Preventivka po nalezeni viru

[Keyz]

Zdravím,prosím o preventivní kontrolu PC.Nejsem si jist zda je vše tak jak má.


Rozdělil jsem disk na 2 části.Na první jsem si dal zálohu dat (většinou hudba) a druhá část se systémem byla určena k naformátovaní a reinstalaci.Protože jsem nenašel instalační CD Windows XP OEM SP2 (Produktové číslo mám) které jsem měl, tak jsem použil stejnou verzi Windows kterou jsem stáh.Windows jsem nainstaloval z FLASH DISKU a naformátoval pomalu druhou část disku.Nasledně jsem Windows nainstaloval. Aktivace a ověření bylo ok (použil jsem své produktové číslo).Systém si stáhl asi 3-4 mále aktualizace a vyžadoval restart.Zálohu jsem přesunul na druhý disk,naformátoval první disk a sloučil rozdělený disk do původního stavu.
Po restartu se nešlo připojit na stránky antivirových programů ani microsoftu. Problém jsem dočasně vyřešil příkazem
"net stop dnscache", stáhl Avast Free, SpyBot a SUPERantiSpyware vše aktualizoval a provedl kompletní kontrolu.Našlo to nejaké nechtěné reklamy nic extra.

V Avastu jsem nastavil kontrolu po restartu a našlo to:
http://imgupload.sk/viewer.php?file=q2n ... fc7lxc.bmp

Již se mohu připojit na všechny stránky,a kotrola nic nenajde.Obávám se ale,jestli je opravu vše tak jak má.Nevím také jestli windows který jsem použil byl nějak upraven.Protože do první aktualizace vše bylo OK.

-Ty antivirové programy mně moc nepřesvědčily protože nic nenašly.Jedině kotrola po restartu.Tedy vše ostaní bylo na prd.
-Také nechápu, proč když mám produktové čislo a další náležitosti tak si nemohu stáhnout oficiální instalačku windows s webu microsoftu anebo jinde, abych nemusel hledat nějaké blbé verze a doufat,že je vše ok.


Log:

Logfile of random's system information tool 1.09 (written by random/random)
Run by Keyz at 2012-02-27 14:35:00
Microsoft Windows XP Home Edition Service Pack 2
System drive C: has 466 GB (76%) free of 610 GB
Total RAM: 3327 MB (87% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 14:35:04, on 27.2.2012
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ASUS\AI Direct Link\AsShare.exe
C:\Program Files\ASUS\Drive Xpert\DriveXpert.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ASUS\EPU-6 Engine\SixEngine.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ASUS\Drive Xpert\SteelVine.exe
C:\Program Files\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
C:\ASUS.SYS\config\DVMExportService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Keyz\Plocha\RSIT.exe
C:\Program Files\trend micro\Keyz.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Launch Direct Link] "C:\Program Files\ASUS\AI Direct Link\AsShare.exe"
O4 - HKLM\..\Run: [Launch As Cmd Runner] "C:\Program Files\ASUS\AI Direct Link\AsCmd.exe" -reg
O4 - HKLM\..\Run: [ASUS Update Checker] C:\Program Files\ASUS\ASUSUpdate\UpdateChecker\UpdateChecker.exe
O4 - HKLM\..\Run: [Drive Xpert] C:\Program Files\ASUS\Drive Xpert\DriveXpert.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Six Engine] "C:\Program Files\ASUS\EPU-6 Engine\SixEngine.exe" -b
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nview\nwiz.exe /installquiet
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-484763869-1972579041-839522115-1005\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'UpdatusUser')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: 57xx SteelVine (57xx SteelVine Manager) - Unknown owner - C:\Program Files\ASUS\Drive Xpert\SteelVine.exe
O23 - Service: ASUS System Control Service (AsSysCtrlService) - Unknown owner - C:\Program Files\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: DeviceVM Meta Data Export Service (DvmMDES) - DeviceVM, Inc. - C:\ASUS.SYS\config\DVMExportService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

--
End of file - 4524 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2011-06-06 63912]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"=C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2006-03-02 208952]
"PHIME2002ASync"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2006-03-02 455168]
"PHIME2002A"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2006-03-02 455168]
"Launch Direct Link"=C:\Program Files\ASUS\AI Direct Link\AsShare.exe [2008-12-09 1212416]
"Launch As Cmd Runner"=C:\Program Files\ASUS\AI Direct Link\AsCmd.exe [2008-06-17 376832]
"ASUS Update Checker"=C:\Program Files\ASUS\ASUSUpdate\UpdateChecker\UpdateChecker.exe [2008-12-11 114688]
"Drive Xpert"=C:\Program Files\ASUS\Drive Xpert\DriveXpert.exe [2009-02-02 10231808]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2009-05-21 17881600]
"Six Engine"=C:\Program Files\ASUS\EPU-6 Engine\SixEngine.exe [2009-05-25 6017024]
"UserFaultCheck"=C:\WINDOWS\system32\dumprep 0 -u []
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2012-02-10 15494464]
"NvMediaCenter"=NvMCTray.dll,NvTaskbarInit -login []
"nwiz"=C:\Program Files\NVIDIA Corporation\nview\nwiz.exe [2012-02-10 1634112]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2011-06-06 937920]
"avast"=C:\Program Files\AVAST Software\Avast\avastUI.exe [2012-02-23 4031368]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2006-03-02 15360]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv

======List of files/folders created in the last 1 month======

2012-02-27 14:35:00 ----D---- C:\rsit
2012-02-27 14:35:00 ----D---- C:\Program Files\trend micro
2012-02-27 14:24:14 ----SHD---- C:\RECYCLER
2012-02-27 13:47:44 ----D---- C:\Program Files\CCleaner
2012-02-27 13:39:45 ----D---- C:\2
2012-02-27 13:38:48 ----D---- C:\Documents and Settings\All Users\Data aplikací\Windows Genuine Advantage
2012-02-27 13:36:43 ----SD---- C:\32788R22FWJFW
2012-02-27 12:47:33 ----D---- C:\Program Files\SUPERAntiSpyware
2012-02-27 12:47:33 ----D---- C:\Documents and Settings\All Users\Data aplikací\SUPERAntiSpyware.com
2012-02-27 12:42:59 ----D---- C:\Program Files\Spybot - Search & Destroy
2012-02-27 12:42:59 ----D---- C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy
2012-02-27 12:41:06 ----A---- C:\WINDOWS\system32\drivers\aswFsBlk.sys
2012-02-27 12:41:05 ----A---- C:\WINDOWS\system32\drivers\aswSP.sys
2012-02-27 12:41:04 ----A---- C:\WINDOWS\system32\drivers\aswTdi.sys
2012-02-27 12:41:04 ----A---- C:\WINDOWS\system32\drivers\aswSnx.sys
2012-02-27 12:41:04 ----A---- C:\WINDOWS\system32\drivers\aswRdr.sys
2012-02-27 12:41:03 ----A---- C:\WINDOWS\system32\drivers\aswmon2.sys
2012-02-27 12:41:03 ----A---- C:\WINDOWS\system32\drivers\aswmon.sys
2012-02-27 12:41:03 ----A---- C:\WINDOWS\system32\drivers\aavmker4.sys
2012-02-27 12:40:57 ----A---- C:\WINDOWS\system32\aswBoot.exe
2012-02-27 12:40:57 ----A---- C:\WINDOWS\avastSS.scr
2012-02-27 12:40:49 ----D---- C:\Program Files\AVAST Software
2012-02-27 12:40:49 ----D---- C:\Documents and Settings\All Users\Data aplikací\AVAST Software
2012-02-27 12:33:03 ----D---- C:\WINDOWS\system32\Adobe
2012-02-27 12:32:39 ----D---- C:\Documents and Settings\Keyz\Data aplikací\Macromedia
2012-02-27 12:13:07 ----D---- C:\Documents and Settings\Keyz\Data aplikací\Adobe
2012-02-27 12:12:42 ----D---- C:\Program Files\Common Files\Adobe
2012-02-27 12:12:42 ----D---- C:\Program Files\Adobe
2012-02-27 12:12:31 ----D---- C:\Documents and Settings\All Users\Data aplikací\Adobe
2012-02-27 11:46:19 ----D---- C:\down
2012-02-27 11:36:40 ----D---- C:\Documents and Settings\Keyz\Data aplikací\Opera
2012-02-27 11:36:37 ----D---- C:\Program Files\Opera
2012-02-27 11:23:03 ----D---- C:\Local Disk D_22720121123
2012-02-27 01:26:13 ----A---- C:\WINDOWS\system32\h323log.txt
2012-02-27 01:24:01 ----A---- C:\WINDOWS\system32\uniime.dll
2012-02-27 01:24:00 ----A---- C:\WINDOWS\system32\imjp81k.dll
2012-02-27 01:23:59 ----A---- C:\WINDOWS\system32\msir3jp.dll
2012-02-27 01:23:59 ----A---- C:\WINDOWS\system32\korwbrkr.dll
2012-02-27 01:23:59 ----A---- C:\WINDOWS\system32\chtbrkr.dll
2012-02-27 01:23:59 ----A---- C:\WINDOWS\system32\chsbrkr.dll
2012-02-27 01:23:55 ----A---- C:\WINDOWS\system32\kbd101a.dll
2012-02-27 01:23:55 ----A---- C:\WINDOWS\system32\c_g18030.dll
2012-02-27 01:23:53 ----A---- C:\WINDOWS\system32\kbdnecNT.dll
2012-02-27 01:23:53 ----A---- C:\WINDOWS\system32\kbdnecAT.dll
2012-02-27 01:23:53 ----A---- C:\WINDOWS\system32\kbdnec95.dll
2012-02-27 01:23:53 ----A---- C:\WINDOWS\system32\kbdlk41j.dll
2012-02-27 01:23:53 ----A---- C:\WINDOWS\system32\kbdlk41a.dll
2012-02-27 01:23:53 ----A---- C:\WINDOWS\system32\kbdibm02.dll
2012-02-27 01:23:53 ----A---- C:\WINDOWS\system32\kbdax2.dll
2012-02-27 01:23:53 ----A---- C:\WINDOWS\system32\kbd106n.dll
2012-02-27 01:23:53 ----A---- C:\WINDOWS\system32\kbd101.dll
2012-02-27 01:23:53 ----A---- C:\WINDOWS\system32\f3ahvoas.dll
2012-02-27 01:23:50 ----A---- C:\WINDOWS\system32\c_is2022.dll
2012-02-27 01:23:49 ----A---- C:\WINDOWS\system32\kbdkor.dll
2012-02-27 01:23:49 ----A---- C:\WINDOWS\system32\kbdjpn.dll
2012-02-27 01:23:49 ----A---- C:\WINDOWS\system32\kbd106.dll
2012-02-27 01:23:49 ----A---- C:\WINDOWS\system32\kbd103.dll
2012-02-27 01:23:49 ----A---- C:\WINDOWS\system32\kbd101c.dll
2012-02-27 01:23:48 ----A---- C:\WINDOWS\system32\Thawbrkr.dll
2012-02-27 01:23:48 ----A---- C:\WINDOWS\system32\kbd101b.dll
2012-02-27 01:23:48 ----A---- C:\WINDOWS\system32\c_iscii.dll
2012-02-27 01:23:47 ----A---- C:\WINDOWS\system32\kbdusa.dll
2012-02-27 01:23:45 ----A---- C:\WINDOWS\system32\ftlx041e.dll
2012-02-27 01:22:07 ----D---- C:\WINDOWS\system32\PreInstall
2012-02-27 01:22:05 ----HDC---- C:\WINDOWS\$NtUninstallKB898461$
2012-02-27 01:21:50 ----N---- C:\WINDOWS\system32\spmsg.dll
2012-02-27 01:21:42 ----HDC---- C:\WINDOWS\$MSI31Uninstall_KB893803v2$
2012-02-27 01:18:29 ----A---- C:\WINDOWS\system32\drivers\kmixer.sys
2012-02-27 01:18:28 ----A---- C:\WINDOWS\system32\drivers\sysaudio.sys
2012-02-27 01:18:27 ----A---- C:\WINDOWS\system32\drivers\splitter.sys
2012-02-27 01:18:26 ----A---- C:\WINDOWS\system32\drivers\wdmaud.sys
2012-02-27 01:18:25 ----A---- C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2012-02-27 01:18:24 ----A---- C:\WINDOWS\system32\drivers\MSPQM.sys
2012-02-27 01:18:23 ----A---- C:\WINDOWS\system32\drivers\aec.sys
2012-02-27 01:18:20 ----A---- C:\WINDOWS\system32\drivers\swmidi.sys
2012-02-27 01:18:19 ----A---- C:\WINDOWS\system32\drivers\DMusic.sys
2012-02-27 01:18:18 ----A---- C:\WINDOWS\system32\drivers\MSKSSRV.sys
2012-02-27 01:18:17 ----A---- C:\WINDOWS\system32\drivers\drmkaud.sys
2012-02-27 01:18:15 ----A---- C:\WINDOWS\system32\drivers\audstub.sys
2012-02-27 01:18:02 ----A---- C:\WINDOWS\system32\hidserv.dll
2012-02-27 01:17:58 ----A---- C:\WINDOWS\system32\wups2.dll
2012-02-27 01:17:58 ----A---- C:\WINDOWS\system32\ksuser.dll
2012-02-27 01:17:58 ----A---- C:\WINDOWS\system32\drivers\USBAUDIO.sys
2012-02-27 01:17:58 ----A---- C:\WINDOWS\system32\drivers\portcls.sys
2012-02-27 01:17:58 ----A---- C:\WINDOWS\system32\drivers\drmk.sys
2012-02-27 01:17:56 ----D---- C:\WINDOWS\system32\SoftwareDistribution
2012-02-27 01:17:16 ----A---- C:\WINDOWS\system32\drivers\redbook.sys
2012-02-27 01:16:49 ----A---- C:\WINDOWS\system32\drivers\enum1394.sys
2012-02-27 01:16:15 ----A---- C:\WINDOWS\system32\usbui.dll
2012-02-27 01:15:36 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2012-02-27 01:15:35 ----SHD---- C:\WINDOWS\Installer
2012-02-27 01:15:35 ----D---- C:\Program Files\Common Files\ODBC
2012-02-27 01:15:35 ----A---- C:\WINDOWS\ODBCINST.INI
2012-02-27 01:15:34 ----RD---- C:\Program Files
2012-02-27 01:15:34 ----D---- C:\Program Files\Common Files\SpeechEngines
2012-02-27 01:15:34 ----D---- C:\Program Files\Common Files\Microsoft Shared
2012-02-27 01:15:34 ----D---- C:\Program Files\Common Files
2012-02-27 01:15:27 ----A---- C:\WINDOWS\system32\spxcoins.dll
2012-02-27 01:15:27 ----A---- C:\WINDOWS\system32\irclass.dll
2012-02-27 01:15:27 ----A---- C:\WINDOWS\system32\EqnClass.Dll
2012-02-27 01:15:27 ----A---- C:\WINDOWS\system32\dgsetup.dll
2012-02-27 01:15:27 ----A---- C:\WINDOWS\system32\dgrpsetu.dll
2012-02-27 01:15:26 ----N---- C:\WINDOWS\system32\CONFIG.TMP
2012-02-27 01:15:26 ----A---- C:\WINDOWS\TASKMAN.EXE
2012-02-27 01:15:26 ----A---- C:\WINDOWS\system32\drivers\irenum.sys
2012-02-27 01:15:26 ----A---- C:\WINDOWS\system32\batt.dll
2012-02-27 01:15:26 ----A---- C:\WINDOWS\NOTEPAD.EXE
2012-02-27 01:15:25 ----A---- C:\WINDOWS\system32\storprop.dll
2012-02-27 01:15:20 ----ASH---- C:\Documents and Settings\All Users\Data aplikací\desktop.ini
2012-02-27 01:14:02 ----D---- C:\WINDOWS\system32\CatRoot2
2012-02-27 01:14:02 ----D---- C:\WINDOWS\system32\CatRoot
2012-02-27 01:13:57 ----SD---- C:\Documents and Settings\All Users\Data aplikací\Microsoft
2012-02-27 01:12:55 ----D---- C:\Documents and Settings
2012-02-27 01:12:55 ----A---- C:\WINDOWS\system32\FNTCACHE.DAT
2012-02-27 01:12:11 ----D---- C:\Documents and Settings\Keyz\Data aplikací\TeraCopy
2012-02-27 01:12:08 ----D---- C:\Program Files\TeraCopy
2012-02-27 01:11:44 ----RASH---- C:\boot.ini
2012-02-27 01:10:31 ----A---- C:\WINDOWS\system32\setupempdrv03.exe
2012-02-27 01:10:31 ----A---- C:\WINDOWS\system32\EuGdiDrv.sys
2012-02-27 01:10:31 ----A---- C:\WINDOWS\system32\EuEpmGdi.dll
2012-02-27 01:10:31 ----A---- C:\WINDOWS\system32\epmntdrv.sys
2012-02-27 01:10:31 ----A---- C:\WINDOWS\system32\BootMan.exe
2012-02-27 01:10:28 ----D---- C:\Program Files\EASEUS
2012-02-27 01:09:06 ----D---- C:\totalcmd
2012-02-27 01:09:06 ----D---- C:\Documents and Settings\Keyz\Data aplikací\GHISLER
2012-02-27 01:09:06 ----A---- C:\WINDOWS\UC.PIF
2012-02-27 01:09:06 ----A---- C:\WINDOWS\RAR.PIF
2012-02-27 01:09:06 ----A---- C:\WINDOWS\PKZIP.PIF
2012-02-27 01:09:06 ----A---- C:\WINDOWS\PKUNZIP.PIF
2012-02-27 01:09:06 ----A---- C:\WINDOWS\NOCLOSE.PIF
2012-02-27 01:09:06 ----A---- C:\WINDOWS\LHA.PIF
2012-02-27 01:09:06 ----A---- C:\WINDOWS\ARJ.PIF
2012-02-27 01:07:32 ----D---- C:\Documents and Settings\All Users\Data aplikací\NVIDIA Corporation
2012-02-27 01:07:30 ----D---- C:\Documents and Settings\All Users\Data aplikací\NVIDIA
2012-02-27 01:07:25 ----A---- C:\WINDOWS\system32\nvsvc32.exe
2012-02-27 01:07:25 ----A---- C:\WINDOWS\system32\nvmctray.dll
2012-02-27 01:07:25 ----A---- C:\WINDOWS\system32\nvcpl.dll
2012-02-27 01:07:25 ----A---- C:\WINDOWS\system32\nvcolor.exe
2012-02-27 01:07:24 ----A---- C:\WINDOWS\system32\nvwddi.dll
2012-02-27 01:07:08 ----A---- C:\WINDOWS\system32\OpenCL.dll
2012-02-27 01:07:07 ----A---- C:\WINDOWS\system32\nvoglnt.dll
2012-02-27 01:07:07 ----A---- C:\WINDOWS\system32\nvgenco32.dll
2012-02-27 01:07:07 ----A---- C:\WINDOWS\system32\nvdispco32.dll
2012-02-27 01:07:07 ----A---- C:\WINDOWS\system32\nvcuvid.dll
2012-02-27 01:07:07 ----A---- C:\WINDOWS\system32\nvcuvenc.dll
2012-02-27 01:07:07 ----A---- C:\WINDOWS\system32\nvcuda.dll
2012-02-27 01:07:07 ----A---- C:\WINDOWS\system32\nvcompiler.dll
2012-02-27 01:07:07 ----A---- C:\WINDOWS\system32\nvapi.dll
2012-02-27 01:07:07 ----A---- C:\WINDOWS\system32\nv4_disp.dll
2012-02-27 01:07:07 ----A---- C:\WINDOWS\system32\drivers\nv4_mini.sys
2012-02-27 01:06:44 ----D---- C:\Program Files\NVIDIA Corporation
2012-02-27 01:06:30 ----D---- C:\NVIDIA
2012-02-27 01:04:58 ----SHD---- C:\System Volume Information
2012-02-27 01:03:29 ----A---- C:\WINDOWS\system32\wpa.bak
2012-02-27 01:00:45 ----D---- C:\WINDOWS\system32\Lang
2012-02-27 00:59:02 ----HD---- C:\temp
2012-02-27 00:59:02 ----HD---- C:\dvmexp
2012-02-27 00:57:50 ----HD---- C:\ASUS.000
2012-02-27 00:57:41 ----HD---- C:\ASUS.SYS
2012-02-27 00:54:36 ----D---- C:\WINDOWS\system32\RTCOM
2012-02-27 00:54:32 ----A---- C:\WINDOWS\vncutil.exe
2012-02-27 00:54:32 ----A---- C:\WINDOWS\SOUNDMAN.EXE
2012-02-27 00:54:32 ----A---- C:\WINDOWS\SkyTel.exe
2012-02-27 00:54:32 ----A---- C:\WINDOWS\RtlUpd.exe
2012-02-27 00:54:30 ----A---- C:\WINDOWS\system32\RtkCoInstXP.dll
2012-02-27 00:54:30 ----A---- C:\WINDOWS\system32\drivers\RtkHDAud.sys
2012-02-27 00:54:30 ----A---- C:\WINDOWS\RTLCPL.EXE
2012-02-27 00:54:29 ----A---- C:\WINDOWS\RtkAudioService.exe
2012-02-27 00:54:27 ----A---- C:\WINDOWS\system32\drivers\Monfilt.sys
2012-02-27 00:54:27 ----A---- C:\WINDOWS\system32\drivers\Ambfilt.sys
2012-02-27 00:54:27 ----A---- C:\WINDOWS\RTHDCPL.EXE
2012-02-27 00:54:27 ----A---- C:\WINDOWS\MicCal.exe
2012-02-27 00:54:27 ----A---- C:\WINDOWS\ALCWZRD.EXE
2012-02-27 00:54:26 ----D---- C:\Program Files\Realtek
2012-02-27 00:54:26 ----A---- C:\WINDOWS\ALCMTR.EXE
2012-02-27 00:54:25 ----A---- C:\WINDOWS\RtlExUpd.dll
2012-02-27 00:54:08 ----A---- C:\WINDOWS\system32\drivers\AsInsHelp64.sys
2012-02-27 00:54:08 ----A---- C:\WINDOWS\system32\drivers\AsInsHelp32.sys
2012-02-27 00:53:39 ----A---- C:\WINDOWS\system32\spupdsvc.exe
2012-02-27 00:53:38 ----HDC---- C:\WINDOWS\$NtUninstallKB888111WXPSP2$
2012-02-27 00:52:56 ----A---- C:\WINDOWS\system32\drivers\mrdd.sys
2012-02-27 00:52:30 ----D---- C:\Program Files\Marvell
2012-02-27 00:52:06 ----D---- C:\Documents and Settings\Keyz\Data aplikací\InstallShield
2012-02-27 00:51:05 ----A---- C:\WINDOWS\system32\SV_SQL3_Events.db
2012-02-27 00:51:05 ----A---- C:\WINDOWS\system32\SV_SQL3_Config.db
2012-02-27 00:50:55 ----A---- C:\WINDOWS\system32\drivers\AsIO.sys
2012-02-27 00:50:55 ----A---- C:\WINDOWS\system32\AsIO.dll
2012-02-27 00:50:28 ----D---- C:\Program Files\ASUS
2012-02-27 00:50:24 ----D---- C:\Program Files\Common Files\InstallShield
2012-02-27 00:49:05 ----D---- C:\WINDOWS\system32\ReinstallBackups
2012-02-27 00:49:04 ----DC---- C:\WINDOWS\system32\DRVSTORE
2012-02-27 00:49:04 ----A---- C:\WINDOWS\system32\CSVer.dll
2012-02-27 00:49:03 ----D---- C:\Program Files\Intel
2012-02-27 00:48:56 ----D---- C:\Intel
2012-02-27 00:48:49 ----A---- C:\WINDOWS\Language_trs.ini
2012-02-27 00:48:22 ----RSHDC---- C:\WINDOWS\system32\dllcache
2012-02-27 00:48:22 ----RSD---- C:\WINDOWS\Fonts
2012-02-27 00:48:22 ----RD---- C:\WINDOWS\Web
2012-02-27 00:48:22 ----HD---- C:\WINDOWS\inf
2012-02-27 00:48:22 ----D---- C:\WINDOWS\WinSxS
2012-02-27 00:48:22 ----D---- C:\WINDOWS\twain_32
2012-02-27 00:48:22 ----D---- C:\WINDOWS\Temp
2012-02-27 00:48:22 ----D---- C:\WINDOWS\system32\wins
2012-02-27 00:48:22 ----D---- C:\WINDOWS\system32\wbem
2012-02-27 00:48:22 ----D---- C:\WINDOWS\system32\usmt
2012-02-27 00:48:22 ----D---- C:\WINDOWS\system32\spool
2012-02-27 00:48:22 ----D---- C:\WINDOWS\system32\ShellExt
2012-02-27 00:48:22 ----D---- C:\WINDOWS\system32\Setup
2012-02-27 00:48:22 ----D---- C:\WINDOWS\system32\ras
2012-02-27 00:48:22 ----D---- C:\WINDOWS\system32\oobe
2012-02-27 00:48:22 ----D---- C:\WINDOWS\system32\npp
2012-02-27 00:48:22 ----D---- C:\WINDOWS\system32\mui
2012-02-27 00:48:22 ----D---- C:\WINDOWS\system32\inetsrv
2012-02-27 00:48:22 ----D---- C:\WINDOWS\system32\IME
2012-02-27 00:48:22 ----D---- C:\WINDOWS\system32\icsxml
2012-02-27 00:48:22 ----D---- C:\WINDOWS\system32\ias
2012-02-27 00:48:22 ----D---- C:\WINDOWS\system32\export
2012-02-27 00:48:22 ----D---- C:\WINDOWS\system32\drivers\etc
2012-02-27 00:48:22 ----D---- C:\WINDOWS\system32\drivers\disdn
2012-02-27 00:48:22 ----D---- C:\WINDOWS\system32\drivers
2012-02-27 00:48:22 ----D---- C:\WINDOWS\system32\dhcp
2012-02-27 00:48:22 ----D---- C:\WINDOWS\system32\config
2012-02-27 00:48:22 ----D---- C:\WINDOWS\system32\3com_dmi
2012-02-27 00:48:22 ----D---- C:\WINDOWS\system32\3076
2012-02-27 00:48:22 ----D---- C:\WINDOWS\system32\2052
2012-02-27 00:48:22 ----D---- C:\WINDOWS\system32\1054
2012-02-27 00:48:22 ----D---- C:\WINDOWS\system32\1042
2012-02-27 00:48:22 ----D---- C:\WINDOWS\system32\1041
2012-02-27 00:48:22 ----D---- C:\WINDOWS\system32\1037
2012-02-27 00:48:22 ----D---- C:\WINDOWS\system32\1033
2012-02-27 00:48:22 ----D---- C:\WINDOWS\system32\1031
2012-02-27 00:48:22 ----D---- C:\WINDOWS\system32\1029
2012-02-27 00:48:22 ----D---- C:\WINDOWS\system32\1028
2012-02-27 00:48:22 ----D---- C:\WINDOWS\system32\1025
2012-02-27 00:48:22 ----D---- C:\WINDOWS\system32
2012-02-27 00:48:22 ----D---- C:\WINDOWS\system
2012-02-27 00:48:22 ----D---- C:\WINDOWS\security
2012-02-27 00:48:22 ----D---- C:\WINDOWS\Resources
2012-02-27 00:48:22 ----D---- C:\WINDOWS\repair
2012-02-27 00:48:22 ----D---- C:\WINDOWS\Provisioning
2012-02-27 00:48:22 ----D---- C:\WINDOWS\pchealth
2012-02-27 00:48:22 ----D---- C:\WINDOWS\PeerNet
2012-02-27 00:48:22 ----D---- C:\WINDOWS\mui
2012-02-27 00:48:22 ----D---- C:\WINDOWS\msapps
2012-02-27 00:48:22 ----D---- C:\WINDOWS\msagent
2012-02-27 00:48:22 ----D---- C:\WINDOWS\Media
2012-02-27 00:48:22 ----D---- C:\WINDOWS\java
2012-02-27 00:48:22 ----D---- C:\WINDOWS\ime
2012-02-27 00:48:22 ----D---- C:\WINDOWS\Help
2012-02-27 00:48:22 ----D---- C:\WINDOWS\Driver Cache
2012-02-27 00:48:22 ----D---- C:\WINDOWS\Debug
2012-02-27 00:48:22 ----D---- C:\WINDOWS\Cursors
2012-02-27 00:48:22 ----D---- C:\WINDOWS\Connection Wizard
2012-02-27 00:48:22 ----D---- C:\WINDOWS\Config
2012-02-27 00:48:22 ----D---- C:\WINDOWS\AppPatch
2012-02-27 00:48:22 ----D---- C:\WINDOWS\addins
2012-02-27 00:48:22 ----D---- C:\WINDOWS
2012-02-27 00:48:22 ----ASH---- C:\pagefile.sys
2012-02-27 00:48:08 ----D---- C:\WINDOWS\system32\Atheros_L1e
2012-02-27 00:48:05 ----HD---- C:\Program Files\InstallShield Installation Information
2012-02-27 00:32:57 ----D---- C:\Documents and Settings\Keyz\Data aplikací\Identities
2012-02-27 00:32:56 ----HD---- C:\Program Files\Uninstall Information
2012-02-27 00:32:46 ----SD---- C:\Documents and Settings\Keyz\Data aplikací\Microsoft
2012-02-27 00:32:46 ----ASH---- C:\Documents and Settings\Keyz\Data aplikací\desktop.ini
2012-02-27 00:31:58 ----D---- C:\WINDOWS\SoftwareDistribution
2012-02-27 00:31:56 ----SD---- C:\WINDOWS\system32\Microsoft
2012-02-27 00:31:56 ----D---- C:\WINDOWS\Prefetch
2012-02-27 00:31:56 ----A---- C:\WINDOWS\SchedLgU.Txt
2012-02-27 00:30:48 ----AS---- C:\WINDOWS\bootstat.dat
2012-02-27 00:30:07 ----D---- C:\WINDOWS\system32\xircom
2012-02-27 00:30:07 ----D---- C:\Program Files\xerox
2012-02-27 00:30:07 ----D---- C:\Program Files\microsoft frontpage
2012-02-27 00:29:52 ----HD---- C:\WINDOWS\$hf_mig$
2012-02-27 00:29:45 ----RASH---- C:\MSDOS.SYS
2012-02-27 00:29:45 ----RASH---- C:\IO.SYS
2012-02-27 00:29:45 ----A---- C:\WINDOWS\control.ini
2012-02-27 00:29:45 ----A---- C:\CONFIG.SYS
2012-02-27 00:29:45 ----A---- C:\AUTOEXEC.BAT
2012-02-27 00:29:36 ----A---- C:\WINDOWS\system32\mapi32.dll
2012-02-27 00:29:09 ----SD---- C:\WINDOWS\Downloaded Program Files
2012-02-27 00:29:09 ----RD---- C:\WINDOWS\Offline Web Pages
2012-02-27 00:29:03 ----HD---- C:\Program Files\WindowsUpdate
2012-02-27 00:29:01 ----D---- C:\Program Files\Online Services
2012-02-27 00:28:52 ----D---- C:\WINDOWS\system32\DirectX
2012-02-27 00:28:43 ----A---- C:\WINDOWS\system32\desktop.ini
2012-02-27 00:28:43 ----A---- C:\WINDOWS\system32\atrace.dll
2012-02-27 00:28:43 ----A---- C:\WINDOWS\desktop.ini
2012-02-27 00:28:40 ----D---- C:\Program Files\Common Files\Services
2012-02-27 00:28:40 ----A---- C:\WINDOWS\system32\nmevtmsg.dll
2012-02-27 00:28:40 ----A---- C:\WINDOWS\system32\acctres.dll
2012-02-27 00:28:38 ----SD---- C:\WINDOWS\Tasks
2012-02-27 00:28:38 ----D---- C:\Program Files\Common Files\MSSoap
2012-02-27 00:28:38 ----A---- C:\WINDOWS\system32\icfgnt5.dll
2012-02-27 00:28:36 ----D---- C:\WINDOWS\system32\Macromed
2012-02-27 00:28:36 ----D---- C:\WINDOWS\srchasst
2012-02-27 00:28:35 ----A---- C:\WINDOWS\system32\wuweb.dll
2012-02-27 00:28:35 ----A---- C:\WINDOWS\system32\wucltui.dll
2012-02-27 00:28:35 ----A---- C:\WINDOWS\system32\wuauserv.dll
2012-02-27 00:28:35 ----A---- C:\WINDOWS\system32\wuaueng1.dll
2012-02-27 00:28:34 ----A---- C:\WINDOWS\system32\wups.dll
2012-02-27 00:28:34 ----A---- C:\WINDOWS\system32\wuaueng.dll
2012-02-27 00:28:34 ----A---- C:\WINDOWS\system32\wuauclt1.exe
2012-02-27 00:28:34 ----A---- C:\WINDOWS\system32\wuauclt.exe
2012-02-27 00:28:34 ----A---- C:\WINDOWS\system32\wuapi.dll
2012-02-27 00:28:34 ----A---- C:\WINDOWS\system32\qmgrprxy.dll
2012-02-27 00:28:34 ----A---- C:\WINDOWS\system32\qmgr.dll
2012-02-27 00:28:34 ----A---- C:\WINDOWS\system32\bitsprx3.dll
2012-02-27 00:28:34 ----A---- C:\WINDOWS\system32\bitsprx2.dll
2012-02-27 00:28:33 ----D---- C:\Program Files\Movie Maker
2012-02-27 00:28:32 ----A---- C:\WINDOWS\system32\safrslv.dll
2012-02-27 00:28:32 ----A---- C:\WINDOWS\system32\safrdm.dll
2012-02-27 00:28:31 ----A---- C:\WINDOWS\system32\safrcdlg.dll
2012-02-27 00:28:31 ----A---- C:\WINDOWS\system32\racpldlg.dll
2012-02-27 00:28:31 ----A---- C:\WINDOWS\system32\fltMc.exe
2012-02-27 00:28:31 ----A---- C:\WINDOWS\system32\fltlib.dll
2012-02-27 00:28:31 ----A---- C:\WINDOWS\system32\drivers\fltMgr.sys
2012-02-27 00:28:30 ----D---- C:\WINDOWS\system32\Restore
2012-02-27 00:28:30 ----A---- C:\WINDOWS\system32\srsvc.dll
2012-02-27 00:28:30 ----A---- C:\WINDOWS\system32\srrstr.dll
2012-02-27 00:28:30 ----A---- C:\WINDOWS\system32\srclient.dll
2012-02-27 00:28:30 ----A---- C:\WINDOWS\system32\nmmkcert.dll
2012-02-27 00:28:30 ----A---- C:\WINDOWS\system32\msconf.dll
2012-02-27 00:28:30 ----A---- C:\WINDOWS\system32\mnmsrvc.exe
2012-02-27 00:28:30 ----A---- C:\WINDOWS\system32\mnmdd.dll
2012-02-27 00:28:30 ----A---- C:\WINDOWS\system32\isrdbg32.dll
2012-02-27 00:28:30 ----A---- C:\WINDOWS\system32\ils.dll
2012-02-27 00:28:30 ----A---- C:\WINDOWS\system32\drivers\sr.sys
2012-02-27 00:28:29 ----D---- C:\Program Files\NetMeeting
2012-02-27 00:28:29 ----A---- C:\WINDOWS\system32\msoert2.dll
2012-02-27 00:28:29 ----A---- C:\WINDOWS\system32\msoeacct.dll
2012-02-27 00:28:28 ----D---- C:\Program Files\Outlook Express
2012-02-27 00:28:28 ----A---- C:\WINDOWS\system32\schedsvc.dll
2012-02-27 00:28:28 ----A---- C:\WINDOWS\system32\mstinit.exe
2012-02-27 00:28:28 ----A---- C:\WINDOWS\system32\mstask.dll
2012-02-27 00:28:28 ----A---- C:\WINDOWS\system32\inetres.dll
2012-02-27 00:28:28 ----A---- C:\WINDOWS\system32\inetcomm.dll
2012-02-27 00:28:28 ----A---- C:\WINDOWS\system32\icwphbk.dll
2012-02-27 00:28:28 ----A---- C:\WINDOWS\system32\icwdial.dll
2012-02-27 00:28:27 ----A---- C:\WINDOWS\system32\isign32.dll
2012-02-27 00:28:27 ----A---- C:\WINDOWS\system32\inetcfg.dll
2012-02-27 00:28:25 ----D---- C:\Program Files\Common Files\System
2012-02-27 00:28:24 ----D---- C:\Program Files\Internet Explorer
2012-02-27 00:28:23 ----A---- C:\WINDOWS\system32\emptyregdb.dat
2012-02-27 00:28:15 ----D---- C:\Program Files\ComPlus Applications
2012-02-27 00:28:14 ----A---- C:\WINDOWS\vbaddin.ini
2012-02-27 00:28:14 ----A---- C:\WINDOWS\vb.ini
2012-02-27 00:28:10 ----D---- C:\WINDOWS\Registration
2012-02-27 00:27:53 ----D---- C:\Program Files\Windows Media Player
2012-02-27 00:27:50 ----D---- C:\Program Files\Messenger
2012-02-27 00:27:49 ----D---- C:\Program Files\MSN Gaming Zone
2012-02-27 00:27:49 ----A---- C:\WINDOWS\system32\write.exe
2012-02-27 00:27:43 ----A---- C:\WINDOWS\system32\winchat.exe
2012-02-27 00:27:43 ----A---- C:\WINDOWS\system32\sndvol32.exe
2012-02-27 00:27:43 ----A---- C:\WINDOWS\system32\hticons.dll
2012-02-27 00:27:43 ----A---- C:\WINDOWS\system32\avwav.dll
2012-02-27 00:27:43 ----A---- C:\WINDOWS\system32\avtapi.dll
2012-02-27 00:27:43 ----A---- C:\WINDOWS\system32\avmeter.dll
2012-02-27 00:27:40 ----A---- C:\WINDOWS\system32\getuname.dll
2012-02-27 00:27:39 ----A---- C:\WINDOWS\system32\winmine.exe
2012-02-27 00:27:39 ----A---- C:\WINDOWS\system32\usrlogon.cmd
2012-02-27 00:27:39 ----A---- C:\WINDOWS\system32\tsshutdn.exe
2012-02-27 00:27:39 ----A---- C:\WINDOWS\system32\tslabels.ini
2012-02-27 00:27:39 ----A---- C:\WINDOWS\system32\tskill.exe
2012-02-27 00:27:39 ----A---- C:\WINDOWS\system32\sol.exe
2012-02-27 00:27:39 ----A---- C:\WINDOWS\system32\reset.exe
2012-02-27 00:27:39 ----A---- C:\WINDOWS\system32\mshearts.exe
2012-02-27 00:27:39 ----A---- C:\WINDOWS\system32\charmap.exe
2012-02-27 00:27:39 ----A---- C:\WINDOWS\system32\freecell.exe
2012-02-27 00:27:39 ----A---- C:\WINDOWS\system32\calc.exe
2012-02-27 00:27:38 ----A---- C:\WINDOWS\system32\tsdiscon.exe
2012-02-27 00:27:38 ----A---- C:\WINDOWS\system32\tscon.exe
2012-02-27 00:27:38 ----A---- C:\WINDOWS\system32\stclient.dll
2012-02-27 00:27:38 ----A---- C:\WINDOWS\system32\shadow.exe
2012-02-27 00:27:38 ----A---- C:\WINDOWS\system32\rwinsta.exe
2012-02-27 00:27:38 ----A---- C:\WINDOWS\system32\regini.exe
2012-02-27 00:27:38 ----A---- C:\WINDOWS\system32\rdpcfgex.dll
2012-02-27 00:27:38 ----A---- C:\WINDOWS\system32\qwinsta.exe
2012-02-27 00:27:38 ----A---- C:\WINDOWS\system32\qappsrv.exe
2012-02-27 00:27:38 ----A---- C:\WINDOWS\system32\mtxlegih.dll
2012-02-27 00:27:38 ----A---- C:\WINDOWS\system32\mtxex.dll
2012-02-27 00:27:38 ----A---- C:\WINDOWS\system32\mtxdm.dll
2012-02-27 00:27:38 ----A---- C:\WINDOWS\system32\msg.exe
2012-02-27 00:27:38 ----A---- C:\WINDOWS\system32\msdtcprf.ini
2012-02-27 00:27:38 ----A---- C:\WINDOWS\system32\logoff.exe
2012-02-27 00:27:38 ----A---- C:\WINDOWS\system32\dcomcnfg.exe
2012-02-27 00:27:38 ----A---- C:\WINDOWS\system32\comrepl.dll
2012-02-27 00:27:38 ----A---- C:\WINDOWS\system32\comaddin.dll
2012-02-27 00:27:38 ----A---- C:\WINDOWS\system32\cdmodem.dll
2012-02-27 00:27:37 ----A---- C:\WINDOWS\system32\comsnap.dll
2012-02-27 00:27:35 ----A---- C:\WINDOWS\system32\wmimgmt.msc
2012-02-27 00:27:34 ----D---- C:\Program Files\Windows NT
2012-02-27 00:27:34 ----A---- C:\WINDOWS\system32\tscfgwmi.dll
2012-02-27 00:27:34 ----A---- C:\WINDOWS\system32\spider.exe
2012-02-27 00:27:34 ----A---- C:\WINDOWS\system32\sndrec32.exe
2012-02-27 00:27:34 ----A---- C:\WINDOWS\system32\mstscax.dll
2012-02-27 00:27:34 ----A---- C:\WINDOWS\system32\mspaint.exe
2012-02-27 00:27:34 ----A---- C:\WINDOWS\system32\mplay32.exe
2012-02-27 00:27:34 ----A---- C:\WINDOWS\system32\hypertrm.dll
2012-02-27 00:27:34 ----A---- C:\WINDOWS\system32\drivers\tdtcp.sys
2012-02-27 00:27:34 ----A---- C:\WINDOWS\system32\drivers\tdpipe.sys
2012-02-27 00:27:34 ----A---- C:\WINDOWS\system32\drivers\rdpwd.sys

-------------
Tak během stahování aktualizací Avas zahlásíl stejný virus ale jinde.To vypadá,že jsem se ho nezbavil....
http://imgupload.sk/viewer.php?file=2dd ... w6n5uh.bmp

Mohu nějak otestovat PC tak abych zjistil tyhle viry bez toho aniž bych musel čekat až se aktivují a vyskočí varovné okno antiviru?Nechci mít v PC žádny virus i neaktivní.Ptám se protože AVAST nic nenašel při standartním nastavením scanu a následně vyhodil našel během používaní aktualizace.

[Keyz]

Nikdo nic?

[Keyz]

Přidávám aktuální log po aktualizacích a prosím o kontrolu.

Protože má vice jak 8000 znaků a přílohy .txt nejsou zde podporovány tak to posílám jako odkaz.



http://leteckaposta.cz/994247970

[JaRon]

takze pockame na vysledky MBAM

[Keyz]

MBAM:


Malwarebytes Anti-Malware (Zkušební verze Malwarebytes Anti-Malware) 1.60.1.1000
www.malwarebytes.org

Verze databáze: v2012.02.28.03

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Keyz :: MACEK [administrátor]

Ochrana: Povolena

28.2.2012 14:35:34
mbam-log-2012-02-28 (14-35-34).txt

Typ: Úplná kontrola
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 236963
Uplynulý čas: 36 minut, 31 sekund

Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené klíče v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené hodnoty v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené datové položky v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené složky: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené soubory: 0
(Žádné škodlivé položky nebyly zjištěny)

(konec)

[JaRon]

preventivne prescanuj PC s AVPTool, ale aktivne tam nie je nic zle

[Keyz]

AVPTool:



Status: Deleted (events: 2)
1.3.2012 9:44:18 Deleted virus Net-Worm.Win32.Kido.ih C:\Documents and Settings\All Users\Data aplikací\Spyware Terminator\Quarantine\Q00000001.sqd High
1.3.2012 9:44:18 Deleted virus Net-Worm.Win32.Kido.ih C:\Documents and Settings\All Users\Data aplikací\Spyware Terminator\Quarantine\Q00000001.sqd//PE-Crypt.XorPE High



-To vypadá,že jeden program vymazal část toho druhého.?

[JaRon]

AVPTool zmazal virus ulozeny v karantene ST - t.j. neskodny, aj ked virus

[Keyz]

Tak jsem přes noc nechal PC v režimu spánku a po obnovení mně to nahlásilo postupně:

http://imgupload.sk/viewer.php?file=vas ... g9lido.bmp
http://imgupload.sk/viewer.php?file=nub ... 5tch8m.bmp



Stejné chyby to hlásí po každém restartu.

Nechápu čím to může být.

Zde je log:
http://leteckaposta.cz/762798367

[JaRon]

vloz log z TDSSKiller-u -ak nic nenajde vloz log z ComboFix-u

[Keyz]

TDSKiller:


12:33:49.0921 1824 TDSS rootkit removing tool 2.7.18.0 Mar 2 2012 09:40:07
12:33:49.0984 1824 ============================================================
12:33:49.0984 1824 Current date / time: 2012/03/02 12:33:49.0984
12:33:49.0984 1824 SystemInfo:
12:33:49.0984 1824
12:33:49.0984 1824 OS Version: 5.1.2600 ServicePack: 3.0
12:33:49.0984 1824 Product type: Workstation
12:33:49.0984 1824 ComputerName: MACEK
12:33:49.0984 1824 UserName: Keyz
12:33:49.0984 1824 Windows directory: C:\WINDOWS
12:33:49.0984 1824 System windows directory: C:\WINDOWS
12:33:49.0984 1824 Processor architecture: Intel x86
12:33:49.0984 1824 Number of processors: 2
12:33:49.0984 1824 Page size: 0x1000
12:33:49.0984 1824 Boot type: Normal boot
12:33:49.0984 1824 ============================================================
12:33:51.0234 1824 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
12:33:51.0250 1824 \Device\Harddisk0\DR0:
12:33:51.0250 1824 MBR used
12:33:51.0250 1824 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x4A856E82
12:33:51.0265 1824 Initialize success
12:33:51.0265 1824 ============================================================
12:34:16.0421 3992 ============================================================
12:34:16.0421 3992 Scan started
12:34:16.0421 3992 Mode: Manual; SigCheck; TDLFS;
12:34:16.0421 3992 ============================================================
12:34:16.0781 3992 Aavmker4 (fdba5bb4c8171cda00b2233d5389ee5f) C:\WINDOWS\system32\drivers\Aavmker4.sys
12:34:16.0937 3992 Aavmker4 - ok
12:34:16.0953 3992 Abiosdsk - ok
12:34:16.0968 3992 abp480n5 - ok
12:34:17.0000 3992 ACPI (4fe34f1f3126b61fcc6b2043aa8112c9) C:\WINDOWS\system32\DRIVERS\ACPI.sys
12:34:17.0656 3992 ACPI - ok
12:34:17.0687 3992 ACPIEC (afdff022a01f0b11c776f0860c3b282f) C:\WINDOWS\system32\drivers\ACPIEC.sys
12:34:17.0796 3992 ACPIEC - ok
12:34:17.0796 3992 adpu160m - ok
12:34:17.0843 3992 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
12:34:17.0937 3992 aec - ok
12:34:17.0968 3992 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
12:34:18.0000 3992 AFD - ok
12:34:18.0015 3992 Aha154x - ok
12:34:18.0031 3992 aic78u2 - ok
12:34:18.0031 3992 aic78xx - ok
12:34:18.0031 3992 AliIde - ok
12:34:18.0078 3992 Ambfilt (f6af59d6eee5e1c304f7f73706ad11d8) C:\WINDOWS\system32\drivers\Ambfilt.sys
12:34:18.0140 3992 Ambfilt - ok
12:34:18.0156 3992 amsint - ok
12:34:18.0171 3992 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
12:34:18.0250 3992 Arp1394 - ok
12:34:18.0265 3992 asc - ok
12:34:18.0265 3992 asc3350p - ok
12:34:18.0265 3992 asc3550 - ok
12:34:18.0296 3992 AsIO (2b4e66fac6503494a2c6f32bb6ab3826) C:\WINDOWS\system32\drivers\AsIO.sys
12:34:18.0312 3992 AsIO - ok
12:34:18.0343 3992 aswFsBlk (581b82df5dbcc1dda6b775fac0d92472) C:\WINDOWS\system32\drivers\aswFsBlk.sys
12:34:18.0359 3992 aswFsBlk - ok
12:34:18.0375 3992 aswFW (1366147ff64fd82f833c16d0c17d4121) C:\WINDOWS\system32\drivers\aswFW.sys
12:34:18.0375 3992 aswFW - ok
12:34:18.0406 3992 aswKbd (d58ac76eb4d2b478b654ebd6550965bb) C:\WINDOWS\system32\drivers\aswKbd.sys
12:34:18.0421 3992 aswKbd - ok
12:34:18.0421 3992 aswMon2 (4310e0977b48ec9bc5cca6931f806e6d) C:\WINDOWS\system32\drivers\aswMon2.sys
12:34:18.0437 3992 aswMon2 - ok
12:34:18.0453 3992 aswNdis (7b948e3657bea62e437bc46ca6ef6012) C:\WINDOWS\system32\DRIVERS\aswNdis.sys
12:34:18.0468 3992 aswNdis - ok
12:34:18.0484 3992 aswNdis2 (525a3ebc871c34b966167e9b00e459ad) C:\WINDOWS\system32\drivers\aswNdis2.sys
12:34:18.0500 3992 aswNdis2 - ok
12:34:18.0500 3992 AswRdr (0b44ee90b3db93582b260a80b28b7ffd) C:\WINDOWS\system32\drivers\AswRdr.sys
12:34:18.0515 3992 AswRdr - ok
12:34:18.0531 3992 aswSnx (ca9601cd277a1e510b80422a40240a95) C:\WINDOWS\system32\drivers\aswSnx.sys
12:34:18.0562 3992 aswSnx - ok
12:34:18.0578 3992 aswSP (05ea22dde5ca7ee3a865046aff2f0229) C:\WINDOWS\system32\drivers\aswSP.sys
12:34:18.0609 3992 aswSP - ok
12:34:18.0625 3992 aswTdi (3ac73a9e7378848d1bde174b4bb39212) C:\WINDOWS\system32\drivers\aswTdi.sys
12:34:18.0625 3992 aswTdi - ok
12:34:18.0656 3992 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
12:34:18.0734 3992 AsyncMac - ok
12:34:18.0750 3992 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
12:34:18.0843 3992 atapi - ok
12:34:18.0843 3992 Atdisk - ok
12:34:18.0875 3992 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
12:34:18.0953 3992 Atmarpc - ok
12:34:18.0984 3992 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
12:34:19.0078 3992 audstub - ok
12:34:19.0093 3992 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
12:34:19.0187 3992 Beep - ok
12:34:19.0203 3992 Suspicious service (NoAccess): bpewrje
12:34:19.0218 3992 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
12:34:19.0328 3992 cbidf2k - ok
12:34:19.0328 3992 cd20xrnt - ok
12:34:19.0328 3992 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
12:34:19.0437 3992 Cdaudio - ok
12:34:19.0437 3992 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
12:34:19.0546 3992 Cdfs - ok
12:34:19.0578 3992 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
12:34:19.0687 3992 Cdrom - ok
12:34:19.0687 3992 Changer - ok
12:34:19.0703 3992 CmdIde - ok
12:34:19.0703 3992 Cpqarray - ok
12:34:19.0718 3992 dac2w2k - ok
12:34:19.0718 3992 dac960nt - ok
12:34:19.0734 3992 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
12:34:19.0828 3992 Disk - ok
12:34:19.0859 3992 dmboot (db5fd2bf5b07dc54bfcb3664ff05bd7c) C:\WINDOWS\system32\drivers\dmboot.sys
12:34:19.0968 3992 dmboot - ok
12:34:20.0000 3992 dmio (fff1720af51171f32f1ead5cf71f2810) C:\WINDOWS\system32\drivers\dmio.sys
12:34:20.0078 3992 dmio - ok
12:34:20.0109 3992 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
12:34:20.0203 3992 dmload - ok
12:34:20.0250 3992 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
12:34:20.0328 3992 DMusic - ok
12:34:20.0343 3992 dpti2o - ok
12:34:20.0359 3992 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
12:34:20.0468 3992 drmkaud - ok
12:34:20.0515 3992 dtsoftbus01 (687af6bb383885ff6a64071b189a7f3e) C:\WINDOWS\system32\DRIVERS\dtsoftbus01.sys
12:34:20.0515 3992 dtsoftbus01 - ok
12:34:20.0562 3992 epmntdrv (f07ba56b0235f15eff8f10dc6389c42e) C:\WINDOWS\system32\epmntdrv.sys
12:34:20.0578 3992 epmntdrv ( UnsignedFile.Multi.Generic ) - warning
12:34:20.0578 3992 epmntdrv - detected UnsignedFile.Multi.Generic (1)
12:34:20.0609 3992 EuGdiDrv (1f2f4ab15ce03ecc257feb2f6dc5a013) C:\WINDOWS\system32\EuGdiDrv.sys
12:34:20.0625 3992 EuGdiDrv ( UnsignedFile.Multi.Generic ) - warning
12:34:20.0625 3992 EuGdiDrv - detected UnsignedFile.Multi.Generic (1)
12:34:20.0656 3992 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
12:34:20.0765 3992 Fastfat - ok
12:34:20.0781 3992 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
12:34:20.0875 3992 Fdc - ok
12:34:20.0875 3992 Fips (ac366695a0796560aa37215ad5762aaf) C:\WINDOWS\system32\drivers\Fips.sys
12:34:20.0968 3992 Fips - ok
12:34:21.0000 3992 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
12:34:21.0093 3992 Flpydisk - ok
12:34:21.0140 3992 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
12:34:21.0218 3992 FltMgr - ok
12:34:21.0234 3992 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
12:34:21.0312 3992 Fs_Rec - ok
12:34:21.0343 3992 Ftdisk (4e664d8541db4a66b73a24257e322e1f) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
12:34:21.0421 3992 Ftdisk - ok
12:34:21.0453 3992 giveio (77ebf3e9386daa51551af429052d88d0) C:\WINDOWS\system32\giveio.sys
12:34:21.0468 3992 giveio ( UnsignedFile.Multi.Generic ) - warning
12:34:21.0468 3992 giveio - detected UnsignedFile.Multi.Generic (1)
12:34:21.0500 3992 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
12:34:21.0593 3992 Gpc - ok
12:34:21.0609 3992 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
12:34:21.0703 3992 HDAudBus - ok
12:34:21.0703 3992 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
12:34:21.0796 3992 hidusb - ok
12:34:21.0796 3992 hpn - ok
12:34:21.0843 3992 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
12:34:21.0859 3992 HTTP - ok
12:34:21.0875 3992 i2omgmt - ok
12:34:21.0875 3992 i2omp - ok
12:34:21.0890 3992 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
12:34:22.0000 3992 Imapi - ok
12:34:22.0000 3992 ini910u - ok
12:34:22.0125 3992 IntcAzAudAddService (0cacdcbbc8e6f11e2865c47bfc509848) C:\WINDOWS\system32\drivers\RtkHDAud.sys
12:34:22.0265 3992 IntcAzAudAddService - ok
12:34:22.0281 3992 IntelIde - ok
12:34:22.0296 3992 intelppm (27b290d632af2cf3cf40bfddb7370985) C:\WINDOWS\system32\DRIVERS\intelppm.sys
12:34:22.0390 3992 intelppm - ok
12:34:22.0421 3992 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
12:34:22.0531 3992 Ip6Fw - ok
12:34:22.0546 3992 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
12:34:22.0640 3992 IpFilterDriver - ok
12:34:22.0671 3992 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
12:34:22.0750 3992 IpInIp - ok
12:34:22.0765 3992 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
12:34:22.0875 3992 IpNat - ok
12:34:22.0890 3992 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
12:34:23.0000 3992 IPSec - ok
12:34:23.0015 3992 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
12:34:23.0125 3992 IRENUM - ok
12:34:23.0156 3992 isapnp (cc9f8a2d60aed1a51a3ac34c59b987ae) C:\WINDOWS\system32\DRIVERS\isapnp.sys
12:34:23.0250 3992 isapnp - ok
12:34:23.0265 3992 k750bus (fe8300320281d658a7854d5cfc02a63f) C:\WINDOWS\system32\DRIVERS\k750bus.sys
12:34:23.0281 3992 k750bus ( UnsignedFile.Multi.Generic ) - warning
12:34:23.0281 3992 k750bus - detected UnsignedFile.Multi.Generic (1)
12:34:23.0312 3992 Kbdclass (1b6162fe7f66b1a71a4b70f941c4aa9b) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
12:34:23.0406 3992 Kbdclass - ok
12:34:23.0421 3992 kbdhid (86c8f23616c6c6e5b2776901c17b945b) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
12:34:23.0515 3992 kbdhid - ok
12:34:23.0531 3992 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
12:34:23.0625 3992 kmixer - ok
12:34:23.0640 3992 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
12:34:23.0671 3992 KSecDD - ok
12:34:23.0718 3992 L1e (080cf8720a306a64f7a09d1226491791) C:\WINDOWS\system32\DRIVERS\l1e51x86.sys
12:34:23.0718 3992 L1e - ok
12:34:23.0734 3992 lbrtfdc - ok
12:34:23.0765 3992 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
12:34:23.0859 3992 mnmdd - ok
12:34:23.0875 3992 Modem (44032b0c6d9954d3fd26438330b99ee7) C:\WINDOWS\system32\drivers\Modem.sys
12:34:23.0968 3992 Modem - ok
12:34:24.0000 3992 Monfilt (9fa7207d1b1adead88ae8eed9cdbbaa5) C:\WINDOWS\system32\drivers\Monfilt.sys
12:34:24.0062 3992 Monfilt - ok
12:34:24.0078 3992 Mouclass (4cb582831dbde63ce43b45d771218374) C:\WINDOWS\system32\DRIVERS\mouclass.sys
12:34:24.0171 3992 Mouclass - ok
12:34:24.0187 3992 mouhid (bb269eba740737ab749b214d568b6812) C:\WINDOWS\system32\DRIVERS\mouhid.sys
12:34:24.0281 3992 mouhid - ok
12:34:24.0296 3992 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
12:34:24.0406 3992 MountMgr - ok
12:34:24.0406 3992 mraid35x - ok
12:34:24.0437 3992 mrdd (ceb34fd9036a4b5fe3df560992408366) C:\WINDOWS\system32\DRIVERS\mrdd.sys
12:34:24.0437 3992 mrdd - ok
12:34:24.0453 3992 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
12:34:24.0546 3992 MRxDAV - ok
12:34:24.0562 3992 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
12:34:24.0609 3992 MRxSmb - ok
12:34:24.0609 3992 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
12:34:24.0718 3992 Msfs - ok
12:34:24.0750 3992 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
12:34:24.0843 3992 MSKSSRV - ok
12:34:24.0859 3992 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
12:34:24.0953 3992 MSPCLOCK - ok
12:34:24.0984 3992 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
12:34:25.0078 3992 MSPQM - ok
12:34:25.0093 3992 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
12:34:25.0187 3992 mssmbios - ok
12:34:25.0203 3992 MTsensor (d48659bb24c48345d926ecb45c1ebdf5) C:\WINDOWS\system32\DRIVERS\ASACPI.sys
12:34:25.0218 3992 MTsensor - ok
12:34:25.0218 3992 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
12:34:25.0250 3992 Mup - ok
12:34:25.0265 3992 mv61xx (4678bac36f9ce8c633eedd0ca1f569bf) C:\WINDOWS\system32\DRIVERS\mv61xx.sys
12:34:25.0265 3992 mv61xx - ok
12:34:25.0281 3992 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
12:34:25.0390 3992 NDIS - ok
12:34:25.0390 3992 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
12:34:25.0406 3992 NdisTapi - ok
12:34:25.0406 3992 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
12:34:25.0515 3992 Ndisuio - ok
12:34:25.0515 3992 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
12:34:25.0609 3992 NdisWan - ok
12:34:25.0640 3992 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
12:34:25.0656 3992 NDProxy - ok
12:34:25.0671 3992 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
12:34:25.0750 3992 NetBIOS - ok
12:34:25.0796 3992 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
12:34:25.0890 3992 NetBT - ok
12:34:25.0906 3992 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
12:34:25.0984 3992 NIC1394 - ok
12:34:26.0000 3992 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
12:34:26.0093 3992 Npfs - ok
12:34:26.0109 3992 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
12:34:26.0234 3992 Ntfs - ok
12:34:26.0265 3992 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
12:34:26.0343 3992 Null - ok
12:34:26.0593 3992 nv (0dc79b60cedc3a8854c27b3c6e4b3414) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
12:34:27.0015 3992 nv - ok
12:34:27.0093 3992 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
12:34:27.0328 3992 NwlnkFlt - ok
12:34:27.0328 3992 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
12:34:27.0421 3992 NwlnkFwd - ok
12:34:27.0468 3992 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
12:34:27.0546 3992 ohci1394 - ok
12:34:27.0593 3992 Parport (46f8db73b4a53e543f8e371dc7c75bae) C:\WINDOWS\system32\drivers\Parport.sys
12:34:27.0687 3992 Parport - ok
12:34:27.0718 3992 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
12:34:27.0796 3992 PartMgr - ok
12:34:27.0828 3992 ParVdm (1fae19d0457176318bba4a8795656ebc) C:\WINDOWS\system32\drivers\ParVdm.sys
12:34:27.0937 3992 ParVdm - ok
12:34:27.0937 3992 PCI (6ce351d149cb4befc702951e471e1730) C:\WINDOWS\system32\DRIVERS\pci.sys
12:34:28.0031 3992 PCI - ok
12:34:28.0031 3992 PCIDump - ok
12:34:28.0046 3992 PCIIde (2da4ec85e0ea7a45c6b2a05820492d5a) C:\WINDOWS\system32\DRIVERS\pciide.sys
12:34:28.0140 3992 PCIIde - ok
12:34:28.0156 3992 Pcmcia (4fc31e6c19a5ce5198b1abff94cae758) C:\WINDOWS\system32\drivers\Pcmcia.sys
12:34:28.0250 3992 Pcmcia - ok
12:34:28.0250 3992 PDCOMP - ok
12:34:28.0250 3992 PDFRAME - ok
12:34:28.0265 3992 PDRELI - ok
12:34:28.0265 3992 PDRFRAME - ok
12:34:28.0265 3992 perc2 - ok
12:34:28.0281 3992 perc2hib - ok
12:34:28.0296 3992 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
12:34:28.0406 3992 PptpMiniport - ok
12:34:28.0406 3992 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
12:34:28.0515 3992 PSched - ok
12:34:28.0515 3992 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
12:34:28.0593 3992 Ptilink - ok
12:34:28.0625 3992 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
12:34:28.0640 3992 PxHelp20 - ok
12:34:28.0640 3992 ql1080 - ok
12:34:28.0656 3992 Ql10wnt - ok
12:34:28.0656 3992 ql12160 - ok
12:34:28.0656 3992 ql1240 - ok
12:34:28.0671 3992 ql1280 - ok
12:34:28.0687 3992 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
12:34:28.0781 3992 RasAcd - ok
12:34:28.0796 3992 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
12:34:28.0890 3992 Rasl2tp - ok
12:34:28.0890 3992 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
12:34:28.0984 3992 RasPppoe - ok
12:34:28.0984 3992 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
12:34:29.0078 3992 Raspti - ok
12:34:29.0109 3992 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
12:34:29.0203 3992 Rdbss - ok
12:34:29.0203 3992 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
12:34:29.0296 3992 RDPCDD - ok
12:34:29.0328 3992 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
12:34:29.0359 3992 RDPWD - ok
12:34:29.0390 3992 redbook (611bfd220305be3a85ae876ea47d4aa5) C:\WINDOWS\system32\DRIVERS\redbook.sys
12:34:29.0468 3992 redbook - ok
12:34:29.0500 3992 SCDEmu (52402149e66200c2c2bda115bca757d6) C:\WINDOWS\system32\drivers\SCDEmu.sys
12:34:29.0531 3992 SCDEmu - ok
12:34:29.0562 3992 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
12:34:29.0656 3992 Secdrv - ok
12:34:29.0671 3992 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
12:34:29.0750 3992 serenum - ok
12:34:29.0750 3992 Serial (b842729337c9b921615c40d3c1a1af96) C:\WINDOWS\system32\DRIVERS\serial.sys
12:34:29.0843 3992 Serial - ok
12:34:29.0875 3992 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
12:34:29.0968 3992 Sfloppy - ok
12:34:29.0984 3992 Simbad - ok
12:34:30.0031 3992 skfilt (dccca3f40c883566485bd18f1f6f4edd) C:\WINDOWS\system32\drivers\skfilt.sys
12:34:30.0093 3992 skfilt - ok
12:34:30.0109 3992 Sparrow - ok
12:34:30.0140 3992 speedfan (3fa2e254bfbce52b3c6f1bf23aab6911) C:\WINDOWS\system32\speedfan.sys
12:34:30.0156 3992 speedfan - ok
12:34:30.0171 3992 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
12:34:30.0281 3992 splitter - ok
12:34:30.0312 3992 sp_rsdrv2 (7b426b8e809edf081d771ef429345528) C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
12:34:30.0328 3992 sp_rsdrv2 ( UnsignedFile.Multi.Generic ) - warning
12:34:30.0328 3992 sp_rsdrv2 - detected UnsignedFile.Multi.Generic (1)
12:34:30.0359 3992 sr (94610c8653635e4459316a0050d55ce7) C:\WINDOWS\system32\DRIVERS\sr.sys
12:34:30.0437 3992 sr - ok
12:34:30.0453 3992 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
12:34:30.0484 3992 Srv - ok
12:34:30.0515 3992 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
12:34:30.0609 3992 swenum - ok
12:34:30.0625 3992 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
12:34:30.0718 3992 swmidi - ok
12:34:30.0734 3992 symc810 - ok
12:34:30.0734 3992 symc8xx - ok
12:34:30.0750 3992 sym_hi - ok
12:34:30.0750 3992 sym_u3 - ok
12:34:30.0781 3992 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
12:34:30.0859 3992 sysaudio - ok
12:34:30.0890 3992 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
12:34:30.0937 3992 Tcpip - ok
12:34:30.0968 3992 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
12:34:31.0062 3992 TDPIPE - ok
12:34:31.0093 3992 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
12:34:31.0171 3992 TDTCP - ok
12:34:31.0203 3992 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
12:34:31.0312 3992 TermDD - ok
12:34:31.0312 3992 TosIde - ok
12:34:31.0343 3992 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
12:34:31.0453 3992 Udfs - ok
12:34:31.0453 3992 ultra - ok
12:34:31.0484 3992 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
12:34:31.0593 3992 Update - ok
12:34:31.0625 3992 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
12:34:31.0718 3992 usbaudio - ok
12:34:31.0734 3992 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
12:34:31.0812 3992 usbccgp - ok
12:34:31.0843 3992 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
12:34:31.0937 3992 usbehci - ok
12:34:31.0984 3992 UsbFltr (ca349e24ecde0e0005dac5a2dc9931a2) C:\WINDOWS\system32\drivers\copperhd.sys
12:34:31.0984 3992 UsbFltr - ok
12:34:32.0000 3992 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
12:34:32.0078 3992 usbhub - ok
12:34:32.0109 3992 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
12:34:32.0203 3992 usbstor - ok
12:34:32.0218 3992 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
12:34:32.0312 3992 usbuhci - ok
12:34:32.0328 3992 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
12:34:32.0421 3992 VgaSave - ok
12:34:32.0421 3992 ViaIde - ok
12:34:32.0437 3992 VolSnap (28a4b296b47782173c346e376cb374d1) C:\WINDOWS\system32\drivers\VolSnap.sys
12:34:32.0531 3992 VolSnap - ok
12:34:32.0531 3992 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
12:34:32.0625 3992 Wanarp - ok
12:34:32.0625 3992 WDICA - ok
12:34:32.0640 3992 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
12:34:32.0734 3992 wdmaud - ok
12:34:32.0765 3992 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
12:34:32.0875 3992 WS2IFSL - ok
12:34:32.0906 3992 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
12:34:32.0921 3992 WudfPf - ok
12:34:32.0937 3992 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
12:34:32.0937 3992 WudfRd - ok
12:34:32.0968 3992 MBR (0x1B8) (413fc2a0c716421b3158746d63736515) \Device\Harddisk0\DR0
12:34:33.0125 3992 \Device\Harddisk0\DR0 - ok
12:34:33.0125 3992 Boot (0x1200) (5b72bde94cbc057f923510d4b19ea48b) \Device\Harddisk0\DR0\Partition0
12:34:33.0125 3992 \Device\Harddisk0\DR0\Partition0 - ok
12:34:33.0125 3992 ============================================================
12:34:33.0125 3992 Scan finished
12:34:33.0125 3992 ============================================================
12:34:33.0234 3556 Detected object count: 5
12:34:33.0234 3556 Actual detected object count: 5
12:36:04.0390 3556 C:\WINDOWS\system32\epmntdrv.sys - copied to quarantine
12:36:04.0390 3556 epmntdrv ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
12:36:04.0421 3556 C:\WINDOWS\system32\EuGdiDrv.sys - copied to quarantine
12:36:04.0421 3556 EuGdiDrv ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
12:36:04.0484 3556 C:\WINDOWS\system32\giveio.sys - copied to quarantine
12:36:04.0484 3556 giveio ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
12:36:04.0531 3556 C:\WINDOWS\system32\DRIVERS\k750bus.sys - copied to quarantine
12:36:04.0546 3556 k750bus ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
12:36:04.0578 3556 C:\WINDOWS\system32\drivers\sp_rsdrv2.sys - copied to quarantine
12:36:04.0593 3556 sp_rsdrv2 ( UnsignedFile.Multi.Generic ) - User select action: Quarantine

[JaRon]

stiahni a uloz na plochu ComboFix

potom spust pod uctom s administratorskym opravnenim


akcia trva cca. 5-10 minut, niekedy i dlhsie -, Pocas scanu nespustaj ziadne ine aplikacie

Nie je dovod na paniku ak stroj bude restartovany
upozornenie: ak pouzivas antispyware s rezidentnim stitem, ten pred scanom vypni.

po restarte aplikacie vytvori log, ulozeny na C:\Combofix.txt (jeho obsah vloz sem)

[Keyz]

Dobře,jen kde najdu ty programy co jsem dal do karantény a jak je vyléčím?Již se mně chybová hláška nezobrazuje ale 2x jsem odešel od počítače když byl v režimu spánku a pokaždé byla na monitoru plocha.Tedy asi se restartoval.Aby ty soubory co jsem dal do karantény nechyběli v systému?

[Keyz]

ComboFix:

ComboFix 12-03-01.02 - Keyz 02.03.2012 15:18:10.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.3327.2764 [GMT 1:00]
Spuštěný z: c:\documents and settings\Keyz\Plocha\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\system32\dllcache\dlimport.exe
c:\windows\system32\drivers\etc\hosts.ics
c:\windows\system32\SET39B.tmp
c:\windows\system32\TZLog.log
.
c:\windows\system32\drivers\i8042prt.sys chyběl.
Obnovena kopie z - c:\windows\ServicePackFiles\i386\i8042prt.sys
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-02-02 do 2012-03-02 )))))))))))))))))))))))))))))))
.
.
2012-03-02 11:36 . 2012-03-02 11:36 -------- d-----w- C:\TDSSKiller_Quarantine
2012-02-28 21:59 . 2012-02-29 15:30 -------- d---a-w- C:\SUPER_PI
2012-02-28 12:42 . 2012-02-28 12:48 -------- d-----w- C:\rsit
2012-02-27 20:13 . 2012-02-27 20:14 -------- d-----w- C:\d750
2012-02-27 16:42 . 2012-02-29 23:20 -------- d-----w- C:\Fraps
2012-02-27 16:31 . 2012-02-27 16:31 -------- d-----w- C:\5ed85a56149ad6b36373a902d330b8
2012-02-27 10:46 . 2012-02-27 19:41 -------- d-----w- C:\down
2012-02-27 00:15 . 2012-03-02 14:10 -------- d-----r- C:\Program Files
2012-02-27 00:12 . 2012-02-27 00:07 -------- d---a-w- C:\Documents and Settings
2012-02-27 00:09 . 2012-02-27 10:11 -------- d-----w- C:\totalcmd
2012-02-27 00:06 . 2012-02-27 00:06 -------- d-----w- C:\NVIDIA
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-19 08:53 . 2011-12-19 08:53 81920 ------w- c:\windows\system32\ieencode.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{687578b9-7132-4a7a-80e4-30ee31099e03}"= "c:\program files\uTorrentControl2\prxtbuTor.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{687578b9-7132-4a7a-80e4-30ee31099e03}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{687578b9-7132-4a7a-80e4-30ee31099e03}]
2011-05-09 08:49 176936 ----a-w- c:\program files\uTorrentControl2\prxtbuTor.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{687578b9-7132-4a7a-80e4-30ee31099e03}"= "c:\program files\uTorrentControl2\prxtbuTor.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{687578b9-7132-4a7a-80e4-30ee31099e03}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{687578B9-7132-4A7A-80E4-30EE31099E03}"= "c:\program files\uTorrentControl2\prxtbuTor.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{687578b9-7132-4a7a-80e4-30ee31099e03}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SystemExplorerAutoStart"="c:\program files\System Explorer\SystemExplorer.exe" [2012-02-21 2630800]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2006-03-02 208952]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2006-03-02 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2006-03-02 455168]
"RTHDCPL"="RTHDCPL.EXE" [2009-05-21 17881600]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2012-02-10 15494464]
"NvMediaCenter"="NvMCTray.dll" [2012-02-10 108352]
"nwiz"="c:\program files\NVIDIA Corporation\nview\nwiz.exe" [2012-02-10 1634112]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2011-08-10 1313640]
"Copperhead"="c:\program files\Razer\Copperhead\razerhid.exe" [2005-11-25 155648]
"Six Engine"="c:\program files\ASUS\EPU-6 Engine\SixEngine.exe" [2009-05-25 6017024]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Windows Search.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Update Checker]
2008-12-11 12:45 114688 ----a-w- c:\program files\ASUS\ASUSUpdate\UpdateChecker\UpdateChecker.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2012-02-13 08:06 3481408 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Drive Xpert]
2009-02-02 09:39 10231808 ----a-w- c:\program files\ASUS\Drive Xpert\DriveXpert.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Launch As Cmd Runner]
2008-06-17 10:09 376832 ----a-w- c:\program files\ASUS\AI Direct Link\AsCmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Launch Direct Link]
2008-12-09 17:54 1212416 ----a-w- c:\program files\ASUS\AI Direct Link\AsShare.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
2012-02-09 06:06 312376 ----a-w- c:\program files\PowerISO\PWRISOVM.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2012-02-27 16:54 1242448 ----a-w- c:\program files\Steam\Steam.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Veetle\\Player\\VeetleNet.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Origin Games\\Mass Effect 3 Demo\\Binaries\\Win32\\MassEffect3Demo.exe"=
"c:\\Program Files\\Winamp\\winamp.exe"=
"c:\\Program Files\\The Witcher 2\\bin\\witcher2.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6511:TCP"= 6511:TCP:nuhyk
"5985:TCP"= 5985:TCP:*:Disabled:Vzdálená správa systému Windows
.
R0 mrdd;Marvell Removable Disk Control Driver;c:\windows\system32\drivers\mrdd.sys [27.2.2012 0:52 18984]
R0 mv61xx;mv61xx;c:\windows\system32\drivers\mv61xx.sys [9.2.2009 3:30 152616]
R1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [27.2.2012 21:57 24408]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [27.2.2012 17:50 242240]
R2 57xx SteelVine Manager;57xx SteelVine;c:\program files\ASUS\Drive Xpert\SteelVine.exe [2.2.2009 10:37 1286144]
R2 AsSysCtrlService;ASUS System Control Service;c:\program files\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [27.2.2012 0:54 90112]
R2 DvmMDES;DeviceVM Meta Data Export Service;c:\asus.sys\config\DVMExportService.exe [17.7.2009 15:25 319488]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [27.2.2012 1:07 2348352]
R3 skfilt;skfilt;c:\windows\system32\drivers\skfilt.SYS [27.2.2012 15:29 1670016]
R3 SystemExplorerHelpService;System Explorer Service;c:\program files\System Explorer\service\SystemExplorerService.exe [27.2.2012 17:44 536208]
R3 UsbFltr;Razer Copperhead Driver;c:\windows\system32\drivers\copperhd.sys [27.2.2012 17:54 11596]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 13:16 130384]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [27.2.2012 0:54 1684736]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [27.2.2012 15:30 79360]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [27.2.2012 1:10 13192]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [27.2.2012 1:10 8456]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [26.2.2012 22:44 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.3.2010 13:16 753504]
S4 bpewrje;System Center;c:\windows\system32\svchost.exe -k netsvcs [26.2.2012 22:44 14336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
bpewrje
.
Obsah adresáře 'Naplánované úlohy'
.
2012-02-27 c:\windows\Tasks\Microsoft_Hardware_Launch_IType_exe.job
- c:\program files\Microsoft IntelliType Pro\itype.exe [2011-08-10 15:39]
.
.
------- Doplňkový sken -------
.
TCP: DhcpNameServer = 213.46.172.36 213.46.172.37
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
AddRemove-NCLauncher_GameForge - c:\program files\GameForge\NCLauncher\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-03-02 15:21
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\bpewrje]
"ServiceDll"="c:\windows\system32\anpacph.dll"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(1728)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Creative\Shared Files\CTAudSvc.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\SearchIndexer.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\RunDLL32.exe
c:\program files\Microsoft IntelliType Pro\dpupdchk.exe
c:\windows\system32\wscntfy.exe
c:\program files\Razer\Copperhead\razertra.exe
c:\program files\Razer\Copperhead\razerofa.exe
c:\windows\system32\wbem\wmiapsrv.exe
.
**************************************************************************
.
Celkový čas: 2012-03-02 15:24:17 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-03-02 14:24
.
Před spuštěním: Volných bajtů: 472 237 969 408
Po spuštění: Volných bajtů: 472 646 905 856
.
WindowsXP-KB310994-SP2-Home-BootDisk-CSY.exe
[Boot Loader]
Timeout=2
Default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[Operating Systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows" /noexecute=optin /fastdetect
.
- - End Of File - - A25CBC23313B066618FFF2E06D95FAE3

[Keyz]

12:34:33.0234 3556 Detected object count: 5
12:34:33.0234 3556 Actual detected object count: 5
12:36:04.0390 3556 C:\WINDOWS\system32\epmntdrv.sys - copied to quarantine
12:36:04.0390 3556 epmntdrv ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
12:36:04.0421 3556 C:\WINDOWS\system32\EuGdiDrv.sys - copied to quarantine
12:36:04.0421 3556 EuGdiDrv ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
12:36:04.0484 3556 C:\WINDOWS\system32\giveio.sys - copied to quarantine
12:36:04.0484 3556 giveio ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
12:36:04.0531 3556 C:\WINDOWS\system32\DRIVERS\k750bus.sys - copied to quarantine
12:36:04.0546 3556 k750bus ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
12:36:04.0578 3556 C:\WINDOWS\system32\drivers\sp_rsdrv2.sys - copied to quarantine
12:36:04.0593 3556 sp_rsdrv2 ( UnsignedFile.Multi.Generic ) - User select action: Quarantine

Předpokládám,že ty soubory neobsahují virus.Možná to má co dělat s instalací ovladačů pro telefon d750(k750) o kterém je v zde popis.Tam to hlásilo,že ovladače nebyly ověřeny.