Zdravím,
Prosím o radu, AVG 2012 Free mi po testu vyjelo následující zprávu. Pokud se jedná se rootkit, jak se s tím vypořádat ? Díky Petr
"Název objektu";"C:\WINDOWS\system32\drivers\sprb.sys"
"Název detekce";"i8042prt.sys, přesměrovaný import HAL.dll READ_PORT_UCHAR -> sprb.sys +0x12048"
"Typ objektu";"Soubor"
"Typ SDK";"Rootkit"
"Výsledek";"Objekt je skrytý"
"Historie akcí";""
"Název objektu";"C:\WINDOWS\system32\drivers\sprb.sys"
"Název detekce";"atapi.sys, přesměrovaný import HAL.dll WRITE_PORT_UCHAR -> sprb.sys +0x26D2"
"Typ objektu";"Soubor"
"Typ SDK";"Rootkit"
"Výsledek";"Objekt je skrytý"
"Historie akcí";""
"Název objektu";"C:\WINDOWS\system32\drivers\sprb.sys"
"Název detekce";"pci.sys, přesměrovaný import ntoskrnl.exe IoDetachDevice -> sprb.sys +0x32C4C"
"Typ objektu";"Soubor"
"Typ SDK";"Rootkit"
"Výsledek";"Objekt je skrytý"
"Historie akcí";""
"Název objektu";"C:\WINDOWS\system32\drivers\sprb.sys"
"Název detekce";"pci.sys, přesměrovaný import ntoskrnl.exe IoAttachDeviceToDeviceStack -> sprb.sys +0x32CA0"
"Typ objektu";"Soubor"
"Typ SDK";"Rootkit"
"Výsledek";"Objekt je skrytý"
"Historie akcí";""
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
rootkit sprb.sys
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Re: rootkit sprb.sys
Zdravim a vitam vas u nas na foru 
Trvate na antiviru avg ? U nas neni moc obliben - vyssi zatez systemu, slabsi detekce. Ja bych byl pro zmenu, ale vy rozhodnete
Dejte log z RSIT http://forum.viry.cz/viewtopic.php?f=13&t=105895
Stahnete si TDSSKiller http://support.kaspersky.com/downloads/ ... killer.exe
Trvate na antiviru avg ? U nas neni moc obliben - vyssi zatez systemu, slabsi detekce. Ja bych byl pro zmenu, ale vy rozhodnete Dejte log z RSIT http://forum.viry.cz/viewtopic.php?f=13&t=105895 Stahnete si TDSSKiller http://support.kaspersky.com/downloads/ ... killer.exe
- Kliknete na volbu Change parametrs
- V okne Additional Option zakliknete vsechny moznosti
- Kliknete na OK
- Utilite prikazte, at skenuje - klik na Start Scan
- Po dokonceni skenu se objevi okno, zkontrolujte, zda-li je vsude moznost Skip
- Pokud moznost Skip nebude primarne nastavena, prekliknete ji na Skip
- Pokud mate vsude Skip, kliknete na Continue
- Na disku, kde mate Windows (obvykle c:\) ve tvaru TDSSKiller.nejaka cisilka _log.txt bude log - jeho obsah sem vlozte
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen
od 1. února 2011.
Člen
od 1. února 2011.Re: rootkit sprb.sys
Děkuji, na AVG netrvám vůbec, je to věc setrvačnosti, můžete mi doporučit lepší, pokud možno ve free verzi ?
A teď tedy log z RSIT:
Logfile of random's system information tool 1.09 (written by random/random)
Run by Petr at 2012-10-16 19:14:42
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 41 GB (51%) free of 80 GB
Total RAM: 1023 MB (43% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:15:33, on 16.10.2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Uniblue\SpeedUpMyPC\spmonitor.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Uniblue\RegistryBooster\rbmonitor.exe
C:\Program Files\Nitro PDF\Reader\NitroPDFReaderDriverService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe
C:\Program Files\AVG\AVG2012\avgidsagent.exe
C:\WINDOWS\atiptaxx.exe
C:\PROGRA~1\KYE\GENIUS~1\mouseElf.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\freeCommander\FreeCommander.exe
C:\Nutné pro instalaci\antirootkit\Viry_cz\RSIT.exe
C:\Program Files\trend micro\Petr.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedi ... t=&gc=1&q=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://toolbar.ask.com/toolbarv/askRedi ... &gc=1&q=%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
R3 - URLSearchHook: (no name) - {C94E154B-1459-4A47-966B-4B843BEFC7DB} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\12.2.5.32\AVG Secure Search_toolbar.dll
O2 - BHO: (no name) - {BBE59AF5-EE22-4A3A-AB26-3F774D1B4216} - C:\PROGRA~1\FOLDER~1\FOLDER~1.DLL
O2 - BHO: (no name) - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - (no file)
O2 - BHO: NTIECatcher Class - {C56CB6B0-0D96-11D6-8C65-B2868B609932} - C:\Program Files\Xi\NetTransport 2\NTIEHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - (no file)
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\12.2.5.32\AVG Secure Search_toolbar.dll
O4 - HKLM\..\Run: [ATIPTA] C:\WINDOWS\atiptaxx.exe
O4 - HKLM\..\Run: [mouseElf] C:\PROGRA~1\KYE\GENIUS~1\mouseElf.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files\AVG\AVG2012\avgtray.exe"
O4 - HKLM\..\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe"
O4 - HKLM\..\Run: [ROC_ROC_JULY_P1] "C:\Program Files\AVG Secure Search\ROC_ROC_JULY_P1.exe" / /PROMPT /CMPID=ROC_JULY_P1
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart17.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Stáhnout pomocí Net Transportu - C:\Program Files\Xi\NetTransport 2\NTAddLink.html
O8 - Extra context menu item: Stáhnout vše pomocí &Net Transportu - C:\Program Files\Xi\NetTransport 2\NTAddList.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v ... 5207737859
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\12.2.6\ViProtocol.dll
O20 - Winlogon Notify: TPSvc - TPSvc.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgwdsvc.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NitroPDFReaderDriverCreatorReadSpool (NitroReaderDriverReadSpool) - Nitro PDF Software - C:\Program Files\Nitro PDF\Reader\NitroPDFReaderDriverService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: O&O Defrag 2000 (OOD2000) - O&O Software GmbH - C:\WINDOWS\system32\OOD2000.exe
O23 - Service: VMware Tools Service (VMTools) - VMware, Inc. - C:\Program Files\VMware\VMware Tools\VMwareService.exe
O23 - Service: vToolbarUpdater12.2.6 - Unknown owner - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe
--
End of file - 9881 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\Adobe Flash Player Updater.job
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\RegistryBooster.job
C:\WINDOWS\tasks\SpeedUpMyPC.job
=========Mozilla firefox=========
ProfilePath - C:\Documents and Settings\Petr\Data aplikací\Mozilla\Firefox\Profiles\br0e9z35.Lenka
prefs.js - "browser.startup.homepage" - "google.com"
prefs.js - "extensions.enabledItems" - "{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}:6.0.03, {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}:6.0.05, {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11, {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}:6.0.15, {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}:6.0.17, {20a82645-c095-46ed-80e3-08825760534b}:1.1, {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20, jqs@sun.com:1.0, {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21, {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22, avg@igeared:6.103.018.001, {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:10.0.0.1209, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.17"
prefs.js - "keyword.URL" - "https://isearch.avg.com/search?cid={689 ... 2012-06-07 18:42:50&v=12.2.5.32&sap=ku&q="
"{20a82645-c095-46ed-80e3-08825760534b}"=c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
"{1E73965B-8B48-48be-9C8D-68B920ABC1C4}"=C:\Program Files\AVG\AVG2012\Firefox4\
"avg@toolbar"=C:\Documents and Settings\All Users\Data aplikací\AVG Secure Search\12.2.5.32\
"jqs@sun.com"=C:\Program Files\Java\jre6\lib\deploy\jqs\ff
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.4.402.287 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin]
"Description"=
"Path"=C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\12.2.6\\npsitesafety.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Google.com/GoogleEarthPlugin]
"Description"=Google Earth in your browser
"Path"=C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2240]
"Description"=RealMedia Plugin
"Path"=C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1348]
"Description"=RealPlayer Version Plugin
"Path"=C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=]
"Description"=
"Path"=
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
C:\Program Files\Mozilla Firefox\\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}
{AB2CE124-6272-4b12-94A9-7303C7397BD1}
C:\Program Files\Mozilla Firefox\\components\
AskSearch.js
binary.manifest
browsercomps.dll
nsIQTScriptablePlugin.xpt
C:\Program Files\Mozilla Firefox\\plugins\
npdeployJava1.dll
nppdf32.dll
npqtplugin.dll
npqtplugin2.dll
npqtplugin3.dll
npqtplugin4.dll
npqtplugin5.dll
npqtplugin6.dll
npqtplugin7.dll
QuickTimePlugin.class
C:\Program Files\Mozilla Firefox\\searchplugins\
avg-secure-search.xml
conduit.xml
google.xml
heureka-cz.xml
jyxo-cz.xml
mall-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-07-27 63944]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG2012\avgssie.dll [2012-06-24 1417336]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre6\bin\ssv.dll [2012-03-31 325408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
AVG Security Toolbar - C:\Program Files\AVG Secure Search\12.2.5.32\AVG Secure Search_toolbar.dll [2012-09-03 1734240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BBE59AF5-EE22-4A3A-AB26-3F774D1B4216}]
C:\PROGRA~1\FOLDER~1\FOLDER~1.DLL [2003-02-20 402944]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C451C08A-EC37-45DF-AAAD-18B51AB5E837}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C56CB6B0-0D96-11D6-8C65-B2868B609932}]
NTIECatcher Class - C:\Program Files\Xi\NetTransport 2\NTIEHelper.dll [2003-12-15 49152]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2012-03-31 42272]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2012-03-31 79648]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{31CF9EBE-5755-4A1D-AC25-2834D952D9B4}
{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
{95B7759C-8C7F-4BF1-B163-73684A933233} - AVG Security Toolbar - C:\Program Files\AVG Secure Search\12.2.5.32\AVG Secure Search_toolbar.dll [2012-09-03 1734240]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"=C:\WINDOWS\atiptaxx.exe [2003-09-12 335872]
"mouseElf"=C:\PROGRA~1\KYE\GENIUS~1\mouseElf.exe [2002-05-20 151552]
"WinampAgent"=C:\Program Files\Winamp\winampa.exe [2008-01-16 37376]
"NBKeyScan"=C:\Program Files\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe [2008-02-21 1647912]
"AVG_TRAY"=C:\Program Files\AVG\AVG2012\avgtray.exe [2012-07-31 2596984]
"vProt"=C:\Program Files\AVG Secure Search\vprot.exe [2012-09-03 947808]
"ROC_ROC_JULY_P1"=C:\Program Files\AVG Secure Search\ROC_ROC_JULY_P1.exe [2012-09-03 1022048]
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\daemon.exe [2008-04-01 486856]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe [2002-03-28 188416]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
[]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2006-09-01 282624]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Common Files\Java\Java Update\jusched.exe [2012-01-18 254696]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VMware Tools]
C:\Program Files\VMware\VMware Tools\VMwareTray.exe [2006-08-10 49152]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VMware User Process]
C:\Program Files\VMware\VMware Tools\VMwareUser.exe [2006-08-10 114688]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^InterVideo WinCinema Manager.lnk]
[]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^NkvMon.exe.lnk]
C:\PROGRA~1\Nikon\NkView5\NkvMon.exe [2002-04-24 233472]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Petr^Nabídka Start^Programy^Po spuštění^Registration-Studio 8.lnk]
C:\PROGRA~1\Pinnacle\STUDIO~1\Register\RegTool.exe [2002-09-26 245760]
C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
AutoCAD Startup Accelerator.lnk - C:\Program Files\Common Files\Autodesk Shared\acstart17.exe
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2005-02-22 61440]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\TPSvc]
TPSvc.dll []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\Program Files\Grisoft\AVG Free\avginet.exe"="C:\Program Files\Grisoft\AVG Free\avginet.exe:*:Enabled:avginet.exe"
"C:\Program Files\Grisoft\AVG Free\avgcc.exe"="C:\Program Files\Grisoft\AVG Free\avgcc.exe:*:Enabled:avgcc.exe"
"C:\Program Files\Grisoft\AVG Free\avgamsvr.exe"="C:\Program Files\Grisoft\AVG Free\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG8\avgemc.exe"="C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Mozilla Thunderbird\thunderbird.exe"="C:\Program Files\Mozilla Thunderbird\thunderbird.exe:*:Enabled:Mozilla Thunderbird"
"C:\Program Files\Java\jre6\bin\javaw.exe"="C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Program Files\Java\jre6\bin\java.exe"="C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Program Files\Google\Google Earth\plugin\geplugin.exe"="C:\Program Files\Google\Google Earth\plugin\geplugin.exe:*:Enabled:Google Earth"
"C:\Program Files\AVG\AVG10\avgmfapx.exe"="C:\Program Files\AVG\AVG10\avgmfapx.exe:*:Enabled:Instalátor AVG"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\Kerio\Personal Firewall\PERSFW.exe"="C:\Program Files\Kerio\Personal Firewall\PERSFW.exe:*:Disabled:Kerio Personal Firewall Engine"
"C:\Program Files\Java\jre6\launch4j-tmp\frd.exe"="C:\Program Files\Java\jre6\launch4j-tmp\frd.exe:*:Disabled:Java(TM) Platform SE binary"
"C:\Program Files\AVG\AVG2012\avgmfapx.exe"="C:\Program Files\AVG\AVG2012\avgmfapx.exe:*:Enabled:Instalátor AVG"
"C:\Program Files\AVG\AVG2012\avgnsx.exe"="C:\Program Files\AVG\AVG2012\avgnsx.exe:*:Enabled:Webový štít"
"C:\Program Files\AVG\AVG2012\avgdiagex.exe"="C:\Program Files\AVG\AVG2012\avgdiagex.exe:*:Enabled:AVG Diagnostika 2012"
"C:\flexlm\nexis\lmgrd.exe"="C:\flexlm\nexis\lmgrd.exe:*:Enabled:lmgrd"
"C:\flexlm\nexis\scia.exe"="C:\flexlm\nexis\scia.exe:*:Enabled:scia"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"VIDC.I420"=i420vfw.dll
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"VIDC.IYUV"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVU9"=tsbyuv.dll
"VIDC.YVYU"=msyuv.dll
"wavemapper"=msacm32.drv
"wave"=serwvdrv.dll
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"VIDC.MPG4"=mpg4c32.dll
"VIDC.MP42"=mpg4c32.dll
"VIDC.PIM1"=pclepim1.dll
"MSVideo8"=VfWWDM32.dll
"wave2"=serwvdrv.dll
"wave1"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"VIDC.WMV3"=wmv9vcm.dll
"vidc.XVID"=xvidvfw.dll
"vidc.yv12"=yv12vfw.dll
======File associations======
.scr - open - "C:\WINDOWS\system32\NOTEPAD.EXE" "%1"
.scr - install -
.scr - config -
======List of files/folders created in the last 1 month======
2012-10-16 19:14:43 ----D---- C:\Program Files\trend micro
2012-10-16 19:14:42 ----D---- C:\rsit
2012-10-15 20:03:09 ----D---- C:\Program Files\Sophos
2012-10-15 19:55:10 ----A---- C:\TDSSKiller.2.8.13.0_15.10.2012_19.55.10_log.txt
2012-10-10 23:05:16 ----HDC---- C:\WINDOWS\$NtUninstallKB2724197$
2012-10-10 22:59:42 ----HDC---- C:\WINDOWS\$NtUninstallKB2756822$
2012-10-10 22:59:32 ----HDC---- C:\WINDOWS\$NtUninstallKB2749655$
2012-10-10 22:59:15 ----A---- C:\WINDOWS\imsins.BAK
2012-10-10 22:59:09 ----HDC---- C:\WINDOWS\$NtUninstallKB2661254-v2$
2012-10-07 19:56:08 ----D---- C:\flexlm
2012-10-01 21:00:51 ----D---- C:\Documents and Settings\All Users\Data aplikací\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1}
2012-09-17 20:21:11 ----D---- C:\Program Files\FBReader
2012-09-17 18:00:56 ----D---- C:\Program Files\CrystalDiskInfo
======List of files/folders modified in the last 1 month======
2012-10-16 19:14:43 ----D---- C:\Program Files
2012-10-16 19:14:27 ----D---- C:\WINDOWS\Prefetch
2012-10-16 19:13:53 ----D---- C:\Program Files\freeCommander
2012-10-16 19:09:41 ----D---- C:\Program Files\Mozilla Firefox
2012-10-16 18:51:48 ----D---- C:\WINDOWS\Temp
2012-10-16 18:51:44 ----D---- C:\WINDOWS\system32\CatRoot2
2012-10-16 18:49:08 ----A---- C:\WINDOWS\SchedLgU.Txt
2012-10-16 00:01:57 ----D---- C:\Program Files\Mozilla Thunderbird
2012-10-15 21:52:54 ----D---- C:\WINDOWS
2012-10-15 20:23:09 ----D---- C:\WINDOWS\system32
2012-10-15 19:55:14 ----D---- C:\WINDOWS\system32\drivers
2012-10-15 19:54:54 ----D---- C:\Nutné pro instalaci
2012-10-15 18:32:27 ----D---- C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy
2012-10-14 23:24:00 ----D---- C:\Documents and Settings\All Users\Data aplikací\MFAData
2012-10-14 22:12:35 ----D---- C:\WINDOWS\system32\drivers\AVG
2012-10-14 16:57:15 ----D---- C:\Documents and Settings\Petr\Data aplikací\Nitro PDF
2012-10-13 23:05:44 ----D---- C:\WINDOWS\security
2012-10-13 19:39:54 ----A---- C:\WINDOWS\system32\FlashPlayerApp.exe
2012-10-10 23:05:38 ----SHDC---- C:\WINDOWS\system32\dllcache
2012-10-10 23:05:25 ----HD---- C:\WINDOWS\inf
2012-10-10 23:00:17 ----D---- C:\WINDOWS\Debug
2012-10-10 23:00:03 ----A---- C:\WINDOWS\system32\MRT.exe
2012-10-10 22:15:28 ----HD---- C:\WINDOWS\$hf_mig$
2012-10-03 00:07:08 ----D---- C:\SCAN
2012-10-01 23:41:58 ----D---- C:\WINDOWS\system32\config
2012-10-01 21:19:30 ----SD---- C:\WINDOWS\Tasks
2012-10-01 21:19:02 ----D---- C:\Program Files\Uniblue
2012-10-01 21:19:02 ----D---- C:\Documents and Settings\Petr\Data aplikací\Uniblue
2012-10-01 21:11:43 ----D---- C:\Documents and Settings\All Users\Data aplikací\SecTaskMan
2012-10-01 08:20:19 ----D---- C:\spv
2012-09-23 16:41:22 ----D---- C:\Program Files\Internet Explorer
2012-09-23 16:41:07 ----D---- C:\WINDOWS\ie8updates
2012-09-18 21:38:32 ----SHD---- C:\WINDOWS\Installer
2012-09-17 23:10:13 ----D---- C:\Documents and Settings\Petr\Data aplikací\XnView
2012-09-17 22:03:09 ----D---- C:\Documents and Settings\Petr\Data aplikací\Help
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 AVGIDSHX;AVGIDSHX; C:\WINDOWS\system32\DRIVERS\avgidshx.sys [2012-04-19 24896]
R0 Avgrkx86;AVG Anti-Rootkit Driver; C:\WINDOWS\system32\DRIVERS\avgrkx86.sys [2012-01-31 31952]
R0 ohci1394;Hostitelský řadič IEEE 1394 dle standardu OHCI VIA; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2008-04-13 61696]
R0 PxHelp20;PxHelp20; C:\WINDOWS\system32\DRIVERS\PxHelp20.sys [2007-03-08 43528]
R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2008-05-18 717296]
R0 uagp35;Filtr Microsoft AGPv3.5; C:\WINDOWS\system32\DRIVERS\uagp35.sys [2008-04-13 44672]
R0 vmscsi;vmscsi; C:\WINDOWS\system32\DRIVERS\vmscsi.sys [2006-08-10 10880]
R1 AmdK7;Ovladač procesoru AMD K7; C:\WINDOWS\system32\DRIVERS\amdk7.sys [2008-04-14 41600]
R1 Avgldx86;AVG AVI Loader Driver; C:\WINDOWS\system32\DRIVERS\avgldx86.sys [2012-07-26 237408]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield; C:\WINDOWS\system32\DRIVERS\avgmfx86.sys [2011-12-23 41040]
R1 Avgtdix;AVG TDI Driver; C:\WINDOWS\system32\DRIVERS\avgtdix.sys [2012-08-24 301920]
R1 avgtp;avgtp; \??\C:\WINDOWS\system32\drivers\avgtpx86.sys []
R1 BANTExt;Belarc SMBios Access; C:\WINDOWS\System32\Drivers\BANTExt.sys [2011-08-09 3840]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 oreans32;oreans32; \??\C:\WINDOWS\system32\drivers\oreans32.sys []
R2 Aspi32;Aspi32; C:\WINDOWS\system32\drivers\Aspi32.sys [2002-07-17 16877]
R2 hardlock;hardlock; \??\C:\WINDOWS\system32\drivers\hardlock.sys []
R3 Afc;PPdus ASPI Shell; C:\WINDOWS\system32\drivers\Afc.sys [2006-11-10 18688]
R3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2005-02-22 986624]
R3 AVGIDSDriver;AVGIDSDriver; C:\WINDOWS\system32\DRIVERS\avgidsdriverx.sys [2011-12-23 139856]
R3 AVGIDSFilter;AVGIDSFilter; C:\WINDOWS\system32\DRIVERS\avgidsfilterx.sys [2011-12-23 24144]
R3 AVGIDSShim;AVGIDSShim; C:\WINDOWS\system32\DRIVERS\avgidsshimx.sys [2011-12-23 17232]
R3 b57w2k;Broadcom NetXtreme Gigabit Ethernet; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2003-05-21 175360]
R3 cmuda;C-Media WDM Audio Interface; C:\WINDOWS\system32\drivers\cmuda.sys [2005-05-12 1332544]
R3 GcKernel;Ovladač filtru Microsoft SideWinder Value Add; C:\WINDOWS\system32\DRIVERS\GcKernel.sys [2008-04-13 59136]
R3 genmcmn;Genius NetScroll Optical Mouse Driver; C:\WINDOWS\system32\DRIVERS\gmfiltr.sys [2002-05-17 6656]
R3 HIDSwvd;Miniovladač stanadardu HID Microsoft SideWinder Virtual; C:\WINDOWS\system32\DRIVERS\HIDSwvd.sys [2001-08-17 2688]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 pfc;PADUS ASPI SHELL; C:\WINDOWS\system32\drivers\pfc.sys [2002-06-13 14604]
R3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 vulfntrs;VIA USB Roothub Lower Filter; C:\WINDOWS\System32\Drivers\vulfntr.sys [2002-11-13 10496]
S2 ADILOADER;General Purpose USB Driver (adildr.sys); C:\WINDOWS\system32\drivers\ADILOADER.sys []
S3 61883;61883 Unit Device; C:\WINDOWS\system32\DRIVERS\61883.sys [2008-04-13 48128]
S3 a0ji94k3;a0ji94k3; C:\WINDOWS\system32\drivers\a0ji94k3.sys []
S3 adiusbaw;USB ADSL WAN Adapter; C:\WINDOWS\system32\drivers\adiusbaw.sys []
S3 Avc;AVC Device; C:\WINDOWS\system32\DRIVERS\avc.sys [2008-04-13 38912]
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 dtscsi;dtscsi; C:\WINDOWS\system32\drivers\dtscsi.sys []
S3 epmntdrv;epmntdrv; \??\C:\WINDOWS\system32\epmntdrv.sys []
S3 EuGdiDrv;EuGdiDrv; \??\C:\WINDOWS\system32\EuGdiDrv.sys []
S3 ggsemc;SEMC USB Flash Driver; C:\WINDOWS\system32\DRIVERS\ggsemc.sys [2007-10-31 19424]
S3 GMSIPCI;GMSIPCI; \??\F:\INSTALL\GMSIPCI.SYS []
S3 ltmodem5;LT Modem Driver; C:\WINDOWS\system32\DRIVERS\ltmdmnt.sys [2004-08-17 606556]
S3 MEMSWEEP2;MEMSWEEP2; \??\C:\WINDOWS\system32\58.tmp []
S3 MFE_RR;MFE_RR; \??\C:\DOCUME~1\Petr\LOCALS~1\Temp\mfe_rr.sys []
S3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
S3 MSDV;Microsoft DV Camera and VCR; C:\WINDOWS\system32\DRIVERS\msdv.sys [2008-04-13 51200]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 Pcouffin;Low level access layer for CD devices; C:\WINDOWS\system32\drivers\Pcouffin.sys []
S3 SD;SD; C:\WINDOWS\system32\drivers\SD.sys []
S3 se46bus;Sony Ericsson Device 070 driver (WDM); C:\WINDOWS\system32\DRIVERS\se46bus.sys [2006-11-30 61536]
S3 se46mdfl;Sony Ericsson Device 070 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\se46mdfl.sys [2006-11-30 9360]
S3 se46mdm;Sony Ericsson Device 070 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\se46mdm.sys [2006-11-30 97088]
S3 se46mgmt;Sony Ericsson Device 070 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\se46mgmt.sys [2006-11-30 88624]
S3 se46nd5;Sony Ericsson Device 070 USB Ethernet Emulation SEMC46 (NDIS); C:\WINDOWS\system32\DRIVERS\se46nd5.sys [2006-11-30 18704]
S3 se46obex;Sony Ericsson Device 070 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\se46obex.sys [2006-11-30 86432]
S3 se46unic;Sony Ericsson Device 070 USB Ethernet Emulation SEMC46 (WDM); C:\WINDOWS\system32\DRIVERS\se46unic.sys [2006-11-30 90800]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 vmmouse;VMware Pointing Device; C:\WINDOWS\system32\DRIVERS\vmmouse.sys [2006-08-10 4608]
S3 vmx_svga;vmx_svga; C:\WINDOWS\system32\DRIVERS\vmx_svga.sys [2006-08-10 15744]
S3 vmxnet;VMware Ethernet Adapter Driver; C:\WINDOWS\system32\DRIVERS\vmxnet.sys [2006-08-10 22528]
S3 vulfnths;VIA USB Host Controller Lower Filter; C:\WINDOWS\System32\Drivers\vulfnth.sys [2002-10-24 6912]
S3 w810bus;Sony Ericsson W810 Driver driver (WDM); C:\WINDOWS\system32\DRIVERS\w810bus.sys [2007-10-27 58288]
S3 w810mdfl;Sony Ericsson W810 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\w810mdfl.sys [2007-10-27 8336]
S3 w810mdm;Sony Ericsson W810 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\w810mdm.sys [2007-10-27 94064]
S3 w810mgmt;Sony Ericsson W810 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\w810mgmt.sys [2007-10-27 85408]
S3 w810obex;Sony Ericsson W810 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\w810obex.sys [2007-10-27 83344]
S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2005-02-22 352256]
R2 AVGIDSAgent;AVGIDSAgent; C:\Program Files\AVG\AVG2012\avgidsagent.exe [2012-08-13 5167736]
R2 avgwd;AVG WatchDog; C:\Program Files\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2012-03-31 153376]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe [2001-02-23 270336]
R2 NitroReaderDriverReadSpool;NitroPDFReaderDriverCreatorReadSpool; C:\Program Files\Nitro PDF\Reader\NitroPDFReaderDriverService.exe [2010-09-30 196912]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
R2 vToolbarUpdater12.2.6;vToolbarUpdater12.2.6; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe [2012-09-03 722528]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2004-11-30 516096]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-08-23 136176]
S2 OOD2000;O&O Defrag 2000; C:\WINDOWS\system32\OOD2000.exe [2001-04-06 238080]
S2 VMTools;VMware Tools Service; C:\Program Files\VMware\VMware Tools\VMwareService.exe [2006-08-10 159744]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-13 250808]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 Autodesk Licensing Service;Autodesk Licensing Service; C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe [2012-07-10 77944]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service; C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe [2011-11-10 167264]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-08-23 136176]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2012-09-10 114144]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2008-02-21 800040]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-06-27 279848]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
-----------------EOF-----------------
A teď tedy log z RSIT:
Logfile of random's system information tool 1.09 (written by random/random)
Run by Petr at 2012-10-16 19:14:42
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 41 GB (51%) free of 80 GB
Total RAM: 1023 MB (43% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:15:33, on 16.10.2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Uniblue\SpeedUpMyPC\spmonitor.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Uniblue\RegistryBooster\rbmonitor.exe
C:\Program Files\Nitro PDF\Reader\NitroPDFReaderDriverService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe
C:\Program Files\AVG\AVG2012\avgidsagent.exe
C:\WINDOWS\atiptaxx.exe
C:\PROGRA~1\KYE\GENIUS~1\mouseElf.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\freeCommander\FreeCommander.exe
C:\Nutné pro instalaci\antirootkit\Viry_cz\RSIT.exe
C:\Program Files\trend micro\Petr.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedi ... t=&gc=1&q=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://toolbar.ask.com/toolbarv/askRedi ... &gc=1&q=%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
R3 - URLSearchHook: (no name) - {C94E154B-1459-4A47-966B-4B843BEFC7DB} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\12.2.5.32\AVG Secure Search_toolbar.dll
O2 - BHO: (no name) - {BBE59AF5-EE22-4A3A-AB26-3F774D1B4216} - C:\PROGRA~1\FOLDER~1\FOLDER~1.DLL
O2 - BHO: (no name) - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - (no file)
O2 - BHO: NTIECatcher Class - {C56CB6B0-0D96-11D6-8C65-B2868B609932} - C:\Program Files\Xi\NetTransport 2\NTIEHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - (no file)
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\12.2.5.32\AVG Secure Search_toolbar.dll
O4 - HKLM\..\Run: [ATIPTA] C:\WINDOWS\atiptaxx.exe
O4 - HKLM\..\Run: [mouseElf] C:\PROGRA~1\KYE\GENIUS~1\mouseElf.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files\AVG\AVG2012\avgtray.exe"
O4 - HKLM\..\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe"
O4 - HKLM\..\Run: [ROC_ROC_JULY_P1] "C:\Program Files\AVG Secure Search\ROC_ROC_JULY_P1.exe" / /PROMPT /CMPID=ROC_JULY_P1
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart17.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Stáhnout pomocí Net Transportu - C:\Program Files\Xi\NetTransport 2\NTAddLink.html
O8 - Extra context menu item: Stáhnout vše pomocí &Net Transportu - C:\Program Files\Xi\NetTransport 2\NTAddList.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v ... 5207737859
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\12.2.6\ViProtocol.dll
O20 - Winlogon Notify: TPSvc - TPSvc.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgwdsvc.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NitroPDFReaderDriverCreatorReadSpool (NitroReaderDriverReadSpool) - Nitro PDF Software - C:\Program Files\Nitro PDF\Reader\NitroPDFReaderDriverService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: O&O Defrag 2000 (OOD2000) - O&O Software GmbH - C:\WINDOWS\system32\OOD2000.exe
O23 - Service: VMware Tools Service (VMTools) - VMware, Inc. - C:\Program Files\VMware\VMware Tools\VMwareService.exe
O23 - Service: vToolbarUpdater12.2.6 - Unknown owner - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe
--
End of file - 9881 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\Adobe Flash Player Updater.job
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\RegistryBooster.job
C:\WINDOWS\tasks\SpeedUpMyPC.job
=========Mozilla firefox=========
ProfilePath - C:\Documents and Settings\Petr\Data aplikací\Mozilla\Firefox\Profiles\br0e9z35.Lenka
prefs.js - "browser.startup.homepage" - "google.com"
prefs.js - "extensions.enabledItems" - "{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}:6.0.03, {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}:6.0.05, {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11, {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}:6.0.15, {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}:6.0.17, {20a82645-c095-46ed-80e3-08825760534b}:1.1, {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20, jqs@sun.com:1.0, {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21, {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22, avg@igeared:6.103.018.001, {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:10.0.0.1209, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.17"
prefs.js - "keyword.URL" - "https://isearch.avg.com/search?cid={689 ... 2012-06-07 18:42:50&v=12.2.5.32&sap=ku&q="
"{20a82645-c095-46ed-80e3-08825760534b}"=c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
"{1E73965B-8B48-48be-9C8D-68B920ABC1C4}"=C:\Program Files\AVG\AVG2012\Firefox4\
"avg@toolbar"=C:\Documents and Settings\All Users\Data aplikací\AVG Secure Search\12.2.5.32\
"jqs@sun.com"=C:\Program Files\Java\jre6\lib\deploy\jqs\ff
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.4.402.287 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin]
"Description"=
"Path"=C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\12.2.6\\npsitesafety.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Google.com/GoogleEarthPlugin]
"Description"=Google Earth in your browser
"Path"=C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2240]
"Description"=RealMedia Plugin
"Path"=C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1348]
"Description"=RealPlayer Version Plugin
"Path"=C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=]
"Description"=
"Path"=
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
C:\Program Files\Mozilla Firefox\\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}
{AB2CE124-6272-4b12-94A9-7303C7397BD1}
C:\Program Files\Mozilla Firefox\\components\
AskSearch.js
binary.manifest
browsercomps.dll
nsIQTScriptablePlugin.xpt
C:\Program Files\Mozilla Firefox\\plugins\
npdeployJava1.dll
nppdf32.dll
npqtplugin.dll
npqtplugin2.dll
npqtplugin3.dll
npqtplugin4.dll
npqtplugin5.dll
npqtplugin6.dll
npqtplugin7.dll
QuickTimePlugin.class
C:\Program Files\Mozilla Firefox\\searchplugins\
avg-secure-search.xml
conduit.xml
google.xml
heureka-cz.xml
jyxo-cz.xml
mall-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-07-27 63944]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG2012\avgssie.dll [2012-06-24 1417336]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre6\bin\ssv.dll [2012-03-31 325408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
AVG Security Toolbar - C:\Program Files\AVG Secure Search\12.2.5.32\AVG Secure Search_toolbar.dll [2012-09-03 1734240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BBE59AF5-EE22-4A3A-AB26-3F774D1B4216}]
C:\PROGRA~1\FOLDER~1\FOLDER~1.DLL [2003-02-20 402944]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C451C08A-EC37-45DF-AAAD-18B51AB5E837}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C56CB6B0-0D96-11D6-8C65-B2868B609932}]
NTIECatcher Class - C:\Program Files\Xi\NetTransport 2\NTIEHelper.dll [2003-12-15 49152]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2012-03-31 42272]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2012-03-31 79648]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{31CF9EBE-5755-4A1D-AC25-2834D952D9B4}
{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
{95B7759C-8C7F-4BF1-B163-73684A933233} - AVG Security Toolbar - C:\Program Files\AVG Secure Search\12.2.5.32\AVG Secure Search_toolbar.dll [2012-09-03 1734240]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"=C:\WINDOWS\atiptaxx.exe [2003-09-12 335872]
"mouseElf"=C:\PROGRA~1\KYE\GENIUS~1\mouseElf.exe [2002-05-20 151552]
"WinampAgent"=C:\Program Files\Winamp\winampa.exe [2008-01-16 37376]
"NBKeyScan"=C:\Program Files\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe [2008-02-21 1647912]
"AVG_TRAY"=C:\Program Files\AVG\AVG2012\avgtray.exe [2012-07-31 2596984]
"vProt"=C:\Program Files\AVG Secure Search\vprot.exe [2012-09-03 947808]
"ROC_ROC_JULY_P1"=C:\Program Files\AVG Secure Search\ROC_ROC_JULY_P1.exe [2012-09-03 1022048]
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\daemon.exe [2008-04-01 486856]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe [2002-03-28 188416]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
[]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2006-09-01 282624]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Common Files\Java\Java Update\jusched.exe [2012-01-18 254696]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VMware Tools]
C:\Program Files\VMware\VMware Tools\VMwareTray.exe [2006-08-10 49152]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VMware User Process]
C:\Program Files\VMware\VMware Tools\VMwareUser.exe [2006-08-10 114688]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^InterVideo WinCinema Manager.lnk]
[]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^NkvMon.exe.lnk]
C:\PROGRA~1\Nikon\NkView5\NkvMon.exe [2002-04-24 233472]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Petr^Nabídka Start^Programy^Po spuštění^Registration-Studio 8.lnk]
C:\PROGRA~1\Pinnacle\STUDIO~1\Register\RegTool.exe [2002-09-26 245760]
C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
AutoCAD Startup Accelerator.lnk - C:\Program Files\Common Files\Autodesk Shared\acstart17.exe
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2005-02-22 61440]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\TPSvc]
TPSvc.dll []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\Program Files\Grisoft\AVG Free\avginet.exe"="C:\Program Files\Grisoft\AVG Free\avginet.exe:*:Enabled:avginet.exe"
"C:\Program Files\Grisoft\AVG Free\avgcc.exe"="C:\Program Files\Grisoft\AVG Free\avgcc.exe:*:Enabled:avgcc.exe"
"C:\Program Files\Grisoft\AVG Free\avgamsvr.exe"="C:\Program Files\Grisoft\AVG Free\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG8\avgemc.exe"="C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Mozilla Thunderbird\thunderbird.exe"="C:\Program Files\Mozilla Thunderbird\thunderbird.exe:*:Enabled:Mozilla Thunderbird"
"C:\Program Files\Java\jre6\bin\javaw.exe"="C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Program Files\Java\jre6\bin\java.exe"="C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Program Files\Google\Google Earth\plugin\geplugin.exe"="C:\Program Files\Google\Google Earth\plugin\geplugin.exe:*:Enabled:Google Earth"
"C:\Program Files\AVG\AVG10\avgmfapx.exe"="C:\Program Files\AVG\AVG10\avgmfapx.exe:*:Enabled:Instalátor AVG"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\Kerio\Personal Firewall\PERSFW.exe"="C:\Program Files\Kerio\Personal Firewall\PERSFW.exe:*:Disabled:Kerio Personal Firewall Engine"
"C:\Program Files\Java\jre6\launch4j-tmp\frd.exe"="C:\Program Files\Java\jre6\launch4j-tmp\frd.exe:*:Disabled:Java(TM) Platform SE binary"
"C:\Program Files\AVG\AVG2012\avgmfapx.exe"="C:\Program Files\AVG\AVG2012\avgmfapx.exe:*:Enabled:Instalátor AVG"
"C:\Program Files\AVG\AVG2012\avgnsx.exe"="C:\Program Files\AVG\AVG2012\avgnsx.exe:*:Enabled:Webový štít"
"C:\Program Files\AVG\AVG2012\avgdiagex.exe"="C:\Program Files\AVG\AVG2012\avgdiagex.exe:*:Enabled:AVG Diagnostika 2012"
"C:\flexlm\nexis\lmgrd.exe"="C:\flexlm\nexis\lmgrd.exe:*:Enabled:lmgrd"
"C:\flexlm\nexis\scia.exe"="C:\flexlm\nexis\scia.exe:*:Enabled:scia"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"VIDC.I420"=i420vfw.dll
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"VIDC.IYUV"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVU9"=tsbyuv.dll
"VIDC.YVYU"=msyuv.dll
"wavemapper"=msacm32.drv
"wave"=serwvdrv.dll
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"VIDC.MPG4"=mpg4c32.dll
"VIDC.MP42"=mpg4c32.dll
"VIDC.PIM1"=pclepim1.dll
"MSVideo8"=VfWWDM32.dll
"wave2"=serwvdrv.dll
"wave1"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"VIDC.WMV3"=wmv9vcm.dll
"vidc.XVID"=xvidvfw.dll
"vidc.yv12"=yv12vfw.dll
======File associations======
.scr - open - "C:\WINDOWS\system32\NOTEPAD.EXE" "%1"
.scr - install -
.scr - config -
======List of files/folders created in the last 1 month======
2012-10-16 19:14:43 ----D---- C:\Program Files\trend micro
2012-10-16 19:14:42 ----D---- C:\rsit
2012-10-15 20:03:09 ----D---- C:\Program Files\Sophos
2012-10-15 19:55:10 ----A---- C:\TDSSKiller.2.8.13.0_15.10.2012_19.55.10_log.txt
2012-10-10 23:05:16 ----HDC---- C:\WINDOWS\$NtUninstallKB2724197$
2012-10-10 22:59:42 ----HDC---- C:\WINDOWS\$NtUninstallKB2756822$
2012-10-10 22:59:32 ----HDC---- C:\WINDOWS\$NtUninstallKB2749655$
2012-10-10 22:59:15 ----A---- C:\WINDOWS\imsins.BAK
2012-10-10 22:59:09 ----HDC---- C:\WINDOWS\$NtUninstallKB2661254-v2$
2012-10-07 19:56:08 ----D---- C:\flexlm
2012-10-01 21:00:51 ----D---- C:\Documents and Settings\All Users\Data aplikací\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1}
2012-09-17 20:21:11 ----D---- C:\Program Files\FBReader
2012-09-17 18:00:56 ----D---- C:\Program Files\CrystalDiskInfo
======List of files/folders modified in the last 1 month======
2012-10-16 19:14:43 ----D---- C:\Program Files
2012-10-16 19:14:27 ----D---- C:\WINDOWS\Prefetch
2012-10-16 19:13:53 ----D---- C:\Program Files\freeCommander
2012-10-16 19:09:41 ----D---- C:\Program Files\Mozilla Firefox
2012-10-16 18:51:48 ----D---- C:\WINDOWS\Temp
2012-10-16 18:51:44 ----D---- C:\WINDOWS\system32\CatRoot2
2012-10-16 18:49:08 ----A---- C:\WINDOWS\SchedLgU.Txt
2012-10-16 00:01:57 ----D---- C:\Program Files\Mozilla Thunderbird
2012-10-15 21:52:54 ----D---- C:\WINDOWS
2012-10-15 20:23:09 ----D---- C:\WINDOWS\system32
2012-10-15 19:55:14 ----D---- C:\WINDOWS\system32\drivers
2012-10-15 19:54:54 ----D---- C:\Nutné pro instalaci
2012-10-15 18:32:27 ----D---- C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy
2012-10-14 23:24:00 ----D---- C:\Documents and Settings\All Users\Data aplikací\MFAData
2012-10-14 22:12:35 ----D---- C:\WINDOWS\system32\drivers\AVG
2012-10-14 16:57:15 ----D---- C:\Documents and Settings\Petr\Data aplikací\Nitro PDF
2012-10-13 23:05:44 ----D---- C:\WINDOWS\security
2012-10-13 19:39:54 ----A---- C:\WINDOWS\system32\FlashPlayerApp.exe
2012-10-10 23:05:38 ----SHDC---- C:\WINDOWS\system32\dllcache
2012-10-10 23:05:25 ----HD---- C:\WINDOWS\inf
2012-10-10 23:00:17 ----D---- C:\WINDOWS\Debug
2012-10-10 23:00:03 ----A---- C:\WINDOWS\system32\MRT.exe
2012-10-10 22:15:28 ----HD---- C:\WINDOWS\$hf_mig$
2012-10-03 00:07:08 ----D---- C:\SCAN
2012-10-01 23:41:58 ----D---- C:\WINDOWS\system32\config
2012-10-01 21:19:30 ----SD---- C:\WINDOWS\Tasks
2012-10-01 21:19:02 ----D---- C:\Program Files\Uniblue
2012-10-01 21:19:02 ----D---- C:\Documents and Settings\Petr\Data aplikací\Uniblue
2012-10-01 21:11:43 ----D---- C:\Documents and Settings\All Users\Data aplikací\SecTaskMan
2012-10-01 08:20:19 ----D---- C:\spv
2012-09-23 16:41:22 ----D---- C:\Program Files\Internet Explorer
2012-09-23 16:41:07 ----D---- C:\WINDOWS\ie8updates
2012-09-18 21:38:32 ----SHD---- C:\WINDOWS\Installer
2012-09-17 23:10:13 ----D---- C:\Documents and Settings\Petr\Data aplikací\XnView
2012-09-17 22:03:09 ----D---- C:\Documents and Settings\Petr\Data aplikací\Help
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 AVGIDSHX;AVGIDSHX; C:\WINDOWS\system32\DRIVERS\avgidshx.sys [2012-04-19 24896]
R0 Avgrkx86;AVG Anti-Rootkit Driver; C:\WINDOWS\system32\DRIVERS\avgrkx86.sys [2012-01-31 31952]
R0 ohci1394;Hostitelský řadič IEEE 1394 dle standardu OHCI VIA; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2008-04-13 61696]
R0 PxHelp20;PxHelp20; C:\WINDOWS\system32\DRIVERS\PxHelp20.sys [2007-03-08 43528]
R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2008-05-18 717296]
R0 uagp35;Filtr Microsoft AGPv3.5; C:\WINDOWS\system32\DRIVERS\uagp35.sys [2008-04-13 44672]
R0 vmscsi;vmscsi; C:\WINDOWS\system32\DRIVERS\vmscsi.sys [2006-08-10 10880]
R1 AmdK7;Ovladač procesoru AMD K7; C:\WINDOWS\system32\DRIVERS\amdk7.sys [2008-04-14 41600]
R1 Avgldx86;AVG AVI Loader Driver; C:\WINDOWS\system32\DRIVERS\avgldx86.sys [2012-07-26 237408]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield; C:\WINDOWS\system32\DRIVERS\avgmfx86.sys [2011-12-23 41040]
R1 Avgtdix;AVG TDI Driver; C:\WINDOWS\system32\DRIVERS\avgtdix.sys [2012-08-24 301920]
R1 avgtp;avgtp; \??\C:\WINDOWS\system32\drivers\avgtpx86.sys []
R1 BANTExt;Belarc SMBios Access; C:\WINDOWS\System32\Drivers\BANTExt.sys [2011-08-09 3840]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 oreans32;oreans32; \??\C:\WINDOWS\system32\drivers\oreans32.sys []
R2 Aspi32;Aspi32; C:\WINDOWS\system32\drivers\Aspi32.sys [2002-07-17 16877]
R2 hardlock;hardlock; \??\C:\WINDOWS\system32\drivers\hardlock.sys []
R3 Afc;PPdus ASPI Shell; C:\WINDOWS\system32\drivers\Afc.sys [2006-11-10 18688]
R3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2005-02-22 986624]
R3 AVGIDSDriver;AVGIDSDriver; C:\WINDOWS\system32\DRIVERS\avgidsdriverx.sys [2011-12-23 139856]
R3 AVGIDSFilter;AVGIDSFilter; C:\WINDOWS\system32\DRIVERS\avgidsfilterx.sys [2011-12-23 24144]
R3 AVGIDSShim;AVGIDSShim; C:\WINDOWS\system32\DRIVERS\avgidsshimx.sys [2011-12-23 17232]
R3 b57w2k;Broadcom NetXtreme Gigabit Ethernet; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2003-05-21 175360]
R3 cmuda;C-Media WDM Audio Interface; C:\WINDOWS\system32\drivers\cmuda.sys [2005-05-12 1332544]
R3 GcKernel;Ovladač filtru Microsoft SideWinder Value Add; C:\WINDOWS\system32\DRIVERS\GcKernel.sys [2008-04-13 59136]
R3 genmcmn;Genius NetScroll Optical Mouse Driver; C:\WINDOWS\system32\DRIVERS\gmfiltr.sys [2002-05-17 6656]
R3 HIDSwvd;Miniovladač stanadardu HID Microsoft SideWinder Virtual; C:\WINDOWS\system32\DRIVERS\HIDSwvd.sys [2001-08-17 2688]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 pfc;PADUS ASPI SHELL; C:\WINDOWS\system32\drivers\pfc.sys [2002-06-13 14604]
R3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 vulfntrs;VIA USB Roothub Lower Filter; C:\WINDOWS\System32\Drivers\vulfntr.sys [2002-11-13 10496]
S2 ADILOADER;General Purpose USB Driver (adildr.sys); C:\WINDOWS\system32\drivers\ADILOADER.sys []
S3 61883;61883 Unit Device; C:\WINDOWS\system32\DRIVERS\61883.sys [2008-04-13 48128]
S3 a0ji94k3;a0ji94k3; C:\WINDOWS\system32\drivers\a0ji94k3.sys []
S3 adiusbaw;USB ADSL WAN Adapter; C:\WINDOWS\system32\drivers\adiusbaw.sys []
S3 Avc;AVC Device; C:\WINDOWS\system32\DRIVERS\avc.sys [2008-04-13 38912]
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 dtscsi;dtscsi; C:\WINDOWS\system32\drivers\dtscsi.sys []
S3 epmntdrv;epmntdrv; \??\C:\WINDOWS\system32\epmntdrv.sys []
S3 EuGdiDrv;EuGdiDrv; \??\C:\WINDOWS\system32\EuGdiDrv.sys []
S3 ggsemc;SEMC USB Flash Driver; C:\WINDOWS\system32\DRIVERS\ggsemc.sys [2007-10-31 19424]
S3 GMSIPCI;GMSIPCI; \??\F:\INSTALL\GMSIPCI.SYS []
S3 ltmodem5;LT Modem Driver; C:\WINDOWS\system32\DRIVERS\ltmdmnt.sys [2004-08-17 606556]
S3 MEMSWEEP2;MEMSWEEP2; \??\C:\WINDOWS\system32\58.tmp []
S3 MFE_RR;MFE_RR; \??\C:\DOCUME~1\Petr\LOCALS~1\Temp\mfe_rr.sys []
S3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
S3 MSDV;Microsoft DV Camera and VCR; C:\WINDOWS\system32\DRIVERS\msdv.sys [2008-04-13 51200]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 Pcouffin;Low level access layer for CD devices; C:\WINDOWS\system32\drivers\Pcouffin.sys []
S3 SD;SD; C:\WINDOWS\system32\drivers\SD.sys []
S3 se46bus;Sony Ericsson Device 070 driver (WDM); C:\WINDOWS\system32\DRIVERS\se46bus.sys [2006-11-30 61536]
S3 se46mdfl;Sony Ericsson Device 070 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\se46mdfl.sys [2006-11-30 9360]
S3 se46mdm;Sony Ericsson Device 070 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\se46mdm.sys [2006-11-30 97088]
S3 se46mgmt;Sony Ericsson Device 070 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\se46mgmt.sys [2006-11-30 88624]
S3 se46nd5;Sony Ericsson Device 070 USB Ethernet Emulation SEMC46 (NDIS); C:\WINDOWS\system32\DRIVERS\se46nd5.sys [2006-11-30 18704]
S3 se46obex;Sony Ericsson Device 070 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\se46obex.sys [2006-11-30 86432]
S3 se46unic;Sony Ericsson Device 070 USB Ethernet Emulation SEMC46 (WDM); C:\WINDOWS\system32\DRIVERS\se46unic.sys [2006-11-30 90800]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 vmmouse;VMware Pointing Device; C:\WINDOWS\system32\DRIVERS\vmmouse.sys [2006-08-10 4608]
S3 vmx_svga;vmx_svga; C:\WINDOWS\system32\DRIVERS\vmx_svga.sys [2006-08-10 15744]
S3 vmxnet;VMware Ethernet Adapter Driver; C:\WINDOWS\system32\DRIVERS\vmxnet.sys [2006-08-10 22528]
S3 vulfnths;VIA USB Host Controller Lower Filter; C:\WINDOWS\System32\Drivers\vulfnth.sys [2002-10-24 6912]
S3 w810bus;Sony Ericsson W810 Driver driver (WDM); C:\WINDOWS\system32\DRIVERS\w810bus.sys [2007-10-27 58288]
S3 w810mdfl;Sony Ericsson W810 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\w810mdfl.sys [2007-10-27 8336]
S3 w810mdm;Sony Ericsson W810 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\w810mdm.sys [2007-10-27 94064]
S3 w810mgmt;Sony Ericsson W810 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\w810mgmt.sys [2007-10-27 85408]
S3 w810obex;Sony Ericsson W810 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\w810obex.sys [2007-10-27 83344]
S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2005-02-22 352256]
R2 AVGIDSAgent;AVGIDSAgent; C:\Program Files\AVG\AVG2012\avgidsagent.exe [2012-08-13 5167736]
R2 avgwd;AVG WatchDog; C:\Program Files\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2012-03-31 153376]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe [2001-02-23 270336]
R2 NitroReaderDriverReadSpool;NitroPDFReaderDriverCreatorReadSpool; C:\Program Files\Nitro PDF\Reader\NitroPDFReaderDriverService.exe [2010-09-30 196912]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
R2 vToolbarUpdater12.2.6;vToolbarUpdater12.2.6; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe [2012-09-03 722528]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2004-11-30 516096]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-08-23 136176]
S2 OOD2000;O&O Defrag 2000; C:\WINDOWS\system32\OOD2000.exe [2001-04-06 238080]
S2 VMTools;VMware Tools Service; C:\Program Files\VMware\VMware Tools\VMwareService.exe [2006-08-10 159744]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-13 250808]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 Autodesk Licensing Service;Autodesk Licensing Service; C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe [2012-07-10 77944]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service; C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe [2011-11-10 167264]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-08-23 136176]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2012-09-10 114144]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2008-02-21 800040]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-06-27 279848]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
-----------------EOF-----------------
Re: rootkit sprb.sys
...a ještě log z TDSSKiller...19:21:50.0984 2264 TDSS rootkit removing tool 2.8.13.0 Oct 12 2012 17:26:47
19:21:51.0125 2264 ============================================================
19:21:51.0125 2264 Current date / time: 2012/10/16 19:21:51.0125
19:21:51.0125 2264 SystemInfo:
19:21:51.0125 2264
19:21:51.0125 2264 OS Version: 5.1.2600 ServicePack: 3.0
19:21:51.0125 2264 Product type: Workstation
19:21:51.0125 2264 ComputerName: KADIL
19:21:51.0125 2264 UserName: Petr
19:21:51.0125 2264 Windows directory: C:\WINDOWS
19:21:51.0125 2264 System windows directory: C:\WINDOWS
19:21:51.0125 2264 Processor architecture: Intel x86
19:21:51.0125 2264 Number of processors: 1
19:21:51.0125 2264 Page size: 0x1000
19:21:51.0125 2264 Boot type: Normal boot
19:21:51.0125 2264 ============================================================
19:21:52.0703 2264 Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
19:21:52.0718 2264 Drive \Device\Harddisk1\DR1 - Size: 0x2E93E36000 (186.31 Gb), SectorSize: 0x200, Cylinders: 0x5F01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
19:21:52.0750 2264 ============================================================
19:21:52.0750 2264 \Device\Harddisk0\DR0:
19:21:52.0750 2264 MBR partitions:
19:21:52.0750 2264 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x9C40001
19:21:52.0796 2264 \Device\Harddisk1\DR1:
19:21:52.0796 2264 MBR partitions:
19:21:52.0812 2264 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x4E4DF76, BlocksNum 0x126480C9
19:21:52.0828 2264 ============================================================
19:21:52.0890 2264 C: <-> \Device\Harddisk0\DR0\Partition1
19:21:52.0921 2264 G: <-> \Device\Harddisk1\DR1\Partition1
19:21:52.0921 2264 ============================================================
19:21:52.0921 2264 Initialize success
19:21:52.0921 2264 ============================================================
19:22:18.0062 2680 ============================================================
19:22:18.0062 2680 Scan started
19:22:18.0062 2680 Mode: Manual; SigCheck; TDLFS;
19:22:18.0062 2680 ============================================================
19:22:18.0765 2680 ================ Scan system memory ========================
19:22:18.0781 2680 System memory - ok
19:22:18.0781 2680 ================ Scan services =============================
19:22:19.0000 2680 [ 914A9709FC3BF419AD2F85547F2A4832 ] 61883 C:\WINDOWS\system32\DRIVERS\61883.sys
19:22:19.0609 2680 61883 - ok
19:22:19.0625 2680 Abiosdsk - ok
19:22:19.0640 2680 abp480n5 - ok
19:22:19.0687 2680 [ 4FE34F1F3126B61FCC6B2043AA8112C9 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
19:22:19.0906 2680 ACPI - ok
19:22:19.0953 2680 [ AFDFF022A01F0B11C776F0860C3B282F ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
19:22:20.0203 2680 ACPIEC - ok
19:22:20.0203 2680 ADILOADER - ok
19:22:20.0218 2680 adiusbaw - ok
19:22:20.0296 2680 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
19:22:20.0328 2680 AdobeFlashPlayerUpdateSvc - ok
19:22:20.0343 2680 adpu160m - ok
19:22:20.0375 2680 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
19:22:20.0593 2680 aec - ok
19:22:20.0640 2680 [ FE3EA6E9AFC1A78E6EDCA121E006AFB7 ] Afc C:\WINDOWS\system32\drivers\Afc.sys
19:22:20.0687 2680 Afc - ok
19:22:20.0734 2680 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
19:22:20.0843 2680 AFD - ok
19:22:20.0875 2680 Aha154x - ok
19:22:20.0890 2680 aic78u2 - ok
19:22:20.0906 2680 aic78xx - ok
19:22:20.0953 2680 [ E0A6FA244B8624D78FE5FF6F56A33BAE ] Alerter C:\WINDOWS\system32\alrsvc.dll
19:22:21.0171 2680 Alerter - ok
19:22:21.0203 2680 [ 88842DE939A827577BF24243699AC80A ] ALG C:\WINDOWS\System32\alg.exe
19:22:21.0421 2680 ALG - ok
19:22:21.0437 2680 AliIde - ok
19:22:21.0484 2680 [ 3980814F8027D27EA003E2E3D9D4F604 ] AmdK7 C:\WINDOWS\system32\DRIVERS\amdk7.sys
19:22:21.0734 2680 AmdK7 - ok
19:22:21.0750 2680 amsint - ok
19:22:21.0812 2680 [ 6B8E7A90E576D4FE308F97C69060A171 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
19:22:22.0015 2680 AppMgmt - ok
19:22:22.0062 2680 [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys
19:22:22.0281 2680 Arp1394 - ok
19:22:22.0281 2680 asc - ok
19:22:22.0296 2680 asc3350p - ok
19:22:22.0312 2680 asc3550 - ok
19:22:22.0390 2680 [ 5B01AF89D16D562825C4DB4530F20CBB ] Aspi32 C:\WINDOWS\system32\drivers\Aspi32.sys
19:22:22.0421 2680 Aspi32 ( UnsignedFile.Multi.Generic ) - warning
19:22:22.0421 2680 Aspi32 - detected UnsignedFile.Multi.Generic (1)
19:22:22.0531 2680 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
19:22:22.0609 2680 aspnet_state - ok
19:22:22.0625 2680 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
19:22:22.0843 2680 AsyncMac - ok
19:22:22.0875 2680 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
19:22:23.0093 2680 atapi - ok
19:22:23.0109 2680 Atdisk - ok
19:22:23.0156 2680 [ D6C058E35B19F2999966E85433AFD760 ] Ati HotKey Poller C:\WINDOWS\system32\Ati2evxx.exe
19:22:23.0296 2680 Ati HotKey Poller - ok
19:22:23.0359 2680 [ 8A8430CBFB49A4F3ED4131881C60997D ] ATI Smart C:\WINDOWS\system32\ati2sgag.exe
19:22:23.0421 2680 ATI Smart ( UnsignedFile.Multi.Generic ) - warning
19:22:23.0421 2680 ATI Smart - detected UnsignedFile.Multi.Generic (1)
19:22:23.0500 2680 [ 56C198EC46B4AD3153AA748C89178E86 ] ati2mtag C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
19:22:23.0625 2680 ati2mtag - ok
19:22:23.0656 2680 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
19:22:23.0875 2680 Atmarpc - ok
19:22:23.0921 2680 [ DE31B88962A8645DBA5A37B993E7B0F1 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
19:22:24.0125 2680 AudioSrv - ok
19:22:24.0171 2680 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
19:22:24.0421 2680 audstub - ok
19:22:24.0546 2680 [ 32A5DEFDDC3562BF89D73586F5915B34 ] Autodesk Licensing Service C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
19:22:24.0734 2680 Autodesk Licensing Service - ok
19:22:24.0781 2680 [ F8E6956A614F15A0860474C5E2A7DE6B ] Avc C:\WINDOWS\system32\DRIVERS\avc.sys
19:22:25.0000 2680 Avc - ok
19:22:25.0125 2680 [ D45B7995761253A92AB071D576114F28 ] AVG Security Toolbar Service C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe
19:22:25.0156 2680 AVG Security Toolbar Service - ok
19:22:25.0406 2680 [ F6A528DE535396C2FB1A4E3C6F00CEC4 ] AVGIDSAgent C:\Program Files\AVG\AVG2012\avgidsagent.exe
19:22:25.0703 2680 AVGIDSAgent - ok
19:22:25.0750 2680 [ 1074F787080068C71303B61FAE7E7CA4 ] AVGIDSDriver C:\WINDOWS\system32\DRIVERS\avgidsdriverx.sys
19:22:25.0796 2680 AVGIDSDriver - ok
19:22:25.0812 2680 [ 61A7E0B02F82CFF3DB2445BBE50B3589 ] AVGIDSFilter C:\WINDOWS\system32\DRIVERS\avgidsfilterx.sys
19:22:25.0828 2680 AVGIDSFilter - ok
19:22:25.0859 2680 [ D63D83659EEDF60B3A3E620281A888E5 ] AVGIDSHX C:\WINDOWS\system32\DRIVERS\avgidshx.sys
19:22:25.0890 2680 AVGIDSHX - ok
19:22:25.0921 2680 [ BAF975B72062F53D327788E99D64197E ] AVGIDSShim C:\WINDOWS\system32\DRIVERS\avgidsshimx.sys
19:22:25.0937 2680 AVGIDSShim - ok
19:22:25.0984 2680 [ DCB09125C8B4766A88C86914B65487C1 ] Avgldx86 C:\WINDOWS\system32\DRIVERS\avgldx86.sys
19:22:26.0015 2680 Avgldx86 - ok
19:22:26.0046 2680 [ CCDD61545AAEA265977E4B1EFDC74E8C ] Avgmfx86 C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
19:22:26.0062 2680 Avgmfx86 - ok
19:22:26.0078 2680 [ 1FD90B28D2C3100BF4500199C8AD6358 ] Avgrkx86 C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
19:22:26.0109 2680 Avgrkx86 - ok
19:22:26.0156 2680 [ C0BC3B2E3FD625E7F55E1FF863E94592 ] Avgtdix C:\WINDOWS\system32\DRIVERS\avgtdix.sys
19:22:26.0187 2680 Avgtdix - ok
19:22:26.0218 2680 [ 6F76908F065C3C151C4BFCA7DFD86979 ] avgtp C:\WINDOWS\system32\drivers\avgtpx86.sys
19:22:26.0250 2680 avgtp - ok
19:22:26.0281 2680 [ EA1145DEBCD508FD25BD1E95C4346929 ] avgwd C:\Program Files\AVG\AVG2012\avgwdsvc.exe
19:22:26.0312 2680 avgwd - ok
19:22:26.0359 2680 [ B9543B0C771FEAB7CA095303007A159C ] b57w2k C:\WINDOWS\system32\DRIVERS\b57xp32.sys
19:22:26.0437 2680 b57w2k - ok
19:22:26.0484 2680 [ 5D7BE7B19E827125E016325334E58FF1 ] BANTExt C:\WINDOWS\System32\Drivers\BANTExt.sys
19:22:26.0500 2680 BANTExt ( UnsignedFile.Multi.Generic ) - warning
19:22:26.0500 2680 BANTExt - detected UnsignedFile.Multi.Generic (1)
19:22:26.0546 2680 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
19:22:26.0812 2680 Beep - ok
19:22:26.0859 2680 [ 19395D092FD85DDC2D9C7729CF5A2AC8 ] BITS C:\WINDOWS\system32\qmgr.dll
19:22:27.0125 2680 BITS - ok
19:22:27.0171 2680 [ 89E739BBA5F636297EA5B5F811189E06 ] Browser C:\WINDOWS\System32\browser.dll
19:22:27.0281 2680 Browser - ok
19:22:27.0312 2680 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
19:22:27.0562 2680 cbidf2k - ok
19:22:27.0593 2680 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
19:22:27.0812 2680 CCDECODE - ok
19:22:27.0828 2680 cd20xrnt - ok
19:22:27.0875 2680 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
19:22:28.0156 2680 Cdaudio - ok
19:22:28.0187 2680 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
19:22:28.0406 2680 Cdfs - ok
19:22:28.0437 2680 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
19:22:28.0656 2680 Cdrom - ok
19:22:28.0671 2680 Changer - ok
19:22:28.0718 2680 [ E390DC1D7C461D7D56EC53402F329928 ] CiSvc C:\WINDOWS\system32\cisvc.exe
19:22:28.0937 2680 CiSvc - ok
19:22:28.0968 2680 [ 064507A8DFA8C5C7E2FFDDD3E6F424FA ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
19:22:29.0187 2680 ClipSrv - ok
19:22:29.0218 2680 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:22:29.0421 2680 clr_optimization_v2.0.50727_32 - ok
19:22:29.0453 2680 [ 0F6C187D38D98F8DF904589A5F94D411 ] CmBatt C:\WINDOWS\system32\DRIVERS\CmBatt.sys
19:22:29.0656 2680 CmBatt - ok
19:22:29.0687 2680 CmdIde - ok
19:22:29.0765 2680 [ E5ADEEF2C0DB43964223F408F1FCC97E ] cmuda C:\WINDOWS\system32\drivers\cmuda.sys
19:22:29.0968 2680 cmuda - ok
19:22:30.0000 2680 [ 6E4C9F21F0FAE8940661144F41B13203 ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys
19:22:30.0218 2680 Compbatt - ok
19:22:30.0218 2680 COMSysApp - ok
19:22:30.0265 2680 Cpqarray - ok
19:22:30.0312 2680 [ F3AB0933CBD166D271992F411C27CCAF ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
19:22:30.0515 2680 CryptSvc - ok
19:22:30.0531 2680 dac2w2k - ok
19:22:30.0546 2680 dac960nt - ok
19:22:30.0609 2680 [ BE27674D1CBC3214AEC84B4336A38BBF ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
19:22:30.0750 2680 DcomLaunch - ok
19:22:30.0796 2680 [ 8C9A53E285AC5E6704844D0459EC85BE ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
19:22:31.0015 2680 Dhcp - ok
19:22:31.0062 2680 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
19:22:31.0281 2680 Disk - ok
19:22:31.0296 2680 dmadmin - ok
19:22:31.0359 2680 [ DB5FD2BF5B07DC54BFCB3664FF05BD7C ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
19:22:31.0640 2680 dmboot - ok
19:22:31.0671 2680 [ FFF1720AF51171F32F1EAD5CF71F2810 ] dmio C:\WINDOWS\system32\drivers\dmio.sys
19:22:31.0890 2680 dmio - ok
19:22:31.0937 2680 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
19:22:32.0187 2680 dmload - ok
19:22:32.0218 2680 [ 2BFEFE9E865655A76982F050450B9591 ] dmserver C:\WINDOWS\System32\dmserver.dll
19:22:32.0437 2680 dmserver - ok
19:22:32.0468 2680 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
19:22:32.0687 2680 DMusic - ok
19:22:32.0718 2680 [ DFAA406BF19F4EE806A6F8D4342137F7 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
19:22:32.0875 2680 Dnscache - ok
19:22:32.0921 2680 [ 4A3E2BD20157A0946751229E92EB8621 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
19:22:33.0125 2680 Dot3svc - ok
19:22:33.0140 2680 dpti2o - ok
19:22:33.0187 2680 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
19:22:33.0390 2680 drmkaud - ok
19:22:33.0406 2680 dtscsi - ok
19:22:33.0468 2680 [ 0887D9C2BE8D940778CAD1E3B85F2A41 ] EapHost C:\WINDOWS\System32\eapsvc.dll
19:22:33.0687 2680 EapHost - ok
19:22:33.0750 2680 [ F07BA56B0235F15EFF8F10DC6389C42E ] epmntdrv C:\WINDOWS\system32\epmntdrv.sys
19:22:33.0812 2680 epmntdrv ( UnsignedFile.Multi.Generic ) - warning
19:22:33.0812 2680 epmntdrv - detected UnsignedFile.Multi.Generic (1)
19:22:33.0875 2680 [ A2A4912798F2BE706ABADD3D30800D16 ] ERSvc C:\WINDOWS\System32\ersvc.dll
19:22:34.0062 2680 ERSvc - ok
19:22:34.0093 2680 [ 1F2F4AB15CE03ECC257FEB2F6DC5A013 ] EuGdiDrv C:\WINDOWS\system32\EuGdiDrv.sys
19:22:34.0125 2680 EuGdiDrv ( UnsignedFile.Multi.Generic ) - warning
19:22:34.0125 2680 EuGdiDrv - detected UnsignedFile.Multi.Generic (1)
19:22:34.0171 2680 [ 9EF697AF07BB8DD82C3B02CA953A95B7 ] Eventlog C:\WINDOWS\system32\services.exe
19:22:34.0281 2680 Eventlog - ok
19:22:34.0359 2680 [ A371F11EF07653591C8DE26AFB13CE7F ] EventSystem C:\WINDOWS\system32\es.dll
19:22:34.0531 2680 EventSystem - ok
19:22:34.0578 2680 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
19:22:34.0781 2680 Fastfat - ok
19:22:34.0812 2680 [ EE9A2B9EA968A792A053C9D1A86BF870 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
19:22:34.0890 2680 FastUserSwitchingCompatibility - ok
19:22:34.0953 2680 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
19:22:35.0171 2680 Fdc - ok
19:22:35.0203 2680 [ AC366695A0796560AA37215AD5762AAF ] Fips C:\WINDOWS\system32\drivers\Fips.sys
19:22:35.0421 2680 Fips - ok
19:22:35.0453 2680 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
19:22:35.0640 2680 Flpydisk - ok
19:22:35.0703 2680 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
19:22:35.0921 2680 FltMgr - ok
19:22:36.0031 2680 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
19:22:36.0078 2680 FontCache3.0.0.0 - ok
19:22:36.0109 2680 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
19:22:36.0359 2680 Fs_Rec - ok
19:22:36.0375 2680 [ 4E664D8541DB4A66B73A24257E322E1F ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
19:22:36.0656 2680 Ftdisk - ok
19:22:36.0687 2680 [ 72FE2BEA6863D4EB93442A1C4FB5CA48 ] GcKernel C:\WINDOWS\system32\DRIVERS\GcKernel.sys
19:22:36.0890 2680 GcKernel - ok
19:22:36.0937 2680 [ 7DB82DB3E3D6E2D00947272B8F5FE186 ] genmcmn C:\WINDOWS\system32\DRIVERS\gmfiltr.sys
19:22:36.0937 2680 genmcmn ( UnsignedFile.Multi.Generic ) - warning
19:22:36.0937 2680 genmcmn - detected UnsignedFile.Multi.Generic (1)
19:22:37.0000 2680 [ 08AAC2CF88F2AEAA3B6C463C5932B3F5 ] ggsemc C:\WINDOWS\system32\DRIVERS\ggsemc.sys
19:22:37.0015 2680 ggsemc - ok
19:22:37.0031 2680 GMSIPCI - ok
19:22:37.0078 2680 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
19:22:37.0281 2680 Gpc - ok
19:22:37.0375 2680 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
19:22:37.0468 2680 gupdate - ok
19:22:37.0484 2680 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
19:22:37.0500 2680 gupdatem - ok
19:22:37.0687 2680 [ F3E34776D8B8AB665D051A8674FDF4CC ] hardlock C:\WINDOWS\system32\drivers\hardlock.sys
19:22:38.0109 2680 hardlock ( UnsignedFile.Multi.Generic ) - warning
19:22:38.0109 2680 hardlock - detected UnsignedFile.Multi.Generic (1)
19:22:38.0250 2680 [ FCFE31FB75F8A6295B6B0AF87A626282 ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
19:22:38.0453 2680 helpsvc - ok
19:22:38.0468 2680 HidServ - ok
19:22:38.0515 2680 [ BD205320308FB41C88A4049A2D1764B4 ] HIDSwvd C:\WINDOWS\system32\DRIVERS\HIDSwvd.sys
19:22:38.0671 2680 HIDSwvd - ok
19:22:38.0718 2680 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
19:22:38.0906 2680 HidUsb - ok
19:22:38.0953 2680 [ 7A6B320928F86BC851530D63C82965D9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
19:22:39.0156 2680 hkmsvc - ok
19:22:39.0171 2680 hpn - ok
19:22:39.0218 2680 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
19:22:39.0312 2680 HTTP - ok
19:22:39.0359 2680 [ 58FE2F2DA3BC5573F4A35B3760D3125F ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
19:22:39.0562 2680 HTTPFilter - ok
19:22:39.0578 2680 i2omgmt - ok
19:22:39.0593 2680 i2omp - ok
19:22:39.0625 2680 [ C528E27945367191E7BAE364930B6932 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
19:22:39.0843 2680 i8042prt - ok
19:22:39.0953 2680 [ DAF66902F08796F9C694901660E5A64A ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
19:22:39.0968 2680 IDriverT ( UnsignedFile.Multi.Generic ) - warning
19:22:39.0968 2680 IDriverT - detected UnsignedFile.Multi.Generic (1)
19:22:40.0078 2680 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
19:22:40.0171 2680 idsvc - ok
19:22:40.0234 2680 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
19:22:40.0453 2680 Imapi - ok
19:22:40.0484 2680 [ F7B93AAFAD33B2320954C17E26C8D361 ] ImapiService C:\WINDOWS\system32\imapi.exe
19:22:40.0687 2680 ImapiService - ok
19:22:40.0703 2680 ini910u - ok
19:22:40.0750 2680 [ 57D928E548B38502ABBA7A77A6EB7312 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
19:22:40.0968 2680 IntelIde - ok
19:22:41.0015 2680 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
19:22:41.0234 2680 Ip6Fw - ok
19:22:41.0281 2680 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
19:22:41.0515 2680 IpFilterDriver - ok
19:22:41.0546 2680 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
19:22:41.0734 2680 IpInIp - ok
19:22:41.0781 2680 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
19:22:41.0984 2680 IpNat - ok
19:22:42.0031 2680 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
19:22:42.0234 2680 IPSec - ok
19:22:42.0265 2680 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
19:22:42.0468 2680 IRENUM - ok
19:22:42.0515 2680 [ CC9F8A2D60AED1A51A3AC34C59B987AE ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
19:22:42.0718 2680 isapnp - ok
19:22:42.0828 2680 [ 0A5709543986843D37A92290B7838340 ] JavaQuickStarterService C:\Program Files\Java\jre6\bin\jqs.exe
19:22:42.0859 2680 JavaQuickStarterService - ok
19:22:42.0890 2680 [ 1B6162FE7F66B1A71A4B70F941C4AA9B ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
19:22:43.0093 2680 Kbdclass - ok
19:22:43.0140 2680 [ 86C8F23616C6C6E5B2776901C17B945B ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
19:22:43.0343 2680 kbdhid - ok
19:22:43.0390 2680 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
19:22:43.0625 2680 kmixer - ok
19:22:43.0671 2680 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
19:22:43.0765 2680 KSecDD - ok
19:22:43.0796 2680 [ 3428E8F86F8ADD36B42FB23542C7B3E4 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
19:22:43.0875 2680 lanmanserver - ok
19:22:43.0906 2680 [ 936C1D110232D23B621CB0196E4F80F0 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
19:22:44.0000 2680 lanmanworkstation - ok
19:22:44.0015 2680 lbrtfdc - ok
19:22:44.0078 2680 [ 0AB159F536E3E8F7F07113702A07CCA5 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
19:22:44.0296 2680 LmHosts - ok
19:22:44.0359 2680 [ 77DB6177FD08AAB1DD8A896197CC7660 ] ltmodem5 C:\WINDOWS\system32\DRIVERS\ltmdmnt.sys
19:22:44.0609 2680 ltmodem5 - ok
19:22:44.0671 2680 [ 415AB4310655114E415925D62CD011B5 ] MDM C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
19:22:44.0718 2680 MDM ( UnsignedFile.Multi.Generic ) - warning
19:22:44.0718 2680 MDM - detected UnsignedFile.Multi.Generic (1)
19:22:44.0734 2680 MEMSWEEP2 - ok
19:22:44.0781 2680 [ 221CD1C815B8A6B79389C3F5D1018DE8 ] Messenger C:\WINDOWS\System32\msgsvc.dll
19:22:44.0984 2680 Messenger - ok
19:22:45.0156 2680 MFE_RR - ok
19:22:45.0203 2680 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
19:22:45.0453 2680 mnmdd - ok
19:22:45.0500 2680 [ 9A57D046F88F4B69751B11FD40088A61 ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
19:22:45.0718 2680 mnmsrvc - ok
19:22:45.0750 2680 [ 44032B0C6D9954D3FD26438330B99EE7 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
19:22:45.0953 2680 Modem - ok
19:22:46.0000 2680 [ 1992E0D143B09653AB0F9C5E04B0FD65 ] MODEMCSA C:\WINDOWS\system32\drivers\MODEMCSA.sys
19:22:46.0250 2680 MODEMCSA - ok
19:22:46.0281 2680 [ 4CB582831DBDE63CE43B45D771218374 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
19:22:46.0468 2680 Mouclass - ok
19:22:46.0500 2680 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
19:22:46.0718 2680 MountMgr - ok
19:22:46.0781 2680 [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
19:22:46.0812 2680 MozillaMaintenance - ok
19:22:46.0843 2680 mraid35x - ok
19:22:46.0906 2680 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
19:22:47.0125 2680 MRxDAV - ok
19:22:47.0187 2680 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
19:22:47.0296 2680 MRxSmb - ok
19:22:47.0343 2680 [ 6DB4D1521CABA9A5FFAB54ADE0AE867D ] MSDTC C:\WINDOWS\system32\msdtc.exe
19:22:47.0562 2680 MSDTC - ok
19:22:47.0593 2680 [ 1477849772712BAC69C144DCF2C9CE81 ] MSDV C:\WINDOWS\system32\DRIVERS\msdv.sys
19:22:47.0796 2680 MSDV - ok
19:22:47.0828 2680 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
19:22:48.0031 2680 Msfs - ok
19:22:48.0046 2680 MSIServer - ok
19:22:48.0078 2680 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
19:22:48.0281 2680 MSKSSRV - ok
19:22:48.0296 2680 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
19:22:48.0500 2680 MSPCLOCK - ok
19:22:48.0531 2680 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
19:22:48.0718 2680 MSPQM - ok
19:22:48.0765 2680 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
19:22:48.0968 2680 mssmbios - ok
19:22:49.0015 2680 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
19:22:49.0234 2680 MSTEE - ok
19:22:49.0281 2680 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
19:22:49.0359 2680 Mup - ok
19:22:49.0390 2680 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
19:22:49.0593 2680 NABTSFEC - ok
19:22:49.0656 2680 [ 6EA362E9DB03D44F6B996F4D8BE237E9 ] napagent C:\WINDOWS\System32\qagentrt.dll
19:22:49.0875 2680 napagent - ok
19:22:49.0953 2680 [ 290C60D8EB13A15FA753413A3BBEA70A ] NBService C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
19:22:50.0046 2680 NBService - ok
19:22:50.0078 2680 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
19:22:50.0296 2680 NDIS - ok
19:22:50.0343 2680 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
19:22:50.0562 2680 NdisIP - ok
19:22:50.0609 2680 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
19:22:50.0687 2680 NdisTapi - ok
19:22:50.0718 2680 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
19:22:50.0937 2680 Ndisuio - ok
19:22:50.0968 2680 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
19:22:51.0187 2680 NdisWan - ok
19:22:51.0234 2680 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
19:22:51.0312 2680 NDProxy - ok
19:22:51.0343 2680 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
19:22:51.0562 2680 NetBIOS - ok
19:22:51.0593 2680 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
19:22:51.0812 2680 NetBT - ok
19:22:52.0031 2680 [ 933DE774986EC85E48210C44AB431DE6 ] NetDDE C:\WINDOWS\system32\netdde.exe
19:22:52.0250 2680 NetDDE - ok
19:22:52.0265 2680 [ 933DE774986EC85E48210C44AB431DE6 ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
19:22:52.0468 2680 NetDDEdsdm - ok
19:22:52.0515 2680 [ ED0A176354487CEED65B80A7148AB739 ] Netlogon C:\WINDOWS\system32\lsass.exe
19:22:52.0718 2680 Netlogon - ok
19:22:52.0765 2680 [ 72E1E9E2977BE08BDEEDB6D8FD9D4D40 ] Netman C:\WINDOWS\System32\netman.dll
19:22:53.0000 2680 Netman - ok
19:22:53.0031 2680 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:22:53.0062 2680 NetTcpPortSharing - ok
19:22:53.0093 2680 [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys
19:22:53.0328 2680 NIC1394 - ok
19:22:53.0390 2680 [ 029F44E9EA7392681F47F0F1BADC0715 ] NitroReaderDriverReadSpool C:\Program Files\Nitro PDF\Reader\NitroPDFReaderDriverService.exe
19:22:53.0437 2680 NitroReaderDriverReadSpool - ok
19:22:53.0468 2680 [ 39EE7C3BFBC64BA87CC8CF67386E814C ] Nla C:\WINDOWS\System32\mswsock.dll
19:22:53.0578 2680 Nla - ok
19:22:53.0687 2680 [ A328A46D87BB92CE4D8A4528E9D84787 ] NMIndexingService C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
19:22:53.0734 2680 NMIndexingService - ok
19:22:53.0781 2680 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
19:22:53.0968 2680 Npfs - ok
19:22:54.0031 2680 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
19:22:54.0281 2680 Ntfs - ok
19:22:54.0312 2680 [ ED0A176354487CEED65B80A7148AB739 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
19:22:54.0515 2680 NtLmSsp - ok
19:22:54.0578 2680 [ 023DD70573D644F3D9C8B1258A7BFD08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
19:22:54.0812 2680 NtmsSvc - ok
19:22:54.0843 2680 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
19:22:55.0109 2680 Null - ok
19:22:55.0156 2680 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
19:22:55.0437 2680 NwlnkFlt - ok
19:22:55.0468 2680 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
19:22:55.0750 2680 NwlnkFwd - ok
19:22:55.0796 2680 [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys
19:22:56.0000 2680 ohci1394 - ok
19:22:56.0046 2680 [ 18CD59B762829860F96DC2569F1A7AD2 ] OOD2000 C:\WINDOWS\system32\OOD2000.exe
19:22:56.0078 2680 OOD2000 ( UnsignedFile.Multi.Generic ) - warning
19:22:56.0078 2680 OOD2000 - detected UnsignedFile.Multi.Generic (1)
19:22:56.0125 2680 [ 21DC5B289DCE2D32A32BAAB7BCF29A6A ] oreans32 C:\WINDOWS\system32\drivers\oreans32.sys
19:22:56.0250 2680 oreans32 ( UnsignedFile.Multi.Generic ) - warning
19:22:56.0250 2680 oreans32 - detected UnsignedFile.Multi.Generic (1)
19:22:56.0296 2680 [ 46F8DB73B4A53E543F8E371DC7C75BAE ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
19:22:56.0500 2680 Parport - ok
19:22:56.0531 2680 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
19:22:56.0750 2680 PartMgr - ok
19:22:56.0796 2680 [ 1FAE19D0457176318BBA4A8795656EBC ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
19:22:57.0078 2680 ParVdm - ok
19:22:57.0109 2680 [ 6CE351D149CB4BEFC702951E471E1730 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
19:22:57.0312 2680 PCI - ok
19:22:57.0328 2680 PCIDump - ok
19:22:57.0375 2680 [ 2DA4EC85E0EA7A45C6B2A05820492D5A ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
19:22:57.0656 2680 PCIIde - ok
19:22:57.0703 2680 [ 4FC31E6C19A5CE5198B1ABFF94CAE758 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
19:22:57.0906 2680 Pcmcia - ok
19:22:57.0937 2680 Pcouffin - ok
19:22:57.0953 2680 PDCOMP - ok
19:22:57.0968 2680 PDFRAME - ok
19:22:57.0984 2680 PDRELI - ok
19:22:58.0015 2680 PDRFRAME - ok
19:22:58.0031 2680 perc2 - ok
19:22:58.0046 2680 perc2hib - ok
19:22:58.0125 2680 [ F2B3785D7282BAC66D4B644FC88749F0 ] pfc C:\WINDOWS\system32\drivers\pfc.sys
19:22:58.0140 2680 pfc ( UnsignedFile.Multi.Generic ) - warning
19:22:58.0140 2680 pfc - detected UnsignedFile.Multi.Generic (1)
19:22:58.0187 2680 [ 9EF697AF07BB8DD82C3B02CA953A95B7 ] PlugPlay C:\WINDOWS\system32\services.exe
19:22:58.0296 2680 PlugPlay - ok
19:22:58.0328 2680 [ ED0A176354487CEED65B80A7148AB739 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
19:22:58.0593 2680 PolicyAgent - ok
19:22:58.0640 2680 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
19:22:58.0859 2680 PptpMiniport - ok
19:22:58.0859 2680 [ ED0A176354487CEED65B80A7148AB739 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
19:22:59.0078 2680 ProtectedStorage - ok
19:22:59.0109 2680 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
19:22:59.0312 2680 PSched - ok
19:22:59.0328 2680 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
19:22:59.0578 2680 Ptilink - ok
19:22:59.0625 2680 [ D86B4A68565E444D76457F14172C875A ] PxHelp20 C:\WINDOWS\system32\DRIVERS\PxHelp20.sys
19:22:59.0640 2680 PxHelp20 - ok
19:22:59.0656 2680 ql1080 - ok
19:22:59.0687 2680 Ql10wnt - ok
19:22:59.0703 2680 ql12160 - ok
19:22:59.0734 2680 ql1240 - ok
19:22:59.0750 2680 ql1280 - ok
19:22:59.0781 2680 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
19:23:00.0046 2680 RasAcd - ok
19:23:00.0093 2680 [ 2B5E44EA009F2F374B980E1E9A70635D ] RasAuto C:\WINDOWS\System32\rasauto.dll
19:23:00.0296 2680 RasAuto - ok
19:23:00.0343 2680 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
19:23:00.0546 2680 Rasl2tp - ok
19:23:00.0593 2680 [ D57554C664B64604BD1EE13EA2C07E77 ] RasMan C:\WINDOWS\System32\rasmans.dll
19:23:00.0796 2680 RasMan - ok
19:23:00.0843 2680 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
19:23:01.0031 2680 RasPppoe - ok
19:23:01.0078 2680 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
19:23:01.0312 2680 Raspti - ok
19:23:01.0359 2680 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
19:23:01.0562 2680 Rdbss - ok
19:23:01.0609 2680 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
19:23:01.0843 2680 RDPCDD - ok
19:23:01.0906 2680 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
19:23:02.0125 2680 rdpdr - ok
19:23:02.0171 2680 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
19:23:02.0281 2680 RDPWD - ok
19:23:02.0328 2680 [ C0D9D9711CB74EE9BC66353D8CBDAB0E ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
19:23:02.0546 2680 RDSessMgr - ok
19:23:02.0578 2680 [ 611BFD220305BE3A85AE876EA47D4AA5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
19:23:02.0796 2680 redbook - ok
19:23:02.0843 2680 [ 127C26B5371651043450E52542099ABA ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
19:23:03.0062 2680 RemoteAccess - ok
19:23:03.0109 2680 [ 8F31505484A190D5B22274708799F4EC ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
19:23:03.0312 2680 RemoteRegistry - ok
19:23:03.0359 2680 [ 718B3BDC0BC3C2F7D065A53D26202AF9 ] RpcLocator C:\WINDOWS\system32\locator.exe
19:23:03.0578 2680 RpcLocator - ok
19:23:03.0609 2680 [ BE27674D1CBC3214AEC84B4336A38BBF ] RpcSs C:\WINDOWS\system32\rpcss.dll
19:23:03.0750 2680 RpcSs - ok
19:23:03.0796 2680 [ 09AB2E71E58B078038E3BFDBA7FFC984 ] RSVP C:\WINDOWS\system32\rsvp.exe
19:23:04.0093 2680 RSVP - ok
19:23:04.0125 2680 [ ED0A176354487CEED65B80A7148AB739 ] SamSs C:\WINDOWS\system32\lsass.exe
19:23:04.0343 2680 SamSs - ok
19:23:04.0375 2680 [ 410046E401EB11E1E6749E9DEEA41D4A ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
19:23:04.0578 2680 SCardSvr - ok
19:23:04.0625 2680 [ 3FF232A7731621B8902D81D42418C93C ] Schedule C:\WINDOWS\system32\schedsvc.dll
19:23:04.0843 2680 Schedule - ok
19:23:04.0859 2680 SD - ok
19:23:04.0921 2680 [ D3279A8F45724495E9379328F09B979A ] se46bus C:\WINDOWS\system32\DRIVERS\se46bus.sys
19:23:05.0250 2680 se46bus - ok
19:23:05.0312 2680 [ 0AB37B65BF21CD829428CF821F654941 ] se46mdfl C:\WINDOWS\system32\DRIVERS\se46mdfl.sys
19:23:05.0343 2680 se46mdfl - ok
19:23:05.0375 2680 [ B722C5C0A249DC75304800D2C1A1297E ] se46mdm C:\WINDOWS\system32\DRIVERS\se46mdm.sys
19:23:05.0421 2680 se46mdm - ok
19:23:05.0453 2680 [ 816EE5A445A8448DD60652BBC3512EE3 ] se46mgmt C:\WINDOWS\system32\DRIVERS\se46mgmt.sys
19:23:05.0515 2680 se46mgmt - ok
19:23:05.0531 2680 [ 0FB6918B49357C339336937E704F9A15 ] se46nd5 C:\WINDOWS\system32\DRIVERS\se46nd5.sys
19:23:05.0562 2680 se46nd5 - ok
19:23:05.0593 2680 [ DA3F1B71767AD9636F72988BE9EB807D ] se46obex C:\WINDOWS\system32\DRIVERS\se46obex.sys
19:23:05.0640 2680 se46obex - ok
19:23:05.0671 2680 [ 509EDAA80A34E5C82E443219160D1B34 ] se46unic C:\WINDOWS\system32\DRIVERS\se46unic.sys
19:23:05.0718 2680 se46unic - ok
19:23:05.0765 2680 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
19:23:05.0984 2680 Secdrv - ok
19:23:06.0015 2680 [ 477E2C3CC5E4A0D635BCB0EA8DCAC3C6 ] seclogon C:\WINDOWS\System32\seclogon.dll
19:23:06.0250 2680 seclogon - ok
19:23:06.0281 2680 [ A530B75C10C23C9AB28FDB6CE719E21F ] SENS C:\WINDOWS\system32\sens.dll
19:23:06.0484 2680 SENS - ok
19:23:06.0515 2680 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
19:23:06.0718 2680 serenum - ok
19:23:06.0750 2680 [ B842729337C9B921615C40D3C1A1AF96 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
19:23:06.0953 2680 Serial - ok
19:23:07.0031 2680 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
19:23:07.0234 2680 Sfloppy - ok
19:23:07.0281 2680 [ F58FACA9621D2DB01BD0927D9A0A208E ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
19:23:07.0515 2680 SharedAccess - ok
19:23:07.0546 2680 [ EE9A2B9EA968A792A053C9D1A86BF870 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
19:23:07.0593 2680 ShellHWDetection - ok
19:23:07.0609 2680 Simbad - ok
19:23:07.0640 2680 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
19:23:07.0843 2680 SLIP - ok
19:23:07.0859 2680 Sparrow - ok
19:23:07.0906 2680 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
19:23:08.0125 2680 splitter - ok
19:23:08.0156 2680 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
19:23:08.0203 2680 Spooler - ok
19:23:08.0265 2680 [ 71E276F6D189413266EA22171806597B ] sptd C:\WINDOWS\system32\Drivers\sptd.sys
19:23:08.0281 2680 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: 71E276F6D189413266EA22171806597B
19:23:08.0281 2680 sptd ( LockedFile.Multi.Generic ) - warning
19:23:08.0281 2680 sptd - detected LockedFile.Multi.Generic (1)
19:23:08.0312 2680 [ 94610C8653635E4459316A0050D55CE7 ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
19:23:08.0515 2680 sr - ok
19:23:08.0578 2680 [ 35B91147124F64AC8081A2EDB9EA4DEE ] srservice C:\WINDOWS\system32\srsvc.dll
19:23:08.0781 2680 srservice - ok
19:23:08.0843 2680 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
19:23:08.0937 2680 Srv - ok
19:23:09.0000 2680 [ BECD5271DC4E3B7C3D035F790FCBC1E5 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
19:23:09.0234 2680 SSDPSRV - ok
19:23:09.0312 2680 [ C1CDD9275F6A115BB0AE1D55D8D27BA6 ] stisvc C:\WINDOWS\system32\wiaservc.dll
19:23:09.0671 2680 stisvc - ok
19:23:09.0718 2680 [ 77813007BA6265C4B6098187E6ED79D2 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
19:23:09.0953 2680 streamip - ok
19:23:09.0984 2680 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
19:23:10.0203 2680 swenum - ok
19:23:10.0234 2680 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
19:23:10.0453 2680 swmidi - ok
19:23:10.0468 2680 SwPrv - ok
19:23:10.0500 2680 symc810 - ok
19:23:10.0515 2680 symc8xx - ok
19:23:10.0531 2680 sym_hi - ok
19:23:10.0562 2680 sym_u3 - ok
19:23:10.0593 2680 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
19:23:10.0812 2680 sysaudio - ok
19:23:10.0875 2680 [ CE06F01B88ACE199A1BF460CAC29C110 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
19:23:11.0093 2680 SysmonLog - ok
19:23:11.0187 2680 [ C2546CD7A398476F9DF5614B2AE160E8 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
19:23:11.0406 2680 TapiSrv - ok
19:23:11.0515 2680 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
19:23:11.0796 2680 Tcpip - ok
19:23:11.0859 2680 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
19:23:12.0078 2680 TDPIPE - ok
19:23:12.0109 2680 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
19:23:12.0343 2680 TDTCP - ok
19:23:12.0359 2680 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
19:23:12.0578 2680 TermDD - ok
19:23:12.0687 2680 [ A75DD6FC3DBEE4FFF5EBC9F2C28BB66E ] TermService C:\WINDOWS\System32\termsrv.dll
19:23:13.0078 2680 TermService - ok
19:23:13.0125 2680 [ EE9A2B9EA968A792A053C9D1A86BF870 ] Themes C:\WINDOWS\System32\shsvcs.dll
19:23:13.0156 2680 Themes - ok
19:23:13.0203 2680 [ CD0CC7B167D78043A41C98D4921EFB54 ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
19:23:13.0421 2680 TlntSvr - ok
19:23:13.0437 2680 TosIde - ok
19:23:13.0500 2680 [ 38853304CCB938D30E0C4CDE8D2C2A8A ] TrkWks C:\WINDOWS\system32\trkwks.dll
19:23:13.0703 2680 TrkWks - ok
19:23:13.0781 2680 [ D85938F272D1BCF3DB3A31FC0A048928 ] uagp35 C:\WINDOWS\system32\DRIVERS\uagp35.sys
19:23:14.0000 2680 uagp35 - ok
19:23:14.0062 2680 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
19:23:14.0328 2680 Udfs - ok
19:23:14.0328 2680 ultra - ok
19:23:14.0390 2680 [ AB0A7CA90D9E3D6A193905DC1715DED0 ] UMWdf C:\WINDOWS\system32\wdfmgr.exe
19:23:14.0453 2680 UMWdf - ok
19:23:14.0593 2680 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
19:23:14.0921 2680 Update - ok
19:23:14.0968 2680 [ 651BD90DCEE5B7BDC74A2EB7C9266F9E ] upnphost C:\WINDOWS\System32\upnphost.dll
19:23:15.0187 2680 upnphost - ok
19:23:15.0218 2680 [ 20A0F6A11959E92908717D09E87D670D ] UPS C:\WINDOWS\System32\ups.exe
19:23:15.0406 2680 UPS - ok
19:23:15.0468 2680 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
19:23:15.0671 2680 usbccgp - ok
19:23:15.0703 2680 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
19:23:15.0921 2680 usbehci - ok
19:23:15.0968 2680 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
19:23:16.0171 2680 usbhub - ok
19:23:16.0218 2680 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
19:23:16.0421 2680 usbprint - ok
19:23:16.0453 2680 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
19:23:16.0671 2680 usbscan - ok
19:23:16.0718 2680 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
19:23:16.0937 2680 USBSTOR - ok
19:23:16.0968 2680 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
19:23:17.0156 2680 usbuhci - ok
19:23:17.0203 2680 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
19:23:17.0406 2680 VgaSave - ok
19:23:17.0437 2680 [ 3B3EFCDA263B8AC14FDF9CBDD0791B2E ] ViaIde C:\WINDOWS\system32\DRIVERS\viaide.sys
19:23:17.0656 2680 ViaIde - ok
19:23:17.0703 2680 [ 84E67BAA77A8C508A05B9FEBB1ED2EAE ] vmmouse C:\WINDOWS\system32\DRIVERS\vmmouse.sys
19:23:17.0781 2680 vmmouse - ok
19:23:17.0828 2680 [ 55A928C40C11870DF5B90300BA329878 ] vmscsi C:\WINDOWS\system32\DRIVERS\vmscsi.sys
19:23:17.0921 2680 vmscsi - ok
19:23:17.0984 2680 [ E03F714A83C8AD59EE717514D872943C ] VMTools C:\Program Files\VMware\VMware Tools\VMwareService.exe
19:23:18.0000 2680 VMTools ( UnsignedFile.Multi.Generic ) - warning
19:23:18.0000 2680 VMTools - detected UnsignedFile.Multi.Generic (1)
19:23:18.0046 2680 [ 070BA202806EA135B8AB5FC1622CAA19 ] vmxnet C:\WINDOWS\system32\DRIVERS\vmxnet.sys
19:23:18.0093 2680 vmxnet - ok
19:23:18.0156 2680 [ 6E237C0A8E248DDB6811C05834C8A15F ] vmx_svga C:\WINDOWS\system32\DRIVERS\vmx_svga.sys
19:23:18.0234 2680 vmx_svga - ok
19:23:18.0281 2680 [ 28A4B296B47782173C346E376CB374D1 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
19:23:18.0500 2680 VolSnap - ok
19:23:18.0546 2680 [ D6BA1A63D9E00933F1CD2A885573AFB2 ] VSS C:\WINDOWS\System32\vssvc.exe
19:23:18.0765 2680 VSS - ok
19:23:18.0859 2680 [ CBA3F6EF1E70167DB376B4013F71A62B ] vToolbarUpdater12.2.6 C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe
19:23:18.0937 2680 vToolbarUpdater12.2.6 - ok
19:23:18.0984 2680 [ 16409C468CEEE99B6B129FCAA5C0F206 ] vulfnths C:\WINDOWS\System32\Drivers\vulfnth.sys
19:23:19.0000 2680 vulfnths ( UnsignedFile.Multi.Generic ) - warning
19:23:19.0000 2680 vulfnths - detected UnsignedFile.Multi.Generic (1)
19:23:19.0046 2680 [ 541447E05EDDD1164A5EA925778B209D ] vulfntrs C:\WINDOWS\System32\Drivers\vulfntr.sys
19:23:19.0078 2680 vulfntrs ( UnsignedFile.Multi.Generic ) - warning
19:23:19.0078 2680 vulfntrs - detected UnsignedFile.Multi.Generic (1)
19:23:19.0125 2680 [ FA4E1CDBA256787F2149F4AAD07BC91F ] W32Time C:\WINDOWS\system32\w32time.dll
19:23:19.0343 2680 W32Time - ok
19:23:19.0406 2680 [ 5E8B60606FC4173B69CDECD964F22D28 ] w810bus C:\WINDOWS\system32\DRIVERS\w810bus.sys
19:23:19.0453 2680 w810bus - ok
19:23:19.0515 2680 [ C0CC4F5A3C58B4C07EC4A82A5AE24714 ] w810mdfl C:\WINDOWS\system32\DRIVERS\w810mdfl.sys
19:23:19.0656 2680 w810mdfl - ok
19:23:19.0687 2680 [ 2AAFEEDC3BFE14419CBCE7CEEA59DD05 ] w810mdm C:\WINDOWS\system32\DRIVERS\w810mdm.sys
19:23:19.0734 2680 w810mdm - ok
19:23:19.0781 2680 [ B0037DB3F890D0FFCF7E35F356A435EC ] w810mgmt C:\WINDOWS\system32\DRIVERS\w810mgmt.sys
19:23:19.0828 2680 w810mgmt - ok
19:23:19.0859 2680 [ BF609636068F17246F94B490C5812483 ] w810obex C:\WINDOWS\system32\DRIVERS\w810obex.sys
19:23:19.0906 2680 w810obex - ok
19:23:19.0953 2680 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
19:23:20.0156 2680 Wanarp - ok
19:23:20.0234 2680 [ FD47474BD21794508AF449D9D91AF6E6 ] Wdf01000 C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
19:23:20.0296 2680 Wdf01000 - ok
19:23:20.0312 2680 WDICA - ok
19:23:20.0343 2680 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
19:23:20.0562 2680 wdmaud - ok
19:23:20.0609 2680 [ 47AE51048A82DFA1CD6B51D369F7E169 ] WebClient C:\WINDOWS\System32\webclnt.dll
19:23:20.0828 2680 WebClient - ok
19:23:20.0921 2680 [ E488332126E3B1182D2B8A0C35408EC6 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
19:23:21.0125 2680 winmgmt - ok
19:23:21.0203 2680 [ 140EF97B64F560FD78643CAE2CDAD838 ] WmdmPmSN C:\WINDOWS\system32\mspmsnsv.dll
19:23:21.0265 2680 WmdmPmSN - ok
19:23:21.0343 2680 [ 0171CFF34BBA8C5977F18C48D8AEF8C6 ] Wmi C:\WINDOWS\System32\advapi32.dll
19:23:21.0515 2680 Wmi - ok
19:23:21.0562 2680 [ 23F6F03272F7E5679F1F050AED5ACEE6 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
19:23:21.0765 2680 WmiApSrv - ok
19:23:21.0812 2680 [ 4C86D5FAF78194995AF9CC1075F65DD3 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
19:23:22.0031 2680 wscsvc - ok
19:23:22.0062 2680 [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
19:23:22.0265 2680 WSTCODEC - ok
19:23:22.0312 2680 [ C1364564800EE9784192145324A23308 ] wuauserv C:\WINDOWS\system32\wuauserv.dll
19:23:22.0531 2680 wuauserv - ok
19:23:22.0593 2680 [ A27D4BA7264C0BF52F32D10405BEA1D4 ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
19:23:22.0843 2680 WZCSVC - ok
19:23:22.0875 2680 [ EAA4BB9EDB3FB10CF8979FE65E63658F ] xmlprov C:\WINDOWS\System32\xmlprov.dll
19:23:23.0109 2680 xmlprov - ok
19:23:23.0156 2680 ================ Scan global ===============================
19:23:23.0187 2680 [ F36278E42C8C5DF03CE17DAC8231C91C ] C:\WINDOWS\system32\basesrv.dll
19:23:23.0234 2680 [ F3FA14A297BC687D0B51289D034033C9 ] C:\WINDOWS\system32\winsrv.dll
19:23:23.0296 2680 [ F3FA14A297BC687D0B51289D034033C9 ] C:\WINDOWS\system32\winsrv.dll
19:23:23.0328 2680 [ 9EF697AF07BB8DD82C3B02CA953A95B7 ] C:\WINDOWS\system32\services.exe
19:23:23.0328 2680 [Global] - ok
19:23:23.0328 2680 ================ Scan MBR ==================================
19:23:23.0359 2680 [ F28D6784E394DEDDFC84C864A7BD87A1 ] \Device\Harddisk0\DR0
19:23:23.0515 2680 \Device\Harddisk0\DR0 - ok
19:23:23.0546 2680 [ F28D6784E394DEDDFC84C864A7BD87A1 ] \Device\Harddisk1\DR1
19:23:24.0156 2680 \Device\Harddisk1\DR1 - ok
19:23:24.0156 2680 ================ Scan VBR ==================================
19:23:24.0171 2680 [ 0EC92FE5A21FA32D2913557F55386883 ] \Device\Harddisk0\DR0\Partition1
19:23:24.0171 2680 \Device\Harddisk0\DR0\Partition1 - ok
19:23:24.0187 2680 [ D2574C8D7138D2A8606853124984C1FA ] \Device\Harddisk1\DR1\Partition1
19:23:24.0187 2680 \Device\Harddisk1\DR1\Partition1 - ok
19:23:24.0187 2680 ============================================================
19:23:24.0187 2680 Scan finished
19:23:24.0187 2680 ============================================================
19:23:24.0343 2892 Detected object count: 16
19:23:24.0343 2892 Actual detected object count: 16
19:25:25.0453 2892 Aspi32 ( UnsignedFile.Multi.Generic ) - skipped by user
19:25:25.0453 2892 Aspi32 ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:25:25.0453 2892 ATI Smart ( UnsignedFile.Multi.Generic ) - skipped by user
19:25:25.0453 2892 ATI Smart ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:25:25.0468 2892 BANTExt ( UnsignedFile.Multi.Generic ) - skipped by user
19:25:25.0468 2892 BANTExt ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:25:25.0468 2892 epmntdrv ( UnsignedFile.Multi.Generic ) - skipped by user
19:25:25.0468 2892 epmntdrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:25:25.0468 2892 EuGdiDrv ( UnsignedFile.Multi.Generic ) - skipped by user
19:25:25.0468 2892 EuGdiDrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:25:25.0468 2892 genmcmn ( UnsignedFile.Multi.Generic ) - skipped by user
19:25:25.0468 2892 genmcmn ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:25:25.0468 2892 hardlock ( UnsignedFile.Multi.Generic ) - skipped by user
19:25:25.0468 2892 hardlock ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:25:25.0468 2892 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
19:25:25.0468 2892 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:25:25.0484 2892 MDM ( UnsignedFile.Multi.Generic ) - skipped by user
19:25:25.0484 2892 MDM ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:25:25.0484 2892 OOD2000 ( UnsignedFile.Multi.Generic ) - skipped by user
19:25:25.0484 2892 OOD2000 ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:25:25.0484 2892 oreans32 ( UnsignedFile.Multi.Generic ) - skipped by user
19:25:25.0484 2892 oreans32 ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:25:25.0484 2892 pfc ( UnsignedFile.Multi.Generic ) - skipped by user
19:25:25.0484 2892 pfc ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:25:25.0484 2892 sptd ( LockedFile.Multi.Generic ) - skipped by user
19:25:25.0484 2892 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
19:25:25.0484 2892 VMTools ( UnsignedFile.Multi.Generic ) - skipped by user
19:25:25.0484 2892 VMTools ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:25:25.0500 2892 vulfnths ( UnsignedFile.Multi.Generic ) - skipped by user
19:25:25.0500 2892 vulfnths ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:25:25.0500 2892 vulfntrs ( UnsignedFile.Multi.Generic ) - skipped by user
19:25:25.0500 2892 vulfntrs ( UnsignedFile.Multi.Generic ) - User select action: Skip
Re: rootkit sprb.sys
Odinstalujte avg a pak pouzijte jeste tenhle remover http://download.avg.com/filedir/util/av ... 2_2125.exe Nainstalujte avast free http://www.avast.com/cs-cz/free-antivirus-download Stahnete AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner
- Ulozte nejlepe na plochu
- Ukoncete vsechny programy
- Kliknete na Search
- Probehne skenovani a pak se objevi log, pripadne bude ulozen na systemovem disku jako AdwCleaner[R?].txt, ten sem vlozte
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.Re: rootkit sprb.sys
Všchno proběhlo v pohodě, díky, přikládám log:
# AdwCleaner v2.005 - Logfile created 10/16/2012 at 21:49:55
# Updated 14/10/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Petr - KADIL
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Petr\Plocha\adwcleaner.exe
# Option [Search]
***** [Services] *****
***** [Files / Folders] *****
File Found : C:\DOCUME~1\Petr\LOCALS~1\Temp\Uninstall.exe
File Found : C:\Program Files\Mozilla FireFox\Components\AskSearch.js
File Found : C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml
Folder Found : C:\Documents and Settings\All Users\Data aplikací\Trymedia
Folder Found : C:\Documents and Settings\Matýsek\Data aplikací\AVG Secure Search
***** [Registry] *****
Key Found : HKCU\Software\AppDataLow\AskSA
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{201F27D4-3704-41D6-89C1-AA35E39143ED}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3041D03E-FD4B-44E0-B742-2D9B88305F98}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{201F27D4-3704-41D6-89C1-AA35E39143ED}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3041D03E-FD4B-44E0-B742-2D9B88305F98}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C94E154B-1459-4A47-966B-4B843BEFC7DB}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKCU\Software\pdfforge.org
Key Found : HKCU\Software\Softonic
Key Found : HKLM\Software\AskBarDis
Key Found : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Found : HKLM\Software\pdfforge.org
Key Found : HKU\S-1-5-21-790525478-706699826-1801674531-1003\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Found : HKU\S-1-5-21-790525478-706699826-1801674531-1003\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKU\S-1-5-21-790525478-706699826-1801674531-1003\Software\Microsoft\Internet Explorer\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{C94E154B-1459-4A47-966B-4B843BEFC7DB}]
***** [Internet Browsers] *****
-\\ Internet Explorer v8.0.6001.18702
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Search - Default_Search_URL] = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=10168&gct=&gc=1&q=
*************************
AdwCleaner[R1].txt - [3496 octets] - [16/10/2012 21:49:55]
########## EOF - C:\AdwCleaner[R1].txt - [3556 octets] ##########
# AdwCleaner v2.005 - Logfile created 10/16/2012 at 21:49:55
# Updated 14/10/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Petr - KADIL
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Petr\Plocha\adwcleaner.exe
# Option [Search]
***** [Services] *****
***** [Files / Folders] *****
File Found : C:\DOCUME~1\Petr\LOCALS~1\Temp\Uninstall.exe
File Found : C:\Program Files\Mozilla FireFox\Components\AskSearch.js
File Found : C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml
Folder Found : C:\Documents and Settings\All Users\Data aplikací\Trymedia
Folder Found : C:\Documents and Settings\Matýsek\Data aplikací\AVG Secure Search
***** [Registry] *****
Key Found : HKCU\Software\AppDataLow\AskSA
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{201F27D4-3704-41D6-89C1-AA35E39143ED}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3041D03E-FD4B-44E0-B742-2D9B88305F98}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{201F27D4-3704-41D6-89C1-AA35E39143ED}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3041D03E-FD4B-44E0-B742-2D9B88305F98}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C94E154B-1459-4A47-966B-4B843BEFC7DB}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKCU\Software\pdfforge.org
Key Found : HKCU\Software\Softonic
Key Found : HKLM\Software\AskBarDis
Key Found : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Found : HKLM\Software\pdfforge.org
Key Found : HKU\S-1-5-21-790525478-706699826-1801674531-1003\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Found : HKU\S-1-5-21-790525478-706699826-1801674531-1003\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKU\S-1-5-21-790525478-706699826-1801674531-1003\Software\Microsoft\Internet Explorer\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{C94E154B-1459-4A47-966B-4B843BEFC7DB}]
***** [Internet Browsers] *****
-\\ Internet Explorer v8.0.6001.18702
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Search - Default_Search_URL] = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=10168&gct=&gc=1&q=
*************************
AdwCleaner[R1].txt - [3496 octets] - [16/10/2012 21:49:55]
########## EOF - C:\AdwCleaner[R1].txt - [3556 octets] ##########
Re: rootkit sprb.sys
Spustte znovu AdwCleaner
- Pokud pouzivate Win Vista ci W7, kliknete na AdwCleaner pravym a dejte Run As Administrator ci Spustit jako spravce
- Kliknete na Delete
- PC provede opravu, restartuje se a da Vam log (C:\AdwCleaner [S1].txt) , jeho obsah vlozte sem
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.Re: rootkit sprb.sys
Provedl jsem, zde je log:
# AdwCleaner v2.005 - Logfile created 10/17/2012 at 19:39:50
# Updated 14/10/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Petr - KADIL
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Petr\Plocha\adwcleaner.exe
# Option [Delete]
***** [Services] *****
***** [Files / Folders] *****
File Deleted : C:\DOCUME~1\Petr\LOCALS~1\Temp\Uninstall.exe
File Deleted : C:\Program Files\Mozilla FireFox\Components\AskSearch.js
File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml
Folder Deleted : C:\Documents and Settings\All Users\Data aplikací\Trymedia
Folder Deleted : C:\Documents and Settings\Matýsek\Data aplikací\AVG Secure Search
***** [Registry] *****
Key Deleted : HKCU\Software\AppDataLow\AskSA
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{201F27D4-3704-41D6-89C1-AA35E39143ED}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3041D03E-FD4B-44E0-B742-2D9B88305F98}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{201F27D4-3704-41D6-89C1-AA35E39143ED}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3041D03E-FD4B-44E0-B742-2D9B88305F98}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C94E154B-1459-4A47-966B-4B843BEFC7DB}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\pdfforge.org
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKLM\Software\AskBarDis
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Deleted : HKLM\Software\pdfforge.org
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{C94E154B-1459-4A47-966B-4B843BEFC7DB}]
***** [Internet Browsers] *****
-\\ Internet Explorer v8.0.6001.18702
Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Search - Default_Search_URL] = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=10168&gct=&gc=1&q= --> hxxp://www.google.com
*************************
AdwCleaner[R1].txt - [3625 octets] - [16/10/2012 21:49:55]
AdwCleaner[S1].txt - [3196 octets] - [17/10/2012 19:39:50]
########## EOF - C:\AdwCleaner[S1].txt - [3256 octets] ##########
# AdwCleaner v2.005 - Logfile created 10/17/2012 at 19:39:50
# Updated 14/10/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Petr - KADIL
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Petr\Plocha\adwcleaner.exe
# Option [Delete]
***** [Services] *****
***** [Files / Folders] *****
File Deleted : C:\DOCUME~1\Petr\LOCALS~1\Temp\Uninstall.exe
File Deleted : C:\Program Files\Mozilla FireFox\Components\AskSearch.js
File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml
Folder Deleted : C:\Documents and Settings\All Users\Data aplikací\Trymedia
Folder Deleted : C:\Documents and Settings\Matýsek\Data aplikací\AVG Secure Search
***** [Registry] *****
Key Deleted : HKCU\Software\AppDataLow\AskSA
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{201F27D4-3704-41D6-89C1-AA35E39143ED}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3041D03E-FD4B-44E0-B742-2D9B88305F98}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{201F27D4-3704-41D6-89C1-AA35E39143ED}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3041D03E-FD4B-44E0-B742-2D9B88305F98}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C94E154B-1459-4A47-966B-4B843BEFC7DB}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\pdfforge.org
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKLM\Software\AskBarDis
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Deleted : HKLM\Software\pdfforge.org
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{C94E154B-1459-4A47-966B-4B843BEFC7DB}]
***** [Internet Browsers] *****
-\\ Internet Explorer v8.0.6001.18702
Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Search - Default_Search_URL] = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=10168&gct=&gc=1&q= --> hxxp://www.google.com
*************************
AdwCleaner[R1].txt - [3625 octets] - [16/10/2012 21:49:55]
AdwCleaner[S1].txt - [3196 octets] - [17/10/2012 19:39:50]
########## EOF - C:\AdwCleaner[S1].txt - [3256 octets] ##########
Re: rootkit sprb.sys
PROSIM CTETE DUKLADNE NAVOD - TATO UTILITA MA VELKOU SCHOPNOST MAZAT A JE NUTNE JI APLIKOVAT JEN NA DOPORUCENI, JINAK VAM MUZE JIT SYSTEM DO KYTEK
Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe
- Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.
- Pokud mate Win XP spustte pod uctem Spravce\Administratora
- Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
- Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
- Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
- Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
- Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
- Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte
- Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.Re: rootkit sprb.sys
Vše proběhlo, přikládám log:
ComboFix 12-10-18.03 - Petr 18.10.2012 18:11:07.1.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1023.496 [GMT 2:00]
Spuštěný z: c:\documents and settings\Petr\Plocha\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
ADS - WINDOWS: deleted 24 bytes in 1 streams.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Petr\WINDOWS
c:\windows\IsUn0405.exe
c:\windows\iun6002.exe
c:\windows\Mplayer.exe
c:\windows\msmqinst.log
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\system32\Cache
c:\windows\system32\Cache\174c15987416d302.fb
c:\windows\system32\Cache\272512937d9e61a4.fb
c:\windows\system32\Cache\287204568329e189.fb
c:\windows\system32\Cache\28bc8f716fd76a47.fb
c:\windows\system32\Cache\2c53092c95605355.fb
c:\windows\system32\Cache\31a0997e9a5b5eb3.fb
c:\windows\system32\Cache\32c84fe32bb74d60.fb
c:\windows\system32\Cache\3917078cb68ec657.fb
c:\windows\system32\Cache\474eee8f793aed04.fb
c:\windows\system32\Cache\590ba23ce359fd0c.fb
c:\windows\system32\Cache\610289e025a3ee9a.fb
c:\windows\system32\Cache\651c5d3cdbfb8bd1.fb
c:\windows\system32\Cache\6c59ac5e7e7a3ad0.fb
c:\windows\system32\Cache\6d03dad1035885d3.fb
c:\windows\system32\Cache\78a6c36b8fbca3ba.fb
c:\windows\system32\Cache\a6635cb218bbe7ed.fb
c:\windows\system32\Cache\a8556537add6dfc5.fb
c:\windows\system32\Cache\ac27d57b59d76d6f.fb
c:\windows\system32\Cache\ad10a52aff5e038d.fb
c:\windows\system32\Cache\c1fa887b03019701.fb
c:\windows\system32\Cache\c4d28dca2e7648be.fb
c:\windows\system32\Cache\cd0ac2a88c7a52ed.fb
c:\windows\system32\Cache\d201ef9910cd39de.fb
c:\windows\system32\Cache\d2e94710a5708128.fb
c:\windows\system32\Cache\d79b9dfe81484ec4.fb
c:\windows\system32\Cache\e0de16f883bea794.fb
c:\windows\system32\Cache\f998975c9cc711ee.fb
c:\windows\system32\dllcache\dlimport.exe
c:\windows\system32\msstdfmt.dll
c:\windows\system32\TZLog.log
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\fusion.dll
c:\windows\system32\URTTemp\mscoree.dll
c:\windows\system32\URTTemp\mscoree.dll.local
c:\windows\system32\URTTemp\mscorsn.dll
c:\windows\system32\URTTemp\mscorwks.dll
c:\windows\system32\URTTemp\msvcr71.dll
c:\windows\system32\URTTemp\regtlib.exe
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-09-18 do 2012-10-18 )))))))))))))))))))))))))))))))
.
.
2012-10-17 21:38 . 2000-06-27 02:06 372224 ----a-w- c:\windows\system32\flexlm.cpl
2012-10-17 21:35 . 2012-10-17 21:37 -------- d-----w- C:\NEXIS32
2012-10-16 19:45 . 2012-08-21 09:13 355632 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-10-16 19:45 . 2012-08-21 09:13 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-10-16 19:45 . 2012-08-21 09:13 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-10-16 19:45 . 2012-08-21 09:13 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-10-16 19:45 . 2012-08-21 09:13 729752 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-10-16 19:45 . 2012-08-21 09:13 97608 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2012-10-16 19:45 . 2012-08-21 09:13 89624 ----a-w- c:\windows\system32\drivers\aswmon.sys
2012-10-16 19:45 . 2012-08-21 09:13 25256 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2012-10-16 19:44 . 2012-08-21 09:12 41224 ----a-w- c:\windows\avastSS.scr
2012-10-16 19:44 . 2012-08-21 09:12 227648 ----a-w- c:\windows\system32\aswBoot.exe
2012-10-16 19:44 . 2012-10-16 19:44 -------- d-----w- c:\program files\AVAST Software
2012-10-16 19:44 . 2012-10-16 19:44 -------- d-----w- c:\documents and settings\All Users\Data aplikací\AVAST Software
2012-10-16 17:14 . 2012-10-16 17:15 -------- d-----w- c:\program files\trend micro
2012-10-16 17:14 . 2012-10-16 17:15 -------- d-----w- C:\rsit
2012-10-15 18:03 . 2012-10-15 18:03 -------- d-----w- c:\program files\Sophos
2012-10-07 17:56 . 2012-10-18 12:28 -------- d-----w- C:\flexlm
2012-10-01 19:00 . 2012-10-01 19:00 -------- d-----w- c:\documents and settings\All Users\Data aplikací\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1}
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-13 17:39 . 2012-04-14 08:48 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-13 17:39 . 2011-06-15 22:07 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-28 15:18 . 2004-08-17 15:49 916992 ----a-w- c:\windows\system32\wininet.dll
2012-08-28 15:18 . 2004-08-17 15:49 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-08-28 15:18 . 2004-08-17 15:49 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-08-28 12:07 . 2004-08-17 15:44 385024 ----a-w- c:\windows\system32\html.iec
2012-08-24 13:53 . 2004-08-17 15:49 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-08-23 06:27 . 2004-08-17 15:45 2195072 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-08-23 06:27 . 2004-08-17 15:45 2071808 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-10-16 20:22 . 2012-10-16 20:22 261600 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-08-21 09:12 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-04-01 486856]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\windows\atiptaxx.exe" [2003-09-12 335872]
"mouseElf"="c:\progra~1\KYE\GENIUS~1\mouseElf.exe" [2002-05-20 151552]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-01-15 37376]
"NBKeyScan"="c:\program files\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe" [2008-02-21 1647912]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-08-21 4282728]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
AutoCAD Startup Accelerator.lnk - c:\program files\Common Files\Autodesk Shared\acstart17.exe [2006-3-5 11000]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^InterVideo WinCinema Manager.lnk]
backup=c:\windows\pss\InterVideo WinCinema Manager.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^NkvMon.exe.lnk]
backup=c:\windows\pss\NkvMon.exe.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Petr^Nabídka Start^Programy^Po spuštění^Registration-Studio 8.lnk]
path=c:\documents and settings\Petr\Nabídka Start\Programy\Po spuštění\Registration-Studio 8.lnk
backup=c:\windows\pss\Registration-Studio 8.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
2002-03-28 08:44 188416 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\hpztsb05.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 03:22 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2006-09-01 13:57 282624 ----a-w- c:\program files\QuickTime\qttask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-01-18 12:02 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VMware Tools]
2006-08-09 22:02 49152 ----a-w- c:\program files\VMware\VMware Tools\VMwareTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VMware User Process]
2006-08-09 22:02 114688 ----a-w- c:\program files\VMware\VMware Tools\VMwareUser.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Mozilla Thunderbird\\thunderbird.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Java\\jre6\\launch4j-tmp\\frd.exe"=
"c:\\flexlm\\nexis\\lmgrd.exe"=
"c:\\flexlm\\nexis\\scia.exe"=
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [21.1.2006 12:27 717296]
R0 vmscsi;vmscsi;c:\windows\system32\drivers\vmscsi.sys [28.3.2007 21:34 10880]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [16.10.2012 21:45 729752]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [16.10.2012 21:45 355632]
R1 oreans32;oreans32;c:\windows\system32\drivers\oreans32.sys [5.11.2007 23:58 33824]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [16.10.2012 21:45 21256]
R2 NitroReaderDriverReadSpool;NitroPDFReaderDriverCreatorReadSpool;c:\program files\Nitro PDF\Reader\NitroPDFReaderDriverService.exe [30.9.2010 15:01 196912]
S0 AVGIDSHX;AVGIDSHX;c:\windows\system32\DRIVERS\avgidshx.sys --> c:\windows\system32\DRIVERS\avgidshx.sys [?]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [23.8.2010 22:38 136176]
S2 IDA NEXIS License;IDA NEXIS License;c:\nexis32\license\lmgrd.exe [17.10.2012 23:37 195584]
S2 VMTools;VMware Tools Service;c:\program files\VMware\VMware Tools\VMwareService.exe [10.8.2006 0:02 159744]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [14.4.2012 10:48 250808]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [12.10.2010 21:15 13192]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [12.10.2010 21:15 8456]
S3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [23.8.2010 22:38 136176]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\58.tmp --> c:\windows\system32\58.tmp [?]
S3 MFE_RR;MFE_RR;\??\c:\docume~1\Petr\LOCALS~1\Temp\mfe_rr.sys --> c:\docume~1\Petr\LOCALS~1\Temp\mfe_rr.sys [?]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [2.5.2012 12:52 115168]
S3 Pcouffin;Low level access layer for CD devices; [x]
S3 SD;SD; [x]
S3 se46bus;Sony Ericsson Device 070 driver (WDM);c:\windows\system32\drivers\se46bus.sys [3.11.2007 23:39 61536]
S3 se46mdfl;Sony Ericsson Device 070 USB WMC Modem Filter;c:\windows\system32\drivers\se46mdfl.sys [3.11.2007 23:39 9360]
S3 se46mdm;Sony Ericsson Device 070 USB WMC Modem Driver;c:\windows\system32\drivers\se46mdm.sys [3.11.2007 23:39 97088]
S3 se46mgmt;Sony Ericsson Device 070 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\se46mgmt.sys [3.11.2007 23:39 88624]
S3 se46nd5;Sony Ericsson Device 070 USB Ethernet Emulation SEMC46 (NDIS);c:\windows\system32\drivers\se46nd5.sys [3.11.2007 23:39 18704]
S3 se46obex;Sony Ericsson Device 070 USB WMC OBEX Interface;c:\windows\system32\drivers\se46obex.sys [3.11.2007 23:39 86432]
S3 se46unic;Sony Ericsson Device 070 USB Ethernet Emulation SEMC46 (WDM);c:\windows\system32\drivers\se46unic.sys [3.11.2007 23:39 90800]
S3 vmmouse;VMware Pointing Device;c:\windows\system32\drivers\vmmouse.sys [28.3.2007 21:34 4608]
S3 vmx_svga;vmx_svga;c:\windows\system32\drivers\vmx_svga.sys [28.3.2007 21:33 15744]
S3 vmxnet;VMware Ethernet Adapter Driver;c:\windows\system32\drivers\vmxnet.sys [28.3.2007 21:34 22528]
.
Obsah adresáře 'Naplánované úlohy'
.
2012-10-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-14 17:39]
.
2012-10-01 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
2012-10-18 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2012-10-16 09:12]
.
2012-10-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-23 20:37]
.
2012-10-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-23 20:37]
.
2012-10-18 c:\windows\Tasks\RegistryBooster.job
- c:\program files\Uniblue\RegistryBooster\rbmonitor.exe [2012-10-01 12:39]
.
2012-10-18 c:\windows\Tasks\SpeedUpMyPC.job
- c:\program files\Uniblue\SpeedUpMyPC\spmonitor.exe [2012-10-01 23:46]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uSearchURL,(Default) = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=10168&gct=&gc=1&q=%s
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Stáhnout pomocí Net Transportu - c:\program files\Xi\NetTransport 2\NTAddLink.html
IE: Stáhnout vše pomocí &Net Transportu - c:\program files\Xi\NetTransport 2\NTAddList.html
TCP: DhcpNameServer = 10.0.0.138
FF - ProfilePath - c:\documents and settings\Petr\Data aplikací\Mozilla\Firefox\Profiles\qukjm96r.default\
FF - prefs.js: browser.search.selectedEngine - Seznam
FF - prefs.js: browser.startup.homepage - www.google.cz
FF - prefs.js: keyword.URL - hxxp://www.webhledani.cz/results.aspx?i=39&tp=ab&q=
FF - prefs.js: network.proxy.type - 4
FF - ExtSQL: 2012-10-16 21:45; wrc@avast.com; c:\program files\AVAST Software\Avast\WebRep\FF
FF - ExtSQL: !HIDDEN! 2009-09-02 15:36; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
.
------- Asociace souborů -------
.
.scr=AutoCADScriptFile
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
HKLM-Run-ROC_ROC_JULY_P1 - c:\program files\AVG Secure Search\ROC_ROC_JULY_P1.exe
HKLM-Run-ROC_roc_ssl_v12 - c:\program files\AVG Secure Search\ROC_roc_ssl_v12.exe
Notify-TPSvc - TPSvc.dll
AddRemove-Allplan - c:\windows\ISUN0405.EXE
AddRemove-Allplan 2004 - c:\windows\IsUn0405.exe
AddRemove-Cool's_Codec_pack_4.12 - c:\windows\iun6002.exe
AddRemove-Jak věci pracují 2.0 - c:\windows\IsUn0405.exe
AddRemove-NEXIS32 3.60.15 - c:\windows\IsUn0405.exe
AddRemove-Stan se svetoslapkem - c:\windows\IsUn0405.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-10-18 18:33
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\58.tmp"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(752)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'winlogon.exe'(2248)
c:\windows\system32\Ati2evxx.dll
.
Celkový čas: 2012-10-18 18:38:26
ComboFix-quarantined-files.txt 2012-10-18 16:38
.
Před spuštěním: Volných bajtů: 42 239 414 272
Po spuštění: Volných bajtů: 44 145 930 240
.
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 220A19281FFE8E0D292E3FE07C6FA59A
ComboFix 12-10-18.03 - Petr 18.10.2012 18:11:07.1.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1023.496 [GMT 2:00]
Spuštěný z: c:\documents and settings\Petr\Plocha\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
ADS - WINDOWS: deleted 24 bytes in 1 streams.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Petr\WINDOWS
c:\windows\IsUn0405.exe
c:\windows\iun6002.exe
c:\windows\Mplayer.exe
c:\windows\msmqinst.log
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\system32\Cache
c:\windows\system32\Cache\174c15987416d302.fb
c:\windows\system32\Cache\272512937d9e61a4.fb
c:\windows\system32\Cache\287204568329e189.fb
c:\windows\system32\Cache\28bc8f716fd76a47.fb
c:\windows\system32\Cache\2c53092c95605355.fb
c:\windows\system32\Cache\31a0997e9a5b5eb3.fb
c:\windows\system32\Cache\32c84fe32bb74d60.fb
c:\windows\system32\Cache\3917078cb68ec657.fb
c:\windows\system32\Cache\474eee8f793aed04.fb
c:\windows\system32\Cache\590ba23ce359fd0c.fb
c:\windows\system32\Cache\610289e025a3ee9a.fb
c:\windows\system32\Cache\651c5d3cdbfb8bd1.fb
c:\windows\system32\Cache\6c59ac5e7e7a3ad0.fb
c:\windows\system32\Cache\6d03dad1035885d3.fb
c:\windows\system32\Cache\78a6c36b8fbca3ba.fb
c:\windows\system32\Cache\a6635cb218bbe7ed.fb
c:\windows\system32\Cache\a8556537add6dfc5.fb
c:\windows\system32\Cache\ac27d57b59d76d6f.fb
c:\windows\system32\Cache\ad10a52aff5e038d.fb
c:\windows\system32\Cache\c1fa887b03019701.fb
c:\windows\system32\Cache\c4d28dca2e7648be.fb
c:\windows\system32\Cache\cd0ac2a88c7a52ed.fb
c:\windows\system32\Cache\d201ef9910cd39de.fb
c:\windows\system32\Cache\d2e94710a5708128.fb
c:\windows\system32\Cache\d79b9dfe81484ec4.fb
c:\windows\system32\Cache\e0de16f883bea794.fb
c:\windows\system32\Cache\f998975c9cc711ee.fb
c:\windows\system32\dllcache\dlimport.exe
c:\windows\system32\msstdfmt.dll
c:\windows\system32\TZLog.log
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\fusion.dll
c:\windows\system32\URTTemp\mscoree.dll
c:\windows\system32\URTTemp\mscoree.dll.local
c:\windows\system32\URTTemp\mscorsn.dll
c:\windows\system32\URTTemp\mscorwks.dll
c:\windows\system32\URTTemp\msvcr71.dll
c:\windows\system32\URTTemp\regtlib.exe
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-09-18 do 2012-10-18 )))))))))))))))))))))))))))))))
.
.
2012-10-17 21:38 . 2000-06-27 02:06 372224 ----a-w- c:\windows\system32\flexlm.cpl
2012-10-17 21:35 . 2012-10-17 21:37 -------- d-----w- C:\NEXIS32
2012-10-16 19:45 . 2012-08-21 09:13 355632 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-10-16 19:45 . 2012-08-21 09:13 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-10-16 19:45 . 2012-08-21 09:13 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-10-16 19:45 . 2012-08-21 09:13 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-10-16 19:45 . 2012-08-21 09:13 729752 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-10-16 19:45 . 2012-08-21 09:13 97608 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2012-10-16 19:45 . 2012-08-21 09:13 89624 ----a-w- c:\windows\system32\drivers\aswmon.sys
2012-10-16 19:45 . 2012-08-21 09:13 25256 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2012-10-16 19:44 . 2012-08-21 09:12 41224 ----a-w- c:\windows\avastSS.scr
2012-10-16 19:44 . 2012-08-21 09:12 227648 ----a-w- c:\windows\system32\aswBoot.exe
2012-10-16 19:44 . 2012-10-16 19:44 -------- d-----w- c:\program files\AVAST Software
2012-10-16 19:44 . 2012-10-16 19:44 -------- d-----w- c:\documents and settings\All Users\Data aplikací\AVAST Software
2012-10-16 17:14 . 2012-10-16 17:15 -------- d-----w- c:\program files\trend micro
2012-10-16 17:14 . 2012-10-16 17:15 -------- d-----w- C:\rsit
2012-10-15 18:03 . 2012-10-15 18:03 -------- d-----w- c:\program files\Sophos
2012-10-07 17:56 . 2012-10-18 12:28 -------- d-----w- C:\flexlm
2012-10-01 19:00 . 2012-10-01 19:00 -------- d-----w- c:\documents and settings\All Users\Data aplikací\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1}
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-13 17:39 . 2012-04-14 08:48 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-13 17:39 . 2011-06-15 22:07 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-28 15:18 . 2004-08-17 15:49 916992 ----a-w- c:\windows\system32\wininet.dll
2012-08-28 15:18 . 2004-08-17 15:49 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-08-28 15:18 . 2004-08-17 15:49 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-08-28 12:07 . 2004-08-17 15:44 385024 ----a-w- c:\windows\system32\html.iec
2012-08-24 13:53 . 2004-08-17 15:49 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-08-23 06:27 . 2004-08-17 15:45 2195072 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-08-23 06:27 . 2004-08-17 15:45 2071808 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-10-16 20:22 . 2012-10-16 20:22 261600 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-08-21 09:12 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-04-01 486856]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\windows\atiptaxx.exe" [2003-09-12 335872]
"mouseElf"="c:\progra~1\KYE\GENIUS~1\mouseElf.exe" [2002-05-20 151552]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-01-15 37376]
"NBKeyScan"="c:\program files\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe" [2008-02-21 1647912]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-08-21 4282728]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
AutoCAD Startup Accelerator.lnk - c:\program files\Common Files\Autodesk Shared\acstart17.exe [2006-3-5 11000]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^InterVideo WinCinema Manager.lnk]
backup=c:\windows\pss\InterVideo WinCinema Manager.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^NkvMon.exe.lnk]
backup=c:\windows\pss\NkvMon.exe.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Petr^Nabídka Start^Programy^Po spuštění^Registration-Studio 8.lnk]
path=c:\documents and settings\Petr\Nabídka Start\Programy\Po spuštění\Registration-Studio 8.lnk
backup=c:\windows\pss\Registration-Studio 8.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
2002-03-28 08:44 188416 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\hpztsb05.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 03:22 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2006-09-01 13:57 282624 ----a-w- c:\program files\QuickTime\qttask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-01-18 12:02 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VMware Tools]
2006-08-09 22:02 49152 ----a-w- c:\program files\VMware\VMware Tools\VMwareTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VMware User Process]
2006-08-09 22:02 114688 ----a-w- c:\program files\VMware\VMware Tools\VMwareUser.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Mozilla Thunderbird\\thunderbird.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Java\\jre6\\launch4j-tmp\\frd.exe"=
"c:\\flexlm\\nexis\\lmgrd.exe"=
"c:\\flexlm\\nexis\\scia.exe"=
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [21.1.2006 12:27 717296]
R0 vmscsi;vmscsi;c:\windows\system32\drivers\vmscsi.sys [28.3.2007 21:34 10880]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [16.10.2012 21:45 729752]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [16.10.2012 21:45 355632]
R1 oreans32;oreans32;c:\windows\system32\drivers\oreans32.sys [5.11.2007 23:58 33824]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [16.10.2012 21:45 21256]
R2 NitroReaderDriverReadSpool;NitroPDFReaderDriverCreatorReadSpool;c:\program files\Nitro PDF\Reader\NitroPDFReaderDriverService.exe [30.9.2010 15:01 196912]
S0 AVGIDSHX;AVGIDSHX;c:\windows\system32\DRIVERS\avgidshx.sys --> c:\windows\system32\DRIVERS\avgidshx.sys [?]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [23.8.2010 22:38 136176]
S2 IDA NEXIS License;IDA NEXIS License;c:\nexis32\license\lmgrd.exe [17.10.2012 23:37 195584]
S2 VMTools;VMware Tools Service;c:\program files\VMware\VMware Tools\VMwareService.exe [10.8.2006 0:02 159744]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [14.4.2012 10:48 250808]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [12.10.2010 21:15 13192]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [12.10.2010 21:15 8456]
S3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [23.8.2010 22:38 136176]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\58.tmp --> c:\windows\system32\58.tmp [?]
S3 MFE_RR;MFE_RR;\??\c:\docume~1\Petr\LOCALS~1\Temp\mfe_rr.sys --> c:\docume~1\Petr\LOCALS~1\Temp\mfe_rr.sys [?]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [2.5.2012 12:52 115168]
S3 Pcouffin;Low level access layer for CD devices; [x]
S3 SD;SD; [x]
S3 se46bus;Sony Ericsson Device 070 driver (WDM);c:\windows\system32\drivers\se46bus.sys [3.11.2007 23:39 61536]
S3 se46mdfl;Sony Ericsson Device 070 USB WMC Modem Filter;c:\windows\system32\drivers\se46mdfl.sys [3.11.2007 23:39 9360]
S3 se46mdm;Sony Ericsson Device 070 USB WMC Modem Driver;c:\windows\system32\drivers\se46mdm.sys [3.11.2007 23:39 97088]
S3 se46mgmt;Sony Ericsson Device 070 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\se46mgmt.sys [3.11.2007 23:39 88624]
S3 se46nd5;Sony Ericsson Device 070 USB Ethernet Emulation SEMC46 (NDIS);c:\windows\system32\drivers\se46nd5.sys [3.11.2007 23:39 18704]
S3 se46obex;Sony Ericsson Device 070 USB WMC OBEX Interface;c:\windows\system32\drivers\se46obex.sys [3.11.2007 23:39 86432]
S3 se46unic;Sony Ericsson Device 070 USB Ethernet Emulation SEMC46 (WDM);c:\windows\system32\drivers\se46unic.sys [3.11.2007 23:39 90800]
S3 vmmouse;VMware Pointing Device;c:\windows\system32\drivers\vmmouse.sys [28.3.2007 21:34 4608]
S3 vmx_svga;vmx_svga;c:\windows\system32\drivers\vmx_svga.sys [28.3.2007 21:33 15744]
S3 vmxnet;VMware Ethernet Adapter Driver;c:\windows\system32\drivers\vmxnet.sys [28.3.2007 21:34 22528]
.
Obsah adresáře 'Naplánované úlohy'
.
2012-10-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-14 17:39]
.
2012-10-01 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
2012-10-18 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2012-10-16 09:12]
.
2012-10-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-23 20:37]
.
2012-10-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-23 20:37]
.
2012-10-18 c:\windows\Tasks\RegistryBooster.job
- c:\program files\Uniblue\RegistryBooster\rbmonitor.exe [2012-10-01 12:39]
.
2012-10-18 c:\windows\Tasks\SpeedUpMyPC.job
- c:\program files\Uniblue\SpeedUpMyPC\spmonitor.exe [2012-10-01 23:46]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uSearchURL,(Default) = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=10168&gct=&gc=1&q=%s
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Stáhnout pomocí Net Transportu - c:\program files\Xi\NetTransport 2\NTAddLink.html
IE: Stáhnout vše pomocí &Net Transportu - c:\program files\Xi\NetTransport 2\NTAddList.html
TCP: DhcpNameServer = 10.0.0.138
FF - ProfilePath - c:\documents and settings\Petr\Data aplikací\Mozilla\Firefox\Profiles\qukjm96r.default\
FF - prefs.js: browser.search.selectedEngine - Seznam
FF - prefs.js: browser.startup.homepage - www.google.cz
FF - prefs.js: keyword.URL - hxxp://www.webhledani.cz/results.aspx?i=39&tp=ab&q=
FF - prefs.js: network.proxy.type - 4
FF - ExtSQL: 2012-10-16 21:45; wrc@avast.com; c:\program files\AVAST Software\Avast\WebRep\FF
FF - ExtSQL: !HIDDEN! 2009-09-02 15:36; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
.
------- Asociace souborů -------
.
.scr=AutoCADScriptFile
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
HKLM-Run-ROC_ROC_JULY_P1 - c:\program files\AVG Secure Search\ROC_ROC_JULY_P1.exe
HKLM-Run-ROC_roc_ssl_v12 - c:\program files\AVG Secure Search\ROC_roc_ssl_v12.exe
Notify-TPSvc - TPSvc.dll
AddRemove-Allplan - c:\windows\ISUN0405.EXE
AddRemove-Allplan 2004 - c:\windows\IsUn0405.exe
AddRemove-Cool's_Codec_pack_4.12 - c:\windows\iun6002.exe
AddRemove-Jak věci pracují 2.0 - c:\windows\IsUn0405.exe
AddRemove-NEXIS32 3.60.15 - c:\windows\IsUn0405.exe
AddRemove-Stan se svetoslapkem - c:\windows\IsUn0405.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-10-18 18:33
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\58.tmp"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(752)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'winlogon.exe'(2248)
c:\windows\system32\Ati2evxx.dll
.
Celkový čas: 2012-10-18 18:38:26
ComboFix-quarantined-files.txt 2012-10-18 16:38
.
Před spuštěním: Volných bajtů: 42 239 414 272
Po spuštění: Volných bajtů: 44 145 930 240
.
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 220A19281FFE8E0D292E3FE07C6FA59A
Re: rootkit sprb.sys
Poprosim o log z DDS
- Stahnete DDS odsud http://download.bleepingcomputer.com/sUBs/Beta/dds.exe a ulozte na plochu
- Spustte a kliknete na Start
- Po chvili vyskoci log, ten rad uvidim
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.Re: rootkit sprb.sys
Tak už jsem zpátky, zdravím, zde je log:
DDS (Ver_2011-09-30.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_31
Run by Petr at 22:11:50 on 2012-10-21
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1023.482 [GMT 2:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ================
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\NEXIS32\license\lmgrd.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\NEXIS32\license\scia.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Nitro PDF\Reader\NitroPDFReaderDriverService.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Uniblue\SpeedUpMyPC\spmonitor.exe
C:\Program Files\Uniblue\RegistryBooster\rbmonitor.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\atiptaxx.exe
C:\PROGRA~1\KYE\GENIUS~1\mouseElf.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Uniblue\RegistryBooster\registrybooster.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.seznam.cz/
uSearchURL,(Default) = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=10168&gct=&gc=1&q=%s
dURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned>
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - <orphaned>
BHO: SSVHelper Class: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll
BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: <No Name>: {BBE59AF5-EE22-4A3A-AB26-3F774D1B4216} - c:\program files\folderbox\FolderBox.dll
BHO: {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - <orphaned>
BHO: NTIECatcher Class: {C56CB6B0-0D96-11D6-8C65-B2868B609932} - c:\program files\xi\nettransport 2\NTIEHelper.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
EB: &Folder Box: {3F5A62E2-51F2-11D3-A075-CC7364CAE42B} - c:\program files\folderbox\FolderBox.dll
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\daemon.exe" -autorun
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [ATIPTA] c:\windows\atiptaxx.exe
mRun: [mouseElf] c:\progra~1\kye\genius~1\mouseElf.exe
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [NBKeyScan] "c:\program files\nero\nero 7\nero backitup\NBKeyScan.exe"
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
StartupFolder: c:\docume~1\alluse~1\nabdka~1\programy\posput~1\autoca~1.lnk - c:\program files\common files\autodesk shared\acstart17.exe
StartupFolder: c:\docume~1\alluse~1\nabdka~1\programy\posput~1\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: Stáhnout pomocí Net Transportu - c:\program files\xi\nettransport 2\NTAddLink.html
IE: Stáhnout vše pomocí &Net Transportu - c:\program files\xi\nettransport 2\NTAddList.html
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\jp2iexp.dll
IE: {36ECAF82-3300-8F84-092E-AFF36D6C7040} - {86529161-034E-4F8A-88D2-3C625E612E04} - c:\program files\winhttrack\WinHTTrackIEBar.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1105207737859
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 10.0.0.138
TCP: Interfaces\{4CBCC028-AC8C-4C4D-9594-9152B6E08341} : DHCPNameServer = 10.0.0.138
TCP: Interfaces\{ACBC1711-51F7-4300-9729-FF4EDD9D919A} : DHCPNameServer = 10.0.0.2
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Notify: AtiExtEvent - Ati2evxx.dll
.
============= SERVICES / DRIVERS ===============
.
R0 vmscsi;vmscsi;c:\windows\system32\drivers\vmscsi.sys [2007-3-28 10880]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-10-16 729752]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-10-16 355632]
R1 oreans32;oreans32;c:\windows\system32\drivers\oreans32.sys [2007-11-5 33824]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-10-16 21256]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-10-16 44808]
R2 IDA NEXIS License;IDA NEXIS License;c:\nexis32\license\lmgrd.exe [2012-10-17 195584]
R2 NitroReaderDriverReadSpool;NitroPDFReaderDriverCreatorReadSpool;c:\program files\nitro pdf\reader\NitroPDFReaderDriverService.exe [2010-9-30 196912]
R3 PSched;Plánovač paketů technologie QoS;c:\windows\system32\drivers\psched.sys [2004-8-4 69120]
S0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys --> c:\windows\system32\drivers\avgidshx.sys [?]
S2 gupdate;Služba Google Update (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-8-23 136176]
S2 VMTools;VMware Tools Service;c:\program files\vmware\vmware tools\VMwareService.exe [2006-8-10 159744]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-14 250808]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2010-10-12 13192]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2010-10-12 8456]
S3 gupdatem;Služba Google Update (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-8-23 136176]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\58.tmp --> c:\windows\system32\58.tmp [?]
S3 MFE_RR;MFE_RR; [x]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-5-2 115168]
S3 SD;SD; [x]
S3 se46bus;Sony Ericsson Device 070 driver (WDM);c:\windows\system32\drivers\se46bus.sys [2007-11-3 61536]
S3 se46mdfl;Sony Ericsson Device 070 USB WMC Modem Filter;c:\windows\system32\drivers\se46mdfl.sys [2007-11-3 9360]
S3 se46mdm;Sony Ericsson Device 070 USB WMC Modem Driver;c:\windows\system32\drivers\se46mdm.sys [2007-11-3 97088]
S3 se46mgmt;Sony Ericsson Device 070 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\se46mgmt.sys [2007-11-3 88624]
S3 se46nd5;Sony Ericsson Device 070 USB Ethernet Emulation SEMC46 (NDIS);c:\windows\system32\drivers\se46nd5.sys [2007-11-3 18704]
S3 se46obex;Sony Ericsson Device 070 USB WMC OBEX Interface;c:\windows\system32\drivers\se46obex.sys [2007-11-3 86432]
S3 se46unic;Sony Ericsson Device 070 USB Ethernet Emulation SEMC46 (WDM);c:\windows\system32\drivers\se46unic.sys [2007-11-3 90800]
S3 vmmouse;VMware Pointing Device;c:\windows\system32\drivers\vmmouse.sys [2007-3-28 4608]
S3 vmx_svga;vmx_svga;c:\windows\system32\drivers\vmx_svga.sys [2007-3-28 15744]
S3 vmxnet;VMware Ethernet Adapter Driver;c:\windows\system32\drivers\vmxnet.sys [2007-3-28 22528]
.
=============== File Associations ===============
.
FileExt: .scr: AutoCADScriptFile="c:\windows\system32\NOTEPAD.EXE" "%1"
ShellExec: FRONTPG.EXE: edit=c:\progra~1\micros~2\office10\FRONTPG.EXE
.
=============== Created Last 30 ================
.
2012-10-18 16:05:58 -------- d-sha-r- C:\cmdcons
2012-10-18 15:59:58 98816 ----a-w- c:\windows\sed.exe
2012-10-18 15:59:58 256000 ----a-w- c:\windows\PEV.exe
2012-10-18 15:59:58 208896 ----a-w- c:\windows\MBR.exe
2012-10-17 21:38:07 372224 ----a-w- c:\windows\system32\flexlm.cpl
2012-10-17 21:35:56 -------- d-----w- C:\NEXIS32
2012-10-16 20:21:59 416224 ----a-w- c:\program files\mozilla firefox\libGLESv2.dll
2012-10-16 20:21:58 80864 ----a-w- c:\program files\mozilla firefox\libEGL.dll
2012-10-16 20:21:57 2559968 ----a-w- c:\program files\mozilla firefox\gkmedias.dll
2012-10-16 20:21:55 640296 ----a-w- c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll
2012-10-16 19:45:23 729752 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-10-16 19:44:46 41224 ----a-w- c:\windows\avastSS.scr
2012-10-16 19:44:17 -------- d-----w- c:\program files\AVAST Software
2012-10-16 19:44:17 -------- d-----w- c:\documents and settings\all users\data aplikací\AVAST Software
2012-10-16 17:14:43 -------- d-----w- c:\program files\trend micro
2012-10-15 18:03:09 -------- d-----w- c:\program files\Sophos
2012-10-07 17:56:08 -------- d-----w- C:\flexlm
2012-10-01 19:00:51 -------- d-----w- c:\documents and settings\all users\data aplikací\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1}
.
==================== Find3M ====================
.
2012-10-13 17:39:54 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-13 17:39:54 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-28 15:18:59 916992 ----a-w- c:\windows\system32\wininet.dll
2012-08-28 15:18:53 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-08-28 15:18:52 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-08-28 12:07:32 385024 ----a-w- c:\windows\system32\html.iec
2012-08-24 13:53:44 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-08-23 06:27:29 2195072 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-08-23 06:27:29 2071808 ----a-w- c:\windows\system32\ntkrnlpa.exe
.
============= FINISH: 22:12:53,56 ===============
DDS (Ver_2011-09-30.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_31
Run by Petr at 22:11:50 on 2012-10-21
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1023.482 [GMT 2:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ================
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\NEXIS32\license\lmgrd.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\NEXIS32\license\scia.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Nitro PDF\Reader\NitroPDFReaderDriverService.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Uniblue\SpeedUpMyPC\spmonitor.exe
C:\Program Files\Uniblue\RegistryBooster\rbmonitor.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\atiptaxx.exe
C:\PROGRA~1\KYE\GENIUS~1\mouseElf.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Uniblue\RegistryBooster\registrybooster.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.seznam.cz/
uSearchURL,(Default) = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=10168&gct=&gc=1&q=%s
dURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned>
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - <orphaned>
BHO: SSVHelper Class: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll
BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: <No Name>: {BBE59AF5-EE22-4A3A-AB26-3F774D1B4216} - c:\program files\folderbox\FolderBox.dll
BHO: {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - <orphaned>
BHO: NTIECatcher Class: {C56CB6B0-0D96-11D6-8C65-B2868B609932} - c:\program files\xi\nettransport 2\NTIEHelper.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
EB: &Folder Box: {3F5A62E2-51F2-11D3-A075-CC7364CAE42B} - c:\program files\folderbox\FolderBox.dll
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\daemon.exe" -autorun
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [ATIPTA] c:\windows\atiptaxx.exe
mRun: [mouseElf] c:\progra~1\kye\genius~1\mouseElf.exe
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [NBKeyScan] "c:\program files\nero\nero 7\nero backitup\NBKeyScan.exe"
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
StartupFolder: c:\docume~1\alluse~1\nabdka~1\programy\posput~1\autoca~1.lnk - c:\program files\common files\autodesk shared\acstart17.exe
StartupFolder: c:\docume~1\alluse~1\nabdka~1\programy\posput~1\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: Stáhnout pomocí Net Transportu - c:\program files\xi\nettransport 2\NTAddLink.html
IE: Stáhnout vše pomocí &Net Transportu - c:\program files\xi\nettransport 2\NTAddList.html
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\jp2iexp.dll
IE: {36ECAF82-3300-8F84-092E-AFF36D6C7040} - {86529161-034E-4F8A-88D2-3C625E612E04} - c:\program files\winhttrack\WinHTTrackIEBar.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1105207737859
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 10.0.0.138
TCP: Interfaces\{4CBCC028-AC8C-4C4D-9594-9152B6E08341} : DHCPNameServer = 10.0.0.138
TCP: Interfaces\{ACBC1711-51F7-4300-9729-FF4EDD9D919A} : DHCPNameServer = 10.0.0.2
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Notify: AtiExtEvent - Ati2evxx.dll
.
============= SERVICES / DRIVERS ===============
.
R0 vmscsi;vmscsi;c:\windows\system32\drivers\vmscsi.sys [2007-3-28 10880]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-10-16 729752]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-10-16 355632]
R1 oreans32;oreans32;c:\windows\system32\drivers\oreans32.sys [2007-11-5 33824]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-10-16 21256]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-10-16 44808]
R2 IDA NEXIS License;IDA NEXIS License;c:\nexis32\license\lmgrd.exe [2012-10-17 195584]
R2 NitroReaderDriverReadSpool;NitroPDFReaderDriverCreatorReadSpool;c:\program files\nitro pdf\reader\NitroPDFReaderDriverService.exe [2010-9-30 196912]
R3 PSched;Plánovač paketů technologie QoS;c:\windows\system32\drivers\psched.sys [2004-8-4 69120]
S0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys --> c:\windows\system32\drivers\avgidshx.sys [?]
S2 gupdate;Služba Google Update (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-8-23 136176]
S2 VMTools;VMware Tools Service;c:\program files\vmware\vmware tools\VMwareService.exe [2006-8-10 159744]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-14 250808]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2010-10-12 13192]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2010-10-12 8456]
S3 gupdatem;Služba Google Update (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-8-23 136176]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\58.tmp --> c:\windows\system32\58.tmp [?]
S3 MFE_RR;MFE_RR; [x]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-5-2 115168]
S3 SD;SD; [x]
S3 se46bus;Sony Ericsson Device 070 driver (WDM);c:\windows\system32\drivers\se46bus.sys [2007-11-3 61536]
S3 se46mdfl;Sony Ericsson Device 070 USB WMC Modem Filter;c:\windows\system32\drivers\se46mdfl.sys [2007-11-3 9360]
S3 se46mdm;Sony Ericsson Device 070 USB WMC Modem Driver;c:\windows\system32\drivers\se46mdm.sys [2007-11-3 97088]
S3 se46mgmt;Sony Ericsson Device 070 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\se46mgmt.sys [2007-11-3 88624]
S3 se46nd5;Sony Ericsson Device 070 USB Ethernet Emulation SEMC46 (NDIS);c:\windows\system32\drivers\se46nd5.sys [2007-11-3 18704]
S3 se46obex;Sony Ericsson Device 070 USB WMC OBEX Interface;c:\windows\system32\drivers\se46obex.sys [2007-11-3 86432]
S3 se46unic;Sony Ericsson Device 070 USB Ethernet Emulation SEMC46 (WDM);c:\windows\system32\drivers\se46unic.sys [2007-11-3 90800]
S3 vmmouse;VMware Pointing Device;c:\windows\system32\drivers\vmmouse.sys [2007-3-28 4608]
S3 vmx_svga;vmx_svga;c:\windows\system32\drivers\vmx_svga.sys [2007-3-28 15744]
S3 vmxnet;VMware Ethernet Adapter Driver;c:\windows\system32\drivers\vmxnet.sys [2007-3-28 22528]
.
=============== File Associations ===============
.
FileExt: .scr: AutoCADScriptFile="c:\windows\system32\NOTEPAD.EXE" "%1"
ShellExec: FRONTPG.EXE: edit=c:\progra~1\micros~2\office10\FRONTPG.EXE
.
=============== Created Last 30 ================
.
2012-10-18 16:05:58 -------- d-sha-r- C:\cmdcons
2012-10-18 15:59:58 98816 ----a-w- c:\windows\sed.exe
2012-10-18 15:59:58 256000 ----a-w- c:\windows\PEV.exe
2012-10-18 15:59:58 208896 ----a-w- c:\windows\MBR.exe
2012-10-17 21:38:07 372224 ----a-w- c:\windows\system32\flexlm.cpl
2012-10-17 21:35:56 -------- d-----w- C:\NEXIS32
2012-10-16 20:21:59 416224 ----a-w- c:\program files\mozilla firefox\libGLESv2.dll
2012-10-16 20:21:58 80864 ----a-w- c:\program files\mozilla firefox\libEGL.dll
2012-10-16 20:21:57 2559968 ----a-w- c:\program files\mozilla firefox\gkmedias.dll
2012-10-16 20:21:55 640296 ----a-w- c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll
2012-10-16 19:45:23 729752 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-10-16 19:44:46 41224 ----a-w- c:\windows\avastSS.scr
2012-10-16 19:44:17 -------- d-----w- c:\program files\AVAST Software
2012-10-16 19:44:17 -------- d-----w- c:\documents and settings\all users\data aplikací\AVAST Software
2012-10-16 17:14:43 -------- d-----w- c:\program files\trend micro
2012-10-15 18:03:09 -------- d-----w- c:\program files\Sophos
2012-10-07 17:56:08 -------- d-----w- C:\flexlm
2012-10-01 19:00:51 -------- d-----w- c:\documents and settings\all users\data aplikací\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1}
.
==================== Find3M ====================
.
2012-10-13 17:39:54 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-13 17:39:54 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-28 15:18:59 916992 ----a-w- c:\windows\system32\wininet.dll
2012-08-28 15:18:53 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-08-28 15:18:52 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-08-28 12:07:32 385024 ----a-w- c:\windows\system32\html.iec
2012-08-24 13:53:44 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-08-23 06:27:29 2195072 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-08-23 06:27:29 2071808 ----a-w- c:\windows\system32\ntkrnlpa.exe
.
============= FINISH: 22:12:53,56 ===============
Re: rootkit sprb.sys
Pokud nemate, tak presunte Combofix na plochu
- Spustte poznamkovy blok (Start-spustit-notepad)
- Zkopirujte skript nize
Kód: Vybrat vše
KillAll:: DDS:: uStart Page = hxxp://www.seznam.cz/ uSearchURL,(Default) = hxxp://toolbar.ask.com/toolbarv/askRedi ... t=&gc=1&q=%s dURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned> BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - <orphaned> BHO: {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - <orphaned> uRun: [DAEMON Tools Lite] mRun: [WinampAgent] mRun: [NBKeyScan] Driver:: MEMSWEEP2 AVGIDSHX MFE_RR SD gupdate gupdatem Folder:: c:\documents and settings\all users\data aplikací\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1} File:: c:\windows\Tasks\Adobe Flash Player Updater.job c:\windows\Tasks\AppleSoftwareUpdate.job c:\windows\Tasks\avast! Emergency Update.job c:\windows\Tasks\GoogleUpdateTaskMachineCore.job c:\windows\Tasks\GoogleUpdateTaskMachineUA.job c:\windows\Tasks\RegistryBooster.job c:\windows\Tasks\SpeedUpMyPC.job c:\windows\system32\DRIVERS\avgidshx.sys Registry:: [-HKLM\~\startupfolder\C:^Documents and Settings^Petr^Nabídka Start^Programy^Po spuštění^Registration-Studio 8.lnk] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VMware Tools] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VMware User Process] SecSecenter:: AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF} {17DDD097-36FF-435F-9E1B-52D74245D6BF} ClearJavaCache:: Reboot::- Ulozte vytvoreny TXT jako CFScript.txt
- Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
- Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte
Pokud vyskoci hlaska "Pokus pouzit neplatnou operaci na klic registru, ktery je oznacen pro odstraneni", tak jen restartujte PC - registr se da do kupy - jedna se o vnitrni chybu, kterou zpusobuje CF a autor ji zatim neumi bohuzel opravit Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.Re: rootkit sprb.sys
Proběhlo bez problémů, log:
ComboFix 12-10-18.03 - Petr 22.10.2012 20:58:18.2.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1023.324 [GMT 2:00]
Spuštěný z: c:\documents and settings\Petr\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Petr\Plocha\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
FILE ::
"c:\windows\system32\DRIVERS\avgidshx.sys"
"c:\windows\Tasks\Adobe Flash Player Updater.job"
"c:\windows\Tasks\AppleSoftwareUpdate.job"
"c:\windows\Tasks\avast! Emergency Update.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
"c:\windows\Tasks\RegistryBooster.job"
"c:\windows\Tasks\SpeedUpMyPC.job"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_AVGIDSHX
-------\Legacy_GUPDATE
-------\Legacy_MEMSWEEP2
-------\Legacy_MFE_RR
-------\Service_AVGIDSHX
-------\Service_gupdate
-------\Service_gupdatem
-------\Service_MEMSWEEP2
-------\Service_MFE_RR
-------\Service_SD
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-09-22 do 2012-10-22 )))))))))))))))))))))))))))))))
.
.
2012-10-17 21:38 . 2000-06-27 02:06 372224 ----a-w- c:\windows\system32\flexlm.cpl
2012-10-17 21:35 . 2012-10-17 21:37 -------- d-----w- C:\NEXIS32
2012-10-16 19:45 . 2012-08-21 09:13 355632 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-10-16 19:45 . 2012-08-21 09:13 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-10-16 19:45 . 2012-08-21 09:13 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-10-16 19:45 . 2012-08-21 09:13 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-10-16 19:45 . 2012-08-21 09:13 729752 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-10-16 19:45 . 2012-08-21 09:13 97608 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2012-10-16 19:45 . 2012-08-21 09:13 89624 ----a-w- c:\windows\system32\drivers\aswmon.sys
2012-10-16 19:45 . 2012-08-21 09:13 25256 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2012-10-16 19:44 . 2012-08-21 09:12 41224 ----a-w- c:\windows\avastSS.scr
2012-10-16 19:44 . 2012-08-21 09:12 227648 ----a-w- c:\windows\system32\aswBoot.exe
2012-10-16 19:44 . 2012-10-16 19:44 -------- d-----w- c:\program files\AVAST Software
2012-10-16 19:44 . 2012-10-16 19:44 -------- d-----w- c:\documents and settings\All Users\Data aplikací\AVAST Software
2012-10-16 17:14 . 2012-10-16 17:15 -------- d-----w- c:\program files\trend micro
2012-10-16 17:14 . 2012-10-16 17:15 -------- d-----w- C:\rsit
2012-10-15 18:03 . 2012-10-15 18:03 -------- d-----w- c:\program files\Sophos
2012-10-07 17:56 . 2012-10-22 19:13 -------- d-----w- C:\flexlm
2012-10-01 19:00 . 2012-10-01 19:00 -------- d-----w- c:\documents and settings\All Users\Data aplikací\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1}
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-13 17:39 . 2012-04-14 08:48 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-13 17:39 . 2011-06-15 22:07 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-28 15:18 . 2004-08-17 15:49 916992 ----a-w- c:\windows\system32\wininet.dll
2012-08-28 15:18 . 2004-08-17 15:49 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-08-28 15:18 . 2004-08-17 15:49 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-08-28 12:07 . 2004-08-17 15:44 385024 ----a-w- c:\windows\system32\html.iec
2012-08-24 13:53 . 2004-08-17 15:49 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-08-23 06:27 . 2004-08-17 15:45 2195072 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-08-23 06:27 . 2004-08-17 15:45 2071808 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-10-16 20:22 . 2012-10-16 20:22 261600 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-08-21 09:12 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\windows\atiptaxx.exe" [2003-09-12 335872]
"mouseElf"="c:\progra~1\KYE\GENIUS~1\mouseElf.exe" [2002-05-20 151552]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-08-21 4282728]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
AutoCAD Startup Accelerator.lnk - c:\program files\Common Files\Autodesk Shared\acstart17.exe [2006-3-5 11000]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^InterVideo WinCinema Manager.lnk]
backup=c:\windows\pss\InterVideo WinCinema Manager.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^NkvMon.exe.lnk]
backup=c:\windows\pss\NkvMon.exe.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
2002-03-28 08:44 188416 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\hpztsb05.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Mozilla Thunderbird\\thunderbird.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Java\\jre6\\launch4j-tmp\\frd.exe"=
"c:\\flexlm\\nexis\\lmgrd.exe"=
"c:\\flexlm\\nexis\\scia.exe"=
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [21.1.2006 12:27 717296]
R0 vmscsi;vmscsi;c:\windows\system32\drivers\vmscsi.sys [28.3.2007 21:34 10880]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [16.10.2012 21:45 729752]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [16.10.2012 21:45 355632]
R1 oreans32;oreans32;c:\windows\system32\drivers\oreans32.sys [5.11.2007 23:58 33824]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [16.10.2012 21:45 21256]
R2 IDA NEXIS License;IDA NEXIS License;c:\nexis32\license\lmgrd.exe [17.10.2012 23:37 195584]
R2 NitroReaderDriverReadSpool;NitroPDFReaderDriverCreatorReadSpool;c:\program files\Nitro PDF\Reader\NitroPDFReaderDriverService.exe [30.9.2010 15:01 196912]
S2 VMTools;VMware Tools Service;c:\program files\VMware\VMware Tools\VMwareService.exe [10.8.2006 0:02 159744]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [14.4.2012 10:48 250808]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [12.10.2010 21:15 13192]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [12.10.2010 21:15 8456]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [2.5.2012 12:52 115168]
S3 Pcouffin;Low level access layer for CD devices; [x]
S3 se46bus;Sony Ericsson Device 070 driver (WDM);c:\windows\system32\drivers\se46bus.sys [3.11.2007 23:39 61536]
S3 se46mdfl;Sony Ericsson Device 070 USB WMC Modem Filter;c:\windows\system32\drivers\se46mdfl.sys [3.11.2007 23:39 9360]
S3 se46mdm;Sony Ericsson Device 070 USB WMC Modem Driver;c:\windows\system32\drivers\se46mdm.sys [3.11.2007 23:39 97088]
S3 se46mgmt;Sony Ericsson Device 070 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\se46mgmt.sys [3.11.2007 23:39 88624]
S3 se46nd5;Sony Ericsson Device 070 USB Ethernet Emulation SEMC46 (NDIS);c:\windows\system32\drivers\se46nd5.sys [3.11.2007 23:39 18704]
S3 se46obex;Sony Ericsson Device 070 USB WMC OBEX Interface;c:\windows\system32\drivers\se46obex.sys [3.11.2007 23:39 86432]
S3 se46unic;Sony Ericsson Device 070 USB Ethernet Emulation SEMC46 (WDM);c:\windows\system32\drivers\se46unic.sys [3.11.2007 23:39 90800]
S3 vmmouse;VMware Pointing Device;c:\windows\system32\drivers\vmmouse.sys [28.3.2007 21:34 4608]
S3 vmx_svga;vmx_svga;c:\windows\system32\drivers\vmx_svga.sys [28.3.2007 21:33 15744]
S3 vmxnet;VMware Ethernet Adapter Driver;c:\windows\system32\drivers\vmxnet.sys [28.3.2007 21:34 22528]
.
Obsah adresáře 'Naplánované úlohy'
.
2012-10-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-14 17:39]
.
2012-10-01 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
2012-10-22 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2012-10-16 09:12]
.
2012-10-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-23 20:37]
.
2012-10-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-23 20:37]
.
2012-10-22 c:\windows\Tasks\RegistryBooster.job
- c:\program files\Uniblue\RegistryBooster\rbmonitor.exe [2012-10-01 12:39]
.
2012-10-22 c:\windows\Tasks\SpeedUpMyPC.job
- c:\program files\Uniblue\SpeedUpMyPC\spmonitor.exe [2012-10-01 23:46]
.
.
------- Doplňkový sken -------
.
uSearchURL,(Default) = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=10168&gct=&gc=1&q=%s
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Stáhnout pomocí Net Transportu - c:\program files\Xi\NetTransport 2\NTAddLink.html
IE: Stáhnout vše pomocí &Net Transportu - c:\program files\Xi\NetTransport 2\NTAddList.html
TCP: DhcpNameServer = 10.0.0.138
FF - ProfilePath - c:\documents and settings\Petr\Data aplikací\Mozilla\Firefox\Profiles\qukjm96r.default\
FF - prefs.js: browser.search.selectedEngine - Seznam
FF - prefs.js: browser.startup.homepage - www.google.cz
FF - prefs.js: keyword.URL - hxxp://www.webhledani.cz/results.aspx?i=39&tp=ab&q=
FF - prefs.js: network.proxy.type - 4
FF - ExtSQL: 2012-10-16 21:45; wrc@avast.com; c:\program files\AVAST Software\Avast\WebRep\FF
FF - ExtSQL: !HIDDEN! 2009-09-02 15:36; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-10-22 21:26
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(760)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(1360)
c:\windows\system32\webcheck.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\windows\System32\SCardSvr.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\nexis32\license\scia.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\Ati2evxx.exe
.
**************************************************************************
.
Celkový čas: 2012-10-22 21:32:10 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-10-22 19:32
ComboFix2.txt 2012-10-18 16:38
.
Před spuštěním: Volných bajtů: 43 417 284 608
Po spuštění: Volných bajtů: 43 293 208 576
.
- - End Of File - - 9C1ED81D2CD054E9C37A5E0EA17A2EDC
ComboFix 12-10-18.03 - Petr 22.10.2012 20:58:18.2.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1023.324 [GMT 2:00]
Spuštěný z: c:\documents and settings\Petr\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Petr\Plocha\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
FILE ::
"c:\windows\system32\DRIVERS\avgidshx.sys"
"c:\windows\Tasks\Adobe Flash Player Updater.job"
"c:\windows\Tasks\AppleSoftwareUpdate.job"
"c:\windows\Tasks\avast! Emergency Update.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
"c:\windows\Tasks\RegistryBooster.job"
"c:\windows\Tasks\SpeedUpMyPC.job"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_AVGIDSHX
-------\Legacy_GUPDATE
-------\Legacy_MEMSWEEP2
-------\Legacy_MFE_RR
-------\Service_AVGIDSHX
-------\Service_gupdate
-------\Service_gupdatem
-------\Service_MEMSWEEP2
-------\Service_MFE_RR
-------\Service_SD
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-09-22 do 2012-10-22 )))))))))))))))))))))))))))))))
.
.
2012-10-17 21:38 . 2000-06-27 02:06 372224 ----a-w- c:\windows\system32\flexlm.cpl
2012-10-17 21:35 . 2012-10-17 21:37 -------- d-----w- C:\NEXIS32
2012-10-16 19:45 . 2012-08-21 09:13 355632 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-10-16 19:45 . 2012-08-21 09:13 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-10-16 19:45 . 2012-08-21 09:13 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-10-16 19:45 . 2012-08-21 09:13 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-10-16 19:45 . 2012-08-21 09:13 729752 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-10-16 19:45 . 2012-08-21 09:13 97608 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2012-10-16 19:45 . 2012-08-21 09:13 89624 ----a-w- c:\windows\system32\drivers\aswmon.sys
2012-10-16 19:45 . 2012-08-21 09:13 25256 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2012-10-16 19:44 . 2012-08-21 09:12 41224 ----a-w- c:\windows\avastSS.scr
2012-10-16 19:44 . 2012-08-21 09:12 227648 ----a-w- c:\windows\system32\aswBoot.exe
2012-10-16 19:44 . 2012-10-16 19:44 -------- d-----w- c:\program files\AVAST Software
2012-10-16 19:44 . 2012-10-16 19:44 -------- d-----w- c:\documents and settings\All Users\Data aplikací\AVAST Software
2012-10-16 17:14 . 2012-10-16 17:15 -------- d-----w- c:\program files\trend micro
2012-10-16 17:14 . 2012-10-16 17:15 -------- d-----w- C:\rsit
2012-10-15 18:03 . 2012-10-15 18:03 -------- d-----w- c:\program files\Sophos
2012-10-07 17:56 . 2012-10-22 19:13 -------- d-----w- C:\flexlm
2012-10-01 19:00 . 2012-10-01 19:00 -------- d-----w- c:\documents and settings\All Users\Data aplikací\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1}
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-13 17:39 . 2012-04-14 08:48 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-13 17:39 . 2011-06-15 22:07 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-28 15:18 . 2004-08-17 15:49 916992 ----a-w- c:\windows\system32\wininet.dll
2012-08-28 15:18 . 2004-08-17 15:49 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-08-28 15:18 . 2004-08-17 15:49 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-08-28 12:07 . 2004-08-17 15:44 385024 ----a-w- c:\windows\system32\html.iec
2012-08-24 13:53 . 2004-08-17 15:49 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-08-23 06:27 . 2004-08-17 15:45 2195072 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-08-23 06:27 . 2004-08-17 15:45 2071808 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-10-16 20:22 . 2012-10-16 20:22 261600 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-08-21 09:12 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\windows\atiptaxx.exe" [2003-09-12 335872]
"mouseElf"="c:\progra~1\KYE\GENIUS~1\mouseElf.exe" [2002-05-20 151552]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-08-21 4282728]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
AutoCAD Startup Accelerator.lnk - c:\program files\Common Files\Autodesk Shared\acstart17.exe [2006-3-5 11000]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^InterVideo WinCinema Manager.lnk]
backup=c:\windows\pss\InterVideo WinCinema Manager.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^NkvMon.exe.lnk]
backup=c:\windows\pss\NkvMon.exe.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
2002-03-28 08:44 188416 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\hpztsb05.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Mozilla Thunderbird\\thunderbird.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Java\\jre6\\launch4j-tmp\\frd.exe"=
"c:\\flexlm\\nexis\\lmgrd.exe"=
"c:\\flexlm\\nexis\\scia.exe"=
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [21.1.2006 12:27 717296]
R0 vmscsi;vmscsi;c:\windows\system32\drivers\vmscsi.sys [28.3.2007 21:34 10880]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [16.10.2012 21:45 729752]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [16.10.2012 21:45 355632]
R1 oreans32;oreans32;c:\windows\system32\drivers\oreans32.sys [5.11.2007 23:58 33824]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [16.10.2012 21:45 21256]
R2 IDA NEXIS License;IDA NEXIS License;c:\nexis32\license\lmgrd.exe [17.10.2012 23:37 195584]
R2 NitroReaderDriverReadSpool;NitroPDFReaderDriverCreatorReadSpool;c:\program files\Nitro PDF\Reader\NitroPDFReaderDriverService.exe [30.9.2010 15:01 196912]
S2 VMTools;VMware Tools Service;c:\program files\VMware\VMware Tools\VMwareService.exe [10.8.2006 0:02 159744]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [14.4.2012 10:48 250808]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [12.10.2010 21:15 13192]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [12.10.2010 21:15 8456]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [2.5.2012 12:52 115168]
S3 Pcouffin;Low level access layer for CD devices; [x]
S3 se46bus;Sony Ericsson Device 070 driver (WDM);c:\windows\system32\drivers\se46bus.sys [3.11.2007 23:39 61536]
S3 se46mdfl;Sony Ericsson Device 070 USB WMC Modem Filter;c:\windows\system32\drivers\se46mdfl.sys [3.11.2007 23:39 9360]
S3 se46mdm;Sony Ericsson Device 070 USB WMC Modem Driver;c:\windows\system32\drivers\se46mdm.sys [3.11.2007 23:39 97088]
S3 se46mgmt;Sony Ericsson Device 070 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\se46mgmt.sys [3.11.2007 23:39 88624]
S3 se46nd5;Sony Ericsson Device 070 USB Ethernet Emulation SEMC46 (NDIS);c:\windows\system32\drivers\se46nd5.sys [3.11.2007 23:39 18704]
S3 se46obex;Sony Ericsson Device 070 USB WMC OBEX Interface;c:\windows\system32\drivers\se46obex.sys [3.11.2007 23:39 86432]
S3 se46unic;Sony Ericsson Device 070 USB Ethernet Emulation SEMC46 (WDM);c:\windows\system32\drivers\se46unic.sys [3.11.2007 23:39 90800]
S3 vmmouse;VMware Pointing Device;c:\windows\system32\drivers\vmmouse.sys [28.3.2007 21:34 4608]
S3 vmx_svga;vmx_svga;c:\windows\system32\drivers\vmx_svga.sys [28.3.2007 21:33 15744]
S3 vmxnet;VMware Ethernet Adapter Driver;c:\windows\system32\drivers\vmxnet.sys [28.3.2007 21:34 22528]
.
Obsah adresáře 'Naplánované úlohy'
.
2012-10-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-14 17:39]
.
2012-10-01 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
2012-10-22 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2012-10-16 09:12]
.
2012-10-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-23 20:37]
.
2012-10-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-23 20:37]
.
2012-10-22 c:\windows\Tasks\RegistryBooster.job
- c:\program files\Uniblue\RegistryBooster\rbmonitor.exe [2012-10-01 12:39]
.
2012-10-22 c:\windows\Tasks\SpeedUpMyPC.job
- c:\program files\Uniblue\SpeedUpMyPC\spmonitor.exe [2012-10-01 23:46]
.
.
------- Doplňkový sken -------
.
uSearchURL,(Default) = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=10168&gct=&gc=1&q=%s
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Stáhnout pomocí Net Transportu - c:\program files\Xi\NetTransport 2\NTAddLink.html
IE: Stáhnout vše pomocí &Net Transportu - c:\program files\Xi\NetTransport 2\NTAddList.html
TCP: DhcpNameServer = 10.0.0.138
FF - ProfilePath - c:\documents and settings\Petr\Data aplikací\Mozilla\Firefox\Profiles\qukjm96r.default\
FF - prefs.js: browser.search.selectedEngine - Seznam
FF - prefs.js: browser.startup.homepage - www.google.cz
FF - prefs.js: keyword.URL - hxxp://www.webhledani.cz/results.aspx?i=39&tp=ab&q=
FF - prefs.js: network.proxy.type - 4
FF - ExtSQL: 2012-10-16 21:45; wrc@avast.com; c:\program files\AVAST Software\Avast\WebRep\FF
FF - ExtSQL: !HIDDEN! 2009-09-02 15:36; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-10-22 21:26
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(760)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(1360)
c:\windows\system32\webcheck.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\windows\System32\SCardSvr.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\nexis32\license\scia.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\Ati2evxx.exe
.
**************************************************************************
.
Celkový čas: 2012-10-22 21:32:10 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-10-22 19:32
ComboFix2.txt 2012-10-18 16:38
.
Před spuštěním: Volných bajtů: 43 417 284 608
Po spuštění: Volných bajtů: 43 293 208 576
.
- - End Of File - - 9C1ED81D2CD054E9C37A5E0EA17A2EDC
Re: rootkit sprb.sys
Jak se chova PC 
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.
Přispějete na provoz fóra?