Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

Avg hlásí root-kity v atapi.sys a IRP hook v sprc.sys

Máte problém s virem? Vložte sem log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Odpovědět
Zpráva
Autor
adamekz
Návštěvník
Návštěvník
Příspěvky: 46
Registrován: 23 črc 2009 15:40

Avg hlásí root-kity v atapi.sys a IRP hook v sprc.sys

#1 Příspěvek od adamekz »

Dobrý den,

AVG 2013 mi po testu pc hlásí 49 rootkitů. Log z AVG posílám níže. Když jsem v AVG klikl na odstranění infekcí, upozornilo mě AVG, že je potřeba pro odstranění restartovat systém. To jsem udělal, systém poté naběhl, nechal jsem znovu otestovat, ale havěť tam zůstala beze změn. Prosím o radu.



Test celého počítače
Střední priorita 49 0 49
Složky vybrané k testování: Test celého počítače
Celkem otestováno objektů: 1121202


Stav Priorita Název Popis Výsledek
Infikováno Střední IRP hook, \FileSystem\Ntfs IRP_MJ_QUERY_QUOTA -> sprc.sys +0x11D40 C:\WINDOWS\system32\drivers\sprc.sys Infikováno
Infikováno Střední Hook funkce služby NtEnumerateValueKey -> sprc.sys +0x1A132 C:\WINDOWS\system32\drivers\sprc.sys Infikováno
Infikováno Střední IRP hook, \FileSystem\Ntfs IRP_MJ_CLEANUP -> sprc.sys +0x11D40 C:\WINDOWS\system32\drivers\sprc.sys Infikováno
Infikováno Střední IRP hook, \FileSystem\Ntfs IRP_MJ_FLUSH_BUFFERS -> sprc.sys +0x11D40 C:\WINDOWS\system32\drivers\sprc.sys Infikováno
Infikováno Střední IRP hook, \FileSystem\Fastfat IRP_MJ_FILE_SYSTEM_CONTROL -> sprc.sys +0x11D40 C:\WINDOWS\system32\drivers\sprc.sys Infikováno
Infikováno Střední IRP hook, \FileSystem\Fastfat IRP_MJ_SET_EA -> sprc.sys +0x11D40 C:\WINDOWS\system32\drivers\sprc.sys Infikováno
Infikováno Střední IRP hook, \FileSystem\Fastfat IRP_MJ_PNP -> sprc.sys +0x11D40 C:\WINDOWS\system32\drivers\sprc.sys Infikováno
Infikováno Střední Hook funkce služby NtQueryKey -> sprc.sys +0x1A20A C:\WINDOWS\system32\drivers\sprc.sys Infikováno
Infikováno Střední IRP hook, \FileSystem\Fastfat IRP_MJ_DIRECTORY_CONTROL -> sprc.sys +0x11D40 C:\WINDOWS\system32\drivers\sprc.sys Infikováno
Infikováno Střední IRP hook, \FileSystem\Fastfat IRP_MJ_LOCK_CONTROL -> sprc.sys +0x11D40 C:\WINDOWS\system32\drivers\sprc.sys Infikováno
Infikováno Střední IRP hook, \FileSystem\Fastfat IRP_MJ_FLUSH_BUFFERS -> sprc.sys +0x11D40 C:\WINDOWS\system32\drivers\sprc.sys Infikováno
Infikováno Střední IRP hook, \FileSystem\Fastfat IRP_MJ_QUERY_INFORMATION -> sprc.sys +0x11D40 C:\WINDOWS\system32\drivers\sprc.sys Infikováno
Infikováno Střední IRP hook, \FileSystem\Ntfs IRP_MJ_QUERY_EA -> sprc.sys +0x11D40 C:\WINDOWS\system32\drivers\sprc.sys Infikováno
Infikováno Střední Hook funkce služby NtEnumerateKey -> sprc.sys +0x19DA4 C:\WINDOWS\system32\drivers\sprc.sys Infikováno
Infikováno Střední IRP hook, \FileSystem\Ntfs IRP_MJ_LOCK_CONTROL -> sprc.sys +0x11D40 C:\WINDOWS\system32\drivers\sprc.sys Infikováno
Infikováno Střední IRP hook, \FileSystem\Ntfs IRP_MJ_SET_QUOTA -> sprc.sys +0x11D40 C:\WINDOWS\system32\drivers\sprc.sys Infikováno
Infikováno Střední IRP hook, \FileSystem\Fastfat IRP_MJ_SHUTDOWN -> sprc.sys +0x11D40 C:\WINDOWS\system32\drivers\sprc.sys Infikováno
Infikováno Střední IRP hook, \FileSystem\Ntfs IRP_MJ_SET_INFORMATION -> sprc.sys +0x11D40 C:\WINDOWS\system32\drivers\sprc.sys Infikováno
Infikováno Střední IRP hook, \FileSystem\Ntfs IRP_MJ_FILE_SYSTEM_CONTROL -> sprc.sys +0x11D40 C:\WINDOWS\system32\drivers\sprc.sys Infikováno
Infikováno Střední IRP hook, \FileSystem\Ntfs IRP_MJ_SET_EA -> sprc.sys +0x11D40 C:\WINDOWS\system32\drivers\sprc.sys Infikováno
Infikováno Střední Hook funkce služby NtCreateKey -> sprc.sys +0x10E0 C:\WINDOWS\system32\drivers\sprc.sys Infikováno
Infikováno Střední IRP hook, \FileSystem\Ntfs IRP_MJ_DEVICE_CONTROL -> sprc.sys +0x11D40 C:\WINDOWS\system32\drivers\sprc.sys Infikováno
Infikováno Střední IRP hook, \FileSystem\Fastfat IRP_MJ_READ -> sprc.sys +0x11D40 C:\WINDOWS\system32\drivers\sprc.sys Infikováno
Infikováno Střední Hook funkce služby NtSetValueKey -> sprc.sys +0x1A29C C:\WINDOWS\system32\drivers\sprc.sys Infikováno
Infikováno Střední Hook funkce služby NtQueryValueKey -> sprc.sys +0x1A08A C:\WINDOWS\system32\drivers\sprc.sys Infikováno
Infikováno Střední atapi.sys, přesměrovaný import HAL.dll READ_PORT_BUFFER_USHORT -> sprc.sys +0x213E C:\WINDOWS\system32\drivers\sprc.sys Infikováno
Infikováno Střední IRP hook, \FileSystem\Ntfs IRP_MJ_CLOSE -> sprc.sys +0x11D40 C:\WINDOWS\system32\drivers\sprc.sys Infikováno
Infikováno Střední IRP hook, \FileSystem\Ntfs IRP_MJ_QUERY_SECURITY -> sprc.sys +0x11D40 C:\WINDOWS\system32\drivers\sprc.sys Infikováno
Infikováno Střední IRP hook, \FileSystem\Ntfs IRP_MJ_WRITE -> sprc.sys +0x11D40 C:\WINDOWS\system32\drivers\sprc.sys Infikováno
Infikováno Střední IRP hook, \FileSystem\Fastfat IRP_MJ_WRITE -> sprc.sys +0x11D40 C:\WINDOWS\system32\drivers\sprc.sys Infikováno
Infikováno Střední IRP hook, \FileSystem\Fastfat IRP_MJ_QUERY_VOLUME_INFORMATION -> sprc.sys +0x11D40 C:\WINDOWS\system32\drivers\sprc.sys Infikováno
Infikováno Střední IRP hook, \FileSystem\Ntfs IRP_MJ_SET_VOLUME_INFORMATION -> sprc.sys +0x11D40 C:\WINDOWS\system32\drivers\sprc.sys Infikováno
Infikováno Střední IRP hook, \FileSystem\Ntfs IRP_MJ_PNP -> sprc.sys +0x11D40 C:\WINDOWS\system32\drivers\sprc.sys Infikováno
Infikováno Střední IRP hook, \FileSystem\Ntfs IRP_MJ_READ -> sprc.sys +0x11D40 C:\WINDOWS\system32\drivers\sprc.sys Infikováno
Infikováno Střední IRP hook, \FileSystem\Ntfs IRP_MJ_SHUTDOWN -> sprc.sys +0x11D40 C:\WINDOWS\system32\drivers\sprc.sys Infikováno
Infikováno Střední IRP hook, \FileSystem\Ntfs IRP_MJ_DIRECTORY_CONTROL -> sprc.sys +0x11D40 C:\WINDOWS\system32\drivers\sprc.sys Infikováno
Infikováno Střední IRP hook, \FileSystem\Ntfs IRP_MJ_QUERY_INFORMATION -> sprc.sys +0x11D40 C:\WINDOWS\system32\drivers\sprc.sys Infikováno
Infikováno Střední IRP hook, \FileSystem\Fastfat IRP_MJ_DEVICE_CONTROL -> sprc.sys +0x11D40 C:\WINDOWS\system32\drivers\sprc.sys Infikováno
Infikováno Střední IRP hook, \FileSystem\Fastfat IRP_MJ_SET_INFORMATION -> sprc.sys +0x11D40 C:\WINDOWS\system32\drivers\sprc.sys Infikováno
Infikováno Střední IRP hook, \FileSystem\Ntfs IRP_MJ_SET_SECURITY -> sprc.sys +0x11D40 C:\WINDOWS\system32\drivers\sprc.sys Infikováno
Infikováno Střední IRP hook, \FileSystem\Fastfat IRP_MJ_QUERY_EA -> sprc.sys +0x11D40 C:\WINDOWS\system32\drivers\sprc.sys Infikováno
Infikováno Střední IRP hook, \FileSystem\Ntfs IRP_MJ_CREATE -> sprc.sys +0x11D40 C:\WINDOWS\system32\drivers\sprc.sys Infikováno
Infikováno Střední Hook funkce služby NtOpenKey -> sprc.sys +0x10C0 C:\WINDOWS\system32\drivers\sprc.sys Infikováno
Infikováno Střední IRP hook, \FileSystem\Ntfs IRP_MJ_QUERY_VOLUME_INFORMATION -> sprc.sys +0x11D40 C:\WINDOWS\system32\drivers\sprc.sys Infikováno
Infikováno Střední atapi.sys, přesměrovaný import HAL.dll READ_PORT_UCHAR -> sprc.sys +0x2042 C:\WINDOWS\system32\drivers\sprc.sys Infikováno
Infikováno Střední IRP hook, \FileSystem\Fastfat IRP_MJ_CLEANUP -> sprc.sys +0x11D40 C:\WINDOWS\system32\drivers\sprc.sys Infikováno
Infikováno Střední IRP hook, \FileSystem\Fastfat IRP_MJ_CLOSE -> sprc.sys +0x11D40 C:\WINDOWS\system32\drivers\sprc.sys Infikováno
Infikováno Střední IRP hook, \FileSystem\Fastfat IRP_MJ_SET_VOLUME_INFORMATION -> sprc.sys +0x11D40 C:\WINDOWS\system32\drivers\sprc.sys Infikováno
Infikováno Střední IRP hook, \FileSystem\Fastfat IRP_MJ_CREATE -> sprc.sys +0x11D40 C:\WINDOWS\system32\drivers\sprc.sys Infikováno
Nahoru
adamekz
Návštěvník
Návštěvník
Příspěvky: 46
Registrován: 23 črc 2009 15:40

Re: Avg hlásí root-kity v atapi.sys a IRP hook v sprc.sys

#2 Příspěvek od adamekz »

Logfile of random's system information tool 1.06 (written by random/random)
Run by adamekz at 2013-10-03 09:23:52
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 7 GB (3%) free of 239 GB
Total RAM: 2046 MB (25% free)

HijackThis download failed

======Scheduled tasks folder======

C:\WINDOWS\tasks\Adobe Flash Player Updater.job
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore1ce81def6ebcc02.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1482476501-1454471165-839522115-1004Core1ce8117ab50c030.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1482476501-1454471165-839522115-1004UA.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{1FE86365-274C-4511-9CB3-665463B65424}.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{8BE99608-4FDE-4EB8-AA67-ABA17E948160}.job
C:\WINDOWS\tasks\Záloha pošty.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 63136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre7\bin\ssv.dll [2013-06-12 463272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
AcroIEToolbarHelper Class - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2004-12-14 225280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Browser Helper - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-07-12 4532096]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}]
pdfforge Toolbar - C:\Program Files\pdfforge Toolbar\IE\7.6\pdfforgeToolbarIE.dll [2013-09-02 1357120]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-06-12 171944]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2004-12-14 225280]
{B922D405-6D13-4A2B-AE89-08A030DA4402} - pdfforge Toolbar - C:\Program Files\pdfforge Toolbar\IE\7.6\pdfforgeToolbarIE.dll [2013-09-02 1357120]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"BluetoothAuthenticationAgent"=bthprops.cpl,,BluetoothAuthenticationAgent []
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2010-07-28 19557480]
"IAAnotif"=C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [2009-06-04 186904]
"LogMeIn GUI"=C:\Program Files\LogMeIn\x86\LogMeInSystray.exe [2010-05-31 63048]
"Norton Ghost 14.0"=C:\Program Files\Norton Ghost\Agent\VProTray.exe [2009-08-03 2250088]
"Acrobat Assistant 7.0"=C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe [2004-12-14 483328]
"Synchronization Manager"=C:\WINDOWS\system32\mobsync.exe [2008-04-14 143872]
"WinampAgent"=C:\Program Files\Winamp\winampa.exe [2011-07-11 74752]
"EvtMgr6"=C:\Program Files\Logitech\SetPointP\SetPoint.exe [2011-10-07 1387288]
"PC Suite for Smartphones"=C:\Program Files\Sony Ericsson\Mobile4\Application Launcher\Application Launcher.exe [2007-12-25 548864]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2006-12-10 49152]
"UVS11 Preload"=C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe [2007-03-03 341488]
"KiesTrayAgent"=C:\Program Files\Samsung\Kies\KiesTrayAgent.exe [2013-05-23 311152]
"HPUsageTrackingLEDM"=C:\Program Files\HP\HP UT LEDM\bin\hppusg.exe [2009-10-15 30264]
"AVG_UI"=C:\Program Files\AVG\AVG2013\avgui.exe [2013-08-15 4411440]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2013-03-12 253816]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2013-05-01 421888]
""= []
"SearchSettings"=C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe [2013-09-02 1360192]
"APSDaemon"=C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [2013-09-13 59720]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2013-09-17 152392]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"MsnMsgr"=C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe /background []
"Google Update"=C:\Documents and Settings\adamekz\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe [2012-02-01 136176]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\DTLite.exe [2010-04-01 357696]
"AdobeBridge"= []
"H/PC Connection Agent"=C:\Program Files\Microsoft ActiveSync\wcescomm.exe [2006-11-13 1289000]
"Sony PC Companion"=C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe [2013-05-29 449248]
"TomTomHOME.exe"=C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe [2012-01-23 247728]
"GoogleDriveSync"=C:\Program Files\Google\Drive\googledrivesync.exe [2013-06-27 20097696]
"KiesPreload"=C:\Program Files\Samsung\Kies\Kies.exe [2013-05-23 1561968]
"KiesAirMessage"=C:\Program Files\Samsung\Kies\KiesAirMessage.exe [2013-03-20 578560]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2013-07-25 20681584]
""=C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [2013-05-23 1106288]
"Viber"=C:\Documents and Settings\adamekz\Local Settings\Data aplikací\Viber\Viber.exe StartMinimized []

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-C740-7760-100000000002}\SC_Acrobat.exe
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
Microsoft Office.lnk - C:\Program Files\Microsoft Office2000\Office\OSA9.EXE

C:\Documents and Settings\adamekz\Nabídka Start\Programy\Po spuštění
Sledovat výstrahy inkoustu - HP Officejet Pro 8100 (Síť).lnk - C:\WINDOWS\system32\RunDll32.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LBTWlgn]
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll [2011-09-27 66328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LMIinit]
C:\WINDOWS\system32\LMIinit.dll [2012-11-07 92072]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=0
"undockwithoutlogon"=1
"EnableLinkedConnections"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoInstrumentation"=1
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveTypeAutoRun"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\WINDOWS\system32\spoolsv.exe"="C:\WINDOWS\system32\spoolsv.exe:*:Enabled:HP Networked Printer Installer"
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:*:Enabled:ActiveSync RAPI Manager"
"C:\Program Files\Intuwave\Shared\mRouterRuntime\mRouterRuntime.exe"="C:\Program Files\Intuwave\Shared\mRouterRuntime\mRouterRuntime.exe:*:Enabled:mRouterRuntime Module"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Internet Explorer\iexplore.exe"="C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer"
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:*:Enabled:ActiveSync RAPI Manager"
"C:\Program Files\Intuwave\Shared\mRouterRuntime\mRouterRuntime.exe"="C:\Program Files\Intuwave\Shared\mRouterRuntime\mRouterRuntime.exe:*:Enabled:mRouterRuntime Module"
"C:\Documents and Settings\adamekz\Local Settings\Data aplikací\Google\Google Talk Plugin\googletalkplugin.exe"="C:\Documents and Settings\adamekz\Local Settings\Data aplikací\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin"
"C:\Program Files\AVG\AVG2013\avgnsx.exe"="C:\Program Files\AVG\AVG2013\avgnsx.exe:*:Enabled:Webový štít"
"C:\Program Files\AVG\AVG2013\avgdiagex.exe"="C:\Program Files\AVG\AVG2013\avgdiagex.exe:*:Enabled:AVG Diagnostika 2013"
"C:\Program Files\AVG\AVG2013\avgwdsvc.exe"="C:\Program Files\AVG\AVG2013\avgwdsvc.exe:*:Enabled:Vzdálená správa AVG"
"C:\Program Files\AVG\AVG2013\avgemcx.exe"="C:\Program Files\AVG\AVG2013\avgemcx.exe:*:Enabled:Obecná kontrola pošty"
"C:\totalcmd\TOTALCMD.EXE"="C:\totalcmd\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype "
"C:\Program Files\Macromedia\Fireworks MX\Fireworks.exe"="C:\Program Files\Macromedia\Fireworks MX\Fireworks.exe:*:Enabled:Fireworks MX"
"C:\Program Files\TeamViewer\Version8\TeamViewer.exe"="C:\Program Files\TeamViewer\Version8\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application"
"C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe"="C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe:*:Enabled:Teamviewer Remote Control Service"
"C:\Program Files\PANDORA.TV\PanService\PanProcess.exe"="C:\Program Files\PANDORA.TV\PanService\PanProcess.exe:*:Enabled:PanProcess"
"C:\Program Files\PANDORA.TV\PanService\PandoraService.exe"="C:\Program Files\PANDORA.TV\PanService\PandoraService.exe:*:Enabled:PandoraService"
"C:\Program Files\Macromedia\Flash MX\Flash.exe"="C:\Program Files\Macromedia\Flash MX\Flash.exe:*:Enabled:Flash 6.0 r25"
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe"="C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Winamp\winamp.exe"="C:\Program Files\Winamp\winamp.exe:*:Enabled:Winamp"
"C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2121917d-31c1-11d9-b797-806d6172696f}]
shell\AutoRun\command - D:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6745c434-3aa3-11e1-bc36-0020ed0cabed}]
shell\AutoRun\command - L:\Startme.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ade2285c-ca2b-11df-8226-0020ed0cabed}]
shell\AutoRun\command - Z:\
shell\eXPLoRE\command - isxdll.exe
shell\OPeN\command - isxdll.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b8f500d9-8d9c-11e0-89cc-0020ed0cabed}]
shell\AutoRun\command - E:\Startme.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cb8cce14-e695-11e1-92a4-00e04c0a1210}]
shell\AutoRun\command - L:\Startme.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d89743d6-8973-11dd-ae1c-001fd023305a}]
shell\AutoRun\command - J:\umenu.exe


======List of files/folders created in the last 1 months======

2013-10-03 09:08:08 ----D---- C:\Program Files\trend micro
2013-10-03 09:08:07 ----D---- C:\rsit
2013-09-30 10:41:41 ----D---- C:\Documents and Settings\All Users\Data aplikací\Package Cache
2013-09-30 10:10:24 ----D---- C:\Program Files\iPod
2013-09-30 10:10:19 ----D---- C:\Program Files\iTunes
2013-09-30 10:10:19 ----D---- C:\Documents and Settings\All Users\Data aplikací\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-09-30 10:09:39 ----D---- C:\Program Files\Apple Software Update
2013-09-30 10:09:06 ----A---- C:\WINDOWS\system32\usbaaplrc.dll
2013-09-30 10:08:43 ----D---- C:\Program Files\Bonjour
2013-09-27 11:11:30 ----D---- C:\WINDOWS\system32\MRT
2013-09-27 11:11:05 ----HDC---- C:\WINDOWS\$NtUninstallKB2863058$
2013-09-27 11:02:35 ----HDC---- C:\WINDOWS\$NtUninstallKB2808679$
2013-09-27 11:00:24 ----D---- C:\WINDOWS\system32\URTTEMP
2013-09-27 10:42:29 ----D---- C:\Program Files\GIGABYTE
2013-09-27 10:42:29 ----A---- C:\WINDOWS\system32\AppleChargerSrv.exe
2013-09-27 10:42:00 ----D---- C:\on
2013-09-27 10:40:30 ----D---- C:\bios
2013-09-27 10:39:33 ----D---- C:\INFUpdate
2013-09-27 10:39:20 ----A---- C:\motherboard_utility_onoffchargesetup_b11.0110.1.exe
2013-09-27 10:38:54 ----A---- C:\motherboard_bios_ga-ep45-ds4_f10b.exe
2013-09-27 10:37:58 ----A---- C:\mb_driver_chipset_intel.exe
2013-09-20 08:40:53 ----A---- C:\iTunesSetup.exe
2013-09-19 07:10:22 ----D---- C:\amee
2013-09-18 10:38:34 ----A---- C:\SkypeSetupFull.exe
2013-09-18 09:12:45 ----D---- C:\bajda_stitky
2013-09-11 15:09:51 ----HDC---- C:\WINDOWS\$NtUninstallKB2876315$
2013-09-11 15:09:43 ----HDC---- C:\WINDOWS\$NtUninstallKB2876217$
2013-09-11 15:09:09 ----HDC---- C:\WINDOWS\$NtUninstallKB2864063$
2013-09-06 14:48:14 ----D---- C:\O
2013-09-05 07:19:56 ----D---- C:\Documents and Settings\adamekz\Data aplikací\Search Settings
2013-09-05 07:19:44 ----D---- C:\Products_illbruck_2013
2013-09-05 07:19:36 ----D---- C:\Program Files\Application Updater
2013-09-05 07:19:32 ----D---- C:\Program Files\pdfforge Toolbar
2013-09-05 07:19:32 ----D---- C:\Program Files\Common Files\Spigot

======List of files/folders modified in the last 1 months======

2013-10-03 09:21:21 ----D---- C:\WINDOWS\Temp
2013-10-03 09:08:08 ----RD---- C:\Program Files
2013-10-03 09:07:59 ----A---- C:\RSIT.exe
2013-10-03 08:44:45 ----D---- C:\Documents and Settings\adamekz\Data aplikací\Skype
2013-10-03 08:40:00 ----A---- C:\WINDOWS\SchedLgU.Txt
2013-10-03 07:56:12 ----D---- C:\WINDOWS\system32\drivers
2013-10-03 07:44:30 ----D---- C:\WINDOWS\system32\CatRoot2
2013-10-03 07:44:07 ----D---- C:\WINDOWS\Registration
2013-10-03 07:43:42 ----D---- C:\WINDOWS\system32
2013-10-03 07:12:53 ----D---- C:\WINDOWS\security
2013-10-03 07:09:37 ----D---- C:\Documents and Settings\All Users\Data aplikací\MFAData
2013-10-03 07:06:56 ----HD---- C:\AuditPro Scan
2013-10-03 07:06:32 ----D---- C:\Documents and Settings\All Users\Data aplikací\LogMeIn
2013-10-02 12:53:16 ----D---- C:\install
2013-10-02 07:12:48 ----D---- C:\Documents and Settings\adamekz\Data aplikací\HpUpdate
2013-10-01 07:25:50 ----D---- C:\Program Files\Opera
2013-10-01 06:57:47 ----D---- C:\WINDOWS
2013-10-01 06:57:01 ----HD---- C:\Config.Msi
2013-09-30 10:41:48 ----SHD---- C:\WINDOWS\Installer
2013-09-30 10:41:26 ----A---- C:\vcredist_x86.exe
2013-09-30 10:29:14 ----RSD---- C:\WINDOWS\assembly
2013-09-30 10:27:41 ----D---- C:\Documents and Settings\All Users\Data aplikací\Microsoft Help
2013-09-30 10:27:25 ----D---- C:\Program Files\Common Files\Microsoft Shared
2013-09-30 10:23:39 ----D---- C:\WINDOWS\WinSxS
2013-09-30 10:12:16 ----HD---- C:\WINDOWS\inf
2013-09-30 10:10:23 ----D---- C:\Program Files\Common Files\Apple
2013-09-30 10:09:43 ----SD---- C:\WINDOWS\Tasks
2013-09-30 10:09:10 ----DC---- C:\WINDOWS\system32\DRVSTORE
2013-09-30 07:08:37 ----A---- C:\WINDOWS\system32\FlashPlayerApp.exe
2013-09-30 07:07:56 ----D---- C:\Documents and Settings\adamekz\Data aplikací\Mozilla
2013-09-30 07:04:57 ----D---- C:\Program Files\Google
2013-09-27 13:17:49 ----D---- C:\Documents and Settings\All Users\Data aplikací\Google
2013-09-27 13:16:42 ----D---- C:\Program Files\Oracle
2013-09-27 13:13:14 ----D---- C:\Python27
2013-09-27 12:21:49 ----D---- C:\WINDOWS\Microsoft.NET
2013-09-27 11:21:53 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2013-09-27 11:02:42 ----RSHDC---- C:\WINDOWS\system32\dllcache
2013-09-27 11:02:41 ----A---- C:\WINDOWS\imsins.BAK
2013-09-27 11:01:44 ----D---- C:\Program Files\NVIDIA Corporation
2013-09-27 11:01:38 ----D---- C:\WINDOWS\system32\ReinstallBackups
2013-09-27 10:54:13 ----D---- C:\Program Files\Common Files
2013-09-27 10:54:13 ----D---- C:\Documents and Settings\All Users\Data aplikací\VMware
2013-09-27 10:52:28 ----D---- C:\Documents and Settings\adamekz\Data aplikací\VMware
2013-09-27 10:49:06 ----D---- C:\Program Files\HTC
2013-09-27 10:42:28 ----HD---- C:\Program Files\InstallShield Installation Information
2013-09-27 09:53:54 ----D---- C:\PDF_ROOT
2013-09-27 09:48:23 ----D---- C:\rootovka
2013-09-27 09:30:25 ----AD---- C:\zbynek
2013-09-27 07:05:07 ----D---- C:\WINDOWS\Minidump
2013-09-26 07:02:14 ----D---- C:\WINDOWS\Prefetch
2013-09-20 14:07:44 ----D---- C:\ipa
2013-09-20 13:24:07 ----D---- C:\mp3
2013-09-20 07:55:53 ----D---- C:\Documents and Settings\All Users\Data aplikací\Apple
2013-09-18 10:41:55 ----D---- C:\Documents and Settings\All Users\Data aplikací\Skype
2013-09-18 10:41:50 ----RD---- C:\Program Files\Skype
2013-09-14 13:32:39 ----D---- C:\zaloha_flash
2013-09-12 06:59:11 ----D---- C:\WINDOWS\system32\wbem
2013-09-11 15:15:33 ----D---- C:\Program Files\Internet Explorer
2013-09-11 15:15:23 ----D---- C:\WINDOWS\ie8updates
2013-09-11 15:05:22 ----A---- C:\WINDOWS\win.ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AppleCharger;AppleCharger; C:\WINDOWS\system32\DRIVERS\AppleCharger.sys [2011-01-10 18544]
R1 AVGIDSDriver;AVGIDSDriver; C:\WINDOWS\system32\DRIVERS\avgidsdriverx.sys [2013-07-20 208184]
R1 AVGIDSShim;AVGIDSShim; C:\WINDOWS\system32\DRIVERS\avgidsshimx.sys [2013-09-10 22328]
R1 Avgldx86;AVG AVI Loader Driver; C:\WINDOWS\system32\DRIVERS\avgldx86.sys [2013-07-20 171320]
R1 Avgtdix;AVG TDI Driver; C:\WINDOWS\system32\DRIVERS\avgtdix.sys [2013-03-21 182072]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 VBoxDrv;VirtualBox Service; C:\WINDOWS\system32\DRIVERS\VBoxDrv.sys [2011-12-19 158512]
R1 vmm;Virtual Machine Monitor; \??\C:\WINDOWS\system32\Drivers\vmm.sys []
R1 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2008-04-14 12032]
R2 Hardlock;Hardlock; \??\C:\WINDOWS\system32\drivers\hardlock.sys []
R2 LBeepKE;Logitech Beep Suppression Driver; C:\WINDOWS\System32\Drivers\LBeepKE.sys [2011-09-02 12184]
R2 LMIInfo;LogMeIn Kernel Information Provider; \??\C:\Program Files\LogMeIn\x86\RaInfo.sys []
R2 LMIRfsDriver;LogMeIn Remote File System Driver; \??\C:\WINDOWS\system32\drivers\LMIRfsDriver.sys []
R2 RtNdPt5x;Realtek NDIS Protocol Driver; C:\WINDOWS\system32\DRIVERS\RtNdPt5x.sys [2008-07-09 22016]
R2 v2imount;Symantec V2i Mount Driver; C:\WINDOWS\system32\DRIVERS\v2imount.sys [2008-08-13 38112]
R3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-14 60800]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2012-08-21 26840]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-14 144384]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2010-07-28 6108776]
R3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys [2011-09-02 41240]
R3 lmimirr;lmimirr; C:\WINDOWS\system32\DRIVERS\lmimirr.sys [2010-05-31 10144]
R3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys [2011-09-02 39192]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-14 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2013-03-23 12653120]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2010-07-06 234392]
R3 RTLTEAMINGMP;Realtek Virtual Adapter for Ethernet Extended Features; C:\WINDOWS\system32\DRIVERS\RTLTEAMING.SYS [2009-10-12 29440]
R3 Scan;Process creation detector for NT.; \??\C:\WINDOWS\Temp\scan.sys []
R3 seehcri;Sony Ericsson seehcri Device Driver; C:\WINDOWS\system32\DRIVERS\seehcri.sys [2011-02-08 27632]
R3 StillCam;Ovladač digitálního fotoaparátu pro sériový port; C:\WINDOWS\system32\DRIVERS\serscan.sys [2001-10-24 6784]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;Ovladač standardního rozbočovače USB; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
R3 usbstor;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
R3 VPCNetS2;Virtual Machine Network Services Driver; C:\WINDOWS\system32\DRIVERS\VMNetSrv.sys [2008-02-05 59960]
R3 vsbus;Virtual Serial Bus Enumerator; C:\WINDOWS\system32\DRIVERS\vsb.sys [2008-07-24 15264]
R3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2009-07-14 444136]
R3 zebrceb;Sony Ericsson Cable Emulation Bus (WDM); C:\WINDOWS\system32\DRIVERS\zebrceb.sys [2008-01-15 63360]
S3 61883;61883 Unit Device; C:\WINDOWS\system32\DRIVERS\61883.sys [2008-04-14 48128]
S3 AiCharger;AiCharger; C:\WINDOWS\system32\drivers\AiCharger.sys [2012-03-22 13952]
S3 Ambfilt;Ambfilt; C:\WINDOWS\system32\drivers\Ambfilt.sys [2009-11-18 1691480]
S3 Avc;AVC Device; C:\WINDOWS\system32\DRIVERS\avc.sys [2008-04-14 38912]
S3 awggy4n3;awggy4n3; C:\WINDOWS\system32\drivers\awggy4n3.sys []
S3 BthEnum;Ovladač pro Bluetooth Request Block; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2008-04-14 17024]
S3 BTHMODEM;Ovladač pro sériovou komunikaci protokolem Bluetooth; C:\WINDOWS\system32\DRIVERS\bthmodem.sys [2008-04-14 37888]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2008-04-14 101120]
S3 BTHPORT;Ovladač portu Bluetooth; C:\WINDOWS\System32\Drivers\BTHport.sys [2008-06-14 272128]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2008-04-14 18944]
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.); C:\WINDOWS\system32\DRIVERS\ssudbus.sys [2013-04-03 83864]
S3 dgderdrv;dgderdrv; C:\WINDOWS\System32\drivers\dgderdrv.sys [2012-12-18 20032]
S3 FsUsbExDisk;FsUsbExDisk; \??\C:\WINDOWS\system32\FsUsbExDisk.SYS []
S3 gdrv;gdrv; \??\C:\WINDOWS\gdrv.sys []
S3 ggflt;SEMC USB Flash Driver Filter; C:\WINDOWS\system32\DRIVERS\ggflt.sys [2012-08-15 12400]
S3 ggsemc;SEMC USB Flash Driver; C:\WINDOWS\system32\DRIVERS\ggsemc.sys [2012-08-15 25200]
S3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2009-03-18 26176]
S3 HidBatt;Ovladač baterie zdroje UPS standardu HID; C:\WINDOWS\system32\DRIVERS\HidBatt.sys [2008-04-14 20352]
S3 HidBth;Miniport Bluetooth HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidbth.sys [2008-04-14 25600]
S3 HTCAND32;HTC Device Driver; C:\WINDOWS\System32\Drivers\ANDROIDUSB.sys [2009-06-10 24576]
S3 htcnprot;HTC NDIS Protocol Driver; C:\WINDOWS\system32\DRIVERS\htcnprot.sys [2012-12-07 21248]
S3 mbamchameleon;mbamchameleon; \??\C:\WINDOWS\system32\drivers\mbamchameleon.sys []
S3 Monfilt;Monfilt; C:\WINDOWS\system32\drivers\Monfilt.sys [2009-11-18 1395800]
S3 MSDV;Microsoft DV Camera and VCR; C:\WINDOWS\system32\DRIVERS\msdv.sys [2008-04-14 51200]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 nmwcd;Nokia USB Phone Parent Driver; C:\WINDOWS\system32\drivers\ccdcmb.sys [2012-01-09 18176]
S3 nmwcdc;Nokia USB Communication Driver; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2012-01-09 23168]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent; C:\WINDOWS\system32\drivers\nmwcdnsu.sys [2012-01-09 137600]
S3 nmwcdnsuc;Nokia USB Flashing Generic; C:\WINDOWS\system32\drivers\nmwcdnsuc.sys [2012-01-09 8576]
S3 PCASp50;PCASp50 NDIS Protocol Driver; C:\WINDOWS\System32\Drivers\PCASp50.sys []
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2012-06-27 19072]
S3 qrkis;Tether Miniport; C:\WINDOWS\system32\DRIVERS\qrkis.sys [2012-02-24 47264]
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2008-04-14 59136]
S3 RT2500USB;ASUS RT2500 USB Wireless LAN Driver; C:\WINDOWS\system32\DRIVERS\rt2500usb.sys [2005-09-09 104320]
S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter; C:\WINDOWS\system32\DRIVERS\RTL8192su.sys [2010-11-25 606056]
S3 RTLTEAMING;Realtek Intermediate Driver for Ethernet Extended Features; C:\WINDOWS\system32\DRIVERS\RTLTEAMING.SYS [2009-10-12 29440]
S3 RTLVLAN;Realtek VLAN Intermediate Driver; C:\WINDOWS\system32\DRIVERS\RTLVLAN.SYS [2009-02-16 17536]
S3 s1039bus;Sony Ericsson Device 1039 driver (WDM); C:\WINDOWS\system32\DRIVERS\s1039bus.sys [2009-11-19 98672]
S3 s1039mdfl;Sony Ericsson Device 1039 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\s1039mdfl.sys [2009-11-19 14960]
S3 s1039mdm;Sony Ericsson Device 1039 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\s1039mdm.sys [2009-11-19 124016]
S3 s1039mgmt;Sony Ericsson Device 1039 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\s1039mgmt.sys [2009-11-19 117872]
S3 s1039nd5;Sony Ericsson Device 1039 USB Ethernet Emulation (NDIS); C:\WINDOWS\system32\DRIVERS\s1039nd5.sys [2009-11-19 25456]
S3 s1039obex;Sony Ericsson Device 1039 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\s1039obex.sys [2009-11-19 113904]
S3 s1039unic;Sony Ericsson Device 1039 USB Ethernet Emulation (WDM); C:\WINDOWS\system32\DRIVERS\s1039unic.sys [2009-11-19 123504]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM); C:\WINDOWS\system32\DRIVERS\ssadbus.sys [2013-04-03 136904]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter); C:\WINDOWS\system32\DRIVERS\ssadmdfl.sys [2013-04-03 17864]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers; C:\WINDOWS\system32\DRIVERS\ssadmdm.sys [2013-04-03 153672]
S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM); C:\WINDOWS\system32\DRIVERS\ssadserd.sys [2013-04-03 130248]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.); C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [2013-04-03 181912]
S3 ssudobex;SAMSUNG Mobile USB OBEX Serial Port(DEVGURU Ver.); C:\WINDOWS\system32\DRIVERS\ssudobex.sys []
S3 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys []
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2012-01-09 8192]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2012-12-13 45056]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 usbser;USB Modem Driver; C:\WINDOWS\system32\drivers\usbser.sys [2008-04-14 26112]
S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2012-01-09 8192]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter; C:\WINDOWS\system32\DRIVERS\VBoxNetAdp.sys [2011-12-19 104752]
S3 VBoxNetFlt;VBoxNetFlt Service; C:\WINDOWS\system32\DRIVERS\VBoxNetFlt.sys []
S3 VirtualDK;VirtualDK; \??\c:\makebootable\vdk.sys []
S3 VMnetAdapter;VMware Virtual Ethernet Adapter Driver; C:\WINDOWS\system32\DRIVERS\vmnetadapter.sys []
S3 VProEventMonitor;Symantec Event Monitor Driver; C:\WINDOWS\system32\DRIVERS\vproeventmonitor.sys [2008-01-19 15088]
S3 vserial;ELTIMA Virtual Serial Ports Driver; C:\WINDOWS\System32\DRIVERS\vserial.sys [2008-07-24 47744]
S3 w800bus;Sony Ericsson W800 driver (WDM); C:\WINDOWS\system32\DRIVERS\w800bus.sys [2005-06-13 60768]
S3 w800mdfl;Sony Ericsson W800 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\w800mdfl.sys [2005-06-13 9264]
S3 w800mdm;Sony Ericsson W800 USB WMC Modem Drivers; C:\WINDOWS\system32\DRIVERS\w800mdm.sys [2005-06-13 96224]
S3 w800mgmt;Sony Ericsson W800 USB WMC Device Management Drivers; C:\WINDOWS\system32\DRIVERS\w800mgmt.sys [2005-06-13 87792]
S3 w800obex;Sony Ericsson W800 USB WMC OBEX Interface Drivers; C:\WINDOWS\system32\DRIVERS\w800obex.sys [2005-06-13 85664]
S3 wceusbsh;Windows CE USB Serial Host Driver; C:\WINDOWS\system32\DRIVERS\wceusbsh.sys [2006-11-06 28672]
S3 WDC_SAM;WD SCSI Pass Thru driver; C:\WINDOWS\system32\DRIVERS\wdcsam.sys [2011-02-16 11520]
S3 WimFltr;WimFltr; C:\WINDOWS\system32\DRIVERS\wimfltr.sys [2008-01-19 128104]
S3 WinUSB;SAMSUNG Android USB Driver; C:\WINDOWS\system32\DRIVERS\WinUSB.sys [2006-11-02 39368]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2009-07-13 132224]
S3 zebrbus;Sony Ericsson Composite Device driver; C:\WINDOWS\system32\DRIVERS\zebrbus.sys [2011-02-08 83200]
S3 zebrmdfl;Sony Ericsson Modem Filter; C:\WINDOWS\system32\DRIVERS\zebrmdfl.sys [2011-02-08 14848]
S3 zebrmdm;Sony Ericsson Port (WDM); C:\WINDOWS\system32\DRIVERS\zebrmdm.sys [2011-02-08 109568]
S3 zebrmdmc;Sony Ericsson mRouter Port (WDM); C:\WINDOWS\system32\DRIVERS\zebrmdmc.sys [2011-02-08 109568]
S3 zebrsce;Sony Ericsson PC-Connect Port; C:\WINDOWS\system32\DRIVERS\zebrsce.sys [2011-02-08 91264]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 LMIRfsClientNP;LMIRfsClientNP; C:\WINDOWS\system32\drivers\LMIRfsClientNP.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2013-09-07 55624]
R2 Application Updater;Application Updater; C:\Program Files\Application Updater\ApplicationUpdater.exe [2013-09-02 807800]
R2 AVGIDSAgent;AVGIDSAgent; C:\Program Files\AVG\AVG2013\avgidsagent.exe [2013-07-04 4939312]
R2 avgwd;AVG WatchDog; C:\Program Files\AVG\AVG2013\avgwdsvc.exe [2013-07-23 283136]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2011-08-30 390504]
R2 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 Capture Device Service;Capture Device Service; C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe [2007-03-06 198168]
R2 HP LaserJet Service;HP LaserJet Service; C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe [2009-10-15 136192]
R2 HPM1210RcvFaxSrvc;HP LaserJet Professional M1210 MFP Series Receive Fax Service; C:\Program Files\HP\HP LaserJet M1210 MFP Series\ReceiveFaxUtility.exe [2012-07-25 247712]
R2 hpqddsvc;Služba HP CUE DeviceDiscovery; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 HPSIService;HP SI Service; C:\WINDOWS\system32\HPSIsvc.exe [2012-11-08 100232]
R2 IAANTMON;Intel(R) Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe [2009-06-04 354840]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre7\bin\jqs.exe [2013-06-12 182184]
R2 LMIGuardianSvc;LMIGuardianSvc; C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe [2012-11-07 374704]
R2 LMIMaint;LogMeIn Maintenance Service; C:\Program Files\LogMeIn\x86\RaMaint.exe [2012-11-07 137136]
R2 LogMeIn;LogMeIn; C:\Program Files\LogMeIn\x86\LogMeIn.exe [2010-11-08 390528]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 MSSQL$SQLEXPRESS;SQL Server (SQLEXPRESS); c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2005-10-14 28768528]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 NMSAccess;NMSAccess; c:\Program Files\CDBurnerXP\NMSAccessU.exe [2010-03-04 71096]
R2 Norton Ghost;Norton Ghost; C:\Program Files\Norton Ghost\Agent\VProSvc.exe [2009-08-03 4322656]
R2 nvUpdatusService;NVIDIA Update Service Daemon; C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-08 2253120]
R2 omniInet;Data Protector Inet; C:\Program Files\OmniBack\bin\omniinet.exe [2009-11-26 575032]
R2 PassThru Service;Internet Pass-Through Service; C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe [2012-12-07 167424]
R2 PCNS1;PowerChute Network Shutdown Group 1; C:\PROGRA~1\APC\POWERC~1\group1\pcns.exe [2010-10-15 120200]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 PSI_SVC_2;Protexis Licensing V2; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [2010-03-10 189728]
R2 SQLBrowser;SQL Server Browser; c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2005-10-14 239320]
R2 Symantec SymSnap VSS Provider;Symantec SymSnap VSS Provider; C:\WINDOWS\system32\dllhost.exe [2008-04-14 5120]
R2 TeamViewer8;TeamViewer 8; C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe [2013-09-12 5071712]
R2 TomTomHOMEService;TomTomHOMEService; C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe [2012-01-23 92592]
R2 UleadBurningHelper;Ulead Burning Helper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [2007-03-03 67056]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R3 hpqcxs08;hpqcxs08; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R3 HPSLPSVC;HP Network Devices Support; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2013-09-17 553288]
R3 SymSnapService;SymSnapService; C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe [2009-07-01 1562096]
S2 AuditPro Scan;AuditPro Scan; C:\AuditPro Scan\Scan.exe [2012-03-29 2315616]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 Event Analyst Service;Event Analyst Service; C:\Program Files\Event Analyst\ENService.exe [2007-10-17 54680]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2012-01-19 136176]
S2 NVSvc;NVIDIA Driver Helper Service; C:\WINDOWS\system32\nvsvc32.exe [2011-10-08 298304]
S2 SkypeUpdate;Skype Updater; C:\Program Files\Skype\Updater\Updater.exe [2013-07-25 162672]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-09-30 257416]
S3 AppleChargerSrv;AppleChargerSrv; C:\WINDOWS\system32\AppleChargerSrv.exe [2010-04-06 31272]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2010-03-18 35160]
S3 CamProExpress64;CamProExpress64; C:\Program Files\AirLive\CamPro Express 64\CamProExpress64.exe [2010-07-29 3404800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2012-01-19 136176]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2012-09-14 194032]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 LBTServ;Logitech Bluetooth Service; C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe [2011-09-27 295192]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2013-05-12 117144]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2012-08-01 724888]
S3 Sony PC Companion;Sony PC Companion; C:\Program Files\Sony\Sony PC Companion\PCCService.exe [2013-02-04 155824]
S3 SQLWriter;SQL Server VSS Writer; c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2005-10-14 87768]
S3 WinRM;Windows Remote Management (WS-Management); C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2013-04-16 755880]
S4 MSSQLServerADHelper;SQL Server Active Directory Helper; c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [2005-10-14 45272]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]

-----------------EOF-----------------
Nahoru
Uživatelský avatar
vyosek
VIP
VIP
Příspěvky: 56373
Registrován: 07 lis 2006 15:24
Bydliště: Šalingrad - Brno

Re: Avg hlásí root-kity v atapi.sys a IRP hook v sprc.sys

#3 Příspěvek od vyosek »

Zdravim :)

:arrow: Jen se zeptam, jedna se o domaci PC nebo nejaky pracovni\firemni :???:

:arrow: AVG je free nebo zakoupena licence :???:
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen Obrázek od 1. února 2011.
Nahoru
adamekz
Návštěvník
Návštěvník
Příspěvky: 46
Registrován: 23 črc 2009 15:40

Re: Avg hlásí root-kity v atapi.sys a IRP hook v sprc.sys

#4 Příspěvek od adamekz »

1) Je to bývalý firemní
2) AVG2013 je zakoupeno a je to verze AVG Antivirus Business Edition 2013
Nahoru
Uživatelský avatar
vyosek
VIP
VIP
Příspěvky: 56373
Registrován: 07 lis 2006 15:24
Bydliště: Šalingrad - Brno

Re: Avg hlásí root-kity v atapi.sys a IRP hook v sprc.sys

#5 Příspěvek od vyosek »

:arrow: Stahnete si TDSSKiller http://support.kaspersky.com/downloads/ ... killer.exe
  • Kliknete na volbu Change parametrs
  • V okne Additional Option zakliknete vsechny moznosti
  • Kliknete na OK
  • Utilite prikazte, at skenuje - klik na Start Scan
  • Po dokonceni skenu se objevi okno, zkontrolujte, zda-li je vsude moznost Skip
  • Pokud moznost Skip nebude primarne nastavena, prekliknete ji na Skip
  • Pokud mate vsude Skip, kliknete na Continue
  • Na disku, kde mate Windows (obvykle c:\) ve tvaru TDSSKiller.nejaka cisilka _log.txt bude log - jeho obsah sem vlozte
:arrow: Stahnete Malwarebytes Anti-Rootkit http://www.bleepingcomputer.com/downloa ... i-rootkit/
  • Ulozte nejlepe na Plochu a rozbalte
  • Spustte kliknutim na mbanr
  • Nyni postupne kliknete na Next a Update
  • Po dokonceni update (aktualizace) databaze kliknete opet na Next
  • Nechte zaskrtnute vsechny tri moznosti a klinete na Scan cimz spustite prohledavani PC
  • Po dokonceni skenu (cca 5 minutek) zkontrolujte, zda-li je u vsech nalezu (samozrejme pokud budou) zatrzitko
  • Tez zkontrolujte, jetsli je zatrzitko u Create Restore point
  • Nyni kliknete na CleanUp cimz nalezenou infekci odstranime
  • PC bude restartovan
  • Slozka mbar by mela obsahovat log (a zrejme se i sam otevre) mbar-log-rok-mesic-den (hodina-minuta-sekunda).txt, ten mi sem dejte
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen Obrázek od 1. února 2011.
Nahoru
Odpovědět

Zpět na „Řešení problémů, logy“