Policejní vir

[PetrLe]

Dobrý den,
podařilo se mně odstranit z počítače policejní vir. Můžete ještě prosím udělat kontrolu, jestli tam něco nezůstalo?
Posílám log:
Logfile of random's system information tool 1.09 (written by random/random)
Run by Zdenca at 2013-12-15 18:58:02
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 29 GB (47%) free of 61 GB
Total RAM: 959 MB (13% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:58:09, on 15.12.2013
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\S3trayp.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ICQ6Toolbar\ICQ Service.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.1.2\ToolbarUpdater.exe
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\Program Files\AVG\AVG2012\avgemcx.exe
c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.1.2\loggingserver.exe
C:\Program Files\AVG\AVG2012\avgidsagent.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Zdenca\Local Settings\Temporary Internet Files\Content.IE5\RSIT[1].exe
C:\Program Files\trend micro\Zdenca.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.seznam.cz/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.seznam.cz/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O2 - BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\17.1.2.1\AVG Secure Search_toolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O2 - BHO: Ukazatel S-Rank - {EA837F48-5AD1-443E-AE34-FFE03CBF3099} - C:\Program Files\Seznam.cz\listicka.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\17.1.2.1\AVG Secure Search_toolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [S3Trayp] S3trayp.exe
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe"
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files\AVG\AVG2012\avgtray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: WikiKomentáře Google... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre7\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre7\bin\jp2iexp.dll
O9 - Extra button: Nastavení Lištičky ... - {0E46D7B6-887D-4F81-B4CA-FCC92AF73610} - C:\Program Files\Seznam.cz\listicka.dll
O9 - Extra 'Tools' menuitem: Nastavení Lištičky ... - {0E46D7B6-887D-4F81-B4CA-FCC92AF73610} - C:\Program Files\Seznam.cz\listicka.dll
O9 - Extra button: Zvýrazňovač slov Lištičky - {4E6D6F90-31CA-4878-A7A3-1CD50F115A69} - C:\Program Files\Seznam.cz\listicka.dll
O9 - Extra 'Tools' menuitem: Zvýrazňovač slov Lištičky - {4E6D6F90-31CA-4878-A7A3-1CD50F115A69} - C:\Program Files\Seznam.cz\listicka.dll
O9 - Extra button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\17.1.2\ViProtocol.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgwdsvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
O23 - Service: vToolbarUpdater17.1.2 - Unknown owner - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.1.2\ToolbarUpdater.exe

--
End of file - 11183 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Adobe Flash Player Updater.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

=========Mozilla firefox=========

ProfilePath - C:\Documents and Settings\Zdenca\Data aplikací\Mozilla\Firefox\Profiles\zxsdn6sv.default

prefs.js - "keyword.URL" - "http://search.icq.com/search/afe_result ... r=1.5.3&q="

"avg@igeared"=C:\Program Files\AVG\AVG10\Toolbar\Firefox\avg@igeared
"{1E73965B-8B48-48be-9C8D-68B920ABC1C4}"=C:\Program Files\AVG\AVG2012\Firefox4\
"avg@toolbar"=C:\Documents and Settings\All Users\Data aplikací\AVG Secure Search\FireFoxExt\17.1.2.1


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.9.900.170 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin]
"Description"=
"Path"=C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\17.1.2\\npsitesafety.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=10.45.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@mcafee.com/McAfeeMssPlugin]
"Description"=McAfee Mss Plugin
"Path"=C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files\Microsoft Silverlight\4.0.60310.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}

C:\Program Files\Mozilla Firefox\plugins\
nppdf32.dll

C:\Documents and Settings\Zdenca\Data aplikací\Mozilla\Firefox\Profiles\zxsdn6sv.default\extensions\
{800b5000-a755-47e1-992b-48a1c1357f07}

C:\Documents and Settings\Zdenca\Data aplikací\Mozilla\Firefox\Profiles\zxsdn6sv.default\searchplugins\
icqplugin-1.xml
icqplugin-2.xml
icqplugin-3.xml
icqplugin-4.xml
icqplugin-5.xml
icqplugin-6.xml
icqplugin-7.xml
icqplugin-8.xml
icqplugin.gif
icqplugin.src
icqplugin.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0E8A89AD-95D7-40EB-8D9D-083EF7066A01}]
MSS+ Identifier - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll [2013-09-06 95648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG2012\avgssie.dll [2012-10-15 1417336]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre7\bin\ssv.dll [2013-11-18 462760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
AVG Security Toolbar - C:\Program Files\AVG Secure Search\17.1.2.1\AVG Secure Search_toolbar.dll [2013-11-10 3353624]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2013-10-13 194640]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll [2013-10-13 1001936]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-11-18 171944]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EA837F48-5AD1-443E-AE34-FFE03CBF3099}]
Lištička - C:\Program Files\Seznam.cz\listicka.dll [2009-05-18 992408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{855F3B16-6D32-4fe6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2010-09-06 1048888]
{327C2873-E90D-4c37-AA9D-10AC9BABA46C} - Easy-WebPrint - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll [2004-08-26 405504]
{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
{95B7759C-8C7F-4BF1-B163-73684A933233} - AVG Security Toolbar - C:\Program Files\AVG Secure Search\17.1.2.1\AVG Secure Search_toolbar.dll [2013-11-10 3353624]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2013-10-13 194640]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2009-06-26 577536]
"VTTimer"=C:\WINDOWS\system32\VTTimer.exe [2009-06-26 53248]
"S3Trayp"=C:\WINDOWS\system32\S3trayp.exe [2009-06-26 163840]
"Easy-PrintToolBox"=C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE [2004-01-14 409600]
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2007-03-09 153136]
"vProt"=C:\Program Files\AVG Secure Search\vprot.exe [2013-11-10 2420248]
"PinnacleDriverCheck"=C:\WINDOWS\system32\PSDrvCheck.exe [2004-03-10 406016]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-04-04 958576]
"AVG_TRAY"=C:\Program Files\AVG\AVG2012\avgtray.exe [2012-11-19 2598520]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2013-07-02 254336]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-06-26 39408]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
McAfee Security Scan Plus.lnk - C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\Pinnacle\Studio 10\programs\RM.exe"="C:\Program Files\Pinnacle\Studio 10\programs\RM.exe:*:Enabled:Render Manager"
"C:\Program Files\Pinnacle\Studio 10\programs\Studio.exe"="C:\Program Files\Pinnacle\Studio 10\programs\Studio.exe:*:Enabled:Studio"
"C:\Program Files\Pinnacle\Studio 10\programs\PMSRegisterFile.exe"="C:\Program Files\Pinnacle\Studio 10\programs\PMSRegisterFile.exe:*:Enabled:PMSRegisterFile"
"C:\Program Files\Pinnacle\Studio 10\programs\umi.exe"="C:\Program Files\Pinnacle\Studio 10\programs\umi.exe:*:Enabled:umi"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\Java\jre1.6.0_01\bin\javaws.exe"="C:\Program Files\Java\jre1.6.0_01\bin\javaws.exe:*:Enabled:Java(TM) Web Start Launcher"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Disabled:Firefox"
"C:\Program Files\ICQ7.2\ICQ.exe"="C:\Program Files\ICQ7.2\ICQ.exe:*:Enabled:ICQ7.2"
"C:\Program Files\ICQ7.2\aolload.exe"="C:\Program Files\ICQ7.2\aolload.exe:*:Enabled:aolload.exe"
"C:\Program Files\AVG\AVG2012\avgmfapx.exe"="C:\Program Files\AVG\AVG2012\avgmfapx.exe:*:Enabled:Instalátor AVG"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\AVG\AVG2012\avgnsx.exe"="C:\Program Files\AVG\AVG2012\avgnsx.exe:*:Enabled:Webový štít"
"C:\Program Files\AVG\AVG2012\avgdiagex.exe"="C:\Program Files\AVG\AVG2012\avgdiagex.exe:*:Enabled:AVG Diagnostika 2012"
"C:\Program Files\AVG\AVG2012\avgemcx.exe"="C:\Program Files\AVG\AVG2012\avgemcx.exe:*:Enabled:Obecná kontrola pošty"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\ICQ7.2\ICQ.exe"="C:\Program Files\ICQ7.2\ICQ.exe:*:Enabled:ICQ7.2"
"C:\Program Files\ICQ7.2\aolload.exe"="C:\Program Files\ICQ7.2\aolload.exe:*:Enabled:aolload.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"VIDC.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"VIDC.IYUV"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVU9"=tsbyuv.dll
"VIDC.YVYU"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux"=wdmaud.drv
"vidc.DIVX"=DivX.dll
"VIDC.MJPG"=Pvmjpg30.dll
"MSVideo8"=VfWWDM32.dll
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"aux1"=wdmaud.drv

======List of files/folders created in the last 1 month======

2013-12-15 18:58:03 ----D---- C:\Program Files\trend micro
2013-12-15 18:58:02 ----D---- C:\rsit
2013-12-14 23:28:28 ----D---- C:\Program Files\ESET
2013-12-14 22:54:13 ----D---- C:\Program Files\Mozilla Firefox
2013-11-18 18:18:12 ----D---- C:\Documents and Settings\Zdenca\Data aplikací\AVG
2013-11-18 18:15:26 ----D---- C:\Documents and Settings\All Users\Data aplikací\AVG
2013-11-18 18:14:45 ----SHD---- C:\Documents and Settings\All Users\Data aplikací\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}
2013-11-18 18:10:14 ----D---- C:\Documents and Settings\All Users\Data aplikací\Sun
2013-11-18 18:10:07 ----A---- C:\WINDOWS\system32\javaws.exe
2013-11-18 18:09:51 ----A---- C:\WINDOWS\system32\WindowsAccessBridge.dll
2013-11-18 18:09:51 ----A---- C:\WINDOWS\system32\javaw.exe
2013-11-18 18:09:50 ----A---- C:\WINDOWS\system32\java.exe
2013-11-18 18:07:34 ----D---- C:\Documents and Settings\Zdenca\Data aplikací\TuneUp Software
2013-11-18 17:57:15 ----A---- C:\WINDOWS\system32\FlashPlayerApp.exe

======List of files/folders modified in the last 1 month======

2013-12-15 18:58:09 ----D---- C:\WINDOWS\Prefetch
2013-12-15 18:58:03 ----RD---- C:\Program Files
2013-12-15 18:55:29 ----D---- C:\WINDOWS\Temp
2013-12-15 18:55:29 ----D---- C:\WINDOWS
2013-12-15 17:58:38 ----D---- C:\WINDOWS\system32\drivers\AVG
2013-12-15 07:44:09 ----D---- C:\WINDOWS\system32
2013-12-15 03:43:00 ----N---- C:\WINDOWS\SchedLgU.Txt
2013-12-14 23:28:46 ----D---- C:\WINDOWS\system32\CatRoot2
2013-12-14 23:01:14 ----D---- C:\Documents and Settings
2013-12-14 22:55:05 ----D---- C:\WINDOWS\system32\config
2013-12-14 22:54:48 ----D---- C:\WINDOWS\system32\wbem
2013-12-14 22:54:46 ----D---- C:\WINDOWS\Registration
2013-12-14 22:54:10 ----D---- C:\Program Files\AVG Secure Search
2013-12-14 22:54:08 ----D---- C:\Program Files\Common Files\AVG Secure Search
2013-12-14 22:41:45 ----D---- C:\WINDOWS\system32\Restore
2013-12-14 22:36:44 ----SHD---- C:\RECYCLER
2013-12-12 15:41:43 ----D---- C:\Documents and Settings\Zdenca\Data aplikací\Skype
2013-12-12 14:33:02 ----D---- C:\Program Files\rajce
2013-12-09 14:27:15 ----D---- C:\WINDOWS\system32\cache
2013-12-09 14:27:07 ----D---- C:\Documents and Settings\All Users\Data aplikací\AVG Secure Search
2013-12-08 16:03:05 ----A---- C:\WINDOWS\NeroDigital.ini
2013-12-08 13:48:08 ----AC---- C:\WINDOWS\PhotoSnapViewer.INI
2013-12-06 09:49:20 ----SHD---- C:\WINDOWS\Installer
2013-11-20 15:38:04 ----D---- C:\Documents and Settings\All Users\Data aplikací\MFAData
2013-11-18 18:26:04 ----D---- C:\Documents and Settings\Zdenca\Data aplikací\Nero
2013-11-18 18:26:01 ----SD---- C:\WINDOWS\Tasks
2013-11-18 18:16:21 ----D---- C:\Program Files\AVG
2013-11-18 18:10:12 ----D---- C:\Program Files\Common Files\Java
2013-11-18 18:09:29 ----D---- C:\Program Files\Java
2013-11-18 18:08:59 ----AC---- C:\WINDOWS\system32\PerfStringBackup.INI
2013-11-18 18:03:13 ----D---- C:\Program Files\McAfee Security Scan

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 AVGIDSHX;AVGIDSHX; C:\WINDOWS\system32\DRIVERS\avgidshx.sys [2012-04-19 24896]
R0 Avgrkx86;AVG Anti-Rootkit Driver; C:\WINDOWS\system32\DRIVERS\avgrkx86.sys [2012-01-31 31952]
R0 gagp30kx;Filtr Microsoft Generic AGPv3.0 pro procesorovou platformu K8; C:\WINDOWS\system32\DRIVERS\gagp30kx.sys [2008-04-13 46464]
R0 ohci1394;Hostitelský řadič IEEE 1394 dle standardu OHCI; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2008-04-13 61696]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
R1 Avgldx86;AVG AVI Loader Driver; C:\WINDOWS\system32\DRIVERS\avgldx86.sys [2012-11-08 250080]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield; C:\WINDOWS\system32\DRIVERS\avgmfx86.sys [2011-12-23 41040]
R1 Avgtdix;AVG TDI Driver; C:\WINDOWS\system32\DRIVERS\avgtdix.sys [2013-04-11 302368]
R1 avgtp;avgtp; \??\C:\WINDOWS\system32\drivers\avgtpx86.sys []
R1 PCLEPCI;PCLEPCI; \??\C:\WINDOWS\system32\drivers\pclepci.sys []
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2009-06-26 3960000]
R3 ASAPIW2K;ASAPIW2K; C:\WINDOWS\system32\drivers\ASAPIW2k.sys [2005-02-23 11264]
R3 AVGIDSDriver;AVGIDSDriver; C:\WINDOWS\system32\DRIVERS\avgidsdriverx.sys [2012-12-10 142176]
R3 AVGIDSFilter;AVGIDSFilter; C:\WINDOWS\system32\DRIVERS\avgidsfilterx.sys [2011-12-23 24144]
R3 AVGIDSShim;AVGIDSShim; C:\WINDOWS\system32\DRIVERS\avgidsshimx.sys [2011-12-23 17232]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 MarvinBus;Pinnacle Marvin Bus; C:\WINDOWS\system32\DRIVERS\MarvinBus.sys [2005-06-02 171008]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
R3 S3GIGP;S3GIGP; C:\WINDOWS\system32\DRIVERS\S3gIGPm.sys [2009-06-26 808448]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 61883;61883 Unit Device; C:\WINDOWS\system32\DRIVERS\61883.sys [2008-04-13 48128]
S3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
S3 Avc;AVC Device; C:\WINDOWS\system32\DRIVERS\avc.sys [2008-04-13 38912]
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 MSDV;Microsoft DV Camera and VCR; C:\WINDOWS\system32\DRIVERS\msdv.sys [2008-04-13 51200]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usbaudio;Ovladač zvukové karty USB (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AVGIDSAgent;AVGIDSAgent; C:\Program Files\AVG\AVG2012\avgidsagent.exe [2013-10-16 5175856]
R2 avgwd;AVG WatchDog; C:\Program Files\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]
R2 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:\Program Files\Bonjour\mDNSResponder.exe [2006-02-28 229376]
R2 ICQ Service;ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [2010-09-06 247096]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre7\bin\jqs.exe [2013-11-18 182696]
R2 MSSQL$PINNACLESYS;MSSQL$PINNACLESYS; C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe [2005-05-03 9150464]
R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe [2009-07-20 935208]
R2 PinnacleSys.MediaServer;Pinnacle Systems Media Service; c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe [2006-01-19 49152]
R2 vToolbarUpdater17.1.2;vToolbarUpdater17.1.2; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.1.2\ToolbarUpdater.exe [2013-11-10 1734680]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-01-29 135664]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-15 257416]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service; C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe [2011-11-10 167264]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-06-30 654848]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-01-29 135664]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2012-08-22 194032]
S3 McComponentHostService;McAfee Security Scan Component Host Service; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [2013-09-06 235216]
S3 MSSQLServerADHelper;MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [2005-05-03 73728]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-01-15 774144]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-03-12 271920]
S3 SQLAgent$PINNACLESYS;SQLAgent$PINNACLESYS; C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlagent.EXE [2005-05-03 323584]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]

-----------------EOF-----------------

[vyosek]

Zdravim

Cim jste to odstranoval??

Trvate na antiviru AVG - u nas neni moc obliben - vysoka zatez systemu, slabsi detekce

[PetrLe]

Odstranil jsem ho tak, že jsem vyndal disk, připojil ho k jinému(zdravému) počítači a spustil online scanner od Esetu.
Postup je tady:http://www.eset.com/cz/policejnivirus/# ... b-349727=1

Našlo to dva soubory:

G:\Documents and Settings\All Users\Data aplikací\4cl0flt77.jss varianta infiltrace Win32/Kryptik.BQZR trojský k?? vylé?en smazáním - ulo?en do karantény
G:\WINDOWS\Temp\4cl0flt77.jss varianta infiltrace Win32/Kryptik.BQZR trojský k?? vylé?en smazáním - ulo?en do karantény

a ty to smazalo. Pak jsem vrátil disk zpět a zkontroloval registry(command processor), zda tam není někde nějaká cesta do TEMP. Nikde nic není, takže si myslím, že bude klid. Ale něco tam asi ještě bude. Nejde spustit Mozila a nejde ani odebrat. Můžete prosím pomoci s kontrolou?
Na AVG netrvám. Raději bych dal Avast. Mám s ním dobré zkušenosti. Tohle je PC kamaráda, a AVG tam měl.
Jaký názor máte na Avast?

[vyosek]

AVG do pryc, Avast nainstalovat - rozhodne je to velmi dobra volba

Stahnete Malwarebytes Anti-Rootkit http://www.bleepingcomputer.com/downloa ... i-rootkit/

• Ulozte nejlepe na Plochu a rozbalte
• Spustte kliknutim na mbar
• Nyni postupne kliknete na Next a Update
• Po dokonceni update (aktualizace) databaze kliknete opet na Next
• Nechte zaskrtnute vsechny tri moznosti a klinete na Scan cimz spustite prohledavani PC
• Po dokonceni skenu (cca 5 minutek) zkontrolujte, zda-li je u vsech nalezu (samozrejme pokud budou) zatrzitko
• Tez zkontrolujte, jetsli je zatrzitko u Create Restore point
• Nyni kliknete na CleanUp cimz nalezenou infekci odstranime
• PC bude restartovan
• Slozka mbar by mela obsahovat log (a zrejme se i sam otevre) mbar-log-rok-mesic-den (hodina-minuta-sekunda).txt, ten mi sem dejte

Stahnete Malwarebytes' Anti-Malware (zkracene MBAM) http://forum.viry.cz/viewtopic.php?f=29&t=115222

• Provedte aktualizaci
• Provedte uplny sken - nic nemazte
• MBAM miva obcas falesne detekce, proto vlozte log do prispevku a pockejte na posouzeni

[PetrLe]

AVG odinstalován
Avast Free nainstalován
MBAR nalezl jednu položku. Provedl jsem CleanUp.
K restartu nedošlo - restartoval jsem sám.
Nainstaloval jsem MBAM a provedl kontrolu. Nalezeno 0.
Níže zasílám logy:MBAR system-log a mbar-log-2013-12-16 (14-22-56) a MBAM

MBAR system.log
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1008

(c) Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 3 x86

Account is Administrative

Internet Explorer version: 8.0.6001.18702

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 1.800000 GHz
Memory total: 1005895680, free: 402751488

Downloaded database version: v2013.12.16.05
Downloaded database version: v2013.10.11.02
=======================================
Initializing...
------------ Kernel report ------------
12/16/2013 14:22:41
------------ Loaded modules -----------
\WINDOWS\system32\ntkrnlpa.exe
\WINDOWS\system32\hal.dll
\WINDOWS\system32\KDCOM.DLL
\WINDOWS\system32\BOOTVID.dll
ACPI.sys
\WINDOWS\system32\DRIVERS\WMILIB.SYS
pci.sys
isapnp.sys
pciide.sys
\WINDOWS\system32\DRIVERS\PCIIDEX.SYS
viaide.sys
MountMgr.sys
ftdisk.sys
dmload.sys
dmio.sys
PartMgr.sys
VolSnap.sys
atapi.sys
disk.sys
\WINDOWS\system32\DRIVERS\CLASSPNP.SYS
fltmgr.sys
sr.sys
KSecDD.sys
WudfPf.sys
Ntfs.sys
NDIS.sys
ohci1394.sys
\WINDOWS\system32\DRIVERS\1394BUS.SYS
Mup.sys
gagp30kx.sys
\SystemRoot\system32\DRIVERS\processr.sys
\SystemRoot\system32\DRIVERS\S3gIGPm.sys
\SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
\SystemRoot\system32\DRIVERS\RTL8139.SYS
\SystemRoot\system32\DRIVERS\imapi.sys
\SystemRoot\system32\drivers\ASAPIW2k.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\redbook.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\fdc.sys
\SystemRoot\system32\DRIVERS\parport.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\serial.sys
\SystemRoot\system32\DRIVERS\serenum.sys
\SystemRoot\system32\drivers\ALCXWDM.SYS
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\DRIVERS\audstub.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\psched.sys
\SystemRoot\system32\DRIVERS\msgpc.sys
\SystemRoot\system32\DRIVERS\ptilink.sys
\SystemRoot\system32\DRIVERS\raspti.sys
\SystemRoot\system32\DRIVERS\rdpdr.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\update.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\system32\DRIVERS\MarvinBus.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\flpydisk.sys
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\Drivers\mnmdd.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\rasacd.sys
\SystemRoot\system32\DRIVERS\ipsec.sys
\SystemRoot\system32\DRIVERS\tcpip.sys
\SystemRoot\system32\DRIVERS\netbt.sys
\SystemRoot\System32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\??\C:\WINDOWS\system32\drivers\pclepci.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\System32\Drivers\Fips.SYS
\SystemRoot\system32\DRIVERS\ipnat.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\System32\Drivers\Cdfs.SYS
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\System32\Drivers\dump_WMILIB.SYS
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\watchdog.sys
\SystemRoot\System32\drivers\dxg.sys
\SystemRoot\System32\drivers\dxgthk.sys
\SystemRoot\System32\S3gIGP.dll
\SystemRoot\System32\s3gcil_inv.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\drivers\wdmaud.sys
\SystemRoot\system32\drivers\sysaudio.sys
\SystemRoot\System32\Drivers\ParVdm.SYS
\SystemRoot\system32\DRIVERS\srv.sys
\SystemRoot\System32\Drivers\HTTP.sys
\SystemRoot\System32\Drivers\aswVmm.SYS
\??\C:\WINDOWS\system32\drivers\aswRdr.sys
\??\C:\WINDOWS\system32\drivers\aswFsBlk.sys
\??\C:\WINDOWS\system32\drivers\aswMonFlt.sys
\??\C:\WINDOWS\system32\drivers\aswSnx.sys
\??\C:\WINDOWS\system32\drivers\aswSP.sys
\??\C:\WINDOWS\system32\drivers\aswTdi.sys
\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys
\??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys
\WINDOWS\system32\ntdll.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff8598f030
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP2T0L0-12\
Lower Device Object: 0xffffffff859e3d98
Lower Device Driver Name: \Driver\atapi\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff8598f030, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff859c8628, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff8598f030, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff859abf18, DeviceName: \Device\0000006e\, DriverName: \Driver\ACPI\
DevicePointer: 0xffffffff859e3d98, DeviceName: \Device\Ide\IdeDeviceP2T0L0-12\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Read File: File "C:\WINDOWS\system32\drivers\1394bus.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\1394bus.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\61883.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\61883.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\acpi.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\acpi.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\acpiec.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\acpiec.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\adv01nt5.dll" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\adv01nt5.dll" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\adv02nt5.dll" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\adv02nt5.dll" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\adv05nt5.dll" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\adv05nt5.dll" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\adv07nt5.dll" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\adv07nt5.dll" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\adv08nt5.dll" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\adv08nt5.dll" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\adv09nt5.dll" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\adv09nt5.dll" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\adv11nt5.dll" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\adv11nt5.dll" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\agp440.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\agp440.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\agpcpq.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\agpcpq.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\alim1541.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\alim1541.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\amdagp.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\amdagp.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\MSTEE.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\MSTEE.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\mtlmnt5.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\mtlmnt5.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\mtlstrm.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\mtlstrm.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\mtxparhm.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\mtxparhm.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\mup.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\mup.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\mutohpen.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\mutohpen.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\NABTSFEC.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\NABTSFEC.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\ndis.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\ndis.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\NdisIP.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\NdisIP.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\netwlan5.img" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\netwlan5.img" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\nic1394.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\nic1394.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\nikedrv.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\nikedrv.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\nmnt.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\nmnt.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\ntfs.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\ntfs.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\ntmtlfax.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\ntmtlfax.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\nv4_mini.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\nv4_mini.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\nwlnkflt.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\nwlnkflt.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\nwlnkfwd.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\nwlnkfwd.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\nwlnkipx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\nwlnkipx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\nwlnknb.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\nwlnknb.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\rdpwd.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\rdpwd.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\recagent.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\recagent.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\rfcomm.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\rfcomm.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\rio8drv.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\rio8drv.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\riodrv.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\riodrv.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\rmcast.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\rmcast.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\rndismp.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\rndismp.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\rndismpx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\rndismpx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\rootmdm.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\rootmdm.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\s3gnbm.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\s3gnbm.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\scsiport.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\scsiport.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\sdbus.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\sdbus.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\secdrv.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\secdrv.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\sffdisk.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\sffdisk.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\sffp_mmc.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\sffp_mmc.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\sffp_sd.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\sffp_sd.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\siint5.dll" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\siint5.dll" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\sisagp.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\sisagp.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\SLIP.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\SLIP.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\slnt7554.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\slnt7554.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\slntamr.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\slntamr.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\slnthal.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\slnthal.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\slwdmsup.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\slwdmsup.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\smbali.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\smbali.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\fltmgr.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\fltmgr.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\fsvga.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\fsvga.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\ftdisk.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\ftdisk.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\gagp30kx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\gagp30kx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\gm.dls" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\gm.dls" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\gmreadme.txt" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\gmreadme.txt" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\hdaudbus.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\hdaudbus.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\hidbth.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\hidbth.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\hidclass.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\hidclass.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\hidir.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\hidir.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\hidparse.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\hidparse.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\hidusb.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\hidusb.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\hsfbs2s2.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\hsfbs2s2.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\hsfcxts2.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\hsfcxts2.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\hsfdpsp2.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\hsfdpsp2.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\imagedrv.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\imagedrv.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\imagesrv.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\imagesrv.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\intelppm.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\intelppm.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\ip6fw.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\ip6fw.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\sonydcam.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\sonydcam.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\SONYPVU1.SYS" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\SONYPVU1.SYS" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\sr.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\sr.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\stream.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\stream.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\StreamIP.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\StreamIP.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\tape.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\tape.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\tcpip6.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\tcpip6.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\tdpipe.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\tdpipe.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\tdtcp.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\tdtcp.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\tosdvd.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\tosdvd.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\tsbvcap.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\tsbvcap.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\tunmp.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\tunmp.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\uagp35.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\uagp35.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\udfs.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\udfs.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\usb8023.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\usb8023.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\usb8023x.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\usb8023x.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\usbcamd.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\usbcamd.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\usbcamd2.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\usbcamd2.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\ipinip.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\ipinip.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\irbus.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\irbus.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\irenum.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\irenum.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\isapnp.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\isapnp.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\ksecdd.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\ksecdd.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\mcd.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\mcd.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\mdmxsdk.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\mdmxsdk.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\mf.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\mf.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\modem.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\modem.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\mouhid.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\mouhid.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\mountmgr.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\mountmgr.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\mqac.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\mqac.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\msdv.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\msdv.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\mskssrv.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\mskssrv.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\mspclock.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\mspclock.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\amdk6.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\amdk6.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\ati1snxx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\ati1snxx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\atmarpc.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\atmarpc.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\ipfltdrv.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\ipfltdrv.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\mspqm.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\mspqm.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\nwlnkspx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\nwlnkspx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\rawwan.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\rawwan.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\smclib.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\smclib.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\ch7xxnt5.dll" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\ch7xxnt5.dll" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\cinemst2.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\cinemst2.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\classpnp.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\classpnp.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\cpqdap01.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\cpqdap01.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\crusoe.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\crusoe.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\cxthsfs2.cty" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\cxthsfs2.cty" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\disk.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\disk.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\diskdump.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\diskdump.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\dmboot.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\dmboot.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\dmio.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\dmio.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\dmload.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\dmload.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\enum1394.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\enum1394.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\usbintel.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\usbintel.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\usbprint.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\usbprint.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\usbvideo.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\usbvideo.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\vchnt5.dll" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\vchnt5.dll" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\vdmindvd.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\vdmindvd.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\viaagp.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\viaagp.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\viaide.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\viaide.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\volsnap.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\volsnap.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\wacompen.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\wacompen.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\wadv07nt.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\wadv07nt.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\wadv08nt.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\wadv08nt.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\wadv09nt.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\wadv09nt.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\wadv11nt.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\wadv11nt.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\watv06nt.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\watv06nt.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\watv10nt.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\watv10nt.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\wpdusb.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\wpdusb.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\ws2ifsl.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\ws2ifsl.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\WSTCODEC.SYS" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\WSTCODEC.SYS" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\WudfPf.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\WudfPf.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\WudfRd.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\WudfRd.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\nwrdr.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\nwrdr.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\ohci1394.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\ohci1394.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\oprghdlr.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\oprghdlr.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\p3.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\p3.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\partmgr.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\partmgr.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\pci.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\pci.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\pciide.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\pciide.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\pciidex.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\pciidex.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\pcmcia.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\pcmcia.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\atmepvc.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\atmepvc.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\atmlane.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\atmlane.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\atmuni.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\atmuni.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\atv01nt5.dll" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\atv01nt5.dll" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\atv02nt5.dll" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\atv02nt5.dll" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\atv04nt5.dll" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\atv04nt5.dll" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\atv06nt5.dll" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\atv06nt5.dll" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\atv10nt5.dll" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\atv10nt5.dll" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\avc.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\avc.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\bridge.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\bridge.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\bthenum.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\bthenum.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\bthmodem.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\bthmodem.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\bthpan.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\bthpan.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\bthport.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\bthport.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\bthprint.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\bthprint.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\bthusb.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\bthusb.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\cbidf2k.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\cbidf2k.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\CCDECODE.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\CCDECODE.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\ati1ttxx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\ati1ttxx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\ati1tuxx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\ati1tuxx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\ati1xbxx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\ati1xbxx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\ati1xsxx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\ati1xsxx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\ati2mtaa.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\ati2mtaa.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\ati2mtag.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\ati2mtag.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\atinbtxx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\atinbtxx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\atinmdxx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\atinmdxx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\atinpdxx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\atinpdxx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\atinraxx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\atinraxx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\atinrvxx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\atinrvxx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\atinsnxx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\atinsnxx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\atinttxx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\atinttxx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\atintuxx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\atintuxx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\atinxbxx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\atinxbxx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\atinxsxx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\atinxsxx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\ativmc20.cod" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\ativmc20.cod" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\amdk7.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\amdk7.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\arp1394.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\arp1394.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\asyncmac.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\asyncmac.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\ati1btxx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\ati1btxx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\ati1mdxx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\ati1mdxx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\ati1pdxx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\ati1pdxx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\ati1raxx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\ati1raxx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\ati1rvxx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\ati1rvxx.sys" is compressed (flags = 1)
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: C7C0C7C

Partition information:

Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 63 Numsec = 124455492
Partition file system is NTFS
Partition is bootable

Partition 1 type is Extended with LBA (0xf)
Partition is NOT ACTIVE.
Partition starts at LBA: 124455555 Numsec = 266245245

Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 200049647616 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-62-390701968-390721968)...
Done!
Read File: File "C:\Documents and Settings\LocalService\Cookies\index.dat" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat" is compressed (flags = 1)
Infected: HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER|UpdatesDisableNotify --> [PUM.Disabled.SecurityCenter]
Scan finished
Creating System Restore point...
Cleaning up...
Removal successful. No system shutdown is required.
=======================================


Removal queue found; removal started
Removing C:\Documents and Settings\All Users\Data aplikací\Malwarebytes' Anti-Malware (portable)\MBR_0_i.mbam...
Removing C:\Documents and Settings\All Users\Data aplikací\Malwarebytes' Anti-Malware (portable)\Bootstrap_0_0_63_i.mbam...
Removing C:\Documents and Settings\All Users\Data aplikací\Malwarebytes' Anti-Malware (portable)\MBR_0_r.mbam...
Removal finished
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1008

(c) Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 3 x86

Account is Administrative

Internet Explorer version: 8.0.6001.18702

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 1.799000 GHz
Memory total: 1005895680, free: 737759232

=======================================









Malwarebytes Anti-Rootkit BETA 1.07.0.1008
www.malwarebytes.org

Database version: v2013.12.16.05

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
:: ZDENCA-PC [administrator]

16.12.2013 14:22:56
mbar-log-2013-12-16 (14-22-56).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 242687
Time elapsed: 8 minute(s), 48 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 1
HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER|UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Replace on reboot.

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)









Malwarebytes Anti-Malware (Zkušební verze Malwarebytes Anti-Malware.) 1.75.0.1300
www.malwarebytes.org

Verze: v2013.12.16.05

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Zdenca :: ZDENCA-PC [administrátor]

Ochrana: Povolena

16.12.2013 14:52:18
mbam-log-2013-12-16 (14-52-18).txt

Typ: Kompletní kontrola (C:\|D:\|)
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 322953
Uplynulý čas: 46 minut, 47 sekund

Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené klíče v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené hodnoty v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené datové položky v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené složky: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené soubory: 0
(Žádné škodlivé položky nebyly zjištěny)

(konec)

[PetrLe]

Teď koukám, že mám v karanténě PUM.Disabled.SecurityCenter.
Mám to odstranit? Mám odinstalovat MBAM? Nebo ho mám nechat. Koukám, že se spouští se startem Windows.

[vyosek]

MBAM muzete odinstalovat nebo nechat na obcasny sken - v pripade nalezu velmi doporucuji dat sem log na posouzeni, at si neodstrelite neco legitimniho. Spousteni po startu omezte.

V karantene byt muze, ale klidne ji muzete vymazat

[PetrLe]

Takže teď je už počítač čistý(logy z těch testů MBAR a MBAM jsou o příspěvek výše) a je tedy vše OK?

[vyosek]

Aaaano, melo by byt vse OK

[PetrLe]

Děkuji moc a přeji klidné vánoční svátky!

[vyosek]

Nemate zac, rad jsem pomohl Klidne Vano i Vam Zase nekdy

A na zaklade Pravidla o zamykani temat