vykákující okno. zpomalený režim. žádám o kontroli logu

[Paris]

správa disků

[Paris]

========== REGISTRY ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Crisis.exe deleted successfully.
Error: Unable to interpret <:file> in the current context!
Error: Unable to interpret <C:\Users\petr\AppData\Roaming\hfkWP\WBNNcgjbzP\1.1.3.502\Crisis.exe > in the current context!

OTL by OldTimer - Version 3.2.31.0 log created on 12192011_191411

[Paris]

Logfile of random's system information tool 1.09 (written by random/random)
Run by petr at 2011-12-19 19:27:26
Microsoft Windows 7 Starter Service Pack 1
System drive C: has 33 GB (58%) free of 56 GB
Total RAM: 1013 MB (27% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:28:48, on 19.12.2011
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)
Boot mode: Normal

Running processes:
C:\windows\system32\Dwm.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\taskeng.exe
C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\srspremiumpanel.exe
C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
C:\windows\system32\igfxext.exe
C:\windows\system32\igfxsrvc.exe
C:\windows\explorer.exe
C:\Program Files\Samsung\Samsung Recovery Solution 5\WCScheduler.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
C:\Program Files\Elantech\ETDCtrlHelper.exe
C:\Program Files\ArcSoft\TotalMedia 3.5\TMMonitor.exe
C:\Program Files\Samsung\SamsungFastStart\SmartRestarter.exe
C:\windows\system32\hkcmd.exe
C:\windows\system32\igfxtray.exe
C:\windows\system32\igfxpers.exe
C:\windows\system32\SearchFilterHost.exe
C:\Program Files\ICQ7.1\ICQ.exe
C:\Program Files\Samsung\Movie Color Enhancer\MovieColorEnhancer.exe
C:\Users\petr\Downloads\RSIT.exe
C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe
C:\Program Files\trend micro\petr.exe
C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.cz/ig?hl=cs&refresh=1
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\20110702205228\ICQToolBar.dll
F2 - REG:system.ini: Shell=Explorer.exe "C:\Users\petr\AppData\Roaming\lsass.exe"
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll
O2 - BHO: W2PBrowser Browser Helper - {AA609D72-8482-4076-8991-8CDAE5B93BCB} - C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll
O2 - BHO: Bing Bar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll
O3 - Toolbar: @C:\Program Files\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\20110702205228\ICQToolBar.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKLM\..\Run: [ETDCtrl] %ProgramFiles%\Elantech\ETDCtrl.exe
O4 - HKLM\..\Run: [Norton Online Backup] C:\Program Files\Symantec\Norton Online Backup\NOBuClient.exe
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [MSWUpdate] "C:\Users\petr\AppData\Roaming\lsass.exe"
O4 - HKCU\..\Run: [KiesHelper] C:\Program Files\Samsung\Kies\KiesHelper.exe /s
O4 - HKCU\..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
O4 - HKCU\..\Run: [KiesPDLR] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
O4 - HKCU\..\Run: [ShowBatteryBar] "C:\Program Files\BatteryBar\ShowBatteryBar.exe" show
O4 - HKCU\..\Run: [MSWUpdate] "C:\Users\petr\AppData\Roaming\lsass.exe"
O4 - Global Startup: TMMonitor.lnk = C:\Program Files\ArcSoft\TotalMedia 3.5\TMMonitor.exe
O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Samsung AnyWeb Print - {328ECD19-C167-40eb-A0C7-16FE7634105E} - C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll
O9 - Extra button: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files\ICQ7.1\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files\ICQ7.1\ICQ.exe
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: FsUsbExService - Teruten - C:\windows\system32\FsUsbExService.Exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: Norton Online Backup (NOBU) - Symantec Corporation - C:\Program Files\Symantec\Norton Online Backup\NOBuAgent.exe
O23 - Service: Samsung UPD Service - Samsung Electronics CO., LTD. - C:\windows\System32\SUPDSvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 7558 bytes

======Scheduled tasks folder======

C:\windows\tasks\GoogleUpdateTaskMachineCore.job
C:\windows\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2010-07-27 191792]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2011-09-06 806456]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 439168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9FDDE16B-836F-4806-AB1F-1455CBEFF289}]
Windows Live Messenger Companion Helper - C:\Program Files\Windows Live\Companion\companioncore.dll [2010-09-22 393600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA609D72-8482-4076-8991-8CDAE5B93BCB}]
W2PBrowser Class - C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll [2010-09-17 1236992]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}]
Bing Bar BHO - C:\Program Files\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll [2010-08-13 609544]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{8dcb7100-df86-4384-8842-8fa844297b3f} - @C:\Program Files\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll,-100 - C:\Program Files\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll [2010-08-13 609544]
{855F3B16-6D32-4FE6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\20110702205228\ICQToolBar.dll [2010-10-04 1049912]
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2011-09-06 806456]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [2010-09-28 9734760]
"ETDCtrl"=C:\Program Files\Elantech\ETDCtrl.exe [2010-08-31 1806728]
"Norton Online Backup"=C:\Program Files\Symantec\Norton Online Backup\NOBuClient.exe [2010-06-01 966488]
"avast"=C:\Program Files\AVAST Software\Avast\avastUI.exe [2011-09-06 3722416]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2011-09-07 37296]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2011-03-30 937920]
"ArcSoft Connection Service"=C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [2010-03-18 207360]
"MSWUpdate"=C:\Users\petr\AppData\Roaming\lsass.exe [2011-12-19 1169225]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"KiesHelper"=C:\Program Files\Samsung\Kies\KiesHelper.exe [2011-06-24 941968]
"KiesTrayAgent"=C:\Program Files\Samsung\Kies\KiesTrayAgent.exe [2011-06-24 3373968]
"KiesPDLR"=C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [2011-06-24 20880]
"ShowBatteryBar"=C:\Program Files\BatteryBar\ShowBatteryBar.exe [2009-05-28 90624]
"MSWUpdate"=C:\Users\petr\AppData\Roaming\lsass.exe [2011-12-19 1169225]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
TMMonitor.lnk - C:\Program Files\ArcSoft\TotalMedia 3.5\TMMonitor.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\windows\system32\igfxdev.dll [2010-04-19 218112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\windows\system32\webcheck.dll [2010-11-20 229376]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"MSVideo8"=VfWWDM32.dll
"msacm.siren"=sirenacm.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

======List of files/folders created in the last 1 month======

2011-12-19 19:14:11 ----D---- C:\_OTL
2011-12-19 18:58:41 ----RSH---- C:\Users\petr\AppData\Roaming\lsass.exe
2011-12-18 18:19:49 ----A---- C:\TDSSKiller.2.6.23.0_18.12.2011_18.19.49_log.txt
2011-12-18 15:48:41 ----SHD---- C:\$RECYCLE.BIN
2011-12-18 15:48:14 ----A---- C:\ComboFix.txt
2011-12-18 15:41:52 ----D---- C:\windows\temp
2011-12-18 15:19:15 ----A---- C:\windows\zip.exe
2011-12-18 15:19:15 ----A---- C:\windows\SWSC.exe
2011-12-18 15:19:15 ----A---- C:\windows\SWREG.exe
2011-12-18 15:19:15 ----A---- C:\windows\sed.exe
2011-12-18 15:19:15 ----A---- C:\windows\PEV.exe
2011-12-18 15:19:15 ----A---- C:\windows\NIRCMD.exe
2011-12-18 15:19:15 ----A---- C:\windows\MBR.exe
2011-12-18 15:19:15 ----A---- C:\windows\grep.exe
2011-12-18 15:18:51 ----D---- C:\windows\ERDNT
2011-12-18 15:18:48 ----D---- C:\ComboFix
2011-12-18 15:18:33 ----D---- C:\Qoobox
2011-12-18 10:51:32 ----D---- C:\Program Files\ZHPDiag
2011-12-17 13:40:57 ----D---- C:\Program Files\trend micro
2011-12-17 13:40:37 ----D---- C:\rsit

======List of files/folders modified in the last 1 month======

2011-12-19 19:26:33 ----D---- C:\ProgramData\ArcSoft
2011-12-19 19:17:59 ----D---- C:\windows\system32\config
2011-12-19 19:04:33 ----SD---- C:\ProgramData\Microsoft
2011-12-18 18:19:50 ----D---- C:\windows\system32\drivers
2011-12-18 15:42:15 ----D---- C:\Windows
2011-12-18 15:42:15 ----A---- C:\windows\system.ini
2011-12-18 15:41:57 ----D---- C:\windows\system32\drivers\etc
2011-12-18 15:40:19 ----D---- C:\ProgramData
2011-12-18 15:32:50 ----D---- C:\windows\System32
2011-12-18 15:32:50 ----D---- C:\windows\AppPatch
2011-12-18 15:32:44 ----D---- C:\Program Files\Common Files
2011-12-18 14:50:55 ----D---- C:\Program Files\BatteryBar
2011-12-18 14:41:23 ----D---- C:\Users\petr\AppData\Roaming\SoftGrid Client
2011-12-18 10:51:32 ----RD---- C:\Program Files
2011-12-17 14:14:24 ----D---- C:\windows\system32\LogFiles
2011-12-17 13:51:01 ----D---- C:\windows\system32\catroot
2011-12-17 13:50:59 ----D---- C:\windows\system32\catroot2
2011-12-17 13:50:22 ----D---- C:\windows\winsxs
2011-12-17 13:41:39 ----SHD---- C:\System Volume Information
2011-12-04 22:05:48 ----D---- C:\windows\system32\NDF
2011-12-04 21:46:45 ----A---- C:\windows\red_dialer.ini
2011-12-04 16:11:55 ----D---- C:\windows\Prefetch
2011-12-04 15:00:14 ----A---- C:\windows\system32\PerfStringBackup.INI
2011-12-04 15:00:13 ----D---- C:\windows\inf

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 iaStor;Intel AHCI Controller; C:\windows\system32\DRIVERS\iaStor.sys [2009-06-04 330264]
R0 rdyboost;ReadyBoost; C:\windows\System32\drivers\rdyboost.sys [2010-11-20 173440]
R1 aswRdr;aswRdr; C:\windows\system32\drivers\aswRdr.sys [2011-09-06 34392]
R1 aswSnx;aswSnx; C:\windows\system32\drivers\aswSnx.sys [2011-09-06 442200]
R1 aswSP;aswSP; C:\windows\system32\drivers\aswSP.sys [2011-09-06 320856]
R1 aswTdi;avast! Network Shield Support; C:\windows\system32\drivers\aswTdi.sys [2011-09-06 52568]
R1 SABI;SAMSUNG Kernel Driver For Windows 7; \??\C:\windows\system32\Drivers\SABI.sys [2009-05-28 10752]
R1 vwififlt;Virtual WiFi Filter Driver; C:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 48128]
R2 aswFsBlk;aswFsBlk; C:\windows\system32\drivers\aswFsBlk.sys [2011-09-06 20568]
R2 aswMonFlt;aswMonFlt; \??\C:\windows\system32\drivers\aswMonFlt.sys [2011-09-06 54616]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\windows\system32\DRIVERS\athr.sys [2010-11-23 1249792]
R3 ETD;ELAN PS/2 Port Input Device; C:\windows\system32\DRIVERS\ETD.sys [2010-08-31 100744]
R3 FsUsbExDisk;FsUsbExDisk; \??\C:\windows\system32\FsUsbExDisk.SYS [2009-12-22 36640]
R3 igfx;igfx; C:\windows\system32\DRIVERS\igdkmd32.sys [2010-04-19 4806144]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\windows\system32\drivers\RTKVHDA.sys [2010-09-28 3197608]
R3 Sftfs;Sftfs; C:\windows\system32\DRIVERS\Sftfslh.sys [2010-09-14 577384]
R3 Sftplay;Sftplay; C:\windows\system32\DRIVERS\Sftplaylh.sys [2010-09-14 194408]
R3 Sftredir;Sftredir; C:\windows\system32\DRIVERS\Sftredirlh.sys [2010-09-14 21864]
R3 Sftvol;Sftvol; C:\windows\system32\DRIVERS\Sftvollh.sys [2010-09-14 19304]
R3 StillCam;Ovladač digitálního fotoaparátu pro sériový port; C:\windows\system32\DRIVERS\serscan.sys [2009-07-14 9216]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 14336]
S2 Parvdm;Parvdm; C:\windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
S3 adusbmdm6501;AnyDATA CDMA USB Modem Driver (PID 6501); C:\windows\system32\DRIVERS\adusbmdm65.sys [2005-05-02 65408]
S3 adusbser6501;AnyDATA CDMA USB Serial Port (PID 6501); C:\windows\system32\DRIVERS\adusbser65.sys [2005-05-02 65408]
S3 Afc;PPdus ASPI Shell; C:\windows\system32\drivers\Afc.sys [2006-11-10 18688]
S3 aic78xx;aic78xx; C:\windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]
S3 amdagp;Ovladač filtru AMD portu AGP; C:\windows\system32\drivers\amdagp.sys [2009-07-14 53312]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\windows\system32\DRIVERS\b57nd60x.sys [2009-07-13 229888]
S3 BthEnum;Ovladač pro Bluetooth Request Block; C:\windows\system32\drivers\BthEnum.sys [2009-07-14 34816]
S3 BthPan;Zařízení Bluetooth (síť PAN); C:\windows\system32\DRIVERS\bthpan.sys [2009-07-14 93696]
S3 BTHPORT;Ovladač portu Bluetooth; C:\windows\System32\Drivers\BTHport.sys [2011-04-28 393728]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\windows\System32\Drivers\BTHUSB.sys [2011-04-28 60416]
S3 catchme;catchme; \??\C:\Users\petr\AppData\Local\Temp\catchme.sys []
S3 dgderdrv;dgderdrv; C:\windows\System32\drivers\dgderdrv.sys []
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\windows\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 pciide;pciide; C:\windows\system32\drivers\pciide.sys [2009-07-14 12368]
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\windows\system32\DRIVERS\rfcomm.sys [2009-07-14 129536]
S3 RTL2832U_IRHID;HID Infrared Remote Receiver; C:\windows\system32\DRIVERS\RTL2832U_IRHID.sys [2009-10-05 31872]
S3 RTL2832UBDA;REALTEK 2832U BDA Driver; C:\windows\system32\drivers\RTL2832UBDA.sys [2009-10-26 93344]
S3 RTL2832UUSB;REALTEK 2832U USB Driver; C:\windows\System32\Drivers\RTL2832UUSB.sys [2009-10-26 32800]
S3 RTL8167;Realtek 8167 NT Driver; C:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]
S3 rtport;rtport; \??\C:\windows\system32\drivers\rtport.sys [2011-02-28 15656]
S3 sisagp;Filtr SIS sběrnice AGP; C:\windows\system32\drivers\sisagp.sys [2009-07-14 52304]
S3 ss_bbus;SAMSUNG USB Mobile Device (WDM); C:\windows\system32\DRIVERS\ss_bbus.sys [2009-09-19 98432]
S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter); C:\windows\system32\DRIVERS\ss_bmdfl.sys [2009-09-19 14848]
S3 ss_bmdm;SAMSUNG USB Mobile Modem; C:\windows\system32\DRIVERS\ss_bmdm.sys [2009-09-19 123648]
S3 ss_bserd;SAMSUNG USB Mobile Logging Driver; C:\windows\system32\DRIVERS\ss_bserd.sys [2009-09-19 100224]
S3 TsUsbFlt;@%SystemRoot%\system32\drivers\tsusbflt.sys,-1; C:\windows\System32\drivers\tsusbflt.sys [2010-11-20 52224]
S3 viaagp;Filtr VIA sběrnice AGP; C:\windows\system32\drivers\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]
S3 WinUsb;WinUsb; C:\windows\system32\DRIVERS\WinUsb.sys [2010-11-20 35968]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2011-09-06 44768]
R2 cvhsvc;Client Virtualization Handler; C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-10-20 821664]
R2 FsUsbExService;FsUsbExService; C:\windows\system32\FsUsbExService.Exe [2009-12-22 217088]
R2 ICQ Service;ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [2010-01-03 246520]
R2 NOBU;Norton Online Backup; C:\Program Files\Symantec\Norton Online Backup\NOBuAgent.exe [2010-06-01 2057560]
R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2010-07-27 249136]
R2 sftlist;Application Virtualization Client; C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe [2010-09-14 508264]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2010-09-21 1710464]
R3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2008-11-11 620544]
R3 sftvsa;Application Virtualization Service Agent; C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe [2010-09-14 219496]
S2 ACDaemon;ArcSoft Connect Daemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [2010-03-18 113152]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2011-08-20 136176]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2011-08-20 136176]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
S3 Samsung UPD Service;Samsung UPD Service; C:\windows\System32\SUPDSvc.exe [2010-08-09 131888]
S4 wlcrasvc;Windows Live Mesh remote connections service; C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]

-----------------EOF-----------------

[Paris]

nic se nezmenilo. a ani nenejeli win. a musel jsem je zpustit prez s
pravce uloh

[Paris]

========== REGISTRY ==========
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\"Shell"|"explorer.exe" /E : value set successfully!
========== FILES ==========
C:\Users\petr\AppData\Roaming\hfkWP\WBNNcgjbzP\1.1.3.502\Crisis.exe moved successfully.
C:\Users\petr\AppData\Roaming\lsass.exe moved successfully.

OTL by OldTimer - Version 3.2.31.0 log created on 12192011_194558

[Paris]

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows 7 Starter Edition
Windows Information: Service Pack 1 (build 7601), 32-bit
Base Board Manufacturer: SAMSUNG ELECTRONICS CO., LTD.
BIOS Manufacturer: Phoenix Technologies Ltd.
System Manufacturer: SAMSUNG ELECTRONICS CO., LTD.
System Product Name: N145P/N250P/N260P
Logical Drives Mask: 0x0001000c

Kernel Drivers (total 190):
0x81C3F000 \SystemRoot\system32\ntkrnlpa.exe
0x81C08000 \SystemRoot\system32\halmacpi.dll
0x81B38000 \SystemRoot\system32\kdcom.dll
0x8222F000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x822B4000 \SystemRoot\system32\PSHED.dll
0x822C5000 \SystemRoot\system32\BOOTVID.dll
0x822CD000 \SystemRoot\system32\CLFS.SYS
0x8230F000 \SystemRoot\system32\CI.dll
0x86430000 \SystemRoot\system32\drivers\Wdf01000.sys
0x864A1000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x864AF000 \SystemRoot\system32\drivers\ACPI.sys
0x864F7000 \SystemRoot\system32\drivers\WMILIB.SYS
0x86500000 \SystemRoot\system32\drivers\msisadrv.sys
0x86508000 \SystemRoot\system32\drivers\pci.sys
0x86532000 \SystemRoot\system32\drivers\vdrvroot.sys
0x8653D000 \SystemRoot\System32\drivers\partmgr.sys
0x8654E000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x86556000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x86561000 \SystemRoot\system32\drivers\volmgr.sys
0x86571000 \SystemRoot\System32\drivers\volmgrx.sys
0x865BC000 \SystemRoot\System32\drivers\mountmgr.sys
0x86637000 \SystemRoot\system32\DRIVERS\iaStor.sys
0x86711000 \SystemRoot\system32\drivers\atapi.sys
0x8671A000 \SystemRoot\system32\drivers\ataport.SYS
0x8673D000 \SystemRoot\system32\drivers\msahci.sys
0x86747000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x86755000 \SystemRoot\system32\drivers\amdxata.sys
0x8675E000 \SystemRoot\system32\drivers\fltmgr.sys
0x86792000 \SystemRoot\system32\drivers\fileinfo.sys
0x86818000 \SystemRoot\System32\Drivers\Ntfs.sys
0x86947000 \SystemRoot\System32\Drivers\msrpc.sys
0x86972000 \SystemRoot\System32\Drivers\ksecdd.sys
0x86985000 \SystemRoot\System32\Drivers\cng.sys
0x869E2000 \SystemRoot\System32\drivers\pcw.sys
0x869F0000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x86A1C000 \SystemRoot\system32\drivers\ndis.sys
0x86AD3000 \SystemRoot\system32\drivers\NETIO.SYS
0x86B11000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x86C24000 \SystemRoot\System32\drivers\tcpip.sys
0x86D6E000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x86D9F000 \SystemRoot\system32\drivers\volsnap.sys
0x86DDE000 \SystemRoot\System32\Drivers\spldr.sys
0x86B36000 \SystemRoot\System32\drivers\rdyboost.sys
0x86DE6000 \SystemRoot\System32\Drivers\mup.sys
0x86DF6000 \SystemRoot\System32\drivers\hwpolicy.sys
0x86B63000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x86C00000 \SystemRoot\system32\DRIVERS\disk.sys
0x86B95000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x88F3C000 \SystemRoot\System32\Drivers\aswSnx.SYS
0x88FAC000 \SystemRoot\System32\Drivers\Null.SYS
0x88FB3000 \SystemRoot\System32\Drivers\Beep.SYS
0x88FBA000 \SystemRoot\System32\drivers\vga.sys
0x88FC6000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x88FE7000 \SystemRoot\System32\drivers\watchdog.sys
0x88FF4000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x88E00000 \SystemRoot\system32\drivers\rdpencdd.sys
0x88E08000 \SystemRoot\system32\drivers\rdprefmp.sys
0x88E10000 \SystemRoot\System32\Drivers\Msfs.SYS
0x88E1B000 \SystemRoot\System32\Drivers\Npfs.SYS
0x88F1D000 \SystemRoot\system32\DRIVERS\tdx.sys
0x86BBA000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x86BC6000 \SystemRoot\System32\Drivers\aswTdi.SYS
0x867A3000 \SystemRoot\System32\DRIVERS\netbt.sys
0x8AE29000 \SystemRoot\system32\drivers\afd.sys
0x8AE83000 \SystemRoot\System32\Drivers\aswRdr.SYS
0x8AE8A000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x8AE91000 \SystemRoot\system32\DRIVERS\pacer.sys
0x8AEB0000 \SystemRoot\system32\DRIVERS\vwififlt.sys
0x8AEC1000 \SystemRoot\system32\DRIVERS\netbios.sys
0x8AECF000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x8AEE2000 \SystemRoot\system32\drivers\termdd.sys
0x8AEF3000 \??\C:\windows\system32\Drivers\SABI.sys
0x8AEFB000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x8AF3C000 \SystemRoot\system32\drivers\nsiproxy.sys
0x8AF46000 \SystemRoot\system32\drivers\mssmbios.sys
0x8AF50000 \SystemRoot\System32\drivers\discache.sys
0x8AF5C000 \SystemRoot\System32\Drivers\dfsc.sys
0x8AF74000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x8AF82000 \SystemRoot\System32\Drivers\aswSP.SYS
0x8AFCF000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x8AE00000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x8B814000 \SystemRoot\system32\DRIVERS\igdkmd32.sys
0x8BD1C000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x823BA000 \SystemRoot\System32\drivers\dxgmms1.sys
0x8BDD3000 \SystemRoot\system32\drivers\HDAudBus.sys
0x8C037000 \SystemRoot\system32\DRIVERS\athr.sys
0x8C16B000 \SystemRoot\system32\DRIVERS\vwifibus.sys
0x8C175000 \SystemRoot\system32\DRIVERS\yk62x86.sys
0x8C1C6000 \SystemRoot\system32\drivers\usbuhci.sys
0x8C22A000 \SystemRoot\system32\drivers\USBPORT.SYS
0x8C275000 \SystemRoot\system32\drivers\usbehci.sys
0x8C284000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x8C288000 \SystemRoot\system32\drivers\i8042prt.sys
0x8C2A0000 \SystemRoot\system32\drivers\kbdclass.sys
0x8C2AD000 \SystemRoot\system32\DRIVERS\ETD.sys
0x8C2C8000 \SystemRoot\system32\drivers\mouclass.sys
0x8C2D5000 \SystemRoot\system32\drivers\CompositeBus.sys
0x8C2E2000 \SystemRoot\system32\DRIVERS\serscan.sys
0x8C2EA000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x8C2FC000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8C314000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8C31F000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8C341000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x8C359000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x8C370000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x8C387000 \SystemRoot\system32\drivers\swenum.sys
0x8C389000 \SystemRoot\system32\drivers\ks.sys
0x8C3BD000 \SystemRoot\system32\drivers\umbus.sys
0x8D01F000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x8D063000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x8E207000 \SystemRoot\system32\drivers\RTKVHDA.sys
0x8E513000 \SystemRoot\system32\drivers\portcls.sys
0x8E542000 \SystemRoot\system32\drivers\drmk.sys
0x8E55B000 \SystemRoot\System32\Drivers\crashdmp.sys
0x8D074000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x8E568000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x8E830000 \SystemRoot\System32\win32k.sys
0x8E579000 \SystemRoot\System32\drivers\Dxapi.sys
0x8E583000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x8E59A000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x8E59C000 \SystemRoot\System32\Drivers\usbvideo.sys
0x8E5C0000 \SystemRoot\system32\DRIVERS\monitor.sys
0x8EA90000 \SystemRoot\System32\TSDDD.dll
0x8EAC0000 \SystemRoot\System32\cdd.dll
0x8E5CB000 \SystemRoot\system32\drivers\luafv.sys
0x8D14E000 \??\C:\windows\system32\drivers\aswMonFlt.sys
0x8E5E6000 \SystemRoot\System32\Drivers\aswFsBlk.SYS
0x8E5E9000 \SystemRoot\system32\DRIVERS\Sftvollh.sys
0x8D186000 \SystemRoot\system32\drivers\WudfPf.sys
0x8D1A0000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x8D1B0000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x8D000000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x8C3CB000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x8E5F2000 \SystemRoot\system32\DRIVERS\vwifimp.sys
0x88E29000 \SystemRoot\system32\drivers\HTTP.sys
0x8C3DE000 \SystemRoot\system32\DRIVERS\bowser.sys
0x8C200000 \SystemRoot\System32\drivers\mpsdrv.sys
0x8C1D1000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x88EAE000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x8C000000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0xAC816000 \SystemRoot\system32\drivers\peauth.sys
0xAC8AD000 \SystemRoot\System32\Drivers\secdrv.SYS
0xAC8B7000 \SystemRoot\system32\DRIVERS\Sftfslh.sys
0xAC94B000 \SystemRoot\system32\DRIVERS\Sftplaylh.sys
0xAC981000 \SystemRoot\System32\DRIVERS\srvnet.sys
0xAC9A2000 \SystemRoot\System32\drivers\tcpipreg.sys
0xAC9AF000 \SystemRoot\System32\DRIVERS\srv2.sys
0xADE12000 \SystemRoot\System32\DRIVERS\srv.sys
0xADE64000 \SystemRoot\system32\DRIVERS\Sftredirlh.sys
0xADE6D000 \??\C:\windows\system32\FsUsbExDisk.SYS
0xADEE0000 \SystemRoot\system32\drivers\MSPQM.sys
0x77510000 \Windows\System32\ntdll.dll
0x48540000 \Windows\System32\smss.exe
0x77750000 \Windows\System32\apisetschema.dll
0x00A60000 \Windows\System32\autochk.exe
0x77370000 \Windows\System32\setupapi.dll
0x77700000 \Windows\System32\ws2_32.dll
0x77660000 \Windows\System32\usp10.dll
0x77650000 \Windows\System32\psapi.dll
0x77170000 \Windows\System32\iertutil.dll
0x770A0000 \Windows\System32\msctf.dll
0x77040000 \Windows\System32\shlwapi.dll
0x76F40000 \Windows\System32\wininet.dll
0x76EC0000 \Windows\System32\comdlg32.dll
0x76EA0000 \Windows\System32\sechost.dll
0x76E40000 \Windows\System32\difxapi.dll
0x76D70000 \Windows\System32\user32.dll
0x76C10000 \Windows\System32\ole32.dll
0x76B80000 \Windows\System32\oleaut32.dll
0x76B30000 \Windows\System32\Wldap32.dll
0x76A80000 \Windows\System32\rpcrt4.dll
0x769E0000 \Windows\System32\advapi32.dll
0x75D90000 \Windows\System32\shell32.dll
0x75C50000 \Windows\System32\urlmon.dll
0x75C00000 \Windows\System32\gdi32.dll
0x75BF0000 \Windows\System32\nsi.dll
0x75BD0000 \Windows\System32\imm32.dll
0x75B40000 \Windows\System32\clbcatq.dll
0x75B30000 \Windows\System32\lpk.dll
0x75B20000 \Windows\System32\normaliz.dll
0x75A40000 \Windows\System32\kernel32.dll
0x75A10000 \Windows\System32\imagehlp.dll
0x75960000 \Windows\System32\msvcrt.dll
0x75840000 \Windows\System32\crypt32.dll
0x75810000 \Windows\System32\wintrust.dll
0x757E0000 \Windows\System32\cfgmgr32.dll
0x75790000 \Windows\System32\KernelBase.dll
0x75770000 \Windows\System32\devobj.dll
0x756E0000 \Windows\System32\comctl32.dll
0x756D0000 \Windows\System32\msasn1.dll

Processes (total 77):
0 System Idle Process
4 SYSTEM
340 C:\Windows\System32\smss.exe
480 csrss.exe
536 csrss.exe
544 C:\Windows\System32\wininit.exe
600 C:\Windows\System32\winlogon.exe
640 C:\Windows\System32\services.exe
648 C:\Windows\System32\lsass.exe
656 C:\Windows\System32\lsm.exe
752 C:\Windows\System32\svchost.exe
848 C:\Windows\System32\svchost.exe
896 C:\Windows\System32\svchost.exe
980 C:\Windows\System32\svchost.exe
1004 C:\Windows\System32\svchost.exe
1096 C:\Windows\System32\audiodg.exe
1144 C:\Windows\System32\svchost.exe
1292 C:\Windows\System32\svchost.exe
1424 C:\Program Files\AVAST Software\Avast\AvastSvc.exe
1432 C:\Windows\System32\dwm.exe
1836 C:\Windows\System32\spoolsv.exe
1852 C:\Windows\System32\taskhost.exe
1920 C:\Windows\System32\svchost.exe
768 C:\Windows\System32\FsUsbExService.Exe
1168 C:\Program Files\ICQ6Toolbar\ICQ Service.exe
1500 C:\Program Files\Symantec\Norton Online Backup\NOBuAgent.exe
1376 C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
2128 C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
2160 C:\Windows\System32\svchost.exe
2196 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
2280 C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
2360 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
2728 C:\Windows\System32\taskeng.exe
2760 C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel.exe
2784 C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
2856 C:\Windows\System32\igfxext.exe
2896 C:\Windows\System32\igfxsrvc.exe
2964 C:\Program Files\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
3108 C:\Windows\System32\svchost.exe
3176 C:\Windows\System32\svchost.exe
3904 C:\Windows\explorer.exe
4076 C:\Program Files\Samsung\Samsung Recovery Solution 5\WCScheduler.exe
780 C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
3252 C:\Program Files\Elantech\ETDCtrl.exe
3328 C:\Program Files\AVAST Software\Avast\AvastUI.exe
3372 C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
1964 C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
2372 C:\Program Files\Elantech\ETDCtrlHelper.exe
1380 C:\Program Files\ArcSoft\TotalMedia 3.5\TMMonitor.exe
3060 C:\Program Files\Samsung\SamsungFastStart\SmartRestarter.exe
3164 C:\Windows\System32\SearchIndexer.exe
3740 C:\Windows\System32\hkcmd.exe
3392 C:\Windows\System32\igfxtray.exe
3852 C:\Windows\System32\igfxpers.exe
3872 C:\Program Files\ICQ7.1\ICQ.exe
3020 C:\Program Files\Samsung\Movie Color Enhancer\MovieColorEnhancer.exe
2468 C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
3596 C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
2028 C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
4144 C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe
4160 C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
4796 C:\Windows\System32\svchost.exe
5372 C:\Program Files\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe
5712 C:\Program Files\Samsung\Samsung Update Plus\SUPBackground.exe
5892 C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
5924 C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
6020 C:\Program Files\Google\Chrome\Application\chrome.exe
6132 C:\Program Files\Google\Chrome\Application\chrome.exe
3624 C:\Program Files\Google\Chrome\Application\chrome.exe
4048 C:\Windows\System32\rundll32.exe
4896 C:\Program Files\Google\Chrome\Application\chrome.exe
3032 C:\Windows\System32\wuauclt.exe
2600 C:\Program Files\Google\Chrome\Application\chrome.exe
5884 C:\Windows\System32\SearchProtocolHost.exe
2624 C:\Windows\System32\SearchFilterHost.exe
5132 C:\Users\petr\Downloads\MBRCheck.exe
2808 C:\Windows\System32\conhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`06500000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x0000000d`c6600000 (NTFS)
\\.\Q: --> error 5

PhysicalDrive0 Model Number: SAMSUNGHM160HI, Rev: HH100-06

Size Device Name MBR Status
--------------------------------------------
149 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: F5C09ACABD4A5370BDD907E8EDFE0C1DA0F9D3F5


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!

[Paris]

tak bat soubor nebo dat?

[Paris]

je tady nejakej navod ne MbrScan jak udelat ten bat dat soubor\|?

[Paris]

to mi to hodilo

[Paris]

jo okno nevyskakuje ale pomalu se nacitaji ikony,

[Paris]

========== REGISTRY ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\MSWUpdate deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\MSWUpdate deleted successfully.
Error: Unable to interpret <:file> in the current context!
Error: Unable to interpret <C:\Users\petr\AppData\Roaming\lsass.exe> in the current context!

OTL by OldTimer - Version 3.2.31.0 log created on 12202011_190543

[Paris]

ja se omlouvám ale dřív se z prace nedostanu

[Paris]

muzu tady byt nejdrive v pul 6

[cernohous13]

Zdravím a omlouvám se za průnik

upravený script pro OTL

Kód: Vybrat vše

:files
C:\Users\petr\AppData\Roaming\lsass.exe

[Paris]

========== FILES ==========
File\Folder C:\Users\petr\AppData\Roaming\lsass.exe not found.

OTL by OldTimer - Version 3.2.31.0 log created on 12202011_192217