nedajú sa otvárať dokumenty, obrázky

Zpráva

ladir · #1 Příspěvek od **ladir** » 27 črc 2012 16:33

Mám tento problém na mojom PC. Nedajú sa mi otvoriť súbory word, excel, pdf súbory, ani fotky (jpg). Začalo to zrušením pozadia a čiernou obrazovkou a výzvou zaplatenia nejakej sumy. Následne, po zrušení, som chcel obnoviť pozadie a zistil som že sa nedajú už žiadne spomínané súbory otvoriť. Sú nejako zašifrované. word napr. hlási, že nemôže otvoriť, lebo sú problémy s obsahom. Po kontrole antivirom ESET hlásilo infiltráciu win32/trustezeb.c Vie mi s tým niekto pomôcť, prosím? Dajú sa ešte zachrániť súbory, hlavne fotky ?
Nie som nejako zdatný v riešení takýchto vecí.

Ďakujem
Ladir

#2 Příspěvek od **Rudy** » 27 črc 2012 18:54

Zkusíme to prozkoumat. Nejprve dejte log RSIT: http://forum.viry.cz/viewtopic.php?f=13&t=105895 .

ladir · #3 Příspěvek od **ladir** » 30 črc 2012 10:33

Ahoj, posielam ten log...poprosím o kontrolu.

Dík. Ladir

Logfile of random's system information tool 1.09 (written by random/random)
Run by Ladislav Repčík at 2012-07-30 11:25:23
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 5 GB (13%) free of 40 GB
Total RAM: 1023 MB (16% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:25:38, on 30.7.2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\SYSTEM32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\3M\PSNLite\PsnLite.exe
C:\PROGRA~1\3M\PSNLite\PSNGive.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Ladislav Repčík\Local Settings\Temporary Internet Files\Content.IE5\5EMD3KCC\RSIT[1].exe
C:\Program Files\trend micro\Ladislav Repčík.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.sk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: DefaultSearchHook Class - {C94E154B-1459-4A47-966B-4B843BEFC7DB} - C:\Program Files\AskSearch\bin\DefaultSearch.dll
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\Program Files\ICQToolbar\toolbaru.dll (file missing)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: Pomocník pro přihlášení ke službě Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Dealio Toolbar\SearchSettings.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Family Tree Builder Update] C:\Program Files\MyHeritage\Bin\FTBCheckUpdates.exe
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [RocketDock] "C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [X-Lite 4] "C:\Program Files\CounterPath\X-Lite 4\X-Lite4.exe" -bootload
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Ladislav Repčík\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [DAEMON Tools Lite] "F:\Programy\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [Badoo Desktop] C:\Documents and Settings\All Users\Data aplikací\Badoo\Badoo Desktop\1.6.48.1082\Badoo.Desktop.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Program Files\3M\PSNLite\PsnLite.exe
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
O8 - Extra context menu item: Previesť cieľ odkazu do formátu Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Previesť do Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Pridať cieľ odkazu do existujúceho súboru PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Pridať do existujúceho súboru PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2iexp.dll
O9 - Extra button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Garmin Communicator Plug-In - https://my.garmin.com/static/m/cab/2.8. ... ontrol.CAB
O16 - DPF: {22371112-FFB4-471E-A2F3-626B864780EE} (Maestro Citrid Viewer) - http://www.citrid.sk/plugin/MaeCi3D.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resour ... se6770.cab
O16 - DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} (CSEQueryObject Object) - http://www.myheritage.com/Genoogle/Comp ... eQuery.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 2854504406
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos-be ... canner.cab
O16 - DPF: {BF3CD111-6278-11D2-9EA3-00A0C9251384} (O2C-Player Version 1.x) - http://www.o2c.de/download/O2CPlayer.CAB
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} (SysInfo Class) - http://content.systemrequirementslab.co ... 4.24.0.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: CodeMeter Runtime Server (CodeMeter.exe) - WIBU-SYSTEMS AG - C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate1c9abba812919b) (gupdate1c9abba812919b) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 12655 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-682003330-1364589140-839522115-1003Core.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-682003330-1364589140-839522115-1003UA.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{43E2708B-2D1A-4695-AF3E-A0CB6E898307}.job

=========Mozilla firefox=========

ProfilePath - C:\Documents and Settings\Ladislav Repčík\Data aplikací\Mozilla\Firefox\Profiles\7hz0hc23.default

"{20a82645-c095-46ed-80e3-08825760534b}"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0]
"Description"=DivX® Player Plugin for VOD Content
"Path"=

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@garmin.com/GpsControl]
"Description"=Garmin GPS Control for Firefox
"Path"=C:\Program Files\Garmin GPS Plugin\npGarmin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Google.com/GoogleEarthPlugin]
"Description"=Google Earth in your browser
"Path"=C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@google.com/npPicasa2,version=2.0.0]
"Description"=Picasa2 plugin
"Path"=C:\Program Files\Picasa2\npPicasa2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=10.5.1]
"Description"=
"Path"=C:\WINDOWS\system32\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@pack.google.com/Google Updater;version=13]
"Description"=Google Updater
"Path"=C:\Program Files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

C:\Program Files\Mozilla Firefox\extensions\
{27E679CC-6AAB-4B2A-BB87-096FE4178464}
{800b5000-a755-47e1-992b-48a1c1357f07}
{972ce4c6-7e08-4474-a285-3208198ce6fd}
{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
{FD2FD708-1F6F-4B68-B141-C5778F0C19BB}

C:\Program Files\Mozilla Firefox\components\
AskSearch.js
browser.xpt
browserdirprovider.dll
brwsrcmp.dll
components.list
FeedConverter.js
FeedProcessor.js
FeedWriter.js
fuelApplication.js
GPSDGeolocationProvider.js
jsconsole-clhandler.js
NetworkGeolocationProvider.js
nsAddonRepository.js
nsBadCertHandler.js
nsBlocklistService.js
nsBrowserContentHandler.js
nsBrowserGlue.js
nsContentDispatchChooser.js
nsContentPrefService.js
nsDefaultCLH.js
nsDownloadManagerUI.js
nsExtensionManager.js
nsFormAutoComplete.js
nsHandlerService.js
nsHelperAppDlg.js
nsINIProcessor.js
nsIQTScriptablePlugin.xpt
nsLivemarkService.js
nsLoginInfo.js
nsLoginManager.js
nsLoginManagerPrompter.js
nsMicrosummaryService.js
nsPlacesAutoComplete.js
nsPlacesDBFlush.js
nsPlacesTransactionsService.js
nsPrivateBrowsingService.js
nsProxyAutoConfig.js
nsSafebrowsingApplication.js
nsSearchService.js
nsSearchSuggestions.js
nsSessionStartup.js
nsSessionStore.js
nsSetDefaultBrowser.js
nsSidebar.js
nsTaggingService.js
nsTryToClose.js
nsUpdateService.js
nsUpdateServiceStub.js
nsUpdateTimerManager.js
nsUrlClassifierLib.js
nsUrlClassifierListManager.js
nsURLFormatter.js
nsWebHandlerApp.js
pluginGlue.js
storage-Legacy.js
storage-mozStorage.js
txEXSLTRegExFunctions.js
WebContentConverter.js

C:\Program Files\Mozilla Firefox\plugins\
npbittorrent.dll
npDivxPlayerPlugin.dll
NPMySrch.dll
npnul32.dll
NPOFF12.DLL
nppdf32.dll
npqtplugin.dll
npqtplugin2.dll
npqtplugin3.dll
npqtplugin4.dll
npqtplugin5.dll
npqtplugin6.dll
npqtplugin7.dll
nsIDivxPlayerPlugin.xpt
QuickTimePlugin.class

C:\Program Files\Mozilla Firefox\searchplugins\
atlas-sk.xml
azet-sk.xml
dunaj-sk.xml
eBay.xml
google.xml
MyHeritage.xml
slovnik-sk.xml
wikipedia-sk.xml
yahoo.xml
zoznam-sk.xml

C:\Documents and Settings\Ladislav Repčík\Data aplikací\Mozilla\Firefox\Profiles\7hz0hc23.default\extensions\
{20a82645-c095-46ed-80e3-08825760534b}
{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA}
{EEE6C361-6118-11DC-9C72-001320C79847}

C:\Documents and Settings\Ladislav Repčík\Data aplikací\Mozilla\Firefox\Profiles\7hz0hc23.default\searchplugins\
absearch-search.xml
ask.xml
icqplugin-1.xml
icqplugin-2.xml
icqplugin.xml
sweetim.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055FD26D-3A88-4e15-963D-DC8493744B1D}]
XTTBPos00 Class - C:\Program Files\ICQToolbar\toolbaru.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-04-04 63912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll [2009-01-14 92504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll [2012-05-04 453504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocník pro přihlášení ke službě Windows Live - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll [2012-01-11 1003576]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll [2012-05-04 157576]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2006-09-24 282624]
"Cmaudio"=RunDll32 cmicnfg.cpl,CMICtrlWnd []
"egui"=C:\Program Files\ESET\ESET Smart Security\egui.exe [2011-09-22 3080264]
"ATIPTA"=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2004-08-12 339968]
"SweetIM"=C:\Program Files\SweetIM\Messenger\SweetIM.exe []
"SearchSettings"=C:\Program Files\Dealio Toolbar\SearchSettings.exe []
"nwiz"=nwiz.exe /install []
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2006-09-25 229952]
"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2005-08-11 81920]
"ISUSPM Startup"=C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [2005-08-11 249856]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2005-05-11 49152]
"Family Tree Builder Update"=C:\Program Files\MyHeritage\Bin\FTBCheckUpdates.exe [2011-12-21 229376]
"DivXUpdate"=C:\Program Files\DivX\DivX Update\DivXUpdate.exe /CHECKNOW []
"AdobeCS4ServiceManager"=C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [2008-08-14 611712]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe []
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-01-03 843712]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2012-01-17 252296]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"=C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-03-19 630784]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-11-18 68856]
"X-Lite 4"=C:\Program Files\CounterPath\X-Lite 4\X-Lite4.exe -bootload []
"Google Update"=C:\Documents and Settings\Ladislav Repčík\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe [2008-09-03 133104]
"DAEMON Tools Lite"=F:\Programy\DAEMON Tools Lite\DTLite.exe [2012-01-24 3478336]
"BitTorrent DNA"=C:\Program Files\DNA\btdna.exe []
"Badoo Desktop"=C:\Documents and Settings\All Users\Data aplikací\Badoo\Badoo Desktop\1.6.48.1082\Badoo.Desktop.exe []
"AdobeBridge"= []
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2012-07-13 17418928]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ADPHONE]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Launch Ai Booster]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nod32kui]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue RegistryBooster 2]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"NOD32krn"=2
"NVSvc"=2
"MS Common Service"=2

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Post-it® Software Notes Lite.lnk - C:\Program Files\3M\PSNLite\PsnLite.exe

C:\Nabídka Start\Programy\Po spuštění
RocketDock.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\SYSTEM32\Ati2evxx.dll [2004-08-13 86016]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avldr]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
WgaLogon.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableRegedit"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"DisableTaskMgr"=1
"DisableRegedit"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\T-Com Softphone Slovak\T-Com Softphone Slovak.exe"="C:\Program Files\T-Com Softphone Slovak\T-Com Softphone Slovak.exe:*:Enabled:T-Com"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\FlashAD2706\flashAD2706.exe"="C:\Program Files\FlashAD2706\flashAD2706.exe:*:Enabled:flash AD2706"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Documents and Settings\Ladislav Repčík\Local Settings\Data aplikací\Google\Google Talk Plugin\googletalkplugin.dll"="C:\Documents and Settings\Ladislav Repčík\Local Settings\Data aplikací\Google\Google Talk Plugin\googletalkplugin.dll:*:Enabled:Google Talk Plugin"
"C:\Documents and Settings\Ladislav Repčík\Local Settings\Data aplikací\Google\Google Talk Plugin\googletalkplugin.exe"="C:\Documents and Settings\Ladislav Repčík\Local Settings\Data aplikací\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin"
"C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe"="C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:*:Enabled:Adobe CSI CS4"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\ICQ7.5\ICQ.exe"="C:\Program Files\ICQ7.5\ICQ.exe:*:Enabled:ICQ7.5"
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"
"C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"
"C:\Program Files\TeamViewer\Version7\TeamViewer.exe"="C:\Program Files\TeamViewer\Version7\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application"
"C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe"="C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe:*:Enabled:Teamviewer Remote Control Service"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe"="C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe:*:Enabled:CodeMeter Runtime Server"
"C:\Program Files\Opera\pluginwrapper\opera_plugin_wrapper.exe"="C:\Program Files\Opera\pluginwrapper\opera_plugin_wrapper.exe:*:Enabled:Opera Internet Browser - Plugin wrapper"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\ICQ7.5\ICQ.exe"="C:\Program Files\ICQ7.5\ICQ.exe:*:Enabled:ICQ7.5"
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe]
"Debugger="P9KDMF.EXE
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedit.exe]
"Debugger="P9KDMF.EXE
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe]
"Debugger="P9KDMF.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.I420"=i420vfw.dll
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVU9"=tsbyuv.dll
"VIDC.YVYU"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.l3acm"=C:\WINDOWS\System32\l3codeca.acm
"msacm.divxa32"=DivXa32.acm
"MSVideo8"=VfWWDM32.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"vidc.tscc"=tsccvid.dll
"vidc.ptev"=PteVideo.dll
"VIDC.ACDV"=ACDV.dll

======List of files/folders created in the last 1 month======

2012-07-30 11:25:25 ----D---- C:\Program Files\trend micro
2012-07-30 11:25:23 ----D---- C:\rsit
2012-07-26 16:36:15 ----A---- C:\RannohDecryptor.1.1.0.0_26.07.2012_16.36.15_log.txt
2012-07-24 13:52:02 ----D---- C:\Program Files\Mozilla Thunderbird
2012-07-24 11:40:49 ----A---- C:\WINDOWS\system32\WibuCm32.dll
2012-07-24 11:40:33 ----D---- C:\Program Files\CodeMeter
2012-07-23 23:43:10 ----D---- C:\Documents and Settings\Ladislav Repčík\Data aplikací\FastStone
2012-07-23 23:42:22 ----D---- C:\Program Files\FastStone Image Viewer
2012-07-23 22:24:34 ----AD---- C:\Kaspersky Rescue Disk 10.0
2012-07-23 16:14:48 ----D---- C:\Program Files\Common Files\Skype
2012-07-23 15:32:18 ----D---- C:\Program Files\GUMF63.tmp
2012-07-21 08:47:08 ----D---- C:\Program Files\ACDSee
2012-07-20 10:52:38 ----A---- C:\ROFTable.bak
2012-07-20 10:52:38 ----A---- C:\ROFImagesTable.bak
2012-07-20 10:52:38 ----A---- C:\propertiesTable.bak
2012-07-20 10:52:38 ----A---- C:\pathnameTable.bak
2012-07-20 10:52:38 ----A---- C:\managedFolderTable.bak
2012-07-20 10:52:38 ----A---- C:\keywordTable.bak
2012-07-20 10:52:38 ----A---- C:\keywordImagesTable.bak
2012-07-20 10:52:38 ----A---- C:\imageTable.bak
2012-07-20 10:52:38 ----A---- C:\EXIFTable.bak
2012-07-20 10:52:38 ----A---- C:\albumTable.bak
2012-07-20 10:52:38 ----A---- C:\albumImagesTable.bak
2012-07-20 10:52:37 ----A---- C:\administrativeInfo.bak
2012-07-20 10:46:57 ----A---- C:\CB_Server_Errors.txt
2012-07-19 09:54:09 ----D---- C:\Documents and Settings\Ladislav Repčík\Data aplikací\vlc
2012-07-11 09:39:25 ----HDC---- C:\WINDOWS\$NtUninstallKB2691442$
2012-07-11 09:39:05 ----HDC---- C:\WINDOWS\$NtUninstallKB2718523$
2012-07-11 09:37:15 ----HDC---- C:\WINDOWS\$NtUninstallKB2655992$
2012-07-11 09:34:46 ----HDC---- C:\WINDOWS\$NtUninstallKB2719985$
2012-07-11 09:29:11 ----HDC---- C:\WINDOWS\$NtUninstallKB2698365$
2012-07-03 19:00:48 ----D---- C:\Program Files\Oracle
2012-07-03 19:00:27 ----D---- C:\Documents and Settings\Ladislav Repčík\Data aplikací\Oracle
2012-07-03 19:00:21 ----A---- C:\WINDOWS\system32\npDeployJava1.dll
2012-07-03 19:00:21 ----A---- C:\WINDOWS\system32\javaws.exe
2012-07-03 19:00:07 ----A---- C:\WINDOWS\system32\javaw.exe
2012-07-03 19:00:07 ----A---- C:\WINDOWS\system32\java.exe
2012-07-02 10:10:04 ----D---- C:\Documents and Settings\All Users\Data aplikací\McAfee

======List of files/folders modified in the last 1 month======

2012-07-30 11:25:25 ----D---- C:\Program Files
2012-07-30 11:25:18 ----D---- C:\WINDOWS\Prefetch
2012-07-30 10:51:00 ----A---- C:\WINDOWS\SchedLgU.Txt
2012-07-30 10:37:28 ----D---- C:\WINDOWS\Temp
2012-07-30 08:10:06 ----D---- C:\WINDOWS\Minidump
2012-07-30 08:09:58 ----D---- C:\WINDOWS
2012-07-30 08:00:36 ----D---- C:\Documents and Settings\Ladislav Repčík\Data aplikací\Skype
2012-07-27 16:57:23 ----D---- C:\Program Files\Opera
2012-07-27 16:47:47 ----D---- C:\Documents and Settings\All Users\Data aplikací\Google Updater
2012-07-26 16:57:32 ----SD---- C:\Dokumenty
2012-07-26 13:25:19 ----D---- C:\WINDOWS\system32\CatRoot2
2012-07-26 13:17:40 ----D---- C:\WINDOWS\Registration
2012-07-25 17:39:16 ----A---- C:\WINDOWS\MyHeritage.INI
2012-07-25 16:20:38 ----SHD---- C:\WINDOWS\Installer
2012-07-25 16:20:37 ----D---- C:\Config.Msi
2012-07-25 16:20:18 ----D---- C:\Program Files\Common Files\ACD Systems
2012-07-25 16:19:29 ----D---- C:\WINDOWS\system32
2012-07-25 12:57:02 ----A---- C:\WINDOWS\NeroDigital.ini
2012-07-24 12:23:19 ----D---- C:\Program Files\DOSBox-0.72
2012-07-24 09:33:25 ----D---- C:\WINDOWS\Help
2012-07-23 17:45:03 ----D---- C:\Documents and Settings\Ladislav Repčík\Data aplikací\BitTorrent
2012-07-23 16:15:03 ----D---- C:\Documents and Settings\All Users\Data aplikací\Skype
2012-07-23 16:14:49 ----RD---- C:\Program Files\Skype
2012-07-23 16:14:48 ----D---- C:\Program Files\Common Files
2012-07-23 15:34:49 ----D---- C:\Program Files\Google
2012-07-23 13:51:18 ----AC---- C:\WINDOWS\cdplayer.ini
2012-07-23 13:50:40 ----AC---- C:\Documents and Settings\All Users\Data aplikací\ss.ini
2012-07-23 13:38:37 ----D---- C:\Documents and Settings\Ladislav Repčík\Data aplikací\OpenOffice.org2
2012-07-23 12:08:06 ----D---- C:\Documents and Settings\Ladislav Repčík\Data aplikací\ICQ
2012-07-21 08:27:01 ----D---- C:\WINDOWS\Downloaded Installations
2012-07-20 11:38:40 ----D---- C:\Documents and Settings\Ladislav Repčík\Data aplikací\Audacity
2012-07-20 11:17:03 ----D---- C:\WINDOWS\WinSxS
2012-07-20 10:36:05 ----SHD---- C:\System Volume Information
2012-07-20 10:36:05 ----D---- C:\WINDOWS\system32\Restore
2012-07-20 10:34:50 ----D---- C:\DATA
2012-07-20 10:34:18 ----D---- C:\95c0161f2ee9c51a4edbd69e0097
2012-07-19 11:34:12 ----D---- C:\WINDOWS\system32\NtmsData
2012-07-19 10:35:01 ----D---- C:\Documents and Settings\Ladislav Repčík\Data aplikací\Mozilla
2012-07-13 19:25:42 ----D---- C:\Programy
2012-07-13 19:25:31 ----D---- C:\WINDOWS\system32\drivers
2012-07-13 19:09:16 ----D---- C:\Program Files\EDB_DVD
2012-07-13 18:59:02 ----AD---- C:\Documents and Settings\All Users\Data aplikací\TEMP
2012-07-13 18:27:57 ----D---- C:\Program Files\Astroburn Lite
2012-07-13 18:14:16 ----D---- C:\Program Files\Adobe
2012-07-13 17:39:46 ----A---- C:\WINDOWS\imsins.BAK
2012-07-13 17:35:34 ----D---- C:\Program Files\iPod
2012-07-13 17:28:46 ----D---- C:\Program Files\TechPark
2012-07-13 17:11:49 ----D---- C:\Program Files\Mozilla Firefox
2012-07-13 16:56:43 ----SD---- C:\Hudba
2012-07-11 09:39:33 ----HD---- C:\WINDOWS\inf
2012-07-11 09:39:28 ----RSHDC---- C:\WINDOWS\system32\dllcache
2012-07-11 09:38:54 ----HD---- C:\WINDOWS\$hf_mig$
2012-07-11 09:38:49 ----D---- C:\Documents and Settings\All Users\Data aplikací\Microsoft Help
2012-07-11 09:37:37 ----A---- C:\WINDOWS\win.ini
2012-07-11 09:29:36 ----A---- C:\WINDOWS\system32\MRT.exe
2012-07-06 19:10:59 ----D---- C:\Program Files\Nero
2012-07-06 19:10:30 ----D---- C:\Documents and Settings\All Users\Data aplikací\Nero
2012-07-03 19:01:41 ----D---- C:\Program Files\Common Files\Java
2012-07-03 18:59:39 ----D---- C:\Program Files\Java

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 a347bus;a347bus; C:\WINDOWS\system32\DRIVERS\a347bus.sys [2004-04-30 160640]
R0 a347scsi;a347scsi; C:\WINDOWS\System32\Drivers\a347scsi.sys [2004-04-30 5248]
R0 giveio;giveio; C:\WINDOWS\system32\giveio.sys [1996-04-03 5248]
R0 imagedrv;imagedrv; C:\WINDOWS\System32\Drivers\imagedrv.sys [2005-08-15 5888]
R0 imagesrv;imagesrv; C:\WINDOWS\System32\DRIVERS\imagesrv.sys [2005-08-15 127488]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2010-07-12 45648]
R0 sfdrv01;StarForce Protection Environment Driver (version 1.x); C:\WINDOWS\System32\drivers\sfdrv01.sys [2004-10-07 46080]
R0 sfhlp02;StarForce Protection Helper Driver (version 2.x); C:\WINDOWS\System32\drivers\sfhlp02.sys [2004-09-14 6656]
R0 sfsync02;StarForce Protection Synchronization Driver (version 2.x); C:\WINDOWS\System32\drivers\sfsync02.sys [2004-10-06 19840]
R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2012-02-04 691696]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2008-01-18 77696]
R1 AsIO;AsIO; C:\WINDOWS\system32\drivers\AsIO.sys [2004-10-14 4962]
R1 aslm75;aslm75; \??\C:\WINDOWS\system32\drivers\aslm75.sys []
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\WINDOWS\system32\DRIVERS\dtsoftbus01.sys [2012-02-04 242240]
R1 ehdrv;ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [2011-08-04 118104]
R1 epfwtdi;epfwtdi; C:\WINDOWS\system32\DRIVERS\epfwtdi.sys [2011-08-04 61936]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\System32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 Tcpip6;Ovladač protokolu Microsoft IPv6; C:\WINDOWS\system32\DRIVERS\tcpip6.sys [2010-02-11 226880]
R1 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-10-25 12032]
R2 adfs;adfs; C:\WINDOWS\system32\drivers\adfs.sys [2008-08-14 74720]
R2 Angelnt;Angelnt; C:\WINDOWS\System32\Drivers\ANGELNT.SYS [2008-02-22 51072]
R2 eamon;eamon; C:\WINDOWS\system32\DRIVERS\eamon.sys [2011-08-09 154136]
R2 epfw;epfw; C:\WINDOWS\system32\DRIVERS\epfw.sys [2011-08-04 147480]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2004-08-13 786944]
R3 cmudax;C-Media High Definition Audio Interface; C:\WINDOWS\system32\drivers\cmudax.sys [2005-05-11 1287296]
R3 Epfwndis;Eset Personal Firewall; C:\WINDOWS\system32\DRIVERS\Epfwndis.sys [2011-08-09 39824]
R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2006-07-14 14448]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-10-25 12160]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\System32\DRIVERS\ASACPI.sys [2004-08-13 5810]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2012-07-21 10368]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:\WINDOWS\system32\DRIVERS\yk51x86.sys [2004-10-27 223104]
S1 InCDPass;InCDPass; C:\WINDOWS\system32\drivers\InCDPass.sys []
S1 InCDRm;InCD Reader; C:\WINDOWS\system32\drivers\InCDRm.sys []
S3 btaudio;Bluetooth Audio Device; C:\WINDOWS\system32\drivers\btaudio.sys []
S3 BTDriver;Bluetooth Virtual Communications Driver; C:\WINDOWS\system32\DRIVERS\btport.sys []
S3 BTWDNDIS;Bluetooth LAN Access Server; C:\WINDOWS\system32\DRIVERS\btwdndis.sys []
S3 btwhid;btwhid; C:\WINDOWS\system32\DRIVERS\btwhid.sys []
S3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys []
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 CoachUsb;Coach Digital Camera on USB; C:\WINDOWS\system32\DRIVERS\CoachUsb.sys [2004-01-22 46944]
S3 CoachVc;Coach Video Capture; C:\WINDOWS\system32\DRIVERS\CoachVc.sys [2003-11-03 44256]
S3 cpudrv;cpudrv; \??\C:\Program Files\SystemRequirementsLab\cpudrv.sys []
S3 GMSIPCI;GMSIPCI; \??\D:\INSTALL\GMSIPCI.SYS []
S3 HdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\HdAudio.sys [2005-01-07 145920]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [2005-03-08 51120]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [2005-03-08 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [2005-03-08 21744]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\System32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2011-05-25 12753664]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 RkHit;RkHit; \??\C:\WINDOWS\system32\drivers\RKHit.sys []
S3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2001-10-25 5888]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\System32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\System32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv; \??\C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys []
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Třída USB Printer; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2008-03-27 503008]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\System32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2008-01-18 83328]
S4 InCDFs;InCD File System; C:\WINDOWS\system32\drivers\InCDFs.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 6to4;Pomocná služba protokolu IPv6; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2004-08-13 389120]
R2 CodeMeter.exe;CodeMeter Runtime Server; C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe [2012-05-18 2370448]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2011-09-22 974944]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe [2012-05-04 161664]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\HPZipm12.exe [2004-09-29 69632]
R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-01-14 226656]
R2 UleadBurningHelper;Ulead Burning Helper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [2005-01-31 49152]
R2 UxTuneUp;TuneUp Theme Extension; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2006-09-25 451136]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2004-08-12 516096]
S2 gupdate1c9abba812919b;Google Update Service (gupdate1c9abba812919b); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-03-23 133104]
S2 SkypeUpdate;Skype Updater; C:\Program Files\Skype\Updater\Updater.exe [2012-07-13 160944]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-09-11 655624]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-03-23 133104]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2011-09-08 182768]
S3 idsvc;Služba Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2010-01-26 652800]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S4 NetTcpPortSharing;Služba sdílení portů Net.Tcp; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

#4 Příspěvek od **Rudy** » 30 črc 2012 18:49

Něco tam bude. Poprosím o log ComboFix.

Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se

jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine

aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode,

pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k

nezadoucim kolizim s rezidentem antispyware

ladir · #5 Příspěvek od **ladir** » 31 črc 2012 07:58

Dobré ráno, Combofix som nechal prebehnúť, posielam log na kontrolu.
s pozdravom
Ladir

ComboFix 12-07-30.03 - Ladislav Repčík 31.07.2012 8:27.1.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1023.515 [GMT 2:00]
Spuštěný z: c:\documents and settings\Ladislav RepŔÝk\Plocha\ComboFix.exe
AV: ESET Smart Security 5.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET personal firewall *Disabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
FW: Platinum 2006 Personal Firewall *Enabled* {4570FB70-5C9E-47E9-B16C-A3A6A06C4BF0}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\AskSearch\bin\DeFAultsearch.dll
c:\program files\Mozilla Firefox\extensions\{27E679CC-6AAB-4B2A-BB87-096FE4178464}
c:\program files\Mozilla Firefox\extensions\{27E679CC-6AAB-4B2A-BB87-096FE4178464}\defaults\preferences\prefs.js
c:\program files\Mozilla Firefox\extensions\{27E679CC-6AAB-4B2A-BB87-096FE4178464}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{27E679CC-6AAB-4B2A-BB87-096FE4178464}\install.rdf
c:\program files\officelp2007sp1-kb936982-fullfile-sk-sk.exe
c:\program files\OOo_2.3.1_071115_Win32Intel_install_sk.exe
c:\windows\IsUn0405.exe
c:\windows\msmqinst.log
c:\windows\system32\SET390.tmp
c:\windows\system32\SET39C.tmp
c:\windows\system32\SET3A9.tmp
c:\windows\system32\SET3DD.tmp
c:\windows\UA000001.DLL
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_MS_COMMON_SERVICE
-------\Legacy_QUERYEXPLORER_SERVICE
-------\Legacy_RKHIT
-------\Service_RkHit
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-06-28 do 2012-07-31 )))))))))))))))))))))))))))))))
.
.
2012-07-30 09:25 . 2012-07-30 09:25 -------- d-----w- c:\program files\trend micro
2012-07-30 09:25 . 2012-07-30 09:25 -------- d-----w- C:\rsit
2012-07-24 13:08 . 2012-07-24 13:08 -------- d-----w- c:\documents and settings\Ladislav Repčík\Local Settings\Data aplikací\Deployment
2012-07-24 11:52 . 2012-07-24 11:52 -------- d-----w- c:\program files\Mozilla Thunderbird
2012-07-24 09:40 . 2012-05-18 12:47 658816 ----a-w- c:\windows\system32\WibuCm32.dll
2012-07-24 09:40 . 2012-07-24 09:40 -------- d-----w- c:\program files\CodeMeter
2012-07-23 21:43 . 2012-07-23 21:43 -------- d-----w- c:\documents and settings\Ladislav Repčík\Data aplikací\FastStone
2012-07-23 21:42 . 2012-07-23 21:42 -------- d-----w- c:\program files\FastStone Image Viewer
2012-07-23 20:24 . 2012-07-23 23:08 -------- d---a-w- C:\Kaspersky Rescue Disk 10.0
2012-07-23 14:14 . 2012-07-23 14:14 -------- d-----w- c:\program files\Common Files\Skype
2012-07-23 13:32 . 2012-07-23 13:32 -------- d-----w- c:\program files\GUMF63.tmp
2012-07-23 11:42 . 2012-07-23 11:42 -------- d-----w- c:\documents and settings\Ladislav Repčík\temp
2012-07-21 06:47 . 2012-07-21 06:47 -------- d-----w- c:\program files\ACDSee
2012-07-19 07:54 . 2012-07-19 08:01 -------- d-----w- c:\documents and settings\Ladislav Repčík\Data aplikací\vlc
2012-07-06 17:04 . 2012-07-06 17:04 -------- d-----w- c:\documents and settings\Ladislav Repčík\Local Settings\Data aplikací\Nero
2012-07-05 18:13 . 2012-07-05 18:13 -------- d-----w- c:\documents and settings\Ladislav Repčík\Local Settings\Data aplikací\Sun
2012-07-03 17:00 . 2012-07-03 17:00 -------- d-----w- c:\program files\Oracle
2012-07-03 17:00 . 2012-07-03 17:00 -------- d-----w- c:\documents and settings\Ladislav Repčík\Data aplikací\Oracle
2012-07-03 17:00 . 2012-05-04 17:29 772504 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-07-02 08:10 . 2012-07-02 08:10 -------- d-----w- c:\documents and settings\All Users\Data aplikací\McAfee
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-21 06:53 . 2006-03-27 19:40 10368 ----a-w- c:\windows\system32\drivers\pfc.sys
2012-06-26 14:29 . 2012-06-14 12:35 18912 ----a-w- c:\program files\WSEnable.exe
2012-06-19 05:53 . 2012-04-27 05:56 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-19 05:53 . 2012-04-27 05:56 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-13 13:55 . 2002-09-20 15:41 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-06-05 15:49 . 2008-08-26 07:13 1372672 ------w- c:\windows\system32\msxml6.dll
2012-06-05 15:49 . 2006-09-13 05:10 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 04:32 . 2002-09-20 16:04 152576 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 13:19 . 2008-02-12 22:16 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 13:19 . 2008-02-12 22:16 22552 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 13:19 . 2008-02-12 22:16 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 13:19 . 2007-07-30 18:19 210968 ----a-w- c:\windows\system32\wuweb.dll
2012-06-02 13:19 . 2006-03-23 21:05 329240 ----a-w- c:\windows\system32\wucltui.dll
2012-06-02 13:19 . 2008-02-12 22:16 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 13:19 . 2008-02-12 22:16 18456 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 13:19 . 2008-02-12 22:15 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 13:19 . 2006-05-09 17:25 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 13:19 . 2006-03-23 21:05 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 13:19 . 2002-09-20 16:03 97304 ----a-w- c:\windows\system32\cdm.dll
2012-06-02 13:19 . 2006-03-23 21:05 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 13:19 . 2006-05-09 17:25 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 13:19 . 2009-03-19 08:13 17648 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-06-02 13:18 . 2009-03-19 08:13 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-06-02 13:18 . 2009-03-19 08:13 214256 ----a-w- c:\windows\system32\muweb.dll
2012-05-31 13:22 . 2002-09-20 16:03 602112 ----a-w- c:\windows\system32\crypt32.dll
2012-05-16 15:09 . 2006-06-23 12:27 916992 ----a-w- c:\windows\system32\wininet.dll
2012-05-11 14:44 . 2002-09-20 16:05 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-05-11 14:44 . 2002-09-20 16:04 43520 ------w- c:\windows\system32\licmgr10.dll
2012-05-11 11:38 . 2006-03-23 21:05 385024 ------w- c:\windows\system32\html.iec
2012-05-05 03:14 . 2002-09-20 17:12 2071296 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-05 03:14 . 2002-09-20 15:12 2194816 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 17:29 . 2008-04-18 08:34 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-05-04 17:29 . 2012-04-16 07:16 687504 ----a-w- c:\windows\system32\deployJava1.dll
2012-05-02 13:46 . 2006-05-09 17:25 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2007-11-15 06:36 . 2007-11-15 06:36 4359680 ----a-w- c:\program files\openofficeorg23.msi
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\atapi.sys
[7] 2004-08-04 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\atapi.sys
[-] 2002-08-28 23:27 . !HASH: COULD NOT OPEN FILE !!!!! . 86912 . . [------] . . c:\windows\system32\drivers\atapi.sys
.
[-] 2009-04-15 . B1C66D7B244FC4E2B034D50E86E4E991 . 507904 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe
[7] 2008-04-14 . CDDB1F8E1AEA356F3AD106F2CF9B7FEA . 507904 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\winlogon.exe
[7] 2004-08-17 . 221C29AE1B4CC61D11D8B27DE78B2307 . 502272 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\winlogon.exe
.
[-] 2008-04-14 . 13E794E5591776CBC71055A7B3CC1D5F . 976384 . . [6.00.2900.5512] . . c:\windows\explorer.exe
[-] 2008-04-14 . 13E794E5591776CBC71055A7B3CC1D5F . 976384 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\explorer.exe
[-] 2007-06-13 . ED7B460B142A32097B8A8F6ECC941815 . 1033728 . . [6.00.2900.3156] . . c:\windows\$NtServicePackUninstall$\explorer.exe
[-] 2007-06-13 . 9B32416BD5988C97B6397CE0B02CAF97 . 1033728 . . [6.00.2900.3156] . . c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
[7] 2004-08-17 . 53114D57AB73A406AC7F602227781A99 . 1032704 . . [6.00.2900.2180] . . c:\windows\$NtUninstallKB938828$\explorer.exe
.
[-] 2008-04-14 . ED69B3B6CD23D1D00815D5F70D517E01 . 225792 . . [5.1.2600.5512] . . c:\windows\regedit.exe
[-] 2008-04-14 . ED69B3B6CD23D1D00815D5F70D517E01 . 225792 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\regedit.exe
[7] 2004-08-17 . CB5A91928D94224E7E30EE277B45E8A3 . 147968 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\regedit.exe
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="c:\windows\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe" [2007-03-18 630784]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-11-18 68856]
"DAEMON Tools Lite"="f:\programy\DAEMON Tools Lite\DTLite.exe" [2012-01-24 3478336]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-07-13 17418928]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-09-24 282624]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2011-09-22 3080264]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-12 339968]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2006-09-25 229952]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-08-11 249856]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 49152]
"Family Tree Builder Update"="c:\program files\MyHeritage\Bin\FTBCheckUpdates.exe" [2011-12-21 229376]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
.
c:\nabídka start\Programy\Po spuštění\
RocketDock.lnk - c:\windows\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-3-19 630784]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
Post-it® Software Notes Lite.lnk - c:\program files\3M\PSNLite\PsnLite.exe [2004-10-15 2080768]
.
c:\nabídka start\Programy\Po spuštění\
RocketDock.lnk - c:\windows\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-3-19 630784]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegedit"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegedit"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ADPHONE
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Launch Ai Booster
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nod32kui
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue RegistryBooster 2
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"NOD32krn"=2 (0x2)
"NVSvc"=2 (0x2)
"MS Common Service"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\T-Com Softphone Slovak\\T-Com Softphone Slovak.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\FlashAD2706\\flashAD2706.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Documents and Settings\\Ladislav Repčík\\Local Settings\\Data aplikací\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"c:\\Documents and Settings\\Ladislav Repčík\\Local Settings\\Data aplikací\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\ICQ7.5\\ICQ.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\TeamViewer\\Version7\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version7\\TeamViewer_Service.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\CodeMeter\\Runtime\\bin\\CodeMeter.exe"=
"c:\\Program Files\\Opera\\pluginwrapper\\opera_plugin_wrapper.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4
.
R0 a347bus;a347bus;c:\windows\system32\drivers\a347bus.sys [4.2.2012 14:39 160640]
R0 a347scsi;a347scsi;c:\windows\system32\drivers\a347scsi.sys [4.2.2012 14:39 5248]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [4.2.2012 13:56 691696]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [4.2.2012 13:51 242240]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [28.4.2010 8:17 118104]
R2 Angelnt;Angelnt;c:\windows\system32\drivers\ANGELNT.SYS [7.1.2007 21:07 51072]
R2 CodeMeter.exe;CodeMeter Runtime Server;c:\program files\CodeMeter\Runtime\bin\CodeMeter.exe [24.7.2012 11:40 2370448]
R2 ekrn;ESET Service;c:\program files\Eset\ESET Smart Security\ekrn.exe [22.9.2011 13:03 974944]
R3 cmudax;C-Media High Definition Audio Interface;c:\windows\system32\drivers\cmudax.sys [24.3.2006 0:51 1287296]
S2 gupdate1c9abba812919b;Google Update Service (gupdate1c9abba812919b);c:\program files\Google\Update\GoogleUpdate.exe [23.3.2009 15:19 133104]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [13.7.2012 13:28 160944]
S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [18.12.2009 11:58 11336]
S3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [23.3.2009 15:19 133104]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;\??\c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys --> c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys [?]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'
.
2012-07-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-23 13:18]
.
2012-07-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-23 13:18]
.
2012-07-31 c:\windows\Tasks\User_Feed_Synchronization-{43E2708B-2D1A-4695-AF3E-A0CB6E898307}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 03:31]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.sk/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&s ... f8&oe=utf8
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xportovat do aplikace Microsoft Office Excel
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: Previesť cieľ odkazu do formátu Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Previesť do Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Pridať cieľ odkazu do existujúceho súboru PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Pridať do existujúceho súboru PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Translate this web page with Babylon
IE: Translate with Babylon
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files\ICQ7.5\ICQ.exe
Trusted Zone: techpark.sk\mail
TCP: DhcpNameServer = 10.0.0.2
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Garmin Communicator Plug-In - hxxps://my.garmin.com/static/m/cab/2.8.3/GarminAxControl.CAB
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {22371112-FFB4-471E-A2F3-626B864780EE} - hxxp://www.citrid.sk/plugin/MaeCi3D.cab
DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} - hxxp://www.myheritage.com/Genoogle/Components/ ... eQuery.dll
DPF: {BF3CD111-6278-11D2-9EA3-00A0C9251384} - hxxp://www.o2c.de/download/O2CPlayer.CAB
FF - ProfilePath - c:\documents and settings\Ladislav Repčík\Data aplikací\Mozilla\Firefox\Profiles\7hz0hc23.default\
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
WebBrowser-{FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - (no file)
WebBrowser-{081230F8-EA50-42A9-983C-D22ABC2EED3B} - (no file)
WebBrowser-{EFEED92A-A33D-4873-BA8F-32BAA631E54D} - (no file)
HKCU-Run-X-Lite 4 - c:\program files\CounterPath\X-Lite 4\X-Lite4.exe
HKCU-Run-BitTorrent DNA - c:\program files\DNA\btdna.exe
HKCU-Run-Badoo Desktop - c:\documents and settings\All Users\Data aplikací\Badoo\Badoo Desktop\1.6.48.1082\Badoo.Desktop.exe
HKCU-Run-AdobeBridge - (no file)
HKLM-Run-Cmaudio - cmicnfg.cpl
HKLM-Run-SweetIM - c:\program files\SweetIM\Messenger\SweetIM.exe
HKLM-Run-SearchSettings - c:\program files\Dealio Toolbar\SearchSettings.exe
HKLM-Run-nwiz - nwiz.exe
HKLM-Run-DivXUpdate - c:\program files\DivX\DivX Update\DivXUpdate.exe
HKLM-Run-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe
Notify-avldr - (no file)
AddRemove-2E349885-5DA2-478A-ABDE-94F0CCDE703A_is1 - e:\programy\PixBuilder Studio\unins000.exe
AddRemove-AoA Audio Extractor_is1 - c:\programy\AoA Audio Extractor\unins000.exe
AddRemove-Audacity 1.3 Beta (Unicode)_is1 - c:\programy\Audacity 1.3 Beta (Unicode)\unins000.exe
AddRemove-BDE (Borland Database Engine)_is1 - c:\docume~1\LADISL~1\LOCALS~1\Temp\is-1GEHO.tmp\unins000.exe
AddRemove-DAEMON Tools Lite - c:\programy\DAEMON Tools Lite\uninst.exe
AddRemove-DBFiriem - c:\documents and settings\All Users\Data aplikací\{F3762FB6-9475-40B5-892D-C5D0951EEF3E}\DBFiriem.exe
AddRemove-e-Faktury, verzia 2009-A - c:\programy\Euro–FAKTÚRY\uninstall.exe
AddRemove-Screen Scapes - c:\windows\Screen Scapes UnInstall
AddRemove-Screen Scapes ScreenSavers.Com African Wildlife Module - c:\windows\UnInstallX
AddRemove-Screen Scapes ScreenSavers.Com Autumn Leaves Module - c:\windows\UnInstallX
AddRemove-Screen Scapes ScreenSavers.Com Snow Scenes Module - c:\windows\UnInstallX
AddRemove-Screen Scapes ScreenSavers.Com Thunder Skies Module - c:\windows\UnInstallX
AddRemove-Screen Scapes ScreenSavers.Com Waterfalls Module - c:\windows\UnInstallX
AddRemove-SVB Správca Demo_is1 - c:\programy\SVB Spravca - Demo\SVB Spravca - Demo\unins000.exe
AddRemove-Totalcmd - c:\programy\totalcmd\tcuninst.exe
AddRemove-UltraGet Video Downloader_is1 - c:\programy\UltraGet Video Downloader\unins000.exe
AddRemove-Video mp3 Extractor Pro_is1 - c:\programy\Video mp3 Extractor Pro\unins000.exe
AddRemove-{501451DE-5808-4599-B544-8BD0915B6B24}_is1 - c:\programy\FreeRIP3\unins000.exe
AddRemove-{CA567AD5-33A4-403D-86D1-EE2D38251951}_is1 - c:\programy\VDOWNLOADER\unins000.exe
AddRemove-{D185E35A-9FC0-465A-A455-CF90BE7C4081}_is1 - e:\easysvb demo\Uninstall\unins000.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-07-31 08:48
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(1620)
c:\windows\system32\Ati2evxx.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
- - - - - - - > 'explorer.exe'(3020)
c:\windows\system32\SHDOCVW.dll
c:\windows\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.dll
c:\windows\system32\ntshrui.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
c:\windows\system32\msi.dll
c:\windows\system32\NETSHELL.dll
c:\windows\system32\credui.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\WinSCP\DragExt.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\System32\HPZipm12.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\windows\System32\wbem\wmiapsrv.exe
c:\windows\system32\RunDll32.exe
c:\program files\iPod\bin\iPodService.exe
c:\progra~1\3M\PSNLite\PSNGive.exe
.
**************************************************************************
.
Celkový čas: 2012-07-31 08:56:34 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-07-31 06:56
.
Před spuštěním: 5 769 392 128
Po spuštění: 6 565 847 040
.
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn
.
- - End Of File - - F24E299606CA34140CFC16F1B84FB769

#6 Příspěvek od **Rudy** » 31 črc 2012 18:47

1. Přesuňte ComboFix do kořenového adresáře c:\. Otevřte poznámkový blok a zkopírujte do něj:

Folder::
c:\program files\Google\GoogleToolbarNotifier

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"=-

FCopy::
c:\windows\$NtServicePackUninstall$\atapi.sys | c:\windows\system32\drivers\atapi.sys

Reboot::

Uložte jako CFScript.txt rovněž do kořenového adresáře c:\. Pak jej myší v průzkumníku windows (nebo jiném souborovém manažeru) přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.

ladir · #7 Příspěvek od **ladir** » 01 srp 2012 09:36

Dobrý deň, posielam log po posledných inštrukciách.

Ladir

ComboFix 12-07-30.03 - Ladislav Repčík 01.08.2012 10:11:54.2.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1023.431 [GMT 2:00]
Spuštěný z: C:\ComboFix.exe
Použité ovládací přepínače :: C:\CFScript.txt
AV: ESET Smart Security 5.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET personal firewall *Disabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
FW: Platinum 2006 Personal Firewall *Enabled* {4570FB70-5C9E-47E9-B16C-A3A6A06C4BF0}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Google\GoogleToolbarNotifier
c:\program files\Google\GoogleToolbarNotifier\5.7.7227.1100\gth.dll
c:\program files\Google\GoogleToolbarNotifier\5.7.7227.1100\gtn.dll
c:\program files\Google\GoogleToolbarNotifier\5.7.7227.1100\Readme.url
c:\program files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll
c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
c:\program files\Google\GoogleToolbarNotifier\swg-5.1.1309.15642\SearchWithGoogleUpdate.exe
c:\program files\Google\GoogleToolbarNotifier\swg-5.3.4501.1418\SearchWithGoogleUpdate.exe
c:\program files\Google\GoogleToolbarNotifier\swg-5.4.4525.1752\SearchWithGoogleUpdate.exe
.
.
--------------- FCopy ---------------
.
c:\windows\$NtServicePackUninstall$\atapi.sys --> c:\windows\system32\drivers\atapi.sys
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-07-01 do 2012-08-01 )))))))))))))))))))))))))))))))
.
.
2012-07-30 09:25 . 2012-07-30 09:25 -------- d-----w- c:\program files\trend micro
2012-07-30 09:25 . 2012-07-30 09:25 -------- d-----w- C:\rsit
2012-07-24 13:08 . 2012-07-24 13:08 -------- d-----w- c:\documents and settings\Ladislav Repčík\Local Settings\Data aplikací\Deployment
2012-07-24 11:52 . 2012-07-24 11:52 -------- d-----w- c:\program files\Mozilla Thunderbird
2012-07-24 09:40 . 2012-05-18 12:47 658816 ----a-w- c:\windows\system32\WibuCm32.dll
2012-07-24 09:40 . 2012-07-24 09:40 -------- d-----w- c:\program files\CodeMeter
2012-07-23 21:43 . 2012-07-23 21:43 -------- d-----w- c:\documents and settings\Ladislav Repčík\Data aplikací\FastStone
2012-07-23 21:42 . 2012-07-23 21:42 -------- d-----w- c:\program files\FastStone Image Viewer
2012-07-23 20:24 . 2012-07-23 23:08 -------- d---a-w- C:\Kaspersky Rescue Disk 10.0
2012-07-23 13:32 . 2012-07-23 13:32 -------- d-----w- c:\program files\GUMF63.tmp
2012-07-23 11:42 . 2012-07-23 11:42 -------- d-----w- c:\documents and settings\Ladislav Repčík\temp
2012-07-21 06:47 . 2012-07-21 06:47 -------- d-----w- c:\program files\ACDSee
2012-07-19 07:54 . 2012-07-19 08:01 -------- d-----w- c:\documents and settings\Ladislav Repčík\Data aplikací\vlc
2012-07-06 17:04 . 2012-07-06 17:04 -------- d-----w- c:\documents and settings\Ladislav Repčík\Local Settings\Data aplikací\Nero
2012-07-05 18:13 . 2012-07-05 18:13 -------- d-----w- c:\documents and settings\Ladislav Repčík\Local Settings\Data aplikací\Sun
2012-07-03 17:00 . 2012-07-03 17:00 -------- d-----w- c:\program files\Oracle
2012-07-03 17:00 . 2012-07-03 17:00 -------- d-----w- c:\documents and settings\Ladislav Repčík\Data aplikací\Oracle
2012-07-03 17:00 . 2012-05-04 17:29 772504 ----a-w- c:\windows\system32\npDeployJava1.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-21 06:53 . 2006-03-27 19:40 10368 ----a-w- c:\windows\system32\drivers\pfc.sys
2012-06-26 14:29 . 2012-06-14 12:35 18912 ----a-w- c:\program files\WSEnable.exe
2012-06-19 05:53 . 2012-04-27 05:56 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-19 05:53 . 2012-04-27 05:56 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-13 13:55 . 2002-09-20 15:41 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-06-05 15:49 . 2008-08-26 07:13 1372672 ------w- c:\windows\system32\msxml6.dll
2012-06-05 15:49 . 2006-09-13 05:10 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 04:32 . 2002-09-20 16:04 152576 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 13:19 . 2008-02-12 22:16 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 13:19 . 2008-02-12 22:16 22552 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 13:19 . 2008-02-12 22:16 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 13:19 . 2007-07-30 18:19 210968 ----a-w- c:\windows\system32\wuweb.dll
2012-06-02 13:19 . 2006-03-23 21:05 329240 ----a-w- c:\windows\system32\wucltui.dll
2012-06-02 13:19 . 2008-02-12 22:16 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 13:19 . 2008-02-12 22:16 18456 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 13:19 . 2008-02-12 22:15 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 13:19 . 2006-05-09 17:25 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 13:19 . 2006-03-23 21:05 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 13:19 . 2002-09-20 16:03 97304 ----a-w- c:\windows\system32\cdm.dll
2012-06-02 13:19 . 2006-03-23 21:05 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 13:19 . 2006-05-09 17:25 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 13:19 . 2009-03-19 08:13 17648 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-06-02 13:18 . 2009-03-19 08:13 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-06-02 13:18 . 2009-03-19 08:13 214256 ----a-w- c:\windows\system32\muweb.dll
2012-05-31 13:22 . 2002-09-20 16:03 602112 ----a-w- c:\windows\system32\crypt32.dll
2012-05-16 15:09 . 2006-06-23 12:27 916992 ----a-w- c:\windows\system32\wininet.dll
2012-05-11 14:44 . 2002-09-20 16:05 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-05-11 14:44 . 2002-09-20 16:04 43520 ------w- c:\windows\system32\licmgr10.dll
2012-05-11 11:38 . 2006-03-23 21:05 385024 ------w- c:\windows\system32\html.iec
2012-05-05 03:14 . 2002-09-20 17:12 2071296 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-05 03:14 . 2002-09-20 15:12 2194816 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 17:29 . 2008-04-18 08:34 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-05-04 17:29 . 2012-04-16 07:16 687504 ----a-w- c:\windows\system32\deployJava1.dll
2007-11-15 06:36 . 2007-11-15 06:36 4359680 ----a-w- c:\program files\openofficeorg23.msi
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\atapi.sys
[7] 2004-08-04 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\atapi.sys
[7] 2004-08-04 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\atapi.sys
[-] 2004-08-04 05:59 . !HASH: COULD NOT OPEN FILE !!!!! . 95360 . . [------] . . c:\windows\system32\drivers\atapi.sys
.
[-] 2009-04-15 . B1C66D7B244FC4E2B034D50E86E4E991 . 507904 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe
[7] 2008-04-14 . CDDB1F8E1AEA356F3AD106F2CF9B7FEA . 507904 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\winlogon.exe
[7] 2004-08-17 . 221C29AE1B4CC61D11D8B27DE78B2307 . 502272 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\winlogon.exe
.
[-] 2008-04-14 . 13E794E5591776CBC71055A7B3CC1D5F . 976384 . . [6.00.2900.5512] . . c:\windows\explorer.exe
[-] 2008-04-14 . 13E794E5591776CBC71055A7B3CC1D5F . 976384 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\explorer.exe
[-] 2007-06-13 . ED7B460B142A32097B8A8F6ECC941815 . 1033728 . . [6.00.2900.3156] . . c:\windows\$NtServicePackUninstall$\explorer.exe
[-] 2007-06-13 . 9B32416BD5988C97B6397CE0B02CAF97 . 1033728 . . [6.00.2900.3156] . . c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
[7] 2004-08-17 . 53114D57AB73A406AC7F602227781A99 . 1032704 . . [6.00.2900.2180] . . c:\windows\$NtUninstallKB938828$\explorer.exe
.
[-] 2008-04-14 . ED69B3B6CD23D1D00815D5F70D517E01 . 225792 . . [5.1.2600.5512] . . c:\windows\regedit.exe
[-] 2008-04-14 . ED69B3B6CD23D1D00815D5F70D517E01 . 225792 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\regedit.exe
[7] 2004-08-17 . CB5A91928D94224E7E30EE277B45E8A3 . 147968 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\regedit.exe
.
((((((((((((((((((((((((((((( SnapShot@2012-07-31_06.48.43 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-08-01 08:24 . 2012-08-01 08:24 16384 c:\windows\Temp\Perflib_Perfdata_7d4.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="c:\windows\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe" [2007-03-18 630784]
"DAEMON Tools Lite"="f:\programy\DAEMON Tools Lite\DTLite.exe" [2012-01-24 3478336]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-09-24 282624]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2011-09-22 3080264]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-12 339968]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2006-09-25 229952]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-08-11 249856]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 49152]
"Family Tree Builder Update"="c:\program files\MyHeritage\Bin\FTBCheckUpdates.exe" [2011-12-21 229376]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
.
c:\nabídka start\Programy\Po spuštění\
RocketDock.lnk - c:\windows\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-3-19 630784]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
Post-it® Software Notes Lite.lnk - c:\program files\3M\PSNLite\PsnLite.exe [2004-10-15 2080768]
.
c:\nabídka start\Programy\Po spuštění\
RocketDock.lnk - c:\windows\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-3-19 630784]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegedit"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegedit"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"NOD32krn"=2 (0x2)
"NVSvc"=2 (0x2)
"MS Common Service"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\T-Com Softphone Slovak\\T-Com Softphone Slovak.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\FlashAD2706\\flashAD2706.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Documents and Settings\\Ladislav Repčík\\Local Settings\\Data aplikací\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"c:\\Documents and Settings\\Ladislav Repčík\\Local Settings\\Data aplikací\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\ICQ7.5\\ICQ.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\TeamViewer\\Version7\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version7\\TeamViewer_Service.exe"=
"c:\\Program Files\\CodeMeter\\Runtime\\bin\\CodeMeter.exe"=
"c:\\Program Files\\Opera\\pluginwrapper\\opera_plugin_wrapper.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4
.
R0 a347bus;a347bus;c:\windows\system32\drivers\a347bus.sys [4.2.2012 14:39 160640]
R0 a347scsi;a347scsi;c:\windows\system32\drivers\a347scsi.sys [4.2.2012 14:39 5248]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [4.2.2012 13:56 691696]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [4.2.2012 13:51 242240]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [28.4.2010 8:17 118104]
R2 Angelnt;Angelnt;c:\windows\system32\drivers\ANGELNT.SYS [7.1.2007 21:07 51072]
R2 CodeMeter.exe;CodeMeter Runtime Server;c:\program files\CodeMeter\Runtime\bin\CodeMeter.exe [24.7.2012 11:40 2370448]
R2 ekrn;ESET Service;c:\program files\Eset\ESET Smart Security\ekrn.exe [22.9.2011 13:03 974944]
R3 cmudax;C-Media High Definition Audio Interface;c:\windows\system32\drivers\cmudax.sys [24.3.2006 0:51 1287296]
S2 gupdate1c9abba812919b;Google Update Service (gupdate1c9abba812919b);c:\program files\Google\Update\GoogleUpdate.exe [23.3.2009 15:19 133104]
S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [18.12.2009 11:58 11336]
S3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [23.3.2009 15:19 133104]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;\??\c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys --> c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys [?]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'
.
2012-08-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-23 13:18]
.
2012-07-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-23 13:18]
.
2012-08-01 c:\windows\Tasks\User_Feed_Synchronization-{43E2708B-2D1A-4695-AF3E-A0CB6E898307}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 03:31]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.sk/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&s ... f8&oe=utf8
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xportovat do aplikace Microsoft Office Excel
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: Previesť cieľ odkazu do formátu Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Previesť do Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Pridať cieľ odkazu do existujúceho súboru PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Pridať do existujúceho súboru PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Translate this web page with Babylon
IE: Translate with Babylon
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files\ICQ7.5\ICQ.exe
Trusted Zone: techpark.sk\mail
TCP: DhcpNameServer = 10.0.0.2
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Garmin Communicator Plug-In - hxxps://my.garmin.com/static/m/cab/2.8.3/GarminAxControl.CAB
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {22371112-FFB4-471E-A2F3-626B864780EE} - hxxp://www.citrid.sk/plugin/MaeCi3D.cab
DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} - hxxp://www.myheritage.com/Genoogle/Components/ ... eQuery.dll
DPF: {BF3CD111-6278-11D2-9EA3-00A0C9251384} - hxxp://www.o2c.de/download/O2CPlayer.CAB
FF - ProfilePath - c:\documents and settings\Ladislav Repčík\Data aplikací\Mozilla\Firefox\Profiles\7hz0hc23.default\
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-08-01 10:26
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(1232)
c:\windows\system32\Ati2evxx.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
- - - - - - - > 'explorer.exe'(2124)
c:\windows\system32\SHDOCVW.dll
c:\windows\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.dll
c:\windows\system32\ntshrui.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
c:\windows\system32\msi.dll
c:\windows\system32\NETSHELL.dll
c:\windows\system32\credui.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\WinSCP\DragExt.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\System32\HPZipm12.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\windows\System32\wbem\wmiapsrv.exe
c:\program files\iPod\bin\iPodService.exe
c:\progra~1\3M\PSNLite\PSNGive.exe
.
**************************************************************************
.
Celkový čas: 2012-08-01 10:32:54 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-08-01 08:32
ComboFix2.txt 2012-08-01 08:06
.
Před spuštěním: 6 217 773 056
Po spuštění: 6 251 556 864
.
- - End Of File - - 467C15473A59D7E2F6F7D1A10840BB85

#8 Příspěvek od **Rudy** » 01 srp 2012 16:54

Smazáno. Nyní stáhněte, rozbalte a spusťte TDSSkiller: http://support.kaspersky.com/downloads/ ... killer.zip . Nechte pracovat a po akci sem zkopírujte log.

ladir · #9 Příspěvek od **ladir** » 05 srp 2012 17:19

Zdravím, bol som pár dní preč, tak odpovedám až dnes. Spustil som ten Kasperský scan a posielam log.

Ladir

Logfile of random's system information tool 1.09 (written by random/random)
Run by Ladislav Repčík at 2012-08-05 18:11:09
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 5 GB (13%) free of 40 GB
Total RAM: 1023 MB (35% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:11:13, on 5.8.2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\3M\PSNLite\PsnLite.exe
C:\PROGRA~1\3M\PSNLite\PSNGive.exe
c:\program files\common files\installshield\updateservice\isuspm.exe
C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Ladislav Repčík\Local Settings\Temp\TDSSKiller.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Ladislav Repčík\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Ladislav Repčík\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Ladislav Repčík\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Ladislav Repčík\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Ladislav Repčík\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Ladislav Repčík\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Dokumenty\Downloads\RSIT.exe
C:\Program Files\trend micro\Ladislav Repčík.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.sk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\Program Files\ICQToolbar\toolbaru.dll (file missing)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: Pomocník pro přihlášení ke službě Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] "c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Family Tree Builder Update] C:\Program Files\MyHeritage\Bin\FTBCheckUpdates.exe
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [RocketDock] "C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "F:\Programy\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Program Files\3M\PSNLite\PsnLite.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2iexp.dll
O9 - Extra button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Garmin Communicator Plug-In - https://my.garmin.com/static/m/cab/2.8. ... ontrol.CAB
O16 - DPF: {22371112-FFB4-471E-A2F3-626B864780EE} (Maestro Citrid Viewer) - http://www.citrid.sk/plugin/MaeCi3D.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resour ... se6770.cab
O16 - DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} (CSEQueryObject Object) - http://www.myheritage.com/Genoogle/Comp ... eQuery.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 2854504406
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos-be ... canner.cab
O16 - DPF: {BF3CD111-6278-11D2-9EA3-00A0C9251384} (O2C-Player Version 1.x) - http://www.o2c.de/download/O2CPlayer.CAB
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} (SysInfo Class) - http://content.systemrequirementslab.co ... 4.24.0.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: CodeMeter Runtime Server (CodeMeter.exe) - WIBU-SYSTEMS AG - C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate1c9abba812919b) (gupdate1c9abba812919b) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 10469 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{43E2708B-2D1A-4695-AF3E-A0CB6E898307}.job

=========Mozilla firefox=========

ProfilePath - C:\Documents and Settings\Ladislav Repčík\Data aplikací\Mozilla\Firefox\Profiles\7hz0hc23.default

"{20a82645-c095-46ed-80e3-08825760534b}"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0]
"Description"=DivX® Player Plugin for VOD Content
"Path"=

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@garmin.com/GpsControl]
"Description"=Garmin GPS Control for Firefox
"Path"=C:\Program Files\Garmin GPS Plugin\npGarmin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Google.com/GoogleEarthPlugin]
"Description"=Google Earth in your browser
"Path"=C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@google.com/npPicasa2,version=2.0.0]
"Description"=Picasa2 plugin
"Path"=C:\Program Files\Picasa2\npPicasa2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=10.5.1]
"Description"=
"Path"=C:\WINDOWS\system32\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@pack.google.com/Google Updater;version=13]
"Description"=Google Updater
"Path"=C:\Program Files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

C:\Program Files\Mozilla Firefox\extensions\
{800b5000-a755-47e1-992b-48a1c1357f07}
{972ce4c6-7e08-4474-a285-3208198ce6fd}
{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
{FD2FD708-1F6F-4B68-B141-C5778F0C19BB}

C:\Program Files\Mozilla Firefox\components\
AskSearch.js
browser.xpt
browserdirprovider.dll
brwsrcmp.dll
components.list
FeedConverter.js
FeedProcessor.js
FeedWriter.js
fuelApplication.js
GPSDGeolocationProvider.js
jsconsole-clhandler.js
NetworkGeolocationProvider.js
nsAddonRepository.js
nsBadCertHandler.js
nsBlocklistService.js
nsBrowserContentHandler.js
nsBrowserGlue.js
nsContentDispatchChooser.js
nsContentPrefService.js
nsDefaultCLH.js
nsDownloadManagerUI.js
nsExtensionManager.js
nsFormAutoComplete.js
nsHandlerService.js
nsHelperAppDlg.js
nsINIProcessor.js
nsIQTScriptablePlugin.xpt
nsLivemarkService.js
nsLoginInfo.js
nsLoginManager.js
nsLoginManagerPrompter.js
nsMicrosummaryService.js
nsPlacesAutoComplete.js
nsPlacesDBFlush.js
nsPlacesTransactionsService.js
nsPrivateBrowsingService.js
nsProxyAutoConfig.js
nsSafebrowsingApplication.js
nsSearchService.js
nsSearchSuggestions.js
nsSessionStartup.js
nsSessionStore.js
nsSetDefaultBrowser.js
nsSidebar.js
nsTaggingService.js
nsTryToClose.js
nsUpdateService.js
nsUpdateServiceStub.js
nsUpdateTimerManager.js
nsUrlClassifierLib.js
nsUrlClassifierListManager.js
nsURLFormatter.js
nsWebHandlerApp.js
pluginGlue.js
storage-Legacy.js
storage-mozStorage.js
txEXSLTRegExFunctions.js
WebContentConverter.js

C:\Program Files\Mozilla Firefox\plugins\
npbittorrent.dll
npDivxPlayerPlugin.dll
NPMySrch.dll
npnul32.dll
NPOFF12.DLL
nppdf32.dll
npqtplugin.dll
npqtplugin2.dll
npqtplugin3.dll
npqtplugin4.dll
npqtplugin5.dll
npqtplugin6.dll
npqtplugin7.dll
nsIDivxPlayerPlugin.xpt
QuickTimePlugin.class

C:\Program Files\Mozilla Firefox\searchplugins\
atlas-sk.xml
azet-sk.xml
dunaj-sk.xml
eBay.xml
google.xml
MyHeritage.xml
slovnik-sk.xml
wikipedia-sk.xml
yahoo.xml
zoznam-sk.xml

C:\Documents and Settings\Ladislav Repčík\Data aplikací\Mozilla\Firefox\Profiles\7hz0hc23.default\extensions\
{20a82645-c095-46ed-80e3-08825760534b}
{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA}
{EEE6C361-6118-11DC-9C72-001320C79847}

C:\Documents and Settings\Ladislav Repčík\Data aplikací\Mozilla\Firefox\Profiles\7hz0hc23.default\searchplugins\
absearch-search.xml
ask.xml
icqplugin-1.xml
icqplugin-2.xml
icqplugin.xml
sweetim.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055FD26D-3A88-4e15-963D-DC8493744B1D}]
XTTBPos00 Class - C:\Program Files\ICQToolbar\toolbaru.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-04-04 63912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll [2009-01-14 92504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll [2012-05-04 453504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocník pro přihlášení ke službě Windows Live - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll [2012-05-04 157576]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2006-09-24 282624]
"egui"=C:\Program Files\ESET\ESET Smart Security\egui.exe [2011-09-22 3080264]
"ATIPTA"=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2004-08-12 339968]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2006-09-25 229952]
"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2005-08-11 81920]
"ISUSPM Startup"=c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe [2005-08-11 249856]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2005-05-11 49152]
"Family Tree Builder Update"=C:\Program Files\MyHeritage\Bin\FTBCheckUpdates.exe [2011-12-21 229376]
"AdobeCS4ServiceManager"=C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [2008-08-14 611712]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-01-03 843712]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2012-01-17 252296]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"=C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-03-19 630784]
"DAEMON Tools Lite"=F:\Programy\DAEMON Tools Lite\DTLite.exe [2012-01-24 3478336]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"NOD32krn"=2
"NVSvc"=2
"MS Common Service"=2

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Post-it® Software Notes Lite.lnk - C:\Program Files\3M\PSNLite\PsnLite.exe

C:\Nabídka Start\Programy\Po spuštění
RocketDock.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2004-08-13 86016]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
WgaLogon.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableRegedit"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"DisableRegedit"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\T-Com Softphone Slovak\T-Com Softphone Slovak.exe"="C:\Program Files\T-Com Softphone Slovak\T-Com Softphone Slovak.exe:*:Enabled:T-Com"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\FlashAD2706\flashAD2706.exe"="C:\Program Files\FlashAD2706\flashAD2706.exe:*:Enabled:flash AD2706"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Documents and Settings\Ladislav Repčík\Local Settings\Data aplikací\Google\Google Talk Plugin\googletalkplugin.dll"="C:\Documents and Settings\Ladislav Repčík\Local Settings\Data aplikací\Google\Google Talk Plugin\googletalkplugin.dll:*:Enabled:Google Talk Plugin"
"C:\Documents and Settings\Ladislav Repčík\Local Settings\Data aplikací\Google\Google Talk Plugin\googletalkplugin.exe"="C:\Documents and Settings\Ladislav Repčík\Local Settings\Data aplikací\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin"
"C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe"="C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:*:Enabled:Adobe CSI CS4"
"C:\Program Files\ICQ7.5\ICQ.exe"="C:\Program Files\ICQ7.5\ICQ.exe:*:Enabled:ICQ7.5"
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"
"C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"
"C:\Program Files\TeamViewer\Version7\TeamViewer.exe"="C:\Program Files\TeamViewer\Version7\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application"
"C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe"="C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe:*:Enabled:Teamviewer Remote Control Service"
"C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe"="C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe:*:Enabled:CodeMeter Runtime Server"
"C:\Program Files\Opera\pluginwrapper\opera_plugin_wrapper.exe"="C:\Program Files\Opera\pluginwrapper\opera_plugin_wrapper.exe:*:Enabled:Opera Internet Browser - Plugin wrapper"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\ICQ7.5\ICQ.exe"="C:\Program Files\ICQ7.5\ICQ.exe:*:Enabled:ICQ7.5"
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.I420"=i420vfw.dll
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVU9"=tsbyuv.dll
"VIDC.YVYU"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.l3acm"=C:\WINDOWS\System32\l3codeca.acm
"msacm.divxa32"=DivXa32.acm
"MSVideo8"=VfWWDM32.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"vidc.tscc"=tsccvid.dll
"vidc.ptev"=PteVideo.dll
"VIDC.ACDV"=ACDV.dll

======List of files/folders created in the last 1 month======

2012-08-05 18:03:32 ----A---- C:\TDSSKiller.2.7.48.0_05.08.2012_18.03.32_log.txt
2012-08-01 14:02:36 ----HDC---- C:\WINDOWS\ie8
2012-08-01 13:54:58 ----HDC---- C:\WINDOWS\$NtUninstallKB2510581$
2012-08-01 10:32:55 ----A---- C:\ComboFix.txt
2012-08-01 10:26:42 ----SHD---- C:\RECYCLER
2012-07-31 08:25:18 ----A---- C:\Boot.bak
2012-07-31 08:25:13 ----RASHD---- C:\cmdcons
2012-07-31 08:22:18 ----A---- C:\WINDOWS\zip.exe
2012-07-31 08:22:18 ----A---- C:\WINDOWS\SWXCACLS.exe
2012-07-31 08:22:18 ----A---- C:\WINDOWS\SWSC.exe
2012-07-31 08:22:18 ----A---- C:\WINDOWS\SWREG.exe
2012-07-31 08:22:18 ----A---- C:\WINDOWS\sed.exe
2012-07-31 08:22:18 ----A---- C:\WINDOWS\PEV.exe
2012-07-31 08:22:18 ----A---- C:\WINDOWS\NIRCMD.exe
2012-07-31 08:22:18 ----A---- C:\WINDOWS\MBR.exe
2012-07-31 08:22:18 ----A---- C:\WINDOWS\grep.exe
2012-07-31 08:19:25 ----D---- C:\Qoobox
2012-07-31 08:18:44 ----R---- C:\ComboFix.exe
2012-07-31 08:04:05 ----D---- C:\WINDOWS\erdnt
2012-07-30 11:25:25 ----D---- C:\Program Files\trend micro
2012-07-30 11:25:23 ----D---- C:\rsit
2012-07-26 16:36:15 ----A---- C:\RannohDecryptor.1.1.0.0_26.07.2012_16.36.15_log.txt
2012-07-24 13:52:02 ----D---- C:\Program Files\Mozilla Thunderbird
2012-07-24 11:40:49 ----A---- C:\WINDOWS\system32\WibuCm32.dll
2012-07-24 11:40:33 ----D---- C:\Program Files\CodeMeter
2012-07-23 23:43:10 ----D---- C:\Documents and Settings\Ladislav Repčík\Data aplikací\FastStone
2012-07-23 23:42:22 ----D---- C:\Program Files\FastStone Image Viewer
2012-07-23 22:24:34 ----AD---- C:\Kaspersky Rescue Disk 10.0
2012-07-23 15:32:18 ----D---- C:\Program Files\GUMF63.tmp
2012-07-21 08:47:08 ----D---- C:\Program Files\ACDSee
2012-07-20 10:52:38 ----A---- C:\ROFTable.bak
2012-07-20 10:52:38 ----A---- C:\ROFImagesTable.bak
2012-07-20 10:52:38 ----A---- C:\propertiesTable.bak
2012-07-20 10:52:38 ----A---- C:\pathnameTable.bak
2012-07-20 10:52:38 ----A---- C:\managedFolderTable.bak
2012-07-20 10:52:38 ----A---- C:\keywordTable.bak
2012-07-20 10:52:38 ----A---- C:\keywordImagesTable.bak
2012-07-20 10:52:38 ----A---- C:\imageTable.bak
2012-07-20 10:52:38 ----A---- C:\EXIFTable.bak
2012-07-20 10:52:38 ----A---- C:\albumTable.bak
2012-07-20 10:52:38 ----A---- C:\albumImagesTable.bak
2012-07-20 10:52:37 ----A---- C:\administrativeInfo.bak
2012-07-20 10:46:57 ----A---- C:\CB_Server_Errors.txt
2012-07-19 09:54:09 ----D---- C:\Documents and Settings\Ladislav Repčík\Data aplikací\vlc
2012-07-11 09:39:25 ----HDC---- C:\WINDOWS\$NtUninstallKB2691442$
2012-07-11 09:39:05 ----HDC---- C:\WINDOWS\$NtUninstallKB2718523$
2012-07-11 09:37:15 ----HDC---- C:\WINDOWS\$NtUninstallKB2655992$
2012-07-11 09:34:46 ----HDC---- C:\WINDOWS\$NtUninstallKB2719985$
2012-07-11 09:29:11 ----HDC---- C:\WINDOWS\$NtUninstallKB2698365$

======List of files/folders modified in the last 1 month======

2012-08-05 18:11:13 ----D---- C:\WINDOWS\Prefetch
2012-08-05 18:03:34 ----D---- C:\WINDOWS\system32\drivers
2012-08-05 18:01:42 ----A---- C:\WINDOWS\MyHeritage.INI
2012-08-05 17:59:18 ----D---- C:\WINDOWS\Temp
2012-08-01 18:20:31 ----A---- C:\WINDOWS\SchedLgU.Txt
2012-08-01 17:17:14 ----SD---- C:\Dokumenty
2012-08-01 15:13:12 ----D---- C:\WINDOWS\system32\CatRoot2
2012-08-01 15:09:11 ----D---- C:\WINDOWS
2012-08-01 15:08:59 ----D---- C:\WINDOWS\system32
2012-08-01 15:08:33 ----SD---- C:\Hudba
2012-08-01 15:08:00 ----RSHDC---- C:\WINDOWS\system32\dllcache
2012-08-01 15:08:00 ----D---- C:\WINDOWS\system32\cs-cz
2012-08-01 15:08:00 ----D---- C:\Program Files\Internet Explorer
2012-08-01 15:07:59 ----HD---- C:\WINDOWS\inf
2012-08-01 15:07:59 ----D---- C:\WINDOWS\Media
2012-08-01 15:07:59 ----D---- C:\WINDOWS\Help
2012-08-01 14:46:58 ----D---- C:\WINDOWS\system32\en-US
2012-08-01 14:08:27 ----D---- C:\WINDOWS\system32\CatRoot
2012-08-01 14:07:24 ----A---- C:\WINDOWS\imsins.BAK
2012-08-01 13:41:25 ----HD---- C:\WINDOWS\$hf_mig$
2012-08-01 13:36:16 ----D---- C:\WINDOWS\ie8updates
2012-08-01 11:23:58 ----SHD---- C:\WINDOWS\Installer
2012-08-01 11:23:51 ----D---- C:\Config.Msi
2012-08-01 10:31:46 ----SD---- C:\WINDOWS\Tasks
2012-08-01 10:26:20 ----A---- C:\WINDOWS\system.ini
2012-08-01 10:25:21 ----D---- C:\WINDOWS\system32\drivers\etc
2012-08-01 10:21:41 ----D---- C:\Program Files\Google
2012-08-01 10:18:40 ----D---- C:\WINDOWS\AppPatch
2012-08-01 10:18:37 ----D---- C:\Program Files\Common Files
2012-07-31 12:31:20 ----D---- C:\Documents and Settings\All Users\Data aplikací\Skype
2012-07-31 12:31:17 ----RD---- C:\Program Files\Skype
2012-07-31 12:31:13 ----D---- C:\Documents and Settings\Ladislav Repčík\Data aplikací\Skype
2012-07-31 11:49:25 ----D---- C:\Program Files
2012-07-31 08:45:32 ----D---- C:\WINDOWS\system32\config
2012-07-31 08:25:18 ----RASH---- C:\boot.ini
2012-07-30 08:10:06 ----D---- C:\WINDOWS\Minidump
2012-07-27 16:57:23 ----D---- C:\Program Files\Opera
2012-07-27 16:47:47 ----D---- C:\Documents and Settings\All Users\Data aplikací\Google Updater
2012-07-26 13:17:40 ----D---- C:\WINDOWS\Registration
2012-07-25 16:20:18 ----D---- C:\Program Files\Common Files\ACD Systems
2012-07-25 12:57:02 ----A---- C:\WINDOWS\NeroDigital.ini
2012-07-24 12:23:19 ----D---- C:\Program Files\DOSBox-0.72
2012-07-23 17:45:03 ----D---- C:\Documents and Settings\Ladislav Repčík\Data aplikací\BitTorrent
2012-07-23 13:51:18 ----AC---- C:\WINDOWS\cdplayer.ini
2012-07-23 13:50:40 ----AC---- C:\Documents and Settings\All Users\Data aplikací\ss.ini
2012-07-23 13:38:37 ----D---- C:\Documents and Settings\Ladislav Repčík\Data aplikací\OpenOffice.org2
2012-07-23 12:08:06 ----D---- C:\Documents and Settings\Ladislav Repčík\Data aplikací\ICQ
2012-07-21 08:27:01 ----D---- C:\WINDOWS\Downloaded Installations
2012-07-20 11:38:40 ----D---- C:\Documents and Settings\Ladislav Repčík\Data aplikací\Audacity
2012-07-20 11:17:03 ----D---- C:\WINDOWS\WinSxS
2012-07-20 10:36:05 ----SHD---- C:\System Volume Information
2012-07-20 10:36:05 ----D---- C:\WINDOWS\system32\Restore
2012-07-20 10:34:50 ----D---- C:\DATA
2012-07-20 10:34:18 ----D---- C:\95c0161f2ee9c51a4edbd69e0097
2012-07-19 11:34:12 ----D---- C:\WINDOWS\system32\NtmsData
2012-07-19 10:35:01 ----D---- C:\Documents and Settings\Ladislav Repčík\Data aplikací\Mozilla
2012-07-13 19:25:42 ----D---- C:\Programy
2012-07-13 19:09:16 ----D---- C:\Program Files\EDB_DVD
2012-07-13 18:59:02 ----AD---- C:\Documents and Settings\All Users\Data aplikací\TEMP
2012-07-13 18:27:57 ----D---- C:\Program Files\Astroburn Lite
2012-07-13 18:14:16 ----D---- C:\Program Files\Adobe
2012-07-13 17:35:34 ----D---- C:\Program Files\iPod
2012-07-13 17:28:46 ----D---- C:\Program Files\TechPark
2012-07-13 17:11:49 ----D---- C:\Program Files\Mozilla Firefox
2012-07-11 09:38:49 ----D---- C:\Documents and Settings\All Users\Data aplikací\Microsoft Help
2012-07-11 09:37:37 ----A---- C:\WINDOWS\win.ini
2012-07-11 09:29:36 ----A---- C:\WINDOWS\system32\MRT.exe
2012-07-06 19:10:59 ----D---- C:\Program Files\Nero
2012-07-06 19:10:30 ----D---- C:\Documents and Settings\All Users\Data aplikací\Nero

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 a347bus;a347bus; C:\WINDOWS\system32\DRIVERS\a347bus.sys [2004-04-30 160640]
R0 a347scsi;a347scsi; C:\WINDOWS\System32\Drivers\a347scsi.sys [2004-04-30 5248]
R0 giveio;giveio; C:\WINDOWS\system32\giveio.sys [1996-04-03 5248]
R0 imagedrv;imagedrv; C:\WINDOWS\System32\Drivers\imagedrv.sys [2005-08-15 5888]
R0 imagesrv;imagesrv; C:\WINDOWS\System32\DRIVERS\imagesrv.sys [2005-08-15 127488]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2010-07-12 45648]
R0 sfdrv01;StarForce Protection Environment Driver (version 1.x); C:\WINDOWS\System32\drivers\sfdrv01.sys [2004-10-07 46080]
R0 sfhlp02;StarForce Protection Helper Driver (version 2.x); C:\WINDOWS\System32\drivers\sfhlp02.sys [2004-09-14 6656]
R0 sfsync02;StarForce Protection Synchronization Driver (version 2.x); C:\WINDOWS\System32\drivers\sfsync02.sys [2004-10-06 19840]
R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2012-02-04 691696]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2008-01-18 77696]
R1 AsIO;AsIO; C:\WINDOWS\system32\drivers\AsIO.sys [2004-10-14 4962]
R1 aslm75;aslm75; \??\C:\WINDOWS\system32\drivers\aslm75.sys []
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\WINDOWS\system32\DRIVERS\dtsoftbus01.sys [2012-02-04 242240]
R1 ehdrv;ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [2011-08-04 118104]
R1 epfwtdi;epfwtdi; C:\WINDOWS\system32\DRIVERS\epfwtdi.sys [2011-08-04 61936]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\System32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 Tcpip6;Ovladač protokolu Microsoft IPv6; C:\WINDOWS\system32\DRIVERS\tcpip6.sys [2010-02-11 226880]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-10-25 12032]
R2 adfs;adfs; C:\WINDOWS\system32\drivers\adfs.sys [2008-08-14 74720]
R2 Angelnt;Angelnt; C:\WINDOWS\System32\Drivers\ANGELNT.SYS [2008-02-22 51072]
R2 eamon;eamon; C:\WINDOWS\system32\DRIVERS\eamon.sys [2011-08-09 154136]
R2 epfw;epfw; C:\WINDOWS\system32\DRIVERS\epfw.sys [2011-08-04 147480]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2004-08-13 786944]
R3 cmudax;C-Media High Definition Audio Interface; C:\WINDOWS\system32\drivers\cmudax.sys [2005-05-11 1287296]
R3 Epfwndis;Eset Personal Firewall; C:\WINDOWS\system32\DRIVERS\Epfwndis.sys [2011-08-09 39824]
R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2006-07-14 14448]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-10-25 12160]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\System32\DRIVERS\ASACPI.sys [2004-08-13 5810]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2012-07-21 10368]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:\WINDOWS\system32\DRIVERS\yk51x86.sys [2004-10-27 223104]
S1 InCDPass;InCDPass; C:\WINDOWS\system32\drivers\InCDPass.sys []
S1 InCDRm;InCD Reader; C:\WINDOWS\system32\drivers\InCDRm.sys []
S3 btaudio;Bluetooth Audio Device; C:\WINDOWS\system32\drivers\btaudio.sys []
S3 BTDriver;Bluetooth Virtual Communications Driver; C:\WINDOWS\system32\DRIVERS\btport.sys []
S3 BTWDNDIS;Bluetooth LAN Access Server; C:\WINDOWS\system32\DRIVERS\btwdndis.sys []
S3 btwhid;btwhid; C:\WINDOWS\system32\DRIVERS\btwhid.sys []
S3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys []
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 CoachUsb;Coach Digital Camera on USB; C:\WINDOWS\system32\DRIVERS\CoachUsb.sys [2004-01-22 46944]
S3 CoachVc;Coach Video Capture; C:\WINDOWS\system32\DRIVERS\CoachVc.sys [2003-11-03 44256]
S3 cpudrv;cpudrv; \??\C:\Program Files\SystemRequirementsLab\cpudrv.sys []
S3 GMSIPCI;GMSIPCI; \??\D:\INSTALL\GMSIPCI.SYS []
S3 HdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\HdAudio.sys [2005-01-07 145920]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [2005-03-08 51120]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [2005-03-08 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [2005-03-08 21744]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\System32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2011-05-25 12753664]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2001-10-25 5888]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\System32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\System32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv; \??\C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys []
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Třída USB Printer; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2008-03-27 503008]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\System32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2008-01-18 83328]
S4 InCDFs;InCD File System; C:\WINDOWS\system32\drivers\InCDFs.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 6to4;Pomocná služba protokolu IPv6; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2004-08-13 389120]
R2 CodeMeter.exe;CodeMeter Runtime Server; C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe [2012-05-18 2370448]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2011-09-22 974944]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe [2012-05-04 161664]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\HPZipm12.exe [2004-09-29 69632]
R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-01-14 226656]
R2 UleadBurningHelper;Ulead Burning Helper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [2005-01-31 49152]
R2 UxTuneUp;TuneUp Theme Extension; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2006-09-25 451136]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2004-08-12 516096]
S2 gupdate1c9abba812919b;Google Update Service (gupdate1c9abba812919b); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-03-23 133104]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-09-11 655624]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-03-23 133104]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2011-09-08 182768]
S3 idsvc;Služba Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2010-01-26 652800]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S4 NetTcpPortSharing;Služba sdílení portů Net.Tcp; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

#10 Příspěvek od **Rudy** » 05 srp 2012 17:36

Toto je OK. Měl jsem na mysli log TDSSKilleru.

ladir · #11 Příspěvek od **ladir** » 05 srp 2012 17:41

no práve som si s tým nebol istý..kde nájdem log v tom Kasperskom scane.
Ladir

#12 Příspěvek od **Rudy** » 05 srp 2012 17:51

Po ukončení skenu se otevře v poznámkovém bloku.

ladir · #13 Příspěvek od **ladir** » 05 srp 2012 18:00

skúšal som to viac krát, ale neotvára po scane poznámkový blok s log.

Ladir

ladir · #14 Příspěvek od **ladir** » 05 srp 2012 18:25

ospravedlňujem sa...už som to našiel (ako som písal na začiatku, nie som v tom až tak zbehlý)

Ladir

19:19:43.0093 2140 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
19:19:43.0359 2140 ============================================================
19:19:43.0359 2140 Current date / time: 2012/08/05 19:19:43.0359
19:19:43.0359 2140 SystemInfo:
19:19:43.0359 2140
19:19:43.0359 2140 OS Version: 5.1.2600 ServicePack: 3.0
19:19:43.0359 2140 Product type: Workstation
19:19:43.0359 2140 ComputerName: LADIR
19:19:43.0359 2140 UserName: Ladislav Repčík
19:19:43.0359 2140 Windows directory: C:\WINDOWS
19:19:43.0359 2140 System windows directory: C:\WINDOWS
19:19:43.0359 2140 Processor architecture: Intel x86
19:19:43.0359 2140 Number of processors: 1
19:19:43.0359 2140 Page size: 0x1000
19:19:43.0359 2140 Boot type: Normal boot
19:19:43.0359 2140 ============================================================
19:19:44.0593 2140 Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
19:19:44.0593 2140 ============================================================
19:19:44.0593 2140 \Device\Harddisk0\DR0:
19:19:44.0593 2140 MBR partitions:
19:19:44.0593 2140 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x4E1EDEC
19:19:44.0593 2140 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x4E1EE2B, BlocksNum 0x9174996
19:19:44.0593 2140 ============================================================
19:19:44.0625 2140 C: <-> \Device\Harddisk0\DR0\Partition0
19:19:44.0656 2140 F: <-> \Device\Harddisk0\DR0\Partition1
19:19:44.0656 2140 ============================================================
19:19:44.0656 2140 Initialize success
19:19:44.0656 2140 ============================================================
19:19:48.0812 2088 ============================================================
19:19:48.0812 2088 Scan started
19:19:48.0812 2088 Mode: Manual;
19:19:48.0812 2088 ============================================================
19:19:49.0546 2088 6to4 (d76e9f5a991458a9f7e28395479b3150) C:\WINDOWS\System32\6to4svc.dll
19:19:49.0546 2088 6to4 - ok
19:19:49.0593 2088 a347bus (1f61cacacb521215f39061789147968c) C:\WINDOWS\system32\DRIVERS\a347bus.sys
19:19:49.0609 2088 a347bus - ok
19:19:49.0625 2088 a347scsi (113e4b318bbaa7483ca4e582a4d63f49) C:\WINDOWS\system32\Drivers\a347scsi.sys
19:19:49.0625 2088 a347scsi - ok
19:19:49.0640 2088 Abiosdsk - ok
19:19:49.0640 2088 abp480n5 - ok
19:19:49.0687 2088 ACPI (4fe34f1f3126b61fcc6b2043aa8112c9) C:\WINDOWS\system32\DRIVERS\ACPI.sys
19:19:49.0703 2088 ACPI - ok
19:19:49.0734 2088 ACPIEC (afdff022a01f0b11c776f0860c3b282f) C:\WINDOWS\system32\drivers\ACPIEC.sys
19:19:49.0734 2088 ACPIEC - ok
19:19:49.0765 2088 adfs (6d7f09cd92a9fef3a8efce66231fdd79) C:\WINDOWS\system32\drivers\adfs.sys
19:19:49.0765 2088 adfs - ok
19:19:49.0781 2088 adpu160m - ok
19:19:49.0796 2088 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
19:19:49.0812 2088 aec - ok
19:19:49.0859 2088 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
19:19:49.0859 2088 AFD - ok
19:19:49.0875 2088 Aha154x - ok
19:19:49.0890 2088 aic78u2 - ok
19:19:49.0890 2088 aic78xx - ok
19:19:49.0921 2088 Alerter (e0a6fa244b8624d78fe5ff6f56a33bae) C:\WINDOWS\system32\alrsvc.dll
19:19:49.0921 2088 Alerter - ok
19:19:49.0953 2088 ALG (88842de939a827577bf24243699ac80a) C:\WINDOWS\System32\alg.exe
19:19:49.0953 2088 ALG - ok
19:19:49.0968 2088 AliIde - ok
19:19:49.0984 2088 amsint - ok
19:19:50.0015 2088 Angelnt (4a8cb8fea9dcb6f93017f413e2646001) C:\WINDOWS\System32\Drivers\ANGELNT.SYS
19:19:50.0015 2088 Angelnt - ok
19:19:50.0046 2088 AppMgmt (6b8e7a90e576d4fe308f97c69060a171) C:\WINDOWS\System32\appmgmts.dll
19:19:50.0062 2088 AppMgmt - ok
19:19:50.0078 2088 asc - ok
19:19:50.0093 2088 asc3350p - ok
19:19:50.0093 2088 asc3550 - ok
19:19:50.0140 2088 AsIO (c959989e2ce8da9bde8cafddba84badf) C:\WINDOWS\system32\drivers\AsIO.sys
19:19:50.0140 2088 AsIO - ok
19:19:50.0171 2088 aslm75 (71356a1370739e25375a1d17b6ae318f) C:\WINDOWS\system32\drivers\aslm75.sys
19:19:50.0171 2088 aslm75 - ok
19:19:50.0281 2088 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
19:19:50.0281 2088 aspnet_state - ok
19:19:50.0312 2088 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
19:19:50.0312 2088 AsyncMac - ok
19:19:50.0343 2088 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
19:19:50.0343 2088 Suspicious file (NoAccess): C:\WINDOWS\system32\DRIVERS\atapi.sys. md5: cdfe4411a69c224bd1d11b2da92dac51
19:19:50.0343 2088 atapi ( LockedFile.Multi.Generic ) - warning
19:19:50.0343 2088 atapi - detected LockedFile.Multi.Generic (1)
19:19:50.0359 2088 Atdisk - ok
19:19:50.0406 2088 Ati HotKey Poller (df7ce16cff3217e71742e3d700844c07) C:\WINDOWS\system32\Ati2evxx.exe
19:19:50.0421 2088 Ati HotKey Poller - ok
19:19:50.0484 2088 ATI Smart (01b14b2ec8123995e2b961d42bac8ef9) C:\WINDOWS\system32\ati2sgag.exe
19:19:50.0531 2088 ATI Smart - ok
19:19:50.0593 2088 ati2mtag (49c75e63b8b23b0e534447ba25ce2e76) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
19:19:50.0609 2088 ati2mtag - ok
19:19:50.0656 2088 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
19:19:50.0656 2088 Atmarpc - ok
19:19:50.0687 2088 AudioSrv (de31b88962a8645dba5a37b993e7b0f1) C:\WINDOWS\System32\audiosrv.dll
19:19:50.0687 2088 AudioSrv - ok
19:19:50.0703 2088 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
19:19:50.0718 2088 audstub - ok
19:19:50.0734 2088 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
19:19:50.0734 2088 Beep - ok
19:19:50.0765 2088 BITS (19395d092fd85ddc2d9c7729cf5a2ac8) C:\WINDOWS\system32\qmgr.dll
19:19:50.0796 2088 BITS - ok
19:19:50.0812 2088 Browser (249276d3ef1e74b992299cb96099e4d7) C:\WINDOWS\System32\browser.dll
19:19:50.0812 2088 Browser - ok
19:19:50.0828 2088 btaudio - ok
19:19:50.0843 2088 BTDriver - ok
19:19:50.0859 2088 BTWDNDIS - ok
19:19:50.0875 2088 btwhid - ok
19:19:50.0890 2088 BTWUSB - ok
19:19:50.0890 2088 catchme - ok
19:19:50.0921 2088 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
19:19:50.0921 2088 cbidf2k - ok
19:19:50.0953 2088 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
19:19:50.0953 2088 CCDECODE - ok
19:19:50.0968 2088 cd20xrnt - ok
19:19:50.0984 2088 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
19:19:51.0000 2088 Cdaudio - ok
19:19:51.0015 2088 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
19:19:51.0015 2088 Cdfs - ok
19:19:51.0031 2088 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
19:19:51.0031 2088 Cdrom - ok
19:19:51.0046 2088 Changer - ok
19:19:51.0078 2088 CiSvc (e390dc1d7c461d7d56ec53402f329928) C:\WINDOWS\system32\cisvc.exe
19:19:51.0078 2088 CiSvc - ok
19:19:51.0093 2088 ClipSrv (064507a8dfa8c5c7e2ffddd3e6f424fa) C:\WINDOWS\system32\clipsrv.exe
19:19:51.0093 2088 ClipSrv - ok
19:19:51.0187 2088 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:19:51.0203 2088 clr_optimization_v2.0.50727_32 - ok
19:19:51.0203 2088 CmdIde - ok
19:19:51.0296 2088 cmudax (d7fcada6833a0e243ca89c03bd559bd9) C:\WINDOWS\system32\drivers\cmudax.sys
19:19:51.0343 2088 cmudax - ok
19:19:51.0468 2088 CoachUsb (7a0b457eefef8cbaa0cc44c8819113bd) C:\WINDOWS\system32\DRIVERS\CoachUsb.sys
19:19:51.0468 2088 CoachUsb - ok
19:19:51.0500 2088 CoachVc (614ca0bfa09861e42ad8d14b83540758) C:\WINDOWS\system32\DRIVERS\CoachVc.sys
19:19:51.0500 2088 CoachVc - ok
19:19:51.0687 2088 CodeMeter.exe (df855c726818a71a14a0d6fad8eddc37) C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe
19:19:51.0718 2088 CodeMeter.exe - ok
19:19:51.0796 2088 COMSysApp - ok
19:19:51.0812 2088 Cpqarray - ok
19:19:51.0859 2088 cpudrv (d01f685f8b4598d144b0cce9ff95d8d5) C:\Program Files\SystemRequirementsLab\cpudrv.sys
19:19:51.0859 2088 cpudrv - ok
19:19:51.0890 2088 CryptSvc (f3ab0933cbd166d271992f411c27ccaf) C:\WINDOWS\System32\cryptsvc.dll
19:19:51.0890 2088 CryptSvc - ok
19:19:51.0906 2088 dac2w2k - ok
19:19:51.0921 2088 dac960nt - ok
19:19:51.0968 2088 DcomLaunch (be27674d1cbc3214aec84b4336a38bbf) C:\WINDOWS\system32\rpcss.dll
19:19:51.0984 2088 DcomLaunch - ok
19:19:52.0031 2088 Dhcp (8c9a53e285ac5e6704844d0459ec85be) C:\WINDOWS\System32\dhcpcsvc.dll
19:19:52.0031 2088 Dhcp - ok
19:19:52.0078 2088 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
19:19:52.0078 2088 Disk - ok
19:19:52.0093 2088 dmadmin - ok
19:19:52.0140 2088 dmboot (db5fd2bf5b07dc54bfcb3664ff05bd7c) C:\WINDOWS\system32\drivers\dmboot.sys
19:19:52.0171 2088 dmboot - ok
19:19:52.0203 2088 dmio (fff1720af51171f32f1ead5cf71f2810) C:\WINDOWS\system32\DRIVERS\dmio.sys
19:19:52.0203 2088 dmio - ok
19:19:52.0250 2088 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
19:19:52.0250 2088 dmload - ok
19:19:52.0281 2088 dmserver (2bfefe9e865655a76982f050450b9591) C:\WINDOWS\System32\dmserver.dll
19:19:52.0281 2088 dmserver - ok
19:19:52.0343 2088 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
19:19:52.0343 2088 DMusic - ok
19:19:52.0390 2088 Dnscache (dfaa406bf19f4ee806a6f8d4342137f7) C:\WINDOWS\System32\dnsrslvr.dll
19:19:52.0390 2088 Dnscache - ok
19:19:52.0437 2088 Dot3svc (4a3e2bd20157a0946751229e92eb8621) C:\WINDOWS\System32\dot3svc.dll
19:19:52.0453 2088 Dot3svc - ok
19:19:52.0453 2088 dpti2o - ok
19:19:52.0484 2088 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
19:19:52.0484 2088 drmkaud - ok
19:19:52.0531 2088 dtsoftbus01 (687af6bb383885ff6a64071b189a7f3e) C:\WINDOWS\system32\DRIVERS\dtsoftbus01.sys
19:19:52.0546 2088 dtsoftbus01 - ok
19:19:52.0578 2088 eamon (9309c5c9831203436e64cf2ae605c5d7) C:\WINDOWS\system32\DRIVERS\eamon.sys
19:19:52.0593 2088 eamon - ok
19:19:52.0625 2088 EapHost (0887d9c2be8d940778cad1e3b85f2a41) C:\WINDOWS\System32\eapsvc.dll
19:19:52.0625 2088 EapHost - ok
19:19:52.0671 2088 ehdrv (deff87f04ab5f6dd5edf2b80853bbe10) C:\WINDOWS\system32\DRIVERS\ehdrv.sys
19:19:52.0671 2088 ehdrv - ok
19:19:52.0843 2088 ekrn (c7bb95cf9631aa401e4aded1648f6af7) C:\Program Files\ESET\ESET Smart Security\ekrn.exe
19:19:52.0875 2088 ekrn - ok
19:19:53.0000 2088 epfw (5ba193ca0ae31209aaa39939ce6736b2) C:\WINDOWS\system32\DRIVERS\epfw.sys
19:19:53.0000 2088 epfw - ok
19:19:53.0015 2088 Epfwndis (75d3bcd3e0eded0ab0f96d9a10ff01c9) C:\WINDOWS\system32\DRIVERS\Epfwndis.sys
19:19:53.0015 2088 Epfwndis - ok
19:19:53.0046 2088 epfwtdi (dc64f26f35e32c9472bbf8acd84060d3) C:\WINDOWS\system32\DRIVERS\epfwtdi.sys
19:19:53.0046 2088 epfwtdi - ok
19:19:53.0078 2088 ERSvc (a2a4912798f2be706abadd3d30800d16) C:\WINDOWS\System32\ersvc.dll
19:19:53.0078 2088 ERSvc - ok
19:19:53.0125 2088 Eventlog (9ef697af07bb8dd82c3b02ca953a95b7) C:\WINDOWS\system32\services.exe
19:19:53.0125 2088 Eventlog - ok
19:19:53.0187 2088 EventSystem (a371f11ef07653591c8de26afb13ce7f) C:\WINDOWS\System32\es.dll
19:19:53.0218 2088 EventSystem - ok
19:19:53.0265 2088 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
19:19:53.0265 2088 Fastfat - ok
19:19:53.0296 2088 FastUserSwitchingCompatibility (ee9a2b9ea968a792a053c9d1a86bf870) C:\WINDOWS\System32\shsvcs.dll
19:19:53.0312 2088 FastUserSwitchingCompatibility - ok
19:19:53.0343 2088 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
19:19:53.0343 2088 Fdc - ok
19:19:53.0375 2088 Fips (ac366695a0796560aa37215ad5762aaf) C:\WINDOWS\system32\drivers\Fips.sys
19:19:53.0390 2088 Fips - ok
19:19:53.0453 2088 FLEXnet Licensing Service (1f63900e2eb00101b9aca2b7a870704e) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
19:19:53.0468 2088 FLEXnet Licensing Service - ok
19:19:53.0484 2088 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
19:19:53.0484 2088 Flpydisk - ok
19:19:53.0500 2088 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
19:19:53.0515 2088 FltMgr - ok
19:19:53.0593 2088 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
19:19:53.0593 2088 FontCache3.0.0.0 - ok
19:19:53.0625 2088 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
19:19:53.0625 2088 Fs_Rec - ok
19:19:53.0656 2088 Ftdisk (4e664d8541db4a66b73a24257e322e1f) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
19:19:53.0671 2088 Ftdisk - ok
19:19:53.0703 2088 GEARAspiWDM (8c18f85edd5d47f34068f3efd5689fa9) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
19:19:53.0703 2088 GEARAspiWDM - ok
19:19:53.0734 2088 giveio (77ebf3e9386daa51551af429052d88d0) C:\WINDOWS\system32\giveio.sys
19:19:53.0734 2088 giveio - ok
19:19:53.0734 2088 GMSIPCI - ok
19:19:53.0765 2088 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
19:19:53.0765 2088 Gpc - ok
19:19:53.0859 2088 gupdate1c9abba812919b (626a24ed1228580b9518c01930936df9) C:\Program Files\Google\Update\GoogleUpdate.exe
19:19:53.0875 2088 gupdate1c9abba812919b - ok
19:19:53.0890 2088 gupdatem (626a24ed1228580b9518c01930936df9) C:\Program Files\Google\Update\GoogleUpdate.exe
19:19:53.0890 2088 gupdatem - ok
19:19:53.0937 2088 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
19:19:53.0953 2088 gusvc - ok
19:19:54.0000 2088 HdAudAddService (2a013e7530beab6e569faa83f517e836) C:\WINDOWS\system32\drivers\HdAudio.sys
19:19:54.0015 2088 HdAudAddService - ok
19:19:54.0046 2088 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
19:19:54.0046 2088 HDAudBus - ok
19:19:54.0093 2088 helpsvc (fcfe31fb75f8a6295b6b0af87a626282) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
19:19:54.0093 2088 helpsvc - ok
19:19:54.0140 2088 HidServ (00e25ee90166b3e1be6e74aebf858306) C:\WINDOWS\System32\hidserv.dll
19:19:54.0140 2088 HidServ - ok
19:19:54.0187 2088 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
19:19:54.0187 2088 hidusb - ok
19:19:54.0234 2088 hkmsvc (7a6b320928f86bc851530d63c82965d9) C:\WINDOWS\System32\kmsvc.dll
19:19:54.0234 2088 hkmsvc - ok
19:19:54.0250 2088 hpn - ok
19:19:54.0281 2088 HPZid412 (9f1d80908658eb7f1bf70809e0b51470) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
19:19:54.0281 2088 HPZid412 - ok
19:19:54.0312 2088 HPZipr12 (f7e3e9d50f9cd3de28085a8fdaa0a1c3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
19:19:54.0312 2088 HPZipr12 - ok
19:19:54.0328 2088 HPZius12 (cf1b7951b4ec8d13f3c93b74bb2b461b) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
19:19:54.0343 2088 HPZius12 - ok
19:19:54.0390 2088 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
19:19:54.0406 2088 HTTP - ok
19:19:54.0437 2088 HTTPFilter (58fe2f2da3bc5573f4a35b3760d3125f) C:\WINDOWS\System32\w3ssl.dll
19:19:54.0453 2088 HTTPFilter - ok
19:19:54.0453 2088 i2omgmt - ok
19:19:54.0468 2088 i2omp - ok
19:19:54.0500 2088 i8042prt (c528e27945367191e7bae364930b6932) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
19:19:54.0500 2088 i8042prt - ok
19:19:54.0640 2088 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
19:19:54.0671 2088 idsvc - ok
19:19:54.0703 2088 imagedrv (25edd75e23c5ef6b33d0fbcce125a601) C:\WINDOWS\system32\Drivers\imagedrv.sys
19:19:54.0703 2088 imagedrv - ok
19:19:54.0750 2088 imagesrv (9c4bbacf4e9b9543c3ce23f1fe556941) C:\WINDOWS\system32\DRIVERS\imagesrv.sys
19:19:54.0750 2088 imagesrv - ok
19:19:54.0765 2088 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
19:19:54.0765 2088 Imapi - ok
19:19:54.0812 2088 ImapiService (f7b93aafad33b2320954c17e26c8d361) C:\WINDOWS\system32\imapi.exe
19:19:54.0828 2088 ImapiService - ok
19:19:54.0843 2088 InCDFs - ok
19:19:54.0859 2088 InCDPass - ok
19:19:54.0875 2088 InCDRm - ok
19:19:54.0890 2088 ini910u - ok
19:19:54.0890 2088 IntelIde - ok
19:19:54.0921 2088 intelppm (27b290d632af2cf3cf40bfddb7370985) C:\WINDOWS\system32\DRIVERS\intelppm.sys
19:19:54.0921 2088 intelppm - ok
19:19:54.0953 2088 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
19:19:54.0953 2088 ip6fw - ok
19:19:55.0000 2088 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
19:19:55.0000 2088 IpFilterDriver - ok
19:19:55.0015 2088 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
19:19:55.0015 2088 IpInIp - ok
19:19:55.0062 2088 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
19:19:55.0062 2088 IpNat - ok
19:19:55.0156 2088 iPod Service (216d2b5f6b9b81e5422e67416c7ce91c) C:\Program Files\iPod\bin\iPodService.exe
19:19:55.0171 2088 iPod Service - ok
19:19:55.0218 2088 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
19:19:55.0234 2088 IPSec - ok
19:19:55.0250 2088 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
19:19:55.0250 2088 IRENUM - ok
19:19:55.0296 2088 isapnp (cc9f8a2d60aed1a51a3ac34c59b987ae) C:\WINDOWS\system32\DRIVERS\isapnp.sys
19:19:55.0296 2088 isapnp - ok
19:19:55.0390 2088 JavaQuickStarterService (c2c1660ddcc9bd67eb98d6d5f91c107f) C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
19:19:55.0421 2088 JavaQuickStarterService - ok
19:19:55.0437 2088 Kbdclass (1b6162fe7f66b1a71a4b70f941c4aa9b) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
19:19:55.0437 2088 Kbdclass - ok
19:19:55.0453 2088 kbdhid (86c8f23616c6c6e5b2776901c17b945b) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
19:19:55.0453 2088 kbdhid - ok
19:19:55.0484 2088 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
19:19:55.0484 2088 kmixer - ok
19:19:55.0531 2088 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
19:19:55.0531 2088 KSecDD - ok
19:19:55.0593 2088 lanmanserver (3428e8f86f8add36b42fb23542c7b3e4) C:\WINDOWS\System32\srvsvc.dll
19:19:55.0609 2088 lanmanserver - ok
19:19:55.0656 2088 LanmanWorkstation (936c1d110232d23b621cb0196e4f80f0) C:\WINDOWS\System32\wkssvc.dll
19:19:55.0656 2088 LanmanWorkstation - ok
19:19:55.0687 2088 lbrtfdc - ok
19:19:55.0765 2088 LmHosts (0ab159f536e3e8f7f07113702a07cca5) C:\WINDOWS\System32\lmhsvc.dll
19:19:55.0765 2088 LmHosts - ok
19:19:55.0843 2088 MDM (11f714f85530a2bd134074dc30e99fca) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
19:19:55.0859 2088 MDM - ok
19:19:55.0875 2088 Messenger (221cd1c815b8a6b79389c3f5d1018de8) C:\WINDOWS\System32\msgsvc.dll
19:19:55.0875 2088 Messenger - ok
19:19:55.0921 2088 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
19:19:55.0921 2088 mnmdd - ok
19:19:55.0953 2088 mnmsrvc (9a57d046f88f4b69751b11fd40088a61) C:\WINDOWS\System32\mnmsrvc.exe
19:19:55.0953 2088 mnmsrvc - ok
19:19:55.0968 2088 Modem (44032b0c6d9954d3fd26438330b99ee7) C:\WINDOWS\system32\drivers\Modem.sys
19:19:55.0968 2088 Modem - ok
19:19:56.0000 2088 Mouclass (4cb582831dbde63ce43b45d771218374) C:\WINDOWS\system32\DRIVERS\mouclass.sys
19:19:56.0000 2088 Mouclass - ok
19:19:56.0031 2088 mouhid (bb269eba740737ab749b214d568b6812) C:\WINDOWS\system32\DRIVERS\mouhid.sys
19:19:56.0031 2088 mouhid - ok
19:19:56.0046 2088 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
19:19:56.0046 2088 MountMgr - ok
19:19:56.0062 2088 mraid35x - ok
19:19:56.0093 2088 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
19:19:56.0109 2088 MRxDAV - ok
19:19:56.0171 2088 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
19:19:56.0203 2088 MRxSmb - ok
19:19:56.0234 2088 MSDTC (6db4d1521caba9a5ffab54ade0ae867d) C:\WINDOWS\System32\msdtc.exe
19:19:56.0234 2088 MSDTC - ok
19:19:56.0281 2088 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
19:19:56.0281 2088 Msfs - ok
19:19:56.0296 2088 MSIServer - ok
19:19:56.0312 2088 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
19:19:56.0312 2088 MSKSSRV - ok
19:19:56.0328 2088 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
19:19:56.0328 2088 MSPCLOCK - ok
19:19:56.0359 2088 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
19:19:56.0359 2088 MSPQM - ok
19:19:56.0375 2088 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
19:19:56.0375 2088 mssmbios - ok
19:19:56.0406 2088 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
19:19:56.0421 2088 MSTEE - ok
19:19:56.0437 2088 MTsensor (d48659bb24c48345d926ecb45c1ebdf5) C:\WINDOWS\system32\DRIVERS\ASACPI.sys
19:19:56.0437 2088 MTsensor - ok
19:19:56.0484 2088 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
19:19:56.0484 2088 Mup - ok
19:19:56.0500 2088 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
19:19:56.0515 2088 NABTSFEC - ok
19:19:56.0578 2088 napagent (6ea362e9db03d44f6b996f4d8be237e9) C:\WINDOWS\System32\qagentrt.dll
19:19:56.0593 2088 napagent - ok
19:19:56.0625 2088 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
19:19:56.0625 2088 NDIS - ok
19:19:56.0640 2088 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
19:19:56.0640 2088 NdisIP - ok
19:19:56.0671 2088 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
19:19:56.0687 2088 NdisTapi - ok
19:19:56.0703 2088 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
19:19:56.0703 2088 Ndisuio - ok
19:19:56.0718 2088 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
19:19:56.0718 2088 NdisWan - ok
19:19:56.0750 2088 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
19:19:56.0750 2088 NDProxy - ok
19:19:56.0781 2088 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
19:19:56.0781 2088 NetBIOS - ok
19:19:56.0812 2088 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
19:19:56.0828 2088 NetBT - ok
19:19:56.0859 2088 NetDDE (933de774986ec85e48210c44ab431de6) C:\WINDOWS\system32\netdde.exe
19:19:56.0859 2088 NetDDE - ok
19:19:56.0875 2088 NetDDEdsdm (933de774986ec85e48210c44ab431de6) C:\WINDOWS\system32\netdde.exe
19:19:56.0875 2088 NetDDEdsdm - ok
19:19:56.0906 2088 Netlogon (ed0a176354487ceed65b80a7148ab739) C:\WINDOWS\system32\lsass.exe
19:19:56.0906 2088 Netlogon - ok
19:19:56.0953 2088 Netman (72e1e9e2977be08bdeedb6d8fd9d4d40) C:\WINDOWS\System32\netman.dll
19:19:56.0968 2088 Netman - ok
19:19:57.0046 2088 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:19:57.0062 2088 NetTcpPortSharing - ok
19:19:57.0109 2088 Nla (39ee7c3bfbc64ba87cc8cf67386e814c) C:\WINDOWS\System32\mswsock.dll
19:19:57.0125 2088 Nla - ok
19:19:57.0140 2088 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
19:19:57.0140 2088 Npfs - ok
19:19:57.0218 2088 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
19:19:57.0218 2088 Ntfs - ok
19:19:57.0234 2088 NtLmSsp (ed0a176354487ceed65b80a7148ab739) C:\WINDOWS\system32\lsass.exe
19:19:57.0234 2088 NtLmSsp - ok
19:19:57.0296 2088 NtmsSvc (023dd70573d644f3d9c8b1258a7bfd08) C:\WINDOWS\system32\ntmssvc.dll
19:19:57.0312 2088 NtmsSvc - ok
19:19:57.0343 2088 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
19:19:57.0343 2088 Null - ok
19:19:58.0500 2088 nv (8b2c874897ea498da012284e12f9db2b) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
19:19:59.0062 2088 nv - ok
19:19:59.0343 2088 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
19:19:59.0343 2088 NwlnkFlt - ok
19:19:59.0343 2088 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
19:19:59.0359 2088 NwlnkFwd - ok
19:19:59.0859 2088 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
19:19:59.0875 2088 odserv - ok
19:19:59.0906 2088 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:19:59.0921 2088 ose - ok
19:19:59.0953 2088 Parport (46f8db73b4a53e543f8e371dc7c75bae) C:\WINDOWS\system32\DRIVERS\parport.sys
19:19:59.0968 2088 Parport - ok
19:20:00.0000 2088 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
19:20:00.0000 2088 PartMgr - ok
19:20:00.0015 2088 ParVdm (1fae19d0457176318bba4a8795656ebc) C:\WINDOWS\system32\drivers\ParVdm.sys
19:20:00.0031 2088 ParVdm - ok
19:20:00.0062 2088 pccsmcfd (fd2041e9ba03db7764b2248f02475079) C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys
19:20:00.0062 2088 pccsmcfd - ok
19:20:00.0078 2088 PCI (6ce351d149cb4befc702951e471e1730) C:\WINDOWS\system32\DRIVERS\pci.sys
19:20:00.0093 2088 PCI - ok
19:20:00.0093 2088 PCIDump - ok
19:20:00.0125 2088 PCIIde (2da4ec85e0ea7a45c6b2a05820492d5a) C:\WINDOWS\system32\DRIVERS\pciide.sys
19:20:00.0125 2088 PCIIde - ok
19:20:00.0156 2088 Pcmcia (4fc31e6c19a5ce5198b1abff94cae758) C:\WINDOWS\system32\drivers\Pcmcia.sys
19:20:00.0171 2088 Pcmcia - ok
19:20:00.0171 2088 PDCOMP - ok
19:20:00.0187 2088 PDFRAME - ok
19:20:00.0187 2088 PDRELI - ok
19:20:00.0203 2088 PDRFRAME - ok
19:20:00.0203 2088 perc2 - ok
19:20:00.0218 2088 perc2hib - ok
19:20:00.0265 2088 pfc (957b82ec80ad7ead64e5e47df6b0dc40) C:\WINDOWS\system32\drivers\pfc.sys
19:20:00.0265 2088 pfc - ok
19:20:00.0296 2088 PlugPlay (9ef697af07bb8dd82c3b02ca953a95b7) C:\WINDOWS\system32\services.exe
19:20:00.0296 2088 PlugPlay - ok
19:20:00.0328 2088 Pml Driver HPZ12 (9d84376931440f3679beef2a414fa493) C:\WINDOWS\System32\HPZipm12.exe
19:20:00.0343 2088 Pml Driver HPZ12 - ok
19:20:00.0375 2088 PolicyAgent (ed0a176354487ceed65b80a7148ab739) C:\WINDOWS\system32\lsass.exe
19:20:00.0375 2088 PolicyAgent - ok
19:20:00.0421 2088 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
19:20:00.0421 2088 PptpMiniport - ok
19:20:00.0437 2088 Processor (7eb15dce4ec3a0220bd796a15c18186e) C:\WINDOWS\system32\DRIVERS\processr.sys
19:20:00.0437 2088 Processor - ok
19:20:00.0453 2088 ProtectedStorage (ed0a176354487ceed65b80a7148ab739) C:\WINDOWS\system32\lsass.exe
19:20:00.0453 2088 ProtectedStorage - ok
19:20:00.0468 2088 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
19:20:00.0468 2088 PSched - ok
19:20:00.0500 2088 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
19:20:00.0500 2088 Ptilink - ok
19:20:00.0546 2088 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
19:20:00.0546 2088 PxHelp20 - ok
19:20:00.0546 2088 ql1080 - ok
19:20:00.0562 2088 Ql10wnt - ok
19:20:00.0562 2088 ql12160 - ok
19:20:00.0578 2088 ql1240 - ok
19:20:00.0578 2088 ql1280 - ok
19:20:00.0609 2088 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
19:20:00.0609 2088 RasAcd - ok
19:20:00.0640 2088 RasAuto (2b5e44ea009f2f374b980e1e9a70635d) C:\WINDOWS\System32\rasauto.dll
19:20:00.0656 2088 RasAuto - ok
19:20:00.0671 2088 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
19:20:00.0671 2088 Rasl2tp - ok
19:20:00.0718 2088 RasMan (d57554c664b64604bd1ee13ea2c07e77) C:\WINDOWS\System32\rasmans.dll
19:20:00.0734 2088 RasMan - ok
19:20:00.0750 2088 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
19:20:00.0765 2088 RasPppoe - ok
19:20:00.0781 2088 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
19:20:00.0781 2088 Raspti - ok
19:20:00.0812 2088 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
19:20:00.0828 2088 Rdbss - ok
19:20:00.0843 2088 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
19:20:00.0843 2088 RDPCDD - ok
19:20:00.0875 2088 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
19:20:00.0875 2088 rdpdr - ok
19:20:00.0921 2088 RDPWD (6589db6e5969f8eee594cf71171c5028) C:\WINDOWS\system32\drivers\RDPWD.sys
19:20:00.0921 2088 RDPWD - ok
19:20:00.0968 2088 RDSessMgr (c0d9d9711cb74ee9bc66353d8cbdab0e) C:\WINDOWS\system32\sessmgr.exe
19:20:00.0984 2088 RDSessMgr - ok
19:20:01.0000 2088 redbook (611bfd220305be3a85ae876ea47d4aa5) C:\WINDOWS\system32\DRIVERS\redbook.sys
19:20:01.0000 2088 redbook - ok
19:20:01.0031 2088 RemoteAccess (127c26b5371651043450e52542099aba) C:\WINDOWS\System32\mprdim.dll
19:20:01.0031 2088 RemoteAccess - ok
19:20:01.0078 2088 RemoteRegistry (8f31505484a190d5b22274708799f4ec) C:\WINDOWS\system32\regsvc.dll
19:20:01.0078 2088 RemoteRegistry - ok
19:20:01.0109 2088 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
19:20:01.0109 2088 ROOTMODEM - ok
19:20:01.0125 2088 RpcLocator (718b3bdc0bc3c2f7d065a53d26202af9) C:\WINDOWS\system32\locator.exe
19:20:01.0140 2088 RpcLocator - ok
19:20:01.0671 2088 RpcSs (be27674d1cbc3214aec84b4336a38bbf) C:\WINDOWS\System32\rpcss.dll
19:20:01.0671 2088 RpcSs - ok
19:20:01.0796 2088 RSVP (09ab2e71e58b078038e3bfdba7ffc984) C:\WINDOWS\System32\rsvp.exe
19:20:01.0796 2088 RSVP - ok
19:20:01.0828 2088 SamSs (ed0a176354487ceed65b80a7148ab739) C:\WINDOWS\system32\lsass.exe
19:20:01.0828 2088 SamSs - ok
19:20:01.0859 2088 SCardSvr (410046e401eb11e1e6749e9deea41d4a) C:\WINDOWS\System32\SCardSvr.exe
19:20:01.0859 2088 SCardSvr - ok
19:20:01.0890 2088 Schedule (3ff232a7731621b8902d81d42418c93c) C:\WINDOWS\system32\schedsvc.dll
19:20:01.0906 2088 Schedule - ok
19:20:02.0000 2088 SeaPort (d358e077a0a05d9b12da22d137ee8464) C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
19:20:02.0015 2088 SeaPort - ok
19:20:02.0062 2088 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
19:20:02.0062 2088 Secdrv - ok
19:20:02.0078 2088 seclogon (477e2c3cc5e4a0d635bcb0ea8dcac3c6) C:\WINDOWS\System32\seclogon.dll
19:20:02.0078 2088 seclogon - ok
19:20:02.0093 2088 SENS (a530b75c10c23c9ab28fdb6ce719e21f) C:\WINDOWS\system32\sens.dll
19:20:02.0093 2088 SENS - ok
19:20:02.0140 2088 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
19:20:02.0140 2088 serenum - ok
19:20:02.0156 2088 Serial (b842729337c9b921615c40d3c1a1af96) C:\WINDOWS\system32\DRIVERS\serial.sys
19:20:02.0156 2088 Serial - ok
19:20:02.0281 2088 ServiceLayer (5bf59c6bc737baaf541168e5cb2ec1d9) C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
19:20:02.0296 2088 ServiceLayer - ok
19:20:02.0359 2088 sfdrv01 (79007f94f23218dbc563504958ac62bc) C:\WINDOWS\system32\drivers\sfdrv01.sys
19:20:02.0359 2088 sfdrv01 - ok
19:20:02.0390 2088 sfhlp02 (097e8721f106dde9217532323fcd17be) C:\WINDOWS\system32\drivers\sfhlp02.sys
19:20:02.0390 2088 sfhlp02 - ok
19:20:02.0421 2088 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
19:20:02.0421 2088 Sfloppy - ok
19:20:02.0437 2088 sfsync02 (0d197de41729bdc065484a123a9e3fb6) C:\WINDOWS\system32\drivers\sfsync02.sys
19:20:02.0437 2088 sfsync02 - ok
19:20:02.0484 2088 SharedAccess (f58faca9621d2db01bd0927d9a0a208e) C:\WINDOWS\System32\ipnathlp.dll
19:20:02.0531 2088 SharedAccess - ok
19:20:02.0562 2088 ShellHWDetection (ee9a2b9ea968a792a053c9d1a86bf870) C:\WINDOWS\System32\shsvcs.dll
19:20:02.0562 2088 ShellHWDetection - ok
19:20:02.0578 2088 Simbad - ok
19:20:02.0609 2088 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
19:20:02.0609 2088 SLIP - ok
19:20:02.0609 2088 Sparrow - ok
19:20:02.0656 2088 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
19:20:02.0656 2088 splitter - ok
19:20:02.0687 2088 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
19:20:02.0687 2088 Spooler - ok
19:20:02.0765 2088 sptd (cdddec541bc3c96f91ecb48759673505) C:\WINDOWS\system32\Drivers\sptd.sys
19:20:02.0765 2088 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505
19:20:02.0781 2088 sptd ( LockedFile.Multi.Generic ) - warning
19:20:02.0781 2088 sptd - detected LockedFile.Multi.Generic (1)
19:20:02.0796 2088 sr (94610c8653635e4459316a0050d55ce7) C:\WINDOWS\system32\DRIVERS\sr.sys
19:20:02.0796 2088 sr - ok
19:20:02.0859 2088 srservice (35b91147124f64ac8081a2edb9ea4dee) C:\WINDOWS\system32\srsvc.dll
19:20:02.0875 2088 srservice - ok
19:20:02.0906 2088 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
19:20:02.0953 2088 Srv - ok
19:20:02.0984 2088 SSDPSRV (becd5271dc4e3b7c3d035f790fcbc1e5) C:\WINDOWS\System32\ssdpsrv.dll
19:20:03.0000 2088 SSDPSRV - ok
19:20:03.0046 2088 stisvc (c1cdd9275f6a115bb0ae1d55d8d27ba6) C:\WINDOWS\system32\wiaservc.dll
19:20:03.0062 2088 stisvc - ok
19:20:03.0078 2088 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
19:20:03.0093 2088 streamip - ok
19:20:03.0109 2088 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
19:20:03.0109 2088 swenum - ok
19:20:03.0125 2088 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
19:20:03.0125 2088 swmidi - ok
19:20:03.0125 2088 SwPrv - ok
19:20:03.0140 2088 symc810 - ok
19:20:03.0156 2088 symc8xx - ok
19:20:03.0156 2088 sym_hi - ok
19:20:03.0171 2088 sym_u3 - ok
19:20:03.0187 2088 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
19:20:03.0187 2088 sysaudio - ok
19:20:03.0234 2088 SysmonLog (ce06f01b88ace199a1bf460cac29c110) C:\WINDOWS\system32\smlogsvc.exe
19:20:03.0250 2088 SysmonLog - ok
19:20:03.0281 2088 TapiSrv (c2546cd7a398476f9df5614b2ae160e8) C:\WINDOWS\System32\tapisrv.dll
19:20:03.0281 2088 TapiSrv - ok
19:20:03.0343 2088 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
19:20:03.0359 2088 Tcpip - ok
19:20:03.0406 2088 Tcpip6 (4e53bbcc4be37d7a4bd6ef1098c89ff7) C:\WINDOWS\system32\DRIVERS\tcpip6.sys
19:20:03.0406 2088 Tcpip6 - ok
19:20:03.0437 2088 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
19:20:03.0437 2088 TDPIPE - ok
19:20:03.0468 2088 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
19:20:03.0468 2088 TDTCP - ok
19:20:03.0578 2088 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
19:20:03.0593 2088 TermDD - ok
19:20:03.0765 2088 TermService (a75dd6fc3dbee4fff5ebc9f2c28bb66e) C:\WINDOWS\System32\termsrv.dll
19:20:03.0781 2088 TermService - ok
19:20:03.0843 2088 Themes (ee9a2b9ea968a792a053c9d1a86bf870) C:\WINDOWS\System32\shsvcs.dll
19:20:03.0843 2088 Themes - ok
19:20:03.0890 2088 TlntSvr (cd0cc7b167d78043a41c98d4921efb54) C:\WINDOWS\System32\tlntsvr.exe
19:20:03.0890 2088 TlntSvr - ok
19:20:03.0906 2088 TosIde - ok
19:20:03.0921 2088 TrkWks (38853304ccb938d30e0c4cde8d2c2a8a) C:\WINDOWS\system32\trkwks.dll
19:20:03.0937 2088 TrkWks - ok
19:20:03.0968 2088 TuneUpUtilitiesDrv - ok
19:20:04.0000 2088 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
19:20:04.0000 2088 Udfs - ok
19:20:04.0062 2088 UleadBurningHelper (332d341d92b933600d41953b08360dfb) C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
19:20:04.0078 2088 UleadBurningHelper - ok
19:20:04.0078 2088 ultra - ok
19:20:04.0140 2088 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
19:20:04.0156 2088 Update - ok
19:20:04.0203 2088 upnphost (651bd90dcee5b7bdc74a2eb7c9266f9e) C:\WINDOWS\System32\upnphost.dll
19:20:04.0203 2088 upnphost - ok
19:20:04.0250 2088 UPS (20a0f6a11959e92908717d09e87d670d) C:\WINDOWS\System32\ups.exe
19:20:04.0250 2088 UPS - ok
19:20:04.0343 2088 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
19:20:04.0359 2088 usbccgp - ok
19:20:04.0390 2088 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
19:20:04.0390 2088 usbehci - ok
19:20:04.0421 2088 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
19:20:04.0437 2088 usbhub - ok
19:20:04.0468 2088 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
19:20:04.0468 2088 usbprint - ok
19:20:04.0500 2088 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
19:20:04.0500 2088 usbscan - ok
19:20:04.0531 2088 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
19:20:04.0531 2088 USBSTOR - ok
19:20:04.0546 2088 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
19:20:04.0546 2088 usbuhci - ok
19:20:04.0593 2088 UxTuneUp (5e2d8540218bc7385e45935bc535776d) C:\WINDOWS\System32\uxtuneup.dll
19:20:04.0593 2088 UxTuneUp - ok
19:20:04.0625 2088 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
19:20:04.0625 2088 VgaSave - ok
19:20:04.0640 2088 ViaIde - ok
19:20:04.0656 2088 VolSnap (28a4b296b47782173c346e376cb374d1) C:\WINDOWS\system32\drivers\VolSnap.sys
19:20:04.0656 2088 VolSnap - ok
19:20:04.0687 2088 VSS (d6ba1a63d9e00933f1cd2a885573afb2) C:\WINDOWS\System32\vssvc.exe
19:20:04.0703 2088 VSS - ok
19:20:04.0734 2088 W32Time (fa4e1cdba256787f2149f4aad07bc91f) C:\WINDOWS\system32\w32time.dll
19:20:04.0750 2088 W32Time - ok
19:20:04.0765 2088 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
19:20:04.0765 2088 Wanarp - ok
19:20:04.0828 2088 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\Drivers\wdf01000.sys
19:20:04.0843 2088 Wdf01000 - ok
19:20:04.0859 2088 WDICA - ok
19:20:04.0890 2088 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
19:20:04.0890 2088 wdmaud - ok
19:20:04.0906 2088 WebClient (47ae51048a82dfa1cd6b51d369f7e169) C:\WINDOWS\System32\webclnt.dll
19:20:04.0921 2088 WebClient - ok
19:20:04.0984 2088 winmgmt (e488332126e3b1182d2b8a0c35408ec6) C:\WINDOWS\system32\wbem\WMIsvc.dll
19:20:05.0000 2088 winmgmt - ok
19:20:05.0046 2088 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
19:20:05.0046 2088 WmdmPmSN - ok
19:20:05.0125 2088 Wmi (0171cff34bba8c5977f18c48d8aef8c6) C:\WINDOWS\System32\advapi32.dll
19:20:05.0140 2088 Wmi - ok
19:20:05.0171 2088 WmiApSrv (23f6f03272f7e5679f1f050aed5acee6) C:\WINDOWS\System32\wbem\wmiapsrv.exe
19:20:05.0171 2088 WmiApSrv - ok
19:20:05.0328 2088 WMPNetworkSvc (3739866d20abd42f26a7b85f9e2560af) C:\Program Files\Windows Media Player\WMPNetwk.exe
19:20:05.0359 2088 WMPNetworkSvc - ok
19:20:05.0406 2088 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
19:20:05.0406 2088 WpdUsb - ok
19:20:05.0437 2088 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
19:20:05.0437 2088 WS2IFSL - ok
19:20:05.0484 2088 wscsvc (4c86d5faf78194995af9cc1075f65dd3) C:\WINDOWS\system32\wscsvc.dll
19:20:05.0484 2088 wscsvc - ok
19:20:05.0515 2088 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
19:20:05.0515 2088 WSTCODEC - ok
19:20:05.0562 2088 wuauserv (c1364564800ee9784192145324a23308) C:\WINDOWS\system32\wuauserv.dll
19:20:05.0562 2088 wuauserv - ok
19:20:05.0609 2088 WudfPf (6ff66513d372d479ef1810223c8d20ce) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
19:20:05.0609 2088 WudfPf - ok
19:20:05.0640 2088 WudfRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
19:20:05.0656 2088 WudfRd - ok
19:20:05.0687 2088 WudfSvc (575a4190d989f64732119e4114045a4f) C:\WINDOWS\System32\WUDFSvc.dll
19:20:05.0703 2088 WudfSvc - ok
19:20:05.0765 2088 WZCSVC (a27d4ba7264c0bf52f32d10405bea1d4) C:\WINDOWS\System32\wzcsvc.dll
19:20:05.0781 2088 WZCSVC - ok
19:20:05.0812 2088 xmlprov (eaa4bb9edb3fb10cf8979fe65e63658f) C:\WINDOWS\System32\xmlprov.dll
19:20:05.0843 2088 xmlprov - ok
19:20:05.0890 2088 yukonwxp (b29e7a2e211494ac05c2575d4725497a) C:\WINDOWS\system32\DRIVERS\yk51x86.sys
19:20:05.0906 2088 yukonwxp - ok
19:20:05.0921 2088 MBR (0x1B8) (413fc2a0c716421b3158746d63736515) \Device\Harddisk0\DR0
19:20:06.0453 2088 \Device\Harddisk0\DR0 - ok
19:20:06.0468 2088 Boot (0x1200) (829bbe8f6a0fbe153b2f7d3986734084) \Device\Harddisk0\DR0\Partition0
19:20:06.0468 2088 \Device\Harddisk0\DR0\Partition0 - ok
19:20:06.0484 2088 Boot (0x1200) (a34ead4098c5b86f3aeed56b66ff07d7) \Device\Harddisk0\DR0\Partition1
19:20:06.0484 2088 \Device\Harddisk0\DR0\Partition1 - ok
19:20:06.0484 2088 ============================================================
19:20:06.0484 2088 Scan finished
19:20:06.0484 2088 ============================================================
19:20:06.0515 2696 Detected object count: 2
19:20:06.0515 2696 Actual detected object count: 2
19:20:23.0140 2696 C:\WINDOWS\system32\DRIVERS\atapi.sys - copied to quarantine
19:20:23.0156 2696 atapi ( LockedFile.Multi.Generic ) - User select action: Quarantine
19:20:23.0312 2696 C:\WINDOWS\system32\Drivers\sptd.sys - copied to quarantine
19:20:23.0515 2696 sptd ( LockedFile.Multi.Generic ) - User select action: Quarantine

#15 Příspěvek od **Rudy** » 05 srp 2012 18:41

Vraťme se k ComoboFix a spusťte ho následujícím skriptem:

FCopy::
c:\windows\ServicePackFiles\i386\atapi.sys | c:\windows\system32\drivers\atapi.sys
c:\windows\ServicePackFiles\i386\sptd.sys | c:\windows\system32\drivers\sptd.sys

Reboot::

Způsob je stejný, jako v předchozím případě.

VIRY.CZ

nedajú sa otvárať dokumenty, obrázky

nedajú sa otvárať dokumenty, obrázky

Re: nedajú sa otvárať dokumenty, obrázky

Re: nedajú sa otvárať dokumenty, obrázky

Re: nedajú sa otvárať dokumenty, obrázky

Re: nedajú sa otvárať dokumenty, obrázky

Re: nedajú sa otvárať dokumenty, obrázky

Re: nedajú sa otvárať dokumenty, obrázky

Re: nedajú sa otvárať dokumenty, obrázky

Re: nedajú sa otvárať dokumenty, obrázky

Re: nedajú sa otvárať dokumenty, obrázky

Re: nedajú sa otvárať dokumenty, obrázky

Re: nedajú sa otvárať dokumenty, obrázky

Re: nedajú sa otvárať dokumenty, obrázky

Re: nedajú sa otvárať dokumenty, obrázky

Re: nedajú sa otvárať dokumenty, obrázky