Zavirovaný PC, Autorun,inf

Zpráva

Domeek · #1 Příspěvek od **Domeek** » 09 úno 2013 18:21

Hezký večer,
chtěl bych Vás požádat o pomoc. Mám tu počítač od známého,který si s viry už nevěděl rady. Zjistil jsem ale, že na to ani já sám nestačím a tak se obracím na místní odborníky. V pc byl původně nahraný Nod32, kterému už skončila licence. Provedl jsem odinstalování a nahrál aktualizovaný Avast. Nechal jsem spustit po restartu a vymazat infikované soubory. PC je ale stále silně infikované, pořád je problém s inf soubory na usb disku. PC se chová neobvykle. Děkuji za Vaši pomoc a přikládám log jak smazaných souborů Avastu, tak RSIT.
---------
Avast
=================================================
09.02.2013 14:36
Testují se všechny lokální disky

Soubor C:\Documents and Settings\All Users\Local Settings\Temp\msiezy.exe je infikován virem Win32:Malware-gen, Smazán
Soubor C:\Documents and Settings\win-xp\46357865364647353\winsvc.exe je infikován virem Win32:IRCBot-FAK [Trj], Smazán
Soubor C:\Documents and Settings\win-xp\6438640620394286720310355\winsvc.exe je infikován virem Win32:Fareit-BF [Trj], Smazán
Soubor C:\Documents and Settings\win-xp\Data aplikací\1db44b5.exe je infikován virem Win32:Atraps-PY [Trj], Smazán
Soubor C:\Documents and Settings\win-xp\Data aplikací\4F5C7D\4F5C7D.exe je infikován virem Win32:Dofoil-BA [Trj], Smazán
Soubor C:\Documents and Settings\win-xp\Data aplikací\click.exe je infikován virem Win32:Malware-gen, Smazán
Soubor C:\Documents and Settings\win-xp\Data aplikací\jan24.exe je infikován virem Win32:Dofoil-BA [Trj], Smazán
Soubor C:\Documents and Settings\win-xp\Data aplikací\nMNtfaARw2l97e30p5ev.exe je infikován virem Win32:Malware-gen, Smazán
Soubor C:\Documents and Settings\win-xp\Data aplikací\nMNtffsdf5ev.exe je infikován virem Win32:Malware-gen, Smazán
Soubor C:\Documents and Settings\win-xp\init.exe je infikován virem Win32:Rootkit-gen [Rtk], Smazán
Soubor C:\Documents and Settings\win-xp\Local Settings\Temp\0071041861.exe je infikován virem Win32:Malware-gen, Smazán
Soubor C:\Documents and Settings\win-xp\Local Settings\Temp\0084723116.exe je infikován virem Win32:Fareit-BF [Trj], Smazán
Soubor C:\Documents and Settings\win-xp\Local Settings\Temp\0158349174.exe je infikován virem Win32:Fareit-BF [Trj], Smazán
Soubor C:\Documents and Settings\win-xp\Local Settings\Temp\0241957657.exe je infikován virem Win32:Fareit-BF [Trj], Smazán
Soubor C:\Documents and Settings\win-xp\Local Settings\Temp\0421534352.exe je infikován virem Win32:Fareit-BF [Trj], Smazán
Soubor C:\Documents and Settings\win-xp\Local Settings\Temp\0468037619.exe je infikován virem Win32:VBInject-L [Trj], Smazán
Soubor C:\Documents and Settings\win-xp\Local Settings\Temp\0498587030.exe je infikován virem Win32:Dropper-gen [Drp], Smazán
Soubor C:\Documents and Settings\win-xp\Local Settings\Temp\0512501120.exe je infikován virem Win32:Fareit-BF [Trj], Smazán
Soubor C:\Documents and Settings\win-xp\Local Settings\Temp\0522756636.exe je infikován virem Win32:Dropper-gen [Drp], Smazán
Soubor C:\Documents and Settings\win-xp\Local Settings\Temp\0591804236.exe je infikován virem Win32:Fareit-BF [Trj], Smazán
Soubor C:\Documents and Settings\win-xp\Local Settings\Temp\0596880773.exe je infikován virem Win32:Fareit-BF [Trj], Smazán
Soubor C:\Documents and Settings\win-xp\Local Settings\Temp\0686952267.exe je infikován virem Win32:VBInject-M [Trj], Smazán
Soubor C:\Documents and Settings\win-xp\Local Settings\Temp\086421.exe je infikován virem Win32:IRCBot-FAK [Trj], Smazán
Soubor C:\Documents and Settings\win-xp\Local Settings\Temp\1004847439.exe je infikován virem Win32:Fareit-BF [Trj], Smazán
Soubor C:\Documents and Settings\win-xp\Local Settings\Temp\1131846596.exe je infikován virem Win32:Fareit-BF [Trj], Smazán
Soubor C:\Documents and Settings\win-xp\Local Settings\Temp\1165888206.exe je infikován virem Win32:Fareit-BF [Trj], Smazán
Soubor C:\Documents and Settings\win-xp\Local Settings\Temp\1206651313.exe je infikován virem Win32:Fareit-BF [Trj], Smazán
Soubor C:\Documents and Settings\win-xp\Local Settings\Temp\1227745031.exe je infikován virem Win32:Fareit-BF [Trj], Smazán
Soubor C:\Documents and Settings\win-xp\Local Settings\Temp\1251269652.exe je infikován virem Win32:Fareit-BF [Trj], Smazán
Soubor C:\Documents and Settings\win-xp\Local Settings\Temp\1331023282.exe je infikován virem Win32:Fareit-BF [Trj], Smazán
Soubor C:\Documents and Settings\win-xp\Local Settings\Temp\1378820853.exe je infikován virem Win32:Fareit-BF [Trj], Smazán
Soubor C:\Documents and Settings\win-xp\Local Settings\Temp\1478705837.exe je infikován virem Win32:Kryptik-LCC [Trj], Smazán
Soubor C:\Documents and Settings\win-xp\Local Settings\Temp\1490602080.exe je infikován virem Win32:Fareit-BF [Trj], Smazán
Soubor C:\Documents and Settings\win-xp\Local Settings\Temp\14FD.tmp je infikován virem Win32:Zbot-QKD [Trj], Smazán
Soubor C:\Documents and Settings\win-xp\Local Settings\Temp\1548357174.exe je infikován virem Win32:Dropper-gen [Drp], Smazán
Soubor C:\Documents and Settings\win-xp\Local Settings\Temp\1594167085.exe je infikován virem Win32:Fareit-BF [Trj], Smazán
Soubor C:\Documents and Settings\win-xp\Local Settings\Temp\1644475486.exe je infikován virem Win32:Malware-gen, Smazán
Soubor C:\Documents and Settings\win-xp\Local Settings\Temp\1982489836.exe je infikován virem Win32:Fareit-BF [Trj], Smazán
Soubor C:\Documents and Settings\win-xp\Local Settings\Temp\2120576185.exe je infikován virem Win32:Malware-gen, Smazán
Soubor C:\Documents and Settings\win-xp\Local Settings\Temp\2214905548.exe je infikován virem Win32:Fareit-BF [Trj], Smazán
Soubor C:\Documents and Settings\win-xp\Local Settings\Temp\2324314906.exe je infikován virem Win32:Fareit-BF [Trj], Smazán
Soubor C:\Documents and Settings\win-xp\Local Settings\Temp\2339565542.exe je infikován virem Win32:Fareit-BF [Trj], Smazán
Soubor C:\Documents and Settings\win-xp\Local Settings\Temp\2347797242.exe je infikován virem Win32:Kryptik-LBQ [Trj], Smazán
Soubor C:\Documents and Settings\win-xp\Local Settings\Temp\2427.tmp je infikován virem Win32:Downloader-SJX [Trj], Smazán
Soubor C:\Documents and Settings\win-xp\Local Settings\Temp\2483526733.exe je infikován virem Win32:Fareit-BF [Trj], Smazán
Soubor C:\Documents and Settings\win-xp\Local Settings\Temp\2551760315.exe je infikován virem Win32:Fareit-BF [Trj], Smazán
Soubor C:\Documents and Settings\win-xp\Local Settings\Temp\2555440521.exe je infikován virem Win32:Fareit-BF [Trj], Smazán
Soubor C:\Documents and Settings\win-xp\Local Settings\Temp\2686509092.exe je infikován virem Win32:Dropper-gen [Drp], Smazán
Soubor C:\Documents and Settings\win-xp\Local Settings\Temp\2750910687.exe je infikován virem Win32:Fareit-BF [Trj], Smazán
Soubor C:\Documents and Settings\win-xp\Local Settings\Temp\2F6.tmp je infikován virem Win32:Dropper-gen [Drp], Smazán
Soubor C:\Documents and Settings\win-xp\Local Settings\Temp\3283717800.exe je infikován virem Win32:Malware-gen, Smazán
Soubor C:\Documents and Settings\win-xp\Local Settings\Temp\3360221002.exe je infikován virem Win32:Fareit-BF [Trj], Smazán
Soubor C:\Documents and Settings\win-xp\Local Settings\Temp\3644374422.exe je infikován virem Win32:VBInject-L [Trj], Smazán
Soubor C:\Documents and Settings\win-xp\Local Settings\Temp\3729866461.exe je infikován virem Win32:Fareit-BF [Trj], Smazán
Soubor C:\Documents and Settings\win-xp\Local Settings\Temp\3752459131.exe je infikován virem Win32:Fareit-BF [Trj], Smazán
Soubor C:\Documents and Settings\win-xp\Local Settings\Temp\3845530256.exe je infikován virem Win32:Fareit-BF [Trj], Smazán
Soubor C:\Documents and Settings\win-xp\Local Settings\Temp\3884989220.exe je infikován virem Win32:Fareit-BF [Trj], Smazán
Soubor C:\Documents and Settings\win-xp\Local Settings\Temp\4057883284.exe je infikován virem Win32:Dropper-gen [Drp], Smazán
Soubor C:\Documents and Settings\win-xp\Local Settings\Temp\4088796294.exe je infikován virem Win32:Malware-gen, Smazán
Soubor C:\Documents and Settings\win-xp\Local Settings\Temp\4154722828.exe je infikován virem Win32:Agent-AQUG [Trj], Smazán
Soubor C:\Documents and Settings\win-xp\Local Settings\Temp\4250582659.exe je infikován virem Win32:Fareit-BF [Trj], Smazán
Soubor C:\Documents and Settings\win-xp\Local Settings\Temp\4291974104.exe je infikován virem Win32:Fareit-BF [Trj], Smazán
Soubor C:\Documents and Settings\win-xp\Local Settings\Temp\4359104386.exe je infikován virem Win32:Fareit-BF [Trj], Smazán
Soubor C:\Documents and Settings\win-xp\Local Settings\Temp\4435018490.exe je infikován virem Win32:Fareit-BF [Trj], Smazán
Soubor C:\Documents and Settings\win-xp\Local Settings\Temp\4457656944.exe je infikován virem Win32:Fareit-BF [Trj], Smazán
Soubor C:\Documents and Settings\win-xp\Local Settings\Temp\4635095519.exe je infikován virem Win32:Fareit-BF [Trj], Smazán
Soubor C:\Documents and Settings\win-xp\Local Settings\Temp\467.tmp je infikován virem Win32:Dropper-gen [Drp], Smazán
Soubor C:\Documents and Settings\win-xp\Local Settings\Temp\4909906648.exe je infikován virem Win32:Fareit-BF [Trj], Smazán
Soubor C:\Documents and Settings\win-xp\Local Settings\Temp\5037947973.exe je infikován virem Win32:Fareit-BF [Trj], Smazán
Soubor C:\Documents and Settings\win-xp\Local Settings\Temp\5046036719.exe je infikován virem Win32:Fareit-BF [Trj], Smazán
Soubor C:\Documents and Settings\win-xp\Local Settings\Temp\5111716764.exe je infikován virem Win32:Fareit-BF [Trj], Smazán
Soubor C:\Documents and Settings\win-xp\Local Settings\Temp\5151987779.exe je infikován virem Win32:Fareit-BF [Trj], Smazán
Soubor C:\Documents and Settings\win-xp\Local Settings\Temp\5310628719.exe je infikován virem Win32:Fareit-BF [Trj], Smazán
Soubor C:\Documents and Settings\win-xp\Local Settings\Temp\5380127402.exe je infikován virem Win32:Fareit-BF [Trj], Smazán
Soubor C:\Documents and Settings\win-xp\Local Settings\Temp\5444508804.exe je infikován virem Win32:Fareit-BF [Trj], Smazán
Soubor C:\Documents and Settings\win-xp\Local Settings\Temp\5543084160.exe je infikován virem Win32:Fareit-BF [Trj], Smazán
Soubor C:\Documents and Settings\win-xp\Local Settings\Temp\5601420894.exe je infikován virem Win32:Malware-gen, Smazán
Soubor C:\Documents and Settings\win-xp\Local Settings\Temp\5718244636.exe je infikován virem Win32:Fareit-BF [Trj], Smazán
Soubor C:\Documents and Settings\win-xp\Local Settings\Temp\5718526026.exe je infikován virem Win32:VBInject-L [Trj], Smazán
Soubor C:\Documents and Settings\win-xp\Local Settings\Temp\5864640597.exe je infikován virem Win32:Fareit-BF [Trj], Smazán
Soubor C:\Documents and Settings\win-xp\Local Settings\Temp\5873798784.exe je infikován virem Win32:Dropper-gen [Drp], Smazán
Soubor C:\Documents and Settings\win-xp\Local Settings\Temp\5938432910.exe je infikován virem Win32:Fareit-BF [Trj], Smazán
Soubor C:\Documents and Settings\win-xp\Local Settings\Temp\6162307634.exe je infikován virem Win32:Fareit-BF [Trj], Smazán
Soubor C:\Documents and Settings\win-xp\Local Settings\Temp\6217775203.exe je infikován virem Win32:Fareit-BF [Trj], Smazán
Soubor C:\Documents and Settings\win-xp\Local Settings\Temp\6243949842.exe je infikován virem Win32:Dropper-gen [Drp], Smazán
Soubor C:\Documents and Settings\win-xp\Local Settings\Temp\6345840959.exe je infikován virem Win32:Fareit-BF [Trj], Smazán
Soubor C:\Documents and Settings\win-xp\Local Settings\Temp\6419558177.exe je infikován virem Win32:Fareit-BF [Trj], Smazán
Soubor C:\Documents and Settings\win-xp\Local Settings\Temp\6550531377.exe je infikován virem Win32:Malware-gen, Smazán
Soubor C:\Documents and Settings\win-xp\Local Settings\Temp\6602060890.exe je infikován virem Win32:Fareit-BF [Trj], Smazán
Soubor C:\Documents and Settings\win-xp\Local Settings\Temp\6610671768.exe je infikován virem Win32:Fareit-BF [Trj], Smazán
Soubor C:\Documents and Settings\win-xp\Local Settings\Temp\7068318894.exe je infikován virem Win32:Fareit-BF [Trj], Smazán
Soubor C:\Documents and Settings\win-xp\Local Settings\Temp\7208977374.exe je infikován virem Win32:Fareit-BF [Trj], Smazán
Soubor C:\Documents and Settings\win-xp\Local Settings\Temp\7235480513.exe je infikován virem Win32:Fareit-BF [Trj], Smazán
Soubor C:\Documents and Settings\win-xp\Local Settings\Temp\7441185420.exe je infikován virem Win32:Fareit-BF [Trj], Smazán
Soubor C:\Documents and Settings\win-xp\Local Settings\Temp\7526952156.exe je infikován virem Win32:Fareit-BF [Trj], Smazán
Soubor C:\Documents and Settings\win-xp\Local Settings\Temp\8055391005.exe je infikován virem Win32:Dropper-gen [Drp], Smazán
Soubor C:\Documents and Settings\win-xp\Local Settings\Temp\8083845426.exe je infikován virem Win32:Kryptik-LCC [Trj], Smazán
Soubor C:\Documents and Settings\win-xp\Local Settings\Temp\8097670524.exe je infikován virem Win32:Fareit-BF [Trj], Smazán
Soubor C:\Documents and Settings\win-xp\Local Settings\Temp\8416193949.exe je infikován virem Win32:Fareit-BF [Trj], Smazán
Soubor C:\Documents and Settings\win-xp\Local Settings\Temp\8552084297.exe je infikován virem Win32:Fareit-BF [Trj], Smazán
Soubor C:\Documents and Settings\win-xp\Local Settings\Temp\8616229691.exe je infikován virem Win32:Fareit-BF [Trj], Smazán
Soubor C:\Documents and Settings\win-xp\Local Settings\Temp\8805680335.exe je infikován virem Win32:Fareit-BF [Trj], Smazán
Soubor C:\Documents and Settings\win-xp\Local Settings\Temp\8917454879.exe je infikován virem Win32:Fareit-BF [Trj], Smazán
Soubor C:\Documents and Settings\win-xp\Local Settings\Temp\9009003797.exe je infikován virem Win32:Fareit-BF [Trj], Smazán
Soubor C:\Documents and Settings\win-xp\Local Settings\Temp\9437788138.exe je infikován virem Win32:Dropper-gen [Drp], Smazán
Soubor C:\Documents and Settings\win-xp\Local Settings\Temp\9451312497.exe je infikován virem Win32:VBInject-L [Trj], Smazán
Soubor C:\Documents and Settings\win-xp\Local Settings\Temp\9534337564.exe je infikován virem Win32:Fareit-BF [Trj], Smazán
Soubor C:\Documents and Settings\win-xp\Local Settings\Temp\9556931872.exe je infikován virem Win32:Fareit-BF [Trj], Smazán
Soubor C:\Documents and Settings\win-xp\Local Settings\Temp\9632208022.exe je infikován virem Win32:Fareit-BF [Trj], Smazán
Soubor C:\Documents and Settings\win-xp\Local Settings\Temp\9682578620.exe je infikován virem Win32:Fareit-BF [Trj], Smazán
Soubor C:\Documents and Settings\win-xp\Local Settings\Temp\9773154924.exe je infikován virem Win32:Dropper-gen [Drp], Smazán
Soubor C:\Documents and Settings\win-xp\Local Settings\Temp\9857273690.exe je infikován virem Win32:Fareit-BF [Trj], Smazán
Soubor C:\Documents and Settings\win-xp\Local Settings\Temp\9874211315.exe je infikován virem Win32:Fareit-BF [Trj], Smazán
Soubor C:\Documents and Settings\win-xp\Local Settings\Temp\9965444921.exe je infikován virem Win32:Dropper-gen [Drp], Smazán
Soubor C:\Documents and Settings\win-xp\Local Settings\Temp\9989092991.exe je infikován virem Win32:Fareit-BF [Trj], Smazán
Soubor C:\Documents and Settings\win-xp\Local Settings\Temp\ftnqcbpop.exe je infikován virem Win32:Malware-gen, Smazán
Soubor C:\Documents and Settings\win-xp\Local Settings\Temp\java.exe je infikován virem Win32:Kryptik-LBK [Trj], Smazán
Soubor C:\Documents and Settings\win-xp\Local Settings\Temp\jusched.exe je infikován virem Win32:Kryptik-LBK [Trj], Smazán
Soubor C:\Documents and Settings\win-xp\Local Settings\Temp\toaster.exe je infikován virem Win32:Kryptik-LBK [Trj], Smazán
Soubor C:\Documents and Settings\win-xp\Local Settings\Temp\wisptis.exe je infikován virem Win32:Kryptik-LBK [Trj], Smazán
Soubor C:\Documents and Settings\win-xp\Local Settings\Temporary Internet Files\Content.IE5\CB9R6URL\__utmj[1].htm je infikován virem HTML:Iframe-inf, Smazán
Soubor C:\Documents and Settings\win-xp\Local Settings\Temporary Internet Files\Content.IE5\CHIVG1QR\lol[1].exe je infikován virem Win32:Fareit-BF [Trj], Smazán
Soubor C:\Documents and Settings\win-xp\Local Settings\Temporary Internet Files\Content.IE5\MVQT2HK5\lol[1].exe je infikován virem Win32:Fareit-BF [Trj], Smazán
Soubor C:\Documents and Settings\win-xp\Local Settings\Temporary Internet Files\Content.IE5\OD2VGTA7\g[1].exe je infikován virem Win32:Fareit-BF [Trj], Smazán
Soubor C:\Documents and Settings\win-xp\Local Settings\Temporary Internet Files\Content.IE5\OJ3R6GD5\lol[1].exe je infikován virem Win32:Fareit-BF [Trj], Smazán
Soubor C:\Documents and Settings\win-xp\Local Settings\Temporary Internet Files\Content.IE5\U9K72NCR\lol[1].exe je infikován virem Win32:Fareit-BF [Trj], Smazán
Soubor C:\Documents and Settings\win-xp\Local Settings\Temporary Internet Files\Content.IE5\YHPURIL0\4[1].exe je infikován virem Win32:Fareit-BF [Trj], Smazán
Soubor C:\Documents and Settings\win-xp\Local Settings\Temporary Internet Files\Content.IE5\YXGNGNWH\fr[1].exe je infikován virem Win32:VBInject-M [Trj], Smazán
Soubor C:\Documents and Settings\win-xp\M-15-0935-5960-5932\winsvc.exe je infikován virem Win32:Fareit-BF [Trj], Smazán
Soubor C:\Documents and Settings\win-xp\M-15-2553-5903-2352\winmgr.exe je infikován virem Win32:Malware-gen, Smazán
Soubor C:\Documents and Settings\win-xp\M-15-4675-3789-4574\winmgr.exe je infikován virem Win32:Fareit-BF [Trj], Smazán
Soubor C:\Documents and Settings\win-xp\wwfeqcpr.exe je infikován virem Win32:Trojan-gen, Smazán
Soubor C:\Program Files\HP\Digital Imaging\bin\alg.exe je infikován virem Win32:Kryptik-LBK [Trj], Smazán
Soubor C:\Program Files\HP\Digital Imaging\bin\launch.exe je infikován virem Win32:Kryptik-LBK [Trj], Smazán
Soubor C:\Program Files\HP\Digital Imaging\bin\mcshield.exe je infikován virem Win32:Kryptik-LBK [Trj], Smazán
Soubor C:\Program Files\HP\Digital Imaging\bin\update.exe je infikován virem Win32:Kryptik-LBK [Trj], Smazán
Soubor C:\Program Files\Java\jre1.6.0_01\bin\extract.exe je infikován virem Win32:Kryptik-LBK [Trj], Smazán
Soubor C:\Program Files\Java\jre6\bin\agent.exe je infikován virem Win32:Kryptik-LBK [Trj], Smazán
Soubor C:\Program Files\Java\jre6\bin\file.exe je infikován virem Win32:Kryptik-LBK [Trj], Smazán
Soubor C:\Program Files\Java\jre6\bin\iexplore.exe je infikován virem Win32:Kryptik-LBK [Trj], Smazán
Soubor C:\Program Files\Java\jre6\bin\upgrade.exe je infikován virem Win32:Kryptik-LBK [Trj], Smazán
Soubor C:\Program Files\Java\jre7\bin\dwm.exe je infikován virem Win32:Kryptik-LBK [Trj], Smazán
Soubor C:\Program Files\Java\jre7\bin\htpatch.exe je infikován virem Win32:Kryptik-LBK [Trj], Smazán
Soubor C:\Program Files\Java\jre7\bin\webscanx.exe je infikován virem Win32:Kryptik-LBK [Trj], Smazán
Soubor C:\Program Files\Samsung\Samsung New PC Studio\convert.exe je infikován virem Win32:Kryptik-LBK [Trj], Smazán
Soubor C:\Program Files\Samsung\Samsung New PC Studio\navapsvc.exe je infikován virem Win32:Kryptik-LBK [Trj], Smazán
Soubor C:\RECYCLER\S-1-5-18\$41a0fa9e07d6e0ed441b8ec7661e0a22\n je infikován virem Win32:Sirefef-PL [Rtk], Smazán
Soubor C:\RECYCLER\S-1-5-18\$41a0fa9e07d6e0ed441b8ec7661e0a22\U\00000004.@ je infikován virem Win32:Malware-gen, Smazán
Soubor C:\RECYCLER\S-1-5-18\$41a0fa9e07d6e0ed441b8ec7661e0a22\U\00000008.@ je infikován virem Win32:Malware-gen, Smazán
Soubor C:\RECYCLER\S-1-5-18\$41a0fa9e07d6e0ed441b8ec7661e0a22\U\000000cb.@ je infikován virem Win32:Malware-gen, Smazán
Soubor C:\RECYCLER\S-1-5-18\$41a0fa9e07d6e0ed441b8ec7661e0a22\U\80000000.@ je infikován virem Win64:Sirefef-A [Trj], Smazán
Soubor C:\RECYCLER\S-1-5-21-1960408961-796845957-839522115-1003\$41a0fa9e07d6e0ed441b8ec7661e0a22\n je infikován virem Win32:Sirefef-PL [Rtk], Smazán
Soubor C:\System Volume Information\_restore{25B55A66-C5FC-41F3-82A9-64351EF718B2}\RP592\A0227874.exe je infikován virem Win32:Atraps-PY [Trj], Smazán
Soubor C:\System Volume Information\_restore{25B55A66-C5FC-41F3-82A9-64351EF718B2}\RP592\A0227875.exe je infikován virem Win32:Malware-gen, Smazán
Soubor C:\System Volume Information\_restore{25B55A66-C5FC-41F3-82A9-64351EF718B2}\RP592\A0227876.exe je infikován virem Win32:Malware-gen, Smazán
Soubor C:\System Volume Information\_restore{25B55A66-C5FC-41F3-82A9-64351EF718B2}\RP594\A0227945.exe je infikován virem Win32:Malware-gen, Smazán
Soubor C:\System Volume Information\_restore{25B55A66-C5FC-41F3-82A9-64351EF718B2}\RP594\A0227946.exe je infikován virem Win32:Malware-gen, Smazán
Soubor C:\System Volume Information\_restore{25B55A66-C5FC-41F3-82A9-64351EF718B2}\RP594\A0227947.exe je infikován virem Win32:Dofoil-BA [Trj], Smazán
Soubor C:\System Volume Information\_restore{25B55A66-C5FC-41F3-82A9-64351EF718B2}\RP594\A0227963.exe je infikován virem Win32:Malware-gen, Smazán
Soubor C:\System Volume Information\_restore{25B55A66-C5FC-41F3-82A9-64351EF718B2}\RP594\A0227964.exe je infikován virem Win32:Malware-gen, Smazán
Soubor C:\System Volume Information\_restore{25B55A66-C5FC-41F3-82A9-64351EF718B2}\RP594\A0227965.exe je infikován virem Win32:Dofoil-BA [Trj], Smazán
Soubor C:\System Volume Information\_restore{25B55A66-C5FC-41F3-82A9-64351EF718B2}\RP604\A0230570.ini je infikován virem Win32:Sirefef-PL [Rtk], Smazán
Soubor C:\System Volume Information\_restore{25B55A66-C5FC-41F3-82A9-64351EF718B2}\RP605\A0231653.ini je infikován virem Win32:Sirefef-PL [Rtk], Smazán
Soubor C:\System Volume Information\_restore{25B55A66-C5FC-41F3-82A9-64351EF718B2}\RP605\A0231686.ini je infikován virem Win32:Sirefef-PL [Rtk], Smazán
Soubor C:\System Volume Information\_restore{25B55A66-C5FC-41F3-82A9-64351EF718B2}\RP605\A0231715.ini je infikován virem Win32:Sirefef-PL [Rtk], Smazán
Soubor C:\System Volume Information\_restore{25B55A66-C5FC-41F3-82A9-64351EF718B2}\RP606\A0231739.ini je infikován virem Win32:Sirefef-PL [Rtk], Smazán
Soubor C:\System Volume Information\_restore{25B55A66-C5FC-41F3-82A9-64351EF718B2}\RP606\A0232739.ini je infikován virem Win32:Sirefef-PL [Rtk], Smazán
Soubor C:\System Volume Information\_restore{25B55A66-C5FC-41F3-82A9-64351EF718B2}\RP606\A0232778.ini je infikován virem Win32:Sirefef-PL [Rtk], Smazán
Soubor C:\System Volume Information\_restore{25B55A66-C5FC-41F3-82A9-64351EF718B2}\RP606\A0232806.ini je infikován virem Win32:Sirefef-PL [Rtk], Smazán
Soubor C:\System Volume Information\_restore{25B55A66-C5FC-41F3-82A9-64351EF718B2}\RP606\A0232823.ini je infikován virem Win32:Sirefef-PL [Rtk], Smazán
Soubor C:\System Volume Information\_restore{25B55A66-C5FC-41F3-82A9-64351EF718B2}\RP606\A0233823.ini je infikován virem Win32:Sirefef-PL [Rtk], Smazán
Soubor C:\System Volume Information\_restore{25B55A66-C5FC-41F3-82A9-64351EF718B2}\RP606\A0234115.ini je infikován virem Win32:Sirefef-PL [Rtk], Smazán
Soubor C:\System Volume Information\_restore{25B55A66-C5FC-41F3-82A9-64351EF718B2}\RP607\A0240745.ini je infikován virem Win32:Sirefef-PL [Rtk], Smazán
Soubor C:\System Volume Information\_restore{25B55A66-C5FC-41F3-82A9-64351EF718B2}\RP607\A0241744.ini je infikován virem Win32:Sirefef-PL [Rtk], Smazán
Soubor C:\System Volume Information\_restore{25B55A66-C5FC-41F3-82A9-64351EF718B2}\RP607\A0241764.ini je infikován virem Win32:Sirefef-PL [Rtk], Smazán
Soubor C:\System Volume Information\_restore{25B55A66-C5FC-41F3-82A9-64351EF718B2}\RP607\A0241786.ini je infikován virem Win32:Sirefef-PL [Rtk], Smazán
Soubor C:\System Volume Information\_restore{25B55A66-C5FC-41F3-82A9-64351EF718B2}\RP607\A0243091.ini je infikován virem Win32:Sirefef-PL [Rtk], Smazán
Soubor C:\System Volume Information\_restore{25B55A66-C5FC-41F3-82A9-64351EF718B2}\RP607\A0249702.ini je infikován virem Win32:Sirefef-PL [Rtk], Smazán
Soubor C:\System Volume Information\_restore{25B55A66-C5FC-41F3-82A9-64351EF718B2}\RP607\A0249713.ini je infikován virem Win32:Sirefef-PL [Rtk], Smazán
Soubor C:\System Volume Information\_restore{25B55A66-C5FC-41F3-82A9-64351EF718B2}\RP607\A0249730.ini je infikován virem Win32:Sirefef-PL [Rtk], Smazán
Soubor C:\System Volume Information\_restore{25B55A66-C5FC-41F3-82A9-64351EF718B2}\RP607\A0249754.ini je infikován virem Win32:Sirefef-PL [Rtk], Smazán
Soubor C:\System Volume Information\_restore{25B55A66-C5FC-41F3-82A9-64351EF718B2}\RP607\A0249772.ini je infikován virem Win32:Sirefef-PL [Rtk], Smazán
Soubor C:\System Volume Information\_restore{25B55A66-C5FC-41F3-82A9-64351EF718B2}\RP607\A0249791.ini je infikován virem Win32:Sirefef-PL [Rtk], Smazán
Soubor C:\System Volume Information\_restore{25B55A66-C5FC-41F3-82A9-64351EF718B2}\RP607\A0249804.ini je infikován virem Win32:Sirefef-PL [Rtk], Smazán
Soubor C:\System Volume Information\_restore{25B55A66-C5FC-41F3-82A9-64351EF718B2}\RP607\A0249836.ini je infikován virem Win32:Sirefef-PL [Rtk], Smazán
Soubor C:\System Volume Information\_restore{25B55A66-C5FC-41F3-82A9-64351EF718B2}\RP607\A0249855.ini je infikován virem Win32:Sirefef-PL [Rtk], Smazán
Soubor C:\System Volume Information\_restore{25B55A66-C5FC-41F3-82A9-64351EF718B2}\RP607\A0249868.ini je infikován virem Win32:Sirefef-PL [Rtk], Smazán
Soubor C:\System Volume Information\_restore{25B55A66-C5FC-41F3-82A9-64351EF718B2}\RP607\A0249886.ini je infikován virem Win32:Sirefef-PL [Rtk], Smazán
Soubor C:\System Volume Information\_restore{25B55A66-C5FC-41F3-82A9-64351EF718B2}\RP607\A0249900.ini je infikován virem Win32:Sirefef-PL [Rtk], Smazán
Soubor C:\System Volume Information\_restore{25B55A66-C5FC-41F3-82A9-64351EF718B2}\RP608\A0250052.ini je infikován virem Win32:Sirefef-PL [Rtk], Smazán
Soubor C:\System Volume Information\_restore{25B55A66-C5FC-41F3-82A9-64351EF718B2}\RP609\A0250066.exe je infikován virem Win32:Malware-gen, Smazán
Soubor C:\System Volume Information\_restore{25B55A66-C5FC-41F3-82A9-64351EF718B2}\RP609\A0250067.exe je infikován virem Win32:IRCBot-FAK [Trj], Smazán
Soubor C:\System Volume Information\_restore{25B55A66-C5FC-41F3-82A9-64351EF718B2}\RP609\A0250068.exe je infikován virem Win32:Fareit-BF [Trj], Smazán
Soubor C:\System Volume Information\_restore{25B55A66-C5FC-41F3-82A9-64351EF718B2}\RP609\A0250069.exe je infikován virem Win32:Atraps-PY [Trj], Smazán
Soubor C:\System Volume Information\_restore{25B55A66-C5FC-41F3-82A9-64351EF718B2}\RP609\A0250070.exe je infikován virem Win32:Dofoil-BA [Trj], Smazán
Soubor C:\System Volume Information\_restore{25B55A66-C5FC-41F3-82A9-64351EF718B2}\RP609\A0250071.exe je infikován virem Win32:Malware-gen, Smazán
Soubor C:\System Volume Information\_restore{25B55A66-C5FC-41F3-82A9-64351EF718B2}\RP609\A0250072.exe je infikován virem Win32:Dofoil-BA [Trj], Smazán
Soubor C:\System Volume Information\_restore{25B55A66-C5FC-41F3-82A9-64351EF718B2}\RP609\A0250073.exe je infikován virem Win32:Malware-gen, Smazán
Soubor C:\System Volume Information\_restore{25B55A66-C5FC-41F3-82A9-64351EF718B2}\RP609\A0250074.exe je infikován virem Win32:Malware-gen, Smazán
Soubor C:\System Volume Information\_restore{25B55A66-C5FC-41F3-82A9-64351EF718B2}\RP609\A0250075.exe je infikován virem Win32:Rootkit-gen [Rtk], Smazán
Soubor C:\System Volume Information\_restore{25B55A66-C5FC-41F3-82A9-64351EF718B2}\RP609\A0250076.exe je infikován virem Win32:Fareit-BF [Trj], Smazán
Soubor C:\System Volume Information\_restore{25B55A66-C5FC-41F3-82A9-64351EF718B2}\RP609\A0250077.exe je infikován virem Win32:Malware-gen, Smazán
Soubor C:\System Volume Information\_restore{25B55A66-C5FC-41F3-82A9-64351EF718B2}\RP609\A0250078.exe je infikován virem Win32:Fareit-BF [Trj], Smazán
Soubor C:\System Volume Information\_restore{25B55A66-C5FC-41F3-82A9-64351EF718B2}\RP609\A0250079.exe je infikován virem Win32:Trojan-gen, Smazán
Soubor C:\System Volume Information\_restore{25B55A66-C5FC-41F3-82A9-64351EF718B2}\RP609\A0250080.exe je infikován virem Win32:Kryptik-LBK [Trj], Smazán
Soubor C:\System Volume Information\_restore{25B55A66-C5FC-41F3-82A9-64351EF718B2}\RP609\A0250081.exe je infikován virem Win32:Kryptik-LBK [Trj], Smazán
Soubor C:\System Volume Information\_restore{25B55A66-C5FC-41F3-82A9-64351EF718B2}\RP609\A0250082.exe je infikován virem Win32:Kryptik-LBK [Trj], Smazán
Soubor C:\System Volume Information\_restore{25B55A66-C5FC-41F3-82A9-64351EF718B2}\RP609\A0250083.exe je infikován virem Win32:Kryptik-LBK [Trj], Smazán
Soubor C:\System Volume Information\_restore{25B55A66-C5FC-41F3-82A9-64351EF718B2}\RP609\A0250084.exe je infikován virem Win32:Kryptik-LBK [Trj], Smazán
Soubor C:\System Volume Information\_restore{25B55A66-C5FC-41F3-82A9-64351EF718B2}\RP609\A0250085.exe je infikován virem Win32:Kryptik-LBK [Trj], Smazán
Soubor C:\System Volume Information\_restore{25B55A66-C5FC-41F3-82A9-64351EF718B2}\RP609\A0250086.exe je infikován virem Win32:Kryptik-LBK [Trj], Smazán
Soubor C:\System Volume Information\_restore{25B55A66-C5FC-41F3-82A9-64351EF718B2}\RP609\A0250087.exe je infikován virem Win32:Kryptik-LBK [Trj], Smazán
Soubor C:\System Volume Information\_restore{25B55A66-C5FC-41F3-82A9-64351EF718B2}\RP609\A0250088.exe je infikován virem Win32:Kryptik-LBK [Trj], Smazán
Soubor C:\System Volume Information\_restore{25B55A66-C5FC-41F3-82A9-64351EF718B2}\RP609\A0250089.exe je infikován virem Win32:Kryptik-LBK [Trj], Smazán
Soubor C:\System Volume Information\_restore{25B55A66-C5FC-41F3-82A9-64351EF718B2}\RP609\A0250090.exe je infikován virem Win32:Kryptik-LBK [Trj], Smazán
Soubor C:\System Volume Information\_restore{25B55A66-C5FC-41F3-82A9-64351EF718B2}\RP609\A0250091.exe je infikován virem Win32:Kryptik-LBK [Trj], Smazán
Soubor C:\System Volume Information\_restore{25B55A66-C5FC-41F3-82A9-64351EF718B2}\RP609\A0250092.exe je infikován virem Win32:Kryptik-LBK [Trj], Smazán
Soubor C:\System Volume Information\_restore{25B55A66-C5FC-41F3-82A9-64351EF718B2}\RP609\A0250093.exe je infikován virem Win32:Kryptik-LBK [Trj], Smazán
Soubor C:\Windows\assembly\GAC\Desktop.ini je infikován virem Win32:Sirefef-PL [Rtk], Smazán
Soubor C:\Windows\msascui.exe je infikován virem Win32:Kryptik-LBK [Trj], Smazán
Soubor C:\Windows\system32\winjjq32.dll je infikován virem Win32:Zlob-CWR [Trj], Smazán
Soubor C:\Windows\system32\winowl32.dll je infikován virem Win32:Zlob-CWR [Trj], Smazán
Soubor C:\Windows\view.exe je infikován virem Win32:Kryptik-LBK [Trj], Smazán
Počet prohledaných složek: 13953
Počet testovaných souborů: 461218
Počet infikovaných souborů: 223

----------------
RSIT
===============================================================

Logfile of random's system information tool 1.06 (written by random/random)
Run by win-xp at 2013-02-09 18:10:18
Systém Microsoft Windows XP Professional Service Pack 2
System drive C: has 47 GB (31%) free of 153 GB
Total RAM: 2046 MB (65% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:11:18, on 9.2.2013
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Documents and Settings\All Users\Data aplikací\Browser Manager\2.6.1123.78\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe
C:\WINDOWS\system32\FsUsbExService.Exe
C:\Documents and Settings\All Users\Data aplikací\Browser Manager\2.6.1123.78\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Documents and Settings\All Users\Data aplikací\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\totalcmd\TOTALCMD.EXE
C:\Documents and Settings\win-xp\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\win-xp\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\win-xp\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\win-xp\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\win-xp\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\win-xp\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\win-xp\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\win-xp\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\win-xp\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\win-xp\Dokumenty\Downloads\RSIT.exe
C:\Program Files\trend micro\win-xp.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://techalpunto.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://dts.search-results.com/sr?src=ie ... earchTerms}
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\msupdt.exe,C:\WINDOWS\system32\msupdt.exe,
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [DATAMNGR] C:\PROGRA~1\SEARCH~1\Datamngr\DATAMN~1.EXE
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LaunchList] D:\Program Files\Pinnacle\Studio 11\LaunchList2.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [cdoosoft] C:\DOCUME~1\win-xp\LOCALS~1\Temp\herss.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\win-xp\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [AutoStartNPSAgent] C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
O4 - HKCU\..\Run: [Microsoft Windows Service] C:\Documents and Settings\win-xp\M-15-0935-5960-5932\winsvc.exe
O4 - HKCU\..\Run: [HotKeysCmds] C:\DOCUME~1\win-xp\LOCALS~1\Temp\4B7.EXE
O4 - HKCU\..\Run: [MSConfig] "C:\Documents and Settings\win-xp\wwfeqcpr.exe"
O4 - HKCU\..\Run: [pdoubrhgfjkxeiqndts] C:\Documents and Settings\win-xp\Data aplikacˇ\pdoubrhgfjkxeiqndts.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Microsoft Windows Manager] C:\Documents and Settings\win-xp\M-15-2553-5903-2352\winmgr.exe
O4 - HKCU\..\Policies\Explorer\Run: [Classes] C:\Documents and Settings\win-xp\Data aplikací\4F5C7D\4F5C7D.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Rychlé spuštění aplikace HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: c:\docume~1\alluse~1\dataap~1\browse~1\261123~1.78\{16cdf~1\browse~1.dll c:\docume~1\alluse~1\dataap~1\wincert\win32c~1.dll
O20 - Winlogon Notify: winopn32 - winopn32.dll (file missing)
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Browser Manager - Unknown owner - C:\Documents and Settings\All Users\Data aplikací\Browser Manager\2.6.1123.78\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe
O23 - Service: FsUsbExService - Teruten - C:\WINDOWS\system32\FsUsbExService.Exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PCLEPCI - Pinnacle Systems GmbH - C:\WINDOWS\system32\drivers\pclepci.sys
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\Documents and Settings\All Users\Data aplikací\Skype\Toolbars\Skype C2C Service\c2c_service.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe

--
End of file - 8814 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\avast! Emergency Update.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1960408961-796845957-839522115-1003Core.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1960408961-796845957-839522115-1003UA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre7\bin\ssv.dll [2012-10-09 449512]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2012-10-09 157672]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
10

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2007-11-07 8523776]
"nwiz"=nwiz.exe /install []
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"RemoteControl"=C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2003-10-31 32768]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2007-05-10 16342528]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2007-11-07 81920]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2004-02-12 49152]
"HP Component Manager"=C:\Program Files\HP\hpcoretech\hpcmpmgr.exe [2004-05-12 241664]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2011-09-07 37296]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-12-03 946352]
"NPSStartup"= []
"DATAMNGR"=C:\PROGRA~1\SEARCH~1\Datamngr\DATAMN~1.EXE [2012-12-10 1683008]
"avast"=C:\Program Files\AVAST Software\Avast\avastUI.exe [2012-10-30 4297136]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2004-08-17 15360]
"LaunchList"=D:\Program Files\Pinnacle\Studio 11\LaunchList2.exe [2007-03-21 145496]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2004-08-17 1667584]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-11-05 68856]
"cdoosoft"=C:\DOCUME~1\win-xp\LOCALS~1\Temp\herss.exe []
"Google Update"=C:\Documents and Settings\win-xp\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe [2011-11-11 136176]
"AutoStartNPSAgent"=C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe [2009-04-02 102400]
"Microsoft Windows Service"=C:\Documents and Settings\win-xp\M-15-0935-5960-5932\winsvc.exe []
"HotKeysCmds"=C:\DOCUME~1\win-xp\LOCALS~1\Temp\4B7.EXE []
"MSConfig"=C:\Documents and Settings\win-xp\wwfeqcpr.exe []
"pdoubrhgfjkxeiqndts"=C:\Documents and Settings\win-xp\Data aplikacˇ\pdoubrhgfjkxeiqndts.exe []
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\DTLite.exe [2013-01-08 3674320]
"Microsoft Windows Manager"=C:\Documents and Settings\win-xp\M-15-2553-5903-2352\winmgr.exe []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"Classes"=C:\Documents and Settings\win-xp\Data aplikací\4F5C7D\4F5C7D.exe []

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
Microsoft Office.lnk - D:\Program Files\Microsoft Office\Office\OSA9.EXE
Rychlé spuštění aplikace HP Image Zone.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="c:\docume~1\alluse~1\dataap~1\browse~1\261123~1.78\{16cdf~1\browse~1.dll c:\docume~1\alluse~1\dataap~1\wincert\win32c~1.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\winopn32]
winopn32.dll []

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Documents and Settings\win-xp\M-15-4675-3789-4574\winmgr.exe"="C:\Documents and Settings\win-xp\M-15-4675-3789-4574\winmgr.exe:*:Enabled:Microsoft Windows Manager"
"C:\Documents and Settings\win-xp\M-15-2553-5903-2352\winmgr.exe"="C:\Documents and Settings\win-xp\M-15-2553-5903-2352\winmgr.exe:*:Enabled:Microsoft Windows Manager"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
shell\AutoRun\command - H:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{041e2a6c-3782-11e1-a0bb-001d7dd494ce}]
shell\AutoRun\command - F:\Menu.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{23315a1c-d675-11dd-9624-806d6172696f}]
shell\AutoRun\command - E:\setup.exe

======List of files/folders created in the last 1 months======

2013-02-09 18:10:18 ----D---- C:\rsit
2013-02-09 18:10:18 ----D---- C:\Program Files\trend micro
2013-02-09 14:27:12 ----A---- C:\WINDOWS\system32\aswBoot.exe
2013-02-09 14:26:58 ----D---- C:\Program Files\AVAST Software
2013-02-09 14:26:58 ----D---- C:\Documents and Settings\All Users\Data aplikací\AVAST Software
2013-02-09 13:52:13 ----A---- C:\WINDOWS\SchedLgU.Txt
2013-02-09 12:33:47 ----D---- C:\lan
2013-02-09 12:09:21 ----D---- C:\Program Files\Defraggler
2013-02-09 12:06:29 ----D---- C:\Program Files\HWiNFO32
2013-02-09 11:36:51 ----A---- C:\WINDOWS\system32\hidserv.dll
2013-02-07 20:33:08 ----D---- C:\WINDOWS\system32\CatRoot_bak
2013-02-07 17:49:44 ----D---- C:\WINDOWS\Performance
2013-02-07 17:49:14 ----D---- C:\Program Files\Microsoft Windows 7 Upgrade Advisor
2013-02-06 19:22:22 ----D---- C:\$WINDOWS.~BT
2013-02-06 18:32:48 ----D---- C:\Documents and Settings\win-xp\Data aplikací\DAEMON Tools Lite
2013-02-06 18:32:44 ----D---- C:\Program Files\DAEMON Tools Lite
2013-02-06 18:31:52 ----D---- C:\Documents and Settings\All Users\Data aplikací\DAEMON Tools Lite
2013-02-05 16:20:17 ----D---- C:\Documents and Settings\win-xp\Data aplikací\searchresultstb
2013-02-04 14:25:39 ----AH---- C:\Documents and Settings\win-xp\Data aplikací\535gege44f.txt
2013-02-02 14:56:39 ----AH---- C:\Documents and Settings\win-xp\Data aplikací\88r8rrjejeue.txt
2013-02-01 18:52:29 ----AH---- C:\Documents and Settings\win-xp\Data aplikací\87g8gg8g8g8g7g.txt
2013-01-26 22:20:43 ----A---- C:\WINDOWS\system32\wpcap.dll
2013-01-26 22:20:43 ----A---- C:\WINDOWS\system32\Packet.dll
2013-01-22 17:22:03 ----D---- C:\Program Files\1C
2013-01-19 17:02:05 ----D---- C:\Program Files\Tetris

======List of files/folders modified in the last 1 months======

2013-02-09 18:10:23 ----D---- C:\WINDOWS\Prefetch
2013-02-09 18:10:18 ----RD---- C:\Program Files
2013-02-09 18:08:48 ----AD---- C:\WINDOWS\Temp
2013-02-09 18:07:22 ----A---- C:\WINDOWS\wincmd.ini
2013-02-09 16:59:42 ----D---- C:\WINDOWS\system32
2013-02-09 16:59:42 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2013-02-09 16:55:48 ----D---- C:\Windows
2013-02-09 14:45:17 ----SHD---- C:\Documents and Settings\win-xp\Data aplikací\4F5C7D
2013-02-09 14:35:27 ----D---- C:\WINDOWS\system32\CatRoot2
2013-02-09 14:27:30 ----D---- C:\WINDOWS\system32\drivers
2013-02-09 14:27:27 ----SD---- C:\WINDOWS\Tasks
2013-02-09 14:27:23 ----SHD---- C:\WINDOWS\Installer
2013-02-09 14:27:23 ----HD---- C:\Config.Msi
2013-02-09 14:27:23 ----D---- C:\WINDOWS\WinSxS
2013-02-09 14:27:22 ----D---- C:\Program Files\Common Files\Microsoft Shared
2013-02-09 14:00:32 ----A---- C:\WINDOWS\NeroDigital.ini
2013-02-09 13:31:27 ----D---- C:\WINDOWS\SoftwareDistribution
2013-02-09 13:31:27 ----D---- C:\WINDOWS\Minidump
2013-02-09 13:31:27 ----D---- C:\WINDOWS\Debug
2013-02-09 13:31:19 ----SHD---- C:\RECYCLER
2013-02-09 12:08:42 ----D---- C:\Program Files\CCleaner
2013-02-09 11:36:57 ----RSHDC---- C:\WINDOWS\system32\dllcache
2013-02-07 21:15:21 ----HD---- C:\WINDOWS\inf
2013-02-07 21:09:18 ----D---- C:\WINDOWS\system32\CatRoot
2013-02-07 19:33:47 ----D---- C:\install
2013-02-07 18:30:08 ----D---- C:\Program Files\Java
2013-02-07 18:30:08 ----D---- C:\Program Files\Internet Explorer
2013-02-07 18:30:08 ----D---- C:\Program Files\HP
2013-02-07 18:30:08 ----D---- C:\Program Files\Hewlett-Packard
2013-02-07 18:30:07 ----D---- C:\Program Files\Google
2013-02-07 18:30:07 ----D---- C:\Program Files\ESET
2013-02-07 18:30:07 ----D---- C:\Program Files\DIFX
2013-02-07 18:30:07 ----D---- C:\Program Files\CyberLink
2013-02-07 18:30:07 ----D---- C:\Program Files\ComPlus Applications
2013-02-07 18:30:07 ----D---- C:\Program Files\Common Files\System
2013-02-07 18:30:07 ----D---- C:\Program Files\Common Files\Symantec Shared
2013-02-07 18:30:07 ----D---- C:\Program Files\Common Files\SpeechEngines
2013-02-07 18:30:07 ----D---- C:\Program Files\Common Files\Skype
2013-02-07 18:30:07 ----D---- C:\Program Files\Common Files\Services
2013-02-07 18:30:07 ----D---- C:\Program Files\Common Files\ODBC
2013-02-07 18:30:07 ----D---- C:\Program Files\Common Files\Nero
2013-02-07 18:30:06 ----D---- C:\Program Files\Realtek
2013-02-07 18:30:06 ----D---- C:\Program Files\Common Files\MSSoap
2013-02-07 18:30:06 ----D---- C:\Program Files\Common Files\Java
2013-02-07 18:30:06 ----D---- C:\Program Files\Common Files\InstallShield
2013-02-07 18:30:06 ----D---- C:\Program Files\Common Files\HP
2013-02-07 18:30:05 ----D---- C:\Program Files\proDAD
2013-02-07 18:30:05 ----D---- C:\Program Files\Pinnacle
2013-02-07 18:30:05 ----D---- C:\Program Files\PC Connectivity Solution
2013-02-07 18:30:05 ----D---- C:\Program Files\Outlook Express
2013-02-07 18:30:05 ----D---- C:\Program Files\Online Services
2013-02-07 18:30:05 ----D---- C:\Program Files\NOS
2013-02-07 18:30:05 ----D---- C:\Program Files\Norton Security Scan
2013-02-07 18:30:05 ----D---- C:\Program Files\NetMeeting
2013-02-07 18:30:05 ----D---- C:\Program Files\MSN Gaming Zone
2013-02-07 18:30:05 ----D---- C:\Program Files\Movie Maker
2013-02-07 18:30:05 ----D---- C:\Program Files\Common Files\Hewlett-Packard
2013-02-07 18:30:05 ----D---- C:\Program Files\Common Files\Designer
2013-02-07 18:30:05 ----D---- C:\Program Files\Common Files\Ahead
2013-02-07 18:30:05 ----D---- C:\Program Files\Common Files\Adobe AIR
2013-02-07 18:30:05 ----D---- C:\Program Files\Common Files\Adobe
2013-02-07 18:30:05 ----D---- C:\Program Files\Common Files
2013-02-07 18:30:05 ----D---- C:\Program Files\CDex_150
2013-02-07 18:30:05 ----D---- C:\Program Files\BIAS
2013-02-07 18:30:05 ----D---- C:\Program Files\Ahead
2013-02-07 18:30:04 ----D---- C:\Program Files\microsoft frontpage
2013-02-07 18:30:04 ----D---- C:\Program Files\Messenger
2013-02-07 18:30:04 ----D---- C:\Program Files\MarkAny
2013-02-07 18:30:04 ----D---- C:\Program Files\Adobe
2013-02-07 18:30:03 ----D---- C:\Program Files\Yahoo!
2013-02-07 18:30:03 ----D---- C:\Program Files\xerox
2013-02-07 18:30:03 ----D---- C:\Program Files\Windows NT
2013-02-07 18:30:03 ----D---- C:\Program Files\Windows Media Player
2013-02-07 18:30:02 ----RD---- C:\Program Files\Skype
2013-02-07 18:30:02 ----D---- C:\Program Files\Video Converter Fox
2013-02-07 18:30:02 ----D---- C:\Program Files\Search Results Toolbar
2013-02-07 18:30:02 ----D---- C:\Program Files\Samsung
2013-02-07 17:58:46 ----RSD---- C:\WINDOWS\assembly
2013-02-07 17:47:33 ----D---- C:\WINDOWS\pchealth
2013-02-06 19:37:03 ----D---- C:\WINDOWS\Microsoft.NET
2013-02-05 16:20:21 ----D---- C:\Documents and Settings\win-xp\Data aplikací\ilividtoolbarguid
2013-02-05 16:06:06 ----SD---- C:\Documents and Settings\All Users\Data aplikací\Microsoft
2013-02-01 19:05:38 ----A---- C:\WINDOWS\win.ini
2013-02-01 18:05:17 ----D---- C:\Documents and Settings\All Users\Data aplikací\Browser Manager
2013-01-27 20:46:24 ----D---- C:\Documents and Settings\win-xp\Data aplikací\Skype
2013-01-26 09:52:34 ----HD---- C:\Program Files\InstallShield Installation Information

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2012-10-30 25256]
R1 AswRdr;aswRdr; C:\WINDOWS\system32\drivers\AswRdr.sys [2012-10-30 35928]
R1 aswSnx;aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [2012-10-30 738504]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2012-10-30 361032]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2012-10-30 54232]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\WINDOWS\system32\DRIVERS\dtsoftbus01.sys [2013-02-07 242240]
R1 HWiNFO32;HWiNFO32/64 Kernel Driver; \??\C:\WINDOWS\system32\drivers\HWiNFO32.SYS []
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-17 14848]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2012-10-30 21256]
R2 aswMon2;aswMon2; C:\WINDOWS\system32\drivers\aswMon2.sys [2012-10-30 97608]
R3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-17 60800]
R3 FsUsbExDisk;FsUsbExDisk; \??\C:\WINDOWS\system32\FsUsbExDisk.SYS []
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-10-25 9600]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-05-10 4419584]
R3 MarvinBus;Pinnacle Marvin Bus; C:\WINDOWS\system32\DRIVERS\MarvinBus.sys [2007-01-04 171520]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-25 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-17 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2007-11-07 7429088]
R3 RTL8023xp;Realtek 10/100/1000 PCI NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys [2006-12-14 85120]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-03 26624]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbohci;Ovladač Miniport otevřeného hostitelského řadiče Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-03 17024]
R3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S2 3259;3259; \??\C:\DOCUME~1\win-xp\LOCALS~1\Temp\3259.sys []
S3 akjz8m0v;akjz8m0v; C:\WINDOWS\system32\drivers\akjz8m0v.sys []
S3 gdrv;gdrv; \??\C:\WINDOWS\gdrv.sys []
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2004-06-21 51088]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2004-06-21 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2004-06-21 21744]
S3 NPF;WinPcap Packet Driver (NPF); C:\WINDOWS\system32\drivers\NPF.sys [2013-01-26 50704]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2007-09-17 21632]
S3 ss_bbus;SAMSUNG USB Mobile Device (WDM); C:\WINDOWS\system32\DRIVERS\ss_bbus.sys [2009-03-20 90112]
S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter); C:\WINDOWS\system32\DRIVERS\ss_bmdfl.sys [2009-03-20 14976]
S3 ss_bmdm;SAMSUNG USB Mobile Modem; C:\WINDOWS\system32\DRIVERS\ss_bmdm.sys [2009-03-20 121856]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2004-08-11 18944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-10-30 44808]
R2 Browser Manager;Browser Manager; C:\Documents and Settings\All Users\Data aplikací\Browser Manager\2.6.1123.78\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe [2013-01-31 2561488]
R2 FsUsbExService;FsUsbExService; C:\WINDOWS\system32\FsUsbExService.Exe [2009-03-31 233472]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre7\bin\jqs.exe [2012-10-09 161768]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2007-11-07 155716]
R2 Skype C2C Service;Skype C2C Service; C:\Documents and Settings\All Users\Data aplikací\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-12-13 3290896]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-08-11 38912]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2012-04-17 116648]
S2 PCLEPCI;PCLEPCI; C:\WINDOWS\system32\drivers\pclepci.sys [2005-02-09 14165]
S2 SkypeUpdate;Skype Updater; C:\Program Files\Skype\Updater\Updater.exe [2012-11-09 160944]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2012-04-17 116648]
S3 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2004-03-18 65536]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2008-04-07 430592]

-----------------EOF-----------------

Domeek · #2 Příspěvek od **Domeek** » 09 úno 2013 19:29

Vše provedeno, zde jsou výsledky.

log_PCHunter.zip: (75.65 KiB) Staženo 41 x

Tady je odkaz na VirusTotal: https://www.virustotal.com/file/9405db7 ... 360434387/

Domeek · #3 Příspěvek od **Domeek** » 09 úno 2013 19:30

Tady je OTL

Domeek · #4 Příspěvek od **Domeek** » 09 úno 2013 21:14

Hunter:

Hunter_Startup_log.zip: (7.54 KiB) Staženo 30 x

a zde je ComboFix:

ComboFix 13-02-07.02 - win-xp 09.02.2013 20:21:13.1.2 - x86 NETWORK
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.2046.1643 [GMT 1:00]
Spuštěný z: C:\Documents and Settings\win-xp\Plocha\zmizik.com.exe
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))

C:\Documents and Settings\win-xp\46357865364647353
C:\Documents and Settings\win-xp\6438640620394286720310355
C:\WINDOWS\pkunzip.pif
C:\WINDOWS\pkzip.pif
C:\WINDOWS\system32\drivers\etc\hosts.ics
C:\WINDOWS\system32\drivers\npf.sys
C:\WINDOWS\system32\Packet.dll
C:\WINDOWS\system32\URTTemp
C:\WINDOWS\system32\URTTemp\fusion.dll
C:\WINDOWS\system32\URTTemp\mscoree.dll
C:\WINDOWS\system32\URTTemp\mscoree.dll.local
C:\WINDOWS\system32\URTTemp\mscorsn.dll
C:\WINDOWS\system32\URTTemp\mscorwks.dll
C:\WINDOWS\system32\URTTemp\msvcr71.dll
C:\WINDOWS\system32\URTTemp\regtlib.exe
C:\WINDOWS\system32\wpcap.dll

((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF
-------\Service_NPF

((((((((((((((((((((((((( Soubory vytvořené od 2013-01-09 do 2013-02-09 )))))))))))))))))))))))))))))))

2013-02-09 18:00:33 . 2013-02-09 18:00:33 512 ----a-w- C:\PhysicalMBR.bin
2013-02-09 17:10:18 . 2013-02-09 17:11:20 -------- d-----w- C:\rsit
2013-02-09 17:10:18 . 2013-02-09 17:11:18 -------- d-----w- C:\Program Files\trend micro
2013-02-09 13:27:30 . 2012-10-30 22:51:58 361032 ----a-w- C:\WINDOWS\system32\drivers\aswSP.sys
2013-02-09 13:27:30 . 2012-10-30 22:51:56 21256 ----a-w- C:\WINDOWS\system32\drivers\aswFsBlk.sys
2013-02-09 13:27:29 . 2012-10-30 22:51:58 54232 ----a-w- C:\WINDOWS\system32\drivers\aswTdi.sys
2013-02-09 13:27:29 . 2012-10-30 22:51:58 35928 ----a-w- C:\WINDOWS\system32\drivers\aswRdr.sys
2013-02-09 13:27:28 . 2012-10-30 22:51:58 738504 ----a-w- C:\WINDOWS\system32\drivers\aswSnx.sys
2013-02-09 13:27:27 . 2012-10-30 22:51:57 97608 ----a-w- C:\WINDOWS\system32\drivers\aswmon2.sys
2013-02-09 13:27:27 . 2012-10-30 22:51:57 89752 ----a-w- C:\WINDOWS\system32\drivers\aswmon.sys
2013-02-09 13:27:27 . 2012-10-30 22:51:56 25256 ----a-w- C:\WINDOWS\system32\drivers\aavmker4.sys
2013-02-09 13:27:12 . 2012-10-30 22:51:07 41224 ----a-w- C:\WINDOWS\avastSS.scr
2013-02-09 13:27:12 . 2012-10-30 22:50:59 227648 ----a-w- C:\WINDOWS\system32\aswBoot.exe
2013-02-09 13:26:58 . 2013-02-09 13:26:58 -------- d-----w- C:\Program Files\AVAST Software
2013-02-09 13:26:58 . 2013-02-09 13:26:58 -------- d-----w- C:\Documents and Settings\All Users\Data aplikací\AVAST Software
2013-02-09 12:30:12 . 2013-02-09 12:30:13 -------- d-----r- C:\Documents and Settings\Administrator\Oblíbené položky
2013-02-09 12:30:12 . 2013-02-09 12:30:12 -------- d-----w- C:\Documents and Settings\Administrator\Plocha
2013-02-09 11:33:47 . 2013-02-09 17:02:24 -------- d-----w- C:\lan
2013-02-09 11:09:21 . 2013-02-09 11:09:23 -------- d-----w- C:\Program Files\Defraggler
2013-02-09 11:06:58 . 2013-02-09 11:06:58 20712 ----a-w- C:\WINDOWS\system32\drivers\HWiNFO32.SYS
2013-02-09 11:06:29 . 2013-02-09 11:06:54 -------- d-----w- C:\Program Files\HWiNFO32
2013-02-09 10:36:51 . 2004-08-17 14:49:08 21504 -c--a-w- C:\WINDOWS\system32\dllcache\hidserv.dll
2013-02-09 10:36:51 . 2004-08-17 14:49:08 21504 ----a-w- C:\WINDOWS\system32\hidserv.dll
2013-02-09 10:36:48 . 2004-08-17 14:45:00 14848 -c--a-w- C:\WINDOWS\system32\dllcache\kbdhid.sys
2013-02-09 10:36:48 . 2004-08-17 14:45:00 14848 ----a-w- C:\WINDOWS\system32\drivers\kbdhid.sys
2013-02-08 17:58:32 . 2013-02-09 15:21:32 -------- d-sh--r- C:\Documents and Settings\win-xp\M-15-2553-5903-2352
2013-02-07 19:33:08 . 2013-02-07 19:33:08 -------- d-----w- C:\WINDOWS\system32\CatRoot_bak
2013-02-07 19:02:17 . 2013-02-07 19:02:17 242240 ----a-w- C:\WINDOWS\system32\drivers\dtsoftbus01.sys
2013-02-07 16:49:44 . 2013-02-07 16:49:44 -------- d-----w- C:\WINDOWS\Performance
2013-02-07 16:49:38 . 2013-02-07 16:49:38 -------- d-----w- C:\Documents and Settings\win-xp\Local Settings\Data aplikací\Microsoft Corporation
2013-02-07 16:49:14 . 2013-02-07 17:30:05 -------- d-----w- C:\Program Files\Microsoft Windows 7 Upgrade Advisor
2013-02-07 16:47:12 . 2013-02-09 15:21:32 -------- d-sh--r- C:\Documents and Settings\win-xp\M-15-4675-3789-4574
2013-02-06 18:22:22 . 2013-02-06 18:22:22 -------- d-----w- C:\$WINDOWS.~BT
2013-02-06 17:32:53 . 2013-02-06 17:32:53 466008 ----a-w- C:\WINDOWS\system32\drivers\sptd.sys
2013-02-06 17:32:48 . 2013-02-07 18:46:56 -------- d-----w- C:\Documents and Settings\win-xp\Data aplikací\DAEMON Tools Lite
2013-02-06 17:32:44 . 2013-02-07 19:02:17 -------- d-----w- C:\Program Files\DAEMON Tools Lite
2013-02-06 17:31:52 . 2013-02-06 17:36:51 -------- d-----w- C:\Documents and Settings\All Users\Data aplikací\DAEMON Tools Lite
2013-02-05 15:20:17 . 2013-02-05 15:20:17 -------- d-----w- C:\Documents and Settings\win-xp\Data aplikací\searchresultstb
2013-02-04 13:25:17 . 2013-02-09 15:21:31 -------- d-sh--r- C:\Documents and Settings\win-xp\M-15-0935-5960-5932
2013-01-31 14:56:25 . 2002-12-02 14:22:44 5632 ----a-w- C:\Program Files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\DotNetInstaller.exe
2013-01-26 21:19:59 . 2013-02-09 13:24:26 0 ---ha-w- C:\Documents and Settings\win-xp\Data aplikací\winsvcns.sys
2013-01-22 16:22:03 . 2013-02-07 17:30:04 -------- d-----w- C:\Program Files\1C
2013-01-19 16:02:05 . 2013-02-07 17:30:02 -------- d-----w- C:\Program Files\Tetris
.

(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))

*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 22:50:38 121528 ----a-w- C:\Program Files\AVAST Software\Avast\ashShell.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchList"="D:\Program Files\Pinnacle\Studio 11\LaunchList2.exe" [2007-03-21 14:41:38 145496]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-11-05 15:24:04 68856]
"AutoStartNPSAgent"="C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe" [2009-04-02 17:05:22 102400]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\DTLite.exe" [2013-01-08 08:41:08 3674320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-11-06 23:00:00 8523776]
"nwiz"="nwiz.exe" [2007-11-06 23:00:00 1626112]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50:42 155648]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 18:42:40 32768]
"RTHDCPL"="RTHDCPL.EXE" [2007-05-10 09:08:00 16342528]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-11-06 23:00:00 81920]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2004-02-12 12:38:56 49152]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 14:18:56 241664]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 22:58:10 37296]
"Adobe ARM"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 07:35:28 946352]
"avast"="C:\Program Files\AVAST Software\Avast\avastUI.exe" [2012-10-30 22:50:59 4297136]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-17 13:49:24 15360]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2008-11-28 241664]
Microsoft Office.lnk - D:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
Rychlé spuštění aplikace HP Image Zone.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2008-11-28 53248]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=

R0 sptd;sptd;\SystemRoot\\SystemRoot\System32\Drivers\sptd.sys --> \SystemRoot\\SystemRoot\System32\Drivers\sptd.sys [?]
R1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys [9.2.2013 14:27:28 738504]
R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys [9.2.2013 14:27:30 361032]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\drivers\dtsoftbus01.sys [7.2.2013 20:02:17 242240]
R1 HWiNFO32;HWiNFO32/64 Kernel Driver;C:\Windows\system32\drivers\HWiNFO32.SYS [9.2.2013 12:06:58 20712]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys [9.2.2013 14:27:30 21256]
R2 Browser Manager;Browser Manager;C:\Documents and Settings\All Users\Data aplikací\Browser Manager\2.6.1123.78\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe [31.1.2013 15:09:57 2561488]
R2 FsUsbExService;FsUsbExService;C:\Windows\system32\FsUsbExService.Exe [18.1.2012 17:45:34 233472]
R2 Skype C2C Service;Skype C2C Service;C:\Documents and Settings\All Users\Data aplikací\Skype\Toolbars\Skype C2C Service\c2c_service.exe [13.12.2012 14:26:20 3290896]
R2 SkypeUpdate;Skype Updater;C:\Program Files\Skype\Updater\Updater.exe [9.11.2012 11:21:24 160944]
S2 3259;3259;\??\C:\DOCUME~1\win-xp\LOCALS~1\Temp\3259.sys --> C:\DOCUME~1\win-xp\LOCALS~1\Temp\3259.sys [?]
S3 ss_bbus;SAMSUNG USB Mobile Device (WDM);C:\Windows\system32\drivers\ss_bbus.sys [18.1.2012 17:45:46 90112]
S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);C:\Windows\system32\drivers\ss_bmdfl.sys [18.1.2012 17:45:46 14976]
S3 ss_bmdm;SAMSUNG USB Mobile Modem;C:\Windows\system32\drivers\ss_bmdm.sys [18.1.2012 17:45:46 121856]
S4 FsUsbExDisk;FsUsbExDisk;C:\Windows\system32\FsUsbExDisk.Sys [18.1.2012 17:45:34 36608]

--- Ostatní služby/ovladače v paměti ---

*NewlyCreated* - WS2IFSL
*NewlyCreated* - WUAUSERV

Obsah adresáře 'Naplánované úlohy'

2013-02-09 C:\WINDOWS\Tasks\avast! Emergency Update.job
- C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2013-02-09 13:27:11 . 2012-10-30 22:50:59]

2013-02-09 C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
- C:\Program Files\Google\Update\GoogleUpdate.exe [2012-04-17 17:48:25 . 2012-04-17 17:48:23]

2013-02-09 C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
- C:\Program Files\Google\Update\GoogleUpdate.exe [2012-04-17 17:48:25 . 2012-04-17 17:48:23]

------- Doplňkový sken -------

uStart Page = hxxp://techalpunto.net/
uSearchAssistant = hxxp://dts.search-results.com/sr?src=ieb&gct=ds&appid=418&systemid=406&apn_dtid=BND406&apn_ptnrs=AG6&o=APN10645&apn_uid=0546318421794871&q={searchTerms}
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
Trusted Zone: mojebanka.cz\*
Trusted Zone: mojebanka.cz\*
TCP: DhcpNameServer = 192.168.100.100

- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

Toolbar-10 - (no file)
HKCU-Run-Microsoft Windows Service - C:\Documents and Settings\win-xp\M-15-0935-5960-5932\winsvc.exe
HKCU-Run-pdoubrhgfjkxeiqndts - C:\Documents and Settings\win-xp\Data aplikacˇ\pdoubrhgfjkxeiqndts.exe
HKCU-Run-Microsoft Windows Manager - C:\Documents and Settings\win-xp\M-15-2553-5903-2352\winmgr.exe
HKLM-Run-NPSStartup - (no file)
Notify-winopn32 - winopn32.dll

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-02-09 21:03:55
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ...

Domeek · #5 Příspěvek od **Domeek** » 09 úno 2013 22:17

Zde je vytvořený log OTL2:

OTL2.zip: (101.44 KiB) Staženo 32 x

Domeek · #6 Příspěvek od **Domeek** » 09 úno 2013 22:24

Ok, a děkuji Vám zatím za pomoc.

Domeek · #7 Příspěvek od **Domeek** » 10 úno 2013 11:04

Tady jsou požadované výsledky. Snad to bude vše korektně vytvořené.

Nejdříve AdwCleaner:

# AdwCleaner v2.111 - Logfile created 02/10/2013 at 10:08:49
# Updated 05/02/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 2 (32 bits)
# User : win-xp - W-XP
# Boot Mode : Normal
# Running from : C:\Documents and Settings\win-xp\Plocha\adwcleaner.exe
# Option [Search]

***** [Services] *****

Found : Browser Manager

***** [Files / Folders] *****

File Found : C:\Documents and Settings\win-xp\Data aplikací\Mozilla\Firefox\Profiles\ihkow7d8.default\bprotector_prefs.js
File Found : C:\Documents and Settings\win-xp\Data aplikací\Mozilla\Firefox\Profiles\ihkow7d8.default\searchplugins\browsemngr.xml
Folder Found : C:\Documents and Settings\All Users\Data aplikací\Babylon
Folder Found : C:\Documents and Settings\All Users\Data aplikací\boost_interprocess
Folder Found : C:\Documents and Settings\All Users\Data aplikací\Browser Manager
Folder Found : C:\Documents and Settings\win-xp\Data aplikací\Babylon
Folder Found : C:\Documents and Settings\win-xp\Data aplikací\ilividtoolbarguid
Folder Found : C:\Documents and Settings\win-xp\Data aplikací\Mozilla\Firefox\Profiles\ihkow7d8.default\ilividtoolbarguid
Folder Found : C:\Documents and Settings\win-xp\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\pgafcinpmmpklohkojmllohdhomoefph
Folder Found : C:\Documents and Settings\win-xp\Local Settings\Data aplikací\Ilivid
Folder Found : C:\Program Files\search results toolbar

***** [Registry] *****

Key Found : HKCU\Software\5a6da8fb16feb15
Key Found : HKCU\Software\APN DTX
Key Found : HKCU\Software\DataMngr
Key Found : HKCU\Software\ilividtoolbarguid
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\5a6da8fb16feb15
Key Found : HKLM\Software\Babylon
Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Found : HKLM\SOFTWARE\Classes\AppID\{D97A8234-F2A2-4AD4-91D5-FECDB2C553AF}
Key Found : HKLM\SOFTWARE\Classes\AppID\BrowserConnection.dll
Key Found : HKLM\SOFTWARE\Classes\Applications\ilividsetup.exe
Key Found : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{9FF9AE6F-4553-41A7-B645-B0E88850EABF}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{CE4DB5A3-58E6-41F1-8761-47238DF4F468}
Key Found : HKLM\SOFTWARE\Classes\iLividIEHelper.DNSGuard
Key Found : HKLM\SOFTWARE\Classes\iLividIEHelper.DNSGuard.1
Key Found : HKLM\SOFTWARE\Classes\Prod.cap
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{75E8DA27-44AF-40AE-927C-F2EEC99D65B1}
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\pgafcinpmmpklohkojmllohdhomoefph
Key Found : HKLM\Software\iLividSRTB
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F34C9277-6577-4DFF-B2D7-7D58092F272F}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ilividtoolbarguid
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ilividtoolbarguid
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Search Results Toolbar
Key Found : HKU\S-1-5-21-1960408961-796845957-839522115-1003\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Value Found : HKCU\Software\Microsoft\Internet Explorer\Main [bprotector start page]
Value Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope]
Value Found : HKCU\Software\Mozilla\Firefox\extensions [{58BD07EB-0EE0-4DF0-8121-DC9B693373DF}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [10]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [DataMngr]

***** [Internet Browsers] *****

-\\ Internet Explorer v6.0.2900.2180

[HKCU\Software\Microsoft\Internet Explorer\Main - bProtector Start Page] = hxxp://search.babylon.com/?affID=114436&tt=031012_ccp_4012_7&babsrc=HP_ss&mntrId=104f5c7d000000000000001d7dd494ce

-\\ Mozilla Firefox v [Unable to get version]

File : C:\Documents and Settings\win-xp\Data aplikací\Mozilla\Firefox\Profiles\ihkow7d8.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v24.0.1312.57

File : C:\Documents and Settings\win-xp\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [4910 octets] - [10/02/2013 10:08:49]

########## EOF - C:\AdwCleaner[R1].txt - [4970 octets] ##########

AdwCleaner2

# AdwCleaner v2.111 - Logfile created 02/10/2013 at 10:09:26
# Updated 05/02/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 2 (32 bits)
# User : win-xp - W-XP
# Boot Mode : Normal
# Running from : C:\Documents and Settings\win-xp\Plocha\adwcleaner.exe
# Option [Delete]

***** [Services] *****

Stopped & Deleted : Browser Manager

***** [Files / Folders] *****

Deleted on reboot : C:\Documents and Settings\win-xp\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\pgafcinpmmpklohkojmllohdhomoefph
Deleted on reboot : C:\Program Files\search results toolbar
File Deleted : C:\Documents and Settings\win-xp\Data aplikací\Mozilla\Firefox\Profiles\ihkow7d8.default\bprotector_prefs.js
File Deleted : C:\Documents and Settings\win-xp\Data aplikací\Mozilla\Firefox\Profiles\ihkow7d8.default\searchplugins\browsemngr.xml
Folder Deleted : C:\Documents and Settings\All Users\Data aplikací\Babylon
Folder Deleted : C:\Documents and Settings\All Users\Data aplikací\boost_interprocess
Folder Deleted : C:\Documents and Settings\All Users\Data aplikací\Browser Manager
Folder Deleted : C:\Documents and Settings\win-xp\Data aplikací\Babylon
Folder Deleted : C:\Documents and Settings\win-xp\Data aplikací\ilividtoolbarguid
Folder Deleted : C:\Documents and Settings\win-xp\Data aplikací\Mozilla\Firefox\Profiles\ihkow7d8.default\ilividtoolbarguid
Folder Deleted : C:\Documents and Settings\win-xp\Local Settings\Data aplikací\Ilivid

***** [Registry] *****

Key Deleted : HKCU\Software\5a6da8fb16feb15
Key Deleted : HKCU\Software\APN DTX
Key Deleted : HKCU\Software\DataMngr
Key Deleted : HKCU\Software\ilividtoolbarguid
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\5a6da8fb16feb15
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D97A8234-F2A2-4AD4-91D5-FECDB2C553AF}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\BrowserConnection.dll
Key Deleted : HKLM\SOFTWARE\Classes\Applications\ilividsetup.exe
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9FF9AE6F-4553-41A7-B645-B0E88850EABF}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CE4DB5A3-58E6-41F1-8761-47238DF4F468}
Key Deleted : HKLM\SOFTWARE\Classes\iLividIEHelper.DNSGuard
Key Deleted : HKLM\SOFTWARE\Classes\iLividIEHelper.DNSGuard.1
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{75E8DA27-44AF-40AE-927C-F2EEC99D65B1}
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\pgafcinpmmpklohkojmllohdhomoefph
Key Deleted : HKLM\Software\iLividSRTB
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F34C9277-6577-4DFF-B2D7-7D58092F272F}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ilividtoolbarguid
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ilividtoolbarguid
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Search Results Toolbar
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Main [bprotector start page]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope]
Value Deleted : HKCU\Software\Mozilla\Firefox\extensions [{58BD07EB-0EE0-4DF0-8121-DC9B693373DF}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [10]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [DataMngr]

***** [Internet Browsers] *****

-\\ Internet Explorer v6.0.2900.2180

[OK] Registry is clean.

-\\ Mozilla Firefox v [Unable to get version]

File : C:\Documents and Settings\win-xp\Data aplikací\Mozilla\Firefox\Profiles\ihkow7d8.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v24.0.1312.57

File : C:\Documents and Settings\win-xp\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [5039 octets] - [10/02/2013 10:08:49]
AdwCleaner[S1].txt - [4762 octets] - [10/02/2013 10:09:26]

########## EOF - C:\AdwCleaner[S1].txt - [4822 octets] ##########

Tady je OTL
========== OTL ==========
Service 3259 stopped successfully!
Service 3259 deleted successfully!
File C:\DOCUME~1\win-xp\LOCALS~1\Temp\3259.sys not found.
Registry value HKEY_USERS\S-1-5-21-1960408961-796845957-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Run\\Microsoft Windows Manager not found.
Registry value HKEY_USERS\S-1-5-21-1960408961-796845957-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Run\\Microsoft Windows Service not found.
Registry value HKEY_USERS\S-1-5-21-1960408961-796845957-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Run\\pdoubrhgfjkxeiqndts not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\winopn32\ deleted successfully.
C:\Documents and Settings\win-xp\Data aplikací\4F5C7D folder moved successfully.
C:\Documents and Settings\win-xp\Data aplikací\winsvcns.sys moved successfully.
========== REGISTRY ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Microsoft Windows Service not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\pdoubrhgfjkxeiqndts not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Microsoft Windows Manager not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Documents and Settings\win-xp\M-15-4675-3789-4574\winmgr.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Documents and Settings\win-xp\M-15-2553-5903-2352\winmgr.exe not found.
========== FILES ==========
File\Folder C:\Documents and Settings\win-xp\M-15-0935-5960-5932\winsvc.exe not found.
File\Folder C:\Documents and Settings\win-xp\Data aplikací\pdoubrhgfjkxeiqndts.exe not found.
File\Folder C:\Documents and Settings\win-xp\M-15-2553-5903-2352\winmgr.exe not found.
========== COMMANDS ==========

OTL by OldTimer - Version 3.2.69.0 log created on 02102013_101712

OTL.zip: (100.06 KiB) Staženo 33 x

a tady je TDssKiller

10:36:52.0984 1540 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
10:36:53.0109 1540 ============================================================
10:36:53.0109 1540 Current date / time: 2013/02/10 10:36:53.0109
10:36:53.0109 1540 SystemInfo:
10:36:53.0109 1540
10:36:53.0109 1540 OS Version: 5.1.2600 ServicePack: 2.0
10:36:53.0109 1540 Product type: Workstation
10:36:53.0109 1540 ComputerName: W-XP
10:36:53.0109 1540 UserName: win-xp
10:36:53.0109 1540 Windows directory: C:\WINDOWS
10:36:53.0109 1540 System windows directory: C:\WINDOWS
10:36:53.0109 1540 Processor architecture: Intel x86
10:36:53.0109 1540 Number of processors: 2
10:36:53.0109 1540 Page size: 0x1000
10:36:53.0109 1540 Boot type: Normal boot
10:36:53.0109 1540 ============================================================
10:36:54.0031 1540 Drive \Device\Harddisk0\DR0 - Size: 0x4A85C4DE00 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
10:36:54.0031 1540 Drive \Device\Harddisk1\DR3 - Size: 0xEEF00000 (3.73 Gb), SectorSize: 0x200, Cylinders: 0x1E7, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
10:36:54.0046 1540 Drive \Device\Harddisk2\DR4 - Size: 0xEEF00000 (3.73 Gb), SectorSize: 0x200, Cylinders: 0x1E7, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
10:36:54.0046 1540 ============================================================
10:36:54.0046 1540 \Device\Harddisk0\DR0:
10:36:54.0046 1540 MBR partitions:
10:36:54.0046 1540 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F00, BlocksNum 0x12A10D00
10:36:54.0046 1540 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x12A14C00, BlocksNum 0x12A18AC1
10:36:54.0046 1540 \Device\Harddisk1\DR3:
10:36:54.0046 1540 MBR partitions:
10:36:54.0046 1540 \Device\Harddisk1\DR3\Partition1: MBR, Type 0xB, StartLBA 0x3F, BlocksNum 0x7777C1
10:36:54.0046 1540 \Device\Harddisk2\DR4:
10:36:54.0046 1540 MBR partitions:
10:36:54.0046 1540 ============================================================
10:36:54.0140 1540 D: <-> \Device\Harddisk0\DR0\Partition2
10:36:54.0171 1540 C: <-> \Device\Harddisk0\DR0\Partition1
10:36:54.0171 1540 ============================================================
10:36:54.0171 1540 Initialize success
10:36:54.0171 1540 ============================================================
10:37:16.0625 3336 ============================================================
10:37:16.0625 3336 Scan started
10:37:16.0625 3336 Mode: Manual; SigCheck; TDLFS;
10:37:16.0625 3336 ============================================================
10:37:16.0859 3336 ================ Scan system memory ========================
10:37:16.0859 3336 System memory - ok
10:37:16.0859 3336 ================ Scan services =============================
10:37:16.0968 3336 [ 149A8F7ADF9742554DC323E290551E3E ] Aavmker4 C:\WINDOWS\system32\drivers\Aavmker4.sys
10:37:17.0062 3336 Aavmker4 - ok
10:37:17.0062 3336 Abiosdsk - ok
10:37:17.0078 3336 abp480n5 - ok
10:37:17.0109 3336 [ 2F0138E3EAFABE968A768E95B59BC9D7 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
10:37:17.0109 3336 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\ACPI.sys. Real md5: 2F0138E3EAFABE968A768E95B59BC9D7, Fake md5: FA2FBCDA96D2385F773B059FE5A125A6
10:37:17.0109 3336 ACPI ( Virus.Win32.Rloader.a ) - infected
10:37:17.0109 3336 ACPI - detected Virus.Win32.Rloader.a (0)
10:37:17.0140 3336 [ AFDFF022A01F0B11C776F0860C3B282F ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
10:37:17.0765 3336 ACPIEC - ok
10:37:17.0781 3336 adpu160m - ok
10:37:17.0812 3336 [ 841F385C6CFAF66B58FBD898722BB4F0 ] aec C:\WINDOWS\system32\drivers\aec.sys
10:37:17.0937 3336 aec - ok
10:37:17.0953 3336 [ 5AC495F4CB807B2B98AD2AD591E6D92E ] AFD C:\WINDOWS\System32\drivers\afd.sys
10:37:18.0078 3336 AFD - ok
10:37:18.0078 3336 Aha154x - ok
10:37:18.0078 3336 aic78u2 - ok
10:37:18.0093 3336 aic78xx - ok
10:37:18.0109 3336 [ 026DDAA7E6F8D49DF82C7A98BAE5D0D1 ] Alerter C:\WINDOWS\system32\alrsvc.dll
10:37:18.0218 3336 Alerter - ok
10:37:18.0250 3336 [ B3F690BF43F93A012A52F28F234FAA1B ] ALG C:\WINDOWS\System32\alg.exe
10:37:18.0312 3336 ALG - ok
10:37:18.0312 3336 AliIde - ok
10:37:18.0312 3336 amsint - ok
10:37:18.0343 3336 [ 421184F91EAE5C6E78E653C6B32AAE84 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
10:37:18.0406 3336 AppMgmt - ok
10:37:18.0406 3336 [ F0D692B0BFFB46E30EB3CEA168BBC49F ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys
10:37:18.0515 3336 Arp1394 - ok
10:37:18.0515 3336 asc - ok
10:37:18.0531 3336 asc3350p - ok
10:37:18.0531 3336 asc3550 - ok
10:37:18.0671 3336 [ D33C507942299753868204CC7642FA27 ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
10:37:18.0687 3336 aspnet_state - ok
10:37:18.0718 3336 [ DE6ED95AEF259979B2830450072A627B ] aswFsBlk C:\WINDOWS\system32\drivers\aswFsBlk.sys
10:37:18.0718 3336 aswFsBlk - ok
10:37:18.0718 3336 [ 84F0BE324EE111338589F448C3E8BAB2 ] aswMon2 C:\WINDOWS\system32\drivers\aswMon2.sys
10:37:18.0734 3336 aswMon2 - ok
10:37:18.0750 3336 [ 7C9F0A2AB17D52261A9252A2EB320884 ] AswRdr C:\WINDOWS\system32\drivers\AswRdr.sys
10:37:18.0765 3336 AswRdr - ok
10:37:18.0781 3336 [ B32E9AD44A1DBB3E8095E80F8DF32B03 ] aswSnx C:\WINDOWS\system32\drivers\aswSnx.sys
10:37:18.0812 3336 aswSnx - ok
10:37:18.0828 3336 [ 67B558895695545FB0568B7541F3BCA7 ] aswSP C:\WINDOWS\system32\drivers\aswSP.sys
10:37:18.0843 3336 aswSP - ok
10:37:18.0875 3336 [ E3E73B2B73A4DFADFDDF557192C4B08A ] aswTdi C:\WINDOWS\system32\drivers\aswTdi.sys
10:37:18.0875 3336 aswTdi - ok
10:37:18.0906 3336 [ 02000ABF34AF4C218C35D257024807D6 ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
10:37:19.0015 3336 AsyncMac - ok
10:37:19.0031 3336 [ CDFE4411A69C224BD1D11B2DA92DAC51 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
10:37:19.0140 3336 atapi - ok
10:37:19.0140 3336 Atdisk - ok
10:37:19.0156 3336 [ EC88DA854AB7D7752EC8BE11A741BB7F ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
10:37:19.0281 3336 Atmarpc - ok
10:37:19.0359 3336 [ 40D78F514C8588EF12EC718D2AF0FC4E ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
10:37:19.0484 3336 AudioSrv - ok
10:37:19.0546 3336 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
10:37:19.0656 3336 audstub - ok
10:37:19.0687 3336 [ 8FA553E9AE69808D99C164733A0F9590 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
10:37:19.0703 3336 avast! Antivirus - ok
10:37:19.0734 3336 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
10:37:19.0875 3336 Beep - ok
10:37:19.0953 3336 [ E774A26610EC92674273486612C11CFC ] BITS C:\WINDOWS\system32\qmgr.dll
10:37:20.0078 3336 BITS - ok
10:37:20.0109 3336 [ F219E27E88107A50544153898DD8178E ] Browser C:\WINDOWS\System32\browser.dll
10:37:20.0234 3336 Browser - ok
10:37:20.0359 3336 catchme - ok
10:37:20.0375 3336 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
10:37:20.0484 3336 cbidf2k - ok
10:37:20.0500 3336 cd20xrnt - ok
10:37:20.0500 3336 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
10:37:20.0625 3336 Cdaudio - ok
10:37:20.0625 3336 [ CD7D5152DF32B47F4E36F710B35AAE02 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
10:37:20.0750 3336 Cdfs - ok
10:37:20.0750 3336 [ AF9C19B3100FE010496B1A27181FBF72 ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
10:37:20.0875 3336 Cdrom - ok
10:37:20.0875 3336 Changer - ok
10:37:20.0890 3336 [ 9E21229E04E1D301BB40222FE4641CB2 ] CiSvc C:\WINDOWS\system32\cisvc.exe
10:37:21.0015 3336 CiSvc - ok
10:37:21.0031 3336 [ D3DC45553C8025338E08A60E95B1B91D ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
10:37:21.0140 3336 ClipSrv - ok
10:37:21.0156 3336 [ 3C4D595E7F9B747325AEF28B4ADCAAE5 ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
10:37:21.0156 3336 clr_optimization_v2.0.50727_32 - ok
10:37:21.0171 3336 CmdIde - ok
10:37:21.0171 3336 COMSysApp - ok
10:37:21.0171 3336 Cpqarray - ok
10:37:21.0203 3336 [ 70D2A1756F4B2067658A186C963FCABD ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
10:37:21.0312 3336 CryptSvc - ok
10:37:21.0312 3336 dac2w2k - ok
10:37:21.0328 3336 dac960nt - ok
10:37:21.0343 3336 [ C72C15EE57E248C66E57C76CAB086CF2 ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
10:37:21.0468 3336 DcomLaunch - ok
10:37:21.0500 3336 [ 562830EFB7CF367FB773FEA5256E67C8 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
10:37:21.0609 3336 Dhcp - ok
10:37:21.0609 3336 [ 00CA44E4534865F8A3B64F7C0984BFF0 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
10:37:21.0718 3336 Disk - ok
10:37:21.0734 3336 dmadmin - ok
10:37:21.0765 3336 [ E1968EDEC81C430108FEB23AB07BDB14 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
10:37:21.0906 3336 dmboot - ok
10:37:21.0906 3336 [ 1B1520A82E396E46B9AE9FA6B03FF6C6 ] dmio C:\WINDOWS\system32\DRIVERS\dmio.sys
10:37:22.0046 3336 dmio - ok
10:37:22.0062 3336 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
10:37:22.0171 3336 dmload - ok
10:37:22.0218 3336 [ 7B3CA72885923EB947221F17F3E3AC59 ] dmserver C:\WINDOWS\System32\dmserver.dll
10:37:22.0343 3336 dmserver - ok
10:37:22.0375 3336 [ A6F881284AC1150E37D9AE47FF601267 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
10:37:22.0484 3336 DMusic - ok
10:37:22.0562 3336 [ F605B3F5674D67587C4B6C9E92A3E025 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
10:37:22.0671 3336 Dnscache - ok
10:37:22.0687 3336 dpti2o - ok
10:37:22.0734 3336 [ 1ED4DBBAE9F5D558DBBA4CC450E3EB2E ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
10:37:22.0843 3336 drmkaud - ok
10:37:22.0937 3336 [ 687AF6BB383885FF6A64071B189A7F3E ] dtsoftbus01 C:\WINDOWS\system32\DRIVERS\dtsoftbus01.sys
10:37:22.0937 3336 dtsoftbus01 - ok
10:37:22.0968 3336 [ D6F7428B201E33BC80066B47144CB568 ] ERSvc C:\WINDOWS\System32\ersvc.dll
10:37:23.0093 3336 ERSvc - ok
10:37:23.0109 3336 [ 6E401E61F952FBBF708AFBECEFAFAE81 ] Eventlog C:\WINDOWS\system32\services.exe
10:37:23.0218 3336 Eventlog - ok
10:37:23.0250 3336 [ 972378B907070F64932A87C90A035487 ] EventSystem C:\WINDOWS\system32\es.dll
10:37:23.0375 3336 EventSystem - ok
10:37:23.0390 3336 [ 3117F595E9615E04F05A54FC15A03B20 ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
10:37:23.0500 3336 Fastfat - ok
10:37:23.0531 3336 [ 8BA76BD2A943F642F267A296A15776D2 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
10:37:23.0656 3336 FastUserSwitchingCompatibility - ok
10:37:23.0718 3336 [ CED2E8396A8838E59D8FD529C680E02C ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys
10:37:23.0828 3336 Fdc - ok
10:37:23.0843 3336 [ 266DAB58619B17BDF37FABBD48D875CA ] Fips C:\WINDOWS\system32\drivers\Fips.sys
10:37:23.0953 3336 Fips - ok
10:37:23.0953 3336 [ 0DD1DE43115B93F4D85E889D7A86F548 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
10:37:24.0078 3336 Flpydisk - ok
10:37:24.0171 3336 [ 157754F0DF355A9E0A6F54721914F9C6 ] FltMgr C:\WINDOWS\system32\DRIVERS\fltMgr.sys
10:37:24.0281 3336 FltMgr - ok
10:37:24.0359 3336 [ 790A4CA68F44BE35967B3DF61F3E4675 ] FsUsbExDisk C:\WINDOWS\system32\FsUsbExDisk.SYS
10:37:24.0375 3336 FsUsbExDisk ( UnsignedFile.Multi.Generic ) - warning
10:37:24.0375 3336 FsUsbExDisk - detected UnsignedFile.Multi.Generic (1)
10:37:24.0390 3336 [ D3F9205CC4CB07553F2F9472C767EA87 ] FsUsbExService C:\WINDOWS\system32\FsUsbExService.Exe
10:37:24.0406 3336 FsUsbExService ( UnsignedFile.Multi.Generic ) - warning
10:37:24.0406 3336 FsUsbExService - detected UnsignedFile.Multi.Generic (1)
10:37:24.0406 3336 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
10:37:24.0515 3336 Fs_Rec - ok
10:37:24.0515 3336 [ 4E664D8541DB4A66B73A24257E322E1F ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
10:37:24.0640 3336 Ftdisk - ok
10:37:24.0671 3336 [ 54789F9BA0D59072CDD4E7C200E122C4 ] gdrv C:\WINDOWS\gdrv.sys
10:37:24.0671 3336 gdrv - ok
10:37:24.0687 3336 [ C0F1D4A21DE5A415DF8170616703DEBF ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
10:37:24.0812 3336 Gpc - ok
10:37:24.0906 3336 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
10:37:24.0906 3336 gupdate - ok
10:37:24.0921 3336 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
10:37:24.0921 3336 gupdatem - ok
10:37:24.0968 3336 [ 3FCC124B6E08EE0E9351F717DD136939 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
10:37:24.0984 3336 HDAudBus - ok
10:37:25.0015 3336 [ F59152272782FED8A8197FA788287F68 ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
10:37:25.0125 3336 helpsvc - ok
10:37:25.0187 3336 [ D2DCF769E5A70027058AD5BE1F9B55BF ] HidServ C:\WINDOWS\System32\hidserv.dll
10:37:25.0296 3336 HidServ - ok
10:37:25.0359 3336 [ 1DE6783B918F540149AA69943BDFEBA8 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
10:37:25.0468 3336 HidUsb - ok
10:37:25.0468 3336 hpn - ok
10:37:25.0500 3336 [ 5FABA4775D4C61E55EC669D643FFC71F ] HPZid412 C:\WINDOWS\system32\DRIVERS\HPZid412.sys
10:37:25.0531 3336 HPZid412 - ok
10:37:25.0546 3336 [ A3C43980EE1F1BEAC778B44EA65DBDD4 ] HPZipr12 C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
10:37:25.0562 3336 HPZipr12 - ok
10:37:25.0578 3336 [ 2906949BD4E206F2BB0DD1896CE9F66F ] HPZius12 C:\WINDOWS\system32\DRIVERS\HPZius12.sys
10:37:25.0593 3336 HPZius12 - ok
10:37:25.0625 3336 [ C19B522A9AE0BBC3293397F3055E80A1 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
10:37:25.0734 3336 HTTP - ok
10:37:25.0796 3336 [ DA826826C5C9116F47E0CD0CA8CC7C11 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
10:37:25.0921 3336 HTTPFilter - ok
10:37:25.0984 3336 [ B08FF9D5510967D1FAD4A5DB954D3F41 ] HWiNFO32 C:\WINDOWS\system32\drivers\HWiNFO32.SYS
10:37:25.0984 3336 HWiNFO32 - ok
10:37:26.0000 3336 i2omgmt - ok
10:37:26.0000 3336 i2omp - ok
10:37:26.0015 3336 [ 0F42DE9909B5DBF2C48DD1A79D491AF5 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
10:37:26.0125 3336 i8042prt - ok
10:37:26.0140 3336 [ F8AA320C6A0409C0380E5D8A99D76EC6 ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
10:37:26.0250 3336 Imapi - ok
10:37:26.0265 3336 [ CF9D286B34CB4912F3B28B4972D5CB33 ] ImapiService C:\WINDOWS\system32\imapi.exe
10:37:26.0375 3336 ImapiService - ok
10:37:26.0390 3336 ini910u - ok
10:37:26.0500 3336 [ A799E941C3D19BCF6F93CBE12B55BC17 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
10:37:26.0640 3336 IntcAzAudAddService - ok
10:37:26.0640 3336 IntelIde - ok
10:37:26.0671 3336 [ 4448006B6BC60E6C027932CFC38D6855 ] Ip6Fw C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
10:37:26.0765 3336 Ip6Fw - ok
10:37:26.0781 3336 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
10:37:26.0890 3336 IpFilterDriver - ok
10:37:26.0906 3336 [ E1EC7F5DA720B640CD8FB8424F1B14BB ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
10:37:27.0031 3336 IpInIp - ok
10:37:27.0062 3336 [ B5A8E215AC29D24D60B4D1250EF05ACE ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
10:37:27.0156 3336 IpNat - ok
10:37:27.0234 3336 [ 64537AA5C003A6AFEEE1DF819062D0D1 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
10:37:27.0328 3336 IPSec - ok
10:37:27.0437 3336 [ 50708DAA1B1CBB7D6AC1CF8F56A24410 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
10:37:27.0484 3336 IRENUM - ok
10:37:27.0515 3336 [ 1091528512E4DD7ED5FDDCC4DF1C53D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
10:37:27.0640 3336 isapnp - ok
10:37:27.0703 3336 [ A12175F063302CD68F8FC6D572D7E5FD ] JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe
10:37:27.0703 3336 JavaQuickStarterService - ok
10:37:27.0718 3336 [ 6F877BF8DC01A550CD666F3BEDB2213C ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
10:37:27.0828 3336 Kbdclass - ok
10:37:27.0843 3336 [ 065B5A83AA78C0C7047BF22E0AB5C821 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
10:37:27.0968 3336 kbdhid - ok
10:37:28.0000 3336 [ D93CAD07C5683DB066B0B2D2D3790EAD ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
10:37:28.0125 3336 kmixer - ok
10:37:28.0125 3336 [ EB7FFE87FD367EA8FCA0506F74A87FBB ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
10:37:28.0218 3336 KSecDD - ok
10:37:28.0296 3336 [ 6D6BDD68B775986577C48A8DF961A05C ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
10:37:28.0406 3336 lanmanserver - ok
10:37:28.0484 3336 [ 69B0569AAE33F0D5057CA0E8577AAF07 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
10:37:28.0593 3336 lanmanworkstation - ok
10:37:28.0593 3336 lbrtfdc - ok
10:37:28.0609 3336 [ F9EE6D2AAB0690B34AE35BA9921A1414 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
10:37:28.0703 3336 LmHosts - ok
10:37:28.0750 3336 [ A3E700D78EEC390F1208098CDCA5C6B6 ] MarvinBus C:\WINDOWS\system32\DRIVERS\MarvinBus.sys
10:37:28.0765 3336 MarvinBus ( UnsignedFile.Multi.Generic ) - warning
10:37:28.0765 3336 MarvinBus - detected UnsignedFile.Multi.Generic (1)
10:37:28.0781 3336 [ 8B2FCBD881879B55BE40B41F12FFC431 ] Messenger C:\WINDOWS\System32\msgsvc.dll
10:37:28.0890 3336 Messenger - ok
10:37:28.0984 3336 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
10:37:29.0093 3336 mnmdd - ok
10:37:29.0187 3336 [ 7D137132D6A9B41EF800E59A771ED48C ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
10:37:29.0296 3336 mnmsrvc - ok
10:37:29.0312 3336 [ 60210DEB037846AFE521EBF349964F6B ] Modem C:\WINDOWS\system32\drivers\Modem.sys
10:37:29.0406 3336 Modem - ok
10:37:29.0453 3336 [ B160EC94114715675509115986400FD9 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
10:37:29.0562 3336 Mouclass - ok
10:37:29.0625 3336 [ BB269EBA740737AB749B214D568B6812 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
10:37:29.0734 3336 mouhid - ok
10:37:29.0750 3336 [ 65653F3B4477F3C63E68A9659F85EE2E ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
10:37:29.0875 3336 MountMgr - ok
10:37:29.0875 3336 mraid35x - ok
10:37:29.0906 3336 [ 46EDCC8F2DB2F322C24F48785CB46366 ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
10:37:30.0015 3336 MRxDAV - ok
10:37:30.0062 3336 [ 1FD607FC67F7F7C633C3DA65BFC53D18 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
10:37:30.0171 3336 MRxSmb - ok
10:37:30.0187 3336 [ 944A24032AED84C59455B981F6CA1C1A ] MSDTC C:\WINDOWS\system32\msdtc.exe
10:37:30.0281 3336 MSDTC - ok
10:37:30.0296 3336 [ 561B3A4333CA2DBDBA28B5B956822519 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
10:37:30.0406 3336 Msfs - ok
10:37:30.0406 3336 MSIServer - ok
10:37:30.0484 3336 [ AE431A8DD3C1D0D0610CDBAC16057AD0 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
10:37:30.0578 3336 MSKSSRV - ok
10:37:30.0593 3336 [ 13E75FEF9DFEB08EEDED9D0246E1F448 ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
10:37:30.0703 3336 MSPCLOCK - ok
10:37:30.0718 3336 [ 1988A33FF19242576C3D0EF9CE785DA7 ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
10:37:30.0828 3336 MSPQM - ok
10:37:30.0843 3336 [ 469541F8BFD2B32659D5D463A6714BCE ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
10:37:30.0968 3336 mssmbios - ok
10:37:30.0968 3336 [ 82035E0F41C2DD05AE41D27FE6CF7DE1 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
10:37:31.0062 3336 Mup - ok
10:37:31.0078 3336 [ 558635D3AF1C7546D26067D5D9B6959E ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
10:37:31.0187 3336 NDIS - ok
10:37:31.0234 3336 [ 08D43BBDACDF23F34D79E44ED35C1B4C ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
10:37:31.0343 3336 NdisTapi - ok
10:37:31.0343 3336 [ 34D6CD56409DA9A7ED573E1C90A308BF ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
10:37:31.0437 3336 Ndisuio - ok
10:37:31.0453 3336 [ 0B90E255A9490166AB368CD55A529893 ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
10:37:31.0562 3336 NdisWan - ok
10:37:31.0578 3336 [ 59FC3FB44D2669BC144FD87826BB571F ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
10:37:31.0687 3336 NDProxy - ok
10:37:31.0687 3336 [ 3A2ACA8FC1D7786902CA434998D7CEB4 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
10:37:31.0796 3336 NetBIOS - ok
10:37:31.0859 3336 [ 0C80E410CD2F47134407EE7DD19CC86B ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
10:37:31.0953 3336 NetBT - ok
10:37:31.0984 3336 [ 818053225BF4AAC5F0F718001E492F70 ] NetDDE C:\WINDOWS\system32\netdde.exe
10:37:32.0078 3336 NetDDE - ok
10:37:32.0093 3336 [ 818053225BF4AAC5F0F718001E492F70 ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
10:37:32.0187 3336 NetDDEdsdm - ok
10:37:32.0218 3336 [ 82A362FE1D4980B71B588D9C10748511 ] Netlogon C:\WINDOWS\system32\lsass.exe
10:37:32.0312 3336 Netlogon - ok
10:37:32.0328 3336 [ AF342D2781225A8769686E0D47E3123E ] Netman C:\WINDOWS\System32\netman.dll
10:37:32.0437 3336 Netman - ok
10:37:32.0468 3336 [ 5C5C53DB4FEF16CF87B9911C7E8C6FBC ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys
10:37:32.0562 3336 NIC1394 - ok
10:37:32.0578 3336 [ 64C078BD4EFD441C3F159EDC5EA4420A ] Nla C:\WINDOWS\System32\mswsock.dll
10:37:32.0687 3336 Nla - ok
10:37:32.0687 3336 [ 4F601BCB8F64EA3AC0994F98FED03F8E ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
10:37:32.0781 3336 Npfs - ok
10:37:32.0812 3336 [ B78BE402C3F63DD55521F73876951CDD ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
10:37:32.0937 3336 Ntfs - ok
10:37:32.0937 3336 [ 82A362FE1D4980B71B588D9C10748511 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
10:37:33.0046 3336 NtLmSsp - ok
10:37:33.0062 3336 [ D8D2B13BA93AE830B1A637DF571D1195 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
10:37:33.0171 3336 NtmsSvc - ok
10:37:33.0171 3336 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
10:37:33.0281 3336 Null - ok
10:37:33.0515 3336 [ 3712D332633B853101AB786380C969EC ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
10:37:33.0687 3336 nv - ok
10:37:33.0703 3336 [ 357CDE6C24EB15888E810C6D2787C238 ] NVSvc C:\WINDOWS\system32\nvsvc32.exe
10:37:33.0734 3336 NVSvc - ok
10:37:33.0750 3336 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
10:37:33.0875 3336 NwlnkFlt - ok
10:37:33.0890 3336 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
10:37:34.0015 3336 NwlnkFwd - ok
10:37:34.0031 3336 [ 0951DB8E5823EA366B0E408D71E1BA2A ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys
10:37:34.0156 3336 ohci1394 - ok
10:37:34.0218 3336 [ 76A18CAA2FEFB28A4CED38D76837E86E ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
10:37:34.0328 3336 Parport - ok
10:37:34.0328 3336 [ 3334430C29DC338092F79C38EF7B4CD0 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
10:37:34.0437 3336 PartMgr - ok
10:37:34.0468 3336 [ 1FAE19D0457176318BBA4A8795656EBC ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
10:37:34.0578 3336 ParVdm - ok
10:37:34.0671 3336 [ 175CC28DCF819F78CAA3FBD44AD9E52A ] pccsmcfd C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys
10:37:34.0703 3336 pccsmcfd - ok
10:37:34.0703 3336 [ B7979F37BB7B9DF2230046134955E6E7 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
10:37:34.0812 3336 PCI - ok
10:37:34.0812 3336 PCIDump - ok
10:37:34.0828 3336 [ 2DA4EC85E0EA7A45C6B2A05820492D5A ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
10:37:34.0921 3336 PCIIde - ok
10:37:34.0984 3336 [ 1BEBE7DE8508A02650CDCE45C664C2A2 ] PCLEPCI C:\WINDOWS\system32\drivers\pclepci.sys
10:37:34.0984 3336 PCLEPCI ( UnsignedFile.Multi.Generic ) - warning
10:37:34.0984 3336 PCLEPCI - detected UnsignedFile.Multi.Generic (1)
10:37:35.0031 3336 [ 90505755634407D4EF4C6DEA60FC1DF9 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
10:37:35.0140 3336 Pcmcia - ok
10:37:35.0140 3336 PDCOMP - ok
10:37:35.0140 3336 PDFRAME - ok
10:37:35.0140 3336 PDRELI - ok
10:37:35.0156 3336 PDRFRAME - ok
10:37:35.0156 3336 perc2 - ok
10:37:35.0156 3336 perc2hib - ok
10:37:35.0218 3336 [ 6E401E61F952FBBF708AFBECEFAFAE81 ] PlugPlay C:\WINDOWS\system32\services.exe
10:37:35.0328 3336 PlugPlay - ok
10:37:35.0359 3336 [ 901C43516504CBE582E4C4193E00876A ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.exe
10:37:35.0359 3336 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
10:37:35.0359 3336 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
10:37:35.0375 3336 [ 82A362FE1D4980B71B588D9C10748511 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
10:37:35.0468 3336 PolicyAgent - ok
10:37:35.0484 3336 [ 1C5CC65AAC0783C344F16353E60B72AC ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
10:37:35.0593 3336 PptpMiniport - ok
10:37:35.0671 3336 [ 9A10E4FD13824823DA50D4758BD0A645 ] Processor C:\WINDOWS\system32\DRIVERS\processr.sys
10:37:35.0765 3336 Processor - ok
10:37:35.0781 3336 [ 82A362FE1D4980B71B588D9C10748511 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
10:37:35.0875 3336 ProtectedStorage - ok
10:37:35.0875 3336 [ 48671F327553DCF1D27F6197F622A668 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
10:37:35.0984 3336 PSched - ok
10:37:35.0984 3336 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
10:37:36.0078 3336 Ptilink - ok
10:37:36.0093 3336 ql1080 - ok
10:37:36.0093 3336 Ql10wnt - ok
10:37:36.0093 3336 ql12160 - ok
10:37:36.0093 3336 ql1240 - ok
10:37:36.0109 3336 ql1280 - ok
10:37:36.0156 3336 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
10:37:36.0265 3336 RasAcd - ok
10:37:36.0281 3336 [ E68B6F9A726A444059705AB43B5656D1 ] RasAuto C:\WINDOWS\System32\rasauto.dll
10:37:36.0375 3336 RasAuto - ok
10:37:36.0390 3336 [ 98FAEB4A4DCF812BA1C6FCA4AA3E115C ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
10:37:36.0468 3336 Rasl2tp - ok
10:37:36.0500 3336 [ 6E519D777C91E90592403C9F981FDF03 ] RasMan C:\WINDOWS\System32\rasmans.dll
10:37:36.0609 3336 RasMan - ok
10:37:36.0609 3336 [ 7306EEED8895454CBED4669BE9F79FAA ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
10:37:36.0718 3336 RasPppoe - ok
10:37:36.0718 3336 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
10:37:36.0828 3336 Raspti - ok
10:37:36.0843 3336 [ 29D66245ADBA878FFF574CD66ABD2884 ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
10:37:36.0953 3336 Rdbss - ok
10:37:36.0953 3336 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
10:37:37.0046 3336 RDPCDD - ok
10:37:37.0062 3336 [ A2CAE2C60BC37E0751EF9DDA7CEAF4AD ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
10:37:37.0156 3336 rdpdr - ok
10:37:37.0187 3336 [ D4F5643D7714EF499AE9527FDCD50894 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
10:37:37.0296 3336 RDPWD - ok
10:37:37.0296 3336 [ 125ACF258DA9633F748131A0E0185AF3 ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
10:37:37.0406 3336 RDSessMgr - ok
10:37:37.0421 3336 [ ABA13D33E1F888C9A68599A48A8840D6 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
10:37:37.0515 3336 redbook - ok
10:37:37.0546 3336 [ EB5E1A601E5A1908A87E4D5A41803D98 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
10:37:37.0640 3336 RemoteAccess - ok
10:37:37.0718 3336 [ 5B21208FCF8970BB61FE98E19D828714 ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
10:37:37.0812 3336 RemoteRegistry - ok
10:37:37.0843 3336 [ C8A3B668985D61249F2DC71716C58DE8 ] RpcLocator C:\WINDOWS\system32\locator.exe
10:37:37.0953 3336 RpcLocator - ok
10:37:37.0968 3336 [ C72C15EE57E248C66E57C76CAB086CF2 ] RpcSs C:\WINDOWS\System32\rpcss.dll
10:37:38.0062 3336 RpcSs - ok
10:37:38.0078 3336 [ 09AB2E71E58B078038E3BFDBA7FFC984 ] RSVP C:\WINDOWS\system32\rsvp.exe
10:37:38.0187 3336 RSVP - ok
10:37:38.0234 3336 [ 1E11171C0B9989E1BDAA59E96B2E81C4 ] RTL8023xp C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys
10:37:38.0281 3336 RTL8023xp - ok
10:37:38.0296 3336 [ 82A362FE1D4980B71B588D9C10748511 ] SamSs C:\WINDOWS\system32\lsass.exe
10:37:38.0390 3336 SamSs - ok
10:37:38.0421 3336 [ C177354E995CC1AA1F767BCD9980434A ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
10:37:38.0515 3336 SCardSvr - ok
10:37:38.0546 3336 [ 29AC93307C6182DBE336BCA314947F28 ] Schedule C:\WINDOWS\system32\schedsvc.dll
10:37:38.0656 3336 Schedule - ok
10:37:38.0656 3336 [ D26E26EA516450AF9D072635C60387F4 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
10:37:38.0734 3336 Secdrv - ok
10:37:38.0765 3336 [ C76CB8A133374FAC6805F83FF7B7DA03 ] seclogon C:\WINDOWS\System32\seclogon.dll
10:37:38.0875 3336 seclogon - ok
10:37:38.0875 3336 [ 220AD85BA9C5B3011296354011B901CC ] SENS C:\WINDOWS\system32\sens.dll
10:37:39.0000 3336 SENS - ok
10:37:39.0015 3336 [ A2D868AEEFF612E70E213C451A70CAFB ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
10:37:39.0125 3336 serenum - ok
10:37:39.0125 3336 [ C1DDBC85251551A840212999DA3D95F3 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
10:37:39.0234 3336 Serial - ok
10:37:39.0328 3336 [ 9D38320BB32230349379DF5DDBBF7FCE ] ServiceLayer C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
10:37:39.0375 3336 ServiceLayer ( UnsignedFile.Multi.Generic ) - warning
10:37:39.0375 3336 ServiceLayer - detected UnsignedFile.Multi.Generic (1)
10:37:39.0390 3336 [ 0D13B6DF6E9E101013A7AFB0CE629FE0 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
10:37:39.0484 3336 Sfloppy - ok
10:37:39.0546 3336 [ 6A93501BCDEBF159109429B022C0FF83 ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
10:37:39.0656 3336 SharedAccess - ok
10:37:39.0734 3336 [ 8BA76BD2A943F642F267A296A15776D2 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
10:37:39.0828 3336 ShellHWDetection - ok
10:37:39.0828 3336 Simbad - ok
10:37:40.0046 3336 [ 183F04C6742902F33039913A96F5B574 ] Skype C2C Service C:\Documents and Settings\All Users\Data aplikací\Skype\Toolbars\Skype C2C Service\c2c_service.exe
10:37:40.0171 3336 Skype C2C Service - ok
10:37:40.0218 3336 [ A4FAB5F7818A69DA6E740943CB8F7CA9 ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
10:37:40.0234 3336 SkypeUpdate - ok
10:37:40.0234 3336 Sparrow - ok
10:37:40.0250 3336 [ 8E186B8F23295D1E42C573B82B80D548 ] splitter C:\WINDOWS\system32\drivers\splitter.sys
10:37:40.0343 3336 splitter - ok
10:37:40.0375 3336 [ 21B6FAA88044A41640E03EBB68BE93E8 ] Spooler C:\WINDOWS\system32\spoolsv.exe
10:37:40.0468 3336 Spooler - ok
10:37:40.0562 3336 [ 68103A2B441BBF3908EBB587F0704D6C ] sptd C:\WINDOWS\System32\Drivers\sptd.sys
10:37:40.0593 3336 sptd - ok
10:37:40.0609 3336 [ A74035EA526DB97D9D50D2143A55F5CF ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
10:37:40.0687 3336 sr - ok
10:37:40.0703 3336 [ 3CD57F31A64D32FDB28918B16D1E6AAC ] srservice C:\WINDOWS\system32\srsvc.dll
10:37:40.0765 3336 srservice - ok
10:37:40.0781 3336 [ 20B7E396720353E4117D64D9DCB926CA ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
10:37:40.0890 3336 Srv - ok
10:37:40.0921 3336 [ 88C28F53F53438DAFCD95E99C837C61E ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
10:37:40.0984 3336 SSDPSRV - ok
10:37:41.0000 3336 [ EAA66218CD39F5BB1B4853A78C67C787 ] ss_bbus C:\WINDOWS\system32\DRIVERS\ss_bbus.sys
10:37:41.0015 3336 ss_bbus - ok
10:37:41.0031 3336 [ 91765F99914ED8693D8BC76524F21581 ] ss_bmdfl C:\WINDOWS\system32\DRIVERS\ss_bmdfl.sys
10:37:41.0046 3336 ss_bmdfl - ok
10:37:41.0062 3336 [ 840E7B738B03C10EE91D9B7D3D6EFF15 ] ss_bmdm C:\WINDOWS\system32\DRIVERS\ss_bmdm.sys
10:37:41.0062 3336 ss_bmdm - ok
10:37:41.0093 3336 [ 0645CCDDDD27F96EEA3534C1DEF736D9 ] stisvc C:\WINDOWS\system32\wiaservc.dll
10:37:41.0187 3336 stisvc - ok
10:37:41.0218 3336 [ 03C1BAE4766E2450219D20B993D6E046 ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
10:37:41.0312 3336 swenum - ok
10:37:41.0312 3336 [ 94ABC808FC4B6D7D2BBF42B85E25BB4D ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
10:37:41.0406 3336 swmidi - ok
10:37:41.0421 3336 SwPrv - ok
10:37:41.0421 3336 symc810 - ok
10:37:41.0421 3336 symc8xx - ok
10:37:41.0421 3336 sym_hi - ok
10:37:41.0437 3336 sym_u3 - ok
10:37:41.0453 3336 [ 650AD082D46BAC0E64C9C0E0928492FD ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
10:37:41.0546 3336 sysaudio - ok
10:37:41.0562 3336 [ D9C9ECFF4904E6151525C533AEEDF8F4 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
10:37:41.0671 3336 SysmonLog - ok
10:37:41.0687 3336 [ 37162D29CD61519E6F5EA0DE99786FF6 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
10:37:41.0796 3336 TapiSrv - ok
10:37:41.0843 3336 [ 9F4B36614A0FC234525BA224957DE55C ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
10:37:41.0953 3336 Tcpip - ok
10:37:41.0968 3336 [ 38D437CF2D98965F239B0ABCD66DCB0F ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
10:37:42.0078 3336 TDPIPE - ok
10:37:42.0093 3336 [ ED0580AF02502D00AD8C4C066B156BE9 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
10:37:42.0187 3336 TDTCP - ok
10:37:42.0203 3336 [ A540A99C281D933F3D69D55E48727F47 ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
10:37:42.0312 3336 TermDD - ok
10:37:42.0328 3336 [ 2F5919F2F6EE7A845893D9C3AA2BC56A ] TermService C:\WINDOWS\System32\termsrv.dll
10:37:42.0437 3336 TermService - ok
10:37:42.0468 3336 [ 8BA76BD2A943F642F267A296A15776D2 ] Themes C:\WINDOWS\System32\shsvcs.dll
10:37:42.0562 3336 Themes - ok
10:37:42.0578 3336 [ 535C2FB97336BAFA509F4783DD1E5746 ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
10:37:42.0640 3336 TlntSvr - ok
10:37:42.0656 3336 TosIde - ok
10:37:42.0671 3336 [ 4DCE17221B1A87FB47E36842F3E38753 ] TrkWks C:\WINDOWS\system32\trkwks.dll
10:37:42.0765 3336 TrkWks - ok
10:37:42.0859 3336 [ 12F70256F140CD7D52C58C7048FDE657 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
10:37:42.0953 3336 Udfs - ok
10:37:42.0953 3336 ultra - ok
10:37:42.0984 3336 [ C81B8635DEE0D3EF5F64B3DD643023A5 ] UMWdf C:\WINDOWS\system32\wdfmgr.exe
10:37:43.0015 3336 UMWdf - ok
10:37:43.0031 3336 [ AFF2E5045961BBC0A602BB6F95EB1345 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
10:37:43.0125 3336 Update - ok
10:37:43.0140 3336 [ 984FC1518B0D5B31D76F0E63608E0500 ] upnphost C:\WINDOWS\System32\upnphost.dll
10:37:43.0203 3336 upnphost - ok
10:37:43.0218 3336 [ 6148A3BA4D9CC628357FC92014FEA30E ] UPS C:\WINDOWS\System32\ups.exe
10:37:43.0312 3336 UPS - ok
10:37:43.0328 3336 [ BFFD9F120CC63BCBAA3D840F3EEF9F79 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
10:37:43.0421 3336 usbccgp - ok
10:37:43.0437 3336 [ 15E993BA2F6946B2BFBBFCD30398621E ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
10:37:43.0531 3336 usbehci - ok
10:37:43.0562 3336 [ C72F40947F92CEA56A8FB532EDF025F1 ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
10:37:43.0640 3336 usbhub - ok
10:37:43.0734 3336 [ BDFE799A8531BAD8A5A985821FE78760 ] usbohci C:\WINDOWS\system32\DRIVERS\usbohci.sys
10:37:43.0843 3336 usbohci - ok
10:37:43.0906 3336 [ A42369B7CD8886CD7C70F33DA6FCBCF5 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
10:37:44.0015 3336 usbprint - ok
10:37:44.0031 3336 [ A6BC71402F4F7DD5B77FD7F4A8DDBA85 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
10:37:44.0125 3336 usbscan - ok
10:37:44.0140 3336 [ 6CD7B22193718F1D17A47A1CD6D37E75 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
10:37:44.0250 3336 USBSTOR - ok
10:37:44.0250 3336 [ 8A60EDD72B4EA5AEA8202DAF0E427925 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
10:37:44.0343 3336 VgaSave - ok
10:37:44.0343 3336 ViaIde - ok
10:37:44.0375 3336 [ CD8CCE067F7E9CBD762C00BDDDECAA34 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
10:37:44.0468 3336 VolSnap - ok
10:37:44.0484 3336 [ 043539881667BB37B07524032D6FFC3E ] VSS C:\WINDOWS\System32\vssvc.exe
10:37:44.0546 3336 VSS - ok
10:37:44.0593 3336 [ 2CEEBB402187AE56B585701F3D191FB3 ] W32Time C:\WINDOWS\system32\w32time.dll
10:37:44.0687 3336 W32Time - ok
10:37:44.0703 3336 [ 984EF0B9788ABF89974CFED4BFBAACBC ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
10:37:44.0796 3336 Wanarp - ok
10:37:44.0796 3336 WDICA - ok
10:37:44.0875 3336 [ 2797F33EBF50466020C430EE4F037933 ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
10:37:44.0968 3336 wdmaud - ok
10:37:44.0984 3336 [ 3791ADF1D3466AC6B4B662D3F79CBFEC ] WebClient C:\WINDOWS\System32\webclnt.dll
10:37:45.0078 3336 WebClient - ok
10:37:45.0140 3336 [ E12084EA622BDF2262C637BEF15DD85C ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
10:37:45.0250 3336 winmgmt - ok
10:37:45.0265 3336 [ A477391B7A8B0A0DAABADB17CF533A4B ] WmdmPmSN C:\WINDOWS\system32\mspmsnsv.dll
10:37:45.0281 3336 WmdmPmSN - ok
10:37:45.0312 3336 [ 0CDC4A0C6B820FAD99FB4CA74CD0C476 ] Wmi C:\WINDOWS\System32\advapi32.dll
10:37:45.0421 3336 Wmi - ok
10:37:45.0437 3336 [ BCD21B989F0FD4ACE78287FC01B4693D ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
10:37:45.0531 3336 WmiApSrv - ok
10:37:45.0609 3336 [ C1B3D9D75C3FB735F5FA3A5806ADED57 ] WpdUsb C:\WINDOWS\system32\Drivers\wpdusb.sys
10:37:45.0625 3336 WpdUsb - ok
10:37:45.0640 3336 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
10:37:45.0734 3336 WS2IFSL - ok
10:37:45.0781 3336 [ 4ADED1ADEF25041D9827F9A79C0FDA13 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
10:37:45.0890 3336 wscsvc - ok
10:37:45.0890 3336 [ 21F5169CA14E0B25C757644456F637DF ] wuauserv C:\WINDOWS\system32\wuauserv.dll
10:37:46.0000 3336 wuauserv - ok
10:37:46.0031 3336 [ 325CEDEF696EF4B649DDCD3968D085C9 ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
10:37:46.0140 3336 WZCSVC - ok
10:37:46.0156 3336 [ 9B835D4C64860B155A1701D5092EC9E4 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
10:37:46.0250 3336 xmlprov - ok
10:37:46.0250 3336 ================ Scan global ===============================
10:37:46.0281 3336 [ F642F3368D2839798DA79E7BA9218481 ] C:\WINDOWS\system32\basesrv.dll
10:37:46.0296 3336 [ E4E57FBA176F2752527B1D53A663D2D7 ] C:\WINDOWS\system32\winsrv.dll
10:37:46.0312 3336 [ E4E57FBA176F2752527B1D53A663D2D7 ] C:\WINDOWS\system32\winsrv.dll
10:37:46.0328 3336 [ 6E401E61F952FBBF708AFBECEFAFAE81 ] C:\WINDOWS\system32\services.exe
10:37:46.0328 3336 [Global] - ok
10:37:46.0328 3336 ================ Scan MBR ==================================
10:37:46.0343 3336 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
10:37:46.0656 3336 \Device\Harddisk0\DR0 - ok
10:37:46.0656 3336 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR3
10:37:52.0281 3336 \Device\Harddisk1\DR3 - ok
10:37:52.0281 3336 [ 56D8790F5DA61ABBDF10034C010174AD ] \Device\Harddisk2\DR4
10:37:58.0953 3336 \Device\Harddisk2\DR4 - ok
10:37:58.0953 3336 ================ Scan VBR ==================================
10:37:59.0031 3336 [ 71DA0474CAA92EBC3D2D678171EFDB3F ] \Device\Harddisk0\DR0\Partition1
10:37:59.0031 3336 \Device\Harddisk0\DR0\Partition1 - ok
10:37:59.0031 3336 [ FD58BA680272E3B9E743F1F103D4709A ] \Device\Harddisk0\DR0\Partition2
10:37:59.0046 3336 \Device\Harddisk0\DR0\Partition2 - ok
10:37:59.0046 3336 [ 9AB79A98F32E6706F2E6329466A0AF60 ] \Device\Harddisk1\DR3\Partition1
10:37:59.0046 3336 \Device\Harddisk1\DR3\Partition1 - ok
10:37:59.0046 3336 ============================================================
10:37:59.0046 3336 Scan finished
10:37:59.0046 3336 ============================================================
10:37:59.0156 3180 Detected object count: 7
10:37:59.0156 3180 Actual detected object count: 7
10:38:38.0046 3180 ACPI ( Virus.Win32.Rloader.a ) - skipped by user
10:38:38.0046 3180 ACPI ( Virus.Win32.Rloader.a ) - User select action: Skip
10:38:38.0046 3180 FsUsbExDisk ( UnsignedFile.Multi.Generic ) - skipped by user
10:38:38.0046 3180 FsUsbExDisk ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:38:38.0046 3180 FsUsbExService ( UnsignedFile.Multi.Generic ) - skipped by user
10:38:38.0046 3180 FsUsbExService ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:38:38.0062 3180 MarvinBus ( UnsignedFile.Multi.Generic ) - skipped by user
10:38:38.0062 3180 MarvinBus ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:38:38.0062 3180 PCLEPCI ( UnsignedFile.Multi.Generic ) - skipped by user
10:38:38.0062 3180 PCLEPCI ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:38:38.0062 3180 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
10:38:38.0062 3180 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:38:38.0062 3180 ServiceLayer ( UnsignedFile.Multi.Generic ) - skipped by user
10:38:38.0062 3180 ServiceLayer ( UnsignedFile.Multi.Generic ) - User select action: Skip

Domeek · #8 Příspěvek od **Domeek** » 10 úno 2013 11:07

Zapomněl jsem přiložit USBFix, tak tady to je:

############################## | UsbFix V 7.096 | [Research]

User: win-xp (Administrator) # W-XP
Updated 15/08/2012 by El Desaparecido
Started at 10:41:49 | 10/02/2013

Website: http://eldesaparecido.com
Forum: http://forum.eldesaparecido.com
Suspicious file ? : http://eldesaparecido.com/upload.php
Contact: contact@eldesaparecido.com

PC: Gigabyte Technology Co., Ltd. (GA-MA69GM-S2H) (X86-based PC) # Desktop Computer
CPU: AMD Athlon(tm) 64 X2 Dual Core Processor 4800+ (2505)
CPU: AMD Athlon(tm) 64 X2 Dual Core Processor 4800+ (2505)
RAM -> [Total : 2046 | Free : 1551]
BIOS: Award Modular BIOS v6.00PG
BOOT: Normal boot

OS: Systém Microsoft Windows XP Professional (5.1.2600 32-Bit) # Service Pack 2
WB: Windows Internet Explorer 6.0.2900.2180

SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
FW: Windows FireWall Service [Enabled]

C:\ (%systemdrive%) -> Fixed drive # 149 Gb (56 Mb free - 37%) [Systém_160GB] # NTFS
D:\ -> Fixed drive # 149 Gb (117 Mb free - 79%) [Data_160GB] # NTFS
E:\ -> CD-ROM
F:\ -> CD-ROM
G:\ -> Removable drive # 4 Gb (2 Mb free - 48%) [VERBATIM] # FAT32
H:\ -> Removable drive # 4 Gb (3 Mb free - 73%) [VERBATIM] # FAT32

################## | Active Processes |

C:\WINDOWS\System32\smss.exe (760)
C:\WINDOWS\system32\winlogon.exe (832)
C:\WINDOWS\system32\services.exe (876)
C:\WINDOWS\system32\lsass.exe (888)
C:\WINDOWS\system32\svchost.exe (1056)
C:\WINDOWS\System32\svchost.exe (1224)
C:\Program Files\AVAST Software\Avast\AvastSvc.exe (1640)
C:\WINDOWS\Explorer.EXE (1756)
C:\WINDOWS\system32\spoolsv.exe (1792)
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe (672)
C:\WINDOWS\RTHDCPL.EXE (784)
C:\WINDOWS\system32\RUNDLL32.EXE (804)
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe (800)
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe (812)
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (940)
C:\Program Files\AVAST Software\Avast\avastUI.exe (1016)
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (1080)
C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe (1088)
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (1300)
C:\WINDOWS\system32\FsUsbExService.Exe (1656)
C:\Program Files\Java\jre7\bin\jqs.exe (2020)
C:\WINDOWS\system32\nvsvc32.exe (2068)
C:\Documents and Settings\All Users\Data aplikací\Skype\Toolbars\Skype C2C Service\c2c_service.exe (2212)
C:\WINDOWS\system32\svchost.exe (2360)
C:\WINDOWS\system32\svchost.exe (2744)
C:\WINDOWS\System32\svchost.exe (3596)
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe (4092)
C:\WINDOWS\system32\wuauclt.exe (3468)
C:\UsbFix\Go.exe (3328)
C:\WINDOWS\system32\wscntfy.exe (1156)

################## | Files # Infected Folders |

Found ! G:\VERBATIM (4GB).lnk
Found ! G:\ .lnk
Found ! G:\Shortcut to game.lnk
Found ! H:\VERBATIM (4GB).lnk
Found ! H:\ .lnk
Found ! H:\Shortcut to game.lnk
Found ! G:\autorun.inf
Found ! G:\game.exe
Found ! H:\autorun.inf
Found ! H:\game.exe

################## | Registry |

Found ! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System|DisableRegistryTools
Found ! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\explorer|NoDrives
Found ! HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\explorer|NoDrives

################## | Mountpoints2 |

################## | Vaccin |

(!) This computer is not vaccinated!

################## | E.O.F |

Domeek · #9 Příspěvek od **Domeek** » 10 úno 2013 11:21

Jak už jsem zmiňoval PC není můj, ale je od známého, který technice moc nerozumí, a má malé děti, které vlezou, kam mohou a klikají na kde co. Chtěl jsem mu pomoct, ale sám si netroufám. Chybí tu SP3 a novější IE, to vím.

Můžeme vyzkoušet ty Vaše nové utility, jdu do toho. Díky za pomoc.

Domeek · #10 Příspěvek od **Domeek** » 10 úno 2013 11:23

Logfile of random's system information tool 1.09 (written by random/random)
Run by win-xp at 2013-02-10 11:23:03
Systém Microsoft Windows XP Professional Service Pack 2
System drive C: has 57 GB (37%) free of 153 GB
Total RAM: 2046 MB (74% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:23:06, on 10.2.2013
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\FsUsbExService.Exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Documents and Settings\All Users\Data aplikací\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\win-xp\Plocha\RSIT.exe
C:\Program Files\trend micro\win-xp.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://techalpunto.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKCU\..\Run: [LaunchList] D:\Program Files\Pinnacle\Studio 11\LaunchList2.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [AutoStartNPSAgent] C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Rychlé spuštění aplikace HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: FsUsbExService - Teruten - C:\WINDOWS\system32\FsUsbExService.Exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PCLEPCI - Pinnacle Systems GmbH - C:\WINDOWS\system32\drivers\pclepci.sys
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\Documents and Settings\All Users\Data aplikací\Skype\Toolbars\Skype C2C Service\c2c_service.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe

--
End of file - 6168 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\avast! Emergency Update.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre7\bin\ssv.dll [2012-10-09 449512]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2012-10-09 157672]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2007-11-07 8523776]
"nwiz"=nwiz.exe /install []
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"RemoteControl"=C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2003-10-31 32768]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2007-05-10 16342528]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2007-11-07 81920]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2004-02-12 49152]
"HP Component Manager"=C:\Program Files\HP\hpcoretech\hpcmpmgr.exe [2004-05-12 241664]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2011-09-07 37296]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-12-03 946352]
"NPSStartup"= []
"avast"=C:\Program Files\AVAST Software\Avast\avastUI.exe [2012-10-30 4297136]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
""= []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"LaunchList"=D:\Program Files\Pinnacle\Studio 11\LaunchList2.exe [2007-03-21 145496]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-11-05 68856]
"AutoStartNPSAgent"=C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe [2009-04-02 102400]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\DTLite.exe [2013-01-08 3674320]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
Microsoft Office.lnk - D:\Program Files\Microsoft Office\Office\OSA9.EXE
Rychlé spuštění aplikace HP Image Zone.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=0
"NoDriveAutoRun"=3
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=3
"NoDriveTypeAutoRun"=0
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"VIDC.MJPG"=Pvmjpg30.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"vidc.LEAD"=LCODCCMP.DLL

======List of files/folders created in the last 1 month======

2013-02-10 10:41:16 ----A---- C:\UsbFix.txt
2013-02-10 10:41:14 ----D---- C:\UsbFix
2013-02-10 10:36:52 ----A---- C:\TDSSKiller.2.8.15.0_10.02.2013_10.36.52_log.txt
2013-02-10 10:17:12 ----D---- C:\_OTL
2013-02-10 10:14:59 ----D---- C:\WINDOWS\pss
2013-02-10 10:09:26 ----A---- C:\AdwCleaner[S1].txt
2013-02-10 10:08:49 ----A---- C:\AdwCleaner[R1].txt
2013-02-09 22:25:34 ----SHD---- C:\RECYCLER
2013-02-09 21:09:54 ----HD---- C:\WINDOWS\PIF
2013-02-09 20:27:35 ----D---- C:\WINDOWS\temp
2013-02-09 20:18:10 ----A---- C:\WINDOWS\zip.exe
2013-02-09 20:18:10 ----A---- C:\WINDOWS\SWXCACLS.exe
2013-02-09 20:18:10 ----A---- C:\WINDOWS\SWSC.exe
2013-02-09 20:18:10 ----A---- C:\WINDOWS\SWREG.exe
2013-02-09 20:18:10 ----A---- C:\WINDOWS\sed.exe
2013-02-09 20:18:10 ----A---- C:\WINDOWS\PEV.exe
2013-02-09 20:18:10 ----A---- C:\WINDOWS\NIRCMD.exe
2013-02-09 20:18:10 ----A---- C:\WINDOWS\MBR.exe
2013-02-09 20:18:10 ----A---- C:\WINDOWS\grep.exe
2013-02-09 20:18:06 ----D---- C:\zmizik.com
2013-02-09 20:16:34 ----D---- C:\Qoobox
2013-02-09 20:16:25 ----D---- C:\WINDOWS\erdnt
2013-02-09 20:13:56 ----A---- C:\WINDOWS\system32\d3d9caps.dat
2013-02-09 20:13:29 ----D---- C:\WINDOWS\CSC
2013-02-09 19:16:19 ----A---- C:\PRIKAZ.TXT
2013-02-09 18:10:18 ----D---- C:\rsit
2013-02-09 18:10:18 ----D---- C:\Program Files\trend micro
2013-02-09 14:27:30 ----A---- C:\WINDOWS\system32\drivers\aswSP.sys
2013-02-09 14:27:30 ----A---- C:\WINDOWS\system32\drivers\aswFsBlk.sys
2013-02-09 14:27:29 ----A---- C:\WINDOWS\system32\drivers\aswTdi.sys
2013-02-09 14:27:29 ----A---- C:\WINDOWS\system32\drivers\aswRdr.sys
2013-02-09 14:27:28 ----A---- C:\WINDOWS\system32\drivers\aswSnx.sys
2013-02-09 14:27:27 ----A---- C:\WINDOWS\system32\drivers\aswmon2.sys
2013-02-09 14:27:27 ----A---- C:\WINDOWS\system32\drivers\aswmon.sys
2013-02-09 14:27:27 ----A---- C:\WINDOWS\system32\drivers\aavmker4.sys
2013-02-09 14:27:12 ----A---- C:\WINDOWS\system32\aswBoot.exe
2013-02-09 14:27:12 ----A---- C:\WINDOWS\avastSS.scr
2013-02-09 14:26:58 ----D---- C:\Program Files\AVAST Software
2013-02-09 14:26:58 ----D---- C:\Documents and Settings\All Users\Data aplikací\AVAST Software
2013-02-09 13:52:13 ----A---- C:\WINDOWS\SchedLgU.Txt
2013-02-09 12:33:47 ----D---- C:\lan
2013-02-09 12:09:21 ----D---- C:\Program Files\Defraggler
2013-02-09 12:06:58 ----A---- C:\WINDOWS\system32\drivers\HWiNFO32.SYS
2013-02-09 12:06:29 ----D---- C:\Program Files\HWiNFO32
2013-02-09 11:36:51 ----A---- C:\WINDOWS\system32\hidserv.dll
2013-02-09 11:36:48 ----A---- C:\WINDOWS\system32\drivers\kbdhid.sys
2013-02-07 20:33:08 ----D---- C:\WINDOWS\system32\CatRoot_bak
2013-02-07 20:02:17 ----A---- C:\WINDOWS\system32\drivers\dtsoftbus01.sys
2013-02-07 17:49:44 ----D---- C:\WINDOWS\Performance
2013-02-07 17:49:14 ----D---- C:\Program Files\Microsoft Windows 7 Upgrade Advisor
2013-02-06 19:22:22 ----D---- C:\$WINDOWS.~BT
2013-02-06 18:32:53 ----A---- C:\WINDOWS\system32\drivers\sptd.sys
2013-02-06 18:32:48 ----D---- C:\Documents and Settings\win-xp\Data aplikací\DAEMON Tools Lite
2013-02-06 18:32:44 ----D---- C:\Program Files\DAEMON Tools Lite
2013-02-06 18:31:52 ----D---- C:\Documents and Settings\All Users\Data aplikací\DAEMON Tools Lite
2013-02-05 16:20:17 ----D---- C:\Documents and Settings\win-xp\Data aplikací\searchresultstb
2013-02-04 14:25:39 ----AH---- C:\Documents and Settings\win-xp\Data aplikací\535gege44f.txt
2013-02-02 14:56:39 ----AH---- C:\Documents and Settings\win-xp\Data aplikací\88r8rrjejeue.txt
2013-02-01 18:52:29 ----AH---- C:\Documents and Settings\win-xp\Data aplikací\87g8gg8g8g8g7g.txt
2013-01-22 17:22:03 ----D---- C:\Program Files\1C
2013-01-19 17:02:05 ----D---- C:\Program Files\Tetris

======List of files/folders modified in the last 1 month======

2013-02-10 10:41:52 ----D---- C:\WINDOWS\Prefetch
2013-02-10 10:37:17 ----D---- C:\WINDOWS\system32\CatRoot2
2013-02-10 10:36:53 ----D---- C:\WINDOWS\system32\drivers
2013-02-10 10:22:42 ----D---- C:\WINDOWS\system32
2013-02-10 10:22:42 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2013-02-10 10:18:57 ----SHD---- C:\WINDOWS\Installer
2013-02-10 10:18:50 ----D---- C:\Windows
2013-02-10 10:12:46 ----D---- C:\Config.Msi
2013-02-10 10:12:20 ----RD---- C:\Program Files
2013-02-10 10:08:26 ----A---- C:\WINDOWS\wincmd.ini
2013-02-09 21:04:23 ----D---- C:\WINDOWS\system32\drivers\etc
2013-02-09 21:03:51 ----SD---- C:\WINDOWS\Tasks
2013-02-09 21:03:08 ----D---- C:\WINDOWS\SoftwareDistribution
2013-02-09 21:02:32 ----A---- C:\WINDOWS\system.ini
2013-02-09 21:00:50 ----D---- C:\WINDOWS\system32\config
2013-02-09 20:25:53 ----D---- C:\WINDOWS\AppPatch
2013-02-09 20:25:52 ----D---- C:\Program Files\Common Files
2013-02-09 14:27:23 ----D---- C:\WINDOWS\WinSxS
2013-02-09 14:27:22 ----D---- C:\Program Files\Common Files\Microsoft Shared
2013-02-09 14:00:32 ----A---- C:\WINDOWS\NeroDigital.ini
2013-02-09 13:31:27 ----D---- C:\WINDOWS\Minidump
2013-02-09 13:31:27 ----D---- C:\WINDOWS\Debug
2013-02-09 12:08:42 ----D---- C:\Program Files\CCleaner
2013-02-09 11:36:57 ----RSHDC---- C:\WINDOWS\system32\dllcache
2013-02-07 21:15:21 ----HD---- C:\WINDOWS\inf
2013-02-07 21:09:18 ----D---- C:\WINDOWS\system32\CatRoot
2013-02-07 19:33:47 ----D---- C:\install
2013-02-07 18:30:08 ----D---- C:\Program Files\Java
2013-02-07 18:30:08 ----D---- C:\Program Files\Internet Explorer
2013-02-07 18:30:08 ----D---- C:\Program Files\HP
2013-02-07 18:30:08 ----D---- C:\Program Files\Hewlett-Packard
2013-02-07 18:30:07 ----D---- C:\Program Files\Google
2013-02-07 18:30:07 ----D---- C:\Program Files\ESET
2013-02-07 18:30:07 ----D---- C:\Program Files\DIFX
2013-02-07 18:30:07 ----D---- C:\Program Files\CyberLink
2013-02-07 18:30:07 ----D---- C:\Program Files\ComPlus Applications
2013-02-07 18:30:07 ----D---- C:\Program Files\Common Files\System
2013-02-07 18:30:07 ----D---- C:\Program Files\Common Files\Symantec Shared
2013-02-07 18:30:07 ----D---- C:\Program Files\Common Files\SpeechEngines
2013-02-07 18:30:07 ----D---- C:\Program Files\Common Files\Skype
2013-02-07 18:30:07 ----D---- C:\Program Files\Common Files\Services
2013-02-07 18:30:07 ----D---- C:\Program Files\Common Files\ODBC
2013-02-07 18:30:07 ----D---- C:\Program Files\Common Files\Nero
2013-02-07 18:30:06 ----D---- C:\Program Files\Realtek
2013-02-07 18:30:06 ----D---- C:\Program Files\Common Files\MSSoap
2013-02-07 18:30:06 ----D---- C:\Program Files\Common Files\Java
2013-02-07 18:30:06 ----D---- C:\Program Files\Common Files\InstallShield
2013-02-07 18:30:06 ----D---- C:\Program Files\Common Files\HP
2013-02-07 18:30:05 ----D---- C:\Program Files\proDAD
2013-02-07 18:30:05 ----D---- C:\Program Files\Pinnacle
2013-02-07 18:30:05 ----D---- C:\Program Files\PC Connectivity Solution
2013-02-07 18:30:05 ----D---- C:\Program Files\Outlook Express
2013-02-07 18:30:05 ----D---- C:\Program Files\Online Services
2013-02-07 18:30:05 ----D---- C:\Program Files\NOS
2013-02-07 18:30:05 ----D---- C:\Program Files\Norton Security Scan
2013-02-07 18:30:05 ----D---- C:\Program Files\NetMeeting
2013-02-07 18:30:05 ----D---- C:\Program Files\MSN Gaming Zone
2013-02-07 18:30:05 ----D---- C:\Program Files\Movie Maker
2013-02-07 18:30:05 ----D---- C:\Program Files\Common Files\Hewlett-Packard
2013-02-07 18:30:05 ----D---- C:\Program Files\Common Files\Designer
2013-02-07 18:30:05 ----D---- C:\Program Files\Common Files\Ahead
2013-02-07 18:30:05 ----D---- C:\Program Files\Common Files\Adobe AIR
2013-02-07 18:30:05 ----D---- C:\Program Files\Common Files\Adobe
2013-02-07 18:30:05 ----D---- C:\Program Files\CDex_150
2013-02-07 18:30:05 ----D---- C:\Program Files\BIAS
2013-02-07 18:30:05 ----D---- C:\Program Files\Ahead
2013-02-07 18:30:04 ----D---- C:\Program Files\microsoft frontpage
2013-02-07 18:30:04 ----D---- C:\Program Files\Messenger
2013-02-07 18:30:04 ----D---- C:\Program Files\MarkAny
2013-02-07 18:30:04 ----D---- C:\Program Files\Adobe
2013-02-07 18:30:03 ----D---- C:\Program Files\Yahoo!
2013-02-07 18:30:03 ----D---- C:\Program Files\xerox
2013-02-07 18:30:03 ----D---- C:\Program Files\Windows NT
2013-02-07 18:30:03 ----D---- C:\Program Files\Windows Media Player
2013-02-07 18:30:02 ----RD---- C:\Program Files\Skype
2013-02-07 18:30:02 ----D---- C:\Program Files\Video Converter Fox
2013-02-07 18:30:02 ----D---- C:\Program Files\Samsung
2013-02-07 17:58:46 ----RSD---- C:\WINDOWS\assembly
2013-02-07 17:47:33 ----D---- C:\WINDOWS\pchealth
2013-02-06 19:37:03 ----D---- C:\WINDOWS\Microsoft.NET
2013-02-05 16:06:06 ----SD---- C:\Documents and Settings\All Users\Data aplikací\Microsoft
2013-02-01 19:05:38 ----A---- C:\WINDOWS\win.ini
2013-01-27 20:46:24 ----D---- C:\Documents and Settings\win-xp\Data aplikací\Skype
2013-01-26 09:52:34 ----HD---- C:\Program Files\InstallShield Installation Information

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 ohci1394;Hostitelský řadič IEEE 1394 dle standardu OHCI Texas Instruments; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2004-08-03 61056]
R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2013-02-06 466008]
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2012-10-30 25256]
R1 AswRdr;aswRdr; C:\WINDOWS\system32\drivers\AswRdr.sys [2012-10-30 35928]
R1 aswSnx;aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [2012-10-30 738504]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2012-10-30 361032]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2012-10-30 54232]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\WINDOWS\system32\DRIVERS\dtsoftbus01.sys [2013-02-07 242240]
R1 HWiNFO32;HWiNFO32/64 Kernel Driver; \??\C:\WINDOWS\system32\drivers\HWiNFO32.SYS []
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-17 14848]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-10-25 12032]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2012-10-30 21256]
R2 aswMon2;aswMon2; C:\WINDOWS\system32\drivers\aswMon2.sys [2012-10-30 97608]
R3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-17 60800]
R3 FsUsbExDisk;FsUsbExDisk; \??\C:\WINDOWS\system32\FsUsbExDisk.SYS []
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-10-25 9600]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-05-10 4419584]
R3 MarvinBus;Pinnacle Marvin Bus; C:\WINDOWS\system32\DRIVERS\MarvinBus.sys [2007-01-04 171520]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-25 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-17 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2007-11-07 7429088]
R3 RTL8023xp;Realtek 10/100/1000 PCI NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys [2006-12-14 85120]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
R3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 ab691yg1;ab691yg1; C:\WINDOWS\system32\drivers\ab691yg1.sys []
S3 catchme;catchme; \??\C:\DOCUME~1\win-xp\LOCALS~1\Temp\catchme.sys []
S3 gdrv;gdrv; \??\C:\WINDOWS\gdrv.sys []
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2004-06-21 51088]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2004-06-21 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2004-06-21 21744]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2007-09-17 21632]
S3 ss_bbus;SAMSUNG USB Mobile Device (WDM); C:\WINDOWS\system32\DRIVERS\ss_bbus.sys [2009-03-20 90112]
S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter); C:\WINDOWS\system32\DRIVERS\ss_bmdfl.sys [2009-03-20 14976]
S3 ss_bmdm;SAMSUNG USB Mobile Modem; C:\WINDOWS\system32\DRIVERS\ss_bmdm.sys [2009-03-20 121856]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2004-08-11 18944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-10-30 44808]
R2 FsUsbExService;FsUsbExService; C:\WINDOWS\system32\FsUsbExService.Exe [2009-03-31 233472]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre7\bin\jqs.exe [2012-10-09 161768]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2007-11-07 155716]
R2 Skype C2C Service;Skype C2C Service; C:\Documents and Settings\All Users\Data aplikací\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-12-13 3290896]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-08-11 38912]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2012-04-17 116648]
S2 PCLEPCI;PCLEPCI; C:\WINDOWS\system32\drivers\pclepci.sys [2005-02-09 14165]
S2 SkypeUpdate;Skype Updater; C:\Program Files\Skype\Updater\Updater.exe [2012-11-09 160944]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2012-04-17 116648]
S3 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2004-03-18 65536]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2008-04-07 430592]

-----------------EOF-----------------

Domeek · #11 Příspěvek od **Domeek** » 10 úno 2013 13:28

UsBFix spuštěn a provedena vakcinace, zde je log

############################## | UsbFix V 7.096 | [Research]

User: win-xp (Administrator) # W-XP
Updated 15/08/2012 by El Desaparecido
Started at 13:11:28 | 10/02/2013

Website: http://eldesaparecido.com
Forum: http://forum.eldesaparecido.com
Suspicious file ? : http://eldesaparecido.com/upload.php
Contact: contact@eldesaparecido.com

PC: Gigabyte Technology Co., Ltd. (GA-MA69GM-S2H) (X86-based PC) # Desktop Computer
CPU: AMD Athlon(tm) 64 X2 Dual Core Processor 4800+ (2505)
CPU: AMD Athlon(tm) 64 X2 Dual Core Processor 4800+ (2505)
RAM -> [Total : 2046 | Free : 1491]
BIOS: Award Modular BIOS v6.00PG
BOOT: Normal boot

OS: Systém Microsoft Windows XP Professional (5.1.2600 32-Bit) # Service Pack 2
WB: Windows Internet Explorer 6.0.2900.2180

SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
FW: Windows FireWall Service [Enabled]

C:\ (%systemdrive%) -> Fixed drive # 149 Gb (56 Mb free - 37%) [Systém_160GB] # NTFS
D:\ -> Fixed drive # 149 Gb (117 Mb free - 79%) [Data_160GB] # NTFS
E:\ -> CD-ROM
F:\ -> CD-ROM
G:\ -> Removable drive # 4 Gb (2 Mb free - 48%) [VERBATIM] # FAT32
H:\ -> Removable drive # 4 Gb (3 Mb free - 73%) [VERBATIM] # FAT32

################## | Active Processes |

C:\WINDOWS\System32\smss.exe (760)
C:\WINDOWS\system32\winlogon.exe (832)
C:\WINDOWS\system32\services.exe (876)
C:\WINDOWS\system32\lsass.exe (888)
C:\WINDOWS\system32\svchost.exe (1056)
C:\WINDOWS\System32\svchost.exe (1224)
C:\Program Files\AVAST Software\Avast\AvastSvc.exe (1640)
C:\WINDOWS\Explorer.EXE (1756)
C:\WINDOWS\system32\spoolsv.exe (1792)
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe (672)
C:\WINDOWS\RTHDCPL.EXE (784)
C:\WINDOWS\system32\RUNDLL32.EXE (804)
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe (800)
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe (812)
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (940)
C:\Program Files\AVAST Software\Avast\avastUI.exe (1016)
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (1080)
C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe (1088)
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (1300)
C:\WINDOWS\system32\FsUsbExService.Exe (1656)
C:\Program Files\Java\jre7\bin\jqs.exe (2020)
C:\WINDOWS\system32\nvsvc32.exe (2068)
C:\Documents and Settings\All Users\Data aplikací\Skype\Toolbars\Skype C2C Service\c2c_service.exe (2212)
C:\WINDOWS\system32\svchost.exe (2360)
C:\WINDOWS\system32\svchost.exe (2744)
C:\WINDOWS\System32\svchost.exe (3596)
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe (4092)
C:\WINDOWS\system32\wuauclt.exe (3468)
C:\WINDOWS\system32\wuauclt.exe (3408)
C:\UsbFix\Go.exe (2980)

################## | Files # Infected Folders |

Found ! G:\VERBATIM (4GB).lnk
Found ! G:\ .lnk
Found ! G:\Shortcut to game.lnk
Found ! H:\VERBATIM (4GB).lnk
Found ! H:\ .lnk
Found ! H:\Shortcut to game.lnk
Found ! G:\game.exe
Found ! H:\game.exe

################## | Registry |

Found ! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System|DisableRegistryTools
Found ! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\explorer|NoDrives
Found ! HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\explorer|NoDrives

################## | Mountpoints2 |

################## | Vaccin |

C:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)
D:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)
G:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)
H:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)

################## | E.O.F |

PC Hunter spuštěn s těmito výsledky:

Hunter_Services.zip: (7.52 KiB) Staženo 37 x

Domeek · #12 Příspěvek od **Domeek** » 10 úno 2013 13:33

Tady jsou logy a screeny z PowerTool
archiv byl pro upload na forum příliš velký, tak je zde:
http://leteckaposta.cz/472238299

PC se nepatrně zrychlilo, ale stále je problém s usb disky, jejich obsah stále není vidět, jsou tam soubory inf a exe na spustění jakési game.exe.

Díky za pomoc.

Domeek · #13 Příspěvek od **Domeek** » 10 úno 2013 13:37

Omlouvám se, zde je opravený Hunter:

hunter.rar: (46.07 KiB) Staženo 42 x

Jinak wincheck32 skončil BSOD a log se nevytvořil, resp. textový soubor se vytvořil, ale je prázdný.

Domeek · #14 Příspěvek od **Domeek** » 10 úno 2013 14:23

USBIFX

############################## | UsbFix V 7.096 | [Deletion]

User: win-xp (Administrator) # W-XP
Updated 15/08/2012 by El Desaparecido
Started at 13:58:00 | 10/02/2013

Website: http://eldesaparecido.com
Forum: http://forum.eldesaparecido.com
Suspicious file ? : http://eldesaparecido.com/upload.php
Contact: contact@eldesaparecido.com

PC: Gigabyte Technology Co., Ltd. (GA-MA69GM-S2H) (X86-based PC) # Desktop Computer
CPU: AMD Athlon(tm) 64 X2 Dual Core Processor 4800+ (2505)
CPU: AMD Athlon(tm) 64 X2 Dual Core Processor 4800+ (2505)
RAM -> [Total : 2046 | Free : 1334]
BIOS: Award Modular BIOS v6.00PG
BOOT: Normal boot

OS: Systém Microsoft Windows XP Professional (5.1.2600 32-Bit) # Service Pack 2
WB: Windows Internet Explorer 6.0.2900.2180

SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
FW: Windows FireWall Service [Enabled]

C:\ (%systemdrive%) -> Fixed drive # 149 Gb (54 Mb free - 36%) [Systém_160GB] # NTFS
D:\ -> Fixed drive # 149 Gb (117 Mb free - 79%) [Data_160GB] # NTFS
E:\ -> CD-ROM
F:\ -> CD-ROM
G:\ -> Removable drive # 4 Gb (2 Mb free - 48%) [VERBATIM] # FAT32
H:\ -> Removable drive # 4 Gb (3 Mb free - 73%) [VERBATIM] # FAT32

################## | Active Processes |

C:\WINDOWS\System32\smss.exe (760)
C:\WINDOWS\system32\winlogon.exe (832)
C:\WINDOWS\system32\services.exe (876)
C:\WINDOWS\system32\lsass.exe (904)
C:\WINDOWS\system32\svchost.exe (1072)
C:\WINDOWS\System32\svchost.exe (1240)
C:\Program Files\AVAST Software\Avast\AvastSvc.exe (1648)
C:\WINDOWS\system32\spoolsv.exe (1748)
C:\WINDOWS\Explorer.EXE (1968)
C:\WINDOWS\system32\FsUsbExService.Exe (568)
C:\Program Files\Java\jre7\bin\jqs.exe (636)
C:\WINDOWS\system32\nvsvc32.exe (476)
C:\Documents and Settings\All Users\Data aplikací\Skype\Toolbars\Skype C2C Service\c2c_service.exe (144)
C:\WINDOWS\system32\svchost.exe (1536)
C:\WINDOWS\system32\svchost.exe (504)
C:\WINDOWS\System32\svchost.exe (2404)
C:\WINDOWS\system32\wscntfy.exe (2672)
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe (2956)
C:\WINDOWS\RTHDCPL.EXE (2964)
C:\WINDOWS\system32\RUNDLL32.EXE (2972)
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe (3020)
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe (3032)
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (3080)
C:\Program Files\AVAST Software\Avast\avastUI.exe (3088)
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (3136)
C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe (3164)
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (3196)
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe (3584)
C:\WINDOWS\system32\wuauclt.exe (600)
C:\Documents and Settings\win-xp\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe (3972)
C:\Documents and Settings\win-xp\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe (2988)
C:\Documents and Settings\win-xp\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe (2200)
C:\Documents and Settings\win-xp\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe (1580)
C:\Documents and Settings\win-xp\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe (2648)
C:\Documents and Settings\win-xp\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe (2512)
C:\Documents and Settings\win-xp\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe (2724)
C:\UsbFix\Go.exe (3264)

################## | Stopped processes |

Stopped! C:\Program Files\AVAST Software\Avast\AvastSvc.exe (1648)
Stopped! C:\WINDOWS\system32\spoolsv.exe (1748)
Stopped! C:\WINDOWS\Explorer.EXE (1968)
Stopped! C:\WINDOWS\system32\FsUsbExService.Exe (568)
Stopped! C:\Program Files\Java\jre7\bin\jqs.exe (636)
Stopped! C:\WINDOWS\system32\nvsvc32.exe (476)
Stopped! C:\Documents and Settings\All Users\Data aplikací\Skype\Toolbars\Skype C2C Service\c2c_service.exe (144)
Stopped! C:\WINDOWS\system32\wscntfy.exe (2672)
Stopped! C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe (2956)
Stopped! C:\WINDOWS\RTHDCPL.EXE (2964)
Stopped! C:\WINDOWS\system32\RUNDLL32.EXE (2972)
Stopped! C:\Program Files\HP\HP Software Update\HPWuSchd2.exe (3020)
Stopped! C:\Program Files\HP\hpcoretech\hpcmpmgr.exe (3032)
Stopped! C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (3080)
Stopped! C:\Program Files\AVAST Software\Avast\avastUI.exe (3088)
Stopped! C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (3136)
Stopped! C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe (3164)
Stopped! C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (3196)
Stopped! C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe (3584)
Stopped! C:\WINDOWS\system32\wuauclt.exe (600)
Stopped! C:\Documents and Settings\win-xp\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe (3972)
Stopped! C:\Documents and Settings\win-xp\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe (2988)
Stopped! C:\Documents and Settings\win-xp\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe (2200)
Stopped! C:\Documents and Settings\win-xp\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe (1580)
Stopped! C:\Documents and Settings\win-xp\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe (2648)
Stopped! C:\Documents and Settings\win-xp\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe (2512)
Stopped! C:\Documents and Settings\win-xp\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe (2724)

################## | Files # Infected Folders |

Deleted ! G:\VERBATIM (4GB).lnk
Deleted ! G:\ .lnk
Deleted ! G:\Shortcut to game.lnk
Deleted ! H:\VERBATIM (4GB).lnk
Deleted ! H:\ .lnk
Deleted ! H:\Shortcut to game.lnk
Deleted ! C:\Recycler\S-1-5-21-1960408961-796845957-839522115-1003
Deleted ! D:\Recycler\S-1-5-21-1960408961-796845957-839522115-1003
Deleted ! D:\Recycler\S-1-5-21-1960408961-796845957-839522115-500
Deleted ! D:\Recycler\S-1-5-21-861567501-1993962763-839522115-1003
Deleted ! G:\game.exe
Deleted ! H:\game.exe

(!) Temporary files deleted.

################## | Registry |

Deleted ! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System|DisableRegistryTools
Deleted ! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\explorer|NoDrives
Deleted ! HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\explorer|NoDrives

################## | Mountpoints2 |

################## | Listing |

[06/02/2013 - 19:22:22 | D ] C:\$WINDOWS.~BT
[10/02/2013 - 10:08:57 | N | 5039] C:\AdwCleaner[R1].txt
[10/02/2013 - 10:09:48 | N | 4891] C:\AdwCleaner[S1].txt
[28/11/2008 - 13:42:52 | N | 0] C:\autoexec.bat
[10/02/2013 - 13:11:09 | RASHD ] C:\Autorun.inf
[10/02/2013 - 10:12:46 | D ] C:\Config.Msi
[28/11/2008 - 13:42:52 | N | 0] C:\config.sys
[12/12/2010 - 18:26:13 | D ] C:\Documents and Settings
[07/02/2013 - 19:33:47 | D ] C:\install
[28/11/2008 - 13:42:52 | N | 0] C:\IO.SYS
[09/02/2013 - 18:02:24 | D ] C:\lan
[28/11/2008 - 13:42:52 | N | 0] C:\MSDOS.SYS
[10/02/2013 - 13:21:45 | ASH | 3218079744] C:\pagefile.sys
[10/02/2013 - 10:24:16 | N | 512] C:\PhysicalMBR.bin
[10/02/2013 - 10:33:43 | N | 12] C:\PRIKAZ.TXT
[10/02/2013 - 13:17:34 | D ] C:\Program Files
[09/02/2013 - 21:03:55 | D ] C:\Qoobox
[10/02/2013 - 14:00:06 | SHD ] C:\RECYCLER
[30/10/2009 - 13:27:38 | D ] C:\REXTMP2
[09/02/2013 - 18:11:20 | D ] C:\rsit
[06/01/2009 - 16:31:38 | SHD ] C:\System Volume Information
[10/02/2013 - 10:39:14 | N | 84610] C:\TDSSKiller.2.8.15.0_10.02.2013_10.36.52_log.txt
[06/01/2009 - 17:16:03 | D ] C:\temp
[28/11/2008 - 14:14:57 | D ] C:\totalcmd
[10/02/2013 - 14:00:06 | D ] C:\UsbFix
[10/02/2013 - 14:01:39 | A | 6467] C:\UsbFix.txt
[10/02/2013 - 13:22:15 | D ] C:\Windows
[09/02/2013 - 21:04:51 | D ] C:\zmizik.com
[10/02/2013 - 10:17:12 | D ] C:\_OTL
[14/07/2009 - 04:54:28 | D ] D:\$WINDOWS.~BT
[07/02/2013 - 20:59:08 | D ] D:\33191bed531427707b472583
[28/11/2008 - 14:29:30 | N | 95] D:\AUTOEXEC.BAT
[10/02/2013 - 13:11:10 | RASHD ] D:\Autorun.inf
[05/02/2013 - 14:25:32 | N | 105603488] D:\avira_free_antivirus_en.exe
[06/01/2009 - 17:19:21 | N | 210] D:\Boot.bak
[09/02/2013 - 20:19:35 | | 327] D:\boot.ini
[25/10/2001 - 15:00:00 | N | 4952] D:\Bootfont.bin
[07/02/2013 - 20:21:40 | N | 8192] D:\BOOTSECT.BAK
[24/08/2009 - 11:17:14 | D ] D:\Bára ples,Vánoce +Silvestr 2008
[09/02/2013 - 20:19:35 | D ] D:\cmdcons
[03/08/2004 - 23:00:04 | N | 261312] D:\cmldr
[05/02/2013 - 20:28:38 | N | 3838832640] D:\cs_windows_7_all_x86&x64.iso
[21/12/2003 - 20:58:08 | N | 4807440] D:\data.res
[28/11/2008 - 13:39:39 | ASH | 151] D:\Desktop.ini
[28/06/2011 - 16:55:13 | D ] D:\gfx
[19/04/2004 - 21:41:26 | N | 12] D:\gfx.ini
[22/11/2012 - 14:47:41 | D ] D:\Hudba
[07/11/2010 - 15:38:16 | D ] D:\logs
[07/02/2013 - 19:42:26 | D ] D:\Majda-skola
[23/07/2004 - 20:54:52 | N | 8142848] D:\milionar_lt.exe
[06/09/2012 - 16:56:14 | D ] D:\MP_ROOT
[22/11/2012 - 14:48:44 | D ] D:\My Art
[25/01/2009 - 16:43:05 | D ] D:\Nejstarší disk
[03/08/2004 - 21:38:34 | N | 47564] D:\NTDETECT.COM
[03/08/2004 - 21:59:38 | N | 250048] D:\ntldr
[22/11/2012 - 14:47:22 | D ] D:\Obrázky
[09/03/2007 - 19:20:46 | N | 617] D:\OurBackyardCircus.mpg.scn
[28/11/2008 - 14:27:41 | D ] D:\Program Files
[28/11/2008 - 13:14:34 | D ] D:\předchozí Win-XP
[07/11/2010 - 15:38:54 | D ] D:\qst
[05/08/2003 - 02:06:14 | N | 1975] D:\readme.txt
[10/02/2013 - 14:00:06 | SHD ] D:\RECYCLER
[07/11/2010 - 15:38:15 | D ] D:\save
[07/11/2010 - 15:38:55 | D ] D:\sfx
[03/04/2012 - 16:58:10 | N | 5] D:\start.dat
[28/11/2008 - 13:46:24 | SHD ] D:\System Volume Information
[09/08/2011 - 10:29:10 | D ] D:\Ukázky obrázků
[09/02/2013 - 14:19:34 | RASH | 199680] G:\Thumbs.db
[09/02/2013 - 14:19:34 | RASH | 2048] G:\desktop.ini
[10/02/2013 - 13:11:12 | RASHD ] G:\Autorun.inf
[09/02/2013 - 11:55:58 | D ] G:\
[09/02/2013 - 14:25:22 | D ] H:\
[09/02/2013 - 14:25:24 | RASH | 199680] H:\Thumbs.db
[09/02/2013 - 14:25:24 | RASH | 2048] H:\desktop.ini
[10/02/2013 - 13:11:12 | RASHD ] H:\Autorun.inf

################## | Vaccin |

C:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)
D:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)
G:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)
H:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)

################## | Upload |

Please send the file: C:\UsbFix_Upload_Me_W-XP.zip
http://eldesaparecido.com/upload.php
Thank you for your contribution.

################## | E.O.F |

GMER

GMER 2.0.18454 - http://www.gmer.net
Rootkit scan 2013-02-10 14:05:28
Windows 5.1.2600 Service Pack 2 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T1L0-5 SAMSUNG_HD321KJ rev.CP100-13 298,09GB
Running: gmer.exe; Driver: C:\DOCUME~1\win-xp\LOCALS~1\Temp\fgldqpog.sys

---- System - GMER 2.0 ----

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0xAC4974BA]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0xAC544C22]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAssignProcessToJobObject [0xAC497ED6]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwClose [0xAC4D9811]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0xAC4A2FA8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0xAC4A2FF4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0xAC4A3176]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateKey [0xAC4D91C5]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0xAC4A2F16]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0xAC4A3038]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0xAC4A2F5E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateThread [0xAC49811C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0xAC4A3130]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDebugActiveProcess [0xAC49893E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0xAC497508]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteKey [0xAC4D9ED7]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteValueKey [0xAC4DA18D]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDuplicateObject [0xAC49C1C2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0xAC4D9D42]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0xAC4D9BAD]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0xAC544CEA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0xAC497170]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0xAC497556]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0xAC49C534]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0xAC4993A6]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0xAC4A2FD2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0xAC4A3016]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0xAC4A319A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenKey [0xAC4D9521]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0xAC4A2F3C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenProcess [0xAC49BC3E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0xAC4A30BA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0xAC4A2F86]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenThread [0xAC49BF14]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0xAC4A3154]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0xAC544E4A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryKey [0xAC4D9A28]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0xAC499272]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryValueKey [0xAC4D987A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueueApcThread [0xAC498DD4]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRenameKey [0xAC5517D2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwRestoreKey [0xAC4D8838]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0xAC4975A4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0xAC4975F2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetContextThread [0xAC4987BE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0xAC4971FA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0xAC4973AA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetValueKey [0xAC4D9FDE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0xAC497350]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSuspendProcess [0xAC498AF8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSuspendThread [0xAC498C54]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0xAC49741A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwTerminateProcess [0xAC4984D4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwTerminateThread [0xAC498636]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwUnloadDriver [0xAC54341C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0xAC497640]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwWriteVirtualMemory [0xAC497F1A]

INT 0x62 ? 89E55CC8
INT 0x63 ? 89B75CC8
INT 0x73 ? 89B75CC8
INT 0x73 ? 89B75CC8
INT 0x83 ? 89E55CC8
INT 0x83 ? 89E55CC8
INT 0xA4 ? 89B75CC8
INT 0xB4 ? 89B75CC8

---- Kernel code sections - GMER 2.0 ----

.text ntkrnlpa.exe!ZwCallbackReturn + 2C80 80503880 4 Bytes [EA, 4C, 54, AC]
.text ntkrnlpa.exe!ZwCallbackReturn + 2D28 80503928 5 Bytes [BA, 30, 4A, AC, 86] {MOV EDX, 0x86ac4a30}
.text ntkrnlpa.exe!ZwCallbackReturn + 2D2E 8050392E 2 Bytes [4A, AC] {DEC EDX; LODSB }
.text ntkrnlpa.exe!ZwCallbackReturn + 2E80 80503A80 12 Bytes [A4, 75, 49, AC, F2, 75, 49, ...]
.text ntkrnlpa.exe!ZwCallbackReturn + 2F28 80503B28 12 Bytes [F8, 8A, 49, AC, 54, 8C, 49, ...] {CLC ; MOV CL, [ECX-0x54]; PUSH ESP; MOV [ECX-0x54], CS; SBB DH, [ECX+ECX*2-0x54]}
PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 5EC 805A4ECC 4 Bytes CALL AC499A77 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.sptd1 C:\WINDOWS\system32\drivers\sptd.sys entry point in ".sptd1" section [0xBA78D346]
.text ACPI.sys BA662300 24 Bytes [00, 00, 00, 00, 00, 00, 8B, ...]
.text ACPI.sys BA662319 7 Bytes [00, 6A, 0C, E8, AD, 13, 01]
.text ACPI.sys BA662321 5 Bytes [56, 68, CA, 56, 66]
.text ACPI.sys BA662327 3 Bytes [68, 5B, 2A]
.text ACPI.sys BA66232C 12 Bytes CALL BA6736CC ACPI.sys (ACPI Driver for NT/Microsoft Corporation)
.text ...
.text C:\WINDOWS\system32\drivers\ACPI.sys section is writeable [0xBA662300, 0x1AF00, 0xE8000020]
.rsrc C:\WINDOWS\system32\drivers\ACPI.sys section is executable [0xBA68BF00, 0x1AF8, 0xE8000040]
.reloc C:\WINDOWS\system32\drivers\ACPI.sys section is executable [0xBA68DA00, 0x2506, 0xE8000040]
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB7D79360, 0x3441C7, 0xE8000020]
.text USBPORT.SYS!DllUnload B7D5A62C 5 Bytes JMP 89B751D8
.text ampqs3u5.SYS!A0DB34FC6FE35D429A28ADDE5467D4D7 B7CCA900 48 Bytes [F2, 8E, 82, 40, 68, 37, A6, ...]
? C:\WINDOWS\System32\Drivers\ampqs3u5.SYS suspicious PE modification
.text win32k.sys!EngFreeUserMem + 674 BF80BA4F 4 Bytes JMP AC49DB4C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngFreeUserMem + E5A BF80C235 4 Bytes JMP AC49DA3C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngDeleteSurface + 45 BF810175 4 Bytes JMP AC49D9F6 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!BRUSHOBJ_pvAllocRbrush + 11D0 BF81C0A3 4 Bytes JMP AC49D0A8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngBitBlt + 92C BF827A40 4 Bytes JMP AC49C7C4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngUnmapFontFileFD + D80 BF83331E 4 Bytes JMP AC49DCB6 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngUnmapFontFileFD + 7717 BF839CB5 4 Bytes JMP AC49DEBE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngUnmapFontFileFD + 112EA BF843888 5 Bytes JMP AC49C688 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngMulDiv + 5509 BF849B03 5 Bytes JMP AC49C944 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngMulDiv + 6882 BF84AE7C 4 Bytes JMP AC49D090 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngTextOut + 1437 BF854BF4 5 Bytes JMP AC49D8FC \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngFillPath + 1036 BF857AD0 4 Bytes JMP AC49DBFE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngStrokePath + 62A3 BF87FFC9 4 Bytes JMP AC49CC1E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngStrokePath + 632C BF880052 5 Bytes JMP AC49CEE4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngStrokePath + 70B0 BF880DD6 4 Bytes JMP AC49C670 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngStrokePath + 77A9 BF8814CF 4 Bytes JMP AC49D0C0 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreatePalette + 245E BF884C65 4 Bytes JMP AC49DE1C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!BRUSHOBJ_hGetColorTransform + A4BC BF89ED1E 4 Bytes JMP AC49CCDE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!BRUSHOBJ_hGetColorTransform + AFDD BF89F83F 4 Bytes JMP AC49CE9E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGetLastError + 1606 BF8BCD44 4 Bytes JMP AC49D182 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGradientFill + 4E4C BF8CEEE3 4 Bytes JMP AC49C56A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!PATHOBJ_bCloseFigure + A434 BF8DAA77 4 Bytes JMP AC49DA86 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!FONTOBJ_pxoGetXform + 77D BF8FAF04 4 Bytes JMP AC49C834 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngAlphaBlend + 4768 BF907C6D 5 Bytes JMP AC49D16A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!PATHOBJ_vGetBounds + 58C BF908B12 4 Bytes JMP AC49CA1C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!PATHOBJ_vGetBounds + 80C BF908D92 5 Bytes JMP AC49CB48 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 1993 BF911AD9 5 Bytes JMP AC49C760 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 2567 BF9126AD 4 Bytes JMP AC49C8F0 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 4EC1 BF915007 5 Bytes JMP AC49CFFE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngPlgBlt + 191E BF94290C 5 Bytes JMP AC49DD74 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
? C:\Documents and Settings\win-xp\Plocha\PCHunter32.sys Systém nemůže nalézt uvedený soubor. !

---- User code sections - GMER 2.0 ----

.text C:\Documents and Settings\win-xp\Plocha\gmer.exe[456] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\Documents and Settings\win-xp\Plocha\gmer.exe[456] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[504] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[504] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\WINDOWS\System32\smss.exe[760] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\WINDOWS\system32\csrss.exe[808] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\WINDOWS\system32\csrss.exe[808] KERNEL32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\WINDOWS\system32\winlogon.exe[832] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\WINDOWS\system32\winlogon.exe[832] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\WINDOWS\system32\services.exe[876] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\WINDOWS\system32\services.exe[876] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\WINDOWS\system32\lsass.exe[904] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\WINDOWS\system32\lsass.exe[904] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\WINDOWS\System32\alg.exe[964] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\WINDOWS\System32\alg.exe[964] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1072] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1072] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1144] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1144] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[1240] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[1240] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1368] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1368] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1436] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1436] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1536] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1536] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1648] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1648] kernel32.dll!SetUnhandledExceptionFilter 7C810386 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1648] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\WINDOWS\system32\wdfmgr.exe[1700] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\WINDOWS\system32\wdfmgr.exe[1700] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[2404] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[2404] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\Program Files\AVAST Software\Avast\avastUI.exe[3088] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\Program Files\AVAST Software\Avast\avastUI.exe[3088] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\WINDOWS\Explorer.exe[3324] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\WINDOWS\Explorer.exe[3324] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\WINDOWS\system32\wuauclt.exe[3664] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\WINDOWS\system32\wuauclt.exe[3664] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\WINDOWS\system32\wscntfy.exe[3740] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\WINDOWS\system32\wscntfy.exe[3740] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]

---- Threads - GMER 2.0 ----

Thread SYSTEM [4:392] 896C20F4

---- Registry - GMER 2.0 ----

Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xC7 0x32 0x3E 0x56 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x88 0xC4 0xEF 0x8A ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xEC 0xB8 0x6E 0xAE ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xCA 0x73 0xF7 0x32 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x88 0xC4 0xEF 0x8A ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xEC 0xB8 0x6E 0xAE ...
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@cd042efbbd7f7af1647644e76e06692b 0xC8 0x28 0x51 0xAF ...
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@bca643cdc5c2726b20d2ecedcc62c59b 0x6A 0x9C 0xD6 0x61 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@2c81e34222e8052573023a60d06dd016 0x7A 0x45 0x05 0xFD ...
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@2582ae41fb52324423be06337561aa48 0x3E 0x1E 0x9E 0xE0 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@caaeda5fd7a9ed7697d9686d4b818472 0xF5 0x1D 0x4D 0x73 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@a4a1bcf2cc2b8bc3716b74b2b4522f5d 0xB0 0x18 0xED 0xA7 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@4d370831d2c43cd13623e232fed27b7b 0xFB 0xA7 0x78 0xE6 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@1d68fe701cdea33e477eb204b76f993d 0x01 0x3A 0x48 0xFC ...
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@1fac81b91d8e3c5aa4b0a51804d844a3 0x51 0xFA 0x6E 0x91 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@f5f62a6129303efb32fbe080bb27835b 0x3D 0xCE 0xEA 0x26 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@fd4e2e1a3940b94dceb5a6a021f2e3c6 0x2A 0xB7 0xCC 0xB5 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@8a8aec57dd6508a385616fbc86791ec2 0x6C 0x43 0x2D 0x1E ...

---- EOF - GMER 2.0 ----

TDSSKiller

14:09:33.0500 3292 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
14:09:33.0781 3292 ============================================================
14:09:33.0781 3292 Current date / time: 2013/02/10 14:09:33.0781
14:09:33.0781 3292 SystemInfo:
14:09:33.0781 3292
14:09:33.0781 3292 OS Version: 5.1.2600 ServicePack: 2.0
14:09:33.0781 3292 Product type: Workstation
14:09:33.0781 3292 ComputerName: W-XP
14:09:33.0781 3292 UserName: win-xp
14:09:33.0781 3292 Windows directory: C:\WINDOWS
14:09:33.0781 3292 System windows directory: C:\WINDOWS
14:09:33.0781 3292 Processor architecture: Intel x86
14:09:33.0781 3292 Number of processors: 2
14:09:33.0781 3292 Page size: 0x1000
14:09:33.0781 3292 Boot type: Normal boot
14:09:33.0781 3292 ============================================================
14:09:34.0687 3292 BG loaded
14:09:35.0250 3292 Drive \Device\Harddisk0\DR0 - Size: 0x4A85C4DE00 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
14:09:35.0359 3292 Drive \Device\Harddisk1\DR3 - Size: 0xEEF00000 (3.73 Gb), SectorSize: 0x200, Cylinders: 0x1E7, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
14:09:35.0359 3292 Drive \Device\Harddisk2\DR4 - Size: 0xEEF00000 (3.73 Gb), SectorSize: 0x200, Cylinders: 0x1E7, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
14:09:35.0359 3292 ============================================================
14:09:35.0359 3292 \Device\Harddisk0\DR0:
14:09:35.0578 3292 MBR partitions:
14:09:35.0609 3292 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F00, BlocksNum 0x12A10D00
14:09:35.0609 3292 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x12A14C00, BlocksNum 0x12A18AC1
14:09:35.0609 3292 \Device\Harddisk1\DR3:
14:09:35.0609 3292 MBR partitions:
14:09:35.0609 3292 \Device\Harddisk1\DR3\Partition1: MBR, Type 0xB, StartLBA 0x3F, BlocksNum 0x7777C1
14:09:35.0609 3292 \Device\Harddisk2\DR4:
14:09:35.0609 3292 MBR partitions:
14:09:35.0609 3292 ============================================================
14:09:36.0453 3292 D: <-> \Device\Harddisk0\DR0\Partition2
14:09:37.0312 3292 C: <-> \Device\Harddisk0\DR0\Partition1
14:09:37.0312 3292 ============================================================
14:09:37.0312 3292 Initialize success
14:09:37.0312 3292 ============================================================

Domeek · #15 Příspěvek od **Domeek** » 10 úno 2013 14:40

Zřejmě se stav zlepšil, ale na usb discích jsou pořád skryté nechtěné soubory, např. 843921.exe. Nevím o co se jedná.
Chtěl bych se taky zeptat, jak ochránit PC před virem z flash disku. Majitel mi totiž zřejmě nedal všechny, co má doma. Tak aby se to nedostalo zpátky. Díky

VIRY.CZ

Zavirovaný PC, Autorun,inf

Zavirovaný PC, Autorun,inf

Re: Zavirovaný PC, Autorun,inf

Re: Zavirovaný PC, Autorun,inf

Re: Zavirovaný PC, Autorun,inf

Re: Zavirovaný PC, Autorun,inf

Re: Zavirovaný PC, Autorun,inf

Re: Zavirovaný PC, Autorun,inf

Re: Zavirovaný PC, Autorun,inf

Re: Zavirovaný PC, Autorun,inf

Re: Zavirovaný PC, Autorun,inf

Re: Zavirovaný PC, Autorun,inf

Re: Zavirovaný PC, Autorun,inf

Re: Zavirovaný PC, Autorun,inf

Re: Zavirovaný PC, Autorun,inf

Re: Zavirovaný PC, Autorun,inf