VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

Trojan:JS/Redirector.CI - jak na něj? Jde vůbec odstranit?

https://forum.viry.cz:443/viewtopic.php?t=101339

Stránka 1 z 2

Trojan:JS/Redirector.CI - jak na něj? Jde vůbec odstranit?

Napsal: 22 kvě 2010 18:19
od Jerry7650
Chytil jsem nějak tuhle mrchu a nějak se jí nejde zbavit.
Projevuje se tak, že se automaticky v náhodných intervalech otevírá ve Firefoxu stránka s nějakým nesmyslným obsahem (hláška že mám zavirovaný PC a at stahnu jejich software)

Spybot + Ad Aware + MS Antimalware (Nastroj pro odstranění škodlivého softwaru - nic nenajdou ani při Full scanu

Avast 5 - Full scan (ani při rebootu, kdy ještě nenaběhne Win7) nic nenajde, ve chvíli kdy ale Firefox začne načítat automaticky nějakou stránku, tak vyskočí hláška, že to bylo zablokováno: Trojan:JS/Redirector.CI

Eset online scanner - nic nenajde.

Dle této stránky: http://www.microsoft.com/security/porta ... irector.CI by měl jít odstranit antivirem, manuálně asi dost špatně...

Takže otázka zní - co s tím:-)

Re: Trojan:JS/Redirector.CI - jak na něj? Jde vůbec odstran

Napsal: 22 kvě 2010 18:23
od Caroprd111
Zdravím :)

Dejte log z RSIT http://www.viry.cz/forum/viewtopic.php?f=13&t=82743

Re: Trojan:JS/Redirector.CI - jak na něj? Jde vůbec odstran

Napsal: 22 kvě 2010 18:45
od Jerry7650
Logfile of random's system information tool 1.07 (written by random/random)
Run by Jarek at 2010-05-22 19:39:09
Microsoft Windows 7 Ultimate Service Pack 3
System drive C: has 3 GB (4%) free of 76 GB
Total RAM: 1024 MB (7% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:39:21, on 22.5.2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Users\Jerry\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Users\Jerry\Desktop\Miranda SG4 Black Edition\miranda32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Jerry\Downloads\windows-kb890830-v3.7.exe
c:\46bd6d0f38b4933c38eedc5be78950\mrtstub.exe
C:\Windows\system32\MRT.exe
C:\Users\Jerry\Downloads\RSIT.exe
C:\Program Files\trend micro\Jarek.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\RunOnce: [ehssetup] C:\Windows\system32\rundll32.exe "C:\Windows\ehome\ehssetup.dll",LaunchProcessInputFiles
O4 - HKLM\..\RunOnce: [wmssetup] C:\Windows\system32\rundll32.exe "C:\Program Files\Windows Media Player\wmssetup.dll",LaunchProcessInputFiles
O4 - HKLM\..\RunOnce: [iessetup] C:\Windows\system32\rundll32.exe "C:\Program Files\Internet Explorer\iessetup.dll",LaunchProcessInputFiles
O4 - HKLM\..\RunOnce: [BrowserChoice] browserchoice.exe
O4 - HKLM\..\RunOnce: [*WerKernelReporting] %SYSTEMROOT%\SYSTEM32\WerFault.exe -k -rq
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-253896119-1284465707-2055066879-1003\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe" (User 'Jerry')
O4 - S-1-5-21-253896119-1284465707-2055066879-1003 Startup: Dropbox.lnk = Jerry\AppData\Roaming\Dropbox\bin\Dropbox.exe (User 'Jerry')
O4 - S-1-5-21-253896119-1284465707-2055066879-1003 User Startup: Dropbox.lnk = Jerry\AppData\Roaming\Dropbox\bin\Dropbox.exe (User 'Jerry')
O9 - Extra button: Flash Decompiler SWF Capture tool - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - C:\Program Files\Eltima Software\Flash Decompiler Trillix\saveflash\iebt.dll (file missing)
O9 - Extra 'Tools' menuitem: Flash Decompiler SWF Capture tool menu - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - C:\Program Files\Eltima Software\Flash Decompiler Trillix\saveflash\iebt.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5CEA1D3E-B4FE-45F1-ABAC-37A26B508202}: NameServer = 192.168.2.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{5CEA1D3E-B4FE-45F1-ABAC-37A26B508202}: NameServer = 192.168.2.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{5CEA1D3E-B4FE-45F1-ABAC-37A26B508202}: NameServer = 192.168.2.1
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

--
End of file - 5028 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Ad-Aware Update (Weekly).job

======Registry dump======

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"VirtualCloneDrive"=C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [2009-06-17 85160]
"avast5"=C:\Program Files\Alwil Software\Avast5\avastUI.exe [2010-05-06 2815192]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"ehssetup"=C:\Windows\ehome\ehssetup.dll [2009-07-14 16384]
"wmssetup"=C:\Program Files\Windows Media Player\wmssetup.dll [2009-07-14 16384]
"iessetup"=C:\Program Files\Internet Explorer\iessetup.dll [2009-07-14 16384]
"BrowserChoice"=C:\Windows\system32\browserchoice.exe [2010-02-11 293376]
"*WerKernelReporting"=C:\Windows\SYSTEM32\WerFault.exe [2009-07-14 360448]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-03-06 500208]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager]
C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [2010-02-22 406992]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDRegion]
C:\Program Files\Cyberlink\Shared files\brs.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2010-03-17 421888]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl10]
C:\Program Files\CyberLink\PowerDVD10\PDVD10Serv.exe [2010-02-03 87336]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]
C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EFS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Power]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcEptMapper]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vmms]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AppInfo]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\BFE]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\bowser]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\dfsc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Dot3Svc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Eaphost]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\EFS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\IKEEXT]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\KeyIso]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MPSDrv]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MPSSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mrxsmb]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mrxsmb10]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mrxsmb20]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NativeWifiP]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ndiscap]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\netprofm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NlaSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Nsi]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nsiproxy.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NTDS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PolicyAgent]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Power]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ProfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\rdbss]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\rdpencdd.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\RpcEptMapper]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sacsvr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SCardSvr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SWPRV]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TabletInputService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TBS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TrustedInstaller]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\VaultSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\VDS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vmms]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\volmgr.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\volmgrx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wlansvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{50DD5230-BA8A-11D1-BF5D-0000F805F530}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"SynchronousMachineGroupPolicy"=0
"SynchronousUserGroupPolicy"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=181

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2010-05-22 19:37:30 ----D---- C:\Program Files\trend micro
2010-05-22 19:37:24 ----D---- C:\rsit
2010-05-22 17:54:35 ----D---- C:\Windows\system32\MpEngineStore
2010-05-22 17:53:22 ----D---- C:\46bd6d0f38b4933c38eedc5be78950
2010-05-22 17:51:24 ----A---- C:\Windows\system32\lsdelete.exe
2010-05-22 17:07:15 ----HDC---- C:\ProgramData\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
2010-05-22 17:06:59 ----D---- C:\ProgramData\Lavasoft
2010-05-22 17:06:59 ----D---- C:\Program Files\Lavasoft
2010-05-21 20:27:58 ----D---- C:\ProgramData\Spybot - Search & Destroy
2010-05-21 20:27:58 ----D---- C:\Program Files\Spybot - Search & Destroy
2010-05-20 23:52:03 ----A---- C:\Windows\system32\aswBoot.exe
2010-05-20 23:52:01 ----D---- C:\ProgramData\Alwil Software
2010-05-20 23:52:01 ----D---- C:\Program Files\Alwil Software
2010-05-20 21:27:12 ----D---- C:\Program Files\ESET
2010-05-20 21:06:16 ----D---- C:\Program Files\Microsoft Works
2010-05-20 21:05:53 ----D---- C:\Program Files\Microsoft Visual Studio
2010-05-20 21:05:53 ----D---- C:\Program Files\Common Files\DESIGNER
2010-05-20 21:05:21 ----D---- C:\Windows\PCHEALTH
2010-05-20 21:05:21 ----D---- C:\Program Files\Microsoft.NET
2010-05-20 21:03:17 ----D---- C:\Program Files\Microsoft Office
2010-05-20 21:03:16 ----D---- C:\ProgramData\Microsoft Help
2010-05-20 21:02:56 ----RHD---- C:\MSOCache
2010-05-20 20:23:40 ----D---- C:\Users\Jarek\AppData\Roaming\Skype
2010-05-20 19:57:54 ----D---- C:\Windows\Minidump
2010-05-18 23:14:42 ----D---- C:\ProgramData\Macromedia
2010-05-18 23:14:05 ----D---- C:\Program Files\Common Files\InstallShield
2010-05-18 23:13:56 ----D---- C:\Windows\Downloaded Installations
2010-05-18 22:55:06 ----A---- C:\Windows\FlashDecompiler.INI
2010-05-16 18:36:09 ----D---- C:\ProgramData\CyberLink
2010-05-16 18:35:42 ----D---- C:\Program Files\InstallShield Installation Information
2010-05-16 18:35:42 ----D---- C:\Program Files\Common Files\CyberLink
2010-05-16 18:34:22 ----D---- C:\Program Files\CyberLink
2010-05-16 18:34:22 ----A---- C:\Windows\system32\msxml3a.dll
2010-05-16 18:34:22 ----A---- C:\Windows\system32\msvcr71.dll
2010-05-16 18:34:22 ----A---- C:\Windows\system32\msvcp71.dll
2010-05-16 18:30:38 ----AD---- C:\ProgramData\Temp
2010-05-16 18:25:07 ----D---- C:\Program Files\AC3Filter
2010-05-16 15:34:35 ----D---- C:\Windows\system32\appmgmt
2010-05-16 13:23:49 ----D---- C:\ProgramData\Skype
2010-05-15 23:07:09 ----DC---- C:\Windows\system32\DRVSTORE
2010-05-13 17:51:59 ----D---- C:\Program Files\GNU
2010-05-13 16:03:39 ----D---- C:\ProgramData\Apple Computer
2010-05-13 16:03:39 ----D---- C:\Program Files\QuickTime
2010-05-13 16:03:21 ----D---- C:\Program Files\Common Files\Apple
2010-05-13 16:03:09 ----D---- C:\ProgramData\Apple
2010-05-12 17:41:56 ----A---- C:\Windows\system32\inetcomm.dll
2010-05-12 17:36:50 ----D---- C:\Users\Jarek\AppData\Roaming\GHISLER
2010-05-12 17:36:50 ----D---- C:\totalcmd
2010-05-11 21:51:16 ----D---- C:\Program Files\GRETECH
2010-05-10 21:25:57 ----D---- C:\QIP 2010 JadrisPack
2010-05-10 21:08:49 ----D---- C:\Program Files\Paint.NET
2010-05-07 00:06:09 ----D---- C:\ProgramData\regid.1986-12.com.adobe
2010-05-07 00:02:08 ----D---- C:\Program Files\Adobe Media Player
2010-05-07 00:00:58 ----D---- C:\Program Files\Common Files\Adobe AIR
2010-05-07 00:00:54 ----D---- C:\Program Files\Adobe
2010-05-07 00:00:47 ----D---- C:\Users\Jarek\AppData\Roaming\Macromedia
2010-05-07 00:00:41 ----D---- C:\Users\Jarek\AppData\Roaming\Adobe
2010-05-07 00:00:16 ----D---- C:\ProgramData\Adobe
2010-05-06 23:59:14 ----D---- C:\Program Files\Common Files\Adobe
2010-05-05 23:30:34 ----D---- C:\Program Files\Elaborate Bytes
2010-05-05 05:50:08 ----D---- C:\Windows\Panther
2010-05-05 05:49:43 ----D---- C:\Windows\system32\OEM
2010-05-04 23:11:31 ----D---- C:\Users\Jarek\AppData\Roaming\FastStone
2010-05-04 23:11:26 ----D---- C:\Program Files\FastStone Image Viewer
2010-05-04 22:02:11 ----D---- C:\Users\Jarek\AppData\Roaming\WinRAR
2010-05-04 22:01:50 ----D---- C:\Program Files\WinRAR
2010-05-04 21:59:48 ----D---- C:\Users\Jarek\AppData\Roaming\Softland
2010-05-04 21:59:47 ----A---- C:\Windows\system32\dopdfmn7.dll
2010-05-04 21:59:47 ----A---- C:\Windows\system32\dopdfmi7.dll
2010-05-04 21:59:46 ----A---- C:\Windows\system32\GdiPlus.dll
2010-05-04 21:59:45 ----D---- C:\Program Files\Softland
2010-05-04 21:56:16 ----D---- C:\Users\Jarek\AppData\Roaming\uTorrent
2010-05-04 21:56:16 ----D---- C:\Program Files\uTorrent
2010-05-04 21:48:52 ----D---- C:\Program Files\viewer-portable
2010-05-04 21:22:50 ----D---- C:\Windows\system32\Macromed
2010-05-04 21:01:12 ----N---- C:\Windows\system32\MpSigStub.exe
2010-05-04 20:48:25 ----D---- C:\Program Files\Mozilla Firefox
2010-05-04 20:42:25 ----A---- C:\Windows\system32\MRT.exe
2010-05-04 20:42:18 ----A---- C:\Windows\system32\browserchoice.exe
2010-05-04 20:27:41 ----A---- C:\Windows\system32\msv1_0.dll
2010-05-04 20:26:03 ----D---- C:\ProgramData\NVIDIA
2010-05-04 20:25:44 ----SHD---- C:\Windows\Installer
2010-05-04 20:25:39 ----A---- C:\Windows\system32\nvuninst.exe
2010-05-04 20:23:32 ----A---- C:\Windows\system32\mshtml.dll
2010-05-04 20:23:32 ----A---- C:\Windows\system32\jscript.dll
2010-05-04 20:23:31 ----A---- C:\Windows\system32\ieframe.dll
2010-05-04 20:23:30 ----A---- C:\Windows\system32\wininet.dll
2010-05-04 20:23:30 ----A---- C:\Windows\system32\urlmon.dll
2010-05-04 20:23:30 ----A---- C:\Windows\system32\mstime.dll
2010-05-04 20:23:30 ----A---- C:\Windows\system32\msfeedsbs.dll
2010-05-04 20:23:30 ----A---- C:\Windows\system32\iedkcs32.dll
2010-05-04 20:23:28 ----A---- C:\Windows\system32\ntoskrnl.exe
2010-05-04 20:23:28 ----A---- C:\Windows\system32\ntkrnlpa.exe
2010-05-04 20:23:27 ----A---- C:\Windows\system32\shell32.dll
2010-05-04 20:23:26 ----A---- C:\Windows\system32\lsasrv.dll
2010-05-04 20:23:25 ----A---- C:\Windows\system32\t2embed.dll
2010-05-04 20:23:25 ----A---- C:\Windows\system32\fontsub.dll
2010-05-04 20:23:25 ----A---- C:\Windows\system32\atmfd.dll
2010-05-04 20:23:24 ----A---- C:\Windows\system32\tzres.dll
2010-05-04 20:23:20 ----A---- C:\Windows\system32\wmp.dll
2010-05-04 20:23:19 ----A---- C:\Windows\system32\winresume.exe
2010-05-04 20:23:19 ----A---- C:\Windows\system32\winload.exe
2010-05-04 20:23:19 ----A---- C:\Windows\system32\CertEnroll.dll
2010-05-04 20:23:18 ----A---- C:\Windows\system32\wmploc.DLL
2010-05-04 20:22:59 ----A---- C:\Windows\system32\winlogon.exe
2010-05-04 20:22:59 ----A---- C:\Windows\system32\msasn1.dll
2010-05-04 20:22:59 ----A---- C:\Windows\explorer.exe
2010-05-04 20:22:58 ----A---- C:\Windows\system32\vbscript.dll
2010-05-04 20:22:58 ----A---- C:\Windows\system32\tsbyuv.dll
2010-05-04 20:22:58 ----A---- C:\Windows\system32\quartz.dll
2010-05-04 20:22:58 ----A---- C:\Windows\system32\msyuv.dll
2010-05-04 20:22:58 ----A---- C:\Windows\system32\msvidc32.dll
2010-05-04 20:22:58 ----A---- C:\Windows\system32\msrle32.dll
2010-05-04 20:22:58 ----A---- C:\Windows\system32\mciavi32.dll
2010-05-04 20:22:58 ----A---- C:\Windows\system32\iyuv_32.dll
2010-05-04 20:22:58 ----A---- C:\Windows\system32\avifil32.dll
2010-05-04 20:07:39 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-05-04 20:06:53 ----A---- C:\Windows\system32\wintrust.dll
2010-05-04 20:06:53 ----A---- C:\Windows\system32\cabview.dll
2010-05-04 20:03:22 ----D---- C:\Users\Jarek\AppData\Roaming\Identities
2010-05-04 20:03:07 ----SD---- C:\Users\Jarek\AppData\Roaming\Microsoft
2010-05-04 20:03:07 ----D---- C:\Users\Jarek\AppData\Roaming\Media Center Programs
2010-05-04 20:00:31 ----SHD---- C:\Recovery
2010-05-04 20:00:31 ----SHD---- C:\ProgramData\Šablony
2010-05-04 20:00:31 ----SHD---- C:\ProgramData\Plocha
2010-05-04 20:00:31 ----SHD---- C:\ProgramData\Oblíbené položky
2010-05-04 20:00:31 ----SHD---- C:\ProgramData\Nabídka Start
2010-05-04 20:00:31 ----SHD---- C:\ProgramData\Dokumenty
2010-05-04 20:00:31 ----SHD---- C:\ProgramData\Data aplikací
2010-05-04 19:54:05 ----D---- C:\Windows\SoftwareDistribution
2010-05-04 19:51:05 ----D---- C:\Windows\Prefetch
2010-05-04 19:50:44 ----SHD---- C:\System Volume Information

======List of files/folders modified in the last 1 months======

2010-05-22 19:38:38 ----D---- C:\Windows\Temp
2010-05-22 19:37:30 ----RD---- C:\Program Files
2010-05-22 19:23:56 ----D---- C:\Windows\system32\Tasks
2010-05-22 17:54:35 ----D---- C:\Windows\System32
2010-05-22 17:29:36 ----D---- C:\Windows\system32\config
2010-05-22 17:15:09 ----D---- C:\Windows\Tasks
2010-05-22 17:10:51 ----D---- C:\Windows\system32\drivers
2010-05-22 17:10:51 ----D---- C:\Windows\system32\catroot
2010-05-22 17:07:15 ----HD---- C:\ProgramData
2010-05-22 17:06:55 ----D---- C:\Windows\winsxs
2010-05-20 21:36:13 ----RSD---- C:\Windows\assembly
2010-05-20 21:35:22 ----RSD---- C:\Windows\Fonts
2010-05-20 21:35:10 ----D---- C:\Program Files\Common Files\microsoft shared
2010-05-20 21:05:53 ----D---- C:\Program Files\Common Files
2010-05-20 21:05:48 ----D---- C:\Windows\ShellNew
2010-05-20 21:05:21 ----SD---- C:\ProgramData\Microsoft
2010-05-20 21:05:21 ----D---- C:\Windows
2010-05-19 23:23:31 ----D---- C:\Windows\inf
2010-05-17 17:23:35 ----D---- C:\Windows\system32\wdi
2010-05-16 17:57:27 ----D---- C:\Windows\system32\DriverStore
2010-05-15 23:07:25 ----D---- C:\Windows\system32\catroot2
2010-05-13 16:03:57 ----D---- C:\Program Files\Internet Explorer
2010-05-13 03:00:57 ----D---- C:\Program Files\Windows Mail
2010-05-10 21:54:18 ----D---- C:\Windows\Downloaded Program Files
2010-05-06 18:52:56 ----D---- C:\Windows\rescache
2010-05-04 20:42:25 ----D---- C:\Windows\debug
2010-05-04 20:35:54 ----D---- C:\Windows\Microsoft.NET
2010-05-04 20:28:23 ----D---- C:\Windows\ehome
2010-05-04 20:28:23 ----D---- C:\Program Files\Windows Media Player
2010-05-04 20:28:22 ----D---- C:\Windows\system32\sk-SK
2010-05-04 20:28:22 ----D---- C:\Windows\system32\en-US
2010-05-04 20:28:22 ----D---- C:\Windows\system32\cs-CZ
2010-05-04 20:28:22 ----D---- C:\Windows\system32\Boot
2010-05-04 20:25:56 ----D---- C:\Windows\Help
2010-05-04 20:18:15 ----D---- C:\Windows\system32\CodeIntegrity
2010-05-04 20:18:07 ----D---- C:\Windows\Logs
2010-05-04 20:13:29 ----D---- C:\Windows\system32\LogFiles
2010-05-04 20:08:46 ----SHD---- C:\$Recycle.Bin
2010-05-04 20:08:41 ----RD---- C:\Users
2010-05-04 20:06:55 ----D---- C:\Windows\system32\restore
2010-05-04 20:01:36 ----D---- C:\Windows\Setup
2010-05-04 20:01:33 ----D---- C:\Windows\system32\wbem
2010-05-04 20:00:31 ----D---- C:\Program Files\Windows NT
2010-05-04 19:54:22 ----D---- C:\Windows\system32\sysprep
2010-05-04 19:51:48 ----D---- C:\Windows\CSC

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr.sys [2010-05-06 23376]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2010-05-06 164048]
R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2010-05-06 46672]
R1 blbdrive;blbdrive; C:\Windows\system32\DRIVERS\blbdrive.sys [2009-07-14 35328]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2009-07-14 387584]
R1 DfsC;@%systemroot%\system32\drivers\dfsc.sys,-101; C:\Windows\System32\Drivers\dfsc.sys [2009-07-14 78336]
R1 discache;@%systemroot%\system32\drivers\discache.sys,-102; C:\Windows\System32\drivers\discache.sys [2009-07-14 32256]
R1 ElbyCDIO;ElbyCDIO Driver; C:\Windows\System32\Drivers\ElbyCDIO.sys [2009-12-18 26024]
R1 MpKsl6f730163;MpKsl6f730163; \??\C:\Windows\system32\MpEngineStore\MpKsl6f730163.sys [2010-05-22 28752]
R1 nsiproxy;@%SystemRoot%\system32\drivers\nsiproxy.sys,-2; C:\Windows\system32\drivers\nsiproxy.sys [2009-07-14 16896]
R1 RDPENCDD;@%systemroot%\system32\drivers\RDPENCDD.sys,-101; C:\Windows\system32\drivers\rdpencdd.sys [2009-07-14 6656]
R1 RDPREFMP;@%systemroot%\system32\drivers\RdpRefMp.sys,-101; C:\Windows\system32\drivers\rdprefmp.sys [2009-07-14 7168]
R1 tdx;@%SystemRoot%\system32\tcpipcfg.dll,-50004; C:\Windows\system32\DRIVERS\tdx.sys [2009-07-14 74240]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 48128]
R1 Wanarpv6;@%systemroot%\system32\rascfg.dll,-32012; C:\Windows\system32\DRIVERS\wanarp.sys [2009-07-14 63488]
R1 WfpLwf;WFP Lightweight Filter; C:\Windows\system32\DRIVERS\wfplwf.sys [2009-07-14 9728]
R2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC};Power Control [2010/05/16 18:35:55]; \??\C:\Program Files\CyberLink\PowerDVD10\NavFilter\000.fcl [2010-04-02 87536]
R2 aswFsBlk;aswFsBlk; C:\Windows\system32\drivers\aswFsBlk.sys [2010-05-06 19024]
R2 aswMonFlt;aswMonFlt; \??\C:\Windows\system32\drivers\aswMonFlt.sys [2010-05-06 51792]
R2 lltdio;Link-Layer Topology Discovery Mapper I/O Driver; C:\Windows\system32\DRIVERS\lltdio.sys [2009-07-14 48128]
R2 luafv;@%systemroot%\system32\drivers\luafv.sys,-100; C:\Windows\system32\drivers\luafv.sys [2009-07-14 86528]
R2 PEAUTH;PEAUTH; C:\Windows\system32\drivers\peauth.sys [2009-07-14 586752]
R2 rspndr;Link-Layer Topology Discovery Responder; C:\Windows\system32\DRIVERS\rspndr.sys [2009-07-14 60928]
R2 tcpipreg;TCP/IP Registry Compatibility; C:\Windows\System32\drivers\tcpipreg.sys [2009-07-14 34816]
R3 AmdK8;Ovladač procesoru AMD K8; C:\Windows\system32\DRIVERS\amdk8.sys [2009-07-14 55296]
R3 bowser;@%systemroot%\system32\browser.dll,-102; C:\Windows\system32\DRIVERS\bowser.sys [2009-07-14 69632]
R3 CompositeBus;Ovladač rozpoznávacího modulu složené sběrnice; C:\Windows\system32\DRIVERS\CompositeBus.sys [2009-07-14 31232]
R3 DXGKrnl;LDDM Graphics Subsystem; C:\Windows\System32\drivers\dxgkrnl.sys [2009-10-02 728648]
R3 HdAudAddService;Ovladač funkce Microsoft 1.1 UAA pro službu zvuku High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2009-07-14 304128]
R3 HDAudBus;Ovladač sběrnice Microsoft UAA pro zvuk High Definition Audio; C:\Windows\system32\DRIVERS\HDAudBus.sys [2009-07-14 108544]
R3 HidUsb;Ovladač třídy standardu HID Microsoft; C:\Windows\system32\DRIVERS\hidusb.sys [2009-07-14 24064]
R3 kbdhid;Ovladač klávesnice standardu HID; C:\Windows\system32\DRIVERS\kbdhid.sys [2009-07-14 28160]
R3 monitor;Služba ovladače funkce třídy monitorů Microsoft; C:\Windows\system32\DRIVERS\monitor.sys [2009-07-14 23552]
R3 mouhid;Ovladač myši standardu HID; C:\Windows\system32\DRIVERS\mouhid.sys [2009-07-14 26112]
R3 mpsdrv;@%SystemRoot%\system32\FirewallAPI.dll,-23092; C:\Windows\System32\drivers\mpsdrv.sys [2009-07-14 60416]
R3 mrxsmb10;@%systemroot%\system32\wkssvc.dll,-1004; C:\Windows\system32\DRIVERS\mrxsmb10.sys [2010-02-27 221696]
R3 mrxsmb20;@%systemroot%\system32\wkssvc.dll,-1006; C:\Windows\system32\DRIVERS\mrxsmb20.sys [2010-02-27 95744]
R3 NativeWifiP;NativeWiFi Filter; C:\Windows\system32\DRIVERS\nwifi.sys [2009-07-14 267264]
R3 netr73;RT73 USB - ovladač karty pro bezdrátovou síť LAN pro systém Windows Vista; C:\Windows\system32\DRIVERS\netr73.sys [2009-07-14 545792]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\Windows\system32\DRIVERS\nvm62x32.sys [2009-07-14 347264]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2009-09-27 9509832]
R3 RasAgileVpn;WAN Miniport (IKEv2); C:\Windows\system32\DRIVERS\AgileVpn.sys [2009-07-14 49152]
R3 RasSstp;@%systemroot%\system32\sstpsvc.dll,-202; C:\Windows\system32\DRIVERS\rassstp.sys [2009-07-14 75264]
R3 rdpbus;Remote Desktop Device Redirector Bus Driver; C:\Windows\system32\DRIVERS\rdpbus.sys [2009-07-14 18944]
R3 srv2;@%systemroot%\system32\srvsvc.dll,-104; C:\Windows\System32\DRIVERS\srv2.sys [2009-07-14 306688]
R3 srvnet;srvnet; C:\Windows\System32\DRIVERS\srvnet.sys [2009-12-08 113664]
R3 tunnel;Microsoft Tunnel Miniport Adapter Driver; C:\Windows\system32\DRIVERS\tunnel.sys [2009-07-14 108544]
R3 umbus;Ovladač sběrnice UMBus Enumerator; C:\Windows\system32\DRIVERS\umbus.sys [2009-07-14 39936]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\Windows\system32\DRIVERS\usbccgp.sys [2009-07-14 75264]
R3 usbehci;Ovladač miniportu vylepšeného hostitelského řadiče Microsoft USB 2.0; C:\Windows\system32\DRIVERS\usbehci.sys [2009-07-14 41472]
R3 usbhub;Ovladač standardního rozbočovače USB; C:\Windows\system32\DRIVERS\usbhub.sys [2009-07-14 258560]
R3 usbohci;Ovladač miniportu otevřeného hostitelského řadiče Microsoft USB; C:\Windows\system32\DRIVERS\usbohci.sys [2009-07-14 20480]
R3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\Windows\system32\DRIVERS\USBSTOR.SYS [2009-07-14 74752]
R3 VClone;VClone; C:\Windows\system32\DRIVERS\VClone.sys [2009-08-09 29696]
R3 vwifibus;Ovladač sběrnice Virtual WiFi; C:\Windows\system32\DRIVERS\vwifibus.sys [2009-07-14 19968]
R3 WudfPf;User Mode Driver Frameworks Platform Driver; C:\Windows\system32\drivers\WudfPf.sys [2009-07-14 92672]
S3 1394ohci;1394 OHCI Compliant Host Controller; C:\Windows\system32\DRIVERS\1394ohci.sys [2009-07-14 163328]
S3 AcpiPmi;ACPI Power Meter Driver; C:\Windows\system32\DRIVERS\acpipmi.sys [2009-07-14 9728]
S3 adp94xx;adp94xx; C:\Windows\system32\DRIVERS\adp94xx.sys [2009-07-14 422976]
S3 adpahci;adpahci; C:\Windows\system32\DRIVERS\adpahci.sys [2009-07-14 297552]
S3 adpu320;adpu320; C:\Windows\system32\DRIVERS\adpu320.sys [2009-07-14 146512]
S3 agp440;Intel AGP Bus Filter; C:\Windows\system32\DRIVERS\agp440.sys [2009-07-14 53312]
S3 amdagp;AMD AGP Bus Filter Driver; C:\Windows\system32\DRIVERS\amdagp.sys [2009-07-14 53312]
S3 amdide;amdide; C:\Windows\system32\DRIVERS\amdide.sys [2009-07-14 14912]
S3 AmdPPM;AMD Processor Driver; C:\Windows\system32\DRIVERS\amdppm.sys [2009-07-14 52736]
S3 amdsata;amdsata; C:\Windows\system32\DRIVERS\amdsata.sys [2009-07-14 79952]
S3 amdsbs;amdsbs; C:\Windows\system32\DRIVERS\amdsbs.sys [2009-07-14 159312]
S3 AppID;@%systemroot%\system32\appidsvc.dll,-102; C:\Windows\system32\drivers\appid.sys [2009-07-14 50176]
S3 arc;arc; C:\Windows\system32\DRIVERS\arc.sys [2009-07-14 76368]
S3 arcsas;arcsas; C:\Windows\system32\DRIVERS\arcsas.sys [2009-07-14 86608]
S3 b06bdrv;Broadcom NetXtreme II VBD; C:\Windows\system32\DRIVERS\bxvbdx.sys [2009-07-14 430080]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-14 229888]
S3 BrFiltLo;Brother USB Mass-Storage Lower Filter Driver; C:\Windows\system32\DRIVERS\BrFiltLo.sys [2009-07-14 13568]
S3 BrFiltUp;Brother USB Mass-Storage Upper Filter Driver; C:\Windows\system32\DRIVERS\BrFiltUp.sys [2009-07-14 5248]
S3 Brserid;Brother MFC Serial Port Interface Driver (WDM); C:\Windows\System32\Drivers\Brserid.sys [2009-07-14 272128]
S3 BrSerWdm;Brother WDM Serial driver; C:\Windows\System32\Drivers\BrSerWdm.sys [2009-07-14 62336]
S3 BrUsbMdm;Brother MFC USB Fax Only Modem; C:\Windows\System32\Drivers\BrUsbMdm.sys [2009-07-14 12160]
S3 BrUsbSer;Brother MFC USB Serial WDM Driver; C:\Windows\System32\Drivers\BrUsbSer.sys [2009-07-14 11904]
S3 BTHMODEM;Bluetooth Serial Communications Driver; C:\Windows\system32\DRIVERS\bthmodem.sys [2009-07-14 56320]
S3 circlass;Consumer IR Devices; C:\Windows\system32\DRIVERS\circlass.sys [2009-07-14 37888]
S3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\Windows\system32\DRIVERS\CmBatt.sys [2009-07-14 14080]
S3 Compbatt;Compbatt; C:\Windows\system32\DRIVERS\compbatt.sys [2009-07-14 19024]
S3 ebdrv;Broadcom NetXtreme II 10 GigE VBD; C:\Windows\system32\DRIVERS\evbdx.sys [2009-07-14 3100160]
S3 elxstor;elxstor; C:\Windows\system32\DRIVERS\elxstor.sys [2009-07-14 453712]
S3 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\DRIVERS\errdev.sys [2009-07-14 7168]
S3 exfat;exFAT File System Driver; C:\Windows\system32\drivers\exfat.sys [2009-07-14 142336]
S3 Filetrace;@%SystemRoot%\system32\drivers\filetrace.sys,-10001; C:\Windows\system32\drivers\filetrace.sys [2009-07-14 28160]
S3 FsDepends;@%SystemRoot%\system32\drivers\fsdepends.sys,-10001; C:\Windows\System32\drivers\FsDepends.sys [2009-07-14 46160]
S3 gagp30kx;Microsoft Generic AGPv3.0 Filter for K8 Processor Platforms; C:\Windows\system32\DRIVERS\gagp30kx.sys [2009-07-14 57936]
S3 hcw85cir;Hauppauge Consumer Infrared Receiver; C:\Windows\system32\drivers\hcw85cir.sys [2009-07-14 26624]
S3 HidBatt;HID UPS Battery Driver; C:\Windows\system32\DRIVERS\HidBatt.sys [2009-07-14 21504]
S3 HidBth;Microsoft Bluetooth HID Miniport; C:\Windows\system32\DRIVERS\hidbth.sys [2009-07-14 91136]
S3 HidIr;Microsoft Infrared HID Driver; C:\Windows\system32\DRIVERS\hidir.sys [2009-07-14 37888]
S3 HpSAMD;HpSAMD; C:\Windows\system32\DRIVERS\HpSAMD.sys [2009-07-14 67152]
S3 iaStorV;iaStorV; C:\Windows\system32\DRIVERS\iaStorV.sys [2009-07-14 332352]
S3 iirsp;iirsp; C:\Windows\system32\DRIVERS\iirsp.sys [2009-07-14 41040]
S3 intelide;intelide; C:\Windows\system32\DRIVERS\intelide.sys [2009-07-14 15424]
S3 intelppm;Intel Processor Driver; C:\Windows\system32\DRIVERS\intelppm.sys [2009-07-14 53760]
S3 IPMIDRV;IPMIDRV; C:\Windows\system32\DRIVERS\IPMIDrv.sys [2009-07-14 65536]
S3 isapnp;isapnp; C:\Windows\system32\DRIVERS\isapnp.sys [2009-07-14 46656]
S3 iScsiPrt;iScsiPort Driver; C:\Windows\system32\DRIVERS\msiscsi.sys [2009-07-14 186960]
S3 LSI_FC;LSI_FC; C:\Windows\system32\DRIVERS\lsi_fc.sys [2009-07-14 95824]
S3 LSI_SAS;LSI_SAS; C:\Windows\system32\DRIVERS\lsi_sas.sys [2009-07-14 89168]
S3 LSI_SAS2;LSI_SAS2; C:\Windows\system32\DRIVERS\lsi_sas2.sys [2009-07-14 54864]
S3 LSI_SCSI;LSI_SCSI; C:\Windows\system32\DRIVERS\lsi_scsi.sys [2009-07-14 96848]
S3 megasas;megasas; C:\Windows\system32\DRIVERS\megasas.sys [2009-07-14 30800]
S3 MegaSR;MegaSR; C:\Windows\system32\DRIVERS\MegaSR.sys [2009-07-14 235584]
S3 mpio;mpio; C:\Windows\system32\DRIVERS\mpio.sys [2009-07-14 130624]
S3 msahci;msahci; C:\Windows\system32\DRIVERS\msahci.sys [2009-07-14 27712]
S3 msdsm;msdsm; C:\Windows\system32\DRIVERS\msdsm.sys [2009-07-14 115792]
S3 mshidkmdf;@%SystemRoot%\system32\drivers\mshidkmdf.sys,-100; C:\Windows\System32\drivers\mshidkmdf.sys [2009-07-14 4096]
S3 MsRPC;MsRPC; C:\Windows\system32\drivers\MsRPC.sys [2009-07-14 162896]
S3 MSTEE;Konvertor jímka-jímka typu T datových proudů Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2009-07-14 6144]
S3 MTConfig;Microsoft Input Configuration Driver; C:\Windows\system32\DRIVERS\MTConfig.sys [2009-07-14 12288]
S3 NdisCap;NDIS Capture LightWeight Filter; C:\Windows\system32\DRIVERS\ndiscap.sys [2009-07-14 27136]
S3 nfrd960;nfrd960; C:\Windows\system32\DRIVERS\nfrd960.sys [2009-07-14 44624]
S3 nv_agp;NVIDIA nForce AGP Bus Filter; C:\Windows\system32\DRIVERS\nv_agp.sys [2009-07-14 105024]
S3 nvraid;nvraid; C:\Windows\system32\DRIVERS\nvraid.sys [2009-07-14 117312]
S3 nvstor;nvstor; C:\Windows\system32\DRIVERS\nvstor.sys [2009-07-14 142416]
S3 ohci1394;1394 OHCI Compliant Host Controller (Legacy); C:\Windows\system32\DRIVERS\ohci1394.sys [2009-07-14 62464]
S3 ql2300;ql2300; C:\Windows\system32\DRIVERS\ql2300.sys [2009-07-14 1383488]
S3 ql40xx;ql40xx; C:\Windows\system32\DRIVERS\ql40xx.sys [2009-07-14 106064]
S3 QWAVEdrv;@%SystemRoot%\system32\drivers\qwavedrv.sys,-1; C:\Windows\system32\drivers\qwavedrv.sys [2009-07-14 31744]
S3 s3cap;s3cap; C:\Windows\system32\DRIVERS\vms3cap.sys [2009-07-14 5632]
S3 sbp2port;sbp2port; C:\Windows\system32\DRIVERS\sbp2port.sys [2009-07-14 85568]
S3 scfilter;@%SystemRoot%\System32\drivers\scfilter.sys,-11; C:\Windows\System32\DRIVERS\scfilter.sys [2009-07-14 26624]
S3 sermouse;Serial Mouse Driver; C:\Windows\system32\DRIVERS\sermouse.sys [2009-07-14 19968]
S3 sffdisk;SFF Storage Class Driver; C:\Windows\system32\DRIVERS\sffdisk.sys [2009-07-14 11264]
S3 sffp_mmc;SFF Storage Protocol Driver for MMC; C:\Windows\system32\DRIVERS\sffp_mmc.sys [2009-07-14 12288]
S3 sffp_sd;SFF Storage Protocol Driver for SDBus; C:\Windows\system32\DRIVERS\sffp_sd.sys [2009-07-14 12800]
S3 sisagp;SIS AGP Bus Filter; C:\Windows\system32\DRIVERS\sisagp.sys [2009-07-14 52304]
S3 SiSRaid2;SiSRaid2; C:\Windows\system32\DRIVERS\SiSRaid2.sys [2009-07-14 40016]
S3 SiSRaid4;SiSRaid4; C:\Windows\system32\DRIVERS\sisraid4.sys [2009-07-14 77888]
S3 Smb;@%SystemRoot%\system32\tcpipcfg.dll,-50005; C:\Windows\system32\DRIVERS\smb.sys [2009-07-14 71168]
S3 stexstor;stexstor; C:\Windows\system32\DRIVERS\stexstor.sys [2009-07-14 21072]
S3 storvsc;storvsc; C:\Windows\system32\DRIVERS\storvsc.sys [2009-07-14 28224]
S3 TCPIP6;Microsoft IPv6 Protocol Driver; C:\Windows\system32\DRIVERS\tcpip.sys [2009-07-14 1285712]
S3 tssecsrv;@%SystemRoot%\System32\DRIVERS\tssecsrv.sys,-101; C:\Windows\System32\DRIVERS\tssecsrv.sys [2009-07-14 30208]
S3 uagp35;Microsoft AGPv3.5 Filter; C:\Windows\system32\DRIVERS\uagp35.sys [2009-07-14 55888]
S3 uliagpkx;Uli AGP Bus Filter; C:\Windows\system32\DRIVERS\uliagpkx.sys [2009-07-14 57424]
S3 UmPass;Microsoft UMPass Driver; C:\Windows\system32\DRIVERS\umpass.sys [2009-07-14 8192]
S3 usbcir;eHome Infrared Receiver (USBCIR); C:\Windows\system32\DRIVERS\usbcir.sys [2009-07-14 86016]
S3 usbprint;Microsoft USB PRINTER Class; C:\Windows\system32\DRIVERS\usbprint.sys [2009-07-14 19968]
S3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\Windows\system32\DRIVERS\usbuhci.sys [2009-07-14 24064]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter; C:\Windows\system32\DRIVERS\VBoxNetAdp.sys [2010-05-08 99984]
S3 VBoxNetFlt;VBoxNetFlt Service; C:\Windows\system32\DRIVERS\VBoxNetFlt.sys []
S3 vga;vga; C:\Windows\system32\DRIVERS\vgapnp.sys [2009-07-14 26112]
S3 vhdmp;vhdmp; C:\Windows\system32\DRIVERS\vhdmp.sys [2009-07-14 159824]
S3 viaagp;VIA AGP Bus Filter; C:\Windows\system32\DRIVERS\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]
S3 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\DRIVERS\vmbus.sys [2009-07-14 175824]
S3 VMBusHID;VMBusHID; C:\Windows\system32\DRIVERS\VMBusHID.sys [2009-07-14 17920]
S3 vsmraid;vsmraid; C:\Windows\system32\DRIVERS\vsmraid.sys [2009-07-14 141904]
S3 WacomPen;Wacom Serial Pen HID Driver; C:\Windows\system32\DRIVERS\wacompen.sys [2009-07-14 21632]
S3 Wd;Wd; C:\Windows\system32\DRIVERS\wd.sys [2009-07-14 19024]
S3 WIMMount;WIMMount; C:\Windows\system32\drivers\wimmount.sys [2009-07-14 19008]
S3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2009-07-14 11264]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2009-07-14 132224]
S4 crcdisk;Crcdisk Filter Driver; C:\Windows\system32\DRIVERS\crcdisk.sys [2009-07-14 22096]
S4 ws2ifsl;@%systemroot%\System32\drivers\ws2ifsl.sys,-1000; C:\Windows\system32\drivers\ws2ifsl.sys [2009-07-14 16384]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AudioEndpointBuilder;@%SystemRoot%\system32\audiosrv.dll,-204; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-05-06 40384]
R2 BFE;@%SystemRoot%\system32\bfe.dll,-1001; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 DPS;@%systemroot%\system32\dps.dll,-500; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 FDResPub;@%systemroot%\system32\fdrespub.dll,-100; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R2 gpsvc;@gpapi.dll,-112; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R2 iphlpsvc;@%SystemRoot%\system32\iphlpsvc.dll,-500; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2010-05-22 1314704]
R2 MMCSS;@%systemroot%\system32\mmcss.dll,-100; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R2 MpsSvc;@%SystemRoot%\system32\FirewallAPI.dll,-23090; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R2 NlaSvc;@%SystemRoot%\System32\nlasvc.dll,-1; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 nsi;@%SystemRoot%\system32\nsisvc.dll,-200; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2009-09-27 215656]
R2 Power;@%SystemRoot%\system32\umpo.dll,-100; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R2 ProfSvc;@%systemroot%\system32\profsvc.dll,-300; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R2 RpcEptMapper;@%windir%\system32\RpcEpMap.dll,-1001; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R2 SysMain;@%SystemRoot%\system32\sysmain.dll,-1000; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R2 UxSms;@%SystemRoot%\system32\dwm.exe,-2000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 WinDefend;@%ProgramFiles%\Windows Defender\MsMpRes.dll,-103; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 Wlansvc;@%SystemRoot%\System32\wlansvc.dll,-257; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R2 WMPNetworkSvc;@%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101; C:\Program Files\Windows Media Player\wmpnetwk.exe [2009-07-14 1121280]
R2 WSearch;@%systemroot%\system32\SearchIndexer.exe,-103; C:\Windows\system32\SearchIndexer.exe [2009-07-14 428032]
R2 wudfsvc;@%SystemRoot%\system32\wudfsvc.dll,-1000; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R3 AeLookupSvc;@%SystemRoot%\system32\aelupsvc.dll,-1; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R3 Appinfo;@%systemroot%\system32\appinfo.dll,-100; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-05-06 40384]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-05-06 40384]
R3 fdPHost;@%systemroot%\system32\fdPHost.dll,-100; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R3 HomeGroupListener;@%SystemRoot%\System32\ListSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R3 HomeGroupProvider;@%SystemRoot%\System32\provsvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R3 KeyIso;@keyiso.dll,-100; C:\Windows\system32\lsass.exe [2009-07-14 22528]
R3 netprofm;@%SystemRoot%\system32\netprofm.dll,-202; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R3 p2pimsvc;@%SystemRoot%\system32\pnrpsvc.dll,-8004; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R3 p2psvc;@%SystemRoot%\system32\p2psvc.dll,-8006; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R3 PcaSvc;@%SystemRoot%\system32\pcasvc.dll,-1; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R3 PNRPsvc;@%SystemRoot%\system32\pnrpsvc.dll,-8000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R3 WdiServiceHost;@%systemroot%\system32\wdi.dll,-502; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R3 WPDBusEnum;@%SystemRoot%\system32\wpdbusenum.dll,-100; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S2 sppsvc;@%SystemRoot%\system32\sppsvc.exe,-101; C:\Windows\system32\sppsvc.exe [2009-07-14 3179520]
S3 AppIDSvc;@%systemroot%\system32\appidsvc.dll,-100; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 AxInstSV;@%SystemRoot%\system32\AxInstSV.dll,-103; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 BDESVC;@%SystemRoot%\system32\bdesvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 bthserv;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 CertPropSvc;@%SystemRoot%\System32\certprop.dll,-11; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 clr_optimization_v2.0.50727_32;Microsoft .NET Framework NGEN v2.0.50727_X86; C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2009-06-10 66384]
S3 defragsvc;@%SystemRoot%\system32\defragsvc.dll,-101; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 EFS;@%SystemRoot%\system32\efssvc.dll,-100; C:\Windows\System32\lsass.exe [2009-07-14 22528]
S3 ehRecvr;@%SystemRoot%\ehome\ehrecvr.exe,-101; C:\Windows\ehome\ehRecvr.exe [2009-07-14 557056]
S3 ehSched;@%SystemRoot%\ehome\ehsched.exe,-101; C:\Windows\ehome\ehsched.exe [2009-07-14 94720]
S3 Fax;@%systemroot%\system32\fxsresm.dll,-118; C:\Windows\system32\fxssvc.exe [2009-07-14 522752]
S3 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 FontCache3.0.0.0;@%SystemRoot%\system32\PresentationHost.exe,-3309; C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2009-06-10 42856]
S3 idsvc;@%systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelInstallRC.dll,-8193; C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2009-06-10 878416]
S3 IKEEXT;@%SystemRoot%\system32\ikeext.dll,-501; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 IPBusEnum;@%systemroot%\system32\IPBusEnum.dll,-102; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 KtmRm;@comres.dll,-2946; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 lltdsvc;@%SystemRoot%\system32\lltdres.dll,-1; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 MSiSCSI;@%SystemRoot%\system32\iscsidsc.dll,-5000; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 pla;@%systemroot%\system32\pla.dll,-500; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 PNRPAutoReg;@%SystemRoot%\system32\pnrpauto.dll,-8002; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 QWAVE;@%SystemRoot%\system32\qwave.dll,-1; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 SCPolicySvc;@%SystemRoot%\System32\certprop.dll,-13; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 SDRSVC;@%SystemRoot%\system32\sdrsvc.dll,-107; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 SensrSvc;@%SystemRoot%\System32\sensrsvc.dll,-1000; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 SessionEnv;@%SystemRoot%\System32\SessEnv.dll,-1026; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 SNMPTRAP;@%SystemRoot%\system32\snmptrap.exe,-3; C:\Windows\System32\snmptrap.exe [2009-07-14 12800]
S3 sppuinotify;@%SystemRoot%\system32\sppuinotify.dll,-103; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 SstpSvc;@%SystemRoot%\system32\sstpsvc.dll,-200; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 SwitchBoard;SwitchBoard; C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
S3 TabletInputService;@%SystemRoot%\system32\TabSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 TBS;@%SystemRoot%\system32\tbssvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 THREADORDER;@%systemroot%\system32\mmcss.dll,-102; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 TrustedInstaller;@%SystemRoot%\servicing\TrustedInstaller.exe,-100; C:\Windows\servicing\TrustedInstaller.exe [2009-07-14 204800]
S3 UI0Detect;@%SystemRoot%\system32\ui0detect.exe,-101; C:\Windows\system32\UI0Detect.exe [2009-07-14 35840]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 VaultSvc;@%SystemRoot%\system32\vaultsvc.dll,-1003; C:\Windows\system32\lsass.exe [2009-07-14 22528]
S3 vds;@%SystemRoot%\system32\vds.exe,-100; C:\Windows\System32\vds.exe [2009-07-14 452608]
S3 wbengine;@%systemroot%\system32\wbengine.exe,-104; C:\Windows\system32\wbengine.exe [2009-07-14 1202688]
S3 WbioSrvc;@%systemroot%\system32\wbiosrvc.dll,-100; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 wcncsvc;@%SystemRoot%\system32\wcncsvc.dll,-3; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 WcsPlugInService;@%SystemRoot%\system32\WcsPlugInService.dll,-200; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 WdiSystemHost;@%systemroot%\system32\wdi.dll,-500; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 Wecsvc;@%SystemRoot%\system32\wecsvc.dll,-200; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 wercplsupport;@%SystemRoot%\System32\wercplsupport.dll,-101; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 WerSvc;@%SystemRoot%\System32\wersvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 WinHttpAutoProxySvc;@%SystemRoot%\system32\winhttp.dll,-100; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 WinRM;@%Systemroot%\system32\wsmsvc.dll,-101; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 WPCSvc;@%SystemRoot%\system32\wpcsvc.dll,-100; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 WwanSvc;@%SystemRoot%\System32\wwansvc.dll,-257; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S4 Mcx2Svc;@%SystemRoot%\ehome\ehres.dll,-15501; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S4 NetTcpPortSharing;@%systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelInstallRC.dll,-8201; C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2009-06-10 128848]

-----------------EOF-----------------

Re: Trojan:JS/Redirector.CI - jak na něj? Jde vůbec odstran

Napsal: 22 kvě 2010 18:46
od Caroprd111
Obrázek Stáhněte OTL http://oldtimer.geekstogo.com/OTL.exe na plochu
  • Spusťte, poté do spodního políčka vložte následující skript.

Kód: Vybrat vše

 netsvcs
drivers32
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s
c:\windows\*.* /U
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys 
symmpi.sys
adp3132.sys
mv61xx.sys
nvraid.sys 
ndis.sys
winlogon.exe
explorer.exe
userinit.exe
lsass.exe
svchost.exe
smss.exe
hal.dll
ws2_32.dll
tcpip.sys
cryptsvc.dll
Changer.sys
JakNDis.sys
isapnp.sys 
cdrom.sys 
/md5stop
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav 
%systemroot%\system32\*.dll /lockedfiles
reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c
%systemroot%\system32\drivers\*.sys /3
%systemroot%\system32\*.* /3
CREATERESTOREPOINT
  • Označte položku Pro všechny uživatele.
  • Označte položky Kontrola na havěť "LOP" a Kontrola na havěť "Purity"
  • Klikněte na tlačítko Prohledat
  • Po dokončení, sem vložte logy OTL.Txt a Extras.txt

Re: Trojan:JS/Redirector.CI - jak na něj? Jde vůbec odstran

Napsal: 22 kvě 2010 19:37
od Jerry7650
Díky za snahu!
Ještě popíšu situaci. Zkoušel jsem Win7 s uživatelským účtem, tj. bez admin práv a co je podstatné - firewall pouze od MS, antivir žádný! Je to testovací instalace, zda to jde bez Antiviru utáhnout a evidentně nelze.
Následně nainstalován Avast 5, Spybot, AdAware - full scan nic, esen online scan taky nic. Že jsem nakažen poznám podle toho, že Avast zařve ve chvíli, kdy mi to automaticky začne nahrávat stránku (tohle je ona: hxxp://www3.coantys-46td.xorg.pl/?p=p52dcWpnaV%2FRlsijZFaZp29plGOIpKTSasiVyWWYaZqal5Ru ).

Řeším tedy hlavně to, jak to, že to nic nezachytí a stejně se to projevuje. Snad se bude někomu hodit (já provedu přinejhorším reinstall systému). Ve Firefoxu se to spustí, i když jsem jen na stránce google.com a pravednes.cz (proskenovano pomocí AVG link scanner), doplnky mám jen Tab Mix Plus a AdBlock).

A tady jsou výpisy:

OTL logfile created on: 22.5.2010 20:00:00 - Run 1
OTL by OldTimer - Version 3.2.5.0 Folder = C:\Users\Jerry\Downloads
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

1 024,00 Mb Total Physical Memory | 182,00 Mb Available Physical Memory | 18,00% Memory free
2,00 Gb Paging File | 1,00 Gb Available in Paging File | 32,00% Paging File free
Paging file location(s): c:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 74,43 Gb Total Space | 2,73 Gb Free Space | 3,67% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 1,93 Gb Total Space | 0,01 Gb Free Space | 0,30% Space Free | Partition Type: FAT32
F: Drive not present or media not loaded
G: Drive not present or media not loaded
Drive H: | 14,89 Gb Total Space | 13,12 Gb Free Space | 88,11% Space Free | Partition Type: FAT32
I: Drive not present or media not loaded

Computer Name: JAREK-PC
Current User Name: Jarek
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010.05.22 19:57:47 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Users\Jerry\Downloads\OTL.exe
PRC - [2010.05.22 17:52:55 | 010,196,424 | ---- | M] (Microsoft Corporation) -- C:\Users\Jerry\Downloads\windows-kb890830-v3.7.exe
PRC - [2010.05.22 17:10:16 | 000,840,416 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2010.05.22 17:10:15 | 001,314,704 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2010.05.19 22:36:00 | 000,811,590 | ---- | M] ( ) -- C:\Users\Jerry\Desktop\Miranda SG4 Black Edition\miranda32.exe
PRC - [2010.05.15 17:30:08 | 000,322,352 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\uTorrent\uTorrent.exe
PRC - [2010.05.11 03:48:16 | 021,105,544 | ---- | M] () -- C:\Users\Jerry\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2010.05.06 22:59:42 | 002,815,192 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010.05.06 22:59:38 | 000,040,384 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010.04.30 11:51:06 | 000,058,312 | ---- | M] (Microsoft Corporation) -- c:\46bd6d0f38b4933c38eedc5be78950\mrtstub.exe
PRC - [2010.04.01 19:59:58 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.09.09 07:50:00 | 003,514,112 | ---- | M] (Ghisler Software GmbH) -- C:\totalcmd\TOTALCMD.EXE
PRC - [2009.07.14 03:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009.06.17 13:44:11 | 000,085,160 | ---- | M] (Elaborate Bytes AG) -- C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe


========== Modules (SafeList) ==========

MOD - [2010.05.22 19:57:47 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Users\Jerry\Downloads\OTL.exe
MOD - [2009.07.14 03:16:15 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspicli.dll
MOD - [2009.07.14 03:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sechost.dll
MOD - [2009.07.14 03:16:13 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\samcli.dll
MOD - [2009.07.14 03:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\profapi.dll
MOD - [2009.07.14 03:16:03 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netutils.dll
MOD - [2009.07.14 03:15:35 | 000,288,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\KernelBase.dll
MOD - [2009.07.14 03:15:13 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwmapi.dll
MOD - [2009.07.14 03:15:11 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devobj.dll
MOD - [2009.07.14 03:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptbase.dll
MOD - [2009.07.14 03:15:02 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll
MOD - [2009.07.14 03:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx
MOD - [2009.07.14 03:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2010.05.22 17:10:15 | 001,314,704 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2010.05.06 22:59:38 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010.05.06 22:59:38 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010.05.06 22:59:38 | 000,040,384 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010.02.19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009.07.14 03:16:21 | 000,185,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wwansvc.dll -- (WwanSvc)
SRV - [2009.07.14 03:16:17 | 000,151,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wbiosrvc.dll -- (WbioSrvc)
SRV - [2009.07.14 03:16:17 | 000,119,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpo.dll -- (Power)
SRV - [2009.07.14 03:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes)
SRV - [2009.07.14 03:16:15 | 000,053,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sppuinotify.dll -- (sppuinotify)
SRV - [2009.07.14 03:16:13 | 000,043,520 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 03:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (PNRPsvc) Protokol PNRP (Peer Name Resolution Protocol)
SRV - [2009.07.14 03:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (p2pimsvc)
SRV - [2009.07.14 03:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\provsvc.dll -- (HomeGroupProvider)
SRV - [2009.07.14 03:16:12 | 000,020,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009.07.14 03:15:36 | 000,194,560 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\ListSvc.dll -- (HomeGroupListener)
SRV - [2009.07.14 03:15:21 | 000,797,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009.07.14 03:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)
SRV - [2009.07.14 03:15:10 | 000,218,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\defragsvc.dll -- (defragsvc)
SRV - [2009.07.14 03:14:59 | 000,076,800 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\bdesvc.dll -- (BDESVC)
SRV - [2009.07.14 03:14:58 | 000,088,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AxInstSv.dll -- (AxInstSV) Instalační program ovládacích prvků ActiveX (AxInstSV)
SRV - [2009.07.14 03:14:53 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appidsvc.dll -- (AppIDSvc)
SRV - [2009.07.14 03:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\sppsvc.exe -- (sppsvc)
SRV - [2009.06.10 23:14:05 | 000,128,848 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)


========== Driver Services (SafeList) ==========

DRV - [2010.05.22 17:54:35 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\MpEngineStore\MpKsl6f730163.sys -- (MpKsl6f730163)
DRV - [2010.05.08 12:54:02 | 000,099,984 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV - [2010.05.06 22:39:23 | 000,046,672 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010.05.06 22:39:00 | 000,164,048 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2010.05.06 22:34:27 | 000,023,376 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010.05.06 22:34:10 | 000,051,792 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2010.05.06 22:33:47 | 000,019,024 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010.04.02 09:11:16 | 000,087,536 | ---- | M] (CyberLink Corp.) [2010/05/16 18:35:55] [Kernel | Auto | Running] -- C:\Program Files\CyberLink\PowerDVD10\NavFilter\000.fcl -- ({1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC})
DRV - [2010.02.04 17:53:02 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2009.12.18 00:25:12 | 000,026,024 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\System32\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV - [2009.12.11 09:44:02 | 000,133,720 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\ksecpkg.sys -- (KSecPkg)
DRV - [2009.09.27 23:12:22 | 009,509,832 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009.08.09 23:25:56 | 000,029,696 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VClone.sys -- (VClone)
DRV - [2009.07.14 03:26:21 | 000,015,952 | ---- | M] (CMD Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\cmdide.sys -- (cmdide)
DRV - [2009.07.14 03:26:17 | 000,297,552 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpahci.sys -- (adpahci)
DRV - [2009.07.14 03:26:15 | 000,422,976 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adp94xx.sys -- (adp94xx)
DRV - [2009.07.14 03:26:15 | 000,159,312 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsbs.sys -- (amdsbs)
DRV - [2009.07.14 03:26:15 | 000,146,512 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpu320.sys -- (adpu320)
DRV - [2009.07.14 03:26:15 | 000,086,608 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arcsas.sys -- (arcsas)
DRV - [2009.07.14 03:26:15 | 000,079,952 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsata.sys -- (amdsata)
DRV - [2009.07.14 03:26:15 | 000,076,368 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arc.sys -- (arc)
DRV - [2009.07.14 03:26:15 | 000,023,616 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\amdxata.sys -- (amdxata)
DRV - [2009.07.14 03:26:15 | 000,014,400 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\aliide.sys -- (aliide)
DRV - [2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvstor.sys -- (nvstor)
DRV - [2009.07.14 03:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvraid.sys -- (nvraid)
DRV - [2009.07.14 03:20:44 | 000,044,624 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nfrd960.sys -- (nfrd960)
DRV - [2009.07.14 03:20:37 | 000,089,168 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas.sys -- (LSI_SAS)
DRV - [2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iaStorV.sys -- (iaStorV)
DRV - [2009.07.14 03:20:36 | 000,235,584 | ---- | M] (LSI Corporation, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MegaSR.sys -- (MegaSR)
DRV - [2009.07.14 03:20:36 | 000,096,848 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2009.07.14 03:20:36 | 000,095,824 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_fc.sys -- (LSI_FC)
DRV - [2009.07.14 03:20:36 | 000,054,864 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas2.sys -- (LSI_SAS2)
DRV - [2009.07.14 03:20:36 | 000,041,040 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iirsp.sys -- (iirsp)
DRV - [2009.07.14 03:20:36 | 000,030,800 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\megasas.sys -- (megasas)
DRV - [2009.07.14 03:20:36 | 000,013,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hwpolicy.sys -- (hwpolicy)
DRV - [2009.07.14 03:20:28 | 000,453,712 | ---- | M] (Emulex) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\elxstor.sys -- (elxstor)
DRV - [2009.07.14 03:20:28 | 000,070,720 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\djsvs.sys -- (aic78xx)
DRV - [2009.07.14 03:20:28 | 000,067,152 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HpSAMD.sys -- (HpSAMD)
DRV - [2009.07.14 03:20:28 | 000,046,160 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\fsdepends.sys -- (FsDepends)
DRV - [2009.07.14 03:19:11 | 000,141,904 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vsmraid.sys -- (vsmraid)
DRV - [2009.07.14 03:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)
DRV - [2009.07.14 03:19:10 | 000,159,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vhdmp.sys -- (vhdmp)
DRV - [2009.07.14 03:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt)
DRV - [2009.07.14 03:19:10 | 000,032,832 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vdrvroot.sys -- (vdrvroot)
DRV - [2009.07.14 03:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\wimmount.sys -- (WIMMount)
DRV - [2009.07.14 03:19:10 | 000,016,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\viaide.sys -- (viaide)
DRV - [2009.07.14 03:19:04 | 001,383,488 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql2300.sys -- (ql2300)
DRV - [2009.07.14 03:19:04 | 000,173,648 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\rdyboost.sys -- (rdyboost)
DRV - [2009.07.14 03:19:04 | 000,106,064 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql40xx.sys -- (ql40xx)
DRV - [2009.07.14 03:19:04 | 000,077,888 | ---- | M] (Silicon Integrated Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\sisraid4.sys -- (SiSRaid4)
DRV - [2009.07.14 03:19:04 | 000,043,088 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\pcw.sys -- (pcw)
DRV - [2009.07.14 03:19:04 | 000,040,016 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\SiSRaid2.sys -- (SiSRaid2)
DRV - [2009.07.14 03:19:04 | 000,021,072 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\stexstor.sys -- (stexstor)
DRV - [2009.07.14 03:17:54 | 000,369,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\cng.sys -- (CNG)
DRV - [2009.07.14 02:57:25 | 000,272,128 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\Brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2009.07.14 02:02:41 | 000,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rdpbus.sys -- (rdpbus)
DRV - [2009.07.14 02:01:41 | 000,007,168 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\RDPREFMP.sys -- (RDPREFMP)
DRV - [2009.07.14 01:55:00 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2)
DRV - [2009.07.14 01:53:51 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\wfplwf.sys -- (WfpLwf)
DRV - [2009.07.14 01:52:44 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ndiscap.sys -- (NdisCap)
DRV - [2009.07.14 01:52:04 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vwififlt.sys -- (vwififlt)
DRV - [2009.07.14 01:52:02 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifibus.sys -- (vwifibus)
DRV - [2009.07.14 01:52:00 | 000,163,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\1394ohci.sys -- (1394ohci)
DRV - [2009.07.14 01:51:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\umpass.sys -- (UmPass)
DRV - [2009.07.14 01:51:08 | 000,004,096 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mshidkmdf.sys -- (mshidkmdf)
DRV - [2009.07.14 01:46:55 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MTConfig.sys -- (MTConfig)
DRV - [2009.07.14 01:45:26 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CompositeBus.sys -- (CompositeBus)
DRV - [2009.07.14 01:36:52 | 000,050,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\appid.sys -- (AppID)
DRV - [2009.07.14 01:33:50 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] -- C:\Windows\System32\drivers\scfilter.sys -- (scfilter)
DRV - [2009.07.14 01:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)
DRV - [2009.07.14 01:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)
DRV - [2009.07.14 01:24:05 | 000,032,256 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\discache.sys -- (discache)
DRV - [2009.07.14 01:19:21 | 000,021,504 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HidBatt.sys -- (HidBatt)
DRV - [2009.07.14 01:16:36 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\acpipmi.sys -- (AcpiPmi)
DRV - [2009.07.14 01:11:04 | 000,052,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdppm.sys -- (AmdPPM)
DRV - [2009.07.14 00:54:14 | 000,026,624 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009.07.14 00:53:33 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbMdm.sys -- (BrUsbMdm)
DRV - [2009.07.14 00:53:33 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbSer.sys -- (BrUsbSer)
DRV - [2009.07.14 00:53:32 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrSerWdm.sys -- (BrSerWdm)
DRV - [2009.07.14 00:53:28 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltLo.sys -- (BrFiltLo)
DRV - [2009.07.14 00:53:28 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltUp.sys -- (BrFiltUp)
DRV - [2009.07.14 00:02:53 | 000,545,792 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netr73.sys -- (netr73)
DRV - [2009.07.14 00:02:52 | 000,347,264 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvm62x32.sys -- (NVENETFD)
DRV - [2009.07.14 00:02:49 | 000,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)
DRV - [2009.07.14 00:02:48 | 003,100,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\evbdx.sys -- (ebdrv)
DRV - [2009.07.14 00:02:48 | 000,430,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\bxvbdx.sys -- (b06bdrv)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-253896119-1284465707-2055066879-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-253896119-1284465707-2055066879-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.cz/
IE - HKU\S-1-5-21-253896119-1284465707-2055066879-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = cs
IE - HKU\S-1-5-21-253896119-1284465707-2055066879-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 20 71 D7 00 7A F0 CA 01 [binary data]
IE - HKU\S-1-5-21-253896119-1284465707-2055066879-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.05.13 16:03:57 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.05.20 21:06:34 | 000,000,000 | ---D | M]

[2010.05.04 20:48:26 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010.04.01 18:51:34 | 000,000,638 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\jyxo-cz.xml
[2010.04.01 18:51:34 | 000,001,687 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\mall-cz.xml
[2010.04.01 18:51:34 | 000,001,367 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\seznam-cz.xml
[2010.04.01 18:51:34 | 000,000,654 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\slunecnice-cz.xml
[2010.04.01 18:51:34 | 000,001,179 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-cz.xml

O1 HOSTS File: ([2010.05.21 22:06:00 | 000,395,418 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 13652 more lines...
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (ALWIL Software)
O4 - HKLM..\Run: [VirtualCloneDrive] C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe (Elaborate Bytes AG)
O4 - HKU\S-1-5-21-253896119-1284465707-2055066879-1003..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - HKLM..\RunOnce: [*WerKernelReporting] C:\Windows\System32\WerFault.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [BrowserChoice] C:\Windows\System32\browserchoice.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [ehssetup] C:\Windows\ehome\ehssetup.DLL (Microsoft Corporation)
O4 - HKLM..\RunOnce: [iessetup] File not found
O4 - HKLM..\RunOnce: [wmssetup] File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Jerry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Jarek\AppData\Roaming\Dropbox\bin\Dropbox.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SynchronousMachineGroupPolicy = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SynchronousUserGroupPolicy = 0
O7 - HKU\S-1-5-21-253896119-1284465707-2055066879-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 181
O7 - HKU\S-1-5-21-253896119-1284465707-2055066879-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 1
O9 - Extra Button: Flash Decompiler SWF Capture tool - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - C:\Program Files\Eltima Software\Flash Decompiler Trillix\saveflash\iebt.dll File not found
O9 - Extra 'Tools' menuitem : Flash Decompiler SWF Capture tool menu - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - C:\Program Files\Eltima Software\Flash Decompiler Trillix\saveflash\iebt.dll File not found
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009.12.04 11:42:38 | 000,000,095 | -HS- | M] () - H:\autorun.bak -- [ FAT32 ]
O32 - AutoRun File - [2010.05.19 23:31:12 | 000,000,245 | -HS- | M] () - H:\autorun.inf -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\Windows\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias [2009.07.14 04:37:08 | 000,000,000 | ---D | M]
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
NetSvcs: Themes - C:\Windows\System32\themeservice.dll (Microsoft Corporation)
NetSvcs: BDESVC - C:\Windows\System32\bdesvc.dll (Microsoft Corporation)

Drivers32: msacm.ac3filter - C:\Windows\System32\ac3filter.acm ()
Drivers32: msacm.divxa32 - C:\Windows\System32\msaud32_divx.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)

========== Files/Folders - Created Within 30 Days ==========

[2010.05.22 19:37:30 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2010.05.22 19:37:24 | 000,000,000 | ---D | C] -- C:\rsit
[2010.05.22 17:54:35 | 000,000,000 | ---D | C] -- C:\Windows\System32\MpEngineStore
[2010.05.22 17:53:22 | 000,000,000 | ---D | C] -- C:\46bd6d0f38b4933c38eedc5be78950
[2010.05.22 17:10:50 | 000,064,288 | ---- | C] (Lavasoft AB) -- C:\Windows\System32\drivers\Lbd.sys
[2010.05.22 17:10:45 | 000,095,024 | ---- | C] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys
[2010.05.22 17:07:15 | 000,000,000 | -H-D | C] -- C:\ProgramData\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
[2010.05.22 17:06:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2010.05.22 17:06:59 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2010.05.21 20:27:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2010.05.21 20:27:58 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010.05.20 23:52:25 | 000,164,048 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswSP.sys
[2010.05.20 23:52:25 | 000,046,672 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2010.05.20 23:52:25 | 000,023,376 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2010.05.20 23:52:25 | 000,019,024 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2010.05.20 23:52:22 | 000,051,792 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2010.05.20 23:52:03 | 000,165,032 | ---- | C] (ALWIL Software) -- C:\Windows\System32\aswBoot.exe
[2010.05.20 23:52:03 | 000,038,848 | ---- | C] (ALWIL Software) -- C:\Windows\System32\avastSS.scr
[2010.05.20 23:52:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Alwil Software
[2010.05.20 23:52:01 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2010.05.20 21:27:12 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010.05.20 21:06:16 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Works
[2010.05.20 21:05:53 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio
[2010.05.20 21:05:53 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2010.05.20 21:05:21 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2010.05.20 21:05:21 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2010.05.20 21:03:33 | 000,000,000 | ---D | C] -- C:\Users\Jarek\AppData\Local\Microsoft Help
[2010.05.20 21:03:17 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2010.05.20 21:03:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2010.05.20 21:02:56 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2010.05.20 20:23:40 | 000,000,000 | ---D | C] -- C:\Users\Jarek\AppData\Roaming\Skype
[2010.05.20 19:57:54 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2010.05.18 23:14:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Macromedia
[2010.05.18 23:14:05 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield
[2010.05.18 23:13:56 | 000,000,000 | ---D | C] -- C:\Windows\Downloaded Installations
[2010.05.16 18:36:09 | 000,000,000 | ---D | C] -- C:\ProgramData\CyberLink
[2010.05.16 18:35:42 | 000,000,000 | ---D | C] -- C:\Program Files\InstallShield Installation Information
[2010.05.16 18:35:42 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\CyberLink
[2010.05.16 18:34:22 | 000,505,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvcp71.dll
[2010.05.16 18:34:22 | 000,353,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvcr71.dll
[2010.05.16 18:34:22 | 000,029,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml3a.dll
[2010.05.16 18:34:22 | 000,000,000 | ---D | C] -- C:\Program Files\CyberLink
[2010.05.16 18:30:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Temp
[2010.05.16 18:25:07 | 000,000,000 | ---D | C] -- C:\Program Files\AC3Filter
[2010.05.16 15:34:35 | 000,000,000 | ---D | C] -- C:\Windows\System32\appmgmt
[2010.05.16 13:23:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2010.05.15 23:07:25 | 000,142,864 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\drivers\VBoxDrv.sys
[2010.05.15 23:07:10 | 000,041,744 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\drivers\VBoxUSBMon.sys
[2010.05.15 23:07:09 | 000,000,000 | ---D | C] -- C:\Windows\System32\DRVSTORE
[2010.05.15 19:00:09 | 000,000,000 | ---D | C] -- C:\Users\Jarek\AbiSuite
[2010.05.13 17:51:59 | 000,000,000 | ---D | C] -- C:\Program Files\GNU
[2010.05.13 16:03:39 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010.05.13 16:03:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2010.05.13 16:03:21 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2010.05.13 16:03:13 | 000,000,000 | ---D | C] -- C:\Users\Jarek\AppData\Local\Apple
[2010.05.13 16:03:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2010.05.12 17:36:50 | 000,000,000 | ---D | C] -- C:\totalcmd
[2010.05.12 17:36:50 | 000,000,000 | ---D | C] -- C:\Users\Jarek\AppData\Roaming\GHISLER
[2010.05.11 21:51:16 | 000,000,000 | ---D | C] -- C:\Program Files\GRETECH
[2010.05.10 23:25:58 | 000,000,000 | ---D | C] -- C:\Users\Jarek\AppData\Local\Adobe
[2010.05.10 21:25:57 | 000,000,000 | ---D | C] -- C:\QIP 2010 JadrisPack
[2010.05.10 21:08:49 | 000,000,000 | ---D | C] -- C:\Users\Jarek\AppData\Local\Paint.NET
[2010.05.10 21:08:49 | 000,000,000 | ---D | C] -- C:\Program Files\Paint.NET
[2010.05.08 12:54:02 | 000,099,984 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\drivers\VBoxNetAdp.sys
[2010.05.07 00:06:09 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1986-12.com.adobe
[2010.05.07 00:02:08 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe Media Player
[2010.05.07 00:00:58 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2010.05.07 00:00:54 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2010.05.07 00:00:47 | 000,000,000 | ---D | C] -- C:\Users\Jarek\AppData\Roaming\Macromedia
[2010.05.07 00:00:41 | 000,000,000 | ---D | C] -- C:\Users\Jarek\AppData\Roaming\Adobe
[2010.05.07 00:00:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2010.05.06 23:59:14 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2010.05.05 23:30:34 | 000,000,000 | ---D | C] -- C:\Program Files\Elaborate Bytes
[2010.05.05 05:50:08 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2010.05.05 05:49:43 | 000,000,000 | ---D | C] -- C:\Windows\System32\OEM
[2010.05.04 23:11:31 | 000,000,000 | ---D | C] -- C:\Users\Jarek\AppData\Roaming\FastStone
[2010.05.04 23:11:26 | 000,000,000 | ---D | C] -- C:\Program Files\FastStone Image Viewer
[2010.05.04 22:02:11 | 000,000,000 | ---D | C] -- C:\Users\Jarek\AppData\Roaming\WinRAR
[2010.05.04 22:01:50 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2010.05.04 21:59:48 | 000,000,000 | ---D | C] -- C:\Users\Jarek\AppData\Roaming\Softland
[2010.05.04 21:59:47 | 000,022,856 | ---- | C] (Softland) -- C:\Windows\System32\dopdfmn7.dll
[2010.05.04 21:59:47 | 000,019,784 | ---- | C] (Softland) -- C:\Windows\System32\dopdfmi7.dll
[2010.05.04 21:59:46 | 001,700,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\GdiPlus.dll
[2010.05.04 21:59:45 | 000,000,000 | ---D | C] -- C:\Program Files\Softland
[2010.05.04 21:56:16 | 000,000,000 | ---D | C] -- C:\Users\Jarek\AppData\Roaming\uTorrent
[2010.05.04 21:56:16 | 000,000,000 | ---D | C] -- C:\Program Files\uTorrent
[2010.05.04 21:48:52 | 000,000,000 | ---D | C] -- C:\Program Files\viewer-portable
[2010.05.04 21:22:50 | 000,000,000 | ---D | C] -- C:\Windows\System32\Macromed
[2010.05.04 21:01:12 | 000,221,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2010.05.04 20:48:25 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2010.05.04 20:42:18 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\browserchoice.exe
[2010.05.04 20:26:03 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA
[2010.05.04 20:25:44 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2010.05.04 20:25:39 | 000,490,088 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvuninst.exe
[2010.05.04 20:23:32 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2010.05.04 20:23:30 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010.05.04 20:23:30 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010.05.04 20:23:30 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010.05.04 20:23:28 | 003,954,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2010.05.04 20:23:28 | 003,899,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2010.05.04 20:23:26 | 001,037,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lsasrv.dll
[2010.05.04 20:23:26 | 000,133,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ksecpkg.sys
[2010.05.04 20:23:25 | 000,293,888 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2010.05.04 20:23:25 | 000,108,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll
[2010.05.04 20:23:25 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll
[2010.05.04 20:23:24 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2010.05.04 20:23:19 | 001,320,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CertEnroll.dll
[2010.05.04 20:23:19 | 000,507,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winload.exe
[2010.05.04 20:23:19 | 000,442,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winresume.exe
[2010.05.04 20:23:18 | 012,625,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL
[2010.05.04 20:22:59 | 002,614,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2010.05.04 20:22:58 | 001,328,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2010.05.04 20:22:58 | 000,427,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2010.05.04 20:22:58 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\avifil32.dll
[2010.05.04 20:22:58 | 000,084,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciavi32.dll
[2010.05.04 20:03:31 | 000,000,000 | R--D | C] -- C:\Users\Jarek\Searches
[2010.05.04 20:03:22 | 000,000,000 | ---D | C] -- C:\Users\Jarek\AppData\Roaming\Identities
[2010.05.04 20:03:20 | 000,000,000 | R--D | C] -- C:\Users\Jarek\Contacts
[2010.05.04 20:03:09 | 000,000,000 | ---D | C] -- C:\Users\Jarek\AppData\Local\VirtualStore
[2010.05.04 20:03:07 | 000,000,000 | --SD | C] -- C:\Users\Jarek\AppData\Roaming\Microsoft
[2010.05.04 20:03:07 | 000,000,000 | R--D | C] -- C:\Users\Jarek\Videos
[2010.05.04 20:03:07 | 000,000,000 | R--D | C] -- C:\Users\Jarek\Saved Games
[2010.05.04 20:03:07 | 000,000,000 | R--D | C] -- C:\Users\Jarek\Pictures
[2010.05.04 20:03:07 | 000,000,000 | R--D | C] -- C:\Users\Jarek\Music
[2010.05.04 20:03:07 | 000,000,000 | R--D | C] -- C:\Users\Jarek\Links
[2010.05.04 20:03:07 | 000,000,000 | R--D | C] -- C:\Users\Jarek\Favorites
[2010.05.04 20:03:07 | 000,000,000 | R--D | C] -- C:\Users\Jarek\Downloads
[2010.05.04 20:03:07 | 000,000,000 | R--D | C] -- C:\Users\Jarek\Dokumenty
[2010.05.04 20:03:07 | 000,000,000 | R--D | C] -- C:\Users\Jarek\Desktop
[2010.05.04 20:03:07 | 000,000,000 | -HSD | C] -- C:\Users\Jarek\AppData\Local\Temporary Internet Files
[2010.05.04 20:03:07 | 000,000,000 | -HSD | C] -- C:\Users\Jarek\Šablony
[2010.05.04 20:03:07 | 000,000,000 | -HSD | C] -- C:\Users\Jarek\Soubory cookie
[2010.05.04 20:03:07 | 000,000,000 | -HSD | C] -- C:\Users\Jarek\SendTo
[2010.05.04 20:03:07 | 000,000,000 | -HSD | C] -- C:\Users\Jarek\Poslední
[2010.05.04 20:03:07 | 000,000,000 | -HSD | C] -- C:\Users\Jarek\Okolní tiskárny
[2010.05.04 20:03:07 | 000,000,000 | -HSD | C] -- C:\Users\Jarek\Okolní síť
[2010.05.04 20:03:07 | 000,000,000 | -HSD | C] -- C:\Users\Jarek\Documents\Obrázky
[2010.05.04 20:03:07 | 000,000,000 | -HSD | C] -- C:\Users\Jarek\Nabídka Start
[2010.05.04 20:03:07 | 000,000,000 | -HSD | C] -- C:\Users\Jarek\Local Settings
[2010.05.04 20:03:07 | 000,000,000 | -HSD | C] -- C:\Users\Jarek\Documents\Hudba
[2010.05.04 20:03:07 | 000,000,000 | -HSD | C] -- C:\Users\Jarek\AppData\Local\History
[2010.05.04 20:03:07 | 000,000,000 | -HSD | C] -- C:\Users\Jarek\Documents\Filmy
[2010.05.04 20:03:07 | 000,000,000 | -HSD | C] -- C:\Users\Jarek\Dokumenty
[2010.05.04 20:03:07 | 000,000,000 | -HSD | C] -- C:\Users\Jarek\Data aplikací
[2010.05.04 20:03:07 | 000,000,000 | -HSD | C] -- C:\Users\Jarek\AppData\Local\Data aplikací
[2010.05.04 20:03:07 | 000,000,000 | -H-D | C] -- C:\Users\Jarek\AppData
[2010.05.04 20:03:07 | 000,000,000 | ---D | C] -- C:\Users\Jarek\AppData\Local\Temp
[2010.05.04 20:03:07 | 000,000,000 | ---D | C] -- C:\Users\Jarek\AppData\Local\Microsoft
[2010.05.04 20:03:07 | 000,000,000 | ---D | C] -- C:\Users\Jarek\AppData\Roaming\Media Center Programs
[2010.05.04 20:00:31 | 000,000,000 | -HSD | C] -- C:\ProgramData\Šablony
[2010.05.04 20:00:31 | 000,000,000 | -HSD | C] -- C:\Recovery
[2010.05.04 20:00:31 | 000,000,000 | -HSD | C] -- C:\ProgramData\Plocha
[2010.05.04 20:00:31 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Obrázky
[2010.05.04 20:00:31 | 000,000,000 | -HSD | C] -- C:\ProgramData\Oblíbené položky
[2010.05.04 20:00:31 | 000,000,000 | -HSD | C] -- C:\ProgramData\Nabídka Start
[2010.05.04 20:00:31 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Hudba
[2010.05.04 20:00:31 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Filmy
[2010.05.04 20:00:31 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumenty
[2010.05.04 20:00:31 | 000,000,000 | -HSD | C] -- C:\ProgramData\Data aplikací
[2010.05.04 19:54:05 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2010.05.04 19:51:05 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2010.05.04 19:50:44 | 000,000,000 | -HSD | C] -- C:\System Volume Information

========== Files - Modified Within 30 Days ==========

[2010.05.22 19:59:03 | 000,786,432 | -HS- | M] () -- C:\Users\Jarek\NTUSER.DAT
[2010.05.22 17:19:03 | 000,010,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010.05.22 17:19:03 | 000,010,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010.05.22 17:15:09 | 000,000,370 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2010.05.22 17:12:42 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.05.22 17:11:56 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.05.22 17:11:43 | 804,954,112 | -HS- | M] () -- C:\hiberfil.sys
[2010.05.22 17:10:44 | 000,095,024 | ---- | M] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys
[2010.05.22 17:10:43 | 000,015,880 | ---- | M] () -- C:\Windows\System32\lsdelete.exe
[2010.05.22 17:07:14 | 000,001,100 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2010.05.21 22:06:00 | 000,395,418 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010.05.21 15:43:50 | 003,763,744 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010.05.20 23:52:25 | 000,002,005 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2010.05.20 23:52:22 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2010.05.20 19:57:48 | 213,151,985 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010.05.19 23:23:32 | 001,445,734 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.05.19 23:23:32 | 000,622,422 | ---- | M] () -- C:\Windows\System32\perfh005.dat
[2010.05.19 23:23:32 | 000,606,992 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.05.19 23:23:32 | 000,118,604 | ---- | M] () -- C:\Windows\System32\perfc005.dat
[2010.05.19 23:23:32 | 000,103,370 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.05.18 22:55:06 | 000,000,125 | ---- | M] () -- C:\Windows\FlashDecompiler.INI
[2010.05.16 18:35:52 | 000,002,063 | ---- | M] () -- C:\Users\Public\Desktop\CyberLink PowerDVD 10.lnk
[2010.05.16 18:30:37 | 000,029,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msxml3a.dll
[2010.05.16 18:30:36 | 000,505,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msvcp71.dll
[2010.05.16 18:30:36 | 000,353,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msvcr71.dll
[2010.05.16 13:25:22 | 000,000,056 | -H-- | M] () -- C:\ProgramData\ezsidmv.dat
[2010.05.13 16:03:47 | 000,001,815 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2010.05.12 17:36:52 | 000,000,632 | ---- | M] () -- C:\Users\Public\Desktop\Total Commander.lnk
[2010.05.11 21:51:25 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\GOM Player.lnk
[2010.05.11 00:09:50 | 000,000,010 | RHS- | M] () -- C:\config.sys
[2010.05.10 21:26:06 | 000,001,618 | ---- | M] () -- C:\Users\Jarek\Desktop\QIP 2010 JadrisPack.lnk
[2010.05.10 21:09:20 | 000,001,176 | ---- | M] () -- C:\Users\Public\Desktop\Paint.NET.lnk
[2010.05.10 21:06:56 | 000,057,560 | ---- | M] () -- C:\Users\Jarek\AppData\Local\GDIPFONTCACHEV1.DAT
[2010.05.10 18:39:51 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2010.05.08 12:54:02 | 000,142,864 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\drivers\VBoxDrv.sys
[2010.05.08 12:54:02 | 000,099,984 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\drivers\VBoxNetAdp.sys
[2010.05.08 12:54:02 | 000,041,744 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\drivers\VBoxUSBMon.sys
[2010.05.06 22:59:57 | 000,038,848 | ---- | M] (ALWIL Software) -- C:\Windows\System32\avastSS.scr
[2010.05.06 22:59:36 | 000,165,032 | ---- | M] (ALWIL Software) -- C:\Windows\System32\aswBoot.exe
[2010.05.06 22:39:23 | 000,046,672 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2010.05.06 22:39:00 | 000,164,048 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswSP.sys
[2010.05.06 22:34:27 | 000,023,376 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2010.05.06 22:34:10 | 000,051,792 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2010.05.06 22:33:47 | 000,019,024 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2010.05.06 10:36:38 | 000,221,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2010.05.05 23:30:48 | 000,001,208 | ---- | M] () -- C:\Users\Public\Desktop\Virtual CloneDrive.lnk
[2010.05.04 23:11:27 | 000,001,063 | ---- | M] () -- C:\Users\Public\Desktop\FastStone Image Viewer.lnk
[2010.05.04 21:56:16 | 000,000,913 | ---- | M] () -- C:\Users\Public\Desktop\µTorrent.lnk
[2010.05.04 20:48:27 | 000,001,885 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010.05.04 20:07:40 | 000,524,288 | -HS- | M] () -- C:\Users\Jarek\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms
[2010.05.04 20:07:40 | 000,524,288 | -HS- | M] () -- C:\Users\Jarek\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms
[2010.05.04 20:07:40 | 000,065,536 | -HS- | M] () -- C:\Users\Jarek\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf
[2010.05.04 20:07:38 | 000,779,050 | -H-- | M] () -- C:\Users\Jarek\AppData\Local\IconCache.db
[2010.05.04 20:03:07 | 000,000,020 | -HS- | M] () -- C:\Users\Jarek\ntuser.ini
[2010.05.04 19:55:16 | 000,068,220 | ---- | M] () -- C:\Windows\System32\license.rtf

========== Files Created - No Company Name ==========

[2010.05.22 17:51:24 | 000,015,880 | ---- | C] () -- C:\Windows\System32\lsdelete.exe
[2010.05.22 17:15:05 | 000,000,370 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2010.05.22 17:07:14 | 000,001,100 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2010.05.20 23:52:25 | 000,002,005 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2010.05.20 19:57:48 | 213,151,985 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010.05.18 22:55:06 | 000,000,125 | ---- | C] () -- C:\Windows\FlashDecompiler.INI
[2010.05.16 18:35:52 | 000,002,063 | ---- | C] () -- C:\Users\Public\Desktop\CyberLink PowerDVD 10.lnk
[2010.05.16 18:25:07 | 000,497,664 | ---- | C] () -- C:\Windows\System32\ac3filter.acm
[2010.05.16 13:25:22 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.05.13 16:03:47 | 000,001,815 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2010.05.12 17:36:52 | 000,000,632 | ---- | C] () -- C:\Users\Public\Desktop\Total Commander.lnk
[2010.05.12 17:36:50 | 000,000,545 | ---- | C] () -- C:\Windows\UC.PIF
[2010.05.12 17:36:50 | 000,000,545 | ---- | C] () -- C:\Windows\RAR.PIF
[2010.05.12 17:36:50 | 000,000,545 | ---- | C] () -- C:\Windows\PKZIP.PIF
[2010.05.12 17:36:50 | 000,000,545 | ---- | C] () -- C:\Windows\PKUNZIP.PIF
[2010.05.12 17:36:50 | 000,000,545 | ---- | C] () -- C:\Windows\NOCLOSE.PIF
[2010.05.12 17:36:50 | 000,000,545 | ---- | C] () -- C:\Windows\LHA.PIF
[2010.05.12 17:36:50 | 000,000,545 | ---- | C] () -- C:\Windows\ARJ.PIF
[2010.05.11 21:51:25 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\GOM Player.lnk
[2010.05.10 21:26:06 | 000,001,618 | ---- | C] () -- C:\Users\Jarek\Desktop\QIP 2010 JadrisPack.lnk
[2010.05.10 21:09:20 | 000,001,176 | ---- | C] () -- C:\Users\Public\Desktop\Paint.NET.lnk
[2010.05.10 18:39:51 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2010.05.05 23:30:48 | 000,001,208 | ---- | C] () -- C:\Users\Public\Desktop\Virtual CloneDrive.lnk
[2010.05.04 23:11:27 | 000,001,063 | ---- | C] () -- C:\Users\Public\Desktop\FastStone Image Viewer.lnk
[2010.05.04 21:59:47 | 000,007,549 | ---- | C] () -- C:\Windows\System32\dopdf7.ctm
[2010.05.04 21:56:16 | 000,000,913 | ---- | C] () -- C:\Users\Public\Desktop\µTorrent.lnk
[2010.05.04 20:48:27 | 000,001,885 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010.05.04 20:03:07 | 000,786,432 | -HS- | C] () -- C:\Users\Jarek\NTUSER.DAT
[2010.05.04 20:03:07 | 000,524,288 | -HS- | C] () -- C:\Users\Jarek\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms
[2010.05.04 20:03:07 | 000,524,288 | -HS- | C] () -- C:\Users\Jarek\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms
[2010.05.04 20:03:07 | 000,262,144 | -HS- | C] () -- C:\Users\Jarek\ntuser.dat.LOG1
[2010.05.04 20:03:07 | 000,065,536 | -HS- | C] () -- C:\Users\Jarek\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf
[2010.05.04 20:03:07 | 000,000,020 | -HS- | C] () -- C:\Users\Jarek\ntuser.ini
[2010.05.04 20:03:07 | 000,000,000 | -HS- | C] () -- C:\Users\Jarek\ntuser.dat.LOG2
[2010.05.04 19:50:47 | 804,954,112 | -HS- | C] () -- C:\hiberfil.sys
[2009.07.14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll

========== LOP Check ==========

[2010.05.12 17:36:50 | 000,000,000 | ---D | M] -- C:\Users\Jarek\AppData\Roaming\GHISLER
[2010.05.04 21:59:48 | 000,000,000 | ---D | M] -- C:\Users\Jarek\AppData\Roaming\Softland
[2010.05.15 17:30:19 | 000,000,000 | ---D | M] -- C:\Users\Jarek\AppData\Roaming\uTorrent
[2010.05.10 23:30:49 | 000,000,000 | ---D | M] -- C:\Users\Jerry\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010.05.22 19:33:53 | 000,000,000 | ---D | M] -- C:\Users\Jerry\AppData\Roaming\Dropbox
[2010.05.22 18:24:44 | 000,000,000 | ---D | M] -- C:\Users\Jerry\AppData\Roaming\GHISLER
[2010.05.15 14:16:24 | 000,000,000 | ---D | M] -- C:\Users\Jerry\AppData\Roaming\Softland
[2010.05.22 20:02:51 | 000,000,000 | ---D | M] -- C:\Users\Jerry\AppData\Roaming\uTorrent
[2010.05.22 17:15:09 | 000,000,370 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Weekly).job
[2009.07.14 06:53:46 | 000,004,494 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

Re: Trojan:JS/Redirector.CI - jak na něj? Jde vůbec odstran

Napsal: 22 kvě 2010 19:39
od Jerry7650
========== Purity Check ==========



========== Custom Scans ==========


< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >

< c:\windows\*.* /U >

< %SYSTEMDRIVE%\*.exe >

< %ALLUSERSPROFILE%\Application Data\*. >

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

< %APPDATA%\*. >
[2010.05.10 23:26:55 | 000,000,000 | ---D | M] -- C:\Users\Jarek\AppData\Roaming\Adobe
[2010.05.04 23:11:31 | 000,000,000 | ---D | M] -- C:\Users\Jarek\AppData\Roaming\FastStone
[2010.05.12 17:36:50 | 000,000,000 | ---D | M] -- C:\Users\Jarek\AppData\Roaming\GHISLER
[2010.05.04 20:03:22 | 000,000,000 | ---D | M] -- C:\Users\Jarek\AppData\Roaming\Identities
[2010.05.07 00:00:47 | 000,000,000 | ---D | M] -- C:\Users\Jarek\AppData\Roaming\Macromedia
[2009.07.14 09:48:45 | 000,000,000 | ---D | M] -- C:\Users\Jarek\AppData\Roaming\Media Center Programs
[2010.05.04 22:02:17 | 000,000,000 | --SD | M] -- C:\Users\Jarek\AppData\Roaming\Microsoft
[2010.05.20 20:31:06 | 000,000,000 | ---D | M] -- C:\Users\Jarek\AppData\Roaming\Skype
[2010.05.04 21:59:48 | 000,000,000 | ---D | M] -- C:\Users\Jarek\AppData\Roaming\Softland
[2010.05.15 17:30:19 | 000,000,000 | ---D | M] -- C:\Users\Jarek\AppData\Roaming\uTorrent
[2010.05.04 22:02:11 | 000,000,000 | ---D | M] -- C:\Users\Jarek\AppData\Roaming\WinRAR

< %APPDATA%\*.exe /s >


< MD5 for: AGP440.SYS >
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys

< MD5 for: CDROM.SYS >
[2009.07.14 01:11:26 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BA6E70AA0E6091BC39DE29477D866A77 -- C:\Windows\System32\drivers\cdrom.sys
[2009.07.14 01:11:26 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BA6E70AA0E6091BC39DE29477D866A77 -- C:\Windows\System32\DriverStore\FileRepository\cdrom.inf_x86_neutral_db87d184bc84f910\cdrom.sys
[2009.07.14 01:11:26 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BA6E70AA0E6091BC39DE29477D866A77 -- C:\Windows\winsxs\x86_cdrom.inf_31bf3856ad364e35_6.1.7600.16385_none_5f7fb206051affbb\cdrom.sys

< MD5 for: CNGAUDIT.DLL >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll

< MD5 for: CRYPTSVC.DLL >
[2009.07.14 03:15:07 | 000,135,680 | ---- | M] (Microsoft Corporation) MD5=9C231178CE4FB385F4B54B0A9080B8A4 -- C:\Windows\System32\cryptsvc.dll
[2009.07.14 03:15:07 | 000,135,680 | ---- | M] (Microsoft Corporation) MD5=9C231178CE4FB385F4B54B0A9080B8A4 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.16385_none_75d5ef87fc22e35a\cryptsvc.dll

< MD5 for: EXPLORER.EXE >
[2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\explorer.exe
[2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2009.08.03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2009.08.03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2009.10.31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe

< MD5 for: HAL.DLL >
[2009.07.14 03:20:28 | 000,194,640 | ---- | M] (Microsoft Corporation) MD5=9A557EAE64ABAB3BA67A9BB035D24CB9 -- C:\Windows\System32\hal.dll
[2009.07.14 03:20:28 | 000,194,640 | ---- | M] (Microsoft Corporation) MD5=9A557EAE64ABAB3BA67A9BB035D24CB9 -- C:\Windows\winsxs\x86_microsoft-windows-hal_31bf3856ad364e35_6.1.7600.16385_none_aaff48c7bafdccc6\hal.dll

< MD5 for: IASTORV.SYS >
[2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\drivers\iaStorV.sys
[2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_18cccb83b34e1453\iaStorV.sys
[2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys

< MD5 for: ISAPNP.SYS >
[2009.07.14 03:20:36 | 000,046,656 | ---- | M] (Microsoft Corporation) MD5=1F32BB6B38F62F7DF1A7AB7292638A35 -- C:\Windows\System32\drivers\isapnp.sys
[2009.07.14 03:20:36 | 000,046,656 | ---- | M] (Microsoft Corporation) MD5=1F32BB6B38F62F7DF1A7AB7292638A35 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\isapnp.sys
[2009.07.14 03:20:36 | 000,046,656 | ---- | M] (Microsoft Corporation) MD5=1F32BB6B38F62F7DF1A7AB7292638A35 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\isapnp.sys

< MD5 for: LSASS.EXE >
[2009.07.14 03:14:23 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=F42309C4191C506B71DB5D1126D26318 -- C:\Windows\System32\lsass.exe
[2009.07.14 03:14:23 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=F42309C4191C506B71DB5D1126D26318 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.16385_none_a620e0e5be1ecda7\lsass.exe
[2009.07.14 03:14:23 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=F42309C4191C506B71DB5D1126D26318 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.16484_none_a61fe281be1fb177\lsass.exe
[2009.07.14 03:14:23 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=F42309C4191C506B71DB5D1126D26318 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.20594_none_a69eaf60d7456d32\lsass.exe

< MD5 for: NDIS.SYS >
[2009.07.14 03:20:44 | 000,710,720 | ---- | M] (Microsoft Corporation) MD5=23759D175A0A9BAAF04D05047BC135A8 -- C:\Windows\System32\drivers\ndis.sys
[2009.07.14 03:20:44 | 000,710,720 | ---- | M] (Microsoft Corporation) MD5=23759D175A0A9BAAF04D05047BC135A8 -- C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.1.7600.16385_none_a79d81ea7d62a289\ndis.sys

< MD5 for: NETLOGON.DLL >
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\System32\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll

< MD5 for: NVRAID.SYS >
[2009.07.14 03:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) MD5=3F3D04B1D08D43C16EA7963954EC768D -- C:\Windows\System32\drivers\nvraid.sys
[2009.07.14 03:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) MD5=3F3D04B1D08D43C16EA7963954EC768D -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvraid.sys
[2009.07.14 03:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) MD5=3F3D04B1D08D43C16EA7963954EC768D -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvraid.sys

< MD5 for: NVSTOR.SYS >
[2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\drivers\nvstor.sys
[2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvstor.sys
[2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys

< MD5 for: SCECLI.DLL >
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\System32\scecli.dll
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll

< MD5 for: SMSS.EXE >
[2009.07.14 03:14:39 | 000,069,632 | ---- | M] (Microsoft Corporation) MD5=16742790895960690237A5143CEDEC8B -- C:\Windows\System32\smss.exe
[2009.07.14 03:14:39 | 000,069,632 | ---- | M] (Microsoft Corporation) MD5=16742790895960690237A5143CEDEC8B -- C:\Windows\winsxs\x86_microsoft-windows-smss_31bf3856ad364e35_6.1.7600.16385_none_ac10fe207a85352b\smss.exe

< MD5 for: SVCHOST.EXE >
[2009.07.14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\System32\svchost.exe
[2009.07.14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe

< MD5 for: TCPIP.SYS >
[2009.07.14 03:19:10 | 001,285,712 | ---- | M] (Microsoft Corporation) MD5=2CC3D75488ABD3EC628BBB9A4FC84EFC -- C:\Windows\System32\drivers\tcpip.sys
[2009.07.14 03:19:10 | 001,285,712 | ---- | M] (Microsoft Corporation) MD5=2CC3D75488ABD3EC628BBB9A4FC84EFC -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16385_none_b2f46875c7b9d667\tcpip.sys

< MD5 for: USERINIT.EXE >
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\System32\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\System32\winlogon.exe
[2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009.10.28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2009.07.14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe

< MD5 for: WS2_32.DLL >
[2009.07.14 03:16:20 | 000,206,336 | ---- | M] (Microsoft Corporation) MD5=DAAE8A9B8C0ACC7F858454132553C30D -- C:\Windows\System32\ws2_32.dll
[2009.07.14 03:16:20 | 000,206,336 | ---- | M] (Microsoft Corporation) MD5=DAAE8A9B8C0ACC7F858454132553C30D -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.1.7600.16385_none_f28e06e62fa99b35\ws2_32.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >

< %systemroot%\system32\*.dll /lockedfiles >

< reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c >

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c >
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WUAUSERV
IMAGEPATH REG_EXPAND_SZ %systemroot%\system32\svchost.exe -k netsvcs

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c >
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\BITS
IMAGEPATH REG_EXPAND_SZ %SystemRoot%\System32\svchost.exe -k netsvcs

< %systemroot%\system32\drivers\*.sys /3 >
[2010.05.22 17:10:44 | 000,095,024 | ---- | M] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys

< %systemroot%\system32\*.* /3 >
[2010.05.22 17:19:03 | 000,010,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010.05.22 17:19:03 | 000,010,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010.05.20 23:52:22 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2010.05.21 15:43:50 | 003,763,744 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010.05.22 17:10:43 | 000,015,880 | ---- | M] () -- C:\Windows\System32\lsdelete.exe
[2010.05.19 23:23:32 | 000,118,604 | ---- | M] () -- C:\Windows\System32\perfc005.dat
[2010.05.19 23:23:32 | 000,103,370 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.05.19 23:23:32 | 000,622,422 | ---- | M] () -- C:\Windows\System32\perfh005.dat
[2010.05.19 23:23:32 | 000,606,992 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.05.19 23:23:32 | 001,445,734 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI

========== Alternate Data Streams ==========

@Alternate Data Stream - 228 bytes -> C:\ProgramData\Temp:F4CA4D70

< End of report >

Re: Trojan:JS/Redirector.CI - jak na něj? Jde vůbec odstran

Napsal: 22 kvě 2010 19:40
od Jerry7650
OTL Extras logfile created on: 22.5.2010 20:00:01 - Run 1
OTL by OldTimer - Version 3.2.5.0 Folder = C:\Users\Jerry\Downloads
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

1 024,00 Mb Total Physical Memory | 182,00 Mb Available Physical Memory | 18,00% Memory free
2,00 Gb Paging File | 1,00 Gb Available in Paging File | 32,00% Paging File free
Paging file location(s): c:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 74,43 Gb Total Space | 2,73 Gb Free Space | 3,67% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 1,93 Gb Total Space | 0,01 Gb Free Space | 0,30% Space Free | Partition Type: FAT32
F: Drive not present or media not loaded
G: Drive not present or media not loaded
Drive H: | 14,89 Gb Total Space | 13,12 Gb Free Space | 88,11% Space Free | Partition Type: FAT32
I: Drive not present or media not loaded

Computer Name: JAREK-PC
Current User Name: Jarek
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[HKEY_USERS\S-1-5-21-253896119-1284465707-2055066879-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [Browse with FastStone] -- "C:\Program Files\FastStone Image Viewer\FSViewer.exe" "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{90120000-0015-0405-0000-0000000FF1CE}" = Microsoft Office Access MUI (Czech) 2007
"{90120000-0015-0405-0000-0000000FF1CE}_ENTERPRISE_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0016-0405-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Czech) 2007
"{90120000-0016-0405-0000-0000000FF1CE}_ENTERPRISE_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0018-0405-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Czech) 2007
"{90120000-0018-0405-0000-0000000FF1CE}_ENTERPRISE_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0019-0405-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Czech) 2007
"{90120000-0019-0405-0000-0000000FF1CE}_ENTERPRISE_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001A-0405-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Czech) 2007
"{90120000-001A-0405-0000-0000000FF1CE}_ENTERPRISE_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001B-0405-0000-0000000FF1CE}" = Microsoft Office Word MUI (Czech) 2007
"{90120000-001B-0405-0000-0000000FF1CE}_ENTERPRISE_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0405-0000-0000000FF1CE}" = Microsoft Office Proof (Czech) 2007
"{90120000-001F-0405-0000-0000000FF1CE}_ENTERPRISE_{294B4278-CF7B-40B9-86A1-2D3FF0C2C524}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-041B-0000-0000000FF1CE}" = Microsoft Office Proof (Slovak) 2007
"{90120000-001F-041B-0000-0000000FF1CE}_ENTERPRISE_{10EC59E5-9BCE-4884-BB1A-E28627220232}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002C-0405-0000-0000000FF1CE}" = Microsoft Office Proofing (Czech) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0044-0405-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Czech) 2007
"{90120000-0044-0405-0000-0000000FF1CE}_ENTERPRISE_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-006E-0405-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Czech) 2007
"{90120000-006E-0405-0000-0000000FF1CE}_ENTERPRISE_{E12F9D31-4025-4BC6-B1B2-AB262C5580B0}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-00A1-0405-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Czech) 2007
"{90120000-00A1-0405-0000-0000000FF1CE}_ENTERPRISE_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-00BA-0405-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Czech) 2007
"{90120000-00BA-0405-0000-0000000FF1CE}_ENTERPRISE_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD 10
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{F0E2B312-D7FD-4349-A9B6-E90B36DB1BD0}" = Paint.NET v3.5.5
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"AC3Filter_is1" = AC3Filter 1.63b
"Ad-Aware" = Ad-Aware
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"avast5" = avast! Free Antivirus
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"CyberLink PowerDVD 10.0.1516.51" = CyberLink PowerDVD 10.0.1516.51 - odinstalovat češtinu
"doPDF 7 printer_is1" = doPDF 7.1 printer
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ESET Online Scanner" = ESET Online Scanner v3
"FastStone Image Viewer" = FastStone Image Viewer 4.2
"GOM Player" = GOM Player
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD 10
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"MPEG2 Codec(libmpeg2/mad)" = MPEG2 Codec(libmpeg2/mad)
"NVIDIA Drivers" = NVIDIA Drivers
"QIP 2010 JadrisPack 3.9.9" = QIP 2010 JadrisPack 3.9.9
"Totalcmd" = Total Commander (Remove or Repair)
"uTorrent" = µTorrent
"VirtualCloneDrive" = VirtualCloneDrive
"WinRAR archiver" = WinRAR

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-253896119-1284465707-2055066879-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 19.5.2010 2:29:39 | Computer Name = Jarek-PC | Source = SideBySide | ID = 16842815
Description = Generování kontextu aktivace pro C:\Program Files\Common Files\Adobe
AIR\Versions\1.0\Adobe AIR.dll se nezdařilo. Chyba v souboru manifestu nebo zásady
C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll na řádku 3. Hodnota
MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR atributu version
v prvku assemblyIdentity je neplatná.

Error - 21.5.2010 13:47:15 | Computer Name = Jarek-PC | Source = SideBySide | ID = 16842815
Description = Generování kontextu aktivace pro C:\Program Files\Common Files\Adobe
AIR\Versions\1.0\Adobe AIR.dll se nezdařilo. Chyba v souboru manifestu nebo zásady
C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll na řádku 3. Hodnota
MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR atributu version
v prvku assemblyIdentity je neplatná.

Error - 22.5.2010 6:44:42 | Computer Name = Jarek-PC | Source = Application Error | ID = 1000
Description = Název chybující aplikace: chrome.exe, verze: 0.0.0.0, časové razítko:
0x4bda592d Název chybujícího modulu: unknown, verze: 0.0.0.0, časové razítko: 0x00000000
Kód
výjimky: 0xc0000005 Posun chyby: 0x00000000 ID chybujícího procesu: 0xb6c Čas spuštění
chybující aplikace: 0x01caf99b33629604 Cesta k chybující aplikaci: C:\Users\Jerry\AppData\Local\Google\Chrome\Application\chrome.exe
Cesta
k chybujícímu modulu: unknown ID zprávy: 06c7bde4-658f-11df-9653-001a4d9bb470

Error - 22.5.2010 7:29:26 | Computer Name = Jarek-PC | Source = Application Error | ID = 1000
Description = Název chybující aplikace: chrome.exe, verze: 0.0.0.0, časové razítko:
0x4bd40a55 Název chybujícího modulu: chrome.dll, verze: 4.1.249.1064, časové razítko:
0x4bd409f2 Kód výjimky: 0xc0000005 Posun chyby: 0x0001a0ed ID chybujícího procesu:
0xd80 Čas spuštění chybující aplikace: 0x01caf9a17a2b4184 Cesta k chybující aplikaci:
C:\Users\Jerry\AppData\Local\Google\Chrome\Application\chrome.exe Cesta k chybujícímu
modulu: C:\Users\Jerry\AppData\Local\Google\Chrome\Application\4.1.249.1064\chrome.dll
ID
zprávy: 46ce5ec4-6595-11df-9653-001a4d9bb470

Error - 22.5.2010 7:34:35 | Computer Name = Jarek-PC | Source = Application Error | ID = 1000
Description = Název chybující aplikace: chrome.exe, verze: 0.0.0.0, časové razítko:
0x4bd40a55 Název chybujícího modulu: chrome.dll, verze: 4.1.249.1064, časové razítko:
0x4bd409f2 Kód výjimky: 0xc0000005 Posun chyby: 0x0001a0ed ID chybujícího procesu:
0x970 Čas spuštění chybující aplikace: 0x01caf9a208824ff4 Cesta k chybující aplikaci:
C:\Users\Jerry\AppData\Local\Google\Chrome\Application\chrome.exe Cesta k chybujícímu
modulu: C:\Users\Jerry\AppData\Local\Google\Chrome\Application\4.1.249.1064\chrome.dll
ID
zprávy: fe9d6c84-6595-11df-9653-001a4d9bb470

Error - 22.5.2010 10:13:56 | Computer Name = Jarek-PC | Source = Application Error | ID = 1000
Description = Název chybující aplikace: chrome.exe, verze: 0.0.0.0, časové razítko:
0x4bd40a55 Název chybujícího modulu: chrome.dll, verze: 4.1.249.1064, časové razítko:
0x4bd409f2 Kód výjimky: 0x40000015 Posun chyby: 0x0001b1f1 ID chybujícího procesu:
0xe04 Čas spuštění chybující aplikace: 0x01caf9b8caf599f4 Cesta k chybující aplikaci:
C:\Users\Jerry\AppData\Local\Google\Chrome\Application\chrome.exe Cesta k chybujícímu
modulu: C:\Users\Jerry\AppData\Local\Google\Chrome\Application\4.1.249.1064\chrome.dll
ID
zprávy: 41a22f54-65ac-11df-9653-001a4d9bb470

Error - 22.5.2010 10:20:21 | Computer Name = Jarek-PC | Source = Application Error | ID = 1000
Description = Název chybující aplikace: chrome.exe, verze: 0.0.0.0, časové razítko:
0x4bd40a55 Název chybujícího modulu: unknown, verze: 0.0.0.0, časové razítko: 0x00000000
Kód
výjimky: 0xc0000005 Posun chyby: 0x5c676e69 ID chybujícího procesu: 0x970 Čas spuštění
chybující aplikace: 0x01caf9b98a8a7460 Cesta k chybující aplikaci: C:\Users\Jerry\AppData\Local\Google\Chrome\Application\chrome.exe
Cesta
k chybujícímu modulu: unknown ID zprávy: 2733ccd0-65ad-11df-82de-001a4d9bb470

Error - 22.5.2010 11:08:34 | Computer Name = Jarek-PC | Source = Lavasoft Ad-Aware Service | ID = 0
Description =

Error - 22.5.2010 13:26:53 | Computer Name = Jarek-PC | Source = Application Error | ID = 1000
Description = Název chybující aplikace: chrome.exe, verze: 0.0.0.0, časové razítko:
0x4bf344f7 Název chybujícího modulu: chrome.dll, verze: 6.0.408.1, časové razítko:
0x4bf344c1 Kód výjimky: 0xc0000005 Posun chyby: 0x000d698c ID chybujícího procesu:
0x60c Čas spuštění chybující aplikace: 0x01caf9d3e8beb748 Cesta k chybující aplikaci:
C:\Users\Jerry\AppData\Local\Google\Chrome\Application\chrome.exe Cesta k chybujícímu
modulu: C:\Users\Jerry\AppData\Local\Google\Chrome\Application\6.0.408.1\chrome.dll
ID
zprávy: 36271ef8-65c7-11df-8a99-001a4d9bb470

Error - 22.5.2010 13:27:11 | Computer Name = Jarek-PC | Source = Application Error | ID = 1000
Description = Název chybující aplikace: chrome.exe, verze: 0.0.0.0, časové razítko:
0x4bf344f7 Název chybujícího modulu: chrome.dll, verze: 6.0.408.1, časové razítko:
0x4bf344c1 Kód výjimky: 0xc0000005 Posun chyby: 0x0001390f ID chybujícího procesu:
0xa60 Čas spuštění chybující aplikace: 0x01caf9d3f582c848 Cesta k chybující aplikaci:
C:\Users\Jerry\AppData\Local\Google\Chrome\Application\chrome.exe Cesta k chybujícímu
modulu: C:\Users\Jerry\AppData\Local\Google\Chrome\Application\6.0.408.1\chrome.dll
ID
zprávy: 40b350f8-65c7-11df-8a99-001a4d9bb470

[ System Events ]
Error - 16.5.2010 14:00:44 | Computer Name = Jarek-PC | Source = Disk | ID = 262155
Description = Ovladač zjistil chybu řadiče na \Device\Harddisk1\DR5.

Error - 16.5.2010 14:00:45 | Computer Name = Jarek-PC | Source = Disk | ID = 262155
Description = Ovladač zjistil chybu řadiče na \Device\Harddisk1\DR5.

Error - 18.5.2010 16:58:52 | Computer Name = Jarek-PC | Source = Service Control Manager | ID = 7000
Description = Služba Služba WinHTTP WPAD neuspěla při spuštění v důsledku následující
chyby: %%776

Error - 20.5.2010 13:57:56 | Computer Name = Jarek-PC | Source = EventLog | ID = 6008
Description = Předchozí vypnutí systému (19:56:41, ?20.?5.?2010) bylo neočekávané.

Error - 20.5.2010 13:58:01 | Computer Name = Jarek-PC | Source = BugCheck | ID = 1001
Description =

Error - 20.5.2010 18:09:25 | Computer Name = Jarek-PC | Source = Service Control Manager | ID = 7016
Description = Služba NVIDIA Display Driver Service ohlásila neplatný současný stav
32.

Error - 21.5.2010 9:45:20 | Computer Name = Jarek-PC | Source = Service Control Manager | ID = 7016
Description = Služba NVIDIA Display Driver Service ohlásila neplatný současný stav
32.

Error - 22.5.2010 10:15:15 | Computer Name = Jarek-PC | Source = Service Control Manager | ID = 7016
Description = Služba NVIDIA Display Driver Service ohlásila neplatný současný stav
32.

Error - 22.5.2010 11:08:34 | Computer Name = Jarek-PC | Source = Service Control Manager | ID = 7030
Description = Služba Lavasoft Ad-Aware Service je označena jako interaktivní služba.
Avšak systém je nakonfigurován tak, že neumožňuje použití interaktivní služby.
Tato služba nebude fungovat správně.

Error - 22.5.2010 11:11:02 | Computer Name = Jarek-PC | Source = Service Control Manager | ID = 7016
Description = Služba NVIDIA Display Driver Service ohlásila neplatný současný stav
32.


< End of report >

Re: Trojan:JS/Redirector.CI - jak na něj? Jde vůbec odstran

Napsal: 22 kvě 2010 19:43
od Jerry7650
Všimnul jsem si tam hodně chybových hlášek s Google Chrome.
Z neznámého důvodu přečtal načítat stránky a začal padat, nepomohlo nic, ani reinstall ani ruzne verze, ani vyčištění registru a všech adresaru... Jestli je nějaká souvislost nevím, kazdopádně chrome jsem téměř nepoužíval.

Re: Trojan:JS/Redirector.CI - jak na něj? Jde vůbec odstran

Napsal: 22 kvě 2010 19:46
od Caroprd111
Obrázek Spusťte OTL a do spodního okna vložte následující skript.

Kód: Vybrat vše

:OTL
O4 - HKLM..\RunOnce: [iessetup] File not found
O4 - HKLM..\RunOnce: [wmssetup] File not found
O13 - gopher Prefix: missing
@Alternate Data Stream - 228 bytes -> C:\ProgramData\Temp:F4CA4D70
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.

:Commands
[PURITY] 
[EMPTYTEMP] 
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
[RESETHOSTS] 
[CREATERESTOREPOINT]
Poté klikněte na Opravit, PC se restartuje, log vložte sem.



Obrázek Doporučuji odinstalovat Ad-Aware a Spybot - Search & Destroy.

Re: Trojan:JS/Redirector.CI - jak na něj? Jde vůbec odstran

Napsal: 22 kvě 2010 20:37
od Jerry7650
Spuštěno, včetně restartu, SpyBOT i AdAware odinstalovány.

Tím LOGem je myšleno znovu včetně toho scriptu a zatrhnutí:
* Označte položku Pro všechny uživatele.
* Označte položky Kontrola na havěť "LOP" a Kontrola na havěť "Purity"
* Klikněte na tlačítko Prohledat
* Po dokončení, sem vložte logy OTL.Txt a Extras.txt ???

Re: Trojan:JS/Redirector.CI - jak na něj? Jde vůbec odstran

Napsal: 22 kvě 2010 20:42
od Caroprd111
Ne, po kliknutí na tl. Opravit a následném restartu by na Vás měl vyskočit log.

Re: Trojan:JS/Redirector.CI - jak na něj? Jde vůbec odstran

Napsal: 22 kvě 2010 20:52
od Jerry7650
Caroprd111 píše:Ne, po kliknutí na tl. Opravit a následném restartu by na Vás měl vyskočit log.
Nevyskočilo nic. Naopak bylo mrtvé internetové připojení (nevím zda mám souvislost). Pomohlo odlogování, zalogování jako admin, následně oprava net připojení, která zabrala. Měl jsem napevno IP adresy, přehodilo na DHCP automaticky s jede to.
Přitom to nastavilo stejné IP, jako předtím byly ručně...

V adresáří na C: jsem našel tento LOG, podfle času vytvořen po restartu + v _moved files je 1 soubor a to: hosts, do ktereho jsem se díval a byl plný záznamů vytvořených Spybotem a směřovaných na 127.0.0.1:

All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\\iessetup not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\\wmssetup not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\\gopher|:gopher:// /E : value set successfully!
ADS C:\ProgramData\Temp:F4CA4D70 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 41620 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Jarek
->Temp folder emptied: 738356425 bytes
->Temporary Internet Files folder emptied: 3891171 bytes
->Flash cache emptied: 905 bytes

User: Jerry
->Temp folder emptied: 2713870 bytes
->Temporary Internet Files folder emptied: 35181715 bytes
->FireFox cache emptied: 40462921 bytes
->Google Chrome cache emptied: 557424 bytes
->Flash cache emptied: 6989 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2343298 bytes
RecycleBin emptied: 3169847 bytes

Total Files Cleaned = 788,00 mb


[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Jarek
->Flash cache emptied: 0 bytes

User: Jerry
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0,00 mb


C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully


OTL by OldTimer - Version 3.2.5.0 log created on 05222010_213113

Re: Trojan:JS/Redirector.CI - jak na něj? Jde vůbec odstran

Napsal: 22 kvě 2010 20:52
od Caroprd111
Jak to vypadá s PC :???:

Re: Trojan:JS/Redirector.CI - jak na něj? Jde vůbec odstran

Napsal: 22 kvě 2010 21:03
od Jerry7650
Caroprd111 píše:Jak to vypadá s PC :???:
Dám vědět, projevovalo se to zcela náhodně.

Dá se alespoň zhruba říct, kde byl problém? Podle těch logů, když se dívám zpětně, tak byl nějaký bordel v registrech a položka RunOnce...

Re: Trojan:JS/Redirector.CI - jak na něj? Jde vůbec odstran

Napsal: 22 kvě 2010 22:58
od Jerry7650
Problém se bohužel stále projevuje. AV Avast stále běžel, takže opětovně bych se snad nenakazil.
Zkusil jsem znovu instalovat Google, exe soubor jsme protahnul pres virustotal a nic nenašel.

Ještě jsem zkusil superantispyware, ten našel 6cookies a smazal je, ale taky nepomohlo. Jeste zkusím MS Security essential, ten jsem u jednoho virus total logu viděl, že jako jediny z těch 46antiviru tady tenhle odhalil.
Všechny časy jsou v UTC+01:00
Stránka 1 z 2

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz