:\Program Files (x86)\KeePass Password Safe 2\unins000.exe"
KONICA MINOLTA bizhub C20 (FAX)-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{19238942-A1D2-451F-A338-9A44559671FA}\Setup.exe" -l0x5
KONICA MINOLTA bizhub C20 Scanner-->C:\Program Files (x86)\InstallShield Installation Information\{98768626-C30D-49CA-A7C7-35722E439F6E}\Setup.exe -runfromtemp -l0x0405 /removeonly
Malwarebytes' Anti-Malware-->"C:\Program Files (x86)\Malwarebytes' Anti-Malware\unins000.exe"
Mesh Runtime-->MsiExec.exe /I{8C6D6116-B724-4810-8F2D-D047E6B7D68E}
Microsoft .NET Framework 4 Client Profile CSY Language Pack-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\ClientLP\Setup.exe /repair /x86 /x64 /lcid 1029 /parameterfolder ClientLP
Microsoft .NET Framework 4 Client Profile CSY Language Pack-->MsiExec.exe /X{790E02A1-145A-3843-8C13-A4F41C9B48B7}
Microsoft .NET Framework 4 Client Profile-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\Setup.exe /repair /x86 /x64 /parameterfolder Client
Microsoft .NET Framework 4 Client Profile-->MsiExec.exe /X{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}
Microsoft Antimalware Service CS-CZ Language Pack-->MsiExec.exe /X{7B1AF68B-4606-4152-9991-1E9D4FF5F0FA}
Microsoft Antimalware Service CS-CZ Language Pack-->MsiExec.exe /X{F6197679-051D-4E3E-9757-4D5CDA6D658B}
Microsoft Antimalware-->MsiExec.exe /X{774088D4-0777-4D78-904D-E435B318F5D2}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0015-0405-0000-0000000FF1CE} /uninstall {1FC5BC34-0301-40D2-9432-05BA220277B8}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0016-0405-0000-0000000FF1CE} /uninstall {1FC5BC34-0301-40D2-9432-05BA220277B8}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0018-0405-0000-0000000FF1CE} /uninstall {1FC5BC34-0301-40D2-9432-05BA220277B8}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0019-0405-0000-0000000FF1CE} /uninstall {1FC5BC34-0301-40D2-9432-05BA220277B8}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001A-0405-0000-0000000FF1CE} /uninstall {1FC5BC34-0301-40D2-9432-05BA220277B8}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001B-0405-0000-0000000FF1CE} /uninstall {1FC5BC34-0301-40D2-9432-05BA220277B8}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-002A-0000-1000-0000000FF1CE} /uninstall {E64BA721-2310-4B55-BE5A-2925F9706192}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-002A-0405-1000-0000000FF1CE} /uninstall {E12F9D31-4025-4BC6-B1B2-AB262C5580B0}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0044-0405-0000-0000000FF1CE} /uninstall {1FC5BC34-0301-40D2-9432-05BA220277B8}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-0405-0000-0000000FF1CE} /uninstall {E12F9D31-4025-4BC6-B1B2-AB262C5580B0}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00A1-0405-0000-0000000FF1CE} /uninstall {1FC5BC34-0301-40D2-9432-05BA220277B8}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00BA-0405-0000-0000000FF1CE} /uninstall {1FC5BC34-0301-40D2-9432-05BA220277B8}
Microsoft Office Access MUI (Czech) 2007-->MsiExec.exe /X{90120000-0015-0405-0000-0000000FF1CE}
Microsoft Office Enterprise 2007-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (Czech) 2007-->MsiExec.exe /X{90120000-0016-0405-0000-0000000FF1CE}
Microsoft Office Groove MUI (Czech) 2007-->MsiExec.exe /X{90120000-00BA-0405-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (Czech) 2007-->MsiExec.exe /X{90120000-0044-0405-0000-0000000FF1CE}
Microsoft Office Office 64-bit Components 2007-->MsiExec.exe /X{90120000-002A-0000-1000-0000000FF1CE}
Microsoft Office OneNote MUI (Czech) 2007-->MsiExec.exe /X{90120000-00A1-0405-0000-0000000FF1CE}
Microsoft Office Outlook MUI (Czech) 2007-->MsiExec.exe /X{90120000-001A-0405-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (Czech) 2007-->MsiExec.exe /X{90120000-0018-0405-0000-0000000FF1CE}
Microsoft Office Proof (Czech) 2007-->MsiExec.exe /X{90120000-001F-0405-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Slovak) 2007-->MsiExec.exe /X{90120000-001F-041B-0000-0000000FF1CE}
Microsoft Office Proofing (Czech) 2007-->MsiExec.exe /X{90120000-002C-0405-0000-0000000FF1CE}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0405-0000-0000000FF1CE} /uninstall {294B4278-CF7B-40B9-86A1-2D3FF0C2C524}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {A0516415-ED61-419A-981D-93596DA74165}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-041B-0000-0000000FF1CE} /uninstall {10EC59E5-9BCE-4884-BB1A-E28627220232}
Microsoft Office Publisher MUI (Czech) 2007-->MsiExec.exe /X{90120000-0019-0405-0000-0000000FF1CE}
Microsoft Office Shared 64-bit MUI (Czech) 2007-->MsiExec.exe /X{90120000-002A-0405-1000-0000000FF1CE}
Microsoft Office Shared MUI (Czech) 2007-->MsiExec.exe /X{90120000-006E-0405-0000-0000000FF1CE}
Microsoft Office Word MUI (Czech) 2007-->MsiExec.exe /X{90120000-001B-0405-0000-0000000FF1CE}
Microsoft Security Client CS-CZ Language Pack-->MsiExec.exe /I{FCAB9F73-BF5D-4E3D-92E7-B0F35C568F20}
Microsoft Security Client-->MsiExec.exe /I{E77543EE-6FB5-4FF6-AB70-635392C8C756}
Microsoft Security Essentials-->C:\Program Files\Microsoft Security Client\Setup.exe /x
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053-->MsiExec.exe /X{B6E3757B-5E77-3915-866A-CCFC4B8D194C}
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable - KB2467175-->MsiExec.exe /X{a0fe116e-9a8a-466f-aee0-625cb7c207e3}
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175-->MsiExec.exe /X{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}
Microsoft Visual C++ 2005 Redistributable (x64)-->MsiExec.exe /X{071c9b48-7c32-4621-a0ac-3f809523288f}
Microsoft Visual C++ 2005 Redistributable (x64)-->MsiExec.exe /X{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148-->MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570-->MsiExec.exe /X{8338783A-0968-3B85-AFC7-BAAE0A63DC50}
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570-->MsiExec.exe /X{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148-->MsiExec.exe /X{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft_VC80_ATL_x86_x64-->MsiExec.exe /I{056B9C5B-2E8D-4EBC-941C-06C78A30ABB3}
Microsoft_VC80_ATL_x86_x64-->MsiExec.exe /I{925D058B-564A-443A-B4B2-7E90C6432E55}
Microsoft_VC80_ATL_x86-->MsiExec.exe /I{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}
Microsoft_VC80_ATL_x86-->MsiExec.exe /I{CB07E706-5DD7-4093-83A1-1430D5B6FA75}
Microsoft_VC80_CRT_x86_x64-->MsiExec.exe /I{3D46855F-7B71-4CF7-A270-62E0E4F05037}
Microsoft_VC80_CRT_x86_x64-->MsiExec.exe /I{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}
Microsoft_VC80_CRT_x86-->MsiExec.exe /I{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}
Microsoft_VC80_CRT_x86-->MsiExec.exe /I{D7BF3B76-EEF9-4868-9B2B-42ABF60B279A}
Microsoft_VC80_MFC_x86_x64-->MsiExec.exe /I{47A70BC0-BB3E-468B-9E01-56CCD6F2A911}
Microsoft_VC80_MFC_x86_x64-->MsiExec.exe /I{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}
Microsoft_VC80_MFC_x86-->MsiExec.exe /I{8AE28FB8-B8AE-4B58-A5FE-77F45E462BAE}
Microsoft_VC80_MFC_x86-->MsiExec.exe /I{D1A19B02-817E-4296-A45B-07853FD74D57}
Microsoft_VC80_MFCLOC_x86_x64-->MsiExec.exe /I{138D2BE4-7981-4F34-BA23-81B6B99D0DE6}
Microsoft_VC80_MFCLOC_x86_x64-->MsiExec.exe /I{1E9FC118-651D-4934-97BE-E53CAE5C7D45}
Microsoft_VC80_MFCLOC_x86-->MsiExec.exe /I{7FF0ACFE-4346-4D9D-B822-C69B99AAE1FC}
Microsoft_VC80_MFCLOC_x86-->MsiExec.exe /I{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}
Microsoft_VC90_ATL_x86_x64-->MsiExec.exe /I{8557397C-A42D-486F-97B3-A2CBC2372593}
Microsoft_VC90_ATL_x86-->MsiExec.exe /I{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}
Microsoft_VC90_CRT_x86_x64-->MsiExec.exe /I{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}
Microsoft_VC90_CRT_x86-->MsiExec.exe /I{08D2E121-7F6A-43EB-97FD-629B44903403}
Microsoft_VC90_MFC_x86_x64-->MsiExec.exe /I{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}
Microsoft_VC90_MFC_x86-->MsiExec.exe /I{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}
Mozilla Firefox 4.0.1 (x86 cs)-->C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe
MSVCRT-->MsiExec.exe /I{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
Nikon Message Center 2-->MsiExec.exe /X{B014EE44-9197-4513-9613-71E6EB1B514E}
Nikon Message Center-->MsiExec.exe /X{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}
Ovládací prvek ActiveX platformy Windows Live Mesh pro vzdálená připojení-->MsiExec.exe /I{B6190387-0036-4BEB-8D74-A0AFC5F14706}
PDF Settings CS5-->MsiExec.exe /I{A78FE97A-C0C8-49CE-89D0-EDD524A17392}
Photomatix Pro version 3.2.9-->"C:\Program Files (x86)\PhotomatixPro3\unins000.exe"
Photomatix Pro version 4.0-->"C:\Program Files (x86)\PhotomatixPro4\unins000.exe"
Picture Control Utility-->MsiExec.exe /X{87441A59-5E64-4096-A170-14EFE67200C3}
PowerISO-->"C:\Program Files (x86)\PowerISO\uninstall.exe"
PSPad editor-->"C:\Program Files (x86)\PSPad editor\Uninst\unins000.exe"
PxMergeModule-->MsiExec.exe /I{024521CF-C07E-4F8E-8481-0D75695E03AF}
QuickTime-->MsiExec.exe /I{E7004147-2CCA-431C-AA05-2AB166B9785D}
RealNetworks - Microsoft Visual C++ 2008 Runtime-->MsiExec.exe /X{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}
RealPlayer-->C:\Program Files (x86)\Real\RealPlayer\Update\r1puninst.exe RealNetworks|RealPlayer|12.0
Realtek HDMI Audio Driver for ATI-->C:\Program Files\Realtek\Audio\HDA\RtkUpd64.exe -k -m -nrg2709
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -removeonly
RealUpgrade 1.1-->MsiExec.exe /I{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.55.03-->"C:\Program Files (x86)\InstallShield Installation Information\{59F6A514-9813-47A3-948C-8A155460CC2A}\setup.exe" -runfromtemp -l0x0009 anything -removeonly
Security Update for 2007 Microsoft Office System (KB2288621)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {5C497F0B-2061-4CC9-A61C-6B45B867354D}
Security Update for 2007 Microsoft Office System (KB2288931)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {CD769337-C8AC-46DB-A7DC-643E50089263}
Security Update for 2007 Microsoft Office System (KB2345043)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {536FB502-775F-4494-BACE-C02CC90B7A5B}
Security Update for 2007 Microsoft Office System (KB2466156)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {CEF209AB-F96D-404F-B5CC-44057C057CA3}
Security Update for 2007 Microsoft Office System (KB2509488)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {AD0DE453-0804-4495-9C91-33D0F9AA5463}
Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
Security Update for 2007 Microsoft Office System (KB976321)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {7F207DCA-3399-40CB-A968-6E5991B1421A}
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)-->c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {FD8D7C9A-E56A-3E7B-BA6D-FE68F13296E3} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)-->c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {F66C3466-1FDB-347C-B3AE-FB6C50627B10} /parameterfolder Client
Security Update for Microsoft Office Access 2007 (KB979440)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {1142CCEC-ACA9-484B-BA90-C3A5CA1988C5}
Security Update for Microsoft Office Access 2007 (KB979440)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {5A4E43D5-858F-49BD-BA72-8F30E1793060}
Security Update for Microsoft Office Excel 2007 (KB2464583)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {151E2FEA-C3A6-4CB6-BE6B-16651FDF04BE}
Security Update for Microsoft Office Groove 2007 (KB2494047)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {B91E2AEC-7F93-4E33-ACF6-EC90640CBE4F}
Security Update for Microsoft Office InfoPath 2007 (KB979441)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {1109D0B3-EFA3-4553-AAED-4C3E9AD130E8}
Security Update for Microsoft Office InfoPath 2007 (KB979441)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {8CCB781A-CF6B-4FCB-B6D8-59C64DF5C6DB}
Security Update for Microsoft Office PowerPoint 2007 (KB2464594)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {E6B7C11E-21E9-4BA0-9677-29AD603B953C}
Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {D75E6D0C-BADF-4F41-98B2-0C0F02C15062}
Security Update for Microsoft Office Publisher 2007 (KB2284697)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {3A4CDE54-2403-483D-8D9A-15E3264410DF}
Security Update for Microsoft Office system 2007 (972581)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {3D019598-7B59-447A-80AE-815B703B84FF}
Security Update for Microsoft Office system 2007 (KB974234)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {FCD742B9-7A55-44BC-A776-F795F21FEDDC}
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {71127777-8B2C-4F97-AF7A-6CF8CAC8224D}
Security Update for Microsoft Office Word 2007 (KB2344993)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {7A5B74FA-7A92-4FC9-821A-2DD5D4E73E48}
Skype™ 5.0-->MsiExec.exe /X{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}
Software Bluetooth WIDCOMM-->MsiExec.exe /X{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}
Synaptics Pointing Device Driver-->rundll32.exe "%ProgramFiles%\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
TopStyle (Version 3)-->C:\PROGRA~2\Bradbury\TOPSTY~1\UNWISE.EXE C:\PROGRA~2\Bradbury\TOPSTY~1\INSTALL.LOG
Total Commander (Remove or Repair)-->c:\totalcmd\tcuninst.exe
Update for 2007 Microsoft Office System (KB2284654)-->msiexec /package {90120000-002A-0000-1000-0000000FF1CE} /uninstall {FB166E7C-8AA6-48C8-B726-1F25BEE7825A}
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for Microsoft Office OneNote 2007 (KB980729)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {329050A9-EF80-40F9-B633-74508F54C1FF}
Update for Microsoft Office Outlook 2007 (KB2509470)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {EE6BBE8B-DCC9-4A46-BF00-455F3C8ECE69}
Update for Outlook 2007 Junk Email Filter (KB2522999)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {CC8A81F7-5A36-4DE9-ABB3-5499132062C5}
Update Manager-->MsiExec.exe /I{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}
VBA-->MsiExec.exe /I{C94E45B0-6AA6-4FB9-9AAE-22085F631880}
ViewNX 2-->MsiExec.exe /X{DDD62492-32A7-412B-8AF1-2CF032AD42E3}
Watchtower Library 2009 - česky-->C:\Program Files (x86)\Watchtower\Watchtower Library 2009\B\uninst.exe
Winamp-->"C:\Program Files (x86)\Winamp\UninstWA.exe"
Windows Installer Clean Up-->MsiExec.exe /X{121634B0-2F4B-11D3-ADA3-00C04F52DD52}
Windows Live Communications Platform-->MsiExec.exe /I{D45240D3-B6B3-4FF9-B243-54ECE3E10066}
Windows Live Essentials-->C:\Program Files (x86)\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{FE62C88B-425B-4BDE-8B70-CD5AE3B83176}
Windows Live ID Sign-in Assistant-->MsiExec.exe /I{1B8ABA62-74F0-47ED-B18C-A43128E591B8}
Windows Live Installer-->MsiExec.exe /I{0B0F231F-CE6A-483D-AA23-77B364F75917}
Windows Live Language Selector-->MsiExec.exe /I{D07A61E5-A59C-433C-BCBD-22025FA2287B}
Windows Live Mesh-->MsiExec.exe /I{80E8C65A-8F70-4585-88A2-ABC54BABD576}
Windows Live Mesh-->MsiExec.exe /I{DECDCB7C-58CC-4865-91AF-627F9798FE48}
Windows Live PIMT Platform-->MsiExec.exe /I{83C292B7-38A5-440B-A731-07070E81A64F}
Windows Live Remote Client Resources-->MsiExec.exe /I{3921492E-82D2-4180-8124-E347AD2F2DB4}
Windows Live Remote Client-->MsiExec.exe /I{DF6D988A-EEA0-4277-AAB8-158E086E439B}
Windows Live Remote Service Resources-->MsiExec.exe /I{34384A2A-2CA2-4446-AB0E-1F360BA2AAC5}
Windows Live Remote Service-->MsiExec.exe /I{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}
Windows Live SOXE Definitions-->MsiExec.exe /I{200FEC62-3C34-4D60-9CE8-EC372E01C08F}
Windows Live SOXE-->MsiExec.exe /I{682B3E4F-696A-42DE-A41C-4C07EA1678B4}
Windows Live UX Platform Language Pack-->MsiExec.exe /I{1DA6D447-C54D-4833-84D4-3EA31CAECE9B}
Windows Live UX Platform-->MsiExec.exe /I{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
Windows Resource Kit Tools - SubInAcl.exe-->MsiExec.exe /X{D3EE034D-5B92-4A55-AA02-2E6D0A6A96EE}
WinPcap 4.1.2-->C:\Program Files (x86)\WinPcap\uninstall.exe
Wireless Console 2-->C:\Program Files (x86)\InstallShield Installation Information\{83F73CB1-7705-49D1-9852-84D839CA2A45}\setup.exe -runfromtemp -l0x0009 -removeonly

======System event log======

Computer Name: leos-NB
Event Code: 14206
Message: Server médií LEOS-NB: leos: byl úspěšně inicializován a sdílí média se síťovými zařízeními médií.
Record Number: 49705
Source Name: Microsoft-Windows-WMPNSS-Service
Time Written: 20101216094031.000000-000
Event Type: Informace
User:

Computer Name: leos-NB
Event Code: 7036
Message: Stav služby Centrum zabezpečení byl změněn na: Spuštěno
Record Number: 49704
Source Name: Service Control Manager
Time Written: 20101216094027.859543-000
Event Type: Informace
User:

Computer Name: leos-NB
Event Code: 7036
Message: Stav služby Hostitel zařízení UPnP byl změněn na: Spuštěno
Record Number: 49703
Source Name: Service Control Manager
Time Written: 20101216094027.266742-000
Event Type: Informace
User:

Computer Name: leos-NB
Event Code: 7036
Message: Stav služby Služba Windows Media Player Network Sharing byl změněn na: Spuštěno
Record Number: 49702
Source Name: Service Control Manager
Time Written: 20101216094023.273135-000
Event Type: Informace
User:

Computer Name: leos-NB
Event Code: 14204
Message: Služba WMPNetworkSvc byla spuštěna.
Record Number: 49701
Source Name: Microsoft-Windows-WMPNSS-Service
Time Written: 20101216094023.000000-000
Event Type: Informace
User:

=====Application event log=====

Computer Name: 37L4247E29-32
Event Code: 1001
Message: Chybný blok , typ 0
Název události: PnPDriverNotFound
Reakce: Není k dispozici
ID souboru CAB: 0

Podpis problému:
P1: x64
P2: ACPI\ATK0100
P3:
P4:
P5:
P6:
P7:
P8:
P9:
P10:

Připojené soubory:
C:\Windows\Temp\DMIBC5B.tmp.log.xml

Tyto soubory mohou být k dispozici zde:
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_x64_d4a99e8e3cb284c21dcc14fa73286c8c8f3f5f25_cab_07c5bcd8

Symbol analýzy:
Opětovné hledání řešení: 0
ID hlášení: 8f0cea56-a613-11df-92f7-e4d6db687d54
Stav hlášení: 6
Record Number: 5
Source Name: Windows Error Reporting
Time Written: 20100812131438.000000-000
Event Type: Informace
User:

Computer Name: 37L4247E29-32
Event Code: 5617
Message: Windows Management Instrumentation Service subsystems initialized successfully
Record Number: 4
Source Name: Microsoft-Windows-WMI
Time Written: 20100812131352.000000-000
Event Type: Informace
User:

Computer Name: 37L4247E29-32
Event Code: 5615
Message: Windows Management Instrumentation Service started sucessfully
Record Number: 3
Source Name: Microsoft-Windows-WMI
Time Written: 20100812131347.000000-000
Event Type: Informace
User:

Computer Name: 37L4247E29-32
Event Code: 1531
Message: Služba Profil uživatele byla úspěšně spuštěna.

Record Number: 2
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20100812131341.614896-000
Event Type: Informace
User: NT AUTHORITY\SYSTEM

Computer Name: 37L4247E29-32
Event Code: 4625
Message: Subsystém EventSystem zabraňuje vytváření duplicitních záznamů v protokolu událostí po dobu 86400 sekund. Tuto dobu lze změnit pomocí hodnoty REG_DWORD s názvem SuppressDuplicateDuration v následujícím klíči registru: HKLM\Software\Microsoft\EventSystem\EventLog.
Record Number: 1
Source Name: Microsoft-Windows-EventSystem
Time Written: 20100812131341.000000-000
Event Type: Informace
User:

=====Security event log=====

Computer Name: leos-NB
Event Code: 4624
Message: Účet byl úspěšně přihlášen.

Předmět:
ID zabezpečení: S-1-0-0
Název účtu: -
Doména účtu: -
ID přihlášení: 0x0

Typ přihlášení: 3

Nové přihlášení:
ID zabezpečení: S-1-5-7
Název účtu: ANONYMOUS LOGON
Doména účtu: NT AUTHORITY
ID přihlášení: 0x1eb9c1
GUID přihlášení: {00000000-0000-0000-0000-000000000000}

Informace o procesu:
ID procesu: 0x0
Název procesu: -

Informace o síti:
Název pracovní stanice: HOME-PC
Adresa zdrojové sítě 192.168.1.2
Zdrojový port: 50008

Podrobné informace o ověření:
Proces přihlášení: NtLmSsp
Balíček ověření: NTLM
Přenosové služby: -
Název balíčku (pouze NTLM): NTLM V1
Délka klíče: 128

Tato událost je generována po vytvoření relace přihlášení. Je generována v počítači, ke kterému byl získán přístup.

Pole s předmětem označují účet v místním systému, který požadoval přihlášení. Jedná se nejčastěji o službu, například službu serveru nebo místní proces, například Winlogon.exe nebo Services.exe.

Pole Typ přihlášení označuje, k jakému typu přihlášení došlo. Nejběžnější typy jsou 2 (interaktivní) a 3 (síť).

Pole Nové přihlášení označují účet, pro který bylo nové přihlášení vytvořeno, tj. účet, který byl přihlášen.

Pole Síť označují původ požadavku na vzdálené přihlášení. Název pracovní stanice není vždy k dispozici a v některých případech může být toto pole prázdné.

Pole s informacemi o ověření poskytují podrobné informace o tomto konkrétním požadavku na přihlášení.
- GUID přihlášení je jednoznačný identifikátor, který je možné použít ke spojení této události s událostí KDC.
- Přenosové služby označují, které pomocné služby se podílely na tomto požadavku na přihlášení.
- Název balíčku označuje, který dílčí protokol z protokolů NTLM byl použit.
- Délka klíče označuje délku generovaného klíče relace. Tato hodnota bude 0, pokud nebyl požadován žádný klíč relace.
Record Number: 22819
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20101213161218.010497-000
Event Type: Úspěšný audit
User:

Computer Name: leos-NB
Event Code: 4624
Message: Účet byl úspěšně přihlášen.

Předmět:
ID zabezpečení: S-1-0-0
Název účtu: -
Doména účtu: -
ID přihlášení: 0x0

Typ přihlášení: 3

Nové přihlášení:
ID zabezpečení: S-1-5-7
Název účtu: ANONYMOUS LOGON
Doména účtu: NT AUTHORITY
ID přihlášení: 0x1eb936
GUID přihlášení: {00000000-0000-0000-0000-000000000000}

Informace o procesu:
ID procesu: 0x0
Název procesu: -

Informace o síti:
Název pracovní stanice: HOME-PC
Adresa zdrojové sítě 192.168.1.2
Zdrojový port: 50007

Podrobné informace o ověření:
Proces přihlášení: NtLmSsp
Balíček ověření: NTLM
Přenosové služby: -
Název balíčku (pouze NTLM): NTLM V1
Délka klíče: 128

Tato událost je generována po vytvoření relace přihlášení. Je generována v počítači, ke kterému byl získán přístup.

Pole s předmětem označují účet v místním systému, který požadoval přihlášení. Jedná se nejčastěji o službu, například službu serveru nebo místní proces, například Winlogon.exe nebo Services.exe.

Pole Typ přihlášení označuje, k jakému typu přihlášení došlo. Nejběžnější typy jsou 2 (interaktivní) a 3 (síť).

Pole Nové přihlášení označují účet, pro který bylo nové přihlášení vytvořeno, tj. účet, který byl přihlášen.

Pole Síť označují původ požadavku na vzdálené přihlášení. Název pracovní stanice není vždy k dispozici a v některých případech může být toto pole prázdné.

Pole s informacemi o ověření poskytují podrobné informace o tomto konkrétním požadavku na přihlášení.
- GUID přihlášení je jednoznačný identifikátor, který je možné použít ke spojení této události s událostí KDC.
- Přenosové služby označují, které pomocné služby se podílely na tomto požadavku na přihlášení.
- Název balíčku označuje, který dílčí protokol z protokolů NTLM byl použit.
- Délka klíče označuje délku generovaného klíče relace. Tato hodnota bude 0, pokud nebyl požadován žádný klíč relace.
Record Number: 22818
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20101213161217.970495-000
Event Type: Úspěšný audit
User:

Computer Name: leos-NB
Event Code: 5061
Message: Kryptografická operace.

Předmět:
ID zabezpečení: S-1-5-19
Název účtu: LOCAL SERVICE
Doména účtu: NT AUTHORITY
ID přihlášení: 0x3e5

Kryptografické parametry:
Název poskytovatele: Microsoft Software Key Storage Provider
Název algoritmu: RSA
Název klíče: dff13fcf-99eb-4d65-be3d-752ca0530ef7
Typ klíče: Klíč počítače

Kryptografická operace:
Operace: Otevřít klíč
Návratový kód: 0x0
Record Number: 22817
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20101213160915.212042-000
Event Type: Úspěšný audit
User:

Computer Name: leos-NB
Event Code: 5058
Message: Operace se souborem klíče.

Předmět:
ID zabezpečení: S-1-5-19
Název účtu: LOCAL SERVICE
Doména účtu: NT AUTHORITY
ID přihlášení: 0x3e5

Kryptografické parametry:
Název poskytovatele: Microsoft Software Key Storage Provider
Název algoritmu: Není k dispozici.
Název klíče: dff13fcf-99eb-4d65-be3d-752ca0530ef7
Typ klíče: Klíč počítače

Informace o operaci se souborem klíče:
Cesta k souboru: C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\eff743e5fdcdda0e71af23ee4e60e069_6ba77665-c249-4f12-a910-3337d228b545
Operace: Čtení trvalého klíče ze souboru
Návratový kód: 0x0
Record Number: 22816
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20101213160915.212042-000
Event Type: Úspěšný audit
User:

Computer Name: leos-NB
Event Code: 4634
Message: Účet byl odhlášen.

Předmět:
ID zabezpečení: S-1-5-7
Název účtu: ANONYMOUS LOGON
Doména účtu: NT AUTHORITY
ID přihlášení: 0x1e3c48

Typ přihlášení: 3

Tato událost je generována, pokud je zničena relace přihlášení. Může být spojena s událostí přihlášení pomocí hodnoty ID přihlášení. Hodnoty ID přihlášení jsou jednoznačné pouze v rámci jednotlivých restartů stejného počítače.
Record Number: 22815
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20101213160758.377647-000
Event Type: Úspěšný audit
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\wbem;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0;C:\Program Files\WIDCOMM\Bluetooth Software;C:\Program Files\WIDCOMM\Bluetooth Software\syswow64;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\QuickTime\QTSystem
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=AMD64
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\
"NUMBER_OF_PROCESSORS"=2
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=Intel64 Family 6 Model 23 Stepping 6, GenuineIntel
"PROCESSOR_REVISION"=1706
"ERRORLOGPATH"=C:\Program Files\TrueSuite\Logging
"NLOG_GLOBAL_CONFIG_FILE"=C:\Program Files\TrueSuite\TrueSuiteLog.config
"CLASSPATH"=.;C:\Program Files (x86)\QuickTime\QTSystem\QTJava.zip
"QTJAVA"=C:\Program Files (x86)\QuickTime\QTSystem\QTJava.zip

-----------------EOF-----------------

#14 Příspěvek od **motji** » 04 kvě 2011 21:12

Ještě poprosím o druhý log s názvem log.txt

leos · #15 Příspěvek od **leos** » 04 kvě 2011 21:30

Logfile of random's system information tool 1.08 (written by random/random)
Run by leos at 2011-05-04 21:55:30
Microsoft Windows 7 Ultimate Service Pack 1
System drive C: has 79 GB (49%) free of 163 GB
Total RAM: 4095 MB (52% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:55:54, on 4.5.2011
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Windows Live\Mesh\WLSync.exe
C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files\trend micro\leos.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.ihzsmsk.cz:3128
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Pomocná služba pro přihlášení ke službě Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
O4 - HKLM\..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [BTCentre] C:\Genius\ioCentre4D\gBTMouseTask.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Nikon Message Center 2] C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe -s
O4 - HKCU\..\Run: [ISUSPM Startup] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKCU\..\Run: [Adobe Acrobat Synchronizer] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\AdobeCollabSync.exe"
O4 - HKCU\..\Run: [WLSync] "C:\Program Files (x86)\Windows Live\Mesh\WLSync.exe" /background
O4 - HKCU\..\Run: [Google Update] "C:\Users\leos\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Odeslat obrázek do zařízení &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Odeslat stránku do zařízení &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Odeslat do zařízení Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Odeslat do zařízení &Bluetooth... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: ASLDR Service (ASLDRService) - ASUS - C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files (x86)\WinPcap\rpcapd.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 12253 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
winlogon.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
atieclxx
C:\Windows\system32\svchost.exe -k NetworkService
"C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe"
"C:\Program Files\ATKGFNEX\GFNEXSrv.exe"
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe"
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
WLIDSvcM.exe 1148
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"taskhost.exe"
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
taskeng.exe {47CC52D7-9B68-4D68-9403-691352EF6FF8}
"C:\Program Files (x86)\ASUS\Splendid\ACMON.exe"
"C:\Windows\SysWOW64\ACEngSvr.exe" -Embedding
"C:\Program Files\Wireless Console 2\wcourier.exe"
"C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe"
ATKOSD.exe
KBFiltr.exe
WDC.exe
"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
"C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
"C:\Windows\WindowsMobile\wmdc.exe"
"C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
"C:\Program Files\Synaptics\SynTP\SynAsus" /RegPlugIn
"C:\Program Files (x86)\Windows Live\Mesh\WLSync.exe" /background
C:\Windows\system32\svchost.exe -k WindowsMobile
"C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe"
"C:\Program Files (x86)\Windows Live\Mesh\MOE.exe" "Global\MOE_STARTUP_COMPLETE_146d973f-e241-434d-93ae-2bf832cd1640_leos" "Global\MOE_SHUTDOWN_146d973f-e241-434d-93ae-2bf832cd1640_leos"
"C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe" -Embedding
"C:\Program Files\Synaptics\SynTP\SynTPHelper.exe"
"C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe"
"C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe"
"C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe"
"C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start
"C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM"
"C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe"
"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
"C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe"
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe" 0
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
"C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe" -Embedding
"c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe"
"c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe"
"C:\Program Files\Windows Live\Mesh\wlcrasvc.exe"
"taskhost.exe"
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe"
"C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe" --channel=5584.f227be0.664955988 "C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll" "Mozilla.Firefox.4.0.1" -omnijar C:\Program Files (x86)\Mozilla Firefox\omni.jar 5584 \\.\pipe\gecko-crash-server-pipe.5584 plugin
C:\Windows\System32\svchost.exe -k WerSvcGroup
"C:\Users\leos\Desktop\RSITx64.exe"
C:\Windows\system32\wbem\wmiprvse.exe

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2479704082-1258413198-3447999778-1001Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2479704082-1258413198-3447999778-1001UA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 529280]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{074C1DC5-9320-4A9A-947D-C042949C6216}]
ContributeBHO Class - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll [2010-01-06 158720]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2011-01-30 62376]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocná služba pro přihlášení ke službě Windows Live ID - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 439168]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
Adobe PDF Conversion Toolbar Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2011-01-30 340384]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2011-02-09 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F4971EE7-DAA0-4053-9964-665D8EE6A077}]
SmartSelect Class - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2011-01-30 340384]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - Contribute Toolbar - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll [2010-01-06 158720]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2011-01-30 340384]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2010-08-12 8114720]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2010-08-12 1813288]
"AdobeAAMUpdater-1.0"=C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-09-16 497648]
"Windows Mobile Device Center"=C:\Windows\WindowsMobile\wmdc.exe [2007-05-31 660360]
"MSC"=c:\Program Files\Microsoft Security Client\msseces.exe [2010-11-30 1436224]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM Startup"=C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe [2005-08-11 249856]
"Adobe Acrobat Synchronizer"=C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\AdobeCollabSync.exe [2011-01-30 1219488]
"WLSync"=C:\Program Files (x86)\Windows Live\Mesh\WLSync.exe [2010-09-23 1448800]
"Google Update"=C:\Users\leos\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-12 136176]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"HControlUser"=C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe [2009-06-19 105016]
"ATKMEDIA"=C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe [2009-08-19 170624]
"ATKOSD2"=C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe [2009-08-17 6859392]
"GrooveMonitor"=C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [2008-10-25 31072]
"StartCCC"=C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2010-07-06 98304]
"BTCentre"=C:\Genius\ioCentre4D\gBTMouseTask.exe [2008-05-13 483328]
"QuickTime Task"=C:\Program Files (x86)\QuickTime\QTTask.exe [2010-09-08 421888]
"ISUSScheduler"=C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe [2005-08-11 81920]
"TkBellExe"=C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe [2010-11-25 274608]
"PWRISOVM.EXE"=C:\Program Files (x86)\PowerISO\PWRISOVM.EXE [2010-04-12 180224]
"SwitchBoard"=C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2009-12-15 515560]
"AdobeCS5ServiceManager"=C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [2010-01-08 392424]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-10-25 932288]
"Adobe Acrobat Speed Launcher"=C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [2011-01-30 36760]
"Acrobat Assistant 8.0"=C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [2011-01-30 821144]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2010-10-29 249064]
"Nikon Message Center 2"=C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe [2010-05-25 619008]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\system32\webcheck.dll [2011-03-15 249344]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"= []

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"= []

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.txt - open - "C:\Program Files (x86)\PSPad editor\PSPad.exe" "%1"

======List of files/folders created in the last 1 months======

2011-05-04 21:55:30 ----D---- C:\rsit
2011-05-04 21:55:30 ----D---- C:\Program Files\trend micro
2011-05-04 18:58:17 ----D---- C:\Windows\LastGood
2011-05-04 16:18:14 ----D---- C:\Users\leos\AppData\Roaming\Malwarebytes
2011-05-04 16:18:10 ----A---- C:\Windows\SYSWOW64\drivers\mbamswissarmy.sys
2011-05-04 16:18:09 ----D---- C:\ProgramData\Malwarebytes
2011-05-04 16:18:06 ----D---- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-05-04 16:18:06 ----A---- C:\Windows\system32\drivers\mbam.sys
2011-05-04 16:06:22 ----SHD---- C:\$RECYCLE.BIN
2011-05-04 15:59:10 ----D---- C:\Windows\temp
2011-05-04 14:58:45 ----D---- C:\Windows\ERDNT
2011-05-04 14:32:21 ----D---- C:\Program Files (x86)\Ultimate Process Manager
2011-05-04 14:23:39 ----D---- C:\Program Files\CCleaner
2011-05-04 13:53:49 ----A---- C:\Windows\wininit.ini
2011-05-04 11:47:08 ----D---- C:\ProgramData\Spybot - Search & Destroy
2011-05-04 11:47:08 ----D---- C:\Program Files (x86)\Spybot - Search & Destroy
2011-05-04 11:15:19 ----A---- C:\Windows\SYSWOW64\cmd.execf
2011-05-03 20:24:32 ----D---- C:\Users\leos\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
2011-05-03 20:24:03 ----D---- C:\Program Files (x86)\Adobe Download Assistant
2011-04-28 15:45:05 ----A---- C:\Windows\SYSWOW64\explorer.exe
2011-04-28 15:45:05 ----A---- C:\Windows\explorer.exe
2011-04-28 15:45:03 ----A---- C:\Windows\SYSWOW64\XpsPrint.dll
2011-04-28 15:45:03 ----A---- C:\Windows\system32\XpsPrint.dll
2011-04-28 15:42:51 ----A---- C:\Windows\system32\fsutil.exe
2011-04-28 15:42:51 ----A---- C:\Windows\system32\esent.dll
2011-04-28 15:42:50 ----A---- C:\Windows\SYSWOW64\esent.dll
2011-04-28 15:42:50 ----A---- C:\Windows\system32\drivers\ntfs.sys
2011-04-28 15:42:49 ----A---- C:\Windows\SYSWOW64\fsutil.exe
2011-04-28 15:42:49 ----A---- C:\Windows\system32\drivers\USBSTOR.SYS
2011-04-28 15:42:49 ----A---- C:\Windows\system32\drivers\storport.sys
2011-04-28 15:42:49 ----A---- C:\Windows\system32\drivers\nvstor.sys
2011-04-28 15:42:49 ----A---- C:\Windows\system32\drivers\nvraid.sys
2011-04-28 15:42:49 ----A---- C:\Windows\system32\drivers\iaStorV.sys
2011-04-28 15:42:49 ----A---- C:\Windows\system32\drivers\amdxata.sys
2011-04-28 15:42:49 ----A---- C:\Windows\system32\drivers\amdsata.sys
2011-04-28 15:42:29 ----A---- C:\Windows\system32\prevhost.exe
2011-04-28 15:42:28 ----A---- C:\Windows\SYSWOW64\prevhost.exe
2011-04-23 20:55:43 ----A---- C:\Windows\SYSWOW64\d3d10_1.dll
2011-04-23 20:55:43 ----A---- C:\Windows\system32\d3d10_1.dll
2011-04-20 16:47:46 ----D---- C:\Program Files (x86)\WinPcap
2011-04-20 16:47:05 ----D---- C:\Program Files (x86)\Cain
2011-04-15 12:32:17 ----A---- C:\Windows\system32\XpsGdiConverter.dll
2011-04-15 12:32:16 ----A---- C:\Windows\SYSWOW64\XpsGdiConverter.dll
2011-04-15 12:32:15 ----A---- C:\Windows\system32\win32k.sys
2011-04-15 12:32:13 ----A---- C:\Windows\system32\mfc42u.dll
2011-04-15 12:32:13 ----A---- C:\Windows\system32\mfc42.dll
2011-04-15 12:32:12 ----A---- C:\Windows\SYSWOW64\mfc42u.dll
2011-04-15 12:32:12 ----A---- C:\Windows\SYSWOW64\mfc42.dll
2011-04-15 12:32:10 ----A---- C:\Windows\system32\drivers\srvnet.sys
2011-04-15 12:32:10 ----A---- C:\Windows\system32\drivers\srv2.sys
2011-04-15 12:32:10 ----A---- C:\Windows\system32\drivers\srv.sys
2011-04-15 12:32:08 ----A---- C:\Windows\SYSWOW64\atmfd.dll
2011-04-15 12:32:08 ----A---- C:\Windows\system32\atmfd.dll
2011-04-15 12:32:07 ----A---- C:\Windows\SYSWOW64\atmlib.dll
2011-04-15 12:32:07 ----A---- C:\Windows\system32\atmlib.dll
2011-04-15 12:32:06 ----A---- C:\Windows\SYSWOW64\dnscacheugc.exe
2011-04-15 12:32:06 ----A---- C:\Windows\SYSWOW64\dnsapi.dll
2011-04-15 12:32:06 ----A---- C:\Windows\system32\dnsrslvr.dll
2011-04-15 12:32:06 ----A---- C:\Windows\system32\dnscacheugc.exe
2011-04-15 12:32:06 ----A---- C:\Windows\system32\dnsapi.dll
2011-04-15 12:32:05 ----A---- C:\Windows\SYSWOW64\inetcomm.dll
2011-04-15 12:32:05 ----A---- C:\Windows\system32\inetcomm.dll
2011-04-15 12:32:04 ----A---- C:\Windows\system32\winresume.exe
2011-04-15 12:32:04 ----A---- C:\Windows\system32\winload.exe
2011-04-15 12:32:03 ----A---- C:\Windows\system32\kdusb.dll
2011-04-15 12:32:03 ----A---- C:\Windows\system32\kdcom.dll
2011-04-15 12:32:03 ----A---- C:\Windows\system32\kd1394.dll
2011-04-15 12:31:52 ----A---- C:\Windows\system32\FXSCOVER.exe
2011-04-15 12:31:50 ----A---- C:\Windows\system32\drivers\mrxsmb20.sys
2011-04-15 12:31:50 ----A---- C:\Windows\system32\drivers\mrxsmb10.sys
2011-04-15 12:31:50 ----A---- C:\Windows\system32\drivers\mrxsmb.sys
2011-04-15 12:31:50 ----A---- C:\Windows\system32\drivers\bowser.sys

======List of files/folders modified in the last 1 months======

2011-05-04 21:55:30 ----RD---- C:\Program Files
2011-05-04 21:49:29 ----D---- C:\Windows
2011-05-04 21:45:51 ----SHD---- C:\System Volume Information
2011-05-04 21:45:12 ----D---- C:\Windows\system32\drivers
2011-05-04 21:38:27 ----D---- C:\Windows\System32
2011-05-04 21:38:27 ----A---- C:\Windows\system32\PerfStringBackup.INI
2011-05-04 21:38:26 ----D---- C:\Windows\inf
2011-05-04 19:18:34 ----D---- C:\Windows\system32\config
2011-05-04 18:58:17 ----D---- C:\Windows\system32\DriverStore
2011-05-04 18:58:17 ----D---- C:\Windows\system32\catroot
2011-05-04 16:18:10 ----D---- C:\Windows\SYSWOW64\drivers
2011-05-04 16:18:09 ----D---- C:\ProgramData
2011-05-04 16:18:06 ----RD---- C:\Program Files (x86)
2011-05-04 15:52:08 ----A---- C:\Windows\system.ini
2011-05-04 15:52:03 ----D---- C:\Windows\system32\drivers\etc
2011-05-04 15:50:35 ----D---- C:\Windows\SysWOW64
2011-05-04 15:48:41 ----D---- C:\Windows\AppPatch
2011-05-04 15:48:39 ----D---- C:\Program Files\Common Files
2011-05-04 15:48:39 ----D---- C:\Program Files (x86)\Common Files
2011-05-04 15:23:31 ----D---- C:\Windows\system32\Tasks
2011-05-04 15:08:46 ----D---- C:\Windows\Tasks
2011-05-04 14:26:24 ----D---- C:\Users\leos\AppData\Roaming\Winamp
2011-05-04 14:26:22 ----D---- C:\Users\leos\AppData\Roaming\uTorrent
2011-05-04 14:26:10 ----D---- C:\Windows\debug
2011-05-04 11:36:13 ----HD---- C:\Windows\system32\GroupPolicy
2011-05-04 10:49:02 ----D---- C:\Windows\system32\NDF
2011-05-04 09:33:02 ----D---- C:\Windows\Prefetch
2011-05-04 09:29:40 ----D---- C:\Windows\system32\catroot2
2011-05-03 20:42:46 ----SHD---- C:\Windows\Installer
2011-05-03 20:42:40 ----D---- C:\Windows\winsxs
2011-05-03 20:42:25 ----D---- C:\ProgramData\Adobe
2011-05-03 20:42:25 ----D---- C:\Program Files\Common Files\Adobe
2011-05-03 20:41:34 ----D---- C:\Program Files\Adobe
2011-05-03 20:40:05 ----D---- C:\Users\leos\AppData\Roaming\Adobe
2011-05-03 20:24:02 ----D---- C:\Program Files (x86)\Adobe
2011-05-03 19:06:06 ----D---- C:\Program Files (x86)\uTorrent
2011-05-02 13:28:18 ----D---- C:\Program Files (x86)\Mozilla Firefox
2011-05-01 12:46:49 ----D---- C:\Windows\rescache
2011-04-29 09:13:14 ----D---- C:\Windows\SYSWOW64\cs-CZ
2011-04-29 09:13:13 ----D---- C:\Windows\system32\cs-CZ
2011-04-22 10:47:13 ----D---- C:\Program Files (x86)\Microsoft Silverlight
2011-04-20 20:19:27 ----SD---- C:\ProgramData\Microsoft
2011-04-20 12:21:08 ----D---- C:\Users\leos\AppData\Roaming\Skype
2011-04-20 11:44:29 ----D---- C:\Users\leos\AppData\Roaming\skypePM
2011-04-18 16:22:44 ----A---- C:\Windows\system32\MRT.exe
2011-04-16 12:36:34 ----D---- C:\Windows\Microsoft.NET
2011-04-16 12:36:33 ----RSD---- C:\Windows\assembly
2011-04-15 13:20:46 ----D---- C:\Windows\system32\Boot
2011-04-15 13:18:51 ----D---- C:\ProgramData\Microsoft Help
2011-04-15 13:14:41 ----D---- C:\Program Files\Common Files\Microsoft Shared
2011-04-13 15:54:12 ----D---- C:\Program Files (x86)\KeePass Password Safe 2
2011-04-13 15:38:00 ----D---- C:\Program Files (x86)\Elaborate Bytes
2011-04-13 15:36:49 ----D---- C:\Program Files (x86)\SlySoft
2011-04-08 11:05:35 ----SD---- C:\Users\leos\AppData\Roaming\Microsoft

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 iaStor;Intel AHCI Controller; C:\Windows\system32\DRIVERS\iaStor.sys [2010-08-12 408600]
R0 PxHlpa64;PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2010-08-12 834544]
R0 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\drivers\vmbus.sys [2010-11-20 199552]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-20 514560]
R1 MpFilter;Microsoft Malware Protection Driver; C:\Windows\system32\DRIVERS\MpFilter.sys [2010-10-24 188928]
R1 SCDEmu;SCDEmu; C:\Windows\system32\drivers\SCDEmu.sys [2010-04-12 91568]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R2 ASMMAP64;ASMMAP64; \??\C:\Program Files\ATKGFNEX\ASMMAP64.sys [2007-07-24 14904]
R2 NPF;NetGroup Packet Filter Driver; C:\Windows\system32\drivers\npf.sys [2010-06-25 35344]
R2 rimmptsk;rimmptsk; C:\Windows\system32\DRIVERS\rimmpx64.sys [2008-06-24 65024]
R2 rimsptsk;rimsptsk; C:\Windows\system32\DRIVERS\rimspx64.sys [2007-07-26 55296]
R2 rismxdp;Ricoh xD-Picture Card Driver; C:\Windows\system32\DRIVERS\rixdpx64.sys [2007-07-27 57856]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\Windows\system32\DRIVERS\agrsm64.sys [2009-06-10 1146880]
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2010-07-07 7195648]
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2010-07-07 265728]
R3 ATSwpWDF;AuthenTec TruePrint USB WBF WDF Driver; C:\Windows\System32\Drivers\ATSwpWDF.sys [2009-08-21 716800]
R3 BthEnum;Ovladač pro Bluetooth Request Block; C:\Windows\system32\drivers\BthEnum.sys [2009-07-14 41984]
R3 BthPan;Zařízení Bluetooth (síť PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 118784]
R3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2010-11-20 80384]
R3 btwaudio;Bluetooth Audio Device Service; C:\Windows\system32\drivers\btwaudio.sys [2010-08-12 98344]
R3 btwavdt;Bluetooth AVDT; C:\Windows\system32\DRIVERS\btwavdt.sys [2010-08-12 132648]
R3 btwl2cap;Bluetooth L2CAP Service; C:\Windows\system32\DRIVERS\btwl2cap.sys [2010-08-12 35104]
R3 btwrchid;btwrchid; C:\Windows\system32\DRIVERS\btwrchid.sys [2010-08-12 21160]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2010-08-12 2002848]
R3 itecir;ITECIR Infrared Receiver; C:\Windows\system32\DRIVERS\itecir.sys [2009-03-09 60416]
R3 kbfiltr;Keyboard Filter; C:\Windows\system32\DRIVERS\kbfiltr.sys [2010-08-12 15416]
R3 MpNWMon;Microsoft Malware Protection Network Driver; C:\Windows\system32\DRIVERS\MpNWMon.sys [2010-10-24 40832]
R3 MTsensor;ATK0100 ACPI UTILITY; C:\Windows\system32\DRIVERS\ATK64AMD.sys [2007-08-09 13680]
R3 NETw5s64;Ovladač adaptéru Intel(R) Wireless WiFi Link pro systém Windows 7 64 Bit; C:\Windows\system32\DRIVERS\NETw5s64.sys [2009-09-15 6952960]
R3 NisDrv;Microsoft Network Inspection System; C:\Windows\system32\DRIVERS\NisDrvWFP.sys [2010-10-24 72064]
R3 RDPDISPM;RDPDISPM; C:\Windows\system32\DRIVERS\rdpdispm.sys [2010-08-31 10752]
R3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 158720]
R3 RTHDMIAzAudService;Service for HDMI; C:\Windows\system32\drivers\RtHDMIVX.sys [2010-08-12 201472]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2009-08-19 239616]
R3 sdbus;sdbus; C:\Windows\system32\drivers\sdbus.sys [2010-11-20 109056]
R3 StillCam;Ovladač digitálního fotoaparátu pro sériový port; C:\Windows\system32\DRIVERS\serscan.sys [2009-07-14 12288]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2010-08-12 286768]
S2 MLPTDR_N;MLPTDR_N; \??\C:\Windows\syswow64\MLPTDR_N.SYS [2003-07-17 18848]
S3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2010-07-07 7195648]
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2010-11-20 552448]
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series – ovladač adaptéru pro 64bitový systém Windows Vista; C:\Windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-20 165888]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2010-11-20 20992]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-20 6656]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-20 34688]
S3 Synth3dVsc;Synth3dVsc; C:\Windows\System32\drivers\synth3dvsc.sys []
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
S3 tsusbhub;@%SystemRoot%\system32\drivers\tsusbhub.sys,-1; C:\Windows\system32\drivers\tsusbhub.sys []
S3 usb_rndisx;Adaptér USB RNDIS; C:\Windows\system32\DRIVERS\usb8023x.sys [2009-07-14 19968]
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2009-07-14 41984]
S3 VGPU;VGPU; C:\Windows\System32\drivers\rdvgkmd.sys []
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-20 21760]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-20 41984]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2010-07-07 203264]
R2 ASLDRService;ASLDR Service; C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe [2009-06-15 84536]
R2 ATKGFNEXSrv;ATKGFNEX Service; C:\Program Files\ATKGFNEX\GFNEXSrv.exe [2007-08-08 94208]
R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe [2009-07-01 864032]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 MsMpSvc;Microsoft Antimalware Service; c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe [2010-11-11 12784]
R2 RapiMgr;@%windir%\WindowsMobile\rapimgr.dll,-104; C:\Windows\system32\svchost.exe [2009-07-14 27136]
R2 WcesComm;@%windir%\WindowsMobile\wcescomm.dll,-40079; C:\Windows\system32\svchost.exe [2009-07-14 27136]
R2 wlcrasvc;Windows Live Mesh remote connections service; C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2010-09-21 2286976]
R3 NisSrv;@c:\Program Files\Microsoft Security Client\Antimalware\MpAsDesc.dll,-243; c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 282616]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-08-19 136176]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-08-19 136176]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 65888]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files (x86)\WinPcap\rpcapd.exe [2010-06-25 117264]
S3 SwitchBoard;SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2009-12-15 515560]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2010-08-13 1255736]

-----------------EOF-----------------

VIRY.CZ

nejde spustit centrum zabezpeceni, antivir atd. prosím pomoz

nejde spustit centrum zabezpeceni, antivir atd. prosím pomoz

Re: nejde spustit centrum zabezpeceni, antivir atd. prosím p

Re: nejde spustit centrum zabezpeceni, antivir atd. prosím p

Re: nejde spustit centrum zabezpeceni, antivir atd. prosím p

Re: nejde spustit centrum zabezpeceni, antivir atd. prosím p

Re: nejde spustit centrum zabezpeceni, antivir atd. prosím p

Re: nejde spustit centrum zabezpeceni, antivir atd. prosím p

Re: nejde spustit centrum zabezpeceni, antivir atd. prosím p

Re: nejde spustit centrum zabezpeceni, antivir atd. prosím p

Re: nejde spustit centrum zabezpeceni, antivir atd. prosím p

Re: nejde spustit centrum zabezpeceni, antivir atd. prosím p

Re: nejde spustit centrum zabezpeceni, antivir atd. prosím p

Re: nejde spustit centrum zabezpeceni, antivir atd. prosím p

Re: nejde spustit centrum zabezpeceni, antivir atd. prosím p

Re: nejde spustit centrum zabezpeceni, antivir atd. prosím p