Viry neodstraněné Avastem

Zpráva

Trasheek · #1 Příspěvek od **Trasheek** » 07 srp 2012 02:02

Dobrý den, prosím o pomoc. Při mém několikaměsíčním pobytu v zahraničí mi "správcoval" na počítači bratr, vytunil ho tak, že odinstaloval antivirus, a asi mi založil hezkou kolonii. Avast sice něco odstranil, AvastCleaner už pak nenašel nic, ale asi v bedně dost havěti ještě zbylo, mohli byste mi poradit, jak na to? Předem díky moc...

Logfile of random's system information tool 1.09 (written by random/random)
Run by Trash at 2012-08-07 02:58:32
Systém Microsoft Windows XP Professional Service Pack 2
System drive C: has 2 GB (4%) free of 57 GB
Total RAM: 1023 MB (21% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 2:59:15, on 7.8.2012
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe
C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Documents and Settings\All Users\Data aplikací\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\vsnpstd3.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ICQ7.1\ICQ.exe
C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\Trash\Plocha\RSIT.exe
C:\Program Files\trend micro\Trash.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.mywebsearch.com/index.jhtml ... y0qPgybGqg
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: uTorrentControl2 Toolbar - {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files\uTorrentControl2\prxtbuTor.dll
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: uTorrentControl2 - {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files\uTorrentControl2\prxtbuTor.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Ask.com Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
O3 - Toolbar: uTorrentControl2 Toolbar - {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files\uTorrentControl2\prxtbuTor.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [DrvLsnr] C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe_ID0EZEHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [tsnpstd3] C:\WINDOWS\tsnpstd3.exe
O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [COMODO] C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLA.exe
O4 - HKLM\..\Run: [CPA] C:\Program Files\COMODO\COMODO GeekBuddy\VALA.exe
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ7.1\ICQ.exe" silent loginmode=4
O4 - HKCU\..\Run: [Advanced SystemCare 5] "C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe" /AutoStart
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files\ICQ7.1\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files\ICQ7.1\ICQ.exe
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: QIP 2005 - {1EF681F7-A04B-4D6D-9012-A307CCA55610} - C:\WINDOWS\system32\shdocvw.dll (HKCU)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 8576897218
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O20 - Winlogon Notify: mdhcp32 - mdhcp32.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Advanced SystemCare Service 5 (AdvancedSystemCareService5) - IObit - C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: COMODO livePCsupport Service (CLPSLS) - COMODO - C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\Documents and Settings\All Users\Data aplikací\Skype\Toolbars\Skype C2C Service\c2c_service.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 10153 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
C:\WINDOWS\tasks\avast! Emergency Update.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

=========Mozilla firefox=========

ProfilePath - C:\Documents and Settings\Trash\Data aplikací\Mozilla\Firefox\Profiles\sm04586p.default

prefs.js - "browser.search.useDBForOrder" - true
prefs.js - "browser.startup.homepage" - "http://www.seznam.cz/"
prefs.js - "extensions.enabledItems" - "{c50ca3c4-5656-43c2-a061-13e717f73fc8}:4.1.3, {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}:6.0.05, {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}:6.0.07, {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11, {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13, {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}:6.0.15, {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}:6.0.17, {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}:6.0.19, jqs@sun.com:1.0, {e968fc70-8f95-4ab9-9e79-304de2a71ee1}:0.7.3, {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.10.0.9560, {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.2.145, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.28"

"jqs@sun.com"=C:\Program Files\Java\jre6\lib\deploy\jqs\ff
"{20a82645-c095-46ed-80e3-08825760534b}"=c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
"wrc@avast.com"=C:\Program Files\AVAST Software\Avast\WebRep\FF

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0]
"Description"=
"Path"=

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69]
"Description"=RealPlayer(tm) LiveConnect-Enabled Plug-In
"Path"=C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nprjplug;version=1.0.3.69]
"Description"=RealJukebox Netscape Plugin
"Path"=C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69]
"Description"=6.0.12.69
"Path"=C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=]
"Description"=
"Path"=

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll

C:\Program Files\Mozilla Firefox\extensions\
linkfilter@kaspersky.ru
{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
{972ce4c6-7e08-4474-a285-3208198ce6fd}

C:\Program Files\Mozilla Firefox\components\
binary.manifest
browsercomps.dll
nppl3260.xpt
nsIQTScriptablePlugin.xpt
nsJSRealPlayerPlugin.xpt

C:\Program Files\Mozilla Firefox\plugins\
npdeploytk.dll
nppl3260.dll
npqtplugin.dll
npqtplugin2.dll
npqtplugin3.dll
npqtplugin4.dll
nprjplug.dll
nprpjplug.dll
np_gp.dll
QuickTimePlugin.class

C:\Program Files\Mozilla Firefox\searchplugins\
google.xml
heureka-cz.xml
jyxo-cz.xml
mall-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml

C:\Documents and Settings\Trash\Data aplikací\Mozilla\Firefox\Profiles\sm04586p.default\searchplugins\
icqplugin-1.xml
icqplugin-10.xml
icqplugin-11.xml
icqplugin-12.xml
icqplugin-13.xml
icqplugin-14.xml
icqplugin-15.xml
icqplugin-16.xml
icqplugin-17.xml
icqplugin-18.xml
icqplugin-2.xml
icqplugin-3.xml
icqplugin-4.xml
icqplugin-5.xml
icqplugin-6.xml
icqplugin-7.xml
icqplugin-8.xml
icqplugin-9.xml
icqplugin.xml
sfd.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Podpora odkazu pro Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2008-11-18 304736]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{687578b9-7132-4a7a-80e4-30ee31099e03}]
uTorrentControl2 Toolbar - C:\Program Files\uTorrentControl2\prxtbuTor.dll [2011-05-09 176936]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2012-07-03 1160792]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Browser Helper - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2012-07-05 4018888]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-03-09 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-03-09 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{D4027C7F-154A-4066-A1AD-4243D8127440}
{687578b9-7132-4a7a-80e4-30ee31099e03} - uTorrentControl2 Toolbar - C:\Program Files\uTorrentControl2\prxtbuTor.dll [2011-05-09 176936]
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2012-07-03 1160792]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Smapp"=C:\Program Files\Analog Devices\SoundMAX\SMTray.exe [2003-05-05 143360]
"DrvLsnr"=C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe [2003-05-08 69632]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2008-11-18 185872]
"Adobe_ID0EZEHM"=C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE [2007-04-27 1884160]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"tsnpstd3"=C:\WINDOWS\tsnpstd3.exe [2007-03-30 262144]
"snpstd3"=C:\WINDOWS\vsnpstd3.exe [2006-09-18 843776]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-10-22 7700480]
"avast"=C:\Program Files\AVAST Software\Avast\avastUI.exe [2012-07-03 4273976]
"COMODO"=C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLA.exe [2011-11-23 208184]
"CPA"=C:\Program Files\COMODO\COMODO GeekBuddy\VALA.exe [2011-11-23 182584]
"COMODO Internet Security"=C:\Program Files\COMODO\COMODO Internet Security\cfp.exe [2012-03-11 6749512]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-17 15360]
"ICQ"=C:\Program Files\ICQ7.1\ICQ.exe [2011-01-05 133432]
"Advanced SystemCare 5"=C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe [2012-05-28 288128]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
c:\program files\daemon tools lite\daemon.exe [2008-04-01 486856]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
c:\program files\messenger\msmsgs.exe [2004-10-13 1694208]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
c:\program files\quicktime\qttask.exe [2007-12-11 286720]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirtualCloneDrive]
c:\program files\elaborate bytes\virtualclonedrive\vcddaemon.exe [2011-03-07 89456]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Windows Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=" C:\WINDOWS\system32\guard32.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\mdhcp32]
mdhcp32.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 267304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2004-08-17 239616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"=C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2008-05-26 304128]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CLPSLS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\CLPSLS]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoResolveSearch"=1
"HonorAutoRunSetting"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Soulseek-Test\slsk.exe"="C:\Program Files\Soulseek-Test\slsk.exe:*:Enabled:SoulSeek"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Program Files\Real\RealPlayer\realplay.exe"="C:\Program Files\Real\RealPlayer\realplay.exe:*:Disabled:RealPlayer"
"C:\Program Files\VideoLAN\VLC\vlc.exe"="C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player"
"C:\WINDOWS\system32\javaw.exe"="C:\WINDOWS\system32\javaw.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe"="C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe:*:Enabled:Adobe Version Cue CS3 Server"
"C:\Documents and Settings\Trash\Plocha\utorrent-portable\utorrent.exe"="C:\Documents and Settings\Trash\Plocha\utorrent-portable\utorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\ICQ7.1\ICQ.exe"="C:\Program Files\ICQ7.1\ICQ.exe:*:Enabled:ICQ7.1"
"C:\Program Files\ICQ7.1\aolload.exe"="C:\Program Files\ICQ7.1\aolload.exe:*:Enabled:aolload.exe"
"C:\Documents and Settings\Trash\Data aplikací\GameRanger\GameRanger\GameRanger.exe"="C:\Documents and Settings\Trash\Data aplikací\GameRanger\GameRanger\GameRanger.exe:*:Enabled:GameRanger"
"C:\Program Files\Java\jre6\bin\javaw.exe"="C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\Opera\pluginwrapper\opera_plugin_wrapper.exe"="C:\Program Files\Opera\pluginwrapper\opera_plugin_wrapper.exe:*:Enabled:Opera Internet Browser - Plugin wrapper"
"C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\system32\drivers\svchost.exe"="%windir%\system32\drivers\svchost.exe:*:Enabled:svchost"
"C:\Program Files\ICQ7.1\ICQ.exe"="C:\Program Files\ICQ7.1\ICQ.exe:*:Enabled:ICQ7.1"
"C:\Program Files\ICQ7.1\aolload.exe"="C:\Program Files\ICQ7.1\aolload.exe:*:Enabled:aolload.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"VIDC.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"VIDC.IYUV"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVU9"=tsbyuv.dll
"VIDC.YVYU"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"MIDI1"=SYNCOR11.DLL
"msacm.voxacm160"=vct3216.acm
"msacm.scg726"=scg726.acm
"msacm.alf2cd"=alf2cd.acm
"msacm.ac3acm"=AC3ACM.acm
"vidc.dvsd"=mcdvd_32.dll
"vidc.mpg4"=mpg4c32.dll
"vidc.mp42"=mpg4c32.dll
"vidc.mp43"=mpg4c32.dll
"vidc.VP60"=C:\WINDOWS\system32\vp6vfw.dll
"vidc.VP61"=C:\WINDOWS\system32\vp6vfw.dll
"VIDC.FFDS"=ff_vfw.dll
"MSVideo8"=VfWWDM32.dll
"vidc.XVID"=xvidvfw.dll
"wave1"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux"=wdmaud.drv

======List of files/folders created in the last 1 month======

2012-08-07 02:00:14 ----DC---- C:\Documents and Settings\All Users\Data aplikací\CPA_VA
2012-08-07 01:45:48 ----DC---- C:\Documents and Settings\All Users\Data aplikací\Comodo
2012-08-07 01:45:32 ----D---- C:\Program Files\COMODO
2012-08-06 19:23:02 ----A---- C:\WINDOWS\system32\drivers\aswFsBlk.sys
2012-08-06 19:23:01 ----A---- C:\WINDOWS\system32\drivers\aswSP.sys
2012-08-06 19:22:55 ----A---- C:\WINDOWS\system32\drivers\aswRdr.sys
2012-08-06 19:22:54 ----A---- C:\WINDOWS\system32\drivers\aswTdi.sys
2012-08-06 19:22:54 ----A---- C:\WINDOWS\system32\drivers\aswSnx.sys
2012-08-06 19:22:53 ----A---- C:\WINDOWS\system32\drivers\aswmon2.sys
2012-08-06 19:22:53 ----A---- C:\WINDOWS\system32\drivers\aswmon.sys
2012-08-06 19:22:52 ----A---- C:\WINDOWS\system32\drivers\aavmker4.sys
2012-08-06 19:21:36 ----A---- C:\WINDOWS\avastSS.scr
2012-08-06 19:21:34 ----A---- C:\WINDOWS\system32\aswBoot.exe
2012-08-06 19:20:18 ----DC---- C:\Documents and Settings\All Users\Data aplikací\AVAST Software
2012-08-06 19:20:18 ----D---- C:\Program Files\AVAST Software
2012-08-06 16:15:38 ----DC---- C:\Documents and Settings\Trash\Data aplikací\Kaspersky_Key_Finder_(KKF
2012-08-06 15:42:30 ----DC---- C:\Documents and Settings\All Users\Data aplikací\Kaspersky Lab
2012-08-06 15:37:49 ----ASH---- C:\hiberfil.sys
2012-08-06 14:46:10 ----DC---- C:\Documents and Settings\All Users\Data aplikací\Kaspersky Lab Setup Files
2012-08-05 03:14:49 ----DC---- C:\Documents and Settings\Trash\Data aplikací\Opera
2012-08-05 03:13:59 ----D---- C:\Program Files\Opera
2012-08-02 16:32:39 ----HDC---- C:\WINDOWS\$NtUninstallKB972270$
2012-08-02 16:28:47 ----HDC---- C:\WINDOWS\$NtUninstallKB973904$
2012-08-02 16:24:28 ----HDC---- C:\WINDOWS\$NtUninstallKB955759$
2012-08-02 16:22:30 ----HDC---- C:\WINDOWS\$NtUninstallKB974392$
2012-08-02 16:20:27 ----HDC---- C:\WINDOWS\$NtUninstallKB974318$
2012-08-02 16:19:42 ----A---- C:\WINDOWS\system32\SET1DA3.tmp
2012-08-02 16:19:42 ----A---- C:\WINDOWS\system32\SET1DA1.tmp
2012-08-02 16:18:51 ----HDC---- C:\WINDOWS\$NtUninstallKB973687$
2012-08-02 16:18:02 ----A---- C:\WINDOWS\system32\SET1D6C.tmp
2012-08-02 16:15:38 ----HDC---- C:\WINDOWS\$NtUninstallKB968389$
2012-08-02 16:14:30 ----N---- C:\WINDOWS\system32\SET1D05.tmp
2012-08-02 16:14:30 ----A---- C:\WINDOWS\system32\SET1D08.tmp
2012-08-02 16:14:30 ----A---- C:\WINDOWS\system32\SET1D07.tmp
2012-08-02 16:14:29 ----A---- C:\WINDOWS\system32\SET1D06.tmp
2012-08-02 16:14:29 ----A---- C:\WINDOWS\system32\SET1D04.tmp
2012-08-02 16:13:19 ----HDC---- C:\WINDOWS\$NtUninstallKB969059$
2012-08-02 16:12:29 ----A---- C:\WINDOWS\system32\SET1CCB.tmp
2012-08-02 16:11:31 ----HDC---- C:\WINDOWS\$NtUninstallKB958869$
2012-08-02 16:09:46 ----HDC---- C:\WINDOWS\$NtUninstallKB974112$
2012-08-02 16:07:55 ----HDC---- C:\WINDOWS\$NtUninstallKB974571$
2012-08-02 16:07:09 ----A---- C:\WINDOWS\system32\SET1C4F.tmp
2012-08-02 16:06:10 ----HDC---- C:\WINDOWS\$NtUninstallKB975025$
2012-08-02 16:04:08 ----HDC---- C:\WINDOWS\$NtUninstallKB954155_WM9$
2012-08-02 16:03:25 ----HDC---- C:\WINDOWS\$NtUninstallKB971961$
2012-08-02 16:02:45 ----A---- C:\WINDOWS\system32\SET1BD5.tmp
2012-08-02 16:01:56 ----HDC---- C:\WINDOWS\$NtUninstallKB956844$
2012-08-02 16:00:14 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$
2012-08-02 15:58:24 ----HDC---- C:\WINDOWS\$NtUninstallKB973815$
2012-08-02 15:56:23 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$
2012-08-02 15:54:33 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$
2012-08-02 15:53:20 ----N---- C:\WINDOWS\system32\SET1B23.tmp
2012-08-02 15:52:44 ----D---- C:\WINDOWS\ServicePackFiles
2012-08-02 15:52:08 ----HDC---- C:\WINDOWS\$NtUninstallKB958470$
2012-08-02 15:50:20 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$
2012-08-02 15:47:20 ----HDC---- C:\WINDOWS\$NtUninstallKB973540_WM9L$
2012-08-02 15:46:01 ----HDC---- C:\WINDOWS\$NtUninstallKB971032$
2012-08-02 15:44:30 ----A---- C:\WINDOWS\system32\SET1A5A.tmp
2012-08-02 15:44:29 ----A---- C:\WINDOWS\system32\SET1A66.tmp
2012-08-02 15:44:29 ----A---- C:\WINDOWS\system32\drivers\SET1A6A.tmp
2012-08-02 15:44:28 ----A---- C:\WINDOWS\system32\SET1A69.tmp
2012-08-02 15:44:28 ----A---- C:\WINDOWS\system32\SET1A67.tmp
2012-08-02 15:44:28 ----A---- C:\WINDOWS\system32\SET1A65.tmp
2012-08-02 15:44:28 ----A---- C:\WINDOWS\system32\SET1A61.tmp
2012-08-02 15:44:28 ----A---- C:\WINDOWS\system32\SET1A60.tmp
2012-08-02 15:44:28 ----A---- C:\WINDOWS\system32\SET1A5B.tmp
2012-08-02 15:44:27 ----A---- C:\WINDOWS\system32\SET1A63.tmp
2012-08-02 15:44:27 ----A---- C:\WINDOWS\system32\SET1A5F.tmp
2012-08-02 15:44:27 ----A---- C:\WINDOWS\system32\SET1A5E.tmp
2012-08-02 15:44:26 ----A---- C:\WINDOWS\system32\SET1A68.tmp
2012-08-02 15:44:26 ----A---- C:\WINDOWS\system32\SET1A64.tmp
2012-08-02 15:44:26 ----A---- C:\WINDOWS\system32\SET1A5D.tmp
2012-08-02 15:44:26 ----A---- C:\WINDOWS\system32\SET1A5C.tmp
2012-08-02 15:43:16 ----HDC---- C:\WINDOWS\$NtUninstallKB963093$
2012-08-02 15:41:22 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$
2012-08-02 15:39:34 ----A---- C:\WINDOWS\system32\SET19F3.tmp
2012-08-02 15:38:06 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$
2012-08-02 15:33:56 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$
2012-08-02 15:32:02 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
2012-08-02 15:31:23 ----A---- C:\WINDOWS\system32\SET195F.tmp
2012-08-02 15:30:33 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
2012-08-02 15:29:42 ----A---- C:\WINDOWS\system32\SET192B.tmp
2012-08-02 15:29:41 ----A---- C:\WINDOWS\system32\SET192E.tmp
2012-08-02 15:29:41 ----A---- C:\WINDOWS\system32\SET192A.tmp
2012-08-02 15:27:56 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$
2012-08-02 15:26:50 ----A---- C:\WINDOWS\system32\SET18C0.tmp
2012-08-02 15:26:47 ----N---- C:\WINDOWS\system32\SET18BF.tmp
2012-08-02 15:25:25 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$
2012-08-02 15:23:30 ----HDC---- C:\WINDOWS\$NtUninstallbasecsp$
2012-08-02 15:21:40 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$
2012-08-02 15:20:35 ----A---- C:\WINDOWS\system32\SET1822.tmp
2012-08-02 15:19:37 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$
2012-08-02 15:17:41 ----HDC---- C:\WINDOWS\$NtUninstallKB961118$
2012-08-02 15:16:17 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2012-08-02 15:14:54 ----SHDC---- C:\Config.Msi
2012-08-02 15:13:43 ----HDC---- C:\WINDOWS\$NtUninstallKB902344$
2012-08-02 15:12:16 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2012-08-02 15:11:24 ----N---- C:\WINDOWS\system32\SET172A.tmp
2012-08-02 15:10:37 ----HDC---- C:\WINDOWS\$NtUninstallKB941569$
2012-08-02 15:08:58 ----HDC---- C:\WINDOWS\$NtUninstallKB925720$
2012-08-02 15:06:14 ----HDC---- C:\WINDOWS\$NtUninstallKB920342$
2012-08-02 15:05:05 ----A---- C:\WINDOWS\system32\SET162A.tmp
2012-08-02 15:05:03 ----A---- C:\WINDOWS\system32\SET1628.tmp
2012-08-02 15:05:03 ----A---- C:\WINDOWS\system32\SET1627.tmp
2012-08-02 15:05:02 ----A---- C:\WINDOWS\system32\SET162B.tmp
2012-08-02 15:05:01 ----A---- C:\WINDOWS\system32\SET1624.tmp
2012-08-02 15:04:37 ----A---- C:\WINDOWS\system32\RegistryDefragBootTime.exe
2012-07-26 19:06:08 ----A---- C:\WINDOWS\ModemLog_HUAWEI Mobile Connect - 3G Modem.txt
2012-07-26 19:05:14 ----DC---- C:\Documents and Settings\Trash\Data aplikací\Telefónica Móviles
2012-07-26 19:04:36 ----A---- C:\WINDOWS\system32\drivers\ewusbnet.sys
2012-07-26 19:04:36 ----A---- C:\WINDOWS\system32\drivers\ewusbmdm.sys
2012-07-26 19:04:36 ----A---- C:\WINDOWS\system32\drivers\ewusbdev.sys
2012-07-26 19:04:36 ----A---- C:\WINDOWS\system32\drivers\ewdcsc.sys
2012-07-26 19:04:19 ----D---- C:\Program Files\O2

======List of files/folders modified in the last 1 month======

2012-08-07 02:58:42 ----D---- C:\Program Files\trend micro
2012-08-07 02:12:06 ----D---- C:\WINDOWS\Temp
2012-08-07 02:06:59 ----SHD---- C:\WINDOWS\Installer
2012-08-07 01:58:59 ----D---- C:\WINDOWS\system32\CatRoot2
2012-08-07 01:55:44 ----A---- C:\WINDOWS\SchedLgU.Txt
2012-08-07 01:47:23 ----D---- C:\WINDOWS\system32\drivers
2012-08-07 01:47:23 ----D---- C:\WINDOWS\system32
2012-08-07 01:45:32 ----RD---- C:\Program Files
2012-08-07 01:40:04 ----D---- C:\WINDOWS\system32\config
2012-08-07 01:24:04 ----D---- C:\WINDOWS
2012-08-07 00:39:28 ----D---- C:\Program Files\Mozilla Firefox
2012-08-07 00:15:21 ----D---- C:\install
2012-08-06 22:08:09 ----DC---- C:\Documents and Settings\Trash\Data aplikací\Skype
2012-08-06 22:08:08 ----DC---- C:\Documents and Settings\Trash\Data aplikací\Winamp
2012-08-06 22:08:08 ----DC---- C:\Documents and Settings\Trash\Data aplikací\Media Player Classic
2012-08-06 22:08:08 ----DC---- C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy
2012-08-06 22:03:34 ----DC---- C:\Documents and Settings\Trash\Data aplikací\IObit
2012-08-06 19:25:40 ----D---- C:\Program Files\Google
2012-08-06 19:23:42 ----SD---- C:\WINDOWS\Tasks
2012-08-06 19:22:07 ----D---- C:\WINDOWS\WinSxS
2012-08-06 19:00:09 ----HD---- C:\WINDOWS\inf
2012-08-06 17:21:33 ----D---- C:\WINDOWS\system32\CatRoot
2012-08-06 16:37:43 ----SHD---- C:\System Volume Information
2012-08-06 15:36:39 ----D---- C:\WINDOWS\security
2012-08-06 03:31:20 ----D---- C:\Program Files\Soulseek-Test
2012-08-05 17:12:01 ----DC---- C:\Documents and Settings\Trash\Data aplikací\ICQ
2012-08-05 08:30:19 ----DC---- C:\Documents and Settings\All Users\Data aplikací\Skype
2012-08-02 21:22:48 ----D---- C:\WINDOWS\Microsoft.NET
2012-08-02 18:28:48 ----RAHC---- C:\WINDOWS\system32\cdplayer.exe.manifest
2012-08-02 18:28:01 ----AC---- C:\WINDOWS\system32\PerfStringBackup.INI
2012-08-02 16:33:26 ----RSHDC---- C:\WINDOWS\system32\dllcache
2012-08-02 16:30:33 ----HD---- C:\WINDOWS\$hf_mig$
2012-08-02 16:25:55 ----D---- C:\WINDOWS\AppPatch
2012-08-02 15:46:48 ----D---- C:\WINDOWS\system32\Setup
2012-08-02 15:43:49 ----D---- C:\Program Files\Windows Desktop Search
2012-08-02 15:28:43 ----D---- C:\WINDOWS\system32\wbem
2012-08-02 14:22:05 ----D---- C:\WINDOWS\Prefetch
2012-08-02 14:21:52 ----DC---- C:\Documents and Settings\All Users\Data aplikací\IObit
2012-08-02 14:05:52 ----D---- C:\Program Files\IObit
2012-07-30 13:10:45 ----D---- C:\Program Files\Common Files\snpstd3
2012-07-30 13:09:02 ----A---- C:\WINDOWS\win.ini
2012-07-29 19:58:53 ----D---- C:\Program Files\Mozilla Maintenance Service
2012-07-28 21:35:27 ----D---- C:\Program Files\Adobe
2012-07-27 15:59:46 ----AC---- C:\AILog.txt
2012-07-18 23:32:42 ----DC---- C:\Documents and Settings\All Users\Data aplikací\Adobe
2012-07-18 23:31:30 ----DC---- C:\Documents and Settings\Trash\Data aplikací\Adobe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 agp440;Filtr Intel sběrnice AGP; C:\WINDOWS\system32\DRIVERS\agp440.sys [2004-08-04 42368]
R0 Inspect;COMODO Internet Security Firewall Driver; C:\WINDOWS\System32\DRIVERS\inspect.sys [2012-03-11 97760]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2011-11-29 45648]
R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2010-09-24 436792]
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2012-07-03 25256]
R1 AswRdr;aswRdr; C:\WINDOWS\system32\drivers\AswRdr.sys [2012-07-03 35928]
R1 aswSnx;aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [2012-07-03 721000]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2012-07-03 353688]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2012-07-03 54232]
R1 cmdGuard;COMODO Internet Security Sandbox Driver; C:\WINDOWS\System32\DRIVERS\cmdguard.sys [2012-03-11 494968]
R1 cmdHlp;COMODO Internet Security Helper Driver; C:\WINDOWS\System32\DRIVERS\cmdhlp.sys [2012-03-11 31704]
R1 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2010-12-17 31088]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-17 39936]
R1 tidnet;TID NDIS Protocol Driver; C:\WINDOWS\system32\DRIVERS\tidnet.sys [2009-09-15 19200]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2012-07-03 21256]
R2 aswMon2;aswMon2; C:\WINDOWS\system32\drivers\aswMon2.sys [2012-07-03 97608]
R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2012-06-22 271360]
R2 HWiNFO32;HWiNFO32 Kernel Driver; \??\C:\Program Files\HWiNFO32\HWiNFO32.SYS []
R2 irda;Protokol IrDA; C:\WINDOWS\system32\DRIVERS\irda.sys [2004-08-03 87424]
R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2012-06-22 18048]
R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2003-03-13 100224]
R3 b57w2k;Broadcom NetXtreme Gigabit Ethernet; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2006-05-10 156160]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-10-25 9600]
R3 irsir;Microsoft Serial Infrared Driver; C:\WINDOWS\system32\DRIVERS\irsir.sys [2001-08-17 18688]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-25 12160]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-10-22 3994624]
R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2003-05-27 578304]
R3 SNPSTD3;USB PC Camera (SNPSTD3); C:\WINDOWS\system32\DRIVERS\snpstd3.sys [2007-04-03 10246144]
R3 usbaudio;Ovladač zvukové karty USB (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2004-08-03 59264]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
R3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-04 20480]
R3 VClone;VClone; C:\WINDOWS\system32\DRIVERS\VClone.sys [2011-01-15 30208]
S1 wceusbsh;Windows CE USB Serial Host Driver; C:\WINDOWS\system32\DRIVERS\wceusbsh.sys [2004-08-17 31744]
S3 a5bu7r80;a5bu7r80; C:\WINDOWS\system32\drivers\a5bu7r80.sys []
S3 Blfp;Broadcom Advanced Server Program Driver; C:\WINDOWS\system32\DRIVERS\baspxp32.sys [2006-04-07 67584]
S3 catchme;catchme; C:\WINDOWS\system32\drivers\catchme.sys []
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 dbustrcm;dbustrcm; C:\WINDOWS\system32\drivers\dbustrcm.sys []
S3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2007-12-02 25280]
S3 Huawei;HUAWEI Mobile Connect - USB Smart Card Reader; C:\WINDOWS\system32\DRIVERS\ewdcsc.sys [2009-12-15 24448]
S3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys [2009-12-15 102528]
S3 hwusbdev;Huawei DataCard USB PNP Device; C:\WINDOWS\system32\DRIVERS\ewusbdev.sys [2009-12-15 100736]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2005-01-28 18944]
S3 WsAudio_DeviceS(1);WsAudio_DeviceS(1); C:\WINDOWS\system32\drivers\WsAudio_DeviceS(1).sys [2010-04-13 25704]
S3 WsAudio_DeviceS(2);WsAudio_DeviceS(2); C:\WINDOWS\system32\drivers\WsAudio_DeviceS(2).sys [2010-04-13 25704]
S3 WsAudio_DeviceS(3);WsAudio_DeviceS(3); C:\WINDOWS\system32\drivers\WsAudio_DeviceS(3).sys [2010-04-13 25704]
S3 WsAudio_DeviceS(4);WsAudio_DeviceS(4); C:\WINDOWS\system32\drivers\WsAudio_DeviceS(4).sys [2010-04-13 25704]
S3 WsAudio_DeviceS(5);WsAudio_DeviceS(5); C:\WINDOWS\system32\drivers\WsAudio_DeviceS(5).sys [2010-04-13 25704]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S4 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-10-25 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdvancedSystemCareService5;Advanced SystemCare Service 5; C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe [2012-05-26 913792]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-07-03 44808]
R2 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:\Program Files\Bonjour\mDNSResponder.exe [2006-02-28 229376]
R2 CLPSLS;COMODO livePCsupport Service; C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe [2011-11-23 1052472]
R2 cmdAgent;COMODO Internet Security Helper Service; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [2012-03-11 1983232]
R2 Irmon;Sledování infračerveného přenosu; C:\WINDOWS\system32\svchost.exe [2004-08-17 14336]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-03-09 153376]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2007-08-23 79136]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-10-22 159810]
R2 Skype C2C Service;Skype C2C Service; C:\Documents and Settings\All Users\Data aplikací\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-07-05 3048136]
R2 SoundMAX Agent Service (default);SoundMAX Agent Service; C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe [2002-09-20 45056]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
R2 WSearch;Windows Search; C:\WINDOWS\system32\SearchIndexer.exe [2008-05-26 439808]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2012-08-06 136176]
S2 SkypeUpdate;Skype Updater; C:\Program Files\Skype\Updater\Updater.exe [2012-02-29 158856]
S3 Adobe Version Cue CS3;Adobe Version Cue CS3; C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe [2007-04-27 153792]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-12-12 654848]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 getPlusHelper;getPlus(R) Helper; C:\WINDOWS\System32\svchost.exe [2004-08-17 14336]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2012-08-06 136176]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-29 113120]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

#2 Příspěvek od **JaRon** » 07 srp 2012 07:36

ahoj,
1. odinstaluj Advanced SystemCare 5
2. vycisti PC s MBAM
3. uvolni miesto na disku a doinstaluj SP3

Trasheek · #3 Příspěvek od **Trasheek** » 07 srp 2012 16:27

MBAM mi nic nenašel. Přitom advanced! při kontrole discu po restartu několik věcí nedokázal smazat ani přesunout do truhly. Nainstalováním SP3 se to pak vyřeší? A proč nemít Advanced SystemCare? Nechci působit nějak nevděčně, ale taky nechci s počítačem dělat nějakou rošádu...díky.

Trasheek · #4 Příspěvek od **Trasheek** » 07 srp 2012 18:36

Scan RogueKiller:

RogueKiller V7.6.5 [08/03/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Podpora: http://www.geekstogo.com/forum/files/fi ... guekiller/
Operační systém: Windows XP (5.1.2600 Service Pack 2) 32 bits version
Spuštěno v: Normální režim
Uživatel: Trash [Práva správce]
Mód: Kontrola -- Datum: 08/07/2012 19:32:51

¤¤¤ Škodlivé procesy: 1 ¤¤¤
[SUSP PATH] c2c_service.exe -- C:\Documents and Settings\All Users\Data aplikací\Skype\Toolbars\Skype C2C Service\c2c_service.exe -> KILLED [TermProc]

¤¤¤ Záznamy Registrů: 3 ¤¤¤
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Zvláštní soubory / Složky: ¤¤¤
[Faked.Drv][FAKED] mf.sys : c:\windows\system32\drivers\mf.sys --> CANNOT FIX
[Faked.Drv][FAKED] nic1394.sys : c:\windows\system32\drivers\nic1394.sys --> CANNOT FIX
[Faked.Drv][FAKED] nwlnknb.sys : c:\windows\system32\drivers\nwlnknb.sys --> CANNOT FIX

¤¤¤ Ovladač: [NAHRÁNO] ¤¤¤

¤¤¤ Nákaza : Root.MBR ¤¤¤

¤¤¤ Soubor HOSTS: ¤¤¤
127.0.0.1 localhost
127.0.0.1
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1001namen.com
127.0.0.1 1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
[...]

¤¤¤ Kontrola MBR: ¤¤¤

+++++ PhysicalDrive0: WDC WD600JB-00CRA1 +++++
--- User ---
[MBR] 7b88ddb674ecb385d45a1b5e0f0ec57c
[BSP] 73c62edd8d9dde02538d59e7bb7e2064 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 57231 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: LaCie iamaKey USB Device +++++
--- User ---
[MBR] 53350b3e3c4fdbd439965e89021f58f5
[BSP] 071ca9641b72e54e9f680ca3f475833a : MyBios MBR Code!
Partition table:
0 - [XXXXXX] HIBER (0xa0) [VISIBLE] Offset (sectors): 4284574052 | Size: 854113 Mo
1 - [XXXXXX] UNKNOWN (0x64) [VISIBLE] Offset (sectors): 168689525 | Size: 953964 Mo
2 - [XXXXXX] UNKNOWN (0x6a) [VISIBLE] Offset (sectors): 778201452 | Size: 1314189 Mo
3 - [XXXXXX] UNKNOWN (0x75) [VISIBLE] Offset (sectors): 2885681152 | Size: 27 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Dokončeno : << RKreport[3].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt

#5 Příspěvek od **vyosek** » 07 srp 2012 19:42

Zdravim

Omlouvam se kolegovi za vstup, pisu na zadost usera - zadost o urgentni pomoc

Spustte znovu RogueKiller

Pokud pouzivate Win Vista ci W7, kliknete na RogueKiller pravym a dejte Run As Administrator ci Spustit jako spravce
Zvolte moznost Prohledat a pote Smazat a nasledne Zprava - otevre se log, ten sem vlozte
Pak kliknete na Oprava Host a Zprava - otevre se log, ten sem vlozte

PROSIM CTETE DUKLADNE NAVOD - TATO UTILITA MA VELKOU SCHOPNOST MAZAT A JE NUTNE JI APLIKOVAT JEN NA DOPORUCENI, JINAK VAM MUZE JIT SYSTEM DO KYTEK

Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.
Pokud mate Win XP spustte pod uctem Spravce\Administratora
Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte
Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix

#6 Příspěvek od **vyosek** » 07 srp 2012 19:43

A jeste k Advance System Care - jsou to cinske smejdy a spise jen skodi nez jsou uzitkem. Hledaji nesmyslne a neexistujici problemy, databazi haveti ukradli jine renomovane spolecnosti

#7 Příspěvek od **JaRon** » 07 srp 2012 19:46

2vyosek: aj som rad

ked uzivatel 2 z 3 rad neakceptuje, tazko pomahat ,,, prajem lepsiu spolupracu

Trasheek · #8 Příspěvek od **Trasheek** » 07 srp 2012 20:03

No, vidím, že jsem svoji nedočkavostí způsobil rozruchu, jak když za komančů dostali banány. Ještě jednou se všem dotčeným omlouvám, vaší pomoci si vážím, už několikrát mě tento server doslova spasil. Tady jsou zatím reporty z RK, ještě přidám Combo.

RogueKiller V7.6.5 [08/03/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Podpora: http://www.geekstogo.com/forum/files/fi ... guekiller/
Operační systém: Windows XP (5.1.2600 Service Pack 2) 32 bits version
Spuštěno v: Normální režim
Uživatel: Trash [Práva správce]
Mód: Odebrat -- Datum: 08/07/2012 20:53:38

¤¤¤ Škodlivé procesy: 0 ¤¤¤

¤¤¤ Záznamy Registrů: 3 ¤¤¤
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[HJ] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[HJ] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Zvláštní soubory / Složky: ¤¤¤
[Faked.Drv][FAKED] mf.sys : c:\windows\system32\drivers\mf.sys --> CANNOT FIX
[Faked.Drv][FAKED] nic1394.sys : c:\windows\system32\drivers\nic1394.sys --> CANNOT FIX
[Faked.Drv][FAKED] nwlnknb.sys : c:\windows\system32\drivers\nwlnknb.sys --> CANNOT FIX

¤¤¤ Ovladač: [NAHRÁNO] ¤¤¤

¤¤¤ Nákaza : Root.MBR ¤¤¤

¤¤¤ Soubor HOSTS: ¤¤¤
127.0.0.1 localhost
127.0.0.1
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1001namen.com
127.0.0.1 1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
[...]

¤¤¤ Kontrola MBR: ¤¤¤

+++++ PhysicalDrive0: WDC WD600JB-00CRA1 +++++
--- User ---
[MBR] 7b88ddb674ecb385d45a1b5e0f0ec57c
[BSP] 73c62edd8d9dde02538d59e7bb7e2064 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 57231 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: LaCie iamaKey USB Device +++++
--- User ---
[MBR] 53350b3e3c4fdbd439965e89021f58f5
[BSP] 071ca9641b72e54e9f680ca3f475833a : MyBios MBR Code!
Partition table:
0 - [XXXXXX] HIBER (0xa0) [VISIBLE] Offset (sectors): 4284574052 | Size: 854113 Mo
1 - [XXXXXX] UNKNOWN (0x64) [VISIBLE] Offset (sectors): 168689525 | Size: 953964 Mo
2 - [XXXXXX] UNKNOWN (0x6a) [VISIBLE] Offset (sectors): 778201452 | Size: 1314189 Mo
3 - [XXXXXX] UNKNOWN (0x75) [VISIBLE] Offset (sectors): 2885681152 | Size: 27 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Dokončeno : << RKreport[5].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt ; RKreport[5].txt

Trasheek · #9 Příspěvek od **Trasheek** » 07 srp 2012 20:04

RogueKiller V7.6.5 [08/03/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Podpora: http://www.geekstogo.com/forum/files/fi ... guekiller/
Operační systém: Windows XP (5.1.2600 Service Pack 2) 32 bits version
Spuštěno v: Normální režim
Uživatel: Trash [Práva správce]
Mód: Oprava HOSTS -- Datum: 08/07/2012 20:54:43

¤¤¤ Škodlivé procesy: 0 ¤¤¤

¤¤¤ Ovladač: [NAHRÁNO] ¤¤¤

¤¤¤ Soubor HOSTS: ¤¤¤
127.0.0.1 localhost

¤¤¤ Resetovaný HOSTS: ¤¤¤
127.0.0.1 localhost

Dokončeno : << RKreport[7].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt ; RKreport[5].txt ;
RKreport[6].txt ; RKreport[7].txt

Trasheek · #10 Příspěvek od **Trasheek** » 07 srp 2012 20:31

ComboFix 12-08-07.03 - Trash 07.08.2012 21:13:38.4.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.1023.502 [GMT 2:00]
Spuštěný z: c:\documents and settings\Trash\Plocha\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: COMODO Firewall *Disabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Trash\WINDOWS
c:\windows\system32\_000005_.tmp.dll
c:\windows\system32\_000006_.tmp.dll
c:\windows\system32\_000007_.tmp.dll
c:\windows\system32\_000008_.tmp.dll
c:\windows\system32\_000023_.tmp.dll
c:\windows\system32\_000024_.tmp.dll
c:\windows\system32\_000025_.tmp.dll
c:\windows\system32\_000026_.tmp.dll
c:\windows\system32\SET1624.tmp
c:\windows\system32\SET1626.tmp
c:\windows\system32\SET1627.tmp
c:\windows\system32\SET1628.tmp
c:\windows\system32\SET162A.tmp
c:\windows\system32\SET162B.tmp
c:\windows\system32\SET16FE.tmp
c:\windows\system32\SET172A.tmp
c:\windows\system32\SET172D.tmp
c:\windows\system32\SET1822.tmp
c:\windows\system32\SET18BF.tmp
c:\windows\system32\SET18C0.tmp
c:\windows\system32\SET192A.tmp
c:\windows\system32\SET192B.tmp
c:\windows\system32\SET192E.tmp
c:\windows\system32\SET195F.tmp
c:\windows\system32\SET19F3.tmp
c:\windows\system32\SET19F5.tmp
c:\windows\system32\SET1A26.tmp
c:\windows\system32\SET1A5A.tmp
c:\windows\system32\SET1A5B.tmp
c:\windows\system32\SET1A5C.tmp
c:\windows\system32\SET1A5D.tmp
c:\windows\system32\SET1A5E.tmp
c:\windows\system32\SET1A5F.tmp
c:\windows\system32\SET1A60.tmp
c:\windows\system32\SET1A61.tmp
c:\windows\system32\SET1A63.tmp
c:\windows\system32\SET1A64.tmp
c:\windows\system32\SET1A65.tmp
c:\windows\system32\SET1A66.tmp
c:\windows\system32\SET1A67.tmp
c:\windows\system32\SET1A68.tmp
c:\windows\system32\SET1A69.tmp
c:\windows\system32\SET1B23.tmp
c:\windows\system32\SET1BD5.tmp
c:\windows\system32\SET1C4F.tmp
c:\windows\system32\SET1CCB.tmp
c:\windows\system32\SET1D04.tmp
c:\windows\system32\SET1D05.tmp
c:\windows\system32\SET1D06.tmp
c:\windows\system32\SET1D07.tmp
c:\windows\system32\SET1D08.tmp
c:\windows\system32\SET1D6C.tmp
c:\windows\system32\SET1DA1.tmp
c:\windows\system32\SET1DA3.tmp
c:\windows\system32\SET2190.tmp
c:\windows\system32\Temp
c:\windows\system32\Temp\Kara_K5V.dll
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-07-07 do 2012-08-07 )))))))))))))))))))))))))))))))
.
.
2012-08-07 00:00 . 2012-08-07 11:50 -------- dc----w- c:\documents and settings\All Users\Data aplikací\CPA_VA
2012-08-06 23:45 . 2012-08-06 23:59 -------- dc----w- c:\documents and settings\All Users\Data aplikací\Comodo
2012-08-06 23:45 . 2012-08-06 23:47 -------- d-----w- c:\program files\COMODO
2012-08-06 17:23 . 2012-07-03 16:21 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-08-06 17:23 . 2012-07-03 16:21 353688 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-08-06 17:22 . 2012-07-03 16:21 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-08-06 17:22 . 2012-07-03 16:21 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-08-06 17:22 . 2012-07-03 16:21 721000 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-08-06 17:22 . 2012-07-03 16:21 97608 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2012-08-06 17:22 . 2012-07-03 16:21 89624 ----a-w- c:\windows\system32\drivers\aswmon.sys
2012-08-06 17:22 . 2012-07-03 16:21 25256 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2012-08-06 17:21 . 2012-07-03 16:21 41224 ----a-w- c:\windows\avastSS.scr
2012-08-06 17:21 . 2012-07-03 16:21 227648 ----a-w- c:\windows\system32\aswBoot.exe
2012-08-06 17:20 . 2012-08-06 17:20 -------- dc----w- c:\documents and settings\All Users\Data aplikací\AVAST Software
2012-08-06 17:20 . 2012-08-06 17:20 -------- d-----w- c:\program files\AVAST Software
2012-08-06 14:15 . 2012-08-06 14:15 -------- dc----w- c:\documents and settings\Trash\Data aplikací\Kaspersky_Key_Finder_(KKF
2012-08-06 13:45 . 2009-09-15 02:15 162320 ----a-w- c:\program files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll
2012-08-06 13:42 . 2012-08-06 17:02 -------- dc----w- c:\documents and settings\All Users\Data aplikací\Kaspersky Lab
2012-08-06 12:46 . 2012-08-06 17:03 -------- dc----w- c:\documents and settings\All Users\Data aplikací\Kaspersky Lab Setup Files
2012-08-05 01:14 . 2012-08-05 01:14 -------- d-----w- c:\documents and settings\Trash\Local Settings\Data aplikací\Opera
2012-08-05 01:14 . 2012-08-05 01:14 26403 ----a-w- c:\windows\system32\epfwdata.bin
2012-08-05 01:13 . 2012-08-05 01:14 -------- d-----w- c:\program files\Opera
2012-08-02 16:23 . 2012-08-02 16:23 -------- d-----w- c:\windows\system32\config\systemprofile\Data aplikací\IObit
2012-08-02 13:52 . 2012-08-02 13:52 -------- d-----w- c:\windows\ServicePackFiles
2012-08-02 13:44 . 2009-06-22 11:48 91776 ----a-w- c:\windows\system32\drivers\SET1A6A.tmp
2012-08-02 13:26 . 2009-02-09 10:22 473088 ----a-w- c:\windows\system32\wbem\SET18C3.tmp
2012-08-02 13:26 . 2009-02-06 16:39 227840 ----a-w- c:\windows\system32\wbem\SET18C1.tmp
2012-08-02 13:26 . 2009-02-09 10:22 453120 ----a-w- c:\windows\system32\wbem\SET18C2.tmp
2012-08-02 13:24 . 2008-04-21 21:28 216576 ----a-w- c:\program files\Windows NT\Accessories\SET1873.tmp
2012-08-02 13:11 . 2008-06-20 17:42 247296 -c--a-w- c:\windows\system32\dllcache\SET1730.tmp
2012-08-02 13:11 . 2008-06-20 10:45 360320 -c--a-w- c:\windows\system32\dllcache\SET172F.tmp
2012-08-02 13:05 . 2006-10-11 16:26 104960 -c--a-w- c:\windows\system32\dllcache\SET1635.tmp
2012-08-02 13:05 . 2006-10-11 16:26 313344 -c--a-w- c:\windows\system32\dllcache\SET1634.tmp
2012-08-02 13:05 . 2006-10-11 16:26 116224 -c--a-w- c:\windows\system32\dllcache\SET1632.tmp
2012-08-02 13:05 . 2006-10-11 16:26 153088 -c--a-w- c:\windows\system32\dllcache\SET1636.tmp
2012-08-02 13:05 . 2006-10-11 16:26 58880 -c--a-w- c:\windows\system32\dllcache\SET1630.tmp
2012-08-02 13:04 . 2012-05-24 08:48 21376 ----a-w- c:\windows\system32\RegistryDefragBootTime.exe
2012-08-02 12:05 . 2012-08-02 12:05 -------- d-----w- c:\documents and settings\Trash\Local Settings\Data aplikací\ESET
2012-07-27 11:50 . 2012-07-27 11:50 -------- dc----w- c:\documents and settings\LocalService\Dokumenty
2012-07-26 17:05 . 2012-07-26 17:05 -------- dc----w- c:\documents and settings\Trash\Data aplikací\Telefónica Móviles
2012-07-26 17:04 . 2009-12-15 12:05 24448 ----a-w- c:\windows\system32\drivers\ewdcsc.sys
2012-07-26 17:04 . 2009-12-15 12:05 113280 ----a-w- c:\windows\system32\drivers\ewusbnet.sys
2012-07-26 17:04 . 2009-12-15 12:05 102528 ----a-w- c:\windows\system32\drivers\ewusbmdm.sys
2012-07-26 17:04 . 2009-12-15 12:05 100736 ----a-w- c:\windows\system32\drivers\ewusbdev.sys
2012-07-26 17:04 . 2012-07-26 17:04 -------- d-----w- c:\program files\O2
2012-07-24 12:01 . 2012-07-24 12:01 1409 ----a-w- c:\windows\QTFont.for
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-21 22:46 . 2012-06-21 22:46 271360 ----a-w- c:\windows\system32\drivers\atksgt.sys
2012-06-21 22:46 . 2012-06-21 22:46 18048 ----a-w- c:\windows\system32\drivers\lirsgt.sys
2012-07-29 10:58 . 2012-06-08 12:14 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-07-03 16:21 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ICQ"="c:\program files\ICQ7.1\ICQ.exe" [2011-01-05 133432]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Smapp"="c:\program files\Analog Devices\SoundMAX\SMTray.exe" [2003-05-05 143360]
"DrvLsnr"="c:\program files\Analog Devices\SoundMAX\DrvLsnr.exe" [2003-05-08 69632]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-11-18 185872]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"tsnpstd3"="c:\windows\tsnpstd3.exe" [2007-03-30 262144]
"snpstd3"="c:\windows\vsnpstd3.exe" [2006-09-18 843776]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-07-03 4273976]
"COMODO"="c:\program files\COMODO\COMODO GeekBuddy\CLPSLA.exe" [2011-11-23 208184]
"CPA"="c:\program files\COMODO\COMODO GeekBuddy\VALA.exe" [2011-11-23 182584]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2012-03-11 6749512]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-17 15360]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\guard32.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CLPSLS]
@="Service"
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2008-04-01 09:39 486856 ----a-w- c:\program files\DAEMON Tools Lite\daemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2004-10-13 16:24 1694208 ------w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2007-12-11 09:56 286720 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirtualCloneDrive]
2011-03-07 13:33 89456 ----a-w- c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Soulseek-Test\\slsk.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\WINDOWS\\system32\\javaw.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=
"c:\\Documents and Settings\\Trash\\Plocha\\utorrent-portable\\utorrent.exe"=
"c:\\Program Files\\ICQ7.1\\ICQ.exe"=
"c:\\Program Files\\ICQ7.1\\aolload.exe"=
"c:\\Documents and Settings\\Trash\\Data aplikací\\GameRanger\\GameRanger\\GameRanger.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Opera\\pluginwrapper\\opera_plugin_wrapper.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server
"50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server
"50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [31.10.2007 21:34 436792]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [6.8.2012 19:22 721000]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [6.8.2012 19:23 353688]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [11.3.2012 21:13 494968]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [11.3.2012 21:13 31704]
R1 tidnet;TID NDIS Protocol Driver;c:\windows\system32\drivers\tidnet.sys [15.9.2009 11:51 19200]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [6.8.2012 19:23 21256]
R2 CLPSLS;COMODO livePCsupport Service;c:\program files\COMODO\COMODO GeekBuddy\CLPSLS.exe [23.11.2011 12:27 1052472]
R2 HWiNFO32;HWiNFO32 Kernel Driver;c:\program files\HWiNFO32\HWiNFO32.SYS [1.12.2007 18:54 8192]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [6.8.2012 19:23 136176]
S2 Skype C2C Service;Skype C2C Service;c:\documents and settings\All Users\Data aplikací\Skype\Toolbars\Skype C2C Service\c2c_service.exe [5.7.2012 18:41 3048136]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [29.2.2012 9:50 158856]
S3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [6.8.2012 19:23 136176]
S3 Huawei;HUAWEI Mobile Connect - USB Smart Card Reader;c:\windows\system32\drivers\ewdcsc.sys [26.7.2012 19:04 24448]
S3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\drivers\ewusbdev.sys [26.7.2012 19:04 100736]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [3.5.2012 13:57 113120]
S3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [2.5.2010 2:34 25704]
S3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);c:\windows\system32\drivers\WsAudio_DeviceS(2).sys [2.5.2010 2:35 25704]
S3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);c:\windows\system32\drivers\WsAudio_DeviceS(3).sys [2.5.2010 2:35 25704]
S3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);c:\windows\system32\drivers\WsAudio_DeviceS(4).sys [2.5.2010 2:36 25704]
S3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);c:\windows\system32\drivers\WsAudio_DeviceS(5).sys [2.5.2010 2:36 25704]
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - TRUESIGHT
*Deregistered* - TrueSight
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-08-23 16:34 451872 -c--a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2012-08-07 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2012-08-06 16:21]
.
2012-08-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-08-06 17:23]
.
2012-08-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-08-06 17:23]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://home.mywebsearch.com/index.jhtml?n=77DE8857&ptnrS=GRxdm373YYCZ&ptb=To4ofHdF46iNy0qPgybGqg
uDefault_Search_URL = hxxp://search.qip.ru
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&r ... urceid=ie7
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: {{71BFC818-0CED-42D6-9C87-5142918957EE} - c:\program files\ICQ7.1\ICQ.exe
TCP: DhcpNameServer = 213.46.172.36 213.46.172.37
FF - ProfilePath - c:\documents and settings\Trash\Data aplikací\Mozilla\Firefox\Profiles\sm04586p.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: network.proxy.type - 4
FF - user.js: accessibility.typeaheadfind.flashBar - 0
FF - user.js: app.update.lastUpdateTime.addon-background-update-timer - 1343876657
FF - user.js: app.update.lastUpdateTime.background-update-timer - 1343876777
FF - user.js: app.update.lastUpdateTime.blocklist-background-update-timer - 1343876537
FF - user.js: app.update.lastUpdateTime.microsummary-generator-update-timer - 1335139503
FF - user.js: app.update.lastUpdateTime.places-maintenance-timer - 1335250552
FF - user.js: app.update.lastUpdateTime.restart-nag-timer - 1196211783
FF - user.js: app.update.lastUpdateTime.search-engine-update-timer - 1343876417
FF - user.js: avg.toolbar.activityIndex - []
FF - user.js: avg.toolbar.avg-SearchTerms -
FF - user.js: avg.toolbar.avg_newtabinfo - false
FF - user.js: avg.toolbar.buttons_hidden - false,false,false,false,false,false,false,false
FF - user.js: avg.toolbar.buttons_hidden_init - false,false,false,false,false,false,false,false
FF - user.js: avg.toolbar.buttons_icon - ,,chrome://avg/skin/safesurf.png,chrome://avg/skin/safesurf.png,chrome://avg/skin/safesearch.png,chrome://avg/skin/avglinks.png,chrome://avg/skin/avglinks.png,
FF - user.js: avg.toolbar.buttons_id - avg-SearchTerms,avg-SearchTerms-Button,avg-SurfSafe,avg-SurfSafeFree,avg-SearchShield,avg-Avginfo,avg-AvginfoFree,avg-Getmore
FF - user.js: avg.toolbar.buttons_label - ,Search,Active Surf-Shield,Active Surf-Shield,Search-Shield,AVG Info ,AVG Info ,Get More
FF - user.js: avg.toolbar.clientId - 74079D55D6F741C08B6E03C26460C8CA
FF - user.js: avg.toolbar.first_installation - true
FF - user.js: avg.toolbar.fourOFourError - true
FF - user.js: avg.toolbar.last_location - hxxp://search.seznam.cz/?q=fff&mod=f
FF - user.js: avg.toolbar.last_location_count - 0
FF - user.js: avg.toolbar.ntObserve_MENUCHECK - true
FF - user.js: avg.toolbar.search.textbox.width - 220
FF - user.js: avg.toolbar.search_type - yahoo
FF - user.js: avg.toolbar.settings - {searchMenu1:'',searchMenu2:'',searchChoice:null,'icon-text':'icon-text'}
FF - user.js: avg.toolbar.settings.icon-text - true
FF - user.js: avg.toolbar.settings.newwin - false
FF - user.js: avg.toolbar.settings.search.autorunhist - true
FF - user.js: avg.toolbar.settings.search.crossb - true
FF - user.js: avg.toolbar.settings.search.dropdlist - true
FF - user.js: avg.toolbar.timeId - 21322019315120090214131325
FF - user.js: avg.toolbar.timerSTATPOSTING - 1235272947
FF - user.js: avg.toolbar.version - 2.0.20080710
FF - user.js: avg.toolbar.visible - false
FF - user.js: avg.toolbar.websearchlink - hxxp://un.yhs.search.yahoo.com/avg/search?fr=yhs-avg
FF - user.js: browser.anchor_color - #0000FF
FF - user.js: browser.cache.disk.capacity - 1048576
FF - user.js: browser.cache.disk.smart_size.first_run - false
FF - user.js: browser.cache.disk.smart_size_cached_value - 317440
FF - user.js: browser.cache.memory.capacity - 16000
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.display.background_color - #C0C0C0
FF - user.js: browser.display.use_system_colors - true
FF - user.js: browser.download.dir - c:\\Documents and Settings\\Trash\\Plocha
FF - user.js: browser.download.lastDir - G:
FF - user.js: browser.download.manager.alertOnEXEOpen - false
FF - user.js: browser.download.save_converter_index - 1
FF - user.js: browser.download.useDownloadDir - false
FF - user.js: browser.feeds.handler - reader
FF - user.js: browser.feeds.handler.default - client
FF - user.js: browser.feeds.handlers.application - c:\\Program Files\\FeedReaderCZ\\feedreadercz.exe
FF - user.js: browser.feeds.showFirstRunUI - false
FF - user.js: browser.history_expire_days.mirror - 180
FF - user.js: browser.migration.version - 6
FF - user.js: browser.offline - false
FF - user.js: browser.places.importBookmarksHTML - false
FF - user.js: browser.places.importDefaults - false
FF - user.js: browser.places.leftPaneFolderId - -1
FF - user.js: browser.places.migratePostDataAnnotations - false
FF - user.js: browser.places.smartBookmarksVersion - 4
FF - user.js: browser.places.updateRecentTagsUri - false
FF - user.js: browser.preferences.advanced.selectedTabIndex - 1
FF - user.js: browser.rights.3.shown - true
FF - user.js: browser.search.defaultengine - Ask.com
FF - user.js: browser.search.defaultenginename - ICQ Search
FF - user.js: browser.search.order.1 - Ask.com
FF - user.js: browser.search.selectedEngine - Google
FF - user.js: browser.search.useDBForOrder - true
FF - user.js: browser.shell.checkDefaultBrowser - false
FF - user.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - user.js: browser.startup.homepage_override.buildID - 20120713134347
FF - user.js: browser.startup.homepage_override.mstone - 14.0.1
FF - user.js: browser.syncPromoViewsLeft - 0
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: browser.visited_color - #800080
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.maxtextrun - 4095
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: dom.ipc.plugins.enabled.npmywebs.dll - false
FF - user.js: dom.max_script_run_time - 1800
FF - user.js: extensions.blocklist.pingCount - -1
FF - user.js: extensions.blocklist.pingCountTotal - 56
FF - user.js: extensions.blocklist.pingCountVersion - 4
FF - user.js: extensions.bootstrappedAddons - {}
FF - user.js: extensions.customizegoogle.misc.filterlist - hxxp://bukvice.blog.cz/0605/pocasi
FF - user.js: extensions.customizegoogle.web.auto-page - false
FF - user.js: extensions.customizegoogle.web.counter - false
FF - user.js: extensions.customizegoogle.web.favicons - false
FF - user.js: extensions.customizegoogle.web.filter - true
FF - user.js: extensions.customizegoogle.web.focus - false
FF - user.js: extensions.customizegoogle.web.history - false
FF - user.js: extensions.customizegoogle.web.remove-ads - false
FF - user.js: extensions.customizegoogle.web.removeclicktrack - false
FF - user.js: extensions.customizegoogle.web.save - false
FF - user.js: extensions.customizegoogle.web.save-handler - bookmark
FF - user.js: extensions.customizegoogle.web.search-links - true
FF - user.js: extensions.customizegoogle.web.suggest - true
FF - user.js: extensions.databaseSchema - 12
FF - user.js: extensions.enabledAddons - {e968fc70-8f95-4ab9-9e79-304de2a71ee1}:0.7.3,{c50ca3c4-5656-43c2-a061-13e717f73fc8}:4.2.1,{972ce4c6-7e08-4474-a285-3208198ce6fd}:14.0.1
FF - user.js: extensions.enabledItems - {c50ca3c4-5656-43c2-a061-13e717f73fc8}:4.1.3,{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}:6.0.05,{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}:6.0.07,{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11,{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13,{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}:6.0.15,{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}:6.0.17,{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}:6.0.19,jqs@sun.com:1.0,{e968fc70-8f95-4ab9-9e79-304de2a71ee1}:0.7.3,{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.10.0.9560,{23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.2.145,{972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.28
FF - user.js: extensions.fastvideodownload.firstrun - false
FF - user.js: extensions.fastvideodownload.iconanimation - true
FF - user.js: extensions.fastvideodownload.menusize - 8
FF - user.js: extensions.fastvideodownload.savefolder - c:\\Documents and Settings\\Trash\\Plocha
FF - user.js: extensions.fastvideodownload.showstatus - true
FF - user.js: extensions.fastvideodownload.showtools - true
FF - user.js: extensions.fastvideodownload.version -
FF - user.js: extensions.hotfix.lastVersion - 20120430.01
FF - user.js: extensions.installCache - [{\name\:\winreg-app-global\,\addons\:{\jqs@sun.com\:{\descriptor\:\c:\\\\Program Files\\\\Java\\\\jre6\\\\lib\\\\deploy\\\\jqs\\\\ff\,\mtime\:1240563861062},\{20a82645-c095-46ed-80e3-08825760534b}\:{\descriptor\:\c:\\\\WINDOWS\\\\Microsoft.NET\\\\Framework\\\\v3.5\\\\Windows Presentation Foundation\\\\DotNetAssistantExtension\,\mtime\:1343915055875}}},{\name\:\app-global\,\addons\:{\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\:{\descriptor\:\c:\\\\Program Files\\\\Mozilla Firefox\\\\extensions\\\\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\,\mtime\:1332379891578},\{972ce4c6-7e08-4474-a285-3208198ce6fd}\:{\descriptor\:\c:\\\\Program Files\\\\Mozilla Firefox\\\\extensions\\\\{972ce4c6-7e08-4474-a285-3208198ce6fd}\,\mtime\:1343559490734}}},{\name\:\app-profile\,\addons\:{\{c50ca3c4-5656-43c2-a061-13e717f73fc8}\:{\descriptor\:\c:\\\\Documents and Settings\\\\Trash\\\\Data aplikacĂ\\\\Mozilla\\\\Firefox\\\\Profiles\\\\sm04586p.default\\\\extensions\\\\{c50ca3c4-5656-43c2-a061-13e717f73fc8}.xpi\,\mtime\:1343341560140},\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}\:{\descriptor\:\c:\\\\Documents and Settings\\\\Trash\\\\Data aplikacĂ\\\\Mozilla\\\\Firefox\\\\Profiles\\\\sm04586p.default\\\\extensions\\\\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}.xpi\,\mtime\:1335250868312}}}]
FF - user.js: extensions.installedDistroAddon.testpilot@labs.mozilla.com - true
FF - user.js: extensions.jqs@sun.com.install-event-fired - true
FF - user.js: extensions.kosa.anonymousId - 047b792e0c7c5e971952c209f392b325
FF - user.js: extensions.kosa.bgCount - 261
FF - user.js: extensions.kosa.bundles - +1$fvd
FF - user.js: extensions.kosa.config - +fvd
FF - user.js: extensions.kosa.enabled - true
FF - user.js: extensions.kosa.install - fvd
FF - user.js: extensions.kosa.prefix - fvd
FF - user.js: extensions.kosa.settingsPrefix - fvd
FF - user.js: extensions.kosa.smspHideAds - false
FF - user.js: extensions.kosa.smspMaxPerPage - 10
FF - user.js: extensions.kosa.userId - c9929576-5e09-454f-80ca-9dd101fbac71
FF - user.js: extensions.kosa.vercheck - hxxp://init.kallout.com/versioncheck.js
FF - user.js: extensions.kosa.version - 2.2.3
FF - user.js: extensions.lastAppVersion - 14.0.1
FF - user.js: extensions.lastPlatformVersion - 14.0.1
FF - user.js: extensions.pendingOperations - false
FF - user.js: extensions.register@pgport.com.data - {ef522540-89f5-46b9-b6fe-1829e2b572c6},0,9999,999.999.999,9999,|{c50ca3c4-5656-43c2-a061-13e717f73fc8},5300,5300,4.0.1,5300,fvd|fvd@kallout.com,5200,5200,4.0.1,5200,fvd|fbg@pgport.com,0,5100,0.0.0,4600,|kosa@kallout.com,5000,5000,2.0.1,5000,sm|ytvdh@pgport.com,0,4800,1.1.3,4800,|ytvdw@pgport.com,0,4700,1.1.3,4700,|btpersonas@brandthunder.com,0,4600,0.0.0.,4600,|lifetimesavings@pgport.com,0,1002,0.0.0.,1002,|afhack@pgport.com,0,1001,0.0.0.,1001,|afext@pgport.com,0,1000,0.0.0.,1000,
FF - user.js: extensions.register@pgport.com.version - 1017
FF - user.js: extensions.shownSelectionUI - true
FF - user.js: extensions.skype_toolbar.version - 5.10.0.9560
FF - user.js: extensions.testpilot.alreadyCustomizedToolbar - true
FF - user.js: extensions.testpilot@labs.mozilla.com.install-event-fired - true
FF - user.js: extensions.ui.dictionary.hidden - true
FF - user.js: extensions.ui.lastCategory - addons://list/extension
FF - user.js: extensions.ui.locale.hidden - true
FF - user.js: extensions.update.notifyUser - false
FF - user.js: extensions.{20a82645-c095-46ed-80e3-08825760534b}.install-event-fired - true
FF - user.js: extensions.{23fcfd51-4958-4f00-80a3-ae97e717ed8b}.install-event-fired - true
FF - user.js: extensions.{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.install-event-fired - true
FF - user.js: extensions.{E2883E8F-472F-4fb0-9522-AC9BF37916A7}.install-event-fired - true
FF - user.js: extensions.{c50ca3c4-5656-43c2-a061-13e717f73fc8}.install-event-fired - true
FF - user.js: extensions.{e968fc70-8f95-4ab9-9e79-304de2a71ee1}.install-event-fired - true
FF - user.js: extensions.{fce36c1e-58d8-498a-b2a5-66ad1cedebbb}.install-event-fired - true
FF - user.js: font.internaluseonly.changed - true
FF - user.js: fvd.first_time_use - false
FF - user.js: gfx.blacklist.suggested-driver-version - 257.21
FF - user.js: icqtoolbar.allowSendURL - false
FF - user.js: icqtoolbar.engineVerified - true
FF - user.js: icqtoolbar.geolastmodified - 1271677352
FF - user.js: icqtoolbar.hiddenElements - itb_options
FF - user.js: icqtoolbar.history - Super.8.2011.DVDSCR.XViD-EVO%20torrent||Super.8.2011.DVDSCR.XviD.AC3-ViSiON%20torrent||Ringu%200%3A%20Basudei%20torrent||isohunt%20Ring.0.Birthday.2000.iNTERNAL.DVDRip.XviD-iLS%20torrent||Ring.0.Birthday.2000.iNTERNAL.DVDRip.XviD-iLS%20torrent||piratebay%20Smiley.Face.LIMITED.DVDRip.XviD-iMBT%20torrent||isohunt%20Smiley.Face.Festival.DVDSCR.XviD-XanaX%20torrent||Smiley.Face.Festival.DVDSCR.XviD-XanaX%20torrent||Smiley.Face.LIMITED.DVDRip.XviD-iMBT%20torrent||how.i.met.your.mother.s07e05.hdtv.xvid-lol%20torrent||menza%20jednota||abz%20slovn%C3%ADk||isifa%2Fgetty%20images||Shelter.LiMiTED.DVDRip.XviD-ALLiANCE||how.i.met.your.mother.s07e04.hdtv.xvid-lol
FF - user.js: icqtoolbar.icqgeo - 42
FF - user.js: icqtoolbar.installTime - 1270415208
FF - user.js: icqtoolbar.newtab_state - 1
FF - user.js: icqtoolbar.numberOfSearches - 0
FF - user.js: icqtoolbar.previousFFVersion - 3.6.23
FF - user.js: icqtoolbar.skip_default_search - no
FF - user.js: icqtoolbar.suggestions - false
FF - user.js: icqtoolbar.uninstStatSent - true
FF - user.js: icqtoolbar.uniqueID - 122881625112288168511228899951121
FF - user.js: icqtoolbar.usageStatstTimestamp - 1318699420
FF - user.js: icqtoolbar.xmlEnableSuggestions - false
FF - user.js: icqtoolbar.xmlLanguage - cs
FF - user.js: idle.lastDailyNotification - 1343689907
FF - user.js: intl.charsetmenu.browser.cache - ISO-8859-1, windows-1250, windows-1251, ISO-8859-2, UTF-8
FF - user.js: network.cookie.prefsMigrated - true
FF - user.js: network.http.max-connections - 32
FF - user.js: network.http.max-connections-per-server - 8
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: network.proxy.type - 4
FF - user.js: nglayout.initialpaint.delay - 750
FF - user.js: oldKeyword - hxxp://www.crawler.com/search/dispatcher.aspx? ... 60327&qkw=
FF - user.js: places.database.lastMaintenance - 1343689912
FF - user.js: places.history.expiration.transient_current_max_pages - 26830
FF - user.js: places.last_vacuum - 1331515232
FF - user.js: plugin.expose_full_path - true
FF - user.js: pref.advanced.javascript.disable_button.advanced - false
FF - user.js: pref.browser.homepage.disable_button.current_page - false
FF - user.js: pref.browser.homepage.disable_button.restore_default - false
FF - user.js: pref.privacy.disable_button.view_cookies - false
FF - user.js: print.print_bgcolor - false
FF - user.js: print.print_bgimages - false
FF - user.js: print.print_command -
FF - user.js: print.print_downloadfonts - true
FF - user.js: print.print_evenpages - true
FF - user.js: print.print_in_color - true
FF - user.js: print.print_margin_bottom - 0.5
FF - user.js: print.print_margin_left - 0.5
FF - user.js: print.print_margin_right - 0.5
FF - user.js: print.print_margin_top - 0.5
FF - user.js: print.print_oddpages - true
FF - user.js: print.print_orientation - 0
FF - user.js: print.print_pagedelay - 500
FF - user.js: print.print_paper_data - 0
FF - user.js: print.print_paper_height - 11,00
FF - user.js: print.print_paper_size - 7209061
FF - user.js: print.print_paper_size_type - 1
FF - user.js: print.print_paper_size_unit - 0
FF - user.js: print.print_paper_width - 8,50
FF - user.js: print.print_printer - Adobe PDF
FF - user.js: print.print_reversed - false
FF - user.js: print.print_scaling - 1,00
FF - user.js: print.print_shrink_to_fit - true
FF - user.js: print.print_to_file - false
FF - user.js: print.print_to_filename -
FF - user.js: print.print_unwriteable_margin_bottom - 0
FF - user.js: print.print_unwriteable_margin_left - 0
FF - user.js: print.print_unwriteable_margin_right - 0
FF - user.js: print.print_unwriteable_margin_top - 0
FF - user.js: print.printer_Adobe_PDF.print_bgcolor - false
FF - user.js: print.printer_Adobe_PDF.print_bgimages - false
FF - user.js: print.printer_Adobe_PDF.print_command -
FF - user.js: print.printer_Adobe_PDF.print_downloadfonts - true
FF - user.js: print.printer_Adobe_PDF.print_edge_bottom - 0
FF - user.js: print.printer_Adobe_PDF.print_edge_left - 0
FF - user.js: print.printer_Adobe_PDF.print_edge_right - 0
FF - user.js: print.printer_Adobe_PDF.print_edge_top - 0
FF - user.js: print.printer_Adobe_PDF.print_evenpages - true
FF - user.js: print.printer_Adobe_PDF.print_footercenter -
FF - user.js: print.printer_Adobe_PDF.print_footerleft - &PT
FF - user.js: print.printer_Adobe_PDF.print_footerright - &D
FF - user.js: print.printer_Adobe_PDF.print_headercenter -
FF - user.js: print.printer_Adobe_PDF.print_headerleft - &T
FF - user.js: print.printer_Adobe_PDF.print_headerright - &U
FF - user.js: print.printer_Adobe_PDF.print_in_color - true
FF - user.js: print.printer_Adobe_PDF.print_margin_bottom - 0.5
FF - user.js: print.printer_Adobe_PDF.print_margin_left - 0.5
FF - user.js: print.printer_Adobe_PDF.print_margin_right - 0.5
FF - user.js: print.printer_Adobe_PDF.print_margin_top - 0.5
FF - user.js: print.printer_Adobe_PDF.print_oddpages - true
FF - user.js: print.printer_Adobe_PDF.print_orientation - 0
FF - user.js: print.printer_Adobe_PDF.print_pagedelay - 500
FF - user.js: print.printer_Adobe_PDF.print_paper_data - 0
FF - user.js: print.printer_Adobe_PDF.print_paper_height - 11,00
FF - user.js: print.printer_Adobe_PDF.print_paper_size_type - 0
FF - user.js: print.printer_Adobe_PDF.print_paper_size_unit - 1
FF - user.js: print.printer_Adobe_PDF.print_paper_width - 8,50
FF - user.js: print.printer_Adobe_PDF.print_reversed - false
FF - user.js: print.printer_Adobe_PDF.print_scaling - 1,00
FF - user.js: print.printer_Adobe_PDF.print_shrink_to_fit - true
FF - user.js: print.printer_Adobe_PDF.print_to_file - false
FF - user.js: print.printer_Adobe_PDF.print_to_filename -
FF - user.js: print.printer_Adobe_PDF.print_unwriteable_margin_bottom - 0
FF - user.js: print.printer_Adobe_PDF.print_unwriteable_margin_left - 0
FF - user.js: print.printer_Adobe_PDF.print_unwriteable_margin_right - 0
FF - user.js: print.printer_Adobe_PDF.print_unwriteable_margin_top - 0
FF - user.js: privacy.sanitize.migrateFx3Prefs - true
FF - user.js: privacy.sanitize.timeSpan - 3
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: storage.vacuum.last.index - 1
FF - user.js: storage.vacuum.last.places.sqlite - 1343506873
FF - user.js: toolkit.startup.last_success - 1343924707
FF - user.js: toolkit.telemetry.prompted - 2
FF - user.js: toolkit.telemetry.rejected - true
FF - user.js: ui.submenuDelay - 0
FF - user.js: urlclassifier.keyupdatetime.hxxps://sb-ssl.google.com/safebrowsing/newkey - 1345980394
FF - user.js: urlclassifier.tableversion.goog-black-enchash - 1.53228
FF - user.js: urlclassifier.tableversion.goog-black-url - 1.22331
FF - user.js: urlclassifier.tableversion.goog-white-domain - 1.480
FF - user.js: urlclassifier.tableversion.goog-white-url - 1.371
FF - user.js: useragentswitcher.import.overwrite - false
FF - user.js: useragentswitcher.menu.hide - false
FF - user.js: useragentswitcher.version - 0.73
FF - user.js: xpinstall.whitelist.add -
FF - user.js: xpinstall.whitelist.add.103 -
FF - user.js: xpinstall.whitelist.add.36 -
FF - user.js: browser.cache.memory.capacity - 16000
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.maxtextrun - 4095
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: dom.disable_window_status_change - true
FF - user.js: network.http.max-connections - 32
FF - user.js: network.http.max-connections-per-server - 8
FF - user.js: network.http.max-persistent-connections-per-proxy - 8
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 750
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
FF - user.js: browser.blink_allowed - false
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
BHO-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-08-07 21:22
Windows 5.1.2600 Service Pack 2 NTFS
.
detected NTDLL code modification:
ZwClose
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG11.00.00.01WORKSTATION"="1DFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A6A0AC4980AC7933A6171C11EC38DE3DFEBC9E127BECC74C259FC34C07FB075BAB9261082D42DE79080218A1D28556C343F476FA1FF6E235DE92F9C01FA92C46B295B8E5E6A7BECAD30C9E6344DC541E9164424D824D2B1E00D1BCB73C20ECF911FD1C6CBDF5244FC1035FEDF8114193CEC3884C05D2B4528685B74A34FC13399E66595031CD49F5A119E8B33A6AEAE1E2F73BC65A937D7C94665DC442B0EA3BD67D847BA526ED2467110F5AB4029DB95DFB8CC117EE06BAEFC2612784FEC6A9D587738AE048D2AEAA43E83DF6C6B0BF6BDAF5F2B397529E827EBEA6FC837DA5E15C3F500FD240E5281DD0EB777C790E65B634460F17EAAE5B0E31AA9228E6C1DEE4C6523FB600063F1DE5268D3853B041C5C55B6948DCE4AA7CBAD18FAE6283D9232B48653AE0C574590DE4F4671FA89E4FEE8669DBB9AF46681FEA22AC4F6780A954A1D876364B6EF8EA51CF46406CBBB2394E96D4946F2A83E9FADC0A165CA61EEAFE5459D5B37AB8ECCB21E81EE200DF706FDF0B87FBF114E6BA37839E44C23DDDB6F7251B0F076941E4D1B5A46AF2DCA35796A9AE9FE0F4A69689AA5677EFD55F51C5EF63E0A96ED963AEE7C254C1C2A8ABEEB1A995DC937FAF936330406CCBE48C27A19121983FEF43E60E6DE43DBE96C304F51E136E7389D8F7E6215E1C16A95A66FA8EBC31E97E30100A9BD4D91148A8519F34BB45A9A21CBC41A284843FAA60340BC291720FC2902293C851B190E01DBA291A2CB2E06B354BD433D8D167AA77A1B81D7701DF41F779B5F37C8027429382E17EEFAB57C99573D4D3F6D2C1AF2EA73E9032A328C13256CEA16AA7CF1632D46E170A4B60E661674B09EE799504452129940147C2CDBC5D905AA4AB9CC6563EC61C704FDF2FEFBB14DE425D3E35324E5AA2127B1F364B180428A637B3060EAFB64A8D98D154506D5F6168BAA9971E5108B80BF3C20D4470029BE394CDC69EFEDD633F2EC44AC0D934A24D6DDD3EE732BC5C8109452941B9BAC7C036B7C2FD652F2AD7395A4C3643E8384F7A6F05205DD51184B5D327912530C41431D3F3580074E79C08C9D55950AC3BC0090B0A0CA005E3911C2E65B7CD39AEAD3E179C8C5047E9478DDBA8080CFD4B6A63EE2FA6AF4FE11E7D27866A2F0024CDB88A40AF3C9801865D6F49D0E2B2088577709A1B23901E9142297213A804C928A34A26080D2C80FCB3F682F9A8F217C1D97437CDF4F3AFC778B053D1009846E6238ADB90709842BF6C7860F9133D2343C077B1D185FC31914D4B99F65DE3C527FE8D30FA76CA23590B0FB37FBE60591F07097CF1968140B29620778C4DE0777A262E38A8968302C73467926AA602EC612A4CCE2BD1A901"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(988)
c:\windows\system32\guard32.dll
.
- - - - - - - > 'lsass.exe'(1044)
c:\windows\system32\MPR.dll
c:\windows\system32\guard32.dll
.
- - - - - - - > 'csrss.exe'(960)
c:\windows\system32\cmdcsr.dll
.
Celkový čas: 2012-08-07 21:27:26
ComboFix-quarantined-files.txt 2012-08-07 19:27
ComboFix2.txt 2009-12-19 19:16
ComboFix3.txt 2009-04-21 20:39
.
Před spuštěním: 2 457 243 648
Po spuštění: 2 903 490 560
.
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - A641AC3182DD01B3FAD3938B9C234D43

#11 Příspěvek od **vyosek** » 07 srp 2012 20:55

Stahnete MBRScan http://eric71.geekstogo.com/tools/MbrScan.exe

Ulozte nejlepe na plochu
Pokud pouzivate Win Vista ci W7, kliknete na MBRScan pravym a dejte Run As Administrator ci Spustit jako spravce
Kliknete na Report
Po chvilce se objevi log do souboru MBRScan.txt, ten sem vlozte

Stahnete si TDSSKiller http://support.kaspersky.com/downloads/ ... killer.exe

Kliknete na volbu Change parametrs
V obou oknech (Objects to scan i Additional Option) zakliknete vsechny moznosti - ve vsech ctvereccich musi mit fajecka
Kliknete na OK
Utilite prikazte, at skenuje - klik na Start Scan
Po dokonceni skenu se objevi okno, zkontrolujte, zda-li je vsude moznost Skip
Pokud moznost Skip nebude primarne nastavena, prekliknete ji na Skip
Pokud mate vsude Skip, kliknete na Continue
Na disku, kde mate Windows (obvykle c:\) ve tvaru TDSSKiller.nejaka cisilka _log.txt bude log - jeho obsah sem vlozte

Trasheek · #12 Příspěvek od **Trasheek** » 07 srp 2012 21:09

Kód: Vybrat vše

MBRScan v1.1.1

OS             : Windows XP Home Service Pack 2 (32 bit)
PROCESSOR      : x86 Family 15 Model 3 Stepping 3, GenuineIntel
BOOT           : Normal Boot
DATE           : 2012/08/07 (ISO 8601) at 22:03:45
________________________________________________________________________________

DISK           : Device\Harddisk0\DR0 __WDC WD600JB-00CRA1 (17.07W17)
BUS_TYPE       : (0x03)  P-ATA
USE_PIO        : YES
MAX_TRANSFER   : 128 Kb
ALIGNMENT_MASK : word aligned
________________________________________________________________________________

DISK           : Device\Harddisk1\DR2 __LaCie iamaKey (0.00)
BUS_TYPE       : (0x07)  USB
USE_PIO        : NO
MAX_TRANSFER   : 64 Kb
ALIGNMENT_MASK : byte aligned
________________________________________________________________________________

Device\Harddisk0\DR0	55.90 Go  [Fixed] ==> XP MBR Code

MBR_MD5   : 7B88DDB674ECB385D45A1B5E0F0EC57C
MBR_SHA1  : AE78396143430FB945DBBE1FE51BDDBFEE83E9B8

Device\Harddisk0\Partition1	55.89 Go  	0x07 NTFS / HPFS __ BOOTABLE __
________________________________________________________________________________

Device\Harddisk1\DR2	7.53 Go  [Removable] ==> Unknown MBR Code

MBR_MD5   : 53350B3E3C4FDBD439965E89021F58F5
MBR_SHA1  : D3D98F73716788201FBCD304579AA47FE6C6C470

Device\Harddisk1\Partition1	7.53 Go
Device\Harddisk1\Partition2	931 Go  	0x64 Novell Netware 
Device\Harddisk1\Partition3	1.25 To  	0x6A 0x6A 
Device\Harddisk1\Partition4	27.00 Mo  	0x75 IBM PC/IX 
________________________________________________________________________________

############################### Additional scan ################################

DRIVER  : C:\WINDOWS\system32\Drivers\PROCEXP113.SYS => Invisible on the disk
ADDRESS : 0xF7DC4000
SIZE    : 8.0 Ko

DRIVER  : C:\DOCUME~1\Trash\LOCALS~1\Temp\catchme.sys => Invisible on the disk
ADDRESS : 0xF7C2E000
SIZE    : 32.0 Ko

SystemStartOptions : NOEXECUTE=OPTIN  FASTDETECT

________________________________________________________________________________

_______MBR   \Device\Harddisk0\DR0  

0x00000000   33 C0 8E D0 BC 00 7C FB 50 07 50 1F FC BE 1B 7C   3À.Ð¼.|ûP.P.ü¾.|
0x00000010   BF 1B 06 50 57 B9 E5 01 F3 A4 CB BD BE 07 B1 04   ¿..PW¹å.ó¤Ë½¾.±.
0x00000020   38 6E 00 7C 09 75 13 83 C5 10 E2 F4 CD 18 8B F5   8n.|.u..Å.âôÍ..õ
0x00000030   83 C6 10 49 74 19 38 2C 74 F6 A0 B5 07 B4 07 8B   .Æ.It.8,tö.µ.´..
0x00000040   F0 AC 3C 00 74 FC BB 07 00 B4 0E CD 10 EB F2 88   ð¬<.tü»..´.Í.ëò.
0x00000050   4E 10 E8 46 00 73 2A FE 46 10 80 7E 04 0B 74 0B   N.èF.s*þF..~..t.
0x00000060   80 7E 04 0C 74 05 A0 B6 07 75 D2 80 46 02 06 83   .~..t..¶.uÒ.F...
0x00000070   46 08 06 83 56 0A 00 E8 21 00 73 05 A0 B6 07 EB   F...V..è!.s..¶.ë
0x00000080   BC 81 3E FE 7D 55 AA 74 0B 80 7E 10 00 74 C8 A0   ¼.>þ}Uªt..~..tÈ.
0x00000090   B7 07 EB A9 8B FC 1E 57 8B F5 CB BF 05 00 8A 56   ·.ë©.ü.W.õË¿...V
0x000000A0   00 B4 08 CD 13 72 23 8A C1 24 3F 98 8A DE 8A FC   .´.Í.r#.Á$?..Þ.ü
0x000000B0   43 F7 E3 8B D1 86 D6 B1 06 D2 EE 42 F7 E2 39 56   C÷ã.Ñ.Ö±.ÒîB÷â9V
0x000000C0   0A 77 23 72 05 39 46 08 73 1C B8 01 02 BB 00 7C   .w#r.9F.s.¸..».|
0x000000D0   8B 4E 02 8B 56 00 CD 13 73 51 4F 74 4E 32 E4 8A   .N..V.Í.sQOtN2ä.
0x000000E0   56 00 CD 13 EB E4 8A 56 00 60 BB AA 55 B4 41 CD   V.Í.ëä.V.`»ªU´AÍ
0x000000F0   13 72 36 81 FB 55 AA 75 30 F6 C1 01 74 2B 61 60   .r6.ûUªu0öÁ.t+a`
0x00000100   6A 00 6A 00 FF 76 0A FF 76 08 6A 00 68 00 7C 6A   j.j..v..v.j.h.|j
0x00000110   01 6A 10 B4 42 8B F4 CD 13 61 61 73 0E 4F 74 0B   .j.´B.ôÍ.aas.Ot.
0x00000120   32 E4 8A 56 00 CD 13 EB D6 61 F9 C3 4E 65 70 6C   2ä.V.Í.ëÖaùÃNepl
0x00000130   61 74 6E A0 20 74 61 62 75 6C 6B 61 20 6F 64 64   atn. tabulka odd
0x00000140   A1 6C 85 00 43 68 79 62 61 20 70 FD 69 20 6E 61   ¡l..Chyba pýi na
0x00000150   9F A1 74 A0 6E A1 20 6F 70 65 72 61 9F 6E A1 68   .¡t.n¡ opera.n¡h
0x00000160   6F 20 73 79 73 74 82 6D 75 00 4F 70 65 72 61 9F   o syst.mu.Opera.
0x00000170   6E A1 20 73 79 73 74 82 6D 20 6E 65 6E 61 6C 65   n¡ syst.m nenale
0x00000180   7A 65 6E 00 00 00 00 00 00 00 00 00 00 00 00 00   zen.............
0x00000190   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x000001A0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x000001B0   00 00 00 00 00 2C 44 6A DC 15 AC A1 00 00 80 01   .....,DjÜ.¬¡....
0x000001C0   01 00 07 EF FF FF 3F 00 00 00 41 7C FC 06 00 00   ...ï..?...A|ü...
0x000001D0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x000001E0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x000001F0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 AA   ..............Uª

_______MBR   \Device\Harddisk1\DR2  

0x00000000   EB 58 90 4D 53 44 4F 53 35 2E 30 00 02 08 BE 07   ëX.MSDOS5.0...¾.
0x00000010   02 00 00 00 00 F8 00 00 3F 00 FF 00 00 00 00 00   .....ø..?.......
0x00000020   00 00 F1 00 21 3C 00 00 00 00 00 00 02 00 00 00   ..ñ.!<..........
0x00000030   01 00 06 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x00000040   80 00 29 D3 57 DA AC 4E 4F 20 4E 41 4D 45 20 20   ..)ÓWÚ¬NO NAME  
0x00000050   20 20 46 41 54 33 32 20 20 20 33 C9 8E D1 BC F4     FAT32   3É.Ñ¼ô
0x00000060   7B 8E C1 8E D9 BD 00 7C 88 4E 02 8A 56 40 B4 41   {.Á.Ù½.|.N..V@´A
0x00000070   BB AA 55 CD 13 72 10 81 FB 55 AA 75 0A F6 C1 01   »ªUÍ.r..ûUªu.öÁ.
0x00000080   74 05 FE 46 02 EB 2D 8A 56 40 B4 08 CD 13 73 05   t.þF.ë-.V@´.Í.s.
0x00000090   B9 FF FF 8A F1 66 0F B6 C6 40 66 0F B6 D1 80 E2   ¹...ñf.¶Æ@f.¶Ñ.â
0x000000A0   3F F7 E2 86 CD C0 ED 06 41 66 0F B7 C9 66 F7 E1   ?÷â.ÍÀí.Af.·Éf÷á
0x000000B0   66 89 46 F8 83 7E 16 00 75 38 83 7E 2A 00 77 32   f.Fø.~..u8.~*.w2
0x000000C0   66 8B 46 1C 66 83 C0 0C BB 00 80 B9 01 00 E8 2B   f.F.f.À.»..¹..è+
0x000000D0   00 E9 2C 03 A0 FA 7D B4 7D 8B F0 AC 84 C0 74 17   .é,..ú}´}.ð¬.Àt.
0x000000E0   3C FF 74 09 B4 0E BB 07 00 CD 10 EB EE A0 FB 7D   <.t.´.»..Í.ëî.û}
0x000000F0   EB E5 A0 F9 7D EB E0 98 CD 16 CD 19 66 60 80 7E   ëå.ù}ëà.Í.Í.f`.~
0x00000100   02 00 0F 84 20 00 66 6A 00 66 50 06 53 66 68 10   .... .fj.fP.Sfh.
0x00000110   00 01 00 B4 42 8A 56 40 8B F4 CD 13 66 58 66 58   ...´B.V@.ôÍ.fXfX
0x00000120   66 58 66 58 EB 33 66 3B 46 F8 72 03 F9 EB 2A 66   fXfXë3f;Før.ùë*f
0x00000130   33 D2 66 0F B7 4E 18 66 F7 F1 FE C2 8A CA 66 8B   3Òf.·N.f÷ñþÂ.Êf.
0x00000140   D0 66 C1 EA 10 F7 76 1A 86 D6 8A 56 40 8A E8 C0   ÐfÁê.÷v..Ö.V@.èÀ
0x00000150   E4 06 0A CC B8 01 02 CD 13 66 61 0F 82 75 FF 81   ä..Ì¸..Í.fa..u..
0x00000160   C3 00 02 66 40 49 75 94 C3 42 4F 4F 54 4D 47 52   Ã..f@Iu.ÃBOOTMGR
0x00000170   20 20 20 20 00 00 00 00 00 00 00 00 00 00 00 00       ............
0x00000180   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x00000190   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x000001A0   00 00 00 00 00 00 00 00 00 00 00 00 0D 0A 4F 64   ..............Od
0x000001B0   65 62 72 61 74 20 64 69 73 6B 79 20 9F 69 20 6A   ebrat disky .i j
0x000001C0   69 6E A0 20 6D 82 64 69 61 FF 0D 0A 43 68 79 62   in. m.dia...Chyb
0x000001D0   61 20 64 69 73 6B 75 FF 0D 0A 52 65 73 74 61 72   a disku...Restar
0x000001E0   74 75 6A 74 65 20 6C 69 62 2E 20 6B 6C A0 76 65   tujte lib. kl.ve
0x000001F0   73 6F 75 2E 0D 0A 00 00 00 AC CA D8 00 00 55 AA   sou......¬ÊØ..Uª

Trasheek · #13 Příspěvek od **Trasheek** » 07 srp 2012 21:12

22:05:33.0531 0756 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
22:05:33.0812 0756 ============================================================
22:05:33.0812 0756 Current date / time: 2012/08/07 22:05:33.0812
22:05:33.0812 0756 SystemInfo:
22:05:33.0812 0756
22:05:33.0812 0756 OS Version: 5.1.2600 ServicePack: 2.0
22:05:33.0812 0756 Product type: Workstation
22:05:33.0812 0756 ComputerName: KALKULACKA
22:05:33.0812 0756 UserName: Trash
22:05:33.0812 0756 Windows directory: C:\WINDOWS
22:05:33.0812 0756 System windows directory: C:\WINDOWS
22:05:33.0812 0756 Processor architecture: Intel x86
22:05:33.0812 0756 Number of processors: 2
22:05:33.0812 0756 Page size: 0x1000
22:05:33.0812 0756 Boot type: Normal boot
22:05:33.0812 0756 ============================================================
22:05:36.0453 0756 Drive \Device\Harddisk0\DR0 - Size: 0xDF99E6000 (55.90 Gb), SectorSize: 0x200, Cylinders: 0x1E49, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000054
22:05:36.0468 0756 Drive \Device\Harddisk1\DR2 - Size: 0x1E2000000 (7.53 Gb), SectorSize: 0x200, Cylinders: 0x3D7, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
22:05:36.0468 0756 ============================================================
22:05:36.0468 0756 \Device\Harddisk0\DR0:
22:05:36.0468 0756 MBR partitions:
22:05:36.0468 0756 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x6FC7C41
22:05:36.0468 0756 \Device\Harddisk1\DR2:
22:05:36.0468 0756 MBR partitions:
22:05:36.0468 0756 ============================================================
22:05:36.0468 0756 C: <-> \Device\Harddisk0\DR0\Partition0
22:05:36.0468 0756 ============================================================
22:05:36.0468 0756 Initialize success
22:05:36.0468 0756 ============================================================
22:06:08.0625 0708 ============================================================
22:06:08.0625 0708 Scan started
22:06:08.0625 0708 Mode: Manual; SigCheck; TDLFS;
22:06:08.0625 0708 ============================================================
22:06:08.0843 0708 Aavmker4 (0b27ae82c113d3687024d18459440426) C:\WINDOWS\system32\drivers\Aavmker4.sys
22:06:09.0015 0708 Aavmker4 - ok
22:06:09.0015 0708 Abiosdsk - ok
22:06:09.0031 0708 abp480n5 - ok
22:06:09.0078 0708 ACPI (fa2fbcda96d2385f773b059fe5a125a6) C:\WINDOWS\system32\DRIVERS\ACPI.sys
22:06:10.0453 0708 ACPI - ok
22:06:10.0500 0708 ACPIEC (afdff022a01f0b11c776f0860c3b282f) C:\WINDOWS\system32\drivers\ACPIEC.sys
22:06:10.0687 0708 ACPIEC - ok
22:06:10.0843 0708 Adobe Version Cue CS3 (14c23516c990dcd6052152cf034dde40) C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
22:06:10.0890 0708 Adobe Version Cue CS3 - ok
22:06:10.0906 0708 adpu160m - ok
22:06:10.0953 0708 aeaudio (e696e749bedcda8b23757b8b5ea93780) C:\WINDOWS\system32\drivers\aeaudio.sys
22:06:11.0000 0708 aeaudio - ok
22:06:11.0046 0708 aec (1ee7b434ba961ef845de136224c30fec) C:\WINDOWS\system32\drivers\aec.sys
22:06:11.0640 0708 aec - ok
22:06:11.0671 0708 AFD (55e6e1c51b6d30e54335750955453702) C:\WINDOWS\System32\drivers\afd.sys
22:06:11.0718 0708 AFD - ok
22:06:11.0750 0708 agp440 (2c428fa0c3e3a01ed93c9b2a27d8d4bb) C:\WINDOWS\system32\DRIVERS\agp440.sys
22:06:11.0953 0708 agp440 - ok
22:06:11.0968 0708 Aha154x - ok
22:06:11.0984 0708 aic78u2 - ok
22:06:11.0984 0708 aic78xx - ok
22:06:12.0031 0708 Alerter (026ddaa7e6f8d49df82c7a98bae5d0d1) C:\WINDOWS\system32\alrsvc.dll
22:06:12.0265 0708 Alerter - ok
22:06:12.0296 0708 ALG (b3f690bf43f93a012a52f28f234faa1b) C:\WINDOWS\System32\alg.exe
22:06:12.0406 0708 ALG - ok
22:06:12.0421 0708 AliIde - ok
22:06:12.0437 0708 amsint - ok
22:06:12.0468 0708 AppMgmt (421184f91eae5c6e78e653c6b32aae84) C:\WINDOWS\System32\appmgmts.dll
22:06:12.0609 0708 AppMgmt - ok
22:06:12.0625 0708 asc - ok
22:06:12.0640 0708 asc3350p - ok
22:06:12.0640 0708 asc3550 - ok
22:06:12.0734 0708 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
22:06:12.0781 0708 aspnet_state - ok
22:06:12.0812 0708 aswFsBlk (1c1f3d6dddc046c920c493a779649f66) C:\WINDOWS\system32\drivers\aswFsBlk.sys
22:06:12.0843 0708 aswFsBlk - ok
22:06:12.0875 0708 aswMon2 (9e912fe7b41650701ef2b227aca440f3) C:\WINDOWS\system32\drivers\aswMon2.sys
22:06:12.0890 0708 aswMon2 - ok
22:06:12.0921 0708 AswRdr (982e275d1c5801042fe94209fb0160fb) C:\WINDOWS\system32\drivers\AswRdr.sys
22:06:12.0937 0708 AswRdr - ok
22:06:13.0109 0708 aswSnx (73dbcf808e00580f2a47f93dd9b03876) C:\WINDOWS\system32\drivers\aswSnx.sys
22:06:13.0171 0708 aswSnx - ok
22:06:13.0218 0708 aswSP (6cbd7d3a33f498d09c831cdd732da2e0) C:\WINDOWS\system32\drivers\aswSP.sys
22:06:13.0250 0708 aswSP - ok
22:06:13.0281 0708 aswTdi (7109a9aa551f37cd168c02368465957e) C:\WINDOWS\system32\drivers\aswTdi.sys
22:06:13.0312 0708 aswTdi - ok
22:06:13.0343 0708 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
22:06:13.0546 0708 AsyncMac - ok
22:06:13.0609 0708 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
22:06:13.0796 0708 atapi - ok
22:06:13.0796 0708 Atdisk - ok
22:06:13.0859 0708 atksgt (6e996cf8459a2594e0e9609d0e34d41f) C:\WINDOWS\system32\DRIVERS\atksgt.sys
22:06:13.0937 0708 atksgt ( UnsignedFile.Multi.Generic ) - warning
22:06:13.0937 0708 atksgt - detected UnsignedFile.Multi.Generic (1)
22:06:13.0953 0708 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
22:06:14.0171 0708 Atmarpc - ok
22:06:14.0218 0708 AudioSrv (40d78f514c8588ef12ec718d2af0fc4e) C:\WINDOWS\System32\audiosrv.dll
22:06:14.0421 0708 AudioSrv - ok
22:06:14.0453 0708 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
22:06:14.0640 0708 audstub - ok
22:06:14.0718 0708 avast! Antivirus (2f7c0f3e39c45e0127fb78b2f18a41f3) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
22:06:14.0734 0708 avast! Antivirus - ok
22:06:14.0796 0708 b57w2k (3a3a82ffd268bcfb7ae6a48cecf00ad9) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
22:06:14.0875 0708 b57w2k - ok
22:06:14.0921 0708 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
22:06:15.0109 0708 Beep - ok
22:06:15.0171 0708 BITS (e774a26610ec92674273486612c11cfc) C:\WINDOWS\system32\qmgr.dll
22:06:15.0468 0708 BITS - ok
22:06:15.0484 0708 Blfp (07a758bffb297819252aa72bab0e6611) C:\WINDOWS\system32\DRIVERS\baspxp32.sys
22:06:15.0546 0708 Blfp - ok
22:06:15.0578 0708 Bonjour Service (73686fe0b2e0469f89fd2075be724704) C:\Program Files\Bonjour\mDNSResponder.exe
22:06:15.0609 0708 Bonjour Service ( UnsignedFile.Multi.Generic ) - warning
22:06:15.0609 0708 Bonjour Service - detected UnsignedFile.Multi.Generic (1)
22:06:15.0656 0708 Browser (f219e27e88107a50544153898dd8178e) C:\WINDOWS\System32\browser.dll
22:06:15.0843 0708 Browser - ok
22:06:15.0953 0708 catchme - ok
22:06:16.0000 0708 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
22:06:16.0187 0708 cbidf2k - ok
22:06:16.0218 0708 CCDECODE (6163ed60b684bab19d3352ab22fc48b2) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
22:06:16.0406 0708 CCDECODE - ok
22:06:16.0421 0708 cd20xrnt - ok
22:06:16.0453 0708 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
22:06:16.0625 0708 Cdaudio - ok
22:06:16.0656 0708 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
22:06:16.0843 0708 Cdfs - ok
22:06:16.0890 0708 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
22:06:17.0093 0708 Cdrom - ok
22:06:17.0093 0708 Changer - ok
22:06:17.0125 0708 CiSvc (9e21229e04e1d301bb40222fe4641cb2) C:\WINDOWS\system32\cisvc.exe
22:06:17.0312 0708 CiSvc - ok
22:06:17.0328 0708 ClipSrv (d3dc45553c8025338e08a60e95b1b91d) C:\WINDOWS\system32\clipsrv.exe
22:06:17.0562 0708 ClipSrv - ok
22:06:17.0765 0708 CLPSLS (be465a17fda2e79ed49053cbec7e9335) C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe
22:06:17.0843 0708 CLPSLS - ok
22:06:17.0921 0708 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:06:18.0000 0708 clr_optimization_v2.0.50727_32 - ok
22:06:18.0234 0708 cmdAgent (907324001ae25ac5959c91eaa34cabae) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
22:06:18.0500 0708 cmdAgent - ok
22:06:18.0703 0708 cmdGuard (bee235831f8e3f0baaca18b39d285cf5) C:\WINDOWS\system32\DRIVERS\cmdguard.sys
22:06:18.0750 0708 cmdGuard - ok
22:06:18.0781 0708 cmdHlp (de548946f36cab62fec2e6aa0149a619) C:\WINDOWS\system32\DRIVERS\cmdhlp.sys
22:06:18.0796 0708 cmdHlp - ok
22:06:18.0796 0708 CmdIde - ok
22:06:18.0812 0708 COMSysApp - ok
22:06:18.0828 0708 Cpqarray - ok
22:06:18.0890 0708 CryptSvc (70d2a1756f4b2067658a186c963fcabd) C:\WINDOWS\System32\cryptsvc.dll
22:06:19.0093 0708 CryptSvc - ok
22:06:19.0093 0708 dac2w2k - ok
22:06:19.0109 0708 dac960nt - ok
22:06:19.0125 0708 dbustrcm - ok
22:06:19.0187 0708 DcomLaunch (dbde980506b54ae928d151d12419b425) C:\WINDOWS\system32\rpcss.dll
22:06:19.0750 0708 DcomLaunch - ok
22:06:19.0796 0708 Dhcp (06a30f453ca4cb1431037e4813f697cb) C:\WINDOWS\System32\dhcpcsvc.dll
22:06:20.0343 0708 Dhcp - ok
22:06:20.0390 0708 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
22:06:20.0562 0708 Disk - ok
22:06:20.0562 0708 dmadmin - ok
22:06:20.0625 0708 dmboot (e1968edec81c430108feb23ab07bdb14) C:\WINDOWS\system32\drivers\dmboot.sys
22:06:20.0890 0708 dmboot - ok
22:06:20.0937 0708 dmio (1b1520a82e396e46b9ae9fa6b03ff6c6) C:\WINDOWS\system32\drivers\dmio.sys
22:06:21.0109 0708 dmio - ok
22:06:21.0140 0708 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
22:06:21.0312 0708 dmload - ok
22:06:21.0328 0708 dmserver (7b3ca72885923eb947221f17f3e3ac59) C:\WINDOWS\System32\dmserver.dll
22:06:21.0531 0708 dmserver - ok
22:06:21.0578 0708 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
22:06:21.0765 0708 DMusic - ok
22:06:21.0812 0708 Dnscache (0eef8922d46d4846b472b1f6fd0541bc) C:\WINDOWS\System32\dnsrslvr.dll
22:06:22.0328 0708 Dnscache - ok
22:06:22.0343 0708 dpti2o - ok
22:06:22.0375 0708 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
22:06:22.0562 0708 drmkaud - ok
22:06:22.0609 0708 ElbyCDIO (d71233d7ccc2e64f8715a20428d5a33b) C:\WINDOWS\system32\Drivers\ElbyCDIO.sys
22:06:22.0625 0708 ElbyCDIO - ok
22:06:22.0640 0708 ERSvc (d6f7428b201e33bc80066b47144cb568) C:\WINDOWS\System32\ersvc.dll
22:06:22.0843 0708 ERSvc - ok
22:06:22.0875 0708 Eventlog (4f9f7b567970b524f31d9970a23f7c24) C:\WINDOWS\system32\services.exe
22:06:23.0015 0708 Eventlog - ok
22:06:23.0062 0708 EventSystem (398314df0b21338c4996b469101750d1) C:\WINDOWS\system32\es.dll
22:06:23.0156 0708 EventSystem - ok
22:06:23.0203 0708 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
22:06:23.0406 0708 Fastfat - ok
22:06:23.0468 0708 FastUserSwitchingCompatibility (e26edc7afa8da3c528055eabc82c8c79) C:\WINDOWS\System32\shsvcs.dll
22:06:24.0046 0708 FastUserSwitchingCompatibility - ok
22:06:24.0078 0708 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\DRIVERS\fdc.sys
22:06:24.0265 0708 Fdc - ok
22:06:24.0312 0708 Fips (266dab58619b17bdf37fabbd48d875ca) C:\WINDOWS\system32\drivers\Fips.sys
22:06:24.0515 0708 Fips - ok
22:06:24.0593 0708 FLEXnet Licensing Service (227846995afeefa70d328bf5334a86a5) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
22:06:24.0656 0708 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - warning
22:06:24.0656 0708 FLEXnet Licensing Service - detected UnsignedFile.Multi.Generic (1)
22:06:24.0703 0708 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
22:06:24.0875 0708 Flpydisk - ok
22:06:24.0921 0708 FltMgr (3d234fb6d6ee875eb009864a299bea29) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
22:06:25.0484 0708 FltMgr - ok
22:06:25.0593 0708 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
22:06:25.0609 0708 FontCache3.0.0.0 - ok
22:06:25.0640 0708 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
22:06:25.0828 0708 Fs_Rec - ok
22:06:25.0875 0708 Ftdisk (4e664d8541db4a66b73a24257e322e1f) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
22:06:26.0078 0708 Ftdisk - ok
22:06:26.0140 0708 getPlusHelper (0879dc7444a201df84e69c5dd5083d61) C:\Program Files\NOS\bin\getPlus_Helper.dll
22:06:26.0156 0708 getPlusHelper - ok
22:06:26.0187 0708 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
22:06:26.0375 0708 Gpc - ok
22:06:26.0468 0708 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
22:06:26.0484 0708 gupdate - ok
22:06:26.0500 0708 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
22:06:26.0515 0708 gupdatem - ok
22:06:26.0562 0708 hamachi (7929a161f9951d173ca9900fe7067391) C:\WINDOWS\system32\DRIVERS\hamachi.sys
22:06:26.0578 0708 hamachi - ok
22:06:26.0640 0708 helpsvc (f59152272782fed8a8197fa788287f68) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
22:06:26.0828 0708 helpsvc - ok
22:06:26.0828 0708 HidServ - ok
22:06:26.0859 0708 hidusb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
22:06:27.0062 0708 hidusb - ok
22:06:27.0078 0708 hpn - ok
22:06:27.0093 0708 HTTP (cb77bb47e67e84deb17ba29632501730) C:\WINDOWS\system32\Drivers\HTTP.sys
22:06:27.0656 0708 HTTP - ok
22:06:27.0703 0708 HTTPFilter (da826826c5c9116f47e0cd0ca8cc7c11) C:\WINDOWS\System32\w3ssl.dll
22:06:27.0906 0708 HTTPFilter - ok
22:06:27.0953 0708 Huawei (4183be439981bbc77ef2c1d66629f124) C:\WINDOWS\system32\DRIVERS\ewdcsc.sys
22:06:28.0000 0708 Huawei - ok
22:06:28.0031 0708 hwdatacard (20330198554b7ddb44403af21d6ae179) C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys
22:06:28.0093 0708 hwdatacard - ok
22:06:28.0156 0708 HWiNFO32 (c364282a3c27c1c26baade522eb29bc5) C:\Program Files\HWiNFO32\HWiNFO32.SYS
22:06:28.0171 0708 HWiNFO32 ( UnsignedFile.Multi.Generic ) - warning
22:06:28.0171 0708 HWiNFO32 - detected UnsignedFile.Multi.Generic (1)
22:06:28.0203 0708 hwusbdev (922065957563d851b5a68b95aadac6ad) C:\WINDOWS\system32\DRIVERS\ewusbdev.sys
22:06:28.0281 0708 hwusbdev - ok
22:06:28.0296 0708 i2omgmt - ok
22:06:28.0312 0708 i2omp - ok
22:06:28.0343 0708 i8042prt (0f42de9909b5dbf2c48dd1a79d491af5) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
22:06:28.0531 0708 i8042prt - ok
22:06:28.0687 0708 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
22:06:28.0750 0708 idsvc - ok
22:06:28.0796 0708 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
22:06:28.0984 0708 Imapi - ok
22:06:29.0015 0708 ImapiService (cf9d286b34cb4912f3b28b4972d5cb33) C:\WINDOWS\system32\imapi.exe
22:06:29.0203 0708 ImapiService - ok
22:06:29.0218 0708 ini910u - ok
22:06:29.0265 0708 Inspect (f89849cf13805ef49da64a8a63193af7) C:\WINDOWS\system32\DRIVERS\inspect.sys
22:06:29.0296 0708 Inspect - ok
22:06:29.0328 0708 IntelIde (ef4fda4841001a4b98c411797db8894a) C:\WINDOWS\system32\DRIVERS\intelide.sys
22:06:29.0515 0708 IntelIde - ok
22:06:29.0546 0708 intelppm (10a3ac0f0df720ad3c3fd13861d50eb9) C:\WINDOWS\system32\DRIVERS\intelppm.sys
22:06:29.0734 0708 intelppm - ok
22:06:29.0750 0708 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
22:06:29.0937 0708 Ip6Fw - ok
22:06:29.0984 0708 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
22:06:30.0156 0708 IpFilterDriver - ok
22:06:30.0187 0708 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
22:06:30.0375 0708 IpInIp - ok
22:06:30.0421 0708 IpNat (e2168cbc7098ffe963c6f23f472a3593) C:\WINDOWS\system32\DRIVERS\ipnat.sys
22:06:31.0000 0708 IpNat - ok
22:06:31.0062 0708 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
22:06:31.0234 0708 IPSec - ok
22:06:31.0265 0708 irda (86c204836feec22510d434982d4221b8) C:\WINDOWS\system32\DRIVERS\irda.sys
22:06:31.0390 0708 irda - ok
22:06:31.0437 0708 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
22:06:31.0578 0708 IRENUM - ok
22:06:31.0609 0708 Irmon (e16ac23f81cfe1223ab470f9982de89d) C:\WINDOWS\System32\irmon.dll
22:06:31.0718 0708 Irmon - ok
22:06:31.0750 0708 irsir (0501f0b9ab08425f8c0eacbdcc04aa32) C:\WINDOWS\system32\DRIVERS\irsir.sys
22:06:31.0875 0708 irsir - ok
22:06:31.0921 0708 isapnp (1091528512e4dd7ed5fddcc4df1c53d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
22:06:32.0109 0708 isapnp - ok
22:06:32.0265 0708 JavaQuickStarterService (74e30a41cdcf331c74bc4d97be40cc5b) C:\Program Files\Java\jre6\bin\jqs.exe
22:06:32.0281 0708 JavaQuickStarterService - ok
22:06:32.0312 0708 Kbdclass (6f877bf8dc01a550cd666f3bedb2213c) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
22:06:32.0500 0708 Kbdclass - ok
22:06:32.0562 0708 kmixer (ba5deda4d934e6288c2f66caf58d2562) C:\WINDOWS\system32\drivers\kmixer.sys
22:06:33.0125 0708 kmixer - ok
22:06:33.0156 0708 KSecDD (674d3e5a593475915dc6643317192403) C:\WINDOWS\system32\drivers\KSecDD.sys
22:06:33.0218 0708 KSecDD - ok
22:06:33.0265 0708 lanmanserver (9757f6e16fd1eab54d6eb9d5eb3cbcb5) C:\WINDOWS\System32\srvsvc.dll
22:06:33.0843 0708 lanmanserver - ok
22:06:33.0875 0708 lanmanworkstation (6bf7baf420dd4422d2c35dfb3e51a29c) C:\WINDOWS\System32\wkssvc.dll
22:06:33.0968 0708 lanmanworkstation - ok
22:06:33.0984 0708 lbrtfdc - ok
22:06:34.0109 0708 LightScribeService (53710476495886d9961be46983a6a33f) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
22:06:34.0125 0708 LightScribeService - ok
22:06:34.0187 0708 lirsgt (975b6cf65f44e95883f3855bae8cecaf) C:\WINDOWS\system32\DRIVERS\lirsgt.sys
22:06:34.0203 0708 lirsgt ( UnsignedFile.Multi.Generic ) - warning
22:06:34.0203 0708 lirsgt - detected UnsignedFile.Multi.Generic (1)
22:06:34.0250 0708 LmHosts (f9ee6d2aab0690b34ae35ba9921a1414) C:\WINDOWS\System32\lmhsvc.dll
22:06:34.0437 0708 LmHosts - ok
22:06:34.0468 0708 Messenger (8b2fcbd881879b55be40b41f12ffc431) C:\WINDOWS\System32\msgsvc.dll
22:06:34.0656 0708 Messenger - ok
22:06:34.0687 0708 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
22:06:34.0875 0708 mnmdd - ok
22:06:34.0921 0708 mnmsrvc (7d137132d6a9b41ef800e59a771ed48c) C:\WINDOWS\system32\mnmsrvc.exe
22:06:35.0093 0708 mnmsrvc - ok
22:06:35.0156 0708 Modem (60210deb037846afe521ebf349964f6b) C:\WINDOWS\system32\drivers\Modem.sys
22:06:35.0328 0708 Modem - ok
22:06:35.0390 0708 Mouclass (b160ec94114715675509115986400fd9) C:\WINDOWS\system32\DRIVERS\mouclass.sys
22:06:35.0562 0708 Mouclass - ok
22:06:35.0609 0708 mouhid (bb269eba740737ab749b214d568b6812) C:\WINDOWS\system32\DRIVERS\mouhid.sys
22:06:35.0781 0708 mouhid - ok
22:06:35.0843 0708 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
22:06:36.0031 0708 MountMgr - ok
22:06:36.0062 0708 MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
22:06:36.0093 0708 MozillaMaintenance - ok
22:06:36.0109 0708 mraid35x - ok
22:06:36.0140 0708 MRxDAV (46edcc8f2db2f322c24f48785cb46366) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
22:06:36.0312 0708 MRxDAV - ok
22:06:36.0375 0708 MRxSmb (6f2d483b97b395544e59749c47963c6a) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
22:06:36.0453 0708 MRxSmb - ok
22:06:36.0515 0708 MSDTC (944a24032aed84c59455b981f6ca1c1a) C:\WINDOWS\system32\msdtc.exe
22:06:36.0687 0708 MSDTC - ok
22:06:36.0718 0708 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
22:06:36.0906 0708 Msfs - ok
22:06:36.0906 0708 MSIServer - ok
22:06:36.0953 0708 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
22:06:37.0140 0708 MSKSSRV - ok
22:06:37.0156 0708 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
22:06:37.0343 0708 MSPCLOCK - ok
22:06:37.0359 0708 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
22:06:37.0546 0708 MSPQM - ok
22:06:37.0593 0708 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
22:06:37.0765 0708 mssmbios - ok
22:06:37.0796 0708 MSTEE (bf13612142995096ab084f2db7f40f77) C:\WINDOWS\system32\drivers\MSTEE.sys
22:06:38.0000 0708 MSTEE - ok
22:06:38.0031 0708 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
22:06:38.0218 0708 Mup - ok
22:06:38.0265 0708 NABTSFEC (5c8dc6429c43dc6177c1fa5b76290d1a) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
22:06:38.0453 0708 NABTSFEC - ok
22:06:38.0515 0708 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
22:06:38.0703 0708 NDIS - ok
22:06:38.0734 0708 NdisIP (520ce427a8b298f54112857bcf6bde15) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
22:06:38.0921 0708 NdisIP - ok
22:06:38.0968 0708 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
22:06:39.0140 0708 NdisTapi - ok
22:06:39.0156 0708 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
22:06:39.0359 0708 Ndisuio - ok
22:06:39.0390 0708 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
22:06:39.0578 0708 NdisWan - ok
22:06:39.0593 0708 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
22:06:39.0781 0708 NDProxy - ok
22:06:39.0796 0708 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
22:06:39.0968 0708 NetBIOS - ok
22:06:40.0015 0708 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
22:06:40.0203 0708 NetBT - ok
22:06:40.0250 0708 NetDDE (818053225bf4aac5f0f718001e492f70) C:\WINDOWS\system32\netdde.exe
22:06:40.0421 0708 NetDDE - ok
22:06:40.0437 0708 NetDDEdsdm (818053225bf4aac5f0f718001e492f70) C:\WINDOWS\system32\netdde.exe
22:06:40.0625 0708 NetDDEdsdm - ok
22:06:40.0656 0708 Netlogon (82a362fe1d4980b71b588d9c10748511) C:\WINDOWS\system32\lsass.exe
22:06:40.0843 0708 Netlogon - ok
22:06:40.0921 0708 Netman (86ad5b0e02f2c968fbb096ab4c555c9c) C:\WINDOWS\System32\netman.dll
22:06:41.0531 0708 Netman - ok
22:06:41.0625 0708 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
22:06:41.0656 0708 NetTcpPortSharing - ok
22:06:41.0703 0708 Nla (64c078bd4efd441c3f159edc5ea4420a) C:\WINDOWS\System32\mswsock.dll
22:06:41.0921 0708 Nla - ok
22:06:41.0921 0708 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
22:06:42.0125 0708 Npfs - ok
22:06:42.0187 0708 Ntfs (19a811ef5f1ed5c926a028ce107ff1af) C:\WINDOWS\system32\drivers\Ntfs.sys
22:06:42.0812 0708 Ntfs - ok
22:06:42.0828 0708 NtLmSsp (82a362fe1d4980b71b588d9c10748511) C:\WINDOWS\system32\lsass.exe
22:06:43.0015 0708 NtLmSsp - ok
22:06:43.0062 0708 NtmsSvc (d8d2b13ba93ae830b1a637df571d1195) C:\WINDOWS\system32\ntmssvc.dll
22:06:43.0281 0708 NtmsSvc - ok
22:06:43.0328 0708 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
22:06:43.0531 0708 Null - ok
22:06:43.0781 0708 nv (ba1b732c1a70cfea0c1b64f2850bf44f) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
22:06:44.0312 0708 nv - ok
22:06:44.0468 0708 NVSvc (0febe37db6650faa5965c00545009d1d) C:\WINDOWS\system32\nvsvc32.exe
22:06:44.0546 0708 NVSvc - ok
22:06:44.0625 0708 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
22:06:44.0796 0708 NwlnkFlt - ok
22:06:44.0828 0708 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
22:06:45.0015 0708 NwlnkFwd - ok
22:06:45.0078 0708 Parport (76a18caa2fefb28a4ced38d76837e86e) C:\WINDOWS\system32\DRIVERS\parport.sys
22:06:45.0250 0708 Parport - ok
22:06:45.0281 0708 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
22:06:45.0468 0708 PartMgr - ok
22:06:45.0500 0708 ParVdm (1fae19d0457176318bba4a8795656ebc) C:\WINDOWS\system32\drivers\ParVdm.sys
22:06:45.0671 0708 ParVdm - ok
22:06:45.0734 0708 PCI (b7979f37bb7b9df2230046134955e6e7) C:\WINDOWS\system32\DRIVERS\pci.sys
22:06:45.0921 0708 PCI - ok
22:06:45.0937 0708 PCIDump - ok
22:06:45.0984 0708 PCIIde (2da4ec85e0ea7a45c6b2a05820492d5a) C:\WINDOWS\system32\DRIVERS\pciide.sys
22:06:46.0171 0708 PCIIde - ok
22:06:46.0203 0708 Pcmcia (90505755634407d4ef4c6dea60fc1df9) C:\WINDOWS\system32\drivers\Pcmcia.sys
22:06:46.0406 0708 Pcmcia - ok
22:06:46.0421 0708 PDCOMP - ok
22:06:46.0421 0708 PDFRAME - ok
22:06:46.0437 0708 PDRELI - ok
22:06:46.0453 0708 PDRFRAME - ok
22:06:46.0468 0708 perc2 - ok
22:06:46.0484 0708 perc2hib - ok
22:06:46.0546 0708 PlugPlay (4f9f7b567970b524f31d9970a23f7c24) C:\WINDOWS\system32\services.exe
22:06:46.0656 0708 PlugPlay - ok
22:06:46.0703 0708 PolicyAgent (82a362fe1d4980b71b588d9c10748511) C:\WINDOWS\system32\lsass.exe
22:06:46.0890 0708 PolicyAgent - ok
22:06:46.0937 0708 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
22:06:47.0125 0708 PptpMiniport - ok
22:06:47.0140 0708 ProtectedStorage (82a362fe1d4980b71b588d9c10748511) C:\WINDOWS\system32\lsass.exe
22:06:47.0312 0708 ProtectedStorage - ok
22:06:47.0343 0708 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
22:06:47.0562 0708 PSched - ok
22:06:47.0562 0708 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
22:06:47.0734 0708 Ptilink - ok
22:06:47.0781 0708 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
22:06:47.0796 0708 PxHelp20 - ok
22:06:47.0796 0708 ql1080 - ok
22:06:47.0812 0708 Ql10wnt - ok
22:06:47.0828 0708 ql12160 - ok
22:06:47.0828 0708 ql1240 - ok
22:06:47.0843 0708 ql1280 - ok
22:06:47.0875 0708 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
22:06:48.0062 0708 RasAcd - ok
22:06:48.0140 0708 RasAuto (e68b6f9a726a444059705ab43b5656d1) C:\WINDOWS\System32\rasauto.dll
22:06:48.0328 0708 RasAuto - ok
22:06:48.0375 0708 Rasirda (0207d26ddf796a193ccd9f83047bb5fc) C:\WINDOWS\system32\DRIVERS\rasirda.sys
22:06:48.0500 0708 Rasirda - ok
22:06:48.0515 0708 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
22:06:48.0687 0708 Rasl2tp - ok
22:06:48.0750 0708 RasMan (43a5c7969718ee00940a6d096960dbc8) C:\WINDOWS\System32\rasmans.dll
22:06:49.0484 0708 RasMan - ok
22:06:49.0484 0708 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
22:06:49.0687 0708 RasPppoe - ok
22:06:49.0718 0708 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
22:06:49.0890 0708 Raspti - ok
22:06:49.0937 0708 Rdbss (03b965b1ca47f6ef60eb5e51cb50e0af) C:\WINDOWS\system32\DRIVERS\rdbss.sys
22:06:50.0515 0708 Rdbss - ok
22:06:50.0531 0708 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
22:06:50.0718 0708 RDPCDD - ok
22:06:50.0750 0708 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
22:06:50.0984 0708 rdpdr - ok
22:06:51.0046 0708 RDPWD (b54cd38a9ebfbf2b3561426e3fe26f62) C:\WINDOWS\system32\drivers\RDPWD.sys
22:06:51.0593 0708 RDPWD - ok
22:06:51.0625 0708 RDSessMgr (125acf258da9633f748131a0e0185af3) C:\WINDOWS\system32\sessmgr.exe
22:06:51.0812 0708 RDSessMgr - ok
22:06:51.0843 0708 redbook (aba13d33e1f888c9a68599a48a8840d6) C:\WINDOWS\system32\DRIVERS\redbook.sys
22:06:52.0031 0708 redbook - ok
22:06:52.0062 0708 RemoteAccess (eb5e1a601e5a1908a87e4d5a41803d98) C:\WINDOWS\System32\mprdim.dll
22:06:52.0265 0708 RemoteAccess - ok
22:06:52.0312 0708 RemoteRegistry (5b21208fcf8970bb61fe98e19d828714) C:\WINDOWS\system32\regsvc.dll
22:06:52.0515 0708 RemoteRegistry - ok
22:06:52.0562 0708 RpcLocator (c8a3b668985d61249f2dc71716c58de8) C:\WINDOWS\system32\locator.exe
22:06:52.0750 0708 RpcLocator - ok
22:06:52.0812 0708 RpcSs (dbde980506b54ae928d151d12419b425) C:\WINDOWS\System32\rpcss.dll
22:06:53.0390 0708 RpcSs - ok
22:06:53.0453 0708 RSVP (09ab2e71e58b078038e3bfdba7ffc984) C:\WINDOWS\system32\rsvp.exe
22:06:53.0656 0708 RSVP - ok
22:06:53.0703 0708 SamSs (82a362fe1d4980b71b588d9c10748511) C:\WINDOWS\system32\lsass.exe
22:06:53.0890 0708 SamSs - ok
22:06:53.0953 0708 SCardSvr (c177354e995cc1aa1f767bcd9980434a) C:\WINDOWS\System32\SCardSvr.exe
22:06:54.0171 0708 SCardSvr - ok
22:06:54.0218 0708 Schedule (29ac93307c6182dbe336bca314947f28) C:\WINDOWS\system32\schedsvc.dll
22:06:54.0421 0708 Schedule - ok
22:06:54.0453 0708 Secdrv (ba0d892d2f786bcebdf03b0a252b47f3) C:\WINDOWS\system32\DRIVERS\secdrv.sys
22:06:54.0484 0708 Secdrv ( UnsignedFile.Multi.Generic ) - warning
22:06:54.0484 0708 Secdrv - detected UnsignedFile.Multi.Generic (1)
22:06:54.0500 0708 seclogon (c76cb8a133374fac6805f83ff7b7da03) C:\WINDOWS\System32\seclogon.dll
22:06:54.0687 0708 seclogon - ok
22:06:54.0718 0708 SENS (220ad85ba9c5b3011296354011b901cc) C:\WINDOWS\system32\sens.dll
22:06:54.0921 0708 SENS - ok
22:06:54.0953 0708 serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys
22:06:55.0140 0708 serenum - ok
22:06:55.0171 0708 Serial (c1ddbc85251551a840212999da3d95f3) C:\WINDOWS\system32\DRIVERS\serial.sys
22:06:55.0343 0708 Serial - ok
22:06:55.0390 0708 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
22:06:55.0578 0708 Sfloppy - ok
22:06:55.0640 0708 SharedAccess (6a93501bcdebf159109429b022c0ff83) C:\WINDOWS\System32\ipnathlp.dll
22:06:55.0890 0708 SharedAccess - ok
22:06:55.0937 0708 ShellHWDetection (e26edc7afa8da3c528055eabc82c8c79) C:\WINDOWS\System32\shsvcs.dll
22:06:56.0531 0708 ShellHWDetection - ok
22:06:56.0546 0708 Simbad - ok
22:06:57.0171 0708 Skype C2C Service (0f97e7a47a52f4a36969f0fc319654c2) C:\Documents and Settings\All Users\Data aplikací\Skype\Toolbars\Skype C2C Service\c2c_service.exe
22:06:57.0765 0708 Skype C2C Service - ok
22:06:57.0984 0708 SkypeUpdate (6128e98eaaed364ed1a32708d2fd22cb) C:\Program Files\Skype\Updater\Updater.exe
22:06:58.0015 0708 SkypeUpdate - ok
22:06:58.0156 0708 SLIP (5caeed86821fa2c6139e32e9e05ccdc9) C:\WINDOWS\system32\DRIVERS\SLIP.sys
22:06:58.0343 0708 SLIP - ok
22:06:58.0437 0708 smwdm (fa3368a7039f5abaa4b933703ac34763) C:\WINDOWS\system32\drivers\smwdm.sys
22:06:58.0515 0708 smwdm - ok
22:07:00.0000 0708 SNPSTD3 (b789439b046d19969eb1da3757cc48c7) C:\WINDOWS\system32\DRIVERS\snpstd3.sys
22:07:02.0953 0708 SNPSTD3 ( UnsignedFile.Multi.Generic ) - warning
22:07:02.0953 0708 SNPSTD3 - detected UnsignedFile.Multi.Generic (1)
22:07:03.0125 0708 SoundMAX Agent Service (default) (3978f082274f723ad5a0a8058c2417dd) C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
22:07:03.0140 0708 SoundMAX Agent Service (default) ( UnsignedFile.Multi.Generic ) - warning
22:07:03.0140 0708 SoundMAX Agent Service (default) - detected UnsignedFile.Multi.Generic (1)
22:07:03.0250 0708 Sparrow - ok
22:07:03.0296 0708 splitter (0ce218578fff5f4f7e4201539c45c78f) C:\WINDOWS\system32\drivers\splitter.sys
22:07:03.0906 0708 splitter - ok
22:07:03.0968 0708 Spooler (da81ec57acd4cdc3d4c51cf3d409af9f) C:\WINDOWS\system32\spoolsv.exe
22:07:04.0562 0708 Spooler - ok
22:07:04.0625 0708 sptd (a199171385be17973fd800fa91f8f78a) C:\WINDOWS\system32\Drivers\sptd.sys
22:07:04.0625 0708 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: a199171385be17973fd800fa91f8f78a
22:07:04.0625 0708 sptd ( LockedFile.Multi.Generic ) - warning
22:07:04.0625 0708 sptd - detected LockedFile.Multi.Generic (1)
22:07:04.0671 0708 sr (a74035ea526db97d9d50d2143a55f5cf) C:\WINDOWS\system32\DRIVERS\sr.sys
22:07:04.0796 0708 sr - ok
22:07:04.0828 0708 srservice (3cd57f31a64d32fdb28918b16d1e6aac) C:\WINDOWS\system32\srsvc.dll
22:07:04.0953 0708 srservice - ok
22:07:05.0000 0708 Srv (ab9c79ed12d65e800aaad3d72a04792f) C:\WINDOWS\system32\DRIVERS\srv.sys
22:07:05.0109 0708 Srv - ok
22:07:05.0171 0708 SSDPSRV (88c28f53f53438dafcd95e99c837c61e) C:\WINDOWS\System32\ssdpsrv.dll
22:07:05.0296 0708 SSDPSRV - ok
22:07:05.0359 0708 stisvc (b824215a934a24928cddd1ef7e113035) C:\WINDOWS\system32\wiaservc.dll
22:07:06.0000 0708 stisvc - ok
22:07:06.0031 0708 streamip (284c57df5dc7abca656bc2b96a667afb) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
22:07:06.0234 0708 streamip - ok
22:07:06.0281 0708 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
22:07:06.0468 0708 swenum - ok
22:07:06.0500 0708 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
22:07:06.0687 0708 swmidi - ok
22:07:06.0703 0708 SwPrv - ok
22:07:06.0703 0708 symc810 - ok
22:07:06.0718 0708 symc8xx - ok
22:07:06.0734 0708 sym_hi - ok
22:07:06.0750 0708 sym_u3 - ok
22:07:06.0781 0708 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
22:07:06.0968 0708 sysaudio - ok
22:07:07.0000 0708 SysmonLog (d9c9ecff4904e6151525c533aeedf8f4) C:\WINDOWS\system32\smlogsvc.exe
22:07:07.0187 0708 SysmonLog - ok
22:07:07.0250 0708 TapiSrv (250241d65ccf692aeacc318a266413c2) C:\WINDOWS\System32\tapisrv.dll
22:07:07.0843 0708 TapiSrv - ok
22:07:07.0906 0708 Tcpip (2a5554fc5b1e04e131230e3ce035c3f9) C:\WINDOWS\system32\DRIVERS\tcpip.sys
22:07:08.0015 0708 Tcpip - ok
22:07:08.0078 0708 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
22:07:08.0265 0708 TDPIPE - ok
22:07:08.0281 0708 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
22:07:08.0484 0708 TDTCP - ok
22:07:08.0515 0708 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
22:07:08.0687 0708 TermDD - ok
22:07:08.0750 0708 TermService (2f5919f2f6ee7a845893d9c3aa2bc56a) C:\WINDOWS\System32\termsrv.dll
22:07:08.0984 0708 TermService - ok
22:07:09.0031 0708 Themes (e26edc7afa8da3c528055eabc82c8c79) C:\WINDOWS\System32\shsvcs.dll
22:07:09.0609 0708 Themes - ok
22:07:09.0640 0708 tidnet (8044c4e4448d115f67a9fc1b67ce677f) C:\WINDOWS\system32\DRIVERS\tidnet.sys
22:07:09.0671 0708 tidnet ( UnsignedFile.Multi.Generic ) - warning
22:07:09.0671 0708 tidnet - detected UnsignedFile.Multi.Generic (1)
22:07:09.0718 0708 TlntSvr (535c2fb97336bafa509f4783dd1e5746) C:\WINDOWS\system32\tlntsvr.exe
22:07:09.0875 0708 TlntSvr - ok
22:07:09.0875 0708 TosIde - ok
22:07:09.0921 0708 TrkWks (4dce17221b1a87fb47e36842f3e38753) C:\WINDOWS\system32\trkwks.dll
22:07:10.0125 0708 TrkWks - ok
22:07:10.0156 0708 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
22:07:10.0359 0708 Udfs - ok
22:07:10.0390 0708 ultra - ok
22:07:10.0437 0708 UMWdf (ab0a7ca90d9e3d6a193905dc1715ded0) C:\WINDOWS\system32\wdfmgr.exe
22:07:10.0546 0708 UMWdf - ok
22:07:10.0609 0708 Update (7b2170ee3d858ce8fbe503904cc9b663) C:\WINDOWS\system32\DRIVERS\update.sys
22:07:11.0234 0708 Update - ok
22:07:11.0265 0708 upnphost (0c0c2c77c6b52181369594f2aa36af40) C:\WINDOWS\System32\upnphost.dll
22:07:11.0859 0708 upnphost - ok
22:07:11.0906 0708 UPS (6148a3ba4d9cc628357fc92014fea30e) C:\WINDOWS\System32\ups.exe
22:07:12.0109 0708 UPS - ok
22:07:12.0140 0708 usbaudio (45a0d14b26c35497ad93bce7e15c9941) C:\WINDOWS\system32\drivers\usbaudio.sys
22:07:12.0328 0708 usbaudio - ok
22:07:12.0375 0708 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
22:07:12.0562 0708 usbccgp - ok
22:07:12.0609 0708 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys
22:07:12.0812 0708 usbehci - ok
22:07:12.0859 0708 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
22:07:13.0062 0708 usbhub - ok
22:07:13.0093 0708 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys
22:07:13.0281 0708 usbscan - ok
22:07:13.0328 0708 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
22:07:13.0500 0708 USBSTOR - ok
22:07:13.0546 0708 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
22:07:13.0750 0708 usbuhci - ok
22:07:13.0796 0708 VClone (fce98c43b5c5db8e0da8ea0e2b45e044) C:\WINDOWS\system32\DRIVERS\VClone.sys
22:07:13.0812 0708 VClone ( UnsignedFile.Multi.Generic ) - warning
22:07:13.0812 0708 VClone - detected UnsignedFile.Multi.Generic (1)
22:07:13.0875 0708 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
22:07:14.0078 0708 VgaSave - ok
22:07:14.0093 0708 ViaIde - ok
22:07:14.0109 0708 VolSnap (cd8cce067f7e9cbd762c00bdddecaa34) C:\WINDOWS\system32\drivers\VolSnap.sys
22:07:14.0296 0708 VolSnap - ok
22:07:14.0343 0708 VSS (043539881667bb37b07524032d6ffc3e) C:\WINDOWS\System32\vssvc.exe
22:07:14.0484 0708 VSS - ok
22:07:14.0531 0708 W32Time (2ceebb402187ae56b585701f3d191fb3) C:\WINDOWS\system32\w32time.dll
22:07:14.0765 0708 W32Time - ok
22:07:14.0812 0708 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
22:07:14.0984 0708 Wanarp - ok
22:07:15.0015 0708 wceusbsh (ed299f1a4c268aabb6026152d3fbdfce) C:\WINDOWS\system32\DRIVERS\wceusbsh.sys
22:07:15.0187 0708 wceusbsh - ok
22:07:15.0203 0708 WDICA - ok
22:07:15.0234 0708 wdmaud (efd235ca22b57c81118c1aeb4798f1c1) C:\WINDOWS\system32\drivers\wdmaud.sys
22:07:15.0812 0708 wdmaud - ok
22:07:15.0843 0708 WebClient (4bd50644cf52f00091f894ab7541e538) C:\WINDOWS\System32\webclnt.dll
22:07:16.0484 0708 WebClient - ok
22:07:16.0578 0708 winmgmt (e12084ea622bdf2262c637bef15dd85c) C:\WINDOWS\system32\wbem\WMIsvc.dll
22:07:16.0765 0708 winmgmt - ok
22:07:16.0828 0708 WmdmPmSN (140ef97b64f560fd78643cae2cdad838) C:\WINDOWS\system32\MsPMSNSv.dll
22:07:16.0906 0708 WmdmPmSN - ok
22:07:17.0140 0708 Wmi (e428eed87e8055fb995cf0e4d1532d4c) C:\WINDOWS\System32\advapi32.dll
22:07:17.0296 0708 Wmi - ok
22:07:17.0359 0708 WmiApSrv (bcd21b989f0fd4ace78287fc01b4693d) C:\WINDOWS\system32\wbem\wmiapsrv.exe
22:07:17.0562 0708 WmiApSrv - ok
22:07:17.0578 0708 WpdUsb (1385e5aa9c9821790d33a9563b8d2dd0) C:\WINDOWS\system32\Drivers\wpdusb.sys
22:07:17.0609 0708 WpdUsb - ok
22:07:17.0656 0708 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
22:07:17.0843 0708 WS2IFSL - ok
22:07:17.0890 0708 WsAudio_DeviceS(1) (4160cbe59d9b5be22e4c3897e8db9d56) C:\WINDOWS\system32\drivers\WsAudio_DeviceS(1).sys
22:07:17.0921 0708 WsAudio_DeviceS(1) - ok
22:07:17.0968 0708 WsAudio_DeviceS(2) (4160cbe59d9b5be22e4c3897e8db9d56) C:\WINDOWS\system32\drivers\WsAudio_DeviceS(2).sys
22:07:17.0984 0708 WsAudio_DeviceS(2) - ok
22:07:18.0046 0708 WsAudio_DeviceS(3) (4160cbe59d9b5be22e4c3897e8db9d56) C:\WINDOWS\system32\drivers\WsAudio_DeviceS(3).sys
22:07:18.0062 0708 WsAudio_DeviceS(3) - ok
22:07:18.0109 0708 WsAudio_DeviceS(4) (4160cbe59d9b5be22e4c3897e8db9d56) C:\WINDOWS\system32\drivers\WsAudio_DeviceS(4).sys
22:07:18.0125 0708 WsAudio_DeviceS(4) - ok
22:07:18.0140 0708 WsAudio_DeviceS(5) (4160cbe59d9b5be22e4c3897e8db9d56) C:\WINDOWS\system32\drivers\WsAudio_DeviceS(5).sys
22:07:18.0171 0708 WsAudio_DeviceS(5) - ok
22:07:18.0218 0708 wscsvc (4aded1adef25041d9827f9a79c0fda13) C:\WINDOWS\system32\wscsvc.dll
22:07:18.0421 0708 wscsvc - ok
22:07:18.0421 0708 WSearch - ok
22:07:18.0484 0708 WSTCODEC (d5842484f05e12121c511aa93f6439ec) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
22:07:18.0671 0708 WSTCODEC - ok
22:07:18.0718 0708 wuauserv (21f5169ca14e0b25c757644456f637df) C:\WINDOWS\system32\wuauserv.dll
22:07:18.0953 0708 wuauserv - ok
22:07:19.0031 0708 WZCSVC (325cedef696ef4b649ddcd3968d085c9) C:\WINDOWS\System32\wzcsvc.dll
22:07:19.0265 0708 WZCSVC - ok
22:07:19.0296 0708 xmlprov (9b835d4c64860b155a1701d5092ec9e4) C:\WINDOWS\System32\xmlprov.dll
22:07:19.0515 0708 xmlprov - ok
22:07:19.0546 0708 MBR (0x1B8) (413fc2a0c716421b3158746d63736515) \Device\Harddisk0\DR0
22:07:20.0093 0708 \Device\Harddisk0\DR0 - ok
22:07:20.0109 0708 MBR (0x1B8) (2973dff18b41a1e15ab17d2a4cb0a22a) \Device\Harddisk1\DR2
22:11:03.0703 0708 \Device\Harddisk1\DR2 - ok
22:11:03.0734 0708 Boot (0x1200) (417a6a318c6b614981c87681ed403ac4) \Device\Harddisk0\DR0\Partition0
22:11:03.0734 0708 \Device\Harddisk0\DR0\Partition0 - ok
22:11:03.0734 0708 ============================================================
22:11:03.0734 0708 Scan finished
22:11:03.0734 0708 ============================================================
22:11:03.0875 2108 Detected object count: 11
22:11:03.0875 2108 Actual detected object count: 11
22:11:27.0500 2108 atksgt ( UnsignedFile.Multi.Generic ) - skipped by user
22:11:27.0500 2108 atksgt ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:11:27.0500 2108 Bonjour Service ( UnsignedFile.Multi.Generic ) - skipped by user
22:11:27.0515 2108 Bonjour Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:11:27.0515 2108 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
22:11:27.0515 2108 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:11:27.0515 2108 HWiNFO32 ( UnsignedFile.Multi.Generic ) - skipped by user
22:11:27.0515 2108 HWiNFO32 ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:11:27.0515 2108 lirsgt ( UnsignedFile.Multi.Generic ) - skipped by user
22:11:27.0515 2108 lirsgt ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:11:27.0515 2108 Secdrv ( UnsignedFile.Multi.Generic ) - skipped by user
22:11:27.0515 2108 Secdrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:11:27.0515 2108 SNPSTD3 ( UnsignedFile.Multi.Generic ) - skipped by user
22:11:27.0515 2108 SNPSTD3 ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:11:27.0531 2108 SoundMAX Agent Service (default) ( UnsignedFile.Multi.Generic ) - skipped by user
22:11:27.0531 2108 SoundMAX Agent Service (default) ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:11:27.0531 2108 sptd ( LockedFile.Multi.Generic ) - skipped by user
22:11:27.0531 2108 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
22:11:27.0531 2108 tidnet ( UnsignedFile.Multi.Generic ) - skipped by user
22:11:27.0531 2108 tidnet ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:11:27.0546 2108 VClone ( UnsignedFile.Multi.Generic ) - skipped by user
22:11:27.0546 2108 VClone ( UnsignedFile.Multi.Generic ) - User select action: Skip

#14 Příspěvek od **vyosek** » 08 srp 2012 07:34

Spustte RogueKiller

Ukoncete vsechny programy
Pokud pouzivate Win Vista ci W7, kliknete na RogueKiller pravym a dejte Run As Administrator ci Spustit jako spravce
Pockejte na dokonceni PreScanu
Zvolte moznost Prohledat (scan)
Po dokonceni skenu kliknete na Zpráva (Report)- otevre se log, ten sem vlozte
Detailni postup vc. obrazku mate zde http://forum.viry.cz/viewtopic.php?f=24&t=120452

Pokud nemate, tak presunte Combofix na plochu

Spustte poznamkovy blok (Start-spustit-notepad)
Zkopirujte skript nize

Kód: Vybrat vše

KillAll::

RegNull::
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]

Firefox::
FF - ProfilePath - c:\documents and settings\Trash\Data aplikací\Mozilla\Firefox\Profiles\sm04586p.default\
FF - prefs.js: network.proxy.type - 4
FF - user.js: accessibility.typeaheadfind.flashBar - 0
FF - user.js: app.update.lastUpdateTime.addon-background-update-timer - 1343876657
FF - user.js: app.update.lastUpdateTime.background-update-timer - 1343876777
FF - user.js: app.update.lastUpdateTime.blocklist-background-update-timer - 1343876537
FF - user.js: app.update.lastUpdateTime.microsummary-generator-update-timer - 1335139503
FF - user.js: app.update.lastUpdateTime.places-maintenance-timer - 1335250552
FF - user.js: app.update.lastUpdateTime.restart-nag-timer - 1196211783
FF - user.js: app.update.lastUpdateTime.search-engine-update-timer - 1343876417
FF - user.js: avg.toolbar.activityIndex - []
FF - user.js: avg.toolbar.avg-SearchTerms -
FF - user.js: avg.toolbar.avg_newtabinfo - false
FF - user.js: avg.toolbar.buttons_hidden - false,false,false,false,false,false,false,false
FF - user.js: avg.toolbar.buttons_hidden_init - false,false,false,false,false,false,false,false
FF - user.js: avg.toolbar.buttons_icon - ,,chrome://avg/skin/safesurf.png,chrome://avg/skin/safesurf.png,chrome://avg/skin/safesearch.png,chrome://avg/skin/avglinks.png,chrome://avg/skin/avglinks.png,
FF - user.js: avg.toolbar.buttons_id - avg-SearchTerms,avg-SearchTerms-Button,avg-SurfSafe,avg-SurfSafeFree,avg-SearchShield,avg-Avginfo,avg-AvginfoFree,avg-Getmore
FF - user.js: avg.toolbar.buttons_label - ,Search,Active Surf-Shield,Active Surf-Shield,Search-Shield,AVG Info ,AVG Info ,Get More
FF - user.js: avg.toolbar.clientId - 74079D55D6F741C08B6E03C26460C8CA
FF - user.js: avg.toolbar.first_installation - true
FF - user.js: avg.toolbar.fourOFourError - true
FF - user.js: avg.toolbar.last_location - hxxp://search.seznam.cz/?q=fff&mod=f
FF - user.js: avg.toolbar.last_location_count - 0
FF - user.js: avg.toolbar.ntObserve_MENUCHECK - true
FF - user.js: avg.toolbar.search.textbox.width - 220
FF - user.js: avg.toolbar.search_type - yahoo
FF - user.js: avg.toolbar.settings - {searchMenu1:'',searchMenu2:'',searchChoice:null,'icon-text':'icon-text'}
FF - user.js: avg.toolbar.settings.icon-text - true
FF - user.js: avg.toolbar.settings.newwin - false
FF - user.js: avg.toolbar.settings.search.autorunhist - true
FF - user.js: avg.toolbar.settings.search.crossb - true
FF - user.js: avg.toolbar.settings.search.dropdlist - true
FF - user.js: avg.toolbar.timeId - 21322019315120090214131325
FF - user.js: avg.toolbar.timerSTATPOSTING - 1235272947
FF - user.js: avg.toolbar.version - 2.0.20080710
FF - user.js: avg.toolbar.visible - false
FF - user.js: avg.toolbar.websearchlink - hxxp://un.yhs.search.yahoo.com/avg/search?fr=yhs-avg
FF - user.js: browser.anchor_color - #0000FF
FF - user.js: browser.cache.disk.capacity - 1048576
FF - user.js: browser.cache.disk.smart_size.first_run - false
FF - user.js: browser.cache.disk.smart_size_cached_value - 317440
FF - user.js: browser.cache.memory.capacity - 16000
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.display.background_color - #C0C0C0
FF - user.js: browser.display.use_system_colors - true
FF - user.js: browser.download.dir - c:\\Documents and Settings\\Trash\\Plocha
FF - user.js: browser.download.lastDir - G:
FF - user.js: browser.download.manager.alertOnEXEOpen - false
FF - user.js: browser.download.save_converter_index - 1
FF - user.js: browser.download.useDownloadDir - false
FF - user.js: browser.feeds.handler - reader
FF - user.js: browser.feeds.handler.default - client
FF - user.js: browser.feeds.handlers.application - c:\\Program Files\\FeedReaderCZ\\feedreadercz.exe
FF - user.js: browser.feeds.showFirstRunUI - false
FF - user.js: browser.history_expire_days.mirror - 180
FF - user.js: browser.migration.version - 6
FF - user.js: browser.offline - false
FF - user.js: browser.places.importBookmarksHTML - false
FF - user.js: browser.places.importDefaults - false
FF - user.js: browser.places.leftPaneFolderId - -1
FF - user.js: browser.places.migratePostDataAnnotations - false
FF - user.js: browser.places.smartBookmarksVersion - 4
FF - user.js: browser.places.updateRecentTagsUri - false
FF - user.js: browser.preferences.advanced.selectedTabIndex - 1
FF - user.js: browser.rights.3.shown - true
FF - user.js: browser.search.defaultengine - Ask.com
FF - user.js: browser.search.defaultenginename - ICQ Search
FF - user.js: browser.search.order.1 - Ask.com
FF - user.js: browser.search.selectedEngine - Google
FF - user.js: browser.search.useDBForOrder - true
FF - user.js: browser.shell.checkDefaultBrowser - false
FF - user.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - user.js: browser.startup.homepage_override.buildID - 20120713134347
FF - user.js: browser.startup.homepage_override.mstone - 14.0.1
FF - user.js: browser.syncPromoViewsLeft - 0
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: browser.visited_color - #800080
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.maxtextrun - 4095
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: dom.ipc.plugins.enabled.npmywebs.dll - false
FF - user.js: dom.max_script_run_time - 1800
FF - user.js: extensions.blocklist.pingCount - -1
FF - user.js: extensions.blocklist.pingCountTotal - 56
FF - user.js: extensions.blocklist.pingCountVersion - 4
FF - user.js: extensions.bootstrappedAddons - {}
FF - user.js: extensions.customizegoogle.misc.filterlist - hxxp://bukvice.blog.cz/0605/pocasi
FF - user.js: extensions.customizegoogle.web.auto-page - false
FF - user.js: extensions.customizegoogle.web.counter - false
FF - user.js: extensions.customizegoogle.web.favicons - false
FF - user.js: extensions.customizegoogle.web.filter - true
FF - user.js: extensions.customizegoogle.web.focus - false
FF - user.js: extensions.customizegoogle.web.history - false
FF - user.js: extensions.customizegoogle.web.remove-ads - false
FF - user.js: extensions.customizegoogle.web.removeclicktrack - false
FF - user.js: extensions.customizegoogle.web.save - false
FF - user.js: extensions.customizegoogle.web.save-handler - bookmark
FF - user.js: extensions.customizegoogle.web.search-links - true
FF - user.js: extensions.customizegoogle.web.suggest - true
FF - user.js: extensions.databaseSchema - 12
FF - user.js: extensions.enabledAddons - {e968fc70-8f95-4ab9-9e79-304de2a71ee1}:0.7.3,{c50ca3c4-5656-43c2-a061-13e717f73fc8}:4.2.1,{972ce4c6-7e08-4474-a285-3208198ce6fd}:14.0.1
FF - user.js: extensions.enabledItems - {c50ca3c4-5656-43c2-a061-13e717f73fc8}:4.1.3,{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}:6.0.05,{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}:6.0.07,{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11,{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13,{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}:6.0.15,{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}:6.0.17,{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}:6.0.19,jqs@sun.com:1.0,{e968fc70-8f95-4ab9-9e79-304de2a71ee1}:0.7.3,{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.10.0.9560,{23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.2.145,{972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.28
FF - user.js: extensions.fastvideodownload.firstrun - false
FF - user.js: extensions.fastvideodownload.iconanimation - true
FF - user.js: extensions.fastvideodownload.menusize - 8
FF - user.js: extensions.fastvideodownload.savefolder - c:\\Documents and Settings\\Trash\\Plocha
FF - user.js: extensions.fastvideodownload.showstatus - true
FF - user.js: extensions.fastvideodownload.showtools - true
FF - user.js: extensions.fastvideodownload.version -
FF - user.js: extensions.hotfix.lastVersion - 20120430.01
FF - user.js: extensions.installCache - [{\name\:\winreg-app-global\,\addons\:{\jqs@sun.com\:{\descriptor\:\c:\\\\Program Files\\\\Java\\\\jre6\\\\lib\\\\deploy\\\\jqs\\\\ff\,\mtime\:1240563861062},\{20a82645-c095-46ed-80e3-08825760534b}\:{\descriptor\:\c:\\\\WINDOWS\\\\Microsoft.NET\\\\Framework\\\\v3.5\\\\Windows Presentation Foundation\\\\DotNetAssistantExtension\,\mtime\:1343915055875}}},{\name\:\app-global\,\addons\:{\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\:{\descriptor\:\c:\\\\Program Files\\\\Mozilla Firefox\\\\extensions\\\\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\,\mtime\:1332379891578},\{972ce4c6-7e08-4474-a285-3208198ce6fd}\:{\descriptor\:\c:\\\\Program Files\\\\Mozilla Firefox\\\\extensions\\\\{972ce4c6-7e08-4474-a285-3208198ce6fd}\,\mtime\:1343559490734}}},{\name\:\app-profile\,\addons\:{\{c50ca3c4-5656-43c2-a061-13e717f73fc8}\:{\descriptor\:\c:\\\\Documents and Settings\\\\Trash\\\\Data aplikacĂ\\\\Mozilla\\\\Firefox\\\\Profiles\\\\sm04586p.default\\\\extensions\\\\{c50ca3c4-5656-43c2-a061-13e717f73fc8}.xpi\,\mtime\:1343341560140},\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}\:{\descriptor\:\c:\\\\Documents and Settings\\\\Trash\\\\Data aplikacĂ\\\\Mozilla\\\\Firefox\\\\Profiles\\\\sm04586p.default\\\\extensions\\\\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}.xpi\,\mtime\:1335250868312}}}]
FF - user.js: extensions.installedDistroAddon.testpil ... ozilla.com - true
FF - user.js: extensions.jqs@sun.com.install-event-fired - true
FF - user.js: extensions.kosa.anonymousId - 047b792e0c7c5e971952c209f392b325
FF - user.js: extensions.kosa.bgCount - 261
FF - user.js: extensions.kosa.bundles - +1$fvd
FF - user.js: extensions.kosa.config - +fvd
FF - user.js: extensions.kosa.enabled - true
FF - user.js: extensions.kosa.install - fvd
FF - user.js: extensions.kosa.prefix - fvd
FF - user.js: extensions.kosa.settingsPrefix - fvd
FF - user.js: extensions.kosa.smspHideAds - false
FF - user.js: extensions.kosa.smspMaxPerPage - 10
FF - user.js: extensions.kosa.userId - c9929576-5e09-454f-80ca-9dd101fbac71
FF - user.js: extensions.kosa.vercheck - hxxp://init.kallout.com/versioncheck.js
FF - user.js: extensions.kosa.version - 2.2.3
FF - user.js: extensions.lastAppVersion - 14.0.1
FF - user.js: extensions.lastPlatformVersion - 14.0.1
FF - user.js: extensions.pendingOperations - false
FF - user.js: extensions.register@pgport.com.data - {ef522540-89f5-46b9-b6fe-1829e2b572c6},0,9999,999.999.999,9999,|{c50ca3c4-5656-43c2-a061-13e717f73fc8},5300,5300,4.0.1,5300,fvd|fvd@kallout.com,5200,5200,4.0.1,5200,fvd|fbg@pgport.com,0,5100,0.0.0,4600,|kosa@kallout.com,5000,5000,2.0.1,5000,sm|ytvdh@pgport.com,0,4800,1.1.3,4800,|ytvdw@pgport.com,0,4700,1.1.3,4700,|btpersonas@brandthunder.com,0,4600,0.0.0.,4600,|lifetimesavings@pgport.com,0,1002,0.0.0.,1002,|afhack@pgport.com,0,1001,0.0.0.,1001,|afext@pgport.com,0,1000,0.0.0.,1000,
FF - user.js: extensions.register@pgport.com.version - 1017
FF - user.js: extensions.shownSelectionUI - true
FF - user.js: extensions.skype_toolbar.version - 5.10.0.9560
FF - user.js: extensions.testpilot.alreadyCustomizedToolbar - true
FF - user.js: extensions.testpilot@labs.mozilla.com.install-event-fired - true
FF - user.js: extensions.ui.dictionary.hidden - true
FF - user.js: extensions.ui.lastCategory - addons://list/extension
FF - user.js: extensions.ui.locale.hidden - true
FF - user.js: extensions.update.notifyUser - false
FF - user.js: extensions.{20a82645-c095-46ed-80e3-08825760534b}.install-event-fired - true
FF - user.js: extensions.{23fcfd51-4958-4f00-80a3-ae97e717ed8b}.install-event-fired - true
FF - user.js: extensions.{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.install-event-fired - true
FF - user.js: extensions.{E2883E8F-472F-4fb0-9522-AC9BF37916A7}.install-event-fired - true
FF - user.js: extensions.{c50ca3c4-5656-43c2-a061-13e717f73fc8}.install-event-fired - true
FF - user.js: extensions.{e968fc70-8f95-4ab9-9e79-304de2a71ee1}.install-event-fired - true
FF - user.js: extensions.{fce36c1e-58d8-498a-b2a5-66ad1cedebbb}.install-event-fired - true
FF - user.js: font.internaluseonly.changed - true
FF - user.js: fvd.first_time_use - false
FF - user.js: gfx.blacklist.suggested-driver-version - 257.21
FF - user.js: icqtoolbar.allowSendURL - false
FF - user.js: icqtoolbar.engineVerified - true
FF - user.js: icqtoolbar.geolastmodified - 1271677352
FF - user.js: icqtoolbar.hiddenElements - itb_options
FF - user.js: icqtoolbar.history - Super.8.2011.DVDSCR.XViD-EVO%20torrent||Super.8.2011.DVDSCR.XviD.AC3-ViSiON%20torrent||Ringu%200%3A%20Basudei%20torrent||isohunt%20Ring.0.Birthday.2000.iNTERNAL.DVDRip.XviD-iLS%20torrent||Ring.0.Birthday.2000.iNTERNAL.DVDRip.XviD-iLS%20torrent||piratebay%20Smiley.Face.LIMITED.DVDRip.XviD-iMBT%20torrent||isohunt%20Smiley.Face.Festival.DVDSCR.XviD-XanaX%20torrent||Smiley.Face.Festival.DVDSCR.XviD-XanaX%20torrent||Smiley.Face.LIMITED.DVDRip.XviD-iMBT%20torrent||how.i.met.your.mother.s07e05.hdtv.xvid-lol%20torrent||menza%20jednota||abz%20slovn%C3%ADk||isifa%2Fgetty%20images||Shelter.LiMiTED.DVDRip.XviD-ALLiANCE||how.i.met.your.mother.s07e04.hdtv.xvid-lol
FF - user.js: icqtoolbar.icqgeo - 42
FF - user.js: icqtoolbar.installTime - 1270415208
FF - user.js: icqtoolbar.newtab_state - 1
FF - user.js: icqtoolbar.numberOfSearches - 0
FF - user.js: icqtoolbar.previousFFVersion - 3.6.23
FF - user.js: icqtoolbar.skip_default_search - no
FF - user.js: icqtoolbar.suggestions - false
FF - user.js: icqtoolbar.uninstStatSent - true
FF - user.js: icqtoolbar.uniqueID - 122881625112288168511228899951121
FF - user.js: icqtoolbar.usageStatstTimestamp - 1318699420
FF - user.js: icqtoolbar.xmlEnableSuggestions - false
FF - user.js: icqtoolbar.xmlLanguage - cs
FF - user.js: idle.lastDailyNotification - 1343689907
FF - user.js: intl.charsetmenu.browser.cache - ISO-8859-1, windows-1250, windows-1251, ISO-8859-2, UTF-8
FF - user.js: network.cookie.prefsMigrated - true
FF - user.js: network.http.max-connections - 32
FF - user.js: network.http.max-connections-per-server - 8
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: network.proxy.type - 4
FF - user.js: nglayout.initialpaint.delay - 750
FF - user.js: oldKeyword - hxxp://www.crawler.com/search/dispatche ... 60327&qkw=
FF - user.js: places.database.lastMaintenance - 1343689912
FF - user.js: places.history.expiration.transient_current_max_pages - 26830
FF - user.js: places.last_vacuum - 1331515232
FF - user.js: plugin.expose_full_path - true
FF - user.js: pref.advanced.javascript.disable_button.advanced - false
FF - user.js: pref.browser.homepage.disable_button.current_page - false
FF - user.js: pref.browser.homepage.disable_button.restore_default - false
FF - user.js: pref.privacy.disable_button.view_cookies - false
FF - user.js: print.print_bgcolor - false
FF - user.js: print.print_bgimages - false
FF - user.js: print.print_command -
FF - user.js: print.print_downloadfonts - true
FF - user.js: print.print_evenpages - true
FF - user.js: print.print_in_color - true
FF - user.js: print.print_margin_bottom - 0.5
FF - user.js: print.print_margin_left - 0.5
FF - user.js: print.print_margin_right - 0.5
FF - user.js: print.print_margin_top - 0.5
FF - user.js: print.print_oddpages - true
FF - user.js: print.print_orientation - 0
FF - user.js: print.print_pagedelay - 500
FF - user.js: print.print_paper_data - 0
FF - user.js: print.print_paper_height - 11,00
FF - user.js: print.print_paper_size - 7209061
FF - user.js: print.print_paper_size_type - 1
FF - user.js: print.print_paper_size_unit - 0
FF - user.js: print.print_paper_width - 8,50
FF - user.js: print.print_printer - Adobe PDF
FF - user.js: print.print_reversed - false
FF - user.js: print.print_scaling - 1,00
FF - user.js: print.print_shrink_to_fit - true
FF - user.js: print.print_to_file - false
FF - user.js: print.print_to_filename -
FF - user.js: print.print_unwriteable_margin_bottom - 0
FF - user.js: print.print_unwriteable_margin_left - 0
FF - user.js: print.print_unwriteable_margin_right - 0
FF - user.js: print.print_unwriteable_margin_top - 0
FF - user.js: print.printer_Adobe_PDF.print_bgcolor - false
FF - user.js: print.printer_Adobe_PDF.print_bgimages - false
FF - user.js: print.printer_Adobe_PDF.print_command -
FF - user.js: print.printer_Adobe_PDF.print_downloadfonts - true
FF - user.js: print.printer_Adobe_PDF.print_edge_bottom - 0
FF - user.js: print.printer_Adobe_PDF.print_edge_left - 0
FF - user.js: print.printer_Adobe_PDF.print_edge_right - 0
FF - user.js: print.printer_Adobe_PDF.print_edge_top - 0
FF - user.js: print.printer_Adobe_PDF.print_evenpages - true
FF - user.js: print.printer_Adobe_PDF.print_footercenter -
FF - user.js: print.printer_Adobe_PDF.print_footerleft - &PT
FF - user.js: print.printer_Adobe_PDF.print_footerright - &D
FF - user.js: print.printer_Adobe_PDF.print_headercenter -
FF - user.js: print.printer_Adobe_PDF.print_headerleft - &T
FF - user.js: print.printer_Adobe_PDF.print_headerright - &U
FF - user.js: print.printer_Adobe_PDF.print_in_color - true
FF - user.js: print.printer_Adobe_PDF.print_margin_bottom - 0.5
FF - user.js: print.printer_Adobe_PDF.print_margin_left - 0.5
FF - user.js: print.printer_Adobe_PDF.print_margin_right - 0.5
FF - user.js: print.printer_Adobe_PDF.print_margin_top - 0.5
FF - user.js: print.printer_Adobe_PDF.print_oddpages - true
FF - user.js: print.printer_Adobe_PDF.print_orientation - 0
FF - user.js: print.printer_Adobe_PDF.print_pagedelay - 500
FF - user.js: print.printer_Adobe_PDF.print_paper_data - 0
FF - user.js: print.printer_Adobe_PDF.print_paper_height - 11,00
FF - user.js: print.printer_Adobe_PDF.print_paper_size_type - 0
FF - user.js: print.printer_Adobe_PDF.print_paper_size_unit - 1
FF - user.js: print.printer_Adobe_PDF.print_paper_width - 8,50
FF - user.js: print.printer_Adobe_PDF.print_reversed - false
FF - user.js: print.printer_Adobe_PDF.print_scaling - 1,00
FF - user.js: print.printer_Adobe_PDF.print_shrink_to_fit - true
FF - user.js: print.printer_Adobe_PDF.print_to_file - false
FF - user.js: print.printer_Adobe_PDF.print_to_filename -
FF - user.js: print.printer_Adobe_PDF.print_unwriteable_margin_bottom - 0
FF - user.js: print.printer_Adobe_PDF.print_unwriteable_margin_left - 0
FF - user.js: print.printer_Adobe_PDF.print_unwriteable_margin_right - 0
FF - user.js: print.printer_Adobe_PDF.print_unwriteable_margin_top - 0
FF - user.js: privacy.sanitize.migrateFx3Prefs - true
FF - user.js: privacy.sanitize.timeSpan - 3
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: storage.vacuum.last.index - 1
FF - user.js: storage.vacuum.last.places.sqlite - 1343506873
FF - user.js: toolkit.startup.last_success - 1343924707
FF - user.js: toolkit.telemetry.prompted - 2
FF - user.js: toolkit.telemetry.rejected - true
FF - user.js: ui.submenuDelay - 0
FF - user.js: urlclassifier.keyupdatetime.hxxps://sb-ssl.google.com/safebrowsing/newkey - 1345980394
FF - user.js: urlclassifier.tableversion.goog-black-enchash - 1.53228
FF - user.js: urlclassifier.tableversion.goog-black-url - 1.22331
FF - user.js: urlclassifier.tableversion.goog-white-domain - 1.480
FF - user.js: urlclassifier.tableversion.goog-white-url - 1.371
FF - user.js: useragentswitcher.import.overwrite - false
FF - user.js: useragentswitcher.menu.hide - false
FF - user.js: useragentswitcher.version - 0.73
FF - user.js: xpinstall.whitelist.add -
FF - user.js: xpinstall.whitelist.add.103 -
FF - user.js: xpinstall.whitelist.add.36 -
FF - user.js: browser.cache.memory.capacity - 16000
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.maxtextrun - 4095
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: dom.disable_window_status_change - true
FF - user.js: network.http.max-connections - 32
FF - user.js: network.http.max-connections-per-server - 8
FF - user.js: network.http.max-persistent-connections-per-proxy - 8
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 750
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
FF - user.js: browser.blink_allowed - false

DDS::
uSearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
uStart Page = hxxp://home.mywebsearch.com/index.jhtml ... y0qPgybGqg
uDefault_Search_URL = hxxp://search.qip.ru
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
uInternet Settings,ProxyOverride = *.local

Driver::
gupdate
gupdatem

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirtualCloneDrive]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ICQ"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"=-
"Adobe Reader Speed Launcher"=-

Folder::
c:\documents and settings\Trash\Data aplikací\Kaspersky_Key_Finder_(KKF
c:\documents and settings\All Users\Data aplikací\Kaspersky Lab
c:\documents and settings\All Users\Data aplikací\Kaspersky Lab Setup Files
c:\windows\system32\config\systemprofile\Data aplikací\IObit
c:\documents and settings\Trash\Local Settings\Data aplikací\ESET

File::
c:\program files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll
C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
C:\WINDOWS\tasks\avast! Emergency Update.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

Reboot::

Ulozte vytvoreny TXT jako CFScript.txt
Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte

Pokud vyskoci hlaska "Pokus pouzit neplatnou operaci na klic registru, ktery je oznacen pro odstraneni", tak jen restartujte PC - registr se da do kupy - jedna se o vnitrni chybu, kterou zpusobuje CF a autor ji zatim neumi bohuzel opravit

Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci

Trasheek · #15 Příspěvek od **Trasheek** » 08 srp 2012 10:23

RogueKiller V7.6.5 [08/03/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Podpora: http://www.geekstogo.com/forum/files/fi ... guekiller/
Operační systém: Windows XP (5.1.2600 Service Pack 2) 32 bits version
Spuštěno v: Normální režim
Uživatel: Trash [Práva správce]
Mód: Kontrola -- Datum: 08/08/2012 11:21:26

¤¤¤ Škodlivé procesy: 1 ¤¤¤
[SUSP PATH] c2c_service.exe -- C:\Documents and Settings\All Users\Data aplikací\Skype\Toolbars\Skype C2C Service\c2c_service.exe -> KILLED [TermProc]

¤¤¤ Záznamy Registrů: 0 ¤¤¤

¤¤¤ Zvláštní soubory / Složky: ¤¤¤
[Faked.Drv][FAKED] mf.sys : c:\windows\system32\drivers\mf.sys --> CANNOT FIX
[Faked.Drv][FAKED] nic1394.sys : c:\windows\system32\drivers\nic1394.sys --> CANNOT FIX
[Faked.Drv][FAKED] nwlnknb.sys : c:\windows\system32\drivers\nwlnknb.sys --> CANNOT FIX

¤¤¤ Ovladač: [NAHRÁNO] ¤¤¤

¤¤¤ Nákaza : Root.MBR ¤¤¤

¤¤¤ Soubor HOSTS: ¤¤¤
127.0.0.1 localhost

¤¤¤ Kontrola MBR: ¤¤¤

+++++ PhysicalDrive0: WDC WD600JB-00CRA1 +++++
--- User ---
[MBR] 7b88ddb674ecb385d45a1b5e0f0ec57c
[BSP] 73c62edd8d9dde02538d59e7bb7e2064 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 57231 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: LaCie iamaKey USB Device +++++
--- User ---
[MBR] 53350b3e3c4fdbd439965e89021f58f5
[BSP] 071ca9641b72e54e9f680ca3f475833a : MyBios MBR Code!
Partition table:
0 - [XXXXXX] HIBER (0xa0) [VISIBLE] Offset (sectors): 4284574052 | Size: 854113 Mo
1 - [XXXXXX] UNKNOWN (0x64) [VISIBLE] Offset (sectors): 168689525 | Size: 953964 Mo
2 - [XXXXXX] UNKNOWN (0x6a) [VISIBLE] Offset (sectors): 778201452 | Size: 1314189 Mo
3 - [XXXXXX] UNKNOWN (0x75) [VISIBLE] Offset (sectors): 2885681152 | Size: 27 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Dokončeno : << RKreport[1].txt >>
RKreport[1].txt

VIRY.CZ

Viry neodstraněné Avastem

Viry neodstraněné Avastem

Re: Viry neodstraněné Avastem

Re: Viry neodstraněné Avastem

Re: Viry neodstraněné Avastem

Re: Viry neodstraněné Avastem

Re: Viry neodstraněné Avastem

Re: Viry neodstraněné Avastem

Re: Viry neodstraněné Avastem

Re: Viry neodstraněné Avastem

Re: Viry neodstraněné Avastem

Re: Viry neodstraněné Avastem

Re: Viry neodstraněné Avastem

Re: Viry neodstraněné Avastem

Re: Viry neodstraněné Avastem

Re: Viry neodstraněné Avastem