VIRY.CZ

Logfile of random's system information tool 1.09 (written by random/random)
Run by Jana at 2012-04-02 17:01:26
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 92 GB (39%) free of 238 GB
Total RAM: 3327 MB (67% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:01:55, on 2.4.2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\Program Files\WinFast\WFDTV\DTVSchdl.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WinFast\WFDTV\WFWIZ.exe
C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
C:\Program Files\Olympus\ib\olycamdetect.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\ICQ7.5\ICQ.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\WINDOWS\ATKKBService.exe
C:\WINDOWS\system32\FsUsbExService.Exe
C:\Program Files\ICQ6Toolbar\ICQ Service.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Jana\Local Settings\Temporary Internet Files\Content.IE5\O5YHOL5W\RSIT[1].exe
C:\Program Files\trend micro\Jana.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search-styles.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedi ... t=&gc=1&q=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://toolbar.ask.com/toolbarv/askRedi ... &gc=1&q=%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer, optimized for Bing and MSN
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\prxtbfre0.dll
R3 - URLSearchHook: DefaultSearchHook Class - {C94E154B-1459-4A47-966B-4B843BEFC7DB} - C:\Program Files\AskSearch\bin\DefaultSearch.dll
R3 - URLSearchHook: compliance 7017 Toolbar - {8a6264b5-a8f2-494b-8f37-cf898a763e42} - C:\Program Files\Net_Games\prxtbNet0.dll
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: MyAshampoo Toolbar - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Program Files\MyAshampoo\prxtbMyA0.dll
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll (file missing)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: XTTBPos00 Class - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: compliance 7017 - {8a6264b5-a8f2-494b-8f37-cf898a763e42} - C:\Program Files\Net_Games\prxtbNet0.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
O2 - BHO: MyAshampoo - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Program Files\MyAshampoo\prxtbMyA0.dll
O2 - BHO: GdfrDUEn - {A3CF7606-E683-4375-A372-96B75DA0AEF7} - C:\Program Files\Get Styles\enlbrdr.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: free-downloads.net - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\prxtbfre0.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll (file missing)
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\prxtbfre0.dll
O3 - Toolbar: Foxit Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O3 - Toolbar: compliance 7017 Toolbar - {8a6264b5-a8f2-494b-8f37-cf898a763e42} - C:\Program Files\Net_Games\prxtbNet0.dll
O3 - Toolbar: MyAshampoo Toolbar - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Program Files\MyAshampoo\prxtbMyA0.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKLM\..\Run: [WinFastDTV] C:\Program Files\WinFast\WFDTV\DTVSchdl.exe
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [MDS_Menu] "C:\Program Files\Olympus\ib\MUITransfer\MUIStartMenu.exe" "C:\Program Files\Olympus\ib" UpdateWithCreateOnce "Software\OLYMPUS\ib\1.0"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Corel Photo Downloader] "C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" -startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WinFast Schedule] C:\Program Files\WinFast\WFDTV\WFWIZ.exe
O4 - HKCU\..\Run: [AutoStartNPSAgent] C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
O4 - HKCU\..\Run: [Olympus ib] "C:\Program Files\Olympus\ib\olycamdetect.exe" /Startup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ7.5\ICQ.exe" silent loginmode=4
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: GetStyles - {14CD42DD-ABCD-3586-DCAB-40E3693E3737} - C:\Program Files\Get Styles\ct.htm
O9 - Extra 'Tools' menuitem: GetStyles - {14CD42DD-ABCD-3586-DCAB-40E3693E3737} - C:\Program Files\Get Styles\ct.htm
O9 - Extra button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4ED66032-94AA-4BB6-8A80-E2C5CB18D9B4}: Domain = smtp.air-net.cz
O17 - HKLM\System\CCS\Services\Tcpip\..\{E8471300-3F46-47CF-BB30-3ED9DFE6EB0F}: Domain = smtp.air-net.cz
O17 - HKLM\System\CS1\Services\Tcpip\..\{4ED66032-94AA-4BB6-8A80-E2C5CB18D9B4}: Domain = smtp.air-net.cz
O17 - HKLM\System\CS2\Services\Tcpip\..\{4ED66032-94AA-4BB6-8A80-E2C5CB18D9B4}: Domain = smtp.air-net.cz
O17 - HKLM\System\CS3\Services\Tcpip\..\{4ED66032-94AA-4BB6-8A80-E2C5CB18D9B4}: Domain = smtp.air-net.cz
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: FsUsbExService - Teruten - C:\WINDOWS\system32\FsUsbExService.Exe
O23 - Service: Služba Google Update (gupdate1c9ff5436103758) (gupdate1c9ff5436103758) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 13040 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Ad-Aware Update (Daily 1).job
C:\WINDOWS\tasks\Ad-Aware Update (Daily 2).job
C:\WINDOWS\tasks\Ad-Aware Update (Daily 3).job
C:\WINDOWS\tasks\Ad-Aware Update (Daily 4).job
C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

=========Mozilla firefox=========

ProfilePath - C:\Documents and Settings\Jana\Data aplikací\Mozilla\Firefox\Profiles\ziyr5ioa.default

prefs.js - "browser.search.useDBForOrder" - true
prefs.js - "browser.startup.homepage" - "http://www.seznam.cz/"
prefs.js - "extensions.enabledItems" - "DTToolbar@toolbarnet.com:1.0.8.0552, {E9A1DEE0-C623-4439-8932-001E7D17607D}:2.1.0.5, {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.9, {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}:6.0.03, {20a82645-c095-46ed-80e3-08825760534b}:1.1, {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}:6.0.16, jqs@sun.com:1.0, {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}:3.2.5.2, {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.7, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.24"
prefs.js - "keyword.URL" - "http://search.icq.com/search/afe_result ... r=1.4.7&q="

"{20a82645-c095-46ed-80e3-08825760534b}"=c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
"jqs@sun.com"=C:\Program Files\Java\jre6\lib\deploy\jqs\ff
"wrc@avast.com"=C:\Program Files\Alwil Software\Avast5\WebRep\FF


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0]
"Description"=DivX Web Player
"Path"=C:\Program Files\DivX\DivX Web Player\npdivx32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@divx.com/DivX Content Upload Plugin,version=1.0.0]
"Description"=DivX® Content Upload Plugin
"Path"=C:\Program Files\DivX\DivX Content Uploader\npUpload.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1]
"Description"=Yahoo! activeX Plug-in Bridge
"Path"=C:\Program Files\Yahoo!\Common\npyaxmpb.dll

C:\Program Files\Mozilla Firefox\extensions\
{800b5000-a755-47e1-992b-48a1c1357f07}
{972ce4c6-7e08-4474-a285-3208198ce6fd}

C:\Program Files\Mozilla Firefox\components\
AskSearch.js
binary.manifest
browsercomps.dll
nsILegitCheckPlugin.xpt
nsIOGAPlugin.xpt

C:\Program Files\Mozilla Firefox\plugins\
libdivx.dll
npdeploytk.dll
npdivx32.dll
npdivx32.xpt
npFoxitReaderPlugin.dll
npLegitCheckPlugin.dll
npOGAPlugin.dll
nppdf32.dll
ssldivx.dll

C:\Program Files\Mozilla Firefox\searchplugins\
google.xml
heureka-cz.xml
jyxo-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml

C:\Documents and Settings\Jana\Data aplikací\Mozilla\Firefox\Profiles\ziyr5ioa.default\extensions\
DTToolbar@toolbarnet.com
engine@conduit.com
{2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9}
{6236BA26-C117-4007-928C-DE0716C7FA80}
{635abd67-4fe9-1b23-4f01-e679fa7484c1}
{800b5000-a755-47e1-992b-48a1c1357f07}
{8a6264b5-a8f2-494b-8f37-cf898a763e42}
{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}
{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
{E9A1DEE0-C623-4439-8932-001E7D17607D}
{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}

C:\Documents and Settings\Jana\Data aplikací\Mozilla\Firefox\Profiles\ziyr5ioa.default\searchplugins\
ask.xml
conduit.xml
daemon-search.xml
googlecomtr.xml
googlehk.xml
icqplugin-1.xml
icqplugin-10.xml
icqplugin-11.xml
icqplugin-12.xml
icqplugin-13.xml
icqplugin-14.xml
icqplugin-15.xml
icqplugin-16.xml
icqplugin-17.xml
icqplugin-18.xml
icqplugin-19.xml
icqplugin-2.xml
icqplugin-20.xml
icqplugin-21.xml
icqplugin-22.xml
icqplugin-23.xml
icqplugin-24.xml
icqplugin-25.xml
icqplugin-26.xml
icqplugin-27.xml
icqplugin-28.xml
icqplugin-29.xml
icqplugin-3.xml
icqplugin-30.xml
icqplugin-31.xml
icqplugin-32.xml
icqplugin-33.xml
icqplugin-34.xml
icqplugin-35.xml
icqplugin-36.xml
icqplugin-37.xml
icqplugin-38.xml
icqplugin-39.xml
icqplugin-4.xml
icqplugin-40.xml
icqplugin-41.xml
icqplugin-42.xml
icqplugin-43.xml
icqplugin-44.xml
icqplugin-45.xml
icqplugin-46.xml
icqplugin-47.xml
icqplugin-48.xml
icqplugin-49.xml
icqplugin-5.xml
icqplugin-50.xml
icqplugin-51.xml
icqplugin-52.xml
icqplugin-53.xml
icqplugin-54.xml
icqplugin-55.xml
icqplugin-56.xml
icqplugin-57.xml
icqplugin-58.xml
icqplugin-59.xml
icqplugin-6.xml
icqplugin-7.xml
icqplugin-8.xml
icqplugin-9.xml
icqplugin.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{000123B4-9B42-4900-B3F7-F4B073EFC214}]
Octh Class - C:\Program Files\Orbitdownloader\orbitcth.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2006-10-26 440384]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055FD26D-3A88-4e15-963D-DC8493744B1D}]
XTTBPos00 Class - C:\PROGRA~1\ICQTOO~1\toolbaru.dll [2006-12-25 701952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
AskBar BHO - C:\Program Files\AskBarDis\bar\bin\askBar.dll [2008-11-18 333192]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8a6264b5-a8f2-494b-8f37-cf898a763e42}]
compliance 7017 Toolbar - C:\Program Files\Net_Games\prxtbNet0.dll [2011-05-09 176936]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! WebRep - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll [2012-03-07 1003704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}]
MyAshampoo Toolbar - C:\Program Files\MyAshampoo\prxtbMyA0.dll [2011-05-09 176936]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3CF7606-E683-4375-A372-96B75DA0AEF7}]
GdfrDUEn Class - C:\Program Files\Get Styles\enlbrdr.dll [2009-12-16 185344]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-03-13 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-03-13 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ecdee021-0d17-467f-a1ff-c7a115230949}]
free-downloads.net Toolbar - C:\Program Files\free-downloads.net\prxtbfre0.dll [2011-05-09 176936]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{855F3B16-6D32-4fe6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2010-11-21 1054520]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2006-10-26 440384]
{C55BBCD6-41AD-48AD-9953-3609C48EACC7} - Grab Pro - C:\Program Files\Orbitdownloader\GrabPro.dll []
{32099AAC-C132-4136-9E9A-4E364A424E17} - DAEMON Tools Toolbar - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll [2009-04-23 937416]
{ecdee021-0d17-467f-a1ff-c7a115230949} - free-downloads.net Toolbar - C:\Program Files\free-downloads.net\prxtbfre0.dll [2011-05-09 176936]
{3041d03e-fd4b-44e0-b742-2d9b88305f98} - Foxit Toolbar - C:\Program Files\AskBarDis\bar\bin\askBar.dll [2008-11-18 333192]
{8a6264b5-a8f2-494b-8f37-cf898a763e42} - compliance 7017 Toolbar - C:\Program Files\Net_Games\prxtbNet0.dll [2011-05-09 176936]
{a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - MyAshampoo Toolbar - C:\Program Files\MyAshampoo\prxtbMyA0.dll [2011-05-09 176936]
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - avast! WebRep - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll [2012-03-07 1003704]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2007-03-21 16126464]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
"PCSuiteTrayApplication"=C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe [2007-06-18 271360]
"avast5"=C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe [2012-03-07 4241512]
"WinFastDTV"=C:\Program Files\WinFast\WFDTV\DTVSchdl.exe [2008-06-20 90112]
"ArcSoft Connection Service"=C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [2010-10-27 207424]
"MDS_Menu"=C:\Program Files\Olympus\ib\MUITransfer\MUIStartMenu.exe [2009-05-19 222504]
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2011-05-21 13895272]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2011-05-21 111208]
"Corel Photo Downloader"=C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe [2007-12-14 531784]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"WinFast Schedule"=C:\Program Files\WinFast\WFDTV\WFWIZ.exe [2008-06-20 2887680]
"AutoStartNPSAgent"=C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe [2009-04-02 102400]
"Olympus ib"=C:\Program Files\Olympus\ib\olycamdetect.exe [2010-02-04 93376]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]
"ICQ"=C:\Program Files\ICQ7.5\ICQ.exe [2011-08-01 124480]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel File Shell Monitor]
C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe [2008-01-15 16200]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel Photo Downloader]
C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe [2007-12-14 531784]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
C:\Program Files\ICQ7.4\ICQ.exe silent loginmode=4 []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe ASO-616B5711-6DAE-4795-A05F-39A1E5104020 []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NPSStartup]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVIDIA driver monitor]
C:\WINDOWS\nvsvc32.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre6\bin\jusched.exe [2010-03-13 149280]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Orbit.lnk]
C:\PROGRA~1\ORBITD~1\orbitdm.exe /H []

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\ICQ6\ICQ.exe"="C:\Program Files\ICQ6\ICQ.exe:*:Enabled:ICQ6"
"C:\Program Files\Free Music Zilla\FMZilla.exe"="C:\Program Files\Free Music Zilla\FMZilla.exe:*:Disabled:FMZilla Module"
"C:\Program Files\Wolfenstein - Enemy Territory\ETDED.exe"="C:\Program Files\Wolfenstein - Enemy Territory\ETDED.exe:*:Enabled:ETDED"
"C:\Program Files\Wolfenstein - Enemy Territory\ET.exe"="C:\Program Files\Wolfenstein - Enemy Territory\ET.exe:*:Enabled:ET"
"C:\Program Files\Real\RealPlayer\realplay.exe"="C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer"
"C:\Program Files\HL\HALFLIFE\HalfLife\hl.exe"="C:\Program Files\HL\HALFLIFE\HalfLife\hl.exe:*:Disabled:Half-Life Launcher"
"C:\Program Files\Quake III Arena\quake3.exe"="C:\Program Files\Quake III Arena\quake3.exe:*:Disabled:quake3"
"C:\Program Files\Ubisoft\Crytek\Far Cry\Bin32\FarCry.exe"="C:\Program Files\Ubisoft\Crytek\Far Cry\Bin32\FarCry.exe:*:Disabled:Far Cry"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\Return to Castle Wolfenstein\WolfMP.exe"="C:\Program Files\Return to Castle Wolfenstein\WolfMP.exe:*:Enabled:WolfMP"
"C:\Program Files\Orbitdownloader\orbitdm.exe"="C:\Program Files\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit"
"C:\Program Files\Orbitdownloader\orbitnet.exe"="C:\Program Files\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit"
"C:\Program Files\Internet Explorer\iexplore.exe"="C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"C:\Program Files\Sun Age\SunAge.exe"="C:\Program Files\Sun Age\SunAge.exe:*:Disabled:SunAge"
"C:\Program Files\Electronic Arts\EADM\Core.exe"="C:\Program Files\Electronic Arts\EADM\Core.exe:*:Enabled:EA Download Manager"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Documents and Settings\Jana\Dokumenty\Stažené soubory\P1876832.JPG-www.facebook.exe"="C:\WINDOWS\nvsvc32.exe:*:Enabled:NVIDIA driver monitor"
"C:\Program Files\Samsung\Samsung New PC Studio\npsasvr.exe"="C:\Program Files\Samsung\Samsung New PC Studio\npsasvr.exe:*:Enabled:KTF MUSIC AoD Server"
"C:\Program Files\Samsung\Samsung New PC Studio\npsvsvr.exe"="C:\Program Files\Samsung\Samsung New PC Studio\npsvsvr.exe:*:Enabled:KTF MUSIC VoD Server"
"C:\Program Files\ICQ7.5\ICQ.exe"="C:\Program Files\ICQ7.5\ICQ.exe:*:Enabled:ICQ7.5"
"C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe"="C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe:*:Enabled:Daemonu.exe"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\ICQ7.5\ICQ.exe"="C:\Program Files\ICQ7.5\ICQ.exe:*:Enabled:ICQ7.5"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"VIDC.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"VIDC.IYUV"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVU9"=tsbyuv.dll
"VIDC.YVYU"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"MSVideo8"=VfWWDM32.dll
"vidc.XVID"=xvidvfw.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=serwvdrv.dll
"vidc.LEAD"=LCODCCMP.DLL
"msacm.ac3filter"=ac3filter.acm
"vidc.VP60"=C:\WINDOWS\system32\vp6vfw.dll
"vidc.VP61"=C:\WINDOWS\system32\vp6vfw.dll
"VIDC.WMV3"=wmv9vcm.dll

======File associations======

.txt - open - Notepad.exe %1

======List of files/folders created in the last 1 month======

2012-04-02 17:01:31 ----D---- C:\Program Files\trend micro
2012-04-02 17:01:26 ----D---- C:\rsit
2012-04-02 16:23:15 ----D---- C:\WINDOWS\LastGood
2012-04-02 16:23:13 ----D---- C:\Program Files\ESET
2012-04-01 11:21:07 ----D---- C:\WINDOWS\ie8updates
2012-04-01 11:19:44 ----A---- C:\WINDOWS\imsins.BAK
2012-04-01 11:19:32 ----D---- C:\WINDOWS\WBEM
2012-04-01 11:18:32 ----HDC---- C:\WINDOWS\ie8
2012-04-01 11:11:52 ----HD---- C:\WINDOWS\msdownld.tmp
2012-03-29 21:18:08 ----D---- C:\Program Files\rajce
2012-03-14 10:39:15 ----HDC---- C:\WINDOWS\$NtUninstallKB2641653$
2012-03-14 10:36:42 ----HDC---- C:\WINDOWS\$NtUninstallKB2621440$
2012-03-14 10:36:31 ----HDC---- C:\WINDOWS\$NtUninstallKB2647518$

======List of files/folders modified in the last 1 month======

2012-04-02 17:01:31 ----D---- C:\WINDOWS\Prefetch
2012-04-02 17:01:31 ----D---- C:\Program Files
2012-04-02 16:23:16 ----SD---- C:\WINDOWS\Downloaded Program Files
2012-04-02 16:23:16 ----D---- C:\WINDOWS\system32\CatRoot2
2012-04-02 16:23:15 ----D---- C:\WINDOWS\Temp
2012-04-02 16:23:15 ----D---- C:\WINDOWS
2012-04-02 16:09:26 ----A---- C:\WINDOWS\SchedLgU.Txt
2012-04-02 16:09:07 ----D---- C:\WINDOWS\system32
2012-04-02 07:40:28 ----RSHDC---- C:\WINDOWS\system32\dllcache
2012-04-02 07:40:28 ----HD---- C:\WINDOWS\inf
2012-04-02 07:40:21 ----HD---- C:\WINDOWS\$hf_mig$
2012-04-01 22:37:51 ----D---- C:\Program Files\Mozilla Firefox
2012-04-01 17:39:09 ----D---- C:\WINDOWS\Minidump
2012-04-01 11:23:45 ----D---- C:\WINDOWS\Help
2012-04-01 11:23:45 ----D---- C:\Program Files\Internet Explorer
2012-04-01 11:19:32 ----D---- C:\WINDOWS\system32\en-us
2012-04-01 11:19:26 ----D---- C:\WINDOWS\Media
2012-04-01 11:18:07 ----SHD---- C:\WINDOWS\Installer
2012-04-01 11:09:07 ----D---- C:\WINDOWS\Debug
2012-04-01 10:06:40 ----D---- C:\Documents and Settings\Jana\Data aplikací\PriceGong
2012-03-29 18:23:04 ----A---- C:\WINDOWS\wincmd.ini
2012-03-21 18:05:33 ----SHD---- C:\Config.Msi
2012-03-14 10:36:53 ----A---- C:\WINDOWS\system32\MRT.exe
2012-03-14 10:36:44 ----D---- C:\WINDOWS\system32\drivers
2012-03-14 00:23:28 ----A---- C:\WINDOWS\win.ini
2012-03-07 01:15:14 ----A---- C:\WINDOWS\system32\aswBoot.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2009-07-30 721904]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-15 76544]
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2012-03-07 24920]
R1 AFS2K;AFS2k; C:\WINDOWS\system32\drivers\AFS2K.sys [2012-02-10 82380]
R1 asuskbnt;Enhanced Display Driver Helper Service; C:\WINDOWS\system32\drivers\atkkbnt.sys [2007-05-31 11136]
R1 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2012-03-07 35672]
R1 aswSnx;aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [2012-03-07 612184]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2012-03-07 337880]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2012-03-07 53848]
R1 EIO;EIO; \??\C:\WINDOWS\system32\drivers\EIO.sys []
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2012-03-07 20696]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2012-03-07 95704]
R2 BT848;WinFast VC100 WDM Video Capture; C:\WINDOWS\system32\drivers\wf2kvcap.sys [2005-06-01 76325]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2004-08-03 11868]
R2 SBKUPNT;SBKUPNT; \??\C:\WINDOWS\system32\Drivers\SBKUPNT.SYS []
R2 Tv2kXbar;WinFast VC100 WDM Crossbar; C:\WINDOWS\system32\drivers\wf2kxbar.sys [2005-06-01 10005]
R3 asusgsb;ASUS Virtual Video Capture Device Driver; C:\WINDOWS\system32\drivers\asusgsb.sys [2007-05-31 12416]
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller; C:\WINDOWS\system32\DRIVERS\atl01_xp.sys [2007-03-15 38656]
R3 FsUsbExDisk;FsUsbExDisk; \??\C:\WINDOWS\system32\FsUsbExDisk.SYS []
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-03-26 4395008]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-18 12160]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-13 5810]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2011-05-21 12753664]
R3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2009-12-28 47360]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 Video3D;ASUS Video3D Service; C:\WINDOWS\System32\Drivers\Video3D32.sys [2007-05-31 10752]
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSFDPSP2.sys [2004-08-03 1041536]
S3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\system32\DRIVERS\HSFBS2S2.sys [2004-08-03 220032]
S3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\nmwcd.sys [2007-02-22 137216]
S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\nmwcdc.sys [2007-02-22 8320]
S3 nmwcdcj;Nokia USB Port; C:\WINDOWS\system32\drivers\nmwcdcj.sys [2007-02-22 12288]
S3 nmwcdcm;Nokia USB Modem; C:\WINDOWS\system32\drivers\nmwcdcm.sys [2007-02-22 12288]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2007-09-17 21632]
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 ss_bbus;SAMSUNG USB Mobile Device (WDM); C:\WINDOWS\system32\DRIVERS\ss_bbus.sys [2009-03-20 90112]
S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter); C:\WINDOWS\system32\DRIVERS\ss_bmdfl.sys [2009-03-20 14976]
S3 ss_bmdm;SAMSUNG USB Mobile Modem; C:\WINDOWS\system32\DRIVERS\ss_bmdm.sys [2009-03-20 121856]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSFCXTS2.sys [2004-08-03 685056]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-15 82688]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ACDaemon;ArcSoft Connect Daemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [2010-03-18 113152]
R2 ATKKeyboardService;ATK Keyboard Service; C:\WINDOWS\ATKKBService.exe [2007-05-31 258560]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2012-03-07 44768]
R2 FsUsbExService;FsUsbExService; C:\WINDOWS\system32\FsUsbExService.Exe [2009-03-31 233472]
R2 ICQ Service;ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [2010-11-21 247608]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-03-13 153376]
R2 NMSAccessU;NMSAccessU; C:\Program Files\CDBurnerXP\NMSAccessU.exe [2008-06-15 71096]
R2 NVSvc;NVIDIA Driver Helper Service; C:\WINDOWS\system32\nvsvc32.exe [2011-05-21 154728]
R2 ProtexisLicensing;ProtexisLicensing; C:\WINDOWS\system32\PSIService.exe [2007-06-05 177704]
R2 UleadBurningHelper;Ulead Burning Helper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [2004-12-13 49152]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 gupdate1c9ff5436103758;Služba Google Update (gupdate1c9ff5436103758); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-07-08 133104]
S2 nvUpdatusService;NVIDIA Update Service Daemon; C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-05-21 2214504]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-07-08 133104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

Zdravim a pekny den preji

Doporucuji odinstalovat (pokud nepouzivate) toolbary (listy prohlizecu) v Přidat nebo odebrat programy

Stahnete RogueKiller http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe

• Ukoncete vsechny programy
• Pokud pouzivate Win Vista ci W7, kliknete na RogueKiller pravym a dejte Run As Administrator ci Spustit jako spravce
• Pockejte na dokonceni PreScanu
• Zvolte moznost Prohledat (scan)
• Po dokonceni skenu kliknete na Zpráva (Report)- otevre se log, ten sem vlozte

RogueKiller V7.3.2 [03/20/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Podpora: http://www.geekstogo.com/forum/files/fi ... guekiller/
Operační systém: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Spuštěno v: Normální režim
Uživatel: Jana [Práva správce]
Mód: Kontrola -- Datum: 04/02/2012 17:36:46

¤¤¤ Škodlivé procesy: 0 ¤¤¤

¤¤¤ Záznamy Registrů: 1 ¤¤¤
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Zvláštní soubory / Složky: ¤¤¤

¤¤¤ Ovladač: [NAHRÁNO] ¤¤¤
IRP[IRP_MJ_CREATE] : Unknown -> HOOKED ([MAJOR] atapi.sys @ 0xB7E21B40)
IRP[IRP_MJ_CLOSE] : Unknown -> HOOKED ([MAJOR] atapi.sys @ 0xB7E21B40)
IRP[IRP_MJ_DEVICE_CONTROL] : Unknown -> HOOKED ([MAJOR] atapi.sys @ 0xB7E21B40)
IRP[IRP_MJ_INTERNAL_DEVICE_CONTROL] : Unknown -> HOOKED ([MAJOR] atapi.sys @ 0xB7E21B40)
IRP[IRP_MJ_SYSTEM_CONTROL] : Unknown -> HOOKED ([MAJOR] atapi.sys @ 0xB7E21B40)
IRP[IRP_MJ_DEVICE_CHANGE] : Unknown -> HOOKED ([MAJOR] atapi.sys @ 0xB7E21B40)

¤¤¤ Nákaza : ¤¤¤

¤¤¤ Soubor HOSTS: ¤¤¤
127.0.0.1 localhost


¤¤¤ Kontrola MBR: ¤¤¤

+++++ PhysicalDrive0: ST3250410AS +++++
--- User ---
[MBR] e90c7bf494dfb3bed9acc89f7f731faa
[BSP] 33df894b403f802d4d97bdd82db90462 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 238464 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Dokončeno : << RKreport[1].txt >>
RKreport[1].txt

Stahnete si TDSSKiller http://support.kaspersky.com/downloads/ ... killer.exe

• Kliknete na volbu Change parametrs
• V obou oknech (Objects to scan i Additional Option) zakliknete vsechny moznosti - ve vsech ctvereccich musi mit fajecka
• Kliknete na OK
• Utilite prikazte, at skenuje - klik na Start Scan
• Po dokonceni skenu se objevi okno, zkontrolujte, zda-li je vsude moznost Skip
• Pokud moznost Skip nebude primarne nastavena, prekliknete ji na Skip
• Pokud mate vsude Skip, kliknete na Continue
• Na disku, kde mate Windows (obvykle c:\) ve tvaru TDSSKiller.nejaka cisilka _log.txt bude log - jeho obsah sem vlozte

17:46:32.0968 0144 TDSS rootkit removing tool 2.7.24.0 Apr 2 2012 10:31:48
17:46:33.0031 0144 ============================================================
17:46:33.0031 0144 Current date / time: 2012/04/02 17:46:33.0031
17:46:33.0031 0144 SystemInfo:
17:46:33.0031 0144
17:46:33.0031 0144 OS Version: 5.1.2600 ServicePack: 3.0
17:46:33.0031 0144 Product type: Workstation
17:46:33.0031 0144 ComputerName: NO-9B00247187B2
17:46:33.0031 0144 UserName: Jana
17:46:33.0031 0144 Windows directory: C:\WINDOWS
17:46:33.0031 0144 System windows directory: C:\WINDOWS
17:46:33.0031 0144 Processor architecture: Intel x86
17:46:33.0031 0144 Number of processors: 2
17:46:33.0031 0144 Page size: 0x1000
17:46:33.0031 0144 Boot type: Normal boot
17:46:33.0031 0144 ============================================================
17:46:35.0828 0144 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
17:46:35.0828 0144 \Device\Harddisk0\DR0:
17:46:35.0828 0144 MBR used
17:46:35.0828 0144 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1D1C0681
17:46:35.0859 0144 Initialize success
17:46:35.0859 0144 ============================================================
17:47:05.0343 0408 ============================================================
17:47:05.0343 0408 Scan started
17:47:05.0343 0408 Mode: Manual; SigCheck; TDLFS;
17:47:05.0343 0408 ============================================================
17:47:05.0843 0408 Aavmker4 (473f97edc5a5312f3665ab2921196c0c) C:\WINDOWS\system32\drivers\Aavmker4.sys
17:47:06.0031 0408 Aavmker4 - ok
17:47:06.0062 0408 Abiosdsk - ok
17:47:06.0078 0408 abp480n5 - ok
17:47:06.0187 0408 ACDaemon (adc420616c501b45d26c0fd3ef1e54e4) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
17:47:06.0187 0408 ACDaemon - ok
17:47:06.0265 0408 ACPI (4fe34f1f3126b61fcc6b2043aa8112c9) C:\WINDOWS\system32\DRIVERS\ACPI.sys
17:47:06.0859 0408 ACPI - ok
17:47:06.0984 0408 ACPIEC (afdff022a01f0b11c776f0860c3b282f) C:\WINDOWS\system32\drivers\ACPIEC.sys
17:47:07.0109 0408 ACPIEC - ok
17:47:07.0125 0408 adpu160m - ok
17:47:07.0203 0408 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
17:47:07.0328 0408 aec - ok
17:47:07.0375 0408 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
17:47:07.0437 0408 AFD - ok
17:47:07.0484 0408 AFS2K (b34b1ab0a7690a0e2301fec6d17b2fc1) C:\WINDOWS\system32\drivers\AFS2K.sys
17:47:07.0515 0408 AFS2K ( UnsignedFile.Multi.Generic ) - warning
17:47:07.0515 0408 AFS2K - detected UnsignedFile.Multi.Generic (1)
17:47:07.0531 0408 Aha154x - ok
17:47:07.0531 0408 aic78u2 - ok
17:47:07.0562 0408 aic78xx - ok
17:47:07.0625 0408 Alerter (e0a6fa244b8624d78fe5ff6f56a33bae) C:\WINDOWS\system32\alrsvc.dll
17:47:07.0750 0408 Alerter - ok
17:47:07.0781 0408 ALG (88842de939a827577bf24243699ac80a) C:\WINDOWS\System32\alg.exe
17:47:07.0906 0408 ALG - ok
17:47:07.0906 0408 AliIde - ok
17:47:07.0921 0408 amsint - ok
17:47:07.0953 0408 AppMgmt - ok
17:47:07.0953 0408 asc - ok
17:47:07.0968 0408 asc3350p - ok
17:47:07.0984 0408 asc3550 - ok
17:47:08.0078 0408 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
17:47:08.0125 0408 aspnet_state - ok
17:47:08.0140 0408 asusgsb (d320732bcf5ff856120bd06855c66867) C:\WINDOWS\system32\drivers\asusgsb.sys
17:47:08.0156 0408 asusgsb ( UnsignedFile.Multi.Generic ) - warning
17:47:08.0156 0408 asusgsb - detected UnsignedFile.Multi.Generic (1)
17:47:08.0156 0408 asuskbnt (b3b881eb81013aac11594a5400ada47a) C:\WINDOWS\system32\drivers\atkkbnt.sys
17:47:08.0187 0408 asuskbnt ( UnsignedFile.Multi.Generic ) - warning
17:47:08.0187 0408 asuskbnt - detected UnsignedFile.Multi.Generic (1)
17:47:08.0218 0408 aswFsBlk (0ae43c6c411254049279c2ee55630f95) C:\WINDOWS\system32\drivers\aswFsBlk.sys
17:47:08.0234 0408 aswFsBlk - ok
17:47:08.0265 0408 aswMon2 (8c30b7ddd2f1d8d138ebe40345af2b11) C:\WINDOWS\system32\drivers\aswMon2.sys
17:47:08.0281 0408 aswMon2 - ok
17:47:08.0296 0408 aswRdr (da12626fd9a67f4e917e2f2fbe1e1764) C:\WINDOWS\system32\drivers\aswRdr.sys
17:47:08.0312 0408 aswRdr - ok
17:47:08.0359 0408 aswSnx (dcb199b967375753b5019ec15f008f53) C:\WINDOWS\system32\drivers\aswSnx.sys
17:47:08.0390 0408 aswSnx - ok
17:47:08.0421 0408 aswSP (b32873e5a1443c0a1e322266e203bf10) C:\WINDOWS\system32\drivers\aswSP.sys
17:47:08.0437 0408 aswSP - ok
17:47:08.0453 0408 aswTdi (6ff544175a9180c5d88534d3d9c9a9f7) C:\WINDOWS\system32\drivers\aswTdi.sys
17:47:08.0468 0408 aswTdi - ok
17:47:08.0500 0408 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
17:47:08.0625 0408 AsyncMac - ok
17:47:08.0656 0408 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
17:47:08.0796 0408 atapi - ok
17:47:08.0843 0408 AtcL001 (19f277bc4ce5689f20f347a6b8aa8c42) C:\WINDOWS\system32\DRIVERS\atl01_xp.sys
17:47:08.0906 0408 AtcL001 - ok
17:47:08.0921 0408 Atdisk - ok
17:47:08.0953 0408 ATKKeyboardService (f6a30cf0e7280415ddea40b0262339c6) C:\WINDOWS\ATKKBService.exe
17:47:08.0953 0408 ATKKeyboardService ( UnsignedFile.Multi.Generic ) - warning
17:47:08.0953 0408 ATKKeyboardService - detected UnsignedFile.Multi.Generic (1)
17:47:09.0000 0408 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
17:47:09.0140 0408 Atmarpc - ok
17:47:09.0187 0408 AudioSrv (de31b88962a8645dba5a37b993e7b0f1) C:\WINDOWS\System32\audiosrv.dll
17:47:09.0312 0408 AudioSrv - ok
17:47:09.0359 0408 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
17:47:09.0484 0408 audstub - ok
17:47:09.0625 0408 avast! Antivirus (4041d31508a2a084dfb42c595854090f) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
17:47:09.0625 0408 avast! Antivirus - ok
17:47:09.0703 0408 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
17:47:09.0859 0408 Beep - ok
17:47:09.0906 0408 BITS (19395d092fd85ddc2d9c7729cf5a2ac8) C:\WINDOWS\system32\qmgr.dll
17:47:10.0093 0408 BITS - ok
17:47:10.0140 0408 Browser (249276d3ef1e74b992299cb96099e4d7) C:\WINDOWS\System32\browser.dll
17:47:10.0265 0408 Browser - ok
17:47:10.0312 0408 BT848 (3f9a299ac1cd54b2550bf816492a76fa) C:\WINDOWS\system32\drivers\wf2kvcap.sys
17:47:10.0375 0408 BT848 - ok
17:47:10.0421 0408 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
17:47:10.0546 0408 cbidf2k - ok
17:47:10.0578 0408 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
17:47:10.0703 0408 CCDECODE - ok
17:47:10.0718 0408 cd20xrnt - ok
17:47:10.0750 0408 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
17:47:10.0875 0408 Cdaudio - ok
17:47:10.0906 0408 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
17:47:11.0046 0408 Cdfs - ok
17:47:11.0078 0408 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
17:47:11.0203 0408 Cdrom - ok
17:47:11.0218 0408 Changer - ok
17:47:11.0281 0408 CiSvc (e390dc1d7c461d7d56ec53402f329928) C:\WINDOWS\system32\cisvc.exe
17:47:11.0390 0408 CiSvc - ok
17:47:11.0437 0408 ClipSrv (064507a8dfa8c5c7e2ffddd3e6f424fa) C:\WINDOWS\system32\clipsrv.exe
17:47:11.0562 0408 ClipSrv - ok
17:47:11.0640 0408 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:47:11.0687 0408 clr_optimization_v2.0.50727_32 - ok
17:47:11.0765 0408 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
17:47:11.0781 0408 clr_optimization_v4.0.30319_32 - ok
17:47:11.0843 0408 CmdIde - ok
17:47:11.0843 0408 COMSysApp - ok
17:47:11.0875 0408 Cpqarray - ok
17:47:11.0921 0408 CryptSvc (f3ab0933cbd166d271992f411c27ccaf) C:\WINDOWS\System32\cryptsvc.dll
17:47:12.0062 0408 CryptSvc - ok
17:47:12.0062 0408 dac2w2k - ok
17:47:12.0093 0408 dac960nt - ok
17:47:12.0156 0408 DcomLaunch (be27674d1cbc3214aec84b4336a38bbf) C:\WINDOWS\system32\rpcss.dll
17:47:12.0234 0408 DcomLaunch - ok
17:47:12.0328 0408 Dhcp (8c9a53e285ac5e6704844d0459ec85be) C:\WINDOWS\System32\dhcpcsvc.dll
17:47:12.0468 0408 Dhcp - ok
17:47:12.0500 0408 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
17:47:12.0625 0408 Disk - ok
17:47:12.0656 0408 dmadmin - ok
17:47:12.0687 0408 dmboot (db5fd2bf5b07dc54bfcb3664ff05bd7c) C:\WINDOWS\system32\drivers\dmboot.sys
17:47:12.0859 0408 dmboot - ok
17:47:12.0875 0408 dmio (fff1720af51171f32f1ead5cf71f2810) C:\WINDOWS\system32\drivers\dmio.sys
17:47:13.0015 0408 dmio - ok
17:47:13.0031 0408 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
17:47:13.0156 0408 dmload - ok
17:47:13.0203 0408 dmserver (2bfefe9e865655a76982f050450b9591) C:\WINDOWS\System32\dmserver.dll
17:47:13.0312 0408 dmserver - ok
17:47:13.0359 0408 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
17:47:13.0484 0408 DMusic - ok
17:47:13.0531 0408 Dnscache (dfaa406bf19f4ee806a6f8d4342137f7) C:\WINDOWS\System32\dnsrslvr.dll
17:47:13.0593 0408 Dnscache - ok
17:47:13.0640 0408 Dot3svc (4a3e2bd20157a0946751229e92eb8621) C:\WINDOWS\System32\dot3svc.dll
17:47:13.0781 0408 Dot3svc - ok
17:47:13.0796 0408 dpti2o - ok
17:47:13.0859 0408 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
17:47:14.0000 0408 drmkaud - ok
17:47:14.0031 0408 EapHost (0887d9c2be8d940778cad1e3b85f2a41) C:\WINDOWS\System32\eapsvc.dll
17:47:14.0140 0408 EapHost - ok
17:47:14.0187 0408 EIO (0daf3544804650526751c478aeccce63) C:\WINDOWS\system32\drivers\EIO.sys
17:47:14.0203 0408 EIO ( UnsignedFile.Multi.Generic ) - warning
17:47:14.0203 0408 EIO - detected UnsignedFile.Multi.Generic (1)
17:47:14.0250 0408 ERSvc (a2a4912798f2be706abadd3d30800d16) C:\WINDOWS\System32\ersvc.dll
17:47:14.0375 0408 ERSvc - ok
17:47:14.0406 0408 Eventlog (9ef697af07bb8dd82c3b02ca953a95b7) C:\WINDOWS\system32\services.exe
17:47:14.0453 0408 Eventlog - ok
17:47:14.0500 0408 EventSystem (a371f11ef07653591c8de26afb13ce7f) C:\WINDOWS\system32\es.dll
17:47:14.0562 0408 EventSystem - ok
17:47:14.0593 0408 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
17:47:14.0734 0408 Fastfat - ok
17:47:14.0765 0408 FastUserSwitchingCompatibility (ee9a2b9ea968a792a053c9d1a86bf870) C:\WINDOWS\System32\shsvcs.dll
17:47:14.0812 0408 FastUserSwitchingCompatibility - ok
17:47:14.0843 0408 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
17:47:14.0968 0408 Fdc - ok
17:47:14.0984 0408 Fips (ac366695a0796560aa37215ad5762aaf) C:\WINDOWS\system32\drivers\Fips.sys
17:47:15.0109 0408 Fips - ok
17:47:15.0140 0408 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
17:47:15.0265 0408 Flpydisk - ok
17:47:15.0312 0408 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
17:47:15.0437 0408 FltMgr - ok
17:47:15.0593 0408 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
17:47:15.0609 0408 FontCache3.0.0.0 - ok
17:47:15.0687 0408 FsUsbExDisk (790a4ca68f44be35967b3df61f3e4675) C:\WINDOWS\system32\FsUsbExDisk.SYS
17:47:15.0703 0408 FsUsbExDisk ( UnsignedFile.Multi.Generic ) - warning
17:47:15.0703 0408 FsUsbExDisk - detected UnsignedFile.Multi.Generic (1)
17:47:15.0734 0408 FsUsbExService (d3f9205cc4cb07553f2f9472c767ea87) C:\WINDOWS\system32\FsUsbExService.Exe
17:47:15.0765 0408 FsUsbExService ( UnsignedFile.Multi.Generic ) - warning
17:47:15.0765 0408 FsUsbExService - detected UnsignedFile.Multi.Generic (1)
17:47:15.0796 0408 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
17:47:15.0921 0408 Fs_Rec - ok
17:47:15.0953 0408 Ftdisk (4e664d8541db4a66b73a24257e322e1f) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
17:47:16.0109 0408 Ftdisk - ok
17:47:16.0156 0408 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
17:47:16.0281 0408 Gpc - ok
17:47:16.0421 0408 gupdate1c9ff5436103758 (626a24ed1228580b9518c01930936df9) C:\Program Files\Google\Update\GoogleUpdate.exe
17:47:16.0437 0408 gupdate1c9ff5436103758 - ok
17:47:16.0437 0408 gupdatem (626a24ed1228580b9518c01930936df9) C:\Program Files\Google\Update\GoogleUpdate.exe
17:47:16.0453 0408 gupdatem - ok
17:47:16.0500 0408 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
17:47:16.0640 0408 HDAudBus - ok
17:47:16.0703 0408 helpsvc (fcfe31fb75f8a6295b6b0af87a626282) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
17:47:16.0828 0408 helpsvc - ok
17:47:16.0890 0408 HidServ (00e25ee90166b3e1be6e74aebf858306) C:\WINDOWS\System32\hidserv.dll
17:47:17.0015 0408 HidServ - ok
17:47:17.0046 0408 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
17:47:17.0171 0408 hidusb - ok
17:47:17.0218 0408 hkmsvc (7a6b320928f86bc851530d63c82965d9) C:\WINDOWS\System32\kmsvc.dll
17:47:17.0359 0408 hkmsvc - ok
17:47:17.0375 0408 hpn - ok
17:47:17.0421 0408 HSFHWBS2 (970178e8e003eb1481293830069624b9) C:\WINDOWS\system32\DRIVERS\HSFBS2S2.sys
17:47:17.0515 0408 HSFHWBS2 - ok
17:47:17.0562 0408 HSF_DP (ebb354438a4c5a3327fb97306260714a) C:\WINDOWS\system32\DRIVERS\HSFDPSP2.sys
17:47:17.0687 0408 HSF_DP - ok
17:47:17.0734 0408 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
17:47:17.0781 0408 HTTP - ok
17:47:17.0828 0408 HTTPFilter (58fe2f2da3bc5573f4a35b3760d3125f) C:\WINDOWS\System32\w3ssl.dll
17:47:17.0984 0408 HTTPFilter - ok
17:47:17.0984 0408 i2omgmt - ok
17:47:18.0015 0408 i2omp - ok
17:47:18.0062 0408 i8042prt (c528e27945367191e7bae364930b6932) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
17:47:18.0187 0408 i8042prt - ok
17:47:18.0296 0408 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
17:47:18.0312 0408 IDriverT ( UnsignedFile.Multi.Generic ) - warning
17:47:18.0312 0408 IDriverT - detected UnsignedFile.Multi.Generic (1)
17:47:18.0453 0408 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
17:47:18.0546 0408 idsvc - ok
17:47:18.0625 0408 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
17:47:18.0765 0408 Imapi - ok
17:47:18.0812 0408 ImapiService (f7b93aafad33b2320954c17e26c8d361) C:\WINDOWS\system32\imapi.exe
17:47:18.0953 0408 ImapiService - ok
17:47:18.0968 0408 ini910u - ok
17:47:19.0109 0408 IntcAzAudAddService (cbddab14249b2f05407fc09ab8fffb88) C:\WINDOWS\system32\drivers\RtkHDAud.sys
17:47:19.0296 0408 IntcAzAudAddService - ok
17:47:19.0312 0408 IntelIde - ok
17:47:19.0375 0408 intelppm (27b290d632af2cf3cf40bfddb7370985) C:\WINDOWS\system32\DRIVERS\intelppm.sys
17:47:19.0515 0408 intelppm - ok
17:47:19.0531 0408 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
17:47:19.0671 0408 Ip6Fw - ok
17:47:19.0703 0408 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
17:47:19.0828 0408 IpFilterDriver - ok
17:47:19.0843 0408 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
17:47:19.0968 0408 IpInIp - ok
17:47:20.0000 0408 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
17:47:20.0140 0408 IpNat - ok
17:47:20.0171 0408 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
17:47:20.0312 0408 IPSec - ok
17:47:20.0328 0408 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
17:47:20.0453 0408 IRENUM - ok
17:47:20.0484 0408 isapnp (cc9f8a2d60aed1a51a3ac34c59b987ae) C:\WINDOWS\system32\DRIVERS\isapnp.sys
17:47:20.0609 0408 isapnp - ok
17:47:20.0781 0408 JavaQuickStarterService (09417134f248dfceea15c72bcc87f592) C:\Program Files\Java\jre6\bin\jqs.exe
17:47:20.0796 0408 JavaQuickStarterService - ok
17:47:20.0859 0408 Kbdclass (1b6162fe7f66b1a71a4b70f941c4aa9b) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
17:47:20.0984 0408 Kbdclass - ok
17:47:21.0000 0408 kbdhid (86c8f23616c6c6e5b2776901c17b945b) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
17:47:21.0125 0408 kbdhid - ok
17:47:21.0156 0408 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
17:47:21.0296 0408 kmixer - ok
17:47:21.0343 0408 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
17:47:21.0421 0408 KSecDD - ok
17:47:21.0453 0408 lanmanserver (3428e8f86f8add36b42fb23542c7b3e4) C:\WINDOWS\System32\srvsvc.dll
17:47:21.0500 0408 lanmanserver - ok
17:47:21.0531 0408 lanmanworkstation (936c1d110232d23b621cb0196e4f80f0) C:\WINDOWS\System32\wkssvc.dll
17:47:21.0609 0408 lanmanworkstation - ok
17:47:21.0609 0408 lbrtfdc - ok
17:47:21.0687 0408 LmHosts (0ab159f536e3e8f7f07113702a07cca5) C:\WINDOWS\System32\lmhsvc.dll
17:47:21.0828 0408 LmHosts - ok
17:47:21.0906 0408 mdmxsdk (195741aee20369980796b557358cd774) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
17:47:22.0000 0408 mdmxsdk - ok
17:47:22.0062 0408 Messenger (221cd1c815b8a6b79389c3f5d1018de8) C:\WINDOWS\System32\msgsvc.dll
17:47:22.0203 0408 Messenger - ok
17:47:22.0265 0408 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
17:47:22.0406 0408 mnmdd - ok
17:47:22.0453 0408 mnmsrvc (9a57d046f88f4b69751b11fd40088a61) C:\WINDOWS\system32\mnmsrvc.exe
17:47:22.0593 0408 mnmsrvc - ok
17:47:22.0625 0408 Modem (44032b0c6d9954d3fd26438330b99ee7) C:\WINDOWS\system32\drivers\Modem.sys
17:47:22.0750 0408 Modem - ok
17:47:22.0781 0408 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
17:47:22.0921 0408 MODEMCSA - ok
17:47:22.0953 0408 Mouclass (4cb582831dbde63ce43b45d771218374) C:\WINDOWS\system32\DRIVERS\mouclass.sys
17:47:23.0078 0408 Mouclass - ok
17:47:23.0125 0408 mouhid (bb269eba740737ab749b214d568b6812) C:\WINDOWS\system32\DRIVERS\mouhid.sys
17:47:23.0281 0408 mouhid - ok
17:47:23.0312 0408 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
17:47:23.0421 0408 MountMgr - ok
17:47:23.0437 0408 mraid35x - ok
17:47:23.0468 0408 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
17:47:23.0609 0408 MRxDAV - ok
17:47:23.0687 0408 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
17:47:23.0734 0408 MRxSmb - ok
17:47:23.0781 0408 MSDTC (6db4d1521caba9a5ffab54ade0ae867d) C:\WINDOWS\system32\msdtc.exe
17:47:23.0921 0408 MSDTC - ok
17:47:23.0968 0408 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
17:47:24.0109 0408 Msfs - ok
17:47:24.0125 0408 MsiServer - ok
17:47:24.0156 0408 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
17:47:24.0281 0408 MSKSSRV - ok
17:47:24.0296 0408 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
17:47:24.0421 0408 MSPCLOCK - ok
17:47:24.0453 0408 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
17:47:24.0562 0408 MSPQM - ok
17:47:24.0609 0408 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
17:47:24.0750 0408 mssmbios - ok
17:47:24.0765 0408 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
17:47:24.0906 0408 MSTEE - ok
17:47:24.0921 0408 MTsensor (d48659bb24c48345d926ecb45c1ebdf5) C:\WINDOWS\system32\DRIVERS\ASACPI.sys
17:47:24.0968 0408 MTsensor - ok
17:47:25.0015 0408 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
17:47:25.0046 0408 Mup - ok
17:47:25.0093 0408 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
17:47:25.0218 0408 NABTSFEC - ok
17:47:25.0265 0408 napagent (6ea362e9db03d44f6b996f4d8be237e9) C:\WINDOWS\System32\qagentrt.dll
17:47:25.0421 0408 napagent - ok
17:47:25.0468 0408 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
17:47:25.0609 0408 NDIS - ok
17:47:25.0625 0408 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
17:47:25.0750 0408 NdisIP - ok
17:47:25.0796 0408 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
17:47:25.0828 0408 NdisTapi - ok
17:47:25.0890 0408 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
17:47:26.0015 0408 Ndisuio - ok
17:47:26.0031 0408 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
17:47:26.0156 0408 NdisWan - ok
17:47:26.0187 0408 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
17:47:26.0218 0408 NDProxy - ok
17:47:26.0250 0408 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
17:47:26.0390 0408 NetBIOS - ok
17:47:26.0421 0408 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
17:47:26.0562 0408 NetBT - ok
17:47:26.0593 0408 NetDDE (933de774986ec85e48210c44ab431de6) C:\WINDOWS\system32\netdde.exe
17:47:26.0734 0408 NetDDE - ok
17:47:26.0750 0408 NetDDEdsdm (933de774986ec85e48210c44ab431de6) C:\WINDOWS\system32\netdde.exe
17:47:26.0859 0408 NetDDEdsdm - ok
17:47:26.0906 0408 Netlogon (ed0a176354487ceed65b80a7148ab739) C:\WINDOWS\system32\lsass.exe
17:47:27.0046 0408 Netlogon - ok
17:47:27.0078 0408 Netman (72e1e9e2977be08bdeedb6d8fd9d4d40) C:\WINDOWS\System32\netman.dll
17:47:27.0218 0408 Netman - ok
17:47:27.0359 0408 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
17:47:27.0375 0408 NetTcpPortSharing - ok
17:47:27.0437 0408 Nla (39ee7c3bfbc64ba87cc8cf67386e814c) C:\WINDOWS\System32\mswsock.dll
17:47:27.0500 0408 Nla - ok
17:47:27.0625 0408 NMSAccessU (fd306fbcce7adb1077b709742e7148e9) C:\Program Files\CDBurnerXP\NMSAccessU.exe
17:47:27.0640 0408 NMSAccessU - ok
17:47:27.0687 0408 nmwcd (696b37ea78f9d9767a2f18ba0304a51a) C:\WINDOWS\system32\drivers\nmwcd.sys
17:47:27.0765 0408 nmwcd - ok
17:47:27.0781 0408 nmwcdc (bbb6010fc01d9239d88fcdf133e03ff0) C:\WINDOWS\system32\drivers\nmwcdc.sys
17:47:27.0812 0408 nmwcdc - ok
17:47:27.0828 0408 nmwcdcj (4c3726467d67483f054c88f058e9c153) C:\WINDOWS\system32\drivers\nmwcdcj.sys
17:47:27.0859 0408 nmwcdcj - ok
17:47:27.0875 0408 nmwcdcm (4c3726467d67483f054c88f058e9c153) C:\WINDOWS\system32\drivers\nmwcdcm.sys
17:47:27.0906 0408 nmwcdcm - ok
17:47:27.0953 0408 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
17:47:28.0093 0408 Npfs - ok
17:47:28.0125 0408 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
17:47:28.0296 0408 Ntfs - ok
17:47:28.0343 0408 NtLmSsp (ed0a176354487ceed65b80a7148ab739) C:\WINDOWS\system32\lsass.exe
17:47:28.0468 0408 NtLmSsp - ok
17:47:28.0515 0408 NtmsSvc (023dd70573d644f3d9c8b1258a7bfd08) C:\WINDOWS\system32\ntmssvc.dll
17:47:28.0656 0408 NtmsSvc - ok
17:47:28.0687 0408 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
17:47:28.0828 0408 Null - ok
17:47:29.0125 0408 nv (8b2c874897ea498da012284e12f9db2b) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
17:47:29.0500 0408 nv - ok
17:47:29.0625 0408 NVSvc (32f7dec3729b3bae66eebcab7b03b18f) C:\WINDOWS\system32\nvsvc32.exe
17:47:29.0656 0408 NVSvc - ok
17:47:29.0828 0408 nvUpdatusService (2cc4e45b0eb4c48392cec9c83b5b8e3b) C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
17:47:29.0921 0408 nvUpdatusService - ok
17:47:30.0000 0408 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
17:47:30.0125 0408 NwlnkFlt - ok
17:47:30.0171 0408 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
17:47:30.0312 0408 NwlnkFwd - ok
17:47:30.0359 0408 Parport (46f8db73b4a53e543f8e371dc7c75bae) C:\WINDOWS\system32\drivers\Parport.sys
17:47:30.0484 0408 Parport - ok
17:47:30.0515 0408 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
17:47:30.0656 0408 PartMgr - ok
17:47:30.0703 0408 ParVdm (1fae19d0457176318bba4a8795656ebc) C:\WINDOWS\system32\drivers\ParVdm.sys
17:47:30.0828 0408 ParVdm - ok
17:47:30.0875 0408 pccsmcfd (175cc28dcf819f78caa3fbd44ad9e52a) C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys
17:47:30.0906 0408 pccsmcfd - ok
17:47:30.0953 0408 PCI (6ce351d149cb4befc702951e471e1730) C:\WINDOWS\system32\DRIVERS\pci.sys
17:47:31.0078 0408 PCI - ok
17:47:31.0093 0408 PCIDump - ok
17:47:31.0140 0408 PCIIde (2da4ec85e0ea7a45c6b2a05820492d5a) C:\WINDOWS\system32\DRIVERS\pciide.sys
17:47:31.0265 0408 PCIIde - ok
17:47:31.0296 0408 Pcmcia (4fc31e6c19a5ce5198b1abff94cae758) C:\WINDOWS\system32\drivers\Pcmcia.sys
17:47:31.0406 0408 Pcmcia - ok
17:47:31.0437 0408 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\WINDOWS\system32\Drivers\pcouffin.sys
17:47:31.0468 0408 pcouffin ( UnsignedFile.Multi.Generic ) - warning
17:47:31.0468 0408 pcouffin - detected UnsignedFile.Multi.Generic (1)
17:47:31.0484 0408 PDCOMP - ok
17:47:31.0500 0408 PDFRAME - ok
17:47:31.0515 0408 PDRELI - ok
17:47:31.0531 0408 PDRFRAME - ok
17:47:31.0546 0408 perc2 - ok
17:47:31.0578 0408 perc2hib - ok
17:47:31.0640 0408 PlugPlay (9ef697af07bb8dd82c3b02ca953a95b7) C:\WINDOWS\system32\services.exe
17:47:31.0671 0408 PlugPlay - ok
17:47:31.0718 0408 PolicyAgent (ed0a176354487ceed65b80a7148ab739) C:\WINDOWS\system32\lsass.exe
17:47:31.0843 0408 PolicyAgent - ok
17:47:31.0906 0408 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
17:47:32.0015 0408 PptpMiniport - ok
17:47:32.0062 0408 ProtectedStorage (ed0a176354487ceed65b80a7148ab739) C:\WINDOWS\system32\lsass.exe
17:47:32.0187 0408 ProtectedStorage - ok
17:47:32.0250 0408 ProtexisLicensing (f115af58abe5605d7d709cbfbd83f418) C:\WINDOWS\system32\PSIService.exe
17:47:32.0265 0408 ProtexisLicensing - ok
17:47:32.0328 0408 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
17:47:32.0468 0408 PSched - ok
17:47:32.0468 0408 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
17:47:32.0609 0408 Ptilink - ok
17:47:32.0609 0408 ql1080 - ok
17:47:32.0640 0408 Ql10wnt - ok
17:47:32.0656 0408 ql12160 - ok
17:47:32.0671 0408 ql1240 - ok
17:47:32.0687 0408 ql1280 - ok
17:47:32.0703 0408 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
17:47:32.0828 0408 RasAcd - ok
17:47:32.0906 0408 RasAuto (2b5e44ea009f2f374b980e1e9a70635d) C:\WINDOWS\System32\rasauto.dll
17:47:33.0031 0408 RasAuto - ok
17:47:33.0062 0408 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
17:47:33.0187 0408 Rasl2tp - ok
17:47:33.0234 0408 RasMan (d57554c664b64604bd1ee13ea2c07e77) C:\WINDOWS\System32\rasmans.dll
17:47:33.0359 0408 RasMan - ok
17:47:33.0406 0408 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
17:47:33.0531 0408 RasPppoe - ok
17:47:33.0546 0408 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
17:47:33.0687 0408 Raspti - ok
17:47:33.0718 0408 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
17:47:33.0828 0408 Rdbss - ok
17:47:33.0843 0408 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
17:47:33.0984 0408 RDPCDD - ok
17:47:34.0015 0408 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
17:47:34.0031 0408 RDPWD - ok
17:47:34.0093 0408 RDSessMgr (c0d9d9711cb74ee9bc66353d8cbdab0e) C:\WINDOWS\system32\sessmgr.exe
17:47:34.0234 0408 RDSessMgr - ok
17:47:34.0250 0408 redbook (611bfd220305be3a85ae876ea47d4aa5) C:\WINDOWS\system32\DRIVERS\redbook.sys
17:47:34.0390 0408 redbook - ok
17:47:34.0421 0408 RemoteAccess (127c26b5371651043450e52542099aba) C:\WINDOWS\System32\mprdim.dll
17:47:34.0546 0408 RemoteAccess - ok
17:47:34.0578 0408 RpcLocator (718b3bdc0bc3c2f7d065a53d26202af9) C:\WINDOWS\system32\locator.exe
17:47:34.0687 0408 RpcLocator - ok
17:47:34.0750 0408 RpcSs (be27674d1cbc3214aec84b4336a38bbf) C:\WINDOWS\system32\rpcss.dll
17:47:34.0781 0408 RpcSs - ok
17:47:34.0828 0408 RSVP (09ab2e71e58b078038e3bfdba7ffc984) C:\WINDOWS\system32\rsvp.exe
17:47:34.0968 0408 RSVP - ok
17:47:35.0000 0408 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
17:47:35.0093 0408 rtl8139 - ok
17:47:35.0140 0408 SamSs (ed0a176354487ceed65b80a7148ab739) C:\WINDOWS\system32\lsass.exe
17:47:35.0265 0408 SamSs - ok
17:47:35.0312 0408 SBKUPNT (729248b54aff21e740054acebfdbcb1c) C:\WINDOWS\system32\Drivers\SBKUPNT.SYS
17:47:35.0328 0408 SBKUPNT ( UnsignedFile.Multi.Generic ) - warning
17:47:35.0328 0408 SBKUPNT - detected UnsignedFile.Multi.Generic (1)
17:47:35.0375 0408 SCardSvr (410046e401eb11e1e6749e9deea41d4a) C:\WINDOWS\System32\SCardSvr.exe
17:47:35.0515 0408 SCardSvr - ok
17:47:35.0562 0408 Schedule (3ff232a7731621b8902d81d42418c93c) C:\WINDOWS\system32\schedsvc.dll
17:47:35.0687 0408 Schedule - ok
17:47:35.0734 0408 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
17:47:35.0859 0408 Secdrv - ok
17:47:35.0890 0408 seclogon (477e2c3cc5e4a0d635bcb0ea8dcac3c6) C:\WINDOWS\System32\seclogon.dll
17:47:36.0031 0408 seclogon - ok
17:47:36.0046 0408 SENS (a530b75c10c23c9ab28fdb6ce719e21f) C:\WINDOWS\system32\sens.dll
17:47:36.0171 0408 SENS - ok
17:47:36.0218 0408 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
17:47:36.0328 0408 serenum - ok
17:47:36.0343 0408 Serial (b842729337c9b921615c40d3c1a1af96) C:\WINDOWS\system32\DRIVERS\serial.sys
17:47:36.0468 0408 Serial - ok
17:47:36.0515 0408 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
17:47:36.0625 0408 Sfloppy - ok
17:47:36.0671 0408 SharedAccess (f58faca9621d2db01bd0927d9a0a208e) C:\WINDOWS\System32\ipnathlp.dll
17:47:36.0812 0408 SharedAccess - ok
17:47:36.0859 0408 ShellHWDetection (ee9a2b9ea968a792a053c9d1a86bf870) C:\WINDOWS\System32\shsvcs.dll
17:47:36.0890 0408 ShellHWDetection - ok
17:47:36.0890 0408 Simbad - ok
17:47:36.0937 0408 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
17:47:37.0062 0408 SLIP - ok
17:47:37.0109 0408 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
17:47:37.0234 0408 SONYPVU1 - ok
17:47:37.0250 0408 Sparrow - ok
17:47:37.0312 0408 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
17:47:37.0437 0408 splitter - ok
17:47:37.0484 0408 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
17:47:37.0531 0408 Spooler - ok
17:47:37.0578 0408 sptd (d15da1ba189770d93eea2d7e18f95af9) C:\WINDOWS\system32\Drivers\sptd.sys
17:47:37.0578 0408 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: d15da1ba189770d93eea2d7e18f95af9
17:47:37.0578 0408 sptd ( LockedFile.Multi.Generic ) - warning
17:47:37.0578 0408 sptd - detected LockedFile.Multi.Generic (1)
17:47:37.0593 0408 sr (94610c8653635e4459316a0050d55ce7) C:\WINDOWS\system32\DRIVERS\sr.sys
17:47:37.0703 0408 sr - ok
17:47:37.0750 0408 srservice (35b91147124f64ac8081a2edb9ea4dee) C:\WINDOWS\system32\srsvc.dll
17:47:37.0875 0408 srservice - ok
17:47:37.0937 0408 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
17:47:37.0984 0408 Srv - ok
17:47:38.0015 0408 SSDPSRV (becd5271dc4e3b7c3d035f790fcbc1e5) C:\WINDOWS\System32\ssdpsrv.dll
17:47:38.0140 0408 SSDPSRV - ok
17:47:38.0171 0408 ss_bbus (eaa66218cd39f5bb1b4853a78c67c787) C:\WINDOWS\system32\DRIVERS\ss_bbus.sys
17:47:38.0187 0408 ss_bbus - ok
17:47:38.0234 0408 ss_bmdfl (91765f99914ed8693d8bc76524f21581) C:\WINDOWS\system32\DRIVERS\ss_bmdfl.sys
17:47:38.0250 0408 ss_bmdfl - ok
17:47:38.0265 0408 ss_bmdm (840e7b738b03c10ee91d9b7d3d6eff15) C:\WINDOWS\system32\DRIVERS\ss_bmdm.sys
17:47:38.0281 0408 ss_bmdm - ok
17:47:38.0343 0408 stisvc (c1cdd9275f6a115bb0ae1d55d8d27ba6) C:\WINDOWS\system32\wiaservc.dll
17:47:38.0500 0408 stisvc - ok
17:47:38.0515 0408 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
17:47:38.0640 0408 streamip - ok
17:47:38.0671 0408 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
17:47:38.0781 0408 swenum - ok
17:47:38.0812 0408 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
17:47:38.0953 0408 swmidi - ok
17:47:38.0968 0408 SwPrv - ok
17:47:39.0000 0408 symc810 - ok
17:47:39.0000 0408 symc8xx - ok
17:47:39.0015 0408 sym_hi - ok
17:47:39.0031 0408 sym_u3 - ok
17:47:39.0062 0408 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
17:47:39.0187 0408 sysaudio - ok
17:47:39.0218 0408 SysmonLog (ce06f01b88ace199a1bf460cac29c110) C:\WINDOWS\system32\smlogsvc.exe
17:47:39.0359 0408 SysmonLog - ok
17:47:39.0390 0408 TapiSrv (c2546cd7a398476f9df5614b2ae160e8) C:\WINDOWS\System32\tapisrv.dll
17:47:39.0578 0408 TapiSrv - ok
17:47:39.0625 0408 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
17:47:39.0656 0408 Tcpip - ok
17:47:39.0687 0408 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
17:47:39.0796 0408 TDPIPE - ok
17:47:39.0812 0408 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
17:47:39.0921 0408 TDTCP - ok
17:47:39.0953 0408 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
17:47:40.0078 0408 TermDD - ok
17:47:40.0093 0408 TermService (a75dd6fc3dbee4fff5ebc9f2c28bb66e) C:\WINDOWS\System32\termsrv.dll
17:47:40.0234 0408 TermService - ok
17:47:40.0281 0408 Themes (ee9a2b9ea968a792a053c9d1a86bf870) C:\WINDOWS\System32\shsvcs.dll
17:47:40.0312 0408 Themes - ok
17:47:40.0312 0408 TosIde - ok
17:47:40.0359 0408 TrkWks (38853304ccb938d30e0c4cde8d2c2a8a) C:\WINDOWS\system32\trkwks.dll
17:47:40.0484 0408 TrkWks - ok
17:47:40.0500 0408 TrueSight (1512d11c1e1e37a4ae2e2b62794f0d2e) c:\windows\system32\drivers\TrueSight.sys
17:47:40.0531 0408 TrueSight ( UnsignedFile.Multi.Generic ) - warning
17:47:40.0531 0408 TrueSight - detected UnsignedFile.Multi.Generic (1)
17:47:40.0578 0408 Tv2kXbar (a7fe6eac558842fec19d0a262208ac87) C:\WINDOWS\system32\drivers\wf2kxbar.sys
17:47:40.0640 0408 Tv2kXbar - ok
17:47:40.0671 0408 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
17:47:40.0812 0408 Udfs - ok
17:47:40.0890 0408 UleadBurningHelper (332d341d92b933600d41953b08360dfb) C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
17:47:40.0890 0408 UleadBurningHelper ( UnsignedFile.Multi.Generic ) - warning
17:47:40.0890 0408 UleadBurningHelper - detected UnsignedFile.Multi.Generic (1)
17:47:40.0906 0408 ultra - ok
17:47:40.0984 0408 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
17:47:41.0109 0408 Update - ok
17:47:41.0140 0408 upnphost (651bd90dcee5b7bdc74a2eb7c9266f9e) C:\WINDOWS\System32\upnphost.dll
17:47:41.0296 0408 upnphost - ok
17:47:41.0328 0408 UPS (20a0f6a11959e92908717d09e87d670d) C:\WINDOWS\System32\ups.exe
17:47:41.0453 0408 UPS - ok
17:47:41.0468 0408 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
17:47:41.0609 0408 usbccgp - ok
17:47:41.0640 0408 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
17:47:41.0765 0408 usbehci - ok
17:47:41.0796 0408 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
17:47:41.0937 0408 usbhub - ok
17:47:41.0953 0408 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
17:47:42.0078 0408 usbprint - ok
17:47:42.0109 0408 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
17:47:42.0234 0408 USBSTOR - ok
17:47:42.0265 0408 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
17:47:42.0390 0408 usbuhci - ok
17:47:42.0406 0408 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
17:47:42.0546 0408 VgaSave - ok
17:47:42.0546 0408 ViaIde - ok
17:47:42.0625 0408 Video3D (8643da4a6c83da6c10fcab1e5ab6632d) C:\WINDOWS\system32\Drivers\Video3D32.sys
17:47:42.0640 0408 Video3D ( UnsignedFile.Multi.Generic ) - warning
17:47:42.0640 0408 Video3D - detected UnsignedFile.Multi.Generic (1)
17:47:42.0671 0408 VolSnap (28a4b296b47782173c346e376cb374d1) C:\WINDOWS\system32\drivers\VolSnap.sys
17:47:42.0796 0408 VolSnap - ok
17:47:42.0843 0408 VSS (d6ba1a63d9e00933f1cd2a885573afb2) C:\WINDOWS\System32\vssvc.exe
17:47:42.0984 0408 VSS - ok
17:47:43.0000 0408 W32Time (fa4e1cdba256787f2149f4aad07bc91f) C:\WINDOWS\system32\w32time.dll
17:47:43.0156 0408 W32Time - ok
17:47:43.0203 0408 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
17:47:43.0343 0408 Wanarp - ok
17:47:43.0343 0408 WDICA - ok
17:47:43.0390 0408 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
17:47:43.0515 0408 wdmaud - ok
17:47:43.0562 0408 WebClient (47ae51048a82dfa1cd6b51d369f7e169) C:\WINDOWS\System32\webclnt.dll
17:47:43.0687 0408 WebClient - ok
17:47:43.0765 0408 winachsf (1225ebea76aac3c84df6c54fe5e5d8be) C:\WINDOWS\system32\DRIVERS\HSFCXTS2.sys
17:47:43.0890 0408 winachsf - ok
17:47:43.0937 0408 winmgmt (e488332126e3b1182d2b8a0c35408ec6) C:\WINDOWS\system32\wbem\WMIsvc.dll
17:47:44.0062 0408 winmgmt - ok
17:47:44.0109 0408 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
17:47:44.0140 0408 WmdmPmSN - ok
17:47:44.0171 0408 WmiApSrv (23f6f03272f7e5679f1f050aed5acee6) C:\WINDOWS\system32\wbem\wmiapsrv.exe
17:47:44.0312 0408 WmiApSrv - ok
17:47:44.0453 0408 WMPNetworkSvc (3739866d20abd42f26a7b85f9e2560af) C:\Program Files\Windows Media Player\WMPNetwk.exe
17:47:44.0546 0408 WMPNetworkSvc - ok
17:47:44.0656 0408 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
17:47:44.0687 0408 WpdUsb - ok
17:47:44.0843 0408 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
17:47:44.0921 0408 WPFFontCache_v0400 - ok
17:47:44.0968 0408 wscsvc (4c86d5faf78194995af9cc1075f65dd3) C:\WINDOWS\system32\wscsvc.dll
17:47:45.0140 0408 wscsvc - ok
17:47:45.0187 0408 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
17:47:45.0312 0408 WSTCODEC - ok
17:47:45.0343 0408 wuauserv (c1364564800ee9784192145324a23308) C:\WINDOWS\system32\wuauserv.dll
17:47:45.0500 0408 wuauserv - ok
17:47:45.0531 0408 WudfPf (50eb9e21963b4f06fd010d007d54351b) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
17:47:45.0609 0408 WudfPf - ok
17:47:45.0671 0408 WudfRd (6e209664bdea8a15b5e8e480d6c607c2) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
17:47:45.0703 0408 WudfRd - ok
17:47:45.0750 0408 WudfSvc (ae93084d2d236887ba56467ae42b4955) C:\WINDOWS\System32\WUDFSvc.dll
17:47:45.0781 0408 WudfSvc - ok
17:47:45.0843 0408 WZCSVC (a27d4ba7264c0bf52f32d10405bea1d4) C:\WINDOWS\System32\wzcsvc.dll
17:47:46.0000 0408 WZCSVC - ok
17:47:46.0062 0408 xmlprov (eaa4bb9edb3fb10cf8979fe65e63658f) C:\WINDOWS\System32\xmlprov.dll
17:47:46.0265 0408 xmlprov - ok
17:47:46.0296 0408 MBR (0x1B8) (413fc2a0c716421b3158746d63736515) \Device\Harddisk0\DR0
17:47:46.0500 0408 \Device\Harddisk0\DR0 - ok
17:47:46.0500 0408 Boot (0x1200) (493f2c4031f6df88048f13598f47d3c0) \Device\Harddisk0\DR0\Partition0
17:47:46.0515 0408 \Device\Harddisk0\DR0\Partition0 - ok
17:47:46.0515 0408 ============================================================
17:47:46.0515 0408 Scan finished
17:47:46.0515 0408 ============================================================
17:47:46.0625 3524 Detected object count: 14
17:47:46.0625 3524 Actual detected object count: 14
17:48:07.0828 3524 AFS2K ( UnsignedFile.Multi.Generic ) - skipped by user
17:48:07.0828 3524 AFS2K ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:48:07.0828 3524 asusgsb ( UnsignedFile.Multi.Generic ) - skipped by user
17:48:07.0828 3524 asusgsb ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:48:07.0828 3524 asuskbnt ( UnsignedFile.Multi.Generic ) - skipped by user
17:48:07.0828 3524 asuskbnt ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:48:07.0828 3524 ATKKeyboardService ( UnsignedFile.Multi.Generic ) - skipped by user
17:48:07.0828 3524 ATKKeyboardService ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:48:07.0843 3524 EIO ( UnsignedFile.Multi.Generic ) - skipped by user
17:48:07.0843 3524 EIO ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:48:07.0843 3524 FsUsbExDisk ( UnsignedFile.Multi.Generic ) - skipped by user
17:48:07.0843 3524 FsUsbExDisk ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:48:07.0843 3524 FsUsbExService ( UnsignedFile.Multi.Generic ) - skipped by user
17:48:07.0843 3524 FsUsbExService ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:48:07.0843 3524 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
17:48:07.0843 3524 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:48:07.0843 3524 pcouffin ( UnsignedFile.Multi.Generic ) - skipped by user
17:48:07.0843 3524 pcouffin ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:48:07.0843 3524 SBKUPNT ( UnsignedFile.Multi.Generic ) - skipped by user
17:48:07.0843 3524 SBKUPNT ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:48:07.0843 3524 sptd ( LockedFile.Multi.Generic ) - skipped by user
17:48:07.0843 3524 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
17:48:07.0859 3524 TrueSight ( UnsignedFile.Multi.Generic ) - skipped by user
17:48:07.0859 3524 TrueSight ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:48:07.0859 3524 UleadBurningHelper ( UnsignedFile.Multi.Generic ) - skipped by user
17:48:07.0859 3524 UleadBurningHelper ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:48:07.0859 3524 Video3D ( UnsignedFile.Multi.Generic ) - skipped by user
17:48:07.0859 3524 Video3D ( UnsignedFile.Multi.Generic ) - User select action: Skip

PROSIM CTETE DUKLADNE NAVOD - TATO UTILITA MA VELKOU SCHOPNOST MAZAT A JE NUTNE JI APLIKOVAT JEN NA DOPORUCENI, JINAK VAM MUZE JIT SYSTEM DO KYTEK
Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe

• Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.
• Pokud mate Win XP spustte pod uctem Spravce\Administratora
• Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
• Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
• Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
• Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
• Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
• Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte
• Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix

Tak nevim, nedokážu ten log najít, po skončení toho scanu se mi počítatč restartoval hned, co se objevilo že maže soubory. A teď v C žádný txt ComboFix soubor neni, nevím co s tím.

Neni ani ve slozce c:\combofix ci c:\qoobox

V C: mám složku Qooboy, ale žádnej log tam není právě, není tam txt. soubor

*qoobox

Prihlaste se tedy do NR (restart PC, mackat F8, zvolit Stav nouze s praci v siti)

Prejmenujte ComboFix na Beruska a spustte jej

Tak se povedlo

ComboFix 12-04-01.03 - Jana 02.04.2012 19:32:59.3.2 - x86 NETWORK
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.3327.3017 [GMT 2:00]
Spuštěný z: c:\documents and settings\Jana\Plocha\beruska.exe
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Jana\Cookies\hpothb07.dat
c:\documents and settings\Jana\Plocha\inoue joe-closer naruto opening
c:\documents and settings\Jana\WINDOWS
c:\windows\IsUn0405.exe
c:\windows\system32\CddbCdda.dll
c:\windows\system32\SETA2.tmp
c:\windows\system32\SETA6.tmp
c:\windows\system32\SETA7.tmp
c:\windows\system32\SETAE.tmp
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-03-02 do 2012-04-02 )))))))))))))))))))))))))))))))
.
.
2012-04-02 17:18 . 2012-04-02 17:19 -------- d-----w- c:\documents and settings\Administrator
2012-04-02 16:15 . 2012-04-02 16:16 -------- d-----w- C:\beruska
2012-04-02 15:35 . 2012-04-02 15:35 13824 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2012-04-02 15:01 . 2012-04-02 15:01 -------- d-----w- c:\program files\trend micro
2012-04-02 15:01 . 2012-04-02 15:02 -------- d-----w- C:\rsit
2012-04-02 14:23 . 2012-04-02 14:23 -------- d-----w- c:\program files\ESET
2012-04-01 09:27 . 2012-04-01 09:27 -------- d-sh--w- c:\documents and settings\Jana\PrivacIE
2012-04-01 09:24 . 2012-04-01 09:24 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2012-04-01 09:23 . 2012-04-01 09:23 -------- d-sh--w- c:\documents and settings\Jana\IETldCache
2012-04-01 09:18 . 2012-04-01 09:19 -------- dc-h--w- c:\windows\ie8
2012-04-01 09:11 . 2012-04-01 09:22 -------- d--h--w- c:\windows\msdownld.tmp
2012-04-01 09:08 . 2011-08-16 10:45 6144 -c----w- c:\windows\system32\dllcache\iecompat.dll
2012-04-01 09:08 . 2011-12-17 19:42 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2012-04-01 09:08 . 2011-12-17 19:42 602112 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2012-04-01 09:08 . 2011-12-17 19:42 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2012-04-01 09:08 . 2011-12-17 19:42 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2012-04-01 09:08 . 2011-12-17 19:42 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2012-04-01 09:08 . 2011-12-17 19:42 2000384 -c----w- c:\windows\system32\dllcache\iertutil.dll
2012-04-01 09:08 . 2011-12-18 12:42 11082240 -c----w- c:\windows\system32\dllcache\ieframe.dll
2012-03-29 19:18 . 2012-04-01 14:04 -------- d-----w- c:\program files\rajce
2012-03-17 19:56 . 2012-03-13 04:36 44472 ----a-w- c:\program files\Mozilla Firefox\mozglue.dll
2012-03-17 19:56 . 2012-03-13 04:36 592824 ----a-w- c:\program files\Mozilla Firefox\gkmedias.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-06 23:15 . 2010-10-29 07:47 41184 ----a-w- c:\windows\avastSS.scr
2012-03-06 23:15 . 2010-05-26 13:26 201352 ----a-w- c:\windows\system32\aswBoot.exe
2012-03-06 23:03 . 2011-04-30 18:30 612184 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-03-06 23:03 . 2010-05-26 13:26 337880 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-03-06 23:02 . 2010-05-26 13:26 35672 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-03-06 23:01 . 2010-05-26 13:26 53848 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-03-06 23:01 . 2010-05-26 13:26 95704 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2012-03-06 23:01 . 2010-05-26 13:26 89048 ----a-w- c:\windows\system32\drivers\aswmon.sys
2012-03-06 23:01 . 2010-05-26 13:26 20696 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-03-06 22:58 . 2010-05-26 13:26 24920 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2012-02-10 12:39 . 2008-01-26 11:15 82380 ----a-w- c:\windows\system32\drivers\AFS2K.SYS
2012-02-03 09:57 . 2004-08-18 14:00 1860096 ----a-w- c:\windows\system32\win32k.sys
2012-01-11 19:07 . 2012-02-16 07:44 3072 ------w- c:\windows\system32\iacenc.dll
2012-01-09 16:20 . 2008-01-22 00:28 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2012-03-13 04:38 . 2011-12-05 15:13 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3CF7606-E683-4375-A372-96B75DA0AEF7}]
2009-12-16 09:03 185344 ----a-w- c:\program files\Get Styles\enlbrdr.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-06 23:15 123536 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinFast Schedule"="c:\program files\WinFast\WFDTV\WFWIZ.exe" [2008-06-20 2887680]
"AutoStartNPSAgent"="c:\program files\Samsung\Samsung New PC Studio\NPSAgent.exe" [2009-04-02 102400]
"Olympus ib"="c:\program files\Olympus\ib\olycamdetect.exe" [2010-02-04 93376]
"ICQ"="c:\program files\ICQ7.5\ICQ.exe" [2011-08-01 124480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-03-21 16126464]
"PCSuiteTrayApplication"="c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-06-18 271360]
"WinFastDTV"="c:\program files\WinFast\WFDTV\DTVSchdl.exe" [2008-06-20 90112]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]
"MDS_Menu"="c:\program files\Olympus\ib\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-05-21 13895272]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2011-05-21 111208]
"Corel Photo Downloader"="c:\program files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" [2007-12-14 531784]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 1241088]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Orbit.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Orbit.lnk
backup=c:\windows\pss\Orbit.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-02-27 15:10 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel File Shell Monitor]
2008-01-15 13:18 16200 ----a-r- c:\program files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel Photo Downloader]
2007-12-14 11:35 531784 ----a-r- c:\program files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 03:22 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-03-13 09:07 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Ubisoft\\Crytek\\Far Cry\\Bin32\\FarCry.exe"=
"c:\\Program Files\\Return to Castle Wolfenstein\\WolfMP.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Samsung\\Samsung New PC Studio\\npsasvr.exe"=
"c:\\Program Files\\Samsung\\Samsung New PC Studio\\npsvsvr.exe"=
"c:\\Program Files\\ICQ7.5\\ICQ.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Updatus\\daemonu.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [23.8.2008 11:14 721904]
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\atl01_xp.sys [22.1.2008 2:56 38656]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [30.4.2011 20:30 612184]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [26.5.2010 15:26 337880]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [26.5.2010 15:26 20696]
S2 BT848;WinFast VC100 WDM Video Capture;c:\windows\system32\drivers\wf2kvcap.sys [23.6.2010 16:00 76325]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 14:16 130384]
S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [22.2.2011 2:43 233472]
S2 gupdate1c9ff5436103758;Služba Google Update (gupdate1c9ff5436103758);c:\program files\Google\Update\GoogleUpdate.exe [8.7.2009 0:42 133104]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [31.10.2011 18:51 2214504]
S2 SBKUPNT;SBKUPNT;c:\windows\system32\drivers\SBKUPNT.SYS [27.6.2009 16:46 14976]
S2 Tv2kXbar;WinFast VC100 WDM Crossbar;c:\windows\system32\drivers\wf2kXbar.sys [23.6.2010 16:00 10005]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [22.2.2011 2:43 36608]
S3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [8.7.2009 0:42 133104]
S3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [28.12.2009 14:41 47360]
S3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\drivers\ss_bbus.sys [22.2.2011 2:43 90112]
S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\drivers\ss_bmdfl.sys [22.2.2011 2:43 14976]
S3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\drivers\ss_bmdm.sys [22.2.2011 2:43 121856]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.3.2010 14:16 753504]
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - PARPORT
*NewlyCreated* - TV2KXBAR
.
Obsah adresáře 'Naplánované úlohy'
.
2012-03-30 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
2012-04-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-07 22:42]
.
2012-04-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-07 22:42]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=101699&gct=&gc=1&q=%s
IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files\ICQ7.5\ICQ.exe
TCP: DhcpNameServer = 213.46.172.36 213.46.172.37
FF - ProfilePath - c:\documents and settings\Jana\Data aplikací\Mozilla\Firefox\Profiles\ziyr5ioa.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1750559&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Seznam
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.4.7&q=
pref(dom.disable_open_during_load, false);
pref('extensions.shownSelectionUI',true);
pref('extensions.autoDisableScopes',0);
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
MSConfigStartUp-ICQ - c:\program files\ICQ7.4\ICQ.exe
MSConfigStartUp-IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
MSConfigStartUp-NBKeyScan - c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
MSConfigStartUp-NVIDIA driver monitor - c:\windows\nvsvc32.exe
AddRemove-KAO the Kangaroo - c:\windows\IsUn0405.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-04-02 19:39
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-1177238915-1563985344-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]
@Denied: (Full) (LocalSystem)
"{20D04FE0-3AEA-1069-A2D8-08002B30309D}"="c:\\WINDOWS\\System32\\shell32.dll,15"
"{992CFFA0-F557-101A-88EC-00DD010CCC48}"="c:\\WINDOWS\\system32\\SHELL32.dll,17"
"{208D2C60-3AEA-1069-A2D7-08002B30309D}"="c:\\WINDOWS\\system32\\SHELL32.dll,17"
"{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="c:\\WINDOWS\\system32\\shell32.dll,22"
"{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="c:\\WINDOWS\\system32\\shell32.dll,23"
"{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="c:\\WINDOWS\\system32\\shell32.dll,24"
"{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="c:\\WINDOWS\\system32\\shell32.dll,-175"
"{21EC2020-3AEA-1069-A2DD-08002B30309D}"="c:\\WINDOWS\\System32\\shell32.dll,-137"
"{2227A280-3AEA-1069-A2DE-08002B30309D}"="c:\\WINDOWS\\System32\\shell32.dll,-138"
"{D20EA4E1-3957-11d2-A40B-0C5020524152}"="c:\\WINDOWS\\system32\\shell32.dll,38"
"AudioCD"="c:\\WINDOWS\\System32\\shell32.dll,40"
"{FBF23B42-E3F0-101B-8488-00AA003E56F8}"="c:\\WINDOWS\\system32\\shell32.dll,220"
"{450D8FBA-AD25-11D0-98A8-0800361B1103}"="c:\\WINDOWS\\system32\\mydocs.dll,0"
"{D20EA4E1-3957-11d2-A40B-0C5020524153}"="c:\\WINDOWS\\system32\\main.cpl,10"
"{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="c:\\WINDOWS\\system32\\wiashext.dll,0"
"{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="c:\\WINDOWS\\system32\\mstask.dll,-100"
"{88C6C381-2E85-11D0-94DE-444553540000}"="c:\\WINDOWS\\System32\\occache.dll,0"
"{BDEADF00-C265-11d0-BCED-00A0C90AB50F}"="c:\\Program Files\\COMMON~1\\MICROS~1\\WEBFOL~1\\MSONSEXT.DLL,0"
"{FF393560-C2A7-11CF-BFF4-444553540000}"="c:\\WINDOWS\\System32\\shdocvw.dll,-20785"
"{F5175861-2688-11d0-9C5E-00AA00A45957}"="c:\\WINDOWS\\System32\\webcheck.dll,0"
"{85BBD920-42A0-1069-A2E4-08002B30309D}"="c:\\WINDOWS\\system32\\syncui.dll,0"
.
[HKEY_USERS\S-1-5-21-1177238915-1563985344-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{D6E3F0FA-13C4-318B-5FA1-B43B4BA72A9D}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"iakmbanleeenkjdkme"=hex:6a,61,6a,6e,62,6b,61,68,6f,6f,61,63,63,66,6c,62,68,6f,
61,61,00,f2
"haanhnghncmbodek"=hex:6a,61,6a,6e,62,6b,61,68,6f,6f,61,63,63,66,6c,62,68,6f,
61,61,00,f2
"gafnelaehpaabo"=hex:61,63,68,6e,6f,64,6d,6a,65,68,65,61,63,62,6c,6c,6b,61,69,
64,65,63,68,63,63,64,61,6c,65,6c,65,63,63,61,6b,70,68,65,64,6c,63,6f,65,6c,\
.
[HKEY_USERS\S-1-5-21-1177238915-1563985344-839522115-1004\Software\SecuROM\License information*]
"datasecu"=hex:83,3e,07,ce,4f,ce,a8,75,83,be,4c,6e,49,a4,6d,85,0d,d9,74,4c,86,
dd,97,5e,75,c9,b9,8a,f0,d1,13,2c,12,3d,84,21,68,8c,b7,36,55,23,64,2f,9e,58,\
"rkeysecu"=hex:e8,f9,38,99,cb,25,78,cc,9a,bb,e7,29,c3,c8,6f,c6
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(600)
c:\windows\system32\ac3filter.acm
.
Celkový čas: 2012-04-02 19:40:50
ComboFix-quarantined-files.txt 2012-04-02 17:40
.
Před spuštěním: Volných bajtů: 96 346 955 776
Po spuštění: Volných bajtů: 96 600 272 896
.
- - End Of File - - B647B24172D3E57600172C21842FC42D

Stahnete si instalacku Recovery Konzole odsud http://vyosek.ic.cz/pro_usery/rc.exe a ulozte ji primo na disk c:\ tak at neni v zadne slozce - je to nutne, pac na ni odkazuje skript

Pokud nemate, tak presunte Combofix na plochu

• Spustte poznamkovy blok (Start-spustit-notepad)
• Zkopirujte skript nize

• Kód: Vybrat vše

  KillAll::
  
  RecoveryConsole::
  c:\rc.exe
  
  Folder::
  c:\program files\Get Styles
  
  Registry::
  [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3CF7606-E683-4375-A372-96B75DA0AEF7}]
  [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "ICQ"=-
  [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
  [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel File Shell Monitor]
  [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel Photo Downloader]
  [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
  [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
  
  Driver::
  gupdatem
  gupdate1c9ff5436103758
  
  File::
  c:\windows\Tasks\AppleSoftwareUpdate.job
  c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
  c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
  
  DDS::
  uSearchURL,(Default) = hxxp://toolbar.ask.com/toolbarv/askRedi ... t=&gc=1&q=%s
  
  Firefox::
  FF - ProfilePath - c:\documents and settings\Jana\Data aplikací\Mozilla\Firefox\Profiles\ziyr5ioa.default\
  FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.as ... ource=3&q={searchTerms}
  FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_result ... r=1.4.7&q=
  pref(dom.disable_open_during_load, false);
  pref('extensions.shownSelectionUI',true);
  pref('extensions.autoDisableScopes',0);
  
  RegLock::
  [HKEY_USERS\S-1-5-21-1177238915-1563985344-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]
  
  RegNull::
  [HKEY_USERS\S-1-5-21-1177238915-1563985344-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{D6E3F0FA-13C4-318B-5FA1-B43B4BA72A9D}*]
  [HKEY_USERS\S-1-5-21-1177238915-1563985344-839522115-1004\Software\SecuROM\License information*]
  
  ClearJavaCache::
  
  AtJob::
  
  Reboot::
  

• Ulozte vytvoreny TXT jako CFScript.txt
• Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
  
• Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte

Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci

Ted nevím který log poslat..mám tady toho víc

ComboFix 12-04-01.03 - Jana 02.04.2012 20:55:12.3.2 - x86 NETWORK
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.3327.3022 [GMT 2:00]
Spuštěný z: C:\Documents and Settings\Jana\Plocha\beruska.exe
Použité ovládací přepínače :: C:\Documents and Settings\Jana\Plocha\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

FILE ::
"c:\windows\Tasks\AppleSoftwareUpdate.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"


((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))


C:\Documents and Settings\Jana\Plocha\inoue joe-closer naruto opening
C:\Program Files\AskSearch\bin\DefaultSearch.dll
c:\program files\Get Styles
c:\program files\Get Styles\ct.htm
c:\program files\Get Styles\enlbrdr.dll
c:\program files\Get Styles\hoticon.ico
c:\program files\Get Styles\Thumbs.db
c:\program files\Get Styles\tomapi.js
c:\program files\Get Styles\tommain.js
c:\program files\Get Styles\uninstall.exe
C:\WINDOWS\iun6002.exe
C:\WINDOWS\pkunzip.pif
C:\WINDOWS\pkzip.pif
C:\WINDOWS\system32\drivers\etc\hosts.ics
C:\WINDOWS\system32\win32.dll
c:\windows\Tasks\AppleSoftwareUpdate.job
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job


((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_GUPDATE1C9FF5436103758
-------\Service_gupdate1c9ff5436103758
-------\Service_gupdatem


((((((((((((((((((((((((( Soubory vytvořené od 2012-03-02 do 2012-04-02 )))))))))))))))))))))))))))))))


2012-04-02 18:21:12 . 2012-04-02 18:30:21 4631272 ----a-w- C:\rc.exe
2012-04-02 17:18:50 . 2012-04-02 17:19:15 -------- d-----w- C:\Documents and Settings\Administrator
2012-04-02 16:15:40 . 2012-04-02 16:16:30 -------- d-----w- C:\beruska
2012-04-02 15:35:02 . 2012-04-02 15:35:02 13824 ----a-w- C:\WINDOWS\system32\drivers\TrueSight.sys
2012-04-02 15:01:31 . 2012-04-02 15:01:55 -------- d-----w- C:\Program Files\trend micro
2012-04-02 15:01:26 . 2012-04-02 15:02:02 -------- d-----w- C:\rsit
2012-04-02 14:23:13 . 2012-04-02 14:23:13 -------- d-----w- C:\Program Files\ESET
2012-04-01 09:27:14 . 2012-04-01 09:27:21 -------- d-sh--w- C:\Documents and Settings\Jana\PrivacIE
2012-04-01 09:24:50 . 2012-04-01 09:24:50 -------- d-sh--w- C:\Documents and Settings\NetworkService\IETldCache
2012-04-01 09:23:53 . 2012-04-01 09:23:53 -------- d-sh--w- C:\Documents and Settings\Jana\IETldCache
2012-04-01 09:18:32 . 2012-04-01 09:19:46 -------- dc-h--w- C:\WINDOWS\ie8
2012-04-01 09:11:52 . 2012-04-01 09:22:36 -------- d--h--w- C:\WINDOWS\msdownld.tmp
2012-04-01 09:08:30 . 2011-08-16 10:45:39 6144 -c----w- C:\WINDOWS\system32\dllcache\iecompat.dll
2012-04-01 09:08:26 . 2011-12-17 19:42:08 55296 -c----w- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2012-04-01 09:08:25 . 2011-12-17 19:42:08 602112 -c----w- C:\WINDOWS\system32\dllcache\msfeeds.dll
2012-04-01 09:08:24 . 2011-12-17 19:42:08 247808 -c----w- C:\WINDOWS\system32\dllcache\ieproxy.dll
2012-04-01 09:08:24 . 2011-12-17 19:42:08 12800 -c----w- C:\WINDOWS\system32\dllcache\xpshims.dll
2012-04-01 09:08:24 . 2011-12-17 19:42:07 743424 -c----w- C:\WINDOWS\system32\dllcache\iedvtool.dll
2012-04-01 09:08:23 . 2011-12-17 19:42:08 2000384 -c----w- C:\WINDOWS\system32\dllcache\iertutil.dll
2012-04-01 09:08:22 . 2011-12-18 12:42:08 11082240 -c----w- C:\WINDOWS\system32\dllcache\ieframe.dll
2012-03-29 19:18:08 . 2012-04-01 14:04:32 -------- d-----w- C:\Program Files\rajce
2012-03-17 19:56:59 . 2012-03-13 04:36:50 44472 ----a-w- C:\Program Files\Mozilla Firefox\mozglue.dll
2012-03-17 19:56:59 . 2012-03-13 04:36:44 592824 ----a-w- C:\Program Files\Mozilla Firefox\gkmedias.dll
.


(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))

2012-03-06 23:15:19 . 2010-10-29 07:47:11 41184 ----a-w- C:\WINDOWS\avastSS.scr
2012-03-06 23:15:14 . 2010-05-26 13:26:00 201352 ----a-w- C:\WINDOWS\system32\aswBoot.exe
2012-03-06 23:03:51 . 2011-04-30 18:30:59 612184 ----a-w- C:\WINDOWS\system32\drivers\aswSnx.sys
2012-03-06 23:03:38 . 2010-05-26 13:26:14 337880 ----a-w- C:\WINDOWS\system32\drivers\aswSP.sys
2012-03-06 23:02:00 . 2010-05-26 13:26:13 35672 ----a-w- C:\WINDOWS\system32\drivers\aswRdr.sys
2012-03-06 23:01:53 . 2010-05-26 13:26:13 53848 ----a-w- C:\WINDOWS\system32\drivers\aswTdi.sys
2012-03-06 23:01:39 . 2010-05-26 13:26:11 95704 ----a-w- C:\WINDOWS\system32\drivers\aswmon2.sys
2012-03-06 23:01:35 . 2010-05-26 13:26:11 89048 ----a-w- C:\WINDOWS\system32\drivers\aswmon.sys
2012-03-06 23:01:30 . 2010-05-26 13:26:15 20696 ----a-w- C:\WINDOWS\system32\drivers\aswFsBlk.sys
2012-03-06 22:58:29 . 2010-05-26 13:26:11 24920 ----a-w- C:\WINDOWS\system32\drivers\aavmker4.sys
2012-02-10 12:39:53 . 2008-01-26 11:15:38 82380 ----a-w- C:\WINDOWS\system32\drivers\AFS2K.SYS
2012-02-03 09:57:39 . 2004-08-18 14:00:00 1860096 ----a-w- C:\WINDOWS\system32\win32k.sys
2012-01-11 19:07:11 . 2012-02-16 07:44:27 3072 ------w- C:\WINDOWS\system32\iacenc.dll
2012-01-09 16:20:19 . 2008-01-22 00:28:18 139784 ----a-w- C:\WINDOWS\system32\drivers\rdpwd.sys
2009-05-01 21:02:48 . 2009-05-01 21:02:48 1044480 ----a-w- C:\Program Files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02:48 . 2009-05-01 21:02:48 200704 ----a-w- C:\Program Files\mozilla firefox\plugins\ssldivx.dll
2012-03-13 04:38:06 . 2011-12-05 15:13:46 97208 ----a-w- C:\Program Files\mozilla firefox\components\browsercomps.dll


(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))


*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-06 23:15:06 123536 ----a-w- C:\Program Files\Alwil Software\Avast5\ashShell.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinFast Schedule"="C:\Program Files\WinFast\WFDTV\WFWIZ.exe" [2008-06-20 13:58:38 2887680]
"AutoStartNPSAgent"="C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe" [2009-04-02 17:05:22 102400]
"Olympus ib"="C:\Program Files\Olympus\ib\olycamdetect.exe" [2010-02-04 20:47:34 93376]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-03-21 06:49:20 16126464]
"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-06-18 14:10:32 271360]
"WinFastDTV"="C:\Program Files\WinFast\WFDTV\DTVSchdl.exe" [2008-06-20 13:49:54 90112]
"ArcSoft Connection Service"="C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 18:17:52 207424]
"MDS_Menu"="C:\Program Files\Olympus\ib\MUITransfer\MUIStartMenu.exe" [2009-05-19 20:16:16 222504]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2011-05-21 05:01:00 13895272]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2011-05-21 05:01:00 111208]
"Corel Photo Downloader"="C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" [2007-12-14 11:35:34 531784]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 03:22:17 15360]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 09:17:04 1241088]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Orbit.lnk]
path=C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Orbit.lnk
backup=C:\WINDOWS\pss\Orbit.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
C:\Program Files\ICQ7.4\ICQ.exe [BU]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe [BU]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [BU]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVIDIA driver monitor]
C:\WINDOWS\nvsvc32.exe [BU]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Ubisoft\\Crytek\\Far Cry\\Bin32\\FarCry.exe"=
"C:\\Program Files\\Return to Castle Wolfenstein\\WolfMP.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\ICQ6.5\\ICQ.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"C:\\Program Files\\Samsung\\Samsung New PC Studio\\npsasvr.exe"=
"C:\\Program Files\\Samsung\\Samsung New PC Studio\\npsvsvr.exe"=
"C:\\Program Files\\ICQ7.5\\ICQ.exe"=
"C:\\Program Files\\NVIDIA Corporation\\NVIDIA Updatus\\daemonu.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 sptd;sptd;C:\WINDOWS\system32\drivers\sptd.sys [23.8.2008 11:14:12 721904]
R1 aswSnx;aswSnx;C:\WINDOWS\system32\drivers\aswSnx.sys [30.4.2011 20:30:59 612184]
R1 aswSP;aswSP;C:\WINDOWS\system32\drivers\aswSP.sys [26.5.2010 15:26:14 337880]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\drivers\aswFsBlk.sys [26.5.2010 15:26:15 20696]
R2 BT848;WinFast VC100 WDM Video Capture;C:\WINDOWS\system32\drivers\wf2kvcap.sys [23.6.2010 16:00:24 76325]
R2 FsUsbExService;FsUsbExService;C:\WINDOWS\system32\FsUsbExService.Exe [22.2.2011 2:43:41 233472]
R2 SBKUPNT;SBKUPNT;C:\WINDOWS\system32\drivers\SBKUPNT.SYS [27.6.2009 16:46:21 14976]
R2 Tv2kXbar;WinFast VC100 WDM Crossbar;C:\WINDOWS\system32\drivers\wf2kXbar.sys [23.6.2010 16:00:48 10005]
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;C:\WINDOWS\system32\drivers\atl01_xp.sys [22.1.2008 2:56:07 38656]
R3 FsUsbExDisk;FsUsbExDisk;C:\WINDOWS\system32\FsUsbExDisk.Sys [22.2.2011 2:43:41 36608]
R3 pcouffin;VSO Software pcouffin;C:\WINDOWS\system32\drivers\pcouffin.sys [28.12.2009 14:41:44 47360]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 14:16:28 130384]
S2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [31.10.2011 18:51:01 2214504]
S3 ss_bbus;SAMSUNG USB Mobile Device (WDM);C:\WINDOWS\system32\drivers\ss_bbus.sys [22.2.2011 2:43:51 90112]
S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);C:\WINDOWS\system32\drivers\ss_bmdfl.sys [22.2.2011 2:43:51 14976]
S3 ss_bmdm;SAMSUNG USB Mobile Modem;C:\WINDOWS\system32\drivers\ss_bmdm.sys [22.2.2011 2:43:51 121856]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.3.2010 14:16:28 753504]

--- Ostatní služby/ovladače v paměti ---

*NewlyCreated* - FSUSBEXDISK


------- Doplňkový sken -------

uStart Page = hxxp://www.seznam.cz/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=101699&gct=&gc=1&q=%s
IE: &Download by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll/202
IE: E&xportovat do aplikace Microsoft Excel - C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe
TCP: DhcpNameServer = 213.46.172.36 213.46.172.37
FF - ProfilePath - C:\Documents and Settings\Jana\Data aplikací\Mozilla\Firefox\Profiles\ziyr5ioa.default\
FF - prefs.js: browser.search.selectedEngine - Seznam
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
pref(dom.disable_open_during_load, false);
pref('extensions.shownSelectionUI',true);
pref('extensions.autoDisableScopes',0);

- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

AddRemove-Get Styles - C:\Program Files\Get Styles\uninstall.exe

Poté tu mám soubory jako

ComboFix-quarantined-files nebo Add-Remove programs

Nevím, jestli je to k něčemu potřeba.