Prosim o kontrolu logu Vyřešeno

[Massacre]

Mam windows 7 , nechal sem je prvni 2 tejdny bez antiviru, protoze sem mel za to ze viry na windows 7 nejsou a uz rozhodne ne na strankach ktery osobne navstevuju. Opak je zrejme pravdou. Po 2 tejdnech se tu delo takovejch debilit ze sem si nainstaloval trial od kasperskyho kterej mi hned vyhodil nekolik peknejch zalezitosti typu Windows/System32/icf.exe.exe.exe.exe nebo treba Windows/Temp/489582345exe a podobne.. Dalsi byl C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\10OXSWU6\n328[4].exe , pricemz to cislo v hranaty zavorce tam bylo vzdycky od 1 az 9 a v nekolika ruznejch slozkach se tvorilo.. Toho sem se taky uspesne zbavil, nicmene prevlada mi tu problem ze mi SVCHOST.EXE nacita malicious URL http://client158.faster-hosting.com/cache/delta1_1.exe a to kazdych 10 minut.. a neustale mi tu vyskakuje upozorneni ze kazdejch 10 minut to kaspersky blokuje. To je pekny ale me to celkem obtezuje tak sem si stahl MBAM antivir tady z fora, ten mi nasel dalsi uplne neuveritelnou blbost: Program Files/MyCentria , vcetne napadenejch registru od toho atp... Tohle taky smazal a k tomu jeste jeden icf, tentokrat tam ty exe byly jenom dvakrat a smazal k tomu i prirazenej registr. Tak sem stastne resetoval pc a hned na to uz mi tu znova lita vesele dal upozorneni ze SVCHOST.EXE nacita dal, tak sem to nechal obouma antivirama projet jeste jednou ani jeden uz nic nenasel. Jinak ja vim ze 2 antiviry nemam mit, je to jenom vylozene kvuli tomu ze sem chtel zkusit jestli ten druhej najde neco vic.. Screen: http://www.pourtoi.xf.cz/vir.jpg Fakt uz nevim co s tim, HJT:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:02:08, on 14.11.2009
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.qip.ru/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.qip.ru
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: QIPBHO Class - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Users\Marek\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: (no name) - {EEE6C35D-6118-11DC-9C72-001320C79847} - (no file)
O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll
O2 - BHO: QIPBHO Class - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Users\Marek\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - (no file)
O3 - Toolbar: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm
O9 - Extra button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O13 - Gopher Prefix:
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://icq.oberon-media.com/Gameshell/G ... meHost.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

--
End of file - 5444 bytes

[Reklama]

[pitimir]

Ahoj, mozme to skusit, no hned na uvod upozornujem, ze na 7 este stale nejde vacsina utilit. Cize je dost mozne, ze odvirovanie skonci nie velmi uspokojivym vysledkom.

Stiahni OTL. Uloz na plochu a spust dvojklikom subor "OTL.exe". Otvori sa okno programu, v nom zaskrtni "Scan All Users", "Lop" aj "Purity Check" a "File Scan" zmen na 7 dni miesto 30. Do policka pod nazvom "Custom Scans/Fixes" skopiruj:

Kód: Vybrat vše

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32 /s
drivers32
netsvcs
%SYSTEMDRIVE%\*.exe
CREATERESTOREPOINT

Potom klikni na "Run Scan". Zacne scan pocitaca, po jeho ukonceni sa otvoria dva reporty - obsah oboch potrebujem vidiet.

[Massacre]

OTL.TXT

OTL logfile created on: 14.11.2009 16:05:35 - Run 1
OTL by OldTimer - Version 3.1.5.0 Folder = C:\Users\Marek\Desktop
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

2,00 Gb Total Physical Memory | 1,37 Gb Available Physical Memory | 68,75% Memory free
4,00 Gb Paging File | 3,16 Gb Available in Paging File | 79,16% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 48,83 Gb Total Space | 14,71 Gb Free Space | 30,12% Space Free | Partition Type: NTFS
Drive D: | 249,25 Gb Total Space | 153,68 Gb Free Space | 61,65% Space Free | Partition Type: NTFS
Drive E: | 2,91 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MAREK-PC
Current User Name: Marek
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 7 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2009.11.14 15:48:59 | 00,529,408 | ---- | M] (OldTimer Tools) -- C:\Users\Marek\Desktop\OTL.exe
PRC - [2009.11.07 20:50:10 | 00,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009.10.16 16:44:00 | 00,340,456 | ---- | M] (Kaspersky Lab) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
PRC - [2009.10.16 16:44:00 | 00,340,456 | ---- | M] (Kaspersky Lab) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
PRC - [2009.10.16 16:40:38 | 00,207,376 | ---- | M] (Kaspersky Lab) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtblfs.exe
PRC - [2009.08.18 01:36:36 | 00,348,160 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2009.08.18 01:36:08 | 00,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2009.08.03 06:35:50 | 02,613,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.07.14 02:14:47 | 01,121,280 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe
PRC - [2009.07.14 02:14:47 | 00,254,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\WmiPrvSE.exe
PRC - [2009.07.14 02:14:42 | 00,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009.07.14 02:14:38 | 01,173,504 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Sidebar\sidebar.exe
PRC - [2006.12.18 20:34:44 | 00,868,352 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\Core\smax4pnp.exe


========== Modules (SafeList) ==========

MOD - [2009.11.14 15:48:59 | 00,529,408 | ---- | M] (OldTimer Tools) -- C:\Users\Marek\Desktop\OTL.exe
MOD - [2009.10.16 16:41:08 | 00,109,072 | ---- | M] (Kaspersky Lab) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\mzvkbd3.dll
MOD - [2009.10.16 16:40:58 | 00,019,472 | ---- | M] (Kaspersky Lab) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\kloehk.dll
MOD - [2009.07.14 02:16:15 | 00,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspicli.dll
MOD - [2009.07.14 02:16:13 | 00,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sechost.dll
MOD - [2009.07.14 02:16:13 | 00,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\samcli.dll
MOD - [2009.07.14 02:16:12 | 00,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\profapi.dll
MOD - [2009.07.14 02:16:03 | 00,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netutils.dll
MOD - [2009.07.14 02:15:35 | 00,288,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\KernelBase.dll
MOD - [2009.07.14 02:15:13 | 00,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwmapi.dll
MOD - [2009.07.14 02:15:11 | 00,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devobj.dll
MOD - [2009.07.14 02:15:07 | 00,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptbase.dll
MOD - [2009.07.14 02:15:02 | 00,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll
MOD - [2009.07.14 02:03:50 | 01,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2009.10.16 16:44:00 | 00,340,456 | ---- | M] (Kaspersky Lab) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe -- (AVP)
SRV - [2009.08.18 01:36:08 | 00,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2009.07.14 02:16:21 | 00,185,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wwansvc.dll -- (WwanSvc)
SRV - [2009.07.14 02:16:17 | 00,151,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbiosrvc.dll -- (WbioSrvc)
SRV - [2009.07.14 02:16:17 | 00,119,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\umpo.dll -- (Power)
SRV - [2009.07.14 02:16:16 | 00,037,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\themeservice.dll -- (Themes)
SRV - [2009.07.14 02:16:15 | 00,053,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sppuinotify.dll -- (sppuinotify)
SRV - [2009.07.14 02:16:13 | 00,043,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper)
SRV - [2009.07.14 02:16:13 | 00,025,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 02:16:12 | 01,004,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 02:16:12 | 00,269,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pnrpsvc.dll -- (PNRPsvc)
SRV - [2009.07.14 02:16:12 | 00,269,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pnrpsvc.dll -- (p2pimsvc)
SRV - [2009.07.14 02:16:12 | 00,165,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\provsvc.dll -- (HomeGroupProvider)
SRV - [2009.07.14 02:16:12 | 00,020,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg)
SRV - [2009.07.14 02:15:41 | 00,680,960 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009.07.14 02:15:36 | 00,194,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ListSvc.dll -- (HomeGroupListener)
SRV - [2009.07.14 02:15:21 | 00,797,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009.07.14 02:15:11 | 00,253,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)
SRV - [2009.07.14 02:15:10 | 00,218,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\defragsvc.dll -- (defragsvc)
SRV - [2009.07.14 02:14:59 | 00,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\bdesvc.dll -- (BDESVC)
SRV - [2009.07.14 02:14:58 | 00,088,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\AxInstSv.dll -- (AxInstSV)
SRV - [2009.07.14 02:14:53 | 00,027,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\appidsvc.dll -- (AppIDSvc)
SRV - [2009.07.14 02:14:47 | 01,121,280 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2009.07.14 02:14:29 | 03,179,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sppsvc.exe -- (sppsvc)
SRV - [2009.07.14 02:14:19 | 00,557,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehrecvr.exe -- (ehRecvr)
SRV - [2009.07.14 02:14:19 | 00,094,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehsched.exe -- (ehSched)
SRV - [2009.06.10 22:23:09 | 00,066,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.06.10 22:14:51 | 00,042,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0)
SRV - [2009.06.10 22:14:05 | 00,128,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2009.06.10 22:14:02 | 00,878,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc)
SRV - [2005.04.03 23:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)


========== Driver Services (SafeList) ==========

DRV - [2009.11.01 20:32:42 | 00,311,312 | ---- | M] (Kaspersky Lab) -- C:\Windows\System32\drivers\klif.sys -- (KLIF)
DRV - [2009.10.14 21:18:34 | 00,036,880 | ---- | M] (Kaspersky Lab) -- C:\Windows\system32\drivers\klbg.sys -- (klbg)
DRV - [2009.10.02 19:39:36 | 00,019,472 | ---- | M] (Kaspersky Lab) -- C:\Windows\System32\drivers\klmouflt.sys -- (klmouflt)
DRV - [2009.09.14 14:46:36 | 00,021,520 | ---- | M] (Kaspersky Lab) -- C:\Windows\System32\drivers\klim6.sys -- (KLIM6)
DRV - [2009.09.01 15:29:50 | 00,128,016 | ---- | M] (Kaspersky Lab) -- C:\Windows\System32\drivers\kl1.sys -- (kl1)
DRV - [2009.08.21 17:47:52 | 00,721,904 | ---- | M] () -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009.08.18 02:48:06 | 04,994,560 | ---- | M] (ATI Technologies Inc.) -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2009.07.14 02:26:21 | 00,015,952 | ---- | M] (CMD Technology, Inc.) -- C:\Windows\system32\DRIVERS\cmdide.sys -- (cmdide)
DRV - [2009.07.14 02:26:17 | 00,297,552 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\DRIVERS\adpahci.sys -- (adpahci)
DRV - [2009.07.14 02:26:15 | 00,422,976 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\DRIVERS\adp94xx.sys -- (adp94xx)
DRV - [2009.07.14 02:26:15 | 00,159,312 | ---- | M] (AMD Technologies Inc.) -- C:\Windows\system32\DRIVERS\amdsbs.sys -- (amdsbs)
DRV - [2009.07.14 02:26:15 | 00,146,512 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\DRIVERS\adpu320.sys -- (adpu320)
DRV - [2009.07.14 02:26:15 | 00,086,608 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\DRIVERS\arcsas.sys -- (arcsas)
DRV - [2009.07.14 02:26:15 | 00,079,952 | ---- | M] (Advanced Micro Devices) -- C:\Windows\system32\DRIVERS\amdsata.sys -- (amdsata)
DRV - [2009.07.14 02:26:15 | 00,076,368 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\DRIVERS\arc.sys -- (arc)
DRV - [2009.07.14 02:26:15 | 00,023,616 | ---- | M] (Advanced Micro Devices) -- C:\Windows\system32\DRIVERS\amdxata.sys -- (amdxata)
DRV - [2009.07.14 02:26:15 | 00,014,400 | ---- | M] (Acer Laboratories Inc.) -- C:\Windows\system32\DRIVERS\aliide.sys -- (aliide)
DRV - [2009.07.14 02:20:44 | 00,142,416 | ---- | M] () -- C:\Windows\system32\DRIVERS\nvstor.sys -- (nvstor)
DRV - [2009.07.14 02:20:44 | 00,117,312 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\DRIVERS\nvraid.sys -- (nvraid)
DRV - [2009.07.14 02:20:44 | 00,044,624 | ---- | M] (IBM Corporation) -- C:\Windows\system32\DRIVERS\nfrd960.sys -- (nfrd960)
DRV - [2009.07.14 02:20:37 | 00,089,168 | ---- | M] (LSI Corporation) -- C:\Windows\system32\DRIVERS\lsi_sas.sys -- (LSI_SAS)
DRV - [2009.07.14 02:20:36 | 00,332,352 | ---- | M] (Intel Corporation) -- C:\Windows\system32\DRIVERS\iaStorV.sys -- (iaStorV)
DRV - [2009.07.14 02:20:36 | 00,235,584 | ---- | M] (LSI Corporation, Inc.) -- C:\Windows\system32\DRIVERS\MegaSR.sys -- (MegaSR)
DRV - [2009.07.14 02:20:36 | 00,133,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\Drivers\ksecpkg.sys -- (KSecPkg)
DRV - [2009.07.14 02:20:36 | 00,096,848 | ---- | M] (LSI Corporation) -- C:\Windows\system32\DRIVERS\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2009.07.14 02:20:36 | 00,095,824 | ---- | M] (LSI Corporation) -- C:\Windows\system32\DRIVERS\lsi_fc.sys -- (LSI_FC)
DRV - [2009.07.14 02:20:36 | 00,054,864 | ---- | M] (LSI Corporation) -- C:\Windows\system32\DRIVERS\lsi_sas2.sys -- (LSI_SAS2)
DRV - [2009.07.14 02:20:36 | 00,041,040 | ---- | M] (Intel Corp./ICP vortex GmbH) -- C:\Windows\system32\DRIVERS\iirsp.sys -- (iirsp)
DRV - [2009.07.14 02:20:36 | 00,030,800 | ---- | M] (LSI Corporation) -- C:\Windows\system32\DRIVERS\megasas.sys -- (megasas)
DRV - [2009.07.14 02:20:36 | 00,013,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\hwpolicy.sys -- (hwpolicy)
DRV - [2009.07.14 02:20:28 | 00,453,712 | ---- | M] (Emulex) -- C:\Windows\system32\DRIVERS\elxstor.sys -- (elxstor)
DRV - [2009.07.14 02:20:28 | 00,070,720 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\DRIVERS\djsvs.sys -- (aic78xx)
DRV - [2009.07.14 02:20:28 | 00,067,152 | ---- | M] (Hewlett-Packard Company) -- C:\Windows\system32\DRIVERS\HpSAMD.sys -- (HpSAMD)
DRV - [2009.07.14 02:20:28 | 00,046,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\fsdepends.sys -- (FsDepends)
DRV - [2009.07.14 02:19:11 | 00,141,904 | ---- | M] (VIA Technologies Inc.,Ltd) -- C:\Windows\system32\DRIVERS\vsmraid.sys -- (vsmraid)
DRV - [2009.07.14 02:19:10 | 00,175,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)
DRV - [2009.07.14 02:19:10 | 00,159,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\DRIVERS\vhdmp.sys -- (vhdmp)
DRV - [2009.07.14 02:19:10 | 00,040,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt)
DRV - [2009.07.14 02:19:10 | 00,032,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\DRIVERS\vdrvroot.sys -- (vdrvroot)
DRV - [2009.07.14 02:19:10 | 00,028,224 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)
DRV - [2009.07.14 02:19:10 | 00,019,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\wimmount.sys -- (WIMMount)
DRV - [2009.07.14 02:19:10 | 00,016,976 | ---- | M] (VIA Technologies, Inc.) -- C:\Windows\system32\DRIVERS\viaide.sys -- (viaide)
DRV - [2009.07.14 02:19:04 | 01,383,488 | ---- | M] (QLogic Corporation) -- C:\Windows\system32\DRIVERS\ql2300.sys -- (ql2300)
DRV - [2009.07.14 02:19:04 | 00,173,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\rdyboost.sys -- (rdyboost)
DRV - [2009.07.14 02:19:04 | 00,106,064 | ---- | M] (QLogic Corporation) -- C:\Windows\system32\DRIVERS\ql40xx.sys -- (ql40xx)
DRV - [2009.07.14 02:19:04 | 00,077,888 | ---- | M] (Silicon Integrated Systems) -- C:\Windows\system32\DRIVERS\sisraid4.sys -- (SiSRaid4)
DRV - [2009.07.14 02:19:04 | 00,043,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\pcw.sys -- (pcw)
DRV - [2009.07.14 02:19:04 | 00,040,016 | ---- | M] (Silicon Integrated Systems Corp.) -- C:\Windows\system32\DRIVERS\SiSRaid2.sys -- (SiSRaid2)
DRV - [2009.07.14 02:19:04 | 00,021,072 | ---- | M] (Promise Technology) -- C:\Windows\system32\DRIVERS\stexstor.sys -- (stexstor)
DRV - [2009.07.14 02:17:54 | 00,369,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\Drivers\cng.sys -- (CNG)
DRV - [2009.07.14 01:57:25 | 00,272,128 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\System32\Drivers\Brserid.sys -- (Brserid)
DRV - [2009.07.14 01:02:41 | 00,018,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\rdpbus.sys -- (rdpbus)
DRV - [2009.07.14 01:01:41 | 00,007,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\RDPREFMP.sys -- (RDPREFMP)
DRV - [2009.07.14 00:55:00 | 00,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\agilevpn.sys -- (RasAgileVpn)
DRV - [2009.07.14 00:53:51 | 00,009,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\wfplwf.sys -- (WfpLwf)
DRV - [2009.07.14 00:52:44 | 00,027,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\ndiscap.sys -- (NdisCap)
DRV - [2009.07.14 00:52:02 | 00,019,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\vwifibus.sys -- (vwifibus)
DRV - [2009.07.14 00:52:00 | 00,163,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\DRIVERS\1394ohci.sys -- (1394ohci)
DRV - [2009.07.14 00:51:35 | 00,008,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\DRIVERS\umpass.sys -- (UmPass)
DRV - [2009.07.14 00:51:23 | 00,080,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio)
DRV - [2009.07.14 00:51:17 | 00,027,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbser.sys -- (usbser)
DRV - [2009.07.14 00:51:08 | 00,004,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mshidkmdf.sys -- (mshidkmdf)
DRV - [2009.07.14 00:46:55 | 00,012,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\DRIVERS\MTConfig.sys -- (MTConfig)
DRV - [2009.07.14 00:45:26 | 00,031,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\CompositeBus.sys -- (CompositeBus)
DRV - [2009.07.14 00:36:52 | 00,050,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\appid.sys -- (AppID)
DRV - [2009.07.14 00:33:50 | 00,026,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\scfilter.sys -- (scfilter)
DRV - [2009.07.14 00:28:47 | 00,005,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)
DRV - [2009.07.14 00:28:45 | 00,017,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)
DRV - [2009.07.14 00:24:05 | 00,032,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\discache.sys -- (discache)
DRV - [2009.07.14 00:19:21 | 00,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\DRIVERS\HidBatt.sys -- (HidBatt)
DRV - [2009.07.14 00:16:36 | 00,009,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\DRIVERS\acpipmi.sys -- (AcpiPmi)
DRV - [2009.07.14 00:11:04 | 00,052,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\DRIVERS\amdppm.sys -- (AmdPPM)
DRV - [2009.07.13 23:54:14 | 00,026,624 | ---- | M] (Hauppauge Computer Works, Inc.) -- C:\Windows\system32\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009.07.13 23:53:33 | 00,012,160 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\System32\Drivers\BrUsbMdm.sys -- (BrUsbMdm)
DRV - [2009.07.13 23:53:33 | 00,011,904 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\System32\Drivers\BrUsbSer.sys -- (BrUsbSer)
DRV - [2009.07.13 23:53:32 | 00,062,336 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\System32\Drivers\BrSerWdm.sys -- (BrSerWdm)
DRV - [2009.07.13 23:53:28 | 00,013,568 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\system32\DRIVERS\BrFiltLo.sys -- (BrFiltLo)
DRV - [2009.07.13 23:53:28 | 00,005,248 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\system32\DRIVERS\BrFiltUp.sys -- (BrFiltUp)
DRV - [2009.07.13 23:02:52 | 00,347,264 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvm62x32.sys -- (NVENETFD)
DRV - [2009.07.13 23:02:49 | 00,229,888 | ---- | M] (Broadcom Corporation) -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)
DRV - [2009.07.13 23:02:48 | 03,100,160 | ---- | M] (Broadcom Corporation) -- C:\Windows\system32\DRIVERS\evbdx.sys -- (ebdrv)
DRV - [2009.07.13 23:02:48 | 00,430,080 | ---- | M] (Broadcom Corporation) -- C:\Windows\system32\DRIVERS\bxvbdx.sys -- (b06bdrv)
DRV - [2009.07.13 21:50:20 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\Windows\System32\drivers\secdrv.sys -- (secdrv)
DRV - [2008.07.26 14:26:22 | 00,041,752 | ---- | M] (Logitech Inc.) -- C:\Windows\System32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2008.07.26 14:25:48 | 00,627,864 | ---- | M] (Logitech Inc.) -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS)
DRV - [2008.07.26 14:22:34 | 02,570,520 | ---- | M] (Logitech Inc.) -- C:\Windows\System32\drivers\LV302V32.SYS -- (PID_PEPI)
DRV - [2008.07.26 14:22:22 | 00,013,848 | ---- | M] (Logitech Inc.) -- C:\Windows\System32\drivers\lv302af.sys -- (pepifilter)
DRV - [2008.05.02 09:58:28 | 00,008,064 | ---- | M] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2008.05.02 09:58:14 | 00,020,864 | ---- | M] (Nokia) -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2008.05.02 09:58:14 | 00,008,064 | ---- | M] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2008.05.02 09:58:12 | 00,017,536 | ---- | M] (Nokia) -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2007.04.03 12:06:24 | 00,449,536 | ---- | M] (Atheros Communications, Inc.) -- C:\Windows\System32\drivers\WlanUZG.sys -- (ZY202_VS)
DRV - [2007.01.16 10:41:50 | 00,316,928 | ---- | M] (Analog Devices, Inc.) -- C:\Windows\System32\drivers\ADIHdAud.sys -- (ADIHdAudAddService)
DRV - [2004.08.13 08:56:20 | 00,005,810 | ---- | M] () -- C:\Windows\System32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2002.06.20 18:45:44 | 00,013,920 | ---- | M] (Logitech Inc.) -- C:\Windows\System32\drivers\WmHidLo.sys -- (WmHidLo)
DRV - [2002.06.20 18:45:42 | 00,020,128 | ---- | M] (Logitech Inc.) -- C:\Windows\System32\drivers\WmFilter.sys -- (WmFilter)
DRV - [2002.06.20 18:45:40 | 00,010,144 | ---- | M] (Logitech Inc.) -- C:\Windows\System32\drivers\WmBEnum.sys -- (WmBEnum)
DRV - [2002.06.20 18:45:36 | 00,005,728 | ---- | M] (Logitech Inc.) -- C:\Windows\System32\drivers\WmVirHid.sys -- (WmVirHid)
DRV - [2002.06.20 18:45:34 | 00,039,776 | ---- | M] (Logitech Inc.) -- C:\Windows\System32\drivers\WmXlCore.sys -- (WmXlCore)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank


IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2974301013-2509535356-2684909832-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://search.qip.ru
IE - HKU\S-1-5-21-2974301013-2509535356-2684909832-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
IE - HKU\S-1-5-21-2974301013-2509535356-2684909832-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKU\S-1-5-21-2974301013-2509535356-2684909832-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://search.qip.ru
IE - HKU\S-1-5-21-2974301013-2509535356-2684909832-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-2974301013-2509535356-2684909832-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 60 10 E3 F9 78 22 CA 01 [binary data]
IE - HKU\S-1-5-21-2974301013-2509535356-2684909832-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie
IE - HKU\S-1-5-21-2974301013-2509535356-2684909832-1000\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-2974301013-2509535356-2684909832-1000\..\URLSearchHook: {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Users\Marek\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll (qip.ru)
IE - HKU\S-1-5-21-2974301013-2509535356-2684909832-1000\..\URLSearchHook: {EEE6C35D-6118-11DC-9C72-001320C79847} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-2974301013-2509535356-2684909832-1000\S-1-5-21-2974301013-2509535356-2684909832-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "QIP Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.2
FF - prefs.js..keyword.URL: "http://search.qip.ru/search?from=FF&query="

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009.11.07 20:50:14 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009.11.07 20:50:14 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\{eea12ec4-729d-4703-bc37-106ce9879ce2}: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\THBExt [2009.11.01 20:33:17 | 00,000,000 | ---D | M]

[2009.08.21 17:05:21 | 00,000,000 | ---D | M] -- C:\Users\Marek\AppData\Roaming\Mozilla\Extensions
[2009.08.21 17:05:21 | 00,000,000 | ---D | M] -- C:\Users\Marek\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009.08.21 17:11:48 | 00,000,000 | ---D | M] -- C:\Users\Marek\AppData\Roaming\Mozilla\Firefox\Profiles\qbcoj51n.default\extensions
[2009.11.14 10:38:40 | 00,000,000 | ---D | M] -- C:\Users\Marek\AppData\Roaming\Mozilla\Firefox\Profiles\yr5v21ut.default\extensions
[2009.08.21 17:11:54 | 00,000,000 | ---D | M] -- C:\Users\Marek\AppData\Roaming\Mozilla\Firefox\Profiles\yr5v21ut.default\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}
[2009.08.21 17:11:54 | 00,000,000 | ---D | M] -- C:\Users\Marek\AppData\Roaming\Mozilla\Firefox\Profiles\yr5v21ut.default\extensions\{74b288e6-77b6-41c7-8138-bb81f4539689}
[2009.11.14 10:37:40 | 00,000,000 | ---D | M] -- C:\Users\Marek\AppData\Roaming\Mozilla\Firefox\Profiles\yr5v21ut.default\extensions\{e213bb8f-8ebd-11db-96b7-005056c00008}
[2009.10.11 18:50:59 | 00,000,000 | ---D | M] -- C:\Users\Marek\AppData\Roaming\Mozilla\Firefox\Profiles\yr5v21ut.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}
[2009.08.21 17:11:49 | 00,000,000 | ---D | M] -- C:\Users\Marek\AppData\Roaming\Mozilla\Firefox\Profiles\yr5v21ut.default\extensions\battlefieldheroespatcher@ea.com
[2009.08.21 17:11:50 | 00,000,000 | ---D | M] -- C:\Users\Marek\AppData\Roaming\Mozilla\Firefox\Profiles\yr5v21ut.default\extensions\nasanightlaunch@example.com
[2009.08.21 17:11:54 | 00,000,000 | ---D | M] -- C:\Users\Marek\AppData\Roaming\Mozilla\Firefox\Profiles\yr5v21ut.default\extensions\osutheme@coachtressel.com
[2009.11.14 10:38:37 | 00,000,000 | ---D | M] -- C:\Users\Marek\AppData\Roaming\Mozilla\Firefox\Profiles\yr5v21ut.default\extensions\personas@christopher.beard
[2009.10.30 21:53:05 | 00,000,000 | ---D | M] -- C:\Users\Marek\AppData\Roaming\Mozilla\Firefox\Profiles\yr5v21ut.default\extensions\xmlfiller@software602.cz
[2009.08.21 17:11:54 | 00,000,000 | ---D | M] -- C:\Users\Marek\AppData\Roaming\Mozilla\Firefox\Profiles\yr5v21ut.default\extensions\osutheme@coachtressel.com\chrome\mozapps\extensions
[2009.08.21 17:05:21 | 00,000,000 | ---D | M] -- C:\Users\Marek\AppData\Roaming\Mozilla\Firefox\Profiles\z7p8reux.default\extensions
[2009.08.21 17:06:17 | 00,002,061 | ---- | M] () -- C:\Users\Marek\AppData\Roaming\Mozilla\Firefox\Profiles\z7p8reux.default\searchplugins\qipsearch.xml
[2009.11.14 10:38:40 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009.11.07 20:50:14 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009.08.24 17:07:18 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
[2009.08.29 13:55:01 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
[2009.11.01 20:33:57 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru
[2009.11.07 20:50:09 | 00,023,512 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll
[2009.11.07 20:50:09 | 00,137,176 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll
[2007.04.10 16:21:08 | 00,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
[2009.07.25 04:23:01 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll
[2009.11.07 20:50:13 | 00,064,984 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
[2009.02.27 11:13:42 | 00,103,792 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
[2009.10.31 10:00:07 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
[2009.10.31 10:00:07 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
[2009.10.31 10:00:07 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
[2009.10.31 10:00:07 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
[2009.10.31 10:00:07 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
[2009.10.31 10:00:07 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
[2009.10.31 10:00:07 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
[2009.10.29 13:28:13 | 00,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml
[2009.10.29 13:28:13 | 00,000,638 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\jyxo-cz.xml
[2009.10.29 13:28:13 | 00,001,687 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\mall-cz.xml
[2009.10.29 13:28:13 | 00,001,367 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\seznam-cz.xml
[2009.10.29 13:28:13 | 00,000,654 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\slunecnice-cz.xml
[2009.10.29 13:28:13 | 00,001,179 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-cz.xml

O1 HOSTS File: (824 bytes) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll (Kaspersky Lab)
O2 - BHO: (QIPBHO Class) - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Users\Marek\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll (qip.ru)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab)
O2 - BHO: (no name) - {EEE6C35C-6118-11DC-9C72-001320C79847} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found.
O3 - HKU\S-1-5-21-2974301013-2509535356-2684909832-1000\..\Toolbar\WebBrowser: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found.
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe (Kaspersky Lab)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2974301013-2509535356-2684909832-1000..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2974301013-2509535356-2684909832-1000..\Run: [Start WingMan Profiler] File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm ()
O9 - Extra Button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab)
O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab)
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} http://icq.oberon-media.com/Gameshell/G ... meHost.cab (Oberon Flash Game Host)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll) - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\mzvkbd3.dll (Kaspersky Lab)
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll) - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\kloehk.dll (Kaspersky Lab)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\klogon: DllName - C:\Windows\system32\klogon.dll - C:\Windows\System32\klogon.dll (Kaspersky Lab)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\Windows\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FPS1 - C:\Windows\System32\frapsvid.dll (Beepa P/L)
Drivers32: VIDC.I420 - C:\Windows\System32\lvcodec2.dll (Logitech Inc.)
Drivers32: vidc.XVID - C:\Windows\System32\xvidvfw.dll ()

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FPS1 - C:\Windows\System32\frapsvid.dll (Beepa P/L)
Drivers32: VIDC.I420 - C:\Windows\System32\lvcodec2.dll (Logitech Inc.)
Drivers32: vidc.XVID - C:\Windows\System32\xvidvfw.dll ()

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias [2009.07.14 03:37:08 | 00,000,000 | ---D | M]
NetSvcs: Irmon - C:\Windows\System32\irmon.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
NetSvcs: Themes - C:\Windows\System32\themeservice.dll (Microsoft Corporation)
NetSvcs: BDESVC - C:\Windows\System32\bdesvc.dll (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (-4294967296)

========== Files/Folders - Created Within 7 Days ==========

[2009.11.14 16:04:43 | 00,529,408 | ---- | C] (OldTimer Tools) -- C:\Users\Marek\Desktop\OTL.exe
[2009.11.14 11:52:38 | 00,000,000 | ---D | C] -- C:\Users\Marek\AppData\Roaming\Malwarebytes
[2009.11.14 11:52:31 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009.11.14 11:52:30 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2009.11.14 11:52:30 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2009.11.14 11:52:10 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2009.11.14 11:52:10 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009.11.13 20:51:17 | 00,000,000 | ---D | C] -- C:\Program Files\AP Tuner
[2009.11.13 17:06:07 | 00,000,000 | ---D | C] -- C:\Program Files\True Sword 5
[2009.11.13 15:33:30 | 00,000,000 | ---D | C] -- C:\Program Files\CCleaner

========== Files - Modified Within 7 Days ==========

[2009.11.14 16:07:06 | 02,097,152 | -HS- | M] () -- C:\Users\Marek\NTUSER.DAT
[2009.11.14 16:05:17 | 01,461,374 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2009.11.14 16:05:17 | 00,627,654 | ---- | M] () -- C:\Windows\System32\perfh005.dat
[2009.11.14 16:05:17 | 00,612,224 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2009.11.14 16:05:17 | 00,121,032 | ---- | M] () -- C:\Windows\System32\perfc005.dat
[2009.11.14 16:05:17 | 00,105,798 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2009.11.14 16:05:16 | 00,010,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2009.11.14 16:05:16 | 00,010,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2009.11.14 16:04:46 | 00,002,898 | ---- | M] () -- C:\Windows\WINCMD.INI
[2009.11.14 16:00:06 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009.11.14 15:59:54 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009.11.14 15:59:38 | 16,094,24896 | -HS- | M] () -- C:\hiberfil.sys
[2009.11.14 15:58:24 | 00,979,550 | -H-- | M] () -- C:\Users\Marek\AppData\Local\IconCache.db
[2009.11.14 15:48:59 | 00,529,408 | ---- | M] (OldTimer Tools) -- C:\Users\Marek\Desktop\OTL.exe
[2009.11.14 15:44:43 | 00,043,566 | ---- | M] () -- C:\Users\Marek\Desktop\zed.jpg
[2009.11.14 15:00:11 | 00,000,714 | ---- | M] () -- C:\Windows\wcx_ftp.ini
[2009.11.14 11:52:34 | 00,000,983 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009.11.13 15:38:45 | 00,110,036 | ---- | M] () -- C:\Users\Marek\Documents\cc_20091113_153757.reg
[2009.11.13 15:09:39 | 00,007,597 | ---- | M] () -- C:\Users\Marek\AppData\Local\Resmon.ResmonCfg
[2009.11.11 15:32:10 | 00,024,001 | ---- | M] () -- C:\Users\Marek\Documents\deutschland.odt
[2009.11.09 18:16:30 | 01,744,384 | ---- | M] () -- C:\Users\Marek\Desktop\prezentace1.ppt
[2009.11.07 18:27:24 | 00,618,583 | ---- | M] () -- C:\Users\Marek\Desktop\Bez názvu.png

========== Files Created - No Company Name ==========

[2009.11.14 15:38:03 | 00,043,566 | ---- | C] () -- C:\Users\Marek\Desktop\zed.jpg
[2009.11.14 11:52:34 | 00,000,983 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009.11.13 15:38:00 | 00,110,036 | ---- | C] () -- C:\Users\Marek\Documents\cc_20091113_153757.reg
[2009.11.09 18:16:26 | 01,744,384 | ---- | C] () -- C:\Users\Marek\Desktop\prezentace1.ppt
[2009.11.07 18:27:24 | 00,618,583 | ---- | C] () -- C:\Users\Marek\Desktop\Bez názvu.png
[2009.11.01 15:16:41 | 00,007,597 | ---- | C] () -- C:\Users\Marek\AppData\Local\Resmon.ResmonCfg
[2009.10.11 08:29:41 | 00,003,584 | ---- | C] () -- C:\Users\Marek\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.09.26 13:52:50 | 00,815,104 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2009.09.26 13:52:50 | 00,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009.09.24 19:41:26 | 00,000,151 | ---- | C] () -- C:\Windows\PhotoSnapViewer.INI
[2009.09.19 14:37:01 | 00,000,116 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2009.08.31 17:54:35 | 00,000,714 | ---- | C] () -- C:\Windows\wcx_ftp.ini
[2009.08.21 18:50:30 | 00,139,152 | ---- | C] () -- C:\Users\Marek\AppData\Roaming\PnkBstrK.sys
[2009.08.21 18:12:18 | 00,062,128 | ---- | C] () -- C:\Users\Marek\AppData\Local\GDIPFONTCACHEV1.DAT
[2009.08.21 18:10:42 | 00,002,898 | ---- | C] () -- C:\Windows\WINCMD.INI
[2009.08.21 17:47:52 | 00,721,904 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2009.08.21 17:00:41 | 00,979,550 | -H-- | C] () -- C:\Users\Marek\AppData\Local\IconCache.db
[2009.08.21 16:57:01 | 00,000,470 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2009.07.14 05:52:31 | 00,043,318 | ---- | C] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont
[2009.07.14 05:52:31 | 00,029,779 | ---- | C] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009.07.14 05:52:31 | 00,026,489 | ---- | C] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2009.07.14 05:52:31 | 00,026,040 | ---- | C] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2009.07.14 05:41:57 | 00,000,174 | -HS- | C] () -- C:\Program Files\desktop.ini
[2009.07.14 03:04:23 | 00,000,403 | ---- | C] () -- C:\Windows\win.ini
[2009.07.14 03:04:23 | 00,000,219 | ---- | C] () -- C:\Windows\system.ini
[2009.07.14 01:55:09 | 00,585,216 | ---- | C] () -- C:\Windows\System32\hpotscld.dll
[2009.07.14 00:51:43 | 00,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009.07.14 00:42:10 | 00,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009.06.19 19:06:22 | 00,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2009.06.19 19:06:22 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2009.06.19 19:06:22 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2009.06.19 19:06:22 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2009.06.19 19:06:22 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2009.06.19 19:06:22 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2009.06.19 19:06:22 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2009.06.19 19:06:22 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2009.06.19 19:06:22 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2009.06.19 19:06:22 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2009.06.10 22:19:56 | 00,142,416 | ---- | C] () -- C:\Windows\System32\drivers\nvstor.sys
[2008.07.26 13:42:52 | 00,066,482 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2004.08.13 08:56:20 | 00,005,810 | ---- | C] () -- C:\Windows\System32\drivers\ASACPI.sys
[2004.04.27 08:26:48 | 00,005,824 | ---- | C] () -- C:\Windows\System32\drivers\ASUSHWIO.SYS

========== LOP Check ==========

[2009.10.03 11:09:09 | 00,000,000 | ---D | M] -- C:\Users\Marek\AppData\Roaming\Ashampoo
[2009.08.21 19:06:15 | 00,000,000 | ---D | M] -- C:\Users\Marek\AppData\Roaming\DAEMON Tools Lite
[2009.08.24 17:05:32 | 00,000,000 | ---D | M] -- C:\Users\Marek\AppData\Roaming\DeepBurner
[2009.08.22 15:02:56 | 00,000,000 | ---D | M] -- C:\Users\Marek\AppData\Roaming\F-Secure
[2009.09.27 16:49:41 | 00,000,000 | ---D | M] -- C:\Users\Marek\AppData\Roaming\ICQ
[2009.10.01 20:07:31 | 00,000,000 | ---D | M] -- C:\Users\Marek\AppData\Roaming\IrfanView
[2009.08.22 19:13:58 | 00,000,000 | ---D | M] -- C:\Users\Marek\AppData\Roaming\OpenOffice.org
[2009.09.07 17:33:04 | 00,000,000 | ---D | M] -- C:\Users\Marek\AppData\Roaming\Publish Providers
[2009.08.23 10:37:03 | 00,000,000 | RH-D | M] -- C:\Users\Marek\AppData\Roaming\SecuROM
[2009.09.07 18:33:27 | 00,000,000 | ---D | M] -- C:\Users\Marek\AppData\Roaming\Sony
[2009.11.14 16:00:06 | 00,000,006 | -H-- | M] () -- C:\Windows\Tasks\SA.DAT
[2009.10.07 13:28:01 | 00,032,574 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >

========== Alternate Data Streams ==========

@Alternate Data Stream - 487 bytes -> C:\ProgramData\TEMP:05EE1EEF
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:888AFB86
< End of report >

[Massacre]

Extras.txt
OTL Extras logfile created on: 14.11.2009 16:05:35 - Run 1
OTL by OldTimer - Version 3.1.5.0 Folder = C:\Users\Marek\Desktop
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

2,00 Gb Total Physical Memory | 1,37 Gb Available Physical Memory | 68,75% Memory free
4,00 Gb Paging File | 3,16 Gb Available in Paging File | 79,16% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 48,83 Gb Total Space | 14,71 Gb Free Space | 30,12% Space Free | Partition Type: NTFS
Drive D: | 249,25 Gb Total Space | 153,68 Gb Free Space | 61,65% Space Free | Partition Type: NTFS
Drive E: | 2,91 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MAREK-PC
Current User Name: Marek
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 7 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- "%SystemRoot%\hh.exe" %1
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-2974301013-2509535356-2684909832-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
chm.file [open] -- "%SystemRoot%\hh.exe" %1 File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" File not found
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
"" =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0C34B801-6AEC-4667-B053-03A67E2D0415}" = Apple Application Support
"{1246FF64-3035-4A92-8FE6-A968275495EB}" = Sony Vegas Pro 8.0
"{1ADE23D7-7A1E-4AEC-BA5D-EB8A01BED943}" = DeepBurner v1.6.0.198
"{23E797E9-F852-4AEA-93F0-772ED2B9D9F9}" = OpenOffice.org 3.1
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java(TM) 6 Update 15
"{435673AB-6821-416D-806A-E477DFA60A42}" = WingMan Software
"{5DB65884-C963-4454-AABA-4CA3089281FA}" = NVIDIA PhysX
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{9D8B0949-7C47-476F-9F06-F900D3B078EA}" = Kaspersky Internet Security 2010
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{A8DB611A-D80E-450D-85F6-3ACDD164BE31}" = Pro Evolution Soccer 2009
"{AC76BA86-7AD7-1029-7B44-A91000000001}" = Adobe Reader 9.1 - Czech
"{BBF0A67B-5DBA-452F-9D2E-6F168BC226E4}" = Need for Speed™ SHIFT
"{BC4AE628-81A4-4FC6-863A-7A9BA2E2531F}" = Nokia Connectivity Cable Driver
"{C37A0BC1-52EE-4F97-8223-5CA9FC0357B0}" = Test Drive Unlimited
"{C5D78EFC-A9C1-44F3-81CB-D42C5DF8EA09}" = ZyXEL G-202 Wireless Adapter Utility
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AP Tuner 3.08" = AP Tuner 3.08
"Ashampoo Burning Studio 6 FREE_is1" = Ashampoo Burning Studio 6 FREE
"CCleaner" = CCleaner
"Counter-Strike: Source" = Counter-Strike: Source
"Digsby" = Digsby
"Fraps" = Fraps (remove only)
"HijackThis" = HijackThis 2.0.2
"InstallWIX_{9D8B0949-7C47-476F-9F06-F900D3B078EA}" = Kaspersky Internet Security 2010
"IrfanView" = IrfanView (remove only)
"LHTTSGED" = L&H TTS3000 Deutsch
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.5.5)" = Mozilla Firefox (3.5.5)
"The KMPlayer" = The KMPlayer (remove only)
"WinRAR archiver" = WinRAR
"Xilisoft HD Video Converter" = Xilisoft HD Video Converter
"Xvid_is1" = Xvid 1.2.1 final uninstall

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2974301013-2509535356-2684909832-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"QIP 2005" = QIP 2005 8095

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 7.11.2009 11:19:30 | Computer Name = Marek-PC | Source = VSS | ID = 8193
Description =

Error - 10.11.2009 7:32:31 | Computer Name = Marek-PC | Source = VSS | ID = 8193
Description =

Error - 11.11.2009 9:50:22 | Computer Name = Marek-PC | Source = Application Error | ID = 1000
Description = Název chybující aplikace: services.exe, verze: 6.1.7600.16385, časové
razítko: 0x4a5bbf1b Název chybujícího modulu: mzvkbd3.dll_unloaded, verze: 0.0.0.0,
časové razítko: 0x4ad869c8 Kód výjimky: 0xc0000005 Posun chyby: 0x6d84346c ID chybujícího
procesu: 0x264 Čas spuštění chybující aplikace: 0x01ca62d5d8e5a060 Cesta k chybující
aplikaci: C:\Windows\system32\services.exe Cesta k chybujícímu modulu: mzvkbd3.dll
ID
zprávy: 279b40c0-cec9-11de-a28e-0009dd600113

Error - 12.11.2009 10:37:16 | Computer Name = Marek-PC | Source = VSS | ID = 8193
Description =

Error - 12.11.2009 15:52:47 | Computer Name = Marek-PC | Source = Application Error | ID = 1000
Description = Název chybující aplikace: wmplayer.exe, verze: 12.0.7600.16415, časové
razítko: 0x4a98ae4b Název chybujícího modulu: kloehk.dll_unloaded, verze: 0.0.0.0,
časové razítko: 0x4ad869bf Kód výjimky: 0xc0000005 Posun chyby: 0x6d4b14f2 ID chybujícího
procesu: 0x844 Čas spuštění chybující aplikace: 0x01ca63d134b8e680 Cesta k chybující
aplikaci: C:\Program Files\Windows Media Player\wmplayer.exe Cesta k chybujícímu
modulu: kloehk.dll ID zprávy: f3234480-cfc4-11de-8e47-0009dd600113

Error - 13.11.2009 5:22:39 | Computer Name = Marek-PC | Source = VSS | ID = 8193
Description =

Error - 14.11.2009 11:00:28 | Computer Name = Marek-PC | Source = Application Error | ID = 1000
Description = Název chybující aplikace: sidebar.exe, verze: 6.1.7600.16385, časové
razítko: 0x4a5bc613 Název chybujícího modulu: kloehk.dll_unloaded, verze: 0.0.0.0,
časové razítko: 0x4ad869bf Kód výjimky: 0xc0000005 Posun chyby: 0x6d4b14fd ID chybujícího
procesu: 0x7a0 Čas spuštění chybující aplikace: 0x01ca653b28e17320 Cesta k chybující
aplikaci: C:\Program Files\Windows Sidebar\sidebar.exe Cesta k chybujícímu modulu:
kloehk.dll ID zprávy: 71f65f30-d12e-11de-adfd-0018f3ca83dc

Error - 14.11.2009 11:06:01 | Computer Name = Marek-PC | Source = VSS | ID = 8194
Description =

Error - 14.11.2009 11:06:01 | Computer Name = Marek-PC | Source = VSS | ID = 8193
Description =

Error - 14.11.2009 11:06:02 | Computer Name = Marek-PC | Source = VSS | ID = 8193
Description =

[ System Events ]
Error - 14.11.2009 5:18:37 | Computer Name = Marek-PC | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter

Error - 14.11.2009 5:18:37 | Computer Name = Marek-PC | Source = atikmdag | ID = 43029
Description = Display is not active

Error - 14.11.2009 6:36:04 | Computer Name = Marek-PC | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter

Error - 14.11.2009 6:36:04 | Computer Name = Marek-PC | Source = atikmdag | ID = 43029
Description = Display is not active

Error - 14.11.2009 6:58:40 | Computer Name = Marek-PC | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter

Error - 14.11.2009 6:58:40 | Computer Name = Marek-PC | Source = atikmdag | ID = 43029
Description = Display is not active

Error - 14.11.2009 7:46:52 | Computer Name = Marek-PC | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter

Error - 14.11.2009 7:46:52 | Computer Name = Marek-PC | Source = atikmdag | ID = 43029
Description = Display is not active

Error - 14.11.2009 10:59:54 | Computer Name = Marek-PC | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter

Error - 14.11.2009 10:59:54 | Computer Name = Marek-PC | Source = atikmdag | ID = 43029
Description = Display is not active


< End of report >

[pitimir]

Super. Teraz ta poprosim o toto:

Otvor HJT, klik na "Main Menu" -> "Open the Misc Tools section" -> "Open ADS Spy…"
Nechaj zafajknute len "Ignore safe system info streams" a klikni na "Scan". Zacne scan, po jeho skonceni "Save log..." a vzniknuty subor mi sem skopiruj :)

Jedna prosba - predtym, ako zacnes robit na horeuvedenom kroku, vypni prosim browser a recisti PC CCleanerom. Nech nemame skreslene vysledky. Thx.

[Massacre]

Ads Spy

C:\ProgramData\Kaspersky Lab\AVP9\Data : extended (2432 bytes)
C:\ProgramData\Kaspersky Lab\AVP9\Data : extended (2432 bytes)
C:\ProgramData\TEMP : 05EE1EEF (487 bytes)
C:\ProgramData\TEMP : 888AFB86 (110 bytes)
C:\ProgramData\TEMP : 05EE1EEF (487 bytes)
C:\ProgramData\TEMP : 888AFB86 (110 bytes)
C:\Users\All Users\Kaspersky Lab\AVP9\Data : extended (2432 bytes)
C:\Users\All Users\Kaspersky Lab\AVP9\Data : extended (2432 bytes)
C:\Users\All Users\TEMP : 05EE1EEF (487 bytes)
C:\Users\All Users\TEMP : 888AFB86 (110 bytes)
C:\Users\All Users\TEMP : 05EE1EEF (487 bytes)
C:\Users\All Users\TEMP : 888AFB86 (110 bytes)
D:\zaloha\doc\Dokumenty\tiscali -password.eml : OECustomProperty (917 bytes)

[pitimir]

Dakujem. Dalsi krok:

Stiahni si RootkitUnhooker. Vypni vsetky spustene aplikacie, extrahuj a spust. Prebehne instalacia (odporucam nic neprestavovat), po nej spust nahodne pomenovany subor (napr. gj8Wtng3Ja01Cj6An.exe) nachadzajuci sa v mieste instalacie. Klikni na "Report" -> "Scan", nechaj vsetko zaskrtnute a klik na "OK". Postupuj podla instrukcii. Zacne sa scan, po jeho skonceni klikni na "File" -> "Save Report". Ulozeny report sem skopiruj.

[Massacre]

RkUnhooker report generator v0.7
==============================================
Rootkit Unhooker kernel version: 3.8.380.580
==============================================
Windows Major Version: 6
Windows Minor Version: 1
Windows Build Number: 7600
==============================================
>SSDT State
NtAdjustPrivilegesToken
Actual Address 0x83BA5C02
Hooked by: C:\Windows\system32\DRIVERS\klif.sys
NtAlpcConnectPort
Actual Address 0x83BA755E
Hooked by: C:\Windows\system32\DRIVERS\klif.sys
NtAlpcCreatePort
Actual Address 0x83BA77B4
Hooked by: C:\Windows\system32\DRIVERS\klif.sys
NtAlpcSendWaitReceivePort
Actual Address 0x83BA7A2E
Hooked by: C:\Windows\system32\DRIVERS\klif.sys
NtClose
Actual Address 0x83BA6482
Hooked by: C:\Windows\system32\DRIVERS\klif.sys
NtConnectPort
Actual Address 0x83BA6B64
Hooked by: C:\Windows\system32\DRIVERS\klif.sys
NtCreateEvent
Actual Address 0x83BA6F6E
Hooked by: C:\Windows\system32\DRIVERS\klif.sys
NtCreateFile
Actual Address 0x83BA662A
Hooked by: C:\Windows\system32\DRIVERS\klif.sys
NtCreateMutant
Actual Address 0x83BA6E46
Hooked by: C:\Windows\system32\DRIVERS\klif.sys
NtCreateNamedPipeFile
Actual Address 0x83BA5808
Hooked by: C:\Windows\system32\DRIVERS\klif.sys
NtCreatePort
Actual Address 0x83BA6D02
Hooked by: C:\Windows\system32\DRIVERS\klif.sys
NtCreateSection
Actual Address 0x83BA59C4
Hooked by: C:\Windows\system32\DRIVERS\klif.sys
NtCreateSemaphore
Actual Address 0x83BA70A0
Hooked by: C:\Windows\system32\DRIVERS\klif.sys
NtCreateSymbolicLinkObject
Actual Address 0x83BA8CE2
Hooked by: C:\Windows\system32\DRIVERS\klif.sys
NtCreateThread
Actual Address 0x83BA6120
Hooked by: C:\Windows\system32\DRIVERS\klif.sys
NtCreateThreadEx
Actual Address 0x83BA6220
Hooked by: C:\Windows\system32\DRIVERS\klif.sys
NtCreateWaitablePort
Actual Address 0x83BA6DA4
Hooked by: C:\Windows\system32\DRIVERS\klif.sys
NtDebugActiveProcess
Actual Address 0x83BA86D4
Hooked by: C:\Windows\system32\DRIVERS\klif.sys
NtDuplicateObject
Actual Address 0x83BA96A4
Hooked by: C:\Windows\system32\DRIVERS\klif.sys
NtFsControlFile
Actual Address 0x83BA6784
Hooked by: C:\Windows\system32\DRIVERS\klif.sys
NtLoadDriver
Actual Address 0x83BA8766
Hooked by: C:\Windows\system32\DRIVERS\klif.sys
NtMapViewOfSection
Actual Address 0x83BA8D96
Hooked by: C:\Windows\system32\DRIVERS\klif.sys
NtOpenEvent
Actual Address 0x83BA7010
Hooked by: C:\Windows\system32\DRIVERS\klif.sys
NtOpenFile
Actual Address 0x83BA6504
Hooked by: C:\Windows\system32\DRIVERS\klif.sys
NtOpenMutant
Actual Address 0x83BA6EDE
Hooked by: C:\Windows\system32\DRIVERS\klif.sys
NtOpenProcess
Actual Address 0x83BA5E08
Hooked by: C:\Windows\system32\DRIVERS\klif.sys
NtOpenSection
Actual Address 0x83BA8D0C
Hooked by: C:\Windows\system32\DRIVERS\klif.sys
NtOpenSemaphore
Actual Address 0x83BA7142
Hooked by: C:\Windows\system32\DRIVERS\klif.sys
NtOpenThread
Actual Address 0x83BA5D2C
Hooked by: C:\Windows\system32\DRIVERS\klif.sys
NtQueryDirectoryObject
Actual Address 0x83BA7C70
Hooked by: C:\Windows\system32\DRIVERS\klif.sys
NtQuerySection
Actual Address 0x83BA90AE
Hooked by: C:\Windows\system32\DRIVERS\klif.sys
NtQueueApcThread
Actual Address 0x83BA89FC
Hooked by: C:\Windows\system32\DRIVERS\klif.sys
NtReplyPort
Actual Address 0x83BA74CC
Hooked by: C:\Windows\system32\DRIVERS\klif.sys
NtReplyWaitReceivePort
Actual Address 0x83BA7392
Hooked by: C:\Windows\system32\DRIVERS\klif.sys
NtRequestWaitReplyPort
Actual Address 0x83BA8474
Hooked by: C:\Windows\system32\DRIVERS\klif.sys
NtResumeThread
Actual Address 0x83BA9586
Hooked by: C:\Windows\system32\DRIVERS\klif.sys
NtSecureConnectPort
Actual Address 0x83BA689E
Hooked by: C:\Windows\system32\DRIVERS\klif.sys
NtSetContextThread
Actual Address 0x83BA633E
Hooked by: C:\Windows\system32\DRIVERS\klif.sys
NtSetInformationToken
Actual Address 0x83BA7D24
Hooked by: C:\Windows\system32\DRIVERS\klif.sys
NtSetSecurityObject
Actual Address 0x83BA8860
Hooked by: C:\Windows\system32\DRIVERS\klif.sys
NtSetSystemInformation
Actual Address 0x83BA91EE
Hooked by: C:\Windows\system32\DRIVERS\klif.sys
NtSuspendProcess
Actual Address 0x83BA92D2
Hooked by: C:\Windows\system32\DRIVERS\klif.sys
NtSuspendThread
Actual Address 0x83BA93FA
Hooked by: C:\Windows\system32\DRIVERS\klif.sys
NtSystemDebugControl
Actual Address 0x83BA8600
Hooked by: C:\Windows\system32\DRIVERS\klif.sys
NtTerminateProcess
Actual Address 0x83BA5F80
Hooked by: C:\Windows\system32\DRIVERS\klif.sys
NtTerminateThread
Actual Address 0x83BA5ED6
Hooked by: C:\Windows\system32\DRIVERS\klif.sys
NtUnmapViewOfSection
Actual Address 0x83BA8F64
Hooked by: C:\Windows\system32\DRIVERS\klif.sys
NtWriteVirtualMemory
Actual Address 0x83BA6060
Hooked by: C:\Windows\system32\DRIVERS\klif.sys
==============================================
>Shadow
NtGdiBitBlt
Actual Address 0x83BB6CF0
Hooked by: C:\Windows\system32\DRIVERS\klif.sys
NtGdiMaskBlt
Actual Address 0x83BB6DBA
Hooked by: C:\Windows\system32\DRIVERS\klif.sys
NtGdiPlgBlt
Actual Address 0x83BB6E24
Hooked by: C:\Windows\system32\DRIVERS\klif.sys
NtGdiStretchBlt
Actual Address 0x83BB6D54
Hooked by: C:\Windows\system32\DRIVERS\klif.sys
NtUserAttachThreadInput
Actual Address 0x83BB6904
Hooked by: C:\Windows\system32\DRIVERS\klif.sys
NtUserBuildHwndList
Actual Address 0x83BB6E86
Hooked by: C:\Windows\system32\DRIVERS\klif.sys
NtUserCallOneParam
Actual Address 0x83BB6CBC
Hooked by: C:\Windows\system32\DRIVERS\klif.sys
NtUserFindWindowEx
Actual Address 0x83BB6AF2
Hooked by: C:\Windows\system32\DRIVERS\klif.sys
NtUserGetAsyncKeyState
Actual Address 0x83BB686C
Hooked by: C:\Windows\system32\DRIVERS\klif.sys
NtUserGetKeyboardState
Actual Address 0x83BB6BF4
Hooked by: C:\Windows\system32\DRIVERS\klif.sys
NtUserGetKeyState
Actual Address 0x83BB68B8
Hooked by: C:\Windows\system32\DRIVERS\klif.sys
NtUserMessageCall
Actual Address 0x83BB6A44
Hooked by: C:\Windows\system32\DRIVERS\klif.sys
NtUserPostMessage
Actual Address 0x83BB699A
Hooked by: C:\Windows\system32\DRIVERS\klif.sys
NtUserPostThreadMessage
Actual Address 0x83BB69EE
Hooked by: C:\Windows\system32\DRIVERS\klif.sys
NtUserRegisterRawInputDevices
Actual Address 0x83BB6B84
Hooked by: C:\Windows\system32\DRIVERS\klif.sys
NtUserSendInput
Actual Address 0x83BB6AA4
Hooked by: C:\Windows\system32\DRIVERS\klif.sys
NtUserSetWindowsHookEx
Actual Address 0x83BB67BC
Hooked by: C:\Windows\system32\DRIVERS\klif.sys
NtUserSetWinEventHook
Actual Address 0x83BB6812
Hooked by: C:\Windows\system32\DRIVERS\klif.sys
==============================================
>Processes
Process: C:\Windows\System32\smss.exe
Process Id: 336
EPROCESS Address: 0x8675B520

Process: C:\Windows\System32\csrss.exe
Process Id: 440
EPROCESS Address: 0x86910B38

Process: C:\Windows\System32\wininit.exe
Process Id: 512
EPROCESS Address: 0x852B01D8

Process: C:\Windows\System32\csrss.exe
Process Id: 524
EPROCESS Address: 0x8695CB30

Process: C:\Windows\System32\services.exe
Process Id: 564
EPROCESS Address: 0x874A5D40

Process: C:\Windows\System32\lsass.exe
Process Id: 580
EPROCESS Address: 0x852C4A78

Process: C:\Windows\System32\lsm.exe
Process Id: 588
EPROCESS Address: 0x874AB368

Process: C:\Windows\System32\winlogon.exe
Process Id: 624
EPROCESS Address: 0x874D4D40

Process: C:\Windows\System32\svchost.exe
Process Id: 740
EPROCESS Address: 0x875C2D40

Process: C:\Windows\System32\svchost.exe
Process Id: 824
EPROCESS Address: 0x875D0930

Process: C:\Windows\System32\atiesrxx.exe
Process Id: 872
EPROCESS Address: 0x8761DB28

Process: C:\Windows\System32\svchost.exe
Process Id: 952
EPROCESS Address: 0x8764CD40

Process: C:\Windows\System32\svchost.exe
Process Id: 996
EPROCESS Address: 0x87663A90

Process: C:\Windows\System32\svchost.exe
Process Id: 1068
EPROCESS Address: 0x87687D40

Process: C:\Windows\System32\svchost.exe
Process Id: 1200
EPROCESS Address: 0x876EF8F8

Process: C:\Windows\System32\atieclxx.exe
Process Id: 1252
EPROCESS Address: 0x877034C0

Process: C:\Windows\System32\svchost.exe
Process Id: 1260
EPROCESS Address: 0x87D05030

Process: C:\Windows\System32\svchost.exe
Process Id: 1388
EPROCESS Address: 0x87726D40

Process: C:\Windows\System32\svchost.exe
Process Id: 1536
EPROCESS Address: 0x8778AA58

Process: C:\Windows\System32\spoolsv.exe
Process Id: 1580
EPROCESS Address: 0x87805D40

Process: C:\Windows\System32\dwm.exe
Process Id: 1596
EPROCESS Address: 0x865C1D40

Process: C:\Windows\System32\taskhost.exe
Process Id: 1612
EPROCESS Address: 0x8781CD40

Process: C:\Windows\explorer.exe
Process Id: 1652
EPROCESS Address: 0x87825D40

Process: C:\Windows\System32\svchost.exe
Process Id: 1680
EPROCESS Address: 0x868BB810

Process: C:\Program Files\Analog Devices\Core\smax4pnp.exe
Process Id: 1876
EPROCESS Address: 0x878D1810

Process: C:\Program Files\Windows Sidebar\sidebar.exe
Process Id: 1892
EPROCESS Address: 0x878DF770

Process: C:\Windows\servicing\TrustedInstaller.exe
Process Id: 2660
EPROCESS Address: 0x87DB98F8

Process: C:\Windows\System32\svchost.exe
Process Id: 2704
EPROCESS Address: 0x87C7A798

Process: C:\Windows\System32\svchost.exe
Process Id: 2744
EPROCESS Address: 0x8543D030

Process: C:\Windows\System32\msfeedssync.exe
Process Id: 2780
EPROCESS Address: 0x85433A40

Process: C:\Windows\System32\SearchIndexer.exe
Process Id: 2836
EPROCESS Address: 0x87CE2930

Process: C:\Windows\System32\taskhost.exe
Process Id: 2940
EPROCESS Address: 0x854A5D40

Process: C:\Program Files\Windows Media Player\wmpnetwk.exe
Process Id: 3192
EPROCESS Address: 0x87D47030

Process: C:\Users\Marek\Desktop\MustBeRandomlyNamed\e1er5dptfi3cRBQx.exe
Process Id: 3204
EPROCESS Address: 0x85355030

Process: C:\Windows\System32\svchost.exe
Process Id: 3232
EPROCESS Address: 0x87D4B510

Process: C:\Windows\System32\svchost.exe
Process Id: 3404
EPROCESS Address: 0x87DC7520

Process: C:\Windows\System32\wbem\WmiPrvSE.exe
Process Id: 3736
EPROCESS Address: 0x86909D40

Process: System
Process Id: 4
EPROCESS Address: 0x85239920

Process: C:\Windows\System32\audiodg.exe
Process Id: 1128
EPROCESS Address: 0x8769D860

Process: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
Process Id: 1884
EPROCESS Address: 0x878DE3B0

Process: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
Process Id: 1932
EPROCESS Address: 0x878F8D40

==============================================
>Drivers
Driver: C:\Windows\system32\DRIVERS\kl1.sys
Address: 0x8E632000
Size: 5373952 bytes

Driver: C:\Windows\system32\DRIVERS\atikmdag.sys
Address: 0x8F434000
Size: 5328896 bytes

Driver: C:\Windows\system32\ntkrnlpa.exe
Address: 0x82C49000
Size: 4259840 bytes

Driver: PnpManager
Address: 0x82C49000
Size: 4259840 bytes

Driver: RAW
Address: 0x82C49000
Size: 4259840 bytes

Driver: WMIxWDM
Address: 0x82C49000
Size: 4259840 bytes

Driver: C:\Windows\system32\DRIVERS\LV302V32.SYS
Address: 0x8220B000
Size: 2564096 bytes

Driver: Win32k
Address: 0x940F0000
Size: 2400256 bytes

Driver: C:\Windows\System32\win32k.sys
Address: 0x940F0000
Size: 2400256 bytes

Driver: C:\Windows\System32\drivers\tcpip.sys
Address: 0x8942A000
Size: 1347584 bytes

Driver: C:\Windows\System32\Drivers\Ntfs.sys
Address: 0x8901E000
Size: 1241088 bytes

Driver: PCI_PNP7456
Address: 0x8381D000
Size: 1052672 bytes

Driver: C:\Windows\System32\Drivers\spcw.sys
Address: 0x8381D000
Size: 1052672 bytes

Driver: sptd
Address: 0x8381D000
Size: 1052672 bytes

Driver: C:\Windows\System32\drivers\dxgkrnl.sys
Address: 0x8F949000
Size: 749568 bytes

Driver: C:\Windows\system32\drivers\ndis.sys
Address: 0x89211000
Size: 749568 bytes

Driver: C:\Windows\system32\CI.dll
Address: 0x83288000
Size: 700416 bytes

Driver: C:\Windows\system32\DRIVERS\lvrs.sys
Address: 0x82493000
Size: 622592 bytes

Driver: C:\Windows\system32\drivers\peauth.sys
Address: 0x9AE02000
Size: 618496 bytes

Driver: C:\Windows\system32\drivers\HTTP.sys
Address: 0x8216C000
Size: 544768 bytes

Driver: C:\Windows\system32\DRIVERS\WlanUZG.sys
Address: 0x82027000
Size: 487424 bytes

Driver: C:\Windows\system32\drivers\Wdf01000.sys
Address: 0x83340000
Size: 462848 bytes

Driver: C:\Windows\system32\drivers\csc.sys
Address: 0x8E296000
Size: 409600 bytes

Driver: C:\Windows\System32\Drivers\cng.sys
Address: 0x8918B000
Size: 380928 bytes

Driver: C:\Windows\system32\drivers\afd.sys
Address: 0x8EB52000
Size: 368640 bytes

Driver: C:\Windows\system32\DRIVERS\nvm62x32.sys
Address: 0x8EE34000
Size: 348160 bytes

Driver: C:\Windows\system32\drivers\ADIHdAud.sys
Address: 0x8FA9C000
Size: 335872 bytes

Driver: C:\Windows\System32\DRIVERS\srv.sys
Address: 0x9AF8A000
Size: 331776 bytes

Driver: C:\Windows\system32\drivers\HdAudio.sys
Address: 0x8FB41000
Size: 327680 bytes

Driver: C:\Windows\system32\DRIVERS\klif.sys
Address: 0x83B86000
Size: 327680 bytes

Driver: C:\Windows\System32\DRIVERS\srv2.sys
Address: 0x9AF3B000
Size: 323584 bytes

Driver: C:\Windows\system32\DRIVERS\USBPORT.SYS
Address: 0x8E35D000
Size: 307200 bytes

Driver: C:\Windows\System32\drivers\volmgrx.sys
Address: 0x83A0B000
Size: 307200 bytes

Driver: C:\Windows\system32\DRIVERS\ACPI.sys
Address: 0x8394D000
Size: 294912 bytes

Driver: C:\Windows\system32\DRIVERS\storport.sys
Address: 0x83AD2000
Size: 290816 bytes

Driver: C:\Windows\system32\DRIVERS\nwifi.sys
Address: 0x82103000
Size: 286720 bytes

Driver: C:\Windows\system32\DRIVERS\usbhub.sys
Address: 0x8FA32000
Size: 278528 bytes

Driver: C:\Windows\system32\CLFS.SYS
Address: 0x83246000
Size: 270336 bytes

Driver: C:\Windows\system32\DRIVERS\rdbss.sys
Address: 0x8E235000
Size: 266240 bytes

Driver: C:\Windows\system32\DRIVERS\udfs.sys
Address: 0x8255A000
Size: 262144 bytes

Driver: C:\Windows\system32\DRIVERS\volsnap.sys
Address: 0x895AD000
Size: 258048 bytes

Driver: C:\Windows\system32\drivers\NETIO.SYS
Address: 0x892C8000
Size: 253952 bytes

Driver: C:\Windows\system32\DRIVERS\mrxsmb10.sys
Address: 0x893AF000
Size: 241664 bytes

Driver: C:\Windows\System32\drivers\dxgmms1.sys
Address: 0x8EE89000
Size: 233472 bytes

Driver: C:\Windows\System32\Drivers\audmptxw.SYS
Address: 0x8EEC2000
Size: 229376 bytes

Driver: ACPI_HAL
Address: 0x82C12000
Size: 225280 bytes

Driver: C:\Windows\system32\halmacpi.dll
Address: 0x82C12000
Size: 225280 bytes

Driver: C:\Windows\system32\drivers\fltmgr.sys
Address: 0x83B22000
Size: 212992 bytes

Driver: C:\Windows\system32\DRIVERS\ks.sys
Address: 0x8EE00000
Size: 212992 bytes

Driver: C:\Windows\System32\DRIVERS\fvevol.sys
Address: 0x89358000
Size: 204800 bytes

Driver: C:\Windows\System32\DRIVERS\netbt.sys
Address: 0x8EBAC000
Size: 204800 bytes

Driver: C:\Windows\System32\drivers\fwpkclnt.sys
Address: 0x89573000
Size: 200704 bytes

Driver: C:\Windows\system32\drivers\portcls.sys
Address: 0x8FAEE000
Size: 192512 bytes

Driver: C:\Windows\System32\drivers\rdyboost.sys
Address: 0x8932B000
Size: 184320 bytes

Driver: C:\Windows\System32\Drivers\msrpc.sys
Address: 0x8914D000
Size: 176128 bytes

Driver: C:\Windows\system32\DRIVERS\pci.sys
Address: 0x839A8000
Size: 172032 bytes

Driver: C:\Windows\System32\Drivers\SCSIPORT.SYS
Address: 0x83927000
Size: 155648 bytes

Driver: C:\Windows\system32\DRIVERS\CLASSPNP.SYS
Address: 0x8938A000
Size: 151552 bytes

Driver: C:\Windows\System32\Drivers\dump_nvstor.sys
Address: 0x825BC000
Size: 151552 bytes

Driver: C:\Windows\System32\Drivers\ksecpkg.sys
Address: 0x89306000
Size: 151552 bytes

Driver: C:\Windows\system32\DRIVERS\nvstor.sys
Address: 0x83AAD000
Size: 151552 bytes

Driver: C:\Windows\system32\DRIVERS\ataport.SYS
Address: 0x83A8A000
Size: 143360 bytes

Driver: C:\Windows\system32\DRIVERS\mrxsmb.sys
Address: 0x8FA00000
Size: 143360 bytes

Driver: C:\Windows\system32\DRIVERS\ndiswan.sys
Address: 0x8EF79000
Size: 139264 bytes

Driver: C:\Windows\System32\DRIVERS\srvnet.sys
Address: 0x9AEA3000
Size: 135168 bytes

Driver: C:\Windows\system32\DRIVERS\tunnel.sys
Address: 0x8E320000
Size: 135168 bytes

Driver: C:\Windows\System32\drivers\VIDEOPRT.SYS
Address: 0x83BD6000
Size: 135168 bytes

Driver: C:\Windows\system32\DRIVERS\cdrom.sys
Address: 0x83B67000
Size: 126976 bytes

Driver: C:\Windows\system32\DRIVERS\HDAudBus.sys
Address: 0x8E3B7000
Size: 126976 bytes

Driver: C:\Windows\system32\DRIVERS\pacer.sys
Address: 0x8E600000
Size: 126976 bytes

Driver: C:\Windows\System32\cdd.dll
Address: 0x94380000
Size: 122880 bytes

Driver: C:\Windows\system32\drivers\luafv.sys
Address: 0x820BE000
Size: 110592 bytes

Driver: C:\Windows\system32\DRIVERS\mrxsmb20.sys
Address: 0x8FBE5000
Size: 110592 bytes

Driver: C:\Windows\system32\DRIVERS\serial.sys
Address: 0x8F40D000
Size: 106496 bytes

Driver: C:\Windows\system32\drivers\WudfPf.sys
Address: 0x820D9000
Size: 106496 bytes

Driver: C:\Windows\system32\DRIVERS\bowser.sys
Address: 0x82000000
Size: 102400 bytes

Driver: C:\Windows\system32\drivers\drmk.sys
Address: 0x8FB1D000
Size: 102400 bytes

Driver: C:\Windows\System32\Drivers\dfsc.sys
Address: 0x8E2FA000
Size: 98304 bytes

Driver: C:\Windows\system32\DRIVERS\i8042prt.sys
Address: 0x8EF12000
Size: 98304 bytes

Driver: C:\Windows\system32\DRIVERS\parport.sys
Address: 0x8EEFA000
Size: 98304 bytes

Driver: C:\Windows\system32\DRIVERS\rasl2tp.sys
Address: 0x8EF56000
Size: 98304 bytes

Driver: C:\Windows\system32\DRIVERS\raspppoe.sys
Address: 0x8EF9B000
Size: 98304 bytes

Driver: C:\Windows\system32\DRIVERS\raspptp.sys
Address: 0x8EFB3000
Size: 94208 bytes

Driver: C:\Windows\system32\DRIVERS\rassstp.sys
Address: 0x8EFCA000
Size: 94208 bytes

Driver: C:\Windows\system32\DRIVERS\tdx.sys
Address: 0x833BF000
Size: 94208 bytes

Driver: C:\Windows\system32\DRIVERS\usbccgp.sys
Address: 0x8FB91000
Size: 94208 bytes

Driver: C:\Windows\system32\DRIVERS\USBSTOR.SYS
Address: 0x8209E000
Size: 94208 bytes

Driver: C:\Windows\System32\drivers\mountmgr.sys
Address: 0x83A6B000
Size: 90112 bytes

Driver: C:\Windows\system32\drivers\usbaudio.sys
Address: 0x8247F000
Size: 81920 bytes

Driver: C:\Windows\system32\DRIVERS\HIDCLASS.SYS
Address: 0x8FBB9000
Size: 77824 bytes

Driver: C:\Windows\System32\Drivers\ksecdd.sys
Address: 0x89178000
Size: 77824 bytes

Driver: C:\Windows\system32\DRIVERS\rspndr.sys
Address: 0x82159000
Size: 77824 bytes

Driver: C:\Windows\system32\DRIVERS\wanarp.sys
Address: 0x833D6000
Size: 77824 bytes

Driver: C:\Windows\system32\DRIVERS\AgileVpn.sys
Address: 0x8EF44000
Size: 73728 bytes

Driver: C:\Windows\system32\DRIVERS\amdk8.sys
Address: 0x8E341000
Size: 73728 bytes

Driver: C:\Windows\System32\drivers\mpsdrv.sys
Address: 0x8FBD3000
Size: 73728 bytes

Driver: C:\Windows\system32\DRIVERS\disk.sys
Address: 0x89418000
Size: 69632 bytes

Driver: C:\Windows\System32\Drivers\dump_dumpfve.sys
Address: 0x825E1000
Size: 69632 bytes

Driver: C:\Windows\system32\drivers\fileinfo.sys
Address: 0x83B56000
Size: 69632 bytes

Driver: C:\Windows\System32\Drivers\NDProxy.SYS
Address: 0x8FA80000
Size: 69632 bytes

Driver: C:\Windows\System32\drivers\partmgr.sys
Address: 0x839D2000
Size: 69632 bytes

Driver: C:\Windows\system32\PSHED.dll
Address: 0x8322D000
Size: 69632 bytes

Driver: C:\Windows\system32\DRIVERS\lltdio.sys
Address: 0x820F3000
Size: 65536 bytes

Driver: C:\Windows\System32\Drivers\mup.sys
Address: 0x89400000
Size: 65536 bytes

Driver: C:\Windows\system32\DRIVERS\ndisuio.sys
Address: 0x82149000
Size: 65536 bytes

Driver: C:\Windows\system32\DRIVERS\termdd.sys
Address: 0x833E9000
Size: 65536 bytes

Driver: C:\Windows\system32\DRIVERS\volmgr.sys
Address: 0x839E3000
Size: 65536 bytes

Driver: C:\Windows\system32\DRIVERS\usbehci.sys
Address: 0x8E3A8000
Size: 61440 bytes

Driver: C:\Windows\system32\DRIVERS\blbdrive.sys
Address: 0x8E312000
Size: 57344 bytes

Driver: C:\Windows\system32\DRIVERS\netbios.sys
Address: 0x8EBE5000
Size: 57344 bytes

Driver: C:\Windows\System32\Drivers\Npfs.SYS
Address: 0x83800000
Size: 57344 bytes

Driver: C:\Windows\system32\DRIVERS\PCIIDEX.SYS
Address: 0x83A5D000
Size: 57344 bytes

Driver: C:\Windows\System32\drivers\pcw.sys
Address: 0x891E8000
Size: 57344 bytes

Driver: C:\Windows\system32\DRIVERS\umbus.sys
Address: 0x8E3E0000
Size: 57344 bytes

Driver: C:\Windows\system32\drivers\WDFLDR.SYS
Address: 0x833B1000
Size: 57344 bytes

Driver: C:\Windows\system32\DRIVERS\CompositeBus.sys
Address: 0x8EF37000
Size: 53248 bytes

Driver: C:\Windows\System32\Drivers\crashdmp.sys
Address: 0x825A5000
Size: 53248 bytes

Driver: C:\Windows\system32\DRIVERS\kbdclass.sys
Address: 0x8EF2A000
Size: 53248 bytes

Driver: C:\Windows\system32\drivers\klbg.sys
Address: 0x83333000
Size: 53248 bytes

Driver: C:\Windows\system32\DRIVERS\mouclass.sys
Address: 0x8EFEB000
Size: 53248 bytes

Driver: C:\Windows\System32\drivers\tcpipreg.sys
Address: 0x9AF2E000
Size: 53248 bytes

Driver: C:\Windows\System32\drivers\watchdog.sys
Address: 0x89000000
Size: 53248 bytes

Driver: C:\Windows\System32\drivers\discache.sys
Address: 0x8E28A000
Size: 49152 bytes

Driver: C:\Windows\system32\DRIVERS\kbdhid.sys
Address: 0x82544000
Size: 49152 bytes

Driver: C:\Windows\System32\drivers\vga.sys
Address: 0x89200000
Size: 49152 bytes

Driver: C:\Windows\system32\DRIVERS\fdc.sys
Address: 0x8F402000
Size: 45056 bytes

Driver: C:\Windows\system32\DRIVERS\hidusb.sys
Address: 0x8FBAE000
Size: 45056 bytes

Driver: C:\Windows\system32\mcupdate_AuthenticAMD.dll
Address: 0x83222000
Size: 45056 bytes

Driver: C:\Windows\system32\DRIVERS\monitor.sys
Address: 0x8259A000
Size: 45056 bytes

Driver: C:\Windows\system32\DRIVERS\mouhid.sys
Address: 0x82530000
Size: 45056 bytes

Driver: C:\Windows\System32\Drivers\Msfs.SYS
Address: 0x83A00000
Size: 45056 bytes

Driver: C:\Windows\system32\DRIVERS\ndistapi.sys
Address: 0x8EF6E000
Size: 45056 bytes

Driver: C:\Windows\system32\DRIVERS\TDI.SYS
Address: 0x8380E000
Size: 45056 bytes

Driver: C:\Windows\system32\DRIVERS\vdrvroot.sys
Address: 0x8399D000
Size: 45056 bytes

Driver: C:\Windows\System32\Drivers\dump_diskdump.sys
Address: 0x825B2000
Size: 40960 bytes

Driver: C:\Windows\System32\drivers\Dxapi.sys
Address: 0x82550000
Size: 40960 bytes

Driver: C:\Windows\system32\DRIVERS\flpydisk.sys
Address: 0x8FA76000
Size: 40960 bytes

Driver: C:\Windows\system32\DRIVERS\mssmbios.sys
Address: 0x8E280000
Size: 40960 bytes

Driver: C:\Windows\system32\drivers\nsiproxy.sys
Address: 0x8E276000
Size: 40960 bytes

Driver: C:\Windows\system32\DRIVERS\rdpbus.sys
Address: 0x8EFE1000
Size: 40960 bytes

Driver: C:\Windows\System32\Drivers\secdrv.SYS
Address: 0x9AE99000
Size: 40960 bytes

Driver: C:\Windows\system32\DRIVERS\serenum.sys
Address: 0x8F427000
Size: 40960 bytes

Driver: C:\Windows\system32\DRIVERS\usbohci.sys
Address: 0x8E353000
Size: 40960 bytes

Driver: C:\Windows\system32\drivers\WmXlCore.sys
Address: 0x8E3D6000
Size: 40960 bytes

Driver: C:\Windows\system32\DRIVERS\amdxata.sys
Address: 0x83B19000
Size: 36864 bytes

Driver: C:\Windows\system32\DRIVERS\atapi.sys
Address: 0x83A81000
Size: 36864 bytes

Driver: C:\Windows\System32\Drivers\Fs_Rec.sys
Address: 0x891F6000
Size: 36864 bytes

Driver: C:\Windows\system32\DRIVERS\klmouflt.sys
Address: 0x8253B000
Size: 36864 bytes

Driver: C:\Windows\system32\drivers\LVUSBSta.sys
Address: 0x820B5000
Size: 36864 bytes

Driver: C:\Windows\System32\TSDDD.dll
Address: 0x94350000
Size: 36864 bytes

Driver: C:\Windows\system32\DRIVERS\vmstorfl.sys
Address: 0x895A4000
Size: 36864 bytes

Driver: C:\Windows\System32\Drivers\WMILIB.SYS
Address: 0x8391E000
Size: 36864 bytes

Driver: C:\Windows\system32\BOOTVID.dll
Address: 0x8323E000
Size: 32768 bytes

Driver: C:\Windows\System32\drivers\hwpolicy.sys
Address: 0x89410000
Size: 32768 bytes

Driver: C:\Windows\system32\kdcom.dll
Address: 0x80BAC000
Size: 32768 bytes

Driver: C:\Windows\system32\DRIVERS\msisadrv.sys
Address: 0x83995000
Size: 32768 bytes

Driver: C:\Windows\System32\DRIVERS\RDPCDD.sys
Address: 0x8900D000
Size: 32768 bytes

Driver: C:\Windows\system32\drivers\rdpencdd.sys
Address: 0x89015000
Size: 32768 bytes

Driver: C:\Windows\system32\drivers\rdprefmp.sys
Address: 0x83BF7000
Size: 32768 bytes

Driver: C:\Windows\System32\Drivers\spldr.sys
Address: 0x895EC000
Size: 32768 bytes

Driver: C:\Windows\System32\Drivers\svenbowm.SYS
Address: 0x9AFDB000
Size: 32768 bytes

Driver: C:\Windows\System32\Drivers\Beep.SYS
Address: 0x893F9000
Size: 28672 bytes

Driver: C:\Windows\system32\DRIVERS\HIDPARSE.SYS
Address: 0x8FBCC000
Size: 28672 bytes

Driver: C:\Windows\system32\DRIVERS\klim6.sys
Address: 0x8E61F000
Size: 28672 bytes

Driver: C:\Windows\System32\Drivers\Null.SYS
Address: 0x893F2000
Size: 28672 bytes

Driver: C:\Windows\system32\DRIVERS\parvdm.sys
Address: 0x825F2000
Size: 28672 bytes

Driver: C:\Windows\system32\DRIVERS\pciide.sys
Address: 0x83A56000
Size: 28672 bytes

Driver: C:\Windows\system32\DRIVERS\wfplwf.sys
Address: 0x8EBDE000
Size: 28672 bytes

Driver: C:\Windows\system32\drivers\WmFilter.sys
Address: 0x8252B000
Size: 20480 bytes

Driver: C:\Windows\system32\drivers\WmHidLo.sys
Address: 0x8FBAA000
Size: 16384 bytes

Driver: C:\Windows\system32\drivers\WmBEnum.sys
Address: 0x8EFF8000
Size: 12288 bytes

Driver: C:\Windows\system32\DRIVERS\ASACPI.sys
Address: 0x8F400000
Size: 8192 bytes

Driver: C:\Windows\system32\DRIVERS\lv302af.sys
Address: 0x8247D000
Size: 8192 bytes

Driver: C:\Windows\system32\DRIVERS\swenum.sys
Address: 0x8F431000
Size: 8192 bytes

Driver: C:\Windows\system32\DRIVERS\USBD.SYS
Address: 0x8FBA8000
Size: 8192 bytes

Driver: unknown_irp_handler
Address: 0x852781F8
Size: 3592 bytes

Driver: unknown_irp_handler
Address: 0x866211F8
Size: 3592 bytes

Driver: unknown_irp_handler
Address: 0x866561F8
Size: 3592 bytes

Driver: unknown_irp_handler
Address: 0x8664B1F8
Size: 3592 bytes

Driver: unknown_irp_handler
Address: 0x852751F8
Size: 3592 bytes

Driver: unknown_irp_handler
Address: 0x870FF1F8
Size: 3592 bytes

Driver: unknown_irp_handler
Address: 0x86A2F1F8
Size: 3592 bytes

Driver: unknown_irp_handler
Address: 0x852771F8
Size: 3592 bytes

Driver: unknown_irp_handler
Address: 0x86A461F8
Size: 3592 bytes

Driver: unknown_irp_handler
Address: 0x852731F8
Size: 3592 bytes

Driver: unknown_irp_handler
Address: 0x86A221F8
Size: 3592 bytes

Driver: unknown_irp_handler
Address: 0x852761F8
Size: 3592 bytes

Driver: unknown_irp_handler
Address: 0x874AC1F8
Size: 3592 bytes

Driver: unknown_irp_handler
Address: 0x8695EE07
Size: 505 bytes


!!!!!!!!!!!Hidden driver: 00002106
Loaded from:
Address: 0x00000000
Size: 0 bytes

==============================================
>Stealth

Unknown thread object [ ETHREAD 0x877B4948 ] TID: 1820
Address: 0x9AEEEF2E
Size: 592
==============================================
>Files

Suspect File: C:\ProgramData\Blizzard Entertainment\Logs\World of Warcraft Update\Logs\Blizzard Updater Log.html Status: Hidden


Suspect File: C:\ProgramData\Microsoft\RAC\StateData\RacMetaData.dat::$DATA Status: Hidden


Suspect File: C:\ProgramData\Microsoft\RAC\StateData\RacWmiEventData.dat::$DATA Status: Hidden


Suspect File: C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_C597C377.exe_93463a7126b95dd5061a0f380ae1d58576c5c1_cab_0c542126\Report.wer Status: Hidden


Suspect File: C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_C597C377.exe_93463a7126b95dd5061a0f380ae1d58576c5c1_cab_0c542126\WER1F43.tmp.appcompat.txt Status: Hidden


Suspect File: C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_C597C377.exe_93463a7126b95dd5061a0f380ae1d58576c5c1_cab_0c542126\WER1FA1.tmp.WERInternalMetadata.xml Status: Hidden


Suspect File: C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_C597C377.exe_93463a7126b95dd5061a0f380ae1d58576c5c1_cab_0c542126\WER1FC1.tmp.hdmp Status: Hidden


Suspect File: C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_C597C377.exe_93463a7126b95dd5061a0f380ae1d58576c5c1_cab_0c542126\WER20FA.tmp.mdmp Status: Hidden


Suspect File: C:\Windows\System32\config\COMPONENTS.LOG1::$DATA Status: Hidden


Suspect File: C:\Windows\System32\config\COMPONENTS.LOG2::$DATA Status: Hidden


Suspect File: C:\Windows\System32\config\COMPONENTS::$DATA Status: Hidden

==============================================
>Hooks

ntkrnlpa.exe+0x0006F748, Type: Inline - RelativeJump 0x82CB8748 [ntkrnlpa.exe]
ntkrnlpa.exe+0x0006F78C, Type: Inline - RelativeJump 0x82CB878C [ntkrnlpa.exe]
ntkrnlpa.exe+0x0006FA70, Type: Inline - RelativeJump 0x82CB8A70 [ntkrnlpa.exe]
ntkrnlpa.exe+0x0006FB89, Type: Inline - RelativeJump 0x82CB8B89 [ntkrnlpa.exe]
ntkrnlpa.exe+0x0006FB9C, Type: Inline - RelativeJump 0x82CB8B9C [ntkrnlpa.exe]

[pitimir]

Stiahni a spust AVPTool. Vypracuj log podla navodu a vloz ho.

[Dobym]

Tady posílam svůj výpis, jestli se na to někdo kouknete díky moc!!!

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Ansys Inc\Shared Files\Licensing\win32\ansysli_server.exe
C:\Program Files\Autodesk\Data Management Server 2009\Server\Dispatch\Connectivity.WindowsService.JobDispatch.exe
C:\Program Files\Autodesk\Data Management Server 2009\Server\Webserver\Connectivity.EDMWS.Server.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Ansys Inc\Shared Files\Licensing\win32\ansysli_monitor.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Ansys Inc\Shared Files\Licensing\win32\lmgrd.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\Ansys Inc\Shared Files\Licensing\win32\ansyslmd.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\ClocX\ClocX.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\totalcmd\TOTALCMD.EXE
C:\Program Files\QIP\qip.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Documents and Settings\Martin\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Martin\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.qip.ru/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: QIPBHO Class - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Documents and Settings\Martin\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: (no name) - *{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - (no file)
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - *{E312764E-7706-43F1-8DAB-FCDD2B1E416D} - (no file)
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: QIPBHO - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Documents and Settings\Martin\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll
O2 - BHO: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\pdfforgeToolbarIE.dll
O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O3 - Toolbar: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\pdfforgeToolbarIE.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SW20] C:\WINDOWS\system32\sw20.exe
O4 - HKLM\..\Run: [SW24] C:\WINDOWS\system32\sw24.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\pdfforge Toolbar\SearchSettings.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ClocX] C:\Program Files\ClocX\ClocX.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Martin\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: QIP 2005 - {1EF681F7-A04B-4D6D-9012-A307CCA55610} - C:\Program Files\QIP\qip.exe (HKCU)
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: ANSYS, Inc. License Manager - ANSYS, Inc. - C:\Program Files\Ansys Inc\Shared Files\Licensing\win32\ansysli_server.exe
O23 - Service: Autodesk Data Management Job Dispatch - Autodesk - C:\Program Files\Autodesk\Data Management Server 2009\Server\Dispatch\Connectivity.WindowsService.JobDispatch.exe
O23 - Service: Autodesk EDM Server - Autodesk - C:\Program Files\Autodesk\Data Management Server 2009\Server\Webserver\Connectivity.EDMWS.Server.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe

[Massacre]

na to si mas zalozit vlastni tema... Tady ten AVPTool...

Scan
----
Scanned: 406931
Detected: 0
Untreated: 0
Start time: 15.11.2009 16:08:25
Duration: 01:16:05
Finish time: 15.11.2009 17:24:30


Detected
--------
Status Object
------ ------


Events
------
Time Name Status Reason
---- ---- ------ ------
15.11.2009 16:08:05 Running module: smss.exe\smss.exe ok scanned
15.11.2009 16:08:05 File: C:\Windows\System32\smss.exe ok scanned
15.11.2009 16:08:05 Running module: smss.exe\ntdll.dll ok scanned
15.11.2009 16:08:05 File: C:\Windows\SYSTEM32\ntdll.dll ok scanned
15.11.2009 16:08:05 Running module: csrss.exe\csrss.exe ok scanned
15.11.2009 16:08:05 File: C:\Windows\system32\csrss.exe ok scanned
15.11.2009 16:08:05 Running module: csrss.exe\ntdll.dll ok scanned
15.11.2009 16:08:05 File: C:\Windows\SYSTEM32\ntdll.dll ok scanned
15.11.2009 16:08:05 Running module: csrss.exe\CSRSRV.dll ok scanned
15.11.2009 16:08:05 File: C:\Windows\system32\CSRSRV.dll ok scanned
15.11.2009 16:08:05 Running module: csrss.exe\basesrv.DLL ok scanned
15.11.2009 16:08:06 File: C:\Windows\system32\basesrv.DLL ok scanned
15.11.2009 16:08:06 Running module: csrss.exe\winsrv.DLL ok scanned
15.11.2009 16:08:06 File: C:\Windows\system32\winsrv.DLL ok scanned
15.11.2009 16:08:06 Running module: csrss.exe\USER32.dll ok scanned
15.11.2009 16:08:06 File: C:\Windows\system32\USER32.dll ok scanned
15.11.2009 16:08:06 Running module: csrss.exe\GDI32.dll ok scanned
15.11.2009 16:08:06 File: C:\Windows\system32\GDI32.dll ok scanned
15.11.2009 16:08:06 Running module: csrss.exe\kernel32.dll ok scanned
15.11.2009 16:08:06 File: C:\Windows\SYSTEM32\kernel32.dll skipped processing stopped
15.11.2009 16:08:29 Running module: smss.exe\smss.exe ok scanned
15.11.2009 16:08:29 File: C:\Windows\System32\smss.exe ok scanned
15.11.2009 16:08:29 Running module: smss.exe\ntdll.dll ok scanned
15.11.2009 16:08:29 File: C:\Windows\SYSTEM32\ntdll.dll ok scanned
15.11.2009 16:08:29 Running module: csrss.exe\csrss.exe ok scanned
15.11.2009 16:08:29 File: C:\Windows\system32\csrss.exe ok scanned
15.11.2009 16:08:29 Running module: csrss.exe\ntdll.dll ok scanned
15.11.2009 16:08:29 File: C:\Windows\SYSTEM32\ntdll.dll ok scanned
15.11.2009 16:08:29 Running module: csrss.exe\CSRSRV.dll ok scanned
15.11.2009 16:08:30 File: C:\Windows\system32\CSRSRV.dll ok scanned
15.11.2009 16:08:30 Running module: csrss.exe\basesrv.DLL ok scanned


Statistics
----------
Object Scanned Detected Untreated Deleted Moved to Quarantine Archives Packed files Password protected Corrupted
------ ------- -------- --------- ------- ------------------- -------- ------------ ------------------ ---------


Settings
--------
Parameter Value
--------- -----
Security Level Recommended
Action Disinfect, delete if disinfection fails
Run mode Manually
File types Scan all files
Scan only new and changed files No
Scan archives All
Scan embedded OLE objects All
Skip if object is larger than No
Skip if scan takes longer than No
Parse email formats No
Scan password-protected archives No
Enable iChecker technology No
Enable iSwift technology No
Show detected threats on "Detected" tab Yes
Rootkits search Yes
Deep rootkits search No
Use heuristic analyzer Yes


Quarantine
----------
Status Object Size Added
------ ------ ---- -----


Backup
------
Status Object Size
------ ------ ----

[pitimir]

:(

Ked ja tam nic nevidim...

Stale sa ten smejd ozyva? Skus spravit komplet scan v KISe a vloz mi sem log...uvidim, co sa s tym bude dat spravit.