VIRY.CZ

Dobrý den,
nedávno jsem odstraňoval "policejní virus", ale asi někde něco zůstalo neb se dnes objevil znovu. Počítač jsem projel esetem, adw, ccleaner, mwav ... Prosím o kontrolu přiloženého logu.

Ještě si dovolím podělit se o drobnou radu. V případě vyskočení známé obrazovky "policejního viru", ho lze poměrně snadno "stopnout". Stačí k tomu 2 párátka nebo třeba sirky. Těmi zafixujeme "Ctrl" a "Alt". Nyní máme obě ruce volné pro mačkání "Del" a používání myši. Pak už můžeme s trochou trpělivosti operovat v Taksmanageru a povypínat patřičné procesy

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 01-12-2013
Ran by Jaryn (administrator) on JARYN on 02-12-2013 11:02:13
Running from C:\Program Files\Opera\profile\temporary_downloads
Systém Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: Czech
Internet Explorer Version 8
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe
() C:\Program Files\Samsung\USB Drivers\26_VIA_driver2\x86\VIAService.exe
(Microsoft Corporation) C:\WINDOWS\system32\cisvc.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\ekrn.exe
(Teruten) C:\WINDOWS\system32\FsUsbExService.Exe
(Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
(HP) C:\WINDOWS\system32\HPZipm12.exe
(Microsoft Corporation) C:\WINDOWS\system32\cidaemon.exe
(Microsoft Corporation) C:\WINDOWS\system32\cidaemon.exe
(Opera Software) C:\Program Files\Opera\opera.exe
(C. Ghisler & Co.) C:\totalcmd\TOTALCMD.EXE

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [egui] - C:\Program Files\ESET\ESET Smart Security\egui.exe [5110672 2013-09-12] (ESET)
Winlogon\Notify\AtiExtEvent: C:\Windows\system32\Ati2evxx.dll (ATI Technologies Inc.)
HKLM\...\Policies\Explorer: [TaskbarNoNotification] 1
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKCU\...\Policies\Explorer: [TaskbarNoNotification] 1
HKCU\...\Policies\Explorer: [HideSCAHealth] 1
HKU\Default User\...\RunOnce: [_nltide_2] - regsvr32 /s /n /i:U shell32
HKU\x\...\Run: [CTFMON.EXE] - C:\WINDOWS.0\system32\ctfmon.exe

==================== Internet (Whitelisted) ====================

SearchScopes: HKLM - DefaultScope value is missing.
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
Hosts: 127.0.0.1 localhost
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

========================== Services (Whitelisted) =================

R2 CDMA Device Service; C:\Program Files\Samsung\USB Drivers\26_VIA_driver2\x86\VIAService.exe [63488 2011-08-02] ()
R2 ekrn; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [1337752 2013-09-12] (ESET)
S4 IISADMIN; C:\WINDOWS\system32\inetsrv\inetinfo.exe [15872 2008-04-14] (Microsoft Corporation)
S4 W3SVC; C:\Windows\system32\inetsrv\inetinfo.exe [15872 2008-04-14] (Microsoft Corporation)
S4 JavaQuickStarterService; "C:\Program Files\Java\jre7\bin\jqs.exe" -service -config "C:\Program Files\Java\jre7\lib\deploy\jqs\jqs.conf"

==================== Drivers (Whitelisted) ====================

S3 61883; C:\Windows\System32\DRIVERS\61883.sys [48128 2008-04-13] (Microsoft Corporation)
S3 CCDECODE; C:\Windows\System32\DRIVERS\CCDECODE.sys [16384 2004-07-09] (Microsoft Corporation)
R1 eamon; C:\Windows\System32\DRIVERS\eamon.sys [184664 2013-09-17] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [134248 2013-09-17] (ESET)
R2 epfw; C:\Windows\System32\DRIVERS\epfw.sys [174400 2013-09-17] (ESET)
R3 Epfwndis; C:\Windows\System32\DRIVERS\Epfwndis.sys [38952 2013-09-17] (ESET)
R1 epfwtdi; C:\Windows\System32\DRIVERS\epfwtdi.sys [61600 2013-09-17] (ESET)
R3 FsUsbExDisk; C:\WINDOWS\system32\FsUsbExDisk.SYS [36608 2010-06-14] ()
S3 HPZid412; C:\Windows\System32\DRIVERS\HPZid412.sys [49664 2005-10-28] (HP)
S3 HPZipr12; C:\Windows\System32\DRIVERS\HPZipr12.sys [16496 2005-10-28] (HP)
S3 HPZius12; C:\Windows\System32\DRIVERS\HPZius12.sys [21568 2005-10-28] (HP)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [5810 2006-02-26] ()
R0 mv61xx; C:\Windows\System32\DRIVERS\mv61xx.sys [151592 2008-08-28] (Marvell Semiconductor, Inc.)
S3 NdisIP; C:\Windows\System32\DRIVERS\NdisIP.sys [10112 2004-07-09] (Microsoft Corporation)
R3 SenFiltService; C:\Windows\System32\drivers\Senfilt.sys [1366144 2009-08-21] (Creative Technology Ltd.)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [717296 2011-10-24] ()
S3 trufos; C:\Windows\System32\drivers\trufos.sys [343456 2013-11-18] (BitDefender S.R.L.)
S3 w800bus; C:\Windows\System32\DRIVERS\w800bus.sys [52384 2005-05-24] (MCCI)
S3 w800mdfl; C:\Windows\System32\DRIVERS\w800mdfl.sys [6096 2005-05-24] (MCCI)
S3 w800mdm; C:\Windows\System32\DRIVERS\w800mdm.sys [87424 2005-05-24] (MCCI)
S3 w800mgmt; C:\Windows\System32\DRIVERS\w800mgmt.sys [79216 2005-05-24] (MCCI)
S3 w800obex; C:\Windows\System32\DRIVERS\w800obex.sys [77040 2005-05-24] (MCCI)
S3 wceusbsh; C:\Windows\System32\DRIVERS\wceusbsh.sys [28672 2006-11-06] (Microsoft Corporation)
R3 yukonwxp; C:\Windows\System32\DRIVERS\yk51x86.sys [296448 2008-12-09] (Marvell)
U3 a0i9uwwj; C:\Windows\System32\Drivers\a0i9uwwj.sys [0 ] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-12-02 11:01 - 2013-12-02 11:01 - 00000000 ____D C:\FRST
2013-12-02 10:33 - 2013-12-02 10:46 - 00002279 _____ C:\WINDOWS\WindowsUpdate.log
2013-12-02 10:21 - 2013-12-02 10:43 - 00000159 _____ C:\WINDOWS\wiadebug.log
2013-12-02 10:21 - 2013-12-02 10:43 - 00000051 _____ C:\WINDOWS\wiaservc.log
2013-12-02 10:21 - 2013-12-02 10:21 - 00000000 ____N C:\WINDOWS\Sti_Trace.log
2013-12-02 09:44 - 2013-12-02 09:44 - 00002576 _____ C:\Documents and Settings\Jaryn\Dokumenty\cc_20131202_094400.reg
2013-12-02 09:34 - 2013-12-02 09:35 - 06087819 _____ C:\WINDOWS\REGBK00.ZIP
2013-12-02 09:32 - 2013-12-02 09:32 - 00000000 ____D C:\WINDOWS\VDLL.DLL
2013-12-02 09:32 - 2013-12-02 09:32 - 00000000 ____D C:\WINDOWS\system32\runouce.exe
2013-12-02 09:32 - 2013-12-02 09:32 - 00000000 ____D C:\WINDOWS\RUNDL132.EXE
2013-12-02 09:32 - 2013-12-02 09:32 - 00000000 ____D C:\WINDOWS\logo_1.exe
2013-12-02 09:20 - 2013-12-02 10:17 - 00000054 _____ C:\WINDOWS\Lic.xxx
2013-12-02 09:19 - 2013-12-02 09:19 - 00632064 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcr80.dll
2013-12-02 09:19 - 2013-12-02 09:19 - 00554240 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcp80.dll
2013-12-02 09:19 - 2013-12-02 09:19 - 00034048 _____ (MicroWorld Technologies Inc.) C:\WINDOWS\system32\eEmpty.exe
2013-12-02 09:19 - 2013-12-02 09:19 - 00000759 _____ C:\Documents and Settings\Jaryn\Plocha\MWAVSCAN.lnk
2013-12-02 09:19 - 2013-12-02 09:19 - 00000000 ____D C:\Program Files\Common Files\MicroWorld
2013-12-02 09:19 - 2013-12-02 09:19 - 00000000 ____D C:\Documents and Settings\All Users\Data aplikací\MicroWorld
2013-12-02 09:19 - 2008-04-14 07:52 - 00147968 _____ (Microsoft Corporation) C:\WINDOWS\REGEDIT.COM
2013-12-02 09:19 - 2008-04-14 07:52 - 00147968 _____ (Microsoft Corporation) C:\WINDOWS\R.COM
2013-12-02 09:19 - 2008-04-14 07:52 - 00137216 _____ (Microsoft Corporation) C:\WINDOWS\system32\TASKMGR.COM
2013-12-02 09:19 - 2008-04-14 07:52 - 00137216 _____ (Microsoft Corporation) C:\WINDOWS\system32\T.COM
2013-12-02 09:13 - 2013-12-02 10:33 - 00000000 ____D C:\AdwCleaner
2013-12-02 09:09 - 2013-12-02 09:09 - 00034444 _____ C:\Documents and Settings\Jaryn\Plocha\gmer.log
2013-12-02 08:54 - 2013-12-02 08:54 - 00001046 _____ C:\Documents and Settings\Jaryn\Dokumenty\cc_20131202_085439.reg
2013-12-02 07:45 - 2013-12-02 07:45 - 00000414 _____ C:\Documents and Settings\Jaryn\Dokumenty\cc_20131202_074545.reg
2013-12-02 07:34 - 2013-12-02 07:34 - 00005630 _____ C:\Documents and Settings\Jaryn\Plocha\RKreport[0]_S_12022013_073406.txt
2013-12-02 07:34 - 2013-12-02 07:34 - 00005470 _____ C:\Documents and Settings\Jaryn\Plocha\RKreport[0]_D_12022013_073413.txt
2013-12-02 07:33 - 2013-12-02 07:33 - 00001463 _____ C:\Documents and Settings\Jaryn\Plocha\RKreport[0]_SC_12022013_073300.txt
2013-12-02 07:32 - 2013-12-02 07:32 - 00001463 _____ C:\Documents and Settings\Jaryn\Plocha\RKreport[0]_SC_12022013_073254.txt
2013-12-02 07:32 - 2013-12-02 07:32 - 00000975 _____ C:\Documents and Settings\Jaryn\Plocha\RKreport[0]_H_12022013_073201.txt
2013-12-02 07:32 - 2013-12-02 07:32 - 00000856 _____ C:\Documents and Settings\Jaryn\Plocha\RKreport[0]_PR_12022013_073234.txt
2013-12-02 07:32 - 2013-12-02 07:32 - 00000811 _____ C:\Documents and Settings\Jaryn\Plocha\RKreport[0]_DN_12022013_073238.txt
2013-12-02 07:31 - 2013-12-02 07:31 - 00009602 _____ C:\Documents and Settings\Jaryn\Plocha\RKreport[0]_D_12022013_073130.txt
2013-12-02 07:30 - 2013-12-02 07:30 - 00006881 _____ C:\Documents and Settings\Jaryn\Plocha\RKreport[0]_S_12022013_073057.txt
2013-11-30 09:47 - 2013-11-30 09:47 - 00001286 _____ C:\Documents and Settings\Jaryn\Dokumenty\cc_20131130_094705.reg
2013-11-30 09:30 - 2013-12-02 06:53 - 00000000 ____D C:\Documents and Settings\All Users\Data aplikací\dXDvr333
2013-11-19 17:42 - 2013-11-19 17:42 - 00000000 ____D C:\Documents and Settings\All Users\Nabídka Start\Programy\MyPhoneExplorer
2013-11-19 15:10 - 2013-11-19 15:10 - 00001769 _____ C:\WINDOWS\Language_trs.ini
2013-11-19 15:10 - 2013-11-19 15:10 - 00000000 ____D C:\Intel
2013-11-19 15:10 - 2013-11-19 15:10 - 00000000 ____D C:\Documents and Settings\Jaryn\Data aplikací\InstallShield
2013-11-19 14:21 - 2013-11-19 14:21 - 00000000 ___RD C:\WINDOWS\AsDmiHtm
2013-11-19 13:24 - 2013-11-19 13:24 - 98989148 _____ C:\Documents and Settings\Jaryn\Dokumenty\BackupRegistry(20131119).reg
2013-11-19 13:20 - 2013-11-19 13:20 - 00001452 _____ C:\Documents and Settings\Jaryn\Dokumenty\cc_20131119_132014.reg
2013-11-19 13:10 - 2013-11-19 13:10 - 00000512 _____ C:\Documents and Settings\Jaryn\Dokumenty\cc_20131119_131033.reg
2013-11-19 11:19 - 2013-11-19 11:19 - 00089119 _____ C:\Documents and Settings\Jaryn\Plocha\cpuz
2013-11-19 11:19 - 2013-11-19 11:19 - 00089119 _____ C:\Documents and Settings\Jaryn\Dokumenty\cpuz
2013-11-19 11:18 - 2013-11-19 11:18 - 00000000 ____D C:\Program Files\CPUID
2013-11-19 07:12 - 2013-11-19 07:12 - 00000000 ____D C:\WINDOWS\system32\xircom
2013-11-19 07:12 - 2013-11-19 07:12 - 00000000 ____D C:\Program Files\xerox
2013-11-19 07:12 - 2013-11-19 07:12 - 00000000 ____D C:\Program Files\microsoft frontpage
2013-11-19 00:18 - 2013-11-19 00:18 - 00012612 _____ C:\Documents and Settings\Jaryn\Plocha\MWAV.LOG
2013-11-18 21:24 - 2013-11-18 21:24 - 00655872 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcr90.dll
2013-11-18 21:24 - 2013-11-18 21:24 - 00572928 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcp90.dll
2013-11-18 21:24 - 2013-11-18 21:24 - 00343456 _____ (BitDefender S.R.L.) C:\WINDOWS\system32\Drivers\trufos.sys
2013-11-18 21:05 - 2013-11-18 21:05 - 00000618 _____ C:\Documents and Settings\Jaryn\Dokumenty\cc_20131118_210459.reg
2013-11-18 19:42 - 2009-04-01 12:28 - 00093184 ____R (ATI Research Inc.) C:\WINDOWS\system32\Drivers\AtiHdmi.sys
2013-11-18 19:26 - 2013-11-19 14:21 - 00013269 _____ C:\WINDOWS\Ascd_tmp.ini
2013-11-18 19:26 - 2013-11-19 14:21 - 00000000 _____ C:\WINDOWS\AS_Debug.txt
2013-11-18 19:26 - 2006-10-11 04:33 - 00010288 _____ C:\WINDOWS\system32\Drivers\ASUSHWIO.SYS
2013-11-16 05:31 - 2013-11-16 05:31 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2900986$
2013-11-16 05:31 - 2013-11-16 05:31 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2876331$
2013-11-16 05:31 - 2013-11-16 05:31 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2868626$
2013-11-16 05:31 - 2013-11-16 05:31 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2862152$
2013-11-10 17:35 - 2013-11-10 17:35 - 00005630 _____ C:\Documents and Settings\Jaryn\Dokumenty\cc_20131110_173533.reg
2013-11-09 16:40 - 2013-12-02 09:11 - 00029696 _____ C:\Documents and Settings\Jaryn\Local Settings\Data aplikací\MSGBOX.EXE
2013-11-09 16:16 - 2013-11-09 16:16 - 00000000 ____D C:\WINDOWS\ERUNT
2013-11-09 15:58 - 2013-11-09 15:58 - 00000000 ____H C:\WINDOWS\system32\config\system.rctemp.LOG
2013-11-09 15:58 - 2013-11-09 15:58 - 00000000 ____H C:\WINDOWS\system32\config\software.rctemp.LOG
2013-11-09 15:58 - 2013-11-09 15:58 - 00000000 ____H C:\WINDOWS\system32\config\SECURITY.rctemp.LOG
2013-11-09 15:58 - 2013-11-09 15:58 - 00000000 ____H C:\WINDOWS\system32\config\SAM.rctemp.LOG
2013-11-09 15:58 - 2013-11-09 15:58 - 00000000 ____H C:\WINDOWS\system32\config\default.rctemp.LOG
2013-11-09 15:56 - 2013-11-09 15:56 - 98372722 _____ C:\Documents and Settings\Jaryn\Dokumenty\BackupRegistry(20131109).reg
2013-11-09 15:31 - 2013-11-09 15:31 - 00001930 _____ C:\Documents and Settings\Jaryn\Plocha\1-Click Cleaner.lnk
2013-11-09 15:31 - 2013-11-09 15:31 - 00001927 _____ C:\Documents and Settings\Jaryn\Plocha\WinXP Manager.lnk
2013-11-09 15:31 - 2013-11-09 15:31 - 00000000 ____D C:\Program Files\Yamicsoft
2013-11-09 15:31 - 2013-11-09 15:31 - 00000000 ____D C:\Documents and Settings\Jaryn\Nabídka Start\Programy\WinXP Manager
2013-11-09 14:19 - 2013-11-09 14:19 - 00004024 _____ C:\Documents and Settings\Jaryn\Dokumenty\cc_20131109_141947.reg
2013-11-09 13:48 - 2013-11-09 13:48 - 00002100 _____ C:\Documents and Settings\Jaryn\.recently-used.xbel
2013-11-06 15:56 - 2013-11-06 15:56 - 00029618 _____ C:\Documents and Settings\Jaryn\Dokumenty\res_trojuh.zip
2013-11-06 15:56 - 2013-11-06 15:56 - 00000000 ____D C:\Documents and Settings\Jaryn\Dokumenty\res_trojuh
2013-11-04 12:21 - 2013-11-04 12:21 - 00000000 ____D C:\Documents and Settings\All Users\Nabídka Start\Programy\ImgBurn

==================== One Month Modified Files and Folders =======

2013-12-02 11:01 - 2013-12-02 11:01 - 00000000 ____D C:\FRST
2013-12-02 10:57 - 2011-01-18 22:19 - 00002266 _____ C:\WINDOWS\WINCMD.INI
2013-12-02 10:46 - 2013-12-02 10:33 - 00002279 _____ C:\WINDOWS\WindowsUpdate.log
2013-12-02 10:45 - 2011-01-18 21:48 - 00000000 ____D C:\WINDOWS\Registration
2013-12-02 10:45 - 2001-10-25 13:00 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl
2013-12-02 10:43 - 2013-12-02 10:21 - 00000159 _____ C:\WINDOWS\wiadebug.log
2013-12-02 10:43 - 2013-12-02 10:21 - 00000051 _____ C:\WINDOWS\wiaservc.log
2013-12-02 10:43 - 2011-01-18 21:53 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2013-12-02 10:40 - 2011-01-18 21:54 - 00000178 ___SH C:\Documents and Settings\Jaryn\ntuser.ini
2013-12-02 10:40 - 2011-01-18 21:53 - 00032412 _____ C:\WINDOWS\SchedLgU.Txt
2013-12-02 10:35 - 2011-01-18 22:41 - 00000000 ___RD C:\Documents and Settings\All Users\Nabídka Start\Programy
2013-12-02 10:35 - 2011-01-18 22:41 - 00000000 ____D C:\Documents and Settings\All Users\Plocha
2013-12-02 10:34 - 2011-01-18 22:38 - 00140440 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2013-12-02 10:33 - 2013-12-02 09:13 - 00000000 ____D C:\AdwCleaner
2013-12-02 10:33 - 2011-01-18 23:18 - 00065536 _____ C:\WINDOWS\system32\config\ACEEvent.evt
2013-12-02 10:33 - 2011-01-18 21:54 - 00000000 ____D C:\Documents and Settings\Jaryn
2013-12-02 10:33 - 2011-01-18 21:49 - 00065536 _____ C:\WINDOWS\system32\config\Internet.evt
2013-12-02 10:28 - 2011-01-18 21:54 - 00000000 ____D C:\Documents and Settings\Jaryn\Plocha
2013-12-02 10:27 - 2011-01-18 22:37 - 00000223 ___SH C:\boot.ini
2013-12-02 10:27 - 2001-10-25 13:00 - 00001165 _____ C:\WINDOWS\win.ini
2013-12-02 10:27 - 2001-10-25 13:00 - 00000227 _____ C:\WINDOWS\system.ini
2013-12-02 10:21 - 2013-12-02 10:21 - 00000000 ____N C:\WINDOWS\Sti_Trace.log
2013-12-02 10:21 - 2011-01-18 21:54 - 00000000 ___RD C:\Documents and Settings\Jaryn\Nabídka Start\Programy\Po spuštění
2013-12-02 10:17 - 2013-12-02 09:20 - 00000054 _____ C:\WINDOWS\Lic.xxx
2013-12-02 10:12 - 2011-02-04 12:36 - 00306654 ____H C:\TREEINFO.WC
2013-12-02 10:11 - 2011-01-18 21:54 - 00000000 ___HD C:\Documents and Settings\Jaryn\Local Settings\Data aplikací
2013-12-02 09:47 - 2011-01-18 22:39 - 00000000 __RHD C:\Documents and Settings\All Users\Data aplikací
2013-12-02 09:47 - 2011-01-18 21:54 - 00000000 ___RD C:\Documents and Settings\Jaryn\Data aplikací
2013-12-02 09:44 - 2013-12-02 09:44 - 00002576 _____ C:\Documents and Settings\Jaryn\Dokumenty\cc_20131202_094400.reg
2013-12-02 09:44 - 2011-01-18 21:54 - 00000000 ___RD C:\Documents and Settings\Jaryn\Dokumenty
2013-12-02 09:35 - 2013-12-02 09:34 - 06087819 _____ C:\WINDOWS\REGBK00.ZIP
2013-12-02 09:32 - 2013-12-02 09:32 - 00000000 ____D C:\WINDOWS\VDLL.DLL
2013-12-02 09:32 - 2013-12-02 09:32 - 00000000 ____D C:\WINDOWS\system32\runouce.exe
2013-12-02 09:32 - 2013-12-02 09:32 - 00000000 ____D C:\WINDOWS\RUNDL132.EXE
2013-12-02 09:32 - 2013-12-02 09:32 - 00000000 ____D C:\WINDOWS\logo_1.exe
2013-12-02 09:19 - 2013-12-02 09:19 - 00632064 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcr80.dll
2013-12-02 09:19 - 2013-12-02 09:19 - 00554240 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcp80.dll
2013-12-02 09:19 - 2013-12-02 09:19 - 00034048 _____ (MicroWorld Technologies Inc.) C:\WINDOWS\system32\eEmpty.exe
2013-12-02 09:19 - 2013-12-02 09:19 - 00000759 _____ C:\Documents and Settings\Jaryn\Plocha\MWAVSCAN.lnk
2013-12-02 09:19 - 2013-12-02 09:19 - 00000000 ____D C:\Program Files\Common Files\MicroWorld
2013-12-02 09:19 - 2013-12-02 09:19 - 00000000 ____D C:\Documents and Settings\All Users\Data aplikací\MicroWorld
2013-12-02 09:18 - 2011-01-18 21:49 - 00000000 ____D C:\WINDOWS\system32\Restore
2013-12-02 09:11 - 2013-11-09 16:40 - 00029696 _____ C:\Documents and Settings\Jaryn\Local Settings\Data aplikací\MSGBOX.EXE
2013-12-02 09:11 - 2011-01-18 22:22 - 00000000 ____D C:\Program Files\Opera
2013-12-02 09:09 - 2013-12-02 09:09 - 00034444 _____ C:\Documents and Settings\Jaryn\Plocha\gmer.log
2013-12-02 08:54 - 2013-12-02 08:54 - 00001046 _____ C:\Documents and Settings\Jaryn\Dokumenty\cc_20131202_085439.reg
2013-12-02 08:49 - 2013-09-17 08:20 - 00000000 ____D C:\Documents and Settings\Jaryn\Plocha\RK_Quarantine
2013-12-02 07:46 - 2013-10-31 10:54 - 00000715 _____ C:\Documents and Settings\All Users\Plocha\CCleaner.lnk
2013-12-02 07:46 - 2013-10-31 10:54 - 00000000 ____D C:\Program Files\CCleaner
2013-12-02 07:45 - 2013-12-02 07:45 - 00000414 _____ C:\Documents and Settings\Jaryn\Dokumenty\cc_20131202_074545.reg
2013-12-02 07:34 - 2013-12-02 07:34 - 00005630 _____ C:\Documents and Settings\Jaryn\Plocha\RKreport[0]_S_12022013_073406.txt
2013-12-02 07:34 - 2013-12-02 07:34 - 00005470 _____ C:\Documents and Settings\Jaryn\Plocha\RKreport[0]_D_12022013_073413.txt
2013-12-02 07:33 - 2013-12-02 07:33 - 00001463 _____ C:\Documents and Settings\Jaryn\Plocha\RKreport[0]_SC_12022013_073300.txt
2013-12-02 07:32 - 2013-12-02 07:32 - 00001463 _____ C:\Documents and Settings\Jaryn\Plocha\RKreport[0]_SC_12022013_073254.txt
2013-12-02 07:32 - 2013-12-02 07:32 - 00000975 _____ C:\Documents and Settings\Jaryn\Plocha\RKreport[0]_H_12022013_073201.txt
2013-12-02 07:32 - 2013-12-02 07:32 - 00000856 _____ C:\Documents and Settings\Jaryn\Plocha\RKreport[0]_PR_12022013_073234.txt
2013-12-02 07:32 - 2013-12-02 07:32 - 00000811 _____ C:\Documents and Settings\Jaryn\Plocha\RKreport[0]_DN_12022013_073238.txt
2013-12-02 07:31 - 2013-12-02 07:31 - 00009602 _____ C:\Documents and Settings\Jaryn\Plocha\RKreport[0]_D_12022013_073130.txt
2013-12-02 07:30 - 2013-12-02 07:30 - 00006881 _____ C:\Documents and Settings\Jaryn\Plocha\RKreport[0]_S_12022013_073057.txt
2013-12-02 06:53 - 2013-11-30 09:30 - 00000000 ____D C:\Documents and Settings\All Users\Data aplikací\dXDvr333
2013-11-30 17:30 - 2011-01-18 21:47 - 00000000 ____D C:\Inetpub
2013-11-30 09:47 - 2013-11-30 09:47 - 00001286 _____ C:\Documents and Settings\Jaryn\Dokumenty\cc_20131130_094705.reg
2013-11-30 09:30 - 2011-01-19 08:20 - 00000000 ____D C:\Program Files\Google
2013-11-30 09:30 - 2011-01-19 08:20 - 00000000 ____D C:\Documents and Settings\Jaryn\Local Settings\Data aplikací\Google
2013-11-19 17:42 - 2013-11-19 17:42 - 00000000 ____D C:\Documents and Settings\All Users\Nabídka Start\Programy\MyPhoneExplorer
2013-11-19 17:42 - 2011-09-05 15:38 - 00001777 _____ C:\Documents and Settings\All Users\Plocha\MyPhoneExplorer.lnk
2013-11-19 17:42 - 2011-09-05 15:38 - 00000000 ____D C:\Program Files\MyPhoneExplorer
2013-11-19 17:05 - 2011-01-18 23:18 - 00028680 ____C C:\Documents and Settings\Jaryn\Local Settings\Data aplikací\GDIPFONTCACHEV1.DAT
2013-11-19 15:10 - 2013-11-19 15:10 - 00001769 _____ C:\WINDOWS\Language_trs.ini
2013-11-19 15:10 - 2013-11-19 15:10 - 00000000 ____D C:\Intel
2013-11-19 15:10 - 2013-11-19 15:10 - 00000000 ____D C:\Documents and Settings\Jaryn\Data aplikací\InstallShield
2013-11-19 15:10 - 2011-01-18 22:03 - 00000000 ____D C:\Program Files\InstallShield Installation Information
2013-11-19 14:21 - 2013-11-19 14:21 - 00000000 ___RD C:\WINDOWS\AsDmiHtm
2013-11-19 14:21 - 2013-11-18 19:26 - 00013269 _____ C:\WINDOWS\Ascd_tmp.ini
2013-11-19 14:21 - 2013-11-18 19:26 - 00000000 _____ C:\WINDOWS\AS_Debug.txt
2013-11-19 13:24 - 2013-11-19 13:24 - 98989148 _____ C:\Documents and Settings\Jaryn\Dokumenty\BackupRegistry(20131119).reg
2013-11-19 13:20 - 2013-11-19 13:20 - 00001452 _____ C:\Documents and Settings\Jaryn\Dokumenty\cc_20131119_132014.reg
2013-11-19 13:10 - 2013-11-19 13:10 - 00000512 _____ C:\Documents and Settings\Jaryn\Dokumenty\cc_20131119_131033.reg
2013-11-19 13:08 - 2011-01-18 21:51 - 00001507 _____ C:\Documents and Settings\All Users\Nabídka Start\Windows Update.lnk
2013-11-19 11:19 - 2013-11-19 11:19 - 00089119 _____ C:\Documents and Settings\Jaryn\Plocha\cpuz
2013-11-19 11:19 - 2013-11-19 11:19 - 00089119 _____ C:\Documents and Settings\Jaryn\Dokumenty\cpuz
2013-11-19 11:18 - 2013-11-19 11:18 - 00000000 ____D C:\Program Files\CPUID
2013-11-19 07:12 - 2013-11-19 07:12 - 00000000 ____D C:\WINDOWS\system32\xircom
2013-11-19 07:12 - 2013-11-19 07:12 - 00000000 ____D C:\Program Files\xerox
2013-11-19 07:12 - 2013-11-19 07:12 - 00000000 ____D C:\Program Files\microsoft frontpage
2013-11-19 00:18 - 2013-11-19 00:18 - 00012612 _____ C:\Documents and Settings\Jaryn\Plocha\MWAV.LOG
2013-11-18 21:24 - 2013-11-18 21:24 - 00655872 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcr90.dll
2013-11-18 21:24 - 2013-11-18 21:24 - 00572928 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcp90.dll
2013-11-18 21:24 - 2013-11-18 21:24 - 00343456 _____ (BitDefender S.R.L.) C:\WINDOWS\system32\Drivers\trufos.sys
2013-11-18 21:05 - 2013-11-18 21:05 - 00000618 _____ C:\Documents and Settings\Jaryn\Dokumenty\cc_20131118_210459.reg
2013-11-18 19:39 - 2011-01-18 22:35 - 00000000 ____D C:\WINDOWS\system
2013-11-16 05:31 - 2013-11-16 05:31 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2900986$
2013-11-16 05:31 - 2013-11-16 05:31 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2876331$
2013-11-16 05:31 - 2013-11-16 05:31 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2868626$
2013-11-16 05:31 - 2013-11-16 05:31 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2862152$
2013-11-16 05:30 - 2013-08-14 08:07 - 00000000 ____D C:\WINDOWS\system32\MRT
2013-11-16 05:29 - 2011-01-19 14:21 - 80340640 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2013-11-10 17:35 - 2013-11-10 17:35 - 00005630 _____ C:\Documents and Settings\Jaryn\Dokumenty\cc_20131110_173533.reg
2013-11-09 16:16 - 2013-11-09 16:16 - 00000000 ____D C:\WINDOWS\ERUNT
2013-11-09 15:58 - 2013-11-09 15:58 - 00000000 ____H C:\WINDOWS\system32\config\system.rctemp.LOG
2013-11-09 15:58 - 2013-11-09 15:58 - 00000000 ____H C:\WINDOWS\system32\config\software.rctemp.LOG
2013-11-09 15:58 - 2013-11-09 15:58 - 00000000 ____H C:\WINDOWS\system32\config\SECURITY.rctemp.LOG
2013-11-09 15:58 - 2013-11-09 15:58 - 00000000 ____H C:\WINDOWS\system32\config\SAM.rctemp.LOG
2013-11-09 15:58 - 2013-11-09 15:58 - 00000000 ____H C:\WINDOWS\system32\config\default.rctemp.LOG
2013-11-09 15:58 - 2011-01-18 22:38 - 00057344 _____ C:\WINDOWS\system32\config\SECURITY.rcbak
2013-11-09 15:58 - 2011-01-18 22:38 - 00028672 _____ C:\WINDOWS\system32\config\SAM.rcbak
2013-11-09 15:58 - 2011-01-18 22:37 - 27000832 _____ C:\WINDOWS\system32\config\software.rcbak
2013-11-09 15:58 - 2011-01-18 22:37 - 10747904 _____ C:\WINDOWS\system32\config\system.rcbak
2013-11-09 15:58 - 2011-01-18 22:37 - 00524288 _____ C:\WINDOWS\system32\config\default.rcbak
2013-11-09 15:58 - 2011-01-18 21:53 - 00000000 __SHD C:\Documents and Settings\NetworkService
2013-11-09 15:58 - 2011-01-18 21:53 - 00000000 __SHD C:\Documents and Settings\LocalService
2013-11-09 15:56 - 2013-11-09 15:56 - 98372722 _____ C:\Documents and Settings\Jaryn\Dokumenty\BackupRegistry(20131109).reg
2013-11-09 15:52 - 2011-01-18 21:54 - 00000000 ___RD C:\Documents and Settings\Jaryn\Nabídka Start\Programy
2013-11-09 15:45 - 2011-01-18 23:28 - 00000000 ____D C:\Program Files\WinRAR
2013-11-09 15:45 - 2011-01-18 22:35 - 00000000 ____D C:\WINDOWS\twain_32
2013-11-09 15:44 - 2013-10-31 11:47 - 00000000 ___RD C:\Documents and Settings\All Users.WINDOWS.0\Nabídka Start\Programy\Hry
2013-11-09 15:44 - 2011-12-20 17:13 - 00000000 ____D C:\Documents and Settings\Jaryn\Plocha\[originální]
2013-11-09 15:44 - 2011-01-18 21:54 - 00000000 ___RD C:\Documents and Settings\Jaryn\Dokumenty\Obrázky
2013-11-09 15:31 - 2013-11-09 15:31 - 00001930 _____ C:\Documents and Settings\Jaryn\Plocha\1-Click Cleaner.lnk
2013-11-09 15:31 - 2013-11-09 15:31 - 00001927 _____ C:\Documents and Settings\Jaryn\Plocha\WinXP Manager.lnk
2013-11-09 15:31 - 2013-11-09 15:31 - 00000000 ____D C:\Program Files\Yamicsoft
2013-11-09 15:31 - 2013-11-09 15:31 - 00000000 ____D C:\Documents and Settings\Jaryn\Nabídka Start\Programy\WinXP Manager
2013-11-09 14:19 - 2013-11-09 14:19 - 00004024 _____ C:\Documents and Settings\Jaryn\Dokumenty\cc_20131109_141947.reg
2013-11-09 13:48 - 2013-11-09 13:48 - 00002100 _____ C:\Documents and Settings\Jaryn\.recently-used.xbel
2013-11-09 13:48 - 2011-01-22 10:56 - 00000000 ____D C:\Documents and Settings\Jaryn\Data aplikací\gtk-2.0
2013-11-09 13:48 - 2011-01-22 10:54 - 00000000 ____D C:\Documents and Settings\Jaryn\.gimp-2.6
2013-11-06 15:56 - 2013-11-06 15:56 - 00029618 _____ C:\Documents and Settings\Jaryn\Dokumenty\res_trojuh.zip
2013-11-06 15:56 - 2013-11-06 15:56 - 00000000 ____D C:\Documents and Settings\Jaryn\Dokumenty\res_trojuh
2013-11-04 12:21 - 2013-11-04 12:21 - 00000000 ____D C:\Documents and Settings\All Users\Nabídka Start\Programy\ImgBurn
2013-11-04 12:21 - 2013-04-20 19:12 - 00001561 _____ C:\Documents and Settings\All Users\Plocha\ImgBurn.lnk

Some content of TEMP:
====================
C:\Documents and Settings\Jaryn\Local Settings\Temp\avcuf32.dll
C:\Documents and Settings\Jaryn\Local Settings\Temp\avcuf64.dll
C:\Documents and Settings\Jaryn\Local Settings\Temp\avxdisk.dll
C:\Documents and Settings\Jaryn\Local Settings\Temp\bdc.exe
C:\Documents and Settings\Jaryn\Local Settings\Temp\bdcore.dll
C:\Documents and Settings\Jaryn\Local Settings\Temp\bdfltlib2k.dll
C:\Documents and Settings\Jaryn\Local Settings\Temp\bdnimbus32.dll
C:\Documents and Settings\Jaryn\Local Settings\Temp\bdnimbus64.dll
C:\Documents and Settings\Jaryn\Local Settings\Temp\bdupdateservice.dll
C:\Documents and Settings\Jaryn\Local Settings\Temp\DEVCON.EXE
C:\Documents and Settings\Jaryn\Local Settings\Temp\eEmpty.exe
C:\Documents and Settings\Jaryn\Local Settings\Temp\encdec.dll
C:\Documents and Settings\Jaryn\Local Settings\Temp\esupdate.exe
C:\Documents and Settings\Jaryn\Local Settings\Temp\FSSync.dll
C:\Documents and Settings\Jaryn\Local Settings\Temp\Getvlist.exe
C:\Documents and Settings\Jaryn\Local Settings\Temp\ikave.dll
C:\Documents and Settings\Jaryn\Local Settings\Temp\ipc.dll
C:\Documents and Settings\Jaryn\Local Settings\Temp\kave.dll
C:\Documents and Settings\Jaryn\Local Settings\Temp\kavvlg.dll
C:\Documents and Settings\Jaryn\Local Settings\Temp\msvclnt.dll
C:\Documents and Settings\Jaryn\Local Settings\Temp\msvcp80.dll
C:\Documents and Settings\Jaryn\Local Settings\Temp\msvcr80.dll
C:\Documents and Settings\Jaryn\Local Settings\Temp\msvl64.dll
C:\Documents and Settings\Jaryn\Local Settings\Temp\msvlclnt.dll
C:\Documents and Settings\Jaryn\Local Settings\Temp\mwavdwnl.exe
C:\Documents and Settings\Jaryn\Local Settings\Temp\MWAVL.exe
C:\Documents and Settings\Jaryn\Local Settings\Temp\mwavscan.exe
C:\Documents and Settings\Jaryn\Local Settings\Temp\mwunzip.dll
C:\Documents and Settings\Jaryn\Local Settings\Temp\prLoader.dll
C:\Documents and Settings\Jaryn\Local Settings\Temp\Quarantine.exe
C:\Documents and Settings\Jaryn\Local Settings\Temp\red32.dll
C:\Documents and Settings\Jaryn\Local Settings\Temp\Reload.exe
C:\Documents and Settings\Jaryn\Local Settings\Temp\scan.dll
C:\Documents and Settings\Jaryn\Local Settings\Temp\ScanningProcess.exe
C:\Documents and Settings\Jaryn\Local Settings\Temp\setpriv.exe
C:\Documents and Settings\Jaryn\Local Settings\Temp\test2.exe
C:\Documents and Settings\Jaryn\Local Settings\Temp\trufos.dll
C:\Documents and Settings\Jaryn\Local Settings\Temp\unregx.exe
C:\Documents and Settings\Jaryn\Local Settings\Temp\UPDLL10.DLL
C:\Documents and Settings\Jaryn\Local Settings\Temp\viewtcp.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe
[2008-04-14 07:52] - [2008-04-14 07:52] - 1034240 ____A (Microsoft Corporation) 27afd587c462e280ee046b8cca3c2cd1

C:\Windows\System32\winlogon.exe
[2008-04-14 07:52] - [2008-04-14 07:52] - 0507904 ____A (Microsoft Corporation) cddb1f8e1aea356f3ad106f2cf9b7fea

C:\Windows\System32\svchost.exe
[2008-04-14 07:52] - [2008-04-14 07:52] - 0014336 ____A (Microsoft Corporation) be4a520e29b6391f49e79ccc52044d93

C:\Windows\System32\services.exe
[2008-04-14 07:52] - [2009-02-09 12:25] - 0111104 ____A (Microsoft Corporation) 9ef697af07bb8dd82c3b02ca953a95b7

C:\Windows\System32\User32.dll
[2008-04-14 07:52] - [2008-04-14 07:52] - 0578560 ____A (Microsoft Corporation) e16e0990967374e76f3e40cacafd3d53

C:\Windows\System32\userinit.exe
[2008-04-14 07:52] - [2008-04-14 07:52] - 0026112 ____A (Microsoft Corporation) 7dc1830f22e7d275b438127b68030239

C:\Windows\System32\Drivers\volsnap.sys
[2008-04-14 06:42] - [2008-04-14 06:42] - 0052480 ____A (Microsoft Corporation) 28a4b296b47782173c346e376cb374d1


==================== End Of Log ============================

Ještě RSIT:

Logfile of random's system information tool 1.09 (written by random/random)
Run by Jaryn at 2013-12-02 11:12:10
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 281 GB (92%) free of 305 GB
Total RAM: 2047 MB (66% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:12:14, on 2.12.2013
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Samsung\USB Drivers\26_VIA_driver2\x86\VIAService.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\WINDOWS\system32\FsUsbExService.Exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Opera\opera.exe
C:\totalcmd\TOTALCMD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Opera\profile\temporary_downloads\RSIT.exe
C:\Program Files\trend micro\Jaryn.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: CDMA Device Service - Unknown owner - C:\Program Files\Samsung\USB Drivers\26_VIA_driver2\x86\VIAService.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: FsUsbExService - Teruten - C:\WINDOWS\system32\FsUsbExService.Exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 4670 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre7\bin\ssv.dll [2013-10-31 462760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-10-31 171944]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"egui"=C:\Program Files\ESET\ESET Smart Security\egui.exe [2013-09-12 5110672]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX]
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe [2008-03-24 884736]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
C:\Program Files\Analog Devices\Core\smax4pnp.exe [2008-04-15 1040384]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2011-10-12 98304]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Microsoft Office.lnk]
C:\PROGRA~1\MICROS~1\Office10\OSA.EXE [2001-02-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"gupdatem"=3
"gupdate"=2

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2011-10-12 188416]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"SynchronousMachineGroupPolicy"=0
"SynchronousUserGroupPolicy"=0
"EnableLUA"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=153
"TaskbarNoNotification"=1
"HideSCAHealth"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoDriveTypeAutoRun"=153
"TaskbarNoNotification"=1
"HideSCAHealth"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Microsoft Visual Studio\Common\Tools\VS-Ent98\Vanalyzr\VARPC.EXE"="C:\Program Files\Microsoft Visual Studio\Common\Tools\VS-Ent98\Vanalyzr\VARPC.EXE:*:Enabled:Microsoft (R) Visual Studio VSA RPC Event Creator"
"C:\WINDOWS\system32\msiexec.exe"="C:\WINDOWS\system32\msiexec.exe:*:Enabled:Windows® installer"
"C:\PROGRA~1\COMMON~1\MICROW~1\Agent\MWAGENT.EXE"="C:\PROGRA~1\COMMON~1\MICROW~1\Agent\MWAGENT.EXE:*:Enabled:MicroWorld Management Agent"
"\\192.168.0.36\Software\HpLJ_2015n\setup\hpznet01.exe"="\\192.168.0.36\Software\HpLJ_2015n\setup\hpznet01.exe:*:Enabled:hpznet01.exe"
"\\192.168.0.36\Software\HpLJ_2015n\setup\hppapd.exe"="\\192.168.0.36\Software\HpLJ_2015n\setup\hppapd.exe:*:Enabled:hppapd.exe"
"\\192.168.0.36\Software\HpLJ_2015n\setup\hpntwkexe.exe"="\\192.168.0.36\Software\HpLJ_2015n\setup\hpntwkexe.exe:*:Enabled:hpntwkexe.exe"
"C:\PROGRA~1\eScan\DOWNLOAD.EXE"="C:\PROGRA~1\eScan\DOWNLOAD.EXE:*:Enabled:eScan Update Downloader"
"C:\PROGRA~1\eScan\TRAYICOS.EXE"="C:\PROGRA~1\eScan\TRAYICOS.EXE:*:Enabled:eScan Server Updater"
"C:\PROGRA~1\eScan\LICENSE.EXE"="C:\PROGRA~1\eScan\LICENSE.EXE:*:Enabled:eScan Registration Service"
"C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\TeamViewer\Version6\TeamViewer.exe"="C:\Program Files\TeamViewer\Version6\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application"
"C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe"="C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe:*:Enabled:Teamviewer Remote Control Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\PROGRA~1\COMMON~1\MICROW~1\Agent\MWAGENT.EXE"="C:\PROGRA~1\COMMON~1\MICROW~1\Agent\MWAGENT.EXE:*:Enabled:MicroWorld Management Agent"
"C:\PROGRA~1\eScan\DOWNLOAD.EXE"="C:\PROGRA~1\eScan\DOWNLOAD.EXE:*:Enabled:eScan Update Downloader"
"C:\PROGRA~1\eScan\TRAYICOS.EXE"="C:\PROGRA~1\eScan\TRAYICOS.EXE:*:Enabled:eScan Server Updater"
"C:\PROGRA~1\eScan\LICENSE.EXE"="C:\PROGRA~1\eScan\LICENSE.EXE:*:Enabled:eScan Registration Service"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"VIDC.IYUV"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVU9"=tsbyuv.dll
"VIDC.YVYU"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"MSVideo8"=VfWWDM32.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"aux2"=wdmaud.drv

======List of files/folders created in the last 1 month======

2013-12-02 11:12:10 ----D---- C:\rsit
2013-12-02 11:12:10 ----D---- C:\Program Files\trend micro
2013-12-02 11:01:19 ----D---- C:\FRST
2013-12-02 09:32:36 ----AD---- C:\WINDOWS\VDLL.DLL
2013-12-02 09:32:36 ----AD---- C:\WINDOWS\system32\runouce.exe
2013-12-02 09:32:36 ----AD---- C:\WINDOWS\RUNDL132.EXE
2013-12-02 09:32:36 ----AD---- C:\WINDOWS\logo_1.exe
2013-12-02 09:19:38 ----A---- C:\WINDOWS\system32\msvcr80.dll
2013-12-02 09:19:37 ----A---- C:\WINDOWS\system32\msvcp80.dll
2013-12-02 09:19:36 ----A---- C:\WINDOWS\system32\eEmpty.exe
2013-12-02 09:19:33 ----A---- C:\WINDOWS\system32\TASKMGR.COM
2013-12-02 09:19:33 ----A---- C:\WINDOWS\system32\T.COM
2013-12-02 09:19:33 ----A---- C:\WINDOWS\R.COM
2013-12-02 09:19:32 ----A---- C:\WINDOWS\REGEDIT.COM
2013-12-02 09:19:30 ----D---- C:\Program Files\Common Files\MicroWorld
2013-12-02 09:19:19 ----D---- C:\Documents and Settings\All Users\Data aplikací\MicroWorld
2013-12-02 09:13:10 ----D---- C:\AdwCleaner
2013-11-30 09:30:29 ----D---- C:\Documents and Settings\All Users\Data aplikací\dXDvr333
2013-11-19 15:10:51 ----D---- C:\Intel
2013-11-19 15:10:34 ----D---- C:\Documents and Settings\Jaryn\Data aplikací\InstallShield
2013-11-19 15:10:33 ----A---- C:\WINDOWS\Language_trs.ini
2013-11-19 14:27:19 ----D---- C:\DRIVERS
2013-11-19 14:21:54 ----RD---- C:\WINDOWS\AsDmiHtm
2013-11-19 13:27:41 ----D---- C:\WINDOWS\Prefetch
2013-11-19 11:18:44 ----D---- C:\Program Files\CPUID
2013-11-19 07:12:22 ----D---- C:\WINDOWS\system32\xircom
2013-11-19 07:12:22 ----D---- C:\Program Files\xerox
2013-11-19 07:12:21 ----D---- C:\Program Files\microsoft frontpage
2013-11-18 21:24:46 ----A---- C:\WINDOWS\system32\drivers\trufos.sys
2013-11-18 21:24:38 ----A---- C:\WINDOWS\system32\msvcp90.dll
2013-11-18 21:24:37 ----A---- C:\WINDOWS\system32\msvcr90.dll
2013-11-18 19:42:12 ----RA---- C:\WINDOWS\system32\drivers\AtiHdmi.sys
2013-11-18 19:26:58 ----A---- C:\WINDOWS\Ascd_tmp.ini
2013-11-18 19:26:54 ----A---- C:\WINDOWS\AS_Debug.txt
2013-11-18 19:26:45 ----A---- C:\WINDOWS\system32\drivers\ASUSHWIO.SYS
2013-11-16 05:31:28 ----HDC---- C:\WINDOWS\$NtUninstallKB2868626$
2013-11-16 05:31:24 ----HDC---- C:\WINDOWS\$NtUninstallKB2900986$
2013-11-16 05:31:20 ----HDC---- C:\WINDOWS\$NtUninstallKB2862152$
2013-11-16 05:31:11 ----HDC---- C:\WINDOWS\$NtUninstallKB2876331$
2013-11-09 16:16:17 ----D---- C:\WINDOWS\ERUNT
2013-11-09 15:31:40 ----D---- C:\Program Files\Yamicsoft

======List of files/folders modified in the last 1 month======

2013-12-02 11:12:10 ----RD---- C:\Program Files
2013-12-02 11:02:40 ----D---- C:\WINDOWS
2013-12-02 11:01:12 ----D---- C:\WINDOWS\Temp
2013-12-02 10:57:50 ----A---- C:\WINDOWS\WINCMD.INI
2013-12-02 10:45:04 ----D---- C:\WINDOWS\Registration
2013-12-02 10:40:59 ----A---- C:\WINDOWS\SchedLgU.Txt
2013-12-02 10:33:08 ----D---- C:\WINDOWS\system32\config
2013-12-02 10:30:04 ----RSD---- C:\WINDOWS\Fonts
2013-12-02 10:27:31 ----ASH---- C:\boot.ini
2013-12-02 10:27:31 ----A---- C:\WINDOWS\win.ini
2013-12-02 10:27:31 ----A---- C:\WINDOWS\system.ini
2013-12-02 10:17:52 ----D---- C:\WINDOWS\system32\drivers
2013-12-02 09:32:36 ----D---- C:\WINDOWS\system32
2013-12-02 09:19:30 ----D---- C:\Program Files\Common Files
2013-12-02 09:18:15 ----D---- C:\WINDOWS\system32\Restore
2013-12-02 09:18:14 ----SHD---- C:\System Volume Information
2013-12-02 09:11:34 ----D---- C:\Program Files\Opera
2013-12-02 08:46:16 ----D---- C:\WINDOWS\system32\CatRoot2
2013-12-02 07:46:50 ----D---- C:\Program Files\CCleaner
2013-12-02 07:45:29 ----D---- C:\WINDOWS\SoftwareDistribution
2013-11-30 17:30:49 ----D---- C:\Inetpub
2013-11-30 09:30:54 ----D---- C:\Program Files\Google
2013-11-19 17:42:13 ----D---- C:\Program Files\MyPhoneExplorer
2013-11-19 15:10:35 ----D---- C:\Program Files\InstallShield Installation Information
2013-11-19 14:32:34 ----HD---- C:\WINDOWS\inf
2013-11-19 07:12:22 ----D---- C:\WINDOWS\system32\wbem
2013-11-18 20:47:07 ----D---- C:\WINDOWS\Debug
2013-11-18 19:39:20 ----D---- C:\WINDOWS\system
2013-11-16 05:31:29 ----D---- C:\WINDOWS\system32\dllcache
2013-11-16 05:30:51 ----D---- C:\WINDOWS\system32\MRT
2013-11-16 05:29:45 ----A---- C:\WINDOWS\system32\MRT.exe
2013-11-10 17:14:20 ----D---- C:\WINDOWS\system32\drivers\etc
2013-11-10 10:18:44 ----SD---- C:\WINDOWS\Tasks
2013-11-09 15:45:20 ----D---- C:\WINDOWS\twain_32
2013-11-09 15:45:20 ----D---- C:\Program Files\WinRAR
2013-11-09 15:31:44 ----SHD---- C:\WINDOWS\Installer
2013-11-09 15:31:44 ----SD---- C:\Documents and Settings\Jaryn\Data aplikací\Microsoft
2013-11-09 15:31:44 ----HD---- C:\Config.Msi
2013-11-09 13:48:25 ----D---- C:\Documents and Settings\Jaryn\Data aplikací\gtk-2.0

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 iastor;Intel AHCI Controller; C:\WINDOWS\system32\DRIVERS\iaStor.sys [2008-07-22 319000]
R0 mv61xx;mv61xx; C:\WINDOWS\system32\DRIVERS\mv61xx.sys [2008-08-28 151592]
R0 ohci1394;Hostitelský řadič IEEE 1394 dle standardu OHCI; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2008-04-13 61696]
R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2011-10-24 717296]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2009-02-14 77568]
R1 eamon;eamon; C:\WINDOWS\system32\DRIVERS\eamon.sys [2013-09-17 184664]
R1 ehdrv;ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [2013-09-17 134248]
R1 epfwtdi;epfwtdi; C:\WINDOWS\system32\DRIVERS\epfwtdi.sys [2013-09-17 61600]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R2 epfw;epfw; C:\WINDOWS\system32\DRIVERS\epfw.sys [2013-09-17 174400]
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\ADIHdAud.sys [2009-08-04 337920]
R3 AEAudio;AE Audio Service; C:\WINDOWS\system32\drivers\AEAudio.sys [2007-07-13 94976]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2011-10-12 7206400]
R3 Epfwndis;Eset Personal Firewall; C:\WINDOWS\system32\DRIVERS\Epfwndis.sys [2013-09-17 38952]
R3 FsUsbExDisk;FsUsbExDisk; \??\C:\WINDOWS\system32\FsUsbExDisk.SYS []
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2009-02-14 12160]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2006-02-26 5810]
R3 SenFiltService;SenFilt Service; C:\WINDOWS\system32\drivers\Senfilt.sys [2009-08-21 1366144]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2013-08-09 32384]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:\WINDOWS\system32\DRIVERS\yk51x86.sys [2008-12-09 296448]
S3 61883;61883 Unit Device; C:\WINDOWS\system32\DRIVERS\61883.sys [2008-04-13 48128]
S3 a0i9uwwj;a0i9uwwj; C:\WINDOWS\system32\drivers\a0i9uwwj.sys []
S3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2009-02-14 60800]
S3 AtiHdmiService;ATI Function Driver for HDMI Service; C:\WINDOWS\system32\drivers\AtiHdmi.sys [2009-04-01 93184]
S3 Avc;AVC Device; C:\WINDOWS\system32\DRIVERS\avc.sys [2008-04-13 38912]
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-07-09 16384]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.); C:\WINDOWS\system32\DRIVERS\ssudbus.sys [2012-09-20 83168]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2005-10-28 49664]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2005-10-28 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2005-10-28 21568]
S3 MSDV;Microsoft DV Camera and VCR; C:\WINDOWS\system32\DRIVERS\msdv.sys [2004-07-09 52096]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2002-12-12 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-07-09 83968]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-07-09 10112]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2009-02-14 61824]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-07-09 10880]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.); C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [2012-09-20 181344]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-07-09 14976]
S3 trufos;trufos; C:\WINDOWS\system32\drivers\trufos.sys [2013-11-18 343456]
S3 usb_rndisx;Adaptér USB RNDIS; C:\WINDOWS\system32\DRIVERS\usb8023x.sys [2013-02-12 12928]
S3 usbaudio;Ovladač zvukové karty USB (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2013-07-17 60160]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2013-07-03 14976]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 w800bus;Sony Ericsson W800 driver (WDM); C:\WINDOWS\system32\DRIVERS\w800bus.sys [2005-05-24 52384]
S3 w800mdfl;Sony Ericsson W800 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\w800mdfl.sys [2005-05-24 6096]
S3 w800mdm;Sony Ericsson W800 USB WMC Modem Drivers; C:\WINDOWS\system32\DRIVERS\w800mdm.sys [2005-05-24 87424]
S3 w800mgmt;Sony Ericsson W800 USB WMC Device Management Drivers; C:\WINDOWS\system32\DRIVERS\w800mgmt.sys [2005-05-24 79216]
S3 w800obex;Sony Ericsson W800 USB WMC OBEX Interface Drivers; C:\WINDOWS\system32\DRIVERS\w800obex.sys [2005-05-24 77040]
S3 wceusbsh;Windows CE USB Serial Host Driver; C:\WINDOWS\system32\DRIVERS\wceusbsh.sys [2006-11-06 28672]
S3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2008-03-27 503008]
S3 WinUSB;SAMSUNG Android USB Driver; C:\WINDOWS\system32\DRIVERS\WinUSB.sys [2006-11-02 39368]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2009-02-14 38528]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-07-09 18688]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2009-02-14 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2011-10-12 643072]
R2 CDMA Device Service;CDMA Device Service; C:\Program Files\Samsung\USB Drivers\26_VIA_driver2\x86\VIAService.exe [2011-08-02 63488]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2013-09-12 1337752]
R2 FsUsbExService;FsUsbExService; C:\WINDOWS\system32\FsUsbExService.Exe [2010-07-29 238952]
R2 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2005-03-14 69632]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-10 257416]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2010-03-18 35160]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Služba Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2013-07-20 756392]
S4 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2011-01-19 136176]
S4 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2011-01-19 136176]
S4 IISADMIN;Správa služby IIS; C:\WINDOWS\system32\inetsrv\inetinfo.exe [2008-04-14 15872]
S4 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre7\bin\jqs.exe [2013-10-31 182696]
S4 W3SVC;Publikování na webu; C:\WINDOWS\system32\inetsrv\inetinfo.exe [2008-04-14 15872]

-----------------EOF-----------------

Zdravim

Opravdu originalni zpusob killnuti ransomware Ja davam radeji prednost uplnemu zabiti a likvidaci

Predpokladam, ze ten ESET jak ma byt = zakoupena licence

MWAV odinstalujte - je uz davno za zenitem a neni schopen celit aktualnim hrozbam

Vytvorte prosim rar soubor s obsahem nize a uploadnete mi ho sem http://vyosek.ic.cz/havet/uploader.php

• C:\Documents and Settings\Jaryn\Plocha\RK_Quarantine
• C:\Documents and Settings\Jaryn\Plocha\gmer.log

Stahnete Malwarebytes Anti-Rootkit http://www.bleepingcomputer.com/downloa ... i-rootkit/

• Ulozte nejlepe na Plochu a rozbalte
• Spustte kliknutim na mbar
• Nyni postupne kliknete na Next a Update
• Po dokonceni update (aktualizace) databaze kliknete opet na Next
• Nechte zaskrtnute vsechny tri moznosti a klinete na Scan cimz spustite prohledavani PC
• Po dokonceni skenu (cca 5 minutek) zkontrolujte, zda-li je u vsech nalezu (samozrejme pokud budou) zatrzitko
• Tez zkontrolujte, jetsli je zatrzitko u Create Restore point
• Nyni kliknete na CleanUp cimz nalezenou infekci odstranime
• PC bude restartovan
• Slozka mbar by mela obsahovat log (a zrejme se i sam otevre) mbar-log-rok-mesic-den (hodina-minuta-sekunda).txt, ten mi sem dejte

Abych ho mohl "zabít", musím se nejdříve dostat do systému. Přes nouzový režim mě to nepustí. Boot CD z Esetu nemám... Toto je pro mě nejrychlejší řešení MWAV jsem pustil spíš z nostalgie. jinak nepoužívám. ESEt je zatím trial.

MBAR nic nenašel, proto ani neposílám žádný log...

A nemate tam naaaahodou ten trial na ESET uz dele jak 30 dni, coz je maximalni povolena doba pouzivani zkusebni (trial) licence dle licencnich podminek, ktere jste odsouhlasil pri instalaci

Existuji nastroje (napr. HitmanPro with KickStart), ktere jsou vyvinuty prave na tentotyp malware a spusteni v nouzovem rezimu

Déle, než 30 dní ESET nepoužívám, ale je pravda, že mi to píše, že zkušební verze skončí až za 54 dní. Mám ji od kamaráda, který má obchod s PC. Dal mi to na vyzkoušení s tím, že mi pak "udělá cenu" na originál ...

Fajn, takze jeste jednou:

• ESET nabizi zkusebni dobu na 30 dni - ne dele, takze tezko muze tam legalni cestou byt a psat, ze vyprsi za 54 dni zkusebni doba
• Pokud by byl v poslednich 30 dnech instalovan, tak o tom bude zminka v logu - naprosto tam chybi
• Cenu muze udelat pouze tak, ze to zaplati ze sveho, ESET licence nerozdava obchodum

Dle meho na vas chtel jen kamarad zapusobit a ukazat ja je "skvely" a pritom vam tam dal nejakou cinknutou a nelegalni verzi. Asi dobry kamarad pokud toto udelal a vedomne vas tak vystavil riziku trestniho stihani za porusovani autorskych prav.

Tudiz, na zaklada poznatku z logu a toho co pisete, mam dosti informaci, ze dochazi k porsovani pravidel fora a charty mezinarodni aliance ASAP, jejiz jsme cleny a to tak, ze se PC se nelegalnimi zabezpecenim nezabyvame

Pokud chcete pomoci, tak odinstalujte nelegalni ESET a nainstalujte nejake free reseni (Avast Free, BitDefender Free...). Pak budeme pokracovat a vylecime i zbytky co tam jsou.

Ok, díky za info. Jen netuším, jak to, že je verze trial, ale doba vypršení je více, než 30 dnů. Z toho, co mi říkal, jsem to pochopil tak, že mi může dát delší zkušební verzi. Vlastně mi dal jen kód, protože program jsem instaloval jak mi řekl ze stránek esetu... Tudíž je i prapodivné, že jste nenalezl záznam v logu o instalaci... Pro jistotu jsem dohledal e-mail z ESETU, abych měl jistotu, že verze není opravdu starší 30-dnů:

Vážený uživateli,

děkujeme za vyzkoušení bezpečnostního řešení společnosti ESET.

Tímto získáváte plně funkční, časově omezenou licenci ESET Smart Security.

Licence se vztahuje na 1 zařízení a je platná do 17. 12. 2013.

Pokud není ESET Smart Security nainstalován, instalační soubor lze stáhnout pomocí níže uvedených licenčních údajů z internetové stránky http://www.eset.cz/stahnout

Uživatelské jméno:
Heslo:

PŘED INSTALACÍ ODINSTALUJTE VEŠKERÉ JINÉ ANTIVIROVÉ PROGRAMY Z VAŠEHO ZAŘÍZENÍ!

V případě dalších otázek či problémů s řešením ESET, navštivte webovou stránku http://www.eset.cz/podpora

V případě vašich dotazů se s důvěrou obraťte na naše obchodní oddělení. Můžete využít naší bezplatné telefonní linky 800 373 829 nebo volat na klasické číslo 233 090 233. Naši pracovníci se vám budou ochotně věnovat vždy od pondělí do pátku od 8:30 do 17:00 hodin.

S pozdravem,
ESET software spol. s r.o.

OK, toto si jeste overim u kolegu z ESETu.

Stahnete Malwarebytes' Anti-Malware (zkracene MBAM) http://forum.viry.cz/viewtopic.php?f=29&t=115222

• Provedte aktualizaci
• Provedte uplny sken - nic nemazte
• MBAM miva obcas falesne detekce, proto vlozte log do prispevku a pockejte na posouzeni

Jeste maly poznatek, v mailu je napsano licence do 17.12.2013, Vam ESS pise ze vyprsi za 54 dni At poctam, jak pocitam, tak ode dneska do 17.12.2013 je 14 dni, nikoliv 54

Kazdopadne jsem uz pozadal kolegy z podpory ESETu o provereni te licence...

Psal jsem to o příspěvek výše. Kamarád mi dal jiný kód na delší trial. Vyměnil jsem ho za ten v mailu a už mi to normálně píše konec za 15 dní.

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Verze: v2013.12.03.03

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Jaryn :: JARYN [administrátor]

3.12.2013 11:59:01
MBAM-log-2013-12-03 (12-41-42).txt

Typ: Kompletní kontrola (C:\|D:\|)
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 493090
Uplynulý čas: 42 minut, 11 sekund

Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené klíče v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené hodnoty v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené datové položky v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené složky: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené soubory: 5
C:\Documents and Settings\Jaryn\Dokumenty\res_trojuh.zip (Trojan.Agent) -> Nebyla provedena žádná instrukce.
C:\Documents and Settings\Jaryn\Dokumenty\res_trojuh\res_trojuh.exe (Trojan.Agent) -> Nebyla provedena žádná instrukce.
D:\System Volume Information\_restore{AD8F5A24-7645-4A5B-9BA3-D1C8185B1AA7}\RP39\A0026508.exe (PUP.Optional.OpenCandy) -> Nebyla provedena žádná instrukce.
D:\Galaxy II\MyPhoneExplorer_Setup_1.8.1.exe (PUP.Optional.OpenCandy) -> Nebyla provedena žádná instrukce.
D:\Programy\Sound\winamp56_full_emusic-7plus_all.exe (PUP.Optional.OpenCandy) -> Nebyla provedena žádná instrukce.


(konec)

kolizek píše:Psal jsem to o příspěvek výše. Kamarád mi dal jiný kód na delší trial. Vyměnil jsem ho za ten v mailu a už mi to normálně píše konec za 15 dní.

OK, ja si pockam na vyjadreni technicke\obchodni podpory od kolegu z ESETu, nespolupracujeme s nimi jen tak z nudy...

Samozřejmě.