Ovlada nekdo muj pocitace ?!

[OKNA 7 s virem ..]

Dobry den, prosim nektereho z mistnich znalcu o pomoc
Mam silne podezreni, ze s mym pocitacem nebude vse jak by bylo melo byt
Muzete mi prosim 'prelozit' tento log:

1) catchme: detected NTDLL code modification:
ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error


2) mbr:
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK
copy of MBR has been found in sector 22 !
copy of MBR has been found in sector 23 !

...a aby toho nebylo malo, log z RSIT nemohu poskytnout neb mi to neustale sdeluje:

Line -1:

Error: Variable used without being declared

[Caroprd111]

Zdravím

Postupujte podle návodu http://www.viry.cz/forum/viewtopic.php?f=13&t=82743

[OKNA 7 s virem ..]

Take zdravim a dekuju ze jste se ' me ujal'
I kdyz jsem spustil RSIT v rezimu kompatibility, opet hlaska o te chybe.. Presto v C je k nalezeni tento log:

Logfile of random's system information tool 1.06 (written by random/random)
Run by MOJE at 2010-04-15 12:48:05
Microsoft Windows 7 Ultimate
System drive C: has 224 GB (94%) free of 238 GB
Total RAM: 3070 MB (66% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:48:18, on 15.4.2010
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\WinUtilities\ToolMemoryOptimizer.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\ItSecMng.exe
C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\Program Files\Toshiba\SmoothView\SmoothView.exe
C:\Program Files\Protector Suite QL\psqltray.exe
C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
C:\Program Files\Toshiba\Utilities\KeNotify.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Kaspersky Lab\Kaspersky PURE\klwtblfs.exe
C:\Users\MOJE\Desktop\RSIT.exe
C:\Program Files\trend micro\MOJE.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky PURE\ievkbd.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky PURE\klwtbbho.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\Protector Suite QL\launcher.exe" /startup
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
O4 - HKLM\..\Run: [KeNotify] C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky PURE\ie_banner_deny.htm
O9 - Extra button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky PURE\klwtbbho.dll
O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky PURE\klwtbbho.dll
O13 - Gopher Prefix:
O20 - AppInit_DLLs: ,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll
O23 - Service: Kaspersky PURE (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe
O23 - Service: CryptoStorage control service (CSObjectsSrv) - Infowatch - C:\Program Files\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

--
End of file - 4873 bytes

======Scheduled tasks folder======

C:\Windows\tasks\MemOptimizer-02BB2F56CB964deb8996194DE7EB5275.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}]
IEVkbdBHO Class - C:\Program Files\Kaspersky Lab\Kaspersky PURE\ievkbd.dll [2009-12-25 68112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E33CF602-D945-461A-83F0-819F76A199F8}]
FilterBHO Class - C:\Program Files\Kaspersky Lab\Kaspersky PURE\klwtbbho.dll [2009-12-25 268816]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2008-06-20 1316136]
"ITSecMng"=C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe [2009-07-22 83336]
"PSQLLauncher"=C:\Program Files\Protector Suite QL\launcher.exe [2007-11-14 49416]
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2009-07-23 13797920]
"TPwrMain"=C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [2009-08-21 476512]
"HSON"=C:\Program Files\TOSHIBA\TBS\HSON.exe [2009-03-09 55160]
"SmoothView"=C:\Program Files\Toshiba\SmoothView\SmoothView.exe [2009-07-28 460088]
"00TCrdMain"=C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [2009-08-05 738616]
"KeNotify"=C:\Program Files\TOSHIBA\Utilities\KeNotify.exe [2009-01-13 34088]
"AVP"=C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe [2009-12-25 340456]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-07-14 1173504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"=" ,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
C:\Windows\system32\klogon.dll [2009-12-25 219664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\psfus]
C:\Windows\system32\psqlpwd.dll [2007-11-14 96008]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=scecli
psqlpwd

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppMgmt]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Base]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot Bus Extender]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot file system]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CryptSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DcomLaunch]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EFS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EventLog]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Filter]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HelpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Netlogon]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PCI Configuration]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PlugPlay]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PNP Filter]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Power]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Primary disk]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcEptMapper]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcSs]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SCSI Class]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sermouse.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\System Bus Extender]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vga.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vmms]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinMgmt]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{36FC9E60-C465-11CF-8056-444553540000}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E965-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E969-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E977-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97B-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E980-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AppInfo]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AppMgmt]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Base]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\BFE]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Boot Bus Extender]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Boot file system]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\bowser]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Browser]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\CryptSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\DcomLaunch]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\dfsc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Dhcp]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\DnsCache]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Dot3Svc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Eaphost]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\EFS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\EventLog]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\File system]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Filter]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\HelpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\IKEEXT]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ipnat.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\KeyIso]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\LanmanServer]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\LanmanWorkstation]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\LmHosts]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Messenger]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MPSDrv]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MPSSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mrxsmb]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mrxsmb10]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mrxsmb20]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NativeWifiP]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NDIS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NDIS Wrapper]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ndiscap]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Ndisuio]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetBIOS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetBIOSGroup]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetBT]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetDDEGroup]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Netlogon]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetMan]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\netprofm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Network]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetworkProvider]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NlaSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Nsi]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nsiproxy.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NTDS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PCI Configuration]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PlugPlay]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PNP Filter]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PNP_TDI]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PolicyAgent]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Power]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Primary disk]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ProfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\rdbss]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\rdpencdd.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\rdsessmgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\RpcEptMapper]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\RpcSs]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sacsvr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SCardSvr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SCSI Class]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sermouse.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SharedAccess]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Streams Drivers]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SWPRV]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\System Bus Extender]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TabletInputService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TBS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Tcpip]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TDI]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TrustedInstaller]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\VaultSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\VDS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vga.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vgasave.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vmms]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\volmgr.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\volmgrx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinMgmt]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wlansvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{36FC9E60-C465-11CF-8056-444553540000}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E965-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E967-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E969-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E96A-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E96B-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E96F-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E972-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E973-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E974-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E975-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E977-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E97B-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E97D-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E980-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{50DD5230-BA8A-11D1-BF5D-0000F805F530}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"DisableCAD"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2010-04-15 12:48:05 ----D---- C:\rsit
2010-04-15 12:48:05 ----D---- C:\Program Files\trend micro
2010-04-15 12:36:45 ----D---- C:\Program Files\Common Files\InfoWatch
2010-04-15 12:36:44 ----D---- C:\ProgramData\Kaspersky Lab
2010-04-15 12:36:44 ----D---- C:\Program Files\Kaspersky Lab
2010-04-15 12:35:29 ----D---- C:\ProgramData\Kaspersky Lab Setup Files
2010-04-15 12:27:36 ----D---- C:\Program Files\VS Revo Group
2010-04-15 11:34:59 ----D---- C:\Users\MOJE\AppData\Roaming\Macromedia
2010-04-15 11:34:59 ----D---- C:\Users\MOJE\AppData\Roaming\Adobe
2010-04-15 04:15:26 ----D---- C:\Users\MOJE\AppData\Roaming\Malwarebytes
2010-04-15 04:15:17 ----D---- C:\ProgramData\Malwarebytes
2010-04-15 04:15:17 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-04-15 04:12:58 ----D---- C:\Program Files\CCleaner
2010-04-15 04:09:20 ----D---- C:\Program Files\Wise Registry Cleaner
2010-04-15 04:07:26 ----D---- C:\Program Files\Wise Disk Cleaner
2010-04-15 04:06:46 ----D---- C:\Windows\system32\Macromed
2010-04-15 03:56:34 ----D---- C:\Users\MOJE\AppData\Roaming\Mozilla
2010-04-15 03:56:25 ----D---- C:\Program Files\Mozilla Firefox
2010-04-15 03:34:31 ----A---- C:\Windows\system32\wbhelp2.dll
2010-04-15 03:34:31 ----A---- C:\Windows\system32\W95INF32.DLL
2010-04-15 03:34:31 ----A---- C:\Windows\system32\W95INF16.DLL
2010-04-15 03:34:31 ----A---- C:\Windows\system32\unicows.dll
2010-04-15 03:34:31 ----A---- C:\Windows\system32\gdiplus.dll
2010-04-15 03:34:31 ----A---- C:\Windows\system32\anim.dll
2010-04-15 03:34:30 ----D---- C:\Program Files\WinUtilities
2010-04-15 03:24:54 ----HD---- C:\VritualRoot
2010-04-15 03:23:27 ----D---- C:\ProgramData\COMODO
2010-04-15 03:15:16 ----D---- C:\ProgramData\Comodo Downloader
2010-04-14 22:09:16 ----D---- C:\ProgramData\Paragon
2010-04-14 22:02:55 ----DC---- C:\Windows\system32\DRVSTORE
2010-04-14 22:02:31 ----D---- C:\Program Files\Paragon Software
2010-04-14 21:59:24 ----D---- C:\ProgramData\NVIDIA
2010-04-14 21:57:32 ----D---- C:\ProgramData\XP
2010-04-14 21:57:32 ----D---- C:\ProgramData\Vista64
2010-04-14 21:57:32 ----D---- C:\ProgramData\Vista32
2010-04-14 21:57:07 ----D---- C:\Program Files\Common Files\InstallShield
2010-04-14 21:56:25 ----D---- C:\Users\MOJE\AppData\Roaming\toshiba
2010-04-14 21:55:12 ----A---- C:\Windows\system32\NVUNINST.EXE
2010-04-14 21:54:55 ----D---- C:\Program Files\InstallShield Installation Information
2010-04-14 21:54:19 ----D---- C:\Windows\tiinst
2010-04-14 21:53:06 ----D---- C:\Program Files\RSA
2010-04-14 21:53:05 ----D---- C:\Program Files\Protector Suite QL
2010-04-14 21:49:52 ----D---- C:\Program Files\UPEK
2010-04-14 21:49:51 ----D---- C:\ProgramData\UIB
2010-04-14 21:49:17 ----D---- C:\Program Files\Toshiba
2010-04-14 21:49:15 ----SHD---- C:\Windows\Installer
2010-04-14 21:48:22 ----D---- C:\Program Files\Intel
2010-04-14 21:48:22 ----A---- C:\Windows\system32\CSVer.dll
2010-04-14 21:48:17 ----D---- C:\Users\MOJE\AppData\Roaming\WinBatch
2010-04-14 21:46:12 ----D---- C:\Windows\Panther
2010-04-14 21:33:55 ----D---- C:\ToshibaUpdate
2010-04-14 21:30:30 ----D---- C:\Program Files\Synaptics
2010-04-14 21:22:56 ----D---- C:\Program Files\Protector Suite
2010-04-14 21:21:50 ----A---- C:\Windows\system32\psisdecd.dll
2010-04-14 21:21:50 ----A---- C:\Windows\system32\msdri.dll
2010-04-14 21:21:50 ----A---- C:\Windows\system32\CPFilters.dll
2010-04-14 21:21:37 ----A---- C:\Windows\system32\secproc_ssp_isv.dll
2010-04-14 21:21:37 ----A---- C:\Windows\system32\secproc_ssp.dll
2010-04-14 21:21:37 ----A---- C:\Windows\system32\secproc_isv.dll
2010-04-14 21:21:37 ----A---- C:\Windows\system32\secproc.dll
2010-04-14 21:21:37 ----A---- C:\Windows\system32\RMActivate_ssp_isv.exe
2010-04-14 21:21:37 ----A---- C:\Windows\system32\RMActivate_ssp.exe
2010-04-14 21:21:37 ----A---- C:\Windows\system32\RMActivate_isv.exe
2010-04-14 21:21:37 ----A---- C:\Windows\system32\RMActivate.exe
2010-04-14 21:15:54 ----A---- C:\Windows\system32\msv1_0.dll
2010-04-14 21:15:23 ----A---- C:\Windows\system32\MRT.exe
2010-04-14 21:14:02 ----A---- C:\Windows\system32\mshtml.dll
2010-04-14 21:14:01 ----A---- C:\Windows\system32\wininet.dll
2010-04-14 21:14:01 ----A---- C:\Windows\system32\urlmon.dll
2010-04-14 21:14:01 ----A---- C:\Windows\system32\mstime.dll
2010-04-14 21:14:01 ----A---- C:\Windows\system32\msfeedsbs.dll
2010-04-14 21:14:01 ----A---- C:\Windows\system32\ieframe.dll
2010-04-14 21:14:01 ----A---- C:\Windows\system32\iedkcs32.dll
2010-04-14 21:14:00 ----A---- C:\Windows\system32\ntoskrnl.exe
2010-04-14 21:13:59 ----A---- C:\Windows\system32\ntkrnlpa.exe
2010-04-14 21:13:58 ----A---- C:\Windows\system32\tsbyuv.dll
2010-04-14 21:13:58 ----A---- C:\Windows\system32\quartz.dll
2010-04-14 21:13:58 ----A---- C:\Windows\system32\msyuv.dll
2010-04-14 21:13:58 ----A---- C:\Windows\system32\msvidc32.dll
2010-04-14 21:13:58 ----A---- C:\Windows\system32\msrle32.dll
2010-04-14 21:13:58 ----A---- C:\Windows\system32\mciavi32.dll
2010-04-14 21:13:58 ----A---- C:\Windows\system32\iyuv_32.dll
2010-04-14 21:13:58 ----A---- C:\Windows\system32\avifil32.dll
2010-04-14 21:13:57 ----A---- C:\Windows\system32\wmp.dll
2010-04-14 21:13:57 ----A---- C:\Windows\system32\t2embed.dll
2010-04-14 21:13:57 ----A---- C:\Windows\system32\fontsub.dll
2010-04-14 21:13:57 ----A---- C:\Windows\system32\atmfd.dll
2010-04-14 21:13:51 ----A---- C:\Windows\system32\wmploc.DLL
2010-04-14 21:13:51 ----A---- C:\Windows\system32\winresume.exe
2010-04-14 21:13:51 ----A---- C:\Windows\system32\winload.exe
2010-04-14 21:13:51 ----A---- C:\Windows\system32\CertEnroll.dll
2010-04-14 21:13:50 ----A---- C:\Windows\system32\winlogon.exe
2010-04-14 21:13:50 ----A---- C:\Windows\explorer.exe
2010-04-14 21:13:49 ----A---- C:\Windows\system32\msasn1.dll
2010-04-14 21:13:48 ----A---- C:\Windows\system32\jscript.dll
2010-04-14 21:13:47 ----A---- C:\Windows\system32\tzres.dll
2010-04-14 21:13:45 ----A---- C:\Windows\system32\vbscript.dll
2010-04-14 21:09:57 ----N---- C:\Windows\system32\MpSigStub.exe
2010-04-14 20:57:32 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-04-14 20:56:21 ----A---- C:\Windows\system32\wintrust.dll
2010-04-14 20:56:21 ----A---- C:\Windows\system32\cabview.dll
2010-04-14 20:55:33 ----D---- C:\Users\MOJE\AppData\Roaming\Identities
2010-04-14 20:55:24 ----SD---- C:\Users\MOJE\AppData\Roaming\Microsoft
2010-04-14 20:55:24 ----D---- C:\Users\MOJE\AppData\Roaming\Media Center Programs
2010-04-14 20:55:11 ----SHD---- C:\Recovery
2010-04-14 20:55:11 ----SHD---- C:\ProgramData\Šablony
2010-04-14 20:55:11 ----SHD---- C:\ProgramData\Plocha
2010-04-14 20:55:11 ----SHD---- C:\ProgramData\Oblíbené položky
2010-04-14 20:55:11 ----SHD---- C:\ProgramData\Nabídka Start
2010-04-14 20:55:11 ----SHD---- C:\ProgramData\Dokumenty
2010-04-14 20:55:11 ----SHD---- C:\ProgramData\Data aplikací
2010-04-14 20:50:01 ----D---- C:\Windows\SoftwareDistribution
2010-04-14 20:47:22 ----D---- C:\Windows\Prefetch
2010-04-14 20:47:04 ----SHD---- C:\System Volume Information

======List of files/folders modified in the last 1 months======

2010-04-15 12:48:15 ----D---- C:\Windows\Temp
2010-04-15 12:48:05 ----RD---- C:\Program Files
2010-04-15 12:37:57 ----D---- C:\Windows\system32\config
2010-04-15 12:37:25 ----D---- C:\Windows\system32\drivers
2010-04-15 12:37:17 ----D---- C:\Windows\inf
2010-04-15 12:37:16 ----D---- C:\Windows\system32\DriverStore
2010-04-15 12:37:16 ----D---- C:\Windows\system32\catroot
2010-04-15 12:37:01 ----D---- C:\Windows\System32
2010-04-15 12:36:45 ----D---- C:\Program Files\Common Files
2010-04-15 12:36:44 ----HD---- C:\ProgramData
2010-04-15 11:27:44 ----D---- C:\Windows
2010-04-15 04:18:06 ----D---- C:\Windows\system32\wdi
2010-04-15 04:14:12 ----D---- C:\Windows\debug
2010-04-15 03:53:22 ----D---- C:\Windows\Tasks
2010-04-15 03:53:22 ----D---- C:\Windows\system32\Tasks
2010-04-15 03:46:05 ----RSD---- C:\Windows\assembly
2010-04-14 22:08:25 ----D---- C:\Windows\system32\catroot2
2010-04-14 21:55:35 ----D---- C:\Windows\Help
2010-04-14 21:53:52 ----D---- C:\Windows\winsxs
2010-04-14 21:51:02 ----D---- C:\Windows\Microsoft.NET
2010-04-14 21:27:38 ----D---- C:\Windows\system32\cs-CZ
2010-04-14 21:22:56 ----D---- C:\Windows\system32\WinBioPlugIns
2010-04-14 21:22:49 ----D---- C:\Windows\AppPatch
2010-04-14 21:22:39 ----D---- C:\Program Files\Internet Explorer
2010-04-14 21:22:28 ----D---- C:\Windows\ehome
2010-04-14 21:18:38 ----D---- C:\Windows\system32\Boot
2010-04-14 21:18:38 ----D---- C:\Program Files\Windows Media Player
2010-04-14 21:13:44 ----SD---- C:\ProgramData\Microsoft
2010-04-14 21:01:18 ----D---- C:\Windows\system32\CodeIntegrity
2010-04-14 20:56:57 ----D---- C:\Windows\system32\wbem
2010-04-14 20:56:32 ----D---- C:\Windows\system32\restore
2010-04-14 20:55:45 ----D---- C:\Windows\Logs
2010-04-14 20:55:31 ----SHD---- C:\$Recycle.Bin
2010-04-14 20:55:21 ----RD---- C:\Users
2010-04-14 20:55:11 ----D---- C:\Program Files\Windows NT
2010-04-14 20:52:33 ----D---- C:\Windows\rescache
2010-04-14 20:50:04 ----D---- C:\Windows\system32\sysprep
2010-04-14 20:47:47 ----D---- C:\Windows\CSC

[Caroprd111]

Stáhněte a uložte, nejlépe na plochu http://download.bleepingcomputer.com/sUBs/ComboFix.exe

• Vypněte všechny rezidentní bezpečnostní programy - firewally, antiviry, antispywary
• Spusťte aplikaci pod účtem s oprávněním Administrátora (Správce), ihned po startu se zobrazí stránka s licenčními podmínkami, pokračujte stisknutím tlačítka "Ano"
• Dále postupujte dle pokynů, během scanu nespouštějte jiné aplikace a neklikejte do zobrazujícího se okna
• Scan by měl trvat okolo 5 - 10 minut, po dokončení Combofix zobrazí log C:\ComboFix.txt , který sem vložte.
• Během skenování může být počítač restartován.

[OKNA 7 s virem ..]

Zde jest log:

ComboFix 10-04-14.01 - MOJE 15.04.2010 13:10:52.1.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1250.420.1029.18.3070.2021 [GMT 2:00]
Spuštěný z: c:\users\MOJE\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\TEMP\catchme.dll

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-03-15 do 2010-04-15 )))))))))))))))))))))))))))))))
.

2010-04-15 10:48 . 2010-04-15 10:48 -------- d-----w- c:\program files\trend micro
2010-04-15 10:48 . 2010-04-15 10:48 -------- d-----w- C:\rsit
2010-04-15 10:47 . 2010-04-15 10:47 -------- d-----w- c:\users\MOJE\AppData\Local\Diagnostics
2010-04-15 10:42 . 2010-04-15 10:42 932368 ----a-w- c:\programdata\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\profiles-1-6.dll
2010-04-15 10:42 . 2010-04-15 10:42 678416 ----a-w- c:\programdata\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\content_interpreter-1-1.dll
2010-04-15 10:42 . 2010-04-15 10:42 604688 ----a-w- c:\programdata\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\gsg-3-9.dll
2010-04-15 10:42 . 2010-04-15 10:42 522768 ----a-w- c:\programdata\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\database-1-5.dll
2010-04-15 10:42 . 2010-04-15 10:42 1096208 ----a-w- c:\programdata\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\filtration-4-6.dll
2010-04-15 10:37 . 2010-04-15 10:37 95259 ----a-w- c:\windows\system32\drivers\klick.dat
2010-04-15 10:37 . 2010-04-15 10:37 108059 ----a-w- c:\windows\system32\drivers\klin.dat
2010-04-15 10:37 . 2009-12-14 10:44 88632 ----a-w- c:\windows\system32\drivers\CSCrySec.sys
2010-04-15 10:37 . 2009-12-14 10:44 39352 ----a-w- c:\windows\system32\drivers\CSVirtualDiskDrv.sys
2010-04-15 10:36 . 2010-04-15 10:36 -------- d-----w- c:\program files\Common Files\InfoWatch
2010-04-15 10:36 . 2010-04-15 10:37 -------- d-----w- c:\programdata\Kaspersky Lab
2010-04-15 10:36 . 2010-04-15 10:36 -------- d-----w- c:\program files\Kaspersky Lab
2010-04-15 10:35 . 2010-04-15 10:35 -------- d-----w- c:\programdata\Kaspersky Lab Setup Files
2010-04-15 10:27 . 2010-04-15 10:27 -------- d-----w- c:\program files\VS Revo Group
2010-04-15 02:15 . 2010-04-15 02:15 -------- d-----w- c:\users\MOJE\AppData\Roaming\Malwarebytes
2010-04-15 02:15 . 2010-03-29 22:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-15 02:15 . 2010-04-15 02:15 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-15 02:15 . 2010-04-15 02:15 -------- d-----w- c:\programdata\Malwarebytes
2010-04-15 02:15 . 2010-03-29 22:45 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-15 02:12 . 2010-04-15 02:12 -------- d-----w- c:\program files\CCleaner
2010-04-15 02:09 . 2010-04-15 02:12 -------- d-----w- c:\program files\Wise Registry Cleaner
2010-04-15 02:07 . 2010-04-15 02:08 -------- d-----w- c:\program files\Wise Disk Cleaner
2010-04-15 02:06 . 2010-04-15 02:06 -------- d-----w- c:\windows\system32\Macromed
2010-04-15 01:56 . 2010-04-15 01:56 -------- d-----w- c:\users\MOJE\AppData\Local\Mozilla
2010-04-15 01:34 . 2007-08-31 10:52 56496 ----a-w- c:\windows\system32\wbhelp2.dll
2010-04-15 01:34 . 2007-08-31 10:52 33968 ----a-w- c:\windows\system32\anim.dll
2010-04-15 01:34 . 2004-12-07 08:11 258352 ----a-w- c:\windows\system32\unicows.dll
2010-04-15 01:34 . 2001-08-24 06:25 1706800 ----a-w- c:\windows\system32\gdiplus.dll
2010-04-15 01:34 . 1999-11-22 13:50 4608 ----a-w- c:\windows\system32\W95INF32.DLL
2010-04-15 01:34 . 1999-11-22 13:50 2272 ----a-w- c:\windows\system32\W95INF16.DLL
2010-04-15 01:34 . 2010-04-15 01:54 -------- d-----w- c:\program files\WinUtilities
2010-04-15 01:24 . 2010-04-15 01:24 -------- d-----w- C:\VritualRoot
2010-04-15 01:23 . 2010-04-15 01:25 -------- d-----w- c:\programdata\COMODO
2010-04-15 01:23 . 2010-04-15 10:23 1474832 ----a-w- c:\windows\system32\drivers\sfi.dat
2010-04-15 01:15 . 2010-04-15 01:20 -------- d-----w- c:\programdata\Comodo Downloader
2010-04-14 20:09 . 2010-04-14 20:09 -------- d-----w- c:\programdata\Paragon
2010-04-14 20:08 . 2010-04-14 20:08 25214 ----a-r- c:\users\MOJE\AppData\Roaming\Microsoft\Installer\{47E5588F-C3A0-11DE-9857-005056C00008}\RunProductNameDskt_985F828E0E98429F9C05EF3BDE7568F7.exe
2010-04-14 20:08 . 2010-04-14 20:08 25214 ----a-r- c:\users\MOJE\AppData\Roaming\Microsoft\Installer\{47E5588F-C3A0-11DE-9857-005056C00008}\RunProductName_985F828E0E98429F9C05EF3BDE7568F7.exe
2010-04-14 20:08 . 2010-04-14 20:08 10134 ----a-r- c:\users\MOJE\AppData\Roaming\Microsoft\Installer\{47E5588F-C3A0-11DE-9857-005056C00008}\ARPPRODUCTICON.exe
2010-04-14 20:02 . 2010-04-15 10:37 -------- dc----w- c:\windows\system32\DRVSTORE
2010-04-14 20:02 . 2010-04-14 20:02 25214 ----a-r- c:\users\MOJE\AppData\Roaming\Microsoft\Installer\{AB562530-921D-11DE-A208-005056C00008}\RunProductNameDskt_985F828E0E98429F9C05EF3BDE7568F7.exe
2010-04-14 20:02 . 2010-04-14 20:02 25214 ----a-r- c:\users\MOJE\AppData\Roaming\Microsoft\Installer\{AB562530-921D-11DE-A208-005056C00008}\RunProductName_985F828E0E98429F9C05EF3BDE7568F7.exe
2010-04-14 20:02 . 2010-04-14 20:02 10134 ----a-r- c:\users\MOJE\AppData\Roaming\Microsoft\Installer\{AB562530-921D-11DE-A208-005056C00008}\ARPPRODUCTICON.exe
2010-04-14 20:02 . 2010-01-15 10:21 40560 ----a-w- c:\windows\system32\drivers\hotcore3.sys
2010-04-14 20:02 . 2010-04-14 20:08 -------- d-----w- c:\program files\Paragon Software
2010-04-14 19:59 . 2010-04-14 19:59 57560 ----a-w- c:\users\MOJE\AppData\Local\GDIPFONTCACHEV1.DAT
2010-04-14 19:59 . 2010-04-15 09:28 -------- d-----w- c:\programdata\NVIDIA
2010-04-14 19:57 . 2010-04-14 19:58 -------- d-----w- c:\programdata\Vista32
2010-04-14 19:57 . 2010-04-14 19:57 -------- d-----w- c:\programdata\XP
2010-04-14 19:57 . 2010-04-14 19:57 -------- d-----w- c:\programdata\Vista64
2010-04-14 19:57 . 2010-04-14 19:57 -------- d-----w- c:\program files\Common Files\InstallShield
2010-04-14 19:56 . 2010-04-14 19:56 -------- d-----w- c:\users\MOJE\AppData\Roaming\toshiba
2010-04-14 19:55 . 2009-07-22 06:41 485920 ----a-w- c:\windows\system32\NVUNINST.EXE
2010-04-14 19:54 . 2010-04-14 19:57 -------- d-----w- c:\program files\InstallShield Installation Information
2010-04-14 19:54 . 2010-04-14 19:54 -------- d-----w- c:\windows\tiinst
2010-04-14 19:53 . 2010-04-14 19:53 -------- d-----w- c:\program files\RSA
2010-04-14 19:53 . 2010-04-14 19:57 -------- d-----w- c:\program files\Protector Suite QL
2010-04-14 19:49 . 2010-04-14 19:49 -------- d-----w- c:\program files\UPEK
2010-04-14 19:49 . 2010-04-14 19:53 -------- d-----w- c:\programdata\UIB
2010-04-14 19:49 . 2010-04-14 19:56 -------- d-----w- c:\program files\Toshiba
2010-04-14 19:49 . 2010-04-15 10:37 -------- d-sh--w- c:\windows\Installer
2010-04-14 19:48 . 2010-04-14 19:48 -------- d-----w- c:\program files\Intel
2010-04-14 19:48 . 2009-07-08 14:34 53248 ----a-w- c:\windows\system32\CSVer.dll
2010-04-14 19:48 . 2010-04-14 19:48 -------- d-----w- c:\users\MOJE\AppData\Roaming\WinBatch
2010-04-14 19:46 . 2010-04-15 01:46 -------- d-----w- c:\windows\Panther
2010-04-14 19:33 . 2010-04-14 19:34 -------- d-----w- C:\ToshibaUpdate
2010-04-14 19:33 . 2010-04-14 19:33 -------- d-----w- c:\users\MOJE\AppData\Local\ElevatedDiagnostics
2010-04-14 19:30 . 2010-04-14 19:30 -------- d-----w- c:\program files\Synaptics
2010-04-14 19:22 . 2010-04-14 19:22 -------- d-----w- c:\program files\Protector Suite
2010-04-14 19:21 . 2009-12-13 09:30 641536 ----a-w- c:\windows\system32\CPFilters.dll
2010-04-14 19:21 . 2009-12-13 09:30 465408 ----a-w- c:\windows\system32\psisdecd.dll
2010-04-14 19:21 . 2009-12-13 09:29 417792 ----a-w- c:\windows\system32\msdri.dll
2010-04-14 19:21 . 2010-01-18 23:29 85504 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-04-14 19:21 . 2010-01-18 23:29 85504 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-04-14 19:21 . 2010-01-18 23:29 365568 ----a-w- c:\windows\system32\secproc_isv.dll
2010-04-14 19:21 . 2010-01-18 23:29 369152 ----a-w- c:\windows\system32\secproc.dll
2010-04-14 19:21 . 2010-01-18 23:28 324608 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-04-14 19:21 . 2010-01-18 23:28 277504 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-04-14 19:21 . 2010-01-18 23:28 320512 ----a-w- c:\windows\system32\RMActivate.exe
2010-04-14 19:21 . 2010-01-18 23:28 280064 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-04-14 19:15 . 2009-09-10 05:52 257024 ----a-w- c:\windows\system32\msv1_0.dll
2010-04-14 19:14 . 2010-02-23 07:56 977920 ----a-w- c:\windows\system32\wininet.dll
2010-04-14 19:14 . 2010-02-27 12:07 3899280 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-04-14 19:12 . 2010-02-27 07:32 221696 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-04-14 19:12 . 2010-02-27 07:32 95744 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2010-04-14 19:12 . 2010-02-27 07:32 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-04-14 19:09 . 2010-02-24 08:16 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-04-14 18:56 . 2010-04-15 10:30 -------- d-----w- c:\windows\system32\wbem\Performance

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-15 10:30 . 2009-07-14 08:44 622660 ----a-w- c:\windows\system32\perfh005.dat
2010-04-15 10:30 . 2009-07-14 08:44 118810 ----a-w- c:\windows\system32\perfc005.dat
2010-04-14 18:55 . 2010-04-14 18:55 -------- d-sh--we c:\programdata\Plocha
2010-04-14 18:55 . 2010-04-14 18:55 -------- d-sh--we c:\programdata\Oblíbené položky
2010-04-14 18:55 . 2010-04-14 18:55 -------- d-sh--we c:\programdata\Šablony
2010-04-14 18:55 . 2010-04-14 18:55 -------- d-sh--we c:\programdata\Nabídka Start
2010-04-14 18:55 . 2010-04-14 18:55 -------- d-sh--we c:\programdata\Dokumenty
2010-04-14 18:55 . 2010-04-14 18:55 -------- d-sh--we c:\programdata\Data aplikací
2010-03-08 21:33 . 2010-04-14 19:13 427520 ----a-w- c:\windows\system32\vbscript.dll
2010-02-27 12:07 . 2010-04-14 19:13 3954568 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-11 14:42 . 2010-02-11 14:42 59952 ----a-w- c:\programdata\Kaspersky Lab Setup Files\Kaspersky PURE 9.0.0.192\English\setup.exe
2010-02-02 07:45 . 2010-04-14 19:13 2048 ----a-w- c:\windows\system32\tzres.dll
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\KAVOverlayIcon]
@="{dd230880-495a-11d1-b064-008048ec2fc5}"
[HKEY_CLASSES_ROOT\CLSID\{dd230880-495a-11d1-b064-008048ec2fc5}]
2009-12-25 14:42 129552 ----a-w- c:\program files\Kaspersky Lab\Kaspersky PURE\shellex.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay]
@="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}"
[HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}]
2007-11-14 10:22 3186440 ----a-w- c:\program files\Protector Suite QL\farchns.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen]
@="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}"
[HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}]
2007-11-14 10:22 3186440 ----a-w- c:\program files\Protector Suite QL\farchns.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-06-20 1316136]
"ITSecMng"="c:\program files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2009-07-22 83336]
"PSQLLauncher"="c:\program files\Protector Suite QL\launcher.exe" [2007-11-14 49416]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-23 13797920]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2009-08-21 476512]
"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2009-03-09 55160]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2009-07-28 460088]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2009-08-05 738616]
"KeNotify"="c:\program files\TOSHIBA\Utilities\KeNotify.exe" [2009-01-13 34088]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky PURE\avp.exe" [2009-12-25 340456]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"DisableCAD"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2007-11-14 10:07 96008 ----a-w- c:\windows\System32\psqlpwd.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\KASPER~1\KASPER~1\mzvkbd3.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli psqlpwd

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

R2 CSObjectsSrv;CryptoStorage control service;c:\program files\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe [2009-12-21 743992]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2009-10-02 19472]
S0 CplIR;Embedded IR Driver;c:\windows\system32\DRIVERS\CplIR.SYS [2007-03-06 14848]
S0 CSCrySec;InfoWatch Encrypt Sector Library driver;c:\windows\system32\DRIVERS\CSCrySec.sys [2009-12-14 88632]
S0 hotcore3;hc3ServiceName;c:\windows\system32\DRIVERS\hotcore3.sys [2010-01-15 40560]
S0 KLBG;Kaspersky Lab Boot Guard Driver;c:\windows\system32\DRIVERS\klbg.sys [2009-10-14 36880]
S1 CSVirtualDiskDrv;InfoWatch Virtual Disk driver;c:\windows\system32\DRIVERS\CSVirtualDiskDrv.sys [2009-12-14 39352]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2009-09-14 21520]
S3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series – ovladač adaptéru pro 32bitový systém Windows Vista;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-03-01 139776]


--- Ostatní služby/ovladače v paměti ---

*NewlyCreated* - CSCRYSEC
*NewlyCreated* - CSVIRTUALDISKDRV
*NewlyCreated* - KL1
*NewlyCreated* - KLBG
*NewlyCreated* - KLIF
*NewlyCreated* - KLIM6
.
Obsah adresáře 'Naplánované úlohy'

2010-04-15 c:\windows\Tasks\MemOptimizer-02BB2F56CB964deb8996194DE7EB5275.job
- c:\program files\WinUtilities\ToolMemoryOptimizer.exe [2010-04-15 13:25]
.
.
------- Doplňkový sken -------
.
IE: Add to Anti-Banner - c:\program files\Kaspersky Lab\Kaspersky PURE\ie_banner_deny.htm
FF - ProfilePath - c:\users\MOJE\AppData\Roaming\Mozilla\Firefox\Profiles\5tkw9cpb.default\
FF - component: c:\program files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'lsass.exe'(484)
c:\windows\system32\psqlpwd.DLL
c:\program files\Protector Suite QL\homefus2.dll
c:\program files\Protector Suite QL\infql2.dll
.
Celkový čas: 2010-04-15 13:17:26
ComboFix-quarantined-files.txt 2010-04-15 11:17

Před spuštěním: Volných bajtů: 234 690 387 968
Po spuštění: Volných bajtů: 234 485 342 208

- - End Of File - - 0A8C76CE81B69A847A1EE00EFE2A0FFA

[OKNA 7 s virem ..]

Ja jsem nespustil Combofix poprve jako Admin Takze jsem spustil Combofix jeste jednou, tentokrat presne jak jste psal Zajimave je, ze je zde opet ten samy vymaz ..

Zde je log:

ComboFix 10-04-14.01 - MOJE 15.04.2010 13:21:21.2.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1250.420.1029.18.3070.2178 [GMT 2:00]
Spuštěný z: c:\users\MOJE\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\TEMP\catchme.dll

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-03-15 do 2010-04-15 )))))))))))))))))))))))))))))))
.

2010-04-15 11:25 . 2010-04-15 11:25 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-04-15 11:25 . 2010-04-15 11:25 -------- d-----w- c:\users\MOJE\AppData\Local\temp
2010-04-15 11:25 . 2010-04-15 11:25 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-04-15 10:48 . 2010-04-15 10:48 -------- d-----w- c:\program files\trend micro
2010-04-15 10:48 . 2010-04-15 10:48 -------- d-----w- C:\rsit
2010-04-15 10:47 . 2010-04-15 10:47 -------- d-----w- c:\users\MOJE\AppData\Local\Diagnostics
2010-04-15 10:42 . 2010-04-15 10:42 932368 ----a-w- c:\programdata\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\profiles-1-6.dll
2010-04-15 10:42 . 2010-04-15 10:42 678416 ----a-w- c:\programdata\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\content_interpreter-1-1.dll
2010-04-15 10:42 . 2010-04-15 10:42 604688 ----a-w- c:\programdata\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\gsg-3-9.dll
2010-04-15 10:42 . 2010-04-15 10:42 522768 ----a-w- c:\programdata\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\database-1-5.dll
2010-04-15 10:42 . 2010-04-15 10:42 1096208 ----a-w- c:\programdata\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\filtration-4-6.dll
2010-04-15 10:37 . 2010-04-15 10:37 95259 ----a-w- c:\windows\system32\drivers\klick.dat
2010-04-15 10:37 . 2010-04-15 10:37 108059 ----a-w- c:\windows\system32\drivers\klin.dat
2010-04-15 10:37 . 2009-12-14 10:44 88632 ----a-w- c:\windows\system32\drivers\CSCrySec.sys
2010-04-15 10:37 . 2009-12-14 10:44 39352 ----a-w- c:\windows\system32\drivers\CSVirtualDiskDrv.sys
2010-04-15 10:36 . 2010-04-15 10:36 -------- d-----w- c:\program files\Common Files\InfoWatch
2010-04-15 10:36 . 2010-04-15 10:37 -------- d-----w- c:\programdata\Kaspersky Lab
2010-04-15 10:36 . 2010-04-15 10:36 -------- d-----w- c:\program files\Kaspersky Lab
2010-04-15 10:35 . 2010-04-15 10:35 -------- d-----w- c:\programdata\Kaspersky Lab Setup Files
2010-04-15 10:27 . 2010-04-15 10:27 -------- d-----w- c:\program files\VS Revo Group
2010-04-15 02:15 . 2010-04-15 02:15 -------- d-----w- c:\users\MOJE\AppData\Roaming\Malwarebytes
2010-04-15 02:15 . 2010-03-29 22:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-15 02:15 . 2010-04-15 02:15 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-15 02:15 . 2010-04-15 02:15 -------- d-----w- c:\programdata\Malwarebytes
2010-04-15 02:15 . 2010-03-29 22:45 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-15 02:12 . 2010-04-15 02:12 -------- d-----w- c:\program files\CCleaner
2010-04-15 02:09 . 2010-04-15 02:12 -------- d-----w- c:\program files\Wise Registry Cleaner
2010-04-15 02:07 . 2010-04-15 02:08 -------- d-----w- c:\program files\Wise Disk Cleaner
2010-04-15 02:06 . 2010-04-15 02:06 -------- d-----w- c:\windows\system32\Macromed
2010-04-15 01:56 . 2010-04-15 01:56 -------- d-----w- c:\users\MOJE\AppData\Local\Mozilla
2010-04-15 01:34 . 2007-08-31 10:52 56496 ----a-w- c:\windows\system32\wbhelp2.dll
2010-04-15 01:34 . 2007-08-31 10:52 33968 ----a-w- c:\windows\system32\anim.dll
2010-04-15 01:34 . 2004-12-07 08:11 258352 ----a-w- c:\windows\system32\unicows.dll
2010-04-15 01:34 . 2001-08-24 06:25 1706800 ----a-w- c:\windows\system32\gdiplus.dll
2010-04-15 01:34 . 1999-11-22 13:50 4608 ----a-w- c:\windows\system32\W95INF32.DLL
2010-04-15 01:34 . 1999-11-22 13:50 2272 ----a-w- c:\windows\system32\W95INF16.DLL
2010-04-15 01:34 . 2010-04-15 01:54 -------- d-----w- c:\program files\WinUtilities
2010-04-15 01:24 . 2010-04-15 01:24 -------- d-----w- C:\VritualRoot
2010-04-15 01:23 . 2010-04-15 01:25 -------- d-----w- c:\programdata\COMODO
2010-04-15 01:23 . 2010-04-15 10:23 1474832 ----a-w- c:\windows\system32\drivers\sfi.dat
2010-04-15 01:15 . 2010-04-15 01:20 -------- d-----w- c:\programdata\Comodo Downloader
2010-04-14 20:09 . 2010-04-14 20:09 -------- d-----w- c:\programdata\Paragon
2010-04-14 20:08 . 2010-04-14 20:08 25214 ----a-r- c:\users\MOJE\AppData\Roaming\Microsoft\Installer\{47E5588F-C3A0-11DE-9857-005056C00008}\RunProductNameDskt_985F828E0E98429F9C05EF3BDE7568F7.exe
2010-04-14 20:08 . 2010-04-14 20:08 25214 ----a-r- c:\users\MOJE\AppData\Roaming\Microsoft\Installer\{47E5588F-C3A0-11DE-9857-005056C00008}\RunProductName_985F828E0E98429F9C05EF3BDE7568F7.exe
2010-04-14 20:08 . 2010-04-14 20:08 10134 ----a-r- c:\users\MOJE\AppData\Roaming\Microsoft\Installer\{47E5588F-C3A0-11DE-9857-005056C00008}\ARPPRODUCTICON.exe
2010-04-14 20:02 . 2010-04-15 10:37 -------- dc----w- c:\windows\system32\DRVSTORE
2010-04-14 20:02 . 2010-04-14 20:02 25214 ----a-r- c:\users\MOJE\AppData\Roaming\Microsoft\Installer\{AB562530-921D-11DE-A208-005056C00008}\RunProductNameDskt_985F828E0E98429F9C05EF3BDE7568F7.exe
2010-04-14 20:02 . 2010-04-14 20:02 25214 ----a-r- c:\users\MOJE\AppData\Roaming\Microsoft\Installer\{AB562530-921D-11DE-A208-005056C00008}\RunProductName_985F828E0E98429F9C05EF3BDE7568F7.exe
2010-04-14 20:02 . 2010-04-14 20:02 10134 ----a-r- c:\users\MOJE\AppData\Roaming\Microsoft\Installer\{AB562530-921D-11DE-A208-005056C00008}\ARPPRODUCTICON.exe
2010-04-14 20:02 . 2010-01-15 10:21 40560 ----a-w- c:\windows\system32\drivers\hotcore3.sys
2010-04-14 20:02 . 2010-04-14 20:08 -------- d-----w- c:\program files\Paragon Software
2010-04-14 19:59 . 2010-04-14 19:59 57560 ----a-w- c:\users\MOJE\AppData\Local\GDIPFONTCACHEV1.DAT
2010-04-14 19:59 . 2010-04-15 09:28 -------- d-----w- c:\programdata\NVIDIA
2010-04-14 19:57 . 2010-04-14 19:58 -------- d-----w- c:\programdata\Vista32
2010-04-14 19:57 . 2010-04-14 19:57 -------- d-----w- c:\programdata\XP
2010-04-14 19:57 . 2010-04-14 19:57 -------- d-----w- c:\programdata\Vista64
2010-04-14 19:57 . 2010-04-14 19:57 -------- d-----w- c:\program files\Common Files\InstallShield
2010-04-14 19:56 . 2010-04-14 19:56 -------- d-----w- c:\users\MOJE\AppData\Roaming\toshiba
2010-04-14 19:55 . 2009-07-22 06:41 485920 ----a-w- c:\windows\system32\NVUNINST.EXE
2010-04-14 19:54 . 2010-04-14 19:57 -------- d-----w- c:\program files\InstallShield Installation Information
2010-04-14 19:54 . 2010-04-14 19:54 -------- d-----w- c:\windows\tiinst
2010-04-14 19:53 . 2010-04-14 19:53 -------- d-----w- c:\program files\RSA
2010-04-14 19:53 . 2010-04-14 19:57 -------- d-----w- c:\program files\Protector Suite QL
2010-04-14 19:49 . 2010-04-14 19:49 -------- d-----w- c:\program files\UPEK
2010-04-14 19:49 . 2010-04-14 19:53 -------- d-----w- c:\programdata\UIB
2010-04-14 19:49 . 2010-04-14 19:56 -------- d-----w- c:\program files\Toshiba
2010-04-14 19:49 . 2010-04-15 10:37 -------- d-sh--w- c:\windows\Installer
2010-04-14 19:48 . 2010-04-14 19:48 -------- d-----w- c:\program files\Intel
2010-04-14 19:48 . 2009-07-08 14:34 53248 ----a-w- c:\windows\system32\CSVer.dll
2010-04-14 19:48 . 2010-04-14 19:48 -------- d-----w- c:\users\MOJE\AppData\Roaming\WinBatch
2010-04-14 19:46 . 2010-04-15 01:46 -------- d-----w- c:\windows\Panther
2010-04-14 19:33 . 2010-04-14 19:34 -------- d-----w- C:\ToshibaUpdate
2010-04-14 19:33 . 2010-04-14 19:33 -------- d-----w- c:\users\MOJE\AppData\Local\ElevatedDiagnostics
2010-04-14 19:30 . 2010-04-14 19:30 -------- d-----w- c:\program files\Synaptics
2010-04-14 19:22 . 2010-04-14 19:22 -------- d-----w- c:\program files\Protector Suite
2010-04-14 19:21 . 2009-12-13 09:30 641536 ----a-w- c:\windows\system32\CPFilters.dll
2010-04-14 19:21 . 2009-12-13 09:30 465408 ----a-w- c:\windows\system32\psisdecd.dll
2010-04-14 19:21 . 2009-12-13 09:29 417792 ----a-w- c:\windows\system32\msdri.dll
2010-04-14 19:21 . 2010-01-18 23:29 85504 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-04-14 19:21 . 2010-01-18 23:29 85504 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-04-14 19:21 . 2010-01-18 23:29 365568 ----a-w- c:\windows\system32\secproc_isv.dll
2010-04-14 19:21 . 2010-01-18 23:29 369152 ----a-w- c:\windows\system32\secproc.dll
2010-04-14 19:21 . 2010-01-18 23:28 324608 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-04-14 19:21 . 2010-01-18 23:28 277504 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-04-14 19:21 . 2010-01-18 23:28 320512 ----a-w- c:\windows\system32\RMActivate.exe
2010-04-14 19:21 . 2010-01-18 23:28 280064 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-04-14 19:15 . 2009-09-10 05:52 257024 ----a-w- c:\windows\system32\msv1_0.dll
2010-04-14 19:14 . 2010-02-23 07:56 977920 ----a-w- c:\windows\system32\wininet.dll
2010-04-14 19:14 . 2010-02-27 12:07 3899280 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-04-14 19:12 . 2010-02-27 07:32 221696 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-04-14 19:12 . 2010-02-27 07:32 95744 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2010-04-14 19:12 . 2010-02-27 07:32 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-04-14 19:09 . 2010-02-24 08:16 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-04-14 18:56 . 2010-04-15 10:30 -------- d-----w- c:\windows\system32\wbem\Performance

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-15 10:30 . 2009-07-14 08:44 622660 ----a-w- c:\windows\system32\perfh005.dat
2010-04-15 10:30 . 2009-07-14 08:44 118810 ----a-w- c:\windows\system32\perfc005.dat
2010-04-14 18:55 . 2010-04-14 18:55 -------- d-sh--we c:\programdata\Plocha
2010-04-14 18:55 . 2010-04-14 18:55 -------- d-sh--we c:\programdata\Oblíbené položky
2010-04-14 18:55 . 2010-04-14 18:55 -------- d-sh--we c:\programdata\Šablony
2010-04-14 18:55 . 2010-04-14 18:55 -------- d-sh--we c:\programdata\Nabídka Start
2010-04-14 18:55 . 2010-04-14 18:55 -------- d-sh--we c:\programdata\Dokumenty
2010-04-14 18:55 . 2010-04-14 18:55 -------- d-sh--we c:\programdata\Data aplikací
2010-03-08 21:33 . 2010-04-14 19:13 427520 ----a-w- c:\windows\system32\vbscript.dll
2010-02-27 12:07 . 2010-04-14 19:13 3954568 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-11 14:42 . 2010-02-11 14:42 59952 ----a-w- c:\programdata\Kaspersky Lab Setup Files\Kaspersky PURE 9.0.0.192\English\setup.exe
2010-02-02 07:45 . 2010-04-14 19:13 2048 ----a-w- c:\windows\system32\tzres.dll
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\KAVOverlayIcon]
@="{dd230880-495a-11d1-b064-008048ec2fc5}"
[HKEY_CLASSES_ROOT\CLSID\{dd230880-495a-11d1-b064-008048ec2fc5}]
2009-12-25 14:42 129552 ----a-w- c:\program files\Kaspersky Lab\Kaspersky PURE\shellex.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay]
@="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}"
[HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}]
2007-11-14 10:22 3186440 ----a-w- c:\program files\Protector Suite QL\farchns.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen]
@="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}"
[HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}]
2007-11-14 10:22 3186440 ----a-w- c:\program files\Protector Suite QL\farchns.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-06-20 1316136]
"ITSecMng"="c:\program files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2009-07-22 83336]
"PSQLLauncher"="c:\program files\Protector Suite QL\launcher.exe" [2007-11-14 49416]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-23 13797920]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2009-08-21 476512]
"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2009-03-09 55160]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2009-07-28 460088]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2009-08-05 738616]
"KeNotify"="c:\program files\TOSHIBA\Utilities\KeNotify.exe" [2009-01-13 34088]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky PURE\avp.exe" [2009-12-25 340456]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"DisableCAD"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2007-11-14 10:07 96008 ----a-w- c:\windows\System32\psqlpwd.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\KASPER~1\KASPER~1\mzvkbd3.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli psqlpwd

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

R2 CSObjectsSrv;CryptoStorage control service;c:\program files\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe [2009-12-21 743992]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2009-10-02 19472]
S0 CplIR;Embedded IR Driver;c:\windows\system32\DRIVERS\CplIR.SYS [2007-03-06 14848]
S0 CSCrySec;InfoWatch Encrypt Sector Library driver;c:\windows\system32\DRIVERS\CSCrySec.sys [2009-12-14 88632]
S0 hotcore3;hc3ServiceName;c:\windows\system32\DRIVERS\hotcore3.sys [2010-01-15 40560]
S0 KLBG;Kaspersky Lab Boot Guard Driver;c:\windows\system32\DRIVERS\klbg.sys [2009-10-14 36880]
S1 CSVirtualDiskDrv;InfoWatch Virtual Disk driver;c:\windows\system32\DRIVERS\CSVirtualDiskDrv.sys [2009-12-14 39352]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2009-09-14 21520]
S3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series – ovladač adaptéru pro 32bitový systém Windows Vista;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-03-01 139776]


--- Ostatní služby/ovladače v paměti ---

*NewlyCreated* - CSCRYSEC
*NewlyCreated* - CSVIRTUALDISKDRV
*NewlyCreated* - KL1
*NewlyCreated* - KLBG
*NewlyCreated* - KLIF
*NewlyCreated* - KLIM6
.
Obsah adresáře 'Naplánované úlohy'

2010-04-15 c:\windows\Tasks\MemOptimizer-02BB2F56CB964deb8996194DE7EB5275.job
- c:\program files\WinUtilities\ToolMemoryOptimizer.exe [2010-04-15 13:25]
.
.
------- Doplňkový sken -------
.
IE: Add to Anti-Banner - c:\program files\Kaspersky Lab\Kaspersky PURE\ie_banner_deny.htm
FF - ProfilePath - c:\users\MOJE\AppData\Roaming\Mozilla\Firefox\Profiles\5tkw9cpb.default\
FF - component: c:\program files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'lsass.exe'(484)
c:\windows\system32\psqlpwd.DLL
c:\program files\Protector Suite QL\homefus2.dll
c:\program files\Protector Suite QL\infql2.dll
.
Celkový čas: 2010-04-15 13:27:28
ComboFix-quarantined-files.txt 2010-04-15 11:27
ComboFix2.txt 2010-04-15 11:17

Před spuštěním: Volných bajtů: 234 527 903 744
Po spuštění: Volných bajtů: 234 481 086 464

- - End Of File - - E8982AA528EACBC2F748B986D8576899

[Caroprd111]

Odinstalujte všechny emulátory virtuálních mechanik.

Stáhněte SPTD http://www.duplexsecure.com/en/downloads

• Vyberte verzi podle svého operačního systému (64 & 32b). Uložte na plochu a spusťte.
• zvolte možnost Uninstall a restartujte PC.

Stáhněte a spusťte http://www.jpshortstuff.247fixes.com/Defogger.exe

• Klikněte na "Disable" a restartujte PC.

Stáhněte MBR na plochu http://www2.gmer.net/mbr/mbr.exe

"Klikněte pravým tl. myši na soubor "MBR", zvolte "Vlastnosti" - "Kompatibilita" a zaškrtněte položku "Spustit tento program jako správce" - OK"

Start > Spustit (Win + R)

• Vyskočí okénko, zkopírujte do něj:

Kód: Vybrat vše

"%userprofile%\desktop\mbr" -t

• Klikněte na OK

• Vytvoří se log s názvem mbr.log, vložte ho sem.

Dejte log z Gmer http://www.viry.cz/forum/viewtopic.php?f=29&t=62878

[OKNA 7 s virem ..]

Takze po jednotlivych bodech to vypada takto:

1) Poradne ani netusim, co ze to jsou ty emulátory nicmene nejsem si vedom toho, ze bych neco takoveho instaloval

2) SPTD spusteno ale moznost uninstall nebyla nabidnuta neb nebyl detekovan

3) provedeno presne dle navodu

4) Provedeno, ale zadne okenko nevyskocilo, pouze log :

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK
copy of MBR has been found in sector 22 !
copy of MBR has been found in sector 23 !

5) Zde je log 1):

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit quick scan 2010-04-15 13:51:46
Windows 6.1.7600
Running: gmer.exe; Driver: C:\Windows\TEMP\kxldypow.sys


---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 sector 22: copy of MBR
Disk \Device\Harddisk0\DR0 sector 23: copy of MBR

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\tdx \Device\Ip kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
AttachedDevice \Driver\tdx \Device\Tcp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
AttachedDevice \Driver\tdx \Device\Udp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
AttachedDevice \Driver\tdx \Device\RawIp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----


a zde log2) :

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-04-15 13:55:30
Windows 6.1.7600
Running: gmer.exe; Driver: C:\Windows\TEMP\kxldypow.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwAdjustPrivilegesToken [0x8B515BDC]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwAlpcConnectPort [0x8B517538]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwAlpcCreatePort [0x8B51778E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwAlpcSendWaitReceivePort [0x8B517A08]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwClose [0x8B51645C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwConnectPort [0x8B516B3E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateEvent [0x8B516F48]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateFile [0x8B516604]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateMutant [0x8B516E20]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateNamedPipeFile [0x8B5157E2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreatePort [0x8B516CDC]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateSection [0x8B51599E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateSemaphore [0x8B51707A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateSymbolicLinkObject [0x8B518CBC]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateThread [0x8B5160FA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateThreadEx [0x8B5161FA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateWaitablePort [0x8B516D7E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwDebugActiveProcess [0x8B5186AE]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwDuplicateObject [0x8B51967E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwFsControlFile [0x8B51675E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwLoadDriver [0x8B518740]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwMapViewOfSection [0x8B518D70]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenEvent [0x8B516FEA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenFile [0x8B5164DE]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenMutant [0x8B516EB8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenProcess [0x8B515DE2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenSection [0x8B518CE6]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenSemaphore [0x8B51711C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenThread [0x8B515D06]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwQueryDirectoryObject [0x8B517C4A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwQuerySection [0x8B519088]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwQueueApcThread [0x8B5189D6]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwReplyPort [0x8B5174A6]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwReplyWaitReceivePort [0x8B51736C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwRequestWaitReplyPort [0x8B51844E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwResumeThread [0x8B519560]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSecureConnectPort [0x8B516878]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSetContextThread [0x8B516318]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSetInformationToken [0x8B517CFE]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSetSecurityObject [0x8B51883A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSetSystemInformation [0x8B5191C8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSuspendProcess [0x8B5192AC]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSuspendThread [0x8B5193D4]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSystemDebugControl [0x8B5185DA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwTerminateProcess [0x8B515F5A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwTerminateThread [0x8B515EB0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwUnmapViewOfSection [0x8B518F3E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwWriteVirtualMemory [0x8B51603A]

INT 0x1F \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82A2FAF8
INT 0x37 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82A2F104
INT 0xC1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82A2F3F4
INT 0xD1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82A17634
INT 0xD2 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82A17898
INT 0xDF \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82A2F1DC
INT 0xE1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82A2F958
INT 0xE3 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82A2F6F8
INT 0xFD \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82A2FF2C
INT 0xFE \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82A301A8

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 82A8F599 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82AB3F52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!RtlSidHashLookup + 220 82ABB730 4 Bytes [DC, 5B, 51, 8B]
.text ntkrnlpa.exe!RtlSidHashLookup + 248 82ABB758 8 Bytes [38, 75, 51, 8B, 8E, 77, 51, ...]
.text ntkrnlpa.exe!RtlSidHashLookup + 28C 82ABB79C 4 Bytes [08, 7A, 51, 8B]
.text ntkrnlpa.exe!RtlSidHashLookup + 2B8 82ABB7C8 4 Bytes [5C, 64, 51, 8B]
.text ntkrnlpa.exe!RtlSidHashLookup + 2DC 82ABB7EC 4 Bytes [3E, 6B, 51, 8B]
.text ...
.text peauth.sys 9D20CC9D 28 Bytes [4F, 04, 72, FA, B4, 7D, 14, ...]
.text peauth.sys 9D20CCC1 28 Bytes [4F, 04, 72, FA, B4, 7D, 14, ...]
PAGE peauth.sys 9D21302C 102 Bytes [07, F7, 51, FB, F7, B4, 94, ...]
? C:\Windows\TEMP\mbr.sys Systém nemůže nalézt uvedený soubor. !
PAGE spsys.sys!?SPRevision@@3PADA + 4F90 9D399000 290 Bytes [8B, FF, 55, 8B, EC, 33, C0, ...]
PAGE spsys.sys!?SPRevision@@3PADA + 50B3 9D399123 629 Bytes [45, 39, 9D, FE, 05, 34, 45, ...]
PAGE spsys.sys!?SPRevision@@3PADA + 5329 9D399399 101 Bytes [6A, 28, 59, A5, 5E, C6, 03, ...]
PAGE spsys.sys!?SPRevision@@3PADA + 538F 9D3993FF 51 Bytes [18, 5D, C2, 14, 00, 8B, FF, ...]
PAGE spsys.sys!?SPRevision@@3PADA + 53C3 9D399433 84 Bytes [38, 9D, 85, C9, 7C, 18, 8D, ...]
PAGE ...

---- User code sections - GMER 1.0.15 ----

? C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[1704] C:\Windows\SYSTEM32\ntdll.dll time/date stamp mismatch;
? C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[1704] C:\Windows\system32\kernel32.dll time/date stamp mismatch; unknown module: KERNELBASE.dll
.text C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[1704] USER32.dll!NotifyWinEvent + 48B 75BBF724 4 Bytes [70, 11, 37, 6D] {JO 0x13; AAA ; INSD }
? C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[3728] C:\Windows\SYSTEM32\ntdll.dll time/date stamp mismatch;
? C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[3728] C:\Windows\system32\kernel32.dll time/date stamp mismatch; unknown module: KERNELBASE.dll
.text C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[3728] USER32.dll!NotifyWinEvent + 48B 75BBF724 4 Bytes [70, 11, 37, 6D] {JO 0x13; AAA ; INSD }

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[1704] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlReAllocateHeap] 001F0240
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[1704] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlSizeHeap] 001F02B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[1704] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlAllocateHeap] 001F0320
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[1704] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlFreeHeap] 001F0390
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[1704] @ C:\Windows\system32\RPCRT4.dll [ntdll.dll!RtlFreeHeap] 001F07F0
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[1704] @ C:\Windows\system32\RPCRT4.dll [ntdll.dll!RtlAllocateHeap] 001F0860
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[1704] @ C:\Windows\system32\USER32.dll [ntdll.dll!RtlSizeHeap] 001F0B00
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[1704] @ C:\Windows\system32\USER32.dll [ntdll.dll!RtlReAllocateHeap] 001F0B70
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[1704] @ C:\Windows\system32\USER32.dll [ntdll.dll!RtlAllocateHeap] 001F0BE0
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[1704] @ C:\Windows\system32\USER32.dll [ntdll.dll!RtlFreeHeap] 001F0C50
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[1704] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] 00480DA0
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[1704] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CreateThread] 001F0CC0
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[1704] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CreateProcessW] 00480E10
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[1704] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetModuleFileNameA] 00480E80
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[1704] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExA] 00480EF0
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[1704] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 00480F60
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[1704] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!FreeLibrary] 77360860
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[1704] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] 773608D0
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[1704] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] 77360940
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[1704] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetModuleFileNameW] 773609B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[1704] @ C:\Windows\system32\GDI32.dll [ntdll.dll!RtlAllocateHeap] 001F0D30
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[1704] @ C:\Windows\system32\GDI32.dll [ntdll.dll!RtlFreeHeap] 001F0DA0
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[1704] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 77360A20
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[1704] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] 77360A90
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[1704] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] 77360B00
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[1704] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] 77360B70
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[1704] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!FreeLibrary] 77360BE0
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[1704] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] 77360C50
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[1704] @ C:\Windows\system32\ADVAPI32.dll [ntdll.dll!RtlFreeHeap] 77890940
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[1704] @ C:\Windows\system32\ADVAPI32.dll [ntdll.dll!RtlAllocateHeap] 778909B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[1704] @ C:\Windows\system32\ADVAPI32.dll [ntdll.dll!RtlReAllocateHeap] 77890A20
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[1704] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!VirtualFree] 77890B00
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[1704] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetModuleFileNameW] 00490400
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[1704] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] 00490470
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[1704] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!SetErrorMode] 004904E0
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[1704] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] 00490550
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[1704] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] 004905C0
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[1704] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!FreeLibrary] 00490630
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[1704] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] 004906A0
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[1704] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!HeapFree] 77890CC0
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[1704] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExA] 00490710
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[1704] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 00490780
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[1704] @ C:\Windows\system32\SHELL32.dll [ntdll.dll!RtlFreeHeap] 00200780
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[1704] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] 004A0320
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[1704] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] 004A0390
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[1704] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] 004A0400
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[1704] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread] 002007F0
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[1704] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!HeapFree] 002008D0
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[1704] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetModuleFileNameA] 004A0470
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[1704] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetModuleFileNameW] 004A04E0
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[1704] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] 004A0550
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[1704] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] 004A05C0
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[1704] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] 004A0630
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[1704] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FreeLibrary] 004A06A0
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[1704] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] 004A0710
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[1704] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetErrorMode] 004A0780
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[1704] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 004A07F0
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[1704] @ C:\Windows\system32\ole32.dll [ntdll.dll!RtlFreeHeap] 00200940
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[1704] @ C:\Windows\system32\ole32.dll [ntdll.dll!RtlAllocateHeap] 002009B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[1704] @ C:\Windows\system32\ole32.dll [ntdll.dll!RtlReAllocateHeap] 00200A20
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[1704] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] 004A0BE0
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[1704] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] 004A0C50
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[1704] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!CreateThread] 778901D0
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[1704] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!SetErrorMode] 77360470
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[1704] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!LoadLibraryW] 77360400
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[1704] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!HeapFree] 778902B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[1704] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 773604E0
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[1704] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!LoadLibraryExW] 77360390
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[1704] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] 77360240
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[1704] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!LoadLibraryA] 773602B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[1704] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!FreeLibrary] 773600F0
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[1704] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetModuleFileNameW] 773601D0
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[1704] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetModuleFileNameA] 77360160
IAT C:\Windows\Explorer.EXE[2940] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [74D12494] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2940] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [74CF5624] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2940] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [74CF56E2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2940] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [74D1250F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2940] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [74D08573] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2940] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [74D04D27] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2940] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [74D050CE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2940] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [74D051A3] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2940] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromHBITMAP] [74D066D0] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2940] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [74D082CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2940] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [74D08819] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2940] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [74D0907A] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2940] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [74D0E21D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2940] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [74D04C59] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Program Files\Protector Suite QL\psqltray.exe[3468] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [757F5D3D] C:\Windows\system32\apphelp.dll (Application Compatibility client library/Microsoft Corporation)
IAT C:\Program Files\Protector Suite QL\psqltray.exe[3468] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [757F5D3D] C:\Windows\system32\apphelp.dll (Application Compatibility client library/Microsoft Corporation)
IAT C:\Program Files\Protector Suite QL\psqltray.exe[3468] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [757F5D3D] C:\Windows\system32\apphelp.dll (Application Compatibility client library/Microsoft Corporation)
IAT C:\Program Files\Protector Suite QL\psqltray.exe[3468] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [757F5D3D] C:\Windows\system32\apphelp.dll (Application Compatibility client library/Microsoft Corporation)
IAT C:\Program Files\Protector Suite QL\psqltray.exe[3468] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [757F5D3D] C:\Windows\system32\apphelp.dll (Application Compatibility client library/Microsoft Corporation)
IAT C:\Program Files\Protector Suite QL\psqltray.exe[3468] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [757F5D3D] C:\Windows\system32\apphelp.dll (Application Compatibility client library/Microsoft Corporation)
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[3728] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlReAllocateHeap] 001F0240
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[3728] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlSizeHeap] 001F02B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[3728] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlAllocateHeap] 001F0320
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[3728] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlFreeHeap] 001F0390
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[3728] @ C:\Windows\system32\RPCRT4.dll [ntdll.dll!RtlFreeHeap] 001F07F0
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[3728] @ C:\Windows\system32\RPCRT4.dll [ntdll.dll!RtlAllocateHeap] 001F0860
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[3728] @ C:\Windows\system32\USER32.dll [ntdll.dll!RtlSizeHeap] 001F0B00
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[3728] @ C:\Windows\system32\USER32.dll [ntdll.dll!RtlReAllocateHeap] 001F0B70
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[3728] @ C:\Windows\system32\USER32.dll [ntdll.dll!RtlAllocateHeap] 001F0BE0
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[3728] @ C:\Windows\system32\USER32.dll [ntdll.dll!RtlFreeHeap] 001F0C50
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[3728] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] 002A0DA0
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[3728] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CreateThread] 001F0CC0
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[3728] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CreateProcessW] 002A0E10
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[3728] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetModuleFileNameA] 002A0E80
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[3728] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExA] 002A0EF0
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[3728] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 002A0F60
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[3728] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!FreeLibrary] 77360860
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[3728] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] 773608D0
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[3728] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] 77360940
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[3728] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetModuleFileNameW] 773609B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[3728] @ C:\Windows\system32\GDI32.dll [ntdll.dll!RtlAllocateHeap] 001F0D30
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[3728] @ C:\Windows\system32\GDI32.dll [ntdll.dll!RtlFreeHeap] 001F0DA0
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[3728] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 77360A20
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[3728] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] 77360A90
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[3728] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] 77360B00
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[3728] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] 77360B70
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[3728] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!FreeLibrary] 77360BE0
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[3728] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] 77360C50
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[3728] @ C:\Windows\system32\ADVAPI32.dll [ntdll.dll!RtlFreeHeap] 77890940
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[3728] @ C:\Windows\system32\ADVAPI32.dll [ntdll.dll!RtlAllocateHeap] 778909B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[3728] @ C:\Windows\system32\ADVAPI32.dll [ntdll.dll!RtlReAllocateHeap] 77890A20
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[3728] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!VirtualFree] 77890B00
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[3728] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetModuleFileNameW] 003B0400
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[3728] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] 003B0470
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[3728] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!SetErrorMode] 003B04E0
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[3728] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] 003B0550
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[3728] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] 003B05C0
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[3728] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!FreeLibrary] 003B0630
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[3728] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] 003B06A0
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[3728] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!HeapFree] 77890CC0
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[3728] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExA] 003B0710
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[3728] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 003B0780
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[3728] @ C:\Windows\system32\SHELL32.dll [ntdll.dll!RtlFreeHeap] 00200780
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[3728] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] 003C0320
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[3728] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] 003C0390
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[3728] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] 003C0400
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[3728] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread] 002007F0
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[3728] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!HeapFree] 002008D0
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[3728] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetModuleFileNameA] 003C0470
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[3728] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetModuleFileNameW] 003C04E0
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[3728] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] 003C0550
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[3728] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] 003C05C0
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[3728] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] 003C0630
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[3728] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FreeLibrary] 003C06A0
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[3728] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] 003C0710
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[3728] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetErrorMode] 003C0780
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[3728] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 003C07F0
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[3728] @ C:\Windows\system32\ole32.dll [ntdll.dll!RtlFreeHeap] 00200940
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[3728] @ C:\Windows\system32\ole32.dll [ntdll.dll!RtlAllocateHeap] 002009B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[3728] @ C:\Windows\system32\ole32.dll [ntdll.dll!RtlReAllocateHeap] 00200A20
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[3728] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] 003C0BE0
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[3728] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] 003C0C50

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy1 hotcore3.sys (A part of Paragon System Utilities/Paragon Software Group)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy2 hotcore3.sys (A part of Paragon System Utilities/Paragon Software Group)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy3 hotcore3.sys (A part of Paragon System Utilities/Paragon Software Group)
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy4 hotcore3.sys (A part of Paragon System Utilities/Paragon Software Group)
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy5 hotcore3.sys (A part of Paragon System Utilities/Paragon Software Group)
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy6 hotcore3.sys (A part of Paragon System Utilities/Paragon Software Group)
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy7 hotcore3.sys (A part of Paragon System Utilities/Paragon Software Group)
AttachedDevice \Driver\tdx \Device\Tcp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 hotcore3.sys (A part of Paragon System Utilities/Paragon Software Group)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 hotcore3.sys (A part of Paragon System Utilities/Paragon Software Group)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 hotcore3.sys (A part of Paragon System Utilities/Paragon Software Group)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 hotcore3.sys (A part of Paragon System Utilities/Paragon Software Group)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 hotcore3.sys (A part of Paragon System Utilities/Paragon Software Group)

Device \Driver\ACPI_HAL \Device\0000004d halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice \Driver\tdx \Device\Udp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
AttachedDevice \Driver\tdx \Device\RawIp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4F8EE4A9-6734-4822-8EDD-5425AF20C47B}
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E3BC8BF4-B882-4500-9CB7-7CE077E3CB13}
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4F8EE4A9-6734-4822-8EDD-5425AF20C47B}
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4F8EE4A9-6734-4822-8EDD-5425AF20C47B}@Path \Microsoft\Windows Defender\MP Scheduled Scan
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4F8EE4A9-6734-4822-8EDD-5425AF20C47B}@Triggers 0x15 0x00 0x00 0x00 ...
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4F8EE4A9-6734-4822-8EDD-5425AF20C47B}@DynamicInfo 0x03 0x00 0x00 0x00 ...
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E3BC8BF4-B882-4500-9CB7-7CE077E3CB13}
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E3BC8BF4-B882-4500-9CB7-7CE077E3CB13}@Path \Microsoft\Windows Defender\MpIdleTask
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E3BC8BF4-B882-4500-9CB7-7CE077E3CB13}@Triggers 0x15 0x00 0x00 0x00 ...
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E3BC8BF4-B882-4500-9CB7-7CE077E3CB13}@DynamicInfo 0x03 0x00 0x00 0x00 ...
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows Defender\MP Scheduled Scan@Id {4F8EE4A9-6734-4822-8EDD-5425AF20C47B}
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows Defender\MpIdleTask@Id {E3BC8BF4-B882-4500-9CB7-7CE077E3CB13}

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 sector 22: copy of MBR
Disk \Device\Harddisk0\DR0 sector 23: copy of MBR

---- EOF - GMER 1.0.15 ----

[Caroprd111]

Nabootujte z instalačního CD a vstupte do konzoly pro zotavení. Pro tuto operaci musíte znát heslo k účtu Administrator. Do příkazového řádku napište:

Kód: Vybrat vše

fixmbr

Stskněte >Enter< a potvrďte. Pak napište

Kód: Vybrat vše

exit

opět stiskněte >Enter< . PC se restartuje.



Start > Spustit (Win + R)

• Vyskočí okénko, zkopírujte do něj:

Kód: Vybrat vše

"%userprofile%\desktop\mbr" -t

• Klikněte na OK

• Vytvoří se log s názvem mbr.log, vložte ho sem.

[OKNA 7 s virem ..]

Takze ted jsem se dokonale ztratil
No, pokud jsem vse pochopil alespon na 50% tak snad Vam sdelim vse alespon castecne srozumitelne, predem se omlouvam, opravdu pocitacum nerozumim
Nabootovat = spustit originalni DVD s Windows 7 To jsem udelal, ale tam zadne 'zotaveni konzole' neni ?! Mam na vyber instalovat ci opravit Kliknul jsem na opravit a zde se nabizi 1) Opr. spousteni
2) Navrat v case
3) Obnovit pomoci bitove kopie systemu
4) Test pameti
5) Prikazovy radek (coz je pro me totalne spanelska vesnice )
... do nej jsem napsal FIXMBR, nacez jsem byl vyrozumen, ze se nejedna o zadny prikaz takze me to vzalo na milost pouze s exit ...

Take me zaujala jedna vec Opravit windows mi bylo nabidnuto na D) ... pritom je samozrejme uhnizdeno na C)

Tak mam pocit, ze pocitac je na tom hur nez jsem si myslel Muj dea rikaval: myslet znamena h... vedet

[Caroprd111]

Omlouvám se, nějak jsem zapomněl, že máte Windows 7.


Pro jistotu, si udělejte zálohu důležitých dat

Pořádně si přečtěte návod, pokud něčemu nerozumíte, tak se ptejte.

1:Vypni Firewall>spust program HXD http://mh-nexus.de/en/downloads.php?product=HxD <klikni hore na ikonku pevneho disku>na karte ktora sa objavi>pod Fyzicke disky>Klik >oznac PEVNY DISK>vyber fajku >otvor len na citanie>klik>ok a este raz OK>


2:V pravo hore >je napisane >sector>a okienko + sipky>budes nastavovat a hladat sectory so sipkamy>sector 0>je MBR>a sector -63 je BOOT>Nebabrat>sector 1-62 maju byt Nulove>000000000000.

3:Program HXD otvor na plnu obrazovku>nastav so sipkou sector napriklad-1>ak cely sector 1-je nulova stlac lavu mysku oznac ho> pravy klik kopirovat presne cely nulovy sector>ale presne od ciary po ciaru

4:Skontroluj zo sipkamy sectory 1-62 a kde nie je cely sector nulovy stlac lavu mysku oznac presne cely sector>pravy klik>PREPISAT.

5:prepisu sa ti na cerveno>na 0000000-ly>ak toto budes mat klik v pravom hornom rohu na krizik a zatvor program HXD,objavi sa ti okno ci chces zmenu ulozit suhlasis.Zatvoris program HXD>restartnes >PC
Nepomyl sa nie ze zacnes prepisovat logicke disky



Sectory 22 a 23 maju vyzerat takto:

Kód: Vybrat vše

00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

Po provedení předchozího úkonu:

Stáhněte MBR na plochu http://www2.gmer.net/mbr/mbr.exe

Start > Spustit (Win + R)

• Vyskočí okénko, zkopírujte do něj:

Kód: Vybrat vše

"%userprofile%\desktop\mbr" -t

• Klikněte na OK

• Vytvoří se log s názvem mbr.log, vložte ho sem.

[OKNA 7 s virem ..]

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
kernel: error reading MBR

Tusim spravne ze kernel je v tahu ?

[Caroprd111]

Stáhněte MBR na plochu http://www2.gmer.net/mbr/mbr.exe

"Klikněte pravým tl. myši na soubor "MBR", zvolte "Vlastnosti" - "Kompatibilita" a zaškrtněte položku "Spustit tento program jako správce" - OK"

Start > Spustit (Win + R)

• Vyskočí okénko, zkopírujte do něj:

Kód: Vybrat vše

"%userprofile%\desktop\mbr" -t

• Klikněte na OK

• Vytvoří se log s názvem mbr.log, vložte ho sem.

[OKNA 7 s virem ..]

Teda jeste nez budem pokracovat, chci vam rict, ze jste fakt kabrnak
Me nevadi klidne znova instalovat Windows, dulezite je, aby v tom boot sektoru bylo vse jak ma byt a ja mam dojem, ze diky Vam bude Opravdu veliky respekt a podekovani

Zde je log: Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS halmacpi.dll PCIIDEX.SYS msahci.sys
kernel: MBR read successfully
user & kernel MBR OK

[Caroprd111]

MBR je v pořádku. Jsou s PC nějaké problémy