WIN32/Olmarik

[iceman1978]

Dobrý den,prosím o pomoc,mám naintalovaný NOD 32 Antivirus a po kontrole mi hlásí,že v operační paměti je trojský kůn Win32/Olmarik , nabízí akce: léčit nebo ponechat,léčit to nejde,tak nevím co s tím.
Prosím o pomoc,předem děkuji.

V počítači jsem spustil program Combo fix a tady je výsledek:

ComboFix 11-01-10.04 - Iceman 10.01.2011 20:18:43.1.2 - x86
Microsoft Windows 7 Ultimate 6.1.7127.0.1250.420.1029.18.2048.1384 [GMT 1:00]
Spuštěný z: c:\users\Iceman\Downloads\ComboFix.exe
AV: ESET NOD32 Antivirus 4.0 *Disabled/Updated* {CB0F8167-5331-BA19-698E-64816B6801A5}
SP: ESET NOD32 Antivirus 4.0 *Disabled/Updated* {706E6083-750B-B597-533E-5FF310EF4B18}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Iceman\AppData\Local\Microsoft\Windows\Temporary Internet Files\{41C749AB-747D-4D75-9B51-9CE8627E7336}.xps
c:\users\Iceman\AppData\Local\Microsoft\Windows\Temporary Internet Files\{6BFA3B12-0A42-48EF-BB82-1D2CC2198469}.xps
c:\users\Iceman\AppData\Local\Microsoft\Windows\Temporary Internet Files\{F15B332B-D885-46B7-9688-C0D3A4E1B683}.xps
c:\users\Iceman\xobglu32.dll
c:\windows\system32\msrun.exe
c:\windows\system32\ungzpw.dll

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-12-10 do 2011-01-10 )))))))))))))))))))))))))))))))
.

2011-01-10 19:24 . 2011-01-10 19:24 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-01-09 09:23 . 2011-01-09 09:23 -------- d-----w- c:\program files\ESET
2011-01-04 14:52 . 2011-01-04 14:52 -------- d-----w- c:\users\Iceman\AppData\Roaming\EleFun Games
2011-01-04 14:52 . 2011-01-04 14:52 -------- d-----w- c:\program files\Moje cukrárna
2010-12-27 19:18 . 2010-12-27 19:18 -------- d-----w- c:\program files\Machinarium
2010-12-27 10:02 . 2010-12-27 10:03 -------- d-----w- c:\users\Iceman\AppData\Roaming\PC Suite
2010-12-27 10:02 . 2010-12-27 10:03 -------- d-----w- c:\users\Iceman\AppData\Roaming\Nokia
2010-12-27 10:02 . 2010-12-27 10:03 -------- d-----w- c:\programdata\PC Suite
2010-12-27 10:01 . 2010-12-27 10:01 -------- d-----w- c:\program files\Common Files\PCSuite
2010-12-27 10:01 . 2010-12-27 10:01 -------- d-----w- c:\program files\Common Files\Nokia
2010-12-27 10:01 . 2010-12-27 10:02 -------- d-----w- c:\program files\DIFX
2010-12-27 10:01 . 2008-08-26 08:26 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2010-12-27 10:01 . 2010-12-27 10:01 -------- d-----w- c:\program files\PC Connectivity Solution
2010-12-27 10:01 . 2010-12-27 10:01 -------- d-----w- c:\program files\Nokia
2010-12-27 10:01 . 2009-10-06 10:52 91136 ----a-w- c:\windows\system32\nmwcdcls.dll
2010-12-27 10:00 . 2010-12-27 10:00 -------- d-----w- c:\programdata\Installations
2010-12-25 11:07 . 2010-12-25 11:07 -------- d-----w- c:\program files\NirSoft
2010-12-25 10:59 . 2010-12-25 10:59 -------- d-----w- c:\windows\PCHEALTH
2010-12-25 10:59 . 2010-12-25 10:59 -------- d-----w- c:\program files\Microsoft.NET
2010-12-25 10:57 . 2010-12-25 10:57 -------- d-----w- c:\program files\Microsoft Analysis Services
2010-12-25 10:57 . 2010-12-25 10:57 -------- d-----w- c:\users\Iceman\AppData\Local\Microsoft Help
2010-12-25 10:57 . 2010-12-25 11:09 -------- d-----w- c:\programdata\Microsoft Help
2010-12-25 10:56 . 2010-12-25 10:56 -------- d-----r- C:\MSOCache
2010-12-24 23:40 . 2010-12-24 23:40 -------- d-----w- c:\program files\Common Files\Skype
2010-12-24 23:40 . 2010-12-24 23:40 -------- d-----r- c:\program files\Skype
2010-12-22 23:27 . 2010-12-22 23:27 -------- d-----w- c:\program files\Ask.com
2010-12-22 23:27 . 2010-12-22 23:27 -------- d-----w- c:\program files\Mega Zipper
2010-12-22 23:25 . 2010-12-22 23:25 -------- d-----w- c:\users\Iceman\AppData\Local\Mozilla

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-01 18:09 . 2010-12-01 18:09 121344 ----a-w- c:\windows\system32\drivers\svtanegar.exe
2010-11-30 15:18 . 2010-01-25 14:52 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2010-01-02 13:30 164352 --sh--w- c:\windows\System32\SC.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-09-28 1400712]
"{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}"= "c:\program files\Winamp Toolbar\winamptb.dll" [2010-07-28 1267024]
"{952d8189-ea25-431b-8ed6-7758dcc933d1}"= "c:\program files\Online_Radio_India\tbOnli.dll" [2010-10-10 3906656]

[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]

[HKEY_CLASSES_ROOT\clsid\{57bca5fa-5dbb-45a2-b558-1755c3f6253b}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch]

[HKEY_CLASSES_ROOT\clsid\{952d8189-ea25-431b-8ed6-7758dcc933d1}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-10-10 13:51 3906656 begin_of_the_skype_highlighting              51 3906656      end_of_the_skype_highlighting ----a-w- c:\program files\ConduitEngine\ConduitEngine.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{952d8189-ea25-431b-8ed6-7758dcc933d1}]
2010-10-10 13:51 3906656 ----a-w- c:\program files\Online_Radio_India\tbOnli.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-09-28 21:44 1400712 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{952d8189-ea25-431b-8ed6-7758dcc933d1}"= "c:\program files\Online_Radio_India\tbOnli.dll" [2010-10-10 3906656]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-10-10 3906656]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-09-28 1400712]

[HKEY_CLASSES_ROOT\clsid\{952d8189-ea25-431b-8ed6-7758dcc933d1}]

[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-09-28 1400712]
"{952D8189-EA25-431B-8ED6-7758DCC933D1}"= "c:\program files\Online_Radio_India\tbOnli.dll" [2010-10-10 3906656]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-10-10 3906656]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CLASSES_ROOT\clsid\{952d8189-ea25-431b-8ed6-7758dcc933d1}]

[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SharingPrivate]
@="{08244EE6-92F0-47f2-9FC9-929BAA2E7235}"
[HKEY_CLASSES_ROOT\CLSID\{08244EE6-92F0-47f2-9FC9-929BAA2E7235}]
2009-05-08 06:51 442368 ----a-w- c:\windows\System32\ntshrui.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-01-01 39408]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-11-11 1451520]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-11-24 98304]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-02-06 2021400]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EFS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Power]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcEptMapper]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"ATICustomerCare"="c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe"
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

R2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [x]
R2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-04 135664]
R2 MMCSS;Služba Plánovač multimédií;c:\windows\system32\svchost.exe [2009-05-08 20480]
R2 sppsvc;Ochrana před softwarem;c:\windows\system32\sppsvc.exe [2009-05-08 3179520]
R2 srenum;srenum;c:\windows\system32\DRIVERS\srenum.sys [x]
R2 svtaneg;sv_taneg;c:\windows\system32\drivers\svtanegar.exe [2010-12-01 121344]
R3 AcpiPmi;[3bzGy][AÇ?I ????? ?ě?é? Ď?i??ŕ !!! !!];c:\windows\system32\DRIVERS\acpipmi.sys [2009-05-08 04:45 9728]
R3 adp94xx;adp94xx;c:\windows\system32\DRIVERS\adp94xx.sys [2009-05-08 422976]
R3 adpahci;adpahci;c:\windows\system32\DRIVERS\adpahci.sys [2009-05-08 297536]
R3 amdsata;amdsata;c:\windows\system32\DRIVERS\amdsata.sys [2009-05-08 51776]
R3 amdsbs;amdsbs;c:\windows\system32\DRIVERS\amdsbs.sys [2009-05-08 159296]
R3 AppID;Ovladač AppID;c:\windows\system32\drivers\appid.sys [2009-05-08 50176]
R3 AppIDSvc;Identita aplikace;c:\windows\system32\svchost.exe [2009-05-08 20480]
R3 arcsas;arcsas;c:\windows\system32\DRIVERS\arcsas.sys [2009-05-08 86592]
R3 b06bdrv;[blYuq][ßřóa???? Neť??ŕem? II V?Ď !!! !!!];c:\windows\system32\DRIVERS\bxvbdx.sys [2009-05-08 03:20 430080]
R3 b57nd60x;[Vf8Kn][?řô??cőm ??ť?ţ?eme G?ga?í? Ęthe?ňe? - ??IŠ 6.0 !!! !!! !!! !];c:\windows\system32\DRIVERS\b57nd60x.sys [2009-05-08 03:20 229888]
R3 BDESVC;Služba BitLocker Drive Encryption;c:\windows\System32\svchost.exe [2009-05-08 20480]
R3 BrFiltLo;[kM8cl][?ř???er ÜŠ? ??sš-Š??ŕag? L???? ?il?eř Ď???eŕ !!! !!! !!! ];c:\windows\system32\DRIVERS\BrFiltLo.sys [2009-05-08 04:15 13568]
R3 BrFiltUp;[HFXJl][??öţh?r ŰŠß ?a?ś-S?oř?g? U??er ?ilter Đ?i?é? !!! !!! !!! ];c:\windows\system32\DRIVERS\BrFiltUp.sys [2009-05-08 04:15 5248]
R3 Brserid;[MQa8Q][ßŕ?ţ?e? ??Ç Še?iąĺ ?oř? ?ńt??face Ď?i?e? (???) !!! !!! !!! !];c:\windows\System32\Drivers\Brserid.sys [2009-05-08 06:38 272128]
R3 BrSerWdm;[2VUVU][?ro??e? ?Ď? Şeŕiâl ?ři??ř !!! !!!];c:\windows\System32\Drivers\BrSerWdm.sys [2009-05-08 04:15 62336]
R3 BrUsbMdm;[3LACA][??ô???ř ??Ć UŠ? ?ä? ??ĺ? ?o?ěm !!! !!! ];c:\windows\System32\Drivers\BrUsbMdm.sys [2009-05-08 04:15 12160]
R3 CertPropSvc;Šíření certifikátů;c:\windows\system32\svchost.exe [2009-05-08 20480]
R3 circlass;[xsP9H][Co?§?m?? I? Đe??cë? !!! !];c:\windows\system32\DRIVERS\circlass.sys [2009-05-08 05:27 37888]
R3 defragsvc;Defragmentace disku;c:\windows\system32\svchost.exe [2009-05-08 20480]
R3 ebdrv;[kOuJc][ßŕ?â?č?? ?e????eme ?? 10 Gig? V?Ď !!! !!! !];c:\windows\system32\DRIVERS\evbdx.sys [2009-05-08 03:20 3100160]
R3 elxstor;elxstor;c:\windows\system32\DRIVERS\elxstor.sys [2009-05-08 453712]
R3 Filetrace;Filetrace;c:\windows\system32\drivers\filetrace.sys [2009-05-08 28160]
R3 FontCache;Mezipaměť písem Windows;c:\windows\system32\svchost.exe [2009-05-08 20480]
R3 FsDepends;File System Dependency Minifilter;c:\windows\system32\drivers\FsDepends.sys [2009-05-08 46144]
R3 hcw85cir;Hauppauge Consumer Infrared Receiver;c:\windows\system32\drivers\hcw85cir.sys [2009-05-08 26624]
R3 HomeGroupListener;Naslouchací proces domácí skupiny;c:\windows\System32\svchost.exe [2009-05-08 20480]
R3 HpSAMD;HpSAMD;c:\windows\system32\DRIVERS\HpSAMD.sys [2009-05-08 67152]
R3 iaStorV;iaStorV;c:\windows\system32\DRIVERS\iaStorV.sys [2009-05-08 332352]
R3 IPBusEnum;Rozpoznávací modul sběrnice PnP-X IP;c:\windows\system32\svchost.exe [2009-05-08 20480]
R3 IPMIDRV;IPMIDRV;c:\windows\system32\DRIVERS\IPMIDrv.sys [2009-05-08 65536]
R3 iScsiPrt;[HsjVG][iŞčş???řt ?ŕ??e? !!! ];c:\windows\system32\DRIVERS\msiscsi.sys [2009-05-08 06:53 186944]
R3 KeyIso;Izolace klíče CNG;c:\windows\system32\lsass.exe [2009-05-08 22528]
R3 KtmRm;Služba KTMRM pro koordinátor DTC;c:\windows\System32\svchost.exe [2009-05-08 20480]
R3 lltdsvc;Mapovač zjišťování topologie linkové vrstvy;c:\windows\System32\svchost.exe [2009-05-08 20480]
R3 LSI_FC;LSI_FC;c:\windows\system32\DRIVERS\lsi_fc.sys [2009-05-08 95808]
R3 LSI_SAS;LSI_SAS;c:\windows\system32\DRIVERS\lsi_sas.sys [2009-05-08 89152]
R3 LSI_SAS2;LSI_SAS2;c:\windows\system32\DRIVERS\lsi_sas2.sys [2009-05-08 54848]
R3 LSI_SCSI;LSI_SCSI;c:\windows\system32\DRIVERS\lsi_scsi.sys [2009-05-08 96832]
R3 megasas;megasas;c:\windows\system32\DRIVERS\megasas.sys [2009-05-08 30784]
R3 mpio;mpio;c:\windows\system32\DRIVERS\mpio.sys [2009-05-08 130640]
R3 msahci;msahci;c:\windows\system32\DRIVERS\msahci.sys [2009-05-08 27728]
R3 msdsm;msdsm;c:\windows\system32\DRIVERS\msdsm.sys [2009-05-08 115792]
R3 mshidkmdf;Pass-through HID to KMDF Filter Driver;c:\windows\System32\drivers\mshidkmdf.sys [2009-05-08 4096]
R3 MSiSCSI;Služba iniciátoru iSCSI společnosti Microsoft;c:\windows\system32\svchost.exe [2009-05-08 20480]
R3 MsRPC;MsRPC; [x]
R3 MTConfig;[nag6I][??????őfţ In?µ? Ćo?fíg??ąťî?n Đ?i??ř !!! !!! !!];c:\windows\system32\DRIVERS\MTConfig.sys [2009-05-08 05:22 12288]
R3 NativeWifiP;NativeWiFi Filter;c:\windows\system32\DRIVERS\nwifi.sys [2009-05-08 267264]
R3 NdisCap;NDIS Capture LightWeight Filter;c:\windows\system32\DRIVERS\ndiscap.sys [2009-05-08 27136]
R3 ndisrd;WinpkFilter Service;c:\windows\system32\DRIVERS\ndisrd.sys [x]
R3 nfrd960;nfrd960;c:\windows\system32\DRIVERS\nfrd960.sys [2009-05-08 44624]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
R3 PeerDistSvc;BranchCache;c:\windows\System32\svchost.exe [2009-05-08 20480]
R3 pla;Výstrahy a protokolování výkonu;c:\windows\System32\svchost.exe [2009-05-08 20480]
R3 PNRPAutoReg;Služba publikování názvu počítače pomocí protokolu PNRP;c:\windows\System32\svchost.exe [2009-05-08 20480]
R3 ql2300;ql2300;c:\windows\system32\DRIVERS\ql2300.sys [2009-05-08 1383488]
R3 ql40xx;ql40xx;c:\windows\system32\DRIVERS\ql40xx.sys [2009-05-08 105552]
R3 s3cap;s3cap;c:\windows\system32\DRIVERS\vms3cap.sys [2009-05-08 5632]
R3 scfilter;Ovladač filtru čipových karet třídy PnP;c:\windows\system32\DRIVERS\scfilter.sys [2009-05-08 26624]
R3 SCPolicySvc;Zásady odebrání čipové karty;c:\windows\system32\svchost.exe [2009-05-08 20480]
R3 SDRSVC;Windows Zálohování;c:\windows\system32\svchost.exe [2009-05-08 20480]
R3 SensrSvc;Adaptivní jas;c:\windows\system32\svchost.exe [2009-05-08 20480]
R3 SessionEnv;Ř??oţę ?eš???? Ç?ňfigüraťiő?;c:\windows\System32\svchost.exe [2009-05-08 20480]
R3 sffp_mmc;[ACe40][Ś?? Štô?ąg? ??öťöçoł ??î??? fo? ??€ !!! !!! !];c:\windows\system32\DRIVERS\sffp_mmc.sys [2009-05-08 05:21 12288]
R3 SiSRaid4;SiSRaid4;c:\windows\system32\DRIVERS\sisraid4.sys [2009-05-08 77888]
R3 Smb;Protokol TCP/IP a TCP/IPv6 orientovaný na zprávy (relace SMB);c:\windows\system32\DRIVERS\smb.sys [2009-05-08 71168]
R3 sppuinotify;Služba Oznámení platformy SPP;c:\windows\system32\svchost.exe [2009-05-08 20480]
R3 stexstor;stexstor;c:\windows\system32\DRIVERS\stexstor.sys [2009-05-08 21056]
R3 storvsc;storvsc;c:\windows\system32\DRIVERS\storvsc.sys [2009-05-08 28240]
R3 TabletInputService;Služba Vstupní panel počítače Tablet PC;c:\windows\System32\svchost.exe [2009-05-08 20480]
R3 TBS;Služba TPM Base Services;c:\windows\System32\svchost.exe [2009-05-08 20480]
R3 THREADORDER;Server pro řazení podprocesů;c:\windows\system32\svchost.exe [2009-05-08 20480]
R3 TrustedInstaller;Instalační služba modulů systému Windows;c:\windows\servicing\TrustedInstaller.exe [2009-05-08 204800]
R3 tssecsrv;Remote Desktop Services Security Filter Driver;c:\windows\system32\DRIVERS\tssecsrv.sys [2009-05-08 30208]
R3 UI0Detect;Zjišťování interaktivních služeb;c:\windows\system32\UI0Detect.exe [2009-05-08 35840]
R3 uliagpkx;[Frmmr][Uli ?G? ?uš ?il?e? !!! ];c:\windows\system32\DRIVERS\uliagpkx.sys [2009-05-08 06:53 57424]
R3 UmRdpService;Přesměrovač portů uživatelského režimu služby Vzdálená plocha;c:\windows\System32\svchost.exe [2009-05-08 20480]
R3 usbcir;[ub8X8][?Ho?? Infŕâ?eď ??ceî?eŕ (UŚßČÍ?) !!! !!! !];c:\windows\system32\DRIVERS\usbcir.sys [2009-05-08 05:27 85504]
R3 VaultSvc;Správce pověření;c:\windows\system32\lsass.exe [2009-05-08 22528]
R3 vhdmp;vhdmp;c:\windows\system32\DRIVERS\vhdmp.sys [2009-05-08 159312]
R3 ViaC7;[XuSv7][VIA C7 ?řôce?§?? Ďři??? !!! !!];c:\windows\system32\DRIVERS\viac7.sys [2009-05-08 04:39 52736]
R3 vmbus;Sběrnice virtuálního počítače;c:\windows\system32\DRIVERS\vmbus.sys [2009-05-08 175808]
R3 VMBusHID;VMBusHID;c:\windows\system32\DRIVERS\VMBusHID.sys [2009-05-08 17792]
R3 vsmraid;vsmraid;c:\windows\system32\DRIVERS\vsmraid.sys [2009-05-08 141904]
R3 vwifibus;Ovladač sběrnice Virtual WiFi;c:\windows\System32\drivers\vwifibus.sys [2009-05-08 19968]
R3 WacomPen;[61nau][???om Ş?řiáľ ??? H?Ď Đr??er !!! !!!];c:\windows\system32\DRIVERS\wacompen.sys [2009-05-08 05:22 21632]
R3 wbengine;Služba jádra pro zálohování dat na úrovni bloků;c:\windows\system32\wbengine.exe [2009-05-08 1203200]
R3 WbioSrvc;Biometrická služba systému Windows;c:\windows\system32\svchost.exe [2009-05-08 20480]
R3 wcncsvc;Technologie Windows Connect Now – Registrátor konfigurací;c:\windows\System32\svchost.exe [2009-05-08 20480]
R3 WcsPlugInService;Windows Color System;c:\windows\system32\svchost.exe [2009-05-08 20480]
R3 Wd;Wd;c:\windows\system32\DRIVERS\wd.sys [2009-05-08 19008]
R3 WdiSystemHost;Hostitel diagnostického systému;c:\windows\System32\svchost.exe [2009-05-08 20480]
R3 Wecsvc;Sběr událostí systému Windows;c:\windows\system32\svchost.exe [2009-05-08 20480]
R3 wercplsupport;Podpora ovládacího panelu Oznámení a řešení problémů;c:\windows\System32\svchost.exe [2009-05-08 20480]
R3 WerSvc;Služba Zasílání zpráv o chybách systému Windows;c:\windows\System32\svchost.exe [2009-05-08 20480]
R3 WIMMount;WIMMount;c:\windows\system32\drivers\wimmount.sys [2009-05-08 19008]
R3 WinRM;Vzdálená správa systému Windows (WS-Management);c:\windows\System32\svchost.exe [2009-05-08 20480]
R3 Wlansvc;Automatická konfigurace sítě WLAN;c:\windows\system32\svchost.exe [2009-05-08 20480]
R3 WPCSvc;Rodičovská kontrola;c:\windows\system32\svchost.exe [2009-05-08 20480]
R3 WwanSvc;Automatická konfigurace sítě WWAN;c:\windows\system32\svchost.exe [2009-05-08 20480]
R4 Mcx2Svc;Služba zařízení Media Center Extender;c:\windows\system32\svchost.exe [2009-05-08 20480]
S0 amdxata;amdxata;c:\windows\system32\DRIVERS\amdxata.sys [2009-05-08 23632]
S0 CLFS;Systém souborů CLFS;c:\windows\System32\CLFS.sys [2009-05-08 249408]
S0 CNG;CNG;c:\windows\System32\Drivers\cng.sys [2009-05-08 369568]
S0 FileInfo;File Information FS MiniFilter;c:\windows\system32\drivers\fileinfo.sys [2009-05-08 58432]
S0 fvevol;Ovladač filtru nástroje Bitlocker Drive Encryption;c:\windows\System32\DRIVERS\fvevol.sys [2009-05-08 194488]
S0 hwpolicy;Hardware Policy Driver;c:\windows\System32\drivers\hwpolicy.sys [2009-05-08 13888]
S0 KSecPkg;KSecPkg;c:\windows\System32\Drivers\ksecpkg.sys [2009-05-08 133696]
S0 msisadrv;msisadrv;c:\windows\system32\DRIVERS\msisadrv.sys [2009-05-08 13888]
S0 nvstor;nvstor;c:\windows\system32\DRIVERS\nvstor.sys [2009-05-08 142400]
S0 pcw;Performance Counters for Windows Driver;c:\windows\System32\drivers\pcw.sys [2009-05-08 42560]
S0 rdyboost;ReadyBoost;c:\windows\System32\drivers\rdyboost.sys [2009-05-08 173632]
S0 spldr;Security Processor Loader Driver; [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-01-01 691696]
S0 storflt;Diskový ovladač filtru akcelerace sběrnice virtuálního počítače;c:\windows\system32\DRIVERS\vmstorfl.sys [2009-05-08 40768]
S0 vdrvroot;Ovladač rozpoznávacího modulu virtuální jednotky společnosti Microsoft;c:\windows\system32\DRIVERS\vdrvroot.sys [2009-05-08 32832]
S0 volmgr;Ovladač správce svazků;c:\windows\system32\DRIVERS\volmgr.sys [2009-05-08 52304]
S0 volmgrx;Správce dynamických svazků;c:\windows\System32\drivers\volmgrx.sys [2009-05-08 297024]
S1 blbdrive;blbdrive;c:\windows\system32\DRIVERS\blbdrive.sys [2009-05-08 35328]
S1 CSC;Ovladač souborů pro režim offline;c:\windows\system32\drivers\csc.sys [2009-05-08 387584]
S1 DfsC;DFS Namespace Client Driver;c:\windows\system32\Drivers\dfsc.sys [2009-05-08 77824]
S1 discache;System Attribute Cache;c:\windows\system32\drivers\discache.sys [2009-05-08 32768]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2009-02-06 106208]
S1 nsiproxy;NSI proxy service driver.;c:\windows\system32\drivers\nsiproxy.sys [2009-05-08 16896]
S1 RDPENCDD;RDP Encoder Mirror Driver;c:\windows\system32\drivers\rdpencdd.sys [2009-05-08 6656]
S1 RDPREFMP;Reflector Display Driver used to gain access to graphics data;c:\windows\system32\drivers\rdprefmp.sys [2009-05-08 7168]
S1 tdx;Ovladač pro podporu zastaralého rozhraní TDI NetIO;c:\windows\system32\DRIVERS\tdx.sys [2009-05-08 74240]
S1 Wanarpv6;Ovladač pro vzdálený přístup IPv6 ARP;c:\windows\system32\DRIVERS\wanarp.sys [2009-05-08 63488]
S1 WfpLwf;WFP Lightweight Filter;c:\windows\system32\DRIVERS\wfplwf.sys [2009-05-08 9728]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-08-18 176128]
S2 AudioEndpointBuilder;Koncové vytváření služby Windows Audio;c:\windows\System32\svchost.exe [2009-05-08 20480]
S2 BFE;Služba BFE (Base Filtering Engine);c:\windows\system32\svchost.exe [2009-05-08 20480]
S2 CscService;Soubory offline;c:\windows\System32\svchost.exe [2009-05-08 20480]
S2 DPS;Služba DPS (Diagnostic Policy Service);c:\windows\System32\svchost.exe [2009-05-08 20480]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2009-02-06 727720]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2009-02-06 92800]
S2 FDResPub;Publikování prostředků rozpoznávání funkcí;c:\windows\system32\svchost.exe [2009-05-08 20480]
S2 gpsvc;Klient zásad skupiny;c:\windows\system32\svchost.exe [2009-05-08 20480]
S2 IKEEXT;Služba IKE and AuthIP IPsec Keying Modules;c:\windows\system32\svchost.exe [2009-05-08 20480]
S2 iphlpsvc;Pomocná služba protokolu IP;c:\windows\System32\svchost.exe [2009-05-08 20480]
S2 lltdio;Link-Layer Topology Discovery Mapper I/O Driver;c:\windows\system32\DRIVERS\lltdio.sys [2009-05-08 47616]
S2 luafv;Virtualizace souborů nástroje Řízení uživatelských účtů;c:\windows\system32\drivers\luafv.sys [2009-05-08 86528]
S2 MpsSvc;Brána Windows Firewall;c:\windows\system32\svchost.exe [2009-05-08 20480]
S2 NlaSvc;Sledování umístění v síti (NLA);c:\windows\System32\svchost.exe [2009-05-08 20480]
S2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2009-11-16 50704]
S2 nsi;Služba rozhraní síťového úložiště;c:\windows\system32\svchost.exe [2009-05-08 20480]
S2 PEAUTH;PEAUTH;c:\windows\system32\drivers\peauth.sys [2009-05-08 586752]
S2 Power;Napájení;c:\windows\system32\svchost.exe [2009-05-08 20480]
S2 ProfSvc;Služba Profil uživatele;c:\windows\system32\svchost.exe [2009-05-08 20480]
S2 RpcEptMapper;Mapovač koncových bodů protokolu RPC;c:\windows\system32\svchost.exe [2009-05-08 20480]
S2 SysMain;Superfetch;c:\windows\system32\svchost.exe [2009-05-08 20480]
S2 tcpipreg;TCP/IP Registry Compatibility;c:\windows\system32\drivers\tcpipreg.sys [2009-05-08 34816]
S2 UxSms;Správce relací správce oken plochy;c:\windows\System32\svchost.exe [2009-05-08 20480]
S2 WinDefend;Windows Defender;c:\windows\System32\svchost.exe [2009-05-08 20480]
S3 1394ohci;Hostitelský řadič pro rozhraní OHCI standardu 1394;c:\windows\system32\DRIVERS\1394ohci.sys [2009-05-08 162816]
S3 Appinfo;Informace o aplikaci;c:\windows\system32\svchost.exe [2009-05-08 20480]
S3 bowser;Ovladač podpory prohlížeče;c:\windows\system32\DRIVERS\bowser.sys [2009-05-08 69632]
S3 CompositeBus;Ovladač rozpoznávacího modulu složené sběrnice;c:\windows\system32\DRIVERS\CompositeBus.sys [2009-05-08 31232]
S3 DXGKrnl;LDDM Graphics Subsystem;c:\windows\System32\drivers\dxgkrnl.sys [2009-05-08 720384]
S3 fdPHost;Hostitel poskytovatele rozpoznávání funkce;c:\windows\system32\svchost.exe [2009-05-08 20480]
S3 HomeGroupProvider;Zprostředkovatel domácích skupin;c:\windows\System32\svchost.exe [2009-05-08 20480]
S3 monitor;Služba ovladače funkce třídy monitorů Microsoft;c:\windows\system32\DRIVERS\monitor.sys [2009-05-08 23552]
S3 mpsdrv;Ovladač ověření brány Windows Firewall;c:\windows\system32\drivers\mpsdrv.sys [2009-05-08 59904]
S3 mrxsmb10;Mini-přesměrovač SMB 1.x;c:\windows\system32\DRIVERS\mrxsmb10.sys [2009-05-08 220672]
S3 mrxsmb20;Mini-přesměrovač SMB 2.0;c:\windows\system32\DRIVERS\mrxsmb20.sys [2009-05-08 95232]
S3 netprofm;Služba seznamu sítí;c:\windows\System32\svchost.exe [2009-05-08 20480]
S3 PcaSvc;Program Compatibility Assistant Service;c:\windows\system32\svchost.exe [2009-05-08 20480]
S3 RasAgileVpn;WAN Miniport (IKEv2);c:\windows\system32\DRIVERS\AgileVpn.sys [2009-05-08 49152]
S3 rdpbus;Remote Desktop Device Redirector Bus Driver;c:\windows\system32\DRIVERS\rdpbus.sys [2009-05-08 18432]
S3 srv2;Ovladač pro server SMB 2.xxx;c:\windows\system32\DRIVERS\srv2.sys [2009-05-08 305664]
S3 srvnet;srvnet;c:\windows\system32\DRIVERS\srvnet.sys [2009-05-08 113664]
S3 tunnel;Microsoft Tunnel Miniport Adapter Driver;c:\windows\system32\DRIVERS\tunnel.sys [2009-05-08 108032]
S3 umbus;Ovladač sběrnice UMBus Enumerator;c:\windows\system32\DRIVERS\umbus.sys [2009-05-08 39936]
S3 WdiServiceHost;Hostitel diagnostické služby;c:\windows\System32\svchost.exe [2009-05-08 20480]
S3 WPDBusEnum;Služba Výčet přenosných zařízení;c:\windows\system32\svchost.exe [2009-05-08 20480]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
RPCSS REG_MULTI_SZ RpcEptMapper RpcSs
defragsvc REG_MULTI_SZ defragsvc
WerSvcGroup REG_MULTI_SZ wersvc
LocalServiceNoNetwork REG_MULTI_SZ DPS PLA BFE mpssvc WwanSvc
swprv REG_MULTI_SZ swprv
LocalServicePeerNet REG_MULTI_SZ PNRPSvc p2pimsvc p2psvc PnrpAutoReg
NetworkServiceAndNoImpersonation REG_MULTI_SZ KtmRm
regsvc REG_MULTI_SZ RemoteRegistry
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc Mcx2Svc SensrSvc
DcomLaunch REG_MULTI_SZ Power PlugPlay DcomLaunch
NetworkServiceNetworkRestricted REG_MULTI_SZ PolicyAgent
sdrsvc REG_MULTI_SZ sdrsvc
WbioSvcGroup REG_MULTI_SZ WbioSrvc
wcssvc REG_MULTI_SZ WcsPlugInService
secsvcs REG_MULTI_SZ WinDefend
AxInstSVGroup REG_MULTI_SZ AxInstSV
PeerDist REG_MULTI_SZ PeerDistSvc

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
AeLookupSvc
CertPropSvc
SCPolicySvc
lanmanserver
gpsvc
IKEEXT
AudioSrv
FastUserSwitchingCompatibility
Nla
NWCWorkstation
SRService
Wmi
WmdmPmSp
TermService
wuauserv
BITS
ShellHWDetection
LogonHours
PCAudit
helpsvc
uploadmgr
iphlpsvc
seclogon
AppInfo
msiscsi
MMCSS
wercplsupport
hkmsvc
browser
schedule
SessionEnv
winmgmt
ProfSvc
EapHost
BDESVC
Themes
AppMgmt

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalSystemNetworkRestricted
homegrouplistener


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
WdiServiceHost
sppuinotify

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetworkService
lanmanworkstation

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalServiceNetworkRestricted
BthHFSrv
homegroupprovider

.
Obsah adresáře 'Naplánované úlohy'

2011-01-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-04 11:22]

2011-01-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-04 11:22]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: &Winamp Search - c:\programdata\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~4\Office14\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~1\MICROS~4\Office14\ONBttnIE.dll/105
IE: WikiKomentáře Google... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
FF - ProfilePath - c:\users\Iceman\AppData\Roaming\Mozilla\Firefox\Profiles\2rhoq709.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=DSGOH&o=102808&locale=en_EU&apn_uid=74390AA4-6A46-4C41-BA01-BE899C5E4426&apn_ptnrs=4L&apn_sauid=2A26D74A-FC80-41BF-836A-636E963AB071&apn_dtid=YYYYYYYYCZ&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Skype extension for Firefox: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Ask Toolbar: toolbar@ask.com - %profile%\extensions\toolbar@ask.com
FF - Ext: Facebook Chat History Manager: fbchathistory@firechm.com - %profile%\extensions\fbchathistory@firechm.com
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
HKCU-Run-RGSC - d:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe
Notify-printxw - printxw.dll
SafeBoot-WudfPf
SafeBoot-WudfRd
SafeBoot-sacsvr
SafeBoot-vmms
AddRemove-{259C0ABB-A3B2-4D70-008F-BF7EE491B70B} - d:\program files\Electronic Arts\Need for Speed Carbon\EAUninstall.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-10 20:25
Windows 6.1.7127 NTFS

detected NTDLL code modification:
ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-10 20:25
Windows 6.1.7127 NTFS

detected NTDLL code modification:
ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-10 20:25
Windows 6.1.7127 NTFS

detected NTDLL code modification:
ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-10 20:25
Windows 6.1.7127 NTFS

detected NTDLL code modification:
ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-10 20:25
Windows 6.1.7127 NTFS

detected NTDLL code modification:
ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-10 20:25
Windows 6.1.7127 NTFS

detected NTDLL code modification:
ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-10 20:25
Windows 6.1.7127 NTFS

detected NTDLL code modification:
ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-10 20:25
Windows 6.1.7127 NTFS

detected NTDLL code modification:
ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-10 20:25
Windows 6.1.7127 NTFS

detected NTDLL code modification:
ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-10 20:25
Windows 6.1.7127 NTFS

detected NTDLL code modification:
ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-10 20:25
Windows 6.1.7127 NTFS

detected NTDLL code modification:
ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error
skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory:

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.1.7127 Disk: WDC_WD74 rev.21.0 -> Harddisk1\DR1 ->

device: opened successfully
user: MBR read successfully

Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ntkrnlpa.exe
1 ntkrnlpa!IofCallDriver[0x82A6A3DB] -> \Device\Harddisk1\DR1[0x85F64590]
3 CLASSPNP[0x891A1E0A] -> ntkrnlpa!IofCallDriver[0x82A6A3DB] -> [0x85BF15F8]
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; MOV CX, 0x4; MOV BP, 0x7be; CMP BYTE [BP+0x0], 0x0; }
detected disk devices:
\Device\0000005c -> \??\SCSI#Disk&Ven_WDC_WD74&Prod_0ADFD-00NLR5#4&2cf43283&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
user & kernel MBR OK

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2011-01-10 20:27:18
ComboFix-quarantined-files.txt 2011-01-10 19:27

Před spuštěním: 6 211 321 856
Po spuštění: 6 017 998 848

- - End Of File - - FD266F6F08FDBA713940C40DB56B783C

Nevím co dál,prosím pomozte.

[vyosek]

Zdravim a pekny den preji

Doufam ze mate zazalohovana dulezita data, jelikoz jestli tohle system prezije, tak bude dobrej

Ten ComboFix Vam poradil kdo - v podminkach je ze se ma pouzivat jen na doporuceni, jinak nemate narok na podporu. Budte rad ze Vam nesundal system - vizte nebezpeci nize

Nebezpeci CFka

• Je urcen primarne pro radce - jeho svevolnym pouzitim ztracite narok na podporu
• Maze stopy po haveti, takze v logu z RSIT neni nic videt
• Jeho log je treba dolustit, jelikoz neumi smazat vse - to ovsem tezko zvladnete pokud k tomu nejste vyskolen
• CF muze mit bug = sunda Vam system, pokud nevite kam co uklada, jak co obnovit, mate system v kytkam a ceka Vas reinstal
• CF taky bohuzel prozatim nekontroluje nektere dulezite knihovny (napr. hal.dll) - ty treba mazou nektere typy haveti (napr. angela) - smaze Vam po restartu hal.dll = nenajede Vam system a jste o radek vyse = reinstal

Prihlaste se do nouzoveho rezimu (restart PC, mackat F8, zvolit Stav nouze s praci v siti)

Aplikujte AVPTool dle tohoto navodu http://www.viry.cz/forum/viewtopic.php?f=29&t=58179 log pak sem

[vyosek]

Prectete si prosim jeste Soukromou zpravu

[iceman1978]

Automatická kontrola: zastaveno před 1 hod. (události: 3, objekty: 374, čas: 00:04:21)
12.1.2011 19:27:22 Úloha byla spuštěna
12.1.2011 19:28:37 Zjištěno: Trojan-PSW.Win32.Papras.akp C:\Windows\System32\drivers\svtanegar.exe/UPX
12.1.2011 19:31:43 Úloha byla zastavena
Dezinfikovat aktivní hrozby: selhání (události: 2, objekty: 0, čas: Neznámý)
12.1.2011 19:31:42 Úloha byla spuštěna
12.1.2011 19:31:44 Zjištěno: Trojan-PSW.Win32.Papras.akp C:\Windows\System32\drivers\svtanegar.exe/UPX
Dezinfikovat aktivní hrozby: dokončeno před 1 hod. (události: 6, objekty: 3845, čas: 00:02:57)
12.1.2011 19:48:00 Úloha byla spuštěna
12.1.2011 19:48:00 Zjištěno: Trojan-PSW.Win32.Papras.akp C:\Windows\System32\drivers\svtanegar.exe/UPX
12.1.2011 19:48:22 Bude odstraněno při restartování systému: Trojan-PSW.Win32.Papras.akp C:\Windows\System32\drivers\svtanegar.exe
12.1.2011 19:48:58 Zjištěno: Trojan-PSW.Win32.Papras.akp C:\Windows\System32\drivers\svtanegar.exe/UPX
12.1.2011 19:49:07 Bude odstraněno při restartování systému: Trojan-PSW.Win32.Papras.akp C:\Windows\System32\drivers\svtanegar.exe
12.1.2011 19:50:57 Úloha byla dokončena
Automatická kontrola: dokončeno před 3 min. (události: 4, objekty: 541178, čas: 01:16:53)
12.1.2011 19:54:02 Úloha byla spuštěna
12.1.2011 20:23:11 Zjištěno: Trojan-Proxy.Win32.Agent.dlv C:\Qoobox\Quarantine\C\Windows\system32\ungzpw.dll.vir
12.1.2011 20:24:33 Odstraněno: Trojan-Proxy.Win32.Agent.dlv C:\Qoobox\Quarantine\C\Windows\system32\ungzpw.dll.vir
12.1.2011 21:10:55 Úloha byla dokončena

[vyosek]

Pokud nemate, tak presunte Combofix na plochu

• Spustte poznamkovy blok (Start-spustit-notepad)
• Zkopirujte skript nize

• Kód: Vybrat vše

  KillAll::
  
  Folder::
  c:\program files\Ask.com
  c:\program files\Winamp Toolbar
  
  File::
  c:\program files\ConduitEngine\ConduitEngine.dll
  c:\program files\Online_Radio_India\tbOnli.dll
  c:\windows\system32\DRIVERS\srenum.sys
  c:\windows\system32\drivers\svtanegar.exe
  c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
  c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
  
  Driver::
  srenum
  svtaneg
  
  Registry::
  [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
  "{00000000-6E41-4FD3-8538-502F5495E5FC}"=-
  "{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}"=-
  "{952d8189-ea25-431b-8ed6-7758dcc933d1}"=-
  [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
  [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{952d8189-ea25-431b-8ed6-7758dcc933d1}]
  [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
  "{952d8189-ea25-431b-8ed6-7758dcc933d1}"=-
  "{30F9B915-B755-4826-820B-08FBA6BD249D}"=-
  "{D4027C7F-154A-4066-A1AD-4243D8127440}"=-
  [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
  "{952d8189-ea25-431b-8ed6-7758dcc933d1}"=-
  "{30F9B915-B755-4826-820B-08FBA6BD249D}"=-
  "{D4027C7F-154A-4066-A1AD-4243D8127440}"=-
  [-HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
  [-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
  [-HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
  [-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
  [-HKEY_CLASSES_ROOT\clsid\{952d8189-ea25-431b-8ed6-7758dcc933d1}]
  [-HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
  [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "swg"=-
  "DAEMON Tools Lite"=-
  "PC Suite Tray"=-
  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "SunJavaUpdateSched"=-
  [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
  "ATICustomerCare"=-
  "SunJavaUpdateSched"=-
  "Adobe Reader Speed Launcher"=-
  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost]
  "netsvcs"=hex(7):41,65,4C,6F,6F,6B,75,70,53,76,63,00,41,70,\
    70,49,6E,66,6F,00,41,70,70,4D,67,6D,74,00,41,75,64,69,6F,53,72,76,00,42,\
    44,45,53,56,43,00,42,49,54,53,00,62,72,6F,77,73,65,72,00,43,65,72,74,\
    50,72,6F,70,53,76,63,00,45,61,70,48,6F,73,74,00,46,61,73,74,55,73,65,\
    72,53,77,69,74,63,68,69,6E,67,43,6F,6D,70,61,74,69,62,69,6C,69,74,79,\
    00,67,70,73,76,63,00,68,65,6C,70,73,76,63,00,68,6B,6D,73,76,63,00,49,\
    61,73,00,49,4B,45,45,58,54,00,69,70,68,6C,70,73,76,63,00,49,72,6D,6F,\
    6E,00,6C,61,6E,6D,61,6E,73,65,72,76,65,72,00,4C,6F,67,6F,6E,48,6F,75,\
    72,73,00,4D,4D,43,53,53,00,6D,73,69,73,63,73,69,00,4E,6C,61,00,4E,74,\
    6D,73,73,76,63,00,4E,57,43,57,6F,72,6B,73,74,61,74,69,6F,6E,00,4E,77,\
    73,61,70,61,67,65,6E,74,00,50,43,41,75,64,69,74,00,50,72,6F,66,53,76,\
    63,00,52,61,73,61,75,74,6F,00,52,61,73,6D,61,6E,00,52,65,6D,6F,74,65,\
    61,63,63,65,73,73,00,53,43,50,6F,6C,69,63,79,53,76,63,00,73,65,63,6C,\
    6F,67,6F,6E,00,53,45,4E,53,00,53,65,73,73,69,6F,6E,45,6E,76,00,53,68,\
    61,72,65,64,61,63,63,65,73,73,00,53,68,65,6C,6C,48,57,44,65,74,65,63,\
    74,69,6F,6E,00,73,63,68,65,64,75,6C,65,00,53,52,53,65,72,76,69,63,65,\
    00,54,61,70,69,73,72,76,00,54,65,72,6D,53,65,72,76,69,63,65,00,54,68,\
    65,6D,65,73,00,75,70,6C,6F,61,64,6D,67,72,00,77,65,72,63,70,6C,73,75,\
    70,70,6F,72,74,00,77,69,6E,6D,67,6D,74,00,57,6D,64,6D,50,6D,53,70,00,57,\
    6D,69,00,77,75,61,75,73,65,72,76,00,00
  
  DDS::
  IE: &Winamp Search - c:\programdata\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
  
  Firefox::
  FF - ProfilePath - c:\users\Iceman\AppData\Roaming\Mozilla\Firefox\Profiles\2rhoq709.default\
  FF - prefs.js: browser.search.selectedEngine - Ask.com
  FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?clien ... YYYYYCZ&q=
  FF - Ext: Ask Toolbar: toolbar@ask.com - %profile%\extensions\toolbar@ask.com
  
  RegLock::
  [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
  [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
  [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
  [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

• Ulozte vytvoreny TXT jako CFScript.txt
• Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
  
• Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte

Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci

[iceman1978]

Vše jsem udělal jak jste mi poradil,tady je nový log:

ComboFix 11-01-12.04 - Iceman 13.01.2011 20:35:00.2.2 - x86
Microsoft Windows 7 Ultimate 6.1.7127.0.1250.420.1029.18.2048.1441 [GMT 1:00]
Spuštěný z: c:\users\Iceman\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Iceman\Desktop\CFScript.txt.txt
AV: ESET NOD32 Antivirus 4.0 *Disabled/Updated* {CB0F8167-5331-BA19-698E-64816B6801A5}
SP: ESET NOD32 Antivirus 4.0 *Disabled/Updated* {706E6083-750B-B597-533E-5FF310EF4B18}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FILE ::
"c:\program files\ConduitEngine\ConduitEngine.dll"
"c:\program files\Online_Radio_India\tbOnli.dll"
"c:\windows\system32\DRIVERS\srenum.sys"
"c:\windows\system32\drivers\svtanegar.exe"
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Ask.com
c:\program files\Ask.com\cobrand.ico
c:\program files\Ask.com\config.xml
c:\program files\Ask.com\favicon.ico
c:\program files\Ask.com\fv_dae4.ico
c:\program files\Ask.com\GenericAskToolbar.dll
c:\program files\Ask.com\mupcfg.xml
c:\program files\Ask.com\SaUpdate.exe
c:\program files\Ask.com\UpdateTask.exe
c:\program files\ConduitEngine\ConduitEngine.dll
c:\program files\Online_Radio_India\tbOnli.dll
c:\users\Iceman\AppData\Roaming\Mozilla\Firefox\Profiles\2rhoq709.default\extensions\toolbar@ask.com
c:\users\Iceman\AppData\Roaming\Mozilla\Firefox\Profiles\2rhoq709.default\extensions\toolbar@ask.com\datastore\cache.sqlite
c:\users\Iceman\AppData\Roaming\Mozilla\Firefox\Profiles\2rhoq709.default\extensions\toolbar@ask.com\defaults.js.bak
c:\users\Iceman\AppData\Roaming\Mozilla\Firefox\Profiles\2rhoq709.default\extensions\toolbar@ask.com\defaults\preferences\defaults.js
c:\users\Iceman\AppData\Roaming\Mozilla\Firefox\Profiles\2rhoq709.default\extensions\toolbar@ask.com\chrome.manifest
c:\users\Iceman\AppData\Roaming\Mozilla\Firefox\Profiles\2rhoq709.default\extensions\toolbar@ask.com\chrome\content\about.js
c:\users\Iceman\AppData\Roaming\Mozilla\Firefox\Profiles\2rhoq709.default\extensions\toolbar@ask.com\chrome\content\about.xul
c:\users\Iceman\AppData\Roaming\Mozilla\Firefox\Profiles\2rhoq709.default\extensions\toolbar@ask.com\chrome\content\cache.js
c:\users\Iceman\AppData\Roaming\Mozilla\Firefox\Profiles\2rhoq709.default\extensions\toolbar@ask.com\chrome\content\constants.js
c:\users\Iceman\AppData\Roaming\Mozilla\Firefox\Profiles\2rhoq709.default\extensions\toolbar@ask.com\chrome\content\core.js
c:\users\Iceman\AppData\Roaming\Mozilla\Firefox\Profiles\2rhoq709.default\extensions\toolbar@ask.com\chrome\content\custom-command-listener.js
c:\users\Iceman\AppData\Roaming\Mozilla\Firefox\Profiles\2rhoq709.default\extensions\toolbar@ask.com\chrome\content\events.js
c:\users\Iceman\AppData\Roaming\Mozilla\Firefox\Profiles\2rhoq709.default\extensions\toolbar@ask.com\chrome\content\feeds.js
c:\users\Iceman\AppData\Roaming\Mozilla\Firefox\Profiles\2rhoq709.default\extensions\toolbar@ask.com\chrome\content\json.js
c:\users\Iceman\AppData\Roaming\Mozilla\Firefox\Profiles\2rhoq709.default\extensions\toolbar@ask.com\chrome\content\lifecycle.js
c:\users\Iceman\AppData\Roaming\Mozilla\Firefox\Profiles\2rhoq709.default\extensions\toolbar@ask.com\chrome\content\listeners.js
c:\users\Iceman\AppData\Roaming\Mozilla\Firefox\Profiles\2rhoq709.default\extensions\toolbar@ask.com\chrome\content\locale.js
c:\users\Iceman\AppData\Roaming\Mozilla\Firefox\Profiles\2rhoq709.default\extensions\toolbar@ask.com\chrome\content\logger.js
c:\users\Iceman\AppData\Roaming\Mozilla\Firefox\Profiles\2rhoq709.default\extensions\toolbar@ask.com\chrome\content\network.js
c:\users\Iceman\AppData\Roaming\Mozilla\Firefox\Profiles\2rhoq709.default\extensions\toolbar@ask.com\chrome\content\observer.js
c:\users\Iceman\AppData\Roaming\Mozilla\Firefox\Profiles\2rhoq709.default\extensions\toolbar@ask.com\chrome\content\options.js
c:\users\Iceman\AppData\Roaming\Mozilla\Firefox\Profiles\2rhoq709.default\extensions\toolbar@ask.com\chrome\content\options.xul
c:\users\Iceman\AppData\Roaming\Mozilla\Firefox\Profiles\2rhoq709.default\extensions\toolbar@ask.com\chrome\content\preferences.js
c:\users\Iceman\AppData\Roaming\Mozilla\Firefox\Profiles\2rhoq709.default\extensions\toolbar@ask.com\chrome\content\prefetch.js
c:\users\Iceman\AppData\Roaming\Mozilla\Firefox\Profiles\2rhoq709.default\extensions\toolbar@ask.com\chrome\content\ss-popup-bindings.xml
c:\users\Iceman\AppData\Roaming\Mozilla\Firefox\Profiles\2rhoq709.default\extensions\toolbar@ask.com\chrome\content\suggestions.js
c:\users\Iceman\AppData\Roaming\Mozilla\Firefox\Profiles\2rhoq709.default\extensions\toolbar@ask.com\chrome\content\update.js
c:\users\Iceman\AppData\Roaming\Mozilla\Firefox\Profiles\2rhoq709.default\extensions\toolbar@ask.com\chrome\content\utilities.js
c:\users\Iceman\AppData\Roaming\Mozilla\Firefox\Profiles\2rhoq709.default\extensions\toolbar@ask.com\chrome\content\webframe-bindings.xml
c:\users\Iceman\AppData\Roaming\Mozilla\Firefox\Profiles\2rhoq709.default\extensions\toolbar@ask.com\chrome\content\webframe-manager.js
c:\users\Iceman\AppData\Roaming\Mozilla\Firefox\Profiles\2rhoq709.default\extensions\toolbar@ask.com\chrome\content\widget-controller.js
c:\users\Iceman\AppData\Roaming\Mozilla\Firefox\Profiles\2rhoq709.default\extensions\toolbar@ask.com\chrome\content\widget-popup.xul
c:\users\Iceman\AppData\Roaming\Mozilla\Firefox\Profiles\2rhoq709.default\extensions\toolbar@ask.com\chrome\content\widgets.js
c:\users\Iceman\AppData\Roaming\Mozilla\Firefox\Profiles\2rhoq709.default\extensions\toolbar@ask.com\chrome\skin\abc.png
c:\users\Iceman\AppData\Roaming\Mozilla\Firefox\Profiles\2rhoq709.default\extensions\toolbar@ask.com\chrome\skin\amazon_16x.png
c:\users\Iceman\AppData\Roaming\Mozilla\Firefox\Profiles\2rhoq709.default\extensions\toolbar@ask.com\chrome\skin\as.png
c:\users\Iceman\AppData\Roaming\Mozilla\Firefox\Profiles\2rhoq709.default\extensions\toolbar@ask.com\chrome\skin\ask_16x16.png
c:\users\Iceman\AppData\Roaming\Mozilla\Firefox\Profiles\2rhoq709.default\extensions\toolbar@ask.com\chrome\skin\ask_32x32.png
c:\users\Iceman\AppData\Roaming\Mozilla\Firefox\Profiles\2rhoq709.default\extensions\toolbar@ask.com\chrome\skin\ask_browser_ff_chrome.png
c:\users\Iceman\AppData\Roaming\Mozilla\Firefox\Profiles\2rhoq709.default\extensions\toolbar@ask.com\chrome\skin\asklogo.png
c:\users\Iceman\AppData\Roaming\Mozilla\Firefox\Profiles\2rhoq709.default\extensions\toolbar@ask.com\chrome\skin\bbc_news.png
c:\users\Iceman\AppData\Roaming\Mozilla\Firefox\Profiles\2rhoq709.default\extensions\toolbar@ask.com\chrome\skin\beppe_grillo.png
c:\users\Iceman\AppData\Roaming\Mozilla\Firefox\Profiles\2rhoq709.default\extensions\toolbar@ask.com\chrome\skin\bg.png
c:\users\Iceman\AppData\Roaming\Mozilla\Firefox\Profiles\2rhoq709.default\extensions\toolbar@ask.com\chrome\skin\bild.png
c:\users\Iceman\AppData\Roaming\Mozilla\Firefox\Profiles\2rhoq709.default\extensions\toolbar@ask.com\chrome\skin\blogs.png
c:\users\Iceman\AppData\Roaming\Mozilla\Firefox\Profiles\2rhoq709.default\extensions\toolbar@ask.com\chrome\skin\business.png
c:\users\Iceman\AppData\Roaming\Mozilla\Firefox\Profiles\2rhoq709.default\extensions\toolbar@ask.com\chrome\skin\celebrity.png
c:\users\Iceman\AppData\Roaming\Mozilla\Firefox\Profiles\2rhoq709.default\extensions\toolbar@ask.com\chrome\skin\close.png
c:\users\Iceman\AppData\Roaming\Mozilla\Firefox\Profiles\2rhoq709.default\extensions\toolbar@ask.com\chrome\skin\cnn_16x.png
c:\users\Iceman\AppData\Roaming\Mozilla\Firefox\Profiles\2rhoq709.default\extensions\toolbar@ask.com\chrome\skin\corriere_della_sera.png
c:\users\Iceman\AppData\Roaming\Mozilla\Firefox\Profiles\2rhoq709.default\extensions\toolbar@ask.com\chrome\skin\dictionary.png
c:\users\Iceman\AppData\Roaming\Mozilla\Firefox\Profiles\2rhoq709.default\extensions\toolbar@ask.com\chrome\skin\el_mundo.png
c:\users\Iceman\AppData\Roaming\Mozilla\Firefox\Profiles\2rhoq709.default\extensions\toolbar@ask.com\chrome\skin\email_16x.png
c:\users\Iceman\AppData\Roaming\Mozilla\Firefox\Profiles\2rhoq709.default\extensions\toolbar@ask.com\chrome\skin\expansion.png
c:\users\Iceman\AppData\Roaming\Mozilla\Firefox\Profiles\2rhoq709.default\extensions\toolbar@ask.com\chrome\skin\facebook_16x.png
c:\users\Iceman\AppData\Roaming\Mozilla\Firefox\Profiles\2rhoq709.default\extensions\toolbar@ask.com\chrome\skin\folha.png
c:\users\Iceman\AppData\Roaming\Mozilla\Firefox\Profiles\2rhoq709.default\extensions\toolbar@ask.com\chrome\skin\ft.png
c:\users\Iceman\AppData\Roaming\Mozilla\Firefox\Profiles\2rhoq709.default\extensions\toolbar@ask.com\chrome\skin\ftd.png
c:\users\Iceman\AppData\Roaming\Mozilla\Firefox\Profiles\2rhoq709.default\extensions\toolbar@ask.com\chrome\skin\g1.png
c:\users\Iceman\AppData\Roaming\Mozilla\Firefox\Profiles\2rhoq709.default\extensions\toolbar@ask.com\chrome\skin\games_16x.png
c:\users\Iceman\AppData\Roaming\Mozilla\Firefox\Profiles\2rhoq709.default\extensions\toolbar@ask.com\chrome\skin\gazzetta_dello_sport.png
c:\users\Iceman\AppData\Roaming\Mozilla\Firefox\Profiles\2rhoq709.default\extensions\toolbar@ask.com\chrome\skin\globe_18x.png
c:\users\Iceman\AppData\Roaming\Mozilla\Firefox\Profiles\2rhoq709.default\extensions\toolbar@ask.com\chrome\skin\gripper.png
c:\users\Iceman\AppData\Roaming\Mozilla\Firefox\Profiles\2rhoq709.default\extensions\toolbar@ask.com\chrome\skin\highlight_16x.png
c:\users\Iceman\AppData\Roaming\Mozilla\Firefox\Profiles\2rhoq709.default\extensions\toolbar@ask.com\chrome\skin\highlighter_off.png
c:\users\Iceman\AppData\Roaming\Mozilla\Firefox\Profiles\2rhoq709.default\extensions\toolbar@ask.com\chrome\skin\highlighter_on.png
c:\users\Iceman\AppData\Roaming\Mozilla\Firefox\Profiles\2rhoq709.default\extensions\toolbar@ask.com\chrome\skin\hola.png
c:\users\Iceman\AppData\Roaming\Mozilla\Firefox\Profiles\2rhoq709.default\extensions\toolbar@ask.com\chrome\skin\chevron.png
c:\users\Iceman\AppData\Roaming\Mozilla\Firefox\Profiles\2rhoq709.default\extensions\toolbar@ask.com\chrome\skin\icon_film1_16x.png
c:\users\Iceman\AppData\Roaming\Mozilla\Firefox\Profiles\2rhoq709.default\extensions\toolbar@ask.com\chrome\skin\icon_history_16x.png
c:\users\Iceman\AppData\Roaming\Mozilla\Firefox\Profiles\2rhoq709.default\extensions\toolbar@ask.com\chrome\skin\icon_news_ru_16x.png
c:\users\Iceman\AppData\Roaming\Mozilla\Firefox\Profiles\2rhoq709.default\extensions\toolbar@ask.com\chrome\skin\icon_nu_16x.png
c:\users\Iceman\AppData\Roaming\Mozilla\Firefox\Profiles\2rhoq709.default\extensions\toolbar@ask.com\chrome\skin\icon_radiodigital_16x.png
c:\users\Iceman\AppData\Roaming\Mozilla\Firefox\Profiles\2rhoq709.default\extensions\toolbar@ask.com\chrome\skin\icon_sports_16x.png
c:\users\Iceman\AppData\Roaming\Mozilla\Firefox\Profiles\2rhoq709.default\extensions\toolbar@ask.com\chrome\skin\icon_sportsru_16x.png
c:\users\Iceman\AppData\Roaming\Mozilla\Firefox\Profiles\2rhoq709.default\extensions\toolbar@ask.com\chrome\skin\icon_vk_16x.png
c:\users\Iceman\AppData\Roaming\Mozilla\Firefox\Profiles\2rhoq709.default\extensions\toolbar@ask.com\chrome\skin\icons_business_16x.png
c:\users\Iceman\AppData\Roaming\Mozilla\Firefox\Profiles\2rhoq709.default\extensions\toolbar@ask.com\chrome\skin\images.png
c:\users\Iceman\AppData\Roaming\Mozilla\Firefox\Profiles\2rhoq709.default\extensions\toolbar@ask.com\chrome\skin\kicker.png
c:\users\Iceman\AppData\Roaming\Mozilla\Firefox\Profiles\2rhoq709.default\extensions\toolbar@ask.com\chrome\skin\labels-de.properties
c:\users\Iceman\AppData\Roaming\Mozilla\Firefox\Profiles\2rhoq709.default\extensions\toolbar@ask.com\chrome\skin\labels-en.properties
c:\users\Iceman\AppData\Roaming\Mozilla\Firefox\Profiles\2rhoq709.default\extensions\toolbar@ask.com\chrome\skin\labels-es.properties
c:\users\Iceman\AppData\Roaming\Mozilla\Firefox\Profiles\2rhoq709.default\extensions\toolbar@ask.com\chrome\skin\labels-fr.properties
c:\users\Iceman\AppData\Roaming\Mozilla\Firefox\Profiles\2rhoq709.default\extensions\toolbar@ask.com\chrome\skin\labels-it.properties
c:\users\Iceman\AppData\Roaming\Mozilla\Firefox\Profiles\2rhoq709.default\extensions\toolbar@ask.com\chrome\skin\labels-nl.properties
c:\users\Iceman\AppData\Roaming\Mozilla\Firefox\Profiles\2rhoq709.default\extensions\toolbar@ask.com\chrome\skin\labels-pt.properties
c:\users\Iceman\AppData\Roaming\Mozilla\Firefox\Profiles\2rhoq709.default\extensions\toolbar@ask.com\chrome\skin\labels-ru.properties
c:\users\Iceman\AppData\Roaming\Mozilla\Firefox\Profiles\2rhoq709.default\extensions\toolbar@ask.com\chrome\skin\laposte.png
c:\users\Iceman\AppData\Roaming\Mozilla\Firefox\Profiles\2rhoq709.default\extensions\toolbar@ask.com\chrome\skin\lemonde.png
c:\users\Iceman\AppData\Roaming\Mozilla\Firefox\Profiles\2rhoq709.default\extensions\toolbar@ask.com\chrome\skin\lequipe.png
c:\users\Iceman\AppData\Roaming\Mozilla\Firefox\Profiles\2rhoq709.default\extensions\toolbar@ask.com\chrome\skin\libero_it.png
c:\users\Iceman\AppData\Roaming\Mozilla\Firefox\Profiles\2rhoq709.default\extensions\toolbar@ask.com\chrome\skin\links-BR.properties
c:\users\Iceman\AppData\Roaming\Mozilla\Firefox\Profiles\2rhoq709.default\extensions\toolbar@ask.com\chrome\skin\links-DE.properties
c:\users\Iceman\AppData\Roaming\Mozilla\Firefox\Profiles\2rhoq709.default\extensions\toolbar@ask.com\chrome\skin\links-ES.properties
c:\users\Iceman\AppData\Roaming\Mozilla\Firefox\Profiles\2rhoq709.default\extensions\toolbar@ask.com\chrome\skin\links-EU.properties
c:\users\Iceman\AppData\Roaming\Mozilla\Firefox\Profiles\2rhoq709.default\extensions\toolbar@ask.com\chrome\skin\links-FR.properties
c:\users\Iceman\AppData\Roaming\Mozilla\Firefox\Profiles\2rhoq709.default\extensions\toolbar@ask.com\chrome\skin\links-IT.properties
c:\users\Iceman\AppData\Roaming\Mozilla\Firefox\Profiles\2rhoq709.default\extensions\toolbar@ask.com\chrome\skin\links-NL.properties
c:\users\Iceman\AppData\Roaming\Mozilla\Firefox\Profiles\2rhoq709.default\extensions\toolbar@ask.com\chrome\skin\links-RU.properties
c:\users\Iceman\AppData\Roaming\Mozilla\Firefox\Profiles\2rhoq709.default\extensions\toolbar@ask.com\chrome\skin\links-UK.properties
c:\users\Iceman\AppData\Roaming\Mozilla\Firefox\Profiles\2rhoq709.default\extensions\toolbar@ask.com\chrome\skin\links-US.properties
c:\users\Iceman\AppData\Roaming\Mozilla\Firefox\Profiles\2rhoq709.default\extensions\toolbar@ask.com\chrome\skin\logo_32x32.png
c:\users\Iceman\AppData\Roaming\Mozilla\Firefox\Profiles\2rhoq709.default\extensions\toolbar@ask.com\chrome\skin\magnify_search.png
c:\users\Iceman\AppData\Roaming\Mozilla\Firefox\Profiles\2rhoq709.default\extensions\toolbar@ask.com\chrome\skin\magnify_search_grey_16x.png
c:\users\Iceman\AppData\Roaming\Mozilla\Firefox\Profiles\2rhoq709.default\extensions\toolbar@ask.com\chrome\skin\maps.png
c:\users\Iceman\AppData\Roaming\Mozilla\Firefox\Profiles\2rhoq709.default\extensions\toolbar@ask.com\chrome\skin\mtv.png
c:\users\Iceman\AppData\Roaming\Mozilla\Firefox\Profiles\2rhoq709.default\extensions\toolbar@ask.com\chrome\skin\news.png
c:\users\Iceman\AppData\Roaming\Mozilla\Firefox\Profiles\2rhoq709.default\extensions\toolbar@ask.com\chrome\skin\oglobo.png
c:\users\Iceman\AppData\Roaming\Mozilla\Firefox\Profiles\2rhoq709.default\extensions\toolbar@ask.com\chrome\skin\orkut.png
c:\users\Iceman\AppData\Roaming\Mozilla\Firefox\Profiles\2rhoq709.default\extensions\toolbar@ask.com\chrome\skin\personas.png
c:\users\Iceman\AppData\Roaming\Mozilla\Firefox\Profiles\2rhoq709.default\extensions\toolbar@ask.com\chrome\skin\preferences.png
c:\users\Iceman\AppData\Roaming\Mozilla\Firefox\Profiles\2rhoq709.default\extensions\toolbar@ask.com\chrome\skin\search.png
c:\users\Iceman\AppData\Roaming\Mozilla\Firefox\Profiles\2rhoq709.default\extensions\toolbar@ask.com\chrome\skin\search_ask.png
c:\users\Iceman\AppData\Roaming\Mozilla\Firefox\Profiles\2rhoq709.default\extensions\toolbar@ask.com\chrome\skin\search_ask_de.png
c:\users\Iceman\AppData\Roaming\Mozilla\Firefox\Profiles\2rhoq709.default\extensions\toolbar@ask.com\chrome\skin\search_ask_es.png
c:\users\Iceman\AppData\Roaming\Mozilla\Firefox\Profiles\2rhoq709.default\extensions\toolbar@ask.com\chrome\skin\search_ask_fr.png
c:\users\Iceman\AppData\Roaming\Mozilla\Firefox\Profiles\2rhoq709.default\extensions\toolbar@ask.com\chrome\skin\search_ask_it.png
c:\users\Iceman\AppData\Roaming\Mozilla\Firefox\Profiles\2rhoq709.default\extensions\toolbar@ask.com\chrome\skin\search_ask_nl.png
c:\users\Iceman\AppData\Roaming\Mozilla\Firefox\Profiles\2rhoq709.default\extensions\toolbar@ask.com\chrome\skin\search_ask_pl.png
c:\users\Iceman\AppData\Roaming\Mozilla\Firefox\Profiles\2rhoq709.default\extensions\toolbar@ask.com\chrome\skin\search_ask_pt.png
c:\users\Iceman\AppData\Roaming\Mozilla\Firefox\Profiles\2rhoq709.default\extensions\toolbar@ask.com\chrome\skin\search_ask_ru.png
c:\users\Iceman\AppData\Roaming\Mozilla\Firefox\Profiles\2rhoq709.default\extensions\toolbar@ask.com\chrome\skin\search_cobrand.png
c:\users\Iceman\AppData\Roaming\Mozilla\Firefox\Profiles\2rhoq709.default\extensions\toolbar@ask.com\chrome\skin\search_current_site.png
c:\users\Iceman\AppData\Roaming\Mozilla\Firefox\Profiles\2rhoq709.default\extensions\toolbar@ask.com\chrome\skin\search_de.png
c:\users\Iceman\AppData\Roaming\Mozilla\Firefox\Profiles\2rhoq709.default\extensions\toolbar@ask.com\chrome\skin\search_es.png
c:\users\Iceman\AppData\Roaming\Mozilla\Firefox\Profiles\2rhoq709.default\extensions\toolbar@ask.com\chrome\skin\search_fr.png
c:\users\Iceman\AppData\Roaming\Mozilla\Firefox\Profiles\2rhoq709.default\extensions\toolbar@ask.com\chrome\skin\search_grey_73x24.png
c:\users\Iceman\AppData\Roaming\Mozilla\Firefox\Profiles\2rhoq709.default\extensions\toolbar@ask.com\chrome\skin\search_it.png
c:\users\Iceman\AppData\Roaming\Mozilla\Firefox\Profiles\2rhoq709.default\extensions\toolbar@ask.com\chrome\skin\search_nl.png
c:\users\Iceman\AppData\Roaming\Mozilla\Firefox\Profiles\2rhoq709.default\extensions\toolbar@ask.com\chrome\skin\search_pl.png
c:\users\Iceman\AppData\Roaming\Mozilla\Firefox\Profiles\2rhoq709.default\extensions\toolbar@ask.com\chrome\skin\search_pt.png
c:\users\Iceman\AppData\Roaming\Mozilla\Firefox\Profiles\2rhoq709.default\extensions\toolbar@ask.com\chrome\skin\search_ru.png
c:\users\Iceman\AppData\Roaming\Mozilla\Firefox\Profiles\2rhoq709.default\extensions\toolbar@ask.com\chrome\skin\shopping.png
c:\users\Iceman\AppData\Roaming\Mozilla\Firefox\Profiles\2rhoq709.default\extensions\toolbar@ask.com\chrome\skin\sports.png
c:\users\Iceman\AppData\Roaming\Mozilla\Firefox\Profiles\2rhoq709.default\extensions\toolbar@ask.com\chrome\skin\stocks.png
c:\users\Iceman\AppData\Roaming\Mozilla\Firefox\Profiles\2rhoq709.default\extensions\toolbar@ask.com\chrome\skin\terra.png
c:\users\Iceman\AppData\Roaming\Mozilla\Firefox\Profiles\2rhoq709.default\extensions\toolbar@ask.com\chrome\skin\titlebar_bg.png
c:\users\Iceman\AppData\Roaming\Mozilla\Firefox\Profiles\2rhoq709.default\extensions\toolbar@ask.com\chrome\skin\toolbar.css
c:\users\Iceman\AppData\Roaming\Mozilla\Firefox\Profiles\2rhoq709.default\extensions\toolbar@ask.com\chrome\skin\toolbar.xul
c:\users\Iceman\AppData\Roaming\Mozilla\Firefox\Profiles\2rhoq709.default\extensions\toolbar@ask.com\chrome\skin\tv.png
c:\users\Iceman\AppData\Roaming\Mozilla\Firefox\Profiles\2rhoq709.default\extensions\toolbar@ask.com\chrome\skin\tv_movie_de.png
c:\users\Iceman\AppData\Roaming\Mozilla\Firefox\Profiles\2rhoq709.default\extensions\toolbar@ask.com\chrome\skin\uol.png
c:\users\Iceman\AppData\Roaming\Mozilla\Firefox\Profiles\2rhoq709.default\extensions\toolbar@ask.com\chrome\skin\voici_16x.png
c:\users\Iceman\AppData\Roaming\Mozilla\Firefox\Profiles\2rhoq709.default\extensions\toolbar@ask.com\chrome\skin\weather.png
c:\users\Iceman\AppData\Roaming\Mozilla\Firefox\Profiles\2rhoq709.default\extensions\toolbar@ask.com\chrome\skin\weather_16x.png
c:\users\Iceman\AppData\Roaming\Mozilla\Firefox\Profiles\2rhoq709.default\extensions\toolbar@ask.com\chrome\skin\web.png
c:\users\Iceman\AppData\Roaming\Mozilla\Firefox\Profiles\2rhoq709.default\extensions\toolbar@ask.com\chrome\skin\web_de.png
c:\users\Iceman\AppData\Roaming\Mozilla\Firefox\Profiles\2rhoq709.default\extensions\toolbar@ask.com\chrome\skin\wordoftheday_16x.png
c:\users\Iceman\AppData\Roaming\Mozilla\Firefox\Profiles\2rhoq709.default\extensions\toolbar@ask.com\chrome\skin\youtube_16x.png
c:\users\Iceman\AppData\Roaming\Mozilla\Firefox\Profiles\2rhoq709.default\extensions\toolbar@ask.com\chrome\skin\zoomall.png
c:\users\Iceman\AppData\Roaming\Mozilla\Firefox\Profiles\2rhoq709.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Wed-22-Dec-2010-23-29-39-GMT\ff-config.zip
c:\users\Iceman\AppData\Roaming\Mozilla\Firefox\Profiles\2rhoq709.default\extensions\toolbar@ask.com\install.rdf
c:\users\Iceman\AppData\Roaming\Mozilla\Firefox\Profiles\2rhoq709.default\extensions\toolbar@ask.com\logs\asktb-log-1294455090869.html
c:\users\Iceman\AppData\Roaming\Mozilla\Firefox\Profiles\2rhoq709.default\extensions\toolbar@ask.com\logs\asktb-log-1294457625154.html
c:\users\Iceman\AppData\Roaming\Mozilla\Firefox\Profiles\2rhoq709.default\extensions\toolbar@ask.com\logs\asktb-log-1294460207843.html
c:\users\Iceman\AppData\Roaming\Mozilla\Firefox\Profiles\2rhoq709.default\extensions\toolbar@ask.com\logs\asktb-log-1294463966420.html
c:\users\Iceman\AppData\Roaming\Mozilla\Firefox\Profiles\2rhoq709.default\extensions\toolbar@ask.com\logs\asktb-log-1294465602962.html
c:\users\Iceman\AppData\Roaming\Mozilla\Firefox\Profiles\2rhoq709.default\extensions\toolbar@ask.com\logs\asktb-log-1294564795008.html
c:\users\Iceman\AppData\Roaming\Mozilla\Firefox\Profiles\2rhoq709.default\extensions\toolbar@ask.com\logs\asktb-log-1294565098922.html
c:\users\Iceman\AppData\Roaming\Mozilla\Firefox\Profiles\2rhoq709.default\extensions\toolbar@ask.com\logs\asktb-log-1294678396227.html
c:\users\Iceman\AppData\Roaming\Mozilla\Firefox\Profiles\2rhoq709.default\extensions\toolbar@ask.com\logs\asktb-log-1294686849640.html
c:\users\Iceman\AppData\Roaming\Mozilla\Firefox\Profiles\2rhoq709.default\extensions\toolbar@ask.com\logs\asktb-log-1294743818068.html
c:\users\Iceman\AppData\Roaming\Mozilla\Firefox\Profiles\2rhoq709.default\extensions\toolbar@ask.com\logs\asktb-log-1294836402862.html
c:\users\Iceman\AppData\Roaming\Mozilla\Firefox\Profiles\2rhoq709.default\extensions\toolbar@ask.com\logs\asktb-log-1294836612269.html
c:\users\Iceman\AppData\Roaming\Mozilla\Firefox\Profiles\2rhoq709.default\extensions\toolbar@ask.com\logs\asktb-log-1294836694036.html
c:\users\Iceman\AppData\Roaming\Mozilla\Firefox\Profiles\2rhoq709.default\extensions\toolbar@ask.com\logs\asktb-log-1294841889036.html
c:\users\Iceman\AppData\Roaming\Mozilla\Firefox\Profiles\2rhoq709.default\extensions\toolbar@ask.com\logs\asktb-log-1294842448115.html
c:\users\Iceman\AppData\Roaming\Mozilla\Firefox\Profiles\2rhoq709.default\extensions\toolbar@ask.com\logs\asktb-log-1294850839137.html
c:\users\Iceman\AppData\Roaming\Mozilla\Firefox\Profiles\2rhoq709.default\extensions\toolbar@ask.com\logs\asktb-log-1294853191014.html
c:\users\Iceman\AppData\Roaming\Mozilla\Firefox\Profiles\2rhoq709.default\extensions\toolbar@ask.com\logs\asktb-log-1294853420473.html
c:\users\Iceman\AppData\Roaming\Mozilla\Firefox\Profiles\2rhoq709.default\extensions\toolbar@ask.com\logs\asktb-log-1294855046782.html
c:\users\Iceman\AppData\Roaming\Mozilla\Firefox\Profiles\2rhoq709.default\extensions\toolbar@ask.com\logs\asktb-log-1294859781008.html
c:\users\Iceman\AppData\Roaming\Mozilla\Firefox\Profiles\2rhoq709.default\extensions\toolbar@ask.com\logs\asktb-log-1294863066418.html
c:\users\Iceman\AppData\Roaming\Mozilla\Firefox\Profiles\2rhoq709.default\extensions\toolbar@ask.com\searchplugins\askcom.xml
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_srenum


((((((((((((((((((((((((( Soubory vytvořené od 2010-12-13 do 2011-01-13 )))))))))))))))))))))))))))))))
.

2011-01-13 19:42 . 2011-01-13 19:42 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-01-12 18:13 . 2011-01-12 18:53 -------- d-----w- c:\programdata\Kaspersky Lab
2011-01-12 17:22 . 2011-01-12 17:22 -------- d-----w- c:\program files\CCleaner
2011-01-09 09:23 . 2011-01-09 09:23 -------- d-----w- c:\program files\ESET
2011-01-04 14:52 . 2011-01-04 14:52 -------- d-----w- c:\users\Iceman\AppData\Roaming\EleFun Games
2011-01-04 14:52 . 2011-01-04 14:52 -------- d-----w- c:\program files\Moje cukrárna
2010-12-27 19:18 . 2010-12-27 19:18 -------- d-----w- c:\program files\Machinarium
2010-12-27 10:02 . 2010-12-27 10:03 -------- d-----w- c:\users\Iceman\AppData\Roaming\PC Suite
2010-12-27 10:02 . 2010-12-27 10:03 -------- d-----w- c:\users\Iceman\AppData\Roaming\Nokia
2010-12-27 10:02 . 2010-12-27 10:03 -------- d-----w- c:\programdata\PC Suite
2010-12-27 10:01 . 2010-12-27 10:01 -------- d-----w- c:\program files\Common Files\PCSuite
2010-12-27 10:01 . 2010-12-27 10:01 -------- d-----w- c:\program files\Common Files\Nokia
2010-12-27 10:01 . 2010-12-27 10:02 -------- d-----w- c:\program files\DIFX
2010-12-27 10:01 . 2008-08-26 08:26 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2010-12-27 10:01 . 2010-12-27 10:01 -------- d-----w- c:\program files\PC Connectivity Solution
2010-12-27 10:01 . 2010-12-27 10:01 -------- d-----w- c:\program files\Nokia
2010-12-27 10:01 . 2009-10-06 10:52 91136 ----a-w- c:\windows\system32\nmwcdcls.dll
2010-12-27 10:00 . 2010-12-27 10:00 -------- d-----w- c:\programdata\Installations
2010-12-25 11:07 . 2010-12-25 11:07 -------- d-----w- c:\program files\NirSoft
2010-12-25 10:59 . 2010-12-25 10:59 -------- d-----w- c:\windows\PCHEALTH
2010-12-25 10:59 . 2010-12-25 10:59 -------- d-----w- c:\program files\Microsoft.NET
2010-12-25 10:57 . 2010-12-25 10:57 -------- d-----w- c:\program files\Microsoft Analysis Services
2010-12-25 10:57 . 2010-12-25 10:57 -------- d-----w- c:\users\Iceman\AppData\Local\Microsoft Help
2010-12-25 10:57 . 2010-12-25 11:09 -------- d-----w- c:\programdata\Microsoft Help
2010-12-25 10:56 . 2010-12-25 10:56 -------- d-----r- C:\MSOCache
2010-12-22 23:27 . 2011-01-11 13:31 -------- d-----w- c:\program files\Mega Zipper
2010-12-22 23:25 . 2010-12-22 23:25 -------- d-----w- c:\users\Iceman\AppData\Local\Mozilla

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-30 15:18 . 2010-01-25 14:52 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2010-01-02 13:30 164352 --sh--w- c:\windows\System32\SC.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SharingPrivate]
@="{08244EE6-92F0-47f2-9FC9-929BAA2E7235}"
[HKEY_CLASSES_ROOT\CLSID\{08244EE6-92F0-47f2-9FC9-929BAA2E7235}]
2009-05-08 06:51 442368 ----a-w- c:\windows\System32\ntshrui.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-11-24 98304]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-02-06 2021400]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EFS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Power]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcEptMapper]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"

R2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [x]
R3 AcpiPmi;[3bzGy][AÇ?I ????? ?ě?é? Ď?i??ŕ !!! !!];c:\windows\system32\DRIVERS\acpipmi.sys [2009-05-08 04:45 9728]
R3 adp94xx;adp94xx;c:\windows\system32\DRIVERS\adp94xx.sys [2009-05-08 422976]
R3 adpahci;adpahci;c:\windows\system32\DRIVERS\adpahci.sys [2009-05-08 297536]
R3 amdsata;amdsata;c:\windows\system32\DRIVERS\amdsata.sys [2009-05-08 51776]
R3 amdsbs;amdsbs;c:\windows\system32\DRIVERS\amdsbs.sys [2009-05-08 159296]
R3 AppID;Ovladač AppID;c:\windows\system32\drivers\appid.sys [2009-05-08 50176]
R3 AppIDSvc;Identita aplikace;c:\windows\system32\svchost.exe [2009-05-08 20480]
R3 arcsas;arcsas;c:\windows\system32\DRIVERS\arcsas.sys [2009-05-08 86592]
R3 b06bdrv;[blYuq][ßřóa???? Neť??ŕem? II V?Ď !!! !!!];c:\windows\system32\DRIVERS\bxvbdx.sys [2009-05-08 03:20 430080]
R3 b57nd60x;[Vf8Kn][?řô??cőm ??ť?ţ?eme G?ga?í? Ęthe?ňe? - ??IŠ 6.0 !!! !!! !!! !];c:\windows\system32\DRIVERS\b57nd60x.sys [2009-05-08 03:20 229888]
R3 BDESVC;Služba BitLocker Drive Encryption;c:\windows\System32\svchost.exe [2009-05-08 20480]
R3 BrFiltLo;[kM8cl][?ř???er ÜŠ? ??sš-Š??ŕag? L???? ?il?eř Ď???eŕ !!! !!! !!! ];c:\windows\system32\DRIVERS\BrFiltLo.sys [2009-05-08 04:15 13568]
R3 BrFiltUp;[HFXJl][??öţh?r ŰŠß ?a?ś-S?oř?g? U??er ?ilter Đ?i?é? !!! !!! !!! ];c:\windows\system32\DRIVERS\BrFiltUp.sys [2009-05-08 04:15 5248]
R3 Brserid;[MQa8Q][ßŕ?ţ?e? ??Ç Še?iąĺ ?oř? ?ńt??face Ď?i?e? (???) !!! !!! !!! !];c:\windows\System32\Drivers\Brserid.sys [2009-05-08 06:38 272128]
R3 BrSerWdm;[2VUVU][?ro??e? ?Ď? Şeŕiâl ?ři??ř !!! !!!];c:\windows\System32\Drivers\BrSerWdm.sys [2009-05-08 04:15 62336]
R3 BrUsbMdm;[3LACA][??ô???ř ??Ć UŠ? ?ä? ??ĺ? ?o?ěm !!! !!! ];c:\windows\System32\Drivers\BrUsbMdm.sys [2009-05-08 04:15 12160]
R3 CertPropSvc;Šíření certifikátů;c:\windows\system32\svchost.exe [2009-05-08 20480]
R3 circlass;[xsP9H][Co?§?m?? I? Đe??cë? !!! !];c:\windows\system32\DRIVERS\circlass.sys [2009-05-08 05:27 37888]
R3 defragsvc;Defragmentace disku;c:\windows\system32\svchost.exe [2009-05-08 20480]
R3 ebdrv;[kOuJc][ßŕ?â?č?? ?e????eme ?? 10 Gig? V?Ď !!! !!! !];c:\windows\system32\DRIVERS\evbdx.sys [2009-05-08 03:20 3100160]
R3 elxstor;elxstor;c:\windows\system32\DRIVERS\elxstor.sys [2009-05-08 453712]
R3 Filetrace;Filetrace;c:\windows\system32\drivers\filetrace.sys [2009-05-08 28160]
R3 FontCache;Mezipaměť písem Windows;c:\windows\system32\svchost.exe [2009-05-08 20480]
R3 FsDepends;File System Dependency Minifilter;c:\windows\system32\drivers\FsDepends.sys [2009-05-08 46144]
R3 hcw85cir;Hauppauge Consumer Infrared Receiver;c:\windows\system32\drivers\hcw85cir.sys [2009-05-08 26624]
R3 HomeGroupListener;Naslouchací proces domácí skupiny;c:\windows\System32\svchost.exe [2009-05-08 20480]
R3 HpSAMD;HpSAMD;c:\windows\system32\DRIVERS\HpSAMD.sys [2009-05-08 67152]
R3 iaStorV;iaStorV;c:\windows\system32\DRIVERS\iaStorV.sys [2009-05-08 332352]
R3 IPBusEnum;Rozpoznávací modul sběrnice PnP-X IP;c:\windows\system32\svchost.exe [2009-05-08 20480]
R3 IPMIDRV;IPMIDRV;c:\windows\system32\DRIVERS\IPMIDrv.sys [2009-05-08 65536]
R3 iScsiPrt;[HsjVG][iŞčş???řt ?ŕ??e? !!! ];c:\windows\system32\DRIVERS\msiscsi.sys [2009-05-08 06:53 186944]
R3 KeyIso;Izolace klíče CNG;c:\windows\system32\lsass.exe [2009-05-08 22528]
R3 KtmRm;Služba KTMRM pro koordinátor DTC;c:\windows\System32\svchost.exe [2009-05-08 20480]
R3 lltdsvc;Mapovač zjišťování topologie linkové vrstvy;c:\windows\System32\svchost.exe [2009-05-08 20480]
R3 LSI_FC;LSI_FC;c:\windows\system32\DRIVERS\lsi_fc.sys [2009-05-08 95808]
R3 LSI_SAS;LSI_SAS;c:\windows\system32\DRIVERS\lsi_sas.sys [2009-05-08 89152]
R3 LSI_SAS2;LSI_SAS2;c:\windows\system32\DRIVERS\lsi_sas2.sys [2009-05-08 54848]
R3 LSI_SCSI;LSI_SCSI;c:\windows\system32\DRIVERS\lsi_scsi.sys [2009-05-08 96832]
R3 megasas;megasas;c:\windows\system32\DRIVERS\megasas.sys [2009-05-08 30784]
R3 mpio;mpio;c:\windows\system32\DRIVERS\mpio.sys [2009-05-08 130640]
R3 msahci;msahci;c:\windows\system32\DRIVERS\msahci.sys [2009-05-08 27728]
R3 msdsm;msdsm;c:\windows\system32\DRIVERS\msdsm.sys [2009-05-08 115792]
R3 mshidkmdf;Pass-through HID to KMDF Filter Driver;c:\windows\System32\drivers\mshidkmdf.sys [2009-05-08 4096]
R3 MSiSCSI;Služba iniciátoru iSCSI společnosti Microsoft;c:\windows\system32\svchost.exe [2009-05-08 20480]
R3 MsRPC;MsRPC; [x]
R3 MTConfig;[nag6I][??????őfţ In?µ? Ćo?fíg??ąťî?n Đ?i??ř !!! !!! !!];c:\windows\system32\DRIVERS\MTConfig.sys [2009-05-08 05:22 12288]
R3 NativeWifiP;NativeWiFi Filter;c:\windows\system32\DRIVERS\nwifi.sys [2009-05-08 267264]
R3 NdisCap;NDIS Capture LightWeight Filter;c:\windows\system32\DRIVERS\ndiscap.sys [2009-05-08 27136]
R3 ndisrd;WinpkFilter Service;c:\windows\system32\DRIVERS\ndisrd.sys [x]
R3 nfrd960;nfrd960;c:\windows\system32\DRIVERS\nfrd960.sys [2009-05-08 44624]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
R3 PcaSvc;Program Compatibility Assistant Service;c:\windows\system32\svchost.exe [2009-05-08 20480]
R3 PeerDistSvc;BranchCache;c:\windows\System32\svchost.exe [2009-05-08 20480]
R3 pla;Výstrahy a protokolování výkonu;c:\windows\System32\svchost.exe [2009-05-08 20480]
R3 PNRPAutoReg;Služba publikování názvu počítače pomocí protokolu PNRP;c:\windows\System32\svchost.exe [2009-05-08 20480]
R3 ql2300;ql2300;c:\windows\system32\DRIVERS\ql2300.sys [2009-05-08 1383488]
R3 ql40xx;ql40xx;c:\windows\system32\DRIVERS\ql40xx.sys [2009-05-08 105552]
R3 s3cap;s3cap;c:\windows\system32\DRIVERS\vms3cap.sys [2009-05-08 5632]
R3 scfilter;Ovladač filtru čipových karet třídy PnP;c:\windows\system32\DRIVERS\scfilter.sys [2009-05-08 26624]
R3 SCPolicySvc;Zásady odebrání čipové karty;c:\windows\system32\svchost.exe [2009-05-08 20480]
R3 SDRSVC;Windows Zálohování;c:\windows\system32\svchost.exe [2009-05-08 20480]
R3 SensrSvc;Adaptivní jas;c:\windows\system32\svchost.exe [2009-05-08 20480]
R3 SessionEnv;Ř??oţę ?eš???? Ç?ňfigüraťiő?;c:\windows\System32\svchost.exe [2009-05-08 20480]
R3 sffp_mmc;[ACe40][Ś?? Štô?ąg? ??öťöçoł ??î??? fo? ??€ !!! !!! !];c:\windows\system32\DRIVERS\sffp_mmc.sys [2009-05-08 05:21 12288]
R3 SiSRaid4;SiSRaid4;c:\windows\system32\DRIVERS\sisraid4.sys [2009-05-08 77888]
R3 Smb;Protokol TCP/IP a TCP/IPv6 orientovaný na zprávy (relace SMB);c:\windows\system32\DRIVERS\smb.sys [2009-05-08 71168]
R3 sppuinotify;Služba Oznámení platformy SPP;c:\windows\system32\svchost.exe [2009-05-08 20480]
R3 stexstor;stexstor;c:\windows\system32\DRIVERS\stexstor.sys [2009-05-08 21056]
R3 storvsc;storvsc;c:\windows\system32\DRIVERS\storvsc.sys [2009-05-08 28240]
R3 TabletInputService;Služba Vstupní panel počítače Tablet PC;c:\windows\System32\svchost.exe [2009-05-08 20480]
R3 TBS;Služba TPM Base Services;c:\windows\System32\svchost.exe [2009-05-08 20480]
R3 THREADORDER;Server pro řazení podprocesů;c:\windows\system32\svchost.exe [2009-05-08 20480]
R3 TrustedInstaller;Instalační služba modulů systému Windows;c:\windows\servicing\TrustedInstaller.exe [2009-05-08 204800]
R3 tssecsrv;Remote Desktop Services Security Filter Driver;c:\windows\system32\DRIVERS\tssecsrv.sys [2009-05-08 30208]
R3 UI0Detect;Zjišťování interaktivních služeb;c:\windows\system32\UI0Detect.exe [2009-05-08 35840]
R3 uliagpkx;[Frmmr][Uli ?G? ?uš ?il?e? !!! ];c:\windows\system32\DRIVERS\uliagpkx.sys [2009-05-08 06:53 57424]
R3 UmRdpService;Přesměrovač portů uživatelského režimu služby Vzdálená plocha;c:\windows\System32\svchost.exe [2009-05-08 20480]
R3 usbcir;[ub8X8][?Ho?? Infŕâ?eď ??ceî?eŕ (UŚßČÍ?) !!! !!! !];c:\windows\system32\DRIVERS\usbcir.sys [2009-05-08 05:27 85504]
R3 VaultSvc;Správce pověření;c:\windows\system32\lsass.exe [2009-05-08 22528]
R3 vhdmp;vhdmp;c:\windows\system32\DRIVERS\vhdmp.sys [2009-05-08 159312]
R3 ViaC7;[XuSv7][VIA C7 ?řôce?§?? Ďři??? !!! !!];c:\windows\system32\DRIVERS\viac7.sys [2009-05-08 04:39 52736]
R3 vmbus;Sběrnice virtuálního počítače;c:\windows\system32\DRIVERS\vmbus.sys [2009-05-08 175808]
R3 VMBusHID;VMBusHID;c:\windows\system32\DRIVERS\VMBusHID.sys [2009-05-08 17792]
R3 vsmraid;vsmraid;c:\windows\system32\DRIVERS\vsmraid.sys [2009-05-08 141904]
R3 vwifibus;Ovladač sběrnice Virtual WiFi;c:\windows\System32\drivers\vwifibus.sys [2009-05-08 19968]
R3 WacomPen;[61nau][???om Ş?řiáľ ??? H?Ď Đr??er !!! !!!];c:\windows\system32\DRIVERS\wacompen.sys [2009-05-08 05:22 21632]
R3 wbengine;Služba jádra pro zálohování dat na úrovni bloků;c:\windows\system32\wbengine.exe [2009-05-08 1203200]
R3 WbioSrvc;Biometrická služba systému Windows;c:\windows\system32\svchost.exe [2009-05-08 20480]
R3 wcncsvc;Technologie Windows Connect Now – Registrátor konfigurací;c:\windows\System32\svchost.exe [2009-05-08 20480]
R3 WcsPlugInService;Windows Color System;c:\windows\system32\svchost.exe [2009-05-08 20480]
R3 Wd;Wd;c:\windows\system32\DRIVERS\wd.sys [2009-05-08 19008]
R3 Wecsvc;Sběr událostí systému Windows;c:\windows\system32\svchost.exe [2009-05-08 20480]
R3 wercplsupport;Podpora ovládacího panelu Oznámení a řešení problémů;c:\windows\System32\svchost.exe [2009-05-08 20480]
R3 WerSvc;Služba Zasílání zpráv o chybách systému Windows;c:\windows\System32\svchost.exe [2009-05-08 20480]
R3 WIMMount;WIMMount;c:\windows\system32\drivers\wimmount.sys [2009-05-08 19008]
R3 WinRM;Vzdálená správa systému Windows (WS-Management);c:\windows\System32\svchost.exe [2009-05-08 20480]
R3 Wlansvc;Automatická konfigurace sítě WLAN;c:\windows\system32\svchost.exe [2009-05-08 20480]
R3 WPCSvc;Rodičovská kontrola;c:\windows\system32\svchost.exe [2009-05-08 20480]
R3 WwanSvc;Automatická konfigurace sítě WWAN;c:\windows\system32\svchost.exe [2009-05-08 20480]
R4 Mcx2Svc;Služba zařízení Media Center Extender;c:\windows\system32\svchost.exe [2009-05-08 20480]
S0 amdxata;amdxata;c:\windows\system32\DRIVERS\amdxata.sys [2009-05-08 23632]
S0 CLFS;Systém souborů CLFS;c:\windows\System32\CLFS.sys [2009-05-08 249408]
S0 CNG;CNG;c:\windows\System32\Drivers\cng.sys [2009-05-08 369568]
S0 FileInfo;File Information FS MiniFilter;c:\windows\system32\drivers\fileinfo.sys [2009-05-08 58432]
S0 fvevol;Ovladač filtru nástroje Bitlocker Drive Encryption;c:\windows\System32\DRIVERS\fvevol.sys [2009-05-08 194488]
S0 hwpolicy;Hardware Policy Driver;c:\windows\System32\drivers\hwpolicy.sys [2009-05-08 13888]
S0 KSecPkg;KSecPkg;c:\windows\System32\Drivers\ksecpkg.sys [2009-05-08 133696]
S0 msisadrv;msisadrv;c:\windows\system32\DRIVERS\msisadrv.sys [2009-05-08 13888]
S0 nvstor;nvstor;c:\windows\system32\DRIVERS\nvstor.sys [2009-05-08 142400]
S0 pcw;Performance Counters for Windows Driver;c:\windows\System32\drivers\pcw.sys [2009-05-08 42560]
S0 rdyboost;ReadyBoost;c:\windows\System32\drivers\rdyboost.sys [2009-05-08 173632]
S0 spldr;Security Processor Loader Driver; [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-01-01 691696]
S0 storflt;Diskový ovladač filtru akcelerace sběrnice virtuálního počítače;c:\windows\system32\DRIVERS\vmstorfl.sys [2009-05-08 40768]
S0 vdrvroot;Ovladač rozpoznávacího modulu virtuální jednotky společnosti Microsoft;c:\windows\system32\DRIVERS\vdrvroot.sys [2009-05-08 32832]
S0 volmgr;Ovladač správce svazků;c:\windows\system32\DRIVERS\volmgr.sys [2009-05-08 52304]
S0 volmgrx;Správce dynamických svazků;c:\windows\System32\drivers\volmgrx.sys [2009-05-08 297024]
S1 blbdrive;blbdrive;c:\windows\system32\DRIVERS\blbdrive.sys [2009-05-08 35328]
S1 CSC;Ovladač souborů pro režim offline;c:\windows\system32\drivers\csc.sys [2009-05-08 387584]
S1 DfsC;DFS Namespace Client Driver;c:\windows\system32\Drivers\dfsc.sys [2009-05-08 77824]
S1 discache;System Attribute Cache;c:\windows\system32\drivers\discache.sys [2009-05-08 32768]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2009-02-06 106208]
S1 nsiproxy;NSI proxy service driver.;c:\windows\system32\drivers\nsiproxy.sys [2009-05-08 16896]
S1 RDPENCDD;RDP Encoder Mirror Driver;c:\windows\system32\drivers\rdpencdd.sys [2009-05-08 6656]
S1 RDPREFMP;Reflector Display Driver used to gain access to graphics data;c:\windows\system32\drivers\rdprefmp.sys [2009-05-08 7168]
S1 tdx;Ovladač pro podporu zastaralého rozhraní TDI NetIO;c:\windows\system32\DRIVERS\tdx.sys [2009-05-08 74240]
S1 Wanarpv6;Ovladač pro vzdálený přístup IPv6 ARP;c:\windows\system32\DRIVERS\wanarp.sys [2009-05-08 63488]
S1 WfpLwf;WFP Lightweight Filter;c:\windows\system32\DRIVERS\wfplwf.sys [2009-05-08 9728]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-08-18 176128]
S2 AudioEndpointBuilder;Koncové vytváření služby Windows Audio;c:\windows\System32\svchost.exe [2009-05-08 20480]
S2 BFE;Služba BFE (Base Filtering Engine);c:\windows\system32\svchost.exe [2009-05-08 20480]
S2 CscService;Soubory offline;c:\windows\System32\svchost.exe [2009-05-08 20480]
S2 DPS;Služba DPS (Diagnostic Policy Service);c:\windows\System32\svchost.exe [2009-05-08 20480]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2009-02-06 727720]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2009-02-06 92800]
S2 FDResPub;Publikování prostředků rozpoznávání funkcí;c:\windows\system32\svchost.exe [2009-05-08 20480]
S2 gpsvc;Klient zásad skupiny;c:\windows\system32\svchost.exe [2009-05-08 20480]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-04 135664]
S2 IKEEXT;Služba IKE and AuthIP IPsec Keying Modules;c:\windows\system32\svchost.exe [2009-05-08 20480]
S2 iphlpsvc;Pomocná služba protokolu IP;c:\windows\System32\svchost.exe [2009-05-08 20480]
S2 lltdio;Link-Layer Topology Discovery Mapper I/O Driver;c:\windows\system32\DRIVERS\lltdio.sys [2009-05-08 47616]
S2 luafv;Virtualizace souborů nástroje Řízení uživatelských účtů;c:\windows\system32\drivers\luafv.sys [2009-05-08 86528]
S2 MMCSS;Služba Plánovač multimédií;c:\windows\system32\svchost.exe [2009-05-08 20480]
S2 MpsSvc;Brána Windows Firewall;c:\windows\system32\svchost.exe [2009-05-08 20480]
S2 NlaSvc;Sledování umístění v síti (NLA);c:\windows\System32\svchost.exe [2009-05-08 20480]
S2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2009-11-16 50704]
S2 nsi;Služba rozhraní síťového úložiště;c:\windows\system32\svchost.exe [2009-05-08 20480]
S2 PEAUTH;PEAUTH;c:\windows\system32\drivers\peauth.sys [2009-05-08 586752]
S2 Power;Napájení;c:\windows\system32\svchost.exe [2009-05-08 20480]
S2 ProfSvc;Služba Profil uživatele;c:\windows\system32\svchost.exe [2009-05-08 20480]
S2 RpcEptMapper;Mapovač koncových bodů protokolu RPC;c:\windows\system32\svchost.exe [2009-05-08 20480]
S2 sppsvc;Ochrana před softwarem;c:\windows\system32\sppsvc.exe [2009-05-08 3179520]
S2 SysMain;Superfetch;c:\windows\system32\svchost.exe [2009-05-08 20480]
S2 tcpipreg;TCP/IP Registry Compatibility;c:\windows\system32\drivers\tcpipreg.sys [2009-05-08 34816]
S2 UxSms;Správce relací správce oken plochy;c:\windows\System32\svchost.exe [2009-05-08 20480]
S2 WinDefend;Windows Defender;c:\windows\System32\svchost.exe [2009-05-08 20480]
S3 1394ohci;Hostitelský řadič pro rozhraní OHCI standardu 1394;c:\windows\system32\DRIVERS\1394ohci.sys [2009-05-08 162816]
S3 Appinfo;Informace o aplikaci;c:\windows\system32\svchost.exe [2009-05-08 20480]
S3 bowser;Ovladač podpory prohlížeče;c:\windows\system32\DRIVERS\bowser.sys [2009-05-08 69632]
S3 CompositeBus;Ovladač rozpoznávacího modulu složené sběrnice;c:\windows\system32\DRIVERS\CompositeBus.sys [2009-05-08 31232]
S3 DXGKrnl;LDDM Graphics Subsystem;c:\windows\System32\drivers\dxgkrnl.sys [2009-05-08 720384]
S3 fdPHost;Hostitel poskytovatele rozpoznávání funkce;c:\windows\system32\svchost.exe [2009-05-08 20480]
S3 HomeGroupProvider;Zprostředkovatel domácích skupin;c:\windows\System32\svchost.exe [2009-05-08 20480]
S3 monitor;Služba ovladače funkce třídy monitorů Microsoft;c:\windows\system32\DRIVERS\monitor.sys [2009-05-08 23552]
S3 mpsdrv;Ovladač ověření brány Windows Firewall;c:\windows\system32\drivers\mpsdrv.sys [2009-05-08 59904]
S3 mrxsmb10;Mini-přesměrovač SMB 1.x;c:\windows\system32\DRIVERS\mrxsmb10.sys [2009-05-08 220672]
S3 mrxsmb20;Mini-přesměrovač SMB 2.0;c:\windows\system32\DRIVERS\mrxsmb20.sys [2009-05-08 95232]
S3 netprofm;Služba seznamu sítí;c:\windows\System32\svchost.exe [2009-05-08 20480]
S3 RasAgileVpn;WAN Miniport (IKEv2);c:\windows\system32\DRIVERS\AgileVpn.sys [2009-05-08 49152]
S3 rdpbus;Remote Desktop Device Redirector Bus Driver;c:\windows\system32\DRIVERS\rdpbus.sys [2009-05-08 18432]
S3 srv2;Ovladač pro server SMB 2.xxx;c:\windows\system32\DRIVERS\srv2.sys [2009-05-08 305664]
S3 srvnet;srvnet;c:\windows\system32\DRIVERS\srvnet.sys [2009-05-08 113664]
S3 tunnel;Microsoft Tunnel Miniport Adapter Driver;c:\windows\system32\DRIVERS\tunnel.sys [2009-05-08 108032]
S3 umbus;Ovladač sběrnice UMBus Enumerator;c:\windows\system32\DRIVERS\umbus.sys [2009-05-08 39936]
S3 WdiServiceHost;Hostitel diagnostické služby;c:\windows\System32\svchost.exe [2009-05-08 20480]
S3 WdiSystemHost;Hostitel diagnostického systému;c:\windows\System32\svchost.exe [2009-05-08 20480]
S3 WPDBusEnum;Služba Výčet přenosných zařízení;c:\windows\system32\svchost.exe [2009-05-08 20480]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
RPCSS REG_MULTI_SZ RpcEptMapper RpcSs
defragsvc REG_MULTI_SZ defragsvc
WerSvcGroup REG_MULTI_SZ wersvc
LocalServiceNoNetwork REG_MULTI_SZ DPS PLA BFE mpssvc WwanSvc
swprv REG_MULTI_SZ swprv
LocalServicePeerNet REG_MULTI_SZ PNRPSvc p2pimsvc p2psvc PnrpAutoReg
NetworkServiceAndNoImpersonation REG_MULTI_SZ KtmRm
regsvc REG_MULTI_SZ RemoteRegistry
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc Mcx2Svc SensrSvc
DcomLaunch REG_MULTI_SZ Power PlugPlay DcomLaunch
NetworkServiceNetworkRestricted REG_MULTI_SZ PolicyAgent
sdrsvc REG_MULTI_SZ sdrsvc
WbioSvcGroup REG_MULTI_SZ WbioSrvc
wcssvc REG_MULTI_SZ WcsPlugInService
secsvcs REG_MULTI_SZ WinDefend
AxInstSVGroup REG_MULTI_SZ AxInstSV
PeerDist REG_MULTI_SZ PeerDistSvc

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
AeLookupSvc
AppInfo
AppMgmt
AudioSrv
BDESVC
BITS
browser
CertPropSvc
EapHost
FastUserSwitchingCompatibility
gpsvc
helpsvc
hkmsvc
IKEEXT
iphlpsvc
lanmanserver
LogonHours
MMCSS
msiscsi
Nla
NWCWorkstation
PCAudit
ProfSvc
SCPolicySvc
seclogon
SessionEnv
ShellHWDetection
schedule
SRService
TermService
Themes
uploadmgr
wercplsupport
winmgmt
WmdmPmSp
Wmi
wuauserv

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalSystemNetworkRestricted
homegrouplistener


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
WdiServiceHost
sppuinotify

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetworkService
lanmanworkstation

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalServiceNetworkRestricted
BthHFSrv
homegroupprovider

.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~4\Office14\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~1\MICROS~4\Office14\ONBttnIE.dll/105
IE: WikiKomentáře Google... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
FF - ProfilePath - c:\users\Iceman\AppData\Roaming\Mozilla\Firefox\Profiles\2rhoq709.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Facebook Chat History Manager: fbchathistory@firechm.com - %profile%\extensions\fbchathistory@firechm.com
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-13 20:44
Windows 6.1.7127 NTFS

detected NTDLL code modification:
ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-13 20:44
Windows 6.1.7127 NTFS

detected NTDLL code modification:
ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-13 20:44
Windows 6.1.7127 NTFS

detected NTDLL code modification:
ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-13 20:44
Windows 6.1.7127 NTFS

detected NTDLL code modification:
ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-13 20:44
Windows 6.1.7127 NTFS

detected NTDLL code modification:
ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-13 20:44
Windows 6.1.7127 NTFS

detected NTDLL code modification:
ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-13 20:44
Windows 6.1.7127 NTFS

detected NTDLL code modification:
ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-13 20:44
Windows 6.1.7127 NTFS

detected NTDLL code modification:
ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-13 20:44
Windows 6.1.7127 NTFS

detected NTDLL code modification:
ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-13 20:44
Windows 6.1.7127 NTFS

detected NTDLL code modification:
ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-13 20:44
Windows 6.1.7127 NTFS

detected NTDLL code modification:
ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error
skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory:

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.1.7127 Disk: WDC_WD74 rev.21.0 -> Harddisk1\DR1 ->

device: opened successfully
user: MBR read successfully

Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll >>UNKNOWN [0x86427EC5]<<
_asm { PUSH EBP; MOV EBP, ESP; SUB ESP, 0x1c; PUSH EBX; PUSH ESI; MOV DWORD [EBP-0x4], 0x8523f872; SUB DWORD [EBP-0x4], 0x8523f12e; PUSH EDI; CALL 0xffffffffffffdf33; }
1 ntkrnlpa!IofCallDriver[0x8303C3DB] -> \Device\Harddisk1\DR1[0x86767030]
3 CLASSPNP[0x896B7E0A] -> ntkrnlpa!IofCallDriver[0x8303C3DB] -> [0x863B60F8]
5 ACPI[0x83D3647C] -> ntkrnlpa!IofCallDriver[0x8303C3DB] -> \0000005e[0x8635DA80]
[0x868A4148] -> IRP_MJ_CREATE -> 0x86427EC5
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; MOV CX, 0x4; MOV BP, 0x7be; CMP BYTE [BP+0x0], 0x0; }
detected disk devices:
\Device\0000005e -> \??\SCSI#Disk&Ven_WDC_WD74&Prod_0ADFD-00NLR5#4&2cf43283&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
user & kernel MBR OK
Warning: possible TDL3 rootkit infection !

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'Explorer.exe'(2168)
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_cze.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\atieclxx.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\conhost.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Celkový čas: 2011-01-13 20:47:13 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-01-13 19:47
ComboFix2.txt 2011-01-10 19:27

Před spuštěním: Volných bajtů: 20 030 783 488
Po spuštění: Volných bajtů: 22 784 176 128

- - End Of File - - 6C27D7AD7491807037C0E16C105C4100
Zatím díky,pc naběhl úplně normálně,žádný komplikace,prosím co dál.

[vyosek]

Jeste tam toho spousty je a jake pekne mrchy

Stahnete TDSSKiller http://support.kaspersky.com/downloads/ ... killer.exe

• Utilitu spustte a prikazte ji, at skenuje - klik na Start Scan
• Pokud utilita najde infikekci, bude ji chtit lecit (Cure), povolte leceni kliknutim na Continue
• Pokud utilita najde podezrely soubor (suspicious), bude jej chtit preskocit (Skip), povolte preskoceni kliknutim na Continue
• Po dokonceni skenu bude mozna nutny restart PC, povolte jej kliknutim na Reboot now
• Po restartu na Vas vyskoci log, pokud se tak nestane, najdete jej primo na disku, kde mate Windows (obvykle c:\) ve tvaru TDSSKiller.nejaka cisilka _log.txt - jeho obsah sem vlozte
• Pokud restart nebude vyzadovan, kliknete na Close a nasledne na Report - vytvori se log - jeho obsah sem vlozte

[iceman1978]

tak to nic nenašlo,tady je log:

2011/01/14 20:58:00.0622 TDSS rootkit removing tool 2.4.13.0 Jan 12 2011 09:51:11
2011/01/14 20:58:00.0622 ================================================================================
2011/01/14 20:58:00.0622 SystemInfo:
2011/01/14 20:58:00.0622
2011/01/14 20:58:00.0622 OS Version: 6.1.7127 ServicePack: 0.0
2011/01/14 20:58:00.0622 Product type: Workstation
2011/01/14 20:58:00.0623 ComputerName: ICEMAN-PC
2011/01/14 20:58:00.0624 UserName: Iceman
2011/01/14 20:58:00.0624 Windows directory: C:\Windows
2011/01/14 20:58:00.0624 System windows directory: C:\Windows
2011/01/14 20:58:00.0624 Processor architecture: Intel x86
2011/01/14 20:58:00.0624 Number of processors: 2
2011/01/14 20:58:00.0624 Page size: 0x1000
2011/01/14 20:58:00.0624 Boot type: Normal boot
2011/01/14 20:58:00.0624 ================================================================================
2011/01/14 20:58:02.0793 Initialize success
2011/01/14 20:58:06.0430 ================================================================================
2011/01/14 20:58:06.0430 Scan started
2011/01/14 20:58:06.0430 Mode: Manual;
2011/01/14 20:58:06.0430 ================================================================================
2011/01/14 20:58:12.0835 ================================================================================
2011/01/14 20:58:12.0835 Scan finished
2011/01/14 20:58:12.0835 ================================================================================
2011/01/14 20:58:28.0511 ================================================================================
2011/01/14 20:58:28.0511 Scan started
2011/01/14 20:58:28.0511 Mode: Manual;
2011/01/14 20:58:28.0511 ================================================================================
2011/01/14 20:58:34.0520 ================================================================================
2011/01/14 20:58:34.0520 Scan finished
2011/01/14 20:58:34.0520 ================================================================================

nod32 stále hlásí Olmarika

[vyosek]

Divne ze TDSKiller nic nenasel, jelikoz mbr jej tam detekuje...Tady ani reinstal nepomuze, jelikoz havet je v mbr sektoru a pameti - ty se pri formatovani nesmazou...

No nic, budeme badat dale

Stahnete SPTD http://www.duplexsecure.com/en/downloads

• Vyberte z uvedene stranky verzi dle sveho operacniho systemu (32(x86)bit ci 64(x64)bit)
• Ulozte na plochu a spustte
• Zvolte moznost Uninstall a restartujte PC - pokud nepujde kliknout (tlacitko bude sede), krok preskocte

Stahnete Defogger http://www.jpshortstuff.247fixes.com/Defogger.exe

• Ulozte na plochu a spustte
• Kliknete na Disable a restartujte PC - pokud nepujde kliknout (tlacitko bude sede), krok preskocte

Stahnete MBR na plochu http://www2.gmer.net/mbr/mbr.exe ale nespoustejte

Kliknete na Start a pote Spustit, pripadne pouzijte klavesou zkratku Win+R

• Vyskoci na Vas okenko, do ktereho zkopirujte text nize

• Kód: Vybrat vše

  "%userprofile%\Desktop\mbr" -t

• Kliknete na OK
• Na plose se Vam vytvori log s nazvem mbr.txt, jeho obsah mi sem vlozte

Dejte logy z Gmeru - viz muj podpis

[iceman1978]

První program nic,žádný restart,druhý ano,pak restart a pak jsem vložil podle instrukcí to do toho mbr a tady je výsledek:


Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.1.7127 Disk: WDC_WD74 rev.21.0 -> Harddisk1\DR1 ->

device: opened successfully
user: MBR read successfully

Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll >>UNKNOWN [0x86179EC5]<<
1 ntkrnlpa!IofCallDriver[0x832483DB] -> \Device\Harddisk1\DR1[0x864E0AA0]
3 CLASSPNP[0x893DEE0A] -> ntkrnlpa!IofCallDriver[0x832483DB] -> [0x854B0700]
5 ACPI[0x83E2547C] -> ntkrnlpa!IofCallDriver[0x832483DB] -> \00000061[0x861E4920]
[0x865F20E0] -> IRP_MJ_CREATE -> 0x86179EC5
kernel: MBR read successfully
detected disk devices:
\Device\00000061 -> \??\SCSI#Disk&Ven_WDC_WD74&Prod_0ADFD-00NLR5#4&2cf43283&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
user & kernel MBR OK
Warning: possible TDL3 rootkit infection !

[iceman1978]

jestě jsem zapoměl výsledek z toho druhého programu:

defogger_disable by jpshortstuff (23.02.10.1)
Log created at 09:32 on 15/01/2011 (Iceman)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...
Unable to read sptd.sys
SPTD -> Already disabled (Service running -> reboot required)


-=E.O.F=-

[vyosek]

Fajn tak ted se vrhnete na gmer, pokud by se sekal tak jej udelejte v nouzovem rezimu (restart PC, mackat F8, zvolit Stav nouze s praci v siti)