vir a nouzový režim-log Vyřešeno

[spulda]

viewtopic.php?f=47&t=72113&p=534763#p534763

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 14:10:54, on 20.8.2011
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)
Boot mode: Safe mode with network support

Running processes:
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\spulda\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z0PPZ28W\HijackThis[1].exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTor.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
O2 - BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll
O2 - BHO: Use the DivX Plus Web Player to watch web videos with less interruptions and smoother playback on supported sites - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTor.dll
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing)
O3 - Toolbar: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTor.dll
O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [P7131Appl] C:\Program Files\ASUS\P7131\Remote Control\P7131RemoteAppl.exe
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [OfficeSyncProcess] "C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE"
O4 - HKCU\..\Run: [Google Update] "C:\Users\spulda\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [KiesHelper] C:\Program Files\Samsung\Kies\KiesHelper.exe /s
O4 - HKCU\..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
O4 - HKCU\..\Run: [KiesPDLR] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: WinMySQLadmin.lnk = C:\xampp\mysql\bin\winmysqladmin.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: FsUsbExService - Teruten - C:\Windows\system32\FsUsbExService.Exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Canon Inkjet Printer/Scanner/Fax Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: MySql - Unknown owner - C:/xampp/mysql/bin/mysqld-shareware.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
O23 - Service: RCSERVICE - Unknown owner - C:\Program Files\ASUS\P7131\Remote Control\RCService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

--
End of file - 8784 bytes

[Reklama]

[Žbeky]

Odinstaluj:
uTorrentBar Toolbar
Conduit Engine

Fixni:

Kód: Vybrat vše

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTor.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll
O2 - BHO: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTor.dll
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing)
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing)
O3 - Toolbar: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTor.dll
O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Users\spulda\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab

Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.

Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Update Malwarebytes' Anti-Malware (Aktualizace Malwarebytes' Anti-Malware) a Launch Malwarebytes' Anti-Malware (Spustit aplikaci Malwarebytes' Anti-Malware), pokud jo tak klikni na tlačítko Finish
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Perform Quick Scan (Provést rychlý sken) a klikni na tlačítko Scan (Skenovat)
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- pak zvol možnost Save Logfile a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.

[spulda]

ééé asi by bylo dobré říct že napřed jsem to zkousel podle podobného návodu ( viewtopic.php?f=47&t=72098 ) a scan v MbAM už jsem jednou udělal a našlo to 11 souborů infikovaných trojanem které jsem podle uvedeného návodu smazal takže teď už tam asi nebudou

[spulda]

tohle je ten starej MbAM log:

Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Verze databáze: 7520

Windows 6.1.7601 Service Pack 1 (Safe Mode)
Internet Explorer 8.0.7601.17514

20.8.2011 21:07:15
mbam-log-2011-08-20 (21-07-07).txt

Typ: Rychlá kontrola
Kontrolované objekty: 188980
Uplynulý čas: 3 minut, 20 sekund

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče v registru: 0
Infikované hodnoty v registru: 0
Infikované datové položky v registru: 0
Infikované složky: 0
Infikované soubory: 11

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované hodnoty v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované datové položky v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
c:\Windows\Temp\49309498.exe (Trojan.Downloader) -> No action taken.
c:\Windows\Temp\620290.exe (Trojan.Agent) -> No action taken.
c:\Windows\Temp\7212341.exe (Trojan.Agent) -> No action taken.
c:\Windows\Temp\7360172.exe (Trojan.Agent) -> No action taken.
c:\Windows\Temp\7656681.exe (Trojan.Agent.H) -> No action taken.
c:\Windows\Temp\857124.exe (Trojan.Agent) -> No action taken.
c:\Windows\Temp\92163902-loader2.exe (Trojan.Agent) -> No action taken.
c:\Windows\AutoKMS.exe (RiskWare.Tool.CK) -> No action taken.
c:\Windows\Temp\2641644.exe (Trojan.Agent) -> No action taken.
c:\Windows\Temp\5149962.exe (Trojan.Agent) -> No action taken.
c:\Windows\Temp\627843169.exe (Trojan.FakeAlert.Gen) -> No action taken.

[spulda]

a tohle ten novej:

Malwarebytes' Anti-Malware 1.51.1.1800
http://www.malwarebytes.org

Verze databáze: 7520

Windows 6.1.7601 Service Pack 1 (Safe Mode)
Internet Explorer 8.0.7601.17514

20.8.2011 23:03:08
mbam-log-2011-08-20 (23-03-08).txt

Typ: Rychlá kontrola
Kontrolované objekty: 189389
Uplynulý čas: 2 minut, 14 sekund

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče v registru: 0
Infikované hodnoty v registru: 0
Infikované datové položky v registru: 0
Infikované složky: 0
Infikované soubory: 0

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované hodnoty v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované datové položky v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
(Žádné škodlivé položky nebyly zjištěny)

jinak jsem všechno udělal tak co dál?

[Žbeky]

Vypni rezidentní štít antiviru a antispywaru
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Pokud bude po kontrole problém spustit aplikace nebo bude vyskakovat hláška o pokusu použít neplatnou operaci na klíč registru, který je označen pro odstranění, stačí restartovat počítač.

[spulda]

ComboFix 11-08-21.01 - spulda 21.08.2011 11:11:28.2.2 - x86 NETWORK
Microsoft Windows 7 Ultimate 6.1.7601.1.1250.420.1029.18.2046.1510 [GMT 2:00]
Spuštěný z: c:\users\spulda\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-07-21 do 2011-08-21 )))))))))))))))))))))))))))))))
.
.
2011-08-21 09:17 . 2011-08-21 09:17 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2011-08-21 09:17 . 2011-08-21 09:17 -------- d-----w- c:\users\LogMeInRemoteUser\AppData\Local\temp
2011-08-21 09:17 . 2011-08-21 09:17 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-08-20 19:00 . 2011-08-20 19:00 -------- d-----w- c:\users\spulda\AppData\Roaming\Malwarebytes
2011-08-20 19:00 . 2011-08-20 19:00 -------- d-----w- c:\programdata\Malwarebytes
2011-08-20 19:00 . 2011-07-06 17:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-08-20 19:00 . 2011-08-20 19:00 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-08-20 19:00 . 2011-07-06 17:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-20 09:36 . 2011-07-13 03:39 6881616 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0C8136FF-BF76-4642-BA2A-42C82656838D}\mpengine.dll
2011-08-19 20:08 . 2011-08-19 21:20 -------- d--h--w- c:\windows\update.tray-14-0-lnk
2011-08-16 08:55 . 2011-08-16 08:55 -------- d-----w- c:\programdata\Blizzard
2011-08-15 12:34 . 2011-08-15 12:34 -------- d-----w- c:\users\spulda\AppData\Local\Aspyr
2011-08-15 08:30 . 2011-08-15 08:30 232512 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2011-08-14 18:16 . 2011-08-15 08:30 -------- d-----w- c:\program files\DAEMON Tools Lite
2011-08-12 14:53 . 2011-08-12 14:53 -------- d-----w- c:\programdata\Premium
2011-08-12 14:53 . 2011-08-12 14:53 -------- d-----w- c:\programdata\InstallMate
2011-08-12 14:50 . 2011-08-12 14:50 -------- d-----w- C:\Nová složka
2011-08-12 14:48 . 2011-08-15 12:36 -------- d-----w- C:\Star Wars The Force Unleashed
2011-08-12 14:29 . 2011-08-12 14:29 86016 ----a-w- c:\windows\system32\OpenAL32.dll
2011-08-12 14:29 . 2011-08-12 14:29 262144 ----a-w- c:\windows\system32\wrap_oal.dll
2011-08-11 10:42 . 2011-03-14 19:44 439632 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9A980B86-7934-4D17-ABD4-F1392E50CD50}\gapaengine.dll
2011-08-10 16:22 . 2011-06-23 04:33 3912576 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-08-10 16:22 . 2011-06-23 04:33 3967872 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-07-30 20:21 . 2011-07-30 20:21 348160 ----a-w- c:\windows\system32\msvcr71.dll
2011-07-30 20:21 . 2011-07-30 20:21 1700352 ----a-w- c:\windows\system32\gdiplus.dll
2011-07-30 20:21 . 2011-07-30 20:21 1060864 ----a-w- c:\windows\system32\mfc71.dll
2011-07-30 20:19 . 2011-07-30 20:19 -------- d-----w- c:\program files\ASIO4ALL v2
2011-07-30 20:19 . 2011-07-30 20:19 -------- d-----w- c:\program files\VstPlugins
2011-07-30 20:19 . 2006-06-20 08:56 225280 ----a-w- c:\windows\system32\rewire.dll
2011-07-30 20:18 . 2009-09-15 09:14 1554944 ----a-w- c:\windows\system32\vorbis.acm
2011-07-30 20:18 . 2011-07-30 20:18 -------- d-----w- c:\program files\Outsim
2011-07-30 20:14 . 2011-07-30 20:19 -------- d-----w- c:\program files\Image-Line
2011-07-30 19:58 . 2011-07-30 19:58 -------- d-----w- c:\users\spulda\AppData\Local\PackageAware
2011-07-30 19:51 . 2011-07-30 19:51 -------- d-----w- c:\users\spulda\AppData\Local\The Witcher 2
2011-07-30 16:12 . 2011-07-30 16:13 -------- d-----w- c:\program files\FL Studio
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-14 18:14 . 2011-05-15 08:45 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-13 03:39 . 2011-03-14 19:48 6881616 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-06-11 02:29 . 2011-07-13 08:05 2334208 ----a-w- c:\windows\system32\win32k.sys
2011-06-05 18:11 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll
2011-05-29 18:33 . 2011-05-29 18:31 21840 ----atw- c:\windows\system32\SIntfNT.dll
2011-05-29 18:33 . 2011-05-29 18:31 17212 ----atw- c:\windows\system32\SIntf32.dll
2011-05-29 18:33 . 2011-05-29 18:31 12067 ----atw- c:\windows\system32\SIntf16.dll
2011-05-25 07:24 . 2011-01-07 20:06 615528 ----a-w- c:\windows\system32\nvvsvc.exe
2011-05-25 07:24 . 2011-01-07 20:06 2557544 ----a-w- c:\windows\system32\nvsvc.dll
2011-05-25 07:24 . 2011-01-07 20:06 2560616 ----a-w- c:\windows\system32\nvsvcr.dll
2011-05-25 07:24 . 2011-01-07 20:06 66664 ----a-w- c:\windows\system32\nvshext.dll
2011-05-25 07:24 . 2011-01-07 20:06 111208 ----a-w- c:\windows\system32\nvmctray.dll
2011-05-25 07:24 . 2011-01-07 20:06 3693672 ----a-w- c:\windows\system32\nvcpl.dll
2011-05-25 07:24 . 2011-01-07 20:06 543336 ----a-w- c:\windows\system32\easyUpdatusAPIU.dll
2011-05-25 07:24 . 2011-06-19 20:13 57960 ----a-w- c:\windows\system32\OpenCL.dll
2011-05-25 07:24 . 2011-06-19 20:13 16456296 ----a-w- c:\windows\system32\nvoglv32.dll
2011-05-25 07:24 . 2009-07-13 22:09 6555240 ----a-w- c:\windows\system32\nvwgf2um.dll
2011-05-25 07:24 . 2011-06-19 20:13 899688 ----a-w- c:\windows\system32\nvdispco3220150.dll
2011-05-25 07:24 . 2011-06-19 20:13 865896 ----a-w- c:\windows\system32\nvgenco322090.dll
2011-05-25 07:24 . 2011-06-19 20:13 10589800 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2011-05-25 07:24 . 2011-02-12 15:40 11992680 ----a-w- c:\windows\system32\nvd3dum.dll
2011-05-25 07:24 . 2011-06-19 20:13 2804328 ----a-w- c:\windows\system32\nvcuvid.dll
2011-05-25 07:24 . 2011-06-19 20:13 5301352 ----a-w- c:\windows\system32\nvcuda.dll
2011-05-25 07:24 . 2011-06-19 20:13 2082408 ----a-w- c:\windows\system32\nvcuvenc.dll
2011-05-25 07:24 . 2011-06-19 20:13 13011560 ----a-w- c:\windows\system32\nvcompiler.dll
2011-05-25 07:24 . 2011-06-19 20:13 12392 ----a-w- c:\windows\system32\drivers\nvBridge.kmd
2011-05-25 07:24 . 2011-02-12 15:40 2335848 ----a-w- c:\windows\system32\nvapi.dll
2011-05-24 10:44 . 2011-06-29 13:08 293376 ----a-w- c:\windows\system32\umpnpmgr.dll
2011-06-24 12:17 . 2011-04-20 12:01 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-08-20_20.02.50 )))))))))))))))))))))))))))))))))))))))))
.
- 2011-08-20 19:51 . 2011-08-20 19:51 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-08-21 09:03 . 2011-08-21 09:05 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-08-20 19:51 . 2011-08-20 19:51 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-08-21 09:03 . 2011-08-21 09:05 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-14 02:05 . 2011-08-21 09:09 617910 c:\windows\System32\perfh009.dat
- 2009-07-14 02:05 . 2011-08-20 19:57 617910 c:\windows\System32\perfh009.dat
+ 2009-07-14 08:44 . 2011-08-21 09:09 633154 c:\windows\System32\perfh005.dat
- 2009-07-14 08:44 . 2011-08-20 19:57 633154 c:\windows\System32\perfh005.dat
- 2009-07-14 02:05 . 2011-08-20 19:57 107190 c:\windows\System32\perfc009.dat
+ 2009-07-14 02:05 . 2011-08-21 09:09 107190 c:\windows\System32\perfc009.dat
+ 2009-07-14 08:44 . 2011-08-21 09:09 122708 c:\windows\System32\perfc005.dat
- 2009-07-14 08:44 . 2011-08-20 19:57 122708 c:\windows\System32\perfc005.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OfficeSyncProcess"="c:\program files\Microsoft Office\Office14\MSOSYNC.EXE" [2010-03-16 718208]
"KiesHelper"="c:\program files\Samsung\Kies\KiesHelper.exe" [2011-04-28 934800]
"KiesTrayAgent"="c:\program files\Samsung\Kies\KiesTrayAgent.exe" [2011-04-28 3373968]
"KiesPDLR"="c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2011-04-28 19856]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-08-02 4910912]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"SoundMan"="SOUNDMAN.EXE" [2009-04-14 604704]
"P7131Appl"="c:\program files\ASUS\P7131\Remote Control\P7131RemoteAppl.exe" [2008-07-31 65536]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-07-27 1983816]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2009-03-18 767312]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-07-06 1047656]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-06 449584]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
.
R0 nnbbls;nnbbls;c:\windows\System32\drivers\nqkysyxp.sys [x]
R1 MpKsl03497fd2;MpKsl03497fd2;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0B232DB0-CE93-4205-94A0-05BB3B01A1CD}\MpKsl03497fd2.sys [x]
R1 MpKsl045f8a9a;MpKsl045f8a9a;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BF17281C-6110-4405-A14A-F0451A7796B6}\MpKsl045f8a9a.sys [x]
R1 MpKsl07ecd28d;MpKsl07ecd28d;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F8F3B603-E998-4E73-B998-5A3621DB8F1A}\MpKsl07ecd28d.sys [x]
R1 MpKsl12c3624f;MpKsl12c3624f;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{026017AA-7E20-4E85-A641-A30AE68BFAC2}\MpKsl12c3624f.sys [x]
R1 MpKsl13c73512;MpKsl13c73512;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{90E016C4-E046-4995-96A4-926D036C43A1}\MpKsl13c73512.sys [x]
R1 MpKsl1b7ba10d;MpKsl1b7ba10d;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{50108FA7-9C5C-4B78-B34A-E682FE12C238}\MpKsl1b7ba10d.sys [x]
R1 MpKsl1c955318;MpKsl1c955318;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1E7EA616-7731-49D7-9D08-4FD3FAC42EFE}\MpKsl1c955318.sys [x]
R1 MpKsl1e96df2d;MpKsl1e96df2d;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{234C5194-AC40-4EBA-91BC-FB669BD35AC8}\MpKsl1e96df2d.sys [x]
R1 MpKsl2456f562;MpKsl2456f562;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F0145F5C-168F-454C-A7AA-3FBCC9A78ACC}\MpKsl2456f562.sys [x]
R1 MpKsl269f1e8d;MpKsl269f1e8d;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{59B14A7E-C501-40B7-9039-330BB874A0D4}\MpKsl269f1e8d.sys [x]
R1 MpKsl2f383209;MpKsl2f383209;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BA7373A0-CDA8-4B56-B829-ADF16BA45C99}\MpKsl2f383209.sys [x]
R1 MpKsl2f3c19bd;MpKsl2f3c19bd;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F9152418-258F-4CA1-93B8-BD5E724B0F41}\MpKsl2f3c19bd.sys [x]
R1 MpKsl2f77664f;MpKsl2f77664f;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{343A0569-D4D7-435F-AB19-7F4158E081B1}\MpKsl2f77664f.sys [x]
R1 MpKsl38958a95;MpKsl38958a95;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{ECC18B0E-C04B-4181-ABF2-2FC0A9B1107E}\MpKsl38958a95.sys [x]
R1 MpKsl38e78c8e;MpKsl38e78c8e;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0BD80FB8-412B-41F5-A9E1-CABA3647FF92}\MpKsl38e78c8e.sys [x]
R1 MpKsl3c725663;MpKsl3c725663;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7FD48F8C-220C-4176-A708-2F39A7390DAD}\MpKsl3c725663.sys [x]
R1 MpKsl54170c2a;MpKsl54170c2a;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{793A4B8F-D030-43CF-BE7A-8E7A0F237900}\MpKsl54170c2a.sys [x]
R1 MpKsl54ea7358;MpKsl54ea7358;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A05BD649-2308-49CE-A42F-F750B860762F}\MpKsl54ea7358.sys [x]
R1 MpKsl5e2f8b0e;MpKsl5e2f8b0e;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{34F04475-CEE9-40EB-9E57-C0753330E064}\MpKsl5e2f8b0e.sys [x]
R1 MpKsl63c1d748;MpKsl63c1d748;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D788CDCB-9383-4AEF-8397-11F116D44EF5}\MpKsl63c1d748.sys [x]
R1 MpKsl645e9c81;MpKsl645e9c81;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E7E0193C-6F24-4282-B53F-8AC20B31F809}\MpKsl645e9c81.sys [x]
R1 MpKsl7429e91a;MpKsl7429e91a;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{34F04475-CEE9-40EB-9E57-C0753330E064}\MpKsl7429e91a.sys [x]
R1 MpKsl7fa52f03;MpKsl7fa52f03;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7263A56F-FC5D-4A21-87C6-3FDD0B26DF8C}\MpKsl7fa52f03.sys [x]
R1 MpKsl855b1bcc;MpKsl855b1bcc;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{95FA2730-390C-4088-A270-2D129724BDE4}\MpKsl855b1bcc.sys [x]
R1 MpKsl85e282c4;MpKsl85e282c4;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3F7C6C73-5FE6-4044-964C-5B70A8A96150}\MpKsl85e282c4.sys [x]
R1 MpKsl90c9ee44;MpKsl90c9ee44;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D788CDCB-9383-4AEF-8397-11F116D44EF5}\MpKsl90c9ee44.sys [x]
R1 MpKsl92858965;MpKsl92858965;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F7C4AE97-DC00-43D1-BBE0-611C752D895C}\MpKsl92858965.sys [x]
R1 MpKsl9430312c;MpKsl9430312c;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0BD80FB8-412B-41F5-A9E1-CABA3647FF92}\MpKsl9430312c.sys [x]
R1 MpKsl9686d921;MpKsl9686d921;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8952D958-195A-4A9C-B01D-EE793F091E56}\MpKsl9686d921.sys [x]
R1 MpKsla1b0166a;MpKsla1b0166a;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{925513E2-7DBD-4A99-A1BF-BF1863D5A844}\MpKsla1b0166a.sys [x]
R1 MpKsla513f3cd;MpKsla513f3cd;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{925513E2-7DBD-4A99-A1BF-BF1863D5A844}\MpKsla513f3cd.sys [x]
R1 MpKsla6c4609c;MpKsla6c4609c;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7FD48F8C-220C-4176-A708-2F39A7390DAD}\MpKsla6c4609c.sys [x]
R1 MpKsla7ebeb21;MpKsla7ebeb21;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{690933D3-EC58-494D-BDD4-800C7D4A3347}\MpKsla7ebeb21.sys [x]
R1 MpKsla9d4ef92;MpKsla9d4ef92;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{90E016C4-E046-4995-96A4-926D036C43A1}\MpKsla9d4ef92.sys [x]
R1 MpKslac3f6bd6;MpKslac3f6bd6;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4CBAD06D-3642-4B10-B963-A61EF93086DD}\MpKslac3f6bd6.sys [x]
R1 MpKslba8b0d2f;MpKslba8b0d2f;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1A8DE42D-8BA0-4505-974C-ECA545DCA7B1}\MpKslba8b0d2f.sys [x]
R1 MpKslc3e5be52;MpKslc3e5be52;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1370190F-759F-4D67-865A-DAA04E6B2446}\MpKslc3e5be52.sys [x]
R1 MpKslc973fd4a;MpKslc973fd4a;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8CC8DE62-68D3-4F78-804F-09FC6F114FBB}\MpKslc973fd4a.sys [x]
R1 MpKsld9bee025;MpKsld9bee025;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{761B414B-D1C6-4EE3-BEB4-08E521CCE9BD}\MpKsld9bee025.sys [x]
R1 MpKsld9c407ec;MpKsld9c407ec;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3F7C6C73-5FE6-4044-964C-5B70A8A96150}\MpKsld9c407ec.sys [x]
R1 MpKsldc073ed0;MpKsldc073ed0;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0ECFE316-FA87-41EB-8DEF-9A7E2F8348E8}\MpKsldc073ed0.sys [x]
R1 MpKsle5be23c1;MpKsle5be23c1;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D4197400-3638-45C6-A662-1CBFB9DF3362}\MpKsle5be23c1.sys [x]
R1 MpKsleb9e55d8;MpKsleb9e55d8;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6C90776F-D091-443B-956D-D78DD57C345B}\MpKsleb9e55d8.sys [x]
R1 MpKslee7db9d9;MpKslee7db9d9;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5993C959-ADE3-418E-9011-08318B9D9CBA}\MpKslee7db9d9.sys [x]
R1 MpKslf44048dc;MpKslf44048dc;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{07FCA72E-1F36-4D36-B67F-E932FF5E1D88}\MpKslf44048dc.sys [x]
R1 MpKslf7b77987;MpKslf7b77987;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0D28A39E-787A-4248-AF13-333CFE85A318}\MpKslf7b77987.sys [x]
R1 MpKslfc11eae9;MpKslfc11eae9;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2E00C983-5930-483F-9BE2-FF20A428D262}\MpKslfc11eae9.sys [x]
R1 MpKslfc888e48;MpKslfc888e48;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2C63F716-96CF-4722-B7BA-79D42F6C5B28}\MpKslfc888e48.sys [x]
R1 MpKslfcf9e4db;MpKslfcf9e4db;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2EF787A0-22B5-42AA-8E7E-37E76B4127E7}\MpKslfcf9e4db.sys [x]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2011-01-20 217088]
R2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-05-11 136176]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-07-06 366640]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-05-25 2214504]
R2 RCSERVICE;RCSERVICE;c:\program files\ASUS\P7131\Remote Control\RCService.exe [2008-07-30 61440]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-05-20 378472]
R3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560]
R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [x]
R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2011-01-20 36640]
R3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-05-11 136176]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-07-06 22712]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-10-24 43392]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2010-10-24 54144]
R3 NisSrv;NisSrv;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
R3 Ph3xIB32;Philips 713x Inbox PCI TV Card;c:\windows\system32\DRIVERS\Ph3xIB32.sys [2009-07-13 1311232]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2011-01-03 121192]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2011-01-03 12776]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2011-01-03 136680]
R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys [2011-01-03 114152]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-08-15 232512]
S3 ip100Avista;TP-LINK TF-3200 10/100 Fast Ethernet Adapter NT Driver;c:\windows\system32\DRIVERS\ipfnd51.sys [2009-03-18 31232]
.
.
Obsah adresáře 'Naplánované úlohy'
.
2011-08-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-05-11 11:47]
.
2011-08-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-05-11 11:47]
.
2011-08-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4289706217-3898670272-2116144923-1000Core.job
- c:\users\spulda\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-14 11:53]
.
2011-08-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4289706217-3898670272-2116144923-1000UA.job
- c:\users\spulda\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-14 11:53]
.
.
------- Doplňkový sken -------
.
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\spulda\AppData\Roaming\Mozilla\Firefox\Profiles\218bid2a.default\
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
WebBrowser-{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\MySql]
"ImagePath"="C:/xampp/mysql/bin/mysqld-shareware.exe"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\MySql]
"ImagePath"="C:/xampp/mysql/bin/mysqld-shareware.exe"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-4289706217-3898670272-2116144923-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{1D15424F-EC14-E397-3408-79D34911F368}*]
"haaoehjhipkolple"=hex:6a,61,6b,6e,6d,6f,6b,61,69,6e,6e,68,6e,6a,62,6b,67,67,
6a,68,00,00
"iagmoafkgbmlghnnhi"=hex:6a,61,70,67,6b,61,63,6f,6b,61,6d,67,6f,63,70,6e,66,6e,
61,6c,00,00
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2011-08-21 11:18:54
ComboFix-quarantined-files.txt 2011-08-21 09:18
ComboFix2.txt 2011-08-20 20:04
.
Před spuštěním: Volných bajtů: 15 280 443 392
Po spuštění: Volných bajtů: 15 167 684 608
.
- - End Of File - - B751D265A3F65258A92818D93A930A71

Jak jsme na tom?Ještě je tam toho bordelu hodně?

[spulda]

hele já tu teď 5 dní nebudu tak mi dyštak pls napiš ňáký pokyny a dořešíme to pak

[jaro3]

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

KillAll::
Collect::
c:\windows\System32\drivers\nqkysyxp.sys

File::
c:\windows\System32\perfh009.dat
c:\windows\System32\perfh009.dat
c:\windows\System32\perfh005.dat
c:\windows\System32\perfh005.dat
c:\windows\System32\perfc009.dat
c:\windows\System32\perfc009.dat
c:\windows\System32\perfc005.dat
c:\windows\System32\perfc005.dat
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4289706217-3898670272-2116144923-1000Core.job
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4289706217-3898670272-2116144923-1000UA.job
c:\windows\update.tray-14-0-lnk

Folder::
c:\windows\update.tray-14-0-lnk

Driver::
nnbbls
nqkysyxp

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=-
"ConsentPromptBehaviorUser"=-
"EnableUIADesktopToggle"=-

RegNull::
[HKEY_USERS\S-1-5-21-4289706217-3898670272-2116144923-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{1D15424F-EC14-E397-3408-79D34911F368}*]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

RegLock::
[HKEY_USERS\S-1-5-21-4289706217-3898670272-2116144923-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{1D15424F-EC14-E397-3408-79D34911F368}*]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.

Pokud Ti ani potom nepůjde normální režim:
Start- spustit a napiš:
msconfig.exe
Zkontroluj v záložce spouštění , pokud nemáš nastaveno normální spouštění , tak si ho tam nastav.

[spulda]

ok akorát combofix mi už minule psal že antivir,který jsem dříve vypnul,má zaplou ochranu;snad to není problém

za chvíli půjdu na to

[spulda]

ComboFix 11-08-28.01 - spulda 28.08.2011 21:07:57.3.2 - x86 NETWORK
Microsoft Windows 7 Ultimate 6.1.7601.1.1250.420.1029.18.2046.1470 [GMT 2:00]
Spuštěný z: c:\users\spulda\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\spulda\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
FILE ::
"c:\windows\System32\perfc005.dat"
"c:\windows\System32\perfc009.dat"
"c:\windows\System32\perfh005.dat"
"c:\windows\System32\perfh009.dat"
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
"c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4289706217-3898670272-2116144923-1000Core.job"
"c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4289706217-3898670272-2116144923-1000UA.job"
"c:\windows\update.tray-14-0-lnk"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\System32\perfc005.dat
c:\windows\System32\perfh005.dat
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4289706217-3898670272-2116144923-1000Core.job
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4289706217-3898670272-2116144923-1000UA.job
c:\windows\update.tray-14-0-lnk
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_nnbbls
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-07-28 do 2011-08-28 )))))))))))))))))))))))))))))))
.
.
2011-08-28 19:13 . 2011-08-28 19:15 -------- d-----w- c:\users\spulda\AppData\Local\temp
2011-08-28 19:13 . 2011-08-28 19:13 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2011-08-28 19:13 . 2011-08-28 19:13 -------- d-----w- c:\users\LogMeInRemoteUser\AppData\Local\temp
2011-08-20 19:00 . 2011-08-20 19:00 -------- d-----w- c:\users\spulda\AppData\Roaming\Malwarebytes
2011-08-20 19:00 . 2011-08-20 19:00 -------- d-----w- c:\programdata\Malwarebytes
2011-08-20 19:00 . 2011-07-06 17:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-08-20 19:00 . 2011-08-20 19:00 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-08-20 19:00 . 2011-07-06 17:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-20 09:36 . 2011-07-13 03:39 6881616 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0C8136FF-BF76-4642-BA2A-42C82656838D}\mpengine.dll
2011-08-16 08:55 . 2011-08-16 08:55 -------- d-----w- c:\programdata\Blizzard
2011-08-15 12:34 . 2011-08-15 12:34 -------- d-----w- c:\users\spulda\AppData\Local\Aspyr
2011-08-15 08:30 . 2011-08-15 08:30 232512 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2011-08-14 18:16 . 2011-08-15 08:30 -------- d-----w- c:\program files\DAEMON Tools Lite
2011-08-12 14:53 . 2011-08-12 14:53 -------- d-----w- c:\programdata\Premium
2011-08-12 14:53 . 2011-08-12 14:53 -------- d-----w- c:\programdata\InstallMate
2011-08-12 14:50 . 2011-08-12 14:50 -------- d-----w- C:\Nová složka
2011-08-12 14:48 . 2011-08-15 12:36 -------- d-----w- C:\Star Wars The Force Unleashed
2011-08-12 14:29 . 2011-08-12 14:29 86016 ----a-w- c:\windows\system32\OpenAL32.dll
2011-08-12 14:29 . 2011-08-12 14:29 262144 ----a-w- c:\windows\system32\wrap_oal.dll
2011-08-11 10:42 . 2011-03-14 19:44 439632 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9A980B86-7934-4D17-ABD4-F1392E50CD50}\gapaengine.dll
2011-08-10 16:22 . 2011-06-23 04:33 3912576 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-08-10 16:22 . 2011-06-23 04:33 3967872 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-07-30 20:21 . 2011-07-30 20:21 348160 ----a-w- c:\windows\system32\msvcr71.dll
2011-07-30 20:21 . 2011-07-30 20:21 1700352 ----a-w- c:\windows\system32\gdiplus.dll
2011-07-30 20:21 . 2011-07-30 20:21 1060864 ----a-w- c:\windows\system32\mfc71.dll
2011-07-30 20:19 . 2011-07-30 20:19 -------- d-----w- c:\program files\ASIO4ALL v2
2011-07-30 20:19 . 2011-07-30 20:19 -------- d-----w- c:\program files\VstPlugins
2011-07-30 20:19 . 2006-06-20 08:56 225280 ----a-w- c:\windows\system32\rewire.dll
2011-07-30 20:18 . 2009-09-15 09:14 1554944 ----a-w- c:\windows\system32\vorbis.acm
2011-07-30 20:18 . 2011-07-30 20:18 -------- d-----w- c:\program files\Outsim
2011-07-30 20:14 . 2011-07-30 20:19 -------- d-----w- c:\program files\Image-Line
2011-07-30 19:58 . 2011-07-30 19:58 -------- d-----w- c:\users\spulda\AppData\Local\PackageAware
2011-07-30 19:51 . 2011-07-30 19:51 -------- d-----w- c:\users\spulda\AppData\Local\The Witcher 2
2011-07-30 16:12 . 2011-07-30 16:13 -------- d-----w- c:\program files\FL Studio
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-14 18:14 . 2011-05-15 08:45 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-13 03:39 . 2011-03-14 19:48 6881616 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-06-11 02:29 . 2011-07-13 08:05 2334208 ----a-w- c:\windows\system32\win32k.sys
2011-06-05 18:11 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll
2011-06-24 12:17 . 2011-04-20 12:01 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OfficeSyncProcess"="c:\program files\Microsoft Office\Office14\MSOSYNC.EXE" [2010-03-16 718208]
"KiesHelper"="c:\program files\Samsung\Kies\KiesHelper.exe" [2011-04-28 934800]
"KiesTrayAgent"="c:\program files\Samsung\Kies\KiesTrayAgent.exe" [2011-04-28 3373968]
"KiesPDLR"="c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2011-04-28 19856]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-08-02 4910912]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"SoundMan"="SOUNDMAN.EXE" [2009-04-14 604704]
"P7131Appl"="c:\program files\ASUS\P7131\Remote Control\P7131RemoteAppl.exe" [2008-07-31 65536]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-07-27 1983816]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2009-03-18 767312]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-07-06 1047656]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-06 449584]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
.
R1 MpKsl03497fd2;MpKsl03497fd2;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0B232DB0-CE93-4205-94A0-05BB3B01A1CD}\MpKsl03497fd2.sys [x]
R1 MpKsl045f8a9a;MpKsl045f8a9a;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BF17281C-6110-4405-A14A-F0451A7796B6}\MpKsl045f8a9a.sys [x]
R1 MpKsl07ecd28d;MpKsl07ecd28d;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F8F3B603-E998-4E73-B998-5A3621DB8F1A}\MpKsl07ecd28d.sys [x]
R1 MpKsl12c3624f;MpKsl12c3624f;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{026017AA-7E20-4E85-A641-A30AE68BFAC2}\MpKsl12c3624f.sys [x]
R1 MpKsl13c73512;MpKsl13c73512;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{90E016C4-E046-4995-96A4-926D036C43A1}\MpKsl13c73512.sys [x]
R1 MpKsl1b7ba10d;MpKsl1b7ba10d;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{50108FA7-9C5C-4B78-B34A-E682FE12C238}\MpKsl1b7ba10d.sys [x]
R1 MpKsl1c955318;MpKsl1c955318;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1E7EA616-7731-49D7-9D08-4FD3FAC42EFE}\MpKsl1c955318.sys [x]
R1 MpKsl1e96df2d;MpKsl1e96df2d;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{234C5194-AC40-4EBA-91BC-FB669BD35AC8}\MpKsl1e96df2d.sys [x]
R1 MpKsl2456f562;MpKsl2456f562;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F0145F5C-168F-454C-A7AA-3FBCC9A78ACC}\MpKsl2456f562.sys [x]
R1 MpKsl269f1e8d;MpKsl269f1e8d;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{59B14A7E-C501-40B7-9039-330BB874A0D4}\MpKsl269f1e8d.sys [x]
R1 MpKsl2f383209;MpKsl2f383209;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BA7373A0-CDA8-4B56-B829-ADF16BA45C99}\MpKsl2f383209.sys [x]
R1 MpKsl2f3c19bd;MpKsl2f3c19bd;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F9152418-258F-4CA1-93B8-BD5E724B0F41}\MpKsl2f3c19bd.sys [x]
R1 MpKsl2f77664f;MpKsl2f77664f;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{343A0569-D4D7-435F-AB19-7F4158E081B1}\MpKsl2f77664f.sys [x]
R1 MpKsl38958a95;MpKsl38958a95;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{ECC18B0E-C04B-4181-ABF2-2FC0A9B1107E}\MpKsl38958a95.sys [x]
R1 MpKsl38e78c8e;MpKsl38e78c8e;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0BD80FB8-412B-41F5-A9E1-CABA3647FF92}\MpKsl38e78c8e.sys [x]
R1 MpKsl3c725663;MpKsl3c725663;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7FD48F8C-220C-4176-A708-2F39A7390DAD}\MpKsl3c725663.sys [x]
R1 MpKsl54170c2a;MpKsl54170c2a;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{793A4B8F-D030-43CF-BE7A-8E7A0F237900}\MpKsl54170c2a.sys [x]
R1 MpKsl54ea7358;MpKsl54ea7358;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A05BD649-2308-49CE-A42F-F750B860762F}\MpKsl54ea7358.sys [x]
R1 MpKsl5e2f8b0e;MpKsl5e2f8b0e;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{34F04475-CEE9-40EB-9E57-C0753330E064}\MpKsl5e2f8b0e.sys [x]
R1 MpKsl63c1d748;MpKsl63c1d748;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D788CDCB-9383-4AEF-8397-11F116D44EF5}\MpKsl63c1d748.sys [x]
R1 MpKsl645e9c81;MpKsl645e9c81;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E7E0193C-6F24-4282-B53F-8AC20B31F809}\MpKsl645e9c81.sys [x]
R1 MpKsl7429e91a;MpKsl7429e91a;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{34F04475-CEE9-40EB-9E57-C0753330E064}\MpKsl7429e91a.sys [x]
R1 MpKsl7fa52f03;MpKsl7fa52f03;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7263A56F-FC5D-4A21-87C6-3FDD0B26DF8C}\MpKsl7fa52f03.sys [x]
R1 MpKsl855b1bcc;MpKsl855b1bcc;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{95FA2730-390C-4088-A270-2D129724BDE4}\MpKsl855b1bcc.sys [x]
R1 MpKsl85e282c4;MpKsl85e282c4;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3F7C6C73-5FE6-4044-964C-5B70A8A96150}\MpKsl85e282c4.sys [x]
R1 MpKsl90c9ee44;MpKsl90c9ee44;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D788CDCB-9383-4AEF-8397-11F116D44EF5}\MpKsl90c9ee44.sys [x]
R1 MpKsl92858965;MpKsl92858965;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F7C4AE97-DC00-43D1-BBE0-611C752D895C}\MpKsl92858965.sys [x]
R1 MpKsl9430312c;MpKsl9430312c;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0BD80FB8-412B-41F5-A9E1-CABA3647FF92}\MpKsl9430312c.sys [x]
R1 MpKsl9686d921;MpKsl9686d921;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8952D958-195A-4A9C-B01D-EE793F091E56}\MpKsl9686d921.sys [x]
R1 MpKsla1b0166a;MpKsla1b0166a;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{925513E2-7DBD-4A99-A1BF-BF1863D5A844}\MpKsla1b0166a.sys [x]
R1 MpKsla513f3cd;MpKsla513f3cd;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{925513E2-7DBD-4A99-A1BF-BF1863D5A844}\MpKsla513f3cd.sys [x]
R1 MpKsla6c4609c;MpKsla6c4609c;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7FD48F8C-220C-4176-A708-2F39A7390DAD}\MpKsla6c4609c.sys [x]
R1 MpKsla7ebeb21;MpKsla7ebeb21;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{690933D3-EC58-494D-BDD4-800C7D4A3347}\MpKsla7ebeb21.sys [x]
R1 MpKsla9d4ef92;MpKsla9d4ef92;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{90E016C4-E046-4995-96A4-926D036C43A1}\MpKsla9d4ef92.sys [x]
R1 MpKslac3f6bd6;MpKslac3f6bd6;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4CBAD06D-3642-4B10-B963-A61EF93086DD}\MpKslac3f6bd6.sys [x]
R1 MpKslba8b0d2f;MpKslba8b0d2f;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1A8DE42D-8BA0-4505-974C-ECA545DCA7B1}\MpKslba8b0d2f.sys [x]
R1 MpKslc3e5be52;MpKslc3e5be52;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1370190F-759F-4D67-865A-DAA04E6B2446}\MpKslc3e5be52.sys [x]
R1 MpKslc973fd4a;MpKslc973fd4a;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8CC8DE62-68D3-4F78-804F-09FC6F114FBB}\MpKslc973fd4a.sys [x]
R1 MpKsld9bee025;MpKsld9bee025;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{761B414B-D1C6-4EE3-BEB4-08E521CCE9BD}\MpKsld9bee025.sys [x]
R1 MpKsld9c407ec;MpKsld9c407ec;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3F7C6C73-5FE6-4044-964C-5B70A8A96150}\MpKsld9c407ec.sys [x]
R1 MpKsldc073ed0;MpKsldc073ed0;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0ECFE316-FA87-41EB-8DEF-9A7E2F8348E8}\MpKsldc073ed0.sys [x]
R1 MpKsle5be23c1;MpKsle5be23c1;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D4197400-3638-45C6-A662-1CBFB9DF3362}\MpKsle5be23c1.sys [x]
R1 MpKsleb9e55d8;MpKsleb9e55d8;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6C90776F-D091-443B-956D-D78DD57C345B}\MpKsleb9e55d8.sys [x]
R1 MpKslee7db9d9;MpKslee7db9d9;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5993C959-ADE3-418E-9011-08318B9D9CBA}\MpKslee7db9d9.sys [x]
R1 MpKslf44048dc;MpKslf44048dc;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{07FCA72E-1F36-4D36-B67F-E932FF5E1D88}\MpKslf44048dc.sys [x]
R1 MpKslf7b77987;MpKslf7b77987;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0D28A39E-787A-4248-AF13-333CFE85A318}\MpKslf7b77987.sys [x]
R1 MpKslfc11eae9;MpKslfc11eae9;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2E00C983-5930-483F-9BE2-FF20A428D262}\MpKslfc11eae9.sys [x]
R1 MpKslfc888e48;MpKslfc888e48;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2C63F716-96CF-4722-B7BA-79D42F6C5B28}\MpKslfc888e48.sys [x]
R1 MpKslfcf9e4db;MpKslfcf9e4db;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2EF787A0-22B5-42AA-8E7E-37E76B4127E7}\MpKslfcf9e4db.sys [x]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2011-01-20 217088]
R2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-05-11 136176]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-07-06 366640]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-05-25 2214504]
R2 RCSERVICE;RCSERVICE;c:\program files\ASUS\P7131\Remote Control\RCService.exe [2008-07-30 61440]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-05-20 378472]
R3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560]
R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [x]
R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2011-01-20 36640]
R3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-05-11 136176]
R3 ip100Avista;TP-LINK TF-3200 10/100 Fast Ethernet Adapter NT Driver;c:\windows\system32\DRIVERS\ipfnd51.sys [2009-03-18 31232]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-07-06 22712]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-10-24 43392]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2010-10-24 54144]
R3 NisSrv;NisSrv;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
R3 Ph3xIB32;Philips 713x Inbox PCI TV Card;c:\windows\system32\DRIVERS\Ph3xIB32.sys [2009-07-13 1311232]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2011-01-03 121192]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2011-01-03 12776]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2011-01-03 136680]
R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys [2011-01-03 114152]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-08-15 232512]
.
.
.
------- Doplňkový sken -------
.
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\spulda\AppData\Roaming\Mozilla\Firefox\Profiles\218bid2a.default\
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\MySql]
"ImagePath"="C:/xampp/mysql/bin/mysqld-shareware.exe"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\MySql]
"ImagePath"="C:/xampp/mysql/bin/mysqld-shareware.exe"
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\conhost.exe
.
**************************************************************************
.
Celkový čas: 2011-08-28 21:18:47 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-08-28 19:18
ComboFix2.txt 2011-08-21 09:18
ComboFix3.txt 2011-08-20 20:04
.
Před spuštěním: Volných bajtů: 15 240 974 336
Po spuštění: Volných bajtů: 15 072 407 552
.
- - End Of File - - B2F902505F268C4313BFA50D9A8BD42C

[spulda]

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:27:48, on 28.8.2011
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)
Boot mode: Safe mode with network support

Running processes:
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Program Files\Opera\opera.exe
C:\Users\spulda\AppData\Local\Opera\Opera\temporary_downloads\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
O2 - BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll
O2 - BHO: Use the DivX Plus Web Player to watch web videos with less interruptions and smoother playback on supported sites - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [P7131Appl] C:\Program Files\ASUS\P7131\Remote Control\P7131RemoteAppl.exe
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [OfficeSyncProcess] "C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE"
O4 - HKCU\..\Run: [KiesHelper] C:\Program Files\Samsung\Kies\KiesHelper.exe /s
O4 - HKCU\..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
O4 - HKCU\..\Run: [KiesPDLR] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: FsUsbExService - Teruten - C:\Windows\system32\FsUsbExService.Exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Canon Inkjet Printer/Scanner/Fax Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Microsoft Antimalware Service (MsMpSvc) - Unknown owner - C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (file missing)
O23 - Service: MySql - Unknown owner - C:/xampp/mysql/bin/mysqld-shareware.exe (file missing)
O23 - Service: @C:\Program Files\Microsoft Security Client\Antimalware\MpAsDesc.dll,-243 (NisSrv) - Unknown owner - C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
O23 - Service: RCSERVICE - Unknown owner - C:\Program Files\ASUS\P7131\Remote Control\RCService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

--
End of file - 6509 bytes