Problém s přesmerováním na abnow.com

Zpráva

Martin123 · #1 Příspěvek od **Martin123** » 05 bře 2012 09:56

Prosím o případnou radu pro vyřešení následujícího problému. Při hledání např. na Google.com se mi veškeré výsledky přesměrovávají na abnow.com. Log přikládám níže. Děkuji moc...

==

Logfile of random's system information tool 1.09 (written by random/random)
Run by Petr Novák at 2012-03-05 09:52:24
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 142 GB (20%) free of 715 GB
Total RAM: 3327 MB (74% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:52:31, on 5.3.2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\soft602\602updsvc\602updsvc.exe
C:\Program Files\Apache Group\Apache2\bin\Apache.exe
C:\Program Files\BioAdmin Server\BA_Server.exe
C:\Program Files\Apache Group\MySQL\bin\mysqld-nt.exe
C:\WINDOWS\system32\nvsvc32.exe
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apache Group\Apache2\bin\Apache.exe
C:\Program Files\Nokia\Nokia Software Updater\nsu3ui_agent.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Apache Group\Apache2\bin\ApacheMonitor.exe
C:\Documents and Settings\Petr Novák\Data aplikací\Dropbox\bin\Dropbox.exe
C:\Program Files\G6 FTP Server\G6FTPSrv.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\AcroTray.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
\.\globalroot\C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\Petr Novák\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Petr Novák\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\WINDOWS\regedit.exe
C:\Documents and Settings\Petr Novák\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Petr Novák\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Petr Novák\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Petr Novák\Dokumenty\Downloads\RSIT.exe
C:\Program Files\trend micro\Petr Novák.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://192.168.1.155/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Digimarc Reader for Images BHO for IE - {6D6F1AF0-DDCB-477F-A896-5D75E53B80A3} - C:\Program Files\Digimarc\Reader For Images 4.0\RM4IE.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: &Digimarc - {0FFE2F08-3AC9-4A91-A61D-4FF24F91A561} - C:\Program Files\Digimarc\Reader For Images 4.0\RM4IE.dll
O3 - Toolbar: &Seznam Lištička - {B71B15CE-3093-459C-B764-AEB2486F2273} - C:\Program Files\Seznam\Listicka\Toolbar.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [NSU_agent] "C:\Program Files\Nokia\Nokia Software Updater\nsu3ui_agent.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Digimarc Watermark Initializer] "C:\Program Files\Digimarc\Reader For Images 4.0\WMInit.exe"
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [KiesPDLR] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -trayboot
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil11e_Plugin.exe -update plugin
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Dropbox.lnk = ?
O4 - Startup: G6 FTP Server 2.0 beta 7.lnk = C:\Program Files\G6 FTP Server\G6FTPSrv.exe
O4 - Global Startup: Monitor Apache Servers.lnk = C:\Program Files\Apache Group\Apache2\bin\ApacheMonitor.exe
O8 - Extra context menu item: &Přelož do češtiny - res://C:\Program Files\Seznam\Listicka\Toolbar.dll/5034
O8 - Extra context menu item: Hlede&j v ČR - res://C:\Program Files\Seznam\Listicka\Toolbar.dll/5033
O8 - Extra context menu item: Hledej v &encyklopedii - res://C:\Program Files\Seznam\Listicka\Toolbar.dll/5108
O8 - Extra context menu item: Hledej ve &světě - res://C:\Program Files\Seznam\Listicka\Toolbar.dll/5035
O8 - Extra context menu item: Hledej ve &zboží - res://C:\Program Files\Seznam\Listicka\Toolbar.dll/5107
O8 - Extra context menu item: Převést cíl vazby do Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Převést do Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Připojit cíl vazby k existujícímu PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Připojit k existujícímu PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: (no name) - AutorunsDisabled - (no file)
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {45830FF9-D9E6-4F41-86ED-B266933D8E90} (RtspVaPgCtrlNew Class) - http://192.168.1.155/RtspVaPgDec.cab
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://192.168.1.156/activex/AMC.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5CEA2958-A6C7-4F40-A7B6-042C551EB648}: NameServer = 192.168.1.254
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: 602Updater (602XML Updater) - Software602 a.s. - C:\Program Files\Common Files\soft602\602updsvc\602updsvc.exe
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apache2 - Apache Software Foundation - C:\Program Files\Apache Group\Apache2\bin\Apache.exe
O23 - Service: BioAdmin Server - Unknown owner - C:\Program Files\BioAdmin Server\BA_Server.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: OpenVPN Service (OpenVPNService) - Unknown owner - C:\Program Files\OpenVPN\bin\openvpnserv.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O24 - Desktop Component 0: (no name) - (no file)

--
End of file - 9760 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-790525478-630328440-1801674531-1003Core.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-790525478-630328440-1801674531-1003UA.job
C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-790525478-630328440-1801674531-1003.job
C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-790525478-630328440-1801674531-1003.job

=========Mozilla firefox=========

ProfilePath - C:\Documents and Settings\Petr Novák\Data aplikací\Mozilla\Firefox\Profiles\jgz4nhks.default

prefs.js - "browser.search.useDBForOrder" - true
prefs.js - "browser.startup.homepage" - "http://www.seznam.cz/"
prefs.js - "extensions.enabledItems" - "{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.10, {446c03e0-2c35-11db-a98b-0800200c9a66}:0.6.2.15, {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}:6.0.18, jqs@sun.com:1.0, {02450954-cdd9-410f-b1da-db804e18c671}:0.96.3, firegestures@xuldev.org:1.6.5, {20a82645-c095-46ed-80e3-08825760534b}:1.2.1, {c45c406e-ab73-11d8-be73-000a95be3b12}:1.1.9, {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23, {340c2bbc-ce74-4362-90b5-7c26312808ef}:1.7, {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}:6.0.25, bkmrksync@nokia.com:1.0.0.740, {888d99e7-e8b5-46a3-851e-1ec45da1e644}:7.0.0, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.26"

"{20a82645-c095-46ed-80e3-08825760534b}"=c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
"jqs@sun.com"=C:\Program Files\Java\jre6\lib\deploy\jqs\ff
"bkmrksync@nokia.com"=C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Google.com/GoogleEarthPlugin]
"Description"=Google Earth in your browser
"Path"=C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=10.2.1]
"Description"=
"Path"=C:\WINDOWS\system32\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin,version=10.2.1]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\new_plugin\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@software602.cz/602XML Filler]
"Description"=Software602 Form Filler Plugin
"Path"=C:\Program Files\Software602\602XML\Filler\npfiller.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=8]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.2.183.29\npGoogleOneClick8.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}

C:\Program Files\Mozilla Firefox\components\
binary.manifest
browsercomps.dll
nsIQTScriptablePlugin.xpt

C:\Program Files\Mozilla Firefox\plugins\
nppdf32.dll
npqtplugin.dll
npqtplugin2.dll
npqtplugin3.dll
npqtplugin4.dll
npqtplugin5.dll
npqtplugin6.dll
npqtplugin7.dll
QuickTimePlugin.class

C:\Program Files\Mozilla Firefox\searchplugins\
google.xml
heureka-cz.xml
jyxo-cz.xml
mall-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml

C:\Documents and Settings\Petr Novák\Data aplikací\Mozilla\Firefox\Profiles\jgz4nhks.default\extensions\
{02450954-cdd9-410f-b1da-db804e18c671}
{446c03e0-2c35-11db-a98b-0800200c9a66}
{c45c406e-ab73-11d8-be73-000a95be3b12}
{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}

C:\Documents and Settings\Petr Novák\Data aplikací\Mozilla\Firefox\Profiles\jgz4nhks.default\searchplugins\
firmycz.xml
mapycz.xml
sweetim.xml
zbocz.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2011-09-05 63912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D6F1AF0-DDCB-477F-A896-5D75E53B80A3}]
Digimarc Reader for Images BHO for IE - C:\Program Files\Digimarc\Reader For Images 4.0\RM4IE.dll [2010-01-19 820048]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
Adobe PDF Conversion Toolbar Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11 345480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\jp2ssv.dll [2011-11-08 59272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2011-04-14 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F4971EE7-DAA0-4053-9964-665D8EE6A077}]
SmartSelect Class - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11 345480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{0FFE2F08-3AC9-4A91-A61D-4FF24F91A561} - &Digimarc - C:\Program Files\Digimarc\Reader For Images 4.0\RM4IE.dll [2010-01-19 820048]
{B71B15CE-3093-459C-B764-AEB2486F2273} - &Seznam Lištička - C:\Program Files\Seznam\Listicka\Toolbar.dll [2007-11-04 793960]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11 345480]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2009-03-28 13684736]
"Adobe Acrobat Speed Launcher"=C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe [2008-06-12 37232]
"NSU_agent"=C:\Program Files\Nokia\Nokia Software Updater\nsu3ui_agent.exe [2011-08-11 169264]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2011-09-30 252296]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Digimarc Watermark Initializer"=C:\Program Files\Digimarc\Reader For Images 4.0\WMInit.exe [2010-01-19 80208]
"PC Suite Tray"=C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe [2011-06-16 1500160]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"KiesPDLR"=C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [2011-12-27 21392]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"ICQ Lite"=C:\Program Files\ICQLite\ICQLite.exe [2005-04-10 2904660]
"FlashPlayerUpdate"=C:\WINDOWS\system32\Macromed\Flash\FlashUtil11e_Plugin.exe [2011-11-19 247968]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [2008-06-11 640376]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cyclone Wallpaper Changer]
C:\Program Files\Cyclone Wallpaper Changer\Cyclone Wallpaper Changer.exe [2010-11-06 186368]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesHelper]
C:\Program Files\Samsung\Kies\KiesHelper.exe [2011-12-27 937360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesPDLR]
C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [2011-12-27 21392]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesTrayAgent]
C:\Program Files\Samsung\Kies\KiesTrayAgent.exe [2011-12-27 3508624]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2010-11-29 421888]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Microsoft Office.lnk]
C:\PROGRA~1\MICROS~2\Office10\OSA.EXE [2001-02-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Active@ Disk Monitor"=2

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Monitor Apache Servers.lnk - C:\Program Files\Apache Group\Apache2\bin\ApacheMonitor.exe

C:\Documents and Settings\Petr Novák\Nabídka Start\Programy\Po spuštění
Dropbox.lnk - C:\Documents and Settings\Petr Novák\Data aplikací\Dropbox\bin\Dropbox.exe
G6 FTP Server 2.0 beta 7.lnk - C:\Program Files\G6 FTP Server\G6FTPSrv.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"C:\Program Files\AVG\AVG8\avgam.exe"="C:\Program Files\AVG\AVG8\avgam.exe:*:Enabled:avgam.exe"
"C:\Program Files\AVG\AVG8\avgdiag.exe"="C:\Program Files\AVG\AVG8\avgdiag.exe:*:Enabled:avgdiag.exe"
"C:\Program Files\AVG\AVG8\avgdiagex.exe"="C:\Program Files\AVG\AVG8\avgdiagex.exe:*:Enabled:avgdiagex.exe"
"C:\Program Files\AVG\AVG8\avgemc.exe"="C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"
"C:\Program Files\Vuze\Azureus.exe"="C:\Program Files\Vuze\Azureus.exe:*:Enabled:Azureus / Vuze"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\Total Commander\TOTALCMD.EXE"="C:\Program Files\Total Commander\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit"
"C:\Program Files\Google\Google Earth\client\googleearth.exe"="C:\Program Files\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth"
"C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe"="C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe:*:Enabled:Nokia Ovi Suite"
"C:\Program Files\Common Files\Nokia\Service Layer\A\nsl_host_process.exe"="C:\Program Files\Common Files\Nokia\Service Layer\A\nsl_host_process.exe:*:Enabled:Nokia Service Layer Host Process "
"C:\Program Files\Common Files\soft602\langserv.exe"="C:\Program Files\Common Files\soft602\langserv.exe:*:Enabled:Software602 Spell Checker"
"C:\Program Files\ICQLite\ICQLite.exe"="C:\Program Files\ICQLite\ICQLite.exe:*:Enabled:ICQ Lite"
"C:\Program Files\OpenVPN\bin\openvpn.exe"="C:\Program Files\OpenVPN\bin\openvpn.exe:*:Enabled:openvpn"
"C:\Program Files\Jeyo\JMC_WindowsMobile\JMC_WM.exe"="C:\Program Files\Jeyo\JMC_WindowsMobile\JMC_WM.exe:*:Enabled:Jeyo Mobile Companion"
"C:\Program Files\Google\Google Earth\plugin\geplugin.exe"="C:\Program Files\Google\Google Earth\plugin\geplugin.exe:*:Enabled:Google Earth"
"C:\WINDOWS\system32\muzapp.exe"="C:\WINDOWS\system32\muzapp.exe:*:Enabled:MUZ AOD APP player"
"C:\Documents and Settings\Petr Novák\Data aplikací\Dropbox\bin\Dropbox.exe"="C:\Documents and Settings\Petr Novák\Data aplikací\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"VIDC.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"VIDC.IYUV"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVU9"=tsbyuv.dll
"VIDC.YVYU"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"vidc.DIVX"=DivX.dll
"MSVideo8"=VfWWDM32.dll
"wave1"=wdmaud.drv
"wave2"=wdmaud.drv
"vidc.MPG4"=MPG4c32.dll
"vidc.MP42"=MPG4c32.dll
"vidc.MP43"=MPG4c32.dll
"msacm.msaudio2"=msaud32.acm
"vidc.XVID"=xvid.dll
"vidc.SMPV"=SMPV.dll
"wave3"=wdmaud.drv
"VIDC.FFDS"=ff_vfw.dll
"msacm.avis"=ff_acm.acm
"midi1"=wdmaud.drv
"midi2"=wdmaud.drv
"VIDC.DVSD"=pdvcodec.dll

======File associations======

.txt - open - "C:\Program Files\PSPad editor\PSPad.exe" "%1"

======List of files/folders created in the last 1 month======

2012-03-05 09:52:24 ----D---- C:\rsit
2012-03-04 15:45:26 ----ASH---- C:\WINDOWS\system32\dds_log_trash.cmd
2012-03-01 21:14:43 ----A---- C:\seo.txt
2012-02-16 03:04:37 ----HDC---- C:\WINDOWS\$NtUninstallKB2660465$
2012-02-16 03:00:53 ----HDC---- C:\WINDOWS\$NtUninstallKB2661637$
2012-02-15 14:17:51 ----N---- C:\WINDOWS\system32\iacenc.dll
2012-02-10 11:25:14 ----D---- C:\Documents and Settings\Petr Novák\Data aplikací\Dropbox

======List of files/folders modified in the last 1 month======

2012-03-05 09:52:31 ----D---- C:\Program Files\Trend Micro
2012-03-05 09:51:43 ----D---- C:\WINDOWS\Prefetch
2012-03-05 09:40:20 ----HD---- C:\WINDOWS
2012-03-05 09:40:20 ----D---- C:\WINDOWS\Temp
2012-03-05 09:40:20 ----D---- C:\WINDOWS\Debug
2012-03-05 09:34:16 ----A---- C:\WINDOWS\wincmd.ini
2012-03-05 09:32:33 ----A---- C:\WINDOWS\wcx_ftp.ini
2012-03-04 16:55:08 ----D---- C:\= 03 = SKFČR
2012-03-04 15:45:27 ----D---- C:\WINDOWS\system32
2012-03-02 13:10:17 ----D---- C:\Program Files\Mozilla Thunderbird
2012-03-01 10:38:06 ----D---- C:\Program Files\Mozilla Firefox
2012-02-28 16:29:18 ----D---- C:\WINDOWS\system32\CatRoot2
2012-02-27 18:08:29 ----D---- C:\Program Files\BioAdmin Server
2012-02-27 18:05:49 ----N---- C:\WINDOWS\SchedLgU.Txt
2012-02-27 17:47:19 ----HD---- C:\WINDOWS\inf
2012-02-27 09:09:17 ----D---- C:\Program Files\BioAdmin
2012-02-26 15:36:27 ----D---- C:\#localhost
2012-02-26 15:36:15 ----D---- C:\#localhost - temp
2012-02-22 16:52:56 ----A---- C:\WINDOWS\WTRAN32.INI
2012-02-22 03:00:55 ----SHD---- C:\WINDOWS\Installer
2012-02-16 09:30:24 ----D---- C:\Program Files\Microsoft Silverlight
2012-02-16 03:14:22 ----D---- C:\WINDOWS\Microsoft.NET
2012-02-16 03:14:14 ----RSD---- C:\WINDOWS\assembly
2012-02-16 03:09:24 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2012-02-16 03:09:08 ----D---- C:\WINDOWS\WinSxS
2012-02-16 03:04:44 ----A---- C:\WINDOWS\system32\MRT.exe
2012-02-16 03:04:39 ----RSHDC---- C:\WINDOWS\system32\dllcache
2012-02-16 03:04:30 ----D---- C:\Program Files\Internet Explorer
2012-02-16 03:04:13 ----HD---- C:\WINDOWS\$hf_mig$
2012-02-14 14:58:02 ----D---- C:\= 05 = Erasport.cz
2012-02-11 22:30:51 ----D---- C:\= 09 = Private
2012-02-11 16:45:43 ----A---- C:\WINDOWS\ModemLog_Nokia E52 USB Modem.txt
2012-02-10 17:35:18 ----A---- C:\WINDOWS\NeroDigital.ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 ohci1394;Hostitelský řadič IEEE 1394 dle standardu OHCI; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2008-04-14 61696]
R0 PxHelp20;PxHelp20; C:\WINDOWS\system32\DRIVERS\PxHelp20.sys [2010-03-19 45648]
R0 sbp2port;Ovladač sběrnice pro přenos dat zařízení podporujícího protokol SBP-2; C:\WINDOWS\system32\DRIVERS\sbp2port.sys [2008-04-14 43904]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2009-07-13 91904]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 ISODrive;ISO DVD/CD-ROM Device Driver; \??\C:\Program Files\UltraISO\drivers\ISODrive.sys []
R2 NwlnkIpx;Transportní protokol kompatibilní s NWLink IPX/SPX/NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys [2008-04-14 88320]
R2 NwlnkNb;Služba NWLink pro rozhraní NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnknb.sys [2008-04-14 63232]
R2 NwlnkSpx;Protokol NWLink SPX/SPXII; C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys [2008-04-14 55936]
R2 PARLDR2K;ParLdr2k; \??\C:\WINDOWS\system32\drivers\parldr2k.sys []
R2 ROCKEYNT;ROCKEYNT; \??\C:\WINDOWS\system32\drivers\Rockeynt.sys []
R3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-14 60800]
R3 HCW85BDA;Hauppauge WinTV 885 Video Capture; C:\WINDOWS\system32\drivers\HCW85BDA.sys [2010-03-15 1482112]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-14 144384]
R3 HidBatt;Ovladač baterie zdroje UPS standardu HID; C:\WINDOWS\system32\DRIVERS\HidBatt.sys [2008-04-14 20352]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-03-01 4484608]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2008-04-14 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-14 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2009-03-28 6280416]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2009-11-27 177152]
R3 tap0901;TAP-Win32 Adapter V9; C:\WINDOWS\system32\DRIVERS\tap0901.sys [2010-11-08 26112]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
R3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
R3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
R3 usbstor;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
S1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
S3 61883;61883 Unit Device; C:\WINDOWS\system32\DRIVERS\61883.sys [2008-04-13 48128]
S3 adusbser;AnyDATA USB Device for Legacy Serial Communication; C:\WINDOWS\system32\DRIVERS\adusbser.sys []
S3 Avc;AVC Device; C:\WINDOWS\system32\DRIVERS\avc.sys [2008-04-13 38912]
S3 AVerFx2hbtv;AVerMedia C038 USB Capture Card; C:\WINDOWS\system32\drivers\AVerFx2hbtv.sys [2007-07-17 199552]
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 CrystalSysInfo;CrystalSysInfo; \??\C:\Program Files\MediaCoder\SysInfo.sys []
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.); C:\WINDOWS\system32\DRIVERS\ssudbus.sys [2011-12-08 80184]
S3 MPE;Filtr MPE BDA; C:\WINDOWS\system32\DRIVERS\MPE.sys [2008-04-14 15232]
S3 MSDV;Microsoft DV Camera and VCR; C:\WINDOWS\system32\DRIVERS\msdv.sys [2008-04-13 51200]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 nm;Ovladač programu Sledování sítě; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2008-04-14 40320]
S3 nmwcd;Nokia USB Phone Parent Driver; C:\WINDOWS\system32\drivers\ccdcmb.sys [2011-05-18 18176]
S3 nmwcdc;Nokia USB Communication Driver; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2011-05-18 23168]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 Pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\Pcouffin.sys []
S3 PL-40R;CASIO USB MIDI; C:\WINDOWS\System32\Drivers\pl40rwdm.sys [2004-10-01 18048]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 SODI;SODI; C:\WINDOWS\system32\DRIVERS\sam_miniport.sys []
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.); C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [2011-12-08 181432]
S3 StillCam;Ovladač digitálního fotoaparátu pro sériový port; C:\WINDOWS\system32\DRIVERS\serscan.sys [2001-10-24 6784]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2011-05-18 8192]
S3 usb_rndisx;Adaptér USB RNDIS; C:\WINDOWS\system32\DRIVERS\usb8023x.sys [2008-04-13 12800]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2010-09-28 41984]
S3 usbser;USB Modem Driver; C:\WINDOWS\system32\drivers\usbser.sys [2008-04-13 26112]
S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2011-05-18 8192]
S3 usbvideo;Zobrazovací zařízení USB (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-13 121984]
S3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2009-07-14 444136]
S3 WinUSB;SAMSUNG Android USB Driver; C:\WINDOWS\system32\DRIVERS\WinUSB.sys [2006-11-02 39368]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2009-07-13 132224]
S4 Nmwcchpt;Nmwcchpt; C:\WINDOWS\system32\drivers\Nmwcchpt.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 602XML Updater;602Updater; C:\Program Files\Common Files\soft602\602updsvc\602updsvc.exe [2011-03-14 84520]
R2 Apache2;Apache2; C:\Program Files\Apache Group\Apache2\bin\Apache.exe [2008-01-17 20541]
R2 BioAdmin Server;BioAdmin Server; C:\Program Files\BioAdmin Server\BA_Server.exe [2008-12-09 303104]
R2 LVPrcMon;LHidFilt; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 MySQL;MySQL; C:\Program Files\Apache Group\MySQL\bin\mysqld-nt --defaults-file=C:\Program Files\Apache Group\MySQL\my.ini MySQL []
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2009-03-28 163908]
R2 PSI_SVC_2;Protexis Licensing V2; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [2007-07-24 185632]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2011-11-04 651720]
R3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2011-06-08 633856]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2011-03-19 68096]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 OpenVPNService;OpenVPN Service; C:\Program Files\OpenVPN\bin\openvpnserv.exe [2010-11-08 36352]
S4 ACDaemon;ArcSoft Connect Daemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [2009-02-06 109056]
S4 Active@ Disk Monitor;Active@ Disk Monitor; C:\Program Files\LSoft Technologies Inc\Active@ Hard Disk Monitor\DiskMonitorService.exe [2009-09-02 1127944]
S4 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2011-01-05 37664]
S4 gupdate;Google Update Service (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-02-25 135664]
S4 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2011-04-14 153376]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
S4 UleadBurningHelper;Ulead Burning Helper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [2004-12-13 49152]
S4 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]

-----------------EOF-----------------

Martin123 · #2 Příspěvek od **Martin123** » 05 bře 2012 11:18

Děkuji, vše níže a v příloze.

https://www.virustotal.com/file/3f50872 ... 330942506/

Martin123 · #3 Příspěvek od **Martin123** » 05 bře 2012 14:02

Logy k prvním dvěma programům v příloze, v jednu chvíli mi tam u druhého nešlo exportovat, přikládám tedy printscreeny (v zazipované příloze).

Třetí program (vba32arkit_beta.zip) bohužel nechápu, jak nastavit, protože věci, co píšeš, jsem tam nikde nenašel=(.

Pak jsem provedl ty "očistné" kroky.

Log z prvního programu níže.

MBR Scan report mi sem nejde nějak vložit, dávám ho v ZIPu v příloze.

Log z CombiFix také níže.

V lozích, co přidávám v plaintextu níže, jsem změnil svoje jméno, snad to neva.

==
==
==

12:57:05.0284 1280 TDSS rootkit removing tool 2.7.19.0 Mar 5 2012 11:23:39
12:57:05.0378 1280 ============================================================
12:57:05.0378 1280 Current date / time: 2012/03/05 12:57:05.0378
12:57:05.0378 1280 SystemInfo:
12:57:05.0378 1280
12:57:05.0409 1280 OS Version: 5.1.2600 ServicePack: 3.0
12:57:05.0409 1280 Product type: Workstation
12:57:05.0409 1280 ComputerName: MARTIN
12:57:05.0409 1280 UserName: Petr Novák
12:57:05.0409 1280 Windows directory: C:\WINDOWS
12:57:05.0409 1280 System windows directory: C:\WINDOWS
12:57:05.0409 1280 Processor architecture: Intel x86
12:57:05.0409 1280 Number of processors: 4
12:57:05.0409 1280 Page size: 0x1000
12:57:05.0409 1280 Boot type: Normal boot
12:57:05.0409 1280 ============================================================
12:57:06.0284 1280 Drive \Device\Harddisk0\DR0 - Size: 0x1D1C1116000 (1863.02 Gb), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
12:57:06.0300 1280 Drive \Device\Harddisk2\DR2 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
12:57:06.0315 1280 Drive \Device\Harddisk1\DR1 - Size: 0x14F61AE000 (83.85 Gb), SectorSize: 0x200, Cylinders: 0x2AC1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
12:57:06.0346 1280 Drive \Device\Harddisk3\DR6 - Size: 0xF4FC8000 (3.83 Gb), SectorSize: 0x200, Cylinders: 0x1F3, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
12:57:06.0456 1280 \Device\Harddisk0\DR0:
12:57:06.0456 1280 MBR used
12:57:06.0456 1280 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xE8E07482
12:57:06.0456 1280 \Device\Harddisk2\DR2:
12:57:06.0456 1280 MBR used
12:57:06.0456 1280 \Device\Harddisk2\DR2\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x57541401
12:57:06.0456 1280 \Device\Harddisk1\DR1:
12:57:06.0456 1280 MBR used
12:57:06.0456 1280 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xA7ABA81
12:57:06.0471 1280 \Device\Harddisk3\DR6:
12:57:06.0487 1280 MBR used
12:57:06.0487 1280 \Device\Harddisk3\DR6\Partition0: MBR, Type 0xC, StartLBA 0x3F, BlocksNum 0x7A7A11
12:57:07.0003 1280 Initialize success
12:57:07.0003 1280 ============================================================
12:57:24.0550 0344 ============================================================
12:57:24.0550 0344 Scan started
12:57:24.0550 0344 Mode: Manual; SigCheck; TDLFS;
12:57:24.0550 0344 ============================================================
12:57:24.0768 0344 61883 (914a9709fc3bf419ad2f85547f2a4832) C:\WINDOWS\system32\DRIVERS\61883.sys
12:57:25.0409 0344 61883 - ok
12:57:25.0503 0344 Abiosdsk - ok
12:57:25.0518 0344 abp480n5 - ok
12:57:25.0565 0344 ACPI (4fe34f1f3126b61fcc6b2043aa8112c9) C:\WINDOWS\system32\DRIVERS\ACPI.sys
12:57:25.0675 0344 ACPI - ok
12:57:25.0737 0344 ACPIEC (afdff022a01f0b11c776f0860c3b282f) C:\WINDOWS\system32\drivers\ACPIEC.sys
12:57:25.0831 0344 ACPIEC - ok
12:57:25.0831 0344 adpu160m - ok
12:57:25.0831 0344 adusbser - ok
12:57:25.0878 0344 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
12:57:25.0971 0344 aec - ok
12:57:26.0003 0344 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
12:57:26.0065 0344 AFD - ok
12:57:26.0081 0344 Aha154x - ok
12:57:26.0081 0344 aic78u2 - ok
12:57:26.0096 0344 aic78xx - ok
12:57:26.0096 0344 AliIde - ok
12:57:26.0112 0344 amsint - ok
12:57:26.0143 0344 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
12:57:26.0237 0344 Arp1394 - ok
12:57:26.0237 0344 asc - ok
12:57:26.0253 0344 asc3350p - ok
12:57:26.0253 0344 asc3550 - ok
12:57:26.0268 0344 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
12:57:26.0362 0344 AsyncMac - ok
12:57:26.0409 0344 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
12:57:26.0503 0344 atapi - ok
12:57:26.0518 0344 Atdisk - ok
12:57:26.0550 0344 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
12:57:26.0643 0344 Atmarpc - ok
12:57:26.0659 0344 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
12:57:26.0737 0344 audstub - ok
12:57:26.0753 0344 Avc (f8e6956a614f15a0860474c5e2a7de6b) C:\WINDOWS\system32\DRIVERS\avc.sys
12:57:26.0831 0344 Avc - ok
12:57:26.0862 0344 AVerFx2hbtv (a5e4e3c6831f5db850120c7eb67b9aa5) C:\WINDOWS\system32\drivers\AVerFx2hbtv.sys
12:57:26.0925 0344 AVerFx2hbtv - ok
12:57:26.0956 0344 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
12:57:27.0050 0344 Beep - ok
12:57:27.0081 0344 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
12:57:27.0175 0344 cbidf2k - ok
12:57:27.0221 0344 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
12:57:27.0300 0344 CCDECODE - ok
12:57:27.0300 0344 cd20xrnt - ok
12:57:27.0331 0344 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
12:57:27.0409 0344 Cdaudio - ok
12:57:27.0456 0344 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
12:57:27.0550 0344 Cdfs - ok
12:57:27.0581 0344 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
12:57:27.0659 0344 Cdrom - ok
12:57:27.0675 0344 Changer - ok
12:57:27.0706 0344 CmdIde - ok
12:57:27.0753 0344 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
12:57:27.0846 0344 Compbatt - ok
12:57:27.0846 0344 Cpqarray - ok
12:57:27.0987 0344 CrystalSysInfo (f054744f67576a01139885173392502b) C:\Program Files\MediaCoder\SysInfo.sys
12:57:28.0050 0344 CrystalSysInfo - ok
12:57:28.0065 0344 dac2w2k - ok
12:57:28.0081 0344 dac960nt - ok
12:57:28.0128 0344 dg_ssudbus (919f338fd36f47d860775368d0748780) C:\WINDOWS\system32\DRIVERS\ssudbus.sys
12:57:28.0128 0344 dg_ssudbus - ok
12:57:28.0159 0344 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
12:57:28.0237 0344 Disk - ok
12:57:28.0300 0344 dmboot (db5fd2bf5b07dc54bfcb3664ff05bd7c) C:\WINDOWS\system32\drivers\dmboot.sys
12:57:28.0440 0344 dmboot - ok
12:57:28.0456 0344 dmio (fff1720af51171f32f1ead5cf71f2810) C:\WINDOWS\system32\drivers\dmio.sys
12:57:28.0550 0344 dmio - ok
12:57:28.0581 0344 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
12:57:28.0659 0344 dmload - ok
12:57:28.0706 0344 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
12:57:28.0784 0344 DMusic - ok
12:57:28.0784 0344 dpti2o - ok
12:57:28.0800 0344 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
12:57:28.0862 0344 drmkaud - ok
12:57:28.0909 0344 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
12:57:29.0003 0344 Fastfat - ok
12:57:29.0018 0344 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
12:57:29.0096 0344 Fdc - ok
12:57:29.0096 0344 Fips (ac366695a0796560aa37215ad5762aaf) C:\WINDOWS\system32\drivers\Fips.sys
12:57:29.0175 0344 Fips - ok
12:57:29.0175 0344 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
12:57:29.0253 0344 Flpydisk - ok
12:57:29.0300 0344 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
12:57:29.0378 0344 FltMgr - ok
12:57:29.0393 0344 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
12:57:29.0487 0344 Fs_Rec - ok
12:57:29.0487 0344 Ftdisk (4e664d8541db4a66b73a24257e322e1f) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
12:57:29.0596 0344 Ftdisk - ok
12:57:29.0612 0344 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
12:57:29.0690 0344 Gpc - ok
12:57:29.0768 0344 HCW85BDA (9dbf6a377c6e2b01af0e1fa1f7c8abb1) C:\WINDOWS\system32\drivers\HCW85BDA.sys
12:57:29.0893 0344 HCW85BDA - ok
12:57:29.0925 0344 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
12:57:30.0018 0344 HDAudBus - ok
12:57:30.0034 0344 HidBatt (748031ff4fe45ccc47546294905feab8) C:\WINDOWS\system32\DRIVERS\HidBatt.sys
12:57:30.0112 0344 HidBatt - ok
12:57:30.0128 0344 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
12:57:30.0221 0344 hidusb - ok
12:57:30.0221 0344 hpn - ok
12:57:30.0268 0344 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
12:57:30.0362 0344 HTTP - ok
12:57:30.0378 0344 i2omgmt - ok
12:57:30.0378 0344 i2omp - ok
12:57:30.0425 0344 i8042prt (c528e27945367191e7bae364930b6932) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
12:57:30.0487 0344 i8042prt - ok
12:57:30.0534 0344 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
12:57:30.0628 0344 Imapi - ok
12:57:30.0628 0344 ini910u - ok
12:57:30.0800 0344 IntcAzAudAddService (41ef008d7b089ce6f5f2e4a61d5638e6) C:\WINDOWS\system32\drivers\RtkHDAud.sys
12:57:31.0096 0344 IntcAzAudAddService - ok
12:57:31.0112 0344 IntelIde - ok
12:57:31.0143 0344 intelppm (27b290d632af2cf3cf40bfddb7370985) C:\WINDOWS\system32\DRIVERS\intelppm.sys
12:57:31.0206 0344 intelppm - ok
12:57:31.0221 0344 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
12:57:31.0300 0344 Ip6Fw - ok
12:57:31.0315 0344 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
12:57:31.0409 0344 IpFilterDriver - ok
12:57:31.0409 0344 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
12:57:31.0487 0344 IpInIp - ok
12:57:31.0487 0344 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
12:57:31.0565 0344 IpNat - ok
12:57:31.0612 0344 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
12:57:31.0706 0344 IPSec - ok
12:57:31.0721 0344 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
12:57:31.0753 0344 IRENUM - ok
12:57:31.0800 0344 isapnp (cc9f8a2d60aed1a51a3ac34c59b987ae) C:\WINDOWS\system32\DRIVERS\isapnp.sys
12:57:31.0893 0344 isapnp - ok
12:57:31.0971 0344 ISODrive (2f03ceb28307983f3b36216d35ffa5aa) C:\Program Files\UltraISO\drivers\ISODrive.sys
12:57:31.0987 0344 ISODrive - ok
12:57:32.0003 0344 Kbdclass (1b6162fe7f66b1a71a4b70f941c4aa9b) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
12:57:32.0065 0344 Kbdclass - ok
12:57:32.0081 0344 kbdhid (86c8f23616c6c6e5b2776901c17b945b) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
12:57:32.0143 0344 kbdhid - ok
12:57:32.0190 0344 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
12:57:32.0268 0344 kmixer - ok
12:57:32.0315 0344 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
12:57:32.0409 0344 KSecDD - ok
12:57:32.0409 0344 lbrtfdc - ok
12:57:32.0487 0344 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
12:57:32.0550 0344 mnmdd - ok
12:57:32.0596 0344 Modem (44032b0c6d9954d3fd26438330b99ee7) C:\WINDOWS\system32\drivers\Modem.sys
12:57:32.0690 0344 Modem - ok
12:57:32.0737 0344 Mouclass (4cb582831dbde63ce43b45d771218374) C:\WINDOWS\system32\DRIVERS\mouclass.sys
12:57:32.0815 0344 Mouclass - ok
12:57:32.0815 0344 mouhid (bb269eba740737ab749b214d568b6812) C:\WINDOWS\system32\DRIVERS\mouhid.sys
12:57:32.0893 0344 mouhid - ok
12:57:32.0925 0344 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
12:57:32.0987 0344 MountMgr - ok
12:57:33.0034 0344 MPE (c0f8e0c2c3c0437cf37c6781896dc3ec) C:\WINDOWS\system32\DRIVERS\MPE.sys
12:57:33.0221 0344 MPE - ok
12:57:33.0237 0344 mraid35x - ok
12:57:33.0237 0344 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
12:57:33.0315 0344 MRxDAV - ok
12:57:33.0346 0344 MRxSmb (8cf1379e9c992a2227d3c4eb087edab3) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
12:57:33.0409 0344 MRxSmb ( UnsignedFile.Multi.Generic ) - warning
12:57:33.0409 0344 MRxSmb - detected UnsignedFile.Multi.Generic (1)
12:57:33.0440 0344 MSDV (1477849772712bac69c144dcf2c9ce81) C:\WINDOWS\system32\DRIVERS\msdv.sys
12:57:33.0518 0344 MSDV - ok
12:57:33.0518 0344 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
12:57:33.0596 0344 Msfs - ok
12:57:33.0643 0344 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
12:57:33.0737 0344 MSKSSRV - ok
12:57:33.0737 0344 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
12:57:33.0815 0344 MSPCLOCK - ok
12:57:33.0815 0344 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
12:57:33.0893 0344 MSPQM - ok
12:57:33.0925 0344 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
12:57:34.0003 0344 mssmbios - ok
12:57:34.0018 0344 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
12:57:34.0096 0344 MSTEE - ok
12:57:34.0112 0344 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
12:57:34.0175 0344 Mup - ok
12:57:34.0206 0344 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
12:57:34.0268 0344 NABTSFEC - ok
12:57:34.0315 0344 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
12:57:34.0409 0344 NDIS - ok
12:57:34.0425 0344 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
12:57:34.0534 0344 NdisIP - ok
12:57:34.0565 0344 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
12:57:34.0596 0344 NdisTapi - ok
12:57:34.0643 0344 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
12:57:34.0737 0344 Ndisuio - ok
12:57:34.0753 0344 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
12:57:34.0831 0344 NdisWan - ok
12:57:34.0846 0344 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
12:57:34.0893 0344 NDProxy - ok
12:57:34.0909 0344 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
12:57:34.0971 0344 NetBIOS - ok
12:57:35.0018 0344 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
12:57:35.0096 0344 NetBT - ok
12:57:35.0143 0344 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
12:57:35.0221 0344 NIC1394 - ok
12:57:35.0237 0344 nm (1e421a6bcf2203cc61b821ada9de878b) C:\WINDOWS\system32\DRIVERS\NMnt.sys
12:57:35.0315 0344 nm - ok
12:57:35.0315 0344 Nmwcchpt - ok
12:57:35.0378 0344 nmwcd (cfe3462a9e94a57dcd9676f6b7fe7f67) C:\WINDOWS\system32\drivers\ccdcmb.sys
12:57:35.0612 0344 nmwcd - ok
12:57:35.0643 0344 nmwcdc (8f2a94f991f8c73cec26b4b5620d1edc) C:\WINDOWS\system32\drivers\ccdcmbo.sys
12:57:35.0690 0344 nmwcdc - ok
12:57:35.0737 0344 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
12:57:35.0815 0344 Npfs - ok
12:57:35.0831 0344 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
12:57:35.0956 0344 Ntfs - ok
12:57:36.0003 0344 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
12:57:36.0065 0344 Null - ok
12:57:36.0221 0344 nv (23b95a09677e62ec8d1641ecf39b9bfb) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
12:57:36.0581 0344 nv - ok
12:57:36.0628 0344 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
12:57:36.0721 0344 NwlnkFlt - ok
12:57:36.0721 0344 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
12:57:36.0800 0344 NwlnkFwd - ok
12:57:36.0831 0344 NwlnkIpx (8b8b1be2dba4025da6786c645f77f123) C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys
12:57:36.0893 0344 NwlnkIpx - ok
12:57:36.0925 0344 NwlnkNb (56d34a67c05e94e16377c60609741ff8) C:\WINDOWS\system32\DRIVERS\nwlnknb.sys
12:57:36.0987 0344 NwlnkNb - ok
12:57:37.0018 0344 NwlnkSpx (c0bb7d1615e1acbdc99757f6ceaf8cf0) C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys
12:57:37.0143 0344 NwlnkSpx - ok
12:57:37.0175 0344 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
12:57:37.0253 0344 ohci1394 - ok
12:57:37.0284 0344 PARLDR2K (b129365892b2e7b5155e601a4924cd2f) C:\WINDOWS\system32\drivers\parldr2k.sys
12:57:37.0284 0344 PARLDR2K ( UnsignedFile.Multi.Generic ) - warning
12:57:37.0284 0344 PARLDR2K - detected UnsignedFile.Multi.Generic (1)
12:57:37.0346 0344 Parport (46f8db73b4a53e543f8e371dc7c75bae) C:\WINDOWS\system32\drivers\Parport.sys
12:57:37.0409 0344 Parport - ok
12:57:37.0440 0344 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
12:57:37.0518 0344 PartMgr - ok
12:57:37.0550 0344 ParVdm (1fae19d0457176318bba4a8795656ebc) C:\WINDOWS\system32\drivers\ParVdm.sys
12:57:37.0628 0344 ParVdm - ok
12:57:37.0675 0344 pccsmcfd (fd2041e9ba03db7764b2248f02475079) C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys
12:57:37.0721 0344 pccsmcfd - ok
12:57:37.0784 0344 PCI (6ce351d149cb4befc702951e471e1730) C:\WINDOWS\system32\DRIVERS\pci.sys
12:57:37.0878 0344 PCI - ok
12:57:37.0878 0344 PCIDump - ok
12:57:37.0893 0344 PCIIde (2da4ec85e0ea7a45c6b2a05820492d5a) C:\WINDOWS\system32\DRIVERS\pciide.sys
12:57:37.0956 0344 PCIIde - ok
12:57:37.0987 0344 Pcmcia (4fc31e6c19a5ce5198b1abff94cae758) C:\WINDOWS\system32\drivers\Pcmcia.sys
12:57:38.0050 0344 Pcmcia - ok
12:57:38.0050 0344 Pcouffin - ok
12:57:38.0065 0344 PDCOMP - ok
12:57:38.0065 0344 PDFRAME - ok
12:57:38.0081 0344 PDRELI - ok
12:57:38.0081 0344 PDRFRAME - ok
12:57:38.0081 0344 perc2 - ok
12:57:38.0096 0344 perc2hib - ok
12:57:38.0128 0344 PL-40R (e27087ed87311dc130e55a63e890615d) C:\WINDOWS\system32\Drivers\pl40rwdm.sys
12:57:38.0128 0344 PL-40R ( UnsignedFile.Multi.Generic ) - warning
12:57:38.0128 0344 PL-40R - detected UnsignedFile.Multi.Generic (1)
12:57:38.0175 0344 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
12:57:38.0253 0344 PptpMiniport - ok
12:57:38.0253 0344 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
12:57:38.0331 0344 PSched - ok
12:57:38.0362 0344 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
12:57:38.0425 0344 Ptilink - ok
12:57:38.0471 0344 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\DRIVERS\PxHelp20.sys
12:57:38.0487 0344 PxHelp20 - ok
12:57:38.0487 0344 ql1080 - ok
12:57:38.0503 0344 Ql10wnt - ok
12:57:38.0503 0344 ql12160 - ok
12:57:38.0503 0344 ql1240 - ok
12:57:38.0518 0344 ql1280 - ok
12:57:38.0534 0344 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
12:57:38.0596 0344 RasAcd - ok
12:57:38.0628 0344 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
12:57:38.0706 0344 Rasl2tp - ok
12:57:38.0721 0344 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
12:57:38.0784 0344 RasPppoe - ok
12:57:38.0831 0344 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
12:57:38.0909 0344 Raspti - ok
12:57:38.0925 0344 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
12:57:39.0034 0344 Rdbss - ok
12:57:39.0050 0344 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
12:57:39.0112 0344 RDPCDD - ok
12:57:39.0159 0344 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
12:57:39.0237 0344 rdpdr - ok
12:57:39.0284 0344 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
12:57:39.0315 0344 RDPWD - ok
12:57:39.0362 0344 redbook (611bfd220305be3a85ae876ea47d4aa5) C:\WINDOWS\system32\DRIVERS\redbook.sys
12:57:39.0440 0344 redbook - ok
12:57:39.0487 0344 ROCKEYNT (1aba1d70f793c75c354195b521b4e735) C:\WINDOWS\system32\drivers\Rockeynt.sys
12:57:39.0487 0344 ROCKEYNT ( UnsignedFile.Multi.Generic ) - warning
12:57:39.0487 0344 ROCKEYNT - detected UnsignedFile.Multi.Generic (1)
12:57:39.0518 0344 RTLE8023xp (6fc7ddf3b8d94fba7ac664452d6478d4) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
12:57:39.0581 0344 RTLE8023xp - ok
12:57:39.0643 0344 sbp2port (b244960e5a1db8e9d5d17086de37c1e4) C:\WINDOWS\system32\DRIVERS\sbp2port.sys
12:57:39.0706 0344 sbp2port - ok
12:57:39.0768 0344 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
12:57:39.0800 0344 Secdrv - ok
12:57:39.0862 0344 Serial (b842729337c9b921615c40d3c1a1af96) C:\WINDOWS\system32\drivers\Serial.sys
12:57:39.0956 0344 Serial - ok
12:57:39.0987 0344 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
12:57:40.0065 0344 Sfloppy - ok
12:57:40.0081 0344 Simbad - ok
12:57:40.0143 0344 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
12:57:40.0221 0344 SLIP - ok
12:57:40.0221 0344 SODI - ok
12:57:40.0253 0344 Sparrow - ok
12:57:40.0300 0344 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
12:57:40.0393 0344 splitter - ok
12:57:40.0440 0344 sr (94610c8653635e4459316a0050d55ce7) C:\WINDOWS\system32\DRIVERS\sr.sys
12:57:40.0471 0344 sr - ok
12:57:40.0503 0344 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
12:57:40.0612 0344 Srv - ok
12:57:40.0675 0344 ssudmdm (8f299012ef58246f1c98de7b7e48dbf0) C:\WINDOWS\system32\DRIVERS\ssudmdm.sys
12:57:40.0675 0344 ssudmdm - ok
12:57:40.0721 0344 StillCam (06cda2a5a549bc455d004461e6bc5b33) C:\WINDOWS\system32\DRIVERS\serscan.sys
12:57:40.0800 0344 StillCam - ok
12:57:40.0846 0344 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
12:57:40.0940 0344 streamip - ok
12:57:40.0987 0344 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
12:57:41.0081 0344 swenum - ok
12:57:41.0128 0344 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
12:57:41.0206 0344 swmidi - ok
12:57:41.0206 0344 symc810 - ok
12:57:41.0221 0344 symc8xx - ok
12:57:41.0221 0344 sym_hi - ok
12:57:41.0237 0344 sym_u3 - ok
12:57:41.0253 0344 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
12:57:41.0331 0344 sysaudio - ok
12:57:41.0378 0344 tap0901 (11d34fc869f5bda29949fe3858380894) C:\WINDOWS\system32\DRIVERS\tap0901.sys
12:57:41.0378 0344 tap0901 ( UnsignedFile.Multi.Generic ) - warning
12:57:41.0378 0344 tap0901 - detected UnsignedFile.Multi.Generic (1)
12:57:41.0440 0344 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
12:57:41.0534 0344 Tcpip - ok
12:57:41.0565 0344 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
12:57:41.0643 0344 TDPIPE - ok
12:57:41.0659 0344 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
12:57:41.0737 0344 TDTCP - ok
12:57:41.0768 0344 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
12:57:41.0846 0344 TermDD - ok
12:57:41.0862 0344 TosIde - ok
12:57:41.0925 0344 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
12:57:41.0987 0344 Udfs - ok
12:57:42.0034 0344 ultra - ok
12:57:42.0081 0344 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
12:57:42.0175 0344 Update - ok
12:57:42.0206 0344 upperdev (ec01da44b090d2651fc032c8b9257232) C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys
12:57:42.0253 0344 upperdev - ok
12:57:42.0300 0344 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) C:\WINDOWS\system32\Drivers\usbaapl.sys
12:57:42.0331 0344 USBAAPL - ok
12:57:42.0378 0344 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
12:57:42.0456 0344 usbccgp - ok
12:57:42.0487 0344 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
12:57:42.0565 0344 usbehci - ok
12:57:42.0581 0344 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
12:57:42.0659 0344 usbhub - ok
12:57:42.0675 0344 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
12:57:42.0737 0344 usbohci - ok
12:57:42.0784 0344 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
12:57:42.0862 0344 usbprint - ok
12:57:42.0893 0344 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
12:57:42.0971 0344 usbscan - ok
12:57:43.0034 0344 usbser (1c888b000c2f9492f4b15b5b6b84873e) C:\WINDOWS\system32\drivers\usbser.sys
12:57:43.0128 0344 usbser - ok
12:57:43.0206 0344 UsbserFilt (4abd37cfbd710e64f01f9da8710c73f7) C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys
12:57:43.0237 0344 UsbserFilt - ok
12:57:43.0268 0344 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
12:57:43.0346 0344 usbstor - ok
12:57:43.0393 0344 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
12:57:43.0456 0344 usbuhci - ok
12:57:43.0487 0344 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
12:57:43.0550 0344 usbvideo - ok
12:57:43.0596 0344 usb_rndisx (b6cc50279d6cd28e090a5d33244adc9a) C:\WINDOWS\system32\DRIVERS\usb8023x.sys
12:57:43.0675 0344 usb_rndisx - ok
12:57:43.0706 0344 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
12:57:43.0768 0344 VgaSave - ok
12:57:43.0784 0344 ViaIde - ok
12:57:43.0862 0344 VolSnap (28a4b296b47782173c346e376cb374d1) C:\WINDOWS\system32\drivers\VolSnap.sys
12:57:43.0956 0344 VolSnap - ok
12:57:43.0956 0344 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
12:57:44.0065 0344 Wanarp - ok
12:57:44.0112 0344 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys
12:57:44.0128 0344 Wdf01000 - ok
12:57:44.0143 0344 WDICA - ok
12:57:44.0190 0344 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
12:57:44.0253 0344 wdmaud - ok
12:57:44.0315 0344 WinUSB (fd600b032e741eb6aab509fc630f7c42) C:\WINDOWS\system32\DRIVERS\WinUSB.sys
12:57:44.0315 0344 WinUSB - ok
12:57:44.0346 0344 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\Drivers\wpdusb.sys
12:57:44.0425 0344 WpdUsb - ok
12:57:44.0471 0344 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
12:57:44.0550 0344 WSTCODEC - ok
12:57:44.0596 0344 WudfPf (eaa6324f51214d2f6718977ec9ce0def) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
12:57:44.0643 0344 WudfPf - ok
12:57:44.0643 0344 WudfRd (f91ff1e51fca30b3c3981db7d5924252) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
12:57:44.0659 0344 WudfRd - ok
12:57:44.0675 0344 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
12:57:44.0721 0344 \Device\Harddisk0\DR0 - ok
12:57:44.0753 0344 MBR (0x1B8) (413fc2a0c716421b3158746d63736515) \Device\Harddisk2\DR2
12:57:44.0925 0344 \Device\Harddisk2\DR2 - ok
12:57:44.0925 0344 MBR (0x1B8) (413fc2a0c716421b3158746d63736515) \Device\Harddisk1\DR1
12:57:44.0940 0344 \Device\Harddisk1\DR1 - ok
12:57:45.0096 0344 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk3\DR6
12:57:45.0784 0344 \Device\Harddisk3\DR6 - ok
12:57:45.0784 0344 Boot (0x1200) (a556f9fdefe721129d5775c41de80f50) \Device\Harddisk0\DR0\Partition0
12:57:45.0784 0344 \Device\Harddisk0\DR0\Partition0 - ok
12:57:45.0784 0344 Boot (0x1200) (ca768e704877829503d848fa4b67b5b9) \Device\Harddisk2\DR2\Partition0
12:57:45.0784 0344 \Device\Harddisk2\DR2\Partition0 - ok
12:57:45.0800 0344 Boot (0x1200) (72e62f7959a5a3819c3e63233c3bef86) \Device\Harddisk1\DR1\Partition0
12:57:45.0800 0344 \Device\Harddisk1\DR1\Partition0 - ok
12:57:45.0800 0344 Boot (0x1200) (ee601f0899ead337e78bd66f541ad55b) \Device\Harddisk3\DR6\Partition0
12:57:45.0800 0344 \Device\Harddisk3\DR6\Partition0 - ok
12:57:45.0800 0344 ============================================================
12:57:45.0800 0344 Scan finished
12:57:45.0800 0344 ============================================================
12:57:45.0909 4656 Detected object count: 5
12:57:45.0909 4656 Actual detected object count: 5
12:57:58.0690 4656 MRxSmb ( UnsignedFile.Multi.Generic ) - skipped by user
12:57:58.0690 4656 MRxSmb ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:57:58.0690 4656 PARLDR2K ( UnsignedFile.Multi.Generic ) - skipped by user
12:57:58.0690 4656 PARLDR2K ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:57:58.0690 4656 PL-40R ( UnsignedFile.Multi.Generic ) - skipped by user
12:57:58.0690 4656 PL-40R ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:57:58.0690 4656 ROCKEYNT ( UnsignedFile.Multi.Generic ) - skipped by user
12:57:58.0690 4656 ROCKEYNT ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:57:58.0690 4656 tap0901 ( UnsignedFile.Multi.Generic ) - skipped by user
12:57:58.0690 4656 tap0901 ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:58:20.0018 4484 Deinitialize success

==
==
==

ComboFix 12-03-04.02 - Petr Novák 05.03.2012 13:33:33.1.4 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.3327.2883 [GMT 1:00]
Spuštěný z: c:\documents and settings\Petr Novák\Plocha\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Petr Novák\Local Settings\Data aplikací\7ec13515\U\00000001.@
c:\documents and settings\Petr Novák\Local Settings\Data aplikací\7ec13515\U\000000c0.@
c:\documents and settings\Petr Novák\Local Settings\Data aplikací\7ec13515\U\000000cb.@
c:\documents and settings\Petr Novák\Local Settings\Data aplikací\7ec13515\U\000000cf.@
c:\documents and settings\Petr Novák\Local Settings\Data aplikací\7ec13515\U\80000000.@
c:\documents and settings\Petr Novák\Local Settings\Data aplikací\7ec13515\U\800000c0.@
c:\documents and settings\Petr Novák\Local Settings\Data aplikací\7ec13515\U\800000cb.@
c:\documents and settings\Petr Novák\Local Settings\Data aplikací\7ec13515\U\800000cf.@
c:\documents and settings\Petr Novák\Local Settings\Data aplikací\7ec13515\X
c:\documents and settings\Petr Novák\WINDOWS
c:\program files\Program Files
c:\program files\Program Files\MySQL\data\ib_logfile0
c:\program files\Program Files\MySQL\data\ib_logfile1
c:\program files\Program Files\MySQL\data\ibdata1
c:\program files\Program Files\MySQL\data\martin.err
c:\program files\Program Files\MySQL\data\mysql\columns_priv.frm
c:\program files\Program Files\MySQL\data\mysql\columns_priv.MYD
c:\program files\Program Files\MySQL\data\mysql\columns_priv.MYI
c:\program files\Program Files\MySQL\data\mysql\db.frm
c:\program files\Program Files\MySQL\data\mysql\db.MYD
c:\program files\Program Files\MySQL\data\mysql\db.MYI
c:\program files\Program Files\MySQL\data\mysql\func.frm
c:\program files\Program Files\MySQL\data\mysql\func.MYD
c:\program files\Program Files\MySQL\data\mysql\func.MYI
c:\program files\Program Files\MySQL\data\mysql\help_category.frm
c:\program files\Program Files\MySQL\data\mysql\help_category.MYD
c:\program files\Program Files\MySQL\data\mysql\help_category.MYI
c:\program files\Program Files\MySQL\data\mysql\help_keyword.frm
c:\program files\Program Files\MySQL\data\mysql\help_keyword.MYD
c:\program files\Program Files\MySQL\data\mysql\help_keyword.MYI
c:\program files\Program Files\MySQL\data\mysql\help_relation.frm
c:\program files\Program Files\MySQL\data\mysql\help_relation.MYD
c:\program files\Program Files\MySQL\data\mysql\help_relation.MYI
c:\program files\Program Files\MySQL\data\mysql\help_topic.frm
c:\program files\Program Files\MySQL\data\mysql\help_topic.MYD
c:\program files\Program Files\MySQL\data\mysql\help_topic.MYI
c:\program files\Program Files\MySQL\data\mysql\host.frm
c:\program files\Program Files\MySQL\data\mysql\host.MYD
c:\program files\Program Files\MySQL\data\mysql\host.MYI
c:\program files\Program Files\MySQL\data\mysql\proc.frm
c:\program files\Program Files\MySQL\data\mysql\proc.MYD
c:\program files\Program Files\MySQL\data\mysql\proc.MYI
c:\program files\Program Files\MySQL\data\mysql\procs_priv.frm
c:\program files\Program Files\MySQL\data\mysql\procs_priv.MYD
c:\program files\Program Files\MySQL\data\mysql\procs_priv.MYI
c:\program files\Program Files\MySQL\data\mysql\tables_priv.frm
c:\program files\Program Files\MySQL\data\mysql\tables_priv.MYD
c:\program files\Program Files\MySQL\data\mysql\tables_priv.MYI
c:\program files\Program Files\MySQL\data\mysql\time_zone.frm
c:\program files\Program Files\MySQL\data\mysql\time_zone.MYD
c:\program files\Program Files\MySQL\data\mysql\time_zone.MYI
c:\program files\Program Files\MySQL\data\mysql\time_zone_leap_second.frm
c:\program files\Program Files\MySQL\data\mysql\time_zone_leap_second.MYD
c:\program files\Program Files\MySQL\data\mysql\time_zone_leap_second.MYI
c:\program files\Program Files\MySQL\data\mysql\time_zone_name.frm
c:\program files\Program Files\MySQL\data\mysql\time_zone_name.MYD
c:\program files\Program Files\MySQL\data\mysql\time_zone_name.MYI
c:\program files\Program Files\MySQL\data\mysql\time_zone_transition.frm
c:\program files\Program Files\MySQL\data\mysql\time_zone_transition.MYD
c:\program files\Program Files\MySQL\data\mysql\time_zone_transition.MYI
c:\program files\Program Files\MySQL\data\mysql\time_zone_transition_type.frm
c:\program files\Program Files\MySQL\data\mysql\time_zone_transition_type.MYD
c:\program files\Program Files\MySQL\data\mysql\time_zone_transition_type.MYI
c:\program files\Program Files\MySQL\data\mysql\user.frm
c:\program files\Program Files\MySQL\data\mysql\user.MYD
c:\program files\Program Files\MySQL\data\mysql\user.MYI
C:\Thumbs.db
c:\windows\$NtUninstallKB46123$
c:\windows\$NtUninstallKB46123$\2126591253\@
c:\windows\$NtUninstallKB46123$\2126591253\L\pzlhqdmy
c:\windows\$NtUninstallKB46123$\2126591253\loader.tlb
c:\windows\$NtUninstallKB46123$\2126591253\U\@00000001
c:\windows\$NtUninstallKB46123$\2126591253\U\@000000c0
c:\windows\$NtUninstallKB46123$\2126591253\U\@000000cb
c:\windows\$NtUninstallKB46123$\2126591253\U\@000000cf
c:\windows\$NtUninstallKB46123$\2126591253\U\@80000000
c:\windows\$NtUninstallKB46123$\2126591253\U\@800000c0
c:\windows\$NtUninstallKB46123$\2126591253\U\@800000cb
c:\windows\$NtUninstallKB46123$\2126591253\U\@800000cf
c:\windows\$NtUninstallKB46123$\2349476949
c:\windows\assembly\GAC_MSIL\desktop.ini
c:\windows\IsUn0405.exe
c:\windows\iun6002.exe
c:\windows\My.ini
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\system32\dds_log_trash.cmd
c:\windows\system32\dhcp.dll
c:\windows\system32\Install.txt
c:\windows\system32\KGyGaAvL.sys
c:\windows\system32\muzapp.exe
c:\windows\system32\npkcsvc.dll
c:\windows\system32\ReadMe.txt
c:\windows\system32\SET455.tmp
c:\windows\system32\SET45A.tmp
c:\windows\system32\SET461.tmp
c:\windows\system32\system32
c:\windows\system32\system32\msmapi32.ocx
c:\windows\system32\system32\msvcr71.dll
c:\windows\system32\system32\msvcrt20.dll
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
-------\Legacy_LVPrcMon
-------\Legacy_smserial
-------\Service_LVPrcMon
-------\Service_smserial
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-02-05 do 2012-03-05 )))))))))))))))))))))))))))))))
.
.
2012-03-05 11:16 . 2012-03-05 11:16 -------- d-----w- C:\SEO
2012-03-04 14:50 . 2012-03-04 14:50 -------- d-----r- c:\documents and settings\LocalService\Oblíbené položky
2012-03-04 14:43 . 2012-03-05 12:45 -------- d-sh--w- c:\documents and settings\Petr Novák\Local Settings\Data aplikací\7ec13515
2012-02-15 13:17 . 2012-01-11 19:07 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll
2012-02-15 13:17 . 2012-01-11 19:07 3072 ------w- c:\windows\system32\iacenc.dll
2012-02-10 10:25 . 2012-02-27 17:09 -------- d-----w- c:\documents and settings\Petr Novák\Data aplikací\Dropbox
2012-02-07 14:37 . 2012-02-17 15:02 134104 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
2012-02-07 14:37 . 2012-02-07 14:37 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll
2012-02-07 14:37 . 2012-02-17 15:02 97240 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll
2012-02-07 14:37 . 2012-02-17 15:02 801752 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll
2012-02-07 14:37 . 2012-02-17 15:02 45016 ----a-w- c:\program files\Mozilla Firefox\mozutils.dll
2012-02-07 14:37 . 2012-02-17 15:02 437208 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll
2012-02-07 14:37 . 2012-02-17 15:02 1911768 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll
2012-02-07 14:37 . 2012-02-17 15:02 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll
2012-02-07 14:37 . 2012-02-07 14:37 626688 ----a-w- c:\program files\Mozilla Firefox\msvcr80.dll
2012-02-07 14:37 . 2012-02-07 14:37 548864 ----a-w- c:\program files\Mozilla Firefox\msvcp80.dll
2012-02-07 14:37 . 2012-02-07 14:37 479232 ----a-w- c:\program files\Mozilla Firefox\msvcm80.dll
2012-02-07 14:37 . 2012-02-07 14:37 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll
2012-02-04 20:43 . 2012-02-04 20:43 -------- d-----w- C:\Zákazníci
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-05 12:00 . 2012-03-05 12:00 3436 ----a-w- C:\MbrScan.zip
2012-03-05 11:54 . 2012-03-05 11:54 62273 ----a-w- C:\xuetr.zip
2012-03-05 11:51 . 2012-03-05 11:51 995284 ----a-w- C:\PowerTool.zip
2012-01-19 18:10 . 2012-01-19 18:10 13824 ----a-w- c:\windows\_g6uninst.exe
2012-01-12 17:20 . 2008-04-14 12:00 1859968 ----a-w- c:\windows\system32\win32k.sys
2012-01-05 14:46 . 2011-11-14 20:37 3452 --sha-w- c:\documents and settings\All Users\Data aplikací\KGyGaAvL.sys
2012-01-05 14:46 . 2011-11-14 20:37 88 --sh--r- c:\documents and settings\All Users\Data aplikací\9D88B9C25C.sys
2011-12-23 19:58 . 2012-01-10 09:38 4659712 ----a-w- c:\windows\system32\Redemption.dll
2011-12-23 19:58 . 2011-12-23 19:58 90112 ----a-w- c:\windows\MAMCityDownload.ocx
2011-12-23 19:58 . 2011-12-23 19:58 325552 ----a-w- c:\windows\MASetupCaller.dll
2011-12-23 19:58 . 2011-12-23 19:58 30568 ----a-w- c:\windows\MusiccityDownload.exe
2011-12-23 19:58 . 2011-12-23 19:58 974848 ----a-w- c:\windows\system32\cis-2.4.dll
2011-12-23 19:58 . 2011-12-23 19:58 81920 ----a-w- c:\windows\system32\issacapi_bs-2.3.dll
2011-12-23 19:58 . 2011-12-23 19:58 65536 ----a-w- c:\windows\system32\issacapi_pe-2.3.dll
2011-12-23 19:58 . 2011-12-23 19:58 57344 ----a-w- c:\windows\system32\MTXSYNCICON.dll
2011-12-23 19:58 . 2011-12-23 19:58 57344 ----a-w- c:\windows\system32\MK_Lyric.dll
2011-12-23 19:58 . 2011-12-23 19:58 57344 ----a-w- c:\windows\system32\issacapi_se-2.3.dll
2011-12-23 19:58 . 2011-12-23 19:58 569344 ----a-w- c:\windows\system32\muzdecode.ax
2011-12-23 19:58 . 2011-12-23 19:58 491520 ----a-w- c:\windows\system32\muzapp.dll
2011-12-23 19:58 . 2011-12-23 19:58 49152 ----a-w- c:\windows\system32\MaJGUILib.dll
2011-12-23 19:58 . 2011-12-23 19:58 45056 ----a-w- c:\windows\system32\MaXMLProto.dll
2011-12-23 19:58 . 2011-12-23 19:58 45056 ----a-w- c:\windows\system32\MACXMLProto.dll
2011-12-23 19:58 . 2011-12-23 19:58 40960 ----a-w- c:\windows\system32\MTTELECHIP.dll
2011-12-23 19:58 . 2011-12-23 19:58 40960 ----a-w- c:\windows\system32\MAMACExtract.dll
2011-12-23 19:58 . 2011-12-23 19:58 352256 ----a-w- c:\windows\system32\MSLUR71.dll
2011-12-23 19:58 . 2011-12-23 19:58 258048 ----a-w- c:\windows\system32\muzoggsp.ax
2011-12-23 19:58 . 2011-12-23 19:58 245760 ----a-w- c:\windows\system32\MSCLib.dll
2011-12-23 19:58 . 2011-12-23 19:58 24576 ----a-w- c:\windows\system32\MASetupCleaner.exe
2011-12-23 19:58 . 2011-12-23 19:58 200704 ----a-w- c:\windows\system32\muzwmts.dll
2011-12-23 19:58 . 2011-12-23 19:58 155648 ----a-w- c:\windows\system32\MSFLib.dll
2011-12-23 19:58 . 2011-12-23 19:58 143360 ----a-w- c:\windows\system32\3DAudio.ax
2011-12-23 19:58 . 2011-12-23 19:58 14336 ----a-w- c:\windows\system32\avrt.dll
2011-12-23 19:58 . 2011-12-23 19:58 135168 ----a-w- c:\windows\system32\muzaf1.dll
2011-12-23 19:58 . 2011-12-23 19:58 131072 ----a-w- c:\windows\system32\muzmpgsp.ax
2011-12-23 19:58 . 2011-12-23 19:58 122880 ----a-w- c:\windows\system32\muzeffect.ax
2011-12-23 19:58 . 2011-12-23 19:58 118784 ----a-w- c:\windows\system32\MaDRM.dll
2011-12-23 19:58 . 2011-12-23 19:58 110592 ----a-w- c:\windows\system32\muzmp4sp.ax
2011-12-23 19:58 . 2012-01-10 09:38 821824 ----a-w- c:\windows\system32\dgderapi.dll
2011-12-23 19:58 . 2012-01-10 09:38 319456 ----a-w- c:\windows\system32\DIFxAPI.dll
2011-12-23 19:58 . 2012-01-10 09:38 20032 ----a-w- c:\windows\system32\drivers\dgderdrv.sys
2011-12-17 19:42 . 2008-04-14 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2011-12-17 19:42 . 2008-04-14 12:00 43520 ------w- c:\windows\system32\licmgr10.dll
2011-12-17 19:42 . 2008-04-14 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-12-16 12:23 . 2008-04-14 12:00 385024 ------w- c:\windows\system32\html.iec
2011-12-15 14:31 . 2011-12-15 14:31 184320 ----a-w- c:\windows\mpqctl.ocx
2011-12-08 04:22 . 2012-01-10 09:40 181432 ----a-w- c:\windows\system32\drivers\ssudmdm.sys
2011-12-08 04:22 . 2012-01-10 09:40 80184 ----a-w- c:\windows\system32\drivers\ssudbus.sys
2011-12-08 04:22 . 2012-01-10 09:40 581192 ----a-w- c:\windows\system32\WinUSBCoInstaller.dll
2011-12-08 04:22 . 2012-01-10 09:40 1112288 ----a-w- c:\windows\system32\WdfCoInstaller01007.dll
2012-02-17 15:02 . 2012-02-07 14:37 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 94208 ----a-w- c:\documents and settings\Petr Novák\Data aplikací\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 94208 ----a-w- c:\documents and settings\Petr Novák\Data aplikací\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 94208 ----a-w- c:\documents and settings\Petr Novák\Data aplikací\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 94208 ----a-w- c:\documents and settings\Petr Novák\Data aplikací\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Reader for Images Overlay]
@="{65929490-CD79-4C89-BCC7-9D4224A3534B}"
[HKEY_CLASSES_ROOT\CLSID\{65929490-CD79-4C89-BCC7-9D4224A3534B}]
2010-01-19 09:14 757584 ----a-w- c:\program files\Digimarc\Reader For Images 4.0\WMShell2.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Reader for Images Unknown Overlay]
@="{65929490-CD79-4C89-BCC7-9D4224A35150}"
[HKEY_CLASSES_ROOT\CLSID\{65929490-CD79-4C89-BCC7-9D4224A35150}]
2010-01-19 09:14 757584 ----a-w- c:\program files\Digimarc\Reader For Images 4.0\WMShell2.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Digimarc Watermark Initializer"="c:\program files\Digimarc\Reader For Images 4.0\WMInit.exe" [2010-01-19 80208]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2011-06-16 1500160]
"KiesPDLR"="c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2011-12-27 21392]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-03-27 13684736]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]
"NSU_agent"="c:\program files\Nokia\Nokia Software Updater\nsu3ui_agent.exe" [2011-08-11 169264]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-09-30 252296]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\Petr Novák\Nabídka Start\Programy\Po spuštění\
Dropbox.lnk - c:\documents and settings\Petr Novák\Data aplikací\Dropbox\bin\Dropbox.exe [2012-1-18 24246216]
G6 FTP Server 2.0 beta 7.lnk - c:\program files\G6 FTP Server\G6FTPSrv.exe [2012-1-19 417280]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
Monitor Apache Servers.lnk - c:\program files\Apache Group\Apache2\bin\ApacheMonitor.exe [2008-1-17 41042]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
2008-06-11 21:43 640376 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cyclone Wallpaper Changer]
2010-11-06 12:25 186368 ----a-w- c:\program files\Cyclone Wallpaper Changer\Cyclone Wallpaper Changer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesHelper]
2011-12-27 22:21 937360 ----a-w- c:\program files\Samsung\Kies\KiesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesPDLR]
2011-12-27 22:21 21392 ----a-w- c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesTrayAgent]
2011-12-27 22:21 3508624 ----a-w- c:\program files\Samsung\Kies\KiesTrayAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 07:52 1695232 ------w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 16:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Active@ Disk Monitor"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Total Commander\\TOTALCMD.EXE"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\Common Files\\soft602\\langserv.exe"=
"c:\\Program Files\\ICQLite\\ICQLite.exe"=
"c:\\Program Files\\OpenVPN\\bin\\openvpn.exe"=
"c:\\Program Files\\Jeyo\\JMC_WindowsMobile\\JMC_WM.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Documents and Settings\\Petr Novák\\Data aplikací\\Dropbox\\bin\\Dropbox.exe"=
.
R2 602XML Updater;602Updater;c:\program files\Common Files\soft602\602updsvc\602updsvc.exe [14.3.2011 9:59 84520]
R2 BioAdmin Server;BioAdmin Server;c:\program files\BioAdmin Server\BA_Server.exe [9.12.2008 1:00 303104]
R3 HCW85BDA;Hauppauge WinTV 885 Video Capture;c:\windows\system32\drivers\HCW85BDA.sys [10.4.2010 17:38 1482112]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.3.2010 13:16 753504]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 13:16 130384]
S2 PARLDR2K;ParLdr2k;\??\c:\windows\system32\drivers\parldr2k.sys --> c:\windows\system32\drivers\parldr2k.sys [?]
S3 adusbser;AnyDATA USB Device for Legacy Serial Communication;c:\windows\system32\DRIVERS\adusbser.sys --> c:\windows\system32\DRIVERS\adusbser.sys [?]
S3 AVerFx2hbtv;AVerMedia C038 USB Capture Card;c:\windows\system32\drivers\AVerFx2hbtv.sys [1.5.2010 7:15 199552]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\drivers\ssudbus.sys [10.1.2012 10:40 80184]
S3 Pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\Pcouffin.sys --> c:\windows\system32\Drivers\Pcouffin.sys [?]
S3 PL-40R;CASIO USB MIDI;c:\windows\system32\drivers\pl40rwdm.sys [4.12.2010 18:34 18048]
S3 SODI;SODI;c:\windows\system32\DRIVERS\sam_miniport.sys --> c:\windows\system32\DRIVERS\sam_miniport.sys [?]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\drivers\ssudmdm.sys [10.1.2012 10:40 181432]
S4 Active@ Disk Monitor;Active@ Disk Monitor;c:\program files\LSoft Technologies Inc\Active@ Hard Disk Monitor\DiskMonitorService.exe [6.5.2010 10:36 1127944]
S4 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [12.3.2010 19:54 135664]
S4 Nmwcchpt;Nmwcchpt; [x]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
LVPrcMon
smserial
.
Obsah adresáře 'Naplánované úlohy'
.
2010-10-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-12 01:37]
.
2010-10-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-12 01:37]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://192.168.1.155/
IE: &Přelož do češtiny - c:\program files\Seznam\Listicka\Toolbar.dll/5034
IE: Hlede&j v ČR - c:\program files\Seznam\Listicka\Toolbar.dll/5033
IE: Hledej v &encyklopedii - c:\program files\Seznam\Listicka\Toolbar.dll/5108
IE: Hledej ve &světě - c:\program files\Seznam\Listicka\Toolbar.dll/5035
IE: Hledej ve &zboží - c:\program files\Seznam\Listicka\Toolbar.dll/5107
IE: Převést cíl vazby do Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Převést do Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Připojit cíl vazby k existujícímu PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Připojit k existujícímu PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
TCP: Interfaces\{5CEA2958-A6C7-4F40-A7B6-042C551EB648}: NameServer = 192.168.1.254
DPF: {45830FF9-D9E6-4F41-86ED-B266933D8E90} - hxxp://192.168.1.155/RtspVaPgDec.cab
DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://192.168.1.156/activex/AMC.cab
FF - ProfilePath - c:\documents and settings\Petr Novák\Data aplikací\Mozilla\Firefox\Profiles\jgz4nhks.default\
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
.
.
------- Asociace souborů -------
.
txtfile="c:\program files\PSPad editor\PSPad.exe" "%1"
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
WebBrowser-{3041D03E-FD4B-44E0-B742-2D9B88305F98} - (no file)
WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
SafeBoot-WudfPf
SafeBoot-WudfRd
AddRemove-Adobe Photoshop 6.0.1 CE - c:\windows\ISUN0405.EXE
AddRemove-Cool's_Codec_pack_4.12 - c:\windows\iun6002.exe
AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - c:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - c:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-05_Sloan - c:\program files\Samsung\USB Drivers\05_Sloan\Uninstall.exe
AddRemove-06_Spencer - c:\program files\Samsung\USB Drivers\06_Spencer\Uninstall.exe
AddRemove-07_Schorl - c:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-08_EMPChipset - c:\program files\Samsung\USB Drivers\08_EMPChipset\Uninstall.exe
AddRemove-09_Hsp - c:\program files\Samsung\USB Drivers\09_Hsp\Uninstall.exe
AddRemove-11_HSP_Plus_Default - c:\program files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe
AddRemove-17_EMP_Chipset2 - c:\program files\Samsung\USB Drivers\17_EMP_Chipset2\Uninstall.exe
AddRemove-18_Zinia_Serial_Driver - c:\program files\Samsung\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe
AddRemove-19_VIA_driver - c:\program files\Samsung\USB Drivers\19_VIA_driver\Uninstall.exe
AddRemove-20_NXP_Driver - c:\program files\Samsung\USB Drivers\20_NXP_Driver\Uninstall.exe
AddRemove-21_Searsburg - c:\program files\Samsung\USB Drivers\21_Searsburg\Uninstall.exe
AddRemove-22_WiBro_WiMAX - c:\program files\Samsung\USB Drivers\22_WiBro_WiMAX\Uninstall.exe
AddRemove-24_flashusbdriver - c:\program files\Samsung\USB Drivers\24_flashusbdriver\Uninstall.exe
AddRemove-25_escape - c:\program files\Samsung\USB Drivers\25_escape\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-03-05 13:48
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySQL]
"ImagePath"="\"c:\program files\Apache Group\MySQL\bin\mysqld-nt\" --defaults-file=\"c:\program files\Apache Group\MySQL\my.ini\" MySQL"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(1508)
c:\documents and settings\Petr Novák\Data aplikací\Dropbox\bin\DropboxExt.14.dll
c:\program files\Digimarc\Reader For Images 4.0\WMShell2.dll
c:\program files\Digimarc\Reader For Images 4.0\Ltfilu.dll
c:\program files\Digimarc\Reader For Images 4.0\Ltkrnu.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\program files\Digimarc\Reader For Images 4.0\WMCacheS.dll
c:\program files\Microsoft Office\Office10\msohev.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_cze.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Apache Group\Apache2\bin\Apache.exe
c:\program files\Apache Group\MySQL\bin\mysqld-nt.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files\Apache Group\Apache2\bin\Apache.exe
c:\windows\system32\wscntfy.exe
c:\program files\Digimarc\Reader For Images 4.0\WMCache.exe
c:\program files\PC Connectivity Solution\ServiceLayer.exe
c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe
c:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe
c:\program files\Java\jre7\bin\javaws.exe
.
**************************************************************************
.
Celkový čas: 2012-03-05 13:53:52 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-03-05 12:53
.
Před spuštěním: Volných bajtů: 148 581 203 968
Po spuštění: Volných bajtů: 148 686 381 056
.
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
multi(0)disk(0)rdisk(2)partition(1)\WINDOWS="Microsoft Windows XP Professional (SSD)" /noexecute=optin /fastdetect
.
- - End Of File - - 4CA69531C7037EF2613E19618F969AF5

Martin123 · #4 Příspěvek od **Martin123** » 05 bře 2012 14:03

Přikládám další z těch logů.

Martin123 · #5 Příspěvek od **Martin123** » 05 bře 2012 14:04

A ještě ten poslední.

Martin123 · #6 Příspěvek od **Martin123** » 06 bře 2012 09:56

V době testů/čištění žádné mobily připojeny nebylo, jinak připojuji N52, Samsung, velmi sporadicky iPad.

K přesměrování už nedochází.

Soubor výše jsem otestoval a zdá se v poho:
https://www.virustotal.com/file/37757bc ... 331024129/

Martin123 · #7 Příspěvek od **Martin123** » 06 bře 2012 13:58

Report z comboFix posílám níže, to druhé do PM Ti pošlu za pár vteřin.

==

ComboFix 12-03-04.02 - Petr Novák 06.03.2012 13:36:08.2.4 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.3327.2570 [GMT 1:00]
Spuštěný z: c:\documents and settings\Petr Novák\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Petr Novák\Plocha\CFScript.txt
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\docume~1\ING~1.MAR\LOCALS~1\Temp\bad4021e-8b96-4726-a482-7caebf5bc001\CliSecureRT.dll
c:\documents and settings\Petr Novák\Local Settings\Temp\bad4021e-8b96-4726-a482-7caebf5bc001\CliSecureRT.dll
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_Nmwcchpt
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-02-06 do 2012-03-06 )))))))))))))))))))))))))))))))
.
.
2012-03-06 09:23 . 2012-03-06 10:48 -------- d-----w- C:\PETA PETA PETA PETA
2012-03-05 14:38 . 2012-03-05 14:41 -------- d-----w- C:\FA
2012-03-05 12:45 . 2012-03-05 12:45 -------- d-----w- c:\program files\MySQL
2012-03-05 11:16 . 2012-03-05 11:16 -------- d-----w- C:\SEO
2012-03-04 14:50 . 2012-03-04 14:50 -------- d-----r- c:\documents and settings\LocalService\Oblíbené položky
2012-03-04 14:43 . 2012-03-05 12:45 -------- d-sh--w- c:\documents and settings\Petr Novák\Local Settings\Data aplikací\7ec13515
2012-02-15 13:17 . 2012-01-11 19:07 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll
2012-02-15 13:17 . 2012-01-11 19:07 3072 ------w- c:\windows\system32\iacenc.dll
2012-02-10 10:25 . 2012-03-05 14:26 -------- d-----w- c:\documents and settings\Petr Novák\Data aplikací\Dropbox
2012-02-07 14:37 . 2012-02-17 15:02 134104 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
2012-02-07 14:37 . 2012-02-07 14:37 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll
2012-02-07 14:37 . 2012-02-17 15:02 97240 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll
2012-02-07 14:37 . 2012-02-17 15:02 801752 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll
2012-02-07 14:37 . 2012-02-17 15:02 45016 ----a-w- c:\program files\Mozilla Firefox\mozutils.dll
2012-02-07 14:37 . 2012-02-17 15:02 437208 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll
2012-02-07 14:37 . 2012-02-17 15:02 1911768 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll
2012-02-07 14:37 . 2012-02-17 15:02 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll
2012-02-07 14:37 . 2012-02-07 14:37 626688 ----a-w- c:\program files\Mozilla Firefox\msvcr80.dll
2012-02-07 14:37 . 2012-02-07 14:37 548864 ----a-w- c:\program files\Mozilla Firefox\msvcp80.dll
2012-02-07 14:37 . 2012-02-07 14:37 479232 ----a-w- c:\program files\Mozilla Firefox\msvcm80.dll
2012-02-07 14:37 . 2012-02-07 14:37 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-05 12:00 . 2012-03-05 12:00 3436 ----a-w- C:\MbrScan.zip
2012-03-05 11:54 . 2012-03-05 11:54 62273 ----a-w- C:\xuetr.zip
2012-03-05 11:51 . 2012-03-05 11:51 995284 ----a-w- C:\PowerTool.zip
2012-01-19 18:10 . 2012-01-19 18:10 13824 ----a-w- c:\windows\_g6uninst.exe
2012-01-12 17:20 . 2008-04-14 12:00 1859968 ----a-w- c:\windows\system32\win32k.sys
2012-01-05 14:46 . 2011-11-14 20:37 3452 --sha-w- c:\documents and settings\All Users\Data aplikací\KGyGaAvL.sys
2012-01-05 14:46 . 2011-11-14 20:37 88 --sh--r- c:\documents and settings\All Users\Data aplikací\9D88B9C25C.sys
2011-12-23 19:58 . 2012-01-10 09:38 4659712 ----a-w- c:\windows\system32\Redemption.dll
2011-12-23 19:58 . 2011-12-23 19:58 90112 ----a-w- c:\windows\MAMCityDownload.ocx
2011-12-23 19:58 . 2011-12-23 19:58 325552 ----a-w- c:\windows\MASetupCaller.dll
2011-12-23 19:58 . 2011-12-23 19:58 30568 ----a-w- c:\windows\MusiccityDownload.exe
2011-12-23 19:58 . 2011-12-23 19:58 974848 ----a-w- c:\windows\system32\cis-2.4.dll
2011-12-23 19:58 . 2011-12-23 19:58 81920 ----a-w- c:\windows\system32\issacapi_bs-2.3.dll
2011-12-23 19:58 . 2011-12-23 19:58 65536 ----a-w- c:\windows\system32\issacapi_pe-2.3.dll
2011-12-23 19:58 . 2011-12-23 19:58 57344 ----a-w- c:\windows\system32\MTXSYNCICON.dll
2011-12-23 19:58 . 2011-12-23 19:58 57344 ----a-w- c:\windows\system32\MK_Lyric.dll
2011-12-23 19:58 . 2011-12-23 19:58 57344 ----a-w- c:\windows\system32\issacapi_se-2.3.dll
2011-12-23 19:58 . 2011-12-23 19:58 569344 ----a-w- c:\windows\system32\muzdecode.ax
2011-12-23 19:58 . 2011-12-23 19:58 491520 ----a-w- c:\windows\system32\muzapp.dll
2011-12-23 19:58 . 2011-12-23 19:58 49152 ----a-w- c:\windows\system32\MaJGUILib.dll
2011-12-23 19:58 . 2011-12-23 19:58 45056 ----a-w- c:\windows\system32\MaXMLProto.dll
2011-12-23 19:58 . 2011-12-23 19:58 45056 ----a-w- c:\windows\system32\MACXMLProto.dll
2011-12-23 19:58 . 2011-12-23 19:58 40960 ----a-w- c:\windows\system32\MTTELECHIP.dll
2011-12-23 19:58 . 2011-12-23 19:58 40960 ----a-w- c:\windows\system32\MAMACExtract.dll
2011-12-23 19:58 . 2011-12-23 19:58 352256 ----a-w- c:\windows\system32\MSLUR71.dll
2011-12-23 19:58 . 2011-12-23 19:58 258048 ----a-w- c:\windows\system32\muzoggsp.ax
2011-12-23 19:58 . 2011-12-23 19:58 245760 ----a-w- c:\windows\system32\MSCLib.dll
2011-12-23 19:58 . 2011-12-23 19:58 24576 ----a-w- c:\windows\system32\MASetupCleaner.exe
2011-12-23 19:58 . 2011-12-23 19:58 200704 ----a-w- c:\windows\system32\muzwmts.dll
2011-12-23 19:58 . 2011-12-23 19:58 155648 ----a-w- c:\windows\system32\MSFLib.dll
2011-12-23 19:58 . 2011-12-23 19:58 143360 ----a-w- c:\windows\system32\3DAudio.ax
2011-12-23 19:58 . 2011-12-23 19:58 14336 ----a-w- c:\windows\system32\avrt.dll
2011-12-23 19:58 . 2011-12-23 19:58 135168 ----a-w- c:\windows\system32\muzaf1.dll
2011-12-23 19:58 . 2011-12-23 19:58 131072 ----a-w- c:\windows\system32\muzmpgsp.ax
2011-12-23 19:58 . 2011-12-23 19:58 122880 ----a-w- c:\windows\system32\muzeffect.ax
2011-12-23 19:58 . 2011-12-23 19:58 118784 ----a-w- c:\windows\system32\MaDRM.dll
2011-12-23 19:58 . 2011-12-23 19:58 110592 ----a-w- c:\windows\system32\muzmp4sp.ax
2011-12-23 19:58 . 2012-01-10 09:38 821824 ----a-w- c:\windows\system32\dgderapi.dll
2011-12-23 19:58 . 2012-01-10 09:38 319456 ----a-w- c:\windows\system32\DIFxAPI.dll
2011-12-23 19:58 . 2012-01-10 09:38 20032 ----a-w- c:\windows\system32\drivers\dgderdrv.sys
2011-12-17 19:42 . 2008-04-14 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2011-12-17 19:42 . 2008-04-14 12:00 43520 ------w- c:\windows\system32\licmgr10.dll
2011-12-17 19:42 . 2008-04-14 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-12-16 12:23 . 2008-04-14 12:00 385024 ------w- c:\windows\system32\html.iec
2011-12-15 14:31 . 2011-12-15 14:31 184320 ----a-w- c:\windows\mpqctl.ocx
2011-12-08 04:22 . 2012-01-10 09:40 181432 ----a-w- c:\windows\system32\drivers\ssudmdm.sys
2011-12-08 04:22 . 2012-01-10 09:40 80184 ----a-w- c:\windows\system32\drivers\ssudbus.sys
2011-12-08 04:22 . 2012-01-10 09:40 581192 ----a-w- c:\windows\system32\WinUSBCoInstaller.dll
2011-12-08 04:22 . 2012-01-10 09:40 1112288 ----a-w- c:\windows\system32\WdfCoInstaller01007.dll
2012-02-17 15:02 . 2012-02-07 14:37 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
--- c:\windows\system32\iacenc.dll ---
Company:
File Description: Microsoft Audio Codec Placeholder
File Version: 1, 0, 0, 0
Product Name: Microsoft Audio Codec Placeholder
Copyright: Copyright (C) 2008
Original Filename: iacenc.dll
File size: 3072
Created time: 2012-02-15 13:17
Modified time: 2012-01-11 19:07
MD5: 398F96366356C1BCCF42030D8D99A702
SHA1: F0364057B47E7C79E5000AE467379381BA931FE1
.
.
((((((((((((((((((((((((((((( SnapShot@2012-03-05_12.48.43 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-01-05 16:36 . 2012-03-06 12:48 1387512 c:\windows\system32\FNTCACHE.DAT
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 94208 ----a-w- c:\documents and settings\Petr Novák\Data aplikací\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 94208 ----a-w- c:\documents and settings\Petr Novák\Data aplikací\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 94208 ----a-w- c:\documents and settings\Petr Novák\Data aplikací\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 94208 ----a-w- c:\documents and settings\Petr Novák\Data aplikací\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Reader for Images Overlay]
@="{65929490-CD79-4C89-BCC7-9D4224A3534B}"
[HKEY_CLASSES_ROOT\CLSID\{65929490-CD79-4C89-BCC7-9D4224A3534B}]
2010-01-19 09:14 757584 ----a-w- c:\program files\Digimarc\Reader For Images 4.0\WMShell2.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Reader for Images Unknown Overlay]
@="{65929490-CD79-4C89-BCC7-9D4224A35150}"
[HKEY_CLASSES_ROOT\CLSID\{65929490-CD79-4C89-BCC7-9D4224A35150}]
2010-01-19 09:14 757584 ----a-w- c:\program files\Digimarc\Reader For Images 4.0\WMShell2.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Digimarc Watermark Initializer"="c:\program files\Digimarc\Reader For Images 4.0\WMInit.exe" [2010-01-19 80208]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2011-06-16 1500160]
"KiesPDLR"="c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2011-12-27 21392]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-03-27 13684736]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]
"NSU_agent"="c:\program files\Nokia\Nokia Software Updater\nsu3ui_agent.exe" [2011-08-11 169264]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-09-30 252296]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\Petr Novák\Nabídka Start\Programy\Po spuštění\
Dropbox.lnk - c:\documents and settings\Petr Novák\Data aplikací\Dropbox\bin\Dropbox.exe [2012-2-15 24246216]
G6 FTP Server 2.0 beta 7.lnk - c:\program files\G6 FTP Server\G6FTPSrv.exe [2012-1-19 417280]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
Monitor Apache Servers.lnk - c:\program files\Apache Group\Apache2\bin\ApacheMonitor.exe [2008-1-17 41042]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
2008-06-11 21:43 640376 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cyclone Wallpaper Changer]
2010-11-06 12:25 186368 ----a-w- c:\program files\Cyclone Wallpaper Changer\Cyclone Wallpaper Changer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesHelper]
2011-12-27 22:21 937360 ----a-w- c:\program files\Samsung\Kies\KiesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesPDLR]
2011-12-27 22:21 21392 ----a-w- c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesTrayAgent]
2011-12-27 22:21 3508624 ----a-w- c:\program files\Samsung\Kies\KiesTrayAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 07:52 1695232 ------w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 16:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Active@ Disk Monitor"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Total Commander\\TOTALCMD.EXE"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\Common Files\\soft602\\langserv.exe"=
"c:\\Program Files\\ICQLite\\ICQLite.exe"=
"c:\\Program Files\\OpenVPN\\bin\\openvpn.exe"=
"c:\\Program Files\\Jeyo\\JMC_WindowsMobile\\JMC_WM.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Documents and Settings\\Petr Novák\\Data aplikací\\Dropbox\\bin\\Dropbox.exe"=
.
R2 602XML Updater;602Updater;c:\program files\Common Files\soft602\602updsvc\602updsvc.exe [14.3.2011 9:59 84520]
R2 BioAdmin Server;BioAdmin Server;c:\program files\BioAdmin Server\BA_Server.exe [9.12.2008 1:00 303104]
R3 HCW85BDA;Hauppauge WinTV 885 Video Capture;c:\windows\system32\drivers\HCW85BDA.sys [10.4.2010 17:38 1482112]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.3.2010 13:16 753504]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 13:16 130384]
S2 PARLDR2K;ParLdr2k;\??\c:\windows\system32\drivers\parldr2k.sys --> c:\windows\system32\drivers\parldr2k.sys [?]
S3 adusbser;AnyDATA USB Device for Legacy Serial Communication;c:\windows\system32\DRIVERS\adusbser.sys --> c:\windows\system32\DRIVERS\adusbser.sys [?]
S3 AVerFx2hbtv;AVerMedia C038 USB Capture Card;c:\windows\system32\drivers\AVerFx2hbtv.sys [1.5.2010 7:15 199552]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\drivers\ssudbus.sys [10.1.2012 10:40 80184]
S3 Pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\Pcouffin.sys --> c:\windows\system32\Drivers\Pcouffin.sys [?]
S3 PL-40R;CASIO USB MIDI;c:\windows\system32\drivers\pl40rwdm.sys [4.12.2010 18:34 18048]
S3 SODI;SODI;c:\windows\system32\DRIVERS\sam_miniport.sys --> c:\windows\system32\DRIVERS\sam_miniport.sys [?]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\drivers\ssudmdm.sys [10.1.2012 10:40 181432]
S4 Active@ Disk Monitor;Active@ Disk Monitor;c:\program files\LSoft Technologies Inc\Active@ Hard Disk Monitor\DiskMonitorService.exe [6.5.2010 10:36 1127944]
S4 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [12.3.2010 19:54 135664]
.
Obsah adresáře 'Naplánované úlohy'
.
2010-10-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-12 01:37]
.
2010-10-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-12 01:37]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://192.168.1.155/
IE: &Přelož do češtiny - c:\program files\Seznam\Listicka\Toolbar.dll/5034
IE: Hlede&j v ČR - c:\program files\Seznam\Listicka\Toolbar.dll/5033
IE: Hledej v &encyklopedii - c:\program files\Seznam\Listicka\Toolbar.dll/5108
IE: Hledej ve &světě - c:\program files\Seznam\Listicka\Toolbar.dll/5035
IE: Hledej ve &zboží - c:\program files\Seznam\Listicka\Toolbar.dll/5107
IE: Převést cíl vazby do Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Převést do Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Připojit cíl vazby k existujícímu PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Připojit k existujícímu PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
TCP: Interfaces\{5CEA2958-A6C7-4F40-A7B6-042C551EB648}: NameServer = 192.168.1.254
DPF: {45830FF9-D9E6-4F41-86ED-B266933D8E90} - hxxp://192.168.1.155/RtspVaPgDec.cab
DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://192.168.1.156/activex/AMC.cab
FF - ProfilePath - c:\documents and settings\Petr Novák\Data aplikací\Mozilla\Firefox\Profiles\jgz4nhks.default\
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-03-06 13:49
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySQL]
"ImagePath"="\"c:\program files\Apache Group\MySQL\bin\mysqld-nt\" --defaults-file=\"c:\program files\Apache Group\MySQL\my.ini\" MySQL"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(3096)
c:\documents and settings\Petr Novák\Data aplikací\Dropbox\bin\DropboxExt.14.dll
c:\program files\Digimarc\Reader For Images 4.0\WMShell2.dll
c:\program files\Digimarc\Reader For Images 4.0\Ltfilu.dll
c:\program files\Digimarc\Reader For Images 4.0\Ltkrnu.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\program files\Digimarc\Reader For Images 4.0\WMCacheS.dll
c:\program files\Microsoft Office\Office10\msohev.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_cze.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Apache Group\Apache2\bin\Apache.exe
c:\program files\Apache Group\MySQL\bin\mysqld-nt.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files\Apache Group\Apache2\bin\Apache.exe
c:\program files\Digimarc\Reader For Images 4.0\WMCache.exe
c:\windows\system32\wscntfy.exe
c:\program files\PC Connectivity Solution\ServiceLayer.exe
c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe
c:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe
.
**************************************************************************
.
Celkový čas: 2012-03-06 13:54:15 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-03-06 12:54
ComboFix2.txt 2012-03-05 12:53
.
Před spuštěním: Volných bajtů: 148 375 314 432
Po spuštění: Volných bajtů: 148 383 707 136
.
- - End Of File - - BACDF5305BC5CF77146A7243688644FB

Martin123 · #8 Příspěvek od **Martin123** » 07 bře 2012 10:04

Vše se zdá, že šlape tak, jak má.
Zmizela nějaká nastavení (prohlížeče, něco v hosts a podobně), ale to jsou drobnosti.

Chtěl bych se tě ještě zeptat na tři drobnosti:

- lze vytipovat, kde jsem to chytil? (jde mi o to, jestli to může být např. nějakou chybějící záplatou na něco, případně jestli to je spíš pravděpodobně jen nějakou neuvážeností v podobě spuštění něčeho infikovaného... byť si právě nic podobného z poslední doby vůbec neuvědomuji),

- jeden z disků v tomto mém počítači je nasdílen ostatním kolegům do celé sítě, je reálné se obávat nákazy i u nich?

- a asi hádám (nakonec, máš to i v podpisu), že bych měl změnit veškerá hesla na e-maily, ftp a podobně? (jen je jich velká hromada a tak se raději ptám, než se do té nemalé práce dám)

Děkuji moc.

Martin123 · #9 Příspěvek od **Martin123** » 07 bře 2012 11:47

K té možné nákazy kolegů v síti, poradil bys mi, prosím, co u nich spustit, abych se ujistil, jak tomu je, jsou-li pozitivní či v pohodě?

Martin123 · #10 Příspěvek od **Martin123** » 07 bře 2012 11:58

Naughty píše:mrkni zdali se nachází složka c:\documents and settings\Petr Novák\Local Settings\Data aplikací\7ec13515 pokud ano, vymaž ji, neměla by se bránit.

Byla tam, smazal jsem, nebránila se.

A na ty ostatní počítače jdu lovit...

Martin123 · #11 Příspěvek od **Martin123** » 07 bře 2012 12:52

Tak se všechny tváří, že jsou v pohodě.

Děkuji moc za pomoc.

(drobnost napíšu ještě v SZ)

VIRY.CZ

Problém s přesmerováním na abnow.com

Problém s přesmerováním na abnow.com

Re: Problém s přesmerováním na abnow.com

Re: Problém s přesmerováním na abnow.com

Re: Problém s přesmerováním na abnow.com

Re: Problém s přesmerováním na abnow.com

Re: Problém s přesmerováním na abnow.com

Re: Problém s přesmerováním na abnow.com

Re: Problém s přesmerováním na abnow.com

Re: Problém s přesmerováním na abnow.com

Re: Problém s přesmerováním na abnow.com

Re: Problém s přesmerováním na abnow.com