Zavirovaný notebook

[muminek99]

Přeji dobrý podvečer.
Kamarádka mě pověřila opravou ntb. Po připojení k internetu se notebook resetoval, spustil se nouzový režim, ve kterém se to ihned restartovalo a znovu naběhl klasický windows. Po nakliknutí na antivir se oběvil enchance protect mode (nebo tak nějak ) a nešel scan notebooku. Nahrál jsem starší bod obnovy, ten mi pomohl tím, že můžu scanovat pc, připojit se na internet, ale očividně si s tím balastem, co tu má neumí microsofťácký antivir poradit a i já jsem s rozumem v koncích. Tímto se obracím na vás s prosbou o pomoc. Případně děkuji.

LOG:

Logfile of random's system information tool 1.09 (written by random/random)
Run by uzivatel at 2012-08-01 17:02:39
Microsoft® Windows Vista™ Home Basic
System drive C: has 89 GB (58%) free of 153 GB
Total RAM: 1015 MB (19% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:02:54, on 1.8.2012
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.17037)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\ICQ6.5\ICQ.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\uzivatel\Downloads\RSIT.exe
C:\Program Files\trend micro\uzivatel.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://googleure.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O1 - Hosts: ::1 localhost
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Pomocník pro přihlášení ke službě Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ6.5\ICQ.exe" silent
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: WikiKomentáře Google... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Zobrazit nebo skrýt HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Program Files\LSI SoftModem\agrsmsvc.exe
O23 - Service: Služba Google Update (gupdate1ca8be41cdc1a76) (gupdate1ca8be41cdc1a76) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: Remote Procedure Call (RPC) Net (rpcnet) - Absolute Software Corp. - C:\Windows\system32\rpcnet.exe

--
End of file - 8196 bytes

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

=========Mozilla firefox=========

ProfilePath - C:\Users\uzivatel\AppData\Roaming\Mozilla\Firefox\Profiles\jdnmicgl.default

prefs.js - "browser.startup.homepage" - "http://www.seznam.cz/"
prefs.js - "extensions.enabledItems" - "{20a82645-c095-46ed-80e3-08825760534b}:1.2.1, smartwebprinting@hp.com:4.5, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.17"

"{20a82645-c095-46ed-80e3-08825760534b}"=c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
"smartwebprinting@hp.com"=C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}

C:\Program Files\Mozilla Firefox\components\
binary.manifest
browsercomps.dll
nsIQTScriptablePlugin.xpt

C:\Program Files\Mozilla Firefox\plugins\
npqtplugin.dll
npqtplugin2.dll
npqtplugin3.dll
npqtplugin4.dll
npqtplugin5.dll
npqtplugin6.dll
npqtplugin7.dll
QuickTimePlugin.class

C:\Program Files\Mozilla Firefox\searchplugins\
google.xml
heureka-cz.xml
jyxo-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml

C:\Users\uzivatel\AppData\Roaming\Mozilla\Firefox\Profiles\jdnmicgl.default\extensions\
{20a82645-c095-46ed-80e3-08825760534b}
{ea614400-e918-4741-9a97-7a972ff7c30b}

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0347C33E-8762-4905-BF09-768834316C61}]
HP Print Enhancer - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-05-21 328248]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-12-21 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll [2005-11-10 184423]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocník pro přihlášení ke službě Windows Live - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2012-07-31 192112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype add-on for Internet Explorer - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-02-08 804136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll [2012-07-31 1003576]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}]
HP Smart BHO Class - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-05-21 509496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{855F3B16-6D32-4fe6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2009-08-16 962808]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2012-07-31 192112]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2009-10-29 1006264]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2008-05-22 141848]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2008-05-22 166424]
"Persistence"=C:\Windows\system32\igfxpers.exe [2008-05-22 133656]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2008-12-08 54576]
""= []
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-12-22 35760]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-12-11 948672]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2010-11-29 421888]
"MSC"=c:\Program Files\Microsoft Security Client\msseces.exe [2012-03-26 931200]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-10-27 1232896]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-10-29 39408]
"LightScribe Control Panel"=C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2009-08-20 2363392]
"Skype"=C:\Program Files\Skype\\Phone\Skype.exe [2010-04-06 26102056]
"ICQ"=C:\Program Files\ICQ6.5\ICQ.exe [2010-11-16 172856]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Users\uzivatel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
OpenOffice.org 3.0.lnk - C:\Program Files\OpenOffice.org 3\program\quickstart.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2008-02-11 204800]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\rpcnet]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\rpcnet]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv

======List of files/folders created in the last 1 month======

2012-08-01 17:02:41 ----D---- C:\Program Files\trend micro
2012-08-01 17:02:39 ----D---- C:\rsit
2012-07-31 17:05:50 ----A---- C:\Windows\system32\MRT.INI
2012-07-31 11:57:41 ----D---- C:\Program Files\Microsoft Security Client
2012-07-30 13:01:22 ----ASH---- C:\hiberfil.sys

======List of files/folders modified in the last 1 month======

2012-08-01 17:02:54 ----D---- C:\Windows\Prefetch
2012-08-01 17:02:44 ----D---- C:\Windows\Temp
2012-08-01 17:02:41 ----RD---- C:\Program Files
2012-08-01 16:57:08 ----A---- C:\Windows\system32\rpcnetp.exe
2012-08-01 15:17:09 ----SHD---- C:\System Volume Information
2012-08-01 14:22:39 ----D---- C:\Windows\System32
2012-08-01 14:22:39 ----A---- C:\Windows\system32\PerfStringBackup.INI
2012-08-01 14:15:01 ----A---- C:\Windows\system32\rpcnet.dll
2012-07-31 17:06:17 ----SHD---- C:\Windows\Installer
2012-07-31 17:03:42 ----D---- C:\Windows\Debug
2012-07-31 17:02:53 ----D---- C:\Windows\winsxs
2012-07-31 17:02:37 ----D---- C:\Program Files\Common Files\microsoft shared
2012-07-31 16:47:39 ----SD---- C:\Users\uzivatel\AppData\Roaming\Microsoft
2012-07-31 16:44:41 ----D---- C:\Windows\system32\catroot2
2012-07-31 12:34:31 ----SD---- C:\ProgramData\Microsoft
2012-07-31 11:58:27 ----D---- C:\Windows
2012-07-31 11:57:50 ----D---- C:\Windows\system32\catroot
2012-07-31 11:57:49 ----D---- C:\Windows\system32\drivers
2012-07-31 11:35:46 ----RSD---- C:\Windows\Fonts
2012-07-31 11:35:46 ----D---- C:\Windows\system32\cs-CZ
2012-07-31 11:35:45 ----D---- C:\Windows\system32\wbem
2012-07-31 11:35:34 ----D---- C:\Windows\system32\Msdtc
2012-07-31 11:34:39 ----D---- C:\Windows\system32\config
2012-07-31 11:18:29 ----D---- C:\Windows\system
2012-07-31 11:18:28 ----D---- C:\Windows\system32\zh-TW
2012-07-31 11:18:28 ----D---- C:\Windows\system32\zh-CN
2012-07-31 11:18:16 ----D---- C:\Windows\system32\uk-UA
2012-07-31 11:18:15 ----D---- C:\Windows\system32\tr-TR
2012-07-31 11:18:15 ----D---- C:\Windows\system32\th-TH
2012-07-31 11:18:13 ----D---- C:\Windows\system32\sysprep
2012-07-31 11:18:13 ----D---- C:\Windows\system32\sv-SE
2012-07-31 11:18:12 ----D---- C:\Windows\system32\sr-Latn-CS
2012-07-31 11:17:55 ----D---- C:\Windows\system32\sl-SI
2012-07-31 11:17:55 ----D---- C:\Windows\system32\sk-SK
2012-07-31 11:17:54 ----D---- C:\Windows\system32\setup
2012-07-31 11:17:52 ----D---- C:\Windows\system32\ru-RU
2012-07-31 11:17:52 ----D---- C:\Windows\system32\ro-RO
2012-07-31 11:17:48 ----D---- C:\Windows\system32\pt-PT
2012-07-31 11:17:48 ----D---- C:\Windows\system32\pt-BR
2012-07-31 11:17:47 ----D---- C:\Windows\system32\pl-PL
2012-07-31 11:17:45 ----D---- C:\Windows\system32\oobe
2012-07-31 11:17:43 ----D---- C:\Windows\system32\nl-NL
2012-07-31 11:17:42 ----D---- C:\Windows\system32\nb-NO
2012-07-31 11:17:37 ----D---- C:\Windows\system32\migwiz
2012-07-31 11:17:33 ----D---- C:\Windows\system32\migration
2012-07-31 11:17:32 ----D---- C:\Windows\system32\lv-LV
2012-07-31 11:17:32 ----D---- C:\Windows\system32\lt-LT
2012-07-31 11:17:27 ----D---- C:\Windows\system32\ko-KR
2012-07-31 11:17:22 ----D---- C:\Windows\system32\ja-JP
2012-07-31 11:17:22 ----D---- C:\Windows\system32\it-IT
2012-07-31 11:17:18 ----D---- C:\Windows\system32\ias
2012-07-31 11:17:18 ----D---- C:\Windows\system32\hu-HU
2012-07-31 11:17:17 ----D---- C:\Windows\system32\hr-HR
2012-07-31 11:17:17 ----D---- C:\Windows\system32\he-IL
2012-07-31 11:17:16 ----D---- C:\Windows\system32\fr-FR
2012-07-31 11:17:16 ----D---- C:\Windows\system32\fi-FI
2012-07-31 11:17:15 ----D---- C:\Windows\system32\et-EE
2012-07-31 11:17:15 ----D---- C:\Windows\system32\es-ES
2012-07-31 11:17:14 ----D---- C:\Windows\system32\en-US
2012-07-31 11:17:12 ----D---- C:\Windows\system32\el-GR
2012-07-31 11:16:59 ----D---- C:\Windows\system32\drivers\etc
2012-07-31 11:16:59 ----D---- C:\Windows\system32\drivers\cs-CZ
2012-07-31 11:16:54 ----D---- C:\Windows\system32\de-DE
2012-07-31 11:16:54 ----D---- C:\Windows\system32\da-DK
2012-07-31 11:16:53 ----D---- C:\Windows\system32\cs
2012-07-31 11:16:21 ----D---- C:\Windows\system32\com
2012-07-31 11:16:20 ----D---- C:\Windows\system32\CodeIntegrity
2012-07-31 11:16:14 ----D---- C:\Windows\system32\Boot
2012-07-31 11:16:14 ----D---- C:\Windows\system32\bg-BG
2012-07-31 11:16:13 ----D---- C:\Windows\system32\ar-SA
2012-07-31 11:16:11 ----D---- C:\Windows\PolicyDefinitions
2012-07-31 11:16:11 ----D---- C:\Windows\MSAgent
2012-07-31 11:16:10 ----RSD---- C:\Windows\Media
2012-07-31 11:16:08 ----D---- C:\Windows\L2Schemas
2012-07-31 11:16:08 ----D---- C:\Windows\inf
2012-07-31 11:16:06 ----D---- C:\Windows\IME
2012-07-31 11:15:47 ----SD---- C:\Windows\Downloaded Program Files
2012-07-31 11:15:47 ----D---- C:\Windows\DigitalLocker
2012-07-31 11:15:47 ----D---- C:\Windows\Cursors
2012-07-31 11:15:38 ----D---- C:\Windows\AppPatch
2012-07-31 11:15:37 ----D---- C:\Program Files\Windows Sidebar
2012-07-31 11:15:19 ----D---- C:\Program Files\Windows Photo Gallery
2012-07-31 11:15:18 ----D---- C:\Program Files\Windows Media Player
2012-07-31 11:15:18 ----D---- C:\Program Files\Windows Mail
2012-07-31 11:15:18 ----D---- C:\Program Files\Windows Defender
2012-07-31 11:15:17 ----D---- C:\Program Files\Windows Collaboration
2012-07-31 11:15:17 ----D---- C:\Program Files\MSN
2012-07-31 11:15:17 ----D---- C:\Program Files\Movie Maker
2012-07-31 11:15:16 ----D---- C:\Program Files\Internet Explorer
2012-07-31 10:58:23 ----D---- C:\Windows\Tasks
2012-07-31 10:58:23 ----D---- C:\Windows\tapi
2012-07-31 10:58:23 ----D---- C:\Windows\system32\Tasks
2012-07-31 10:58:22 ----D---- C:\Windows\system32\spool
2012-07-31 10:58:20 ----D---- C:\Windows\system32\drivers\UMDF
2012-07-31 10:57:40 ----D---- C:\Windows\cs-CZ
2012-07-31 10:57:39 ----RSD---- C:\Windows\assembly
2012-07-31 10:57:38 ----D---- C:\Users\uzivatel\AppData\Roaming\vlc
2012-07-31 10:57:32 ----D---- C:\Users\uzivatel\AppData\Roaming\dvdcss
2012-07-31 10:57:28 ----D---- C:\ProgramData\McAfee
2012-07-31 10:57:27 ----HD---- C:\ProgramData
2012-07-31 10:57:27 ----D---- C:\ProgramData\McAfee Security Scan
2012-07-31 10:57:26 ----D---- C:\Program Files\Mozilla Firefox
2012-07-31 10:57:24 ----D---- C:\Program Files\IrfanView
2012-07-31 10:57:14 ----D---- C:\Program Files\Burn4Free
2012-07-31 10:57:13 ----D---- C:\Program Files\Apple Software Update
2012-07-31 10:49:43 ----D---- C:\Windows\registration
2012-07-31 10:21:20 ----D---- C:\Users\uzivatel\AppData\Roaming\Skype
2012-07-30 12:27:15 ----D---- C:\Windows\ModemLogs
2012-07-03 03:13:34 ----A---- C:\Windows\system32\mrt.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 MpFilter;Microsoft Malware Protection Driver; C:\Windows\system32\DRIVERS\MpFilter.sys [2012-03-20 171064]
R1 MpKslba61089c;MpKslba61089c; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{ACDFB591-03AC-4E63-AFAB-24D5B4A8B1ED}\MpKslba61089c.sys [2012-08-01 29904]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\Windows\system32\DRIVERS\AGRSM.sys [2008-11-21 1204128]
R3 BCM43XX;Ovladač síťového adaptéru Broadcom 802.11; C:\Windows\system32\DRIVERS\bcmwl6.sys [2009-10-27 1331192]
R3 BthEnum;Služba Bluetooth Enumerator; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-10-27 19456]
R3 BthPan;Zařízení Bluetooth (síť PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2006-11-02 92160]
R3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2009-10-27 29184]
R3 e1express;Intel(R) PRO/1000 PCI Express Network Connection Driver; C:\Windows\system32\DRIVERS\e1e6032.sys [2007-04-12 223616]
R3 HBtnKey;HBtnKey; C:\Windows\system32\DRIVERS\cpqbttn.sys [2006-06-28 9472]
R3 HdAudAddService;Ovladač funkce Microsoft 1.1 UAA pro službu zvuku High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2008-02-11 2302976]
R3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2006-11-02 49664]
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2009-10-27 220160]
S3 Dot4;Ovladač MS IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4.sys [2006-11-02 131584]
S3 Dot4Print;Ovladač třídy tiskárny standardu IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Prt.sys [2006-11-02 16384]
S3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys [2006-11-02 36864]
S3 drmkaud;Dekodér zvuků DRM jádra společnosti Microsoft; C:\Windows\system32\drivers\drmkaud.sys [2006-11-02 5632]
S3 MSKSSRV;Server proxy služby datových proudů Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2006-11-02 8192]
S3 MSPCLOCK;Server proxy hodin datových proudů Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2006-11-02 5888]
S3 MSPQM;Server proxy správce kvality datových proudů Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2006-11-02 5504]
S3 MSTEE;Konvertor jímka-jímka typu T datových proudů Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2006-11-02 6016]
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2006-11-02 35328]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2006-11-02 82560]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AgereModemAudio;Agere Modem Call Progress Audio; C:\Program Files\LSI SoftModem\agrsmsvc.exe [2008-08-26 14336]
R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2006-11-02 22016]
R2 hpqddsvc;Služba HP CUE DeviceDiscovery; C:\Windows\system32\svchost.exe [2006-11-02 22016]
R2 ICQ Service;ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [2009-08-16 222968]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2009-08-20 73728]
R2 MsMpSvc;Microsoft Antimalware Service; c:\Program Files\Microsoft Security Client\MsMpEng.exe [2012-03-26 11552]
R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe [2009-09-23 935208]
R2 rpcnet;Remote Procedure Call (RPC) Net; C:\Windows\system32\rpcnet.exe [2011-03-14 58288]
R3 hpqcxs08;hpqcxs08; C:\Windows\system32\svchost.exe [2006-11-02 22016]
S2 gupdate1ca8be41cdc1a76;Služba Google Update (gupdate1ca8be41cdc1a76); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-01-02 133104]
S2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2006-11-02 22016]
S2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2006-11-02 22016]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-01-02 133104]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-10-29 182768]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]

-----------------EOF-----------------

[Rudy]

Zdravím!
Stáhněte OTM: http://oldtimer.geekstogo.com/OTM.exe a uložte na plochu. Spusťte a do levého okna zkopírujte:

:files
C:\Program Files\ICQ6Toolbar
C:\Program Files\Google\Google Toolbar
C:\Program Files\Skype\Toolbars
C:\Program Files\Google\GoogleToolbarNotifier
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

:reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"=-

:services
ICQ Service

:commands
[Purity]
[Emptytemp]
[Emptyflash]

a klikněte na >MoveIt!<. Po skenu restartujte PC a dejte nový log RSIT.

[muminek99]

Krásné ráno. Posílám nový log po provedení OTM.


Logfile of random's system information tool 1.09 (written by random/random)
Run by uzivatel at 2012-08-02 06:27:35
Microsoft® Windows Vista™ Home Basic
System drive C: has 92 GB (60%) free of 153 GB
Total RAM: 1015 MB (29% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 6:27:46, on 2.8.2012
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.17037)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\notepad.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\ICQ6.5\ICQ.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\uzivatel\Downloads\RSIT.exe
C:\Program Files\trend micro\uzivatel.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://googleure.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (file missing)
O1 - Hosts: ::1 localhost
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Pomocník pro přihlášení ke službě Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ6.5\ICQ.exe" silent
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: WikiKomentáře Google... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (file missing)
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (file missing)
O9 - Extra button: Zobrazit nebo skrýt HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (file missing)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Program Files\LSI SoftModem\agrsmsvc.exe
O23 - Service: Služba Google Update (gupdate1ca8be41cdc1a76) (gupdate1ca8be41cdc1a76) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: Remote Procedure Call (RPC) Net (rpcnet) - Absolute Software Corp. - C:\Windows\system32\rpcnet.exe

--
End of file - 7168 bytes

=========Mozilla firefox=========

ProfilePath - C:\Users\uzivatel\AppData\Roaming\Mozilla\Firefox\Profiles\jdnmicgl.default

prefs.js - "browser.startup.homepage" - "http://www.seznam.cz/"
prefs.js - "extensions.enabledItems" - "{20a82645-c095-46ed-80e3-08825760534b}:1.2.1, smartwebprinting@hp.com:4.5, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.17"

"{20a82645-c095-46ed-80e3-08825760534b}"=c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
"smartwebprinting@hp.com"=C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}

C:\Program Files\Mozilla Firefox\components\
binary.manifest
browsercomps.dll
nsIQTScriptablePlugin.xpt

C:\Program Files\Mozilla Firefox\plugins\
npqtplugin.dll
npqtplugin2.dll
npqtplugin3.dll
npqtplugin4.dll
npqtplugin5.dll
npqtplugin6.dll
npqtplugin7.dll
QuickTimePlugin.class

C:\Program Files\Mozilla Firefox\searchplugins\
google.xml
heureka-cz.xml
jyxo-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml

C:\Users\uzivatel\AppData\Roaming\Mozilla\Firefox\Profiles\jdnmicgl.default\extensions\
{20a82645-c095-46ed-80e3-08825760534b}
{ea614400-e918-4741-9a97-7a972ff7c30b}

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0347C33E-8762-4905-BF09-768834316C61}]
HP Print Enhancer - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-05-21 328248]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-12-21 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll [2005-11-10 184423]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocník pro přihlášení ke službě Windows Live - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}]
HP Smart BHO Class - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-05-21 509496]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2009-10-29 1006264]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2008-05-22 141848]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2008-05-22 166424]
"Persistence"=C:\Windows\system32\igfxpers.exe [2008-05-22 133656]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2008-12-08 54576]
""= []
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-12-22 35760]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-12-11 948672]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2010-11-29 421888]
"MSC"=c:\Program Files\Microsoft Security Client\msseces.exe [2012-03-26 931200]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-10-27 1232896]
"LightScribe Control Panel"=C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2009-08-20 2363392]
"Skype"=C:\Program Files\Skype\\Phone\Skype.exe [2010-04-06 26102056]
"ICQ"=C:\Program Files\ICQ6.5\ICQ.exe [2010-11-16 172856]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Users\uzivatel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
OpenOffice.org 3.0.lnk - C:\Program Files\OpenOffice.org 3\program\quickstart.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2008-02-11 204800]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\rpcnet]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\rpcnet]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv

======List of files/folders created in the last 1 month======

2012-08-02 06:18:12 ----D---- C:\_OTM
2012-08-01 17:02:41 ----D---- C:\Program Files\trend micro
2012-08-01 17:02:39 ----D---- C:\rsit
2012-07-31 17:05:50 ----A---- C:\Windows\system32\MRT.INI
2012-07-31 11:57:41 ----D---- C:\Program Files\Microsoft Security Client
2012-07-30 13:01:22 ----ASH---- C:\hiberfil.sys

======List of files/folders modified in the last 1 month======

2012-08-02 06:27:36 ----D---- C:\Windows\Temp
2012-08-02 06:27:36 ----D---- C:\Windows\Prefetch
2012-08-02 06:22:13 ----A---- C:\Windows\system32\rpcnetp.exe
2012-08-02 06:22:09 ----A---- C:\Windows\system32\rpcnet.dll
2012-08-02 06:18:16 ----RD---- C:\Program Files\Skype
2012-08-02 06:18:16 ----RD---- C:\Program Files
2012-08-02 06:18:16 ----D---- C:\Windows\Tasks
2012-08-02 06:18:16 ----D---- C:\Program Files\Google
2012-08-01 15:17:09 ----SHD---- C:\System Volume Information
2012-08-01 14:22:39 ----D---- C:\Windows\System32
2012-08-01 14:22:39 ----A---- C:\Windows\system32\PerfStringBackup.INI
2012-07-31 17:06:17 ----SHD---- C:\Windows\Installer
2012-07-31 17:03:42 ----D---- C:\Windows\Debug
2012-07-31 17:02:53 ----D---- C:\Windows\winsxs
2012-07-31 17:02:37 ----D---- C:\Program Files\Common Files\microsoft shared
2012-07-31 16:47:39 ----SD---- C:\Users\uzivatel\AppData\Roaming\Microsoft
2012-07-31 16:44:41 ----D---- C:\Windows\system32\catroot2
2012-07-31 12:34:31 ----SD---- C:\ProgramData\Microsoft
2012-07-31 11:58:27 ----D---- C:\Windows
2012-07-31 11:57:50 ----D---- C:\Windows\system32\catroot
2012-07-31 11:57:49 ----D---- C:\Windows\system32\drivers
2012-07-31 11:35:46 ----RSD---- C:\Windows\Fonts
2012-07-31 11:35:46 ----D---- C:\Windows\system32\cs-CZ
2012-07-31 11:35:45 ----D---- C:\Windows\system32\wbem
2012-07-31 11:35:34 ----D---- C:\Windows\system32\Msdtc
2012-07-31 11:34:39 ----D---- C:\Windows\system32\config
2012-07-31 11:18:29 ----D---- C:\Windows\system
2012-07-31 11:18:28 ----D---- C:\Windows\system32\zh-TW
2012-07-31 11:18:28 ----D---- C:\Windows\system32\zh-CN
2012-07-31 11:18:16 ----D---- C:\Windows\system32\uk-UA
2012-07-31 11:18:15 ----D---- C:\Windows\system32\tr-TR
2012-07-31 11:18:15 ----D---- C:\Windows\system32\th-TH
2012-07-31 11:18:13 ----D---- C:\Windows\system32\sysprep
2012-07-31 11:18:13 ----D---- C:\Windows\system32\sv-SE
2012-07-31 11:18:12 ----D---- C:\Windows\system32\sr-Latn-CS
2012-07-31 11:17:55 ----D---- C:\Windows\system32\sl-SI
2012-07-31 11:17:55 ----D---- C:\Windows\system32\sk-SK
2012-07-31 11:17:54 ----D---- C:\Windows\system32\setup
2012-07-31 11:17:52 ----D---- C:\Windows\system32\ru-RU
2012-07-31 11:17:52 ----D---- C:\Windows\system32\ro-RO
2012-07-31 11:17:48 ----D---- C:\Windows\system32\pt-PT
2012-07-31 11:17:48 ----D---- C:\Windows\system32\pt-BR
2012-07-31 11:17:47 ----D---- C:\Windows\system32\pl-PL
2012-07-31 11:17:45 ----D---- C:\Windows\system32\oobe
2012-07-31 11:17:43 ----D---- C:\Windows\system32\nl-NL
2012-07-31 11:17:42 ----D---- C:\Windows\system32\nb-NO
2012-07-31 11:17:37 ----D---- C:\Windows\system32\migwiz
2012-07-31 11:17:33 ----D---- C:\Windows\system32\migration
2012-07-31 11:17:32 ----D---- C:\Windows\system32\lv-LV
2012-07-31 11:17:32 ----D---- C:\Windows\system32\lt-LT
2012-07-31 11:17:27 ----D---- C:\Windows\system32\ko-KR
2012-07-31 11:17:22 ----D---- C:\Windows\system32\ja-JP
2012-07-31 11:17:22 ----D---- C:\Windows\system32\it-IT
2012-07-31 11:17:18 ----D---- C:\Windows\system32\ias
2012-07-31 11:17:18 ----D---- C:\Windows\system32\hu-HU
2012-07-31 11:17:17 ----D---- C:\Windows\system32\hr-HR
2012-07-31 11:17:17 ----D---- C:\Windows\system32\he-IL
2012-07-31 11:17:16 ----D---- C:\Windows\system32\fr-FR
2012-07-31 11:17:16 ----D---- C:\Windows\system32\fi-FI
2012-07-31 11:17:15 ----D---- C:\Windows\system32\et-EE
2012-07-31 11:17:15 ----D---- C:\Windows\system32\es-ES
2012-07-31 11:17:14 ----D---- C:\Windows\system32\en-US
2012-07-31 11:17:12 ----D---- C:\Windows\system32\el-GR
2012-07-31 11:16:59 ----D---- C:\Windows\system32\drivers\etc
2012-07-31 11:16:59 ----D---- C:\Windows\system32\drivers\cs-CZ
2012-07-31 11:16:54 ----D---- C:\Windows\system32\de-DE
2012-07-31 11:16:54 ----D---- C:\Windows\system32\da-DK
2012-07-31 11:16:53 ----D---- C:\Windows\system32\cs
2012-07-31 11:16:21 ----D---- C:\Windows\system32\com
2012-07-31 11:16:20 ----D---- C:\Windows\system32\CodeIntegrity
2012-07-31 11:16:14 ----D---- C:\Windows\system32\Boot
2012-07-31 11:16:14 ----D---- C:\Windows\system32\bg-BG
2012-07-31 11:16:13 ----D---- C:\Windows\system32\ar-SA
2012-07-31 11:16:11 ----D---- C:\Windows\PolicyDefinitions
2012-07-31 11:16:11 ----D---- C:\Windows\MSAgent
2012-07-31 11:16:10 ----RSD---- C:\Windows\Media
2012-07-31 11:16:08 ----D---- C:\Windows\L2Schemas
2012-07-31 11:16:08 ----D---- C:\Windows\inf
2012-07-31 11:16:06 ----D---- C:\Windows\IME
2012-07-31 11:15:47 ----SD---- C:\Windows\Downloaded Program Files
2012-07-31 11:15:47 ----D---- C:\Windows\DigitalLocker
2012-07-31 11:15:47 ----D---- C:\Windows\Cursors
2012-07-31 11:15:38 ----D---- C:\Windows\AppPatch
2012-07-31 11:15:37 ----D---- C:\Program Files\Windows Sidebar
2012-07-31 11:15:19 ----D---- C:\Program Files\Windows Photo Gallery
2012-07-31 11:15:18 ----D---- C:\Program Files\Windows Media Player
2012-07-31 11:15:18 ----D---- C:\Program Files\Windows Mail
2012-07-31 11:15:18 ----D---- C:\Program Files\Windows Defender
2012-07-31 11:15:17 ----D---- C:\Program Files\Windows Collaboration
2012-07-31 11:15:17 ----D---- C:\Program Files\MSN
2012-07-31 11:15:17 ----D---- C:\Program Files\Movie Maker
2012-07-31 11:15:16 ----D---- C:\Program Files\Internet Explorer
2012-07-31 10:58:23 ----D---- C:\Windows\tapi
2012-07-31 10:58:23 ----D---- C:\Windows\system32\Tasks
2012-07-31 10:58:22 ----D---- C:\Windows\system32\spool
2012-07-31 10:58:20 ----D---- C:\Windows\system32\drivers\UMDF
2012-07-31 10:57:40 ----D---- C:\Windows\cs-CZ
2012-07-31 10:57:39 ----RSD---- C:\Windows\assembly
2012-07-31 10:57:38 ----D---- C:\Users\uzivatel\AppData\Roaming\vlc
2012-07-31 10:57:32 ----D---- C:\Users\uzivatel\AppData\Roaming\dvdcss
2012-07-31 10:57:28 ----D---- C:\ProgramData\McAfee
2012-07-31 10:57:27 ----HD---- C:\ProgramData
2012-07-31 10:57:27 ----D---- C:\ProgramData\McAfee Security Scan
2012-07-31 10:57:26 ----D---- C:\Program Files\Mozilla Firefox
2012-07-31 10:57:24 ----D---- C:\Program Files\IrfanView
2012-07-31 10:57:14 ----D---- C:\Program Files\Burn4Free
2012-07-31 10:57:13 ----D---- C:\Program Files\Apple Software Update
2012-07-31 10:49:43 ----D---- C:\Windows\registration
2012-07-31 10:21:20 ----D---- C:\Users\uzivatel\AppData\Roaming\Skype
2012-07-30 12:27:15 ----D---- C:\Windows\ModemLogs
2012-07-03 03:13:34 ----A---- C:\Windows\system32\mrt.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 MpFilter;Microsoft Malware Protection Driver; C:\Windows\system32\DRIVERS\MpFilter.sys [2012-03-20 171064]
R1 MpKslba61089c;MpKslba61089c; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{ACDFB591-03AC-4E63-AFAB-24D5B4A8B1ED}\MpKslba61089c.sys [2012-08-01 29904]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\Windows\system32\DRIVERS\AGRSM.sys [2008-11-21 1204128]
R3 BCM43XX;Ovladač síťového adaptéru Broadcom 802.11; C:\Windows\system32\DRIVERS\bcmwl6.sys [2009-10-27 1331192]
R3 BthEnum;Služba Bluetooth Enumerator; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-10-27 19456]
R3 BthPan;Zařízení Bluetooth (síť PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2006-11-02 92160]
R3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2009-10-27 29184]
R3 e1express;Intel(R) PRO/1000 PCI Express Network Connection Driver; C:\Windows\system32\DRIVERS\e1e6032.sys [2007-04-12 223616]
R3 HBtnKey;HBtnKey; C:\Windows\system32\DRIVERS\cpqbttn.sys [2006-06-28 9472]
R3 HdAudAddService;Ovladač funkce Microsoft 1.1 UAA pro službu zvuku High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2008-02-11 2302976]
R3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2006-11-02 49664]
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2009-10-27 220160]
S3 Dot4;Ovladač MS IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4.sys [2006-11-02 131584]
S3 Dot4Print;Ovladač třídy tiskárny standardu IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Prt.sys [2006-11-02 16384]
S3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys [2006-11-02 36864]
S3 drmkaud;Dekodér zvuků DRM jádra společnosti Microsoft; C:\Windows\system32\drivers\drmkaud.sys [2006-11-02 5632]
S3 MSKSSRV;Server proxy služby datových proudů Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2006-11-02 8192]
S3 MSPCLOCK;Server proxy hodin datových proudů Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2006-11-02 5888]
S3 MSPQM;Server proxy správce kvality datových proudů Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2006-11-02 5504]
S3 MSTEE;Konvertor jímka-jímka typu T datových proudů Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2006-11-02 6016]
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2006-11-02 35328]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2006-11-02 82560]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AgereModemAudio;Agere Modem Call Progress Audio; C:\Program Files\LSI SoftModem\agrsmsvc.exe [2008-08-26 14336]
R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2006-11-02 22016]
R2 hpqddsvc;Služba HP CUE DeviceDiscovery; C:\Windows\system32\svchost.exe [2006-11-02 22016]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2009-08-20 73728]
R2 MsMpSvc;Microsoft Antimalware Service; c:\Program Files\Microsoft Security Client\MsMpEng.exe [2012-03-26 11552]
R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe [2009-09-23 935208]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2006-11-02 22016]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2006-11-02 22016]
R2 rpcnet;Remote Procedure Call (RPC) Net; C:\Windows\system32\rpcnet.exe [2011-03-14 58288]
R3 hpqcxs08;hpqcxs08; C:\Windows\system32\svchost.exe [2006-11-02 22016]
S2 gupdate1ca8be41cdc1a76;Služba Google Update (gupdate1ca8be41cdc1a76); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-01-02 133104]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-01-02 133104]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-10-29 182768]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]

-----------------EOF-----------------

[Rudy]

Dvouklikem na soubor C:\Program Files\trend micro\uzivatel.exe spusťte HijackThis. Klikněte na "Do a system scan only" a v otevřeném okně vlevo ve čtverečcích zaškrtněte:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://googleure.com
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (file missing)
O8 - Extra context menu item: WikiKomentáře Google... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (file missing)
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (file missing)
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (file missing)

Klikněte na >FixChecked<. Pak znovu spusťte OTM a klikněte na >CleanUp<. OTM po sobě uklidí. Nakonec restartujte PC.

[muminek99]

Uděláno. Nějaké další kroky? Projel jsem noťas Microsoft antivirem a ten mi našel Trojan:DOS/Alureon.A :/
Jinak děkuji za pomoc, už i rychleji startuje
EDIT: Po restartu už mi nenaběhne ani win (hned BSOD a reset). Jen v nouzovým režimu :/ Do teď to šlapalo, projel jsem to antivirem, reset a KO

[Rudy]

Otevřte adresář windows\minidump, jeho obsah zabalte do raru a přiložte k vašemu příštímu postu.

[muminek99]

http://leteckaposta.cz/596548293
Jinak žádná změna, normálně win nenaskočí, jen v nouz. režimu.

[Rudy]

OK. Problém podle minidumpu může být jak sw, tak hw. Dejte log ComboFix:

Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se

jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine

aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode,

pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k

nezadoucim kolizim s rezidentem antispyware

[muminek99]

Snad se mi to povedlo udělat dobře:

ComboFix 12-08-05.02 - uzivatel 05.08.2012 21:46:00.1.2 - x86 NETWORK
Microsoft® Windows Vista™ Home Basic 6.0.6000.0.1250.420.1029.18.1015.540 [GMT 2:00]
Spuštěný z: c:\users\uzivatel\Desktop\ComboFix.exe
* Vytvořen nový Bod Obnovení
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\uzivatel\AppData\Roaming\69AF.tmp
c:\windows\proc_list1.log
c:\windows\winsetupapi.log
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-07-05 do 2012-08-05 )))))))))))))))))))))))))))))))
.
.
2012-08-05 19:50 . 2012-08-05 19:51 -------- d-----w- c:\users\uzivatel\AppData\Local\temp
2012-08-05 19:50 . 2012-08-05 19:50 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-03 10:14 . 2012-07-16 00:41 6891424 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{76F5D97C-76C9-4B6F-BAC5-8616FF1500AC}\mpengine.dll
2012-08-03 10:06 . 2012-07-03 16:21 353688 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-08-03 10:06 . 2012-07-03 16:21 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-08-03 10:06 . 2012-07-03 16:21 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-08-03 10:06 . 2012-07-03 16:21 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-08-03 10:06 . 2012-07-03 16:21 721000 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-08-03 10:06 . 2012-07-03 16:21 57656 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-08-03 10:05 . 2012-07-03 16:21 41224 ----a-w- c:\windows\avastSS.scr
2012-08-03 10:05 . 2012-07-03 16:21 227648 ----a-w- c:\windows\system32\aswBoot.exe
2012-08-03 10:04 . 2012-08-03 10:04 -------- d-----w- c:\programdata\AVAST Software
2012-08-03 10:04 . 2012-08-03 10:04 -------- d-----w- c:\program files\AVAST Software
2012-08-03 09:53 . 2012-08-03 09:53 -------- d-----w- c:\programdata\CheckPoint
2012-08-01 15:02 . 2012-08-02 20:00 -------- d-----w- c:\program files\trend micro
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-05 19:35 . 2009-10-27 13:24 17408 ----a-w- c:\windows\system32\rpcnetp.exe
2012-08-05 19:34 . 2009-10-27 15:01 58288 ----a-w- c:\windows\system32\rpcnet.dll
2012-08-04 10:23 . 2012-08-04 10:17 18998 ----a-w- c:\windows\Minidump.zip
2012-05-31 10:25 . 2009-10-27 16:37 237072 ------w- c:\windows\system32\MpSigStub.exe
2011-06-22 20:18 . 2011-05-05 20:00 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-07-03 16:21 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-10-27 1232896]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-08-20 2363392]
"Skype"="c:\program files\Skype\\Phone\Skype.exe" [2010-04-06 26102056]
"ICQ"="c:\program files\ICQ6.5\ICQ.exe" [2010-11-16 172856]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-05-22 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-05-22 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-05-22 133656]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-07-03 4273976]
.
c:\users\uzivatel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-10-5 393216]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - ECACHE
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
bthsvcs REG_MULTI_SZ BthServ
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-08-20 12:24 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
.
------- Doplňkový sken -------
.
TCP: DhcpNameServer = 10.0.0.138
FF - ProfilePath - c:\users\uzivatel\AppData\Roaming\Mozilla\Firefox\Profiles\jdnmicgl.default\
FF - prefs.js: browser.search.selectedEngine - Jyxo.cz
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
AddRemove-Agere Systems Soft Modem - c:\windows\agrsmdel
AddRemove-ICQToolbar - c:\program files\ICQ6Toolbar\ICQUnToolbar.exe
AddRemove-{2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\Google\Google Toolbar\Component\GoogleToolbarManager_F91D44FAA5479127.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-08-05 21:51
Windows 6.0.6000 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\msiserver]
"ImagePath"="%systemroot%\system32\msiexec /V"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Celkový čas: 2012-08-05 21:52:54
ComboFix-quarantined-files.txt 2012-08-05 19:52
.
Před spuštěním: Volných bajtů: 95 607 570 432
Po spuštění: Volných bajtů: 95 547 125 760
.
- - End Of File - - 6047024562BA35FDF8A1E2204CA9607B

[Rudy]

Ještě dočistíme. Otevřte poznámkový blok a zkopírujte do něj:

RegLock::
[HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

Reboot::

Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComkboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.

[muminek99]

Provedeno, ale stále jde jen nouzový režim.

[Rudy]

Udělejte sken GMER: http://forum.viry.cz/viewtopic.php?f=29&t=62878 a dejte oba logy.

[muminek99]

První log, druhý dodám, až bude hotov.

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2012-08-06 19:25:34
Windows 6.0.6000 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-2 WDC_WD1600BEVT-00ZCT0 rev.11.01A11
Running: gmer.exe; Driver: C:\Users\uzivatel\AppData\Local\Temp\uglyrkob.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\tdx \Device\Tcp AswRdr.SYS (avast! TDI Redirect Driver/AVAST Software)

---- EOF - GMER 1.0.15 ----

[muminek99]

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-08-06 19:48:15
Windows 6.0.6000 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-2 WDC_WD1600BEVT-00ZCT0 rev.11.01A11
Running: gmer.exe; Driver: C:\Users\uzivatel\AppData\Local\Temp\uglyrkob.sys


---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Google\Chrome\Application\chrome.exe[624] ntdll.dll!NtCreateFile + 6 7759F41A 4 Bytes [28, 00, 35, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[624] ntdll.dll!NtCreateFile + B 7759F41F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[624] ntdll.dll!NtMapViewOfSection + 6 7759FB6A 1 Byte [28]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[624] ntdll.dll!NtMapViewOfSection + 6 7759FB6A 4 Bytes [28, 03, 35, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[624] ntdll.dll!NtMapViewOfSection + B 7759FB6F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[624] ntdll.dll!NtOpenFile + 6 7759FBFA 4 Bytes [68, 00, 35, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[624] ntdll.dll!NtOpenFile + B 7759FBFF 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[624] ntdll.dll!NtOpenProcess + 6 7759FC7A 4 Bytes [A8, 01, 35, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[624] ntdll.dll!NtOpenProcess + B 7759FC7F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[624] ntdll.dll!NtOpenProcessToken + 6 7759FC8A 4 Bytes CALL 765A3190 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[624] ntdll.dll!NtOpenProcessToken + B 7759FC8F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[624] ntdll.dll!NtOpenProcessTokenEx + 6 7759FC9A 4 Bytes [A8, 02, 35, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[624] ntdll.dll!NtOpenProcessTokenEx + B 7759FC9F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[624] ntdll.dll!NtOpenThread + 6 7759FCEA 4 Bytes [68, 01, 35, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[624] ntdll.dll!NtOpenThread + B 7759FCEF 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[624] ntdll.dll!NtOpenThreadToken + 6 7759FCFA 4 Bytes [68, 02, 35, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[624] ntdll.dll!NtOpenThreadToken + B 7759FCFF 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[624] ntdll.dll!NtOpenThreadTokenEx + 6 7759FD0A 4 Bytes CALL 765A3211 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[624] ntdll.dll!NtOpenThreadTokenEx + B 7759FD0F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[624] ntdll.dll!NtQueryAttributesFile + 6 7759FD9A 4 Bytes [A8, 00, 35, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[624] ntdll.dll!NtQueryAttributesFile + B 7759FD9F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[624] ntdll.dll!NtQueryFullAttributesFile + 6 7759FE4A 4 Bytes CALL 765A334F C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[624] ntdll.dll!NtQueryFullAttributesFile + B 7759FE4F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[624] ntdll.dll!NtSetInformationFile + 6 775A036A 4 Bytes [28, 01, 35, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[624] ntdll.dll!NtSetInformationFile + B 775A036F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[624] ntdll.dll!NtSetInformationThread + 6 775A03BA 4 Bytes [28, 02, 35, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[624] ntdll.dll!NtSetInformationThread + B 775A03BF 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[624] ntdll.dll!NtUnmapViewOfSection + 6 775A065A 1 Byte [68]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[624] ntdll.dll!NtUnmapViewOfSection + 6 775A065A 4 Bytes [68, 03, 35, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[624] ntdll.dll!NtUnmapViewOfSection + B 775A065F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1624] ntdll.dll!NtCreateFile + 6 7759F41A 4 Bytes [28, 00, 30, 00] {SUB [EAX], AL; XOR [EAX], AL}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1624] ntdll.dll!NtCreateFile + B 7759F41F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1624] ntdll.dll!NtMapViewOfSection + 6 7759FB6A 1 Byte [28]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1624] ntdll.dll!NtMapViewOfSection + 6 7759FB6A 4 Bytes [28, 03, 30, 00] {SUB [EBX], AL; XOR [EAX], AL}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1624] ntdll.dll!NtMapViewOfSection + B 7759FB6F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1624] ntdll.dll!NtOpenFile + 6 7759FBFA 4 Bytes [68, 00, 30, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1624] ntdll.dll!NtOpenFile + B 7759FBFF 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1624] ntdll.dll!NtOpenProcess + 6 7759FC7A 4 Bytes [A8, 01, 30, 00] {TEST AL, 0x1; XOR [EAX], AL}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1624] ntdll.dll!NtOpenProcess + B 7759FC7F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1624] ntdll.dll!NtOpenProcessToken + 6 7759FC8A 4 Bytes CALL 765A2C90 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1624] ntdll.dll!NtOpenProcessToken + B 7759FC8F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1624] ntdll.dll!NtOpenProcessTokenEx + 6 7759FC9A 4 Bytes [A8, 02, 30, 00] {TEST AL, 0x2; XOR [EAX], AL}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1624] ntdll.dll!NtOpenProcessTokenEx + B 7759FC9F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1624] ntdll.dll!NtOpenThread + 6 7759FCEA 4 Bytes [68, 01, 30, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1624] ntdll.dll!NtOpenThread + B 7759FCEF 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1624] ntdll.dll!NtOpenThreadToken + 6 7759FCFA 4 Bytes [68, 02, 30, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1624] ntdll.dll!NtOpenThreadToken + B 7759FCFF 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1624] ntdll.dll!NtOpenThreadTokenEx + 6 7759FD0A 4 Bytes CALL 765A2D11 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1624] ntdll.dll!NtOpenThreadTokenEx + B 7759FD0F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1624] ntdll.dll!NtQueryAttributesFile + 6 7759FD9A 4 Bytes [A8, 00, 30, 00] {TEST AL, 0x0; XOR [EAX], AL}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1624] ntdll.dll!NtQueryAttributesFile + B 7759FD9F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1624] ntdll.dll!NtQueryFullAttributesFile + 6 7759FE4A 4 Bytes CALL 765A2E4F C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1624] ntdll.dll!NtQueryFullAttributesFile + B 7759FE4F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1624] ntdll.dll!NtSetInformationFile + 6 775A036A 4 Bytes [28, 01, 30, 00] {SUB [ECX], AL; XOR [EAX], AL}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1624] ntdll.dll!NtSetInformationFile + B 775A036F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1624] ntdll.dll!NtSetInformationThread + 6 775A03BA 4 Bytes [28, 02, 30, 00] {SUB [EDX], AL; XOR [EAX], AL}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1624] ntdll.dll!NtSetInformationThread + B 775A03BF 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1624] ntdll.dll!NtUnmapViewOfSection + 6 775A065A 1 Byte [68]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1624] ntdll.dll!NtUnmapViewOfSection + 6 775A065A 4 Bytes [68, 03, 30, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1624] ntdll.dll!NtUnmapViewOfSection + B 775A065F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1668] ntdll.dll!NtCreateFile + 6 7759F41A 4 Bytes [28, 00, 27, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1668] ntdll.dll!NtCreateFile + B 7759F41F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1668] ntdll.dll!NtMapViewOfSection + 6 7759FB6A 1 Byte [28]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1668] ntdll.dll!NtMapViewOfSection + 6 7759FB6A 4 Bytes [28, 03, 27, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1668] ntdll.dll!NtMapViewOfSection + B 7759FB6F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1668] ntdll.dll!NtOpenFile + 6 7759FBFA 4 Bytes [68, 00, 27, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1668] ntdll.dll!NtOpenFile + B 7759FBFF 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1668] ntdll.dll!NtOpenProcess + 6 7759FC7A 4 Bytes [A8, 01, 27, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1668] ntdll.dll!NtOpenProcess + B 7759FC7F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1668] ntdll.dll!NtOpenProcessToken + 6 7759FC8A 4 Bytes CALL 765A2390 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1668] ntdll.dll!NtOpenProcessToken + B 7759FC8F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1668] ntdll.dll!NtOpenProcessTokenEx + 6 7759FC9A 4 Bytes [A8, 02, 27, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1668] ntdll.dll!NtOpenProcessTokenEx + B 7759FC9F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1668] ntdll.dll!NtOpenThread + 6 7759FCEA 4 Bytes [68, 01, 27, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1668] ntdll.dll!NtOpenThread + B 7759FCEF 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1668] ntdll.dll!NtOpenThreadToken + 6 7759FCFA 4 Bytes [68, 02, 27, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1668] ntdll.dll!NtOpenThreadToken + B 7759FCFF 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1668] ntdll.dll!NtOpenThreadTokenEx + 6 7759FD0A 4 Bytes CALL 765A2411 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1668] ntdll.dll!NtOpenThreadTokenEx + B 7759FD0F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1668] ntdll.dll!NtQueryAttributesFile + 6 7759FD9A 4 Bytes [A8, 00, 27, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1668] ntdll.dll!NtQueryAttributesFile + B 7759FD9F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1668] ntdll.dll!NtQueryFullAttributesFile + 6 7759FE4A 4 Bytes CALL 765A254F C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1668] ntdll.dll!NtQueryFullAttributesFile + B 7759FE4F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1668] ntdll.dll!NtSetInformationFile + 6 775A036A 4 Bytes [28, 01, 27, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1668] ntdll.dll!NtSetInformationFile + B 775A036F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1668] ntdll.dll!NtSetInformationThread + 6 775A03BA 4 Bytes [28, 02, 27, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1668] ntdll.dll!NtSetInformationThread + B 775A03BF 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1668] ntdll.dll!NtUnmapViewOfSection + 6 775A065A 1 Byte [68]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1668] ntdll.dll!NtUnmapViewOfSection + 6 775A065A 4 Bytes [68, 03, 27, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1668] ntdll.dll!NtUnmapViewOfSection + B 775A065F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1848] ntdll.dll!NtCreateFile + 6 7759F41A 4 Bytes [28, 00, 1F, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1848] ntdll.dll!NtCreateFile + B 7759F41F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1848] ntdll.dll!NtMapViewOfSection + 6 7759FB6A 1 Byte [28]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1848] ntdll.dll!NtMapViewOfSection + 6 7759FB6A 4 Bytes [28, 03, 1F, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1848] ntdll.dll!NtMapViewOfSection + B 7759FB6F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1848] ntdll.dll!NtOpenFile + 6 7759FBFA 4 Bytes [68, 00, 1F, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1848] ntdll.dll!NtOpenFile + B 7759FBFF 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1848] ntdll.dll!NtOpenProcess + 6 7759FC7A 4 Bytes [A8, 01, 1F, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1848] ntdll.dll!NtOpenProcess + B 7759FC7F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1848] ntdll.dll!NtOpenProcessToken + 6 7759FC8A 4 Bytes CALL 765A1B90 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1848] ntdll.dll!NtOpenProcessToken + B 7759FC8F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1848] ntdll.dll!NtOpenProcessTokenEx + 6 7759FC9A 4 Bytes [A8, 02, 1F, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1848] ntdll.dll!NtOpenProcessTokenEx + B 7759FC9F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1848] ntdll.dll!NtOpenThread + 6 7759FCEA 4 Bytes [68, 01, 1F, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1848] ntdll.dll!NtOpenThread + B 7759FCEF 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1848] ntdll.dll!NtOpenThreadToken + 6 7759FCFA 4 Bytes [68, 02, 1F, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1848] ntdll.dll!NtOpenThreadToken + B 7759FCFF 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1848] ntdll.dll!NtOpenThreadTokenEx + 6 7759FD0A 4 Bytes CALL 765A1C11 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1848] ntdll.dll!NtOpenThreadTokenEx + B 7759FD0F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1848] ntdll.dll!NtQueryAttributesFile + 6 7759FD9A 4 Bytes [A8, 00, 1F, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1848] ntdll.dll!NtQueryAttributesFile + B 7759FD9F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1848] ntdll.dll!NtQueryFullAttributesFile + 6 7759FE4A 4 Bytes CALL 765A1D4F C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1848] ntdll.dll!NtQueryFullAttributesFile + B 7759FE4F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1848] ntdll.dll!NtSetInformationFile + 6 775A036A 4 Bytes [28, 01, 1F, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1848] ntdll.dll!NtSetInformationFile + B 775A036F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1848] ntdll.dll!NtSetInformationThread + 6 775A03BA 4 Bytes [28, 02, 1F, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1848] ntdll.dll!NtSetInformationThread + B 775A03BF 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1848] ntdll.dll!NtUnmapViewOfSection + 6 775A065A 1 Byte [68]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1848] ntdll.dll!NtUnmapViewOfSection + 6 775A065A 4 Bytes [68, 03, 1F, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1848] ntdll.dll!NtUnmapViewOfSection + B 775A065F 1 Byte [E2]

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\Google\Chrome\Application\chrome.exe[624] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 00010010
IAT C:\Windows\Explorer.EXE[1512] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [746DFBC8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1512] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [746AB9AA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1512] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [7469A31F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1512] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [7469CBFF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1512] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [74698AB2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1512] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [746ACF28] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1512] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [74697D98] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1512] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [74697CFF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1512] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [74696A64] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1512] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [7472C1D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1512] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [746B7F56] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1512] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [746990CD] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1512] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [746A2179] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1512] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [746A21A4] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1512] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [746A7F1C] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1512] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [746A7D3E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1512] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [746D83D5] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Program Files\Google\Chrome\Application\chrome.exe[1624] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 00010010
IAT C:\Program Files\Google\Chrome\Application\chrome.exe[1668] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 00010010
IAT C:\Program Files\Google\Chrome\Application\chrome.exe[1848] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 00010010

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\tdx \Device\Tcp AswRdr.SYS (avast! TDI Redirect Driver/AVAST Software)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Control\Lsa@LsaPid 712
Reg HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\rpcnet
Reg HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\rpcnet@ Service
Reg HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rpcnet
Reg HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rpcnet@ Service
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management@ExistingPageFiles \??\C:\pagefile.sys?
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\PrefetchParameters@BootId 594
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\PrefetchParameters@BaseTime 357112891
Reg HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server@InstanceID f96d74be-a76b-4f82-900b-dbf5ed9
Reg HKLM\SYSTEM\CurrentControlSet\Control\WMI\Autologger\WdiContextLog@FileCounter 3
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\002186c17e71
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\002186c17e71@0026ccc5e9fa 0x34 0x78 0x9B 0x28 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\002186c17e71@0012ee927cb6 0x28 0x25 0x16 0xD9 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\002186c17e71@c87e758168b1 0x4D 0xA8 0x18 0xA4 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\Ecache\Parameters@LastBootStatus 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\Ecache\Parameters@ReadyBootPlanUsage 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch@Epoch 771
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{DE9D781F-F5F2-48A5-8F96-67C6B015E86D}@LeaseObtainedTime 1343987406
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{DE9D781F-F5F2-48A5-8F96-67C6B015E86D}@T1 1344117006
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{DE9D781F-F5F2-48A5-8F96-67C6B015E86D}@T2 1344214206
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{DE9D781F-F5F2-48A5-8F96-67C6B015E86D}@LeaseTerminatesTime 1344246606
Reg HKLM\SYSTEM\CurrentControlSet\Services\Winmgmt\Parameters@ServiceDllUnloadOnStop 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\WmiApRpl\Performance@Object List 75220 75226 75238 75248 75258 75278 75322 75332 75370 75376 75392 75400
Reg HKLM\SYSTEM\CurrentControlSet\Services\WmiApRpl\Performance@Last Counter 75414
Reg HKLM\SYSTEM\CurrentControlSet\Services\WmiApRpl\Performance@Last Help 75415
Reg HKLM\SYSTEM\CurrentControlSet\Services\WmiApRpl\Performance@First Counter 75220
Reg HKLM\SYSTEM\CurrentControlSet\Services\WmiApRpl\Performance@First Help 75221
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\002186c17e71 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\002186c17e71@0026ccc5e9fa 0x34 0x78 0x9B 0x28 ...
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\002186c17e71@0012ee927cb6 0x28 0x25 0x16 0xD9 ...
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\002186c17e71@c87e758168b1 0x4D 0xA8 0x18 0xA4 ...
Reg HKLM\SOFTWARE\Microsoft\Windows Media Player NSS\3.0\Events\{5A90F59C-3117-45C8-90DE-E02D84ADCE35}
Reg HKLM\SOFTWARE\Microsoft\Windows Media Player NSS\3.0\Events\{CA37CF44-EEDA-4656-84EC-274A7141019A}
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib@Last Counter 75414
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib@Last Help 75415
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-777075007-1003634498-1960984930-1000@State 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-777075007-1003634498-1960984930-1000@RefCount 0
Reg HKLM\SOFTWARE\Classes\Interface\{618736E0-3C3D-11CF-810C-00AA00389B71}\TypeLib@ {2DF8D04C-5BFA-101B-BDE5-00AA0044DE52}
Reg HKLM\SOFTWARE\Classes\Interface\{618736E0-3C3D-11CF-810C-00AA00389B71}\TypeLib@Version 2.3

---- EOF - GMER 1.0.15 ----

[Rudy]

Toto je OK.

Projel jsem noťas Microsoft antivirem a ten mi našel Trojan:DOS/Alureon.A :/

Ve kterém souboru?