Logfile of random's system information tool 1.06 (written by random/random)
Run by Smudy at 2012-03-10 11:36:14
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 10 GB (16%) free of 60 GB
Total RAM: 2015 MB (69% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:36:19, on 10.3.2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
D:\Dokumenty\viry\RSIT.exe
C:\Program Files\trend micro\Smudy.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.centrum.cz/#utm_source=icq&u ... um=centrum
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - - (no file)
O1 - Hosts: ˙ţ127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{9783E68B-AEAD-4271-864F-D0C12BB83B40}: NameServer = 78.157.167.7,78.157.167.57
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - (no file)
O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Realtime Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sony Ericsson PCCompanion - Avanquest Software - C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
--
End of file - 5718 bytes
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-01-03 63912]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-02-09 41760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2011-02-09 79648]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-08-16 7630848]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2006-08-16 86016]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2009-03-27 17567744]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2011-09-23 258512]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-01-03 843712]
"WinampAgent"=C:\Program Files\Winamp\winampa.exe [2011-12-09 74752]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2006-01-12 155648]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QIP2005]
C:\Program Files\QIP\qip.exe [2010-06-28 3332608]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Companion]
C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe [2011-10-21 433872]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^HP Digital Imaging Monitor.lnk]
C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe [2006-02-19 288472]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\wpdshserviceobj.dll [2008-06-13 133632]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\QIP\qip.exe"="C:\Program Files\QIP\qip.exe:*:Enabled:Quiet Internet Pager"
"C:\Program Files\Turbine\Turbine Download Manager\TurbineMessageService.exe"="C:\Program Files\Turbine\Turbine Download Manager\TurbineMessageService.exe:*:Enabled:TurbineMessageService"
"C:\Program Files\Turbine\Turbine Download Manager\TurbineNetworkService.exe"="C:\Program Files\Turbine\Turbine Download Manager\TurbineNetworkService.exe:*:Enabled:TurbineNetworkService"
"C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"
"C:\Program Files\Sony Ericsson\Update Engine\Sony Ericsson Update Engine.exe"="C:\Program Files\Sony Ericsson\Update Engine\Sony Ericsson Update Engine.exe:*:Enabled:Update Engine"
"C:\Program Files\ICQ7.5\ICQ.exe"="C:\Program Files\ICQ7.5\ICQ.exe:*:Enabled:ICQ7.5"
"C:\Program Files\SopCast\adv\SopAdver.exe"="C:\Program Files\SopCast\adv\SopAdver.exe:*:Disabled:SopCast Adver"
"C:\Program Files\SopCast\SopCast.exe"="C:\Program Files\SopCast\SopCast.exe:*:Enabled:SopCast Main Application"
"C:\Program Files\Internet Explorer\iexplore.exe"="C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\Valve\hl.exe"="C:\Program Files\Valve\hl.exe:*:Enabled:Half-Life Launcher"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\ICQ7.5\ICQ.exe"="C:\Program Files\ICQ7.5\ICQ.exe:*:Enabled:ICQ7.5"
======List of files/folders created in the last 1 months======
2012-03-04 14:08:25 ----D---- C:\Program Files\Valve
2012-03-02 15:12:45 ----D---- C:\Program Files\Winamp Detect
2012-03-02 15:12:29 ----D---- C:\Program Files\Winamp
2012-03-02 15:12:29 ----D---- C:\Documents and Settings\Smudy\Data aplikací\Winamp
2012-03-02 15:12:29 ----D---- C:\Documents and Settings\Smudy\Data aplikací\OpenCandy
2012-02-27 22:08:19 ----D---- C:\Documents and Settings\Smudy\Data aplikací\Publish Providers
2012-02-27 17:50:02 ----N---- C:\WINDOWS\system32\dbmsqlgc.dll
2012-02-27 17:50:01 ----N---- C:\WINDOWS\system32\dbmsgnet.dll
2012-02-27 17:49:44 ----D---- C:\Program Files\Microsoft SQL Server
2012-02-27 17:49:30 ----D---- C:\Documents and Settings\Smudy\Data aplikací\Sony
2012-02-27 17:48:19 ----D---- C:\Program Files\Vstplugins
2012-02-27 17:48:15 ----D---- C:\Documents and Settings\All Users\Data aplikací\Sony
2012-02-27 17:47:54 ----D---- C:\Program Files\Sony
2012-02-27 17:43:46 ----D---- C:\Program Files\Sony Setup
2012-02-27 15:10:57 ----D---- C:\Documents and Settings\Smudy\Data aplikací\Realore_Whiterra Roads Of Rome
2012-02-26 19:20:44 ----AD---- C:\Documents and Settings\All Users\Data aplikací\TEMP
2012-02-26 19:19:51 ----D---- C:\Program Files\RoadsofRome_at
2012-02-18 17:37:29 ----HDC---- C:\WINDOWS\$NtUninstallKB2660465$
2012-02-18 17:23:09 ----HDC---- C:\WINDOWS\$NtUninstallKB2661637$
2012-02-18 16:37:03 ----D---- C:\Program Files\Recuva
2012-02-16 14:07:57 ----N---- C:\WINDOWS\system32\iacenc.dll
======List of files/folders modified in the last 1 months======
2012-03-10 11:36:16 ----D---- C:\Program Files\trend micro
2012-03-10 11:36:15 ----D---- C:\WINDOWS\Temp
2012-03-10 11:25:07 ----D---- C:\WINDOWS\Microsoft.NET
2012-03-10 11:21:03 ----D---- C:\WINDOWS\system32\CatRoot2
2012-03-10 11:18:14 ----D---- C:\WINDOWS\system32\drivers
2012-03-09 22:46:12 ----A---- C:\WINDOWS\SchedLgU.Txt
2012-03-09 22:46:05 ----SHD---- C:\WINDOWS\Installer
2012-03-09 22:46:04 ----HD---- C:\Config.Msi
2012-03-09 22:45:58 ----D---- C:\WINDOWS\system32
2012-03-09 22:45:58 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2012-03-09 22:45:52 ----RSD---- C:\WINDOWS\assembly
2012-03-09 22:45:49 ----D---- C:\WINDOWS\WinSxS
2012-03-09 22:43:39 ----D---- C:\WINDOWS\Prefetch
2012-03-09 15:05:27 ----D---- C:\Documents and Settings\Smudy\Data aplikací\Skype
2012-03-09 13:03:29 ----A---- C:\WINDOWS\NeroDigital.ini
2012-03-05 20:26:55 ----D---- C:\Documents and Settings\Smudy\Data aplikací\vlc
2012-03-04 14:08:25 ----D---- C:\Program Files
2012-03-03 20:31:25 ----D---- C:\WINDOWS
2012-03-03 09:33:57 ----D---- C:\WINDOWS\Debug
2012-03-01 21:44:37 ----D---- C:\Documents and Settings\All Users\Data aplikací\Microsoft Help
2012-03-01 21:43:52 ----D---- C:\Program Files\Common Files\Microsoft Shared
2012-03-01 21:41:53 ----A---- C:\WINDOWS\win.ini
2012-03-01 16:53:33 ----D---- C:\Documents and Settings\All Users\Data aplikací\Adobe
2012-03-01 16:53:32 ----D---- C:\Program Files\Common Files\Adobe
2012-03-01 16:53:28 ----D---- C:\Program Files\Adobe
2012-02-27 17:50:01 ----HD---- C:\Program Files\Uninstall Information
2012-02-18 20:02:18 ----D---- C:\Program Files\Microsoft Silverlight
2012-02-18 17:37:38 ----A---- C:\WINDOWS\system32\MRT.exe
2012-02-18 17:37:31 ----RSHDC---- C:\WINDOWS\system32\dllcache
2012-02-18 17:37:31 ----HD---- C:\WINDOWS\inf
2012-02-18 17:34:51 ----D---- C:\Program Files\Internet Explorer
2012-02-18 17:34:44 ----D---- C:\WINDOWS\ie8updates
2012-02-18 17:34:37 ----HD---- C:\WINDOWS\$hf_mig$
2012-02-18 09:15:59 ----D---- C:\Program Files\Mozilla Firefox
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 AmdK8;AMD Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2005-03-09 36352]
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2012-02-16 137416]
R1 avkmgr;avkmgr; C:\WINDOWS\system32\DRIVERS\avkmgr.sys [2011-09-15 36000]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2010-06-17 28520]
R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2011-09-15 74640]
R2 CX23880;WinFast CX2388x WDM Video Capture.; C:\WINDOWS\system32\drivers\cx88vid.sys [2005-06-28 163584]
R2 CXTUNE;WinFast CX2388x WDM TVTuner.; C:\WINDOWS\system32\drivers\CX88TUNE.sys [2005-06-28 30976]
R3 CXAVXBAR;WinFast CX2388x WDM Crossbar.; C:\WINDOWS\system32\drivers\cxavxbar.sys [2005-06-28 9728]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2009-03-30 5063168]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-08-16 3959712]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2006-07-11 57856]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2006-07-11 20480]
R3 seehcri;Sony Ericsson seehcri Device Driver; C:\WINDOWS\system32\DRIVERS\seehcri.sys [2008-01-09 27632]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Ovladač Miniport otevřeného hostitelského řadiče Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 usbstor;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbvideo;Zobrazovací zařízení USB (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-13 121984]
R3 xcpip;Ovladač protokolu TCP/IP; C:\WINDOWS\system32\drivers\xcpip.sys []
R3 xpsec;Ovladač IPSEC; C:\WINDOWS\system32\drivers\xpsec.sys []
S3 Ambfilt;Ambfilt; C:\WINDOWS\system32\drivers\Ambfilt.sys [2008-08-05 1684736]
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 GMSIPCI;GMSIPCI; \??\E:\INSTALL\GMSIPCI.SYS []
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2006-04-13 49664]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2006-04-13 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2006-04-13 21568]
S3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys []
S3 Monfilt;Monfilt; C:\WINDOWS\system32\drivers\Monfilt.sys [2006-01-04 1389056]
S3 MSICPL;MSICPL; \??\E:\install4\MSICPL.sys []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 nprbxkbnh.sys;nprbxkbnh.sys; \??\C:\WINDOWS\system32\drivers\nprbxkbnh.sys []
S3 NTACCESS;NTACCESS; \??\E:\NTACCESS.sys []
S3 s0016bus;Sony Ericsson Device 0016 driver (WDM); C:\WINDOWS\system32\DRIVERS\s0016bus.sys [2008-05-16 89256]
S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\s0016mdfl.sys [2008-05-16 15016]
S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\s0016mdm.sys [2008-05-16 120744]
S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\s0016mgmt.sys [2008-05-16 114216]
S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS); C:\WINDOWS\system32\DRIVERS\s0016nd5.sys [2008-05-16 25512]
S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\s0016obex.sys [2008-05-16 110632]
S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM); C:\WINDOWS\system32\DRIVERS\s0016unic.sys [2008-05-16 115752]
S3 s1018bus;Sony Ericsson Device 1018 driver (WDM); C:\WINDOWS\system32\DRIVERS\s1018bus.sys [2009-03-25 86824]
S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\s1018mdfl.sys [2009-03-25 15016]
S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\s1018mdm.sys [2009-03-25 114728]
S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\s1018mgmt.sys [2009-03-25 106208]
S3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS); C:\WINDOWS\system32\DRIVERS\s1018nd5.sys [2009-03-25 26024]
S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\s1018obex.sys [2009-03-25 104744]
S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM); C:\WINDOWS\system32\DRIVERS\s1018unic.sys [2009-03-25 109864]
S3 SetupNTGLM7X;SetupNTGLM7X; \??\E:\NTGLM7X.sys []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 WFIOCTL;WFIOCTL; \??\C:\Program Files\WinFast\WFTVFM\WFIOCTL.SYS []
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2008-06-13 38528]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2008-06-13 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-18 12032]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AntiVirService;Avira Realtime Protection; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2011-09-23 110032]
R2 AntiVirSchedulerService;Avira Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2011-09-23 86224]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2011-02-02 153376]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-08-16 155715]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2006-03-03 69632]
R2 UleadBurningHelper;Ulead Burning Helper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [2004-12-13 49152]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 MSSQL$SONY_MEDIAMGR;MSSQL$SONY_MEDIAMGR; C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe [2002-12-17 7520337]
S3 MSSQLServerADHelper;MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [2002-12-17 66112]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2006-11-10 774144]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion; C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [2011-06-29 155344]
S3 SQLAgent$SONY_MEDIAMGR;SQLAgent$SONY_MEDIAMGR; C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE [2002-12-17 311872]
S3 usprserv;User Privilege Service; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
-----------------EOF-----------------
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Prosím o kontrolu logu. Děkuji
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Re: Prosím o kontrolu logu. Děkuji
RogueKiller V7.3.0 [03/08/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Podpora: http://www.geekstogo.com/forum/files/fi ... guekiller/
Operační systém: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Spuštěno v: Normální režim
Uživatel: Smudy [Práva správce]
Mode: Kontrola -- Date: 03/10/2012 12:44:21
¤¤¤ Škodlivé procesy: 0 ¤¤¤
¤¤¤ Záznamy Registrů: 4 ¤¤¤
[DNS] HKLM\[...]\ControlSet001\Parameters\Interfaces\{9783E68B-AEAD-4271-864F-D0C12BB83B40} : NameServer (78.157.167.7,78.157.167.57) -> FOUND
[DNS] HKLM\[...]\ControlSet002\Parameters\Interfaces\{9783E68B-AEAD-4271-864F-D0C12BB83B40} : NameServer (78.157.167.7,78.157.167.57) -> FOUND
[DNS] HKLM\[...]\ControlSet003\Parameters\Interfaces\{9783E68B-AEAD-4271-864F-D0C12BB83B40} : NameServer (78.157.167.7,78.157.167.57) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
¤¤¤ Zvláštní soubory / Složky: ¤¤¤
¤¤¤ Ovladač: [NAHRÁNO] ¤¤¤
SSDT[25] : NtClose @ 0x805B1DBA -> HOOKED (Unknown @ 0xBA7AF18C)
SSDT[41] : NtCreateKey @ 0x8061AD1C -> HOOKED (Unknown @ 0xBA7AF146)
SSDT[45] : NtCreatePagingFile @ 0x805A0EFE -> HOOKED (a347bus.sys @ 0xB9F80B00)
SSDT[50] : NtCreateSection @ 0x805A0842 -> HOOKED (Unknown @ 0xBA7AF196)
SSDT[53] : NtCreateThread @ 0x805C739A -> HOOKED (Unknown @ 0xBA7AF13C)
SSDT[63] : NtDeleteKey @ 0x8061B1B8 -> HOOKED (Unknown @ 0xBA7AF14B)
SSDT[65] : NtDeleteValueKey @ 0x8061B388 -> HOOKED (Unknown @ 0xBA7AF155)
SSDT[68] : NtDuplicateObject @ 0x805B39CE -> HOOKED (Unknown @ 0xBA7AF187)
SSDT[71] : NtEnumerateKey @ 0x8061B568 -> HOOKED (a347bus.sys @ 0xB9F815DC)
SSDT[73] : NtEnumerateValueKey @ 0x8061B7D2 -> HOOKED (a347bus.sys @ 0xB9F8D120)
SSDT[98] : NtLoadKey @ 0x8061CF40 -> HOOKED (Unknown @ 0xBA7AF15A)
SSDT[116] : NtOpenFile @ 0x8056F4AA -> HOOKED (a347bus.sys @ 0xB9F80B40)
SSDT[119] : NtOpenKey @ 0x8061C0FA -> HOOKED (a347bus.sys @ 0xB9F8CFA4)
SSDT[122] : NtOpenProcess @ 0x805C1428 -> HOOKED (Unknown @ 0xBA7AF128)
SSDT[128] : NtOpenThread @ 0x805C16B4 -> HOOKED (Unknown @ 0xBA7AF12D)
SSDT[160] : NtQueryKey @ 0x8061C43C -> HOOKED (a347bus.sys @ 0xB9F815FC)
SSDT[177] : NtQueryValueKey @ 0x80618F40 -> HOOKED (Unknown @ 0xBA7AF1AF)
SSDT[193] : NtReplaceKey @ 0x8061CDF0 -> HOOKED (Unknown @ 0xBA7AF164)
SSDT[200] : NtRequestWaitReplyPort @ 0x805981E6 -> HOOKED (Unknown @ 0xBA7AF1A0)
SSDT[204] : NtRestoreKey @ 0x8061C6FC -> HOOKED (Unknown @ 0xBA7AF15F)
SSDT[213] : NtSetContextThread @ 0x805C7ABC -> HOOKED (Unknown @ 0xBA7AF19B)
SSDT[237] : NtSetSecurityObject @ 0x805B6140 -> HOOKED (Unknown @ 0xBA7AF1A5)
SSDT[241] : NtSetSystemPowerState @ 0x80649AD6 -> HOOKED (a347bus.sys @ 0xB9F8C550)
SSDT[247] : NtSetValueKey @ 0x8061928E -> HOOKED (Unknown @ 0xBA7AF150)
SSDT[255] : NtSystemDebugControl @ 0x8060EC5C -> HOOKED (Unknown @ 0xBA7AF1AA)
SSDT[257] : NtTerminateProcess @ 0x805C8DD6 -> HOOKED (Unknown @ 0xBA7AF137)
S_SSDT[549] : Unknown -> HOOKED (Unknown @ 0xBA7AF1BE)
S_SSDT[552] : Unknown -> HOOKED (Unknown @ 0xBA7AF1C3)
_INLINE_ : NtCreatePagingFile -> HOOKED (a347bus.sys @ 0xB9F957B4)
¤¤¤ Nákaza : ¤¤¤
¤¤¤ Soubor HOSTS: ¤¤¤
ÿþ1
¤¤¤ Kontrola MBR: ¤¤¤
+++++ PhysicalDrive0: WDC WD1600JS-22NCB1 +++++
--- User ---
[MBR] 73a87ca5b23bb4b7d8ae886673c33748
[BSP] 53293ab2c0c164ad9ec9beae77cf45ac : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 60000 Mo
1 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 122881185 | Size: 92616 Mo
User = LL1 ... OK!
Error reading LL2 MBR!
Dokončeno : << RKreport[1].txt >>
RKreport[1].txt
mail: tigzyRK<at>gmail<dot>com
Podpora: http://www.geekstogo.com/forum/files/fi ... guekiller/
Operační systém: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Spuštěno v: Normální režim
Uživatel: Smudy [Práva správce]
Mode: Kontrola -- Date: 03/10/2012 12:44:21
¤¤¤ Škodlivé procesy: 0 ¤¤¤
¤¤¤ Záznamy Registrů: 4 ¤¤¤
[DNS] HKLM\[...]\ControlSet001\Parameters\Interfaces\{9783E68B-AEAD-4271-864F-D0C12BB83B40} : NameServer (78.157.167.7,78.157.167.57) -> FOUND
[DNS] HKLM\[...]\ControlSet002\Parameters\Interfaces\{9783E68B-AEAD-4271-864F-D0C12BB83B40} : NameServer (78.157.167.7,78.157.167.57) -> FOUND
[DNS] HKLM\[...]\ControlSet003\Parameters\Interfaces\{9783E68B-AEAD-4271-864F-D0C12BB83B40} : NameServer (78.157.167.7,78.157.167.57) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
¤¤¤ Zvláštní soubory / Složky: ¤¤¤
¤¤¤ Ovladač: [NAHRÁNO] ¤¤¤
SSDT[25] : NtClose @ 0x805B1DBA -> HOOKED (Unknown @ 0xBA7AF18C)
SSDT[41] : NtCreateKey @ 0x8061AD1C -> HOOKED (Unknown @ 0xBA7AF146)
SSDT[45] : NtCreatePagingFile @ 0x805A0EFE -> HOOKED (a347bus.sys @ 0xB9F80B00)
SSDT[50] : NtCreateSection @ 0x805A0842 -> HOOKED (Unknown @ 0xBA7AF196)
SSDT[53] : NtCreateThread @ 0x805C739A -> HOOKED (Unknown @ 0xBA7AF13C)
SSDT[63] : NtDeleteKey @ 0x8061B1B8 -> HOOKED (Unknown @ 0xBA7AF14B)
SSDT[65] : NtDeleteValueKey @ 0x8061B388 -> HOOKED (Unknown @ 0xBA7AF155)
SSDT[68] : NtDuplicateObject @ 0x805B39CE -> HOOKED (Unknown @ 0xBA7AF187)
SSDT[71] : NtEnumerateKey @ 0x8061B568 -> HOOKED (a347bus.sys @ 0xB9F815DC)
SSDT[73] : NtEnumerateValueKey @ 0x8061B7D2 -> HOOKED (a347bus.sys @ 0xB9F8D120)
SSDT[98] : NtLoadKey @ 0x8061CF40 -> HOOKED (Unknown @ 0xBA7AF15A)
SSDT[116] : NtOpenFile @ 0x8056F4AA -> HOOKED (a347bus.sys @ 0xB9F80B40)
SSDT[119] : NtOpenKey @ 0x8061C0FA -> HOOKED (a347bus.sys @ 0xB9F8CFA4)
SSDT[122] : NtOpenProcess @ 0x805C1428 -> HOOKED (Unknown @ 0xBA7AF128)
SSDT[128] : NtOpenThread @ 0x805C16B4 -> HOOKED (Unknown @ 0xBA7AF12D)
SSDT[160] : NtQueryKey @ 0x8061C43C -> HOOKED (a347bus.sys @ 0xB9F815FC)
SSDT[177] : NtQueryValueKey @ 0x80618F40 -> HOOKED (Unknown @ 0xBA7AF1AF)
SSDT[193] : NtReplaceKey @ 0x8061CDF0 -> HOOKED (Unknown @ 0xBA7AF164)
SSDT[200] : NtRequestWaitReplyPort @ 0x805981E6 -> HOOKED (Unknown @ 0xBA7AF1A0)
SSDT[204] : NtRestoreKey @ 0x8061C6FC -> HOOKED (Unknown @ 0xBA7AF15F)
SSDT[213] : NtSetContextThread @ 0x805C7ABC -> HOOKED (Unknown @ 0xBA7AF19B)
SSDT[237] : NtSetSecurityObject @ 0x805B6140 -> HOOKED (Unknown @ 0xBA7AF1A5)
SSDT[241] : NtSetSystemPowerState @ 0x80649AD6 -> HOOKED (a347bus.sys @ 0xB9F8C550)
SSDT[247] : NtSetValueKey @ 0x8061928E -> HOOKED (Unknown @ 0xBA7AF150)
SSDT[255] : NtSystemDebugControl @ 0x8060EC5C -> HOOKED (Unknown @ 0xBA7AF1AA)
SSDT[257] : NtTerminateProcess @ 0x805C8DD6 -> HOOKED (Unknown @ 0xBA7AF137)
S_SSDT[549] : Unknown -> HOOKED (Unknown @ 0xBA7AF1BE)
S_SSDT[552] : Unknown -> HOOKED (Unknown @ 0xBA7AF1C3)
_INLINE_ : NtCreatePagingFile -> HOOKED (a347bus.sys @ 0xB9F957B4)
¤¤¤ Nákaza : ¤¤¤
¤¤¤ Soubor HOSTS: ¤¤¤
ÿþ1
¤¤¤ Kontrola MBR: ¤¤¤
+++++ PhysicalDrive0: WDC WD1600JS-22NCB1 +++++
--- User ---
[MBR] 73a87ca5b23bb4b7d8ae886673c33748
[BSP] 53293ab2c0c164ad9ec9beae77cf45ac : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 60000 Mo
1 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 122881185 | Size: 92616 Mo
User = LL1 ... OK!
Error reading LL2 MBR!
Dokončeno : << RKreport[1].txt >>
RKreport[1].txt
Re: Prosím o kontrolu logu. Děkuji
Nevim jestli je to pěžné s avenger programem dělám poprvé. Ale restart se seknul u vítejte, až já jsem PC restartoval tlačítkem najel a vyjel poznámkovy blok s:
Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com
Platform: Windows XP
*******************
Script file opened successfully.
Script file read successfully.
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
Rootkit scan active.
No rootkits found!
Driver "xcpip" deleted successfully.
Driver "xpsec" deleted successfully.
Error: registry key "\Registry\Machine\System\CurrentControlSet\Services\nprbxkbnh" not found!
Deletion of driver "nprbxkbnh" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Driver "usprserv" deleted successfully.
Driver "GMSIPCI" deleted successfully.
Driver "MSICPL" deleted successfully.
Driver "NTACCESS" deleted successfully.
Driver "SetupNTGLM7X" deleted successfully.
Error: file "C:\WINDOWS\system32\drivers\xcpip.sys" not found!
Deletion of file "C:\WINDOWS\system32\drivers\xcpip.sys" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Error: file "C:\WINDOWS\system32\drivers\xpsec.sys" not found!
Deletion of file "C:\WINDOWS\system32\drivers\xpsec.sys" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Error: file "C:\WINDOWS\system32\drivers\nprbxkbnh.sys" not found!
Deletion of file "C:\WINDOWS\system32\drivers\nprbxkbnh.sys" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Completed script processing.
*******************
Finished! Terminate.
log s roguekiller-Chci se zeptat ty registry mám odstranit ?
RogueKiller V7.3.0 [03/08/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Podpora: http://www.geekstogo.com/forum/files/fi ... guekiller/
Operační systém: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Spuštěno v: Normální režim
Uživatel: Smudy [Práva správce]
Mode: Kontrola -- Date: 03/10/2012 13:28:15
¤¤¤ Škodlivé procesy: 0 ¤¤¤
¤¤¤ Záznamy Registrů: 4 ¤¤¤
[DNS] HKLM\[...]\ControlSet001\Parameters\Interfaces\{9783E68B-AEAD-4271-864F-D0C12BB83B40} : NameServer (78.157.167.7,78.157.167.57) -> FOUND
[DNS] HKLM\[...]\ControlSet002\Parameters\Interfaces\{9783E68B-AEAD-4271-864F-D0C12BB83B40} : NameServer (78.157.167.7,78.157.167.57) -> FOUND
[DNS] HKLM\[...]\ControlSet003\Parameters\Interfaces\{9783E68B-AEAD-4271-864F-D0C12BB83B40} : NameServer (78.157.167.7,78.157.167.57) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
¤¤¤ Zvláštní soubory / Složky: ¤¤¤
¤¤¤ Ovladač: [NAHRÁNO] ¤¤¤
SSDT[25] : NtClose @ 0x805B1DBA -> HOOKED (Unknown @ 0xBA6B121C)
SSDT[41] : NtCreateKey @ 0x8061AD1C -> HOOKED (Unknown @ 0xBA6B11D6)
SSDT[45] : NtCreatePagingFile @ 0x805A0EFE -> HOOKED (a347bus.sys @ 0xB9F80B00)
SSDT[50] : NtCreateSection @ 0x805A0842 -> HOOKED (Unknown @ 0xBA6B1226)
SSDT[53] : NtCreateThread @ 0x805C739A -> HOOKED (Unknown @ 0xBA6B11CC)
SSDT[63] : NtDeleteKey @ 0x8061B1B8 -> HOOKED (Unknown @ 0xBA6B11DB)
SSDT[65] : NtDeleteValueKey @ 0x8061B388 -> HOOKED (Unknown @ 0xBA6B11E5)
SSDT[68] : NtDuplicateObject @ 0x805B39CE -> HOOKED (Unknown @ 0xBA6B1217)
SSDT[71] : NtEnumerateKey @ 0x8061B568 -> HOOKED (a347bus.sys @ 0xB9F815DC)
SSDT[73] : NtEnumerateValueKey @ 0x8061B7D2 -> HOOKED (a347bus.sys @ 0xB9F8D120)
SSDT[98] : NtLoadKey @ 0x8061CF40 -> HOOKED (Unknown @ 0xBA6B11EA)
SSDT[116] : NtOpenFile @ 0x8056F4AA -> HOOKED (a347bus.sys @ 0xB9F80B40)
SSDT[119] : NtOpenKey @ 0x8061C0FA -> HOOKED (a347bus.sys @ 0xB9F8CFA4)
SSDT[122] : NtOpenProcess @ 0x805C1428 -> HOOKED (Unknown @ 0xBA6B11B8)
SSDT[128] : NtOpenThread @ 0x805C16B4 -> HOOKED (Unknown @ 0xBA6B11BD)
SSDT[160] : NtQueryKey @ 0x8061C43C -> HOOKED (a347bus.sys @ 0xB9F815FC)
SSDT[177] : NtQueryValueKey @ 0x80618F40 -> HOOKED (Unknown @ 0xBA6B123F)
SSDT[193] : NtReplaceKey @ 0x8061CDF0 -> HOOKED (Unknown @ 0xBA6B11F4)
SSDT[200] : NtRequestWaitReplyPort @ 0x805981E6 -> HOOKED (Unknown @ 0xBA6B1230)
SSDT[204] : NtRestoreKey @ 0x8061C6FC -> HOOKED (Unknown @ 0xBA6B11EF)
SSDT[213] : NtSetContextThread @ 0x805C7ABC -> HOOKED (Unknown @ 0xBA6B122B)
SSDT[237] : NtSetSecurityObject @ 0x805B6140 -> HOOKED (Unknown @ 0xBA6B1235)
SSDT[241] : NtSetSystemPowerState @ 0x80649AD6 -> HOOKED (a347bus.sys @ 0xB9F8C550)
SSDT[247] : NtSetValueKey @ 0x8061928E -> HOOKED (Unknown @ 0xBA6B11E0)
SSDT[255] : NtSystemDebugControl @ 0x8060EC5C -> HOOKED (Unknown @ 0xBA6B123A)
SSDT[257] : NtTerminateProcess @ 0x805C8DD6 -> HOOKED (Unknown @ 0xBA6B11C7)
S_SSDT[549] : Unknown -> HOOKED (Unknown @ 0xBA6B124E)
S_SSDT[552] : Unknown -> HOOKED (Unknown @ 0xBA6B1253)
_INLINE_ : NtCreatePagingFile -> HOOKED (a347bus.sys @ 0xB9F957B4)
¤¤¤ Nákaza : ¤¤¤
¤¤¤ Soubor HOSTS: ¤¤¤
ÿþ1
¤¤¤ Kontrola MBR: ¤¤¤
+++++ PhysicalDrive0: WDC WD1600JS-22NCB1 +++++
--- User ---
[MBR] 73a87ca5b23bb4b7d8ae886673c33748
[BSP] 53293ab2c0c164ad9ec9beae77cf45ac : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 60000 Mo
1 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 122881185 | Size: 92616 Mo
User = LL1 ... OK!
Error reading LL2 MBR!
Dokončeno : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt
Log s RSIT:
Logfile of random's system information tool 1.06 (written by random/random)
Run by Smudy at 2012-03-10 13:30:18
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 10 GB (16%) free of 60 GB
Total RAM: 2015 MB (73% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:30:30, on 10.3.2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
D:\Dokumenty\viry\RSIT.exe
C:\Program Files\trend micro\Smudy.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.centrum.cz/#utm_source=icq&u ... um=centrum
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - - (no file)
O1 - Hosts: ˙ţ127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{9783E68B-AEAD-4271-864F-D0C12BB83B40}: NameServer = 78.157.167.7,78.157.167.57
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - (no file)
O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Realtime Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sony Ericsson PCCompanion - Avanquest Software - C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
--
End of file - 5718 bytes
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-01-03 63912]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-02-09 41760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2011-02-09 79648]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-08-16 7630848]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2006-08-16 86016]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2009-03-27 17567744]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2011-09-23 258512]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-01-03 843712]
"WinampAgent"=C:\Program Files\Winamp\winampa.exe [2011-12-09 74752]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2006-01-12 155648]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QIP2005]
C:\Program Files\QIP\qip.exe [2010-06-28 3332608]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Companion]
C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe [2011-10-21 433872]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^HP Digital Imaging Monitor.lnk]
C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe [2006-02-19 288472]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\wpdshserviceobj.dll [2008-06-13 133632]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\QIP\qip.exe"="C:\Program Files\QIP\qip.exe:*:Enabled:Quiet Internet Pager"
"C:\Program Files\Turbine\Turbine Download Manager\TurbineMessageService.exe"="C:\Program Files\Turbine\Turbine Download Manager\TurbineMessageService.exe:*:Enabled:TurbineMessageService"
"C:\Program Files\Turbine\Turbine Download Manager\TurbineNetworkService.exe"="C:\Program Files\Turbine\Turbine Download Manager\TurbineNetworkService.exe:*:Enabled:TurbineNetworkService"
"C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"
"C:\Program Files\Sony Ericsson\Update Engine\Sony Ericsson Update Engine.exe"="C:\Program Files\Sony Ericsson\Update Engine\Sony Ericsson Update Engine.exe:*:Enabled:Update Engine"
"C:\Program Files\ICQ7.5\ICQ.exe"="C:\Program Files\ICQ7.5\ICQ.exe:*:Enabled:ICQ7.5"
"C:\Program Files\SopCast\adv\SopAdver.exe"="C:\Program Files\SopCast\adv\SopAdver.exe:*:Disabled:SopCast Adver"
"C:\Program Files\SopCast\SopCast.exe"="C:\Program Files\SopCast\SopCast.exe:*:Enabled:SopCast Main Application"
"C:\Program Files\Internet Explorer\iexplore.exe"="C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\Valve\hl.exe"="C:\Program Files\Valve\hl.exe:*:Enabled:Half-Life Launcher"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\ICQ7.5\ICQ.exe"="C:\Program Files\ICQ7.5\ICQ.exe:*:Enabled:ICQ7.5"
======List of files/folders created in the last 1 months======
2012-03-10 13:23:04 ----D---- C:\Avenger
2012-03-10 13:23:04 ----A---- C:\avenger.txt
2012-03-04 14:08:25 ----D---- C:\Program Files\Valve
2012-03-02 15:12:45 ----D---- C:\Program Files\Winamp Detect
2012-03-02 15:12:29 ----D---- C:\Program Files\Winamp
2012-03-02 15:12:29 ----D---- C:\Documents and Settings\Smudy\Data aplikací\Winamp
2012-03-02 15:12:29 ----D---- C:\Documents and Settings\Smudy\Data aplikací\OpenCandy
2012-02-27 22:08:19 ----D---- C:\Documents and Settings\Smudy\Data aplikací\Publish Providers
2012-02-27 17:50:02 ----N---- C:\WINDOWS\system32\dbmsqlgc.dll
2012-02-27 17:50:01 ----N---- C:\WINDOWS\system32\dbmsgnet.dll
2012-02-27 17:49:44 ----D---- C:\Program Files\Microsoft SQL Server
2012-02-27 17:49:30 ----D---- C:\Documents and Settings\Smudy\Data aplikací\Sony
2012-02-27 17:48:19 ----D---- C:\Program Files\Vstplugins
2012-02-27 17:48:15 ----D---- C:\Documents and Settings\All Users\Data aplikací\Sony
2012-02-27 17:47:54 ----D---- C:\Program Files\Sony
2012-02-27 17:43:46 ----D---- C:\Program Files\Sony Setup
2012-02-27 15:10:57 ----D---- C:\Documents and Settings\Smudy\Data aplikací\Realore_Whiterra Roads Of Rome
2012-02-26 19:20:44 ----AD---- C:\Documents and Settings\All Users\Data aplikací\TEMP
2012-02-26 19:19:51 ----D---- C:\Program Files\RoadsofRome_at
2012-02-18 17:37:29 ----HDC---- C:\WINDOWS\$NtUninstallKB2660465$
2012-02-18 17:23:09 ----HDC---- C:\WINDOWS\$NtUninstallKB2661637$
2012-02-18 16:37:03 ----D---- C:\Program Files\Recuva
2012-02-16 14:07:57 ----N---- C:\WINDOWS\system32\iacenc.dll
======List of files/folders modified in the last 1 months======
2012-03-10 13:30:23 ----D---- C:\Program Files\trend micro
2012-03-10 13:30:22 ----D---- C:\WINDOWS\Temp
2012-03-10 13:27:13 ----D---- C:\WINDOWS\Prefetch
2012-03-10 13:24:40 ----D---- C:\WINDOWS\system32\CatRoot2
2012-03-10 13:23:33 ----D---- C:\WINDOWS\system32\drivers
2012-03-10 13:23:04 ----D---- C:\WINDOWS
2012-03-10 13:08:06 ----A---- C:\WINDOWS\SchedLgU.Txt
2012-03-10 13:06:56 ----D---- C:\Documents and Settings\Smudy\Data aplikací\Skype
2012-03-10 11:25:07 ----D---- C:\WINDOWS\Microsoft.NET
2012-03-09 22:46:05 ----SHD---- C:\WINDOWS\Installer
2012-03-09 22:46:04 ----HD---- C:\Config.Msi
2012-03-09 22:45:58 ----D---- C:\WINDOWS\system32
2012-03-09 22:45:58 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2012-03-09 22:45:52 ----RSD---- C:\WINDOWS\assembly
2012-03-09 22:45:49 ----D---- C:\WINDOWS\WinSxS
2012-03-09 13:03:29 ----A---- C:\WINDOWS\NeroDigital.ini
2012-03-05 20:26:55 ----D---- C:\Documents and Settings\Smudy\Data aplikací\vlc
2012-03-04 14:08:25 ----D---- C:\Program Files
2012-03-03 09:33:57 ----D---- C:\WINDOWS\Debug
2012-03-01 21:44:37 ----D---- C:\Documents and Settings\All Users\Data aplikací\Microsoft Help
2012-03-01 21:43:52 ----D---- C:\Program Files\Common Files\Microsoft Shared
2012-03-01 21:41:53 ----A---- C:\WINDOWS\win.ini
2012-03-01 16:53:33 ----D---- C:\Documents and Settings\All Users\Data aplikací\Adobe
2012-03-01 16:53:32 ----D---- C:\Program Files\Common Files\Adobe
2012-03-01 16:53:28 ----D---- C:\Program Files\Adobe
2012-02-27 17:50:01 ----HD---- C:\Program Files\Uninstall Information
2012-02-18 20:02:18 ----D---- C:\Program Files\Microsoft Silverlight
2012-02-18 17:37:38 ----A---- C:\WINDOWS\system32\MRT.exe
2012-02-18 17:37:31 ----RSHDC---- C:\WINDOWS\system32\dllcache
2012-02-18 17:37:31 ----HD---- C:\WINDOWS\inf
2012-02-18 17:34:51 ----D---- C:\Program Files\Internet Explorer
2012-02-18 17:34:44 ----D---- C:\WINDOWS\ie8updates
2012-02-18 17:34:37 ----HD---- C:\WINDOWS\$hf_mig$
2012-02-18 09:15:59 ----D---- C:\Program Files\Mozilla Firefox
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 AmdK8;AMD Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2005-03-09 36352]
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2012-02-16 137416]
R1 avkmgr;avkmgr; C:\WINDOWS\system32\DRIVERS\avkmgr.sys [2011-09-15 36000]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2010-06-17 28520]
R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2011-09-15 74640]
R2 CX23880;WinFast CX2388x WDM Video Capture.; C:\WINDOWS\system32\drivers\cx88vid.sys [2005-06-28 163584]
R2 CXTUNE;WinFast CX2388x WDM TVTuner.; C:\WINDOWS\system32\drivers\CX88TUNE.sys [2005-06-28 30976]
R3 CXAVXBAR;WinFast CX2388x WDM Crossbar.; C:\WINDOWS\system32\drivers\cxavxbar.sys [2005-06-28 9728]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2009-03-30 5063168]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-08-16 3959712]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2006-07-11 57856]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2006-07-11 20480]
R3 seehcri;Sony Ericsson seehcri Device Driver; C:\WINDOWS\system32\DRIVERS\seehcri.sys [2008-01-09 27632]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Ovladač Miniport otevřeného hostitelského řadiče Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 usbstor;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbvideo;Zobrazovací zařízení USB (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-13 121984]
S3 Ambfilt;Ambfilt; C:\WINDOWS\system32\drivers\Ambfilt.sys [2008-08-05 1684736]
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2006-04-13 49664]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2006-04-13 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2006-04-13 21568]
S3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys []
S3 Monfilt;Monfilt; C:\WINDOWS\system32\drivers\Monfilt.sys [2006-01-04 1389056]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 nprbxkbnh.sys;nprbxkbnh.sys; \??\C:\WINDOWS\system32\drivers\nprbxkbnh.sys []
S3 s0016bus;Sony Ericsson Device 0016 driver (WDM); C:\WINDOWS\system32\DRIVERS\s0016bus.sys [2008-05-16 89256]
S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\s0016mdfl.sys [2008-05-16 15016]
S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\s0016mdm.sys [2008-05-16 120744]
S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\s0016mgmt.sys [2008-05-16 114216]
S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS); C:\WINDOWS\system32\DRIVERS\s0016nd5.sys [2008-05-16 25512]
S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\s0016obex.sys [2008-05-16 110632]
S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM); C:\WINDOWS\system32\DRIVERS\s0016unic.sys [2008-05-16 115752]
S3 s1018bus;Sony Ericsson Device 1018 driver (WDM); C:\WINDOWS\system32\DRIVERS\s1018bus.sys [2009-03-25 86824]
S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\s1018mdfl.sys [2009-03-25 15016]
S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\s1018mdm.sys [2009-03-25 114728]
S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\s1018mgmt.sys [2009-03-25 106208]
S3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS); C:\WINDOWS\system32\DRIVERS\s1018nd5.sys [2009-03-25 26024]
S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\s1018obex.sys [2009-03-25 104744]
S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM); C:\WINDOWS\system32\DRIVERS\s1018unic.sys [2009-03-25 109864]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 TrueSight;TrueSight; \??\c:\windows\system32\drivers\TrueSight.sys []
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 WFIOCTL;WFIOCTL; \??\C:\Program Files\WinFast\WFTVFM\WFIOCTL.SYS []
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2008-06-13 38528]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2008-06-13 82944]
S3 xcpip;Ovladač protokolu TCP/IP; C:\WINDOWS\system32\drivers\xcpip.sys []
S3 xpsec;Ovladač IPSEC; C:\WINDOWS\system32\drivers\xpsec.sys []
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-18 12032]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AntiVirService;Avira Realtime Protection; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2011-09-23 110032]
R2 AntiVirSchedulerService;Avira Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2011-09-23 86224]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2011-02-02 153376]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-08-16 155715]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2006-03-03 69632]
R2 UleadBurningHelper;Ulead Burning Helper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [2004-12-13 49152]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 MSSQL$SONY_MEDIAMGR;MSSQL$SONY_MEDIAMGR; C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe [2002-12-17 7520337]
S3 MSSQLServerADHelper;MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [2002-12-17 66112]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2006-11-10 774144]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion; C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [2011-06-29 155344]
S3 SQLAgent$SONY_MEDIAMGR;SQLAgent$SONY_MEDIAMGR; C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE [2002-12-17 311872]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
-----------------EOF-----------------
Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com
Platform: Windows XP
*******************
Script file opened successfully.
Script file read successfully.
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
Rootkit scan active.
No rootkits found!
Driver "xcpip" deleted successfully.
Driver "xpsec" deleted successfully.
Error: registry key "\Registry\Machine\System\CurrentControlSet\Services\nprbxkbnh" not found!
Deletion of driver "nprbxkbnh" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Driver "usprserv" deleted successfully.
Driver "GMSIPCI" deleted successfully.
Driver "MSICPL" deleted successfully.
Driver "NTACCESS" deleted successfully.
Driver "SetupNTGLM7X" deleted successfully.
Error: file "C:\WINDOWS\system32\drivers\xcpip.sys" not found!
Deletion of file "C:\WINDOWS\system32\drivers\xcpip.sys" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Error: file "C:\WINDOWS\system32\drivers\xpsec.sys" not found!
Deletion of file "C:\WINDOWS\system32\drivers\xpsec.sys" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Error: file "C:\WINDOWS\system32\drivers\nprbxkbnh.sys" not found!
Deletion of file "C:\WINDOWS\system32\drivers\nprbxkbnh.sys" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Completed script processing.
*******************
Finished! Terminate.
log s roguekiller-Chci se zeptat ty registry mám odstranit ?
RogueKiller V7.3.0 [03/08/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Podpora: http://www.geekstogo.com/forum/files/fi ... guekiller/
Operační systém: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Spuštěno v: Normální režim
Uživatel: Smudy [Práva správce]
Mode: Kontrola -- Date: 03/10/2012 13:28:15
¤¤¤ Škodlivé procesy: 0 ¤¤¤
¤¤¤ Záznamy Registrů: 4 ¤¤¤
[DNS] HKLM\[...]\ControlSet001\Parameters\Interfaces\{9783E68B-AEAD-4271-864F-D0C12BB83B40} : NameServer (78.157.167.7,78.157.167.57) -> FOUND
[DNS] HKLM\[...]\ControlSet002\Parameters\Interfaces\{9783E68B-AEAD-4271-864F-D0C12BB83B40} : NameServer (78.157.167.7,78.157.167.57) -> FOUND
[DNS] HKLM\[...]\ControlSet003\Parameters\Interfaces\{9783E68B-AEAD-4271-864F-D0C12BB83B40} : NameServer (78.157.167.7,78.157.167.57) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
¤¤¤ Zvláštní soubory / Složky: ¤¤¤
¤¤¤ Ovladač: [NAHRÁNO] ¤¤¤
SSDT[25] : NtClose @ 0x805B1DBA -> HOOKED (Unknown @ 0xBA6B121C)
SSDT[41] : NtCreateKey @ 0x8061AD1C -> HOOKED (Unknown @ 0xBA6B11D6)
SSDT[45] : NtCreatePagingFile @ 0x805A0EFE -> HOOKED (a347bus.sys @ 0xB9F80B00)
SSDT[50] : NtCreateSection @ 0x805A0842 -> HOOKED (Unknown @ 0xBA6B1226)
SSDT[53] : NtCreateThread @ 0x805C739A -> HOOKED (Unknown @ 0xBA6B11CC)
SSDT[63] : NtDeleteKey @ 0x8061B1B8 -> HOOKED (Unknown @ 0xBA6B11DB)
SSDT[65] : NtDeleteValueKey @ 0x8061B388 -> HOOKED (Unknown @ 0xBA6B11E5)
SSDT[68] : NtDuplicateObject @ 0x805B39CE -> HOOKED (Unknown @ 0xBA6B1217)
SSDT[71] : NtEnumerateKey @ 0x8061B568 -> HOOKED (a347bus.sys @ 0xB9F815DC)
SSDT[73] : NtEnumerateValueKey @ 0x8061B7D2 -> HOOKED (a347bus.sys @ 0xB9F8D120)
SSDT[98] : NtLoadKey @ 0x8061CF40 -> HOOKED (Unknown @ 0xBA6B11EA)
SSDT[116] : NtOpenFile @ 0x8056F4AA -> HOOKED (a347bus.sys @ 0xB9F80B40)
SSDT[119] : NtOpenKey @ 0x8061C0FA -> HOOKED (a347bus.sys @ 0xB9F8CFA4)
SSDT[122] : NtOpenProcess @ 0x805C1428 -> HOOKED (Unknown @ 0xBA6B11B8)
SSDT[128] : NtOpenThread @ 0x805C16B4 -> HOOKED (Unknown @ 0xBA6B11BD)
SSDT[160] : NtQueryKey @ 0x8061C43C -> HOOKED (a347bus.sys @ 0xB9F815FC)
SSDT[177] : NtQueryValueKey @ 0x80618F40 -> HOOKED (Unknown @ 0xBA6B123F)
SSDT[193] : NtReplaceKey @ 0x8061CDF0 -> HOOKED (Unknown @ 0xBA6B11F4)
SSDT[200] : NtRequestWaitReplyPort @ 0x805981E6 -> HOOKED (Unknown @ 0xBA6B1230)
SSDT[204] : NtRestoreKey @ 0x8061C6FC -> HOOKED (Unknown @ 0xBA6B11EF)
SSDT[213] : NtSetContextThread @ 0x805C7ABC -> HOOKED (Unknown @ 0xBA6B122B)
SSDT[237] : NtSetSecurityObject @ 0x805B6140 -> HOOKED (Unknown @ 0xBA6B1235)
SSDT[241] : NtSetSystemPowerState @ 0x80649AD6 -> HOOKED (a347bus.sys @ 0xB9F8C550)
SSDT[247] : NtSetValueKey @ 0x8061928E -> HOOKED (Unknown @ 0xBA6B11E0)
SSDT[255] : NtSystemDebugControl @ 0x8060EC5C -> HOOKED (Unknown @ 0xBA6B123A)
SSDT[257] : NtTerminateProcess @ 0x805C8DD6 -> HOOKED (Unknown @ 0xBA6B11C7)
S_SSDT[549] : Unknown -> HOOKED (Unknown @ 0xBA6B124E)
S_SSDT[552] : Unknown -> HOOKED (Unknown @ 0xBA6B1253)
_INLINE_ : NtCreatePagingFile -> HOOKED (a347bus.sys @ 0xB9F957B4)
¤¤¤ Nákaza : ¤¤¤
¤¤¤ Soubor HOSTS: ¤¤¤
ÿþ1
¤¤¤ Kontrola MBR: ¤¤¤
+++++ PhysicalDrive0: WDC WD1600JS-22NCB1 +++++
--- User ---
[MBR] 73a87ca5b23bb4b7d8ae886673c33748
[BSP] 53293ab2c0c164ad9ec9beae77cf45ac : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 60000 Mo
1 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 122881185 | Size: 92616 Mo
User = LL1 ... OK!
Error reading LL2 MBR!
Dokončeno : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt
Log s RSIT:
Logfile of random's system information tool 1.06 (written by random/random)
Run by Smudy at 2012-03-10 13:30:18
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 10 GB (16%) free of 60 GB
Total RAM: 2015 MB (73% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:30:30, on 10.3.2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
D:\Dokumenty\viry\RSIT.exe
C:\Program Files\trend micro\Smudy.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.centrum.cz/#utm_source=icq&u ... um=centrum
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - - (no file)
O1 - Hosts: ˙ţ127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{9783E68B-AEAD-4271-864F-D0C12BB83B40}: NameServer = 78.157.167.7,78.157.167.57
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - (no file)
O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Realtime Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sony Ericsson PCCompanion - Avanquest Software - C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
--
End of file - 5718 bytes
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-01-03 63912]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-02-09 41760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2011-02-09 79648]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-08-16 7630848]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2006-08-16 86016]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2009-03-27 17567744]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2011-09-23 258512]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-01-03 843712]
"WinampAgent"=C:\Program Files\Winamp\winampa.exe [2011-12-09 74752]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2006-01-12 155648]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QIP2005]
C:\Program Files\QIP\qip.exe [2010-06-28 3332608]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Companion]
C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe [2011-10-21 433872]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^HP Digital Imaging Monitor.lnk]
C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe [2006-02-19 288472]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\wpdshserviceobj.dll [2008-06-13 133632]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\QIP\qip.exe"="C:\Program Files\QIP\qip.exe:*:Enabled:Quiet Internet Pager"
"C:\Program Files\Turbine\Turbine Download Manager\TurbineMessageService.exe"="C:\Program Files\Turbine\Turbine Download Manager\TurbineMessageService.exe:*:Enabled:TurbineMessageService"
"C:\Program Files\Turbine\Turbine Download Manager\TurbineNetworkService.exe"="C:\Program Files\Turbine\Turbine Download Manager\TurbineNetworkService.exe:*:Enabled:TurbineNetworkService"
"C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"
"C:\Program Files\Sony Ericsson\Update Engine\Sony Ericsson Update Engine.exe"="C:\Program Files\Sony Ericsson\Update Engine\Sony Ericsson Update Engine.exe:*:Enabled:Update Engine"
"C:\Program Files\ICQ7.5\ICQ.exe"="C:\Program Files\ICQ7.5\ICQ.exe:*:Enabled:ICQ7.5"
"C:\Program Files\SopCast\adv\SopAdver.exe"="C:\Program Files\SopCast\adv\SopAdver.exe:*:Disabled:SopCast Adver"
"C:\Program Files\SopCast\SopCast.exe"="C:\Program Files\SopCast\SopCast.exe:*:Enabled:SopCast Main Application"
"C:\Program Files\Internet Explorer\iexplore.exe"="C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\Valve\hl.exe"="C:\Program Files\Valve\hl.exe:*:Enabled:Half-Life Launcher"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\ICQ7.5\ICQ.exe"="C:\Program Files\ICQ7.5\ICQ.exe:*:Enabled:ICQ7.5"
======List of files/folders created in the last 1 months======
2012-03-10 13:23:04 ----D---- C:\Avenger
2012-03-10 13:23:04 ----A---- C:\avenger.txt
2012-03-04 14:08:25 ----D---- C:\Program Files\Valve
2012-03-02 15:12:45 ----D---- C:\Program Files\Winamp Detect
2012-03-02 15:12:29 ----D---- C:\Program Files\Winamp
2012-03-02 15:12:29 ----D---- C:\Documents and Settings\Smudy\Data aplikací\Winamp
2012-03-02 15:12:29 ----D---- C:\Documents and Settings\Smudy\Data aplikací\OpenCandy
2012-02-27 22:08:19 ----D---- C:\Documents and Settings\Smudy\Data aplikací\Publish Providers
2012-02-27 17:50:02 ----N---- C:\WINDOWS\system32\dbmsqlgc.dll
2012-02-27 17:50:01 ----N---- C:\WINDOWS\system32\dbmsgnet.dll
2012-02-27 17:49:44 ----D---- C:\Program Files\Microsoft SQL Server
2012-02-27 17:49:30 ----D---- C:\Documents and Settings\Smudy\Data aplikací\Sony
2012-02-27 17:48:19 ----D---- C:\Program Files\Vstplugins
2012-02-27 17:48:15 ----D---- C:\Documents and Settings\All Users\Data aplikací\Sony
2012-02-27 17:47:54 ----D---- C:\Program Files\Sony
2012-02-27 17:43:46 ----D---- C:\Program Files\Sony Setup
2012-02-27 15:10:57 ----D---- C:\Documents and Settings\Smudy\Data aplikací\Realore_Whiterra Roads Of Rome
2012-02-26 19:20:44 ----AD---- C:\Documents and Settings\All Users\Data aplikací\TEMP
2012-02-26 19:19:51 ----D---- C:\Program Files\RoadsofRome_at
2012-02-18 17:37:29 ----HDC---- C:\WINDOWS\$NtUninstallKB2660465$
2012-02-18 17:23:09 ----HDC---- C:\WINDOWS\$NtUninstallKB2661637$
2012-02-18 16:37:03 ----D---- C:\Program Files\Recuva
2012-02-16 14:07:57 ----N---- C:\WINDOWS\system32\iacenc.dll
======List of files/folders modified in the last 1 months======
2012-03-10 13:30:23 ----D---- C:\Program Files\trend micro
2012-03-10 13:30:22 ----D---- C:\WINDOWS\Temp
2012-03-10 13:27:13 ----D---- C:\WINDOWS\Prefetch
2012-03-10 13:24:40 ----D---- C:\WINDOWS\system32\CatRoot2
2012-03-10 13:23:33 ----D---- C:\WINDOWS\system32\drivers
2012-03-10 13:23:04 ----D---- C:\WINDOWS
2012-03-10 13:08:06 ----A---- C:\WINDOWS\SchedLgU.Txt
2012-03-10 13:06:56 ----D---- C:\Documents and Settings\Smudy\Data aplikací\Skype
2012-03-10 11:25:07 ----D---- C:\WINDOWS\Microsoft.NET
2012-03-09 22:46:05 ----SHD---- C:\WINDOWS\Installer
2012-03-09 22:46:04 ----HD---- C:\Config.Msi
2012-03-09 22:45:58 ----D---- C:\WINDOWS\system32
2012-03-09 22:45:58 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2012-03-09 22:45:52 ----RSD---- C:\WINDOWS\assembly
2012-03-09 22:45:49 ----D---- C:\WINDOWS\WinSxS
2012-03-09 13:03:29 ----A---- C:\WINDOWS\NeroDigital.ini
2012-03-05 20:26:55 ----D---- C:\Documents and Settings\Smudy\Data aplikací\vlc
2012-03-04 14:08:25 ----D---- C:\Program Files
2012-03-03 09:33:57 ----D---- C:\WINDOWS\Debug
2012-03-01 21:44:37 ----D---- C:\Documents and Settings\All Users\Data aplikací\Microsoft Help
2012-03-01 21:43:52 ----D---- C:\Program Files\Common Files\Microsoft Shared
2012-03-01 21:41:53 ----A---- C:\WINDOWS\win.ini
2012-03-01 16:53:33 ----D---- C:\Documents and Settings\All Users\Data aplikací\Adobe
2012-03-01 16:53:32 ----D---- C:\Program Files\Common Files\Adobe
2012-03-01 16:53:28 ----D---- C:\Program Files\Adobe
2012-02-27 17:50:01 ----HD---- C:\Program Files\Uninstall Information
2012-02-18 20:02:18 ----D---- C:\Program Files\Microsoft Silverlight
2012-02-18 17:37:38 ----A---- C:\WINDOWS\system32\MRT.exe
2012-02-18 17:37:31 ----RSHDC---- C:\WINDOWS\system32\dllcache
2012-02-18 17:37:31 ----HD---- C:\WINDOWS\inf
2012-02-18 17:34:51 ----D---- C:\Program Files\Internet Explorer
2012-02-18 17:34:44 ----D---- C:\WINDOWS\ie8updates
2012-02-18 17:34:37 ----HD---- C:\WINDOWS\$hf_mig$
2012-02-18 09:15:59 ----D---- C:\Program Files\Mozilla Firefox
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 AmdK8;AMD Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2005-03-09 36352]
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2012-02-16 137416]
R1 avkmgr;avkmgr; C:\WINDOWS\system32\DRIVERS\avkmgr.sys [2011-09-15 36000]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2010-06-17 28520]
R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2011-09-15 74640]
R2 CX23880;WinFast CX2388x WDM Video Capture.; C:\WINDOWS\system32\drivers\cx88vid.sys [2005-06-28 163584]
R2 CXTUNE;WinFast CX2388x WDM TVTuner.; C:\WINDOWS\system32\drivers\CX88TUNE.sys [2005-06-28 30976]
R3 CXAVXBAR;WinFast CX2388x WDM Crossbar.; C:\WINDOWS\system32\drivers\cxavxbar.sys [2005-06-28 9728]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2009-03-30 5063168]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-08-16 3959712]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2006-07-11 57856]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2006-07-11 20480]
R3 seehcri;Sony Ericsson seehcri Device Driver; C:\WINDOWS\system32\DRIVERS\seehcri.sys [2008-01-09 27632]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Ovladač Miniport otevřeného hostitelského řadiče Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 usbstor;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbvideo;Zobrazovací zařízení USB (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-13 121984]
S3 Ambfilt;Ambfilt; C:\WINDOWS\system32\drivers\Ambfilt.sys [2008-08-05 1684736]
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2006-04-13 49664]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2006-04-13 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2006-04-13 21568]
S3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys []
S3 Monfilt;Monfilt; C:\WINDOWS\system32\drivers\Monfilt.sys [2006-01-04 1389056]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 nprbxkbnh.sys;nprbxkbnh.sys; \??\C:\WINDOWS\system32\drivers\nprbxkbnh.sys []
S3 s0016bus;Sony Ericsson Device 0016 driver (WDM); C:\WINDOWS\system32\DRIVERS\s0016bus.sys [2008-05-16 89256]
S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\s0016mdfl.sys [2008-05-16 15016]
S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\s0016mdm.sys [2008-05-16 120744]
S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\s0016mgmt.sys [2008-05-16 114216]
S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS); C:\WINDOWS\system32\DRIVERS\s0016nd5.sys [2008-05-16 25512]
S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\s0016obex.sys [2008-05-16 110632]
S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM); C:\WINDOWS\system32\DRIVERS\s0016unic.sys [2008-05-16 115752]
S3 s1018bus;Sony Ericsson Device 1018 driver (WDM); C:\WINDOWS\system32\DRIVERS\s1018bus.sys [2009-03-25 86824]
S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\s1018mdfl.sys [2009-03-25 15016]
S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\s1018mdm.sys [2009-03-25 114728]
S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\s1018mgmt.sys [2009-03-25 106208]
S3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS); C:\WINDOWS\system32\DRIVERS\s1018nd5.sys [2009-03-25 26024]
S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\s1018obex.sys [2009-03-25 104744]
S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM); C:\WINDOWS\system32\DRIVERS\s1018unic.sys [2009-03-25 109864]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 TrueSight;TrueSight; \??\c:\windows\system32\drivers\TrueSight.sys []
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 WFIOCTL;WFIOCTL; \??\C:\Program Files\WinFast\WFTVFM\WFIOCTL.SYS []
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2008-06-13 38528]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2008-06-13 82944]
S3 xcpip;Ovladač protokolu TCP/IP; C:\WINDOWS\system32\drivers\xcpip.sys []
S3 xpsec;Ovladač IPSEC; C:\WINDOWS\system32\drivers\xpsec.sys []
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-18 12032]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AntiVirService;Avira Realtime Protection; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2011-09-23 110032]
R2 AntiVirSchedulerService;Avira Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2011-09-23 86224]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2011-02-02 153376]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-08-16 155715]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2006-03-03 69632]
R2 UleadBurningHelper;Ulead Burning Helper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [2004-12-13 49152]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 MSSQL$SONY_MEDIAMGR;MSSQL$SONY_MEDIAMGR; C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe [2002-12-17 7520337]
S3 MSSQLServerADHelper;MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [2002-12-17 66112]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2006-11-10 774144]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion; C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [2011-06-29 155344]
S3 SQLAgent$SONY_MEDIAMGR;SQLAgent$SONY_MEDIAMGR; C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE [2002-12-17 311872]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
-----------------EOF-----------------
Re: Prosím o kontrolu logu. Děkuji
export keys :
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost]
"HTTPFilter"=hex(7):48,00,54,00,54,00,50,00,46,00,69,00,6c,00,74,00,65,00,72,\
00,00,00,00,00
"LocalService"=hex(7):41,00,6c,00,65,00,72,00,74,00,65,00,72,00,00,00,57,00,65,\
00,62,00,43,00,6c,00,69,00,65,00,6e,00,74,00,00,00,4c,00,6d,00,48,00,6f,00,\
73,00,74,00,73,00,00,00,52,00,65,00,6d,00,6f,00,74,00,65,00,52,00,65,00,67,\
00,69,00,73,00,74,00,72,00,79,00,00,00,75,00,70,00,6e,00,70,00,68,00,6f,00,\
73,00,74,00,00,00,53,00,53,00,44,00,50,00,53,00,52,00,56,00,00,00,00,00
"NetworkService"=hex(7):44,00,6e,00,73,00,43,00,61,00,63,00,68,00,65,00,00,00,\
00,00
"netsvcs"=hex(7):36,00,74,00,6f,00,34,00,00,00,41,00,70,00,70,00,4d,00,67,00,\
6d,00,74,00,00,00,41,00,75,00,64,00,69,00,6f,00,53,00,72,00,76,00,00,00,42,\
00,72,00,6f,00,77,00,73,00,65,00,72,00,00,00,43,00,72,00,79,00,70,00,74,00,\
53,00,76,00,63,00,00,00,44,00,4d,00,53,00,65,00,72,00,76,00,65,00,72,00,00,\
00,44,00,48,00,43,00,50,00,00,00,45,00,52,00,53,00,76,00,63,00,00,00,45,00,\
76,00,65,00,6e,00,74,00,53,00,79,00,73,00,74,00,65,00,6d,00,00,00,46,00,61,\
00,73,00,74,00,55,00,73,00,65,00,72,00,53,00,77,00,69,00,74,00,63,00,68,00,\
69,00,6e,00,67,00,43,00,6f,00,6d,00,70,00,61,00,74,00,69,00,62,00,69,00,6c,\
00,69,00,74,00,79,00,00,00,48,00,69,00,64,00,53,00,65,00,72,00,76,00,00,00,\
49,00,61,00,73,00,00,00,49,00,70,00,72,00,69,00,70,00,00,00,49,00,72,00,6d,\
00,6f,00,6e,00,00,00,4c,00,61,00,6e,00,6d,00,61,00,6e,00,53,00,65,00,72,00,\
76,00,65,00,72,00,00,00,4c,00,61,00,6e,00,6d,00,61,00,6e,00,57,00,6f,00,72,\
00,6b,00,73,00,74,00,61,00,74,00,69,00,6f,00,6e,00,00,00,4d,00,65,00,73,00,\
73,00,65,00,6e,00,67,00,65,00,72,00,00,00,4e,00,65,00,74,00,6d,00,61,00,6e,\
00,00,00,4e,00,6c,00,61,00,00,00,4e,00,74,00,6d,00,73,00,73,00,76,00,63,00,\
00,00,4e,00,57,00,43,00,57,00,6f,00,72,00,6b,00,73,00,74,00,61,00,74,00,69,\
00,6f,00,6e,00,00,00,4e,00,77,00,73,00,61,00,70,00,61,00,67,00,65,00,6e,00,\
74,00,00,00,52,00,61,00,73,00,61,00,75,00,74,00,6f,00,00,00,52,00,61,00,73,\
00,6d,00,61,00,6e,00,00,00,52,00,65,00,6d,00,6f,00,74,00,65,00,61,00,63,00,\
63,00,65,00,73,00,73,00,00,00,53,00,63,00,68,00,65,00,64,00,75,00,6c,00,65,\
00,00,00,53,00,65,00,63,00,6c,00,6f,00,67,00,6f,00,6e,00,00,00,53,00,45,00,\
4e,00,53,00,00,00,53,00,68,00,61,00,72,00,65,00,64,00,61,00,63,00,63,00,65,\
00,73,00,73,00,00,00,53,00,52,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,\
00,00,54,00,61,00,70,00,69,00,73,00,72,00,76,00,00,00,54,00,68,00,65,00,6d,\
00,65,00,73,00,00,00,54,00,72,00,6b,00,57,00,6b,00,73,00,00,00,57,00,33,00,\
32,00,54,00,69,00,6d,00,65,00,00,00,57,00,5a,00,43,00,53,00,56,00,43,00,00,\
00,57,00,6d,00,69,00,00,00,57,00,6d,00,64,00,6d,00,50,00,6d,00,53,00,70,00,\
00,00,77,00,69,00,6e,00,6d,00,67,00,6d,00,74,00,00,00,77,00,73,00,63,00,73,\
00,76,00,63,00,00,00,78,00,6d,00,6c,00,70,00,72,00,6f,00,76,00,00,00,6e,00,\
61,00,70,00,61,00,67,00,65,00,6e,00,74,00,00,00,68,00,6b,00,6d,00,73,00,76,\
00,63,00,00,00,42,00,49,00,54,00,53,00,00,00,77,00,75,00,61,00,75,00,73,00,\
65,00,72,00,76,00,00,00,53,00,68,00,65,00,6c,00,6c,00,48,00,57,00,44,00,65,\
00,74,00,65,00,63,00,74,00,69,00,6f,00,6e,00,00,00,68,00,65,00,6c,00,70,00,\
73,00,76,00,63,00,00,00,57,00,6d,00,64,00,6d,00,50,00,6d,00,53,00,4e,00,00,\
00,00,00
"DcomLaunch"=hex(7):44,00,63,00,6f,00,6d,00,4c,00,61,00,75,00,6e,00,63,00,68,\
00,00,00,54,00,65,00,72,00,6d,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,\
00,00,00,00
"rpcss"=hex(7):52,00,70,00,63,00,53,00,73,00,00,00,00,00
"eapsvcs"=hex(7):65,00,61,00,70,00,68,00,6f,00,73,00,74,00,00,00,00,00
"dot3svc"=hex(7):64,00,6f,00,74,00,33,00,73,00,76,00,63,00,00,00,00,00
"imgsvc"=hex(7):53,00,74,00,69,00,53,00,76,00,63,00,00,00,00,00
"termsvcs"=hex(7):54,00,65,00,72,00,6d,00,53,00,65,00,72,00,76,00,69,00,63,00,\
65,00,00,00,00,00
"WudfServiceGroup"=hex(7):57,00,55,00,44,00,46,00,53,00,76,00,63,00,00,00,00,\
00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\DComLaunch]
"CoInitializeSecurityParam"=dword:00000001
"DefaultRpcStackSize"=dword:00000008
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\dot3svc]
"AuthenticationCapabilities"=dword:00003020
"CoInitializeSecurityParam"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\eapsvcs]
"AuthenticationCapabilities"=dword:00003020
"CoInitializeSecurityParam"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\HTTPFilter]
"CoInitializeSecurityParam"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\LocalService]
"CoInitializeSecurityParam"=dword:00000001
"AuthenticationCapabilities"=dword:00002000
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\netsvcs]
"CoInitializeSecurityParam"=dword:00000001
"AuthenticationCapabilities"=dword:00003020
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\PCHealth]
"CoInitializeSecurityParam"=dword:00000002
"AuthenticationCapabilities"=dword:00000040
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\termsvcs]
"CoInitializeSecurityParam"=dword:00000001
"DefaultRpcStackSize"=dword:00000008
query keys:
MiniRegTool by Farbar
Ran by Smudy (administrator) on 2012-03-10 at 17:45:04
=================================================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter
LocalService REG_MULTI_SZ Alerter
WebClient
LmHosts
RemoteRegistry
upnphost
SSDPSRV
NetworkService REG_MULTI_SZ DnsCache
netsvcs REG_MULTI_SZ 6to4
AppMgmt
AudioSrv
Browser
CryptSvc
DMServer
DHCP
ERSvc
EventSystem
FastUserSwitchingCompatibility
HidServ
Ias
Iprip
Irmon
LanmanServer
LanmanWorkstation
Messenger
Netman
Nla
Ntmssvc
NWCWorkstation
Nwsapagent
Rasauto
Rasman
Remoteaccess
Schedule
Seclogon
SENS
Sharedaccess
SRService
Tapisrv
Themes
TrkWks
W32Time
WZCSVC
Wmi
WmdmPmSp
winmgmt
wscsvc
xmlprov
napagent
hkmsvc
BITS
wuauserv
ShellHWDetection
helpsvc
WmdmPmSN
DcomLaunch REG_MULTI_SZ DcomLaunch
TermService
rpcss REG_MULTI_SZ RpcSs
eapsvcs REG_MULTI_SZ eaphost
dot3svc REG_MULTI_SZ dot3svc
imgsvc REG_MULTI_SZ StiSvc
termsvcs REG_MULTI_SZ TermService
WudfServiceGroup REG_MULTI_SZ WUDFSvc
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\DComLaunch]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\dot3svc]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\eapsvcs]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\HTTPFilter]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\LocalService]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\netsvcs]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\PCHealth]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\termsvcs]
Mbr scan
Podle návodu mám vypnout firefox zatím posílám tyto logy
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost]
"HTTPFilter"=hex(7):48,00,54,00,54,00,50,00,46,00,69,00,6c,00,74,00,65,00,72,\
00,00,00,00,00
"LocalService"=hex(7):41,00,6c,00,65,00,72,00,74,00,65,00,72,00,00,00,57,00,65,\
00,62,00,43,00,6c,00,69,00,65,00,6e,00,74,00,00,00,4c,00,6d,00,48,00,6f,00,\
73,00,74,00,73,00,00,00,52,00,65,00,6d,00,6f,00,74,00,65,00,52,00,65,00,67,\
00,69,00,73,00,74,00,72,00,79,00,00,00,75,00,70,00,6e,00,70,00,68,00,6f,00,\
73,00,74,00,00,00,53,00,53,00,44,00,50,00,53,00,52,00,56,00,00,00,00,00
"NetworkService"=hex(7):44,00,6e,00,73,00,43,00,61,00,63,00,68,00,65,00,00,00,\
00,00
"netsvcs"=hex(7):36,00,74,00,6f,00,34,00,00,00,41,00,70,00,70,00,4d,00,67,00,\
6d,00,74,00,00,00,41,00,75,00,64,00,69,00,6f,00,53,00,72,00,76,00,00,00,42,\
00,72,00,6f,00,77,00,73,00,65,00,72,00,00,00,43,00,72,00,79,00,70,00,74,00,\
53,00,76,00,63,00,00,00,44,00,4d,00,53,00,65,00,72,00,76,00,65,00,72,00,00,\
00,44,00,48,00,43,00,50,00,00,00,45,00,52,00,53,00,76,00,63,00,00,00,45,00,\
76,00,65,00,6e,00,74,00,53,00,79,00,73,00,74,00,65,00,6d,00,00,00,46,00,61,\
00,73,00,74,00,55,00,73,00,65,00,72,00,53,00,77,00,69,00,74,00,63,00,68,00,\
69,00,6e,00,67,00,43,00,6f,00,6d,00,70,00,61,00,74,00,69,00,62,00,69,00,6c,\
00,69,00,74,00,79,00,00,00,48,00,69,00,64,00,53,00,65,00,72,00,76,00,00,00,\
49,00,61,00,73,00,00,00,49,00,70,00,72,00,69,00,70,00,00,00,49,00,72,00,6d,\
00,6f,00,6e,00,00,00,4c,00,61,00,6e,00,6d,00,61,00,6e,00,53,00,65,00,72,00,\
76,00,65,00,72,00,00,00,4c,00,61,00,6e,00,6d,00,61,00,6e,00,57,00,6f,00,72,\
00,6b,00,73,00,74,00,61,00,74,00,69,00,6f,00,6e,00,00,00,4d,00,65,00,73,00,\
73,00,65,00,6e,00,67,00,65,00,72,00,00,00,4e,00,65,00,74,00,6d,00,61,00,6e,\
00,00,00,4e,00,6c,00,61,00,00,00,4e,00,74,00,6d,00,73,00,73,00,76,00,63,00,\
00,00,4e,00,57,00,43,00,57,00,6f,00,72,00,6b,00,73,00,74,00,61,00,74,00,69,\
00,6f,00,6e,00,00,00,4e,00,77,00,73,00,61,00,70,00,61,00,67,00,65,00,6e,00,\
74,00,00,00,52,00,61,00,73,00,61,00,75,00,74,00,6f,00,00,00,52,00,61,00,73,\
00,6d,00,61,00,6e,00,00,00,52,00,65,00,6d,00,6f,00,74,00,65,00,61,00,63,00,\
63,00,65,00,73,00,73,00,00,00,53,00,63,00,68,00,65,00,64,00,75,00,6c,00,65,\
00,00,00,53,00,65,00,63,00,6c,00,6f,00,67,00,6f,00,6e,00,00,00,53,00,45,00,\
4e,00,53,00,00,00,53,00,68,00,61,00,72,00,65,00,64,00,61,00,63,00,63,00,65,\
00,73,00,73,00,00,00,53,00,52,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,\
00,00,54,00,61,00,70,00,69,00,73,00,72,00,76,00,00,00,54,00,68,00,65,00,6d,\
00,65,00,73,00,00,00,54,00,72,00,6b,00,57,00,6b,00,73,00,00,00,57,00,33,00,\
32,00,54,00,69,00,6d,00,65,00,00,00,57,00,5a,00,43,00,53,00,56,00,43,00,00,\
00,57,00,6d,00,69,00,00,00,57,00,6d,00,64,00,6d,00,50,00,6d,00,53,00,70,00,\
00,00,77,00,69,00,6e,00,6d,00,67,00,6d,00,74,00,00,00,77,00,73,00,63,00,73,\
00,76,00,63,00,00,00,78,00,6d,00,6c,00,70,00,72,00,6f,00,76,00,00,00,6e,00,\
61,00,70,00,61,00,67,00,65,00,6e,00,74,00,00,00,68,00,6b,00,6d,00,73,00,76,\
00,63,00,00,00,42,00,49,00,54,00,53,00,00,00,77,00,75,00,61,00,75,00,73,00,\
65,00,72,00,76,00,00,00,53,00,68,00,65,00,6c,00,6c,00,48,00,57,00,44,00,65,\
00,74,00,65,00,63,00,74,00,69,00,6f,00,6e,00,00,00,68,00,65,00,6c,00,70,00,\
73,00,76,00,63,00,00,00,57,00,6d,00,64,00,6d,00,50,00,6d,00,53,00,4e,00,00,\
00,00,00
"DcomLaunch"=hex(7):44,00,63,00,6f,00,6d,00,4c,00,61,00,75,00,6e,00,63,00,68,\
00,00,00,54,00,65,00,72,00,6d,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,\
00,00,00,00
"rpcss"=hex(7):52,00,70,00,63,00,53,00,73,00,00,00,00,00
"eapsvcs"=hex(7):65,00,61,00,70,00,68,00,6f,00,73,00,74,00,00,00,00,00
"dot3svc"=hex(7):64,00,6f,00,74,00,33,00,73,00,76,00,63,00,00,00,00,00
"imgsvc"=hex(7):53,00,74,00,69,00,53,00,76,00,63,00,00,00,00,00
"termsvcs"=hex(7):54,00,65,00,72,00,6d,00,53,00,65,00,72,00,76,00,69,00,63,00,\
65,00,00,00,00,00
"WudfServiceGroup"=hex(7):57,00,55,00,44,00,46,00,53,00,76,00,63,00,00,00,00,\
00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\DComLaunch]
"CoInitializeSecurityParam"=dword:00000001
"DefaultRpcStackSize"=dword:00000008
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\dot3svc]
"AuthenticationCapabilities"=dword:00003020
"CoInitializeSecurityParam"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\eapsvcs]
"AuthenticationCapabilities"=dword:00003020
"CoInitializeSecurityParam"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\HTTPFilter]
"CoInitializeSecurityParam"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\LocalService]
"CoInitializeSecurityParam"=dword:00000001
"AuthenticationCapabilities"=dword:00002000
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\netsvcs]
"CoInitializeSecurityParam"=dword:00000001
"AuthenticationCapabilities"=dword:00003020
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\PCHealth]
"CoInitializeSecurityParam"=dword:00000002
"AuthenticationCapabilities"=dword:00000040
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\termsvcs]
"CoInitializeSecurityParam"=dword:00000001
"DefaultRpcStackSize"=dword:00000008
query keys:
MiniRegTool by Farbar
Ran by Smudy (administrator) on 2012-03-10 at 17:45:04
=================================================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter
LocalService REG_MULTI_SZ Alerter
WebClient
LmHosts
RemoteRegistry
upnphost
SSDPSRV
NetworkService REG_MULTI_SZ DnsCache
netsvcs REG_MULTI_SZ 6to4
AppMgmt
AudioSrv
Browser
CryptSvc
DMServer
DHCP
ERSvc
EventSystem
FastUserSwitchingCompatibility
HidServ
Ias
Iprip
Irmon
LanmanServer
LanmanWorkstation
Messenger
Netman
Nla
Ntmssvc
NWCWorkstation
Nwsapagent
Rasauto
Rasman
Remoteaccess
Schedule
Seclogon
SENS
Sharedaccess
SRService
Tapisrv
Themes
TrkWks
W32Time
WZCSVC
Wmi
WmdmPmSp
winmgmt
wscsvc
xmlprov
napagent
hkmsvc
BITS
wuauserv
ShellHWDetection
helpsvc
WmdmPmSN
DcomLaunch REG_MULTI_SZ DcomLaunch
TermService
rpcss REG_MULTI_SZ RpcSs
eapsvcs REG_MULTI_SZ eaphost
dot3svc REG_MULTI_SZ dot3svc
imgsvc REG_MULTI_SZ StiSvc
termsvcs REG_MULTI_SZ TermService
WudfServiceGroup REG_MULTI_SZ WUDFSvc
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\DComLaunch]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\dot3svc]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\eapsvcs]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\HTTPFilter]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\LocalService]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\netsvcs]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\PCHealth]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\termsvcs]
Mbr scan
Kód: Vybrat vše
MBRScan v1.1.1
OS : Windows XP Home Service Pack 3 (32 bit)
PROCESSOR : x86 Family 15 Model 79 Stepping 2, AuthenticAMD
BOOT : Normal Boot
DATE : 2012/03/10 (ISO 8601) at 17:46:41
________________________________________________________________________________
DISK : Device\Harddisk0\DR0 __WDC WD1600JS-22NCB1 (10.02E02)
BUS_TYPE : (0x03) P-ATA
USE_PIO : YES
MAX_TRANSFER : 128 Kb
ALIGNMENT_MASK : word aligned
________________________________________________________________________________
Device\Harddisk0\DR0 149.1 Go [Fixed] ==> XP MBR Code .
MBR_MD5 : 73A87CA5B23BB4B7D8AE886673C33748
MBR_SHA1 : 4B87A4D04F85CE9ED35FE5248458DCD5976030E6
Device\Harddisk0\Partition1 58.59 Go 0x07 NTFS / HPFS __ BOOTABLE __
Device\Harddisk0\Partition2 90.45 Go 0x07 NTFS / HPFS
________________________________________________________________________________
############################### Additional scan ################################
DRIVER : C:\WINDOWS\System32\Drivers\dump_nvata.sys => Invisible on the disk
ADDRESS : 0xB44F8000
SIZE : 104.0 Ko
DRIVER : C:\WINDOWS\system32\drivers\xpsec.sys => Invisible on the disk
ADDRESS : 0xB3019000
SIZE : 76.0 Ko
DRIVER : C:\WINDOWS\system32\drivers\xcpip.sys => Invisible on the disk
ADDRESS : 0xB2FC0000
SIZE : 356.0 Ko
SystemStartOptions : NOEXECUTE=OPTIN FASTDETECT
________________________________________________________________________________
_______MBR \Device\Harddisk0\DR0
0x00000000 33 C0 8E D0 BC 00 7C FB 50 07 50 1F FC BE 1B 7C 3À.м.|ûP.P.ü¾.|
0x00000010 BF 1B 06 50 57 B9 E5 01 F3 A4 CB BD BE 07 B1 04 ¿..PW¹å.ó¤Ë½¾.±.
0x00000020 38 6E 00 7C 09 75 13 83 C5 10 E2 F4 CD 18 8B F5 8n.|.u..Å.âôÍ..õ
0x00000030 83 C6 10 49 74 19 38 2C 74 F6 A0 B5 07 B4 07 8B .Æ.It.8,tö.µ.´..
0x00000040 F0 AC 3C 00 74 FC BB 07 00 B4 0E CD 10 EB F2 88 ð¬<.tü»..´.Í.ëò.
0x00000050 4E 10 E8 46 00 73 2A FE 46 10 80 7E 04 0B 74 0B N.èF.s*þF..~..t.
0x00000060 80 7E 04 0C 74 05 A0 B6 07 75 D2 80 46 02 06 83 .~..t..¶.uÒ.F...
0x00000070 46 08 06 83 56 0A 00 E8 21 00 73 05 A0 B6 07 EB F...V..è!.s..¶.ë
0x00000080 BC 81 3E FE 7D 55 AA 74 0B 80 7E 10 00 74 C8 A0 ¼.>þ}Uªt..~..tÈ.
0x00000090 B7 07 EB A9 8B FC 1E 57 8B F5 CB BF 05 00 8A 56 ·.ë©.ü.W.õË¿...V
0x000000A0 00 B4 08 CD 13 72 23 8A C1 24 3F 98 8A DE 8A FC .´.Í.r#.Á$?..Þ.ü
0x000000B0 43 F7 E3 8B D1 86 D6 B1 06 D2 EE 42 F7 E2 39 56 C÷ã.Ñ.Ö±.ÒîB÷â9V
0x000000C0 0A 77 23 72 05 39 46 08 73 1C B8 01 02 BB 00 7C .w#r.9F.s.¸..».|
0x000000D0 8B 4E 02 8B 56 00 CD 13 73 51 4F 74 4E 32 E4 8A .N..V.Í.sQOtN2ä.
0x000000E0 56 00 CD 13 EB E4 8A 56 00 60 BB AA 55 B4 41 CD V.Í.ëä.V.`»ªU´AÍ
0x000000F0 13 72 36 81 FB 55 AA 75 30 F6 C1 01 74 2B 61 60 .r6.ûUªu0öÁ.t+a`
0x00000100 6A 00 6A 00 FF 76 0A FF 76 08 6A 00 68 00 7C 6A j.j..v..v.j.h.|j
0x00000110 01 6A 10 B4 42 8B F4 CD 13 61 61 73 0E 4F 74 0B .j.´B.ôÍ.aas.Ot.
0x00000120 32 E4 8A 56 00 CD 13 EB D6 61 F9 C3 4E 65 70 6C 2ä.V.Í.ëÖaùÃNepl
0x00000130 61 74 6E A0 20 74 61 62 75 6C 6B 61 20 6F 64 64 atn. tabulka odd
0x00000140 A1 6C 85 00 43 68 79 62 61 20 70 FD 69 20 6E 61 ¡l..Chyba pýi na
0x00000150 9F A1 74 A0 6E A1 20 6F 70 65 72 61 9F 6E A1 68 .¡t.n¡ opera.n¡h
0x00000160 6F 20 73 79 73 74 82 6D 75 00 4F 70 65 72 61 9F o syst.mu.Opera.
0x00000170 6E A1 20 73 79 73 74 82 6D 20 6E 65 6E 61 6C 65 n¡ syst.m nenale
0x00000180 7A 65 6E 00 00 00 00 00 00 00 00 00 00 00 00 00 zen.............
0x00000190 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0x000001A0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0x000001B0 00 00 00 00 00 2C 44 6A C6 17 C7 17 00 00 80 01 .....,DjÆ.Ç.....
0x000001C0 01 00 07 FE FF FF 3F 00 00 00 62 04 53 07 00 FE ...þ..?...b.S..þ
0x000001D0 FF FF 0F FE FF FF A1 04 53 07 5F 47 4E 0B 00 00 ...þ..¡.S._GN...
0x000001E0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0x000001F0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 AA ..............Uª
Re: Prosím o kontrolu logu. Děkuji
ComboFix 12-03-10.02 - Smudy 10.03.2012 18:13:23.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.2015.1554 [GMT 1:00]
Spuštěný z: d:\dokumenty\viry\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_xcpip
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-02-10 do 2012-03-10 )))))))))))))))))))))))))))))))
.
.
2012-03-04 13:08 . 2012-03-04 13:09 -------- d-----w- c:\program files\Valve
2012-03-02 14:12 . 2012-03-02 14:12 -------- d-----w- c:\program files\Winamp Detect
2012-03-02 14:12 . 2012-03-03 15:04 -------- d-----w- c:\documents and settings\Smudy\Data aplikací\Winamp
2012-03-02 14:12 . 2012-03-02 14:13 -------- d-----w- c:\program files\Winamp
2012-03-02 14:12 . 2012-03-02 14:12 -------- d-----w- c:\documents and settings\Smudy\Data aplikací\OpenCandy
2012-02-27 21:08 . 2012-02-27 21:08 -------- d-----w- c:\documents and settings\Smudy\Data aplikací\Publish Providers
2012-02-27 21:08 . 2012-02-27 21:08 -------- d-----w- c:\documents and settings\Smudy\Local Settings\Data aplikací\Sony
2012-02-27 16:50 . 2002-12-17 15:23 33340 ------w- c:\windows\system32\dbmsqlgc.dll
2012-02-27 16:50 . 2002-10-20 13:05 24576 ------w- c:\windows\system32\dbmsgnet.dll
2012-02-27 16:49 . 2012-02-27 16:49 -------- d-----w- c:\program files\Microsoft SQL Server
2012-02-27 16:49 . 2012-02-27 21:08 -------- d-----w- c:\documents and settings\Smudy\Data aplikací\Sony
2012-02-27 16:48 . 2012-02-27 16:48 -------- d-----w- c:\program files\Vstplugins
2012-02-27 16:48 . 2012-02-27 16:49 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Sony
2012-02-27 16:47 . 2012-02-27 16:47 -------- d-----w- c:\program files\Sony
2012-02-27 16:43 . 2012-02-27 16:43 -------- d-----w- c:\program files\Sony Setup
2012-02-27 14:10 . 2012-02-27 14:11 -------- d-----w- c:\documents and settings\Smudy\Data aplikací\Realore_Whiterra Roads Of Rome
2012-02-26 18:20 . 2012-02-27 15:08 -------- d---a-w- c:\documents and settings\All Users\Data aplikací\TEMP
2012-02-26 18:19 . 2012-03-04 12:46 -------- d-----w- c:\program files\RoadsofRome_at
2012-02-18 15:37 . 2012-02-18 15:37 -------- d-----w- c:\program files\Recuva
2012-02-18 14:59 . 2003-09-03 01:28 724992 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iKernel.dll
2012-02-18 14:59 . 2003-09-03 01:27 69715 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\ctor.dll
2012-02-18 14:59 . 2003-09-03 01:26 266240 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iscript.dll
2012-02-18 14:59 . 2003-09-03 01:26 192512 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iuser.dll
2012-02-18 14:59 . 2003-09-03 01:25 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\DotNetInstaller.exe
2012-02-18 14:59 . 2012-02-18 14:59 311428 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\Setup.dll
2012-02-18 14:59 . 2012-02-18 14:59 184452 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iGdi.dll
2012-02-16 13:07 . 2012-01-11 19:07 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll
2012-02-16 13:07 . 2012-01-11 19:07 3072 ------w- c:\windows\system32\iacenc.dll
2012-02-10 15:34 . 2012-02-10 15:35 -------- d-----w- c:\documents and settings\Administrator
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-23 18:44 . 2011-06-12 10:21 414368 -c--a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-16 05:35 . 2012-02-05 08:59 137416 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-01-12 17:21 . 2009-08-29 12:34 1869056 ----a-w- c:\windows\system32\win32k.sys
2011-12-17 19:42 . 2008-06-13 07:32 916992 ----a-w- c:\windows\system32\wininet.dll
2011-12-17 19:42 . 2008-06-13 07:31 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-12-17 19:42 . 2008-06-13 07:31 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-12-16 12:23 . 2008-06-13 07:31 385024 ----a-w- c:\windows\system32\html.iec
2010-12-27 17:40 . 2010-12-27 17:39 19985265 ----a-w- c:\program files\vlc-1.1.5-win32.exe
2006-12-04 17:39 . 2011-12-21 12:43 915968 ----a-w- c:\program files\WinRAR.exe
2006-12-04 17:39 . 2011-12-21 12:43 313856 ----a-w- c:\program files\Rar.exe
2006-12-03 13:53 . 2011-12-21 12:43 98304 ----a-w- c:\program files\Uninstall.exe
2006-12-03 13:53 . 2011-12-21 12:43 126464 ----a-w- c:\program files\RarExt.dll
2006-12-03 13:53 . 2011-12-21 12:43 66560 -c--a-w- c:\program files\Zip.SFX
2006-12-03 13:53 . 2011-12-21 12:43 100864 -c--a-w- c:\program files\Default.SFX
2006-12-03 13:52 . 2011-12-21 12:43 200704 ----a-w- c:\program files\UnRAR.exe
2006-09-18 13:31 . 2011-12-21 12:43 79360 -c--a-w- c:\program files\WinCon.SFX
2006-09-14 16:29 . 2011-12-21 12:43 315392 ----a-w- c:\program files\rarlng.dll
2005-06-07 11:26 . 2011-12-21 12:43 43008 ----a-w- c:\program files\RarExt64.dll
2005-06-07 11:25 . 2011-12-21 12:43 44032 ----a-w- c:\program files\RarExtLoader.exe
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2012-02-18 08:15 . 2011-06-26 21:27 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2006-05-03 10:06 163328 -csh--r- c:\windows\system32\flvDX.dll
2007-02-21 11:47 31232 -csh--r- c:\windows\system32\msfDX.dll
2008-03-16 13:30 216064 -csh--r- c:\windows\system32\nbDX.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2008-04-13 22:10 . !HASH: COULD NOT OPEN FILE !!!!! . 96512 . . [------] . . c:\windows\system32\drivers\atapi.sys
[7] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\system32\ReinstallBackups\0001\DriverFiles\i386\atapi.sys
.
[-] 2008-06-13 . 1E603EA2A3FDBAE9E5B88A8CB3C03124 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-08-16 7630848]
"nwiz"="nwiz.exe" [2006-08-16 1617920]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-08-16 86016]
"RTHDCPL"="RTHDCPL.EXE" [2009-03-27 17567744]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-09-23 258512]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2011-12-09 74752]
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 13:40 155648 -c--a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QIP2005]
2010-06-28 13:32 3332608 ----a-w- c:\program files\QIP\qip.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Companion]
2011-10-21 13:06 433872 ----a-w- c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\QIP\\qip.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Sony Ericsson\\Update Engine\\Sony Ericsson Update Engine.exe"=
"c:\\Program Files\\ICQ7.5\\ICQ.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Valve\\hl.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1582:TCP"= 1582:TCP:west
"3389:TCP"= 3389:TCP:Remote Desktop
"65533:TCP"= 65533:TCP:Services
"52344:TCP"= 52344:TCP:Services
.
R0 a347bus;a347bus;c:\windows\system32\drivers\a347bus.sys [4.10.2009 14:07 160640]
R0 a347scsi;a347scsi;c:\windows\system32\drivers\a347scsi.sys [4.10.2009 14:07 5248]
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [5.2.2012 9:59 36000]
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [5.2.2012 9:59 86224]
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [6.9.2010 17:59 27632]
R3 xpsec;Ovladač IPSEC;c:\windows\system32\drivers\xpsec.sys --> c:\windows\system32\drivers\xpsec.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 12:16 130384]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [30.9.2009 16:17 1684736]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [23.12.2009 18:13 38224]
S3 nprbxkbnh.sys;nprbxkbnh.sys;\??\c:\windows\system32\drivers\nprbxkbnh.sys --> c:\windows\system32\drivers\nprbxkbnh.sys [?]
S3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\drivers\s0016bus.sys [30.8.2010 9:09 89256]
S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\drivers\s0016mdfl.sys [30.8.2010 9:09 15016]
S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\drivers\s0016mdm.sys [30.8.2010 9:09 120744]
S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0016mgmt.sys [30.8.2010 9:09 114216]
S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\drivers\s0016nd5.sys [30.8.2010 9:09 25512]
S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\drivers\s0016obex.sys [30.8.2010 9:09 110632]
S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\drivers\s0016unic.sys [30.8.2010 9:09 115752]
S3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\drivers\s1018bus.sys [30.8.2010 9:09 86824]
S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\drivers\s1018mdfl.sys [30.8.2010 9:09 15016]
S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\drivers\s1018mdm.sys [30.8.2010 9:09 114728]
S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s1018mgmt.sys [30.8.2010 9:09 106208]
S3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\drivers\s1018nd5.sys [30.8.2010 9:09 26024]
S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\drivers\s1018obex.sys [30.8.2010 9:09 104744]
S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\drivers\s1018unic.sys [30.8.2010 9:09 109864]
S3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [28.12.2010 8:04 155344]
S3 WFIOCTL;WFIOCTL;c:\program files\WinFast\WFTVFM\WFIOCTL.sys [30.9.2009 16:25 9446]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.3.2010 12:16 753504]
.
--- Ostatní služby/ovladače v paměti ---
.
*Deregistered* - xcpip
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.centrum.cz/#utm_source=icq&utm_medium=centrum
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files\ICQ7.5\ICQ.exe
TCP: Interfaces\{9783E68B-AEAD-4271-864F-D0C12BB83B40}: NameServer = 78.157.167.7,78.157.167.57
FF - ProfilePath - c:\documents and settings\Smudy\Data aplikací\Mozilla\Firefox\Profiles\f7cbzu2f.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.2.9&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.3.6&q=
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-03-10 18:21
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(2292)
c:\windows\system32\nview.dll
c:\windows\system32\NVWRSCS.DLL
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\msi.dll
c:\windows\system32\nvwddi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\HPZipm12.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\RUNDLL32.EXE
c:\windows\RTHDCPL.EXE
c:\windows\system32\rundll32.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Celkový čas: 2012-03-10 18:26:28 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-03-10 17:26
.
Před spuštěním: Volných bajtů: 13 255 458 816
Po spuštění: Volných bajtů: 22 953 652 224
.
WindowsXP-KB310994-SP2-Home-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 63526DBD384901F718635337EAA7BF92
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.2015.1554 [GMT 1:00]
Spuštěný z: d:\dokumenty\viry\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_xcpip
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-02-10 do 2012-03-10 )))))))))))))))))))))))))))))))
.
.
2012-03-04 13:08 . 2012-03-04 13:09 -------- d-----w- c:\program files\Valve
2012-03-02 14:12 . 2012-03-02 14:12 -------- d-----w- c:\program files\Winamp Detect
2012-03-02 14:12 . 2012-03-03 15:04 -------- d-----w- c:\documents and settings\Smudy\Data aplikací\Winamp
2012-03-02 14:12 . 2012-03-02 14:13 -------- d-----w- c:\program files\Winamp
2012-03-02 14:12 . 2012-03-02 14:12 -------- d-----w- c:\documents and settings\Smudy\Data aplikací\OpenCandy
2012-02-27 21:08 . 2012-02-27 21:08 -------- d-----w- c:\documents and settings\Smudy\Data aplikací\Publish Providers
2012-02-27 21:08 . 2012-02-27 21:08 -------- d-----w- c:\documents and settings\Smudy\Local Settings\Data aplikací\Sony
2012-02-27 16:50 . 2002-12-17 15:23 33340 ------w- c:\windows\system32\dbmsqlgc.dll
2012-02-27 16:50 . 2002-10-20 13:05 24576 ------w- c:\windows\system32\dbmsgnet.dll
2012-02-27 16:49 . 2012-02-27 16:49 -------- d-----w- c:\program files\Microsoft SQL Server
2012-02-27 16:49 . 2012-02-27 21:08 -------- d-----w- c:\documents and settings\Smudy\Data aplikací\Sony
2012-02-27 16:48 . 2012-02-27 16:48 -------- d-----w- c:\program files\Vstplugins
2012-02-27 16:48 . 2012-02-27 16:49 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Sony
2012-02-27 16:47 . 2012-02-27 16:47 -------- d-----w- c:\program files\Sony
2012-02-27 16:43 . 2012-02-27 16:43 -------- d-----w- c:\program files\Sony Setup
2012-02-27 14:10 . 2012-02-27 14:11 -------- d-----w- c:\documents and settings\Smudy\Data aplikací\Realore_Whiterra Roads Of Rome
2012-02-26 18:20 . 2012-02-27 15:08 -------- d---a-w- c:\documents and settings\All Users\Data aplikací\TEMP
2012-02-26 18:19 . 2012-03-04 12:46 -------- d-----w- c:\program files\RoadsofRome_at
2012-02-18 15:37 . 2012-02-18 15:37 -------- d-----w- c:\program files\Recuva
2012-02-18 14:59 . 2003-09-03 01:28 724992 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iKernel.dll
2012-02-18 14:59 . 2003-09-03 01:27 69715 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\ctor.dll
2012-02-18 14:59 . 2003-09-03 01:26 266240 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iscript.dll
2012-02-18 14:59 . 2003-09-03 01:26 192512 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iuser.dll
2012-02-18 14:59 . 2003-09-03 01:25 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\DotNetInstaller.exe
2012-02-18 14:59 . 2012-02-18 14:59 311428 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\Setup.dll
2012-02-18 14:59 . 2012-02-18 14:59 184452 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iGdi.dll
2012-02-16 13:07 . 2012-01-11 19:07 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll
2012-02-16 13:07 . 2012-01-11 19:07 3072 ------w- c:\windows\system32\iacenc.dll
2012-02-10 15:34 . 2012-02-10 15:35 -------- d-----w- c:\documents and settings\Administrator
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-23 18:44 . 2011-06-12 10:21 414368 -c--a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-16 05:35 . 2012-02-05 08:59 137416 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-01-12 17:21 . 2009-08-29 12:34 1869056 ----a-w- c:\windows\system32\win32k.sys
2011-12-17 19:42 . 2008-06-13 07:32 916992 ----a-w- c:\windows\system32\wininet.dll
2011-12-17 19:42 . 2008-06-13 07:31 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-12-17 19:42 . 2008-06-13 07:31 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-12-16 12:23 . 2008-06-13 07:31 385024 ----a-w- c:\windows\system32\html.iec
2010-12-27 17:40 . 2010-12-27 17:39 19985265 ----a-w- c:\program files\vlc-1.1.5-win32.exe
2006-12-04 17:39 . 2011-12-21 12:43 915968 ----a-w- c:\program files\WinRAR.exe
2006-12-04 17:39 . 2011-12-21 12:43 313856 ----a-w- c:\program files\Rar.exe
2006-12-03 13:53 . 2011-12-21 12:43 98304 ----a-w- c:\program files\Uninstall.exe
2006-12-03 13:53 . 2011-12-21 12:43 126464 ----a-w- c:\program files\RarExt.dll
2006-12-03 13:53 . 2011-12-21 12:43 66560 -c--a-w- c:\program files\Zip.SFX
2006-12-03 13:53 . 2011-12-21 12:43 100864 -c--a-w- c:\program files\Default.SFX
2006-12-03 13:52 . 2011-12-21 12:43 200704 ----a-w- c:\program files\UnRAR.exe
2006-09-18 13:31 . 2011-12-21 12:43 79360 -c--a-w- c:\program files\WinCon.SFX
2006-09-14 16:29 . 2011-12-21 12:43 315392 ----a-w- c:\program files\rarlng.dll
2005-06-07 11:26 . 2011-12-21 12:43 43008 ----a-w- c:\program files\RarExt64.dll
2005-06-07 11:25 . 2011-12-21 12:43 44032 ----a-w- c:\program files\RarExtLoader.exe
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2012-02-18 08:15 . 2011-06-26 21:27 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2006-05-03 10:06 163328 -csh--r- c:\windows\system32\flvDX.dll
2007-02-21 11:47 31232 -csh--r- c:\windows\system32\msfDX.dll
2008-03-16 13:30 216064 -csh--r- c:\windows\system32\nbDX.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2008-04-13 22:10 . !HASH: COULD NOT OPEN FILE !!!!! . 96512 . . [------] . . c:\windows\system32\drivers\atapi.sys
[7] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\system32\ReinstallBackups\0001\DriverFiles\i386\atapi.sys
.
[-] 2008-06-13 . 1E603EA2A3FDBAE9E5B88A8CB3C03124 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-08-16 7630848]
"nwiz"="nwiz.exe" [2006-08-16 1617920]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-08-16 86016]
"RTHDCPL"="RTHDCPL.EXE" [2009-03-27 17567744]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-09-23 258512]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2011-12-09 74752]
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 13:40 155648 -c--a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QIP2005]
2010-06-28 13:32 3332608 ----a-w- c:\program files\QIP\qip.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Companion]
2011-10-21 13:06 433872 ----a-w- c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\QIP\\qip.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Sony Ericsson\\Update Engine\\Sony Ericsson Update Engine.exe"=
"c:\\Program Files\\ICQ7.5\\ICQ.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Valve\\hl.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1582:TCP"= 1582:TCP:west
"3389:TCP"= 3389:TCP:Remote Desktop
"65533:TCP"= 65533:TCP:Services
"52344:TCP"= 52344:TCP:Services
.
R0 a347bus;a347bus;c:\windows\system32\drivers\a347bus.sys [4.10.2009 14:07 160640]
R0 a347scsi;a347scsi;c:\windows\system32\drivers\a347scsi.sys [4.10.2009 14:07 5248]
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [5.2.2012 9:59 36000]
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [5.2.2012 9:59 86224]
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [6.9.2010 17:59 27632]
R3 xpsec;Ovladač IPSEC;c:\windows\system32\drivers\xpsec.sys --> c:\windows\system32\drivers\xpsec.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 12:16 130384]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [30.9.2009 16:17 1684736]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [23.12.2009 18:13 38224]
S3 nprbxkbnh.sys;nprbxkbnh.sys;\??\c:\windows\system32\drivers\nprbxkbnh.sys --> c:\windows\system32\drivers\nprbxkbnh.sys [?]
S3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\drivers\s0016bus.sys [30.8.2010 9:09 89256]
S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\drivers\s0016mdfl.sys [30.8.2010 9:09 15016]
S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\drivers\s0016mdm.sys [30.8.2010 9:09 120744]
S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0016mgmt.sys [30.8.2010 9:09 114216]
S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\drivers\s0016nd5.sys [30.8.2010 9:09 25512]
S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\drivers\s0016obex.sys [30.8.2010 9:09 110632]
S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\drivers\s0016unic.sys [30.8.2010 9:09 115752]
S3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\drivers\s1018bus.sys [30.8.2010 9:09 86824]
S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\drivers\s1018mdfl.sys [30.8.2010 9:09 15016]
S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\drivers\s1018mdm.sys [30.8.2010 9:09 114728]
S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s1018mgmt.sys [30.8.2010 9:09 106208]
S3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\drivers\s1018nd5.sys [30.8.2010 9:09 26024]
S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\drivers\s1018obex.sys [30.8.2010 9:09 104744]
S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\drivers\s1018unic.sys [30.8.2010 9:09 109864]
S3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [28.12.2010 8:04 155344]
S3 WFIOCTL;WFIOCTL;c:\program files\WinFast\WFTVFM\WFIOCTL.sys [30.9.2009 16:25 9446]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.3.2010 12:16 753504]
.
--- Ostatní služby/ovladače v paměti ---
.
*Deregistered* - xcpip
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.centrum.cz/#utm_source=icq&utm_medium=centrum
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files\ICQ7.5\ICQ.exe
TCP: Interfaces\{9783E68B-AEAD-4271-864F-D0C12BB83B40}: NameServer = 78.157.167.7,78.157.167.57
FF - ProfilePath - c:\documents and settings\Smudy\Data aplikací\Mozilla\Firefox\Profiles\f7cbzu2f.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.2.9&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.3.6&q=
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-03-10 18:21
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(2292)
c:\windows\system32\nview.dll
c:\windows\system32\NVWRSCS.DLL
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\msi.dll
c:\windows\system32\nvwddi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\HPZipm12.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\RUNDLL32.EXE
c:\windows\RTHDCPL.EXE
c:\windows\system32\rundll32.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Celkový čas: 2012-03-10 18:26:28 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-03-10 17:26
.
Před spuštěním: Volných bajtů: 13 255 458 816
Po spuštění: Volných bajtů: 22 953 652 224
.
WindowsXP-KB310994-SP2-Home-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 63526DBD384901F718635337EAA7BF92
Re: Prosím o kontrolu logu. Děkuji
Snad jsem Vás správně pochopil vytvořil textovy dokument kde jsem to vložil a pod názvem CFScript uložil dany soubor myši přesunul na CF a tady je log:
ComboFix 12-03-10.02 - Smudy 10.03.2012 19:52:45.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.2015.1231 [GMT 1:00]
Spuštěný z: d:\dokumenty\viry\ComboFix.exe
Použité ovládací přepínače :: d:\dokumenty\viry\CFScript.txt
AV: Avira Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_xpsec
-------\Legacy_nprbxkbnh.sys
-------\Service_nprbxkbnh.sys
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-02-10 do 2012-03-10 )))))))))))))))))))))))))))))))
.
.
2012-03-04 13:08 . 2012-03-04 13:09 -------- d-----w- c:\program files\Valve
2012-03-02 14:12 . 2012-03-02 14:12 -------- d-----w- c:\program files\Winamp Detect
2012-03-02 14:12 . 2012-03-03 15:04 -------- d-----w- c:\documents and settings\Smudy\Data aplikací\Winamp
2012-03-02 14:12 . 2012-03-02 14:13 -------- d-----w- c:\program files\Winamp
2012-03-02 14:12 . 2012-03-02 14:12 -------- d-----w- c:\documents and settings\Smudy\Data aplikací\OpenCandy
2012-02-27 21:08 . 2012-02-27 21:08 -------- d-----w- c:\documents and settings\Smudy\Data aplikací\Publish Providers
2012-02-27 21:08 . 2012-02-27 21:08 -------- d-----w- c:\documents and settings\Smudy\Local Settings\Data aplikací\Sony
2012-02-27 16:50 . 2002-12-17 15:23 33340 ------w- c:\windows\system32\dbmsqlgc.dll
2012-02-27 16:50 . 2002-10-20 13:05 24576 ------w- c:\windows\system32\dbmsgnet.dll
2012-02-27 16:49 . 2012-02-27 16:49 -------- d-----w- c:\program files\Microsoft SQL Server
2012-02-27 16:49 . 2012-02-27 21:08 -------- d-----w- c:\documents and settings\Smudy\Data aplikací\Sony
2012-02-27 16:48 . 2012-02-27 16:48 -------- d-----w- c:\program files\Vstplugins
2012-02-27 16:48 . 2012-02-27 16:49 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Sony
2012-02-27 16:47 . 2012-02-27 16:47 -------- d-----w- c:\program files\Sony
2012-02-27 16:43 . 2012-02-27 16:43 -------- d-----w- c:\program files\Sony Setup
2012-02-27 14:10 . 2012-02-27 14:11 -------- d-----w- c:\documents and settings\Smudy\Data aplikací\Realore_Whiterra Roads Of Rome
2012-02-26 18:20 . 2012-02-27 15:08 -------- d---a-w- c:\documents and settings\All Users\Data aplikací\TEMP
2012-02-26 18:19 . 2012-03-04 12:46 -------- d-----w- c:\program files\RoadsofRome_at
2012-02-18 15:37 . 2012-02-18 15:37 -------- d-----w- c:\program files\Recuva
2012-02-18 14:59 . 2003-09-03 01:28 724992 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iKernel.dll
2012-02-18 14:59 . 2003-09-03 01:27 69715 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\ctor.dll
2012-02-18 14:59 . 2003-09-03 01:26 266240 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iscript.dll
2012-02-18 14:59 . 2003-09-03 01:26 192512 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iuser.dll
2012-02-18 14:59 . 2003-09-03 01:25 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\DotNetInstaller.exe
2012-02-18 14:59 . 2012-02-18 14:59 311428 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\Setup.dll
2012-02-18 14:59 . 2012-02-18 14:59 184452 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iGdi.dll
2012-02-16 13:07 . 2012-01-11 19:07 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll
2012-02-16 13:07 . 2012-01-11 19:07 3072 ------w- c:\windows\system32\iacenc.dll
2012-02-10 15:34 . 2012-02-10 15:35 -------- d-----w- c:\documents and settings\Administrator
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-23 18:44 . 2011-06-12 10:21 414368 -c--a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-16 05:35 . 2012-02-05 08:59 137416 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-01-12 17:21 . 2009-08-29 12:34 1869056 ----a-w- c:\windows\system32\win32k.sys
2011-12-17 19:42 . 2008-06-13 07:32 916992 ----a-w- c:\windows\system32\wininet.dll
2011-12-17 19:42 . 2008-06-13 07:31 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-12-17 19:42 . 2008-06-13 07:31 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-12-16 12:23 . 2008-06-13 07:31 385024 ----a-w- c:\windows\system32\html.iec
2010-12-27 17:40 . 2010-12-27 17:39 19985265 ----a-w- c:\program files\vlc-1.1.5-win32.exe
2006-12-04 17:39 . 2011-12-21 12:43 915968 ----a-w- c:\program files\WinRAR.exe
2006-12-04 17:39 . 2011-12-21 12:43 313856 ----a-w- c:\program files\Rar.exe
2006-12-03 13:53 . 2011-12-21 12:43 98304 ----a-w- c:\program files\Uninstall.exe
2006-12-03 13:53 . 2011-12-21 12:43 126464 ----a-w- c:\program files\RarExt.dll
2006-12-03 13:53 . 2011-12-21 12:43 66560 -c--a-w- c:\program files\Zip.SFX
2006-12-03 13:53 . 2011-12-21 12:43 100864 -c--a-w- c:\program files\Default.SFX
2006-12-03 13:52 . 2011-12-21 12:43 200704 ----a-w- c:\program files\UnRAR.exe
2006-09-18 13:31 . 2011-12-21 12:43 79360 -c--a-w- c:\program files\WinCon.SFX
2006-09-14 16:29 . 2011-12-21 12:43 315392 ----a-w- c:\program files\rarlng.dll
2005-06-07 11:26 . 2011-12-21 12:43 43008 ----a-w- c:\program files\RarExt64.dll
2005-06-07 11:25 . 2011-12-21 12:43 44032 ----a-w- c:\program files\RarExtLoader.exe
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2012-02-18 08:15 . 2011-06-26 21:27 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2006-05-03 10:06 163328 -csh--r- c:\windows\system32\flvDX.dll
2007-02-21 11:47 31232 -csh--r- c:\windows\system32\msfDX.dll
2008-03-16 13:30 216064 -csh--r- c:\windows\system32\nbDX.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2008-04-13 22:10 . !HASH: COULD NOT OPEN FILE !!!!! . 96512 . . [------] . . c:\windows\system32\drivers\atapi.sys
[7] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\system32\ReinstallBackups\0001\DriverFiles\i386\atapi.sys
.
[-] 2008-06-13 . 1E603EA2A3FDBAE9E5B88A8CB3C03124 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((( SnapShot@2012-03-10_17.21.49 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-03-10 19:01 . 2012-03-10 19:01 16384 c:\windows\Temp\Perflib_Perfdata_3d0.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-08-16 7630848]
"nwiz"="nwiz.exe" [2006-08-16 1617920]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-08-16 86016]
"RTHDCPL"="RTHDCPL.EXE" [2009-03-27 17567744]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-09-23 258512]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2011-12-09 74752]
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 13:40 155648 -c--a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QIP2005]
2010-06-28 13:32 3332608 ----a-w- c:\program files\QIP\qip.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Companion]
2011-10-21 13:06 433872 ----a-w- c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\QIP\\qip.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Sony Ericsson\\Update Engine\\Sony Ericsson Update Engine.exe"=
"c:\\Program Files\\ICQ7.5\\ICQ.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Valve\\hl.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1582:TCP"= 1582:TCP:west
"3389:TCP"= 3389:TCP:Remote Desktop
"65533:TCP"= 65533:TCP:Services
"52344:TCP"= 52344:TCP:Services
.
R0 a347bus;a347bus;c:\windows\system32\drivers\a347bus.sys [4.10.2009 14:07 160640]
R0 a347scsi;a347scsi;c:\windows\system32\drivers\a347scsi.sys [4.10.2009 14:07 5248]
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [5.2.2012 9:59 36000]
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [5.2.2012 9:59 86224]
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [6.9.2010 17:59 27632]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 12:16 130384]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [30.9.2009 16:17 1684736]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [23.12.2009 18:13 38224]
S3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\drivers\s0016bus.sys [30.8.2010 9:09 89256]
S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\drivers\s0016mdfl.sys [30.8.2010 9:09 15016]
S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\drivers\s0016mdm.sys [30.8.2010 9:09 120744]
S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0016mgmt.sys [30.8.2010 9:09 114216]
S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\drivers\s0016nd5.sys [30.8.2010 9:09 25512]
S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\drivers\s0016obex.sys [30.8.2010 9:09 110632]
S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\drivers\s0016unic.sys [30.8.2010 9:09 115752]
S3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\drivers\s1018bus.sys [30.8.2010 9:09 86824]
S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\drivers\s1018mdfl.sys [30.8.2010 9:09 15016]
S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\drivers\s1018mdm.sys [30.8.2010 9:09 114728]
S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s1018mgmt.sys [30.8.2010 9:09 106208]
S3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\drivers\s1018nd5.sys [30.8.2010 9:09 26024]
S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\drivers\s1018obex.sys [30.8.2010 9:09 104744]
S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\drivers\s1018unic.sys [30.8.2010 9:09 109864]
S3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [28.12.2010 8:04 155344]
S3 WFIOCTL;WFIOCTL;c:\program files\WinFast\WFTVFM\WFIOCTL.sys [30.9.2009 16:25 9446]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.3.2010 12:16 753504]
.
--- Ostatní služby/ovladače v paměti ---
.
*Deregistered* - xcpip
*Deregistered* - xpsec
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.centrum.cz/#utm_source=icq&utm_medium=centrum
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files\ICQ7.5\ICQ.exe
TCP: Interfaces\{9783E68B-AEAD-4271-864F-D0C12BB83B40}: NameServer = 78.157.167.7,78.157.167.57
FF - ProfilePath - c:\documents and settings\Smudy\Data aplikací\Mozilla\Firefox\Profiles\f7cbzu2f.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.2.9&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.3.6&q=
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-03-10 20:01
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(2376)
c:\windows\system32\nview.dll
c:\windows\system32\NVWRSCS.DLL
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\msi.dll
c:\windows\system32\nvwddi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\HPZipm12.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\RUNDLL32.EXE
c:\windows\RTHDCPL.EXE
c:\windows\system32\rundll32.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Celkový čas: 2012-03-10 20:06:24 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-03-10 19:06
ComboFix2.txt 2012-03-10 17:26
.
Před spuštěním: Volných bajtů: 22 866 870 272
Po spuštění: Volných bajtů: 22 847 635 456
.
- - End Of File - - 0B70C4AE20753BB7043F2789679B59B7
Porty nevím k čemu by měli být otevřeny. Může to byt pro multiplayer jedné hry ? Pokud ne. Jak je zavřit
ComboFix 12-03-10.02 - Smudy 10.03.2012 19:52:45.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.2015.1231 [GMT 1:00]
Spuštěný z: d:\dokumenty\viry\ComboFix.exe
Použité ovládací přepínače :: d:\dokumenty\viry\CFScript.txt
AV: Avira Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_xpsec
-------\Legacy_nprbxkbnh.sys
-------\Service_nprbxkbnh.sys
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-02-10 do 2012-03-10 )))))))))))))))))))))))))))))))
.
.
2012-03-04 13:08 . 2012-03-04 13:09 -------- d-----w- c:\program files\Valve
2012-03-02 14:12 . 2012-03-02 14:12 -------- d-----w- c:\program files\Winamp Detect
2012-03-02 14:12 . 2012-03-03 15:04 -------- d-----w- c:\documents and settings\Smudy\Data aplikací\Winamp
2012-03-02 14:12 . 2012-03-02 14:13 -------- d-----w- c:\program files\Winamp
2012-03-02 14:12 . 2012-03-02 14:12 -------- d-----w- c:\documents and settings\Smudy\Data aplikací\OpenCandy
2012-02-27 21:08 . 2012-02-27 21:08 -------- d-----w- c:\documents and settings\Smudy\Data aplikací\Publish Providers
2012-02-27 21:08 . 2012-02-27 21:08 -------- d-----w- c:\documents and settings\Smudy\Local Settings\Data aplikací\Sony
2012-02-27 16:50 . 2002-12-17 15:23 33340 ------w- c:\windows\system32\dbmsqlgc.dll
2012-02-27 16:50 . 2002-10-20 13:05 24576 ------w- c:\windows\system32\dbmsgnet.dll
2012-02-27 16:49 . 2012-02-27 16:49 -------- d-----w- c:\program files\Microsoft SQL Server
2012-02-27 16:49 . 2012-02-27 21:08 -------- d-----w- c:\documents and settings\Smudy\Data aplikací\Sony
2012-02-27 16:48 . 2012-02-27 16:48 -------- d-----w- c:\program files\Vstplugins
2012-02-27 16:48 . 2012-02-27 16:49 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Sony
2012-02-27 16:47 . 2012-02-27 16:47 -------- d-----w- c:\program files\Sony
2012-02-27 16:43 . 2012-02-27 16:43 -------- d-----w- c:\program files\Sony Setup
2012-02-27 14:10 . 2012-02-27 14:11 -------- d-----w- c:\documents and settings\Smudy\Data aplikací\Realore_Whiterra Roads Of Rome
2012-02-26 18:20 . 2012-02-27 15:08 -------- d---a-w- c:\documents and settings\All Users\Data aplikací\TEMP
2012-02-26 18:19 . 2012-03-04 12:46 -------- d-----w- c:\program files\RoadsofRome_at
2012-02-18 15:37 . 2012-02-18 15:37 -------- d-----w- c:\program files\Recuva
2012-02-18 14:59 . 2003-09-03 01:28 724992 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iKernel.dll
2012-02-18 14:59 . 2003-09-03 01:27 69715 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\ctor.dll
2012-02-18 14:59 . 2003-09-03 01:26 266240 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iscript.dll
2012-02-18 14:59 . 2003-09-03 01:26 192512 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iuser.dll
2012-02-18 14:59 . 2003-09-03 01:25 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\DotNetInstaller.exe
2012-02-18 14:59 . 2012-02-18 14:59 311428 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\Setup.dll
2012-02-18 14:59 . 2012-02-18 14:59 184452 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iGdi.dll
2012-02-16 13:07 . 2012-01-11 19:07 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll
2012-02-16 13:07 . 2012-01-11 19:07 3072 ------w- c:\windows\system32\iacenc.dll
2012-02-10 15:34 . 2012-02-10 15:35 -------- d-----w- c:\documents and settings\Administrator
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-23 18:44 . 2011-06-12 10:21 414368 -c--a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-16 05:35 . 2012-02-05 08:59 137416 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-01-12 17:21 . 2009-08-29 12:34 1869056 ----a-w- c:\windows\system32\win32k.sys
2011-12-17 19:42 . 2008-06-13 07:32 916992 ----a-w- c:\windows\system32\wininet.dll
2011-12-17 19:42 . 2008-06-13 07:31 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-12-17 19:42 . 2008-06-13 07:31 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-12-16 12:23 . 2008-06-13 07:31 385024 ----a-w- c:\windows\system32\html.iec
2010-12-27 17:40 . 2010-12-27 17:39 19985265 ----a-w- c:\program files\vlc-1.1.5-win32.exe
2006-12-04 17:39 . 2011-12-21 12:43 915968 ----a-w- c:\program files\WinRAR.exe
2006-12-04 17:39 . 2011-12-21 12:43 313856 ----a-w- c:\program files\Rar.exe
2006-12-03 13:53 . 2011-12-21 12:43 98304 ----a-w- c:\program files\Uninstall.exe
2006-12-03 13:53 . 2011-12-21 12:43 126464 ----a-w- c:\program files\RarExt.dll
2006-12-03 13:53 . 2011-12-21 12:43 66560 -c--a-w- c:\program files\Zip.SFX
2006-12-03 13:53 . 2011-12-21 12:43 100864 -c--a-w- c:\program files\Default.SFX
2006-12-03 13:52 . 2011-12-21 12:43 200704 ----a-w- c:\program files\UnRAR.exe
2006-09-18 13:31 . 2011-12-21 12:43 79360 -c--a-w- c:\program files\WinCon.SFX
2006-09-14 16:29 . 2011-12-21 12:43 315392 ----a-w- c:\program files\rarlng.dll
2005-06-07 11:26 . 2011-12-21 12:43 43008 ----a-w- c:\program files\RarExt64.dll
2005-06-07 11:25 . 2011-12-21 12:43 44032 ----a-w- c:\program files\RarExtLoader.exe
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2012-02-18 08:15 . 2011-06-26 21:27 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2006-05-03 10:06 163328 -csh--r- c:\windows\system32\flvDX.dll
2007-02-21 11:47 31232 -csh--r- c:\windows\system32\msfDX.dll
2008-03-16 13:30 216064 -csh--r- c:\windows\system32\nbDX.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2008-04-13 22:10 . !HASH: COULD NOT OPEN FILE !!!!! . 96512 . . [------] . . c:\windows\system32\drivers\atapi.sys
[7] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\system32\ReinstallBackups\0001\DriverFiles\i386\atapi.sys
.
[-] 2008-06-13 . 1E603EA2A3FDBAE9E5B88A8CB3C03124 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((( SnapShot@2012-03-10_17.21.49 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-03-10 19:01 . 2012-03-10 19:01 16384 c:\windows\Temp\Perflib_Perfdata_3d0.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-08-16 7630848]
"nwiz"="nwiz.exe" [2006-08-16 1617920]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-08-16 86016]
"RTHDCPL"="RTHDCPL.EXE" [2009-03-27 17567744]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-09-23 258512]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2011-12-09 74752]
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 13:40 155648 -c--a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QIP2005]
2010-06-28 13:32 3332608 ----a-w- c:\program files\QIP\qip.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Companion]
2011-10-21 13:06 433872 ----a-w- c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\QIP\\qip.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Sony Ericsson\\Update Engine\\Sony Ericsson Update Engine.exe"=
"c:\\Program Files\\ICQ7.5\\ICQ.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Valve\\hl.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1582:TCP"= 1582:TCP:west
"3389:TCP"= 3389:TCP:Remote Desktop
"65533:TCP"= 65533:TCP:Services
"52344:TCP"= 52344:TCP:Services
.
R0 a347bus;a347bus;c:\windows\system32\drivers\a347bus.sys [4.10.2009 14:07 160640]
R0 a347scsi;a347scsi;c:\windows\system32\drivers\a347scsi.sys [4.10.2009 14:07 5248]
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [5.2.2012 9:59 36000]
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [5.2.2012 9:59 86224]
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [6.9.2010 17:59 27632]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 12:16 130384]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [30.9.2009 16:17 1684736]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [23.12.2009 18:13 38224]
S3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\drivers\s0016bus.sys [30.8.2010 9:09 89256]
S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\drivers\s0016mdfl.sys [30.8.2010 9:09 15016]
S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\drivers\s0016mdm.sys [30.8.2010 9:09 120744]
S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0016mgmt.sys [30.8.2010 9:09 114216]
S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\drivers\s0016nd5.sys [30.8.2010 9:09 25512]
S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\drivers\s0016obex.sys [30.8.2010 9:09 110632]
S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\drivers\s0016unic.sys [30.8.2010 9:09 115752]
S3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\drivers\s1018bus.sys [30.8.2010 9:09 86824]
S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\drivers\s1018mdfl.sys [30.8.2010 9:09 15016]
S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\drivers\s1018mdm.sys [30.8.2010 9:09 114728]
S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s1018mgmt.sys [30.8.2010 9:09 106208]
S3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\drivers\s1018nd5.sys [30.8.2010 9:09 26024]
S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\drivers\s1018obex.sys [30.8.2010 9:09 104744]
S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\drivers\s1018unic.sys [30.8.2010 9:09 109864]
S3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [28.12.2010 8:04 155344]
S3 WFIOCTL;WFIOCTL;c:\program files\WinFast\WFTVFM\WFIOCTL.sys [30.9.2009 16:25 9446]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.3.2010 12:16 753504]
.
--- Ostatní služby/ovladače v paměti ---
.
*Deregistered* - xcpip
*Deregistered* - xpsec
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.centrum.cz/#utm_source=icq&utm_medium=centrum
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files\ICQ7.5\ICQ.exe
TCP: Interfaces\{9783E68B-AEAD-4271-864F-D0C12BB83B40}: NameServer = 78.157.167.7,78.157.167.57
FF - ProfilePath - c:\documents and settings\Smudy\Data aplikací\Mozilla\Firefox\Profiles\f7cbzu2f.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.2.9&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.3.6&q=
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-03-10 20:01
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(2376)
c:\windows\system32\nview.dll
c:\windows\system32\NVWRSCS.DLL
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\msi.dll
c:\windows\system32\nvwddi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\HPZipm12.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\RUNDLL32.EXE
c:\windows\RTHDCPL.EXE
c:\windows\system32\rundll32.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Celkový čas: 2012-03-10 20:06:24 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-03-10 19:06
ComboFix2.txt 2012-03-10 17:26
.
Před spuštěním: Volných bajtů: 22 866 870 272
Po spuštění: Volných bajtů: 22 847 635 456
.
- - End Of File - - 0B70C4AE20753BB7043F2789679B59B7
Porty nevím k čemu by měli být otevřeny. Může to byt pro multiplayer jedné hry ? Pokud ne. Jak je zavřitRe: Prosím o kontrolu logu. Děkuji
ComboFix 12-03-10.02 - Smudy 10.03.2012 23:06:36.3.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.2015.1528 [GMT 1:00]
Spuštěný z: d:\dokumenty\viry\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Smudy\Plocha\CFScript.txt
AV: Avira Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_xcpip
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-02-10 do 2012-03-10 )))))))))))))))))))))))))))))))
.
.
2012-03-04 13:08 . 2012-03-04 13:09 -------- d-----w- c:\program files\Valve
2012-03-02 14:12 . 2012-03-02 14:12 -------- d-----w- c:\program files\Winamp Detect
2012-03-02 14:12 . 2012-03-03 15:04 -------- d-----w- c:\documents and settings\Smudy\Data aplikací\Winamp
2012-03-02 14:12 . 2012-03-02 14:13 -------- d-----w- c:\program files\Winamp
2012-03-02 14:12 . 2012-03-02 14:12 -------- d-----w- c:\documents and settings\Smudy\Data aplikací\OpenCandy
2012-02-27 21:08 . 2012-02-27 21:08 -------- d-----w- c:\documents and settings\Smudy\Data aplikací\Publish Providers
2012-02-27 21:08 . 2012-02-27 21:08 -------- d-----w- c:\documents and settings\Smudy\Local Settings\Data aplikací\Sony
2012-02-27 16:50 . 2002-12-17 15:23 33340 ------w- c:\windows\system32\dbmsqlgc.dll
2012-02-27 16:50 . 2002-10-20 13:05 24576 ------w- c:\windows\system32\dbmsgnet.dll
2012-02-27 16:49 . 2012-02-27 16:49 -------- d-----w- c:\program files\Microsoft SQL Server
2012-02-27 16:49 . 2012-02-27 21:08 -------- d-----w- c:\documents and settings\Smudy\Data aplikací\Sony
2012-02-27 16:48 . 2012-02-27 16:48 -------- d-----w- c:\program files\Vstplugins
2012-02-27 16:48 . 2012-02-27 16:49 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Sony
2012-02-27 16:47 . 2012-02-27 16:47 -------- d-----w- c:\program files\Sony
2012-02-27 16:43 . 2012-02-27 16:43 -------- d-----w- c:\program files\Sony Setup
2012-02-27 14:10 . 2012-02-27 14:11 -------- d-----w- c:\documents and settings\Smudy\Data aplikací\Realore_Whiterra Roads Of Rome
2012-02-26 18:20 . 2012-02-27 15:08 -------- d---a-w- c:\documents and settings\All Users\Data aplikací\TEMP
2012-02-26 18:19 . 2012-03-04 12:46 -------- d-----w- c:\program files\RoadsofRome_at
2012-02-18 15:37 . 2012-02-18 15:37 -------- d-----w- c:\program files\Recuva
2012-02-18 14:59 . 2003-09-03 01:28 724992 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iKernel.dll
2012-02-18 14:59 . 2003-09-03 01:27 69715 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\ctor.dll
2012-02-18 14:59 . 2003-09-03 01:26 266240 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iscript.dll
2012-02-18 14:59 . 2003-09-03 01:26 192512 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iuser.dll
2012-02-18 14:59 . 2003-09-03 01:25 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\DotNetInstaller.exe
2012-02-18 14:59 . 2012-02-18 14:59 311428 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\Setup.dll
2012-02-18 14:59 . 2012-02-18 14:59 184452 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iGdi.dll
2012-02-16 13:07 . 2012-01-11 19:07 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll
2012-02-16 13:07 . 2012-01-11 19:07 3072 ------w- c:\windows\system32\iacenc.dll
2012-02-10 15:34 . 2012-02-10 15:35 -------- d-----w- c:\documents and settings\Administrator
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-23 18:44 . 2011-06-12 10:21 414368 -c--a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-16 05:35 . 2012-02-05 08:59 137416 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-01-12 17:21 . 2009-08-29 12:34 1869056 ----a-w- c:\windows\system32\win32k.sys
2011-12-17 19:42 . 2008-06-13 07:32 916992 ----a-w- c:\windows\system32\wininet.dll
2011-12-17 19:42 . 2008-06-13 07:31 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-12-17 19:42 . 2008-06-13 07:31 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-12-16 12:23 . 2008-06-13 07:31 385024 ----a-w- c:\windows\system32\html.iec
2010-12-27 17:40 . 2010-12-27 17:39 19985265 ----a-w- c:\program files\vlc-1.1.5-win32.exe
2006-12-04 17:39 . 2011-12-21 12:43 915968 ----a-w- c:\program files\WinRAR.exe
2006-12-04 17:39 . 2011-12-21 12:43 313856 ----a-w- c:\program files\Rar.exe
2006-12-03 13:53 . 2011-12-21 12:43 98304 ----a-w- c:\program files\Uninstall.exe
2006-12-03 13:53 . 2011-12-21 12:43 126464 ----a-w- c:\program files\RarExt.dll
2006-12-03 13:53 . 2011-12-21 12:43 66560 -c--a-w- c:\program files\Zip.SFX
2006-12-03 13:53 . 2011-12-21 12:43 100864 -c--a-w- c:\program files\Default.SFX
2006-12-03 13:52 . 2011-12-21 12:43 200704 ----a-w- c:\program files\UnRAR.exe
2006-09-18 13:31 . 2011-12-21 12:43 79360 -c--a-w- c:\program files\WinCon.SFX
2006-09-14 16:29 . 2011-12-21 12:43 315392 ----a-w- c:\program files\rarlng.dll
2005-06-07 11:26 . 2011-12-21 12:43 43008 ----a-w- c:\program files\RarExt64.dll
2005-06-07 11:25 . 2011-12-21 12:43 44032 ----a-w- c:\program files\RarExtLoader.exe
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2012-02-18 08:15 . 2011-06-26 21:27 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2006-05-03 10:06 163328 -csh--r- c:\windows\system32\flvDX.dll
2007-02-21 11:47 31232 -csh--r- c:\windows\system32\msfDX.dll
2008-03-16 13:30 216064 -csh--r- c:\windows\system32\nbDX.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2008-04-13 22:10 . !HASH: COULD NOT OPEN FILE !!!!! . 96512 . . [------] . . c:\windows\system32\drivers\atapi.sys
[7] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\system32\ReinstallBackups\0001\DriverFiles\i386\atapi.sys
.
[-] 2008-06-13 . 1E603EA2A3FDBAE9E5B88A8CB3C03124 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((( SnapShot@2012-03-10_17.21.49 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-03-10 22:16 . 2012-03-10 22:16 16384 c:\windows\Temp\Perflib_Perfdata_350.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-08-16 7630848]
"nwiz"="nwiz.exe" [2006-08-16 1617920]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-08-16 86016]
"RTHDCPL"="RTHDCPL.EXE" [2009-03-27 17567744]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-09-23 258512]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2011-12-09 74752]
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 13:40 155648 -c--a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QIP2005]
2010-06-28 13:32 3332608 ----a-w- c:\program files\QIP\qip.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Companion]
2011-10-21 13:06 433872 ----a-w- c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\QIP\\qip.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Sony Ericsson\\Update Engine\\Sony Ericsson Update Engine.exe"=
"c:\\Program Files\\ICQ7.5\\ICQ.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Valve\\hl.exe"=
.
R0 a347bus;a347bus;c:\windows\system32\drivers\a347bus.sys [4.10.2009 14:07 160640]
R0 a347scsi;a347scsi;c:\windows\system32\drivers\a347scsi.sys [4.10.2009 14:07 5248]
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [5.2.2012 9:59 36000]
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [5.2.2012 9:59 86224]
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [6.9.2010 17:59 27632]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 12:16 130384]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [30.9.2009 16:17 1684736]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [23.12.2009 18:13 38224]
S3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\drivers\s0016bus.sys [30.8.2010 9:09 89256]
S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\drivers\s0016mdfl.sys [30.8.2010 9:09 15016]
S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\drivers\s0016mdm.sys [30.8.2010 9:09 120744]
S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0016mgmt.sys [30.8.2010 9:09 114216]
S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\drivers\s0016nd5.sys [30.8.2010 9:09 25512]
S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\drivers\s0016obex.sys [30.8.2010 9:09 110632]
S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\drivers\s0016unic.sys [30.8.2010 9:09 115752]
S3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\drivers\s1018bus.sys [30.8.2010 9:09 86824]
S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\drivers\s1018mdfl.sys [30.8.2010 9:09 15016]
S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\drivers\s1018mdm.sys [30.8.2010 9:09 114728]
S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s1018mgmt.sys [30.8.2010 9:09 106208]
S3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\drivers\s1018nd5.sys [30.8.2010 9:09 26024]
S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\drivers\s1018obex.sys [30.8.2010 9:09 104744]
S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\drivers\s1018unic.sys [30.8.2010 9:09 109864]
S3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [28.12.2010 8:04 155344]
S3 WFIOCTL;WFIOCTL;c:\program files\WinFast\WFTVFM\WFIOCTL.sys [30.9.2009 16:25 9446]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.3.2010 12:16 753504]
.
--- Ostatní služby/ovladače v paměti ---
.
*Deregistered* - xcpip
*Deregistered* - xpsec
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.centrum.cz/#utm_source=icq&utm_medium=centrum
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files\ICQ7.5\ICQ.exe
TCP: Interfaces\{9783E68B-AEAD-4271-864F-D0C12BB83B40}: NameServer = 78.157.167.7,78.157.167.57
FF - ProfilePath - c:\documents and settings\Smudy\Data aplikací\Mozilla\Firefox\Profiles\f7cbzu2f.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.2.9&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.3.6&q=
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-03-10 23:16
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(3896)
c:\windows\system32\nview.dll
c:\windows\system32\NVWRSCS.DLL
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\msi.dll
c:\windows\system32\nvwddi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\HPZipm12.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\RUNDLL32.EXE
c:\windows\RTHDCPL.EXE
c:\windows\system32\rundll32.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Celkový čas: 2012-03-10 23:21:41 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-03-10 22:21
ComboFix2.txt 2012-03-10 19:06
ComboFix3.txt 2012-03-10 17:26
.
Před spuštěním: Volných bajtů: 23 525 777 408
Po spuštění: Volných bajtů: 23 505 362 944
.
- - End Of File - - B3B5814708F43ABB625A0DE6A9AF8DCE
RSIT
Logfile of random's system information tool 1.06 (written by random/random)
Run by Smudy at 2012-03-10 23:23:41
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 22 GB (37%) free of 60 GB
Total RAM: 2015 MB (72% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:23:54, on 10.3.2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
D:\Dokumenty\viry\RSIT.exe
C:\Program Files\trend micro\Smudy.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.centrum.cz/#utm_source=icq&u ... um=centrum
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{9783E68B-AEAD-4271-864F-D0C12BB83B40}: NameServer = 78.157.167.7,78.157.167.57
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - (no file)
O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Realtime Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sony Ericsson PCCompanion - Avanquest Software - C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
--
End of file - 5301 bytes
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-01-03 63912]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-02-09 41760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2011-02-09 79648]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-08-16 7630848]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2006-08-16 86016]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2009-03-27 17567744]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2011-09-23 258512]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-01-03 843712]
"WinampAgent"=C:\Program Files\Winamp\winampa.exe [2011-12-09 74752]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2006-01-12 155648]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QIP2005]
C:\Program Files\QIP\qip.exe [2010-06-28 3332608]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Companion]
C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe [2011-10-21 433872]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^HP Digital Imaging Monitor.lnk]
C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe [2006-02-19 288472]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\wpdshserviceobj.dll [2008-06-13 133632]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\QIP\qip.exe"="C:\Program Files\QIP\qip.exe:*:Enabled:Quiet Internet Pager"
"C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"
"C:\Program Files\Sony Ericsson\Update Engine\Sony Ericsson Update Engine.exe"="C:\Program Files\Sony Ericsson\Update Engine\Sony Ericsson Update Engine.exe:*:Enabled:Update Engine"
"C:\Program Files\ICQ7.5\ICQ.exe"="C:\Program Files\ICQ7.5\ICQ.exe:*:Enabled:ICQ7.5"
"C:\Program Files\SopCast\adv\SopAdver.exe"="C:\Program Files\SopCast\adv\SopAdver.exe:*:Disabled:SopCast Adver"
"C:\Program Files\SopCast\SopCast.exe"="C:\Program Files\SopCast\SopCast.exe:*:Enabled:SopCast Main Application"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\Valve\hl.exe"="C:\Program Files\Valve\hl.exe:*:Enabled:Half-Life Launcher"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\ICQ7.5\ICQ.exe"="C:\Program Files\ICQ7.5\ICQ.exe:*:Enabled:ICQ7.5"
======List of files/folders created in the last 1 months======
2012-03-10 23:23:37 ----SHD---- C:\RECYCLER
2012-03-10 23:21:42 ----A---- C:\ComboFix.txt
2012-03-10 18:12:06 ----A---- C:\Boot.bak
2012-03-10 18:12:03 ----RASHD---- C:\cmdcons
2012-03-10 18:09:40 ----A---- C:\WINDOWS\zip.exe
2012-03-10 18:09:40 ----A---- C:\WINDOWS\SWXCACLS.exe
2012-03-10 18:09:40 ----A---- C:\WINDOWS\SWSC.exe
2012-03-10 18:09:40 ----A---- C:\WINDOWS\SWREG.exe
2012-03-10 18:09:40 ----A---- C:\WINDOWS\sed.exe
2012-03-10 18:09:40 ----A---- C:\WINDOWS\PEV.exe
2012-03-10 18:09:40 ----A---- C:\WINDOWS\NIRCMD.exe
2012-03-10 18:09:40 ----A---- C:\WINDOWS\MBR.exe
2012-03-10 18:09:40 ----A---- C:\WINDOWS\grep.exe
2012-03-10 18:09:33 ----D---- C:\WINDOWS\ERDNT
2012-03-10 18:09:27 ----D---- C:\Qoobox
2012-03-10 13:23:04 ----D---- C:\Avenger
2012-03-10 13:23:04 ----A---- C:\avenger.txt
2012-03-04 14:08:25 ----D---- C:\Program Files\Valve
2012-03-02 15:12:45 ----D---- C:\Program Files\Winamp Detect
2012-03-02 15:12:29 ----D---- C:\Program Files\Winamp
2012-03-02 15:12:29 ----D---- C:\Documents and Settings\Smudy\Data aplikací\Winamp
2012-03-02 15:12:29 ----D---- C:\Documents and Settings\Smudy\Data aplikací\OpenCandy
2012-02-27 22:08:19 ----D---- C:\Documents and Settings\Smudy\Data aplikací\Publish Providers
2012-02-27 17:50:02 ----N---- C:\WINDOWS\system32\dbmsqlgc.dll
2012-02-27 17:50:01 ----N---- C:\WINDOWS\system32\dbmsgnet.dll
2012-02-27 17:49:44 ----D---- C:\Program Files\Microsoft SQL Server
2012-02-27 17:49:30 ----D---- C:\Documents and Settings\Smudy\Data aplikací\Sony
2012-02-27 17:48:19 ----D---- C:\Program Files\Vstplugins
2012-02-27 17:48:15 ----D---- C:\Documents and Settings\All Users\Data aplikací\Sony
2012-02-27 17:47:54 ----D---- C:\Program Files\Sony
2012-02-27 17:43:46 ----D---- C:\Program Files\Sony Setup
2012-02-27 15:10:57 ----D---- C:\Documents and Settings\Smudy\Data aplikací\Realore_Whiterra Roads Of Rome
2012-02-26 19:20:44 ----AD---- C:\Documents and Settings\All Users\Data aplikací\TEMP
2012-02-26 19:19:51 ----D---- C:\Program Files\RoadsofRome_at
2012-02-18 17:37:29 ----HDC---- C:\WINDOWS\$NtUninstallKB2660465$
2012-02-18 17:23:09 ----HDC---- C:\WINDOWS\$NtUninstallKB2661637$
2012-02-18 16:37:03 ----D---- C:\Program Files\Recuva
2012-02-16 14:07:57 ----N---- C:\WINDOWS\system32\iacenc.dll
======List of files/folders modified in the last 1 months======
2012-03-10 23:23:52 ----D---- C:\WINDOWS\Prefetch
2012-03-10 23:23:42 ----D---- C:\WINDOWS\Temp
2012-03-10 23:23:42 ----D---- C:\Program Files\trend micro
2012-03-10 23:21:45 ----D---- C:\WINDOWS\system32\drivers
2012-03-10 23:17:06 ----D---- C:\WINDOWS\system32\CatRoot2
2012-03-10 23:16:55 ----D---- C:\WINDOWS
2012-03-10 23:16:54 ----A---- C:\WINDOWS\system.ini
2012-03-10 23:12:20 ----D---- C:\WINDOWS\system32\config
2012-03-10 23:09:48 ----D---- C:\WINDOWS\system32
2012-03-10 23:09:48 ----D---- C:\WINDOWS\AppPatch
2012-03-10 23:09:46 ----D---- C:\Program Files\Common Files
2012-03-10 23:05:35 ----A---- C:\WINDOWS\SchedLgU.Txt
2012-03-10 23:04:01 ----D---- C:\Documents and Settings\Smudy\Data aplikací\Skype
2012-03-10 18:12:06 ----RASH---- C:\boot.ini
2012-03-10 11:25:07 ----D---- C:\WINDOWS\Microsoft.NET
2012-03-09 22:46:05 ----SHD---- C:\WINDOWS\Installer
2012-03-09 22:46:04 ----D---- C:\Config.Msi
2012-03-09 22:45:58 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2012-03-09 22:45:52 ----RSD---- C:\WINDOWS\assembly
2012-03-09 22:45:49 ----D---- C:\WINDOWS\WinSxS
2012-03-09 13:03:29 ----A---- C:\WINDOWS\NeroDigital.ini
2012-03-05 20:26:55 ----D---- C:\Documents and Settings\Smudy\Data aplikací\vlc
2012-03-04 14:08:25 ----D---- C:\Program Files
2012-03-03 09:33:57 ----D---- C:\WINDOWS\Debug
2012-03-01 21:44:37 ----D---- C:\Documents and Settings\All Users\Data aplikací\Microsoft Help
2012-03-01 21:43:52 ----D---- C:\Program Files\Common Files\Microsoft Shared
2012-03-01 21:41:53 ----A---- C:\WINDOWS\win.ini
2012-03-01 16:53:33 ----D---- C:\Documents and Settings\All Users\Data aplikací\Adobe
2012-03-01 16:53:32 ----D---- C:\Program Files\Common Files\Adobe
2012-03-01 16:53:28 ----D---- C:\Program Files\Adobe
2012-02-27 17:50:01 ----HD---- C:\Program Files\Uninstall Information
2012-02-18 20:02:18 ----D---- C:\Program Files\Microsoft Silverlight
2012-02-18 17:37:38 ----A---- C:\WINDOWS\system32\MRT.exe
2012-02-18 17:37:31 ----RSHDC---- C:\WINDOWS\system32\dllcache
2012-02-18 17:37:31 ----HD---- C:\WINDOWS\inf
2012-02-18 17:34:51 ----D---- C:\Program Files\Internet Explorer
2012-02-18 17:34:44 ----D---- C:\WINDOWS\ie8updates
2012-02-18 17:34:37 ----HD---- C:\WINDOWS\$hf_mig$
2012-02-18 09:15:59 ----D---- C:\Program Files\Mozilla Firefox
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 AmdK8;AMD Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2005-03-09 36352]
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2012-02-16 137416]
R1 avkmgr;avkmgr; C:\WINDOWS\system32\DRIVERS\avkmgr.sys [2011-09-15 36000]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2010-06-17 28520]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-18 12032]
R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2011-09-15 74640]
R2 CX23880;WinFast CX2388x WDM Video Capture.; C:\WINDOWS\system32\drivers\cx88vid.sys [2005-06-28 163584]
R2 CXTUNE;WinFast CX2388x WDM TVTuner.; C:\WINDOWS\system32\drivers\CX88TUNE.sys [2005-06-28 30976]
R3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
R3 CXAVXBAR;WinFast CX2388x WDM Crossbar.; C:\WINDOWS\system32\drivers\cxavxbar.sys [2005-06-28 9728]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2009-03-30 5063168]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-08-16 3959712]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2006-07-11 57856]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2006-07-11 20480]
R3 seehcri;Sony Ericsson seehcri Device Driver; C:\WINDOWS\system32\DRIVERS\seehcri.sys [2008-01-09 27632]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Ovladač Miniport otevřeného hostitelského řadiče Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 usbstor;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbvideo;Zobrazovací zařízení USB (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-13 121984]
S3 Ambfilt;Ambfilt; C:\WINDOWS\system32\drivers\Ambfilt.sys [2008-08-05 1684736]
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2006-04-13 49664]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2006-04-13 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2006-04-13 21568]
S3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys []
S3 mbr;mbr; \??\C:\DOCUME~1\Smudy\LOCALS~1\Temp\mbr.sys []
S3 Monfilt;Monfilt; C:\WINDOWS\system32\drivers\Monfilt.sys [2006-01-04 1389056]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 s0016bus;Sony Ericsson Device 0016 driver (WDM); C:\WINDOWS\system32\DRIVERS\s0016bus.sys [2008-05-16 89256]
S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\s0016mdfl.sys [2008-05-16 15016]
S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\s0016mdm.sys [2008-05-16 120744]
S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\s0016mgmt.sys [2008-05-16 114216]
S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS); C:\WINDOWS\system32\DRIVERS\s0016nd5.sys [2008-05-16 25512]
S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\s0016obex.sys [2008-05-16 110632]
S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM); C:\WINDOWS\system32\DRIVERS\s0016unic.sys [2008-05-16 115752]
S3 s1018bus;Sony Ericsson Device 1018 driver (WDM); C:\WINDOWS\system32\DRIVERS\s1018bus.sys [2009-03-25 86824]
S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\s1018mdfl.sys [2009-03-25 15016]
S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\s1018mdm.sys [2009-03-25 114728]
S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\s1018mgmt.sys [2009-03-25 106208]
S3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS); C:\WINDOWS\system32\DRIVERS\s1018nd5.sys [2009-03-25 26024]
S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\s1018obex.sys [2009-03-25 104744]
S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM); C:\WINDOWS\system32\DRIVERS\s1018unic.sys [2009-03-25 109864]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 WFIOCTL;WFIOCTL; \??\C:\Program Files\WinFast\WFTVFM\WFIOCTL.SYS []
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2008-06-13 38528]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2008-06-13 82944]
S3 xpsec;Ovladač IPSEC; C:\WINDOWS\system32\drivers\xpsec.sys []
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AntiVirService;Avira Realtime Protection; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2011-09-23 110032]
R2 AntiVirSchedulerService;Avira Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2011-09-23 86224]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2011-02-02 153376]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-08-16 155715]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2006-03-03 69632]
R2 UleadBurningHelper;Ulead Burning Helper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [2004-12-13 49152]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 MSSQL$SONY_MEDIAMGR;MSSQL$SONY_MEDIAMGR; C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe [2002-12-17 7520337]
S3 MSSQLServerADHelper;MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [2002-12-17 66112]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2006-11-10 774144]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion; C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [2011-06-29 155344]
S3 SQLAgent$SONY_MEDIAMGR;SQLAgent$SONY_MEDIAMGR; C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE [2002-12-17 311872]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
-----------------EOF-----------------
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.2015.1528 [GMT 1:00]
Spuštěný z: d:\dokumenty\viry\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Smudy\Plocha\CFScript.txt
AV: Avira Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_xcpip
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-02-10 do 2012-03-10 )))))))))))))))))))))))))))))))
.
.
2012-03-04 13:08 . 2012-03-04 13:09 -------- d-----w- c:\program files\Valve
2012-03-02 14:12 . 2012-03-02 14:12 -------- d-----w- c:\program files\Winamp Detect
2012-03-02 14:12 . 2012-03-03 15:04 -------- d-----w- c:\documents and settings\Smudy\Data aplikací\Winamp
2012-03-02 14:12 . 2012-03-02 14:13 -------- d-----w- c:\program files\Winamp
2012-03-02 14:12 . 2012-03-02 14:12 -------- d-----w- c:\documents and settings\Smudy\Data aplikací\OpenCandy
2012-02-27 21:08 . 2012-02-27 21:08 -------- d-----w- c:\documents and settings\Smudy\Data aplikací\Publish Providers
2012-02-27 21:08 . 2012-02-27 21:08 -------- d-----w- c:\documents and settings\Smudy\Local Settings\Data aplikací\Sony
2012-02-27 16:50 . 2002-12-17 15:23 33340 ------w- c:\windows\system32\dbmsqlgc.dll
2012-02-27 16:50 . 2002-10-20 13:05 24576 ------w- c:\windows\system32\dbmsgnet.dll
2012-02-27 16:49 . 2012-02-27 16:49 -------- d-----w- c:\program files\Microsoft SQL Server
2012-02-27 16:49 . 2012-02-27 21:08 -------- d-----w- c:\documents and settings\Smudy\Data aplikací\Sony
2012-02-27 16:48 . 2012-02-27 16:48 -------- d-----w- c:\program files\Vstplugins
2012-02-27 16:48 . 2012-02-27 16:49 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Sony
2012-02-27 16:47 . 2012-02-27 16:47 -------- d-----w- c:\program files\Sony
2012-02-27 16:43 . 2012-02-27 16:43 -------- d-----w- c:\program files\Sony Setup
2012-02-27 14:10 . 2012-02-27 14:11 -------- d-----w- c:\documents and settings\Smudy\Data aplikací\Realore_Whiterra Roads Of Rome
2012-02-26 18:20 . 2012-02-27 15:08 -------- d---a-w- c:\documents and settings\All Users\Data aplikací\TEMP
2012-02-26 18:19 . 2012-03-04 12:46 -------- d-----w- c:\program files\RoadsofRome_at
2012-02-18 15:37 . 2012-02-18 15:37 -------- d-----w- c:\program files\Recuva
2012-02-18 14:59 . 2003-09-03 01:28 724992 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iKernel.dll
2012-02-18 14:59 . 2003-09-03 01:27 69715 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\ctor.dll
2012-02-18 14:59 . 2003-09-03 01:26 266240 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iscript.dll
2012-02-18 14:59 . 2003-09-03 01:26 192512 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iuser.dll
2012-02-18 14:59 . 2003-09-03 01:25 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\DotNetInstaller.exe
2012-02-18 14:59 . 2012-02-18 14:59 311428 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\Setup.dll
2012-02-18 14:59 . 2012-02-18 14:59 184452 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iGdi.dll
2012-02-16 13:07 . 2012-01-11 19:07 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll
2012-02-16 13:07 . 2012-01-11 19:07 3072 ------w- c:\windows\system32\iacenc.dll
2012-02-10 15:34 . 2012-02-10 15:35 -------- d-----w- c:\documents and settings\Administrator
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-23 18:44 . 2011-06-12 10:21 414368 -c--a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-16 05:35 . 2012-02-05 08:59 137416 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-01-12 17:21 . 2009-08-29 12:34 1869056 ----a-w- c:\windows\system32\win32k.sys
2011-12-17 19:42 . 2008-06-13 07:32 916992 ----a-w- c:\windows\system32\wininet.dll
2011-12-17 19:42 . 2008-06-13 07:31 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-12-17 19:42 . 2008-06-13 07:31 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-12-16 12:23 . 2008-06-13 07:31 385024 ----a-w- c:\windows\system32\html.iec
2010-12-27 17:40 . 2010-12-27 17:39 19985265 ----a-w- c:\program files\vlc-1.1.5-win32.exe
2006-12-04 17:39 . 2011-12-21 12:43 915968 ----a-w- c:\program files\WinRAR.exe
2006-12-04 17:39 . 2011-12-21 12:43 313856 ----a-w- c:\program files\Rar.exe
2006-12-03 13:53 . 2011-12-21 12:43 98304 ----a-w- c:\program files\Uninstall.exe
2006-12-03 13:53 . 2011-12-21 12:43 126464 ----a-w- c:\program files\RarExt.dll
2006-12-03 13:53 . 2011-12-21 12:43 66560 -c--a-w- c:\program files\Zip.SFX
2006-12-03 13:53 . 2011-12-21 12:43 100864 -c--a-w- c:\program files\Default.SFX
2006-12-03 13:52 . 2011-12-21 12:43 200704 ----a-w- c:\program files\UnRAR.exe
2006-09-18 13:31 . 2011-12-21 12:43 79360 -c--a-w- c:\program files\WinCon.SFX
2006-09-14 16:29 . 2011-12-21 12:43 315392 ----a-w- c:\program files\rarlng.dll
2005-06-07 11:26 . 2011-12-21 12:43 43008 ----a-w- c:\program files\RarExt64.dll
2005-06-07 11:25 . 2011-12-21 12:43 44032 ----a-w- c:\program files\RarExtLoader.exe
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2012-02-18 08:15 . 2011-06-26 21:27 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2006-05-03 10:06 163328 -csh--r- c:\windows\system32\flvDX.dll
2007-02-21 11:47 31232 -csh--r- c:\windows\system32\msfDX.dll
2008-03-16 13:30 216064 -csh--r- c:\windows\system32\nbDX.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2008-04-13 22:10 . !HASH: COULD NOT OPEN FILE !!!!! . 96512 . . [------] . . c:\windows\system32\drivers\atapi.sys
[7] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\system32\ReinstallBackups\0001\DriverFiles\i386\atapi.sys
.
[-] 2008-06-13 . 1E603EA2A3FDBAE9E5B88A8CB3C03124 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((( SnapShot@2012-03-10_17.21.49 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-03-10 22:16 . 2012-03-10 22:16 16384 c:\windows\Temp\Perflib_Perfdata_350.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-08-16 7630848]
"nwiz"="nwiz.exe" [2006-08-16 1617920]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-08-16 86016]
"RTHDCPL"="RTHDCPL.EXE" [2009-03-27 17567744]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-09-23 258512]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2011-12-09 74752]
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 13:40 155648 -c--a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QIP2005]
2010-06-28 13:32 3332608 ----a-w- c:\program files\QIP\qip.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Companion]
2011-10-21 13:06 433872 ----a-w- c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\QIP\\qip.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Sony Ericsson\\Update Engine\\Sony Ericsson Update Engine.exe"=
"c:\\Program Files\\ICQ7.5\\ICQ.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Valve\\hl.exe"=
.
R0 a347bus;a347bus;c:\windows\system32\drivers\a347bus.sys [4.10.2009 14:07 160640]
R0 a347scsi;a347scsi;c:\windows\system32\drivers\a347scsi.sys [4.10.2009 14:07 5248]
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [5.2.2012 9:59 36000]
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [5.2.2012 9:59 86224]
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [6.9.2010 17:59 27632]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 12:16 130384]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [30.9.2009 16:17 1684736]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [23.12.2009 18:13 38224]
S3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\drivers\s0016bus.sys [30.8.2010 9:09 89256]
S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\drivers\s0016mdfl.sys [30.8.2010 9:09 15016]
S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\drivers\s0016mdm.sys [30.8.2010 9:09 120744]
S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0016mgmt.sys [30.8.2010 9:09 114216]
S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\drivers\s0016nd5.sys [30.8.2010 9:09 25512]
S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\drivers\s0016obex.sys [30.8.2010 9:09 110632]
S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\drivers\s0016unic.sys [30.8.2010 9:09 115752]
S3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\drivers\s1018bus.sys [30.8.2010 9:09 86824]
S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\drivers\s1018mdfl.sys [30.8.2010 9:09 15016]
S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\drivers\s1018mdm.sys [30.8.2010 9:09 114728]
S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s1018mgmt.sys [30.8.2010 9:09 106208]
S3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\drivers\s1018nd5.sys [30.8.2010 9:09 26024]
S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\drivers\s1018obex.sys [30.8.2010 9:09 104744]
S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\drivers\s1018unic.sys [30.8.2010 9:09 109864]
S3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [28.12.2010 8:04 155344]
S3 WFIOCTL;WFIOCTL;c:\program files\WinFast\WFTVFM\WFIOCTL.sys [30.9.2009 16:25 9446]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.3.2010 12:16 753504]
.
--- Ostatní služby/ovladače v paměti ---
.
*Deregistered* - xcpip
*Deregistered* - xpsec
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.centrum.cz/#utm_source=icq&utm_medium=centrum
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files\ICQ7.5\ICQ.exe
TCP: Interfaces\{9783E68B-AEAD-4271-864F-D0C12BB83B40}: NameServer = 78.157.167.7,78.157.167.57
FF - ProfilePath - c:\documents and settings\Smudy\Data aplikací\Mozilla\Firefox\Profiles\f7cbzu2f.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.2.9&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.3.6&q=
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-03-10 23:16
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(3896)
c:\windows\system32\nview.dll
c:\windows\system32\NVWRSCS.DLL
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\msi.dll
c:\windows\system32\nvwddi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\HPZipm12.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\RUNDLL32.EXE
c:\windows\RTHDCPL.EXE
c:\windows\system32\rundll32.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Celkový čas: 2012-03-10 23:21:41 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-03-10 22:21
ComboFix2.txt 2012-03-10 19:06
ComboFix3.txt 2012-03-10 17:26
.
Před spuštěním: Volných bajtů: 23 525 777 408
Po spuštění: Volných bajtů: 23 505 362 944
.
- - End Of File - - B3B5814708F43ABB625A0DE6A9AF8DCE
RSIT
Logfile of random's system information tool 1.06 (written by random/random)
Run by Smudy at 2012-03-10 23:23:41
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 22 GB (37%) free of 60 GB
Total RAM: 2015 MB (72% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:23:54, on 10.3.2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
D:\Dokumenty\viry\RSIT.exe
C:\Program Files\trend micro\Smudy.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.centrum.cz/#utm_source=icq&u ... um=centrum
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{9783E68B-AEAD-4271-864F-D0C12BB83B40}: NameServer = 78.157.167.7,78.157.167.57
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - (no file)
O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Realtime Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sony Ericsson PCCompanion - Avanquest Software - C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
--
End of file - 5301 bytes
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-01-03 63912]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-02-09 41760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2011-02-09 79648]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-08-16 7630848]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2006-08-16 86016]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2009-03-27 17567744]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2011-09-23 258512]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-01-03 843712]
"WinampAgent"=C:\Program Files\Winamp\winampa.exe [2011-12-09 74752]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2006-01-12 155648]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QIP2005]
C:\Program Files\QIP\qip.exe [2010-06-28 3332608]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Companion]
C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe [2011-10-21 433872]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^HP Digital Imaging Monitor.lnk]
C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe [2006-02-19 288472]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\wpdshserviceobj.dll [2008-06-13 133632]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\QIP\qip.exe"="C:\Program Files\QIP\qip.exe:*:Enabled:Quiet Internet Pager"
"C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"
"C:\Program Files\Sony Ericsson\Update Engine\Sony Ericsson Update Engine.exe"="C:\Program Files\Sony Ericsson\Update Engine\Sony Ericsson Update Engine.exe:*:Enabled:Update Engine"
"C:\Program Files\ICQ7.5\ICQ.exe"="C:\Program Files\ICQ7.5\ICQ.exe:*:Enabled:ICQ7.5"
"C:\Program Files\SopCast\adv\SopAdver.exe"="C:\Program Files\SopCast\adv\SopAdver.exe:*:Disabled:SopCast Adver"
"C:\Program Files\SopCast\SopCast.exe"="C:\Program Files\SopCast\SopCast.exe:*:Enabled:SopCast Main Application"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\Valve\hl.exe"="C:\Program Files\Valve\hl.exe:*:Enabled:Half-Life Launcher"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\ICQ7.5\ICQ.exe"="C:\Program Files\ICQ7.5\ICQ.exe:*:Enabled:ICQ7.5"
======List of files/folders created in the last 1 months======
2012-03-10 23:23:37 ----SHD---- C:\RECYCLER
2012-03-10 23:21:42 ----A---- C:\ComboFix.txt
2012-03-10 18:12:06 ----A---- C:\Boot.bak
2012-03-10 18:12:03 ----RASHD---- C:\cmdcons
2012-03-10 18:09:40 ----A---- C:\WINDOWS\zip.exe
2012-03-10 18:09:40 ----A---- C:\WINDOWS\SWXCACLS.exe
2012-03-10 18:09:40 ----A---- C:\WINDOWS\SWSC.exe
2012-03-10 18:09:40 ----A---- C:\WINDOWS\SWREG.exe
2012-03-10 18:09:40 ----A---- C:\WINDOWS\sed.exe
2012-03-10 18:09:40 ----A---- C:\WINDOWS\PEV.exe
2012-03-10 18:09:40 ----A---- C:\WINDOWS\NIRCMD.exe
2012-03-10 18:09:40 ----A---- C:\WINDOWS\MBR.exe
2012-03-10 18:09:40 ----A---- C:\WINDOWS\grep.exe
2012-03-10 18:09:33 ----D---- C:\WINDOWS\ERDNT
2012-03-10 18:09:27 ----D---- C:\Qoobox
2012-03-10 13:23:04 ----D---- C:\Avenger
2012-03-10 13:23:04 ----A---- C:\avenger.txt
2012-03-04 14:08:25 ----D---- C:\Program Files\Valve
2012-03-02 15:12:45 ----D---- C:\Program Files\Winamp Detect
2012-03-02 15:12:29 ----D---- C:\Program Files\Winamp
2012-03-02 15:12:29 ----D---- C:\Documents and Settings\Smudy\Data aplikací\Winamp
2012-03-02 15:12:29 ----D---- C:\Documents and Settings\Smudy\Data aplikací\OpenCandy
2012-02-27 22:08:19 ----D---- C:\Documents and Settings\Smudy\Data aplikací\Publish Providers
2012-02-27 17:50:02 ----N---- C:\WINDOWS\system32\dbmsqlgc.dll
2012-02-27 17:50:01 ----N---- C:\WINDOWS\system32\dbmsgnet.dll
2012-02-27 17:49:44 ----D---- C:\Program Files\Microsoft SQL Server
2012-02-27 17:49:30 ----D---- C:\Documents and Settings\Smudy\Data aplikací\Sony
2012-02-27 17:48:19 ----D---- C:\Program Files\Vstplugins
2012-02-27 17:48:15 ----D---- C:\Documents and Settings\All Users\Data aplikací\Sony
2012-02-27 17:47:54 ----D---- C:\Program Files\Sony
2012-02-27 17:43:46 ----D---- C:\Program Files\Sony Setup
2012-02-27 15:10:57 ----D---- C:\Documents and Settings\Smudy\Data aplikací\Realore_Whiterra Roads Of Rome
2012-02-26 19:20:44 ----AD---- C:\Documents and Settings\All Users\Data aplikací\TEMP
2012-02-26 19:19:51 ----D---- C:\Program Files\RoadsofRome_at
2012-02-18 17:37:29 ----HDC---- C:\WINDOWS\$NtUninstallKB2660465$
2012-02-18 17:23:09 ----HDC---- C:\WINDOWS\$NtUninstallKB2661637$
2012-02-18 16:37:03 ----D---- C:\Program Files\Recuva
2012-02-16 14:07:57 ----N---- C:\WINDOWS\system32\iacenc.dll
======List of files/folders modified in the last 1 months======
2012-03-10 23:23:52 ----D---- C:\WINDOWS\Prefetch
2012-03-10 23:23:42 ----D---- C:\WINDOWS\Temp
2012-03-10 23:23:42 ----D---- C:\Program Files\trend micro
2012-03-10 23:21:45 ----D---- C:\WINDOWS\system32\drivers
2012-03-10 23:17:06 ----D---- C:\WINDOWS\system32\CatRoot2
2012-03-10 23:16:55 ----D---- C:\WINDOWS
2012-03-10 23:16:54 ----A---- C:\WINDOWS\system.ini
2012-03-10 23:12:20 ----D---- C:\WINDOWS\system32\config
2012-03-10 23:09:48 ----D---- C:\WINDOWS\system32
2012-03-10 23:09:48 ----D---- C:\WINDOWS\AppPatch
2012-03-10 23:09:46 ----D---- C:\Program Files\Common Files
2012-03-10 23:05:35 ----A---- C:\WINDOWS\SchedLgU.Txt
2012-03-10 23:04:01 ----D---- C:\Documents and Settings\Smudy\Data aplikací\Skype
2012-03-10 18:12:06 ----RASH---- C:\boot.ini
2012-03-10 11:25:07 ----D---- C:\WINDOWS\Microsoft.NET
2012-03-09 22:46:05 ----SHD---- C:\WINDOWS\Installer
2012-03-09 22:46:04 ----D---- C:\Config.Msi
2012-03-09 22:45:58 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2012-03-09 22:45:52 ----RSD---- C:\WINDOWS\assembly
2012-03-09 22:45:49 ----D---- C:\WINDOWS\WinSxS
2012-03-09 13:03:29 ----A---- C:\WINDOWS\NeroDigital.ini
2012-03-05 20:26:55 ----D---- C:\Documents and Settings\Smudy\Data aplikací\vlc
2012-03-04 14:08:25 ----D---- C:\Program Files
2012-03-03 09:33:57 ----D---- C:\WINDOWS\Debug
2012-03-01 21:44:37 ----D---- C:\Documents and Settings\All Users\Data aplikací\Microsoft Help
2012-03-01 21:43:52 ----D---- C:\Program Files\Common Files\Microsoft Shared
2012-03-01 21:41:53 ----A---- C:\WINDOWS\win.ini
2012-03-01 16:53:33 ----D---- C:\Documents and Settings\All Users\Data aplikací\Adobe
2012-03-01 16:53:32 ----D---- C:\Program Files\Common Files\Adobe
2012-03-01 16:53:28 ----D---- C:\Program Files\Adobe
2012-02-27 17:50:01 ----HD---- C:\Program Files\Uninstall Information
2012-02-18 20:02:18 ----D---- C:\Program Files\Microsoft Silverlight
2012-02-18 17:37:38 ----A---- C:\WINDOWS\system32\MRT.exe
2012-02-18 17:37:31 ----RSHDC---- C:\WINDOWS\system32\dllcache
2012-02-18 17:37:31 ----HD---- C:\WINDOWS\inf
2012-02-18 17:34:51 ----D---- C:\Program Files\Internet Explorer
2012-02-18 17:34:44 ----D---- C:\WINDOWS\ie8updates
2012-02-18 17:34:37 ----HD---- C:\WINDOWS\$hf_mig$
2012-02-18 09:15:59 ----D---- C:\Program Files\Mozilla Firefox
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 AmdK8;AMD Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2005-03-09 36352]
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2012-02-16 137416]
R1 avkmgr;avkmgr; C:\WINDOWS\system32\DRIVERS\avkmgr.sys [2011-09-15 36000]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2010-06-17 28520]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-18 12032]
R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2011-09-15 74640]
R2 CX23880;WinFast CX2388x WDM Video Capture.; C:\WINDOWS\system32\drivers\cx88vid.sys [2005-06-28 163584]
R2 CXTUNE;WinFast CX2388x WDM TVTuner.; C:\WINDOWS\system32\drivers\CX88TUNE.sys [2005-06-28 30976]
R3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
R3 CXAVXBAR;WinFast CX2388x WDM Crossbar.; C:\WINDOWS\system32\drivers\cxavxbar.sys [2005-06-28 9728]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2009-03-30 5063168]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-08-16 3959712]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2006-07-11 57856]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2006-07-11 20480]
R3 seehcri;Sony Ericsson seehcri Device Driver; C:\WINDOWS\system32\DRIVERS\seehcri.sys [2008-01-09 27632]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Ovladač Miniport otevřeného hostitelského řadiče Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 usbstor;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbvideo;Zobrazovací zařízení USB (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-13 121984]
S3 Ambfilt;Ambfilt; C:\WINDOWS\system32\drivers\Ambfilt.sys [2008-08-05 1684736]
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2006-04-13 49664]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2006-04-13 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2006-04-13 21568]
S3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys []
S3 mbr;mbr; \??\C:\DOCUME~1\Smudy\LOCALS~1\Temp\mbr.sys []
S3 Monfilt;Monfilt; C:\WINDOWS\system32\drivers\Monfilt.sys [2006-01-04 1389056]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 s0016bus;Sony Ericsson Device 0016 driver (WDM); C:\WINDOWS\system32\DRIVERS\s0016bus.sys [2008-05-16 89256]
S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\s0016mdfl.sys [2008-05-16 15016]
S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\s0016mdm.sys [2008-05-16 120744]
S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\s0016mgmt.sys [2008-05-16 114216]
S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS); C:\WINDOWS\system32\DRIVERS\s0016nd5.sys [2008-05-16 25512]
S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\s0016obex.sys [2008-05-16 110632]
S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM); C:\WINDOWS\system32\DRIVERS\s0016unic.sys [2008-05-16 115752]
S3 s1018bus;Sony Ericsson Device 1018 driver (WDM); C:\WINDOWS\system32\DRIVERS\s1018bus.sys [2009-03-25 86824]
S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\s1018mdfl.sys [2009-03-25 15016]
S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\s1018mdm.sys [2009-03-25 114728]
S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\s1018mgmt.sys [2009-03-25 106208]
S3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS); C:\WINDOWS\system32\DRIVERS\s1018nd5.sys [2009-03-25 26024]
S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\s1018obex.sys [2009-03-25 104744]
S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM); C:\WINDOWS\system32\DRIVERS\s1018unic.sys [2009-03-25 109864]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 WFIOCTL;WFIOCTL; \??\C:\Program Files\WinFast\WFTVFM\WFIOCTL.SYS []
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2008-06-13 38528]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2008-06-13 82944]
S3 xpsec;Ovladač IPSEC; C:\WINDOWS\system32\drivers\xpsec.sys []
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AntiVirService;Avira Realtime Protection; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2011-09-23 110032]
R2 AntiVirSchedulerService;Avira Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2011-09-23 86224]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2011-02-02 153376]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-08-16 155715]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2006-03-03 69632]
R2 UleadBurningHelper;Ulead Burning Helper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [2004-12-13 49152]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 MSSQL$SONY_MEDIAMGR;MSSQL$SONY_MEDIAMGR; C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe [2002-12-17 7520337]
S3 MSSQLServerADHelper;MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [2002-12-17 66112]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2006-11-10 774144]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion; C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [2011-06-29 155344]
S3 SQLAgent$SONY_MEDIAMGR;SQLAgent$SONY_MEDIAMGR; C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE [2002-12-17 311872]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
-----------------EOF-----------------
Re: Prosím o kontrolu logu. Děkuji
V PC mám alcohol 120% a vytvořene 2 mechaniky, ktere nepoužívam.
blackdoor bylo cure->změněno na skip
EDIT:zkoušel jsem znova spustit scan kaspersky a opět blackdoor bylo cure
log:
11:12:54.0937 2216 TDSS rootkit removing tool 2.7.20.0 Mar 9 2012 17:10:43
11:12:55.0109 2216 ============================================================
11:12:55.0109 2216 Current date / time: 2012/03/11 11:12:55.0109
11:12:55.0109 2216 SystemInfo:
11:12:55.0109 2216
11:12:55.0109 2216 OS Version: 5.1.2600 ServicePack: 3.0
11:12:55.0109 2216 Product type: Workstation
11:12:55.0109 2216 ComputerName: POKOJ
11:12:55.0109 2216 UserName: Smudy
11:12:55.0109 2216 Windows directory: C:\WINDOWS
11:12:55.0109 2216 System windows directory: C:\WINDOWS
11:12:55.0109 2216 Processor architecture: Intel x86
11:12:55.0109 2216 Number of processors: 1
11:12:55.0109 2216 Page size: 0x1000
11:12:55.0109 2216 Boot type: Normal boot
11:12:55.0109 2216 ============================================================
11:12:55.0812 2216 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
11:12:55.0828 2216 \Device\Harddisk0\DR0:
11:12:55.0828 2216 MBR used
11:12:55.0828 2216 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x7530462
11:12:55.0843 2216 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x75304E0, BlocksNum 0xB4E4720
11:12:55.0921 2216 Initialize success
11:12:55.0921 2216 ============================================================
11:13:16.0531 1352 ============================================================
11:13:16.0531 1352 Scan started
11:13:16.0531 1352 Mode: Manual; SigCheck; TDLFS;
11:13:16.0531 1352 ============================================================
11:13:16.0781 1352 a347bus (1f61cacacb521215f39061789147968c) C:\WINDOWS\system32\DRIVERS\a347bus.sys
11:13:16.0968 1352 a347bus ( UnsignedFile.Multi.Generic ) - warning
11:13:16.0968 1352 a347bus - detected UnsignedFile.Multi.Generic (1)
11:13:17.0000 1352 a347scsi (113e4b318bbaa7483ca4e582a4d63f49) C:\WINDOWS\system32\Drivers\a347scsi.sys
11:13:17.0000 1352 a347scsi ( UnsignedFile.Multi.Generic ) - warning
11:13:17.0000 1352 a347scsi - detected UnsignedFile.Multi.Generic (1)
11:13:17.0015 1352 Abiosdsk - ok
11:13:17.0031 1352 abp480n5 - ok
11:13:17.0062 1352 ACPI (4fe34f1f3126b61fcc6b2043aa8112c9) C:\WINDOWS\system32\DRIVERS\ACPI.sys
11:13:17.0281 1352 ACPI - ok
11:13:17.0328 1352 ACPIEC (afdff022a01f0b11c776f0860c3b282f) C:\WINDOWS\system32\drivers\ACPIEC.sys
11:13:17.0484 1352 ACPIEC - ok
11:13:17.0500 1352 adpu160m - ok
11:13:17.0562 1352 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
11:13:17.0750 1352 aec - ok
11:13:17.0796 1352 AFD (f6b7b1ecd7b41736bdb6ff4b092bcb79) C:\WINDOWS\System32\drivers\afd.sys
11:13:18.0578 1352 AFD - ok
11:13:18.0609 1352 Aha154x - ok
11:13:18.0625 1352 aic78u2 - ok
11:13:18.0640 1352 aic78xx - ok
11:13:18.0656 1352 AliIde - ok
11:13:18.0734 1352 Ambfilt (f6af59d6eee5e1c304f7f73706ad11d8) C:\WINDOWS\system32\drivers\Ambfilt.sys
11:13:18.0843 1352 Ambfilt - ok
11:13:18.0984 1352 AmdK8 (59301936898ae62245a6f09c0aba9475) C:\WINDOWS\system32\DRIVERS\AmdK8.sys
11:13:19.0000 1352 AmdK8 - ok
11:13:19.0015 1352 amsint - ok
11:13:19.0046 1352 asc - ok
11:13:19.0062 1352 asc3350p - ok
11:13:19.0062 1352 asc3550 - ok
11:13:19.0093 1352 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
11:13:19.0296 1352 AsyncMac - ok
11:13:19.0359 1352 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
11:13:19.0359 1352 Suspicious file (NoAccess): C:\WINDOWS\system32\DRIVERS\atapi.sys. md5: 9f3a2f5aa6875c72bf062c712cfa2674
11:13:19.0359 1352 atapi ( LockedFile.Multi.Generic ) - warning
11:13:19.0359 1352 atapi - detected LockedFile.Multi.Generic (1)
11:13:19.0390 1352 Atdisk - ok
11:13:19.0406 1352 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
11:13:19.0593 1352 Atmarpc - ok
11:13:19.0656 1352 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
11:13:19.0843 1352 audstub - ok
11:13:19.0890 1352 avgntflt (7713e4eb0276702faa08e52a6e23f2a6) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
11:13:19.0953 1352 avgntflt - ok
11:13:20.0000 1352 avipbb (13b02b9b969dde270cd7c351203dad3c) C:\WINDOWS\system32\DRIVERS\avipbb.sys
11:13:20.0015 1352 avipbb - ok
11:13:20.0062 1352 avkmgr (271cfd1a989209b1964e24d969552bf7) C:\WINDOWS\system32\DRIVERS\avkmgr.sys
11:13:20.0078 1352 avkmgr - ok
11:13:20.0093 1352 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
11:13:20.0296 1352 Beep - ok
11:13:20.0312 1352 catchme - ok
11:13:20.0343 1352 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
11:13:20.0546 1352 cbidf2k - ok
11:13:20.0593 1352 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
11:13:20.0828 1352 CCDECODE - ok
11:13:20.0921 1352 cd20xrnt - ok
11:13:20.0937 1352 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
11:13:21.0109 1352 Cdaudio - ok
11:13:21.0156 1352 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
11:13:21.0359 1352 Cdfs - ok
11:13:21.0375 1352 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
11:13:21.0562 1352 Cdrom - ok
11:13:21.0578 1352 Changer - ok
11:13:21.0609 1352 CmdIde - ok
11:13:21.0640 1352 Cpqarray - ok
11:13:21.0671 1352 CX23880 (fce8506d1c61f05319e85c70638abd21) C:\WINDOWS\system32\drivers\cx88vid.sys
11:13:21.0703 1352 CX23880 - ok
11:13:21.0765 1352 CXAVXBAR (e80185c7ac234c9b045513de2cbeff4c) C:\WINDOWS\system32\drivers\cxavxbar.sys
11:13:21.0781 1352 CXAVXBAR - ok
11:13:21.0828 1352 CXTUNE (b5e3d476efaf08a2cd2cf77835018123) C:\WINDOWS\system32\drivers\CX88TUNE.sys
11:13:21.0859 1352 CXTUNE - ok
11:13:21.0875 1352 dac2w2k - ok
11:13:21.0890 1352 dac960nt - ok
11:13:21.0921 1352 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
11:13:22.0109 1352 Disk - ok
11:13:22.0156 1352 dmboot (db5fd2bf5b07dc54bfcb3664ff05bd7c) C:\WINDOWS\system32\drivers\dmboot.sys
11:13:22.0359 1352 dmboot - ok
11:13:22.0390 1352 dmio (fff1720af51171f32f1ead5cf71f2810) C:\WINDOWS\system32\drivers\dmio.sys
11:13:22.0593 1352 dmio - ok
11:13:22.0609 1352 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
11:13:22.0828 1352 dmload - ok
11:13:22.0859 1352 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
11:13:23.0031 1352 DMusic - ok
11:13:23.0046 1352 dpti2o - ok
11:13:23.0078 1352 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
11:13:23.0234 1352 drmkaud - ok
11:13:23.0312 1352 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
11:13:23.0515 1352 Fastfat - ok
11:13:23.0531 1352 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
11:13:23.0718 1352 Fdc - ok
11:13:23.0812 1352 Fips (ac366695a0796560aa37215ad5762aaf) C:\WINDOWS\system32\drivers\Fips.sys
11:13:24.0015 1352 Fips - ok
11:13:24.0046 1352 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
11:13:24.0234 1352 Flpydisk - ok
11:13:24.0281 1352 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
11:13:24.0453 1352 FltMgr - ok
11:13:24.0484 1352 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
11:13:24.0687 1352 Fs_Rec - ok
11:13:24.0718 1352 Ftdisk (4e664d8541db4a66b73a24257e322e1f) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
11:13:24.0953 1352 Ftdisk - ok
11:13:25.0000 1352 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
11:13:25.0218 1352 Gpc - ok
11:13:25.0250 1352 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
11:13:25.0406 1352 HDAudBus - ok
11:13:25.0453 1352 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
11:13:25.0671 1352 HidUsb - ok
11:13:25.0687 1352 hpn - ok
11:13:25.0734 1352 HPZid412 (30ca91e657cede2f95359d6ef186f650) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
11:13:25.0765 1352 HPZid412 - ok
11:13:25.0796 1352 HPZipr12 (efd31afa752aa7c7bbb57bcbe2b01c78) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
11:13:25.0812 1352 HPZipr12 - ok
11:13:25.0843 1352 HPZius12 (7ac43c38ca8fd7ed0b0a4466f753e06e) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
11:13:25.0875 1352 HPZius12 - ok
11:13:25.0921 1352 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
11:13:26.0000 1352 HTTP - ok
11:13:26.0093 1352 i2omgmt - ok
11:13:26.0109 1352 i2omp - ok
11:13:26.0140 1352 i8042prt (c528e27945367191e7bae364930b6932) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
11:13:26.0312 1352 i8042prt - ok
11:13:26.0359 1352 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
11:13:26.0546 1352 Imapi - ok
11:13:26.0562 1352 ini910u - ok
11:13:26.0750 1352 IntcAzAudAddService (1ae3cff80017ef89da959350724c7194) C:\WINDOWS\system32\drivers\RtkHDAud.sys
11:13:27.0046 1352 IntcAzAudAddService - ok
11:13:27.0078 1352 IntelIde - ok
11:13:27.0125 1352 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
11:13:27.0359 1352 Ip6Fw - ok
11:13:27.0390 1352 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
11:13:27.0609 1352 IpFilterDriver - ok
11:13:27.0625 1352 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
11:13:27.0859 1352 IpInIp - ok
11:13:27.0890 1352 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
11:13:28.0125 1352 IpNat - ok
11:13:28.0140 1352 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
11:13:28.0343 1352 IPSec - ok
11:13:28.0390 1352 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
11:13:28.0453 1352 IRENUM - ok
11:13:28.0484 1352 isapnp (cc9f8a2d60aed1a51a3ac34c59b987ae) C:\WINDOWS\system32\DRIVERS\isapnp.sys
11:13:28.0671 1352 isapnp - ok
11:13:28.0687 1352 Kbdclass (1b6162fe7f66b1a71a4b70f941c4aa9b) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
11:13:28.0859 1352 Kbdclass - ok
11:13:28.0906 1352 kbdhid (86c8f23616c6c6e5b2776901c17b945b) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
11:13:29.0109 1352 kbdhid - ok
11:13:29.0187 1352 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
11:13:29.0375 1352 kmixer - ok
11:13:29.0453 1352 KSecDD (c6ebf1d6ad71df30db49b8d3287e1368) C:\WINDOWS\system32\drivers\KSecDD.sys
11:13:29.0468 1352 KSecDD - ok
11:13:29.0562 1352 lbrtfdc - ok
11:13:29.0609 1352 MBAMSwissArmy (d68e165c3123aba3b1282eddb4213bd8) C:\WINDOWS\system32\drivers\mbamswissarmy.sys
11:13:29.0625 1352 MBAMSwissArmy - ok
11:13:29.0671 1352 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
11:13:29.0843 1352 mnmdd - ok
11:13:29.0890 1352 Modem (44032b0c6d9954d3fd26438330b99ee7) C:\WINDOWS\system32\drivers\Modem.sys
11:13:30.0062 1352 Modem - ok
11:13:30.0140 1352 Monfilt (9fa7207d1b1adead88ae8eed9cdbbaa5) C:\WINDOWS\system32\drivers\Monfilt.sys
11:13:30.0265 1352 Monfilt - ok
11:13:30.0296 1352 Mouclass (4cb582831dbde63ce43b45d771218374) C:\WINDOWS\system32\DRIVERS\mouclass.sys
11:13:30.0484 1352 Mouclass - ok
11:13:30.0500 1352 mouhid (bb269eba740737ab749b214d568b6812) C:\WINDOWS\system32\DRIVERS\mouhid.sys
11:13:30.0703 1352 mouhid - ok
11:13:30.0718 1352 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
11:13:30.0921 1352 MountMgr - ok
11:13:30.0937 1352 mraid35x - ok
11:13:30.0968 1352 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
11:13:31.0171 1352 MRxDAV - ok
11:13:31.0250 1352 MRxSmb (fb2fccc70f7174c7bf64f48e96d3adf4) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
11:13:31.0296 1352 MRxSmb - ok
11:13:31.0359 1352 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
11:13:31.0546 1352 Msfs - ok
11:13:31.0578 1352 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
11:13:31.0765 1352 MSKSSRV - ok
11:13:31.0875 1352 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
11:13:32.0078 1352 MSPCLOCK - ok
11:13:32.0125 1352 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
11:13:32.0328 1352 MSPQM - ok
11:13:32.0375 1352 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
11:13:32.0562 1352 mssmbios - ok
11:13:32.0593 1352 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
11:13:32.0828 1352 MSTEE - ok
11:13:32.0890 1352 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
11:13:32.0921 1352 Mup - ok
11:13:32.0968 1352 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
11:13:33.0156 1352 NABTSFEC - ok
11:13:33.0187 1352 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
11:13:33.0406 1352 NDIS - ok
11:13:33.0437 1352 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
11:13:33.0625 1352 NdisIP - ok
11:13:33.0671 1352 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
11:13:33.0687 1352 NdisTapi - ok
11:13:33.0703 1352 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
11:13:33.0921 1352 Ndisuio - ok
11:13:33.0953 1352 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
11:13:34.0125 1352 NdisWan - ok
11:13:34.0156 1352 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
11:13:34.0187 1352 NDProxy - ok
11:13:34.0203 1352 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
11:13:34.0375 1352 NetBIOS - ok
11:13:34.0406 1352 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
11:13:34.0640 1352 NetBT - ok
11:13:34.0781 1352 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
11:13:34.0984 1352 Npfs - ok
11:13:35.0046 1352 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
11:13:35.0343 1352 Ntfs - ok
11:13:35.0390 1352 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
11:13:35.0640 1352 Null - ok
11:13:35.0812 1352 nv (15a6306a0b958bf60f09688d0ee70479) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
11:13:35.0984 1352 nv - ok
11:13:36.0078 1352 nvata (947c4a0e7b25bcecc3b40f0f1070378b) C:\WINDOWS\system32\DRIVERS\nvata.sys
11:13:36.0109 1352 nvata - ok
11:13:36.0140 1352 NVENETFD (4d6f0d3fb17c1ba64942f415c73adcdb) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
11:13:36.0171 1352 NVENETFD - ok
11:13:36.0218 1352 nvnetbus (921e63aa1e1a20302223d016acafb52b) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
11:13:36.0234 1352 nvnetbus - ok
11:13:36.0265 1352 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
11:13:36.0453 1352 NwlnkFlt - ok
11:13:36.0484 1352 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
11:13:36.0734 1352 NwlnkFwd - ok
11:13:36.0796 1352 Parport (46f8db73b4a53e543f8e371dc7c75bae) C:\WINDOWS\system32\DRIVERS\parport.sys
11:13:37.0015 1352 Parport - ok
11:13:37.0031 1352 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
11:13:37.0250 1352 PartMgr - ok
11:13:37.0265 1352 ParVdm (1fae19d0457176318bba4a8795656ebc) C:\WINDOWS\system32\drivers\ParVdm.sys
11:13:37.0453 1352 ParVdm - ok
11:13:37.0484 1352 PCI (6ce351d149cb4befc702951e471e1730) C:\WINDOWS\system32\DRIVERS\pci.sys
11:13:37.0703 1352 PCI - ok
11:13:37.0812 1352 PCIDump - ok
11:13:37.0875 1352 PCIIde (2da4ec85e0ea7a45c6b2a05820492d5a) C:\WINDOWS\system32\DRIVERS\pciide.sys
11:13:38.0031 1352 PCIIde - ok
11:13:38.0062 1352 Pcmcia (4fc31e6c19a5ce5198b1abff94cae758) C:\WINDOWS\system32\drivers\Pcmcia.sys
11:13:38.0250 1352 Pcmcia - ok
11:13:38.0265 1352 PDCOMP - ok
11:13:38.0281 1352 PDFRAME - ok
11:13:38.0296 1352 PDRELI - ok
11:13:38.0312 1352 PDRFRAME - ok
11:13:38.0328 1352 perc2 - ok
11:13:38.0343 1352 perc2hib - ok
11:13:38.0375 1352 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
11:13:38.0562 1352 PptpMiniport - ok
11:13:38.0578 1352 Processor (7eb15dce4ec3a0220bd796a15c18186e) C:\WINDOWS\system32\DRIVERS\processr.sys
11:13:38.0734 1352 Processor - ok
11:13:38.0765 1352 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
11:13:38.0984 1352 PSched - ok
11:13:39.0031 1352 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
11:13:39.0203 1352 Ptilink - ok
11:13:39.0234 1352 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
11:13:39.0250 1352 PxHelp20 - ok
11:13:39.0265 1352 ql1080 - ok
11:13:39.0281 1352 Ql10wnt - ok
11:13:39.0296 1352 ql12160 - ok
11:13:39.0296 1352 ql1240 - ok
11:13:39.0312 1352 ql1280 - ok
11:13:39.0328 1352 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
11:13:39.0500 1352 RasAcd - ok
11:13:39.0515 1352 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
11:13:39.0703 1352 Rasl2tp - ok
11:13:39.0718 1352 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
11:13:39.0937 1352 RasPppoe - ok
11:13:39.0968 1352 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
11:13:40.0171 1352 Raspti - ok
11:13:40.0203 1352 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
11:13:40.0390 1352 Rdbss - ok
11:13:40.0421 1352 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
11:13:40.0625 1352 RDPCDD - ok
11:13:40.0656 1352 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
11:13:40.0687 1352 RDPWD - ok
11:13:40.0734 1352 redbook (611bfd220305be3a85ae876ea47d4aa5) C:\WINDOWS\system32\DRIVERS\redbook.sys
11:13:41.0015 1352 redbook - ok
11:13:41.0078 1352 s0016bus (59509ad6cbc28f2c73056268985b3e48) C:\WINDOWS\system32\DRIVERS\s0016bus.sys
11:13:41.0093 1352 s0016bus - ok
11:13:41.0218 1352 s0016mdfl (b98c3a6f91f4fba285af9606a240c6b4) C:\WINDOWS\system32\DRIVERS\s0016mdfl.sys
11:13:41.0218 1352 s0016mdfl - ok
11:13:41.0265 1352 s0016mdm (8a83426f4fb7b5212825d9de76368b1a) C:\WINDOWS\system32\DRIVERS\s0016mdm.sys
11:13:41.0281 1352 s0016mdm - ok
11:13:41.0312 1352 s0016mgmt (7a78bba97feb5e6d24c49e93a3bf7287) C:\WINDOWS\system32\DRIVERS\s0016mgmt.sys
11:13:41.0328 1352 s0016mgmt - ok
11:13:41.0359 1352 s0016nd5 (34ef7b5f611957b73e7219dd5a222ad1) C:\WINDOWS\system32\DRIVERS\s0016nd5.sys
11:13:41.0375 1352 s0016nd5 - ok
11:13:41.0421 1352 s0016obex (36792935847143e4a3cda0dc87248487) C:\WINDOWS\system32\DRIVERS\s0016obex.sys
11:13:41.0437 1352 s0016obex - ok
11:13:41.0500 1352 s0016unic (927208754fb27fc3e7a659e77500c5d1) C:\WINDOWS\system32\DRIVERS\s0016unic.sys
11:13:41.0515 1352 s0016unic - ok
11:13:41.0546 1352 s1018bus (1c5c2cb892553d2cf3f45a4bb323fcd6) C:\WINDOWS\system32\DRIVERS\s1018bus.sys
11:13:41.0562 1352 s1018bus - ok
11:13:41.0609 1352 s1018mdfl (38f5ea219593f19b6b3a1b9c169e3b61) C:\WINDOWS\system32\DRIVERS\s1018mdfl.sys
11:13:41.0609 1352 s1018mdfl - ok
11:13:41.0640 1352 s1018mdm (666af6b64fc7df92d3ca4819ea91631d) C:\WINDOWS\system32\DRIVERS\s1018mdm.sys
11:13:41.0656 1352 s1018mdm - ok
11:13:41.0687 1352 s1018mgmt (f4ceda6e2ddff2af8bd745615a7ca9c0) C:\WINDOWS\system32\DRIVERS\s1018mgmt.sys
11:13:41.0718 1352 s1018mgmt - ok
11:13:41.0734 1352 s1018nd5 (3622d9ff2253dcbe885b10736609a4ca) C:\WINDOWS\system32\DRIVERS\s1018nd5.sys
11:13:41.0750 1352 s1018nd5 - ok
11:13:41.0781 1352 s1018obex (49431efda842b474531c29ffae9f5d09) C:\WINDOWS\system32\DRIVERS\s1018obex.sys
11:13:41.0796 1352 s1018obex - ok
11:13:41.0843 1352 s1018unic (ac6b514cb4474f4c867d7cdc9cd54f05) C:\WINDOWS\system32\DRIVERS\s1018unic.sys
11:13:41.0859 1352 s1018unic - ok
11:13:41.0906 1352 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
11:13:41.0984 1352 Secdrv - ok
11:13:42.0109 1352 seehcri (e5b56569a9f79b70314fede6c953641e) C:\WINDOWS\system32\DRIVERS\seehcri.sys
11:13:42.0125 1352 seehcri - ok
11:13:42.0156 1352 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
11:13:42.0343 1352 serenum - ok
11:13:42.0375 1352 Serial (b842729337c9b921615c40d3c1a1af96) C:\WINDOWS\system32\DRIVERS\serial.sys
11:13:42.0593 1352 Serial - ok
11:13:42.0656 1352 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
11:13:42.0828 1352 Sfloppy - ok
11:13:42.0859 1352 Simbad - ok
11:13:42.0921 1352 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
11:13:43.0140 1352 SLIP - ok
11:13:43.0171 1352 Sparrow - ok
11:13:43.0218 1352 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
11:13:43.0375 1352 splitter - ok
11:13:43.0406 1352 sr (94610c8653635e4459316a0050d55ce7) C:\WINDOWS\system32\DRIVERS\sr.sys
11:13:43.0484 1352 sr - ok
11:13:43.0546 1352 Srv (9b390283569ea58d43d2586032b892f5) C:\WINDOWS\system32\DRIVERS\srv.sys
11:13:43.0578 1352 Srv - ok
11:13:43.0640 1352 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
11:13:43.0656 1352 ssmdrv - ok
11:13:43.0687 1352 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
11:13:43.0859 1352 streamip - ok
11:13:43.0906 1352 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
11:13:44.0078 1352 swenum - ok
11:13:44.0125 1352 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
11:13:44.0328 1352 swmidi - ok
11:13:44.0343 1352 symc810 - ok
11:13:44.0343 1352 symc8xx - ok
11:13:44.0359 1352 sym_hi - ok
11:13:44.0375 1352 sym_u3 - ok
11:13:44.0421 1352 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
11:13:44.0625 1352 sysaudio - ok
11:13:44.0671 1352 Tcpip (ad978a1b783b5719720cff204b666c8e) C:\WINDOWS\system32\DRIVERS\tcpip.sys
11:13:44.0687 1352 Tcpip - ok
11:13:44.0828 1352 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
11:13:45.0046 1352 TDPIPE - ok
11:13:45.0062 1352 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
11:13:45.0281 1352 TDTCP - ok
11:13:45.0328 1352 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
11:13:45.0515 1352 TermDD - ok
11:13:45.0562 1352 TosIde - ok
11:13:45.0578 1352 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
11:13:45.0796 1352 Udfs - ok
11:13:45.0812 1352 ultra - ok
11:13:45.0859 1352 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
11:13:46.0046 1352 Update - ok
11:13:46.0078 1352 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
11:13:46.0250 1352 usbccgp - ok
11:13:46.0281 1352 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
11:13:46.0484 1352 usbehci - ok
11:13:46.0531 1352 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
11:13:46.0687 1352 usbhub - ok
11:13:46.0718 1352 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
11:13:46.0890 1352 usbohci - ok
11:13:46.0906 1352 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
11:13:47.0156 1352 usbprint - ok
11:13:47.0187 1352 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
11:13:47.0343 1352 usbscan - ok
11:13:47.0375 1352 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
11:13:47.0578 1352 usbstor - ok
11:13:47.0625 1352 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
11:13:47.0781 1352 usbvideo - ok
11:13:47.0843 1352 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
11:13:48.0031 1352 VgaSave - ok
11:13:48.0046 1352 ViaIde - ok
11:13:48.0093 1352 VolSnap (28a4b296b47782173c346e376cb374d1) C:\WINDOWS\system32\drivers\VolSnap.sys
11:13:48.0296 1352 VolSnap - ok
11:13:48.0328 1352 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
11:13:48.0531 1352 Wanarp - ok
11:13:48.0546 1352 WDICA - ok
11:13:48.0593 1352 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
11:13:48.0750 1352 wdmaud - ok
11:13:48.0796 1352 WFIOCTL - ok
11:13:48.0937 1352 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
11:13:48.0953 1352 WpdUsb - ok
11:13:49.0000 1352 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
11:13:49.0171 1352 WS2IFSL - ok
11:13:49.0234 1352 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
11:13:49.0421 1352 WSTCODEC - ok
11:13:49.0437 1352 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
11:13:49.0453 1352 WudfPf - ok
11:13:49.0468 1352 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
11:13:49.0484 1352 WudfRd - ok
11:13:49.0515 1352 xcpip - ok
11:13:49.0531 1352 xpsec - ok
11:13:49.0578 1352 MBR (0x1B8) (0e1d60863e74698b6255deeb65261da6) \Device\Harddisk0\DR0
11:13:49.0578 1352 \Device\Harddisk0\DR0 ( Backdoor.Win32.Sinowal.knf ) - infected
11:13:49.0578 1352 \Device\Harddisk0\DR0 - detected Backdoor.Win32.Sinowal.knf (0)
11:13:49.0687 1352 Boot (0x1200) (526e6b919521ae741cad142b2e462b96) \Device\Harddisk0\DR0\Partition0
11:13:49.0703 1352 \Device\Harddisk0\DR0\Partition0 - ok
11:13:49.0734 1352 Boot (0x1200) (3a2258e8ab37de7d74a0774b8fe2d899) \Device\Harddisk0\DR0\Partition1
11:13:49.0734 1352 \Device\Harddisk0\DR0\Partition1 - ok
11:13:49.0734 1352 ============================================================
11:13:49.0734 1352 Scan finished
11:13:49.0734 1352 ============================================================
11:13:49.0859 1228 Detected object count: 4
11:13:49.0859 1228 Actual detected object count: 4
11:14:33.0796 1228 a347bus ( UnsignedFile.Multi.Generic ) - skipped by user
11:14:33.0796 1228 a347bus ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:14:33.0796 1228 a347scsi ( UnsignedFile.Multi.Generic ) - skipped by user
11:14:33.0796 1228 a347scsi ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:14:33.0796 1228 atapi ( LockedFile.Multi.Generic ) - skipped by user
11:14:33.0796 1228 atapi ( LockedFile.Multi.Generic ) - User select action: Skip
11:14:33.0796 1228 \Device\Harddisk0\DR0 ( Backdoor.Win32.Sinowal.knf ) - skipped by user
11:14:33.0796 1228 \Device\Harddisk0\DR0 ( Backdoor.Win32.Sinowal.knf ) - User select action: Skip
blackdoor bylo cure->změněno na skip
EDIT:zkoušel jsem znova spustit scan kaspersky a opět blackdoor bylo cure
log:
11:12:54.0937 2216 TDSS rootkit removing tool 2.7.20.0 Mar 9 2012 17:10:43
11:12:55.0109 2216 ============================================================
11:12:55.0109 2216 Current date / time: 2012/03/11 11:12:55.0109
11:12:55.0109 2216 SystemInfo:
11:12:55.0109 2216
11:12:55.0109 2216 OS Version: 5.1.2600 ServicePack: 3.0
11:12:55.0109 2216 Product type: Workstation
11:12:55.0109 2216 ComputerName: POKOJ
11:12:55.0109 2216 UserName: Smudy
11:12:55.0109 2216 Windows directory: C:\WINDOWS
11:12:55.0109 2216 System windows directory: C:\WINDOWS
11:12:55.0109 2216 Processor architecture: Intel x86
11:12:55.0109 2216 Number of processors: 1
11:12:55.0109 2216 Page size: 0x1000
11:12:55.0109 2216 Boot type: Normal boot
11:12:55.0109 2216 ============================================================
11:12:55.0812 2216 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
11:12:55.0828 2216 \Device\Harddisk0\DR0:
11:12:55.0828 2216 MBR used
11:12:55.0828 2216 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x7530462
11:12:55.0843 2216 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x75304E0, BlocksNum 0xB4E4720
11:12:55.0921 2216 Initialize success
11:12:55.0921 2216 ============================================================
11:13:16.0531 1352 ============================================================
11:13:16.0531 1352 Scan started
11:13:16.0531 1352 Mode: Manual; SigCheck; TDLFS;
11:13:16.0531 1352 ============================================================
11:13:16.0781 1352 a347bus (1f61cacacb521215f39061789147968c) C:\WINDOWS\system32\DRIVERS\a347bus.sys
11:13:16.0968 1352 a347bus ( UnsignedFile.Multi.Generic ) - warning
11:13:16.0968 1352 a347bus - detected UnsignedFile.Multi.Generic (1)
11:13:17.0000 1352 a347scsi (113e4b318bbaa7483ca4e582a4d63f49) C:\WINDOWS\system32\Drivers\a347scsi.sys
11:13:17.0000 1352 a347scsi ( UnsignedFile.Multi.Generic ) - warning
11:13:17.0000 1352 a347scsi - detected UnsignedFile.Multi.Generic (1)
11:13:17.0015 1352 Abiosdsk - ok
11:13:17.0031 1352 abp480n5 - ok
11:13:17.0062 1352 ACPI (4fe34f1f3126b61fcc6b2043aa8112c9) C:\WINDOWS\system32\DRIVERS\ACPI.sys
11:13:17.0281 1352 ACPI - ok
11:13:17.0328 1352 ACPIEC (afdff022a01f0b11c776f0860c3b282f) C:\WINDOWS\system32\drivers\ACPIEC.sys
11:13:17.0484 1352 ACPIEC - ok
11:13:17.0500 1352 adpu160m - ok
11:13:17.0562 1352 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
11:13:17.0750 1352 aec - ok
11:13:17.0796 1352 AFD (f6b7b1ecd7b41736bdb6ff4b092bcb79) C:\WINDOWS\System32\drivers\afd.sys
11:13:18.0578 1352 AFD - ok
11:13:18.0609 1352 Aha154x - ok
11:13:18.0625 1352 aic78u2 - ok
11:13:18.0640 1352 aic78xx - ok
11:13:18.0656 1352 AliIde - ok
11:13:18.0734 1352 Ambfilt (f6af59d6eee5e1c304f7f73706ad11d8) C:\WINDOWS\system32\drivers\Ambfilt.sys
11:13:18.0843 1352 Ambfilt - ok
11:13:18.0984 1352 AmdK8 (59301936898ae62245a6f09c0aba9475) C:\WINDOWS\system32\DRIVERS\AmdK8.sys
11:13:19.0000 1352 AmdK8 - ok
11:13:19.0015 1352 amsint - ok
11:13:19.0046 1352 asc - ok
11:13:19.0062 1352 asc3350p - ok
11:13:19.0062 1352 asc3550 - ok
11:13:19.0093 1352 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
11:13:19.0296 1352 AsyncMac - ok
11:13:19.0359 1352 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
11:13:19.0359 1352 Suspicious file (NoAccess): C:\WINDOWS\system32\DRIVERS\atapi.sys. md5: 9f3a2f5aa6875c72bf062c712cfa2674
11:13:19.0359 1352 atapi ( LockedFile.Multi.Generic ) - warning
11:13:19.0359 1352 atapi - detected LockedFile.Multi.Generic (1)
11:13:19.0390 1352 Atdisk - ok
11:13:19.0406 1352 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
11:13:19.0593 1352 Atmarpc - ok
11:13:19.0656 1352 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
11:13:19.0843 1352 audstub - ok
11:13:19.0890 1352 avgntflt (7713e4eb0276702faa08e52a6e23f2a6) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
11:13:19.0953 1352 avgntflt - ok
11:13:20.0000 1352 avipbb (13b02b9b969dde270cd7c351203dad3c) C:\WINDOWS\system32\DRIVERS\avipbb.sys
11:13:20.0015 1352 avipbb - ok
11:13:20.0062 1352 avkmgr (271cfd1a989209b1964e24d969552bf7) C:\WINDOWS\system32\DRIVERS\avkmgr.sys
11:13:20.0078 1352 avkmgr - ok
11:13:20.0093 1352 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
11:13:20.0296 1352 Beep - ok
11:13:20.0312 1352 catchme - ok
11:13:20.0343 1352 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
11:13:20.0546 1352 cbidf2k - ok
11:13:20.0593 1352 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
11:13:20.0828 1352 CCDECODE - ok
11:13:20.0921 1352 cd20xrnt - ok
11:13:20.0937 1352 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
11:13:21.0109 1352 Cdaudio - ok
11:13:21.0156 1352 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
11:13:21.0359 1352 Cdfs - ok
11:13:21.0375 1352 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
11:13:21.0562 1352 Cdrom - ok
11:13:21.0578 1352 Changer - ok
11:13:21.0609 1352 CmdIde - ok
11:13:21.0640 1352 Cpqarray - ok
11:13:21.0671 1352 CX23880 (fce8506d1c61f05319e85c70638abd21) C:\WINDOWS\system32\drivers\cx88vid.sys
11:13:21.0703 1352 CX23880 - ok
11:13:21.0765 1352 CXAVXBAR (e80185c7ac234c9b045513de2cbeff4c) C:\WINDOWS\system32\drivers\cxavxbar.sys
11:13:21.0781 1352 CXAVXBAR - ok
11:13:21.0828 1352 CXTUNE (b5e3d476efaf08a2cd2cf77835018123) C:\WINDOWS\system32\drivers\CX88TUNE.sys
11:13:21.0859 1352 CXTUNE - ok
11:13:21.0875 1352 dac2w2k - ok
11:13:21.0890 1352 dac960nt - ok
11:13:21.0921 1352 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
11:13:22.0109 1352 Disk - ok
11:13:22.0156 1352 dmboot (db5fd2bf5b07dc54bfcb3664ff05bd7c) C:\WINDOWS\system32\drivers\dmboot.sys
11:13:22.0359 1352 dmboot - ok
11:13:22.0390 1352 dmio (fff1720af51171f32f1ead5cf71f2810) C:\WINDOWS\system32\drivers\dmio.sys
11:13:22.0593 1352 dmio - ok
11:13:22.0609 1352 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
11:13:22.0828 1352 dmload - ok
11:13:22.0859 1352 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
11:13:23.0031 1352 DMusic - ok
11:13:23.0046 1352 dpti2o - ok
11:13:23.0078 1352 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
11:13:23.0234 1352 drmkaud - ok
11:13:23.0312 1352 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
11:13:23.0515 1352 Fastfat - ok
11:13:23.0531 1352 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
11:13:23.0718 1352 Fdc - ok
11:13:23.0812 1352 Fips (ac366695a0796560aa37215ad5762aaf) C:\WINDOWS\system32\drivers\Fips.sys
11:13:24.0015 1352 Fips - ok
11:13:24.0046 1352 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
11:13:24.0234 1352 Flpydisk - ok
11:13:24.0281 1352 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
11:13:24.0453 1352 FltMgr - ok
11:13:24.0484 1352 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
11:13:24.0687 1352 Fs_Rec - ok
11:13:24.0718 1352 Ftdisk (4e664d8541db4a66b73a24257e322e1f) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
11:13:24.0953 1352 Ftdisk - ok
11:13:25.0000 1352 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
11:13:25.0218 1352 Gpc - ok
11:13:25.0250 1352 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
11:13:25.0406 1352 HDAudBus - ok
11:13:25.0453 1352 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
11:13:25.0671 1352 HidUsb - ok
11:13:25.0687 1352 hpn - ok
11:13:25.0734 1352 HPZid412 (30ca91e657cede2f95359d6ef186f650) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
11:13:25.0765 1352 HPZid412 - ok
11:13:25.0796 1352 HPZipr12 (efd31afa752aa7c7bbb57bcbe2b01c78) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
11:13:25.0812 1352 HPZipr12 - ok
11:13:25.0843 1352 HPZius12 (7ac43c38ca8fd7ed0b0a4466f753e06e) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
11:13:25.0875 1352 HPZius12 - ok
11:13:25.0921 1352 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
11:13:26.0000 1352 HTTP - ok
11:13:26.0093 1352 i2omgmt - ok
11:13:26.0109 1352 i2omp - ok
11:13:26.0140 1352 i8042prt (c528e27945367191e7bae364930b6932) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
11:13:26.0312 1352 i8042prt - ok
11:13:26.0359 1352 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
11:13:26.0546 1352 Imapi - ok
11:13:26.0562 1352 ini910u - ok
11:13:26.0750 1352 IntcAzAudAddService (1ae3cff80017ef89da959350724c7194) C:\WINDOWS\system32\drivers\RtkHDAud.sys
11:13:27.0046 1352 IntcAzAudAddService - ok
11:13:27.0078 1352 IntelIde - ok
11:13:27.0125 1352 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
11:13:27.0359 1352 Ip6Fw - ok
11:13:27.0390 1352 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
11:13:27.0609 1352 IpFilterDriver - ok
11:13:27.0625 1352 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
11:13:27.0859 1352 IpInIp - ok
11:13:27.0890 1352 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
11:13:28.0125 1352 IpNat - ok
11:13:28.0140 1352 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
11:13:28.0343 1352 IPSec - ok
11:13:28.0390 1352 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
11:13:28.0453 1352 IRENUM - ok
11:13:28.0484 1352 isapnp (cc9f8a2d60aed1a51a3ac34c59b987ae) C:\WINDOWS\system32\DRIVERS\isapnp.sys
11:13:28.0671 1352 isapnp - ok
11:13:28.0687 1352 Kbdclass (1b6162fe7f66b1a71a4b70f941c4aa9b) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
11:13:28.0859 1352 Kbdclass - ok
11:13:28.0906 1352 kbdhid (86c8f23616c6c6e5b2776901c17b945b) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
11:13:29.0109 1352 kbdhid - ok
11:13:29.0187 1352 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
11:13:29.0375 1352 kmixer - ok
11:13:29.0453 1352 KSecDD (c6ebf1d6ad71df30db49b8d3287e1368) C:\WINDOWS\system32\drivers\KSecDD.sys
11:13:29.0468 1352 KSecDD - ok
11:13:29.0562 1352 lbrtfdc - ok
11:13:29.0609 1352 MBAMSwissArmy (d68e165c3123aba3b1282eddb4213bd8) C:\WINDOWS\system32\drivers\mbamswissarmy.sys
11:13:29.0625 1352 MBAMSwissArmy - ok
11:13:29.0671 1352 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
11:13:29.0843 1352 mnmdd - ok
11:13:29.0890 1352 Modem (44032b0c6d9954d3fd26438330b99ee7) C:\WINDOWS\system32\drivers\Modem.sys
11:13:30.0062 1352 Modem - ok
11:13:30.0140 1352 Monfilt (9fa7207d1b1adead88ae8eed9cdbbaa5) C:\WINDOWS\system32\drivers\Monfilt.sys
11:13:30.0265 1352 Monfilt - ok
11:13:30.0296 1352 Mouclass (4cb582831dbde63ce43b45d771218374) C:\WINDOWS\system32\DRIVERS\mouclass.sys
11:13:30.0484 1352 Mouclass - ok
11:13:30.0500 1352 mouhid (bb269eba740737ab749b214d568b6812) C:\WINDOWS\system32\DRIVERS\mouhid.sys
11:13:30.0703 1352 mouhid - ok
11:13:30.0718 1352 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
11:13:30.0921 1352 MountMgr - ok
11:13:30.0937 1352 mraid35x - ok
11:13:30.0968 1352 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
11:13:31.0171 1352 MRxDAV - ok
11:13:31.0250 1352 MRxSmb (fb2fccc70f7174c7bf64f48e96d3adf4) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
11:13:31.0296 1352 MRxSmb - ok
11:13:31.0359 1352 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
11:13:31.0546 1352 Msfs - ok
11:13:31.0578 1352 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
11:13:31.0765 1352 MSKSSRV - ok
11:13:31.0875 1352 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
11:13:32.0078 1352 MSPCLOCK - ok
11:13:32.0125 1352 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
11:13:32.0328 1352 MSPQM - ok
11:13:32.0375 1352 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
11:13:32.0562 1352 mssmbios - ok
11:13:32.0593 1352 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
11:13:32.0828 1352 MSTEE - ok
11:13:32.0890 1352 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
11:13:32.0921 1352 Mup - ok
11:13:32.0968 1352 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
11:13:33.0156 1352 NABTSFEC - ok
11:13:33.0187 1352 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
11:13:33.0406 1352 NDIS - ok
11:13:33.0437 1352 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
11:13:33.0625 1352 NdisIP - ok
11:13:33.0671 1352 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
11:13:33.0687 1352 NdisTapi - ok
11:13:33.0703 1352 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
11:13:33.0921 1352 Ndisuio - ok
11:13:33.0953 1352 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
11:13:34.0125 1352 NdisWan - ok
11:13:34.0156 1352 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
11:13:34.0187 1352 NDProxy - ok
11:13:34.0203 1352 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
11:13:34.0375 1352 NetBIOS - ok
11:13:34.0406 1352 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
11:13:34.0640 1352 NetBT - ok
11:13:34.0781 1352 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
11:13:34.0984 1352 Npfs - ok
11:13:35.0046 1352 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
11:13:35.0343 1352 Ntfs - ok
11:13:35.0390 1352 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
11:13:35.0640 1352 Null - ok
11:13:35.0812 1352 nv (15a6306a0b958bf60f09688d0ee70479) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
11:13:35.0984 1352 nv - ok
11:13:36.0078 1352 nvata (947c4a0e7b25bcecc3b40f0f1070378b) C:\WINDOWS\system32\DRIVERS\nvata.sys
11:13:36.0109 1352 nvata - ok
11:13:36.0140 1352 NVENETFD (4d6f0d3fb17c1ba64942f415c73adcdb) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
11:13:36.0171 1352 NVENETFD - ok
11:13:36.0218 1352 nvnetbus (921e63aa1e1a20302223d016acafb52b) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
11:13:36.0234 1352 nvnetbus - ok
11:13:36.0265 1352 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
11:13:36.0453 1352 NwlnkFlt - ok
11:13:36.0484 1352 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
11:13:36.0734 1352 NwlnkFwd - ok
11:13:36.0796 1352 Parport (46f8db73b4a53e543f8e371dc7c75bae) C:\WINDOWS\system32\DRIVERS\parport.sys
11:13:37.0015 1352 Parport - ok
11:13:37.0031 1352 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
11:13:37.0250 1352 PartMgr - ok
11:13:37.0265 1352 ParVdm (1fae19d0457176318bba4a8795656ebc) C:\WINDOWS\system32\drivers\ParVdm.sys
11:13:37.0453 1352 ParVdm - ok
11:13:37.0484 1352 PCI (6ce351d149cb4befc702951e471e1730) C:\WINDOWS\system32\DRIVERS\pci.sys
11:13:37.0703 1352 PCI - ok
11:13:37.0812 1352 PCIDump - ok
11:13:37.0875 1352 PCIIde (2da4ec85e0ea7a45c6b2a05820492d5a) C:\WINDOWS\system32\DRIVERS\pciide.sys
11:13:38.0031 1352 PCIIde - ok
11:13:38.0062 1352 Pcmcia (4fc31e6c19a5ce5198b1abff94cae758) C:\WINDOWS\system32\drivers\Pcmcia.sys
11:13:38.0250 1352 Pcmcia - ok
11:13:38.0265 1352 PDCOMP - ok
11:13:38.0281 1352 PDFRAME - ok
11:13:38.0296 1352 PDRELI - ok
11:13:38.0312 1352 PDRFRAME - ok
11:13:38.0328 1352 perc2 - ok
11:13:38.0343 1352 perc2hib - ok
11:13:38.0375 1352 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
11:13:38.0562 1352 PptpMiniport - ok
11:13:38.0578 1352 Processor (7eb15dce4ec3a0220bd796a15c18186e) C:\WINDOWS\system32\DRIVERS\processr.sys
11:13:38.0734 1352 Processor - ok
11:13:38.0765 1352 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
11:13:38.0984 1352 PSched - ok
11:13:39.0031 1352 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
11:13:39.0203 1352 Ptilink - ok
11:13:39.0234 1352 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
11:13:39.0250 1352 PxHelp20 - ok
11:13:39.0265 1352 ql1080 - ok
11:13:39.0281 1352 Ql10wnt - ok
11:13:39.0296 1352 ql12160 - ok
11:13:39.0296 1352 ql1240 - ok
11:13:39.0312 1352 ql1280 - ok
11:13:39.0328 1352 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
11:13:39.0500 1352 RasAcd - ok
11:13:39.0515 1352 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
11:13:39.0703 1352 Rasl2tp - ok
11:13:39.0718 1352 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
11:13:39.0937 1352 RasPppoe - ok
11:13:39.0968 1352 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
11:13:40.0171 1352 Raspti - ok
11:13:40.0203 1352 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
11:13:40.0390 1352 Rdbss - ok
11:13:40.0421 1352 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
11:13:40.0625 1352 RDPCDD - ok
11:13:40.0656 1352 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
11:13:40.0687 1352 RDPWD - ok
11:13:40.0734 1352 redbook (611bfd220305be3a85ae876ea47d4aa5) C:\WINDOWS\system32\DRIVERS\redbook.sys
11:13:41.0015 1352 redbook - ok
11:13:41.0078 1352 s0016bus (59509ad6cbc28f2c73056268985b3e48) C:\WINDOWS\system32\DRIVERS\s0016bus.sys
11:13:41.0093 1352 s0016bus - ok
11:13:41.0218 1352 s0016mdfl (b98c3a6f91f4fba285af9606a240c6b4) C:\WINDOWS\system32\DRIVERS\s0016mdfl.sys
11:13:41.0218 1352 s0016mdfl - ok
11:13:41.0265 1352 s0016mdm (8a83426f4fb7b5212825d9de76368b1a) C:\WINDOWS\system32\DRIVERS\s0016mdm.sys
11:13:41.0281 1352 s0016mdm - ok
11:13:41.0312 1352 s0016mgmt (7a78bba97feb5e6d24c49e93a3bf7287) C:\WINDOWS\system32\DRIVERS\s0016mgmt.sys
11:13:41.0328 1352 s0016mgmt - ok
11:13:41.0359 1352 s0016nd5 (34ef7b5f611957b73e7219dd5a222ad1) C:\WINDOWS\system32\DRIVERS\s0016nd5.sys
11:13:41.0375 1352 s0016nd5 - ok
11:13:41.0421 1352 s0016obex (36792935847143e4a3cda0dc87248487) C:\WINDOWS\system32\DRIVERS\s0016obex.sys
11:13:41.0437 1352 s0016obex - ok
11:13:41.0500 1352 s0016unic (927208754fb27fc3e7a659e77500c5d1) C:\WINDOWS\system32\DRIVERS\s0016unic.sys
11:13:41.0515 1352 s0016unic - ok
11:13:41.0546 1352 s1018bus (1c5c2cb892553d2cf3f45a4bb323fcd6) C:\WINDOWS\system32\DRIVERS\s1018bus.sys
11:13:41.0562 1352 s1018bus - ok
11:13:41.0609 1352 s1018mdfl (38f5ea219593f19b6b3a1b9c169e3b61) C:\WINDOWS\system32\DRIVERS\s1018mdfl.sys
11:13:41.0609 1352 s1018mdfl - ok
11:13:41.0640 1352 s1018mdm (666af6b64fc7df92d3ca4819ea91631d) C:\WINDOWS\system32\DRIVERS\s1018mdm.sys
11:13:41.0656 1352 s1018mdm - ok
11:13:41.0687 1352 s1018mgmt (f4ceda6e2ddff2af8bd745615a7ca9c0) C:\WINDOWS\system32\DRIVERS\s1018mgmt.sys
11:13:41.0718 1352 s1018mgmt - ok
11:13:41.0734 1352 s1018nd5 (3622d9ff2253dcbe885b10736609a4ca) C:\WINDOWS\system32\DRIVERS\s1018nd5.sys
11:13:41.0750 1352 s1018nd5 - ok
11:13:41.0781 1352 s1018obex (49431efda842b474531c29ffae9f5d09) C:\WINDOWS\system32\DRIVERS\s1018obex.sys
11:13:41.0796 1352 s1018obex - ok
11:13:41.0843 1352 s1018unic (ac6b514cb4474f4c867d7cdc9cd54f05) C:\WINDOWS\system32\DRIVERS\s1018unic.sys
11:13:41.0859 1352 s1018unic - ok
11:13:41.0906 1352 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
11:13:41.0984 1352 Secdrv - ok
11:13:42.0109 1352 seehcri (e5b56569a9f79b70314fede6c953641e) C:\WINDOWS\system32\DRIVERS\seehcri.sys
11:13:42.0125 1352 seehcri - ok
11:13:42.0156 1352 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
11:13:42.0343 1352 serenum - ok
11:13:42.0375 1352 Serial (b842729337c9b921615c40d3c1a1af96) C:\WINDOWS\system32\DRIVERS\serial.sys
11:13:42.0593 1352 Serial - ok
11:13:42.0656 1352 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
11:13:42.0828 1352 Sfloppy - ok
11:13:42.0859 1352 Simbad - ok
11:13:42.0921 1352 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
11:13:43.0140 1352 SLIP - ok
11:13:43.0171 1352 Sparrow - ok
11:13:43.0218 1352 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
11:13:43.0375 1352 splitter - ok
11:13:43.0406 1352 sr (94610c8653635e4459316a0050d55ce7) C:\WINDOWS\system32\DRIVERS\sr.sys
11:13:43.0484 1352 sr - ok
11:13:43.0546 1352 Srv (9b390283569ea58d43d2586032b892f5) C:\WINDOWS\system32\DRIVERS\srv.sys
11:13:43.0578 1352 Srv - ok
11:13:43.0640 1352 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
11:13:43.0656 1352 ssmdrv - ok
11:13:43.0687 1352 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
11:13:43.0859 1352 streamip - ok
11:13:43.0906 1352 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
11:13:44.0078 1352 swenum - ok
11:13:44.0125 1352 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
11:13:44.0328 1352 swmidi - ok
11:13:44.0343 1352 symc810 - ok
11:13:44.0343 1352 symc8xx - ok
11:13:44.0359 1352 sym_hi - ok
11:13:44.0375 1352 sym_u3 - ok
11:13:44.0421 1352 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
11:13:44.0625 1352 sysaudio - ok
11:13:44.0671 1352 Tcpip (ad978a1b783b5719720cff204b666c8e) C:\WINDOWS\system32\DRIVERS\tcpip.sys
11:13:44.0687 1352 Tcpip - ok
11:13:44.0828 1352 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
11:13:45.0046 1352 TDPIPE - ok
11:13:45.0062 1352 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
11:13:45.0281 1352 TDTCP - ok
11:13:45.0328 1352 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
11:13:45.0515 1352 TermDD - ok
11:13:45.0562 1352 TosIde - ok
11:13:45.0578 1352 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
11:13:45.0796 1352 Udfs - ok
11:13:45.0812 1352 ultra - ok
11:13:45.0859 1352 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
11:13:46.0046 1352 Update - ok
11:13:46.0078 1352 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
11:13:46.0250 1352 usbccgp - ok
11:13:46.0281 1352 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
11:13:46.0484 1352 usbehci - ok
11:13:46.0531 1352 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
11:13:46.0687 1352 usbhub - ok
11:13:46.0718 1352 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
11:13:46.0890 1352 usbohci - ok
11:13:46.0906 1352 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
11:13:47.0156 1352 usbprint - ok
11:13:47.0187 1352 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
11:13:47.0343 1352 usbscan - ok
11:13:47.0375 1352 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
11:13:47.0578 1352 usbstor - ok
11:13:47.0625 1352 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
11:13:47.0781 1352 usbvideo - ok
11:13:47.0843 1352 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
11:13:48.0031 1352 VgaSave - ok
11:13:48.0046 1352 ViaIde - ok
11:13:48.0093 1352 VolSnap (28a4b296b47782173c346e376cb374d1) C:\WINDOWS\system32\drivers\VolSnap.sys
11:13:48.0296 1352 VolSnap - ok
11:13:48.0328 1352 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
11:13:48.0531 1352 Wanarp - ok
11:13:48.0546 1352 WDICA - ok
11:13:48.0593 1352 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
11:13:48.0750 1352 wdmaud - ok
11:13:48.0796 1352 WFIOCTL - ok
11:13:48.0937 1352 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
11:13:48.0953 1352 WpdUsb - ok
11:13:49.0000 1352 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
11:13:49.0171 1352 WS2IFSL - ok
11:13:49.0234 1352 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
11:13:49.0421 1352 WSTCODEC - ok
11:13:49.0437 1352 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
11:13:49.0453 1352 WudfPf - ok
11:13:49.0468 1352 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
11:13:49.0484 1352 WudfRd - ok
11:13:49.0515 1352 xcpip - ok
11:13:49.0531 1352 xpsec - ok
11:13:49.0578 1352 MBR (0x1B8) (0e1d60863e74698b6255deeb65261da6) \Device\Harddisk0\DR0
11:13:49.0578 1352 \Device\Harddisk0\DR0 ( Backdoor.Win32.Sinowal.knf ) - infected
11:13:49.0578 1352 \Device\Harddisk0\DR0 - detected Backdoor.Win32.Sinowal.knf (0)
11:13:49.0687 1352 Boot (0x1200) (526e6b919521ae741cad142b2e462b96) \Device\Harddisk0\DR0\Partition0
11:13:49.0703 1352 \Device\Harddisk0\DR0\Partition0 - ok
11:13:49.0734 1352 Boot (0x1200) (3a2258e8ab37de7d74a0774b8fe2d899) \Device\Harddisk0\DR0\Partition1
11:13:49.0734 1352 \Device\Harddisk0\DR0\Partition1 - ok
11:13:49.0734 1352 ============================================================
11:13:49.0734 1352 Scan finished
11:13:49.0734 1352 ============================================================
11:13:49.0859 1228 Detected object count: 4
11:13:49.0859 1228 Actual detected object count: 4
11:14:33.0796 1228 a347bus ( UnsignedFile.Multi.Generic ) - skipped by user
11:14:33.0796 1228 a347bus ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:14:33.0796 1228 a347scsi ( UnsignedFile.Multi.Generic ) - skipped by user
11:14:33.0796 1228 a347scsi ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:14:33.0796 1228 atapi ( LockedFile.Multi.Generic ) - skipped by user
11:14:33.0796 1228 atapi ( LockedFile.Multi.Generic ) - User select action: Skip
11:14:33.0796 1228 \Device\Harddisk0\DR0 ( Backdoor.Win32.Sinowal.knf ) - skipped by user
11:14:33.0796 1228 \Device\Harddisk0\DR0 ( Backdoor.Win32.Sinowal.knf ) - User select action: Skip
Re: Prosím o kontrolu logu. Děkuji
Zazipovane soubory zde: http://uloz.to/soubory/smudy/viry-cz/ heslo: viry.cz
RSIT
Logfile of random's system information tool 1.06 (written by random/random)
Run by Smudy at 2012-03-11 15:17:25
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 24 GB (40%) free of 60 GB
Total RAM: 2015 MB (78% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:17:30, on 11.3.2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
D:\Dokumenty\viry\RSIT.exe
C:\Program Files\trend micro\Smudy.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.centrum.cz/#utm_source=icq&u ... um=centrum
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{9783E68B-AEAD-4271-864F-D0C12BB83B40}: NameServer = 78.157.167.7,78.157.167.57
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - (no file)
O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Realtime Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sony Ericsson PCCompanion - Avanquest Software - C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
--
End of file - 5475 bytes
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-01-03 63912]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-02-09 41760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2011-02-09 79648]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-08-16 7630848]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2006-08-16 86016]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2009-03-27 17567744]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2011-09-23 258512]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-01-03 843712]
"WinampAgent"=C:\Program Files\Winamp\winampa.exe [2011-12-09 74752]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2006-01-12 155648]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QIP2005]
C:\Program Files\QIP\qip.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Companion]
C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe [2011-10-21 433872]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^HP Digital Imaging Monitor.lnk]
C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe [2006-02-19 288472]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\wpdshserviceobj.dll [2008-06-13 133632]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\QIP\qip.exe"="C:\Program Files\QIP\qip.exe:*:Enabled:Quiet Internet Pager"
"C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"
"C:\Program Files\Sony Ericsson\Update Engine\Sony Ericsson Update Engine.exe"="C:\Program Files\Sony Ericsson\Update Engine\Sony Ericsson Update Engine.exe:*:Enabled:Update Engine"
"C:\Program Files\ICQ7.5\ICQ.exe"="C:\Program Files\ICQ7.5\ICQ.exe:*:Enabled:ICQ7.5"
"C:\Program Files\SopCast\adv\SopAdver.exe"="C:\Program Files\SopCast\adv\SopAdver.exe:*:Disabled:SopCast Adver"
"C:\Program Files\SopCast\SopCast.exe"="C:\Program Files\SopCast\SopCast.exe:*:Enabled:SopCast Main Application"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\Valve\hl.exe"="C:\Program Files\Valve\hl.exe:*:Enabled:Half-Life Launcher"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\ICQ7.5\ICQ.exe"="C:\Program Files\ICQ7.5\ICQ.exe:*:Enabled:ICQ7.5"
======List of files/folders created in the last 1 months======
2012-03-11 15:12:22 ----D---- C:\TDSSKiller_Quarantine
2012-03-11 15:11:11 ----A---- C:\TDSSKiller.2.7.20.0_11.03.2012_15.11.11_log.txt
2012-03-11 11:25:31 ----A---- C:\TDSSKiller.2.7.20.0_11.03.2012_11.25.31_log.txt
2012-03-11 11:12:54 ----A---- C:\TDSSKiller.2.7.20.0_11.03.2012_11.12.54_log.txt
2012-03-10 23:23:37 ----SHD---- C:\RECYCLER
2012-03-10 23:21:42 ----A---- C:\ComboFix.txt
2012-03-10 18:12:06 ----A---- C:\Boot.bak
2012-03-10 18:12:03 ----RASHD---- C:\cmdcons
2012-03-10 18:09:40 ----A---- C:\WINDOWS\zip.exe
2012-03-10 18:09:40 ----A---- C:\WINDOWS\SWXCACLS.exe
2012-03-10 18:09:40 ----A---- C:\WINDOWS\SWSC.exe
2012-03-10 18:09:40 ----A---- C:\WINDOWS\SWREG.exe
2012-03-10 18:09:40 ----A---- C:\WINDOWS\sed.exe
2012-03-10 18:09:40 ----A---- C:\WINDOWS\PEV.exe
2012-03-10 18:09:40 ----A---- C:\WINDOWS\NIRCMD.exe
2012-03-10 18:09:40 ----A---- C:\WINDOWS\MBR.exe
2012-03-10 18:09:40 ----A---- C:\WINDOWS\grep.exe
2012-03-10 18:09:33 ----D---- C:\WINDOWS\ERDNT
2012-03-10 18:09:27 ----D---- C:\Qoobox
2012-03-10 13:23:04 ----D---- C:\Avenger
2012-03-10 13:23:04 ----A---- C:\avenger.txt
2012-03-04 14:08:25 ----D---- C:\Program Files\Valve
2012-03-02 15:12:45 ----D---- C:\Program Files\Winamp Detect
2012-03-02 15:12:29 ----D---- C:\Program Files\Winamp
2012-03-02 15:12:29 ----D---- C:\Documents and Settings\Smudy\Data aplikací\Winamp
2012-03-02 15:12:29 ----D---- C:\Documents and Settings\Smudy\Data aplikací\OpenCandy
2012-02-27 22:08:19 ----D---- C:\Documents and Settings\Smudy\Data aplikací\Publish Providers
2012-02-27 17:50:02 ----N---- C:\WINDOWS\system32\dbmsqlgc.dll
2012-02-27 17:50:01 ----N---- C:\WINDOWS\system32\dbmsgnet.dll
2012-02-27 17:49:44 ----D---- C:\Program Files\Microsoft SQL Server
2012-02-27 17:49:30 ----D---- C:\Documents and Settings\Smudy\Data aplikací\Sony
2012-02-27 17:48:19 ----D---- C:\Program Files\Vstplugins
2012-02-27 17:48:15 ----D---- C:\Documents and Settings\All Users\Data aplikací\Sony
2012-02-27 17:47:54 ----D---- C:\Program Files\Sony
2012-02-27 17:43:46 ----D---- C:\Program Files\Sony Setup
2012-02-27 15:10:57 ----D---- C:\Documents and Settings\Smudy\Data aplikací\Realore_Whiterra Roads Of Rome
2012-02-26 19:20:44 ----AD---- C:\Documents and Settings\All Users\Data aplikací\TEMP
2012-02-26 19:19:51 ----D---- C:\Program Files\RoadsofRome_at
2012-02-18 17:37:29 ----HDC---- C:\WINDOWS\$NtUninstallKB2660465$
2012-02-18 17:23:09 ----HDC---- C:\WINDOWS\$NtUninstallKB2661637$
2012-02-18 16:37:03 ----D---- C:\Program Files\Recuva
2012-02-16 14:07:57 ----N---- C:\WINDOWS\system32\iacenc.dll
======List of files/folders modified in the last 1 months======
2012-03-11 15:17:27 ----D---- C:\Program Files\trend micro
2012-03-11 15:17:26 ----D---- C:\WINDOWS\Temp
2012-03-11 15:13:24 ----A---- C:\WINDOWS\SchedLgU.Txt
2012-03-11 15:11:12 ----D---- C:\WINDOWS\system32\drivers
2012-03-11 14:52:56 ----D---- C:\Documents and Settings\Smudy\Data aplikací\Skype
2012-03-11 11:43:26 ----D---- C:\Documents and Settings\Smudy\Data aplikací\vlc
2012-03-11 11:42:37 ----A---- C:\WINDOWS\NeroDigital.ini
2012-03-11 11:32:52 ----D---- C:\WINDOWS\system32\CatRoot2
2012-03-11 11:32:29 ----D---- C:\WINDOWS
2012-03-11 08:50:38 ----HD---- C:\WINDOWS\inf
2012-03-11 08:48:09 ----HD---- C:\WINDOWS\$hf_mig$
2012-03-11 08:25:38 ----D---- C:\WINDOWS\system32\CatRoot
2012-03-11 08:25:13 ----RSHDC---- C:\WINDOWS\system32\dllcache
2012-03-11 08:25:08 ----D---- C:\WINDOWS\system32
2012-03-11 08:05:52 ----D---- C:\WINDOWS\system32\cs-cz
2012-03-11 08:05:52 ----D---- C:\WINDOWS\Media
2012-03-11 08:05:52 ----D---- C:\WINDOWS\Help
2012-03-11 08:05:52 ----D---- C:\Program Files\Internet Explorer
2012-03-11 00:07:55 ----D---- C:\Program Files\QIP
2012-03-11 00:07:11 ----D---- C:\Program Files\Common Files\InstallShield
2012-03-11 00:02:59 ----RSD---- C:\WINDOWS\Fonts
2012-03-11 00:02:59 ----HD---- C:\Program Files\InstallShield Installation Information
2012-03-11 00:02:59 ----D---- C:\Program Files
2012-03-10 23:58:37 ----D---- C:\WINDOWS\ie8updates
2012-03-10 23:54:56 ----D---- C:\WINDOWS\Prefetch
2012-03-10 23:16:54 ----A---- C:\WINDOWS\system.ini
2012-03-10 23:12:20 ----D---- C:\WINDOWS\system32\config
2012-03-10 23:09:48 ----D---- C:\WINDOWS\AppPatch
2012-03-10 23:09:46 ----D---- C:\Program Files\Common Files
2012-03-10 18:12:06 ----RASH---- C:\boot.ini
2012-03-10 11:25:07 ----D---- C:\WINDOWS\Microsoft.NET
2012-03-09 22:46:05 ----SHD---- C:\WINDOWS\Installer
2012-03-09 22:46:04 ----D---- C:\Config.Msi
2012-03-09 22:45:58 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2012-03-09 22:45:52 ----RSD---- C:\WINDOWS\assembly
2012-03-09 22:45:49 ----D---- C:\WINDOWS\WinSxS
2012-03-03 09:33:57 ----D---- C:\WINDOWS\Debug
2012-03-01 21:44:37 ----D---- C:\Documents and Settings\All Users\Data aplikací\Microsoft Help
2012-03-01 21:43:52 ----D---- C:\Program Files\Common Files\Microsoft Shared
2012-03-01 21:41:53 ----A---- C:\WINDOWS\win.ini
2012-03-01 16:53:33 ----D---- C:\Documents and Settings\All Users\Data aplikací\Adobe
2012-03-01 16:53:32 ----D---- C:\Program Files\Common Files\Adobe
2012-03-01 16:53:28 ----D---- C:\Program Files\Adobe
2012-02-27 17:50:01 ----HD---- C:\Program Files\Uninstall Information
2012-02-18 20:02:18 ----D---- C:\Program Files\Microsoft Silverlight
2012-02-18 17:37:38 ----A---- C:\WINDOWS\system32\MRT.exe
2012-02-18 09:15:59 ----D---- C:\Program Files\Mozilla Firefox
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 AmdK8;AMD Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2005-03-09 36352]
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2012-02-16 137416]
R1 avkmgr;avkmgr; C:\WINDOWS\system32\DRIVERS\avkmgr.sys [2011-09-15 36000]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2010-06-17 28520]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-18 12032]
R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2011-09-15 74640]
R2 CX23880;WinFast CX2388x WDM Video Capture.; C:\WINDOWS\system32\drivers\cx88vid.sys [2005-06-28 163584]
R2 CXTUNE;WinFast CX2388x WDM TVTuner.; C:\WINDOWS\system32\drivers\CX88TUNE.sys [2005-06-28 30976]
R3 CXAVXBAR;WinFast CX2388x WDM Crossbar.; C:\WINDOWS\system32\drivers\cxavxbar.sys [2005-06-28 9728]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2009-03-30 5063168]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-08-16 3959712]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2006-07-11 57856]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2006-07-11 20480]
R3 seehcri;Sony Ericsson seehcri Device Driver; C:\WINDOWS\system32\DRIVERS\seehcri.sys [2008-01-09 27632]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Ovladač Miniport otevřeného hostitelského řadiče Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 usbstor;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbvideo;Zobrazovací zařízení USB (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-13 121984]
S3 Ambfilt;Ambfilt; C:\WINDOWS\system32\drivers\Ambfilt.sys [2008-08-05 1684736]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2006-04-13 49664]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2006-04-13 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2006-04-13 21568]
S3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys []
S3 Monfilt;Monfilt; C:\WINDOWS\system32\drivers\Monfilt.sys [2006-01-04 1389056]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 s0016bus;Sony Ericsson Device 0016 driver (WDM); C:\WINDOWS\system32\DRIVERS\s0016bus.sys [2008-05-16 89256]
S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\s0016mdfl.sys [2008-05-16 15016]
S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\s0016mdm.sys [2008-05-16 120744]
S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\s0016mgmt.sys [2008-05-16 114216]
S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS); C:\WINDOWS\system32\DRIVERS\s0016nd5.sys [2008-05-16 25512]
S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\s0016obex.sys [2008-05-16 110632]
S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM); C:\WINDOWS\system32\DRIVERS\s0016unic.sys [2008-05-16 115752]
S3 s1018bus;Sony Ericsson Device 1018 driver (WDM); C:\WINDOWS\system32\DRIVERS\s1018bus.sys [2009-03-25 86824]
S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\s1018mdfl.sys [2009-03-25 15016]
S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\s1018mdm.sys [2009-03-25 114728]
S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\s1018mgmt.sys [2009-03-25 106208]
S3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS); C:\WINDOWS\system32\DRIVERS\s1018nd5.sys [2009-03-25 26024]
S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\s1018obex.sys [2009-03-25 104744]
S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM); C:\WINDOWS\system32\DRIVERS\s1018unic.sys [2009-03-25 109864]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 WFIOCTL;WFIOCTL; \??\C:\Program Files\WinFast\WFTVFM\WFIOCTL.SYS []
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2008-06-13 38528]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2008-06-13 82944]
S3 xcpip;Ovladač protokolu TCP/IP; C:\WINDOWS\system32\drivers\xcpip.sys []
S3 xpsec;Ovladač IPSEC; C:\WINDOWS\system32\drivers\xpsec.sys []
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AntiVirService;Avira Realtime Protection; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2011-09-23 110032]
R2 AntiVirSchedulerService;Avira Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2011-09-23 86224]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2011-02-02 153376]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-08-16 155715]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2006-03-03 69632]
R2 UleadBurningHelper;Ulead Burning Helper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [2004-12-13 49152]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 MSSQL$SONY_MEDIAMGR;MSSQL$SONY_MEDIAMGR; C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe [2002-12-17 7520337]
S3 MSSQLServerADHelper;MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [2002-12-17 66112]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2006-11-10 774144]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion; C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [2011-06-29 155344]
S3 SQLAgent$SONY_MEDIAMGR;SQLAgent$SONY_MEDIAMGR; C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE [2002-12-17 311872]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
-----------------EOF-----------------
RSIT
Logfile of random's system information tool 1.06 (written by random/random)
Run by Smudy at 2012-03-11 15:17:25
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 24 GB (40%) free of 60 GB
Total RAM: 2015 MB (78% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:17:30, on 11.3.2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
D:\Dokumenty\viry\RSIT.exe
C:\Program Files\trend micro\Smudy.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.centrum.cz/#utm_source=icq&u ... um=centrum
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{9783E68B-AEAD-4271-864F-D0C12BB83B40}: NameServer = 78.157.167.7,78.157.167.57
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - (no file)
O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Realtime Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sony Ericsson PCCompanion - Avanquest Software - C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
--
End of file - 5475 bytes
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-01-03 63912]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-02-09 41760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2011-02-09 79648]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-08-16 7630848]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2006-08-16 86016]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2009-03-27 17567744]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2011-09-23 258512]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-01-03 843712]
"WinampAgent"=C:\Program Files\Winamp\winampa.exe [2011-12-09 74752]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2006-01-12 155648]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QIP2005]
C:\Program Files\QIP\qip.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Companion]
C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe [2011-10-21 433872]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^HP Digital Imaging Monitor.lnk]
C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe [2006-02-19 288472]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\wpdshserviceobj.dll [2008-06-13 133632]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\QIP\qip.exe"="C:\Program Files\QIP\qip.exe:*:Enabled:Quiet Internet Pager"
"C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"
"C:\Program Files\Sony Ericsson\Update Engine\Sony Ericsson Update Engine.exe"="C:\Program Files\Sony Ericsson\Update Engine\Sony Ericsson Update Engine.exe:*:Enabled:Update Engine"
"C:\Program Files\ICQ7.5\ICQ.exe"="C:\Program Files\ICQ7.5\ICQ.exe:*:Enabled:ICQ7.5"
"C:\Program Files\SopCast\adv\SopAdver.exe"="C:\Program Files\SopCast\adv\SopAdver.exe:*:Disabled:SopCast Adver"
"C:\Program Files\SopCast\SopCast.exe"="C:\Program Files\SopCast\SopCast.exe:*:Enabled:SopCast Main Application"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\Valve\hl.exe"="C:\Program Files\Valve\hl.exe:*:Enabled:Half-Life Launcher"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\ICQ7.5\ICQ.exe"="C:\Program Files\ICQ7.5\ICQ.exe:*:Enabled:ICQ7.5"
======List of files/folders created in the last 1 months======
2012-03-11 15:12:22 ----D---- C:\TDSSKiller_Quarantine
2012-03-11 15:11:11 ----A---- C:\TDSSKiller.2.7.20.0_11.03.2012_15.11.11_log.txt
2012-03-11 11:25:31 ----A---- C:\TDSSKiller.2.7.20.0_11.03.2012_11.25.31_log.txt
2012-03-11 11:12:54 ----A---- C:\TDSSKiller.2.7.20.0_11.03.2012_11.12.54_log.txt
2012-03-10 23:23:37 ----SHD---- C:\RECYCLER
2012-03-10 23:21:42 ----A---- C:\ComboFix.txt
2012-03-10 18:12:06 ----A---- C:\Boot.bak
2012-03-10 18:12:03 ----RASHD---- C:\cmdcons
2012-03-10 18:09:40 ----A---- C:\WINDOWS\zip.exe
2012-03-10 18:09:40 ----A---- C:\WINDOWS\SWXCACLS.exe
2012-03-10 18:09:40 ----A---- C:\WINDOWS\SWSC.exe
2012-03-10 18:09:40 ----A---- C:\WINDOWS\SWREG.exe
2012-03-10 18:09:40 ----A---- C:\WINDOWS\sed.exe
2012-03-10 18:09:40 ----A---- C:\WINDOWS\PEV.exe
2012-03-10 18:09:40 ----A---- C:\WINDOWS\NIRCMD.exe
2012-03-10 18:09:40 ----A---- C:\WINDOWS\MBR.exe
2012-03-10 18:09:40 ----A---- C:\WINDOWS\grep.exe
2012-03-10 18:09:33 ----D---- C:\WINDOWS\ERDNT
2012-03-10 18:09:27 ----D---- C:\Qoobox
2012-03-10 13:23:04 ----D---- C:\Avenger
2012-03-10 13:23:04 ----A---- C:\avenger.txt
2012-03-04 14:08:25 ----D---- C:\Program Files\Valve
2012-03-02 15:12:45 ----D---- C:\Program Files\Winamp Detect
2012-03-02 15:12:29 ----D---- C:\Program Files\Winamp
2012-03-02 15:12:29 ----D---- C:\Documents and Settings\Smudy\Data aplikací\Winamp
2012-03-02 15:12:29 ----D---- C:\Documents and Settings\Smudy\Data aplikací\OpenCandy
2012-02-27 22:08:19 ----D---- C:\Documents and Settings\Smudy\Data aplikací\Publish Providers
2012-02-27 17:50:02 ----N---- C:\WINDOWS\system32\dbmsqlgc.dll
2012-02-27 17:50:01 ----N---- C:\WINDOWS\system32\dbmsgnet.dll
2012-02-27 17:49:44 ----D---- C:\Program Files\Microsoft SQL Server
2012-02-27 17:49:30 ----D---- C:\Documents and Settings\Smudy\Data aplikací\Sony
2012-02-27 17:48:19 ----D---- C:\Program Files\Vstplugins
2012-02-27 17:48:15 ----D---- C:\Documents and Settings\All Users\Data aplikací\Sony
2012-02-27 17:47:54 ----D---- C:\Program Files\Sony
2012-02-27 17:43:46 ----D---- C:\Program Files\Sony Setup
2012-02-27 15:10:57 ----D---- C:\Documents and Settings\Smudy\Data aplikací\Realore_Whiterra Roads Of Rome
2012-02-26 19:20:44 ----AD---- C:\Documents and Settings\All Users\Data aplikací\TEMP
2012-02-26 19:19:51 ----D---- C:\Program Files\RoadsofRome_at
2012-02-18 17:37:29 ----HDC---- C:\WINDOWS\$NtUninstallKB2660465$
2012-02-18 17:23:09 ----HDC---- C:\WINDOWS\$NtUninstallKB2661637$
2012-02-18 16:37:03 ----D---- C:\Program Files\Recuva
2012-02-16 14:07:57 ----N---- C:\WINDOWS\system32\iacenc.dll
======List of files/folders modified in the last 1 months======
2012-03-11 15:17:27 ----D---- C:\Program Files\trend micro
2012-03-11 15:17:26 ----D---- C:\WINDOWS\Temp
2012-03-11 15:13:24 ----A---- C:\WINDOWS\SchedLgU.Txt
2012-03-11 15:11:12 ----D---- C:\WINDOWS\system32\drivers
2012-03-11 14:52:56 ----D---- C:\Documents and Settings\Smudy\Data aplikací\Skype
2012-03-11 11:43:26 ----D---- C:\Documents and Settings\Smudy\Data aplikací\vlc
2012-03-11 11:42:37 ----A---- C:\WINDOWS\NeroDigital.ini
2012-03-11 11:32:52 ----D---- C:\WINDOWS\system32\CatRoot2
2012-03-11 11:32:29 ----D---- C:\WINDOWS
2012-03-11 08:50:38 ----HD---- C:\WINDOWS\inf
2012-03-11 08:48:09 ----HD---- C:\WINDOWS\$hf_mig$
2012-03-11 08:25:38 ----D---- C:\WINDOWS\system32\CatRoot
2012-03-11 08:25:13 ----RSHDC---- C:\WINDOWS\system32\dllcache
2012-03-11 08:25:08 ----D---- C:\WINDOWS\system32
2012-03-11 08:05:52 ----D---- C:\WINDOWS\system32\cs-cz
2012-03-11 08:05:52 ----D---- C:\WINDOWS\Media
2012-03-11 08:05:52 ----D---- C:\WINDOWS\Help
2012-03-11 08:05:52 ----D---- C:\Program Files\Internet Explorer
2012-03-11 00:07:55 ----D---- C:\Program Files\QIP
2012-03-11 00:07:11 ----D---- C:\Program Files\Common Files\InstallShield
2012-03-11 00:02:59 ----RSD---- C:\WINDOWS\Fonts
2012-03-11 00:02:59 ----HD---- C:\Program Files\InstallShield Installation Information
2012-03-11 00:02:59 ----D---- C:\Program Files
2012-03-10 23:58:37 ----D---- C:\WINDOWS\ie8updates
2012-03-10 23:54:56 ----D---- C:\WINDOWS\Prefetch
2012-03-10 23:16:54 ----A---- C:\WINDOWS\system.ini
2012-03-10 23:12:20 ----D---- C:\WINDOWS\system32\config
2012-03-10 23:09:48 ----D---- C:\WINDOWS\AppPatch
2012-03-10 23:09:46 ----D---- C:\Program Files\Common Files
2012-03-10 18:12:06 ----RASH---- C:\boot.ini
2012-03-10 11:25:07 ----D---- C:\WINDOWS\Microsoft.NET
2012-03-09 22:46:05 ----SHD---- C:\WINDOWS\Installer
2012-03-09 22:46:04 ----D---- C:\Config.Msi
2012-03-09 22:45:58 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2012-03-09 22:45:52 ----RSD---- C:\WINDOWS\assembly
2012-03-09 22:45:49 ----D---- C:\WINDOWS\WinSxS
2012-03-03 09:33:57 ----D---- C:\WINDOWS\Debug
2012-03-01 21:44:37 ----D---- C:\Documents and Settings\All Users\Data aplikací\Microsoft Help
2012-03-01 21:43:52 ----D---- C:\Program Files\Common Files\Microsoft Shared
2012-03-01 21:41:53 ----A---- C:\WINDOWS\win.ini
2012-03-01 16:53:33 ----D---- C:\Documents and Settings\All Users\Data aplikací\Adobe
2012-03-01 16:53:32 ----D---- C:\Program Files\Common Files\Adobe
2012-03-01 16:53:28 ----D---- C:\Program Files\Adobe
2012-02-27 17:50:01 ----HD---- C:\Program Files\Uninstall Information
2012-02-18 20:02:18 ----D---- C:\Program Files\Microsoft Silverlight
2012-02-18 17:37:38 ----A---- C:\WINDOWS\system32\MRT.exe
2012-02-18 09:15:59 ----D---- C:\Program Files\Mozilla Firefox
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 AmdK8;AMD Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2005-03-09 36352]
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2012-02-16 137416]
R1 avkmgr;avkmgr; C:\WINDOWS\system32\DRIVERS\avkmgr.sys [2011-09-15 36000]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2010-06-17 28520]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-18 12032]
R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2011-09-15 74640]
R2 CX23880;WinFast CX2388x WDM Video Capture.; C:\WINDOWS\system32\drivers\cx88vid.sys [2005-06-28 163584]
R2 CXTUNE;WinFast CX2388x WDM TVTuner.; C:\WINDOWS\system32\drivers\CX88TUNE.sys [2005-06-28 30976]
R3 CXAVXBAR;WinFast CX2388x WDM Crossbar.; C:\WINDOWS\system32\drivers\cxavxbar.sys [2005-06-28 9728]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2009-03-30 5063168]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-08-16 3959712]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2006-07-11 57856]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2006-07-11 20480]
R3 seehcri;Sony Ericsson seehcri Device Driver; C:\WINDOWS\system32\DRIVERS\seehcri.sys [2008-01-09 27632]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Ovladač Miniport otevřeného hostitelského řadiče Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 usbstor;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbvideo;Zobrazovací zařízení USB (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-13 121984]
S3 Ambfilt;Ambfilt; C:\WINDOWS\system32\drivers\Ambfilt.sys [2008-08-05 1684736]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2006-04-13 49664]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2006-04-13 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2006-04-13 21568]
S3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys []
S3 Monfilt;Monfilt; C:\WINDOWS\system32\drivers\Monfilt.sys [2006-01-04 1389056]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 s0016bus;Sony Ericsson Device 0016 driver (WDM); C:\WINDOWS\system32\DRIVERS\s0016bus.sys [2008-05-16 89256]
S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\s0016mdfl.sys [2008-05-16 15016]
S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\s0016mdm.sys [2008-05-16 120744]
S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\s0016mgmt.sys [2008-05-16 114216]
S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS); C:\WINDOWS\system32\DRIVERS\s0016nd5.sys [2008-05-16 25512]
S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\s0016obex.sys [2008-05-16 110632]
S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM); C:\WINDOWS\system32\DRIVERS\s0016unic.sys [2008-05-16 115752]
S3 s1018bus;Sony Ericsson Device 1018 driver (WDM); C:\WINDOWS\system32\DRIVERS\s1018bus.sys [2009-03-25 86824]
S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\s1018mdfl.sys [2009-03-25 15016]
S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\s1018mdm.sys [2009-03-25 114728]
S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\s1018mgmt.sys [2009-03-25 106208]
S3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS); C:\WINDOWS\system32\DRIVERS\s1018nd5.sys [2009-03-25 26024]
S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\s1018obex.sys [2009-03-25 104744]
S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM); C:\WINDOWS\system32\DRIVERS\s1018unic.sys [2009-03-25 109864]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 WFIOCTL;WFIOCTL; \??\C:\Program Files\WinFast\WFTVFM\WFIOCTL.SYS []
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2008-06-13 38528]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2008-06-13 82944]
S3 xcpip;Ovladač protokolu TCP/IP; C:\WINDOWS\system32\drivers\xcpip.sys []
S3 xpsec;Ovladač IPSEC; C:\WINDOWS\system32\drivers\xpsec.sys []
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AntiVirService;Avira Realtime Protection; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2011-09-23 110032]
R2 AntiVirSchedulerService;Avira Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2011-09-23 86224]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2011-02-02 153376]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-08-16 155715]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2006-03-03 69632]
R2 UleadBurningHelper;Ulead Burning Helper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [2004-12-13 49152]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 MSSQL$SONY_MEDIAMGR;MSSQL$SONY_MEDIAMGR; C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe [2002-12-17 7520337]
S3 MSSQLServerADHelper;MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [2002-12-17 66112]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2006-11-10 774144]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion; C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [2011-06-29 155344]
S3 SQLAgent$SONY_MEDIAMGR;SQLAgent$SONY_MEDIAMGR; C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE [2002-12-17 311872]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
-----------------EOF-----------------
Re: Prosím o kontrolu logu. Děkuji
ComboFix 12-03-10.02 - Smudy 11.03.2012 17:44:30.5.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.2015.1604 [GMT 1:00]
Spuštěný z: d:\dokumenty\viry\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-02-11 do 2012-03-11 )))))))))))))))))))))))))))))))
.
.
2012-03-11 14:12 . 2012-03-11 14:12 -------- d-----w- C:\TDSSKiller_Quarantine
2012-03-04 13:08 . 2012-03-04 13:09 -------- d-----w- c:\program files\Valve
2012-03-02 14:12 . 2012-03-02 14:12 -------- d-----w- c:\program files\Winamp Detect
2012-03-02 14:12 . 2012-03-11 07:28 -------- d-----w- c:\documents and settings\Smudy\Data aplikací\Winamp
2012-03-02 14:12 . 2012-03-02 14:13 -------- d-----w- c:\program files\Winamp
2012-03-02 14:12 . 2012-03-02 14:12 -------- d-----w- c:\documents and settings\Smudy\Data aplikací\OpenCandy
2012-02-27 21:08 . 2012-02-27 21:08 -------- d-----w- c:\documents and settings\Smudy\Data aplikací\Publish Providers
2012-02-27 21:08 . 2012-02-27 21:08 -------- d-----w- c:\documents and settings\Smudy\Local Settings\Data aplikací\Sony
2012-02-27 16:50 . 2002-12-17 15:23 33340 ------w- c:\windows\system32\dbmsqlgc.dll
2012-02-27 16:50 . 2002-10-20 13:05 24576 ------w- c:\windows\system32\dbmsgnet.dll
2012-02-27 16:49 . 2012-02-27 16:49 -------- d-----w- c:\program files\Microsoft SQL Server
2012-02-27 16:49 . 2012-02-27 21:08 -------- d-----w- c:\documents and settings\Smudy\Data aplikací\Sony
2012-02-27 16:48 . 2012-02-27 16:48 -------- d-----w- c:\program files\Vstplugins
2012-02-27 16:48 . 2012-02-27 16:49 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Sony
2012-02-27 16:47 . 2012-02-27 16:47 -------- d-----w- c:\program files\Sony
2012-02-27 16:43 . 2012-02-27 16:43 -------- d-----w- c:\program files\Sony Setup
2012-02-27 14:10 . 2012-02-27 14:11 -------- d-----w- c:\documents and settings\Smudy\Data aplikací\Realore_Whiterra Roads Of Rome
2012-02-26 18:20 . 2012-02-27 15:08 -------- d---a-w- c:\documents and settings\All Users\Data aplikací\TEMP
2012-02-26 18:19 . 2012-03-04 12:46 -------- d-----w- c:\program files\RoadsofRome_at
2012-02-18 15:37 . 2012-02-18 15:37 -------- d-----w- c:\program files\Recuva
2012-02-18 14:59 . 2003-09-03 01:28 724992 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iKernel.dll
2012-02-18 14:59 . 2003-09-03 01:27 69715 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\ctor.dll
2012-02-18 14:59 . 2003-09-03 01:26 266240 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iscript.dll
2012-02-18 14:59 . 2003-09-03 01:26 192512 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iuser.dll
2012-02-18 14:59 . 2003-09-03 01:25 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\DotNetInstaller.exe
2012-02-18 14:59 . 2012-02-18 14:59 311428 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\Setup.dll
2012-02-18 14:59 . 2012-02-18 14:59 184452 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iGdi.dll
2012-02-16 13:07 . 2012-01-11 19:07 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll
2012-02-16 13:07 . 2012-01-11 19:07 3072 ------w- c:\windows\system32\iacenc.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-23 18:44 . 2011-06-12 10:21 414368 -c--a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-16 05:35 . 2012-02-05 08:59 137416 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-01-12 17:21 . 2009-08-29 12:34 1869056 ----a-w- c:\windows\system32\win32k.sys
2010-12-27 17:40 . 2010-12-27 17:39 19985265 ----a-w- c:\program files\vlc-1.1.5-win32.exe
2006-12-04 17:39 . 2011-12-21 12:43 915968 ----a-w- c:\program files\WinRAR.exe
2006-12-04 17:39 . 2011-12-21 12:43 313856 ----a-w- c:\program files\Rar.exe
2006-12-03 13:53 . 2011-12-21 12:43 126464 ----a-w- c:\program files\RarExt.dll
2006-12-03 13:53 . 2011-12-21 12:43 66560 -c--a-w- c:\program files\Zip.SFX
2006-12-03 13:53 . 2011-12-21 12:43 100864 -c--a-w- c:\program files\Default.SFX
2006-12-03 13:52 . 2011-12-21 12:43 200704 ----a-w- c:\program files\UnRAR.exe
2006-09-18 13:31 . 2011-12-21 12:43 79360 -c--a-w- c:\program files\WinCon.SFX
2006-09-14 16:29 . 2011-12-21 12:43 315392 ----a-w- c:\program files\rarlng.dll
2005-06-07 11:26 . 2011-12-21 12:43 43008 ----a-w- c:\program files\RarExt64.dll
2005-06-07 11:25 . 2011-12-21 12:43 44032 ----a-w- c:\program files\RarExtLoader.exe
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2012-02-18 08:15 . 2011-06-26 21:27 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2006-05-03 10:06 163328 -csh--r- c:\windows\system32\flvDX.dll
2007-02-21 11:47 31232 -csh--r- c:\windows\system32\msfDX.dll
2008-03-16 13:30 216064 -csh--r- c:\windows\system32\nbDX.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2008-04-13 22:10 . !HASH: COULD NOT OPEN FILE !!!!! . 96512 . . [------] . . c:\windows\system32\drivers\atapi.sys
[7] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\system32\ReinstallBackups\0001\DriverFiles\i386\atapi.sys
.
[-] 2008-06-13 . 1E603EA2A3FDBAE9E5B88A8CB3C03124 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((( SnapShot_2012-03-11_15.50.02 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-03-11 16:37 . 2012-03-11 16:38 16384 c:\windows\Temp\Perflib_Perfdata_444.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-08-16 7630848]
"nwiz"="nwiz.exe" [2006-08-16 1617920]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-08-16 86016]
"RTHDCPL"="RTHDCPL.EXE" [2009-03-27 17567744]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-09-23 258512]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2011-12-09 74752]
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 13:40 155648 -c--a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Companion]
2011-10-21 13:06 433872 ----a-w- c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Sony Ericsson\\Update Engine\\Sony Ericsson Update Engine.exe"=
"c:\\Program Files\\ICQ7.5\\ICQ.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Valve\\hl.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:Remote Desktop
"65533:TCP"= 65533:TCP:Services
"52344:TCP"= 52344:TCP:Services
.
R0 a347bus;a347bus;c:\windows\system32\drivers\a347bus.sys [4.10.2009 14:07 160640]
R0 a347scsi;a347scsi;c:\windows\system32\drivers\a347scsi.sys [4.10.2009 14:07 5248]
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [5.2.2012 9:59 36000]
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [5.2.2012 9:59 86224]
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [6.9.2010 17:59 27632]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 12:16 130384]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [30.9.2009 16:17 1684736]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [23.12.2009 18:13 38224]
S3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\drivers\s0016bus.sys [30.8.2010 9:09 89256]
S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\drivers\s0016mdfl.sys [30.8.2010 9:09 15016]
S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\drivers\s0016mdm.sys [30.8.2010 9:09 120744]
S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0016mgmt.sys [30.8.2010 9:09 114216]
S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\drivers\s0016nd5.sys [30.8.2010 9:09 25512]
S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\drivers\s0016obex.sys [30.8.2010 9:09 110632]
S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\drivers\s0016unic.sys [30.8.2010 9:09 115752]
S3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\drivers\s1018bus.sys [30.8.2010 9:09 86824]
S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\drivers\s1018mdfl.sys [30.8.2010 9:09 15016]
S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\drivers\s1018mdm.sys [30.8.2010 9:09 114728]
S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s1018mgmt.sys [30.8.2010 9:09 106208]
S3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\drivers\s1018nd5.sys [30.8.2010 9:09 26024]
S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\drivers\s1018obex.sys [30.8.2010 9:09 104744]
S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\drivers\s1018unic.sys [30.8.2010 9:09 109864]
S3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [28.12.2010 8:04 155344]
S3 WFIOCTL;WFIOCTL;\??\c:\program files\WinFast\WFTVFM\WFIOCTL.SYS --> c:\program files\WinFast\WFTVFM\WFIOCTL.SYS [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.3.2010 12:16 753504]
S3 xpsec;Ovladač IPSEC;c:\windows\system32\drivers\xpsec.sys --> c:\windows\system32\drivers\xpsec.sys [?]
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - 53888506
*Deregistered* - 53888506
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.centrum.cz/#utm_source=icq&utm_medium=centrum
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files\ICQ7.5\ICQ.exe
TCP: Interfaces\{9783E68B-AEAD-4271-864F-D0C12BB83B40}: NameServer = 78.157.167.7,78.157.167.57
FF - ProfilePath - c:\documents and settings\Smudy\Data aplikací\Mozilla\Firefox\Profiles\f7cbzu2f.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.2.9&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.3.6&q=
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-03-11 17:50
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(2660)
c:\windows\system32\nview.dll
c:\windows\system32\NVWRSCS.DLL
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\nvwddi.dll
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
.
Celkový čas: 2012-03-11 17:52:16
ComboFix-quarantined-files.txt 2012-03-11 16:52
ComboFix2.txt 2012-03-11 15:55
ComboFix3.txt 2012-03-10 22:21
ComboFix4.txt 2012-03-10 19:06
ComboFix5.txt 2012-03-11 16:43
.
Před spuštěním: Volných bajtů: 24 940 310 528
Po spuštění: Volných bajtů: 24 920 719 360
.
- - End Of File - - 9A354AE3FF9FC9C73435529D02329B1B
17:40:28.0062 3668 TDSS rootkit removing tool 2.7.20.0 Mar 9 2012 17:10:43
17:40:28.0187 3668 ============================================================
17:40:28.0187 3668 Current date / time: 2012/03/11 17:40:28.0187
17:40:28.0187 3668 SystemInfo:
17:40:28.0187 3668
17:40:28.0187 3668 OS Version: 5.1.2600 ServicePack: 3.0
17:40:28.0187 3668 Product type: Workstation
17:40:28.0187 3668 ComputerName: POKOJ
17:40:28.0187 3668 UserName: Smudy
17:40:28.0187 3668 Windows directory: C:\WINDOWS
17:40:28.0187 3668 System windows directory: C:\WINDOWS
17:40:28.0187 3668 Processor architecture: Intel x86
17:40:28.0187 3668 Number of processors: 1
17:40:28.0187 3668 Page size: 0x1000
17:40:28.0187 3668 Boot type: Normal boot
17:40:28.0187 3668 ============================================================
17:40:28.0890 3668 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
17:40:28.0890 3668 \Device\Harddisk0\DR0:
17:40:28.0890 3668 MBR used
17:40:28.0890 3668 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x7530462
17:40:28.0921 3668 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x75304E0, BlocksNum 0xB4E4720
17:40:29.0000 3668 Initialize success
17:40:29.0000 3668 ============================================================
17:40:33.0937 3820 ============================================================
17:40:33.0937 3820 Scan started
17:40:33.0937 3820 Mode: Manual; SigCheck; TDLFS;
17:40:33.0937 3820 ============================================================
17:40:34.0156 3820 a347bus (1f61cacacb521215f39061789147968c) C:\WINDOWS\system32\DRIVERS\a347bus.sys
17:40:34.0937 3820 a347bus ( UnsignedFile.Multi.Generic ) - warning
17:40:34.0937 3820 a347bus - detected UnsignedFile.Multi.Generic (1)
17:40:34.0984 3820 a347scsi (113e4b318bbaa7483ca4e582a4d63f49) C:\WINDOWS\system32\Drivers\a347scsi.sys
17:40:35.0000 3820 a347scsi ( UnsignedFile.Multi.Generic ) - warning
17:40:35.0000 3820 a347scsi - detected UnsignedFile.Multi.Generic (1)
17:40:35.0015 3820 Abiosdsk - ok
17:40:35.0031 3820 abp480n5 - ok
17:40:35.0078 3820 ACPI (4fe34f1f3126b61fcc6b2043aa8112c9) C:\WINDOWS\system32\DRIVERS\ACPI.sys
17:40:35.0718 3820 ACPI - ok
17:40:35.0859 3820 ACPIEC (afdff022a01f0b11c776f0860c3b282f) C:\WINDOWS\system32\drivers\ACPIEC.sys
17:40:36.0062 3820 ACPIEC - ok
17:40:36.0093 3820 adpu160m - ok
17:40:36.0140 3820 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
17:40:36.0296 3820 aec - ok
17:40:36.0343 3820 AFD (f6b7b1ecd7b41736bdb6ff4b092bcb79) C:\WINDOWS\System32\drivers\afd.sys
17:40:36.0390 3820 AFD - ok
17:40:36.0406 3820 Aha154x - ok
17:40:36.0421 3820 aic78u2 - ok
17:40:36.0437 3820 aic78xx - ok
17:40:36.0453 3820 AliIde - ok
17:40:36.0531 3820 Ambfilt (f6af59d6eee5e1c304f7f73706ad11d8) C:\WINDOWS\system32\drivers\Ambfilt.sys
17:40:36.0765 3820 Ambfilt - ok
17:40:36.0906 3820 AmdK8 (59301936898ae62245a6f09c0aba9475) C:\WINDOWS\system32\DRIVERS\AmdK8.sys
17:40:36.0953 3820 AmdK8 - ok
17:40:37.0015 3820 amsint - ok
17:40:37.0046 3820 asc - ok
17:40:37.0062 3820 asc3350p - ok
17:40:37.0062 3820 asc3550 - ok
17:40:37.0125 3820 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
17:40:37.0281 3820 AsyncMac - ok
17:40:37.0359 3820 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
17:40:37.0359 3820 Suspicious file (NoAccess): C:\WINDOWS\system32\DRIVERS\atapi.sys. md5: 9f3a2f5aa6875c72bf062c712cfa2674
17:40:37.0359 3820 atapi ( LockedFile.Multi.Generic ) - warning
17:40:37.0359 3820 atapi - detected LockedFile.Multi.Generic (1)
17:40:37.0359 3820 Atdisk - ok
17:40:37.0390 3820 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
17:40:37.0593 3820 Atmarpc - ok
17:40:37.0640 3820 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
17:40:37.0828 3820 audstub - ok
17:40:37.0859 3820 avgntflt (7713e4eb0276702faa08e52a6e23f2a6) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
17:40:37.0937 3820 avgntflt - ok
17:40:38.0000 3820 avipbb (13b02b9b969dde270cd7c351203dad3c) C:\WINDOWS\system32\DRIVERS\avipbb.sys
17:40:38.0015 3820 avipbb - ok
17:40:38.0062 3820 avkmgr (271cfd1a989209b1964e24d969552bf7) C:\WINDOWS\system32\DRIVERS\avkmgr.sys
17:40:38.0078 3820 avkmgr - ok
17:40:38.0125 3820 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
17:40:38.0312 3820 Beep - ok
17:40:38.0328 3820 catchme - ok
17:40:38.0359 3820 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
17:40:38.0546 3820 cbidf2k - ok
17:40:38.0593 3820 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
17:40:38.0843 3820 CCDECODE - ok
17:40:38.0953 3820 cd20xrnt - ok
17:40:38.0968 3820 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
17:40:39.0156 3820 Cdaudio - ok
17:40:39.0187 3820 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
17:40:39.0375 3820 Cdfs - ok
17:40:39.0390 3820 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
17:40:39.0625 3820 Cdrom - ok
17:40:39.0640 3820 Changer - ok
17:40:39.0656 3820 CmdIde - ok
17:40:39.0687 3820 Cpqarray - ok
17:40:39.0718 3820 CX23880 (fce8506d1c61f05319e85c70638abd21) C:\WINDOWS\system32\drivers\cx88vid.sys
17:40:39.0781 3820 CX23880 - ok
17:40:39.0828 3820 CXAVXBAR (e80185c7ac234c9b045513de2cbeff4c) C:\WINDOWS\system32\drivers\cxavxbar.sys
17:40:39.0859 3820 CXAVXBAR - ok
17:40:39.0906 3820 CXTUNE (b5e3d476efaf08a2cd2cf77835018123) C:\WINDOWS\system32\drivers\CX88TUNE.sys
17:40:39.0953 3820 CXTUNE - ok
17:40:39.0968 3820 dac2w2k - ok
17:40:39.0984 3820 dac960nt - ok
17:40:40.0015 3820 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
17:40:40.0218 3820 Disk - ok
17:40:40.0296 3820 dmboot (db5fd2bf5b07dc54bfcb3664ff05bd7c) C:\WINDOWS\system32\drivers\dmboot.sys
17:40:40.0609 3820 dmboot - ok
17:40:40.0640 3820 dmio (fff1720af51171f32f1ead5cf71f2810) C:\WINDOWS\system32\drivers\dmio.sys
17:40:40.0843 3820 dmio - ok
17:40:40.0890 3820 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
17:40:41.0062 3820 dmload - ok
17:40:41.0187 3820 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
17:40:41.0359 3820 DMusic - ok
17:40:41.0390 3820 dpti2o - ok
17:40:41.0406 3820 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
17:40:41.0578 3820 drmkaud - ok
17:40:41.0640 3820 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
17:40:41.0812 3820 Fastfat - ok
17:40:41.0843 3820 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
17:40:42.0046 3820 Fdc - ok
17:40:42.0062 3820 Fips (ac366695a0796560aa37215ad5762aaf) C:\WINDOWS\system32\drivers\Fips.sys
17:40:42.0234 3820 Fips - ok
17:40:42.0265 3820 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
17:40:42.0468 3820 Flpydisk - ok
17:40:42.0625 3820 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
17:40:42.0875 3820 FltMgr - ok
17:40:43.0234 3820 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
17:40:43.0484 3820 Fs_Rec - ok
17:40:43.0812 3820 Ftdisk (4e664d8541db4a66b73a24257e322e1f) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
17:40:44.0093 3820 Ftdisk - ok
17:40:44.0437 3820 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
17:40:44.0687 3820 Gpc - ok
17:40:44.0890 3820 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
17:40:45.0140 3820 HDAudBus - ok
17:40:45.0515 3820 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
17:40:46.0062 3820 HidUsb - ok
17:40:46.0343 3820 hpn - ok
17:40:46.0468 3820 HPZid412 (30ca91e657cede2f95359d6ef186f650) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
17:40:47.0031 3820 HPZid412 - ok
17:40:47.0375 3820 HPZipr12 (efd31afa752aa7c7bbb57bcbe2b01c78) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
17:40:48.0500 3820 HPZipr12 - ok
17:40:49.0843 3820 HPZius12 (7ac43c38ca8fd7ed0b0a4466f753e06e) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
17:40:50.0000 3820 HPZius12 - ok
17:40:50.0078 3820 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
17:40:50.0203 3820 HTTP - ok
17:40:50.0218 3820 i2omgmt - ok
17:40:50.0234 3820 i2omp - ok
17:40:50.0296 3820 i8042prt (c528e27945367191e7bae364930b6932) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
17:40:50.0562 3820 i8042prt - ok
17:40:50.0609 3820 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
17:40:50.0921 3820 Imapi - ok
17:40:50.0953 3820 ini910u - ok
17:40:51.0187 3820 IntcAzAudAddService (1ae3cff80017ef89da959350724c7194) C:\WINDOWS\system32\drivers\RtkHDAud.sys
17:40:51.0562 3820 IntcAzAudAddService - ok
17:40:51.0687 3820 IntelIde - ok
17:40:51.0718 3820 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
17:40:52.0062 3820 Ip6Fw - ok
17:40:52.0125 3820 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
17:40:52.0406 3820 IpFilterDriver - ok
17:40:52.0421 3820 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
17:40:52.0734 3820 IpInIp - ok
17:40:52.0781 3820 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
17:40:53.0093 3820 IpNat - ok
17:40:53.0125 3820 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
17:40:53.0421 3820 IPSec - ok
17:40:53.0468 3820 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
17:40:53.0593 3820 IRENUM - ok
17:40:53.0625 3820 isapnp (cc9f8a2d60aed1a51a3ac34c59b987ae) C:\WINDOWS\system32\DRIVERS\isapnp.sys
17:40:53.0890 3820 isapnp - ok
17:40:53.0921 3820 Kbdclass (1b6162fe7f66b1a71a4b70f941c4aa9b) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
17:40:54.0187 3820 Kbdclass - ok
17:40:54.0250 3820 kbdhid (86c8f23616c6c6e5b2776901c17b945b) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
17:40:54.0578 3820 kbdhid - ok
17:40:54.0625 3820 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
17:40:54.0953 3820 kmixer - ok
17:40:55.0015 3820 KSecDD (c6ebf1d6ad71df30db49b8d3287e1368) C:\WINDOWS\system32\drivers\KSecDD.sys
17:40:55.0140 3820 KSecDD - ok
17:40:55.0187 3820 lbrtfdc - ok
17:40:55.0250 3820 MBAMSwissArmy (d68e165c3123aba3b1282eddb4213bd8) C:\WINDOWS\system32\drivers\mbamswissarmy.sys
17:40:55.0296 3820 MBAMSwissArmy - ok
17:40:55.0343 3820 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
17:40:55.0531 3820 mnmdd - ok
17:40:55.0640 3820 Modem (44032b0c6d9954d3fd26438330b99ee7) C:\WINDOWS\system32\drivers\Modem.sys
17:40:55.0953 3820 Modem - ok
17:40:56.0078 3820 Monfilt (9fa7207d1b1adead88ae8eed9cdbbaa5) C:\WINDOWS\system32\drivers\Monfilt.sys
17:40:56.0421 3820 Monfilt - ok
17:40:56.0468 3820 Mouclass (4cb582831dbde63ce43b45d771218374) C:\WINDOWS\system32\DRIVERS\mouclass.sys
17:40:56.0796 3820 Mouclass - ok
17:40:56.0843 3820 mouhid (bb269eba740737ab749b214d568b6812) C:\WINDOWS\system32\DRIVERS\mouhid.sys
17:40:57.0140 3820 mouhid - ok
17:40:57.0171 3820 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
17:40:57.0484 3820 MountMgr - ok
17:40:57.0500 3820 mraid35x - ok
17:40:57.0531 3820 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
17:40:57.0843 3820 MRxDAV - ok
17:40:57.0921 3820 MRxSmb (fb2fccc70f7174c7bf64f48e96d3adf4) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
17:40:58.0000 3820 MRxSmb - ok
17:40:58.0156 3820 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
17:40:58.0328 3820 Msfs - ok
17:40:58.0375 3820 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
17:40:58.0578 3820 MSKSSRV - ok
17:40:58.0593 3820 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
17:40:58.0781 3820 MSPCLOCK - ok
17:40:58.0796 3820 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
17:40:58.0984 3820 MSPQM - ok
17:40:59.0015 3820 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
17:40:59.0187 3820 mssmbios - ok
17:40:59.0234 3820 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
17:40:59.0421 3820 MSTEE - ok
17:40:59.0453 3820 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
17:40:59.0515 3820 Mup - ok
17:40:59.0578 3820 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
17:40:59.0750 3820 NABTSFEC - ok
17:40:59.0812 3820 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
17:41:00.0000 3820 NDIS - ok
17:41:00.0031 3820 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
17:41:00.0203 3820 NdisIP - ok
17:41:00.0234 3820 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
17:41:00.0296 3820 NdisTapi - ok
17:41:00.0312 3820 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
17:41:00.0500 3820 Ndisuio - ok
17:41:00.0609 3820 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
17:41:00.0781 3820 NdisWan - ok
17:41:00.0796 3820 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
17:41:00.0828 3820 NDProxy - ok
17:41:00.0843 3820 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
17:41:01.0031 3820 NetBIOS - ok
17:41:01.0062 3820 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
17:41:01.0234 3820 NetBT - ok
17:41:01.0312 3820 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
17:41:01.0484 3820 Npfs - ok
17:41:01.0515 3820 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
17:41:01.0734 3820 Ntfs - ok
17:41:01.0765 3820 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
17:41:01.0937 3820 Null - ok
17:41:02.0078 3820 nv (15a6306a0b958bf60f09688d0ee70479) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
17:41:02.0359 3820 nv - ok
17:41:02.0515 3820 nvata (947c4a0e7b25bcecc3b40f0f1070378b) C:\WINDOWS\system32\DRIVERS\nvata.sys
17:41:02.0562 3820 nvata - ok
17:41:02.0578 3820 NVENETFD (4d6f0d3fb17c1ba64942f415c73adcdb) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
17:41:02.0625 3820 NVENETFD - ok
17:41:02.0656 3820 nvnetbus (921e63aa1e1a20302223d016acafb52b) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
17:41:02.0687 3820 nvnetbus - ok
17:41:02.0718 3820 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
17:41:02.0890 3820 NwlnkFlt - ok
17:41:02.0937 3820 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
17:41:03.0171 3820 NwlnkFwd - ok
17:41:03.0234 3820 Parport (46f8db73b4a53e543f8e371dc7c75bae) C:\WINDOWS\system32\DRIVERS\parport.sys
17:41:03.0453 3820 Parport - ok
17:41:03.0484 3820 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
17:41:03.0718 3820 PartMgr - ok
17:41:03.0750 3820 ParVdm (1fae19d0457176318bba4a8795656ebc) C:\WINDOWS\system32\drivers\ParVdm.sys
17:41:04.0000 3820 ParVdm - ok
17:41:04.0046 3820 PCI (6ce351d149cb4befc702951e471e1730) C:\WINDOWS\system32\DRIVERS\pci.sys
17:41:04.0265 3820 PCI - ok
17:41:04.0281 3820 PCIDump - ok
17:41:04.0312 3820 PCIIde (2da4ec85e0ea7a45c6b2a05820492d5a) C:\WINDOWS\system32\DRIVERS\pciide.sys
17:41:04.0484 3820 PCIIde - ok
17:41:04.0515 3820 Pcmcia (4fc31e6c19a5ce5198b1abff94cae758) C:\WINDOWS\system32\drivers\Pcmcia.sys
17:41:04.0687 3820 Pcmcia - ok
17:41:04.0703 3820 PDCOMP - ok
17:41:04.0718 3820 PDFRAME - ok
17:41:04.0734 3820 PDRELI - ok
17:41:04.0750 3820 PDRFRAME - ok
17:41:04.0765 3820 perc2 - ok
17:41:04.0781 3820 perc2hib - ok
17:41:04.0828 3820 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
17:41:05.0000 3820 PptpMiniport - ok
17:41:05.0125 3820 Processor (7eb15dce4ec3a0220bd796a15c18186e) C:\WINDOWS\system32\DRIVERS\processr.sys
17:41:05.0296 3820 Processor - ok
17:41:05.0328 3820 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
17:41:05.0515 3820 PSched - ok
17:41:05.0546 3820 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
17:41:05.0703 3820 Ptilink - ok
17:41:05.0718 3820 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
17:41:05.0750 3820 PxHelp20 - ok
17:41:05.0765 3820 ql1080 - ok
17:41:05.0781 3820 Ql10wnt - ok
17:41:05.0796 3820 ql12160 - ok
17:41:05.0796 3820 ql1240 - ok
17:41:05.0812 3820 ql1280 - ok
17:41:05.0843 3820 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
17:41:06.0031 3820 RasAcd - ok
17:41:06.0046 3820 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
17:41:06.0218 3820 Rasl2tp - ok
17:41:06.0250 3820 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
17:41:06.0421 3820 RasPppoe - ok
17:41:06.0437 3820 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
17:41:06.0593 3820 Raspti - ok
17:41:06.0625 3820 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
17:41:06.0796 3820 Rdbss - ok
17:41:06.0812 3820 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
17:41:06.0968 3820 RDPCDD - ok
17:41:07.0031 3820 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
17:41:07.0078 3820 RDPWD - ok
17:41:07.0125 3820 redbook (611bfd220305be3a85ae876ea47d4aa5) C:\WINDOWS\system32\DRIVERS\redbook.sys
17:41:07.0281 3820 redbook - ok
17:41:07.0328 3820 s0016bus (59509ad6cbc28f2c73056268985b3e48) C:\WINDOWS\system32\DRIVERS\s0016bus.sys
17:41:07.0359 3820 s0016bus - ok
17:41:07.0421 3820 s0016mdfl (b98c3a6f91f4fba285af9606a240c6b4) C:\WINDOWS\system32\DRIVERS\s0016mdfl.sys
17:41:07.0437 3820 s0016mdfl - ok
17:41:07.0468 3820 s0016mdm (8a83426f4fb7b5212825d9de76368b1a) C:\WINDOWS\system32\DRIVERS\s0016mdm.sys
17:41:07.0500 3820 s0016mdm - ok
17:41:07.0531 3820 s0016mgmt (7a78bba97feb5e6d24c49e93a3bf7287) C:\WINDOWS\system32\DRIVERS\s0016mgmt.sys
17:41:07.0562 3820 s0016mgmt - ok
17:41:07.0640 3820 s0016nd5 (34ef7b5f611957b73e7219dd5a222ad1) C:\WINDOWS\system32\DRIVERS\s0016nd5.sys
17:41:07.0656 3820 s0016nd5 - ok
17:41:07.0765 3820 s0016obex (36792935847143e4a3cda0dc87248487) C:\WINDOWS\system32\DRIVERS\s0016obex.sys
17:41:07.0781 3820 s0016obex - ok
17:41:07.0828 3820 s0016unic (927208754fb27fc3e7a659e77500c5d1) C:\WINDOWS\system32\DRIVERS\s0016unic.sys
17:41:07.0859 3820 s0016unic - ok
17:41:07.0906 3820 s1018bus (1c5c2cb892553d2cf3f45a4bb323fcd6) C:\WINDOWS\system32\DRIVERS\s1018bus.sys
17:41:07.0921 3820 s1018bus - ok
17:41:07.0968 3820 s1018mdfl (38f5ea219593f19b6b3a1b9c169e3b61) C:\WINDOWS\system32\DRIVERS\s1018mdfl.sys
17:41:07.0984 3820 s1018mdfl - ok
17:41:08.0015 3820 s1018mdm (666af6b64fc7df92d3ca4819ea91631d) C:\WINDOWS\system32\DRIVERS\s1018mdm.sys
17:41:08.0046 3820 s1018mdm - ok
17:41:08.0062 3820 s1018mgmt (f4ceda6e2ddff2af8bd745615a7ca9c0) C:\WINDOWS\system32\DRIVERS\s1018mgmt.sys
17:41:08.0171 3820 s1018mgmt - ok
17:41:08.0203 3820 s1018nd5 (3622d9ff2253dcbe885b10736609a4ca) C:\WINDOWS\system32\DRIVERS\s1018nd5.sys
17:41:08.0218 3820 s1018nd5 - ok
17:41:08.0250 3820 s1018obex (49431efda842b474531c29ffae9f5d09) C:\WINDOWS\system32\DRIVERS\s1018obex.sys
17:41:08.0281 3820 s1018obex - ok
17:41:08.0296 3820 s1018unic (ac6b514cb4474f4c867d7cdc9cd54f05) C:\WINDOWS\system32\DRIVERS\s1018unic.sys
17:41:08.0328 3820 s1018unic - ok
17:41:08.0375 3820 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
17:41:08.0437 3820 Secdrv - ok
17:41:08.0500 3820 seehcri (e5b56569a9f79b70314fede6c953641e) C:\WINDOWS\system32\DRIVERS\seehcri.sys
17:41:08.0562 3820 seehcri - ok
17:41:08.0671 3820 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
17:41:08.0843 3820 serenum - ok
17:41:08.0859 3820 Serial (b842729337c9b921615c40d3c1a1af96) C:\WINDOWS\system32\DRIVERS\serial.sys
17:41:09.0031 3820 Serial - ok
17:41:09.0093 3820 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
17:41:09.0265 3820 Sfloppy - ok
17:41:09.0312 3820 Simbad - ok
17:41:09.0343 3820 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
17:41:09.0515 3820 SLIP - ok
17:41:09.0531 3820 Sparrow - ok
17:41:09.0578 3820 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
17:41:09.0734 3820 splitter - ok
17:41:09.0781 3820 sr (94610c8653635e4459316a0050d55ce7) C:\WINDOWS\system32\DRIVERS\sr.sys
17:41:09.0890 3820 sr - ok
17:41:09.0953 3820 Srv (9b390283569ea58d43d2586032b892f5) C:\WINDOWS\system32\DRIVERS\srv.sys
17:41:10.0000 3820 Srv - ok
17:41:10.0046 3820 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
17:41:10.0062 3820 ssmdrv - ok
17:41:10.0109 3820 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
17:41:10.0281 3820 streamip - ok
17:41:10.0312 3820 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
17:41:10.0484 3820 swenum - ok
17:41:10.0593 3820 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
17:41:10.0781 3820 swmidi - ok
17:41:10.0796 3820 symc810 - ok
17:41:10.0812 3820 symc8xx - ok
17:41:10.0812 3820 sym_hi - ok
17:41:10.0828 3820 sym_u3 - ok
17:41:10.0875 3820 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
17:41:11.0031 3820 sysaudio - ok
17:41:11.0078 3820 Tcpip (ad978a1b783b5719720cff204b666c8e) C:\WINDOWS\system32\DRIVERS\tcpip.sys
17:41:11.0156 3820 Tcpip - ok
17:41:11.0218 3820 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
17:41:11.0390 3820 TDPIPE - ok
17:41:11.0421 3820 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
17:41:11.0593 3820 TDTCP - ok
17:41:11.0640 3820 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
17:41:11.0796 3820 TermDD - ok
17:41:11.0828 3820 TosIde - ok
17:41:11.0843 3820 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
17:41:12.0031 3820 Udfs - ok
17:41:12.0046 3820 ultra - ok
17:41:12.0093 3820 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
17:41:12.0265 3820 Update - ok
17:41:12.0312 3820 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
17:41:12.0484 3820 usbccgp - ok
17:41:12.0515 3820 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
17:41:12.0671 3820 usbehci - ok
17:41:12.0718 3820 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
17:41:12.0890 3820 usbhub - ok
17:41:12.0984 3820 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
17:41:13.0265 3820 usbohci - ok
17:41:13.0296 3820 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
17:41:13.0671 3820 usbprint - ok
17:41:13.0703 3820 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
17:41:14.0015 3820 usbscan - ok
17:41:14.0046 3820 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
17:41:14.0328 3820 usbstor - ok
17:41:14.0375 3820 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
17:41:14.0609 3820 usbvideo - ok
17:41:14.0640 3820 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
17:41:14.0890 3820 VgaSave - ok
17:41:14.0937 3820 ViaIde - ok
17:41:14.0953 3820 VolSnap (28a4b296b47782173c346e376cb374d1) C:\WINDOWS\system32\drivers\VolSnap.sys
17:41:15.0218 3820 VolSnap - ok
17:41:15.0265 3820 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
17:41:15.0515 3820 Wanarp - ok
17:41:15.0531 3820 WDICA - ok
17:41:15.0578 3820 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
17:41:15.0843 3820 wdmaud - ok
17:41:15.0875 3820 WFIOCTL - ok
17:41:15.0984 3820 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
17:41:16.0078 3820 WpdUsb - ok
17:41:16.0125 3820 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
17:41:16.0359 3820 WS2IFSL - ok
17:41:16.0406 3820 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
17:41:16.0656 3820 WSTCODEC - ok
17:41:16.0687 3820 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
17:41:16.0734 3820 WudfPf - ok
17:41:16.0765 3820 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
17:41:16.0812 3820 WudfRd - ok
17:41:16.0937 3820 xpsec - ok
17:41:16.0984 3820 MBR (0x1B8) (413fc2a0c716421b3158746d63736515) \Device\Harddisk0\DR0
17:41:17.0203 3820 \Device\Harddisk0\DR0 - ok
17:41:17.0218 3820 Boot (0x1200) (526e6b919521ae741cad142b2e462b96) \Device\Harddisk0\DR0\Partition0
17:41:17.0218 3820 \Device\Harddisk0\DR0\Partition0 - ok
17:41:17.0234 3820 Boot (0x1200) (3a2258e8ab37de7d74a0774b8fe2d899) \Device\Harddisk0\DR0\Partition1
17:41:17.0234 3820 \Device\Harddisk0\DR0\Partition1 - ok
17:41:17.0234 3820 ============================================================
17:41:17.0234 3820 Scan finished
17:41:17.0234 3820 ============================================================
17:41:17.0375 3812 Detected object count: 3
17:41:17.0375 3812 Actual detected object count: 3
17:41:23.0015 3812 a347bus ( UnsignedFile.Multi.Generic ) - skipped by user
17:41:23.0015 3812 a347bus ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:41:23.0015 3812 a347scsi ( UnsignedFile.Multi.Generic ) - skipped by user
17:41:23.0015 3812 a347scsi ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:41:23.0031 3812 atapi ( LockedFile.Multi.Generic ) - skipped by user
17:41:23.0031 3812 atapi ( LockedFile.Multi.Generic ) - User select action: Skip
17:41:29.0703 3660 Deinitialize success
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.2015.1604 [GMT 1:00]
Spuštěný z: d:\dokumenty\viry\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-02-11 do 2012-03-11 )))))))))))))))))))))))))))))))
.
.
2012-03-11 14:12 . 2012-03-11 14:12 -------- d-----w- C:\TDSSKiller_Quarantine
2012-03-04 13:08 . 2012-03-04 13:09 -------- d-----w- c:\program files\Valve
2012-03-02 14:12 . 2012-03-02 14:12 -------- d-----w- c:\program files\Winamp Detect
2012-03-02 14:12 . 2012-03-11 07:28 -------- d-----w- c:\documents and settings\Smudy\Data aplikací\Winamp
2012-03-02 14:12 . 2012-03-02 14:13 -------- d-----w- c:\program files\Winamp
2012-03-02 14:12 . 2012-03-02 14:12 -------- d-----w- c:\documents and settings\Smudy\Data aplikací\OpenCandy
2012-02-27 21:08 . 2012-02-27 21:08 -------- d-----w- c:\documents and settings\Smudy\Data aplikací\Publish Providers
2012-02-27 21:08 . 2012-02-27 21:08 -------- d-----w- c:\documents and settings\Smudy\Local Settings\Data aplikací\Sony
2012-02-27 16:50 . 2002-12-17 15:23 33340 ------w- c:\windows\system32\dbmsqlgc.dll
2012-02-27 16:50 . 2002-10-20 13:05 24576 ------w- c:\windows\system32\dbmsgnet.dll
2012-02-27 16:49 . 2012-02-27 16:49 -------- d-----w- c:\program files\Microsoft SQL Server
2012-02-27 16:49 . 2012-02-27 21:08 -------- d-----w- c:\documents and settings\Smudy\Data aplikací\Sony
2012-02-27 16:48 . 2012-02-27 16:48 -------- d-----w- c:\program files\Vstplugins
2012-02-27 16:48 . 2012-02-27 16:49 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Sony
2012-02-27 16:47 . 2012-02-27 16:47 -------- d-----w- c:\program files\Sony
2012-02-27 16:43 . 2012-02-27 16:43 -------- d-----w- c:\program files\Sony Setup
2012-02-27 14:10 . 2012-02-27 14:11 -------- d-----w- c:\documents and settings\Smudy\Data aplikací\Realore_Whiterra Roads Of Rome
2012-02-26 18:20 . 2012-02-27 15:08 -------- d---a-w- c:\documents and settings\All Users\Data aplikací\TEMP
2012-02-26 18:19 . 2012-03-04 12:46 -------- d-----w- c:\program files\RoadsofRome_at
2012-02-18 15:37 . 2012-02-18 15:37 -------- d-----w- c:\program files\Recuva
2012-02-18 14:59 . 2003-09-03 01:28 724992 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iKernel.dll
2012-02-18 14:59 . 2003-09-03 01:27 69715 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\ctor.dll
2012-02-18 14:59 . 2003-09-03 01:26 266240 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iscript.dll
2012-02-18 14:59 . 2003-09-03 01:26 192512 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iuser.dll
2012-02-18 14:59 . 2003-09-03 01:25 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\DotNetInstaller.exe
2012-02-18 14:59 . 2012-02-18 14:59 311428 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\Setup.dll
2012-02-18 14:59 . 2012-02-18 14:59 184452 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iGdi.dll
2012-02-16 13:07 . 2012-01-11 19:07 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll
2012-02-16 13:07 . 2012-01-11 19:07 3072 ------w- c:\windows\system32\iacenc.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-23 18:44 . 2011-06-12 10:21 414368 -c--a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-16 05:35 . 2012-02-05 08:59 137416 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-01-12 17:21 . 2009-08-29 12:34 1869056 ----a-w- c:\windows\system32\win32k.sys
2010-12-27 17:40 . 2010-12-27 17:39 19985265 ----a-w- c:\program files\vlc-1.1.5-win32.exe
2006-12-04 17:39 . 2011-12-21 12:43 915968 ----a-w- c:\program files\WinRAR.exe
2006-12-04 17:39 . 2011-12-21 12:43 313856 ----a-w- c:\program files\Rar.exe
2006-12-03 13:53 . 2011-12-21 12:43 126464 ----a-w- c:\program files\RarExt.dll
2006-12-03 13:53 . 2011-12-21 12:43 66560 -c--a-w- c:\program files\Zip.SFX
2006-12-03 13:53 . 2011-12-21 12:43 100864 -c--a-w- c:\program files\Default.SFX
2006-12-03 13:52 . 2011-12-21 12:43 200704 ----a-w- c:\program files\UnRAR.exe
2006-09-18 13:31 . 2011-12-21 12:43 79360 -c--a-w- c:\program files\WinCon.SFX
2006-09-14 16:29 . 2011-12-21 12:43 315392 ----a-w- c:\program files\rarlng.dll
2005-06-07 11:26 . 2011-12-21 12:43 43008 ----a-w- c:\program files\RarExt64.dll
2005-06-07 11:25 . 2011-12-21 12:43 44032 ----a-w- c:\program files\RarExtLoader.exe
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2012-02-18 08:15 . 2011-06-26 21:27 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2006-05-03 10:06 163328 -csh--r- c:\windows\system32\flvDX.dll
2007-02-21 11:47 31232 -csh--r- c:\windows\system32\msfDX.dll
2008-03-16 13:30 216064 -csh--r- c:\windows\system32\nbDX.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2008-04-13 22:10 . !HASH: COULD NOT OPEN FILE !!!!! . 96512 . . [------] . . c:\windows\system32\drivers\atapi.sys
[7] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\system32\ReinstallBackups\0001\DriverFiles\i386\atapi.sys
.
[-] 2008-06-13 . 1E603EA2A3FDBAE9E5B88A8CB3C03124 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((( SnapShot_2012-03-11_15.50.02 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-03-11 16:37 . 2012-03-11 16:38 16384 c:\windows\Temp\Perflib_Perfdata_444.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-08-16 7630848]
"nwiz"="nwiz.exe" [2006-08-16 1617920]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-08-16 86016]
"RTHDCPL"="RTHDCPL.EXE" [2009-03-27 17567744]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-09-23 258512]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2011-12-09 74752]
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 13:40 155648 -c--a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Companion]
2011-10-21 13:06 433872 ----a-w- c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Sony Ericsson\\Update Engine\\Sony Ericsson Update Engine.exe"=
"c:\\Program Files\\ICQ7.5\\ICQ.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Valve\\hl.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:Remote Desktop
"65533:TCP"= 65533:TCP:Services
"52344:TCP"= 52344:TCP:Services
.
R0 a347bus;a347bus;c:\windows\system32\drivers\a347bus.sys [4.10.2009 14:07 160640]
R0 a347scsi;a347scsi;c:\windows\system32\drivers\a347scsi.sys [4.10.2009 14:07 5248]
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [5.2.2012 9:59 36000]
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [5.2.2012 9:59 86224]
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [6.9.2010 17:59 27632]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 12:16 130384]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [30.9.2009 16:17 1684736]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [23.12.2009 18:13 38224]
S3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\drivers\s0016bus.sys [30.8.2010 9:09 89256]
S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\drivers\s0016mdfl.sys [30.8.2010 9:09 15016]
S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\drivers\s0016mdm.sys [30.8.2010 9:09 120744]
S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0016mgmt.sys [30.8.2010 9:09 114216]
S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\drivers\s0016nd5.sys [30.8.2010 9:09 25512]
S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\drivers\s0016obex.sys [30.8.2010 9:09 110632]
S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\drivers\s0016unic.sys [30.8.2010 9:09 115752]
S3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\drivers\s1018bus.sys [30.8.2010 9:09 86824]
S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\drivers\s1018mdfl.sys [30.8.2010 9:09 15016]
S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\drivers\s1018mdm.sys [30.8.2010 9:09 114728]
S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s1018mgmt.sys [30.8.2010 9:09 106208]
S3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\drivers\s1018nd5.sys [30.8.2010 9:09 26024]
S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\drivers\s1018obex.sys [30.8.2010 9:09 104744]
S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\drivers\s1018unic.sys [30.8.2010 9:09 109864]
S3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [28.12.2010 8:04 155344]
S3 WFIOCTL;WFIOCTL;\??\c:\program files\WinFast\WFTVFM\WFIOCTL.SYS --> c:\program files\WinFast\WFTVFM\WFIOCTL.SYS [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.3.2010 12:16 753504]
S3 xpsec;Ovladač IPSEC;c:\windows\system32\drivers\xpsec.sys --> c:\windows\system32\drivers\xpsec.sys [?]
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - 53888506
*Deregistered* - 53888506
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.centrum.cz/#utm_source=icq&utm_medium=centrum
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files\ICQ7.5\ICQ.exe
TCP: Interfaces\{9783E68B-AEAD-4271-864F-D0C12BB83B40}: NameServer = 78.157.167.7,78.157.167.57
FF - ProfilePath - c:\documents and settings\Smudy\Data aplikací\Mozilla\Firefox\Profiles\f7cbzu2f.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.2.9&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.3.6&q=
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-03-11 17:50
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(2660)
c:\windows\system32\nview.dll
c:\windows\system32\NVWRSCS.DLL
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\nvwddi.dll
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
.
Celkový čas: 2012-03-11 17:52:16
ComboFix-quarantined-files.txt 2012-03-11 16:52
ComboFix2.txt 2012-03-11 15:55
ComboFix3.txt 2012-03-10 22:21
ComboFix4.txt 2012-03-10 19:06
ComboFix5.txt 2012-03-11 16:43
.
Před spuštěním: Volných bajtů: 24 940 310 528
Po spuštění: Volných bajtů: 24 920 719 360
.
- - End Of File - - 9A354AE3FF9FC9C73435529D02329B1B
17:40:28.0062 3668 TDSS rootkit removing tool 2.7.20.0 Mar 9 2012 17:10:43
17:40:28.0187 3668 ============================================================
17:40:28.0187 3668 Current date / time: 2012/03/11 17:40:28.0187
17:40:28.0187 3668 SystemInfo:
17:40:28.0187 3668
17:40:28.0187 3668 OS Version: 5.1.2600 ServicePack: 3.0
17:40:28.0187 3668 Product type: Workstation
17:40:28.0187 3668 ComputerName: POKOJ
17:40:28.0187 3668 UserName: Smudy
17:40:28.0187 3668 Windows directory: C:\WINDOWS
17:40:28.0187 3668 System windows directory: C:\WINDOWS
17:40:28.0187 3668 Processor architecture: Intel x86
17:40:28.0187 3668 Number of processors: 1
17:40:28.0187 3668 Page size: 0x1000
17:40:28.0187 3668 Boot type: Normal boot
17:40:28.0187 3668 ============================================================
17:40:28.0890 3668 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
17:40:28.0890 3668 \Device\Harddisk0\DR0:
17:40:28.0890 3668 MBR used
17:40:28.0890 3668 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x7530462
17:40:28.0921 3668 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x75304E0, BlocksNum 0xB4E4720
17:40:29.0000 3668 Initialize success
17:40:29.0000 3668 ============================================================
17:40:33.0937 3820 ============================================================
17:40:33.0937 3820 Scan started
17:40:33.0937 3820 Mode: Manual; SigCheck; TDLFS;
17:40:33.0937 3820 ============================================================
17:40:34.0156 3820 a347bus (1f61cacacb521215f39061789147968c) C:\WINDOWS\system32\DRIVERS\a347bus.sys
17:40:34.0937 3820 a347bus ( UnsignedFile.Multi.Generic ) - warning
17:40:34.0937 3820 a347bus - detected UnsignedFile.Multi.Generic (1)
17:40:34.0984 3820 a347scsi (113e4b318bbaa7483ca4e582a4d63f49) C:\WINDOWS\system32\Drivers\a347scsi.sys
17:40:35.0000 3820 a347scsi ( UnsignedFile.Multi.Generic ) - warning
17:40:35.0000 3820 a347scsi - detected UnsignedFile.Multi.Generic (1)
17:40:35.0015 3820 Abiosdsk - ok
17:40:35.0031 3820 abp480n5 - ok
17:40:35.0078 3820 ACPI (4fe34f1f3126b61fcc6b2043aa8112c9) C:\WINDOWS\system32\DRIVERS\ACPI.sys
17:40:35.0718 3820 ACPI - ok
17:40:35.0859 3820 ACPIEC (afdff022a01f0b11c776f0860c3b282f) C:\WINDOWS\system32\drivers\ACPIEC.sys
17:40:36.0062 3820 ACPIEC - ok
17:40:36.0093 3820 adpu160m - ok
17:40:36.0140 3820 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
17:40:36.0296 3820 aec - ok
17:40:36.0343 3820 AFD (f6b7b1ecd7b41736bdb6ff4b092bcb79) C:\WINDOWS\System32\drivers\afd.sys
17:40:36.0390 3820 AFD - ok
17:40:36.0406 3820 Aha154x - ok
17:40:36.0421 3820 aic78u2 - ok
17:40:36.0437 3820 aic78xx - ok
17:40:36.0453 3820 AliIde - ok
17:40:36.0531 3820 Ambfilt (f6af59d6eee5e1c304f7f73706ad11d8) C:\WINDOWS\system32\drivers\Ambfilt.sys
17:40:36.0765 3820 Ambfilt - ok
17:40:36.0906 3820 AmdK8 (59301936898ae62245a6f09c0aba9475) C:\WINDOWS\system32\DRIVERS\AmdK8.sys
17:40:36.0953 3820 AmdK8 - ok
17:40:37.0015 3820 amsint - ok
17:40:37.0046 3820 asc - ok
17:40:37.0062 3820 asc3350p - ok
17:40:37.0062 3820 asc3550 - ok
17:40:37.0125 3820 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
17:40:37.0281 3820 AsyncMac - ok
17:40:37.0359 3820 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
17:40:37.0359 3820 Suspicious file (NoAccess): C:\WINDOWS\system32\DRIVERS\atapi.sys. md5: 9f3a2f5aa6875c72bf062c712cfa2674
17:40:37.0359 3820 atapi ( LockedFile.Multi.Generic ) - warning
17:40:37.0359 3820 atapi - detected LockedFile.Multi.Generic (1)
17:40:37.0359 3820 Atdisk - ok
17:40:37.0390 3820 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
17:40:37.0593 3820 Atmarpc - ok
17:40:37.0640 3820 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
17:40:37.0828 3820 audstub - ok
17:40:37.0859 3820 avgntflt (7713e4eb0276702faa08e52a6e23f2a6) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
17:40:37.0937 3820 avgntflt - ok
17:40:38.0000 3820 avipbb (13b02b9b969dde270cd7c351203dad3c) C:\WINDOWS\system32\DRIVERS\avipbb.sys
17:40:38.0015 3820 avipbb - ok
17:40:38.0062 3820 avkmgr (271cfd1a989209b1964e24d969552bf7) C:\WINDOWS\system32\DRIVERS\avkmgr.sys
17:40:38.0078 3820 avkmgr - ok
17:40:38.0125 3820 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
17:40:38.0312 3820 Beep - ok
17:40:38.0328 3820 catchme - ok
17:40:38.0359 3820 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
17:40:38.0546 3820 cbidf2k - ok
17:40:38.0593 3820 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
17:40:38.0843 3820 CCDECODE - ok
17:40:38.0953 3820 cd20xrnt - ok
17:40:38.0968 3820 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
17:40:39.0156 3820 Cdaudio - ok
17:40:39.0187 3820 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
17:40:39.0375 3820 Cdfs - ok
17:40:39.0390 3820 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
17:40:39.0625 3820 Cdrom - ok
17:40:39.0640 3820 Changer - ok
17:40:39.0656 3820 CmdIde - ok
17:40:39.0687 3820 Cpqarray - ok
17:40:39.0718 3820 CX23880 (fce8506d1c61f05319e85c70638abd21) C:\WINDOWS\system32\drivers\cx88vid.sys
17:40:39.0781 3820 CX23880 - ok
17:40:39.0828 3820 CXAVXBAR (e80185c7ac234c9b045513de2cbeff4c) C:\WINDOWS\system32\drivers\cxavxbar.sys
17:40:39.0859 3820 CXAVXBAR - ok
17:40:39.0906 3820 CXTUNE (b5e3d476efaf08a2cd2cf77835018123) C:\WINDOWS\system32\drivers\CX88TUNE.sys
17:40:39.0953 3820 CXTUNE - ok
17:40:39.0968 3820 dac2w2k - ok
17:40:39.0984 3820 dac960nt - ok
17:40:40.0015 3820 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
17:40:40.0218 3820 Disk - ok
17:40:40.0296 3820 dmboot (db5fd2bf5b07dc54bfcb3664ff05bd7c) C:\WINDOWS\system32\drivers\dmboot.sys
17:40:40.0609 3820 dmboot - ok
17:40:40.0640 3820 dmio (fff1720af51171f32f1ead5cf71f2810) C:\WINDOWS\system32\drivers\dmio.sys
17:40:40.0843 3820 dmio - ok
17:40:40.0890 3820 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
17:40:41.0062 3820 dmload - ok
17:40:41.0187 3820 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
17:40:41.0359 3820 DMusic - ok
17:40:41.0390 3820 dpti2o - ok
17:40:41.0406 3820 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
17:40:41.0578 3820 drmkaud - ok
17:40:41.0640 3820 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
17:40:41.0812 3820 Fastfat - ok
17:40:41.0843 3820 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
17:40:42.0046 3820 Fdc - ok
17:40:42.0062 3820 Fips (ac366695a0796560aa37215ad5762aaf) C:\WINDOWS\system32\drivers\Fips.sys
17:40:42.0234 3820 Fips - ok
17:40:42.0265 3820 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
17:40:42.0468 3820 Flpydisk - ok
17:40:42.0625 3820 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
17:40:42.0875 3820 FltMgr - ok
17:40:43.0234 3820 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
17:40:43.0484 3820 Fs_Rec - ok
17:40:43.0812 3820 Ftdisk (4e664d8541db4a66b73a24257e322e1f) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
17:40:44.0093 3820 Ftdisk - ok
17:40:44.0437 3820 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
17:40:44.0687 3820 Gpc - ok
17:40:44.0890 3820 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
17:40:45.0140 3820 HDAudBus - ok
17:40:45.0515 3820 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
17:40:46.0062 3820 HidUsb - ok
17:40:46.0343 3820 hpn - ok
17:40:46.0468 3820 HPZid412 (30ca91e657cede2f95359d6ef186f650) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
17:40:47.0031 3820 HPZid412 - ok
17:40:47.0375 3820 HPZipr12 (efd31afa752aa7c7bbb57bcbe2b01c78) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
17:40:48.0500 3820 HPZipr12 - ok
17:40:49.0843 3820 HPZius12 (7ac43c38ca8fd7ed0b0a4466f753e06e) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
17:40:50.0000 3820 HPZius12 - ok
17:40:50.0078 3820 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
17:40:50.0203 3820 HTTP - ok
17:40:50.0218 3820 i2omgmt - ok
17:40:50.0234 3820 i2omp - ok
17:40:50.0296 3820 i8042prt (c528e27945367191e7bae364930b6932) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
17:40:50.0562 3820 i8042prt - ok
17:40:50.0609 3820 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
17:40:50.0921 3820 Imapi - ok
17:40:50.0953 3820 ini910u - ok
17:40:51.0187 3820 IntcAzAudAddService (1ae3cff80017ef89da959350724c7194) C:\WINDOWS\system32\drivers\RtkHDAud.sys
17:40:51.0562 3820 IntcAzAudAddService - ok
17:40:51.0687 3820 IntelIde - ok
17:40:51.0718 3820 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
17:40:52.0062 3820 Ip6Fw - ok
17:40:52.0125 3820 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
17:40:52.0406 3820 IpFilterDriver - ok
17:40:52.0421 3820 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
17:40:52.0734 3820 IpInIp - ok
17:40:52.0781 3820 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
17:40:53.0093 3820 IpNat - ok
17:40:53.0125 3820 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
17:40:53.0421 3820 IPSec - ok
17:40:53.0468 3820 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
17:40:53.0593 3820 IRENUM - ok
17:40:53.0625 3820 isapnp (cc9f8a2d60aed1a51a3ac34c59b987ae) C:\WINDOWS\system32\DRIVERS\isapnp.sys
17:40:53.0890 3820 isapnp - ok
17:40:53.0921 3820 Kbdclass (1b6162fe7f66b1a71a4b70f941c4aa9b) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
17:40:54.0187 3820 Kbdclass - ok
17:40:54.0250 3820 kbdhid (86c8f23616c6c6e5b2776901c17b945b) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
17:40:54.0578 3820 kbdhid - ok
17:40:54.0625 3820 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
17:40:54.0953 3820 kmixer - ok
17:40:55.0015 3820 KSecDD (c6ebf1d6ad71df30db49b8d3287e1368) C:\WINDOWS\system32\drivers\KSecDD.sys
17:40:55.0140 3820 KSecDD - ok
17:40:55.0187 3820 lbrtfdc - ok
17:40:55.0250 3820 MBAMSwissArmy (d68e165c3123aba3b1282eddb4213bd8) C:\WINDOWS\system32\drivers\mbamswissarmy.sys
17:40:55.0296 3820 MBAMSwissArmy - ok
17:40:55.0343 3820 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
17:40:55.0531 3820 mnmdd - ok
17:40:55.0640 3820 Modem (44032b0c6d9954d3fd26438330b99ee7) C:\WINDOWS\system32\drivers\Modem.sys
17:40:55.0953 3820 Modem - ok
17:40:56.0078 3820 Monfilt (9fa7207d1b1adead88ae8eed9cdbbaa5) C:\WINDOWS\system32\drivers\Monfilt.sys
17:40:56.0421 3820 Monfilt - ok
17:40:56.0468 3820 Mouclass (4cb582831dbde63ce43b45d771218374) C:\WINDOWS\system32\DRIVERS\mouclass.sys
17:40:56.0796 3820 Mouclass - ok
17:40:56.0843 3820 mouhid (bb269eba740737ab749b214d568b6812) C:\WINDOWS\system32\DRIVERS\mouhid.sys
17:40:57.0140 3820 mouhid - ok
17:40:57.0171 3820 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
17:40:57.0484 3820 MountMgr - ok
17:40:57.0500 3820 mraid35x - ok
17:40:57.0531 3820 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
17:40:57.0843 3820 MRxDAV - ok
17:40:57.0921 3820 MRxSmb (fb2fccc70f7174c7bf64f48e96d3adf4) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
17:40:58.0000 3820 MRxSmb - ok
17:40:58.0156 3820 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
17:40:58.0328 3820 Msfs - ok
17:40:58.0375 3820 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
17:40:58.0578 3820 MSKSSRV - ok
17:40:58.0593 3820 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
17:40:58.0781 3820 MSPCLOCK - ok
17:40:58.0796 3820 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
17:40:58.0984 3820 MSPQM - ok
17:40:59.0015 3820 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
17:40:59.0187 3820 mssmbios - ok
17:40:59.0234 3820 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
17:40:59.0421 3820 MSTEE - ok
17:40:59.0453 3820 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
17:40:59.0515 3820 Mup - ok
17:40:59.0578 3820 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
17:40:59.0750 3820 NABTSFEC - ok
17:40:59.0812 3820 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
17:41:00.0000 3820 NDIS - ok
17:41:00.0031 3820 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
17:41:00.0203 3820 NdisIP - ok
17:41:00.0234 3820 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
17:41:00.0296 3820 NdisTapi - ok
17:41:00.0312 3820 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
17:41:00.0500 3820 Ndisuio - ok
17:41:00.0609 3820 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
17:41:00.0781 3820 NdisWan - ok
17:41:00.0796 3820 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
17:41:00.0828 3820 NDProxy - ok
17:41:00.0843 3820 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
17:41:01.0031 3820 NetBIOS - ok
17:41:01.0062 3820 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
17:41:01.0234 3820 NetBT - ok
17:41:01.0312 3820 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
17:41:01.0484 3820 Npfs - ok
17:41:01.0515 3820 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
17:41:01.0734 3820 Ntfs - ok
17:41:01.0765 3820 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
17:41:01.0937 3820 Null - ok
17:41:02.0078 3820 nv (15a6306a0b958bf60f09688d0ee70479) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
17:41:02.0359 3820 nv - ok
17:41:02.0515 3820 nvata (947c4a0e7b25bcecc3b40f0f1070378b) C:\WINDOWS\system32\DRIVERS\nvata.sys
17:41:02.0562 3820 nvata - ok
17:41:02.0578 3820 NVENETFD (4d6f0d3fb17c1ba64942f415c73adcdb) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
17:41:02.0625 3820 NVENETFD - ok
17:41:02.0656 3820 nvnetbus (921e63aa1e1a20302223d016acafb52b) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
17:41:02.0687 3820 nvnetbus - ok
17:41:02.0718 3820 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
17:41:02.0890 3820 NwlnkFlt - ok
17:41:02.0937 3820 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
17:41:03.0171 3820 NwlnkFwd - ok
17:41:03.0234 3820 Parport (46f8db73b4a53e543f8e371dc7c75bae) C:\WINDOWS\system32\DRIVERS\parport.sys
17:41:03.0453 3820 Parport - ok
17:41:03.0484 3820 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
17:41:03.0718 3820 PartMgr - ok
17:41:03.0750 3820 ParVdm (1fae19d0457176318bba4a8795656ebc) C:\WINDOWS\system32\drivers\ParVdm.sys
17:41:04.0000 3820 ParVdm - ok
17:41:04.0046 3820 PCI (6ce351d149cb4befc702951e471e1730) C:\WINDOWS\system32\DRIVERS\pci.sys
17:41:04.0265 3820 PCI - ok
17:41:04.0281 3820 PCIDump - ok
17:41:04.0312 3820 PCIIde (2da4ec85e0ea7a45c6b2a05820492d5a) C:\WINDOWS\system32\DRIVERS\pciide.sys
17:41:04.0484 3820 PCIIde - ok
17:41:04.0515 3820 Pcmcia (4fc31e6c19a5ce5198b1abff94cae758) C:\WINDOWS\system32\drivers\Pcmcia.sys
17:41:04.0687 3820 Pcmcia - ok
17:41:04.0703 3820 PDCOMP - ok
17:41:04.0718 3820 PDFRAME - ok
17:41:04.0734 3820 PDRELI - ok
17:41:04.0750 3820 PDRFRAME - ok
17:41:04.0765 3820 perc2 - ok
17:41:04.0781 3820 perc2hib - ok
17:41:04.0828 3820 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
17:41:05.0000 3820 PptpMiniport - ok
17:41:05.0125 3820 Processor (7eb15dce4ec3a0220bd796a15c18186e) C:\WINDOWS\system32\DRIVERS\processr.sys
17:41:05.0296 3820 Processor - ok
17:41:05.0328 3820 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
17:41:05.0515 3820 PSched - ok
17:41:05.0546 3820 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
17:41:05.0703 3820 Ptilink - ok
17:41:05.0718 3820 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
17:41:05.0750 3820 PxHelp20 - ok
17:41:05.0765 3820 ql1080 - ok
17:41:05.0781 3820 Ql10wnt - ok
17:41:05.0796 3820 ql12160 - ok
17:41:05.0796 3820 ql1240 - ok
17:41:05.0812 3820 ql1280 - ok
17:41:05.0843 3820 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
17:41:06.0031 3820 RasAcd - ok
17:41:06.0046 3820 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
17:41:06.0218 3820 Rasl2tp - ok
17:41:06.0250 3820 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
17:41:06.0421 3820 RasPppoe - ok
17:41:06.0437 3820 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
17:41:06.0593 3820 Raspti - ok
17:41:06.0625 3820 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
17:41:06.0796 3820 Rdbss - ok
17:41:06.0812 3820 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
17:41:06.0968 3820 RDPCDD - ok
17:41:07.0031 3820 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
17:41:07.0078 3820 RDPWD - ok
17:41:07.0125 3820 redbook (611bfd220305be3a85ae876ea47d4aa5) C:\WINDOWS\system32\DRIVERS\redbook.sys
17:41:07.0281 3820 redbook - ok
17:41:07.0328 3820 s0016bus (59509ad6cbc28f2c73056268985b3e48) C:\WINDOWS\system32\DRIVERS\s0016bus.sys
17:41:07.0359 3820 s0016bus - ok
17:41:07.0421 3820 s0016mdfl (b98c3a6f91f4fba285af9606a240c6b4) C:\WINDOWS\system32\DRIVERS\s0016mdfl.sys
17:41:07.0437 3820 s0016mdfl - ok
17:41:07.0468 3820 s0016mdm (8a83426f4fb7b5212825d9de76368b1a) C:\WINDOWS\system32\DRIVERS\s0016mdm.sys
17:41:07.0500 3820 s0016mdm - ok
17:41:07.0531 3820 s0016mgmt (7a78bba97feb5e6d24c49e93a3bf7287) C:\WINDOWS\system32\DRIVERS\s0016mgmt.sys
17:41:07.0562 3820 s0016mgmt - ok
17:41:07.0640 3820 s0016nd5 (34ef7b5f611957b73e7219dd5a222ad1) C:\WINDOWS\system32\DRIVERS\s0016nd5.sys
17:41:07.0656 3820 s0016nd5 - ok
17:41:07.0765 3820 s0016obex (36792935847143e4a3cda0dc87248487) C:\WINDOWS\system32\DRIVERS\s0016obex.sys
17:41:07.0781 3820 s0016obex - ok
17:41:07.0828 3820 s0016unic (927208754fb27fc3e7a659e77500c5d1) C:\WINDOWS\system32\DRIVERS\s0016unic.sys
17:41:07.0859 3820 s0016unic - ok
17:41:07.0906 3820 s1018bus (1c5c2cb892553d2cf3f45a4bb323fcd6) C:\WINDOWS\system32\DRIVERS\s1018bus.sys
17:41:07.0921 3820 s1018bus - ok
17:41:07.0968 3820 s1018mdfl (38f5ea219593f19b6b3a1b9c169e3b61) C:\WINDOWS\system32\DRIVERS\s1018mdfl.sys
17:41:07.0984 3820 s1018mdfl - ok
17:41:08.0015 3820 s1018mdm (666af6b64fc7df92d3ca4819ea91631d) C:\WINDOWS\system32\DRIVERS\s1018mdm.sys
17:41:08.0046 3820 s1018mdm - ok
17:41:08.0062 3820 s1018mgmt (f4ceda6e2ddff2af8bd745615a7ca9c0) C:\WINDOWS\system32\DRIVERS\s1018mgmt.sys
17:41:08.0171 3820 s1018mgmt - ok
17:41:08.0203 3820 s1018nd5 (3622d9ff2253dcbe885b10736609a4ca) C:\WINDOWS\system32\DRIVERS\s1018nd5.sys
17:41:08.0218 3820 s1018nd5 - ok
17:41:08.0250 3820 s1018obex (49431efda842b474531c29ffae9f5d09) C:\WINDOWS\system32\DRIVERS\s1018obex.sys
17:41:08.0281 3820 s1018obex - ok
17:41:08.0296 3820 s1018unic (ac6b514cb4474f4c867d7cdc9cd54f05) C:\WINDOWS\system32\DRIVERS\s1018unic.sys
17:41:08.0328 3820 s1018unic - ok
17:41:08.0375 3820 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
17:41:08.0437 3820 Secdrv - ok
17:41:08.0500 3820 seehcri (e5b56569a9f79b70314fede6c953641e) C:\WINDOWS\system32\DRIVERS\seehcri.sys
17:41:08.0562 3820 seehcri - ok
17:41:08.0671 3820 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
17:41:08.0843 3820 serenum - ok
17:41:08.0859 3820 Serial (b842729337c9b921615c40d3c1a1af96) C:\WINDOWS\system32\DRIVERS\serial.sys
17:41:09.0031 3820 Serial - ok
17:41:09.0093 3820 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
17:41:09.0265 3820 Sfloppy - ok
17:41:09.0312 3820 Simbad - ok
17:41:09.0343 3820 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
17:41:09.0515 3820 SLIP - ok
17:41:09.0531 3820 Sparrow - ok
17:41:09.0578 3820 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
17:41:09.0734 3820 splitter - ok
17:41:09.0781 3820 sr (94610c8653635e4459316a0050d55ce7) C:\WINDOWS\system32\DRIVERS\sr.sys
17:41:09.0890 3820 sr - ok
17:41:09.0953 3820 Srv (9b390283569ea58d43d2586032b892f5) C:\WINDOWS\system32\DRIVERS\srv.sys
17:41:10.0000 3820 Srv - ok
17:41:10.0046 3820 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
17:41:10.0062 3820 ssmdrv - ok
17:41:10.0109 3820 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
17:41:10.0281 3820 streamip - ok
17:41:10.0312 3820 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
17:41:10.0484 3820 swenum - ok
17:41:10.0593 3820 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
17:41:10.0781 3820 swmidi - ok
17:41:10.0796 3820 symc810 - ok
17:41:10.0812 3820 symc8xx - ok
17:41:10.0812 3820 sym_hi - ok
17:41:10.0828 3820 sym_u3 - ok
17:41:10.0875 3820 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
17:41:11.0031 3820 sysaudio - ok
17:41:11.0078 3820 Tcpip (ad978a1b783b5719720cff204b666c8e) C:\WINDOWS\system32\DRIVERS\tcpip.sys
17:41:11.0156 3820 Tcpip - ok
17:41:11.0218 3820 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
17:41:11.0390 3820 TDPIPE - ok
17:41:11.0421 3820 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
17:41:11.0593 3820 TDTCP - ok
17:41:11.0640 3820 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
17:41:11.0796 3820 TermDD - ok
17:41:11.0828 3820 TosIde - ok
17:41:11.0843 3820 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
17:41:12.0031 3820 Udfs - ok
17:41:12.0046 3820 ultra - ok
17:41:12.0093 3820 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
17:41:12.0265 3820 Update - ok
17:41:12.0312 3820 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
17:41:12.0484 3820 usbccgp - ok
17:41:12.0515 3820 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
17:41:12.0671 3820 usbehci - ok
17:41:12.0718 3820 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
17:41:12.0890 3820 usbhub - ok
17:41:12.0984 3820 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
17:41:13.0265 3820 usbohci - ok
17:41:13.0296 3820 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
17:41:13.0671 3820 usbprint - ok
17:41:13.0703 3820 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
17:41:14.0015 3820 usbscan - ok
17:41:14.0046 3820 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
17:41:14.0328 3820 usbstor - ok
17:41:14.0375 3820 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
17:41:14.0609 3820 usbvideo - ok
17:41:14.0640 3820 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
17:41:14.0890 3820 VgaSave - ok
17:41:14.0937 3820 ViaIde - ok
17:41:14.0953 3820 VolSnap (28a4b296b47782173c346e376cb374d1) C:\WINDOWS\system32\drivers\VolSnap.sys
17:41:15.0218 3820 VolSnap - ok
17:41:15.0265 3820 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
17:41:15.0515 3820 Wanarp - ok
17:41:15.0531 3820 WDICA - ok
17:41:15.0578 3820 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
17:41:15.0843 3820 wdmaud - ok
17:41:15.0875 3820 WFIOCTL - ok
17:41:15.0984 3820 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
17:41:16.0078 3820 WpdUsb - ok
17:41:16.0125 3820 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
17:41:16.0359 3820 WS2IFSL - ok
17:41:16.0406 3820 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
17:41:16.0656 3820 WSTCODEC - ok
17:41:16.0687 3820 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
17:41:16.0734 3820 WudfPf - ok
17:41:16.0765 3820 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
17:41:16.0812 3820 WudfRd - ok
17:41:16.0937 3820 xpsec - ok
17:41:16.0984 3820 MBR (0x1B8) (413fc2a0c716421b3158746d63736515) \Device\Harddisk0\DR0
17:41:17.0203 3820 \Device\Harddisk0\DR0 - ok
17:41:17.0218 3820 Boot (0x1200) (526e6b919521ae741cad142b2e462b96) \Device\Harddisk0\DR0\Partition0
17:41:17.0218 3820 \Device\Harddisk0\DR0\Partition0 - ok
17:41:17.0234 3820 Boot (0x1200) (3a2258e8ab37de7d74a0774b8fe2d899) \Device\Harddisk0\DR0\Partition1
17:41:17.0234 3820 \Device\Harddisk0\DR0\Partition1 - ok
17:41:17.0234 3820 ============================================================
17:41:17.0234 3820 Scan finished
17:41:17.0234 3820 ============================================================
17:41:17.0375 3812 Detected object count: 3
17:41:17.0375 3812 Actual detected object count: 3
17:41:23.0015 3812 a347bus ( UnsignedFile.Multi.Generic ) - skipped by user
17:41:23.0015 3812 a347bus ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:41:23.0015 3812 a347scsi ( UnsignedFile.Multi.Generic ) - skipped by user
17:41:23.0015 3812 a347scsi ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:41:23.0031 3812 atapi ( LockedFile.Multi.Generic ) - skipped by user
17:41:23.0031 3812 atapi ( LockedFile.Multi.Generic ) - User select action: Skip
17:41:29.0703 3660 Deinitialize success
- Přílohy
-
- TDSSKiller_Quarantine.rar
- (140.26 KiB) Staženo 45 x
Re: Prosím o kontrolu logu. Děkuji
s miniregtools vyjelo toto:
MiniRegTool by Farbar
Ran by Smudy (administrator) on 2012-03-11 at 19:24:03
=================================================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\IntelIde]
Jdu na CF
MiniRegTool by Farbar
Ran by Smudy (administrator) on 2012-03-11 at 19:24:03
=================================================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\IntelIde]
Jdu na CF
Re: Prosím o kontrolu logu. Děkuji
ComboFix 12-03-10.02 - Smudy 11.03.2012 19:55:33.6.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.2015.1537 [GMT 1:00]
Spuštěný z: d:\dokumenty\viry\ComboFix.exe
Použité ovládací přepínače :: d:\dokumenty\viry\CFScript.txt
AV: Avira Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_xpsec
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-02-11 do 2012-03-11 )))))))))))))))))))))))))))))))
.
.
2012-03-11 14:12 . 2012-03-11 14:12 -------- d-----w- C:\TDSSKiller_Quarantine
2012-03-11 07:48 . 2011-04-30 08:50 766464 -c----w- c:\windows\system32\dllcache\vgx.dll
2012-03-04 13:08 . 2012-03-04 13:09 -------- d-----w- c:\program files\Valve
2012-03-02 14:12 . 2012-03-02 14:12 -------- d-----w- c:\program files\Winamp Detect
2012-03-02 14:12 . 2012-03-11 07:28 -------- d-----w- c:\documents and settings\Smudy\Data aplikací\Winamp
2012-03-02 14:12 . 2012-03-02 14:13 -------- d-----w- c:\program files\Winamp
2012-03-02 14:12 . 2012-03-02 14:12 -------- d-----w- c:\documents and settings\Smudy\Data aplikací\OpenCandy
2012-02-27 21:08 . 2012-02-27 21:08 -------- d-----w- c:\documents and settings\Smudy\Data aplikací\Publish Providers
2012-02-27 21:08 . 2012-02-27 21:08 -------- d-----w- c:\documents and settings\Smudy\Local Settings\Data aplikací\Sony
2012-02-27 16:50 . 2002-12-17 15:23 33340 ------w- c:\windows\system32\dbmsqlgc.dll
2012-02-27 16:50 . 2002-10-20 13:05 24576 ------w- c:\windows\system32\dbmsgnet.dll
2012-02-27 16:49 . 2012-02-27 16:49 -------- d-----w- c:\program files\Microsoft SQL Server
2012-02-27 16:49 . 2012-02-27 21:08 -------- d-----w- c:\documents and settings\Smudy\Data aplikací\Sony
2012-02-27 16:48 . 2012-02-27 16:48 -------- d-----w- c:\program files\Vstplugins
2012-02-27 16:48 . 2012-02-27 16:49 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Sony
2012-02-27 16:47 . 2012-02-27 16:47 -------- d-----w- c:\program files\Sony
2012-02-27 16:43 . 2012-02-27 16:43 -------- d-----w- c:\program files\Sony Setup
2012-02-27 14:10 . 2012-02-27 14:11 -------- d-----w- c:\documents and settings\Smudy\Data aplikací\Realore_Whiterra Roads Of Rome
2012-02-26 18:20 . 2012-02-27 15:08 -------- d---a-w- c:\documents and settings\All Users\Data aplikací\TEMP
2012-02-26 18:19 . 2012-03-04 12:46 -------- d-----w- c:\program files\RoadsofRome_at
2012-02-18 15:37 . 2012-02-18 15:37 -------- d-----w- c:\program files\Recuva
2012-02-18 14:59 . 2003-09-03 01:28 724992 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iKernel.dll
2012-02-18 14:59 . 2003-09-03 01:27 69715 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\ctor.dll
2012-02-18 14:59 . 2003-09-03 01:26 266240 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iscript.dll
2012-02-18 14:59 . 2003-09-03 01:26 192512 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iuser.dll
2012-02-18 14:59 . 2003-09-03 01:25 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\DotNetInstaller.exe
2012-02-18 14:59 . 2012-02-18 14:59 311428 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\Setup.dll
2012-02-18 14:59 . 2012-02-18 14:59 184452 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iGdi.dll
2012-02-16 13:07 . 2012-01-11 19:07 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll
2012-02-16 13:07 . 2012-01-11 19:07 3072 ------w- c:\windows\system32\iacenc.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-23 18:44 . 2011-06-12 10:21 414368 -c--a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-16 05:35 . 2012-02-05 08:59 137416 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-01-12 17:21 . 2009-08-29 12:34 1869056 ----a-w- c:\windows\system32\win32k.sys
2011-12-19 08:08 . 2008-06-13 07:32 832512 ----a-w- c:\windows\system32\wininet.dll
2011-12-19 08:08 . 2008-06-13 07:31 1830912 ----a-w- c:\windows\system32\inetcpl.cpl
2011-12-19 08:08 . 2009-09-30 14:56 78336 ----a-w- c:\windows\system32\ieencode.dll
2011-12-19 08:08 . 2008-06-13 07:31 17408 ----a-w- c:\windows\system32\corpol.dll
2011-12-16 12:22 . 2008-06-13 07:31 389120 ----a-w- c:\windows\system32\html.iec
2010-12-27 17:40 . 2010-12-27 17:39 19985265 ----a-w- c:\program files\vlc-1.1.5-win32.exe
2006-12-04 17:39 . 2011-12-21 12:43 915968 ----a-w- c:\program files\WinRAR.exe
2006-12-04 17:39 . 2011-12-21 12:43 313856 ----a-w- c:\program files\Rar.exe
2006-12-03 13:53 . 2011-12-21 12:43 126464 ----a-w- c:\program files\RarExt.dll
2006-12-03 13:53 . 2011-12-21 12:43 66560 -c--a-w- c:\program files\Zip.SFX
2006-12-03 13:53 . 2011-12-21 12:43 100864 -c--a-w- c:\program files\Default.SFX
2006-12-03 13:52 . 2011-12-21 12:43 200704 ----a-w- c:\program files\UnRAR.exe
2006-09-18 13:31 . 2011-12-21 12:43 79360 -c--a-w- c:\program files\WinCon.SFX
2006-09-14 16:29 . 2011-12-21 12:43 315392 ----a-w- c:\program files\rarlng.dll
2005-06-07 11:26 . 2011-12-21 12:43 43008 ----a-w- c:\program files\RarExt64.dll
2005-06-07 11:25 . 2011-12-21 12:43 44032 ----a-w- c:\program files\RarExtLoader.exe
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2012-02-18 08:15 . 2011-06-26 21:27 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2006-05-03 10:06 163328 -csh--r- c:\windows\system32\flvDX.dll
2007-02-21 11:47 31232 -csh--r- c:\windows\system32\msfDX.dll
2008-03-16 13:30 216064 -csh--r- c:\windows\system32\nbDX.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2008-04-13 22:10 . !HASH: COULD NOT OPEN FILE !!!!! . 96512 . . [------] . . c:\windows\system32\drivers\atapi.sys
[7] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\system32\ReinstallBackups\0001\DriverFiles\i386\atapi.sys
.
[-] 2008-06-13 . 1E603EA2A3FDBAE9E5B88A8CB3C03124 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((( SnapShot_2012-03-11_15.50.02 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-03-11 19:03 . 2012-03-11 19:03 16384 c:\windows\Temp\Perflib_Perfdata_450.dat
+ 2008-06-13 07:32 . 2011-12-19 08:08 44544 c:\windows\system32\pngfilt.dll
- 2008-06-13 07:32 . 2008-06-13 07:32 44544 c:\windows\system32\pngfilt.dll
+ 2008-06-13 07:31 . 2011-12-19 08:08 52224 c:\windows\system32\msfeedsbs.dll
+ 2008-06-13 07:31 . 2011-12-19 08:08 27648 c:\windows\system32\jsproxy.dll
+ 2008-06-13 07:31 . 2011-12-19 08:08 44544 c:\windows\system32\iernonce.dll
+ 2008-06-13 07:31 . 2011-12-16 12:22 70656 c:\windows\system32\ie4uinit.exe
+ 2008-06-13 07:31 . 2011-12-19 08:08 63488 c:\windows\system32\icardie.dll
+ 2011-12-19 08:08 . 2011-12-19 08:08 44544 c:\windows\system32\dllcache\pngfilt.dll
+ 2011-12-19 08:08 . 2011-12-19 08:08 27648 c:\windows\system32\dllcache\jsproxy.dll
+ 2011-12-16 12:22 . 2011-12-16 12:22 13824 c:\windows\system32\dllcache\ieudinit.exe
+ 2011-12-19 08:08 . 2011-12-19 08:08 44544 c:\windows\system32\dllcache\iernonce.dll
- 2009-09-30 14:59 . 2008-06-13 07:31 78336 c:\windows\system32\dllcache\ieencode.dll
+ 2009-09-30 14:59 . 2011-12-19 08:08 78336 c:\windows\system32\dllcache\ieencode.dll
+ 2011-12-16 12:22 . 2011-12-16 12:22 70656 c:\windows\system32\dllcache\ie4uinit.exe
+ 2011-12-19 08:08 . 2011-12-19 08:08 63488 c:\windows\system32\dllcache\icardie.dll
+ 2011-12-19 08:08 . 2011-12-19 08:08 17408 c:\windows\system32\dllcache\corpol.dll
+ 2012-03-11 18:24 . 2008-06-13 07:32 44544 c:\windows\ie7updates\KB2647516-IE7\pngfilt.dll
+ 2012-03-11 18:24 . 2008-06-13 07:31 50688 c:\windows\ie7updates\KB2647516-IE7\msfeedsbs.dll
+ 2012-03-11 18:24 . 2008-06-13 07:31 27136 c:\windows\ie7updates\KB2647516-IE7\jsproxy.dll
+ 2012-03-11 18:24 . 2008-06-13 07:31 43008 c:\windows\ie7updates\KB2647516-IE7\iernonce.dll
+ 2012-03-11 18:24 . 2008-06-13 07:31 78336 c:\windows\ie7updates\KB2647516-IE7\ieencode.dll
+ 2012-03-11 18:24 . 2008-06-13 07:31 54784 c:\windows\ie7updates\KB2647516-IE7\ie4uinit.exe
+ 2012-03-11 18:24 . 2008-06-13 07:31 61952 c:\windows\ie7updates\KB2647516-IE7\icardie.dll
+ 2012-03-11 18:24 . 2008-06-13 07:31 17408 c:\windows\ie7updates\KB2647516-IE7\corpol.dll
- 2012-03-09 21:45 . 2012-03-09 21:45 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2012-03-11 18:27 . 2012-03-11 18:27 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
- 2012-03-09 21:45 . 2012-03-09 21:45 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2012-03-11 18:27 . 2012-03-11 18:27 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2012-03-11 18:27 . 2012-03-11 18:27 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
- 2012-03-09 21:45 . 2012-03-09 21:45 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2012-03-11 18:27 . 2012-03-11 18:27 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
- 2012-03-09 21:45 . 2012-03-09 21:45 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
+ 2012-03-11 18:27 . 2012-03-11 18:27 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
- 2012-03-09 21:45 . 2012-03-09 21:45 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
- 2012-03-09 21:45 . 2012-03-09 21:45 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2012-03-11 18:27 . 2012-03-11 18:27 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2012-03-11 18:27 . 2012-03-11 18:27 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
- 2012-03-09 21:45 . 2012-03-09 21:45 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
+ 2012-03-11 18:27 . 2012-03-11 18:27 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
- 2012-03-09 21:45 . 2012-03-09 21:45 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
- 2012-03-09 21:45 . 2012-03-09 21:45 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
+ 2012-03-11 18:27 . 2012-03-11 18:27 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
+ 2012-03-11 18:27 . 2012-03-11 18:27 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
- 2012-03-09 21:45 . 2012-03-09 21:45 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
+ 2012-03-11 18:27 . 2012-03-11 18:27 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
- 2012-03-09 21:45 . 2012-03-09 21:45 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2012-03-11 18:27 . 2012-03-11 18:27 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2012-03-09 21:45 . 2012-03-09 21:45 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2012-03-11 18:27 . 2012-03-11 18:27 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2012-03-09 21:45 . 2012-03-09 21:45 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2012-03-11 18:27 . 2012-03-11 18:27 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
- 2012-03-09 21:45 . 2012-03-09 21:45 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
+ 2012-03-11 18:27 . 2012-03-11 18:27 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
- 2012-03-09 21:45 . 2012-03-09 21:45 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
- 2012-03-09 21:45 . 2012-03-09 21:45 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2012-03-11 18:27 . 2012-03-11 18:27 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
- 2012-03-09 21:45 . 2012-03-09 21:45 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2012-03-11 18:27 . 2012-03-11 18:27 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
- 2012-03-09 21:45 . 2012-03-09 21:45 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2012-03-11 18:27 . 2012-03-11 18:27 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2012-03-11 18:27 . 2012-03-11 18:27 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
- 2012-03-09 21:45 . 2012-03-09 21:45 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
+ 2012-03-11 18:27 . 2012-03-11 18:27 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
- 2012-03-09 21:45 . 2012-03-09 21:45 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
+ 2008-06-13 07:32 . 2011-12-19 08:08 233472 c:\windows\system32\webcheck.dll
+ 2009-08-29 12:26 . 2011-03-04 06:42 434176 c:\windows\system32\vbscript.dll
+ 2008-06-13 07:32 . 2011-12-19 08:08 106496 c:\windows\system32\url.dll
- 2004-08-18 12:00 . 2012-03-09 21:45 580824 c:\windows\system32\perfh009.dat
+ 2004-08-18 12:00 . 2012-03-11 18:28 580824 c:\windows\system32\perfh009.dat
+ 2004-08-18 12:00 . 2012-03-11 18:28 588648 c:\windows\system32\perfh005.dat
- 2004-08-18 12:00 . 2012-03-09 21:45 588648 c:\windows\system32\perfh005.dat
+ 2004-08-18 12:00 . 2012-03-11 18:28 122166 c:\windows\system32\perfc009.dat
- 2004-08-18 12:00 . 2012-03-09 21:45 122166 c:\windows\system32\perfc009.dat
- 2004-08-18 12:00 . 2012-03-09 21:45 150930 c:\windows\system32\perfc005.dat
+ 2004-08-18 12:00 . 2012-03-11 18:28 150930 c:\windows\system32\perfc005.dat
+ 2008-06-13 07:32 . 2011-12-19 08:08 102912 c:\windows\system32\occache.dll
+ 2008-06-13 07:32 . 2011-12-19 08:08 671232 c:\windows\system32\mstime.dll
+ 2008-06-13 07:32 . 2011-12-19 08:08 193024 c:\windows\system32\msrating.dll
+ 2008-06-13 07:32 . 2011-12-19 08:08 478720 c:\windows\system32\mshtmled.dll
+ 2008-06-13 07:31 . 2011-12-19 08:08 468480 c:\windows\system32\msfeeds.dll
- 2009-08-29 12:26 . 2009-08-29 12:26 512000 c:\windows\system32\jscript.dll
+ 2009-08-29 12:26 . 2011-03-04 06:42 512000 c:\windows\system32\jscript.dll
+ 2008-06-13 07:31 . 2011-12-19 08:08 268288 c:\windows\system32\iertutil.dll
+ 2008-06-13 07:31 . 2011-12-19 08:08 192512 c:\windows\system32\iepeers.dll
+ 2008-06-13 07:31 . 2011-12-19 08:08 384512 c:\windows\system32\iedkcs32.dll
+ 2008-06-13 07:31 . 2011-12-19 08:08 380928 c:\windows\system32\ieapfltr.dll
- 2008-06-13 07:31 . 2008-06-13 07:31 161792 c:\windows\system32\ieakui.dll
+ 2008-06-13 07:31 . 2011-12-16 10:58 161792 c:\windows\system32\ieakui.dll
+ 2008-06-13 07:31 . 2011-12-19 08:08 230400 c:\windows\system32\ieaksie.dll
+ 2008-06-13 07:31 . 2011-12-19 08:08 153088 c:\windows\system32\ieakeng.dll
+ 2008-06-13 07:31 . 2011-12-19 08:08 133120 c:\windows\system32\extmgr.dll
+ 2008-06-13 07:31 . 2011-12-19 08:08 214528 c:\windows\system32\dxtrans.dll
- 2008-06-13 07:31 . 2008-06-13 07:31 214528 c:\windows\system32\dxtrans.dll
+ 2008-06-13 07:31 . 2011-12-19 08:08 347136 c:\windows\system32\dxtmsft.dll
+ 2011-12-19 08:08 . 2011-12-19 08:08 832512 c:\windows\system32\dllcache\wininet.dll
+ 2011-12-19 08:08 . 2011-12-19 08:08 233472 c:\windows\system32\dllcache\webcheck.dll
+ 2011-03-04 06:42 . 2011-03-04 06:42 434176 c:\windows\system32\dllcache\vbscript.dll
+ 2011-12-19 08:08 . 2011-12-19 08:08 106496 c:\windows\system32\dllcache\url.dll
+ 2011-12-19 08:08 . 2011-12-19 08:08 102912 c:\windows\system32\dllcache\occache.dll
+ 2011-12-19 08:08 . 2011-12-19 08:08 671232 c:\windows\system32\dllcache\mstime.dll
+ 2011-12-19 08:08 . 2011-12-19 08:08 193024 c:\windows\system32\dllcache\msrating.dll
+ 2011-12-19 08:08 . 2011-12-19 08:08 478720 c:\windows\system32\dllcache\mshtmled.dll
+ 2011-03-04 06:42 . 2011-03-04 06:42 512000 c:\windows\system32\dllcache\jscript.dll
+ 2011-12-16 11:00 . 2011-12-16 11:00 634680 c:\windows\system32\dllcache\iexplore.exe
+ 2011-12-19 08:08 . 2011-12-19 08:08 192512 c:\windows\system32\dllcache\iepeers.dll
+ 2011-12-19 08:08 . 2011-12-19 08:08 384512 c:\windows\system32\dllcache\iedkcs32.dll
+ 2011-12-19 08:08 . 2011-12-19 08:08 380928 c:\windows\system32\dllcache\ieapfltr.dll
+ 2011-12-16 10:58 . 2011-12-16 10:58 161792 c:\windows\system32\dllcache\ieakui.dll
+ 2011-12-19 08:08 . 2011-12-19 08:08 230400 c:\windows\system32\dllcache\ieaksie.dll
+ 2011-12-19 08:08 . 2011-12-19 08:08 153088 c:\windows\system32\dllcache\ieakeng.dll
+ 2008-06-13 07:31 . 2011-12-19 08:08 133120 c:\windows\system32\dllcache\extmgr.dll
+ 2011-12-19 08:08 . 2011-12-19 08:08 214528 c:\windows\system32\dllcache\dxtrans.dll
+ 2011-12-19 08:08 . 2011-12-19 08:08 347136 c:\windows\system32\dllcache\dxtmsft.dll
+ 2011-12-19 08:08 . 2011-12-19 08:08 124928 c:\windows\system32\dllcache\advpack.dll
+ 2008-06-13 07:31 . 2011-12-19 08:08 124928 c:\windows\system32\advpack.dll
+ 2012-03-11 18:24 . 2008-06-13 07:32 818688 c:\windows\ie7updates\KB2647516-IE7\wininet.dll
+ 2012-03-11 18:24 . 2008-06-13 07:32 231424 c:\windows\ie7updates\KB2647516-IE7\webcheck.dll
+ 2012-03-11 18:24 . 2008-06-13 07:32 105984 c:\windows\ie7updates\KB2647516-IE7\url.dll
+ 2012-03-11 18:24 . 2010-07-05 13:13 391032 c:\windows\ie7updates\KB2647516-IE7\spuninst\updspapi.dll
+ 2012-03-11 18:24 . 2010-07-05 13:13 233848 c:\windows\ie7updates\KB2647516-IE7\spuninst\spuninst.exe
+ 2012-03-11 18:24 . 2008-06-13 07:32 101376 c:\windows\ie7updates\KB2647516-IE7\occache.dll
+ 2012-03-11 18:24 . 2008-06-13 07:32 670720 c:\windows\ie7updates\KB2647516-IE7\mstime.dll
+ 2012-03-11 18:24 . 2008-06-13 07:32 192000 c:\windows\ie7updates\KB2647516-IE7\msrating.dll
+ 2012-03-11 18:24 . 2008-06-13 07:32 475648 c:\windows\ie7updates\KB2647516-IE7\mshtmled.dll
+ 2012-03-11 18:24 . 2008-06-13 07:31 458752 c:\windows\ie7updates\KB2647516-IE7\msfeeds.dll
+ 2012-03-11 18:24 . 2008-06-13 07:31 622080 c:\windows\ie7updates\KB2647516-IE7\iexplore.exe
+ 2012-03-11 18:24 . 2008-06-13 07:31 266752 c:\windows\ie7updates\KB2647516-IE7\iertutil.dll
+ 2012-03-11 18:24 . 2008-06-13 07:31 191488 c:\windows\ie7updates\KB2647516-IE7\iepeers.dll
+ 2012-03-11 18:24 . 2008-06-13 07:31 382976 c:\windows\ie7updates\KB2647516-IE7\iedkcs32.dll
+ 2012-03-11 18:24 . 2008-06-13 07:31 383488 c:\windows\ie7updates\KB2647516-IE7\ieapfltr.dll
+ 2012-03-11 18:24 . 2008-06-13 07:31 161792 c:\windows\ie7updates\KB2647516-IE7\ieakui.dll
+ 2012-03-11 18:24 . 2008-06-13 07:31 229376 c:\windows\ie7updates\KB2647516-IE7\ieaksie.dll
+ 2012-03-11 18:24 . 2008-06-13 07:31 152064 c:\windows\ie7updates\KB2647516-IE7\ieakeng.dll
+ 2012-03-11 18:24 . 2008-06-13 07:31 131584 c:\windows\ie7updates\KB2647516-IE7\extmgr.dll
+ 2012-03-11 18:24 . 2008-06-13 07:31 214528 c:\windows\ie7updates\KB2647516-IE7\dxtrans.dll
+ 2012-03-11 18:24 . 2008-06-13 07:31 346624 c:\windows\ie7updates\KB2647516-IE7\dxtmsft.dll
+ 2012-03-11 18:24 . 2008-06-13 07:31 123904 c:\windows\ie7updates\KB2647516-IE7\advpack.dll
+ 2012-03-11 18:25 . 2008-06-13 07:32 765952 c:\windows\ie7updates\KB2544521-IE7\vgx.dll
+ 2012-03-11 18:25 . 2010-07-05 13:13 391032 c:\windows\ie7updates\KB2544521-IE7\spuninst\updspapi.dll
+ 2012-03-11 18:25 . 2010-07-05 13:13 233848 c:\windows\ie7updates\KB2544521-IE7\spuninst\spuninst.exe
- 2012-03-09 21:45 . 2012-03-09 21:45 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2012-03-11 18:27 . 2012-03-11 18:27 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2012-03-09 21:45 . 2012-03-09 21:45 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2012-03-11 18:27 . 2012-03-11 18:27 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
- 2012-03-09 21:45 . 2012-03-09 21:45 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2012-03-11 18:28 . 2012-03-11 18:28 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2012-03-11 18:27 . 2012-03-11 18:27 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2012-03-09 21:45 . 2012-03-09 21:45 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2012-03-09 21:45 . 2012-03-09 21:45 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2012-03-11 18:27 . 2012-03-11 18:27 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
- 2012-03-09 21:45 . 2012-03-09 21:45 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2012-03-11 18:27 . 2012-03-11 18:27 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2012-03-11 18:27 . 2012-03-11 18:27 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
- 2012-03-09 21:45 . 2012-03-09 21:45 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2012-03-11 18:27 . 2012-03-11 18:27 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
- 2012-03-09 21:45 . 2012-03-09 21:45 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2012-03-11 18:27 . 2012-03-11 18:27 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2012-03-09 21:45 . 2012-03-09 21:45 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2012-03-09 21:45 . 2012-03-09 21:45 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2012-03-11 18:27 . 2012-03-11 18:27 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
- 2012-03-09 21:45 . 2012-03-09 21:45 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2012-03-11 18:27 . 2012-03-11 18:27 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2012-03-11 18:28 . 2012-03-11 18:28 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
- 2012-03-09 21:45 . 2012-03-09 21:45 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2012-03-11 18:28 . 2012-03-11 18:28 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
- 2012-03-09 21:45 . 2012-03-09 21:45 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2012-03-11 18:27 . 2012-03-11 18:27 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
- 2012-03-09 21:45 . 2012-03-09 21:45 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2012-03-11 18:27 . 2012-03-11 18:27 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2012-03-09 21:45 . 2012-03-09 21:45 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2012-03-09 21:45 . 2012-03-09 21:45 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2012-03-11 18:27 . 2012-03-11 18:27 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
- 2012-03-09 21:45 . 2012-03-09 21:45 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2012-03-11 18:27 . 2012-03-11 18:27 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
- 2012-03-09 21:45 . 2012-03-09 21:45 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2012-03-11 18:27 . 2012-03-11 18:27 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2012-03-09 21:45 . 2012-03-09 21:45 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
+ 2012-03-11 18:27 . 2012-03-11 18:27 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
- 2012-03-09 21:45 . 2012-03-09 21:45 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
+ 2012-03-11 18:27 . 2012-03-11 18:27 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
+ 2012-03-11 18:27 . 2012-03-11 18:27 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
- 2012-03-09 21:45 . 2012-03-09 21:45 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
- 2012-03-09 21:45 . 2012-03-09 21:45 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2012-03-11 18:27 . 2012-03-11 18:27 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2012-03-09 21:45 . 2012-03-09 21:45 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2012-03-11 18:27 . 2012-03-11 18:27 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2012-03-09 21:45 . 2012-03-09 21:45 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2012-03-11 18:27 . 2012-03-11 18:27 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2008-06-13 07:32 . 2011-12-19 08:08 1168896 c:\windows\system32\urlmon.dll
+ 2008-06-13 07:32 . 2011-12-19 08:08 3616768 c:\windows\system32\mshtml.dll
+ 2008-06-13 07:31 . 2011-12-19 08:08 6076416 c:\windows\system32\ieframe.dll
+ 2008-06-13 07:31 . 2010-07-05 20:32 2452872 c:\windows\system32\ieapfltr.dat
+ 2011-12-19 08:08 . 2011-12-19 08:08 1168896 c:\windows\system32\dllcache\urlmon.dll
+ 2011-12-19 08:08 . 2011-12-19 08:08 3616768 c:\windows\system32\dllcache\mshtml.dll
+ 2010-07-05 20:32 . 2010-07-05 20:32 2452872 c:\windows\system32\dllcache\ieapfltr.dat
+ 2012-03-11 18:24 . 2008-06-13 07:32 1162240 c:\windows\ie7updates\KB2647516-IE7\urlmon.dll
+ 2012-03-11 18:24 . 2008-06-13 07:32 3578368 c:\windows\ie7updates\KB2647516-IE7\mshtml.dll
+ 2012-03-11 18:24 . 2008-06-13 07:31 6049280 c:\windows\ie7updates\KB2647516-IE7\ieframe.dll
+ 2012-03-11 18:24 . 2008-06-13 07:31 2451312 c:\windows\ie7updates\KB2647516-IE7\ieapfltr.dat
+ 2012-03-11 18:27 . 2012-03-11 18:27 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
- 2012-03-09 21:45 . 2012-03-09 21:45 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2012-03-11 18:27 . 2012-03-11 18:27 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
- 2012-03-09 21:45 . 2012-03-09 21:45 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
- 2012-03-09 21:45 . 2012-03-09 21:45 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
+ 2012-03-11 18:27 . 2012-03-11 18:27 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
.
-- Snímek resetován k současnému datu --
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-08-16 7630848]
"nwiz"="nwiz.exe" [2006-08-16 1617920]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-08-16 86016]
"RTHDCPL"="RTHDCPL.EXE" [2009-03-27 17567744]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-09-23 258512]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2011-12-09 74752]
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 13:40 155648 -c--a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Companion]
2011-10-21 13:06 433872 ----a-w- c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Sony Ericsson\\Update Engine\\Sony Ericsson Update Engine.exe"=
"c:\\Program Files\\ICQ7.5\\ICQ.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Valve\\hl.exe"=
.
R0 a347bus;a347bus;c:\windows\system32\drivers\a347bus.sys [4.10.2009 14:07 160640]
R0 a347scsi;a347scsi;c:\windows\system32\drivers\a347scsi.sys [4.10.2009 14:07 5248]
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [5.2.2012 9:59 36000]
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [5.2.2012 9:59 86224]
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [6.9.2010 17:59 27632]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 12:16 130384]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [30.9.2009 16:17 1684736]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [23.12.2009 18:13 38224]
S3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\drivers\s0016bus.sys [30.8.2010 9:09 89256]
S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\drivers\s0016mdfl.sys [30.8.2010 9:09 15016]
S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\drivers\s0016mdm.sys [30.8.2010 9:09 120744]
S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0016mgmt.sys [30.8.2010 9:09 114216]
S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\drivers\s0016nd5.sys [30.8.2010 9:09 25512]
S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\drivers\s0016obex.sys [30.8.2010 9:09 110632]
S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\drivers\s0016unic.sys [30.8.2010 9:09 115752]
S3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\drivers\s1018bus.sys [30.8.2010 9:09 86824]
S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\drivers\s1018mdfl.sys [30.8.2010 9:09 15016]
S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\drivers\s1018mdm.sys [30.8.2010 9:09 114728]
S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s1018mgmt.sys [30.8.2010 9:09 106208]
S3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\drivers\s1018nd5.sys [30.8.2010 9:09 26024]
S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\drivers\s1018obex.sys [30.8.2010 9:09 104744]
S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\drivers\s1018unic.sys [30.8.2010 9:09 109864]
S3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [28.12.2010 8:04 155344]
S3 WFIOCTL;WFIOCTL;\??\c:\program files\WinFast\WFTVFM\WFIOCTL.SYS --> c:\program files\WinFast\WFTVFM\WFIOCTL.SYS [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.3.2010 12:16 753504]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.centrum.cz/#utm_source=icq&utm_medium=centrum
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files\ICQ7.5\ICQ.exe
TCP: Interfaces\{9783E68B-AEAD-4271-864F-D0C12BB83B40}: NameServer = 78.157.167.7,78.157.167.57
FF - ProfilePath - c:\documents and settings\Smudy\Data aplikací\Mozilla\Firefox\Profiles\f7cbzu2f.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.2.9&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.3.6&q=
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-03-11 20:04
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(2344)
c:\windows\system32\nview.dll
c:\windows\system32\NVWRSCS.DLL
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\msi.dll
c:\windows\system32\nvwddi.dll
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\HPZipm12.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\RUNDLL32.EXE
c:\windows\RTHDCPL.EXE
c:\windows\system32\rundll32.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Celkový čas: 2012-03-11 20:08:25 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-03-11 19:08
ComboFix2.txt 2012-03-11 16:52
ComboFix3.txt 2012-03-11 15:55
ComboFix4.txt 2012-03-10 22:21
ComboFix5.txt 2012-03-11 18:26
.
Před spuštěním: Volných bajtů: 24 653 422 592
Po spuštění: Volných bajtů: 24 706 134 016
.
- - End Of File - - 1BA96C75008E3B9E438C720459AB836B
Logfile of random's system information tool 1.06 (written by random/random)
Run by Smudy at 2012-03-11 20:09:59
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 24 GB (39%) free of 60 GB
Total RAM: 2015 MB (74% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:10:04, on 11.3.2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17108)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
D:\Dokumenty\viry\RSIT.exe
C:\Program Files\trend micro\Smudy.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.centrum.cz/#utm_source=icq&u ... um=centrum
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{9783E68B-AEAD-4271-864F-D0C12BB83B40}: NameServer = 78.157.167.7,78.157.167.57
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - (no file)
O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Realtime Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sony Ericsson PCCompanion - Avanquest Software - C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
--
End of file - 5301 bytes
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-01-03 63912]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-02-09 41760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2011-02-09 79648]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-08-16 7630848]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2006-08-16 86016]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2009-03-27 17567744]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2011-09-23 258512]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-01-03 843712]
"WinampAgent"=C:\Program Files\Winamp\winampa.exe [2011-12-09 74752]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2006-01-12 155648]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Companion]
C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe [2011-10-21 433872]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^HP Digital Imaging Monitor.lnk]
C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe [2006-02-19 288472]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\wpdshserviceobj.dll [2008-06-13 133632]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"
"C:\Program Files\Sony Ericsson\Update Engine\Sony Ericsson Update Engine.exe"="C:\Program Files\Sony Ericsson\Update Engine\Sony Ericsson Update Engine.exe:*:Enabled:Update Engine"
"C:\Program Files\ICQ7.5\ICQ.exe"="C:\Program Files\ICQ7.5\ICQ.exe:*:Enabled:ICQ7.5"
"C:\Program Files\SopCast\adv\SopAdver.exe"="C:\Program Files\SopCast\adv\SopAdver.exe:*:Disabled:SopCast Adver"
"C:\Program Files\SopCast\SopCast.exe"="C:\Program Files\SopCast\SopCast.exe:*:Enabled:SopCast Main Application"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\Valve\hl.exe"="C:\Program Files\Valve\hl.exe:*:Enabled:Half-Life Launcher"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\ICQ7.5\ICQ.exe"="C:\Program Files\ICQ7.5\ICQ.exe:*:Enabled:ICQ7.5"
======List of files/folders created in the last 1 months======
2012-03-11 20:08:26 ----A---- C:\ComboFix.txt
2012-03-11 19:54:19 ----A---- C:\WINDOWS\NIRCMD.exe
2012-03-11 19:24:33 ----D---- C:\WINDOWS\ie7updates
2012-03-11 19:24:27 ----A---- C:\WINDOWS\imsins.BAK
2012-03-11 19:24:25 ----HDC---- C:\WINDOWS\$NtUninstallKB2510581$
2012-03-11 17:40:28 ----A---- C:\TDSSKiller.2.7.20.0_11.03.2012_17.40.28_log.txt
2012-03-11 15:12:22 ----D---- C:\TDSSKiller_Quarantine
2012-03-11 15:11:11 ----A---- C:\TDSSKiller.2.7.20.0_11.03.2012_15.11.11_log.txt
2012-03-11 11:25:31 ----A---- C:\TDSSKiller.2.7.20.0_11.03.2012_11.25.31_log.txt
2012-03-11 11:12:54 ----A---- C:\TDSSKiller.2.7.20.0_11.03.2012_11.12.54_log.txt
2012-03-10 18:12:06 ----A---- C:\Boot.bak
2012-03-10 18:12:03 ----RASHD---- C:\cmdcons
2012-03-10 18:09:40 ----A---- C:\WINDOWS\zip.exe
2012-03-10 18:09:40 ----A---- C:\WINDOWS\SWXCACLS.exe
2012-03-10 18:09:40 ----A---- C:\WINDOWS\SWSC.exe
2012-03-10 18:09:40 ----A---- C:\WINDOWS\SWREG.exe
2012-03-10 18:09:40 ----A---- C:\WINDOWS\sed.exe
2012-03-10 18:09:40 ----A---- C:\WINDOWS\PEV.exe
2012-03-10 18:09:40 ----A---- C:\WINDOWS\MBR.exe
2012-03-10 18:09:40 ----A---- C:\WINDOWS\grep.exe
2012-03-10 18:09:33 ----D---- C:\WINDOWS\ERDNT
2012-03-10 18:09:27 ----D---- C:\Qoobox
2012-03-10 13:23:04 ----D---- C:\Avenger
2012-03-10 13:23:04 ----A---- C:\avenger.txt
2012-03-04 14:08:25 ----D---- C:\Program Files\Valve
2012-03-02 15:12:45 ----D---- C:\Program Files\Winamp Detect
2012-03-02 15:12:29 ----D---- C:\Program Files\Winamp
2012-03-02 15:12:29 ----D---- C:\Documents and Settings\Smudy\Data aplikací\Winamp
2012-03-02 15:12:29 ----D---- C:\Documents and Settings\Smudy\Data aplikací\OpenCandy
2012-02-27 22:08:19 ----D---- C:\Documents and Settings\Smudy\Data aplikací\Publish Providers
2012-02-27 17:50:02 ----N---- C:\WINDOWS\system32\dbmsqlgc.dll
2012-02-27 17:50:01 ----N---- C:\WINDOWS\system32\dbmsgnet.dll
2012-02-27 17:49:44 ----D---- C:\Program Files\Microsoft SQL Server
2012-02-27 17:49:30 ----D---- C:\Documents and Settings\Smudy\Data aplikací\Sony
2012-02-27 17:48:19 ----D---- C:\Program Files\Vstplugins
2012-02-27 17:48:15 ----D---- C:\Documents and Settings\All Users\Data aplikací\Sony
2012-02-27 17:47:54 ----D---- C:\Program Files\Sony
2012-02-27 17:43:46 ----D---- C:\Program Files\Sony Setup
2012-02-27 15:10:57 ----D---- C:\Documents and Settings\Smudy\Data aplikací\Realore_Whiterra Roads Of Rome
2012-02-26 19:20:44 ----AD---- C:\Documents and Settings\All Users\Data aplikací\TEMP
2012-02-26 19:19:51 ----D---- C:\Program Files\RoadsofRome_at
2012-02-18 17:37:29 ----HDC---- C:\WINDOWS\$NtUninstallKB2660465$
2012-02-18 17:23:09 ----HDC---- C:\WINDOWS\$NtUninstallKB2661637$
2012-02-18 16:37:03 ----D---- C:\Program Files\Recuva
2012-02-16 14:07:57 ----N---- C:\WINDOWS\system32\iacenc.dll
======List of files/folders modified in the last 1 months======
2012-03-11 20:10:00 ----D---- C:\Program Files\trend micro
2012-03-11 20:09:59 ----D---- C:\WINDOWS\Temp
2012-03-11 20:08:29 ----D---- C:\WINDOWS\system32\drivers
2012-03-11 20:08:24 ----D---- C:\WINDOWS\Prefetch
2012-03-11 20:07:11 ----D---- C:\WINDOWS\system32\CatRoot2
2012-03-11 20:03:34 ----D---- C:\WINDOWS
2012-03-11 20:03:34 ----A---- C:\WINDOWS\system.ini
2012-03-11 20:01:58 ----D---- C:\WINDOWS\system32\config
2012-03-11 19:59:37 ----D---- C:\WINDOWS\system32
2012-03-11 19:59:37 ----D---- C:\WINDOWS\AppPatch
2012-03-11 19:59:35 ----D---- C:\Program Files\Common Files
2012-03-11 19:54:31 ----A---- C:\WINDOWS\SchedLgU.Txt
2012-03-11 19:31:13 ----D---- C:\WINDOWS\Microsoft.NET
2012-03-11 19:28:08 ----SHD---- C:\WINDOWS\Installer
2012-03-11 19:28:08 ----D---- C:\Config.Msi
2012-03-11 19:28:03 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2012-03-11 19:28:00 ----RSD---- C:\WINDOWS\assembly
2012-03-11 19:27:58 ----D---- C:\WINDOWS\WinSxS
2012-03-11 19:25:37 ----D---- C:\Documents and Settings\Smudy\Data aplikací\Skype
2012-03-11 19:25:16 ----HD---- C:\WINDOWS\inf
2012-03-11 19:25:15 ----RSHDC---- C:\WINDOWS\system32\dllcache
2012-03-11 19:25:13 ----HD---- C:\WINDOWS\$hf_mig$
2012-03-11 19:24:50 ----D---- C:\WINDOWS\system32\cs-cz
2012-03-11 19:24:49 ----D---- C:\Program Files\Internet Explorer
2012-03-11 19:23:34 ----D---- C:\WINDOWS\system32\CatRoot
2012-03-11 16:47:37 ----D---- C:\Program Files
2012-03-11 11:43:26 ----D---- C:\Documents and Settings\Smudy\Data aplikací\vlc
2012-03-11 11:42:37 ----A---- C:\WINDOWS\NeroDigital.ini
2012-03-11 08:05:52 ----D---- C:\WINDOWS\Media
2012-03-11 08:05:52 ----D---- C:\WINDOWS\Help
2012-03-11 00:07:55 ----D---- C:\Program Files\QIP
2012-03-11 00:07:11 ----D---- C:\Program Files\Common Files\InstallShield
2012-03-11 00:06:31 ----D---- C:\WINDOWS\system32\WinFast
2012-03-11 00:02:59 ----RSD---- C:\WINDOWS\Fonts
2012-03-11 00:02:59 ----HD---- C:\Program Files\InstallShield Installation Information
2012-03-10 23:58:37 ----D---- C:\WINDOWS\ie8updates
2012-03-10 18:12:06 ----RASH---- C:\boot.ini
2012-03-03 09:33:57 ----D---- C:\WINDOWS\Debug
2012-03-01 21:44:37 ----D---- C:\Documents and Settings\All Users\Data aplikací\Microsoft Help
2012-03-01 21:43:52 ----D---- C:\Program Files\Common Files\Microsoft Shared
2012-03-01 21:41:53 ----A---- C:\WINDOWS\win.ini
2012-03-01 16:53:33 ----D---- C:\Documents and Settings\All Users\Data aplikací\Adobe
2012-03-01 16:53:32 ----D---- C:\Program Files\Common Files\Adobe
2012-03-01 16:53:28 ----D---- C:\Program Files\Adobe
2012-02-27 17:50:01 ----HD---- C:\Program Files\Uninstall Information
2012-02-18 20:02:18 ----D---- C:\Program Files\Microsoft Silverlight
2012-02-18 17:37:38 ----A---- C:\WINDOWS\system32\MRT.exe
2012-02-18 09:15:59 ----D---- C:\Program Files\Mozilla Firefox
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 AmdK8;AMD Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2005-03-09 36352]
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2012-02-16 137416]
R1 avkmgr;avkmgr; C:\WINDOWS\system32\DRIVERS\avkmgr.sys [2011-09-15 36000]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2010-06-17 28520]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-18 12032]
R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2011-09-15 74640]
R2 CX23880;WinFast CX2388x WDM Video Capture.; C:\WINDOWS\system32\drivers\cx88vid.sys [2005-06-28 163584]
R2 CXTUNE;WinFast CX2388x WDM TVTuner.; C:\WINDOWS\system32\drivers\CX88TUNE.sys [2005-06-28 30976]
R3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
R3 CXAVXBAR;WinFast CX2388x WDM Crossbar.; C:\WINDOWS\system32\drivers\cxavxbar.sys [2005-06-28 9728]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2009-03-30 5063168]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-08-16 3959712]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2006-07-11 57856]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2006-07-11 20480]
R3 seehcri;Sony Ericsson seehcri Device Driver; C:\WINDOWS\system32\DRIVERS\seehcri.sys [2008-01-09 27632]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Ovladač Miniport otevřeného hostitelského řadiče Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 usbstor;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbvideo;Zobrazovací zařízení USB (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-13 121984]
S3 Ambfilt;Ambfilt; C:\WINDOWS\system32\drivers\Ambfilt.sys [2008-08-05 1684736]
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2006-04-13 49664]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2006-04-13 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2006-04-13 21568]
S3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys []
S3 mbr;mbr; \??\C:\DOCUME~1\Smudy\LOCALS~1\Temp\mbr.sys []
S3 Monfilt;Monfilt; C:\WINDOWS\system32\drivers\Monfilt.sys [2006-01-04 1389056]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 s0016bus;Sony Ericsson Device 0016 driver (WDM); C:\WINDOWS\system32\DRIVERS\s0016bus.sys [2008-05-16 89256]
S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\s0016mdfl.sys [2008-05-16 15016]
S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\s0016mdm.sys [2008-05-16 120744]
S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\s0016mgmt.sys [2008-05-16 114216]
S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS); C:\WINDOWS\system32\DRIVERS\s0016nd5.sys [2008-05-16 25512]
S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\s0016obex.sys [2008-05-16 110632]
S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM); C:\WINDOWS\system32\DRIVERS\s0016unic.sys [2008-05-16 115752]
S3 s1018bus;Sony Ericsson Device 1018 driver (WDM); C:\WINDOWS\system32\DRIVERS\s1018bus.sys [2009-03-25 86824]
S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\s1018mdfl.sys [2009-03-25 15016]
S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\s1018mdm.sys [2009-03-25 114728]
S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\s1018mgmt.sys [2009-03-25 106208]
S3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS); C:\WINDOWS\system32\DRIVERS\s1018nd5.sys [2009-03-25 26024]
S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\s1018obex.sys [2009-03-25 104744]
S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM); C:\WINDOWS\system32\DRIVERS\s1018unic.sys [2009-03-25 109864]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 WFIOCTL;WFIOCTL; \??\C:\Program Files\WinFast\WFTVFM\WFIOCTL.SYS []
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2008-06-13 38528]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2008-06-13 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AntiVirService;Avira Realtime Protection; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2011-09-23 110032]
R2 AntiVirSchedulerService;Avira Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2011-09-23 86224]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2011-02-02 153376]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-08-16 155715]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2006-03-03 69632]
R2 UleadBurningHelper;Ulead Burning Helper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [2004-12-13 49152]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 MSSQL$SONY_MEDIAMGR;MSSQL$SONY_MEDIAMGR; C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe [2002-12-17 7520337]
S3 MSSQLServerADHelper;MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [2002-12-17 66112]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2006-11-10 774144]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion; C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [2011-06-29 155344]
S3 SQLAgent$SONY_MEDIAMGR;SQLAgent$SONY_MEDIAMGR; C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE [2002-12-17 311872]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
-----------------EOF-----------------
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.2015.1537 [GMT 1:00]
Spuštěný z: d:\dokumenty\viry\ComboFix.exe
Použité ovládací přepínače :: d:\dokumenty\viry\CFScript.txt
AV: Avira Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_xpsec
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-02-11 do 2012-03-11 )))))))))))))))))))))))))))))))
.
.
2012-03-11 14:12 . 2012-03-11 14:12 -------- d-----w- C:\TDSSKiller_Quarantine
2012-03-11 07:48 . 2011-04-30 08:50 766464 -c----w- c:\windows\system32\dllcache\vgx.dll
2012-03-04 13:08 . 2012-03-04 13:09 -------- d-----w- c:\program files\Valve
2012-03-02 14:12 . 2012-03-02 14:12 -------- d-----w- c:\program files\Winamp Detect
2012-03-02 14:12 . 2012-03-11 07:28 -------- d-----w- c:\documents and settings\Smudy\Data aplikací\Winamp
2012-03-02 14:12 . 2012-03-02 14:13 -------- d-----w- c:\program files\Winamp
2012-03-02 14:12 . 2012-03-02 14:12 -------- d-----w- c:\documents and settings\Smudy\Data aplikací\OpenCandy
2012-02-27 21:08 . 2012-02-27 21:08 -------- d-----w- c:\documents and settings\Smudy\Data aplikací\Publish Providers
2012-02-27 21:08 . 2012-02-27 21:08 -------- d-----w- c:\documents and settings\Smudy\Local Settings\Data aplikací\Sony
2012-02-27 16:50 . 2002-12-17 15:23 33340 ------w- c:\windows\system32\dbmsqlgc.dll
2012-02-27 16:50 . 2002-10-20 13:05 24576 ------w- c:\windows\system32\dbmsgnet.dll
2012-02-27 16:49 . 2012-02-27 16:49 -------- d-----w- c:\program files\Microsoft SQL Server
2012-02-27 16:49 . 2012-02-27 21:08 -------- d-----w- c:\documents and settings\Smudy\Data aplikací\Sony
2012-02-27 16:48 . 2012-02-27 16:48 -------- d-----w- c:\program files\Vstplugins
2012-02-27 16:48 . 2012-02-27 16:49 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Sony
2012-02-27 16:47 . 2012-02-27 16:47 -------- d-----w- c:\program files\Sony
2012-02-27 16:43 . 2012-02-27 16:43 -------- d-----w- c:\program files\Sony Setup
2012-02-27 14:10 . 2012-02-27 14:11 -------- d-----w- c:\documents and settings\Smudy\Data aplikací\Realore_Whiterra Roads Of Rome
2012-02-26 18:20 . 2012-02-27 15:08 -------- d---a-w- c:\documents and settings\All Users\Data aplikací\TEMP
2012-02-26 18:19 . 2012-03-04 12:46 -------- d-----w- c:\program files\RoadsofRome_at
2012-02-18 15:37 . 2012-02-18 15:37 -------- d-----w- c:\program files\Recuva
2012-02-18 14:59 . 2003-09-03 01:28 724992 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iKernel.dll
2012-02-18 14:59 . 2003-09-03 01:27 69715 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\ctor.dll
2012-02-18 14:59 . 2003-09-03 01:26 266240 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iscript.dll
2012-02-18 14:59 . 2003-09-03 01:26 192512 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iuser.dll
2012-02-18 14:59 . 2003-09-03 01:25 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\DotNetInstaller.exe
2012-02-18 14:59 . 2012-02-18 14:59 311428 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\Setup.dll
2012-02-18 14:59 . 2012-02-18 14:59 184452 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iGdi.dll
2012-02-16 13:07 . 2012-01-11 19:07 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll
2012-02-16 13:07 . 2012-01-11 19:07 3072 ------w- c:\windows\system32\iacenc.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-23 18:44 . 2011-06-12 10:21 414368 -c--a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-16 05:35 . 2012-02-05 08:59 137416 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-01-12 17:21 . 2009-08-29 12:34 1869056 ----a-w- c:\windows\system32\win32k.sys
2011-12-19 08:08 . 2008-06-13 07:32 832512 ----a-w- c:\windows\system32\wininet.dll
2011-12-19 08:08 . 2008-06-13 07:31 1830912 ----a-w- c:\windows\system32\inetcpl.cpl
2011-12-19 08:08 . 2009-09-30 14:56 78336 ----a-w- c:\windows\system32\ieencode.dll
2011-12-19 08:08 . 2008-06-13 07:31 17408 ----a-w- c:\windows\system32\corpol.dll
2011-12-16 12:22 . 2008-06-13 07:31 389120 ----a-w- c:\windows\system32\html.iec
2010-12-27 17:40 . 2010-12-27 17:39 19985265 ----a-w- c:\program files\vlc-1.1.5-win32.exe
2006-12-04 17:39 . 2011-12-21 12:43 915968 ----a-w- c:\program files\WinRAR.exe
2006-12-04 17:39 . 2011-12-21 12:43 313856 ----a-w- c:\program files\Rar.exe
2006-12-03 13:53 . 2011-12-21 12:43 126464 ----a-w- c:\program files\RarExt.dll
2006-12-03 13:53 . 2011-12-21 12:43 66560 -c--a-w- c:\program files\Zip.SFX
2006-12-03 13:53 . 2011-12-21 12:43 100864 -c--a-w- c:\program files\Default.SFX
2006-12-03 13:52 . 2011-12-21 12:43 200704 ----a-w- c:\program files\UnRAR.exe
2006-09-18 13:31 . 2011-12-21 12:43 79360 -c--a-w- c:\program files\WinCon.SFX
2006-09-14 16:29 . 2011-12-21 12:43 315392 ----a-w- c:\program files\rarlng.dll
2005-06-07 11:26 . 2011-12-21 12:43 43008 ----a-w- c:\program files\RarExt64.dll
2005-06-07 11:25 . 2011-12-21 12:43 44032 ----a-w- c:\program files\RarExtLoader.exe
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2012-02-18 08:15 . 2011-06-26 21:27 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2006-05-03 10:06 163328 -csh--r- c:\windows\system32\flvDX.dll
2007-02-21 11:47 31232 -csh--r- c:\windows\system32\msfDX.dll
2008-03-16 13:30 216064 -csh--r- c:\windows\system32\nbDX.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2008-04-13 22:10 . !HASH: COULD NOT OPEN FILE !!!!! . 96512 . . [------] . . c:\windows\system32\drivers\atapi.sys
[7] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\system32\ReinstallBackups\0001\DriverFiles\i386\atapi.sys
.
[-] 2008-06-13 . 1E603EA2A3FDBAE9E5B88A8CB3C03124 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((( SnapShot_2012-03-11_15.50.02 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-03-11 19:03 . 2012-03-11 19:03 16384 c:\windows\Temp\Perflib_Perfdata_450.dat
+ 2008-06-13 07:32 . 2011-12-19 08:08 44544 c:\windows\system32\pngfilt.dll
- 2008-06-13 07:32 . 2008-06-13 07:32 44544 c:\windows\system32\pngfilt.dll
+ 2008-06-13 07:31 . 2011-12-19 08:08 52224 c:\windows\system32\msfeedsbs.dll
+ 2008-06-13 07:31 . 2011-12-19 08:08 27648 c:\windows\system32\jsproxy.dll
+ 2008-06-13 07:31 . 2011-12-19 08:08 44544 c:\windows\system32\iernonce.dll
+ 2008-06-13 07:31 . 2011-12-16 12:22 70656 c:\windows\system32\ie4uinit.exe
+ 2008-06-13 07:31 . 2011-12-19 08:08 63488 c:\windows\system32\icardie.dll
+ 2011-12-19 08:08 . 2011-12-19 08:08 44544 c:\windows\system32\dllcache\pngfilt.dll
+ 2011-12-19 08:08 . 2011-12-19 08:08 27648 c:\windows\system32\dllcache\jsproxy.dll
+ 2011-12-16 12:22 . 2011-12-16 12:22 13824 c:\windows\system32\dllcache\ieudinit.exe
+ 2011-12-19 08:08 . 2011-12-19 08:08 44544 c:\windows\system32\dllcache\iernonce.dll
- 2009-09-30 14:59 . 2008-06-13 07:31 78336 c:\windows\system32\dllcache\ieencode.dll
+ 2009-09-30 14:59 . 2011-12-19 08:08 78336 c:\windows\system32\dllcache\ieencode.dll
+ 2011-12-16 12:22 . 2011-12-16 12:22 70656 c:\windows\system32\dllcache\ie4uinit.exe
+ 2011-12-19 08:08 . 2011-12-19 08:08 63488 c:\windows\system32\dllcache\icardie.dll
+ 2011-12-19 08:08 . 2011-12-19 08:08 17408 c:\windows\system32\dllcache\corpol.dll
+ 2012-03-11 18:24 . 2008-06-13 07:32 44544 c:\windows\ie7updates\KB2647516-IE7\pngfilt.dll
+ 2012-03-11 18:24 . 2008-06-13 07:31 50688 c:\windows\ie7updates\KB2647516-IE7\msfeedsbs.dll
+ 2012-03-11 18:24 . 2008-06-13 07:31 27136 c:\windows\ie7updates\KB2647516-IE7\jsproxy.dll
+ 2012-03-11 18:24 . 2008-06-13 07:31 43008 c:\windows\ie7updates\KB2647516-IE7\iernonce.dll
+ 2012-03-11 18:24 . 2008-06-13 07:31 78336 c:\windows\ie7updates\KB2647516-IE7\ieencode.dll
+ 2012-03-11 18:24 . 2008-06-13 07:31 54784 c:\windows\ie7updates\KB2647516-IE7\ie4uinit.exe
+ 2012-03-11 18:24 . 2008-06-13 07:31 61952 c:\windows\ie7updates\KB2647516-IE7\icardie.dll
+ 2012-03-11 18:24 . 2008-06-13 07:31 17408 c:\windows\ie7updates\KB2647516-IE7\corpol.dll
- 2012-03-09 21:45 . 2012-03-09 21:45 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2012-03-11 18:27 . 2012-03-11 18:27 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
- 2012-03-09 21:45 . 2012-03-09 21:45 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2012-03-11 18:27 . 2012-03-11 18:27 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2012-03-11 18:27 . 2012-03-11 18:27 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
- 2012-03-09 21:45 . 2012-03-09 21:45 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2012-03-11 18:27 . 2012-03-11 18:27 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
- 2012-03-09 21:45 . 2012-03-09 21:45 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
+ 2012-03-11 18:27 . 2012-03-11 18:27 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
- 2012-03-09 21:45 . 2012-03-09 21:45 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
- 2012-03-09 21:45 . 2012-03-09 21:45 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2012-03-11 18:27 . 2012-03-11 18:27 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2012-03-11 18:27 . 2012-03-11 18:27 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
- 2012-03-09 21:45 . 2012-03-09 21:45 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
+ 2012-03-11 18:27 . 2012-03-11 18:27 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
- 2012-03-09 21:45 . 2012-03-09 21:45 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
- 2012-03-09 21:45 . 2012-03-09 21:45 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
+ 2012-03-11 18:27 . 2012-03-11 18:27 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
+ 2012-03-11 18:27 . 2012-03-11 18:27 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
- 2012-03-09 21:45 . 2012-03-09 21:45 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
+ 2012-03-11 18:27 . 2012-03-11 18:27 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
- 2012-03-09 21:45 . 2012-03-09 21:45 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2012-03-11 18:27 . 2012-03-11 18:27 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2012-03-09 21:45 . 2012-03-09 21:45 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2012-03-11 18:27 . 2012-03-11 18:27 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2012-03-09 21:45 . 2012-03-09 21:45 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2012-03-11 18:27 . 2012-03-11 18:27 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
- 2012-03-09 21:45 . 2012-03-09 21:45 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
+ 2012-03-11 18:27 . 2012-03-11 18:27 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
- 2012-03-09 21:45 . 2012-03-09 21:45 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
- 2012-03-09 21:45 . 2012-03-09 21:45 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2012-03-11 18:27 . 2012-03-11 18:27 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
- 2012-03-09 21:45 . 2012-03-09 21:45 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2012-03-11 18:27 . 2012-03-11 18:27 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
- 2012-03-09 21:45 . 2012-03-09 21:45 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2012-03-11 18:27 . 2012-03-11 18:27 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2012-03-11 18:27 . 2012-03-11 18:27 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
- 2012-03-09 21:45 . 2012-03-09 21:45 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
+ 2012-03-11 18:27 . 2012-03-11 18:27 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
- 2012-03-09 21:45 . 2012-03-09 21:45 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
+ 2008-06-13 07:32 . 2011-12-19 08:08 233472 c:\windows\system32\webcheck.dll
+ 2009-08-29 12:26 . 2011-03-04 06:42 434176 c:\windows\system32\vbscript.dll
+ 2008-06-13 07:32 . 2011-12-19 08:08 106496 c:\windows\system32\url.dll
- 2004-08-18 12:00 . 2012-03-09 21:45 580824 c:\windows\system32\perfh009.dat
+ 2004-08-18 12:00 . 2012-03-11 18:28 580824 c:\windows\system32\perfh009.dat
+ 2004-08-18 12:00 . 2012-03-11 18:28 588648 c:\windows\system32\perfh005.dat
- 2004-08-18 12:00 . 2012-03-09 21:45 588648 c:\windows\system32\perfh005.dat
+ 2004-08-18 12:00 . 2012-03-11 18:28 122166 c:\windows\system32\perfc009.dat
- 2004-08-18 12:00 . 2012-03-09 21:45 122166 c:\windows\system32\perfc009.dat
- 2004-08-18 12:00 . 2012-03-09 21:45 150930 c:\windows\system32\perfc005.dat
+ 2004-08-18 12:00 . 2012-03-11 18:28 150930 c:\windows\system32\perfc005.dat
+ 2008-06-13 07:32 . 2011-12-19 08:08 102912 c:\windows\system32\occache.dll
+ 2008-06-13 07:32 . 2011-12-19 08:08 671232 c:\windows\system32\mstime.dll
+ 2008-06-13 07:32 . 2011-12-19 08:08 193024 c:\windows\system32\msrating.dll
+ 2008-06-13 07:32 . 2011-12-19 08:08 478720 c:\windows\system32\mshtmled.dll
+ 2008-06-13 07:31 . 2011-12-19 08:08 468480 c:\windows\system32\msfeeds.dll
- 2009-08-29 12:26 . 2009-08-29 12:26 512000 c:\windows\system32\jscript.dll
+ 2009-08-29 12:26 . 2011-03-04 06:42 512000 c:\windows\system32\jscript.dll
+ 2008-06-13 07:31 . 2011-12-19 08:08 268288 c:\windows\system32\iertutil.dll
+ 2008-06-13 07:31 . 2011-12-19 08:08 192512 c:\windows\system32\iepeers.dll
+ 2008-06-13 07:31 . 2011-12-19 08:08 384512 c:\windows\system32\iedkcs32.dll
+ 2008-06-13 07:31 . 2011-12-19 08:08 380928 c:\windows\system32\ieapfltr.dll
- 2008-06-13 07:31 . 2008-06-13 07:31 161792 c:\windows\system32\ieakui.dll
+ 2008-06-13 07:31 . 2011-12-16 10:58 161792 c:\windows\system32\ieakui.dll
+ 2008-06-13 07:31 . 2011-12-19 08:08 230400 c:\windows\system32\ieaksie.dll
+ 2008-06-13 07:31 . 2011-12-19 08:08 153088 c:\windows\system32\ieakeng.dll
+ 2008-06-13 07:31 . 2011-12-19 08:08 133120 c:\windows\system32\extmgr.dll
+ 2008-06-13 07:31 . 2011-12-19 08:08 214528 c:\windows\system32\dxtrans.dll
- 2008-06-13 07:31 . 2008-06-13 07:31 214528 c:\windows\system32\dxtrans.dll
+ 2008-06-13 07:31 . 2011-12-19 08:08 347136 c:\windows\system32\dxtmsft.dll
+ 2011-12-19 08:08 . 2011-12-19 08:08 832512 c:\windows\system32\dllcache\wininet.dll
+ 2011-12-19 08:08 . 2011-12-19 08:08 233472 c:\windows\system32\dllcache\webcheck.dll
+ 2011-03-04 06:42 . 2011-03-04 06:42 434176 c:\windows\system32\dllcache\vbscript.dll
+ 2011-12-19 08:08 . 2011-12-19 08:08 106496 c:\windows\system32\dllcache\url.dll
+ 2011-12-19 08:08 . 2011-12-19 08:08 102912 c:\windows\system32\dllcache\occache.dll
+ 2011-12-19 08:08 . 2011-12-19 08:08 671232 c:\windows\system32\dllcache\mstime.dll
+ 2011-12-19 08:08 . 2011-12-19 08:08 193024 c:\windows\system32\dllcache\msrating.dll
+ 2011-12-19 08:08 . 2011-12-19 08:08 478720 c:\windows\system32\dllcache\mshtmled.dll
+ 2011-03-04 06:42 . 2011-03-04 06:42 512000 c:\windows\system32\dllcache\jscript.dll
+ 2011-12-16 11:00 . 2011-12-16 11:00 634680 c:\windows\system32\dllcache\iexplore.exe
+ 2011-12-19 08:08 . 2011-12-19 08:08 192512 c:\windows\system32\dllcache\iepeers.dll
+ 2011-12-19 08:08 . 2011-12-19 08:08 384512 c:\windows\system32\dllcache\iedkcs32.dll
+ 2011-12-19 08:08 . 2011-12-19 08:08 380928 c:\windows\system32\dllcache\ieapfltr.dll
+ 2011-12-16 10:58 . 2011-12-16 10:58 161792 c:\windows\system32\dllcache\ieakui.dll
+ 2011-12-19 08:08 . 2011-12-19 08:08 230400 c:\windows\system32\dllcache\ieaksie.dll
+ 2011-12-19 08:08 . 2011-12-19 08:08 153088 c:\windows\system32\dllcache\ieakeng.dll
+ 2008-06-13 07:31 . 2011-12-19 08:08 133120 c:\windows\system32\dllcache\extmgr.dll
+ 2011-12-19 08:08 . 2011-12-19 08:08 214528 c:\windows\system32\dllcache\dxtrans.dll
+ 2011-12-19 08:08 . 2011-12-19 08:08 347136 c:\windows\system32\dllcache\dxtmsft.dll
+ 2011-12-19 08:08 . 2011-12-19 08:08 124928 c:\windows\system32\dllcache\advpack.dll
+ 2008-06-13 07:31 . 2011-12-19 08:08 124928 c:\windows\system32\advpack.dll
+ 2012-03-11 18:24 . 2008-06-13 07:32 818688 c:\windows\ie7updates\KB2647516-IE7\wininet.dll
+ 2012-03-11 18:24 . 2008-06-13 07:32 231424 c:\windows\ie7updates\KB2647516-IE7\webcheck.dll
+ 2012-03-11 18:24 . 2008-06-13 07:32 105984 c:\windows\ie7updates\KB2647516-IE7\url.dll
+ 2012-03-11 18:24 . 2010-07-05 13:13 391032 c:\windows\ie7updates\KB2647516-IE7\spuninst\updspapi.dll
+ 2012-03-11 18:24 . 2010-07-05 13:13 233848 c:\windows\ie7updates\KB2647516-IE7\spuninst\spuninst.exe
+ 2012-03-11 18:24 . 2008-06-13 07:32 101376 c:\windows\ie7updates\KB2647516-IE7\occache.dll
+ 2012-03-11 18:24 . 2008-06-13 07:32 670720 c:\windows\ie7updates\KB2647516-IE7\mstime.dll
+ 2012-03-11 18:24 . 2008-06-13 07:32 192000 c:\windows\ie7updates\KB2647516-IE7\msrating.dll
+ 2012-03-11 18:24 . 2008-06-13 07:32 475648 c:\windows\ie7updates\KB2647516-IE7\mshtmled.dll
+ 2012-03-11 18:24 . 2008-06-13 07:31 458752 c:\windows\ie7updates\KB2647516-IE7\msfeeds.dll
+ 2012-03-11 18:24 . 2008-06-13 07:31 622080 c:\windows\ie7updates\KB2647516-IE7\iexplore.exe
+ 2012-03-11 18:24 . 2008-06-13 07:31 266752 c:\windows\ie7updates\KB2647516-IE7\iertutil.dll
+ 2012-03-11 18:24 . 2008-06-13 07:31 191488 c:\windows\ie7updates\KB2647516-IE7\iepeers.dll
+ 2012-03-11 18:24 . 2008-06-13 07:31 382976 c:\windows\ie7updates\KB2647516-IE7\iedkcs32.dll
+ 2012-03-11 18:24 . 2008-06-13 07:31 383488 c:\windows\ie7updates\KB2647516-IE7\ieapfltr.dll
+ 2012-03-11 18:24 . 2008-06-13 07:31 161792 c:\windows\ie7updates\KB2647516-IE7\ieakui.dll
+ 2012-03-11 18:24 . 2008-06-13 07:31 229376 c:\windows\ie7updates\KB2647516-IE7\ieaksie.dll
+ 2012-03-11 18:24 . 2008-06-13 07:31 152064 c:\windows\ie7updates\KB2647516-IE7\ieakeng.dll
+ 2012-03-11 18:24 . 2008-06-13 07:31 131584 c:\windows\ie7updates\KB2647516-IE7\extmgr.dll
+ 2012-03-11 18:24 . 2008-06-13 07:31 214528 c:\windows\ie7updates\KB2647516-IE7\dxtrans.dll
+ 2012-03-11 18:24 . 2008-06-13 07:31 346624 c:\windows\ie7updates\KB2647516-IE7\dxtmsft.dll
+ 2012-03-11 18:24 . 2008-06-13 07:31 123904 c:\windows\ie7updates\KB2647516-IE7\advpack.dll
+ 2012-03-11 18:25 . 2008-06-13 07:32 765952 c:\windows\ie7updates\KB2544521-IE7\vgx.dll
+ 2012-03-11 18:25 . 2010-07-05 13:13 391032 c:\windows\ie7updates\KB2544521-IE7\spuninst\updspapi.dll
+ 2012-03-11 18:25 . 2010-07-05 13:13 233848 c:\windows\ie7updates\KB2544521-IE7\spuninst\spuninst.exe
- 2012-03-09 21:45 . 2012-03-09 21:45 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2012-03-11 18:27 . 2012-03-11 18:27 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2012-03-09 21:45 . 2012-03-09 21:45 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2012-03-11 18:27 . 2012-03-11 18:27 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
- 2012-03-09 21:45 . 2012-03-09 21:45 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2012-03-11 18:28 . 2012-03-11 18:28 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2012-03-11 18:27 . 2012-03-11 18:27 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2012-03-09 21:45 . 2012-03-09 21:45 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2012-03-09 21:45 . 2012-03-09 21:45 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2012-03-11 18:27 . 2012-03-11 18:27 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
- 2012-03-09 21:45 . 2012-03-09 21:45 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2012-03-11 18:27 . 2012-03-11 18:27 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2012-03-11 18:27 . 2012-03-11 18:27 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
- 2012-03-09 21:45 . 2012-03-09 21:45 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2012-03-11 18:27 . 2012-03-11 18:27 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
- 2012-03-09 21:45 . 2012-03-09 21:45 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2012-03-11 18:27 . 2012-03-11 18:27 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2012-03-09 21:45 . 2012-03-09 21:45 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2012-03-09 21:45 . 2012-03-09 21:45 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2012-03-11 18:27 . 2012-03-11 18:27 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
- 2012-03-09 21:45 . 2012-03-09 21:45 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2012-03-11 18:27 . 2012-03-11 18:27 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2012-03-11 18:28 . 2012-03-11 18:28 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
- 2012-03-09 21:45 . 2012-03-09 21:45 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2012-03-11 18:28 . 2012-03-11 18:28 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
- 2012-03-09 21:45 . 2012-03-09 21:45 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2012-03-11 18:27 . 2012-03-11 18:27 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
- 2012-03-09 21:45 . 2012-03-09 21:45 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2012-03-11 18:27 . 2012-03-11 18:27 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2012-03-09 21:45 . 2012-03-09 21:45 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2012-03-09 21:45 . 2012-03-09 21:45 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2012-03-11 18:27 . 2012-03-11 18:27 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
- 2012-03-09 21:45 . 2012-03-09 21:45 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2012-03-11 18:27 . 2012-03-11 18:27 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
- 2012-03-09 21:45 . 2012-03-09 21:45 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2012-03-11 18:27 . 2012-03-11 18:27 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2012-03-09 21:45 . 2012-03-09 21:45 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
+ 2012-03-11 18:27 . 2012-03-11 18:27 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
- 2012-03-09 21:45 . 2012-03-09 21:45 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
+ 2012-03-11 18:27 . 2012-03-11 18:27 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
+ 2012-03-11 18:27 . 2012-03-11 18:27 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
- 2012-03-09 21:45 . 2012-03-09 21:45 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
- 2012-03-09 21:45 . 2012-03-09 21:45 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2012-03-11 18:27 . 2012-03-11 18:27 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2012-03-09 21:45 . 2012-03-09 21:45 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2012-03-11 18:27 . 2012-03-11 18:27 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2012-03-09 21:45 . 2012-03-09 21:45 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2012-03-11 18:27 . 2012-03-11 18:27 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2008-06-13 07:32 . 2011-12-19 08:08 1168896 c:\windows\system32\urlmon.dll
+ 2008-06-13 07:32 . 2011-12-19 08:08 3616768 c:\windows\system32\mshtml.dll
+ 2008-06-13 07:31 . 2011-12-19 08:08 6076416 c:\windows\system32\ieframe.dll
+ 2008-06-13 07:31 . 2010-07-05 20:32 2452872 c:\windows\system32\ieapfltr.dat
+ 2011-12-19 08:08 . 2011-12-19 08:08 1168896 c:\windows\system32\dllcache\urlmon.dll
+ 2011-12-19 08:08 . 2011-12-19 08:08 3616768 c:\windows\system32\dllcache\mshtml.dll
+ 2010-07-05 20:32 . 2010-07-05 20:32 2452872 c:\windows\system32\dllcache\ieapfltr.dat
+ 2012-03-11 18:24 . 2008-06-13 07:32 1162240 c:\windows\ie7updates\KB2647516-IE7\urlmon.dll
+ 2012-03-11 18:24 . 2008-06-13 07:32 3578368 c:\windows\ie7updates\KB2647516-IE7\mshtml.dll
+ 2012-03-11 18:24 . 2008-06-13 07:31 6049280 c:\windows\ie7updates\KB2647516-IE7\ieframe.dll
+ 2012-03-11 18:24 . 2008-06-13 07:31 2451312 c:\windows\ie7updates\KB2647516-IE7\ieapfltr.dat
+ 2012-03-11 18:27 . 2012-03-11 18:27 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
- 2012-03-09 21:45 . 2012-03-09 21:45 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2012-03-11 18:27 . 2012-03-11 18:27 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
- 2012-03-09 21:45 . 2012-03-09 21:45 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
- 2012-03-09 21:45 . 2012-03-09 21:45 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
+ 2012-03-11 18:27 . 2012-03-11 18:27 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
.
-- Snímek resetován k současnému datu --
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-08-16 7630848]
"nwiz"="nwiz.exe" [2006-08-16 1617920]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-08-16 86016]
"RTHDCPL"="RTHDCPL.EXE" [2009-03-27 17567744]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-09-23 258512]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2011-12-09 74752]
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 13:40 155648 -c--a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Companion]
2011-10-21 13:06 433872 ----a-w- c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Sony Ericsson\\Update Engine\\Sony Ericsson Update Engine.exe"=
"c:\\Program Files\\ICQ7.5\\ICQ.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Valve\\hl.exe"=
.
R0 a347bus;a347bus;c:\windows\system32\drivers\a347bus.sys [4.10.2009 14:07 160640]
R0 a347scsi;a347scsi;c:\windows\system32\drivers\a347scsi.sys [4.10.2009 14:07 5248]
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [5.2.2012 9:59 36000]
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [5.2.2012 9:59 86224]
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [6.9.2010 17:59 27632]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 12:16 130384]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [30.9.2009 16:17 1684736]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [23.12.2009 18:13 38224]
S3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\drivers\s0016bus.sys [30.8.2010 9:09 89256]
S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\drivers\s0016mdfl.sys [30.8.2010 9:09 15016]
S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\drivers\s0016mdm.sys [30.8.2010 9:09 120744]
S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0016mgmt.sys [30.8.2010 9:09 114216]
S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\drivers\s0016nd5.sys [30.8.2010 9:09 25512]
S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\drivers\s0016obex.sys [30.8.2010 9:09 110632]
S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\drivers\s0016unic.sys [30.8.2010 9:09 115752]
S3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\drivers\s1018bus.sys [30.8.2010 9:09 86824]
S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\drivers\s1018mdfl.sys [30.8.2010 9:09 15016]
S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\drivers\s1018mdm.sys [30.8.2010 9:09 114728]
S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s1018mgmt.sys [30.8.2010 9:09 106208]
S3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\drivers\s1018nd5.sys [30.8.2010 9:09 26024]
S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\drivers\s1018obex.sys [30.8.2010 9:09 104744]
S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\drivers\s1018unic.sys [30.8.2010 9:09 109864]
S3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [28.12.2010 8:04 155344]
S3 WFIOCTL;WFIOCTL;\??\c:\program files\WinFast\WFTVFM\WFIOCTL.SYS --> c:\program files\WinFast\WFTVFM\WFIOCTL.SYS [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.3.2010 12:16 753504]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.centrum.cz/#utm_source=icq&utm_medium=centrum
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files\ICQ7.5\ICQ.exe
TCP: Interfaces\{9783E68B-AEAD-4271-864F-D0C12BB83B40}: NameServer = 78.157.167.7,78.157.167.57
FF - ProfilePath - c:\documents and settings\Smudy\Data aplikací\Mozilla\Firefox\Profiles\f7cbzu2f.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.2.9&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.3.6&q=
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-03-11 20:04
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(2344)
c:\windows\system32\nview.dll
c:\windows\system32\NVWRSCS.DLL
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\msi.dll
c:\windows\system32\nvwddi.dll
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\HPZipm12.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\RUNDLL32.EXE
c:\windows\RTHDCPL.EXE
c:\windows\system32\rundll32.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Celkový čas: 2012-03-11 20:08:25 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-03-11 19:08
ComboFix2.txt 2012-03-11 16:52
ComboFix3.txt 2012-03-11 15:55
ComboFix4.txt 2012-03-10 22:21
ComboFix5.txt 2012-03-11 18:26
.
Před spuštěním: Volných bajtů: 24 653 422 592
Po spuštění: Volných bajtů: 24 706 134 016
.
- - End Of File - - 1BA96C75008E3B9E438C720459AB836B
Logfile of random's system information tool 1.06 (written by random/random)
Run by Smudy at 2012-03-11 20:09:59
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 24 GB (39%) free of 60 GB
Total RAM: 2015 MB (74% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:10:04, on 11.3.2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17108)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
D:\Dokumenty\viry\RSIT.exe
C:\Program Files\trend micro\Smudy.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.centrum.cz/#utm_source=icq&u ... um=centrum
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{9783E68B-AEAD-4271-864F-D0C12BB83B40}: NameServer = 78.157.167.7,78.157.167.57
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - (no file)
O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Realtime Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sony Ericsson PCCompanion - Avanquest Software - C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
--
End of file - 5301 bytes
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-01-03 63912]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-02-09 41760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2011-02-09 79648]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-08-16 7630848]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2006-08-16 86016]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2009-03-27 17567744]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2011-09-23 258512]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-01-03 843712]
"WinampAgent"=C:\Program Files\Winamp\winampa.exe [2011-12-09 74752]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2006-01-12 155648]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Companion]
C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe [2011-10-21 433872]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^HP Digital Imaging Monitor.lnk]
C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe [2006-02-19 288472]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\wpdshserviceobj.dll [2008-06-13 133632]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"
"C:\Program Files\Sony Ericsson\Update Engine\Sony Ericsson Update Engine.exe"="C:\Program Files\Sony Ericsson\Update Engine\Sony Ericsson Update Engine.exe:*:Enabled:Update Engine"
"C:\Program Files\ICQ7.5\ICQ.exe"="C:\Program Files\ICQ7.5\ICQ.exe:*:Enabled:ICQ7.5"
"C:\Program Files\SopCast\adv\SopAdver.exe"="C:\Program Files\SopCast\adv\SopAdver.exe:*:Disabled:SopCast Adver"
"C:\Program Files\SopCast\SopCast.exe"="C:\Program Files\SopCast\SopCast.exe:*:Enabled:SopCast Main Application"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\Valve\hl.exe"="C:\Program Files\Valve\hl.exe:*:Enabled:Half-Life Launcher"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\ICQ7.5\ICQ.exe"="C:\Program Files\ICQ7.5\ICQ.exe:*:Enabled:ICQ7.5"
======List of files/folders created in the last 1 months======
2012-03-11 20:08:26 ----A---- C:\ComboFix.txt
2012-03-11 19:54:19 ----A---- C:\WINDOWS\NIRCMD.exe
2012-03-11 19:24:33 ----D---- C:\WINDOWS\ie7updates
2012-03-11 19:24:27 ----A---- C:\WINDOWS\imsins.BAK
2012-03-11 19:24:25 ----HDC---- C:\WINDOWS\$NtUninstallKB2510581$
2012-03-11 17:40:28 ----A---- C:\TDSSKiller.2.7.20.0_11.03.2012_17.40.28_log.txt
2012-03-11 15:12:22 ----D---- C:\TDSSKiller_Quarantine
2012-03-11 15:11:11 ----A---- C:\TDSSKiller.2.7.20.0_11.03.2012_15.11.11_log.txt
2012-03-11 11:25:31 ----A---- C:\TDSSKiller.2.7.20.0_11.03.2012_11.25.31_log.txt
2012-03-11 11:12:54 ----A---- C:\TDSSKiller.2.7.20.0_11.03.2012_11.12.54_log.txt
2012-03-10 18:12:06 ----A---- C:\Boot.bak
2012-03-10 18:12:03 ----RASHD---- C:\cmdcons
2012-03-10 18:09:40 ----A---- C:\WINDOWS\zip.exe
2012-03-10 18:09:40 ----A---- C:\WINDOWS\SWXCACLS.exe
2012-03-10 18:09:40 ----A---- C:\WINDOWS\SWSC.exe
2012-03-10 18:09:40 ----A---- C:\WINDOWS\SWREG.exe
2012-03-10 18:09:40 ----A---- C:\WINDOWS\sed.exe
2012-03-10 18:09:40 ----A---- C:\WINDOWS\PEV.exe
2012-03-10 18:09:40 ----A---- C:\WINDOWS\MBR.exe
2012-03-10 18:09:40 ----A---- C:\WINDOWS\grep.exe
2012-03-10 18:09:33 ----D---- C:\WINDOWS\ERDNT
2012-03-10 18:09:27 ----D---- C:\Qoobox
2012-03-10 13:23:04 ----D---- C:\Avenger
2012-03-10 13:23:04 ----A---- C:\avenger.txt
2012-03-04 14:08:25 ----D---- C:\Program Files\Valve
2012-03-02 15:12:45 ----D---- C:\Program Files\Winamp Detect
2012-03-02 15:12:29 ----D---- C:\Program Files\Winamp
2012-03-02 15:12:29 ----D---- C:\Documents and Settings\Smudy\Data aplikací\Winamp
2012-03-02 15:12:29 ----D---- C:\Documents and Settings\Smudy\Data aplikací\OpenCandy
2012-02-27 22:08:19 ----D---- C:\Documents and Settings\Smudy\Data aplikací\Publish Providers
2012-02-27 17:50:02 ----N---- C:\WINDOWS\system32\dbmsqlgc.dll
2012-02-27 17:50:01 ----N---- C:\WINDOWS\system32\dbmsgnet.dll
2012-02-27 17:49:44 ----D---- C:\Program Files\Microsoft SQL Server
2012-02-27 17:49:30 ----D---- C:\Documents and Settings\Smudy\Data aplikací\Sony
2012-02-27 17:48:19 ----D---- C:\Program Files\Vstplugins
2012-02-27 17:48:15 ----D---- C:\Documents and Settings\All Users\Data aplikací\Sony
2012-02-27 17:47:54 ----D---- C:\Program Files\Sony
2012-02-27 17:43:46 ----D---- C:\Program Files\Sony Setup
2012-02-27 15:10:57 ----D---- C:\Documents and Settings\Smudy\Data aplikací\Realore_Whiterra Roads Of Rome
2012-02-26 19:20:44 ----AD---- C:\Documents and Settings\All Users\Data aplikací\TEMP
2012-02-26 19:19:51 ----D---- C:\Program Files\RoadsofRome_at
2012-02-18 17:37:29 ----HDC---- C:\WINDOWS\$NtUninstallKB2660465$
2012-02-18 17:23:09 ----HDC---- C:\WINDOWS\$NtUninstallKB2661637$
2012-02-18 16:37:03 ----D---- C:\Program Files\Recuva
2012-02-16 14:07:57 ----N---- C:\WINDOWS\system32\iacenc.dll
======List of files/folders modified in the last 1 months======
2012-03-11 20:10:00 ----D---- C:\Program Files\trend micro
2012-03-11 20:09:59 ----D---- C:\WINDOWS\Temp
2012-03-11 20:08:29 ----D---- C:\WINDOWS\system32\drivers
2012-03-11 20:08:24 ----D---- C:\WINDOWS\Prefetch
2012-03-11 20:07:11 ----D---- C:\WINDOWS\system32\CatRoot2
2012-03-11 20:03:34 ----D---- C:\WINDOWS
2012-03-11 20:03:34 ----A---- C:\WINDOWS\system.ini
2012-03-11 20:01:58 ----D---- C:\WINDOWS\system32\config
2012-03-11 19:59:37 ----D---- C:\WINDOWS\system32
2012-03-11 19:59:37 ----D---- C:\WINDOWS\AppPatch
2012-03-11 19:59:35 ----D---- C:\Program Files\Common Files
2012-03-11 19:54:31 ----A---- C:\WINDOWS\SchedLgU.Txt
2012-03-11 19:31:13 ----D---- C:\WINDOWS\Microsoft.NET
2012-03-11 19:28:08 ----SHD---- C:\WINDOWS\Installer
2012-03-11 19:28:08 ----D---- C:\Config.Msi
2012-03-11 19:28:03 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2012-03-11 19:28:00 ----RSD---- C:\WINDOWS\assembly
2012-03-11 19:27:58 ----D---- C:\WINDOWS\WinSxS
2012-03-11 19:25:37 ----D---- C:\Documents and Settings\Smudy\Data aplikací\Skype
2012-03-11 19:25:16 ----HD---- C:\WINDOWS\inf
2012-03-11 19:25:15 ----RSHDC---- C:\WINDOWS\system32\dllcache
2012-03-11 19:25:13 ----HD---- C:\WINDOWS\$hf_mig$
2012-03-11 19:24:50 ----D---- C:\WINDOWS\system32\cs-cz
2012-03-11 19:24:49 ----D---- C:\Program Files\Internet Explorer
2012-03-11 19:23:34 ----D---- C:\WINDOWS\system32\CatRoot
2012-03-11 16:47:37 ----D---- C:\Program Files
2012-03-11 11:43:26 ----D---- C:\Documents and Settings\Smudy\Data aplikací\vlc
2012-03-11 11:42:37 ----A---- C:\WINDOWS\NeroDigital.ini
2012-03-11 08:05:52 ----D---- C:\WINDOWS\Media
2012-03-11 08:05:52 ----D---- C:\WINDOWS\Help
2012-03-11 00:07:55 ----D---- C:\Program Files\QIP
2012-03-11 00:07:11 ----D---- C:\Program Files\Common Files\InstallShield
2012-03-11 00:06:31 ----D---- C:\WINDOWS\system32\WinFast
2012-03-11 00:02:59 ----RSD---- C:\WINDOWS\Fonts
2012-03-11 00:02:59 ----HD---- C:\Program Files\InstallShield Installation Information
2012-03-10 23:58:37 ----D---- C:\WINDOWS\ie8updates
2012-03-10 18:12:06 ----RASH---- C:\boot.ini
2012-03-03 09:33:57 ----D---- C:\WINDOWS\Debug
2012-03-01 21:44:37 ----D---- C:\Documents and Settings\All Users\Data aplikací\Microsoft Help
2012-03-01 21:43:52 ----D---- C:\Program Files\Common Files\Microsoft Shared
2012-03-01 21:41:53 ----A---- C:\WINDOWS\win.ini
2012-03-01 16:53:33 ----D---- C:\Documents and Settings\All Users\Data aplikací\Adobe
2012-03-01 16:53:32 ----D---- C:\Program Files\Common Files\Adobe
2012-03-01 16:53:28 ----D---- C:\Program Files\Adobe
2012-02-27 17:50:01 ----HD---- C:\Program Files\Uninstall Information
2012-02-18 20:02:18 ----D---- C:\Program Files\Microsoft Silverlight
2012-02-18 17:37:38 ----A---- C:\WINDOWS\system32\MRT.exe
2012-02-18 09:15:59 ----D---- C:\Program Files\Mozilla Firefox
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 AmdK8;AMD Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2005-03-09 36352]
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2012-02-16 137416]
R1 avkmgr;avkmgr; C:\WINDOWS\system32\DRIVERS\avkmgr.sys [2011-09-15 36000]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2010-06-17 28520]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-18 12032]
R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2011-09-15 74640]
R2 CX23880;WinFast CX2388x WDM Video Capture.; C:\WINDOWS\system32\drivers\cx88vid.sys [2005-06-28 163584]
R2 CXTUNE;WinFast CX2388x WDM TVTuner.; C:\WINDOWS\system32\drivers\CX88TUNE.sys [2005-06-28 30976]
R3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
R3 CXAVXBAR;WinFast CX2388x WDM Crossbar.; C:\WINDOWS\system32\drivers\cxavxbar.sys [2005-06-28 9728]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2009-03-30 5063168]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-08-16 3959712]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2006-07-11 57856]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2006-07-11 20480]
R3 seehcri;Sony Ericsson seehcri Device Driver; C:\WINDOWS\system32\DRIVERS\seehcri.sys [2008-01-09 27632]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Ovladač Miniport otevřeného hostitelského řadiče Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 usbstor;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbvideo;Zobrazovací zařízení USB (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-13 121984]
S3 Ambfilt;Ambfilt; C:\WINDOWS\system32\drivers\Ambfilt.sys [2008-08-05 1684736]
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2006-04-13 49664]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2006-04-13 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2006-04-13 21568]
S3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys []
S3 mbr;mbr; \??\C:\DOCUME~1\Smudy\LOCALS~1\Temp\mbr.sys []
S3 Monfilt;Monfilt; C:\WINDOWS\system32\drivers\Monfilt.sys [2006-01-04 1389056]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 s0016bus;Sony Ericsson Device 0016 driver (WDM); C:\WINDOWS\system32\DRIVERS\s0016bus.sys [2008-05-16 89256]
S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\s0016mdfl.sys [2008-05-16 15016]
S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\s0016mdm.sys [2008-05-16 120744]
S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\s0016mgmt.sys [2008-05-16 114216]
S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS); C:\WINDOWS\system32\DRIVERS\s0016nd5.sys [2008-05-16 25512]
S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\s0016obex.sys [2008-05-16 110632]
S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM); C:\WINDOWS\system32\DRIVERS\s0016unic.sys [2008-05-16 115752]
S3 s1018bus;Sony Ericsson Device 1018 driver (WDM); C:\WINDOWS\system32\DRIVERS\s1018bus.sys [2009-03-25 86824]
S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\s1018mdfl.sys [2009-03-25 15016]
S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\s1018mdm.sys [2009-03-25 114728]
S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\s1018mgmt.sys [2009-03-25 106208]
S3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS); C:\WINDOWS\system32\DRIVERS\s1018nd5.sys [2009-03-25 26024]
S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\s1018obex.sys [2009-03-25 104744]
S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM); C:\WINDOWS\system32\DRIVERS\s1018unic.sys [2009-03-25 109864]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 WFIOCTL;WFIOCTL; \??\C:\Program Files\WinFast\WFTVFM\WFIOCTL.SYS []
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2008-06-13 38528]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2008-06-13 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AntiVirService;Avira Realtime Protection; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2011-09-23 110032]
R2 AntiVirSchedulerService;Avira Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2011-09-23 86224]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2011-02-02 153376]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-08-16 155715]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2006-03-03 69632]
R2 UleadBurningHelper;Ulead Burning Helper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [2004-12-13 49152]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 MSSQL$SONY_MEDIAMGR;MSSQL$SONY_MEDIAMGR; C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe [2002-12-17 7520337]
S3 MSSQLServerADHelper;MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [2002-12-17 66112]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2006-11-10 774144]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion; C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [2011-06-29 155344]
S3 SQLAgent$SONY_MEDIAMGR;SQLAgent$SONY_MEDIAMGR; C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE [2002-12-17 311872]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
-----------------EOF-----------------
Re: Prosím o kontrolu logu. Děkuji
Logfile of random's system information tool 1.06 (written by random/random)
Run by Smudy at 2012-03-12 15:03:36
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 23 GB (39%) free of 60 GB
Total RAM: 2015 MB (66% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:03:54, on 12.3.2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Skype\Phone\Skype.exe
D:\Dokumenty\viry\RSIT.exe
C:\Program Files\trend micro\Smudy.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.centrum.cz/#utm_source=icq&u ... um=centrum
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{9783E68B-AEAD-4271-864F-D0C12BB83B40}: NameServer = 78.157.167.7,78.157.167.57
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - (no file)
O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Realtime Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sony Ericsson PCCompanion - Avanquest Software - C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
--
End of file - 5401 bytes
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-01-03 63912]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-02-09 41760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2011-02-09 79648]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-08-16 7630848]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2006-08-16 86016]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2009-03-27 17567744]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2011-09-23 258512]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-01-03 843712]
"WinampAgent"=C:\Program Files\Winamp\winampa.exe [2011-12-09 74752]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2006-01-12 155648]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Companion]
C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe [2011-10-21 433872]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^HP Digital Imaging Monitor.lnk]
C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe [2006-02-19 288472]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\wpdshserviceobj.dll [2008-06-13 133632]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"
"C:\Program Files\Sony Ericsson\Update Engine\Sony Ericsson Update Engine.exe"="C:\Program Files\Sony Ericsson\Update Engine\Sony Ericsson Update Engine.exe:*:Enabled:Update Engine"
"C:\Program Files\ICQ7.5\ICQ.exe"="C:\Program Files\ICQ7.5\ICQ.exe:*:Enabled:ICQ7.5"
"C:\Program Files\SopCast\adv\SopAdver.exe"="C:\Program Files\SopCast\adv\SopAdver.exe:*:Disabled:SopCast Adver"
"C:\Program Files\SopCast\SopCast.exe"="C:\Program Files\SopCast\SopCast.exe:*:Enabled:SopCast Main Application"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\Valve\hl.exe"="C:\Program Files\Valve\hl.exe:*:Enabled:Half-Life Launcher"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\ICQ7.5\ICQ.exe"="C:\Program Files\ICQ7.5\ICQ.exe:*:Enabled:ICQ7.5"
======List of files/folders created in the last 1 months======
2012-03-11 23:05:30 ----HDC---- C:\WINDOWS\ie8
2012-03-11 20:08:26 ----A---- C:\ComboFix.txt
2012-03-11 19:54:19 ----A---- C:\WINDOWS\NIRCMD.exe
2012-03-11 19:24:33 ----D---- C:\WINDOWS\ie7updates
2012-03-11 19:24:27 ----A---- C:\WINDOWS\imsins.BAK
2012-03-11 19:24:25 ----HDC---- C:\WINDOWS\$NtUninstallKB2510581$
2012-03-11 17:40:28 ----A---- C:\TDSSKiller.2.7.20.0_11.03.2012_17.40.28_log.txt
2012-03-11 15:12:22 ----D---- C:\TDSSKiller_Quarantine
2012-03-11 15:11:11 ----A---- C:\TDSSKiller.2.7.20.0_11.03.2012_15.11.11_log.txt
2012-03-11 11:25:31 ----A---- C:\TDSSKiller.2.7.20.0_11.03.2012_11.25.31_log.txt
2012-03-11 11:12:54 ----A---- C:\TDSSKiller.2.7.20.0_11.03.2012_11.12.54_log.txt
2012-03-10 18:12:06 ----A---- C:\Boot.bak
2012-03-10 18:12:03 ----RASHD---- C:\cmdcons
2012-03-10 18:09:40 ----A---- C:\WINDOWS\zip.exe
2012-03-10 18:09:40 ----A---- C:\WINDOWS\SWXCACLS.exe
2012-03-10 18:09:40 ----A---- C:\WINDOWS\SWSC.exe
2012-03-10 18:09:40 ----A---- C:\WINDOWS\SWREG.exe
2012-03-10 18:09:40 ----A---- C:\WINDOWS\sed.exe
2012-03-10 18:09:40 ----A---- C:\WINDOWS\PEV.exe
2012-03-10 18:09:40 ----A---- C:\WINDOWS\MBR.exe
2012-03-10 18:09:40 ----A---- C:\WINDOWS\grep.exe
2012-03-10 18:09:33 ----D---- C:\WINDOWS\ERDNT
2012-03-10 18:09:27 ----D---- C:\Qoobox
2012-03-10 13:23:04 ----D---- C:\Avenger
2012-03-10 13:23:04 ----A---- C:\avenger.txt
2012-03-04 14:08:25 ----D---- C:\Program Files\Valve
2012-03-02 15:12:45 ----D---- C:\Program Files\Winamp Detect
2012-03-02 15:12:29 ----D---- C:\Program Files\Winamp
2012-03-02 15:12:29 ----D---- C:\Documents and Settings\Smudy\Data aplikací\Winamp
2012-03-02 15:12:29 ----D---- C:\Documents and Settings\Smudy\Data aplikací\OpenCandy
2012-02-27 22:08:19 ----D---- C:\Documents and Settings\Smudy\Data aplikací\Publish Providers
2012-02-27 17:50:02 ----N---- C:\WINDOWS\system32\dbmsqlgc.dll
2012-02-27 17:50:01 ----N---- C:\WINDOWS\system32\dbmsgnet.dll
2012-02-27 17:49:44 ----D---- C:\Program Files\Microsoft SQL Server
2012-02-27 17:49:30 ----D---- C:\Documents and Settings\Smudy\Data aplikací\Sony
2012-02-27 17:48:19 ----D---- C:\Program Files\Vstplugins
2012-02-27 17:48:15 ----D---- C:\Documents and Settings\All Users\Data aplikací\Sony
2012-02-27 17:47:54 ----D---- C:\Program Files\Sony
2012-02-27 17:43:46 ----D---- C:\Program Files\Sony Setup
2012-02-27 15:10:57 ----D---- C:\Documents and Settings\Smudy\Data aplikací\Realore_Whiterra Roads Of Rome
2012-02-26 19:20:44 ----AD---- C:\Documents and Settings\All Users\Data aplikací\TEMP
2012-02-26 19:19:51 ----D---- C:\Program Files\RoadsofRome_at
2012-02-18 17:37:29 ----HDC---- C:\WINDOWS\$NtUninstallKB2660465$
2012-02-18 17:23:09 ----HDC---- C:\WINDOWS\$NtUninstallKB2661637$
2012-02-18 16:37:03 ----D---- C:\Program Files\Recuva
2012-02-16 14:07:57 ----N---- C:\WINDOWS\system32\iacenc.dll
======List of files/folders modified in the last 1 months======
2012-03-12 15:03:39 ----D---- C:\Program Files\trend micro
2012-03-12 15:03:38 ----D---- C:\WINDOWS\Temp
2012-03-12 15:03:28 ----D---- C:\WINDOWS\Prefetch
2012-03-12 15:01:58 ----D---- C:\Documents and Settings\Smudy\Data aplikací\Skype
2012-03-12 14:56:03 ----D---- C:\WINDOWS\Microsoft.NET
2012-03-12 14:54:55 ----D---- C:\WINDOWS
2012-03-12 14:53:21 ----D---- C:\WINDOWS\system32
2012-03-12 14:52:55 ----D---- C:\WINDOWS\system32\cs-cz
2012-03-12 14:52:55 ----D---- C:\WINDOWS\Media
2012-03-12 14:52:54 ----RSHDC---- C:\WINDOWS\system32\dllcache
2012-03-12 14:52:54 ----HD---- C:\WINDOWS\inf
2012-03-12 14:52:54 ----D---- C:\WINDOWS\Help
2012-03-12 14:52:54 ----D---- C:\Program Files\Internet Explorer
2012-03-11 23:10:28 ----A---- C:\WINDOWS\SchedLgU.Txt
2012-03-11 23:10:25 ----D---- C:\WINDOWS\system32\CatRoot2
2012-03-11 23:10:18 ----SHD---- C:\WINDOWS\Installer
2012-03-11 23:10:18 ----D---- C:\Config.Msi
2012-03-11 23:10:11 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2012-03-11 23:10:06 ----RSD---- C:\WINDOWS\assembly
2012-03-11 23:10:03 ----D---- C:\WINDOWS\WinSxS
2012-03-11 23:09:22 ----D---- C:\WINDOWS\system32\CatRoot
2012-03-11 23:07:48 ----D---- C:\WINDOWS\ie8updates
2012-03-11 23:07:18 ----HD---- C:\WINDOWS\$hf_mig$
2012-03-11 23:02:45 ----D---- C:\WINDOWS\Debug
2012-03-11 20:08:29 ----D---- C:\WINDOWS\system32\drivers
2012-03-11 20:03:34 ----A---- C:\WINDOWS\system.ini
2012-03-11 20:01:58 ----D---- C:\WINDOWS\system32\config
2012-03-11 19:59:37 ----D---- C:\WINDOWS\AppPatch
2012-03-11 19:59:35 ----D---- C:\Program Files\Common Files
2012-03-11 16:47:37 ----D---- C:\Program Files
2012-03-11 11:43:26 ----D---- C:\Documents and Settings\Smudy\Data aplikací\vlc
2012-03-11 11:42:37 ----A---- C:\WINDOWS\NeroDigital.ini
2012-03-11 00:07:55 ----D---- C:\Program Files\QIP
2012-03-11 00:07:11 ----D---- C:\Program Files\Common Files\InstallShield
2012-03-11 00:06:31 ----D---- C:\WINDOWS\system32\WinFast
2012-03-11 00:02:59 ----RSD---- C:\WINDOWS\Fonts
2012-03-11 00:02:59 ----HD---- C:\Program Files\InstallShield Installation Information
2012-03-10 18:12:06 ----RASH---- C:\boot.ini
2012-03-01 21:44:37 ----D---- C:\Documents and Settings\All Users\Data aplikací\Microsoft Help
2012-03-01 21:43:52 ----D---- C:\Program Files\Common Files\Microsoft Shared
2012-03-01 21:41:53 ----A---- C:\WINDOWS\win.ini
2012-03-01 16:53:33 ----D---- C:\Documents and Settings\All Users\Data aplikací\Adobe
2012-03-01 16:53:32 ----D---- C:\Program Files\Common Files\Adobe
2012-03-01 16:53:28 ----D---- C:\Program Files\Adobe
2012-02-27 17:50:01 ----HD---- C:\Program Files\Uninstall Information
2012-02-18 20:02:18 ----D---- C:\Program Files\Microsoft Silverlight
2012-02-18 17:37:38 ----A---- C:\WINDOWS\system32\MRT.exe
2012-02-18 09:15:59 ----D---- C:\Program Files\Mozilla Firefox
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 AmdK8;AMD Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2005-03-09 36352]
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2012-02-16 137416]
R1 avkmgr;avkmgr; C:\WINDOWS\system32\DRIVERS\avkmgr.sys [2011-09-15 36000]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2010-06-17 28520]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-18 12032]
R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2011-09-15 74640]
R2 CX23880;WinFast CX2388x WDM Video Capture.; C:\WINDOWS\system32\drivers\cx88vid.sys [2005-06-28 163584]
R2 CXTUNE;WinFast CX2388x WDM TVTuner.; C:\WINDOWS\system32\drivers\CX88TUNE.sys [2005-06-28 30976]
R3 CXAVXBAR;WinFast CX2388x WDM Crossbar.; C:\WINDOWS\system32\drivers\cxavxbar.sys [2005-06-28 9728]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2009-03-30 5063168]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-08-16 3959712]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2006-07-11 57856]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2006-07-11 20480]
R3 seehcri;Sony Ericsson seehcri Device Driver; C:\WINDOWS\system32\DRIVERS\seehcri.sys [2008-01-09 27632]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Ovladač Miniport otevřeného hostitelského řadiče Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 usbstor;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbvideo;Zobrazovací zařízení USB (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-13 121984]
S3 Ambfilt;Ambfilt; C:\WINDOWS\system32\drivers\Ambfilt.sys [2008-08-05 1684736]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2006-04-13 49664]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2006-04-13 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2006-04-13 21568]
S3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys []
S3 Monfilt;Monfilt; C:\WINDOWS\system32\drivers\Monfilt.sys [2006-01-04 1389056]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 s0016bus;Sony Ericsson Device 0016 driver (WDM); C:\WINDOWS\system32\DRIVERS\s0016bus.sys [2008-05-16 89256]
S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\s0016mdfl.sys [2008-05-16 15016]
S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\s0016mdm.sys [2008-05-16 120744]
S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\s0016mgmt.sys [2008-05-16 114216]
S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS); C:\WINDOWS\system32\DRIVERS\s0016nd5.sys [2008-05-16 25512]
S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\s0016obex.sys [2008-05-16 110632]
S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM); C:\WINDOWS\system32\DRIVERS\s0016unic.sys [2008-05-16 115752]
S3 s1018bus;Sony Ericsson Device 1018 driver (WDM); C:\WINDOWS\system32\DRIVERS\s1018bus.sys [2009-03-25 86824]
S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\s1018mdfl.sys [2009-03-25 15016]
S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\s1018mdm.sys [2009-03-25 114728]
S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\s1018mgmt.sys [2009-03-25 106208]
S3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS); C:\WINDOWS\system32\DRIVERS\s1018nd5.sys [2009-03-25 26024]
S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\s1018obex.sys [2009-03-25 104744]
S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM); C:\WINDOWS\system32\DRIVERS\s1018unic.sys [2009-03-25 109864]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 WFIOCTL;WFIOCTL; \??\C:\Program Files\WinFast\WFTVFM\WFIOCTL.SYS []
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2008-06-13 38528]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2008-06-13 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AntiVirService;Avira Realtime Protection; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2011-09-23 110032]
R2 AntiVirSchedulerService;Avira Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2011-09-23 86224]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2011-02-02 153376]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-08-16 155715]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2006-03-03 69632]
R2 UleadBurningHelper;Ulead Burning Helper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [2004-12-13 49152]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 MSSQL$SONY_MEDIAMGR;MSSQL$SONY_MEDIAMGR; C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe [2002-12-17 7520337]
S3 MSSQLServerADHelper;MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [2002-12-17 66112]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2006-11-10 774144]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion; C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [2011-06-29 155344]
S3 SQLAgent$SONY_MEDIAMGR;SQLAgent$SONY_MEDIAMGR; C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE [2002-12-17 311872]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
-----------------EOF-----------------
Ty porty, a virtualni mechanika je už v pohodě ?
Run by Smudy at 2012-03-12 15:03:36
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 23 GB (39%) free of 60 GB
Total RAM: 2015 MB (66% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:03:54, on 12.3.2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Skype\Phone\Skype.exe
D:\Dokumenty\viry\RSIT.exe
C:\Program Files\trend micro\Smudy.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.centrum.cz/#utm_source=icq&u ... um=centrum
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{9783E68B-AEAD-4271-864F-D0C12BB83B40}: NameServer = 78.157.167.7,78.157.167.57
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - (no file)
O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Realtime Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sony Ericsson PCCompanion - Avanquest Software - C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
--
End of file - 5401 bytes
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-01-03 63912]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-02-09 41760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2011-02-09 79648]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-08-16 7630848]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2006-08-16 86016]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2009-03-27 17567744]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2011-09-23 258512]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-01-03 843712]
"WinampAgent"=C:\Program Files\Winamp\winampa.exe [2011-12-09 74752]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2006-01-12 155648]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Companion]
C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe [2011-10-21 433872]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^HP Digital Imaging Monitor.lnk]
C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe [2006-02-19 288472]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\wpdshserviceobj.dll [2008-06-13 133632]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"
"C:\Program Files\Sony Ericsson\Update Engine\Sony Ericsson Update Engine.exe"="C:\Program Files\Sony Ericsson\Update Engine\Sony Ericsson Update Engine.exe:*:Enabled:Update Engine"
"C:\Program Files\ICQ7.5\ICQ.exe"="C:\Program Files\ICQ7.5\ICQ.exe:*:Enabled:ICQ7.5"
"C:\Program Files\SopCast\adv\SopAdver.exe"="C:\Program Files\SopCast\adv\SopAdver.exe:*:Disabled:SopCast Adver"
"C:\Program Files\SopCast\SopCast.exe"="C:\Program Files\SopCast\SopCast.exe:*:Enabled:SopCast Main Application"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\Valve\hl.exe"="C:\Program Files\Valve\hl.exe:*:Enabled:Half-Life Launcher"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\ICQ7.5\ICQ.exe"="C:\Program Files\ICQ7.5\ICQ.exe:*:Enabled:ICQ7.5"
======List of files/folders created in the last 1 months======
2012-03-11 23:05:30 ----HDC---- C:\WINDOWS\ie8
2012-03-11 20:08:26 ----A---- C:\ComboFix.txt
2012-03-11 19:54:19 ----A---- C:\WINDOWS\NIRCMD.exe
2012-03-11 19:24:33 ----D---- C:\WINDOWS\ie7updates
2012-03-11 19:24:27 ----A---- C:\WINDOWS\imsins.BAK
2012-03-11 19:24:25 ----HDC---- C:\WINDOWS\$NtUninstallKB2510581$
2012-03-11 17:40:28 ----A---- C:\TDSSKiller.2.7.20.0_11.03.2012_17.40.28_log.txt
2012-03-11 15:12:22 ----D---- C:\TDSSKiller_Quarantine
2012-03-11 15:11:11 ----A---- C:\TDSSKiller.2.7.20.0_11.03.2012_15.11.11_log.txt
2012-03-11 11:25:31 ----A---- C:\TDSSKiller.2.7.20.0_11.03.2012_11.25.31_log.txt
2012-03-11 11:12:54 ----A---- C:\TDSSKiller.2.7.20.0_11.03.2012_11.12.54_log.txt
2012-03-10 18:12:06 ----A---- C:\Boot.bak
2012-03-10 18:12:03 ----RASHD---- C:\cmdcons
2012-03-10 18:09:40 ----A---- C:\WINDOWS\zip.exe
2012-03-10 18:09:40 ----A---- C:\WINDOWS\SWXCACLS.exe
2012-03-10 18:09:40 ----A---- C:\WINDOWS\SWSC.exe
2012-03-10 18:09:40 ----A---- C:\WINDOWS\SWREG.exe
2012-03-10 18:09:40 ----A---- C:\WINDOWS\sed.exe
2012-03-10 18:09:40 ----A---- C:\WINDOWS\PEV.exe
2012-03-10 18:09:40 ----A---- C:\WINDOWS\MBR.exe
2012-03-10 18:09:40 ----A---- C:\WINDOWS\grep.exe
2012-03-10 18:09:33 ----D---- C:\WINDOWS\ERDNT
2012-03-10 18:09:27 ----D---- C:\Qoobox
2012-03-10 13:23:04 ----D---- C:\Avenger
2012-03-10 13:23:04 ----A---- C:\avenger.txt
2012-03-04 14:08:25 ----D---- C:\Program Files\Valve
2012-03-02 15:12:45 ----D---- C:\Program Files\Winamp Detect
2012-03-02 15:12:29 ----D---- C:\Program Files\Winamp
2012-03-02 15:12:29 ----D---- C:\Documents and Settings\Smudy\Data aplikací\Winamp
2012-03-02 15:12:29 ----D---- C:\Documents and Settings\Smudy\Data aplikací\OpenCandy
2012-02-27 22:08:19 ----D---- C:\Documents and Settings\Smudy\Data aplikací\Publish Providers
2012-02-27 17:50:02 ----N---- C:\WINDOWS\system32\dbmsqlgc.dll
2012-02-27 17:50:01 ----N---- C:\WINDOWS\system32\dbmsgnet.dll
2012-02-27 17:49:44 ----D---- C:\Program Files\Microsoft SQL Server
2012-02-27 17:49:30 ----D---- C:\Documents and Settings\Smudy\Data aplikací\Sony
2012-02-27 17:48:19 ----D---- C:\Program Files\Vstplugins
2012-02-27 17:48:15 ----D---- C:\Documents and Settings\All Users\Data aplikací\Sony
2012-02-27 17:47:54 ----D---- C:\Program Files\Sony
2012-02-27 17:43:46 ----D---- C:\Program Files\Sony Setup
2012-02-27 15:10:57 ----D---- C:\Documents and Settings\Smudy\Data aplikací\Realore_Whiterra Roads Of Rome
2012-02-26 19:20:44 ----AD---- C:\Documents and Settings\All Users\Data aplikací\TEMP
2012-02-26 19:19:51 ----D---- C:\Program Files\RoadsofRome_at
2012-02-18 17:37:29 ----HDC---- C:\WINDOWS\$NtUninstallKB2660465$
2012-02-18 17:23:09 ----HDC---- C:\WINDOWS\$NtUninstallKB2661637$
2012-02-18 16:37:03 ----D---- C:\Program Files\Recuva
2012-02-16 14:07:57 ----N---- C:\WINDOWS\system32\iacenc.dll
======List of files/folders modified in the last 1 months======
2012-03-12 15:03:39 ----D---- C:\Program Files\trend micro
2012-03-12 15:03:38 ----D---- C:\WINDOWS\Temp
2012-03-12 15:03:28 ----D---- C:\WINDOWS\Prefetch
2012-03-12 15:01:58 ----D---- C:\Documents and Settings\Smudy\Data aplikací\Skype
2012-03-12 14:56:03 ----D---- C:\WINDOWS\Microsoft.NET
2012-03-12 14:54:55 ----D---- C:\WINDOWS
2012-03-12 14:53:21 ----D---- C:\WINDOWS\system32
2012-03-12 14:52:55 ----D---- C:\WINDOWS\system32\cs-cz
2012-03-12 14:52:55 ----D---- C:\WINDOWS\Media
2012-03-12 14:52:54 ----RSHDC---- C:\WINDOWS\system32\dllcache
2012-03-12 14:52:54 ----HD---- C:\WINDOWS\inf
2012-03-12 14:52:54 ----D---- C:\WINDOWS\Help
2012-03-12 14:52:54 ----D---- C:\Program Files\Internet Explorer
2012-03-11 23:10:28 ----A---- C:\WINDOWS\SchedLgU.Txt
2012-03-11 23:10:25 ----D---- C:\WINDOWS\system32\CatRoot2
2012-03-11 23:10:18 ----SHD---- C:\WINDOWS\Installer
2012-03-11 23:10:18 ----D---- C:\Config.Msi
2012-03-11 23:10:11 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2012-03-11 23:10:06 ----RSD---- C:\WINDOWS\assembly
2012-03-11 23:10:03 ----D---- C:\WINDOWS\WinSxS
2012-03-11 23:09:22 ----D---- C:\WINDOWS\system32\CatRoot
2012-03-11 23:07:48 ----D---- C:\WINDOWS\ie8updates
2012-03-11 23:07:18 ----HD---- C:\WINDOWS\$hf_mig$
2012-03-11 23:02:45 ----D---- C:\WINDOWS\Debug
2012-03-11 20:08:29 ----D---- C:\WINDOWS\system32\drivers
2012-03-11 20:03:34 ----A---- C:\WINDOWS\system.ini
2012-03-11 20:01:58 ----D---- C:\WINDOWS\system32\config
2012-03-11 19:59:37 ----D---- C:\WINDOWS\AppPatch
2012-03-11 19:59:35 ----D---- C:\Program Files\Common Files
2012-03-11 16:47:37 ----D---- C:\Program Files
2012-03-11 11:43:26 ----D---- C:\Documents and Settings\Smudy\Data aplikací\vlc
2012-03-11 11:42:37 ----A---- C:\WINDOWS\NeroDigital.ini
2012-03-11 00:07:55 ----D---- C:\Program Files\QIP
2012-03-11 00:07:11 ----D---- C:\Program Files\Common Files\InstallShield
2012-03-11 00:06:31 ----D---- C:\WINDOWS\system32\WinFast
2012-03-11 00:02:59 ----RSD---- C:\WINDOWS\Fonts
2012-03-11 00:02:59 ----HD---- C:\Program Files\InstallShield Installation Information
2012-03-10 18:12:06 ----RASH---- C:\boot.ini
2012-03-01 21:44:37 ----D---- C:\Documents and Settings\All Users\Data aplikací\Microsoft Help
2012-03-01 21:43:52 ----D---- C:\Program Files\Common Files\Microsoft Shared
2012-03-01 21:41:53 ----A---- C:\WINDOWS\win.ini
2012-03-01 16:53:33 ----D---- C:\Documents and Settings\All Users\Data aplikací\Adobe
2012-03-01 16:53:32 ----D---- C:\Program Files\Common Files\Adobe
2012-03-01 16:53:28 ----D---- C:\Program Files\Adobe
2012-02-27 17:50:01 ----HD---- C:\Program Files\Uninstall Information
2012-02-18 20:02:18 ----D---- C:\Program Files\Microsoft Silverlight
2012-02-18 17:37:38 ----A---- C:\WINDOWS\system32\MRT.exe
2012-02-18 09:15:59 ----D---- C:\Program Files\Mozilla Firefox
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 AmdK8;AMD Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2005-03-09 36352]
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2012-02-16 137416]
R1 avkmgr;avkmgr; C:\WINDOWS\system32\DRIVERS\avkmgr.sys [2011-09-15 36000]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2010-06-17 28520]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-18 12032]
R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2011-09-15 74640]
R2 CX23880;WinFast CX2388x WDM Video Capture.; C:\WINDOWS\system32\drivers\cx88vid.sys [2005-06-28 163584]
R2 CXTUNE;WinFast CX2388x WDM TVTuner.; C:\WINDOWS\system32\drivers\CX88TUNE.sys [2005-06-28 30976]
R3 CXAVXBAR;WinFast CX2388x WDM Crossbar.; C:\WINDOWS\system32\drivers\cxavxbar.sys [2005-06-28 9728]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2009-03-30 5063168]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-08-16 3959712]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2006-07-11 57856]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2006-07-11 20480]
R3 seehcri;Sony Ericsson seehcri Device Driver; C:\WINDOWS\system32\DRIVERS\seehcri.sys [2008-01-09 27632]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Ovladač Miniport otevřeného hostitelského řadiče Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 usbstor;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbvideo;Zobrazovací zařízení USB (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-13 121984]
S3 Ambfilt;Ambfilt; C:\WINDOWS\system32\drivers\Ambfilt.sys [2008-08-05 1684736]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2006-04-13 49664]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2006-04-13 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2006-04-13 21568]
S3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys []
S3 Monfilt;Monfilt; C:\WINDOWS\system32\drivers\Monfilt.sys [2006-01-04 1389056]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 s0016bus;Sony Ericsson Device 0016 driver (WDM); C:\WINDOWS\system32\DRIVERS\s0016bus.sys [2008-05-16 89256]
S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\s0016mdfl.sys [2008-05-16 15016]
S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\s0016mdm.sys [2008-05-16 120744]
S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\s0016mgmt.sys [2008-05-16 114216]
S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS); C:\WINDOWS\system32\DRIVERS\s0016nd5.sys [2008-05-16 25512]
S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\s0016obex.sys [2008-05-16 110632]
S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM); C:\WINDOWS\system32\DRIVERS\s0016unic.sys [2008-05-16 115752]
S3 s1018bus;Sony Ericsson Device 1018 driver (WDM); C:\WINDOWS\system32\DRIVERS\s1018bus.sys [2009-03-25 86824]
S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\s1018mdfl.sys [2009-03-25 15016]
S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\s1018mdm.sys [2009-03-25 114728]
S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\s1018mgmt.sys [2009-03-25 106208]
S3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS); C:\WINDOWS\system32\DRIVERS\s1018nd5.sys [2009-03-25 26024]
S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\s1018obex.sys [2009-03-25 104744]
S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM); C:\WINDOWS\system32\DRIVERS\s1018unic.sys [2009-03-25 109864]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 WFIOCTL;WFIOCTL; \??\C:\Program Files\WinFast\WFTVFM\WFIOCTL.SYS []
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2008-06-13 38528]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2008-06-13 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AntiVirService;Avira Realtime Protection; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2011-09-23 110032]
R2 AntiVirSchedulerService;Avira Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2011-09-23 86224]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2011-02-02 153376]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-08-16 155715]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2006-03-03 69632]
R2 UleadBurningHelper;Ulead Burning Helper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [2004-12-13 49152]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 MSSQL$SONY_MEDIAMGR;MSSQL$SONY_MEDIAMGR; C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe [2002-12-17 7520337]
S3 MSSQLServerADHelper;MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [2002-12-17 66112]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2006-11-10 774144]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion; C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [2011-06-29 155344]
S3 SQLAgent$SONY_MEDIAMGR;SQLAgent$SONY_MEDIAMGR; C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE [2002-12-17 311872]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
-----------------EOF-----------------
Ty porty, a virtualni mechanika je už v pohodě ?- Přílohy
-
- Result.rar
- (227.74 KiB) Staženo 32 x
Re: Prosím o kontrolu logu. Děkuji
SystemLook 30.07.11 by jpshortstuff
Log created at 20:01 on 12/03/2012 by Smudy
Administrator - Elevation successful
========== filefind ==========
Searching for "IntelIde.sys"
No files found.
-= EOF =-
Log created at 20:01 on 12/03/2012 by Smudy
Administrator - Elevation successful
========== filefind ==========
Searching for "IntelIde.sys"
No files found.
-= EOF =-
Re: Prosím o kontrolu logu. Děkuji
OTL logfile created on: 12.3.2012 22:06:22 - Run 1
OTL by OldTimer - Version 3.2.36.3 Folder = C:\Documents and Settings\Smudy\Plocha
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy
1,97 Gb Total Physical Memory | 1,09 Gb Available Physical Memory | 55,18% Memory free
2,52 Gb Paging File | 1,67 Gb Available in Paging File | 66,20% Paging File free
Paging file location(s): C:\pagefile.sys 720 1440 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 58,59 Gb Total Space | 22,75 Gb Free Space | 38,82% Space Free | Partition Type: NTFS
Drive D: | 90,45 Gb Total Space | 22,46 Gb Free Space | 24,84% Space Free | Partition Type: NTFS
Drive E: | 550,96 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Computer Name: POKOJ | User Name: Smudy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days
========== Custom Scans ==========
< MD5 for: INTELIDE.SYS >
[2009.08.29 13:41:44 | 017,813,130 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:IntelIde.sys
< End of report >
OTL by OldTimer - Version 3.2.36.3 Folder = C:\Documents and Settings\Smudy\Plocha
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy
1,97 Gb Total Physical Memory | 1,09 Gb Available Physical Memory | 55,18% Memory free
2,52 Gb Paging File | 1,67 Gb Available in Paging File | 66,20% Paging File free
Paging file location(s): C:\pagefile.sys 720 1440 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 58,59 Gb Total Space | 22,75 Gb Free Space | 38,82% Space Free | Partition Type: NTFS
Drive D: | 90,45 Gb Total Space | 22,46 Gb Free Space | 24,84% Space Free | Partition Type: NTFS
Drive E: | 550,96 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Computer Name: POKOJ | User Name: Smudy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days
========== Custom Scans ==========
< MD5 for: INTELIDE.SYS >
[2009.08.29 13:41:44 | 017,813,130 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:IntelIde.sys
< End of report >
Přispějete na provoz fóra?