Prosím o pomoc - BSOD (rootkit TC/IP)

Zpráva

melo15 · #1 Příspěvek od **melo15** » 15 lis 2011 16:04

Zdravím,
před naběhnutí login screenu vždy vyskočila modrá smrt:

stejně jako při spuštění nouzového režimu se síti. Fungoval pouze základní nouzový režim.
Pustil jsem MBAM, ale ten nic nenašel. Potom jsem spustil ComboFix a ten mi vypsal, že našel nebezpečný rootkit Windows.Zero TC/IP
Nechal jsem ho tedy dokončit všechny úkony, ale nic to nebylo platné. Potom jsem zkusil TDSSKiller, ale ten taky nepomohl.

ComboFix.txt

ComboFix 11-11-15.01 - Mike 15.11.2011 15:17:24.9.2 - x86 MINIMAL
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1023.800 [GMT 1:00]
Spuštěný z: c:\documents and settings\Mike\Plocha\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Mike\Local Settings\Data aplikací\24ca6f99\U\80000000.@
c:\documents and settings\Mike\Local Settings\Data aplikací\24ca6f99\U\800000cb.@
c:\documents and settings\Mike\Local Settings\Data aplikací\24ca6f99\U\800000cf.@
c:\documents and settings\Mike\Local Settings\Data aplikací\24ca6f99\X
c:\windows\$NtUninstallKB46252$
c:\windows\$NtUninstallKB46252$\1770484693
c:\windows\system32\AF15BDAEX.dll
c:\windows\system32\c_13504.nl_
c:\windows\system32\c_13504.nls
c:\windows\XSxS
.
Nakažená kopie c:\windows\system32\drivers\imapi.sys byla nalezena a vyléčena.
Obnovena kopie z - The cat found it

Nakažená kopie c:\program files\Common Files\ABBYY\FineReader\10.00\Licensing\CE\NetworkLicenseServer.exe byla nalezena a vyléčena.
Obnovena kopie z - c:\system volume information\_restore{517757C6-82BC-462C-AA76-35963B8FB75D}\RP219\A0198346.exe
.
Nakažená kopie c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe byla nalezena a vyléčena.
Obnovena kopie z - c:\system volume information\_restore{517757C6-82BC-462C-AA76-35963B8FB75D}\RP219\A0198347.exe
.
Nakažená kopie c:\windows\system32\Ati2evxx.exe byla nalezena a vyléčena.
Obnovena kopie z - c:\system volume information\_restore{517757C6-82BC-462C-AA76-35963B8FB75D}\RP219\A0198345.exe
.
Nakažená kopie c:\program files\Java\jre6\bin\jqs.exe byla nalezena a vyléčena.
Obnovena kopie z - c:\system volume information\_restore{517757C6-82BC-462C-AA76-35963B8FB75D}\RP219\A0198348.exe
.
Nakažená kopie d:\program files\Malwarebytes' Anti-Malware\mbamservice.exe byla nalezena a vyléčena.
Obnovena kopie z - d:\program files\Malwarebytes' Anti-Malware\
.
Nakažená kopie c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe byla nalezena a vyléčena.
Obnovena kopie z - c:\system volume information\_restore{517757C6-82BC-462C-AA76-35963B8FB75D}\RP219\A0198350.exe
.
Nakažená kopie c:\program files\HTC\Internet Pass-Through\PassThruSvr.exe byla nalezena a vyléčena.
Obnovena kopie z - c:\system volume information\_restore{517757C6-82BC-462C-AA76-35963B8FB75D}\RP219\A0198352.exe
.
Nakažená kopie c:\windows\system32\Ati2evxx.exe byla nalezena a vyléčena.
Obnovena kopie z - c:\system volume information\_restore{517757C6-82BC-462C-AA76-35963B8FB75D}\RP219\A0198345.exe
Nakažená kopie c:\program files\HTC\Internet Pass-Through\PassThruSvr.exe byla nalezena a vyléčena.
Obnovena kopie z - c:\system volume information\_restore{517757C6-82BC-462C-AA76-35963B8FB75D}\RP219\A0198352.exe
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-10-15 do 2011-11-15 )))))))))))))))))))))))))))))))
.
.
2011-11-15 14:10 . 2008-04-14 00:11 42112 ----a-w- c:\windows\system32\drivers\imapi.sys
2011-11-14 15:37 . 2011-11-15 14:28 -------- d-sh--w- c:\documents and settings\Mike\Local Settings\Data aplikací\24ca6f99
2011-11-14 14:31 . 2011-11-14 14:31 -------- d-----w- c:\windows\LastGood.Tmp
2011-11-12 11:25 . 2011-11-12 18:10 -------- d-----w- c:\documents and settings\Mike\Data aplikací\Mp3tag
2011-11-04 11:10 . 2011-11-04 11:10 -------- d-----w- c:\documents and settings\Babicka\Data aplikací\Avira
2011-10-24 18:11 . 2011-10-24 18:14 -------- d-----w- c:\documents and settings\Mike\Data aplikací\PC Suite
2011-10-24 18:11 . 2011-10-24 18:14 -------- d-----w- c:\documents and settings\All Users\Data aplikací\PC Suite
2011-10-24 18:07 . 2008-08-26 08:26 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2011-10-24 18:06 . 2011-10-24 18:06 -------- d-----w- c:\program files\PC Connectivity Solution
2011-10-24 18:06 . 2011-05-18 08:13 123904 ----a-w- c:\windows\system32\ccdcmbwu.dll
2011-10-24 18:06 . 2011-05-18 08:09 1461992 ----a-w- c:\windows\system32\wdfcoinstaller01009.dll
2011-10-24 18:04 . 2011-10-24 18:04 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Installations
2011-10-17 15:14 . 2009-06-10 13:49 24576 ----a-w- c:\windows\system32\drivers\ANDROIDUSB.sys
2011-10-17 15:11 . 2011-10-18 12:49 -------- d-----w- c:\documents and settings\Mike\Local Settings\Data aplikací\Htc
2011-10-17 15:11 . 2011-10-17 15:11 -------- d-----w- c:\documents and settings\Mike\Data aplikací\HTC
2011-10-17 15:10 . 2011-10-17 15:10 -------- d-----w- c:\documents and settings\Mike\Local Settings\Data aplikací\Downloaded Installations
2011-10-17 15:09 . 2011-10-17 15:09 -------- d-----w- c:\program files\Spirent Communications
2011-10-17 15:09 . 2011-10-17 15:09 -------- d-----w- c:\program files\HTC
2011-10-17 15:09 . 2011-10-17 15:09 -------- d-----w- c:\program files\Common Files\Adobe AIR
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-17 05:45 . 2011-05-13 12:28 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-09-26 09:41 . 2008-07-29 17:59 613376 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 09:41 . 2001-10-25 16:00 22528 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-26 09:41 . 2001-10-25 16:00 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-18 06:39 . 2011-10-13 14:26 134344 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-09-16 13:55 . 2011-10-13 14:26 91096 ----a-w- c:\windows\system32\drivers\avfwim.sys
2011-09-16 13:55 . 2011-10-13 14:26 111160 ----a-w- c:\windows\system32\drivers\avfwot.sys
2011-09-15 21:55 . 2011-10-13 14:26 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2011-09-15 21:55 . 2011-10-13 14:26 74640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-09-09 09:12 . 2008-04-14 08:51 602112 ----a-w- c:\windows\system32\crypt32.dll
2011-09-06 14:10 . 2008-04-14 07:45 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-08-30 21:05 . 2011-08-30 21:05 83816 ----a-w- c:\windows\system32\dns-sd.exe
2011-08-30 21:05 . 2011-08-30 21:05 73064 ----a-w- c:\windows\system32\dnssd.dll
2011-08-30 21:05 . 2011-08-30 21:05 178536 ----a-w- c:\windows\system32\dnssdX.dll
2011-08-22 23:41 . 2008-03-01 13:02 916480 ----a-w- c:\windows\system32\wininet.dll
2011-08-22 23:41 . 2008-04-27 10:09 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-08-22 23:41 . 2008-03-01 13:02 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-08-22 11:56 . 2008-04-27 10:08 385024 ----a-w- c:\windows\system32\html.iec
2011-11-11 15:56 . 2011-03-22 18:17 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2008-04-27 . 1E603EA2A3FDBAE9E5B88A8CB3C03124 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Infium"="c:\documents and settings\Mike\Dokumenty\QIP Infium\infium.exe" [2010-03-16 5739472]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2006-05-18 16207872]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-02-10 61440]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-10-05 258512]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="c:\windows\system32\logonui.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 10:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Center Agent"=c:\program files\Genius TVGo DVB-T03\HyperMediaCenter\DTVR\Scheduled.exe
"QIP Internet Guardian"=c:\documents and settings\Mike\Data aplikací\QipGuard\QipGuard.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"ISUSPM Startup"=c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" -start
"emMON"=emMON.exe
"Monitor"=c:\windows\PixArt\PAC207\Monitor.exe
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
"RivaTunerStartupDaemon"="c:\program files\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner.exe" /S
"HDInspector.exe"=c:\program files\Hard Drive Inspector\HDInspector.exe
"OODefragTray"=c:\windows\system32\oodtray.exe
"Adobe Reader Speed Launcher"="d:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"iTunesHelper"="d:\program files\iTunes\iTunesHelper.exe"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"Bonus.SSR.FR10"="d:\program files\ABBYY FineReader 10\Bonus.ScreenshotReader.exe" /autorun
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe"
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
"HTC Sync Loader"="d:\program files\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startup
"Malwarebytes' Anti-Malware"="d:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiSpyWareDisableNotify"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Documents and Settings\\Marie\\Local Settings\\Data aplikací\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"d:\\Games\\KONAMI\\Pro Evolution Soccer 2012\\pes2012.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"d:\\Program Files\\iTunes\\iTunes.exe"=
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [22.12.2009 21:03 685816]
S1 avfwot;avfwot;c:\windows\system32\drivers\avfwot.sys [13.10.2011 15:26 111160]
S1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [13.10.2011 15:26 36000]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [28.7.2009 9:53 9968]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [28.7.2009 9:53 72944]
S2 ABBYY.Licensing.FineReader.Corporate.10.0;ABBYY FineReader 10 CE Licensing Service;c:\program files\Common Files\ABBYY\FineReader\10.00\Licensing\CE\NetworkLicenseServer.exe [15.11.2011 15:30 814344]
S2 AntiVirFirewallService;Avira FireWall;c:\program files\Avira\AntiVir Desktop\avfwsvc.exe [13.10.2011 15:26 616400]
S2 AntiVirSchedulerService;Avira Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [13.10.2011 15:26 86224]
S2 AntiVirWebService;Avira Web Protection;c:\program files\Avira\AntiVir Desktop\avwebgrd.exe [13.10.2011 15:26 463824]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 12:16 130384]
S2 MBAMService;MBAMService;d:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [31.8.2011 20:06 366640]
S2 PassThru Service;Internet Pass-Through Service;c:\program files\HTC\Internet Pass-Through\PassThruSvr.exe [12.8.2011 16:13 87040]
S3 avfwim;AvFw Packet Filter Miniport;c:\windows\system32\drivers\avfwim.sys [13.10.2011 15:26 91096]
S3 FGCWL;FGCWL;\??\d:\program files\Fortres Grand\Virtual Sandbox\FGCWL.sys --> d:\program files\Fortres Grand\Virtual Sandbox\FGCWL.sys [?]
S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [17.10.2011 16:14 24576]
S3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\drivers\htcnprot.sys [22.6.2010 17:01 21248]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [3.1.2010 20:33 22712]
S3 PAC207;Webcam 1200;c:\windows\system32\drivers\PFC027.SYS [11.7.2009 14:46 611584]
S3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [2.1.2010 20:24 47360]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [28.7.2009 9:53 7408]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.3.2010 12:16 753504]
S4 AntiVirMailService;Avira Mail Protection;c:\program files\Avira\AntiVir Desktop\avmailc.exe [13.10.2011 15:26 342480]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'
.
2011-11-05 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 15:57]
.
.
------- Doplňkový sken -------
.
uStart Page = www.seznam.cz
uDefault_Search_URL = hxxp://search.qip.ru
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://search.qip.ru/ie
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Stáhnout s IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: Stáhnout s IDM obsah FLV videa - c:\program files\Internet Download Manager\IEGetVL.htm
IE: Stáhnout s IDM všechny odkazy - c:\program files\Internet Download Manager\IEGetAll.htm
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748449} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
Trusted Zone: com.tw\asia.msi
Trusted Zone: com.tw\global.msi
Trusted Zone: com.tw\www.msi
TCP: DhcpNameServer = 10.10.10.10 10.10.11.11
FF - ProfilePath - c:\documents and settings\Mike\Data aplikací\Mozilla\Firefox\Profiles\h1w0ji0j.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.qip.ru/search?from=FF&query=
FF - prefs.js: network.proxy.http - 217.170.100.73
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.type - 0
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
SafeBoot-WudfPf
SafeBoot-WudfRd
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-11-15 15:35
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\.imapi]
"ImagePath"="\*"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{0a1c3a73-f40b-49a1-884a-71cf2e01324c}]
@Denied: (Full) (Everyone)
"Model"=dword:000000d2
"Therad"=dword:00000014
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{416b460a-96e4-4cf3-8e6d-0c28f129b033}]
@Denied: (Full) (Everyone)
"Model"=dword:0000012f
"Therad"=dword:00000015
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,
1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):bd,f4,9e,ec,9c,5d,44,67,eb,19,c3,16,1f,9e,ce,70,f5,42,00,51,4b,
bd,6e,9e,de,83,d6,70,7a,98,37,fa,89,bd,fe,28,4a,fc,36,cf,00,00,00,00,00,00,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):7d,ca,0c,8a,15,ca,2b,a6,a8,37,04,c2,b9,b0,b0,e9,70,ba,17,f1,64,
ea,9d,10,e1,67,a4,37,7d,e5,d2,0b,11,e5,c3,47,2f,6b,68,6f,00,00,00,00,00,00,\
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG11.00.00.01WORKSTATION"="FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A9C6AECB7A5D1407A6A0AC4980AC7933FEBC9E127BECC74CDD6671067DB5B9C4BC3FA012CBCB6F507CB5FC10A04A4EBE37611F1C7A39247C44E87F82D5FEB8CA089F263060BC2B38912DAB3079C61928024708BB8E2119E551FEB8D23997FE4FD09BA97335DCF8880F007A52A6BFF542042C0F2B2E69DC9287426E9F4AB21759A424F0A48E88E7B7331BC77FA8D91716C3954659B51EE63BDC7006D7E1E55CF108505851E07D59402D0D8186321E842EC0ABD17234B3839A3CEB7CAB0C2DFEA5F1DBCD4DD45F81A0A18AAEFB28F7979AE93DEA6E6E7D517482B95D100B660607CB26D52E4AB7EADBA6EBE43525B800EE25385F03DAB5468B8305CB3E5253482D76B088CD50EEF3F8CAABD04F78934043CBB490AC25F82829021BFDB30B9A74AEC4A38D4AADD6CD010D6CB4A8A4222FB3AA68F32C2C4993193C6DBFB111C709ACFB4828065C22FE05616E6264DE60F65E82B29206840D782CDC12EC3D74475C45598FAA27096660162F9CC46915AD17E609930901758B9AB887C3791FF96C16218B8B7A171522214B5301D5E2E1506377662F89A9FAF29194515FEAE39BEDB4E7B3F1948516B2403E9DCC27C01AEF7F38B7CFD95243D5C81FC4675CDD046607C76A1F87E3D65C170F52525BB54398695C0EE1D08BB2A700B76001FBA2945333F2BA1277E753C54D60A88B2D3819BAEE156FF55EB061C3CBC294F78A0A6218B11FA3EC9B0CBEFA60D7CC13E68309AAB19A544103DB99659329C9385F3235794F0518F63D8EFCEAA2A06028E91835A1A9A8A99C536D5B301358D7D4657C09242DE37E9ABD71A7E8BA6A76302A38F4BA217F5084F88ADBA7D9408E821A8C10253EFAB167107A0D2DA1E595B230EA537737E19D9AB11BFE374B55AE9C904CAD6E4D1282903BB4AE53254A3CDA187B0EBCDE1759244E4AE32BA090EE9FECE8F9D7767232EBDAECC1D86653587911F897D0DD6DC2883389D734646E792EEC54C11BAAE8F7749C37AFA25D3F5002E0B61761CFB189555C0CDFE877F06B8EDBC28656AE48804AC6E89678514FF80C5FCC660023B7523C544A32428B9AD6A91D2E7D0C9AE4E8AEAD9BC704E04CA055F894149F1BD837903D813B9DABF3C28E26520CA25B18C58A3EADC7577D8087BA2E2EE318CEEEC44DCC30193CB00D29EE03B151E4B2421C66764152E3EEB7E0C1127CCA27275B7B0DCC1AA1434BF1769F50119C813542E873EB3DD2004CC8D4934D26736DE501D1131849DABCFE3B0F1B417972894BFE1A0343CA6BE984877EF81D183EEC9A47AFC2A2098017A47E47001C370DF332E1930CBA5872BF5A506F65D1803B112E9A71A570698221E6DA69103B5DD69CF8D7ABAA9E1970846200"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(296)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(1708)
c:\program files\SUPERAntiSpyware\SASSEH.DLL
c:\windows\system32\PortableDeviceApi.dll
c:\program files\Common Files\Nero\SMC\NeroDigitalExt.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
c:\windows\system32\wmvcore.dll
c:\windows\system32\WMASF.DLL
c:\program files\WinRAR\rarext.dll
d:\program files\7-Zip\7-zip.dll
.
Celkový čas: 2011-11-15 15:43:40 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-11-15 14:43
.
Před spuštěním: 1 696 391 168
Po spuštění: 5 636 771 840
.
- - End Of File - - 294BD1CC279AF8372EBA3D420D0AC5CD

catchmelog.txt

File "C:\ComboFix\MT_Ati2evxx.exe.tmp" added successfully
File "C:\ComboFix\MT_PassThruSvr.exe.tmp" added successfully

TDSSKiller.2.4.0.0_15.11.2011_15.44.03_log.txt

2011/11/15 15:44:03.0625 TDSS rootkit removing tool 2.4.0.0 Jul 22 2010 16:09:49
2011/11/15 15:44:03.0625 ================================================================================
2011/11/15 15:44:03.0625 SystemInfo:
2011/11/15 15:44:03.0625
2011/11/15 15:44:03.0625 OS Version: 5.1.2600 ServicePack: 3.0
2011/11/15 15:44:03.0625 Product type: Workstation
2011/11/15 15:44:03.0625 ComputerName: MELO15
2011/11/15 15:44:03.0625 UserName: Mike
2011/11/15 15:44:03.0625 Windows directory: C:\WINDOWS
2011/11/15 15:44:03.0625 System windows directory: C:\WINDOWS
2011/11/15 15:44:03.0625 Processor architecture: Intel x86
2011/11/15 15:44:03.0625 Number of processors: 2
2011/11/15 15:44:03.0625 Page size: 0x1000
2011/11/15 15:44:03.0625 Boot type: Safe boot
2011/11/15 15:44:03.0625 ================================================================================
2011/11/15 15:44:04.0062 Initialize success
2011/11/15 15:44:06.0812 ================================================================================
2011/11/15 15:44:06.0812 Scan started
2011/11/15 15:44:06.0812 Mode: Manual;
2011/11/15 15:44:06.0812 ================================================================================
2011/11/15 15:44:09.0734 61883 (914a9709fc3bf419ad2f85547f2a4832) C:\WINDOWS\system32\DRIVERS\61883.sys
2011/11/15 15:44:10.0468 ACPI (4fe34f1f3126b61fcc6b2043aa8112c9) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/11/15 15:44:10.0765 ACPIEC (afdff022a01f0b11c776f0860c3b282f) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/11/15 15:44:11.0250 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/11/15 15:44:11.0625 AF15BDA (302e09623746f7f6252e32018c235ec6) C:\WINDOWS\system32\DRIVERS\AF15BDA.sys
2011/11/15 15:44:12.0046 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
2011/11/15 15:44:13.0468 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/11/15 15:44:14.0390 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/11/15 15:44:14.0640 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/11/15 15:44:16.0171 ati2mtag (c0b86ecb324e50f6bbd529f9d5c6b24b) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
2011/11/15 15:44:17.0562 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/11/15 15:44:17.0843 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/11/15 15:44:18.0109 Avc (f8e6956a614f15a0860474c5e2a7de6b) C:\WINDOWS\system32\DRIVERS\avc.sys
2011/11/15 15:44:18.0390 avfwim (83d71e1911f235e9c0d2f53d54df3129) C:\WINDOWS\system32\DRIVERS\avfwim.sys
2011/11/15 15:44:18.0671 avfwot (ae0c5d218e815af8f38670a8c5773e6e) C:\WINDOWS\system32\DRIVERS\avfwot.sys
2011/11/15 15:44:18.0953 avgntflt (7713e4eb0276702faa08e52a6e23f2a6) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
2011/11/15 15:44:19.0250 avipbb (912d23140cd05980f6cdae790ddafc8d) C:\WINDOWS\system32\DRIVERS\avipbb.sys
2011/11/15 15:44:19.0546 avkmgr (271cfd1a989209b1964e24d969552bf7) C:\WINDOWS\system32\DRIVERS\avkmgr.sys
2011/11/15 15:44:19.0765 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/11/15 15:44:20.0000 BthEnum (b279426e3c0c344893ed78a613a73bde) C:\WINDOWS\system32\DRIVERS\BthEnum.sys
2011/11/15 15:44:20.0234 BTHMODEM (fca6f069597b62d42495191ace3fc6c1) C:\WINDOWS\system32\DRIVERS\bthmodem.sys
2011/11/15 15:44:20.0531 BthPan (80602b8746d3738f5886ce3d67ef06b6) C:\WINDOWS\system32\DRIVERS\bthpan.sys
2011/11/15 15:44:20.0906 BTHPORT (f338662a6c1fc11dd9508f6dff2c06a2) C:\WINDOWS\system32\Drivers\BTHport.sys
2011/11/15 15:44:21.0250 BTHUSB (61364cd71ef63b0f038b7e9df00f1efa) C:\WINDOWS\system32\Drivers\BTHUSB.sys
2011/11/15 15:44:21.0515 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/11/15 15:44:21.0750 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/11/15 15:44:22.0187 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/11/15 15:44:22.0453 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/11/15 15:44:22.0734 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/11/15 15:44:24.0093 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/11/15 15:44:24.0578 dmboot (db5fd2bf5b07dc54bfcb3664ff05bd7c) C:\WINDOWS\system32\drivers\dmboot.sys
2011/11/15 15:44:25.0171 dmio (fff1720af51171f32f1ead5cf71f2810) C:\WINDOWS\system32\drivers\dmio.sys
2011/11/15 15:44:25.0437 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/11/15 15:44:25.0703 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/11/15 15:44:26.0171 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/11/15 15:44:26.0437 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/11/15 15:44:26.0703 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/11/15 15:44:27.0000 Fips (ac366695a0796560aa37215ad5762aaf) C:\WINDOWS\system32\drivers\Fips.sys
2011/11/15 15:44:27.0250 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/11/15 15:44:27.0546 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
2011/11/15 15:44:27.0812 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/11/15 15:44:28.0078 Ftdisk (4e664d8541db4a66b73a24257e322e1f) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/11/15 15:44:28.0359 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2011/11/15 15:44:28.0578 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/11/15 15:44:28.0859 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/11/15 15:44:29.0125 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/11/15 15:44:29.0578 HTCAND32 (cbd09ed9cf6822177ee85aea4d8816a2) C:\WINDOWS\system32\Drivers\ANDROIDUSB.sys
2011/11/15 15:44:29.0843 htcnprot (04e3b3554076b8192a668efe88a682a1) C:\WINDOWS\system32\DRIVERS\htcnprot.sys
2011/11/15 15:44:30.0171 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/11/15 15:44:30.0921 i8042prt (c528e27945367191e7bae364930b6932) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/11/15 15:44:31.0203 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/11/15 15:44:33.0000 IntcAzAudAddService (fa9a9468f982835e99c1ec21257f7e60) C:\WINDOWS\system32\drivers\RtkHDAud.sys
2011/11/15 15:44:34.0750 intelppm (27b290d632af2cf3cf40bfddb7370985) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/11/15 15:44:35.0031 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
2011/11/15 15:44:35.0250 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/11/15 15:44:35.0500 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/11/15 15:44:35.0765 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/11/15 15:44:36.0109 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/11/15 15:44:36.0375 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/11/15 15:44:36.0625 isapnp (cc9f8a2d60aed1a51a3ac34c59b987ae) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/11/15 15:44:36.0890 Kbdclass (1b6162fe7f66b1a71a4b70f941c4aa9b) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/11/15 15:44:37.0156 klmd24 (6485ad0a17a0d6286b4d44c652adabb2) C:\WINDOWS\system32\drivers\klmd.sys
2011/11/15 15:44:37.0468 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/11/15 15:44:37.0781 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/11/15 15:44:38.0265 MBAMProtector (eca00eed9ab95489007b0ef84c7149de) C:\WINDOWS\system32\drivers\mbam.sys
2011/11/15 15:44:38.0515 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/11/15 15:44:38.0765 Modem (44032b0c6d9954d3fd26438330b99ee7) C:\WINDOWS\system32\drivers\Modem.sys
2011/11/15 15:44:39.0000 Mouclass (4cb582831dbde63ce43b45d771218374) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/11/15 15:44:39.0234 mouhid (bb269eba740737ab749b214d568b6812) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/11/15 15:44:39.0500 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/11/15 15:44:39.0812 MPE (c0f8e0c2c3c0437cf37c6781896dc3ec) C:\WINDOWS\system32\DRIVERS\MPE.sys
2011/11/15 15:44:40.0312 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/11/15 15:44:40.0734 MRxSmb (2c6599b987e7f63de062ffb5c4e8666e) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/11/15 15:44:41.0093 MSDV (1477849772712bac69c144dcf2c9ce81) C:\WINDOWS\system32\DRIVERS\msdv.sys
2011/11/15 15:44:41.0437 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/11/15 15:44:41.0734 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/11/15 15:44:41.0953 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/11/15 15:44:42.0218 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/11/15 15:44:42.0437 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/11/15 15:44:42.0703 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/11/15 15:44:43.0000 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
2011/11/15 15:44:43.0390 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/11/15 15:44:43.0734 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/11/15 15:44:43.0984 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/11/15 15:44:44.0218 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/11/15 15:44:44.0453 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/11/15 15:44:44.0718 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/11/15 15:44:45.0015 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/11/15 15:44:45.0328 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/11/15 15:44:45.0593 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/11/15 15:44:45.0890 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/11/15 15:44:46.0156 nmwcd (cfe3462a9e94a57dcd9676f6b7fe7f67) C:\WINDOWS\system32\drivers\ccdcmb.sys
2011/11/15 15:44:46.0796 nmwcdc (8f2a94f991f8c73cec26b4b5620d1edc) C:\WINDOWS\system32\drivers\ccdcmbo.sys
2011/11/15 15:44:47.0562 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/11/15 15:44:47.0968 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/11/15 15:44:48.0218 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/11/15 15:44:48.0468 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/11/15 15:44:48.0718 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/11/15 15:44:48.0968 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/11/15 15:44:49.0468 PAC207 (509039b85c95e6e85cb7a8e3465fb702) C:\WINDOWS\system32\DRIVERS\PFC027.SYS
2011/11/15 15:44:49.0921 Parport (46f8db73b4a53e543f8e371dc7c75bae) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/11/15 15:44:50.0171 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/11/15 15:44:50.0390 ParVdm (1fae19d0457176318bba4a8795656ebc) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/11/15 15:44:50.0640 pccsmcfd (fd2041e9ba03db7764b2248f02475079) C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys
2011/11/15 15:44:50.0890 PCI (6ce351d149cb4befc702951e471e1730) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/11/15 15:44:51.0328 PCIIde (2da4ec85e0ea7a45c6b2a05820492d5a) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/11/15 15:44:51.0593 Pcmcia (4fc31e6c19a5ce5198b1abff94cae758) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/11/15 15:44:51.0906 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\WINDOWS\system32\Drivers\pcouffin.sys
2011/11/15 15:44:53.0453 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/11/15 15:44:53.0734 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/11/15 15:44:54.0015 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/11/15 15:44:55.0390 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/11/15 15:44:55.0640 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/11/15 15:44:55.0921 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/11/15 15:44:56.0140 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/11/15 15:44:56.0468 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/11/15 15:44:56.0734 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/11/15 15:44:57.0078 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/11/15 15:44:57.0406 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/11/15 15:44:57.0671 redbook (611bfd220305be3a85ae876ea47d4aa5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/11/15 15:44:57.0968 RFCOMM (851c30df2807fcfa21e4c681a7d6440e) C:\WINDOWS\system32\DRIVERS\rfcomm.sys
2011/11/15 15:44:58.0062 RivaTuner32 (c0c8909be3ecc9df8089112bf9be954e) C:\Program Files\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner32.sys
2011/11/15 15:44:58.0687 RTLE8023xp (10854898b350483d6638c6ae17086d1b) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
2011/11/15 15:44:58.0796 SASDIFSV (5bf35c4ea3f00fa8d3f1e5bf03d24584) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
2011/11/15 15:44:58.0843 SASENUM (a22f08c98ac2f44587bf3a1fb52bf8cd) C:\Program Files\SUPERAntiSpyware\SASENUM.SYS
2011/11/15 15:44:58.0890 SASKUTIL (81c02ea5f88ca4125e579384dfd75e3a) C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
2011/11/15 15:44:59.0218 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/11/15 15:44:59.0468 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/11/15 15:44:59.0718 Serial (b842729337c9b921615c40d3c1a1af96) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/11/15 15:44:59.0953 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/11/15 15:45:00.0421 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/11/15 15:45:00.0875 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/11/15 15:45:01.0328 sptd (d390675b8ce45e5fb359338e5e649329) C:\WINDOWS\system32\Drivers\sptd.sys
2011/11/15 15:45:01.0328 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: d390675b8ce45e5fb359338e5e649329
2011/11/15 15:45:01.0328 sptd - detected Locked file (1)
2011/11/15 15:45:01.0640 sr (94610c8653635e4459316a0050d55ce7) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/11/15 15:45:02.0046 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/11/15 15:45:02.0390 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
2011/11/15 15:45:02.0671 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/11/15 15:45:02.0921 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/11/15 15:45:03.0171 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/11/15 15:45:04.0312 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/11/15 15:45:04.0718 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/11/15 15:45:04.0984 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/11/15 15:45:05.0265 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/11/15 15:45:05.0515 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/11/15 15:45:06.0062 truecrypt (be45dad1c73a3216edc8c485916f6594) C:\WINDOWS\system32\drivers\truecrypt.sys
2011/11/15 15:45:06.0390 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/11/15 15:45:06.0968 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/11/15 15:45:07.0312 upperdev (ec01da44b090d2651fc032c8b9257232) C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys
2011/11/15 15:45:07.0734 USB28xxBGA (4c3180982abbc7cfa14dd21c0cbb1c22) C:\WINDOWS\system32\DRIVERS\emBDA.sys
2011/11/15 15:45:08.0218 USB28xxOEM (49b03351781de98981df0814a15dc992) C:\WINDOWS\system32\DRIVERS\emOEM.sys
2011/11/15 15:45:08.0531 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys
2011/11/15 15:45:08.0828 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/11/15 15:45:09.0078 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/11/15 15:45:09.0343 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/11/15 15:45:09.0640 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/11/15 15:45:09.0906 usbser (1c888b000c2f9492f4b15b5b6b84873e) C:\WINDOWS\system32\drivers\usbser.sys
2011/11/15 15:45:10.0171 UsbserFilt (4abd37cfbd710e64f01f9da8710c73f7) C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys
2011/11/15 15:45:10.0406 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/11/15 15:45:10.0640 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/11/15 15:45:10.0906 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/11/15 15:45:11.0375 VolSnap (28a4b296b47782173c346e376cb374d1) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/11/15 15:45:11.0671 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/11/15 15:45:12.0078 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys
2011/11/15 15:45:12.0687 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/11/15 15:45:13.0015 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
2011/11/15 15:45:13.0312 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
2011/11/15 15:45:13.0531 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/11/15 15:45:13.0796 WudfPf (eaa6324f51214d2f6718977ec9ce0def) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/11/15 15:45:14.0093 WudfRd (f91ff1e51fca30b3c3981db7d5924252) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/11/15 15:45:14.0171 ================================================================================
2011/11/15 15:45:14.0171 Scan finished
2011/11/15 15:45:14.0171 ================================================================================
2011/11/15 15:45:14.0203 Detected object count: 1
2011/11/15 15:45:27.0640 Locked file(sptd) - User select action: Skip
2011/11/15 15:45:30.0078 Deinitialize success

melo15 · #2 Příspěvek od **melo15** » 15 lis 2011 18:08

Naughty píše:Odinstaluj MBAm.

Splněno, + omylem jsem odinstaloval Combofix.

Naughty píše:Kdy jsi stahoval na posled TDSSkiller, protože je verze 2.6.18.0, v reportu se hlásí TDSS rootkit removing tool 2.4.0.0

Dneska, ale z Mediafire, takže moje chyba.

Naughty píše:Takže pořebuji odzkoušet dvě utility, pokud chceš jít do toho, proveď

Až na network (viz screen) všechno v přílohách.
Děkuju za pomoc.

melo15 · #3 Příspěvek od **melo15** » 15 lis 2011 23:36

ComboFix 11-11-15.06 - Mike 15.11.2011 23:18:50.10.2 - x86 MINIMAL
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1023.660 [GMT 1:00]
Spuštěný z: c:\documents and settings\Mike\Plocha\Turbina.com
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-10-15 do 2011-11-15 )))))))))))))))))))))))))))))))
.
.
2011-11-15 14:55 . 2011-11-15 14:55 -------- d-----w- C:\TDSSKiller_Quarantine
2011-11-15 14:10 . 2008-04-14 00:11 42112 ----a-w- c:\windows\system32\drivers\imapi.sys
2011-11-14 15:37 . 2011-11-15 14:28 -------- d-sh--w- c:\documents and settings\Mike\Local Settings\Data aplikací\24ca6f99
2011-11-14 14:31 . 2011-11-14 14:31 -------- d-----w- c:\windows\LastGood.Tmp
2011-11-12 11:25 . 2011-11-12 18:10 -------- d-----w- c:\documents and settings\Mike\Data aplikací\Mp3tag
2011-11-04 11:10 . 2011-11-04 11:10 -------- d-----w- c:\documents and settings\Babicka\Data aplikací\Avira
2011-10-24 18:11 . 2011-10-24 18:14 -------- d-----w- c:\documents and settings\Mike\Data aplikací\PC Suite
2011-10-24 18:11 . 2011-10-24 18:14 -------- d-----w- c:\documents and settings\All Users\Data aplikací\PC Suite
2011-10-24 18:07 . 2008-08-26 08:26 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2011-10-24 18:06 . 2011-10-24 18:06 -------- d-----w- c:\program files\PC Connectivity Solution
2011-10-24 18:06 . 2011-05-18 08:13 123904 ----a-w- c:\windows\system32\ccdcmbwu.dll
2011-10-24 18:06 . 2011-05-18 08:09 1461992 ----a-w- c:\windows\system32\wdfcoinstaller01009.dll
2011-10-24 18:04 . 2011-10-24 18:04 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Installations
2011-10-17 15:14 . 2009-06-10 13:49 24576 ----a-w- c:\windows\system32\drivers\ANDROIDUSB.sys
2011-10-17 15:11 . 2011-10-18 12:49 -------- d-----w- c:\documents and settings\Mike\Local Settings\Data aplikací\Htc
2011-10-17 15:11 . 2011-10-17 15:11 -------- d-----w- c:\documents and settings\Mike\Data aplikací\HTC
2011-10-17 15:10 . 2011-10-17 15:10 -------- d-----w- c:\documents and settings\Mike\Local Settings\Data aplikací\Downloaded Installations
2011-10-17 15:09 . 2011-10-17 15:09 -------- d-----w- c:\program files\Spirent Communications
2011-10-17 15:09 . 2011-10-17 15:09 -------- d-----w- c:\program files\HTC
2011-10-17 15:09 . 2011-10-17 15:09 -------- d-----w- c:\program files\Common Files\Adobe AIR
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-17 05:45 . 2011-05-13 12:28 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-09-26 09:41 . 2008-07-29 17:59 613376 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 09:41 . 2001-10-25 16:00 22528 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-26 09:41 . 2001-10-25 16:00 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-18 06:39 . 2011-10-13 14:26 134344 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-09-16 13:55 . 2011-10-13 14:26 91096 ----a-w- c:\windows\system32\drivers\avfwim.sys
2011-09-16 13:55 . 2011-10-13 14:26 111160 ----a-w- c:\windows\system32\drivers\avfwot.sys
2011-09-15 21:55 . 2011-10-13 14:26 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2011-09-15 21:55 . 2011-10-13 14:26 74640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-09-09 09:12 . 2008-04-14 08:51 602112 ----a-w- c:\windows\system32\crypt32.dll
2011-09-06 14:10 . 2008-04-14 07:45 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-08-30 21:05 . 2011-08-30 21:05 83816 ----a-w- c:\windows\system32\dns-sd.exe
2011-08-30 21:05 . 2011-08-30 21:05 73064 ----a-w- c:\windows\system32\dnssd.dll
2011-08-30 21:05 . 2011-08-30 21:05 178536 ----a-w- c:\windows\system32\dnssdX.dll
2011-08-22 23:41 . 2008-03-01 13:02 916480 ----a-w- c:\windows\system32\wininet.dll
2011-08-22 23:41 . 2008-04-27 10:09 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-08-22 23:41 . 2008-03-01 13:02 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-08-22 11:56 . 2008-04-27 10:08 385024 ----a-w- c:\windows\system32\html.iec
2011-11-11 15:56 . 2011-03-22 18:17 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2008-04-27 . 1E603EA2A3FDBAE9E5B88A8CB3C03124 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Infium"="c:\documents and settings\Mike\Dokumenty\QIP Infium\infium.exe" [2010-03-16 5739472]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2006-05-18 16207872]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-02-10 61440]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-10-05 258512]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="c:\windows\system32\logonui.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 10:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Center Agent"=c:\program files\Genius TVGo DVB-T03\HyperMediaCenter\DTVR\Scheduled.exe
"QIP Internet Guardian"=c:\documents and settings\Mike\Data aplikací\QipGuard\QipGuard.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"ISUSPM Startup"=c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" -start
"emMON"=emMON.exe
"Monitor"=c:\windows\PixArt\PAC207\Monitor.exe
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
"RivaTunerStartupDaemon"="c:\program files\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner.exe" /S
"HDInspector.exe"=c:\program files\Hard Drive Inspector\HDInspector.exe
"OODefragTray"=c:\windows\system32\oodtray.exe
"Adobe Reader Speed Launcher"="d:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"iTunesHelper"="d:\program files\iTunes\iTunesHelper.exe"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"Bonus.SSR.FR10"="d:\program files\ABBYY FineReader 10\Bonus.ScreenshotReader.exe" /autorun
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe"
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
"HTC Sync Loader"="d:\program files\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startup
"Malwarebytes' Anti-Malware"="d:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiSpyWareDisableNotify"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Documents and Settings\\Marie\\Local Settings\\Data aplikací\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"d:\\Games\\KONAMI\\Pro Evolution Soccer 2012\\pes2012.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"d:\\Program Files\\iTunes\\iTunes.exe"=
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [22.12.2009 21:03 685816]
S1 avfwot;avfwot;c:\windows\system32\drivers\avfwot.sys [13.10.2011 15:26 111160]
S1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [13.10.2011 15:26 36000]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [28.7.2009 9:53 9968]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [28.7.2009 9:53 72944]
S2 ABBYY.Licensing.FineReader.Corporate.10.0;ABBYY FineReader 10 CE Licensing Service;c:\program files\Common Files\ABBYY\FineReader\10.00\Licensing\CE\NetworkLicenseServer.exe [15.11.2011 15:30 814344]
S2 AntiVirFirewallService;Avira FireWall;c:\program files\Avira\AntiVir Desktop\avfwsvc.exe [13.10.2011 15:26 616400]
S2 AntiVirSchedulerService;Avira Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [13.10.2011 15:26 86224]
S2 AntiVirWebService;Avira Web Protection;c:\program files\Avira\AntiVir Desktop\avwebgrd.exe [13.10.2011 15:26 463824]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 12:16 130384]
S2 PassThru Service;Internet Pass-Through Service;c:\program files\HTC\Internet Pass-Through\PassThruSvr.exe [12.8.2011 16:13 87040]
S3 avfwim;AvFw Packet Filter Miniport;c:\windows\system32\drivers\avfwim.sys [13.10.2011 15:26 91096]
S3 FGCWL;FGCWL;\??\d:\program files\Fortres Grand\Virtual Sandbox\FGCWL.sys --> d:\program files\Fortres Grand\Virtual Sandbox\FGCWL.sys [?]
S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [17.10.2011 16:14 24576]
S3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\drivers\htcnprot.sys [22.6.2010 17:01 21248]
S3 PAC207;Webcam 1200;c:\windows\system32\drivers\PFC027.SYS [11.7.2009 14:46 611584]
S3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [2.1.2010 20:24 47360]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [28.7.2009 9:53 7408]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.3.2010 12:16 753504]
S4 AntiVirMailService;Avira Mail Protection;c:\program files\Avira\AntiVir Desktop\avmailc.exe [13.10.2011 15:26 342480]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'
.
2011-11-05 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 15:57]
.
.
------- Doplňkový sken -------
.
uStart Page = www.seznam.cz
uDefault_Search_URL = hxxp://search.qip.ru
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://search.qip.ru/ie
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Stáhnout s IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: Stáhnout s IDM obsah FLV videa - c:\program files\Internet Download Manager\IEGetVL.htm
IE: Stáhnout s IDM všechny odkazy - c:\program files\Internet Download Manager\IEGetAll.htm
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748449} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
Trusted Zone: com.tw\asia.msi
Trusted Zone: com.tw\global.msi
Trusted Zone: com.tw\www.msi
TCP: DhcpNameServer = 10.10.10.10 10.10.11.11
FF - ProfilePath - c:\documents and settings\Mike\Data aplikací\Mozilla\Firefox\Profiles\h1w0ji0j.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.qip.ru/search?from=FF&query=
FF - prefs.js: network.proxy.http - 217.170.100.73
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.type - 0
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-11-15 23:29
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\.imapi]
"ImagePath"="\*"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{0a1c3a73-f40b-49a1-884a-71cf2e01324c}]
@Denied: (Full) (Everyone)
"Model"=dword:000000d2
"Therad"=dword:00000014
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{416b460a-96e4-4cf3-8e6d-0c28f129b033}]
@Denied: (Full) (Everyone)
"Model"=dword:0000012f
"Therad"=dword:00000015
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,
1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):bd,f4,9e,ec,9c,5d,44,67,eb,19,c3,16,1f,9e,ce,70,f5,42,00,51,4b,
bd,6e,9e,de,83,d6,70,7a,98,37,fa,89,bd,fe,28,4a,fc,36,cf,00,00,00,00,00,00,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):7d,ca,0c,8a,15,ca,2b,a6,a8,37,04,c2,b9,b0,b0,e9,70,ba,17,f1,64,
ea,9d,10,e1,67,a4,37,7d,e5,d2,0b,11,e5,c3,47,2f,6b,68,6f,00,00,00,00,00,00,\
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG11.00.00.01WORKSTATION"="FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A9C6AECB7A5D1407A6A0AC4980AC7933FEBC9E127BECC74CDD6671067DB5B9C4BC3FA012CBCB6F507CB5FC10A04A4EBE37611F1C7A39247C44E87F82D5FEB8CA089F263060BC2B38912DAB3079C61928024708BB8E2119E551FEB8D23997FE4FD09BA97335DCF8880F007A52A6BFF542042C0F2B2E69DC9287426E9F4AB21759A424F0A48E88E7B7331BC77FA8D91716C3954659B51EE63BDC7006D7E1E55CF108505851E07D59402D0D8186321E842EC0ABD17234B3839A3CEB7CAB0C2DFEA5F1DBCD4DD45F81A0A18AAEFB28F7979AE93DEA6E6E7D517482B95D100B660607CB26D52E4AB7EADBA6EBE43525B800EE25385F03DAB5468B8305CB3E5253482D76B088CD50EEF3F8CAABD04F78934043CBB490AC25F82829021BFDB30B9A74AEC4A38D4AADD6CD010D6CB4A8A4222FB3AA68F32C2C4993193C6DBFB111C709ACFB4828065C22FE05616E6264DE60F65E82B29206840D782CDC12EC3D74475C45598FAA27096660162F9CC46915AD17E609930901758B9AB887C3791FF96C16218B8B7A171522214B5301D5E2E1506377662F89A9FAF29194515FEAE39BEDB4E7B3F1948516B2403E9DCC27C01AEF7F38B7CFD95243D5C81FC4675CDD046607C76A1F87E3D65C170F52525BB54398695C0EE1D08BB2A700B76001FBA2945333F2BA1277E753C54D60A88B2D3819BAEE156FF55EB061C3CBC294F78A0A6218B11FA3EC9B0CBEFA60D7CC13E68309AAB19A544103DB99659329C9385F3235794F0518F63D8EFCEAA2A06028E91835A1A9A8A99C536D5B301358D7D4657C09242DE37E9ABD71A7E8BA6A76302A38F4BA217F5084F88ADBA7D9408E821A8C10253EFAB167107A0D2DA1E595B230EA537737E19D9AB11BFE374B55AE9C904CAD6E4D1282903BB4AE53254A3CDA187B0EBCDE1759244E4AE32BA090EE9FECE8F9D7767232EBDAECC1D86653587911F897D0DD6DC2883389D734646E792EEC54C11BAAE8F7749C37AFA25D3F5002E0B61761CFB189555C0CDFE877F06B8EDBC28656AE48804AC6E89678514FF80C5FCC660023B7523C544A32428B9AD6A91D2E7D0C9AE4E8AEAD9BC704E04CA055F894149F1BD837903D813B9DABF3C28E26520CA25B18C58A3EADC7577D8087BA2E2EE318CEEEC44DCC30193CB00D29EE03B151E4B2421C66764152E3EEB7E0C1127CCA27275B7B0DCC1AA1434BF1769F50119C813542E873EB3DD2004CC8D4934D26736DE501D1131849DABCFE3B0F1B417972894BFE1A0343CA6BE984877EF81D183EEC9A47AFC2A2098017A47E47001C370DF332E1930CBA5872BF5A506F65D1803B112E9A71A570698221E6DA69103B5DD69CF8D7ABAA9E1970846200"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(292)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\Ati2evxx.dll
.
Celkový čas: 2011-11-15 23:34:15
ComboFix-quarantined-files.txt 2011-11-15 22:34
ComboFix2.txt 2011-11-15 14:43
.
Před spuštěním: 6 179 680 256
Po spuštění: 6 162 362 368
.
- - End Of File - - 00CE82D9277BF83076FC33AE728B06A5

melo15 · #4 Příspěvek od **melo15** » 16 lis 2011 14:30

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

Driver ".imapi" deleted successfully.

Error: registry key "\Registry\Machine\System\CurrentControlSet\Services\asxovfon.SYS" not found!
Deletion of driver "asxovfon.SYS" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Error: registry key "\Registry\Machine\System\CurrentControlSet\Services\asxovfon" not found!
Deletion of driver "asxovfon" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Error: file "C:\WINDOWS\system32\Drivers\asxovfon.SYS" not found!
Deletion of file "C:\WINDOWS\system32\Drivers\asxovfon.SYS" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Completed script processing.

*******************

Finished! Terminate.

melo15 · #5 Příspěvek od **melo15** » 16 lis 2011 16:30

stále BSOD v normálním režimu. RkU Version: 3.8.389.593, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #2
==============================================
>SSDT State
==============================================
ntoskrnl.exe-->NtCreateKey, Type: Address change 0x80578AB4-->F73E40D0 [sptd.sys]
ntoskrnl.exe-->NtEnumerateKey, Type: Address change 0x8057F002-->F73E9FB2 [sptd.sys]
ntoskrnl.exe-->NtEnumerateValueKey, Type: Address change 0x80590232-->F73EA340 [sptd.sys]
ntoskrnl.exe-->NtOpenKey, Type: Address change 0x80572BDF-->F73E40B0 [sptd.sys]
ntoskrnl.exe-->NtQueryKey, Type: Address change 0x8057EC02-->F73EA418 [sptd.sys]
ntoskrnl.exe-->NtQueryValueKey, Type: Address change 0x80572F19-->F73EA298 [sptd.sys]
ntoskrnl.exe-->NtSetValueKey, Type: Address change 0x80580088-->F73EA4AA [sptd.sys]
==============================================
>Shadow
==============================================
==============================================
>Processes
==============================================
0x86FC4830 [4] System
0x86CC8A08 [260] C:\WINDOWS\system32\smss.exe (Microsoft Corporation, Správce relací systému Windows NT)
0x86BA41C8 [320] C:\WINDOWS\system32\csrss.exe (Microsoft Corporation, Client Server Runtime Process)
0x86BB1DA0 [344] C:\WINDOWS\system32\winlogon.exe (Microsoft Corporation, Windows NT Logon Application)
0x86C13B28 [388] C:\WINDOWS\system32\services.exe (Microsoft Corporation, Services and Controller app)
0x86BD3BE0 [400] C:\WINDOWS\system32\lsass.exe (Microsoft Corporation, LSA Shell (Export Version))
0x86C8F320 [560] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x86C07320 [628] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x86BF6A20 [684] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x86CA6BE0 [732] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x86B8C6A0 [972] C:\WINDOWS\explorer.exe (Microsoft Corporation, Průzkumník Windows)
0x86B7E978 [1112] C:\Documents and Settings\Mike\Plocha\RKUnhookerLE\RKUnhookerLE.EXE (UG North, RKULE, SR2 Overlord)
==============================================
>Drivers
==============================================
0x804D7000 C:\WINDOWS\system32\ntoskrnl.exe 2265088 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 PnpManager 2265088 bytes
0x804D7000 RAW 2265088 bytes
0x804D7000 WMIxWDM 2265088 bytes
0xBF800000 Win32k 1859584 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1859584 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xF73E3000 PCI_NTPNP8936 958464 bytes
0xF73E3000 sptd.sys 958464 bytes
0xF7242000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xF70B6000 C:\WINDOWS\System32\Drivers\apsgznjb.SYS 417792 bytes
0xF7028000 C:\WINDOWS\system32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)
0xBF012000 C:\WINDOWS\System32\ATMFD.DLL 290816 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0xF7086000 C:\WINDOWS\system32\DRIVERS\rdpdr.sys 196608 bytes (Microsoft Corporation, Microsoft RDP Device redirector)
0xF739D000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0xF7215000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xF7163000 C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 163840 bytes (Windows (R) Server 2003 DDK provider, High Definition Audio Bus Driver v1.0a)
0xF7347000 dmio.sys 155648 bytes (Microsoft Corp., Veritas Software, NT Disk Manager I/O Driver)
0xF6F80000 C:\WINDOWS\System32\Drivers\Fastfat.SYS 147456 bytes (Microsoft Corporation, Fast FAT File System Driver)
0xF713F000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xF711C000 C:\WINDOWS\system32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0x80700000 ACPI_HAL 134400 bytes
0x80700000 C:\WINDOWS\system32\hal.dll 134400 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xF730F000 fltMgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xF736D000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0xF71FB000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xF732F000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xF6F68000 C:\WINDOWS\System32\Drivers\dump_atapi.sys 98304 bytes
0xF73CB000 C:\WINDOWS\System32\Drivers\SCSIPORT.SYS 98304 bytes (Microsoft Corporation, SCSI Port Driver)
0xF72E6000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xF72CF000 WudfPf.sys 94208 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Platform Driver)
0xF6FEC000 C:\WINDOWS\System32\drivers\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xF72FD000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)
0xF738C000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xF76BE000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xF765E000 C:\WINDOWS\system32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xF750E000 ohci1394.sys 65536 bytes (Microsoft Corporation, 1394 OpenHCI Port Driver)
0xF766E000 C:\WINDOWS\system32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
0xF768E000 C:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xF751E000 C:\WINDOWS\system32\DRIVERS\1394BUS.SYS 57344 bytes (Microsoft Corporation, 1394 Bus Device Driver)
0xF755E000 C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xF763E000 C:\WINDOWS\system32\DRIVERS\i8042prt.sys 53248 bytes (Microsoft Corporation, i8042 Port Driver)
0xF753E000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xF764E000 C:\WINDOWS\system32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
0xF752E000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xF74FE000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xF767E000 C:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xF74EE000 BlackBox.sys 36864 bytes (RKU Driver)
0xF754E000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xF785E000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xF78BE000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xF78CE000 C:\WINDOWS\system32\DRIVERS\fdc.sys 28672 bytes (Microsoft Corporation, Floppy Disk Controller Driver)
0xF776E000 C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xF77EE000 C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)
0xF7786000 C:\WINDOWS\system32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0xF78EE000 C:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0xF788E000 C:\WINDOWS\system32\DRIVERS\usbuhci.sys 24576 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0xF782E000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xF780E000 C:\WINDOWS\system32\DRIVERS\flpydisk.sys 20480 bytes (Microsoft Corporation, Floppy Driver)
0xF784E000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xF7776000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xF7826000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xF7197000 C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xF78FE000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xF7010000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xBFF70000 C:\WINDOWS\System32\framebuf.dll 12288 bytes (Microsoft Corporation, Framebuffer Display Driver)
0xF7A0E000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xF79F2000 dmload.sys 8192 bytes (Microsoft Corp., Veritas Software., NT Disk Manager Startup Driver)
0xF7A1C000 C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS 8192 bytes
0xF7A0A000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xF79EE000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xF7A00000 C:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xF7A06000 C:\WINDOWS\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xF79F0000 C:\WINDOWS\System32\Drivers\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xF7B3F000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xF7B8B000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xF7AB6000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
0x86F1D1E8 unknown_irp_handler 3608 bytes
0x86FC51E8 unknown_irp_handler 3608 bytes
0x86FC61E8 unknown_irp_handler 3608 bytes
0x86C4E1E8 unknown_irp_handler 3608 bytes
0x86C4C5D0 unknown_irp_handler 2608 bytes
0x86E17790 unknown_irp_handler 2160 bytes
0x86E3C790 unknown_irp_handler 2160 bytes
0x86DC1790 unknown_irp_handler 2160 bytes
0x86E16790 unknown_irp_handler 2160 bytes
==============================================
>Stealth
==============================================
WARNING: File locked for read access [C:\WINDOWS\system32\drivers\sptd.sys]
==============================================
>Files
==============================================
==============================================
>Hooks
==============================================
atapi.sys-->ntoskrnl.exe-->IoConnectInterrupt, Type: IAT modification 0xF733A504-->F73FB06C [sptd.sys]
ntoskrnl.exe+0x00005B22, Type: Inline - RelativeJump 0x804DCB22-->804DCB29 [ntoskrnl.exe]
[972]explorer.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77DC1218-->5D067774 [shimeng.dll]
[972]explorer.exe-->crypt32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77A71188-->5D067774 [shimeng.dll]
[972]explorer.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77F110B4-->5D067774 [shimeng.dll]
[972]explorer.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x01001268-->5D067774 [shimeng.dll]
[972]explorer.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7C9C15A4-->5D067774 [shimeng.dll]
[972]explorer.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E36133C-->5D067774 [shimeng.dll]
[972]explorer.exe-->wininet.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x40C014B0-->5D067774 [shimeng.dll]
[972]explorer.exe-->ws2_32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x71A9109C-->5D067774 [shimeng.dll]

melo15 · #6 Příspěvek od **melo15** » 16 lis 2011 16:56

budu muset někde nastavit ukládání minidumpu, jelikož ta utilitk
a nic neukazuje.

edit: po zásahu tdsskilleru PC nabootoval do normálního režimu

RkU Version: 3.8.389.593, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #2
==============================================
>SSDT State
==============================================
ntoskrnl.exe-->NtCreateKey, Type: Address change 0x80578AB4-->F73E40D0 [sptd.sys]
ntoskrnl.exe-->NtEnumerateKey, Type: Address change 0x8057F002-->F73E9FB2 [sptd.sys]
ntoskrnl.exe-->NtEnumerateValueKey, Type: Address change 0x80590232-->F73EA340 [sptd.sys]
ntoskrnl.exe-->NtOpenKey, Type: Address change 0x80572BDF-->F73E40B0 [sptd.sys]
ntoskrnl.exe-->NtQueryKey, Type: Address change 0x8057EC02-->F73EA418 [sptd.sys]
ntoskrnl.exe-->NtQueryValueKey, Type: Address change 0x80572F19-->F73EA298 [sptd.sys]
ntoskrnl.exe-->NtSetValueKey, Type: Address change 0x80580088-->F73EA4AA [sptd.sys]
==============================================
>Shadow
==============================================
==============================================
>Processes
==============================================
0x86FC4830 [4] System
0x86CC8A08 [260] C:\WINDOWS\system32\smss.exe (Microsoft Corporation, Správce relací systému Windows NT)
0x86BA41C8 [320] C:\WINDOWS\system32\csrss.exe (Microsoft Corporation, Client Server Runtime Process)
0x86BB1DA0 [344] C:\WINDOWS\system32\winlogon.exe (Microsoft Corporation, Windows NT Logon Application)
0x86C13B28 [388] C:\WINDOWS\system32\services.exe (Microsoft Corporation, Services and Controller app)
0x86BD3BE0 [400] C:\WINDOWS\system32\lsass.exe (Microsoft Corporation, LSA Shell (Export Version))
0x86C8F320 [560] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x86C07320 [628] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x86BF6A20 [684] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x86CA6BE0 [732] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x86B8C6A0 [972] C:\WINDOWS\explorer.exe (Microsoft Corporation, Průzkumník Windows)
0x86B7E978 [1112] C:\Documents and Settings\Mike\Plocha\RKUnhookerLE\RKUnhookerLE.EXE (UG North, RKULE, SR2 Overlord)
==============================================
>Drivers
==============================================
0x804D7000 C:\WINDOWS\system32\ntoskrnl.exe 2265088 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 PnpManager 2265088 bytes
0x804D7000 RAW 2265088 bytes
0x804D7000 WMIxWDM 2265088 bytes
0xBF800000 Win32k 1859584 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1859584 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xF73E3000 PCI_NTPNP8936 958464 bytes
0xF73E3000 sptd.sys 958464 bytes
0xF7242000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xF70B6000 C:\WINDOWS\System32\Drivers\apsgznjb.SYS 417792 bytes
0xF7028000 C:\WINDOWS\system32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)
0xBF012000 C:\WINDOWS\System32\ATMFD.DLL 290816 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0xF7086000 C:\WINDOWS\system32\DRIVERS\rdpdr.sys 196608 bytes (Microsoft Corporation, Microsoft RDP Device redirector)
0xF739D000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0xF7215000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xF7163000 C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 163840 bytes (Windows (R) Server 2003 DDK provider, High Definition Audio Bus Driver v1.0a)
0xF7347000 dmio.sys 155648 bytes (Microsoft Corp., Veritas Software, NT Disk Manager I/O Driver)
0xF6F80000 C:\WINDOWS\System32\Drivers\Fastfat.SYS 147456 bytes (Microsoft Corporation, Fast FAT File System Driver)
0xF713F000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xF711C000 C:\WINDOWS\system32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0x80700000 ACPI_HAL 134400 bytes
0x80700000 C:\WINDOWS\system32\hal.dll 134400 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xF730F000 fltMgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xF736D000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0xF71FB000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xF732F000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xF6F68000 C:\WINDOWS\System32\Drivers\dump_atapi.sys 98304 bytes
0xF73CB000 C:\WINDOWS\System32\Drivers\SCSIPORT.SYS 98304 bytes (Microsoft Corporation, SCSI Port Driver)
0xF72E6000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xF72CF000 WudfPf.sys 94208 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Platform Driver)
0xF6FEC000 C:\WINDOWS\System32\drivers\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xF72FD000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)
0xF738C000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xF76BE000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xF765E000 C:\WINDOWS\system32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xF750E000 ohci1394.sys 65536 bytes (Microsoft Corporation, 1394 OpenHCI Port Driver)
0xF766E000 C:\WINDOWS\system32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
0xF768E000 C:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xF751E000 C:\WINDOWS\system32\DRIVERS\1394BUS.SYS 57344 bytes (Microsoft Corporation, 1394 Bus Device Driver)
0xF755E000 C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xF763E000 C:\WINDOWS\system32\DRIVERS\i8042prt.sys 53248 bytes (Microsoft Corporation, i8042 Port Driver)
0xF753E000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xF764E000 C:\WINDOWS\system32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
0xF752E000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xF74FE000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xF767E000 C:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xF74EE000 BlackBox.sys 36864 bytes (RKU Driver)
0xF754E000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xF785E000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xF78BE000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xF78CE000 C:\WINDOWS\system32\DRIVERS\fdc.sys 28672 bytes (Microsoft Corporation, Floppy Disk Controller Driver)
0xF776E000 C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xF77EE000 C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)
0xF7786000 C:\WINDOWS\system32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0xF78EE000 C:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0xF788E000 C:\WINDOWS\system32\DRIVERS\usbuhci.sys 24576 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0xF782E000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xF780E000 C:\WINDOWS\system32\DRIVERS\flpydisk.sys 20480 bytes (Microsoft Corporation, Floppy Driver)
0xF784E000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xF7776000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xF7826000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xF7197000 C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xF78FE000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xF7010000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xBFF70000 C:\WINDOWS\System32\framebuf.dll 12288 bytes (Microsoft Corporation, Framebuffer Display Driver)
0xF7A0E000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xF79F2000 dmload.sys 8192 bytes (Microsoft Corp., Veritas Software., NT Disk Manager Startup Driver)
0xF7A1C000 C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS 8192 bytes
0xF7A0A000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xF79EE000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xF7A00000 C:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xF7A06000 C:\WINDOWS\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xF79F0000 C:\WINDOWS\System32\Drivers\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xF7B3F000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xF7B8B000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xF7AB6000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
0x86F1D1E8 unknown_irp_handler 3608 bytes
0x86FC51E8 unknown_irp_handler 3608 bytes
0x86FC61E8 unknown_irp_handler 3608 bytes
0x86C4E1E8 unknown_irp_handler 3608 bytes
0x86C4C5D0 unknown_irp_handler 2608 bytes
0x86E17790 unknown_irp_handler 2160 bytes
0x86E3C790 unknown_irp_handler 2160 bytes
0x86DC1790 unknown_irp_handler 2160 bytes
0x86E16790 unknown_irp_handler 2160 bytes
==============================================
>Stealth
==============================================
WARNING: File locked for read access [C:\WINDOWS\system32\drivers\sptd.sys]
==============================================
>Files
==============================================
==============================================
>Hooks
==============================================
atapi.sys-->ntoskrnl.exe-->IoConnectInterrupt, Type: IAT modification 0xF733A504-->F73FB06C [sptd.sys]
ntoskrnl.exe+0x00005B22, Type: Inline - RelativeJump 0x804DCB22-->804DCB29 [ntoskrnl.exe]
[972]explorer.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77DC1218-->5D067774 [shimeng.dll]
[972]explorer.exe-->crypt32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77A71188-->5D067774 [shimeng.dll]
[972]explorer.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77F110B4-->5D067774 [shimeng.dll]
[972]explorer.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x01001268-->5D067774 [shimeng.dll]
[972]explorer.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7C9C15A4-->5D067774 [shimeng.dll]
[972]explorer.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E36133C-->5D067774 [shimeng.dll]
[972]explorer.exe-->wininet.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x40C014B0-->5D067774 [shimeng.dll]
[972]explorer.exe-->ws2_32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x71A9109C-->5D067774 [shimeng.dll]

melo15 · #7 Příspěvek od **melo15** » 16 lis 2011 17:06

Omlouvám se, postuju to přes mobil a už v těch texťácích mám zmatek.

16:47:27.0031 1272 TDSS rootkit removing tool 2.6.19.0 Nov 16 2011 12:18:50
16:47:27.0109 1272 ============================================================
16:47:27.0109 1272 Current date / time: 2011/11/16 16:47:27.0109
16:47:27.0109 1272 SystemInfo:
16:47:27.0109 1272
16:47:27.0109 1272 OS Version: 5.1.2600 ServicePack: 3.0
16:47:27.0109 1272 Product type: Workstation
16:47:27.0109 1272 ComputerName: MELO15
16:47:27.0109 1272 UserName: Mike
16:47:27.0109 1272 Windows directory: C:\WINDOWS
16:47:27.0109 1272 System windows directory: C:\WINDOWS
16:47:27.0109 1272 Processor architecture: Intel x86
16:47:27.0109 1272 Number of processors: 2
16:47:27.0109 1272 Page size: 0x1000
16:47:27.0109 1272 Boot type: Safe boot
16:47:27.0109 1272 ============================================================
16:47:32.0671 1272 Initialize success
16:47:42.0328 1300 ============================================================
16:47:42.0328 1300 Scan started
16:47:42.0328 1300 Mode: Manual; SigCheck; TDLFS;
16:47:42.0328 1300 ============================================================
16:47:45.0078 1300 61883 (914a9709fc3bf419ad2f85547f2a4832) C:\WINDOWS\system32\DRIVERS\61883.sys
16:47:48.0843 1300 61883 - ok
16:47:49.0125 1300 Abiosdsk - ok
16:47:49.0343 1300 abp480n5 - ok
16:47:49.0656 1300 ACPI (4fe34f1f3126b61fcc6b2043aa8112c9) C:\WINDOWS\system32\DRIVERS\ACPI.sys
16:47:49.0859 1300 ACPI - ok
16:47:50.0109 1300 ACPIEC (afdff022a01f0b11c776f0860c3b282f) C:\WINDOWS\system32\drivers\ACPIEC.sys
16:47:50.0234 1300 ACPIEC - ok
16:47:50.0468 1300 adpu160m - ok
16:47:50.0765 1300 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
16:47:50.0968 1300 aec - ok
16:47:51.0406 1300 AF15BDA (302e09623746f7f6252e32018c235ec6) C:\WINDOWS\system32\DRIVERS\AF15BDA.sys
16:47:51.0671 1300 AF15BDA ( UnsignedFile.Multi.Generic ) - warning
16:47:51.0671 1300 AF15BDA - detected UnsignedFile.Multi.Generic (1)
16:47:51.0968 1300 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
16:47:52.0062 1300 AFD - ok
16:47:52.0281 1300 Aha154x - ok
16:47:52.0484 1300 aic78u2 - ok
16:47:52.0703 1300 aic78xx - ok
16:47:52.0921 1300 AliIde - ok
16:47:53.0140 1300 amsint - ok
16:47:53.0515 1300 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
16:47:53.0656 1300 Arp1394 - ok
16:47:53.0859 1300 asc - ok
16:47:54.0078 1300 asc3350p - ok
16:47:54.0296 1300 asc3550 - ok
16:47:54.0593 1300 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
16:47:54.0734 1300 AsyncMac - ok
16:47:55.0015 1300 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
16:47:55.0140 1300 atapi - ok
16:47:55.0390 1300 Atdisk - ok
16:47:55.0640 1300 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
16:47:55.0781 1300 Atmarpc - ok
16:47:56.0062 1300 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
16:47:56.0203 1300 audstub - ok
16:47:56.0468 1300 Avc (f8e6956a614f15a0860474c5e2a7de6b) C:\WINDOWS\system32\DRIVERS\avc.sys
16:47:56.0609 1300 Avc - ok
16:47:56.0890 1300 avfwim (83d71e1911f235e9c0d2f53d54df3129) C:\WINDOWS\system32\DRIVERS\avfwim.sys
16:47:57.0546 1300 avfwim - ok
16:47:57.0859 1300 avfwot (ae0c5d218e815af8f38670a8c5773e6e) C:\WINDOWS\system32\DRIVERS\avfwot.sys
16:47:57.0921 1300 avfwot - ok
16:47:58.0218 1300 avgntflt (7713e4eb0276702faa08e52a6e23f2a6) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
16:47:58.0281 1300 avgntflt - ok
16:47:58.0546 1300 avipbb (912d23140cd05980f6cdae790ddafc8d) C:\WINDOWS\system32\DRIVERS\avipbb.sys
16:47:58.0609 1300 avipbb - ok
16:47:58.0859 1300 avkmgr (271cfd1a989209b1964e24d969552bf7) C:\WINDOWS\system32\DRIVERS\avkmgr.sys
16:47:58.0890 1300 avkmgr - ok
16:47:59.0125 1300 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
16:47:59.0281 1300 Beep - ok
16:47:59.0531 1300 BlackBox (32790d68ddcf79c990622564585ca546) C:\WINDOWS\system32\drivers\BlackBox.sys
16:47:59.0562 1300 BlackBox ( UnsignedFile.Multi.Generic ) - warning
16:47:59.0562 1300 BlackBox - detected UnsignedFile.Multi.Generic (1)
16:47:59.0843 1300 BthEnum (b279426e3c0c344893ed78a613a73bde) C:\WINDOWS\system32\DRIVERS\BthEnum.sys
16:47:59.0984 1300 BthEnum - ok
16:48:00.0218 1300 BTHMODEM (fca6f069597b62d42495191ace3fc6c1) C:\WINDOWS\system32\DRIVERS\bthmodem.sys
16:48:00.0375 1300 BTHMODEM - ok
16:48:00.0656 1300 BthPan (80602b8746d3738f5886ce3d67ef06b6) C:\WINDOWS\system32\DRIVERS\bthpan.sys
16:48:00.0828 1300 BthPan - ok
16:48:01.0171 1300 BTHPORT (f338662a6c1fc11dd9508f6dff2c06a2) C:\WINDOWS\system32\Drivers\BTHport.sys
16:48:01.0375 1300 BTHPORT - ok
16:48:01.0671 1300 BTHUSB (61364cd71ef63b0f038b7e9df00f1efa) C:\WINDOWS\system32\Drivers\BTHUSB.sys
16:48:01.0812 1300 BTHUSB - ok
16:48:01.0890 1300 catchme - ok
16:48:02.0156 1300 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
16:48:02.0296 1300 cbidf2k - ok
16:48:02.0562 1300 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
16:48:02.0687 1300 CCDECODE - ok
16:48:02.0937 1300 cd20xrnt - ok
16:48:03.0171 1300 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
16:48:03.0312 1300 Cdaudio - ok
16:48:03.0578 1300 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
16:48:03.0734 1300 Cdfs - ok
16:48:04.0015 1300 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
16:48:04.0156 1300 Cdrom - ok
16:48:04.0390 1300 Changer - ok
16:48:04.0671 1300 CmdIde - ok
16:48:04.0937 1300 Cpqarray - ok
16:48:05.0171 1300 dac2w2k - ok
16:48:05.0406 1300 dac960nt - ok
16:48:05.0687 1300 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
16:48:05.0843 1300 Disk - ok
16:48:06.0312 1300 dmboot (db5fd2bf5b07dc54bfcb3664ff05bd7c) C:\WINDOWS\system32\drivers\dmboot.sys
16:48:06.0859 1300 dmboot - ok
16:48:07.0156 1300 dmio (fff1720af51171f32f1ead5cf71f2810) C:\WINDOWS\system32\drivers\dmio.sys
16:48:07.0390 1300 dmio - ok
16:48:07.0671 1300 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
16:48:07.0796 1300 dmload - ok
16:48:08.0062 1300 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
16:48:08.0203 1300 DMusic - ok
16:48:08.0468 1300 dpti2o - ok
16:48:08.0718 1300 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
16:48:08.0843 1300 drmkaud - ok
16:48:09.0203 1300 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
16:48:09.0375 1300 Fastfat - ok
16:48:09.0656 1300 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
16:48:09.0796 1300 Fdc - ok
16:48:09.0843 1300 FGCWL - ok
16:48:10.0140 1300 Fips (ac366695a0796560aa37215ad5762aaf) C:\WINDOWS\system32\drivers\Fips.sys
16:48:10.0296 1300 Fips - ok
16:48:10.0562 1300 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
16:48:10.0703 1300 Flpydisk - ok
16:48:11.0000 1300 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
16:48:11.0171 1300 FltMgr - ok
16:48:11.0437 1300 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
16:48:11.0578 1300 Fs_Rec - ok
16:48:11.0843 1300 Ftdisk (4e664d8541db4a66b73a24257e322e1f) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
16:48:12.0031 1300 Ftdisk - ok
16:48:12.0281 1300 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
16:48:12.0296 1300 GEARAspiWDM - ok
16:48:12.0531 1300 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
16:48:12.0671 1300 Gpc - ok
16:48:12.0953 1300 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
16:48:13.0078 1300 HDAudBus - ok
16:48:13.0375 1300 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
16:48:13.0515 1300 hidusb - ok
16:48:13.0765 1300 hpn - ok
16:48:14.0031 1300 HTCAND32 (cbd09ed9cf6822177ee85aea4d8816a2) C:\WINDOWS\system32\Drivers\ANDROIDUSB.sys
16:48:14.0109 1300 HTCAND32 - ok
16:48:14.0406 1300 htcnprot (04e3b3554076b8192a668efe88a682a1) C:\WINDOWS\system32\DRIVERS\htcnprot.sys
16:48:14.0453 1300 htcnprot - ok
16:48:14.0750 1300 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
16:48:14.0875 1300 HTTP - ok
16:48:15.0109 1300 i2omgmt - ok
16:48:15.0343 1300 i2omp - ok
16:48:15.0625 1300 i8042prt (c528e27945367191e7bae364930b6932) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
16:48:15.0750 1300 i8042prt - ok
16:48:16.0046 1300 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
16:48:16.0187 1300 Imapi - ok
16:48:16.0453 1300 ini910u - ok
16:48:17.0968 1300 IntcAzAudAddService (fa9a9468f982835e99c1ec21257f7e60) C:\WINDOWS\system32\drivers\RtkHDAud.sys
16:48:20.0531 1300 IntcAzAudAddService - ok
16:48:20.0781 1300 IntelIde - ok
16:48:21.0031 1300 intelppm (27b290d632af2cf3cf40bfddb7370985) C:\WINDOWS\system32\DRIVERS\intelppm.sys
16:48:21.0171 1300 intelppm - ok
16:48:21.0406 1300 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
16:48:21.0546 1300 Ip6Fw - ok
16:48:21.0765 1300 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
16:48:21.0906 1300 IpFilterDriver - ok
16:48:22.0171 1300 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
16:48:22.0312 1300 IpInIp - ok
16:48:22.0609 1300 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
16:48:22.0828 1300 IpNat - ok
16:48:23.0156 1300 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
16:48:23.0312 1300 IPSec - ok
16:48:23.0593 1300 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
16:48:23.0656 1300 IRENUM - ok
16:48:23.0953 1300 isapnp (cc9f8a2d60aed1a51a3ac34c59b987ae) C:\WINDOWS\system32\DRIVERS\isapnp.sys
16:48:24.0093 1300 isapnp - ok
16:48:24.0375 1300 Kbdclass (1b6162fe7f66b1a71a4b70f941c4aa9b) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
16:48:24.0500 1300 Kbdclass - ok
16:48:24.0796 1300 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
16:48:24.0968 1300 kmixer - ok
16:48:25.0265 1300 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
16:48:25.0375 1300 KSecDD - ok
16:48:25.0640 1300 lbrtfdc - ok
16:48:25.0953 1300 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
16:48:26.0062 1300 mnmdd - ok
16:48:26.0328 1300 Modem (44032b0c6d9954d3fd26438330b99ee7) C:\WINDOWS\system32\drivers\Modem.sys
16:48:26.0453 1300 Modem - ok
16:48:26.0687 1300 Mouclass (4cb582831dbde63ce43b45d771218374) C:\WINDOWS\system32\DRIVERS\mouclass.sys
16:48:26.0828 1300 Mouclass - ok
16:48:27.0078 1300 mouhid (bb269eba740737ab749b214d568b6812) C:\WINDOWS\system32\DRIVERS\mouhid.sys
16:48:27.0203 1300 mouhid - ok
16:48:27.0484 1300 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
16:48:27.0625 1300 MountMgr - ok
16:48:27.0890 1300 MPE (c0f8e0c2c3c0437cf37c6781896dc3ec) C:\WINDOWS\system32\DRIVERS\MPE.sys
16:48:28.0015 1300 MPE - ok
16:48:28.0234 1300 mraid35x - ok
16:48:28.0515 1300 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
16:48:28.0750 1300 MRxDAV - ok
16:48:29.0140 1300 MRxSmb (2c6599b987e7f63de062ffb5c4e8666e) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
16:48:29.0312 1300 MRxSmb ( Rootkit.Win32.ZAccess.g ) - infected
16:48:29.0312 1300 MRxSmb - detected Rootkit.Win32.ZAccess.g (0)
16:48:29.0625 1300 MSDV (1477849772712bac69c144dcf2c9ce81) C:\WINDOWS\system32\DRIVERS\msdv.sys
16:48:29.0781 1300 MSDV - ok
16:48:30.0015 1300 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
16:48:30.0140 1300 Msfs - ok
16:48:30.0593 1300 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
16:48:30.0718 1300 MSKSSRV - ok
16:48:30.0984 1300 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
16:48:31.0109 1300 MSPCLOCK - ok
16:48:31.0406 1300 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
16:48:31.0531 1300 MSPQM - ok
16:48:31.0796 1300 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
16:48:31.0906 1300 mssmbios - ok
16:48:32.0171 1300 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
16:48:32.0296 1300 MSTEE - ok
16:48:32.0562 1300 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
16:48:32.0656 1300 Mup - ok
16:48:32.0937 1300 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
16:48:33.0109 1300 NABTSFEC - ok
16:48:33.0406 1300 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
16:48:33.0578 1300 NDIS - ok
16:48:33.0859 1300 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
16:48:33.0968 1300 NdisIP - ok
16:48:34.0234 1300 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
16:48:34.0281 1300 NdisTapi - ok
16:48:34.0531 1300 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
16:48:34.0656 1300 Ndisuio - ok
16:48:34.0921 1300 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
16:48:35.0062 1300 NdisWan - ok
16:48:35.0312 1300 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
16:48:35.0406 1300 NDProxy - ok
16:48:35.0671 1300 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
16:48:35.0796 1300 NetBIOS - ok
16:48:36.0078 1300 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
16:48:36.0265 1300 NetBT - ok
16:48:36.0625 1300 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
16:48:36.0765 1300 NIC1394 - ok
16:48:37.0078 1300 nmwcd (cfe3462a9e94a57dcd9676f6b7fe7f67) C:\WINDOWS\system32\drivers\ccdcmb.sys
16:48:37.0843 1300 nmwcd - ok
16:48:38.0156 1300 nmwcdc (8f2a94f991f8c73cec26b4b5620d1edc) C:\WINDOWS\system32\drivers\ccdcmbo.sys
16:48:38.0250 1300 nmwcdc - ok
16:48:38.0484 1300 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
16:48:38.0625 1300 Npfs - ok
16:48:39.0000 1300 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
16:48:39.0390 1300 Ntfs - ok
16:48:39.0750 1300 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
16:48:39.0875 1300 Null - ok
16:48:40.0203 1300 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
16:48:40.0343 1300 NwlnkFlt - ok
16:48:40.0609 1300 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
16:48:40.0734 1300 NwlnkFwd - ok
16:48:41.0031 1300 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
16:48:41.0187 1300 ohci1394 - ok
16:48:41.0781 1300 PAC207 (509039b85c95e6e85cb7a8e3465fb702) C:\WINDOWS\system32\DRIVERS\PFC027.SYS
16:48:42.0203 1300 PAC207 - ok
16:48:42.0500 1300 Parport (46f8db73b4a53e543f8e371dc7c75bae) C:\WINDOWS\system32\DRIVERS\parport.sys
16:48:42.0671 1300 Parport - ok
16:48:43.0000 1300 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
16:48:43.0218 1300 PartMgr - ok
16:48:43.0546 1300 ParVdm (1fae19d0457176318bba4a8795656ebc) C:\WINDOWS\system32\drivers\ParVdm.sys
16:48:43.0703 1300 ParVdm - ok
16:48:44.0015 1300 pccsmcfd (fd2041e9ba03db7764b2248f02475079) C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys
16:48:44.0093 1300 pccsmcfd - ok
16:48:44.0375 1300 PCI (6ce351d149cb4befc702951e471e1730) C:\WINDOWS\system32\DRIVERS\pci.sys
16:48:44.0671 1300 PCI - ok
16:48:44.0921 1300 PCIDump - ok
16:48:45.0265 1300 PCIIde (2da4ec85e0ea7a45c6b2a05820492d5a) C:\WINDOWS\system32\DRIVERS\pciide.sys
16:48:45.0421 1300 PCIIde - ok
16:48:45.0734 1300 Pcmcia (4fc31e6c19a5ce5198b1abff94cae758) C:\WINDOWS\system32\drivers\Pcmcia.sys
16:48:45.0890 1300 Pcmcia - ok
16:48:46.0187 1300 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\WINDOWS\system32\Drivers\pcouffin.sys
16:48:46.0359 1300 pcouffin ( UnsignedFile.Multi.Generic ) - warning
16:48:46.0359 1300 pcouffin - detected UnsignedFile.Multi.Generic (1)
16:48:46.0671 1300 PDCOMP - ok
16:48:46.0984 1300 PDFRAME - ok
16:48:47.0265 1300 PDRELI - ok
16:48:47.0562 1300 PDRFRAME - ok
16:48:47.0843 1300 perc2 - ok
16:48:48.0109 1300 perc2hib - ok
16:48:48.0484 1300 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
16:48:48.0609 1300 PptpMiniport - ok
16:48:48.0906 1300 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
16:48:49.0046 1300 PSched - ok
16:48:49.0296 1300 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
16:48:49.0421 1300 Ptilink - ok
16:48:49.0656 1300 ql1080 - ok
16:48:49.0875 1300 Ql10wnt - ok
16:48:50.0093 1300 ql12160 - ok
16:48:50.0328 1300 ql1240 - ok
16:48:50.0578 1300 ql1280 - ok
16:48:50.0812 1300 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
16:48:50.0968 1300 RasAcd - ok
16:48:51.0250 1300 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
16:48:51.0421 1300 Rasl2tp - ok
16:48:51.0671 1300 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
16:48:51.0796 1300 RasPppoe - ok
16:48:52.0062 1300 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
16:48:52.0171 1300 Raspti - ok
16:48:52.0453 1300 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
16:48:52.0656 1300 Rdbss - ok
16:48:52.0953 1300 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
16:48:53.0125 1300 RDPCDD - ok
16:48:53.0421 1300 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
16:48:53.0625 1300 rdpdr - ok
16:48:53.0906 1300 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
16:48:54.0000 1300 RDPWD - ok
16:48:54.0265 1300 redbook (611bfd220305be3a85ae876ea47d4aa5) C:\WINDOWS\system32\DRIVERS\redbook.sys
16:48:54.0406 1300 redbook - ok
16:48:54.0718 1300 RFCOMM (851c30df2807fcfa21e4c681a7d6440e) C:\WINDOWS\system32\DRIVERS\rfcomm.sys
16:48:54.0859 1300 RFCOMM - ok
16:48:54.0968 1300 RivaTuner32 (c0c8909be3ecc9df8089112bf9be954e) C:\Program Files\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner32.sys
16:48:54.0968 1300 RivaTuner32 ( UnsignedFile.Multi.Generic ) - warning
16:48:54.0968 1300 RivaTuner32 - detected UnsignedFile.Multi.Generic (1)
16:48:55.0265 1300 RTLE8023xp (10854898b350483d6638c6ae17086d1b) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
16:48:55.0328 1300 RTLE8023xp ( UnsignedFile.Multi.Generic ) - warning
16:48:55.0328 1300 RTLE8023xp - detected UnsignedFile.Multi.Generic (1)
16:48:55.0406 1300 SASDIFSV (5bf35c4ea3f00fa8d3f1e5bf03d24584) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
16:48:55.0453 1300 SASDIFSV ( UnsignedFile.Multi.Generic ) - warning
16:48:55.0453 1300 SASDIFSV - detected UnsignedFile.Multi.Generic (1)
16:48:55.0484 1300 SASENUM (a22f08c98ac2f44587bf3a1fb52bf8cd) C:\Program Files\SUPERAntiSpyware\SASENUM.SYS
16:48:55.0500 1300 SASENUM ( UnsignedFile.Multi.Generic ) - warning
16:48:55.0500 1300 SASENUM - detected UnsignedFile.Multi.Generic (1)
16:48:55.0578 1300 SASKUTIL (81c02ea5f88ca4125e579384dfd75e3a) C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
16:48:55.0625 1300 SASKUTIL ( UnsignedFile.Multi.Generic ) - warning
16:48:55.0625 1300 SASKUTIL - detected UnsignedFile.Multi.Generic (1)
16:48:55.0968 1300 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
16:48:56.0046 1300 Secdrv - ok
16:48:56.0375 1300 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
16:48:56.0500 1300 serenum - ok
16:48:56.0765 1300 Serial (b842729337c9b921615c40d3c1a1af96) C:\WINDOWS\system32\DRIVERS\serial.sys
16:48:56.0921 1300 Serial - ok
16:48:57.0218 1300 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
16:48:57.0343 1300 Sfloppy - ok
16:48:57.0546 1300 Simbad - ok
16:48:57.0796 1300 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
16:48:57.0984 1300 SLIP - ok
16:48:58.0234 1300 Sparrow - ok
16:48:58.0468 1300 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
16:48:58.0609 1300 splitter - ok
16:48:59.0078 1300 sptd (d390675b8ce45e5fb359338e5e649329) C:\WINDOWS\system32\Drivers\sptd.sys
16:48:59.0078 1300 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: d390675b8ce45e5fb359338e5e649329
16:48:59.0093 1300 sptd ( LockedFile.Multi.Generic ) - warning
16:48:59.0093 1300 sptd - detected LockedFile.Multi.Generic (1)
16:48:59.0375 1300 sr (94610c8653635e4459316a0050d55ce7) C:\WINDOWS\system32\DRIVERS\sr.sys
16:48:59.0453 1300 sr - ok
16:48:59.0828 1300 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
16:49:00.0078 1300 Srv - ok
16:49:00.0375 1300 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
16:49:00.0406 1300 ssmdrv - ok
16:49:00.0687 1300 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
16:49:00.0812 1300 streamip - ok
16:49:01.0078 1300 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
16:49:01.0203 1300 swenum - ok
16:49:01.0484 1300 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
16:49:01.0625 1300 swmidi - ok
16:49:01.0875 1300 symc810 - ok
16:49:02.0109 1300 symc8xx - ok
16:49:02.0312 1300 sym_hi - ok
16:49:02.0515 1300 sym_u3 - ok
16:49:02.0828 1300 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
16:49:02.0984 1300 sysaudio - ok
16:49:03.0359 1300 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
16:49:03.0640 1300 Tcpip - ok
16:49:03.0906 1300 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
16:49:04.0046 1300 TDPIPE - ok
16:49:04.0281 1300 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
16:49:04.0406 1300 TDTCP - ok
16:49:04.0703 1300 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
16:49:04.0843 1300 TermDD - ok
16:49:05.0171 1300 TosIde - ok
16:49:05.0515 1300 truecrypt (be45dad1c73a3216edc8c485916f6594) C:\WINDOWS\system32\drivers\truecrypt.sys
16:49:05.0625 1300 truecrypt - ok
16:49:05.0906 1300 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
16:49:06.0062 1300 Udfs - ok
16:49:06.0265 1300 ultra - ok
16:49:06.0593 1300 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
16:49:06.0906 1300 Update - ok
16:49:07.0203 1300 upperdev (ec01da44b090d2651fc032c8b9257232) C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys
16:49:07.0296 1300 upperdev - ok
16:49:07.0734 1300 USB28xxBGA (4c3180982abbc7cfa14dd21c0cbb1c22) C:\WINDOWS\system32\DRIVERS\emBDA.sys
16:49:08.0046 1300 USB28xxBGA - ok
16:49:08.0343 1300 USB28xxOEM (49b03351781de98981df0814a15dc992) C:\WINDOWS\system32\DRIVERS\emOEM.sys
16:49:08.0468 1300 USB28xxOEM - ok
16:49:08.0703 1300 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys
16:49:08.0750 1300 USBAAPL - ok
16:49:09.0062 1300 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
16:49:09.0203 1300 usbccgp - ok
16:49:09.0437 1300 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
16:49:09.0578 1300 usbehci - ok
16:49:09.0812 1300 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
16:49:09.0953 1300 usbhub - ok
16:49:10.0187 1300 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
16:49:10.0312 1300 usbscan - ok
16:49:10.0593 1300 usbser (1c888b000c2f9492f4b15b5b6b84873e) C:\WINDOWS\system32\drivers\usbser.sys
16:49:10.0734 1300 usbser - ok
16:49:11.0015 1300 UsbserFilt (4abd37cfbd710e64f01f9da8710c73f7) C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys
16:49:11.0093 1300 UsbserFilt - ok
16:49:11.0359 1300 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
16:49:11.0468 1300 USBSTOR - ok
16:49:11.0750 1300 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
16:49:11.0875 1300 usbuhci - ok
16:49:12.0156 1300 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
16:49:12.0281 1300 VgaSave - ok
16:49:12.0515 1300 ViaIde - ok
16:49:12.0781 1300 VolSnap (28a4b296b47782173c346e376cb374d1) C:\WINDOWS\system32\drivers\VolSnap.sys
16:49:12.0921 1300 VolSnap - ok
16:49:13.0203 1300 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
16:49:13.0328 1300 Wanarp - ok
16:49:13.0750 1300 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys
16:49:14.0000 1300 Wdf01000 - ok
16:49:14.0234 1300 WDICA - ok
16:49:14.0656 1300 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
16:49:14.0796 1300 wdmaud - ok
16:49:15.0203 1300 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
16:49:15.0312 1300 WpdUsb - ok
16:49:15.0609 1300 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
16:49:15.0828 1300 WS2IFSL - ok
16:49:16.0187 1300 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
16:49:16.0312 1300 WSTCODEC - ok
16:49:16.0625 1300 WudfPf (eaa6324f51214d2f6718977ec9ce0def) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
16:49:16.0703 1300 WudfPf - ok
16:49:16.0984 1300 WudfRd (f91ff1e51fca30b3c3981db7d5924252) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
16:49:17.0078 1300 WudfRd - ok
16:49:17.0343 1300 MBR (0x1B8) (413fc2a0c716421b3158746d63736515) \Device\Harddisk0\DR0
16:49:17.0656 1300 \Device\Harddisk0\DR0 - ok
16:49:17.0687 1300 Boot (0x1200) (20d58ded807eaf6702c5ffde7d128f8c) \Device\Harddisk0\DR0\Partition0
16:49:17.0687 1300 \Device\Harddisk0\DR0\Partition0 - ok
16:49:17.0718 1300 Boot (0x1200) (5bb6a209f86b007261d92abde6531570) \Device\Harddisk0\DR0\Partition1
16:49:17.0734 1300 \Device\Harddisk0\DR0\Partition1 - ok
16:49:17.0750 1300 ============================================================
16:49:17.0750 1300 Scan finished
16:49:17.0750 1300 ============================================================
16:49:17.0875 1292 Detected object count: 10
16:49:17.0875 1292 Actual detected object count: 10
16:49:54.0031 1292 AF15BDA ( UnsignedFile.Multi.Generic ) - skipped by user
16:49:54.0031 1292 AF15BDA ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:49:54.0031 1292 BlackBox ( UnsignedFile.Multi.Generic ) - skipped by user
16:49:54.0031 1292 BlackBox ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:49:54.0453 1292 VerifyFileNameVersionInfo: GetFileVersionInfoSizeW(C:\WINDOWS\system32\drivers\mrxsmb.sys) error 1813
16:49:55.0062 1292 Backup copy found, using it..
16:49:55.0218 1292 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys - will be cured on reboot
16:50:21.0343 1292 MRxSmb ( Rootkit.Win32.ZAccess.g ) - User select action: Cure
16:50:21.0343 1292 pcouffin ( UnsignedFile.Multi.Generic ) - skipped by user
16:50:21.0343 1292 pcouffin ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:50:21.0359 1292 RivaTuner32 ( UnsignedFile.Multi.Generic ) - skipped by user
16:50:21.0359 1292 RivaTuner32 ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:50:21.0359 1292 RTLE8023xp ( UnsignedFile.Multi.Generic ) - skipped by user
16:50:21.0359 1292 RTLE8023xp ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:50:21.0359 1292 SASDIFSV ( UnsignedFile.Multi.Generic ) - skipped by user
16:50:21.0359 1292 SASDIFSV ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:50:21.0359 1292 SASENUM ( UnsignedFile.Multi.Generic ) - skipped by user
16:50:21.0359 1292 SASENUM ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:50:21.0359 1292 SASKUTIL ( UnsignedFile.Multi.Generic ) - skipped by user
16:50:21.0359 1292 SASKUTIL ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:50:21.0359 1292 sptd ( LockedFile.Multi.Generic ) - skipped by user
16:50:21.0359 1292 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
16:52:50.0093 1268 Deinitialize success

melo15 · #8 Příspěvek od **melo15** » 16 lis 2011 17:44

Naughty píše: Celou složku qoobox a tdsskiller mi prosím uploudni. Já dneska končím, zitra případně dočistíme, ju?

Jasan.

qoobox a tdsskiller v příloze

Obrázek

Logfile of random's system information tool 1.09 (written by random/random)
Run by Mike at 2011-11-16 17:39:00
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 6 GB (9%) free of 60 GB
Total RAM: 1023 MB (39% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:39:14, on 16.11.2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Documents and Settings\Mike\Dokumenty\QIP Infium\infium.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Common Files\ABBYY\FineReader\10.00\Licensing\CE\NetworkLicenseServer.exe
C:\Program Files\Avira\AntiVir Desktop\avfwsvc.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\WINDOWS\system32\oodag.exe
C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
d:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\Mike\Plocha\RSIT.exe
C:\Program Files\Avira\AntiVir Desktop\usrreq.exe
C:\Program Files\trend micro\Mike.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKCU\..\Run: [Infium] "C:\Documents and Settings\Mike\Dokumenty\QIP Infium\infium.exe" /autorun
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Stáhnout s IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: Stáhnout s IDM obsah FLV videa - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Stáhnout s IDM všechny odkazy - C:\Program Files\Internet Download Manager\IEGetAll.htm
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - D:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - D:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: QIP Infium - {1EF681F7-A04B-4D6D-9012-A307CCA55610} - C:\Documents and Settings\Mike\Dokumenty\QIP Infium\infium.exe (HKCU)
O15 - Trusted Zone: http://asia.msi.com.tw
O15 - Trusted Zone: http://global.msi.com.tw
O15 - Trusted Zone: http://www.msi.com.tw
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microso ... 2083060156
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 9506134171
O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} (WebSDev Control) - http://liveupdate.msi.com.tw/autobios/L ... nstall.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: ABBYY FineReader 10 CE Licensing Service (ABBYY.Licensing.FineReader.Corporate.10.0) - ABBYY - C:\Program Files\Common Files\ABBYY\FineReader\10.00\Licensing\CE\NetworkLicenseServer.exe
O23 - Service: Avira FireWall (AntiVirFirewallService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\avfwsvc.exe
O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Realtime Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Avira Web Protection (AntiVirWebService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FC77E02E - Unknown owner - C:\WINDOWS\system32\FC77E02E.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: HDD Information Service (HDDSvc) - AltrixSoft (http://www.altrixsoft.com/) - C:\Program Files\Common Files\AltrixSoft\HDDInfoService\HDDSvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: Internet Pass-Through Service (PassThru Service) - Unknown owner - C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - d:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe

--
End of file - 11918 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

=========Mozilla firefox=========

ProfilePath - C:\Documents and Settings\Mike\Data aplikací\Mozilla\Firefox\Profiles\h1w0ji0j.default

prefs.js - "browser.search.useDBForOrder" - true
prefs.js - "browser.startup.homepage" - "http://www.seznam.cz/"
prefs.js - "extensions.enabledItems" - "{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3, anycolor.pavlos256@gmail.com:0.3.3, {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.8, firebug@software.joehewitt.com:1.6.2, {1018e4d6-728f-4b20-ad56-37578a4de76b}:4.1.1, {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.1, {7102aba3-045c-4ec2-b921-46d87636d84b}:2.10, {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}:6.0.14, {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}:6.0.15, jqs@sun.com:1.0, {20a82645-c095-46ed-80e3-08825760534b}:1.2.1, isreaditlater@ideashower.com:2.1.1, {53A03D43-5363-4669-8190-99061B2DEBA5}:1.4.2, {02450954-cdd9-410f-b1da-db804e18c671}:0.96.3, {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20100908, foxmarks@kei.com:3.9.5, elemhidehelper@adblockplus.org:1.1.1, {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.4, camifox@altmusictv.com:3.6.5, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.15"
prefs.js - "keyword.URL" - "http://search.qip.ru/search?from=FF&query="

"{20a82645-c095-46ed-80e3-08825760534b}"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
"jqs@sun.com"=C:\Program Files\Java\jre6\lib\deploy\jqs\ff

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/ShockwavePlayer]
"Description"=Adobe Shockwave Player
"Path"=C:\WINDOWS\system32\Adobe\Director\np32dsw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Apple.com/iTunes,version=]
"Description"=iTunes Detector Plug-in
"Path"=

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Apple.com/iTunes,version=1.0]
"Description"=
"Path"=D:\Program Files\iTunes\Mozilla Plugins\npitunes.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nppl3260;version=6.0.12.450]
"Description"=RealPlayer(tm) LiveConnect-Enabled Plug-In
"Path"=C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nprjplug;version=1.0.3.448]
"Description"=RealJukebox Netscape Plugin
"Path"=C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448]
"Description"=6.0.12.448
"Path"=C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=]
"Description"=
"Path"=

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18]
"Description"=Veetle TV Core
"Path"=C:\Program Files\Veetle\plugins\npVeetle.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18]
"Description"=Veetle TV Player
"Path"=C:\Program Files\Veetle\Player\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=D:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll

C:\Program Files\Mozilla Firefox\extensions\
linkfilter@kaspersky(2).ru
{972ce4c6-7e08-4474-a285-3208198ce6fd}

C:\Program Files\Mozilla Firefox\components\
binary.manifest
browsercomps.dll
nppl3260.xpt
nsIQTScriptablePlugin.xpt
nsJSRealPlayerPlugin.xpt

C:\Program Files\Mozilla Firefox\plugins\
np-mswmp.dll
npdeploytk.dll
NPOFF12.DLL
nppdf32.dll
nppl3260.dll
npqtplugin.dll
npqtplugin2.dll
npqtplugin3.dll
npqtplugin4.dll
npqtplugin5.dll
npqtplugin6.dll
npqtplugin7.dll
nprjplug.dll
nprpjplug.dll
QuickTimePlugin.class
WMP Firefox Plugin License.rtf
WMP Firefox Plugin RelNotes.txt

C:\Program Files\Mozilla Firefox\searchplugins\
google.xml
heureka-cz.xml
jyxo-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml

C:\Documents and Settings\Mike\Data aplikací\Mozilla\Firefox\Profiles\h1w0ji0j.default\extensions\
anycolor.pavlos256@gmail.com
camifox@altmusictv.com
foxmarks@kei.com
fullscreen-video@design-noir.de
plugin2@gameplaylabs.com
{02450954-cdd9-410f-b1da-db804e18c671}
{1018e4d6-728f-4b20-ad56-37578a4de76b}
{20a82645-c095-46ed-80e3-08825760534b}
{32a1fd71-835e-4b11-8e54-886fda0b4c89}
{7102aba3-045c-4ec2-b921-46d87636d84b}
{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
{FC5BAC7D-D696-4ba6-B913-CF8F000C33DF}

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8}]
IDMIEHlprObj Class - C:\Program Files\Internet Download Manager\IDMIECC.dll [2009-05-07 169392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2DB66063-BB98-466A-AA0D-3E7ACF5ED853}]
WebTransBHO Class - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll [2009-07-11 520192]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-07-25 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-07-25 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{BFC32E1D-EE75-4A48-BC60-104E11EE2431} - WebTranslator - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll [2009-07-11 520192]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2006-05-18 16207872]
"SkyTel"=C:\WINDOWS\SkyTel.EXE [2006-05-16 2879488]
"BluetoothAuthenticationAgent"=bthprops.cpl,,BluetoothAuthenticationAgent []
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2011-10-05 258512]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2010-02-10 61440]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Infium"=C:\Documents and Settings\Mike\Dokumenty\QIP Infium\infium.exe [2010-03-16 5739472]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2008-12-22 356352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2010-02-11 155648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-02-12 190976]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2008-04-27 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\27805891.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\27805891.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Documents and Settings\Marie\Local Settings\Data aplikací\Skype\Phone\Skype.exe"="C:\Documents and Settings\Marie\Local Settings\Data aplikací\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"D:\Games\KONAMI\Pro Evolution Soccer 2012\pes2012.exe"="D:\Games\KONAMI\Pro Evolution Soccer 2012\pes2012.exe:*:Enabled:Pro Evolution Soccer 2012"
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe"="C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"D:\Program Files\iTunes\iTunes.exe"="D:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"VIDC.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"VIDC.IYUV"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVU9"=tsbyuv.dll
"VIDC.YVYU"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll
"VIDC.DIVX"=divx.dll
"VIDC.XVID"=xvidvfw.dll
"VIDC.YV12"=xvidvfw.dll
"msacm.ac3acm"=ac3acm.acm
"msacm.lameacm"=lameACM.acm
"VIDC.FFDS"=ff_vfw.dll

======List of files/folders created in the last 1 month======

2011-11-16 17:39:00 ----D---- C:\rsit
2011-11-16 17:10:51 ----N---- C:\WINDOWS\system32\ati2sgag.exe
2011-11-16 17:10:07 ----D---- C:\Program Files\ATI Technologies
2011-11-16 16:53:49 ----A---- C:\WINDOWS\SchedLgU.Txt
2011-11-16 16:47:27 ----A---- C:\TDSSKiller.2.6.19.0_16.11.2011_16.47.27_log.txt
2011-11-16 16:17:19 ----A---- C:\WINDOWS\system32\drivers\BlackBox.sys
2011-11-16 14:40:37 ----A---- C:\WINDOWS\WININIT.INI
2011-11-16 14:26:21 ----D---- C:\Avenger
2011-11-16 14:26:21 ----A---- C:\avenger.txt
2011-11-15 23:34:17 ----D---- C:\WINDOWS\temp
2011-11-15 23:34:16 ----A---- C:\ComboFix.txt
2011-11-15 23:14:38 ----A---- C:\WINDOWS\zip.exe
2011-11-15 23:14:38 ----A---- C:\WINDOWS\SWXCACLS.exe
2011-11-15 23:14:38 ----A---- C:\WINDOWS\SWSC.exe
2011-11-15 23:14:38 ----A---- C:\WINDOWS\SWREG.exe
2011-11-15 23:14:38 ----A---- C:\WINDOWS\sed.exe
2011-11-15 23:14:38 ----A---- C:\WINDOWS\PEV.exe
2011-11-15 23:14:38 ----A---- C:\WINDOWS\NIRCMD.exe
2011-11-15 23:14:38 ----A---- C:\WINDOWS\MBR.exe
2011-11-15 23:14:38 ----A---- C:\WINDOWS\grep.exe
2011-11-15 23:14:23 ----D---- C:\Qoobox
2011-11-15 15:55:42 ----D---- C:\TDSSKiller_Quarantine
2011-11-15 15:54:12 ----A---- C:\TDSSKiller.2.4.0.0_15.11.2011_15.54.12_log.txt
2011-11-15 15:44:03 ----A---- C:\TDSSKiller.2.4.0.0_15.11.2011_15.44.03_log.txt
2011-11-15 15:10:14 ----A---- C:\WINDOWS\system32\drivers\imapi.sys
2011-11-14 20:43:43 ----A---- C:\WINDOWS\ntbtlog.txt
2011-11-12 12:25:34 ----D---- C:\Documents and Settings\Mike\Data aplikací\Mp3tag
2011-10-24 20:58:41 ----HDC---- C:\WINDOWS\$NtUninstallKB2564958$
2011-10-24 20:57:23 ----HDC---- C:\WINDOWS\$NtUninstallKB2592799$
2011-10-24 20:44:49 ----HDC---- C:\WINDOWS\$NtUninstallKB2567053$
2011-10-24 20:44:29 ----HDC---- C:\WINDOWS\$NtUninstallKB2616676-v2$
2011-10-24 20:38:38 ----N---- C:\WINDOWS\system32\spmsg.dll
2011-10-24 20:38:36 ----HDC---- C:\WINDOWS\$NtUninstallKB2570947$
2011-10-24 19:11:09 ----D---- C:\Documents and Settings\Mike\Data aplikací\PC Suite
2011-10-24 19:11:03 ----D---- C:\Documents and Settings\All Users\Data aplikací\PC Suite
2011-10-24 19:07:24 ----A---- C:\WINDOWS\system32\drivers\pccsmcfd.sys
2011-10-24 19:06:46 ----D---- C:\Program Files\PC Connectivity Solution
2011-10-24 19:06:12 ----A---- C:\WINDOWS\system32\wdfcoinstaller01009.dll
2011-10-24 19:06:12 ----A---- C:\WINDOWS\system32\ccdcmbwu.dll
2011-10-24 19:04:25 ----D---- C:\Documents and Settings\All Users\Data aplikací\Installations
2011-10-17 16:14:52 ----A---- C:\WINDOWS\system32\drivers\ANDROIDUSB.sys
2011-10-17 16:13:29 ----D---- C:\Documents and Settings\Mike\Data aplikací\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1
2011-10-17 16:11:19 ----D---- C:\Documents and Settings\Mike\Data aplikací\HTC
2011-10-17 16:09:31 ----D---- C:\Program Files\Spirent Communications
2011-10-17 16:09:09 ----D---- C:\Program Files\HTC
2011-10-17 16:09:03 ----D---- C:\Program Files\Common Files\Adobe AIR
2011-10-17 16:07:57 ----HDC---- C:\WINDOWS\$NtUninstallWMFDist11$

======List of files/folders modified in the last 1 month======

2011-11-16 17:39:06 ----D---- C:\Program Files\trend micro
2011-11-16 17:35:20 ----D---- C:\WINDOWS\Prefetch
2011-11-16 17:29:45 ----D---- C:\WINDOWS\system32\CatRoot2
2011-11-16 17:19:47 ----RSD---- C:\WINDOWS\assembly
2011-11-16 17:19:34 ----D---- C:\WINDOWS\WinSxS
2011-11-16 17:19:21 ----HD---- C:\WINDOWS\inf
2011-11-16 17:19:20 ----D---- C:\WINDOWS
2011-11-16 17:12:35 ----SHD---- C:\WINDOWS\Installer
2011-11-16 17:12:35 ----D---- C:\Config.Msi
2011-11-16 17:10:51 ----D---- C:\WINDOWS\system32
2011-11-16 17:10:38 ----D---- C:\WINDOWS\system32\drivers
2011-11-16 17:10:07 ----RD---- C:\Program Files
2011-11-16 16:57:38 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2011-11-16 14:03:54 ----SHD---- C:\System Volume Information
2011-11-15 23:29:14 ----A---- C:\WINDOWS\system.ini
2011-11-15 23:25:36 ----D---- C:\WINDOWS\AppPatch
2011-11-15 23:25:35 ----D---- C:\Program Files\Common Files
2011-11-15 23:14:29 ----D---- C:\WINDOWS\ERDNT
2011-11-15 17:51:33 ----AD---- C:\Documents and Settings\All Users\Data aplikací\TEMP
2011-11-15 15:40:26 ----SD---- C:\WINDOWS\Tasks
2011-11-15 15:35:33 ----D---- C:\WINDOWS\system32\drivers\etc
2011-11-15 15:11:39 ----D---- C:\WINDOWS\system32\config
2011-11-14 20:30:05 ----D---- C:\WINDOWS\Debug
2011-11-12 16:39:28 ----D---- C:\Documents and Settings\Mike\Data aplikací\vlc
2011-11-11 16:56:30 ----D---- C:\Program Files\Mozilla Firefox
2011-11-03 19:16:58 ----D---- C:\Documents and Settings\Mike\Data aplikací\Skype
2011-10-25 09:29:31 ----RSHDC---- C:\WINDOWS\system32\dllcache
2011-10-25 09:29:31 ----D---- C:\Program Files\Microsoft Silverlight
2011-10-25 09:29:31 ----D---- C:\Program Files\Internet Explorer
2011-10-24 21:03:44 ----D---- C:\WINDOWS\ie8updates
2011-10-24 21:02:59 ----HD---- C:\WINDOWS\$hf_mig$
2011-10-24 20:59:48 ----D---- C:\Documents and Settings\All Users\Data aplikací\Microsoft Help
2011-10-24 20:58:03 ----D---- C:\WINDOWS\Microsoft.NET
2011-10-24 19:42:59 ----D---- C:\Program Files\Common Files\Nokia
2011-10-24 19:42:58 ----D---- C:\Program Files\Nokia
2011-10-24 19:42:22 ----DC---- C:\WINDOWS\system32\DRVSTORE
2011-10-24 19:14:20 ----D---- C:\WINDOWS\system32\drivers\UMDF
2011-10-22 13:05:12 ----A---- C:\WINDOWS\NeroDigital.ini
2011-10-20 20:19:05 ----D---- C:\WINDOWS\security
2011-10-19 13:41:11 ----D---- C:\WINDOWS\system32\NtmsData
2011-10-19 13:40:28 ----D---- C:\WINDOWS\Registration
2011-10-19 13:40:10 ----D---- C:\Program Files\Hard Drive Inspector
2011-10-17 16:09:05 ----D---- C:\Documents and Settings\Mike\Data aplikací\Adobe
2011-10-17 16:09:05 ----D---- C:\Documents and Settings\All Users\Data aplikací\Adobe
2011-10-17 16:09:04 ----D---- C:\Program Files\Adobe
2011-10-17 16:06:30 ----D---- C:\Program Files\MSXML 4.0

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 BlackBox;BlackBox SR2; C:\WINDOWS\system32\drivers\BlackBox.sys [2011-11-16 35712]
R0 ohci1394;Hostitelský řadič IEEE 1394 dle standardu OHCI VIA; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2008-04-14 61696]
R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2009-12-22 685816]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2009-07-13 91904]
R1 avfwot;avfwot; C:\WINDOWS\system32\DRIVERS\avfwot.sys [2011-09-16 111160]
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2011-09-18 134344]
R1 avkmgr;avkmgr; C:\WINDOWS\system32\DRIVERS\avkmgr.sys [2011-09-15 36000]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2010-06-17 28520]
R1 truecrypt;truecrypt; C:\WINDOWS\System32\drivers\truecrypt.sys [2011-01-02 231248]
R1 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-10-25 12032]
R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2011-09-15 74640]
R3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-27 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2010-02-11 3565056]
R3 avfwim;AvFw Packet Filter Miniport; C:\WINDOWS\system32\DRIVERS\avfwim.sys [2011-09-16 91096]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HTCAND32;HTC Device Driver; C:\WINDOWS\System32\Drivers\ANDROIDUSB.sys [2009-06-10 24576]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-05-16 4275712]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-27 61824]
R3 PAC207;Webcam 1200; C:\WINDOWS\system32\DRIVERS\PFC027.SYS [2007-06-29 611584]
R3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2010-01-02 47360]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2006-06-19 81792]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2009-07-14 444136]
S3 61883;61883 Unit Device; C:\WINDOWS\system32\DRIVERS\61883.sys [2008-04-13 48128]
S3 AF15BDA;AF9015 BDA Filter; C:\WINDOWS\system32\DRIVERS\AF15BDA.sys [2008-04-30 449408]
S3 ak4ljp92;ak4ljp92; C:\WINDOWS\system32\drivers\ak4ljp92.sys []
S3 Avc;AVC Device; C:\WINDOWS\system32\DRIVERS\avc.sys [2008-04-13 38912]
S3 BthEnum;Ovladač pro Bluetooth Request Block; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2008-04-13 17024]
S3 BTHMODEM;Ovladač komunikace modemu Bluetooth; C:\WINDOWS\system32\DRIVERS\bthmodem.sys [2008-04-13 37888]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2008-04-13 101120]
S3 BTHPORT;Ovladač portu Bluetooth; C:\WINDOWS\System32\Drivers\BTHport.sys [2008-06-14 272128]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2008-04-13 18944]
S3 catchme;catchme; \??\C:\DOCUME~1\Mike\LOCALS~1\Temp\catchme.sys []
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 FGCWL;FGCWL; \??\d:\Program Files\Fortres Grand\Virtual Sandbox\FGCWL.sys []
S3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
S3 htcnprot;HTC NDIS Protocol Driver; C:\WINDOWS\system32\DRIVERS\htcnprot.sys [2010-06-22 21248]
S3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2008-04-27 12160]
S3 MPE;Filtr MPE BDA; C:\WINDOWS\system32\DRIVERS\MPE.sys [2008-04-13 15232]
S3 MSDV;Microsoft DV Camera and VCR; C:\WINDOWS\system32\DRIVERS\msdv.sys [2008-04-13 51200]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 nmwcd;Nokia USB Phone Parent Driver; C:\WINDOWS\system32\drivers\ccdcmb.sys [2011-05-18 18176]
S3 nmwcdc;Nokia USB Communication Driver; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2011-05-18 23168]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2008-04-13 59136]
S3 RivaTuner32;RivaTuner32; \??\C:\Program Files\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner32.sys []
S3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2011-05-18 8192]
S3 USB28xxBGA;USB 2863 Device; C:\WINDOWS\system32\DRIVERS\emBDA.sys [2008-05-14 535040]
S3 USB28xxOEM;USB 28xx OEM Filter; C:\WINDOWS\system32\DRIVERS\emOEM.sys [2008-05-14 286208]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2011-05-10 42496]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 usbser;USB Modem Driver; C:\WINDOWS\system32\drivers\usbser.sys [2008-04-13 26112]
S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2011-05-18 8192]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2008-04-27 38528]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2009-07-13 132224]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ABBYY.Licensing.FineReader.Corporate.10.0;ABBYY FineReader 10 CE Licensing Service; C:\Program Files\Common Files\ABBYY\FineReader\10.00\Licensing\CE\NetworkLicenseServer.exe [2010-05-07 814344]
R2 AntiVirFirewallService;Avira FireWall; C:\Program Files\Avira\AntiVir Desktop\avfwsvc.exe [2011-10-05 616400]
R2 AntiVirService;Avira Realtime Protection; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2011-10-05 110032]
R2 AntiVirSchedulerService;Avira Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2011-10-05 86224]
R2 AntiVirWebService;Avira Web Protection; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [2011-10-05 463824]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2011-10-09 55144]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2010-02-11 602112]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2011-08-30 390504]
R2 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-07-25 153376]
R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe [2009-09-23 935208]
R2 O&O Defrag;O&O Defrag; C:\WINDOWS\system32\oodag.exe [2009-04-08 1377536]
R2 PassThru Service;Internet Pass-Through Service; C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe [2011-08-12 87040]
R2 StarWindServiceAE;StarWind AE Service; d:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2007-05-28 275968]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service; C:\WINDOWS\System32\TUProgSt.exe [2010-01-09 603904]
R2 UxTuneUp;TuneUp Theme Extension; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2010-02-10 593920]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 FC77E02E;FC77E02E; C:\WINDOWS\system32\FC77E02E.exe []
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-07-11 654848]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 HDDSvc;HDD Information Service; C:\Program Files\Common Files\AltrixSoft\HDDInfoService\HDDSvc.exe [2010-01-12 458432]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2011-10-09 821608]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 65888]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2011-06-08 633856]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service; C:\WINDOWS\System32\TuneUpDefragService.exe [2010-01-09 360192]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S4 AntiVirMailService;Avira Mail Protection; C:\Program Files\Avira\AntiVir Desktop\avmailc.exe [2011-10-05 342480]
S4 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

melo15 · #9 Příspěvek od **melo15** » 16 lis 2011 22:48

Avira Internet Security 2012
Report file date: 16. listopadu 2011 19:22

Scanning for 3547867 virus strains and unwanted programs.

The program is running as an unrestricted full version.
Online services are available:

Platform : Windows XP
Windows version : (Service Pack 3) [5.1.2600]
Boot mode : Normally booted
Username : SYSTEM
Computer name : MELO15

Version information:
BUILD.DAT : 12.0.0.823 48539 Bytes 19.10.2011 19:07:00
AVSCAN.EXE : 12.1.0.18 490448 Bytes 25.10.2011 10:12:11
AVSCAN.DLL : 12.1.0.17 54224 Bytes 23.9.2011 11:34:56
LUKE.DLL : 12.1.0.17 68304 Bytes 5.10.2011 08:11:54
AVSCPLR.DLL : 12.1.0.19 99536 Bytes 5.10.2011 08:11:44
AVREG.DLL : 12.1.0.22 226512 Bytes 25.10.2011 10:12:12
VBASE000.VDF : 7.10.0.0 19875328 Bytes 6.11.2009 18:18:34
VBASE001.VDF : 7.11.0.0 13342208 Bytes 14.12.2010 09:07:39
VBASE002.VDF : 7.11.3.0 1950720 Bytes 9.2.2011 15:08:51
VBASE003.VDF : 7.11.5.225 1980416 Bytes 7.4.2011 10:00:55
VBASE004.VDF : 7.11.8.178 2354176 Bytes 31.5.2011 10:18:22
VBASE005.VDF : 7.11.10.251 1788416 Bytes 7.7.2011 12:12:53
VBASE006.VDF : 7.11.13.60 6411776 Bytes 16.8.2011 07:26:09
VBASE007.VDF : 7.11.15.106 2389504 Bytes 5.10.2011 09:44:27
VBASE008.VDF : 7.11.15.107 2048 Bytes 5.10.2011 09:44:27
VBASE009.VDF : 7.11.15.108 2048 Bytes 5.10.2011 09:44:27
VBASE010.VDF : 7.11.15.109 2048 Bytes 5.10.2011 09:44:27
VBASE011.VDF : 7.11.15.110 2048 Bytes 5.10.2011 09:44:27
VBASE012.VDF : 7.11.15.111 2048 Bytes 5.10.2011 09:44:27
VBASE013.VDF : 7.11.15.144 161792 Bytes 7.10.2011 14:10:16
VBASE014.VDF : 7.11.15.177 130048 Bytes 10.10.2011 14:10:16
VBASE015.VDF : 7.11.15.213 113664 Bytes 11.10.2011 14:10:17
VBASE016.VDF : 7.11.16.1 163328 Bytes 14.10.2011 14:10:17
VBASE017.VDF : 7.11.16.34 187904 Bytes 18.10.2011 16:10:54
VBASE018.VDF : 7.11.16.77 139264 Bytes 20.10.2011 14:11:06
VBASE019.VDF : 7.11.16.112 162816 Bytes 24.10.2011 10:11:33
VBASE020.VDF : 7.11.16.150 167424 Bytes 26.10.2011 16:12:13
VBASE021.VDF : 7.11.16.187 171520 Bytes 28.10.2011 18:12:37
VBASE022.VDF : 7.11.16.209 190976 Bytes 31.10.2011 15:13:04
VBASE023.VDF : 7.11.16.243 158208 Bytes 2.11.2011 19:13:22
VBASE024.VDF : 7.11.17.21 194560 Bytes 6.11.2011 19:14:08
VBASE025.VDF : 7.11.17.101 202752 Bytes 9.11.2011 15:14:37
VBASE026.VDF : 7.11.17.137 214528 Bytes 11.11.2011 15:14:43
VBASE027.VDF : 7.11.17.154 278528 Bytes 14.11.2011 16:47:48
VBASE028.VDF : 7.11.17.197 175616 Bytes 16.11.2011 16:47:48
VBASE029.VDF : 7.11.17.198 2048 Bytes 16.11.2011 16:47:48
VBASE030.VDF : 7.11.17.199 2048 Bytes 16.11.2011 16:47:48
VBASE031.VDF : 7.11.17.200 2048 Bytes 16.11.2011 16:47:48
Engineversion : 8.2.6.112
AEVDF.DLL : 8.1.2.2 106868 Bytes 25.10.2011 20:12:12
AESCRIPT.DLL : 8.1.3.85 463227 Bytes 10.11.2011 17:14:49
AESCN.DLL : 8.1.7.2 127349 Bytes 1.9.2011 21:46:02
AESBX.DLL : 8.2.1.34 323957 Bytes 1.9.2011 21:46:02
AERDL.DLL : 8.1.9.15 639348 Bytes 8.9.2011 21:16:06
AEPACK.DLL : 8.2.13.4 684406 Bytes 10.11.2011 17:14:48
AEOFFICE.DLL : 8.1.2.19 201084 Bytes 3.11.2011 17:13:30
AEHEUR.DLL : 8.1.2.190 3813752 Bytes 10.11.2011 17:14:48
AEHELP.DLL : 8.1.18.0 254327 Bytes 25.10.2011 20:12:10
AEGEN.DLL : 8.1.5.13 405877 Bytes 7.11.2011 19:14:20
AEEMU.DLL : 8.1.3.0 393589 Bytes 1.9.2011 21:46:01
AECORE.DLL : 8.1.24.0 196983 Bytes 25.10.2011 20:12:10
AEBB.DLL : 8.1.1.0 53618 Bytes 1.9.2011 21:46:01
AVWINLL.DLL : 12.1.0.17 27344 Bytes 5.10.2011 08:11:45
AVPREF.DLL : 12.1.0.17 51920 Bytes 5.10.2011 08:11:44
AVREP.DLL : 12.1.0.17 179920 Bytes 5.10.2011 08:11:44
AVARKT.DLL : 12.1.0.17 223184 Bytes 5.10.2011 08:11:40
AVEVTLOG.DLL : 12.1.0.17 169168 Bytes 5.10.2011 08:11:42
SQLITE3.DLL : 3.7.0.0 398288 Bytes 5.10.2011 08:11:59
AVSMTP.DLL : 12.1.0.17 63440 Bytes 5.10.2011 08:11:45
NETNT.DLL : 12.1.0.17 17104 Bytes 5.10.2011 08:11:54
RCIMAGE.DLL : 12.1.0.17 4821200 Bytes 5.10.2011 08:12:04
RCTEXT.DLL : 12.1.0.16 96208 Bytes 23.9.2011 11:37:18

Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: C:\Program Files\Avira\AntiVir Desktop\sysscan.avp
Logging.............................: default
Primary action......................: repair
Secondary action....................: delete
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:, D:,
Process scan........................: on
Extended process scan...............: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: extended
Skipped files.......................: D:\Games\KONAMI\Pro Evolution Soccer 2010\pes2010.exe,

Start of the scan: 16. listopadu 2011 19:22

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!

Starting search for hidden objects.
HKEY_LOCAL_MACHINE\Sam\SAM\Domains\Account\Users\000001f4
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\Sam\SAM\Domains\Account\Users\000001f5
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\Sam\SAM\Domains\Account\Users\000003e8
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\Sam\SAM\Domains\Account\Users\000003ea
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\Sam\SAM\Domains\Account\Users\000003eb
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\Sam\SAM\Domains\Account\Users\000003ec
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\Sam\SAM\Domains\Account\Users\000003ed
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\Sam\SAM\Domains\Account\Users\000003ee
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\Sam\SAM\Domains\Account\Users\000003ef
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\Sam\SAM\Domains\Account\Users\000003f0
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\Sam\SAM\Domains\Account\Users\names
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\System\oodefrag11.00.00.01workstation
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\ControlSet001\Services\BTHPORT\Parameters\Keys\000272d1d2d5
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\ControlSet002\Services\BTHPORT\Parameters\Keys\000272d1d2d5
[NOTE] The registry entry is invisible.

The scan of running processes will be started
Scan process 'rsmsink.exe' - '29' Module(s) have been scanned
Scan process 'msdtc.exe' - '40' Module(s) have been scanned
Scan process 'dllhost.exe' - '63' Module(s) have been scanned
Scan process 'dllhost.exe' - '45' Module(s) have been scanned
Scan process 'vssvc.exe' - '48' Module(s) have been scanned
Scan process 'avscan.exe' - '67' Module(s) have been scanned
Scan process 'avcenter.exe' - '82' Module(s) have been scanned
Scan process 'rundll32.exe' - '48' Module(s) have been scanned
Scan process 'plugin-container.exe' - '78' Module(s) have been scanned
Scan process 'firefox.exe' - '145' Module(s) have been scanned
Scan process 'alg.exe' - '35' Module(s) have been scanned
Scan process 'wmiapsrv.exe' - '45' Module(s) have been scanned
Scan process 'wscntfy.exe' - '18' Module(s) have been scanned
Scan process 'AVWEBGRD.EXE' - '38' Module(s) have been scanned
Scan process 'TUProgSt.exe' - '30' Module(s) have been scanned
Scan process 'avshadow.exe' - '26' Module(s) have been scanned
Scan process 'svchost.exe' - '42' Module(s) have been scanned
Scan process 'StarWindServiceAE.exe' - '33' Module(s) have been scanned
Scan process 'PassThruSvr.exe' - '60' Module(s) have been scanned
Scan process 'oodag.exe' - '33' Module(s) have been scanned
Scan process 'NBService.exe' - '49' Module(s) have been scanned
Scan process 'jqs.exe' - '88' Module(s) have been scanned
Scan process 'svchost.exe' - '34' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '29' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '61' Module(s) have been scanned
Scan process 'avguard.exe' - '81' Module(s) have been scanned
Scan process 'avfwsvc.exe' - '55' Module(s) have been scanned
Scan process 'NetworkLicenseServer.exe' - '29' Module(s) have been scanned
Scan process 'ccc.exe' - '99' Module(s) have been scanned
Scan process 'ctfmon.exe' - '25' Module(s) have been scanned
Scan process 'MOM.exe' - '62' Module(s) have been scanned
Scan process 'infium.exe' - '93' Module(s) have been scanned
Scan process 'avgnt.exe' - '81' Module(s) have been scanned
Scan process 'rundll32.exe' - '34' Module(s) have been scanned
Scan process 'RTHDCPL.EXE' - '37' Module(s) have been scanned
Scan process 'Explorer.EXE' - '145' Module(s) have been scanned
Scan process 'sched.exe' - '39' Module(s) have been scanned
Scan process 'spoolsv.exe' - '59' Module(s) have been scanned
Scan process 'svchost.exe' - '38' Module(s) have been scanned
Scan process 'svchost.exe' - '33' Module(s) have been scanned
Scan process 'Ati2evxx.exe' - '31' Module(s) have been scanned
Scan process 'svchost.exe' - '31' Module(s) have been scanned
Scan process 'svchost.exe' - '166' Module(s) have been scanned
Scan process 'svchost.exe' - '42' Module(s) have been scanned
Scan process 'svchost.exe' - '51' Module(s) have been scanned
Scan process 'Ati2evxx.exe' - '28' Module(s) have been scanned
Scan process 'lsass.exe' - '59' Module(s) have been scanned
Scan process 'services.exe' - '27' Module(s) have been scanned
Scan process 'winlogon.exe' - '80' Module(s) have been scanned
Scan process 'csrss.exe' - '12' Module(s) have been scanned
Scan process 'smss.exe' - '2' Module(s) have been scanned

Starting to scan executable files (registry).
The registry was scanned ( '3906' files ).

Starting the file scan:

Begin scan in 'C:\'
C:\Documents and Settings\Mike\Dokumenty\Japonstina\herramientasjapones-tomasf\Japanese Dictionary 1.2.2210\setup.exe
[0] Archive type: Inno Setup
--> {app}\regapp.exe
[DETECTION] Contains a recognition pattern of the (harmful) BDS/Gendal.655119 back-door program
[NOTE] A backup was created as '4da89788.qua' ( QUARANTINE )
[NOTE] The file was deleted!
C:\Documents and Settings\Mike\Dokumenty\Mobile\N82\Aplikace\Best Profiles + keygen\Bestkey2.exe
[DETECTION] Is the TR/Agent.35328.41 Trojan
[NOTE] A backup was created as '5530be38.qua' ( QUARANTINE )
[NOTE] The file was deleted!
C:\Documents and Settings\Mike\Dokumenty\Mobile\N82\Hry\Stolen in 60s\Keygen.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] A backup was created as '0765e55e.qua' ( QUARANTINE )
[NOTE] The file was deleted!
C:\Program Files\Oxygen Software\OPM2\lex.exe
[DETECTION] Is the TR/Agent.ZUW.2 Trojan
[NOTE] A backup was created as '61538bee.qua' ( QUARANTINE )
[NOTE] The file was deleted!
C:\System Volume Information\_restore{517757C6-82BC-462C-AA76-35963B8FB75D}\RP1\A0000814.exe
[DETECTION] Is the TR/Agent.ZUW.2 Trojan
[NOTE] A backup was created as '251fa615.qua' ( QUARANTINE )
[NOTE] The file was deleted!
Begin scan in 'D:\'

End of the scan: 16. listopadu 2011 22:46
Used time: 3:23:38 Hour(s)

The scan has been done completely.

26328 Scanned directories
586384 Files were scanned
5 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
5 Files were deleted
0 Viruses and unwanted programs were repaired
5 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
586379 Files not concerned
5261 Archives were scanned
0 Warnings
19 Notes
678410 Objects were scanned with rootkit scan
14 Hidden objects were found

melo15 · #10 Příspěvek od **melo15** » 18 lis 2011 14:11

http://www.virustotal.com/file-scan/com ... 1321621013#
http://www.virustotal.com/file-scan/com ... 1321621248#
http://www.virustotal.com/file-scan/com ... 1321621375#

Obrázek

edit: blokovala to Avira.

Na céčku se nic nevytvořilo, pouze na ploše se vytvořila složka obsahující swreg.

Obrázek

Můžu poprosit o oficiální zdroj T-Cleaneru? Ani pomocí googlu se mi nepodařilo vypátrat, jen na ulozto atp.

melo15 · #11 Příspěvek od **melo15** » 18 lis 2011 14:38

Ještě k té virtuální mechanice, všimnul jsem si, že byla 1 navíc, ale myslel jsem si, že to způsobil Alcohol.

CCScheck.exe
SWreg.exe courtesy of Bobbi Flekman
Run at: 14:37:31,75
On pá 18.11.2011

Run from C:\Documents and Settings\Mike\Plocha\CCSkeys

SteelWerX Registry Console Tool 3.0
Written by Bobbi Flekman 2006 (C)

HKEY_LOCAL_MACHINE\system\currentcontrolset\services\cryptsvc
DependOnService REG_MULTI_SZ RpcSs\0\0
Description REG_SZ Poskytuje tři služby pro správu: Databázovou službu katalogu, která potvrzuje podpisy souborů systému Windows; službu Ochrany kořenových certifikátů, která přidává a odebírá důvěryhodné kořenové Certifikační úřady; službu Správy klíčů, která pomáhá přihlásit počítač k odběru certifikátů. Je-li tato služba zastavena, nebudou tyto služby správy správně fungovat. Je-li tato služba zakázána, pak se spuštění všech služeb výslovně závislých na této službě nezdaří.
DisplayName REG_SZ CryptSvc
ErrorControl REG_DWORD 1 (0x1)
ImagePath REG_EXPAND_SZ %SystemRoot%\system32\svchost.exe -k netsvcs
ObjectName REG_SZ LocalSystem
Start REG_DWORD 2 (0x2)
Type REG_DWORD 32 (0x20)

HKEY_LOCAL_MACHINE\system\currentcontrolset\services\cryptsvc\Parameters
ServiceDll REG_EXPAND_SZ %SystemRoot%\System32\cryptsvc.dll
ServiceMain REG_SZ CryptServiceMain

HKEY_LOCAL_MACHINE\system\currentcontrolset\services\cryptsvc\Security
Security REG_BINARY 00000e0001

HKEY_LOCAL_MACHINE\system\currentcontrolset\services\cryptsvc\Enum
0 REG_SZ Root\LEGACY_CRYPTSVC\0000
Count REG_DWORD 1 (0x1)
NextInstance REG_DWORD 1 (0x1)

SteelWerX Registry Console Tool 3.0
Written by Bobbi Flekman 2006 (C)

HKEY_LOCAL_MACHINE\system\currentcontrolset\services\seclogon
Description REG_SZ Umožňuje spouštění procesů s jiným pověřením. Je-li služba zastaven, nebude tento typ přihlašovacího přístupu k dispozici. Je-li tato služba zakázána, pak se spuštění všech služeb výslovně závislých na této službě nezdaří.
DisplayName REG_SZ Secondary Logon
ErrorControl REG_DWORD 0 (0x0)
ImagePath REG_EXPAND_SZ %SystemRoot%\System32\svchost.exe -k netsvcs
Objectname REG_SZ LocalSystem
Start REG_DWORD 2 (0x2)
Type REG_DWORD 288 (0x120)

HKEY_LOCAL_MACHINE\system\currentcontrolset\services\seclogon\Parameters
ServiceDll REG_EXPAND_SZ %SystemRoot%\System32\seclogon.dll
ServiceMain REG_SZ SvcEntry_Seclogon

HKEY_LOCAL_MACHINE\system\currentcontrolset\services\seclogon\Security
Security REG_BINARY 01001480900000009c000000140000003000000002001c000100000002801400ff010f000101000000000001000000000200600004000000000014008d01020001010000000000050b000000000018009d0102000102000000000005200000002302000000001800ff010f000102000000000005200000002002000000001400fd010200010100000000000512000000010100000000000512000000010100000000000512000000

HKEY_LOCAL_MACHINE\system\currentcontrolset\services\seclogon\Enum
0 REG_SZ Root\LEGACY_SECLOGON\0000
Count REG_DWORD 1 (0x1)
NextInstance REG_DWORD 1 (0x1)

SteelWerX Registry Console Tool 3.0
Written by Bobbi Flekman 2006 (C)

HKEY_LOCAL_MACHINE\system\currentcontrolset\services\spooler
DependOnService REG_MULTI_SZ RPCSS\0\0
Description REG_SZ Načítá soubory do paměti pro pozdější tisk.
DisplayName REG_SZ Zařazování tisku
ErrorControl REG_DWORD 1 (0x1)
Group REG_SZ SpoolerGroup
ImagePath REG_EXPAND_SZ %SystemRoot%\system32\spoolsv.exe
ObjectName REG_SZ LocalSystem
Start REG_DWORD 2 (0x2)
Type REG_DWORD 272 (0x110)

HKEY_LOCAL_MACHINE\system\currentcontrolset\services\spooler\Parameters

HKEY_LOCAL_MACHINE\system\currentcontrolset\services\spooler\Performance
Close REG_SZ PerfClose
Collect REG_SZ PerfCollect
Collect Timeout REG_DWORD 2000 (0x7d0)
Library REG_SZ winspool.drv
Object List REG_SZ 1450
Open REG_SZ PerfOpen
Open Timeout REG_DWORD 4000 (0xfa0)
WbemAdapFileSignature REG_BINARY bd83aba61e8accc8d9ffb869f29418ce00
WbemAdapFileTime REG_BINARY 002952e37a79c401
WbemAdapFileSize REG_DWORD 146432 (0x23c00)
WbemAdapStatus REG_DWORD 0 (0x0)

HKEY_LOCAL_MACHINE\system\currentcontrolset\services\spooler\Security
Security REG_BINARY 01001480900000009c000000140000003000000002001c000100000002801400ff010f000101000000000001000000000200600004000000000014008d01020001010000000000050b000000000018009d0102000102000000000005200000002302000000001800ff010f000102000000000005200000002002000000001400fd010200010100000000000512000000010100000000000512000000010100000000000512000000

HKEY_LOCAL_MACHINE\system\currentcontrolset\services\spooler\Enum
0 REG_SZ Root\LEGACY_SPOOLER\0000
Count REG_DWORD 1 (0x1)
NextInstance REG_DWORD 1 (0x1)

SteelWerX Registry Console Tool 3.0
Written by Bobbi Flekman 2006 (C)

HKEY_LOCAL_MACHINE\system\currentcontrolset\services\wscsvc
Type REG_DWORD 32 (0x20)
Start REG_DWORD 2 (0x2)
ErrorControl REG_DWORD 1 (0x1)
ImagePath REG_EXPAND_SZ %SystemRoot%\System32\svchost.exe -k netsvcs
DisplayName REG_SZ Centrum zabezpečení
DependOnService REG_MULTI_SZ RpcSs\0winmgmt\0\0
ObjectName REG_SZ LocalSystem
Description REG_SZ Monitoruje nastavení zabezpečení systému.

HKEY_LOCAL_MACHINE\system\currentcontrolset\services\wscsvc\Parameters
ServiceDll REG_EXPAND_SZ %SYSTEMROOT%\system32\wscsvc.dll

HKEY_LOCAL_MACHINE\system\currentcontrolset\services\wscsvc\Security
Security REG_BINARY 01001480900000009c000000140000003000000002001c000100000002801400ff010f00010100000000000100000000020060000400000000001400fd01020001010000000000051200000000001800ff010f0001020000000000052000000020020000000014008d01020001010000000000050b00000000001800fd01020001020000000000052000000023020000010100000000000512000000010100000000000512000000

HKEY_LOCAL_MACHINE\system\currentcontrolset\services\wscsvc\Enum
0 REG_SZ Root\LEGACY_WSCSVC\0000
Count REG_DWORD 1 (0x1)
NextInstance REG_DWORD 1 (0x1)

-----------------EOF-----------------

melo15 · #12 Příspěvek od **melo15** » 18 lis 2011 15:06

Po vyčištění T-Cleanerem a restartu:

Logfile of random's system information tool 1.09 (written by random/random)
Run by Mike at 2011-11-18 15:04:11
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 5 GB (9%) free of 60 GB
Total RAM: 1023 MB (34% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15:04:21, on 18.11.2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Documents and Settings\Mike\Dokumenty\QIP Infium\infium.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\ABBYY\FineReader\10.00\Licensing\CE\NetworkLicenseServer.exe
C:\Program Files\Avira\AntiVir Desktop\avfwsvc.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
d:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\WINDOWS\system32\oodag.exe
C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
d:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\Mike\Plocha\RSIT.exe
C:\Program Files\trend micro\Mike.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.seznam.cz
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "d:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [Infium] "C:\Documents and Settings\Mike\Dokumenty\QIP Infium\infium.exe" /autorun
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Stáhnout s IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: Stáhnout s IDM obsah FLV videa - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Stáhnout s IDM všechny odkazy - C:\Program Files\Internet Download Manager\IEGetAll.htm
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - D:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - D:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: QIP Infium - {1EF681F7-A04B-4D6D-9012-A307CCA55610} - C:\Documents and Settings\Mike\Dokumenty\QIP Infium\infium.exe (HKCU)
O15 - Trusted Zone: http://asia.msi.com.tw
O15 - Trusted Zone: http://global.msi.com.tw
O15 - Trusted Zone: http://www.msi.com.tw
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microso ... 2083060156
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 9506134171
O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} (WebSDev Control) - http://liveupdate.msi.com.tw/autobios/L ... nstall.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: ABBYY FineReader 10 CE Licensing Service (ABBYY.Licensing.FineReader.Corporate.10.0) - ABBYY - C:\Program Files\Common Files\ABBYY\FineReader\10.00\Licensing\CE\NetworkLicenseServer.exe
O23 - Service: Avira FireWall (AntiVirFirewallService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\avfwsvc.exe
O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Realtime Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Avira Web Protection (AntiVirWebService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FC77E02E - Unknown owner - C:\WINDOWS\system32\FC77E02E.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: HDD Information Service (HDDSvc) - AltrixSoft (http://www.altrixsoft.com/) - C:\Program Files\Common Files\AltrixSoft\HDDInfoService\HDDSvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MBAMService - Malwarebytes Corporation - d:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: Internet Pass-Through Service (PassThru Service) - Unknown owner - C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - d:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe

--
End of file - 12355 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

=========Mozilla firefox=========

ProfilePath - C:\Documents and Settings\Mike\Data aplikací\Mozilla\Firefox\Profiles\h1w0ji0j.default

prefs.js - "browser.search.useDBForOrder" - true
prefs.js - "browser.startup.homepage" - "http://www.seznam.cz/"
prefs.js - "extensions.enabledItems" - "{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3, anycolor.pavlos256@gmail.com:0.3.3, {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.8, firebug@software.joehewitt.com:1.6.2, {1018e4d6-728f-4b20-ad56-37578a4de76b}:4.1.1, {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.1, {7102aba3-045c-4ec2-b921-46d87636d84b}:2.10, {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}:6.0.14, {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}:6.0.15, jqs@sun.com:1.0, {20a82645-c095-46ed-80e3-08825760534b}:1.2.1, isreaditlater@ideashower.com:2.1.1, {53A03D43-5363-4669-8190-99061B2DEBA5}:1.4.2, {02450954-cdd9-410f-b1da-db804e18c671}:0.96.3, {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20100908, foxmarks@kei.com:3.9.5, elemhidehelper@adblockplus.org:1.1.1, {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.4, camifox@altmusictv.com:3.6.5, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.15"
prefs.js - "keyword.URL" - "http://search.qip.ru/search?from=FF&query="

"{20a82645-c095-46ed-80e3-08825760534b}"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
"jqs@sun.com"=C:\Program Files\Java\jre6\lib\deploy\jqs\ff

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/ShockwavePlayer]
"Description"=Adobe Shockwave Player
"Path"=C:\WINDOWS\system32\Adobe\Director\np32dsw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Apple.com/iTunes,version=]
"Description"=iTunes Detector Plug-in
"Path"=

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Apple.com/iTunes,version=1.0]
"Description"=
"Path"=D:\Program Files\iTunes\Mozilla Plugins\npitunes.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nppl3260;version=6.0.12.450]
"Description"=RealPlayer(tm) LiveConnect-Enabled Plug-In
"Path"=C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nprjplug;version=1.0.3.448]
"Description"=RealJukebox Netscape Plugin
"Path"=C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448]
"Description"=6.0.12.448
"Path"=C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=]
"Description"=
"Path"=

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18]
"Description"=Veetle TV Core
"Path"=C:\Program Files\Veetle\plugins\npVeetle.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18]
"Description"=Veetle TV Player
"Path"=C:\Program Files\Veetle\Player\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=D:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll

C:\Program Files\Mozilla Firefox\extensions\
linkfilter@kaspersky(2).ru
{972ce4c6-7e08-4474-a285-3208198ce6fd}

C:\Program Files\Mozilla Firefox\components\
binary.manifest
browsercomps.dll
nppl3260.xpt
nsIQTScriptablePlugin.xpt
nsJSRealPlayerPlugin.xpt

C:\Program Files\Mozilla Firefox\plugins\
np-mswmp.dll
npdeploytk.dll
NPOFF12.DLL
nppdf32.dll
nppl3260.dll
npqtplugin.dll
npqtplugin2.dll
npqtplugin3.dll
npqtplugin4.dll
npqtplugin5.dll
npqtplugin6.dll
npqtplugin7.dll
nprjplug.dll
nprpjplug.dll
QuickTimePlugin.class
WMP Firefox Plugin License.rtf
WMP Firefox Plugin RelNotes.txt

C:\Program Files\Mozilla Firefox\searchplugins\
google.xml
heureka-cz.xml
jyxo-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml

C:\Documents and Settings\Mike\Data aplikací\Mozilla\Firefox\Profiles\h1w0ji0j.default\extensions\
anycolor.pavlos256@gmail.com
camifox@altmusictv.com
foxmarks@kei.com
fullscreen-video@design-noir.de
plugin2@gameplaylabs.com
{02450954-cdd9-410f-b1da-db804e18c671}
{1018e4d6-728f-4b20-ad56-37578a4de76b}
{20a82645-c095-46ed-80e3-08825760534b}
{32a1fd71-835e-4b11-8e54-886fda0b4c89}
{7102aba3-045c-4ec2-b921-46d87636d84b}
{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
{FC5BAC7D-D696-4ba6-B913-CF8F000C33DF}

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8}]
IDMIEHlprObj Class - C:\Program Files\Internet Download Manager\IDMIECC.dll [2009-05-07 169392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2DB66063-BB98-466A-AA0D-3E7ACF5ED853}]
WebTransBHO Class - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll [2009-07-11 520192]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26 2217832]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-07-25 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-07-25 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{BFC32E1D-EE75-4A48-BC60-104E11EE2431} - WebTranslator - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll [2009-07-11 520192]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2006-05-18 16207872]
"SkyTel"=C:\WINDOWS\SkyTel.EXE [2006-05-16 2879488]
"BluetoothAuthenticationAgent"=bthprops.cpl,,BluetoothAuthenticationAgent []
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2011-10-05 258512]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2010-02-10 61440]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2009-02-26 30040]
"Malwarebytes' Anti-Malware"=d:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2011-08-31 449608]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Infium"=C:\Documents and Settings\Mike\Dokumenty\QIP Infium\infium.exe [2010-03-16 5739472]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2008-12-22 356352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2010-02-11 155648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-02-12 190976]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2008-04-27 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26 2217832]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\27805891.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\27805891.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Documents and Settings\Marie\Local Settings\Data aplikací\Skype\Phone\Skype.exe"="C:\Documents and Settings\Marie\Local Settings\Data aplikací\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"D:\Games\KONAMI\Pro Evolution Soccer 2012\pes2012.exe"="D:\Games\KONAMI\Pro Evolution Soccer 2012\pes2012.exe:*:Enabled:Pro Evolution Soccer 2012"
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe"="C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"D:\Program Files\iTunes\iTunes.exe"="D:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"VIDC.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"VIDC.IYUV"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVU9"=tsbyuv.dll
"VIDC.YVYU"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll
"VIDC.DIVX"=divx.dll
"VIDC.XVID"=xvidvfw.dll
"VIDC.YV12"=xvidvfw.dll
"msacm.ac3acm"=ac3acm.acm
"msacm.lameacm"=lameACM.acm
"VIDC.FFDS"=ff_vfw.dll

======List of files/folders created in the last 1 month======

2011-11-18 15:04:11 ----D---- C:\rsit
2011-11-18 14:37:31 ----A---- C:\export.txt
2011-11-17 20:35:23 ----SD---- C:\Turbina
2011-11-17 12:22:47 ----SHD---- C:\RECYCLER
2011-11-17 11:41:04 ----D---- C:\Program Files\NAVIGON
2011-11-17 10:51:21 ----D---- C:\Documents and Settings\All Users\Data aplikací\boost_interprocess
2011-11-17 10:47:25 ----D---- C:\Program Files\EzTools
2011-11-16 23:19:08 ----HDC---- C:\WINDOWS\$NtUninstallKB2641690$
2011-11-16 23:06:51 ----A---- C:\WINDOWS\imsins.BAK
2011-11-16 23:06:45 ----HDC---- C:\WINDOWS\$NtUninstallKB2544893-v2$
2011-11-16 22:51:37 ----A---- C:\WINDOWS\system32\drivers\mbam.sys
2011-11-16 17:10:51 ----N---- C:\WINDOWS\system32\ati2sgag.exe
2011-11-16 17:10:07 ----D---- C:\Program Files\ATI Technologies
2011-11-16 16:53:49 ----A---- C:\WINDOWS\SchedLgU.Txt
2011-11-16 16:17:19 ----A---- C:\WINDOWS\system32\drivers\BlackBox.sys
2011-11-16 14:40:37 ----A---- C:\WINDOWS\WININIT.INI
2011-11-15 23:34:17 ----D---- C:\WINDOWS\temp
2011-11-15 15:55:42 ----D---- C:\TDSSKiller_Quarantine
2011-11-15 15:10:14 ----A---- C:\WINDOWS\system32\drivers\imapi.sys
2011-11-14 20:43:43 ----A---- C:\WINDOWS\ntbtlog.txt
2011-11-12 12:25:34 ----D---- C:\Documents and Settings\Mike\Data aplikací\Mp3tag
2011-10-24 20:58:41 ----HDC---- C:\WINDOWS\$NtUninstallKB2564958$
2011-10-24 20:57:23 ----HDC---- C:\WINDOWS\$NtUninstallKB2592799$
2011-10-24 20:44:49 ----HDC---- C:\WINDOWS\$NtUninstallKB2567053$
2011-10-24 20:44:29 ----HDC---- C:\WINDOWS\$NtUninstallKB2616676-v2$
2011-10-24 20:38:38 ----N---- C:\WINDOWS\system32\spmsg.dll
2011-10-24 20:38:36 ----HDC---- C:\WINDOWS\$NtUninstallKB2570947$
2011-10-24 19:11:09 ----D---- C:\Documents and Settings\Mike\Data aplikací\PC Suite
2011-10-24 19:11:03 ----D---- C:\Documents and Settings\All Users\Data aplikací\PC Suite
2011-10-24 19:07:24 ----A---- C:\WINDOWS\system32\drivers\pccsmcfd.sys
2011-10-24 19:06:46 ----D---- C:\Program Files\PC Connectivity Solution
2011-10-24 19:06:12 ----A---- C:\WINDOWS\system32\wdfcoinstaller01009.dll
2011-10-24 19:06:12 ----A---- C:\WINDOWS\system32\ccdcmbwu.dll
2011-10-24 19:04:25 ----D---- C:\Documents and Settings\All Users\Data aplikací\Installations

======List of files/folders modified in the last 1 month======

2011-11-18 15:04:21 ----D---- C:\Program Files\trend micro
2011-11-18 15:04:13 ----D---- C:\WINDOWS\Prefetch
2011-11-18 15:04:09 ----D---- C:\WINDOWS\system32\CatRoot2
2011-11-18 14:56:38 ----D---- C:\WINDOWS
2011-11-18 14:56:24 ----D---- C:\WINDOWS\system32
2011-11-17 22:58:06 ----HD---- C:\WINDOWS\inf
2011-11-17 20:35:44 ----D---- C:\WINDOWS\system32\Restore
2011-11-17 20:34:56 ----D---- C:\WINDOWS\system32\drivers
2011-11-17 13:33:30 ----AD---- C:\Documents and Settings\All Users\Data aplikací\TEMP
2011-11-17 11:44:53 ----SHD---- C:\WINDOWS\Installer
2011-11-17 11:44:53 ----D---- C:\Config.Msi
2011-11-17 11:44:51 ----D---- C:\WINDOWS\WinSxS
2011-11-17 11:41:04 ----RD---- C:\Program Files
2011-11-16 23:19:11 ----RSHDC---- C:\WINDOWS\system32\dllcache
2011-11-16 23:16:26 ----D---- C:\WINDOWS\Debug
2011-11-16 23:16:22 ----A---- C:\WINDOWS\system32\MRT.exe
2011-11-16 23:15:44 ----D---- C:\Documents and Settings\All Users\Data aplikací\Microsoft Help
2011-11-16 23:15:32 ----RSD---- C:\WINDOWS\assembly
2011-11-16 23:13:12 ----D---- C:\Program Files\Common Files\Microsoft Shared
2011-11-16 23:08:46 ----D---- C:\Program Files\Common Files\System
2011-11-16 23:08:46 ----A---- C:\WINDOWS\win.ini
2011-11-16 23:04:17 ----HD---- C:\WINDOWS\$hf_mig$
2011-11-16 22:22:41 ----D---- C:\WINDOWS\system32\NtmsData
2011-11-16 19:22:43 ----D---- C:\WINDOWS\Registration
2011-11-16 16:57:38 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2011-11-16 14:03:54 ----SHD---- C:\System Volume Information
2011-11-15 23:29:14 ----A---- C:\WINDOWS\system.ini
2011-11-15 23:25:36 ----D---- C:\WINDOWS\AppPatch
2011-11-15 23:25:35 ----D---- C:\Program Files\Common Files
2011-11-15 15:40:26 ----SD---- C:\WINDOWS\Tasks
2011-11-15 15:35:33 ----D---- C:\WINDOWS\system32\drivers\etc
2011-11-15 15:11:39 ----D---- C:\WINDOWS\system32\config
2011-11-12 16:39:28 ----D---- C:\Documents and Settings\Mike\Data aplikací\vlc
2011-11-11 16:56:30 ----D---- C:\Program Files\Mozilla Firefox
2011-11-03 19:16:58 ----D---- C:\Documents and Settings\Mike\Data aplikací\Skype
2011-10-25 09:29:31 ----D---- C:\Program Files\Microsoft Silverlight
2011-10-25 09:29:31 ----D---- C:\Program Files\Internet Explorer
2011-10-24 21:03:44 ----D---- C:\WINDOWS\ie8updates
2011-10-24 20:58:03 ----D---- C:\WINDOWS\Microsoft.NET
2011-10-24 19:42:59 ----D---- C:\Program Files\Common Files\Nokia
2011-10-24 19:42:58 ----D---- C:\Program Files\Nokia
2011-10-24 19:42:22 ----DC---- C:\WINDOWS\system32\DRVSTORE
2011-10-24 19:14:20 ----D---- C:\WINDOWS\system32\drivers\UMDF
2011-10-22 13:05:12 ----A---- C:\WINDOWS\NeroDigital.ini
2011-10-20 20:19:05 ----D---- C:\WINDOWS\security
2011-10-19 13:40:10 ----D---- C:\Program Files\Hard Drive Inspector

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 BlackBox;BlackBox SR2; C:\WINDOWS\system32\drivers\BlackBox.sys [2011-11-16 35712]
R0 ohci1394;Hostitelský řadič IEEE 1394 dle standardu OHCI VIA; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2008-04-14 61696]
R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2009-12-22 685816]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2009-07-13 91904]
R1 avfwot;avfwot; C:\WINDOWS\system32\DRIVERS\avfwot.sys [2011-09-16 111160]
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2011-09-18 134344]
R1 avkmgr;avkmgr; C:\WINDOWS\system32\DRIVERS\avkmgr.sys [2011-09-15 36000]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2010-06-17 28520]
R1 truecrypt;truecrypt; C:\WINDOWS\System32\drivers\truecrypt.sys [2011-01-02 231248]
R1 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-10-25 12032]
R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2011-09-15 74640]
R3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-27 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2010-02-11 3565056]
R3 avfwim;AvFw Packet Filter Miniport; C:\WINDOWS\system32\DRIVERS\avfwim.sys [2011-09-16 91096]
R3 BthEnum;Ovladač pro Bluetooth Request Block; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2008-04-13 17024]
R3 BTHMODEM;Ovladač komunikace modemu Bluetooth; C:\WINDOWS\system32\DRIVERS\bthmodem.sys [2008-04-13 37888]
R3 BthPan;Bluetooth Device (Personal Area Network); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2008-04-13 101120]
R3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2008-04-13 18944]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-05-16 4275712]
R3 MBAMProtector;MBAMProtector; \??\C:\WINDOWS\system32\drivers\mbam.sys []
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-27 61824]
R3 PAC207;Webcam 1200; C:\WINDOWS\system32\DRIVERS\PFC027.SYS [2007-06-29 611584]
R3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2010-01-02 47360]
R3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2008-04-13 59136]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2006-06-19 81792]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 61883;61883 Unit Device; C:\WINDOWS\system32\DRIVERS\61883.sys [2008-04-13 48128]
S3 AF15BDA;AF9015 BDA Filter; C:\WINDOWS\system32\DRIVERS\AF15BDA.sys [2008-04-30 449408]
S3 as8v86y5;as8v86y5; C:\WINDOWS\system32\drivers\as8v86y5.sys []
S3 Avc;AVC Device; C:\WINDOWS\system32\DRIVERS\avc.sys [2008-04-13 38912]
S3 BTHPORT;Ovladač portu Bluetooth; C:\WINDOWS\System32\Drivers\BTHport.sys [2008-06-14 272128]
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 FGCWL;FGCWL; \??\d:\Program Files\Fortres Grand\Virtual Sandbox\FGCWL.sys []
S3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
S3 HTCAND32;HTC Device Driver; C:\WINDOWS\System32\Drivers\ANDROIDUSB.sys [2009-06-10 24576]
S3 htcnprot;HTC NDIS Protocol Driver; C:\WINDOWS\system32\DRIVERS\htcnprot.sys [2010-06-22 21248]
S3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2008-04-27 12160]
S3 MPE;Filtr MPE BDA; C:\WINDOWS\system32\DRIVERS\MPE.sys [2008-04-13 15232]
S3 MSDV;Microsoft DV Camera and VCR; C:\WINDOWS\system32\DRIVERS\msdv.sys [2008-04-13 51200]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 nmwcd;Nokia USB Phone Parent Driver; C:\WINDOWS\system32\drivers\ccdcmb.sys [2011-05-18 18176]
S3 nmwcdc;Nokia USB Communication Driver; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2011-05-18 23168]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 RivaTuner32;RivaTuner32; \??\C:\Program Files\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner32.sys []
S3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2011-05-18 8192]
S3 USB28xxBGA;USB 2863 Device; C:\WINDOWS\system32\DRIVERS\emBDA.sys [2008-05-14 535040]
S3 USB28xxOEM;USB 28xx OEM Filter; C:\WINDOWS\system32\DRIVERS\emOEM.sys [2008-05-14 286208]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2011-05-10 42496]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 usbser;USB Modem Driver; C:\WINDOWS\system32\drivers\usbser.sys [2008-04-13 26112]
S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2011-05-18 8192]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2009-07-14 444136]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2008-04-27 38528]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2009-07-13 132224]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ABBYY.Licensing.FineReader.Corporate.10.0;ABBYY FineReader 10 CE Licensing Service; C:\Program Files\Common Files\ABBYY\FineReader\10.00\Licensing\CE\NetworkLicenseServer.exe [2010-05-07 814344]
R2 AntiVirFirewallService;Avira FireWall; C:\Program Files\Avira\AntiVir Desktop\avfwsvc.exe [2011-10-05 616400]
R2 AntiVirService;Avira Realtime Protection; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2011-10-05 110032]
R2 AntiVirSchedulerService;Avira Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2011-10-05 86224]
R2 AntiVirWebService;Avira Web Protection; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [2011-10-05 463824]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2011-10-09 55144]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2010-02-11 602112]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2011-08-30 390504]
R2 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-07-25 153376]
R2 MBAMService;MBAMService; d:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe [2009-09-23 935208]
R2 O&O Defrag;O&O Defrag; C:\WINDOWS\system32\oodag.exe [2009-04-08 1377536]
R2 PassThru Service;Internet Pass-Through Service; C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe [2011-08-12 87040]
R2 StarWindServiceAE;StarWind AE Service; d:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2007-05-28 275968]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service; C:\WINDOWS\System32\TUProgSt.exe [2010-01-09 603904]
R2 UxTuneUp;TuneUp Theme Extension; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2010-02-10 593920]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 FC77E02E;FC77E02E; C:\WINDOWS\system32\FC77E02E.exe []
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-07-11 654848]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 HDDSvc;HDD Information Service; C:\Program Files\Common Files\AltrixSoft\HDDInfoService\HDDSvc.exe [2010-01-12 458432]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2011-10-09 821608]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2009-02-26 64856]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2011-06-08 633856]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service; C:\WINDOWS\System32\TuneUpDefragService.exe [2010-01-09 360192]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S4 AntiVirMailService;Avira Mail Protection; C:\Program Files\Avira\AntiVir Desktop\avmailc.exe [2011-10-05 342480]
S4 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

melo15 · #13 Příspěvek od **melo15** » 18 lis 2011 15:31

Ten soubor tam nebyl. Jinak vše provedeno podle pokynu. Firewall je součástí Avira Internet Security.

Děkuju mockrát za pomoc!

Je tu ještě nějaká možnost poděkování?

VIRY.CZ

Prosím o pomoc - BSOD (rootkit TC/IP)

Prosím o pomoc - BSOD (rootkit TC/IP)

Re: Prosím o pomoc - BSOD (rootkit TC/IP)

Re: Prosím o pomoc - BSOD (rootkit TC/IP)

Re: Prosím o pomoc - BSOD (rootkit TC/IP)

Re: Prosím o pomoc - BSOD (rootkit TC/IP)

Re: Prosím o pomoc - BSOD (rootkit TC/IP)

Re: Prosím o pomoc - BSOD (rootkit TC/IP)

Re: Prosím o pomoc - BSOD (rootkit TC/IP)

Re: Prosím o pomoc - BSOD (rootkit TC/IP)

Re: Prosím o pomoc - BSOD (rootkit TC/IP)

Re: Prosím o pomoc - BSOD (rootkit TC/IP)

Re: Prosím o pomoc - BSOD (rootkit TC/IP)

Re: Prosím o pomoc - BSOD (rootkit TC/IP)