ComboFix 12-05-20.01 - Karel Finger 20.05.2012 11:32:26.1.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2046.1627 [GMT 2:00]
Spuštěný z: c:\root\ComboFix.exe
AV: Norton Internet Security *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *Disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.
VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.
ADS - WINDOWS: deleted 24 bytes in 1 streams.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Karel Finger\WINDOWS
C:\root
c:\root\ComboFix.exe
c:\windows\$NtUninstallKB53453$
c:\windows\$NtUninstallKB53453$\1335533399\@
c:\windows\$NtUninstallKB53453$\1335533399\cfg.ini
c:\windows\$NtUninstallKB53453$\1335533399\Desktop.ini
c:\windows\$NtUninstallKB53453$\1335533399\L\pkeascfl
c:\windows\$NtUninstallKB53453$\1335533399\U\00000001.@
c:\windows\$NtUninstallKB53453$\1335533399\U\00000002.@
c:\windows\$NtUninstallKB53453$\1335533399\U\00000004.@
c:\windows\$NtUninstallKB53453$\1335533399\U\80000000.@
c:\windows\$NtUninstallKB53453$\1335533399\U\80000004.@
c:\windows\$NtUninstallKB53453$\1335533399\U\80000032.@
c:\windows\$NtUninstallKB53453$\1335533399\version
c:\windows\$NtUninstallKB53453$\49092765
c:\windows\system32\dds_trash_log.cmd
c:\windows\system32\roboot.exe
c:\windows\system32\SET54.tmp
c:\windows\XSxS
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-04-20 do 2012-05-20 )))))))))))))))))))))))))))))))
.
.
2012-05-19 21:26 . 2012-05-19 21:26 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Raxco
2012-05-19 21:26 . 2012-05-19 21:57 -------- d-----w- c:\program files\Raxco
2012-05-19 20:12 . 2012-05-19 20:12 205072 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2012-05-18 12:55 . 2012-05-18 12:55 -------- d-----w- c:\windows\system32\drivers\NIS\1307010.005
2012-05-09 20:11 . 2012-05-19 20:23 -------- d-----w- C:\Downloads
2012-05-09 02:04 . 2012-05-09 02:25 -------- d--h--w- c:\windows\$hf_mig$
2012-05-07 08:57 . 2012-05-07 08:57 -------- d-----w- c:\documents and settings\Karel Finger\Local Settings\Data aplikací\SkinSoft
2012-05-06 08:26 . 2012-05-06 08:26 -------- d-----w- c:\program files\Free OCR to Word
2012-04-28 19:13 . 2012-04-28 19:13 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Martau
2012-04-28 19:13 . 2012-04-28 19:14 -------- d-----w- c:\program files\Total Uninstall 6
2012-04-27 18:34 . 2012-04-27 18:34 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-04-24 20:10 . 2012-04-24 20:10 -------- d-----w- c:\program files\Mozilla Maintenance Service
2012-04-24 20:10 . 2012-04-24 20:10 157352 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice_installer.exe
2012-04-24 20:10 . 2012-04-24 20:10 129976 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice.exe
2012-04-24 12:59 . 2012-04-24 12:59 -------- d-----w- c:\windows\system32\drivers\NIS\1307000.009
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-19 19:45 . 2008-04-14 06:51 6656 ----a-w- c:\windows\system32\lpcio.dll
2012-05-04 20:13 . 2012-04-03 01:34 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-04 20:13 . 2011-05-15 19:15 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-27 18:34 . 2011-12-13 21:47 772552 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-04-15 15:48 . 2012-04-15 15:48 53248 ----a-r- c:\documents and settings\Karel Finger\Data aplikací\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2012-04-14 15:12 . 2012-04-14 15:09 119296 ----a-w- c:\windows\system32\zlib.dll
2012-04-11 13:55 . 2008-04-14 08:06 2028544 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-11 13:55 . 2008-04-14 05:45 1862272 ----a-w- c:\windows\system32\win32k.sys
2012-04-11 13:55 . 2008-04-14 06:06 2150400 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-26 19:48 . 2011-01-21 15:45 60872 ----a-w- c:\windows\system32\S32EVNT1.DLL
2012-03-26 19:48 . 2011-01-21 15:45 141944 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2012-03-24 16:47 . 2011-02-26 16:27 82320 ----a-w- c:\windows\system32\drivers\ISODrive.sys
2012-03-17 08:45 . 2006-05-02 09:12 293888 ----a-w- c:\windows\system32\drivers\ADIHdAud.sys
2012-03-17 08:45 . 2006-04-26 22:42 93952 ----a-w- c:\windows\system32\drivers\aeaudio.sys
2012-03-17 08:45 . 2006-03-17 10:18 392960 ----a-w- c:\windows\system32\drivers\senfilt.sys
2012-03-17 08:45 . 2006-02-06 07:54 28160 ----a-w- c:\windows\system32\PostProc.dll
2012-03-17 08:45 . 2003-08-19 11:36 65536 ----a-w- c:\windows\system32\a3d.dll
2012-03-17 08:45 . 2001-09-19 05:47 765952 ----a-w- c:\windows\system\crlds3d.dll
2012-03-01 10:59 . 2008-04-14 06:52 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-03-01 10:59 . 2008-04-14 06:52 916992 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 10:59 . 2008-04-14 06:51 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-02-29 14:10 . 2008-04-14 06:52 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:10 . 2008-04-14 06:51 148480 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 12:17 . 2008-04-14 05:50 385024 ----a-w- c:\windows\system32\html.iec
2012-02-23 13:25 . 2012-03-17 07:37 21336 ----a-w- c:\windows\system32\RegistryDefragBootTime.exe
2012-04-24 20:10 . 2012-02-26 09:25 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2009-12-14 4377960]
"AcronisTimounterMonitor"="c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe" [2009-12-14 962272]
"Acronis Služba Plánovač2"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2009-12-14 377600]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-10-08 16744256]
"NvMediaCenter"="NvMCTray.dll" [2011-10-08 203072]
"nwiz"="c:\program files\NVIDIA Corporation\nview\nwiz.exe" [2011-10-08 1632360]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-15 644696]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-04 1603152]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2012-03-17 868352]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1387288]
"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2009-01-21 92168]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
USB Sharing.lnk - c:\program files\USB Sharing\usbshare.exe [2011-10-21 139264]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2010-10-28 10:13 64592 ----a-w- c:\program files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *\0auto_reactivate c:\bootwiz\asrm.bin
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"d:\\utorrent-portable\\utorrent.exe"=
"c:\\Program Files\\EfficientPIM\\EfficientPIM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R0 mv614x;mv614x;c:\windows\system32\drivers\mv614x.sys [16.2.2006 10:21 35200]
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NIS\1307000.009\symds.sys [24.4.2012 14:59 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1307000.009\symefa.sys [24.4.2012 14:59 905336]
R0 tdrpman251;Acronis Try&Decide and Restore Points filter (build 251);c:\windows\system32\drivers\tdrpm251.sys [21.1.2011 17:12 902432]
R1 Asapi;Asapi;c:\windows\system32\drivers\asapi.sys [23.12.2011 12:04 10240]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Data aplikací\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20120507.001\BHDrvx86.sys [8.5.2012 22:00 821880]
R1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NIS\1307000.009\ccsetx86.sys [24.4.2012 14:59 132744]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NIS\1307000.009\ironx86.sys [24.4.2012 14:59 149624]
R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [21.1.2011 18:09 12184]
R2 NIS;Norton Internet Security;c:\program files\Norton Internet Security\Engine\19.7.0.9\ccsvchst.exe [24.4.2012 14:59 138232]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [15.2.2012 14:30 158856]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [17.3.2012 8:35 106104]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Data aplikací\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20120518.001\IDSXpx86.sys [19.5.2012 13:08 356792]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 13:16 130384]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [3.4.2012 3:34 257696]
S3 ALSysIO;ALSysIO;\??\c:\docume~1\KARELF~1\LOCALS~1\Temp\ALSysIO.sys --> c:\docume~1\KARELF~1\LOCALS~1\Temp\ALSysIO.sys [?]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys --> c:\windows\system32\drivers\LGBusEnum.sys [?]
S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys --> c:\windows\system32\drivers\LGVirHid.sys [?]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [24.4.2012 22:10 129976]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.3.2010 13:16 753504]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
sskbfd
tosrfec
bdfsdrv
upsmonservice
.
Obsah adresáře 'Naplánované úlohy'
.
2012-05-20 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 20:13]
.
.
------- Doplňkový sken -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = local
IE: &Download with DAM - c:\program files\Tensons\Download Accelerator Manager\\addUrl.htm
IE: Download &All with DAM - c:\program files\Tensons\Download Accelerator Manager\\addAllUrls.htm
IE: Download with &Media Finder
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Run DAM Media&Grabber - c:\program files\Tensons\Download Accelerator Manager\\runMg.htm
IE: {{DA42DC2A-5456-482B-BB8A-593272304F67}
FF - ProfilePath - c:\documents and settings\Karel Finger\Data aplikací\Mozilla\Firefox\Profiles\h9v4fxn9.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2832595&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - InnoGames International Customized Web Search
FF - prefs.js: browser.startup.homepage - about:blank
FF - user.js: nglayout.initialpaint.delay - 100
FF - user.js: content.notify.ontimer - true
FF - user.js: content.notify.interval - 100000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.max-connections - 32
FF - user.js: network.http.max-connections-per-server - 8
FF - user.js: network.http.max-persistent-connections-per-proxy - 4
FF - user.js: network.http.max-persistent-connections-per-server - 2
FF - user.js: extensions.BabylonToolbar_i.id - 4c4141b90000000000000018f36508fa
FF - user.js: extensions.BabylonToolbar_i.hardId - 4c4141b90000000000000018f36508fa
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15357
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1723:28
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.newTab - false
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=101067
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-05-20 11:37
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NIS]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\19.7.0.9\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\19.7.0.9\diMaster.dll\" /prefetch:1"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-1482476501-362288127-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{370F93AB-C1C9-DDD1-797E-0FE7CC76263F}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"hamnbdbpfnpgljll"=hex:61,61,00,00
"hamnbdbppnjhlhjj"=hex:61,61,00,00
"iaioefihmgffjfdfkk"=hex:6a,61,70,62,67,67,6e,69,6b,63,6c,64,65,68,63,67,64,66,
6d,65,00,26
"hacollfkmfjkhfbg"=hex:6a,61,70,62,68,67,6b,6a,6a,67,6c,64,6a,6c,6a,69,69,6d,
62,6f,00,26
.
[HKEY_USERS\S-1-5-21-1482476501-362288127-682003330-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:7b,da,2a,20,d1,e2,2a,d9,c2,22,81,62,1c,3d,49,71,a0,46,cb,34,ef,49,b3,
62,04,3f,5b,1c,01,45,db,28,35,d9,2f,f6,92,5f,b6,03,2f,7a,0d,06,bb,2d,f6,c8,\
"??"=hex:12,44,69,7d,ab,0e,8e,c6,e6,5f,d7,78,64,63,90,43
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{370F93AB-C1C9-DDD1-797E-0FE7CC76263F}\InProcServer32*]
"iaombdgfdfinkcmhfb"=hex:61,61,00,00
"iaombdgfdfooeffohg"=hex:61,61,00,00
"jaomnflihknlndiknpem"=hex:6a,61,70,62,67,67,6e,69,6b,63,6c,64,65,68,63,67,64,
66,6d,65,00,26
"iaomdgnibppdlbpnbj"=hex:6a,61,70,62,68,67,6b,6a,6a,67,6c,64,6a,6c,6a,69,69,6d,
62,6f,00,26
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(1368)
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
.
- - - - - - - > 'explorer.exe'(3472)
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Common Files\Acronis\Schedule2\schedul2.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Raxco\PerfectDisk10\PDAgent.exe
c:\windows\system32\RunDLL32.exe
c:\program files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
.
**************************************************************************
.
Celkový čas: 2012-05-20 11:39:44 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-05-20 09:39
.
Před spuštěním: Volných bajtů: 33 760 038 912
Po spuštění: Volných bajtů: 33 804 054 528
.
- - End Of File - - 07F8BC2909B2475856365ACB0F500033
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Rootkit
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Rootkit
Hajzlík usídlil se mi v pc nyní sou procesy už ok zde je log z combofixu
Nikdo není dobrý náhodně,ctnosti je třeba se učit.
SENECA
SENECA
Re: Rootkit
Dôležité informácie.
NEŠLAPE Vám počítač?
Je zavirovaný? Šlape pomalu? Nefunguje program? Problém s instalací?
Využíjte služby vzdálené pomoci!
e-mail: stell(zavináč)forum.viry.cz
Thanks! Vďaka!
NEŠLAPE Vám počítač?
Je zavirovaný? Šlape pomalu? Nefunguje program? Problém s instalací?
Využíjte služby vzdálené pomoci!
e-mail: stell(zavináč)forum.viry.cz
Thanks! Vďaka!
Re: Rootkit
jj ta mrcha se mě usídlila v pc i přes nortona hajzlík jeden
No žiju jako paracující člověk nadávám na vládu a všechny polityky a musím se ohánět abych uživil rodinu což je od rana do večera v práci
No žiju jako paracující člověk nadávám na vládu a všechny polityky a musím se ohánět abych uživil rodinu což je od rana do večera v práci
12:35:35.0359 2816 TDSS rootkit removing tool 2.7.35.0 May 16 2012 07:37:57
12:35:36.0421 2816 ============================================================
12:35:36.0421 2816 Current date / time: 2012/05/20 12:35:36.0421
12:35:36.0421 2816 SystemInfo:
12:35:36.0421 2816
12:35:36.0421 2816 OS Version: 5.1.2600 ServicePack: 3.0
12:35:36.0421 2816 Product type: Workstation
12:35:36.0421 2816 ComputerName: KAREL
12:35:36.0421 2816 UserName: Karel Finger
12:35:36.0421 2816 Windows directory: C:\WINDOWS
12:35:36.0421 2816 System windows directory: C:\WINDOWS
12:35:36.0421 2816 Processor architecture: Intel x86
12:35:36.0421 2816 Number of processors: 2
12:35:36.0421 2816 Page size: 0x1000
12:35:36.0421 2816 Boot type: Normal boot
12:35:36.0421 2816 ============================================================
12:35:37.0578 2816 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
12:35:37.0593 2816 Drive \Device\Harddisk1\DR1 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
12:35:37.0593 2816 ============================================================
12:35:37.0593 2816 \Device\Harddisk0\DR0:
12:35:37.0593 2816 MBR partitions:
12:35:37.0593 2816 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x6403941
12:35:37.0593 2816 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x64039BF, BlocksNum 0xA00298D
12:35:37.0609 2816 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1040638B, BlocksNum 0xC803400
12:35:37.0625 2816 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x1CC097CA, BlocksNum 0xC803400
12:35:37.0640 2816 \Device\Harddisk0\DR0\Partition4: MBR, Type 0x7, StartLBA 0x2940CC09, BlocksNum 0xC803400
12:35:37.0640 2816 \Device\Harddisk1\DR1:
12:35:37.0640 2816 MBR partitions:
12:35:37.0656 2816 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F00, BlocksNum 0x950A5C1
12:35:37.0656 2816 ============================================================
12:35:37.0687 2816 D: <-> \Device\Harddisk0\DR0\Partition1
12:35:37.0718 2816 E: <-> \Device\Harddisk0\DR0\Partition2
12:35:37.0734 2816 F: <-> \Device\Harddisk0\DR0\Partition3
12:35:37.0750 2816 G: <-> \Device\Harddisk0\DR0\Partition4
12:35:37.0796 2816 C: <-> \Device\Harddisk0\DR0\Partition0
12:35:37.0843 2816 H: <-> \Device\Harddisk1\DR1\Partition0
12:35:37.0843 2816 ============================================================
12:35:37.0843 2816 Initialize success
12:35:37.0843 2816 ============================================================
12:35:40.0453 2828 ============================================================
12:35:40.0453 2828 Scan started
12:35:40.0453 2828 Mode: Manual;
12:35:40.0453 2828 ============================================================
12:35:40.0796 2828 Abiosdsk - ok
12:35:40.0812 2828 abp480n5 - ok
12:35:40.0828 2828 ACPI (4fe34f1f3126b61fcc6b2043aa8112c9) C:\WINDOWS\system32\DRIVERS\ACPI.sys
12:35:40.0828 2828 ACPI - ok
12:35:40.0843 2828 ACPIEC (afdff022a01f0b11c776f0860c3b282f) C:\WINDOWS\system32\drivers\ACPIEC.sys
12:35:40.0843 2828 ACPIEC - ok
12:35:40.0890 2828 AcrSch2Svc (19ba69c57701028ebbd02ea4ef0284e7) C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
12:35:40.0890 2828 AcrSch2Svc - ok
12:35:40.0906 2828 ADIHdAudAddService (0158f4027c0808ff65ed3b3d683339c9) C:\WINDOWS\system32\drivers\ADIHdAud.sys
12:35:40.0921 2828 ADIHdAudAddService - ok
12:35:40.0953 2828 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
12:35:40.0968 2828 AdobeFlashPlayerUpdateSvc - ok
12:35:40.0968 2828 adpu160m - ok
12:35:40.0984 2828 AEAudio (358063ab6c1c4173b735525cdfa65f94) C:\WINDOWS\system32\drivers\AEAudio.sys
12:35:40.0984 2828 AEAudio - ok
12:35:41.0015 2828 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
12:35:41.0015 2828 aec - ok
12:35:41.0031 2828 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
12:35:41.0031 2828 AFD - ok
12:35:41.0031 2828 Aha154x - ok
12:35:41.0046 2828 aic78u2 - ok
12:35:41.0046 2828 aic78xx - ok
12:35:41.0062 2828 Alerter (e0a6fa244b8624d78fe5ff6f56a33bae) C:\WINDOWS\system32\alrsvc.dll
12:35:41.0062 2828 Alerter - ok
12:35:41.0078 2828 ALG (88842de939a827577bf24243699ac80a) C:\WINDOWS\System32\alg.exe
12:35:41.0078 2828 ALG - ok
12:35:41.0078 2828 AliIde - ok
12:35:41.0156 2828 ALSysIO - ok
12:35:41.0171 2828 AmdK8 (fcffa85cfd4bf7a4711012847048dca3) C:\WINDOWS\system32\DRIVERS\AmdK8.sys
12:35:41.0171 2828 AmdK8 - ok
12:35:41.0171 2828 amsint - ok
12:35:41.0187 2828 AppMgmt (6b8e7a90e576d4fe308f97c69060a171) C:\WINDOWS\System32\appmgmts.dll
12:35:41.0203 2828 AppMgmt - ok
12:35:41.0218 2828 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
12:35:41.0218 2828 Arp1394 - ok
12:35:41.0234 2828 Asapi (7de1504dba7e72313bb4ca5587df86cf) C:\WINDOWS\system32\drivers\Asapi.sys
12:35:41.0234 2828 Asapi - ok
12:35:41.0250 2828 asc - ok
12:35:41.0250 2828 asc3350p - ok
12:35:41.0250 2828 asc3550 - ok
12:35:41.0265 2828 AsIO (19a1dac5bc607c212e8a94c05886ed52) C:\WINDOWS\system32\drivers\AsIO.sys
12:35:41.0281 2828 AsIO - ok
12:35:41.0296 2828 Aspi32 (5b01af89d16d562825c4db4530f20cbb) C:\WINDOWS\system32\drivers\Aspi32.sys
12:35:41.0296 2828 Aspi32 - ok
12:35:41.0343 2828 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
12:35:41.0343 2828 aspnet_state - ok
12:35:41.0359 2828 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
12:35:41.0359 2828 AsyncMac - ok
12:35:41.0375 2828 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
12:35:41.0375 2828 atapi - ok
12:35:41.0390 2828 Atdisk - ok
12:35:41.0406 2828 atksgt (f9c24d25d9ff29f894995a64812b4d85) C:\WINDOWS\system32\DRIVERS\atksgt.sys
12:35:41.0406 2828 atksgt - ok
12:35:41.0421 2828 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
12:35:41.0421 2828 Atmarpc - ok
12:35:41.0437 2828 AudioSrv (de31b88962a8645dba5a37b993e7b0f1) C:\WINDOWS\System32\audiosrv.dll
12:35:41.0437 2828 AudioSrv - ok
12:35:41.0453 2828 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
12:35:41.0453 2828 audstub - ok
12:35:41.0453 2828 bdfsdrv - ok
12:35:41.0484 2828 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
12:35:41.0484 2828 Beep - ok
12:35:41.0500 2828 bgsvcgen (acc9c8c560c567fad6f79c977ab2ea09) C:\WINDOWS\system32\bgsvcgen.exe
12:35:41.0500 2828 bgsvcgen - ok
12:35:41.0609 2828 BHDrvx86 (a503d32ae26f77cb942aed530112edaa) C:\Documents and Settings\All Users\Data aplikací\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20120507.001\BHDrvx86.sys
12:35:41.0609 2828 BHDrvx86 - ok
12:35:41.0640 2828 BITS (19395d092fd85ddc2d9c7729cf5a2ac8) C:\WINDOWS\system32\qmgr.dll
12:35:41.0656 2828 BITS - ok
12:35:41.0656 2828 Browser (249276d3ef1e74b992299cb96099e4d7) C:\WINDOWS\System32\browser.dll
12:35:41.0671 2828 Browser - ok
12:35:41.0671 2828 catchme - ok
12:35:41.0687 2828 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
12:35:41.0687 2828 cbidf2k - ok
12:35:41.0703 2828 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
12:35:41.0703 2828 CCDECODE - ok
12:35:41.0750 2828 ccSet_NIS (599e7f6259a127c174c49938d2aa6a60) C:\WINDOWS\system32\drivers\NIS\1307000.009\ccSetx86.sys
12:35:41.0750 2828 ccSet_NIS - ok
12:35:41.0750 2828 cd20xrnt - ok
12:35:41.0781 2828 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
12:35:41.0781 2828 Cdaudio - ok
12:35:41.0812 2828 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
12:35:41.0812 2828 Cdfs - ok
12:35:41.0828 2828 cdrbsdrv (e0042bd5bef17a6a3ef1df576bde24d1) C:\WINDOWS\system32\drivers\cdrbsdrv.sys
12:35:41.0828 2828 cdrbsdrv - ok
12:35:41.0828 2828 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
12:35:41.0828 2828 Cdrom - ok
12:35:41.0843 2828 Changer - ok
12:35:41.0843 2828 CiSvc (e390dc1d7c461d7d56ec53402f329928) C:\WINDOWS\system32\cisvc.exe
12:35:41.0843 2828 CiSvc - ok
12:35:41.0859 2828 ClipSrv (064507a8dfa8c5c7e2ffddd3e6f424fa) C:\WINDOWS\system32\clipsrv.exe
12:35:41.0859 2828 ClipSrv - ok
12:35:41.0890 2828 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:35:41.0890 2828 clr_optimization_v2.0.50727_32 - ok
12:35:41.0921 2828 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
12:35:41.0937 2828 clr_optimization_v4.0.30319_32 - ok
12:35:41.0937 2828 CmdIde - ok
12:35:41.0937 2828 COMSysApp - ok
12:35:41.0953 2828 Cpqarray - ok
12:35:41.0968 2828 CryptSvc (f3ab0933cbd166d271992f411c27ccaf) C:\WINDOWS\System32\cryptsvc.dll
12:35:41.0968 2828 CryptSvc - ok
12:35:41.0968 2828 dac2w2k - ok
12:35:41.0984 2828 dac960nt - ok
12:35:42.0000 2828 DcomLaunch (be27674d1cbc3214aec84b4336a38bbf) C:\WINDOWS\system32\rpcss.dll
12:35:42.0015 2828 DcomLaunch - ok
12:35:42.0031 2828 DefragFS (292e9ec82df08cbdd1cc51d963f38248) C:\WINDOWS\system32\drivers\DefragFS.sys
12:35:42.0031 2828 DefragFS - ok
12:35:42.0046 2828 Dhcp (8c9a53e285ac5e6704844d0459ec85be) C:\WINDOWS\System32\dhcpcsvc.dll
12:35:42.0046 2828 Dhcp - ok
12:35:42.0046 2828 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
12:35:42.0062 2828 Disk - ok
12:35:42.0062 2828 dmadmin - ok
12:35:42.0078 2828 dmboot (db5fd2bf5b07dc54bfcb3664ff05bd7c) C:\WINDOWS\system32\drivers\dmboot.sys
12:35:42.0093 2828 dmboot - ok
12:35:42.0109 2828 dmio (fff1720af51171f32f1ead5cf71f2810) C:\WINDOWS\system32\drivers\dmio.sys
12:35:42.0109 2828 dmio - ok
12:35:42.0109 2828 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
12:35:42.0109 2828 dmload - ok
12:35:42.0125 2828 dmserver (2bfefe9e865655a76982f050450b9591) C:\WINDOWS\System32\dmserver.dll
12:35:42.0125 2828 dmserver - ok
12:35:42.0140 2828 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
12:35:42.0140 2828 DMusic - ok
12:35:42.0156 2828 Dnscache (dfaa406bf19f4ee806a6f8d4342137f7) C:\WINDOWS\System32\dnsrslvr.dll
12:35:42.0156 2828 Dnscache - ok
12:35:42.0171 2828 Dot3svc (4a3e2bd20157a0946751229e92eb8621) C:\WINDOWS\System32\dot3svc.dll
12:35:42.0171 2828 Dot3svc - ok
12:35:42.0171 2828 dpti2o - ok
12:35:42.0171 2828 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
12:35:42.0187 2828 drmkaud - ok
12:35:42.0187 2828 EapHost (0887d9c2be8d940778cad1e3b85f2a41) C:\WINDOWS\System32\eapsvc.dll
12:35:42.0187 2828 EapHost - ok
12:35:42.0250 2828 eeCtrl (579a6b6135d32b857faf0e3a974535d8) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
12:35:42.0250 2828 eeCtrl - ok
12:35:42.0265 2828 ElbyCDFL (ce37e3d51912e59c80c6d84337c0b4cd) C:\WINDOWS\system32\Drivers\ElbyCDFL.sys
12:35:42.0265 2828 ElbyCDFL - ok
12:35:42.0281 2828 ElbyCDIO (178cc9403816c082d22a1d47fa1f9c85) C:\WINDOWS\system32\Drivers\ElbyCDIO.sys
12:35:42.0281 2828 ElbyCDIO - ok
12:35:42.0296 2828 EraserUtilRebootDrv (028d50f059bd0d2ccb209e9011b9a9a4) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
12:35:42.0296 2828 EraserUtilRebootDrv - ok
12:35:42.0296 2828 ERSvc (a2a4912798f2be706abadd3d30800d16) C:\WINDOWS\System32\ersvc.dll
12:35:42.0312 2828 ERSvc - ok
12:35:42.0328 2828 Eventlog (9ef697af07bb8dd82c3b02ca953a95b7) C:\WINDOWS\system32\services.exe
12:35:42.0328 2828 Eventlog - ok
12:35:42.0343 2828 EventSystem (a371f11ef07653591c8de26afb13ce7f) C:\WINDOWS\system32\es.dll
12:35:42.0343 2828 EventSystem - ok
12:35:42.0359 2828 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
12:35:42.0375 2828 Fastfat - ok
12:35:42.0390 2828 FastUserSwitchingCompatibility (ee9a2b9ea968a792a053c9d1a86bf870) C:\WINDOWS\System32\shsvcs.dll
12:35:42.0390 2828 FastUserSwitchingCompatibility - ok
12:35:42.0406 2828 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
12:35:42.0406 2828 Fdc - ok
12:35:42.0406 2828 Fips (ac366695a0796560aa37215ad5762aaf) C:\WINDOWS\system32\drivers\Fips.sys
12:35:42.0421 2828 Fips - ok
12:35:42.0421 2828 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
12:35:42.0421 2828 Flpydisk - ok
12:35:42.0437 2828 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
12:35:42.0453 2828 FltMgr - ok
12:35:42.0500 2828 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
12:35:42.0500 2828 FontCache3.0.0.0 - ok
12:35:42.0515 2828 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
12:35:42.0515 2828 Fs_Rec - ok
12:35:42.0531 2828 Ftdisk (4e664d8541db4a66b73a24257e322e1f) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
12:35:42.0531 2828 Ftdisk - ok
12:35:42.0546 2828 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
12:35:42.0546 2828 GEARAspiWDM - ok
12:35:42.0578 2828 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
12:35:42.0578 2828 Gpc - ok
12:35:42.0593 2828 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
12:35:42.0593 2828 HDAudBus - ok
12:35:42.0609 2828 helpsvc (fcfe31fb75f8a6295b6b0af87a626282) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
12:35:42.0609 2828 helpsvc - ok
12:35:42.0625 2828 HidServ - ok
12:35:42.0640 2828 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
12:35:42.0640 2828 hidusb - ok
12:35:42.0640 2828 hkmsvc (7a6b320928f86bc851530d63c82965d9) C:\WINDOWS\System32\kmsvc.dll
12:35:42.0640 2828 hkmsvc - ok
12:35:42.0656 2828 hpn - ok
12:35:42.0671 2828 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
12:35:42.0671 2828 HTTP - ok
12:35:42.0687 2828 HTTPFilter (58fe2f2da3bc5573f4a35b3760d3125f) C:\WINDOWS\System32\w3ssl.dll
12:35:42.0703 2828 HTTPFilter - ok
12:35:42.0703 2828 i2omgmt - ok
12:35:42.0703 2828 i2omp - ok
12:35:42.0718 2828 i8042prt (c528e27945367191e7bae364930b6932) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
12:35:42.0718 2828 i8042prt - ok
12:35:42.0750 2828 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
12:35:42.0765 2828 idsvc - ok
12:35:42.0890 2828 IDSxpx86 (c924bf6d42b3d9292268ff1998596bd1) C:\Documents and Settings\All Users\Data aplikací\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20120518.001\IDSxpx86.sys
12:35:42.0890 2828 IDSxpx86 - ok
12:35:42.0906 2828 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
12:35:42.0906 2828 Imapi - ok
12:35:42.0921 2828 ImapiService (f7b93aafad33b2320954c17e26c8d361) C:\WINDOWS\system32\imapi.exe
12:35:42.0921 2828 ImapiService - ok
12:35:42.0937 2828 ini910u - ok
12:35:42.0937 2828 IntelIde - ok
12:35:42.0953 2828 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
12:35:42.0953 2828 Ip6Fw - ok
12:35:42.0984 2828 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
12:35:42.0984 2828 IpFilterDriver - ok
12:35:43.0000 2828 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
12:35:43.0000 2828 IpInIp - ok
12:35:43.0015 2828 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
12:35:43.0015 2828 IpNat - ok
12:35:43.0015 2828 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
12:35:43.0015 2828 IPSec - ok
12:35:43.0031 2828 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
12:35:43.0046 2828 IRENUM - ok
12:35:43.0062 2828 isapnp (cc9f8a2d60aed1a51a3ac34c59b987ae) C:\WINDOWS\system32\DRIVERS\isapnp.sys
12:35:43.0062 2828 isapnp - ok
12:35:43.0078 2828 ISODrive (0ae61463adda697a6291155ce6b08aaf) C:\WINDOWS\system32\Drivers\ISODrive.sys
12:35:43.0078 2828 ISODrive - ok
12:35:43.0093 2828 Kbdclass (1b6162fe7f66b1a71a4b70f941c4aa9b) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
12:35:43.0093 2828 Kbdclass - ok
12:35:43.0093 2828 kbdhid (86c8f23616c6c6e5b2776901c17b945b) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
12:35:43.0093 2828 kbdhid - ok
12:35:43.0125 2828 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
12:35:43.0125 2828 kmixer - ok
12:35:43.0140 2828 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
12:35:43.0140 2828 KSecDD - ok
12:35:43.0140 2828 LanmanServer (3428e8f86f8add36b42fb23542c7b3e4) C:\WINDOWS\System32\srvsvc.dll
12:35:43.0156 2828 LanmanServer - ok
12:35:43.0171 2828 lanmanworkstation (936c1d110232d23b621cb0196e4f80f0) C:\WINDOWS\System32\wkssvc.dll
12:35:43.0171 2828 lanmanworkstation - ok
12:35:43.0187 2828 LBeepKE (be2dc24d403643a2d1d98f33c7087b38) C:\WINDOWS\system32\Drivers\LBeepKE.sys
12:35:43.0187 2828 LBeepKE - ok
12:35:43.0187 2828 lbrtfdc - ok
12:35:43.0250 2828 LBTServ (910344e2a984010435ae84783b25e5eb) C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
12:35:43.0265 2828 LBTServ - ok
12:35:43.0265 2828 LGBusEnum - ok
12:35:43.0265 2828 LGVirHid - ok
12:35:43.0281 2828 LHidFilt (01cc7fb6e790ef044b411377f3a1ff41) C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys
12:35:43.0281 2828 LHidFilt - ok
12:35:43.0296 2828 lirsgt (8ccf9ed46d52af1375875f74a91ffacf) C:\WINDOWS\system32\DRIVERS\lirsgt.sys
12:35:43.0296 2828 lirsgt - ok
12:35:43.0312 2828 LmHosts (0ab159f536e3e8f7f07113702a07cca5) C:\WINDOWS\System32\lmhsvc.dll
12:35:43.0312 2828 LmHosts - ok
12:35:43.0328 2828 LMouFilt (a2e7eae8898d7b4b8c302b8f4e836bb5) C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys
12:35:43.0328 2828 LMouFilt - ok
12:35:43.0343 2828 LUsbFilt (ddfa88e36d5f8db5fbdbdddc4969db0a) C:\WINDOWS\system32\Drivers\LUsbFilt.Sys
12:35:43.0343 2828 LUsbFilt - ok
12:35:43.0343 2828 Messenger (221cd1c815b8a6b79389c3f5d1018de8) C:\WINDOWS\System32\msgsvc.dll
12:35:43.0343 2828 Messenger - ok
12:35:43.0375 2828 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
12:35:43.0375 2828 mnmdd - ok
12:35:43.0406 2828 mnmsrvc (9a57d046f88f4b69751b11fd40088a61) C:\WINDOWS\system32\mnmsrvc.exe
12:35:43.0406 2828 mnmsrvc - ok
12:35:43.0421 2828 Modem (44032b0c6d9954d3fd26438330b99ee7) C:\WINDOWS\system32\drivers\Modem.sys
12:35:43.0421 2828 Modem - ok
12:35:43.0437 2828 Mouclass (4cb582831dbde63ce43b45d771218374) C:\WINDOWS\system32\DRIVERS\mouclass.sys
12:35:43.0437 2828 Mouclass - ok
12:35:43.0437 2828 mouhid (bb269eba740737ab749b214d568b6812) C:\WINDOWS\system32\DRIVERS\mouhid.sys
12:35:43.0437 2828 mouhid - ok
12:35:43.0453 2828 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
12:35:43.0453 2828 MountMgr - ok
12:35:43.0468 2828 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
12:35:43.0468 2828 MozillaMaintenance - ok
12:35:43.0484 2828 mraid35x - ok
12:35:43.0484 2828 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
12:35:43.0500 2828 MRxDAV - ok
12:35:43.0515 2828 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
12:35:43.0515 2828 MRxSmb - ok
12:35:43.0531 2828 MSDTC (6db4d1521caba9a5ffab54ade0ae867d) C:\WINDOWS\system32\msdtc.exe
12:35:43.0531 2828 MSDTC - ok
12:35:43.0562 2828 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
12:35:43.0562 2828 Msfs - ok
12:35:43.0562 2828 MSIServer - ok
12:35:43.0578 2828 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
12:35:43.0578 2828 MSKSSRV - ok
12:35:43.0593 2828 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
12:35:43.0593 2828 MSPCLOCK - ok
12:35:43.0609 2828 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
12:35:43.0609 2828 MSPQM - ok
12:35:43.0625 2828 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
12:35:43.0625 2828 mssmbios - ok
12:35:43.0640 2828 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
12:35:43.0640 2828 MSTEE - ok
12:35:43.0656 2828 MTsensor (d48659bb24c48345d926ecb45c1ebdf5) C:\WINDOWS\system32\DRIVERS\ASACPI.sys
12:35:43.0656 2828 MTsensor - ok
12:35:43.0671 2828 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
12:35:43.0671 2828 Mup - ok
12:35:43.0687 2828 mv614x (30a697b2ef5a24292aa7fa506e443044) C:\WINDOWS\system32\DRIVERS\mv614x.sys
12:35:43.0687 2828 mv614x - ok
12:35:43.0703 2828 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
12:35:43.0703 2828 NABTSFEC - ok
12:35:43.0718 2828 napagent (6ea362e9db03d44f6b996f4d8be237e9) C:\WINDOWS\System32\qagentrt.dll
12:35:43.0734 2828 napagent - ok
12:35:43.0843 2828 NAVENG (f11033730b38260b6892e837c457fb4b) C:\Documents and Settings\All Users\Data aplikací\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120519.009\NAVENG.SYS
12:35:43.0843 2828 NAVENG - ok
12:35:43.0875 2828 NAVEX15 (4e4e7c0259d3bb97de24a636c0e06aba) C:\Documents and Settings\All Users\Data aplikací\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120519.009\NAVEX15.SYS
12:35:43.0890 2828 NAVEX15 - ok
12:35:43.0968 2828 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
12:35:43.0968 2828 NDIS - ok
12:35:43.0984 2828 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
12:35:43.0984 2828 NdisIP - ok
12:35:44.0015 2828 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
12:35:44.0015 2828 NdisTapi - ok
12:35:44.0031 2828 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
12:35:44.0031 2828 Ndisuio - ok
12:35:44.0031 2828 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
12:35:44.0046 2828 NdisWan - ok
12:35:44.0046 2828 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
12:35:44.0046 2828 NDProxy - ok
12:35:44.0062 2828 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
12:35:44.0062 2828 NetBIOS - ok
12:35:44.0078 2828 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
12:35:44.0093 2828 NetBT - ok
12:35:44.0093 2828 NetDDE (933de774986ec85e48210c44ab431de6) C:\WINDOWS\system32\netdde.exe
12:35:44.0109 2828 NetDDE - ok
12:35:44.0109 2828 NetDDEdsdm (933de774986ec85e48210c44ab431de6) C:\WINDOWS\system32\netdde.exe
12:35:44.0109 2828 NetDDEdsdm - ok
12:35:44.0140 2828 Netlogon (ed0a176354487ceed65b80a7148ab739) C:\WINDOWS\system32\lsass.exe
12:35:44.0140 2828 Netlogon - ok
12:35:44.0156 2828 Netman (72e1e9e2977be08bdeedb6d8fd9d4d40) C:\WINDOWS\System32\netman.dll
12:35:44.0156 2828 Netman - ok
12:35:44.0218 2828 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
12:35:44.0218 2828 NetTcpPortSharing - ok
12:35:44.0234 2828 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
12:35:44.0234 2828 NIC1394 - ok
12:35:44.0328 2828 NIS (c6948f034d7edabcfa2234d399fc78bc) C:\Program Files\Norton Internet Security\Engine\19.7.0.9\ccSvcHst.exe
12:35:44.0328 2828 NIS - ok
12:35:44.0343 2828 Nla (39ee7c3bfbc64ba87cc8cf67386e814c) C:\WINDOWS\System32\mswsock.dll
12:35:44.0343 2828 Nla - ok
12:35:44.0343 2828 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
12:35:44.0359 2828 Npfs - ok
12:35:44.0359 2828 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
12:35:44.0375 2828 Ntfs - ok
12:35:44.0390 2828 NtLmSsp (ed0a176354487ceed65b80a7148ab739) C:\WINDOWS\system32\lsass.exe
12:35:44.0390 2828 NtLmSsp - ok
12:35:44.0406 2828 NtmsSvc (023dd70573d644f3d9c8b1258a7bfd08) C:\WINDOWS\system32\ntmssvc.dll
12:35:44.0406 2828 NtmsSvc - ok
12:35:44.0437 2828 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
12:35:44.0437 2828 Null - ok
12:35:44.0625 2828 nv (4b54dcd6adee535df80f07c59ddd8f14) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
12:35:44.0796 2828 nv - ok
12:35:44.0843 2828 nvata (4d6c6b46b3edf6f2e219a86b61d104ae) C:\WINDOWS\system32\DRIVERS\nvata.sys
12:35:44.0843 2828 nvata - ok
12:35:44.0875 2828 NVENETFD (1b83b60541be1b6db81641c448007f21) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
12:35:44.0875 2828 NVENETFD - ok
12:35:44.0875 2828 nvnetbus (57b669f9234604a350174b86764444b0) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
12:35:44.0890 2828 nvnetbus - ok
12:35:44.0890 2828 NVSvc (0573c75a2895d973ea6ef2495620ba49) C:\WINDOWS\system32\nvsvc32.exe
12:35:44.0890 2828 NVSvc - ok
12:35:44.0906 2828 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
12:35:44.0906 2828 NwlnkFlt - ok
12:35:44.0921 2828 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
12:35:44.0921 2828 NwlnkFwd - ok
12:35:44.0968 2828 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
12:35:44.0968 2828 odserv - ok
12:35:44.0984 2828 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
12:35:44.0984 2828 ohci1394 - ok
12:35:45.0000 2828 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
12:35:45.0000 2828 ose - ok
12:35:45.0015 2828 Parport (46f8db73b4a53e543f8e371dc7c75bae) C:\WINDOWS\system32\DRIVERS\parport.sys
12:35:45.0015 2828 Parport - ok
12:35:45.0031 2828 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
12:35:45.0031 2828 PartMgr - ok
12:35:45.0046 2828 ParVdm (1fae19d0457176318bba4a8795656ebc) C:\WINDOWS\system32\drivers\ParVdm.sys
12:35:45.0046 2828 ParVdm - ok
12:35:45.0046 2828 PCI (6ce351d149cb4befc702951e471e1730) C:\WINDOWS\system32\DRIVERS\pci.sys
12:35:45.0046 2828 PCI - ok
12:35:45.0062 2828 PCIDump - ok
12:35:45.0062 2828 PCIIde (2da4ec85e0ea7a45c6b2a05820492d5a) C:\WINDOWS\system32\DRIVERS\pciide.sys
12:35:45.0062 2828 PCIIde - ok
12:35:45.0093 2828 Pcmcia (4fc31e6c19a5ce5198b1abff94cae758) C:\WINDOWS\system32\drivers\Pcmcia.sys
12:35:45.0093 2828 Pcmcia - ok
12:35:45.0140 2828 PDAgent (6abb7315658f35e448207b0ce69025bc) C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe
12:35:45.0140 2828 PDAgent - ok
12:35:45.0140 2828 PDCOMP - ok
12:35:45.0187 2828 PDEngine (b5838b97235014d5378b80ed05d4ef30) C:\Program Files\Raxco\PerfectDisk10\PDEngine.exe
12:35:45.0187 2828 PDEngine - ok
12:35:45.0187 2828 PDFRAME - ok
12:35:45.0203 2828 PDRELI - ok
12:35:45.0203 2828 PDRFRAME - ok
12:35:45.0203 2828 perc2 - ok
12:35:45.0218 2828 perc2hib - ok
12:35:45.0250 2828 PlugPlay (9ef697af07bb8dd82c3b02ca953a95b7) C:\WINDOWS\system32\services.exe
12:35:45.0250 2828 PlugPlay - ok
12:35:45.0265 2828 PolicyAgent (ed0a176354487ceed65b80a7148ab739) C:\WINDOWS\system32\lsass.exe
12:35:45.0265 2828 PolicyAgent - ok
12:35:45.0281 2828 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
12:35:45.0281 2828 PptpMiniport - ok
12:35:45.0296 2828 Processor (7eb15dce4ec3a0220bd796a15c18186e) C:\WINDOWS\system32\DRIVERS\processr.sys
12:35:45.0296 2828 Processor - ok
12:35:45.0296 2828 ProtectedStorage (ed0a176354487ceed65b80a7148ab739) C:\WINDOWS\system32\lsass.exe
12:35:45.0296 2828 ProtectedStorage - ok
12:35:45.0296 2828 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
12:35:45.0312 2828 PSched - ok
12:35:45.0312 2828 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
12:35:45.0312 2828 Ptilink - ok
12:35:45.0328 2828 ql1080 - ok
12:35:45.0328 2828 Ql10wnt - ok
12:35:45.0328 2828 ql12160 - ok
12:35:45.0328 2828 ql1240 - ok
12:35:45.0343 2828 ql1280 - ok
12:35:45.0359 2828 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
12:35:45.0359 2828 RasAcd - ok
12:35:45.0375 2828 RasAuto (2b5e44ea009f2f374b980e1e9a70635d) C:\WINDOWS\System32\rasauto.dll
12:35:45.0375 2828 RasAuto - ok
12:35:45.0390 2828 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
12:35:45.0390 2828 Rasl2tp - ok
12:35:45.0406 2828 RasMan (d57554c664b64604bd1ee13ea2c07e77) C:\WINDOWS\System32\rasmans.dll
12:35:45.0406 2828 RasMan - ok
12:35:45.0406 2828 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
12:35:45.0406 2828 RasPppoe - ok
12:35:45.0421 2828 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
12:35:45.0421 2828 Raspti - ok
12:35:45.0437 2828 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
12:35:45.0437 2828 Rdbss - ok
12:35:45.0437 2828 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
12:35:45.0437 2828 RDPCDD - ok
12:35:45.0453 2828 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
12:35:45.0453 2828 rdpdr - ok
12:35:45.0484 2828 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
12:35:45.0484 2828 RDPWD - ok
12:35:45.0500 2828 RDSessMgr (c0d9d9711cb74ee9bc66353d8cbdab0e) C:\WINDOWS\system32\sessmgr.exe
12:35:45.0500 2828 RDSessMgr - ok
12:35:45.0515 2828 redbook (611bfd220305be3a85ae876ea47d4aa5) C:\WINDOWS\system32\DRIVERS\redbook.sys
12:35:45.0515 2828 redbook - ok
12:35:45.0531 2828 RemoteAccess (127c26b5371651043450e52542099aba) C:\WINDOWS\System32\mprdim.dll
12:35:45.0531 2828 RemoteAccess - ok
12:35:45.0546 2828 RemoteRegistry (8f31505484a190d5b22274708799f4ec) C:\WINDOWS\system32\regsvc.dll
12:35:45.0562 2828 RemoteRegistry - ok
12:35:45.0578 2828 RpcLocator (718b3bdc0bc3c2f7d065a53d26202af9) C:\WINDOWS\system32\locator.exe
12:35:45.0578 2828 RpcLocator - ok
12:35:45.0593 2828 RpcSs (be27674d1cbc3214aec84b4336a38bbf) C:\WINDOWS\System32\rpcss.dll
12:35:45.0593 2828 RpcSs - ok
12:35:45.0625 2828 RSVP (09ab2e71e58b078038e3bfdba7ffc984) C:\WINDOWS\system32\rsvp.exe
12:35:45.0625 2828 RSVP - ok
12:35:45.0625 2828 SamSs (ed0a176354487ceed65b80a7148ab739) C:\WINDOWS\system32\lsass.exe
12:35:45.0625 2828 SamSs - ok
12:35:45.0656 2828 SCardSvr (410046e401eb11e1e6749e9deea41d4a) C:\WINDOWS\System32\SCardSvr.exe
12:35:45.0656 2828 SCardSvr - ok
12:35:45.0687 2828 Schedule (3ff232a7731621b8902d81d42418c93c) C:\WINDOWS\system32\schedsvc.dll
12:35:45.0687 2828 Schedule - ok
12:35:45.0703 2828 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
12:35:45.0703 2828 Secdrv - ok
12:35:45.0718 2828 seclogon (477e2c3cc5e4a0d635bcb0ea8dcac3c6) C:\WINDOWS\System32\seclogon.dll
12:35:45.0718 2828 seclogon - ok
12:35:45.0796 2828 SenFiltService (b6a6b409fda9d9ebd3aadb838d3d7173) C:\WINDOWS\system32\drivers\Senfilt.sys
12:35:45.0812 2828 SenFiltService - ok
12:35:45.0812 2828 SENS (a530b75c10c23c9ab28fdb6ce719e21f) C:\WINDOWS\system32\sens.dll
12:35:45.0812 2828 SENS - ok
12:35:45.0828 2828 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
12:35:45.0828 2828 serenum - ok
12:35:45.0828 2828 Serial (b842729337c9b921615c40d3c1a1af96) C:\WINDOWS\system32\DRIVERS\serial.sys
12:35:45.0828 2828 Serial - ok
12:35:45.0843 2828 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
12:35:45.0859 2828 Sfloppy - ok
12:35:45.0875 2828 SharedAccess (f58faca9621d2db01bd0927d9a0a208e) C:\WINDOWS\System32\ipnathlp.dll
12:35:45.0875 2828 SharedAccess - ok
12:35:45.0906 2828 ShellHWDetection (ee9a2b9ea968a792a053c9d1a86bf870) C:\WINDOWS\System32\shsvcs.dll
12:35:45.0906 2828 ShellHWDetection - ok
12:35:45.0906 2828 Simbad - ok
12:35:45.0968 2828 SkypeUpdate (db0405d9aad62f0762e0876ac142b7e1) C:\Program Files\Skype\Updater\Updater.exe
12:35:45.0968 2828 SkypeUpdate - ok
12:35:45.0984 2828 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
12:35:45.0984 2828 SLIP - ok
12:35:46.0000 2828 snapman (bd3863c139f3380a9f44fb188feefc6e) C:\WINDOWS\system32\DRIVERS\snapman.sys
12:35:46.0000 2828 snapman - ok
12:35:46.0000 2828 Sparrow - ok
12:35:46.0031 2828 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
12:35:46.0031 2828 splitter - ok
12:35:46.0046 2828 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
12:35:46.0046 2828 Spooler - ok
12:35:46.0078 2828 sr (94610c8653635e4459316a0050d55ce7) C:\WINDOWS\system32\DRIVERS\sr.sys
12:35:46.0078 2828 sr - ok
12:35:46.0093 2828 srservice (35b91147124f64ac8081a2edb9ea4dee) C:\WINDOWS\system32\srsvc.dll
12:35:46.0093 2828 srservice - ok
12:35:46.0140 2828 SRTSP (9dd258ee034afd36259cb7357e19d0b1) C:\WINDOWS\System32\Drivers\NIS\1307000.009\SRTSP.SYS
12:35:46.0140 2828 SRTSP - ok
12:35:46.0156 2828 SRTSPX (0cc3a10f363436c7b478419eb73f8d91) C:\WINDOWS\system32\drivers\NIS\1307000.009\SRTSPX.SYS
12:35:46.0156 2828 SRTSPX - ok
12:35:46.0187 2828 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
12:35:46.0187 2828 Srv - ok
12:35:46.0203 2828 SSDPSRV (becd5271dc4e3b7c3d035f790fcbc1e5) C:\WINDOWS\System32\ssdpsrv.dll
12:35:46.0218 2828 SSDPSRV - ok
12:35:46.0234 2828 stisvc (c1cdd9275f6a115bb0ae1d55d8d27ba6) C:\WINDOWS\system32\wiaservc.dll
12:35:46.0250 2828 stisvc - ok
12:35:46.0265 2828 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
12:35:46.0265 2828 streamip - ok
12:35:46.0281 2828 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
12:35:46.0281 2828 swenum - ok
12:35:46.0312 2828 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
12:35:46.0312 2828 swmidi - ok
12:35:46.0312 2828 SwPrv - ok
12:35:46.0328 2828 symc810 - ok
12:35:46.0328 2828 symc8xx - ok
12:35:46.0343 2828 SymDS (690fa0e61b90084c4d9a721bd4f3d779) C:\WINDOWS\system32\drivers\NIS\1307000.009\SYMDS.SYS
12:35:46.0359 2828 SymDS - ok
12:35:46.0390 2828 SymEFA (4e55148a2e044d02245cbcdbb266b98c) C:\WINDOWS\system32\drivers\NIS\1307000.009\SYMEFA.SYS
12:35:46.0406 2828 SymEFA - ok
12:35:46.0421 2828 SymEvent (555fb450fe6908600310e990738b41d6) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
12:35:46.0421 2828 SymEvent - ok
12:35:46.0437 2828 SymIM (a7100ea17ed9eaf365362a05bf430e77) C:\WINDOWS\system32\DRIVERS\SymIM.sys
12:35:46.0437 2828 SymIM - ok
12:35:46.0437 2828 SymIMMP (a7100ea17ed9eaf365362a05bf430e77) C:\WINDOWS\system32\DRIVERS\SymIM.sys
12:35:46.0437 2828 SymIMMP - ok
12:35:46.0453 2828 SymIRON (2c356cca706505cf63cbe39d532b9236) C:\WINDOWS\system32\drivers\NIS\1307000.009\Ironx86.SYS
12:35:46.0453 2828 SymIRON - ok
12:35:46.0484 2828 SYMTDI (508bd882040f9cb12319e3a4fc78edb9) C:\WINDOWS\System32\Drivers\NIS\1307000.009\SYMTDI.SYS
12:35:46.0500 2828 SYMTDI - ok
12:35:46.0500 2828 sym_hi - ok
12:35:46.0500 2828 sym_u3 - ok
12:35:46.0531 2828 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
12:35:46.0531 2828 sysaudio - ok
12:35:46.0562 2828 SysmonLog (ce06f01b88ace199a1bf460cac29c110) C:\WINDOWS\system32\smlogsvc.exe
12:35:46.0562 2828 SysmonLog - ok
12:35:46.0578 2828 TapiSrv (c2546cd7a398476f9df5614b2ae160e8) C:\WINDOWS\System32\tapisrv.dll
12:35:46.0578 2828 TapiSrv - ok
12:35:46.0609 2828 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
12:35:46.0609 2828 Tcpip - ok
12:35:46.0625 2828 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
12:35:46.0640 2828 TDPIPE - ok
12:35:46.0687 2828 tdrpman251 (3630f5b8181554deecfe2e4252bc4c4c) C:\WINDOWS\system32\DRIVERS\tdrpm251.sys
12:35:46.0703 2828 tdrpman251 - ok
12:35:46.0734 2828 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
12:35:46.0734 2828 TDTCP - ok
12:35:46.0750 2828 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
12:35:46.0750 2828 TermDD - ok
12:35:46.0765 2828 TermService (a75dd6fc3dbee4fff5ebc9f2c28bb66e) C:\WINDOWS\System32\termsrv.dll
12:35:46.0781 2828 TermService - ok
12:35:46.0796 2828 Themes (ee9a2b9ea968a792a053c9d1a86bf870) C:\WINDOWS\System32\shsvcs.dll
12:35:46.0796 2828 Themes - ok
12:35:46.0812 2828 timounter (c820bfc70feb25ec877c49e81cd477c1) C:\WINDOWS\system32\DRIVERS\timntr.sys
12:35:46.0812 2828 timounter - ok
12:35:46.0828 2828 TlntSvr (cd0cc7b167d78043a41c98d4921efb54) C:\WINDOWS\system32\tlntsvr.exe
12:35:46.0843 2828 TlntSvr - ok
12:35:46.0843 2828 TosIde - ok
12:35:46.0843 2828 tosrfec - ok
12:35:46.0875 2828 TrkWks (38853304ccb938d30e0c4cde8d2c2a8a) C:\WINDOWS\system32\trkwks.dll
12:35:46.0875 2828 TrkWks - ok
12:35:46.0906 2828 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
12:35:46.0906 2828 Udfs - ok
12:35:46.0906 2828 ultra - ok
12:35:46.0937 2828 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
12:35:46.0937 2828 Update - ok
12:35:46.0953 2828 upnphost (651bd90dcee5b7bdc74a2eb7c9266f9e) C:\WINDOWS\System32\upnphost.dll
12:35:46.0968 2828 upnphost - ok
12:35:46.0968 2828 UPS (20a0f6a11959e92908717d09e87d670d) C:\WINDOWS\System32\ups.exe
12:35:46.0984 2828 UPS - ok
12:35:46.0984 2828 upsmonservice - ok
12:35:47.0000 2828 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
12:35:47.0000 2828 usbaudio - ok
12:35:47.0015 2828 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
12:35:47.0015 2828 usbccgp - ok
12:35:47.0046 2828 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
12:35:47.0046 2828 usbehci - ok
12:35:47.0062 2828 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
12:35:47.0062 2828 usbhub - ok
12:35:47.0093 2828 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
12:35:47.0093 2828 usbohci - ok
12:35:47.0109 2828 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
12:35:47.0109 2828 usbprint - ok
12:35:47.0140 2828 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
12:35:47.0140 2828 usbscan - ok
12:35:47.0156 2828 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
12:35:47.0156 2828 USBSTOR - ok
12:35:47.0171 2828 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
12:35:47.0187 2828 usbvideo - ok
12:35:47.0203 2828 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
12:35:47.0203 2828 VgaSave - ok
12:35:47.0203 2828 ViaIde - ok
12:35:47.0218 2828 VolSnap (28a4b296b47782173c346e376cb374d1) C:\WINDOWS\system32\drivers\VolSnap.sys
12:35:47.0218 2828 VolSnap - ok
12:35:47.0234 2828 VSS (d6ba1a63d9e00933f1cd2a885573afb2) C:\WINDOWS\System32\vssvc.exe
12:35:47.0250 2828 VSS - ok
12:35:47.0265 2828 W32Time (fa4e1cdba256787f2149f4aad07bc91f) C:\WINDOWS\system32\w32time.dll
12:35:47.0265 2828 W32Time - ok
12:35:47.0265 2828 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
12:35:47.0265 2828 Wanarp - ok
12:35:47.0296 2828 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys
12:35:47.0296 2828 Wdf01000 - ok
12:35:47.0312 2828 WDICA - ok
12:35:47.0312 2828 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
12:35:47.0328 2828 wdmaud - ok
12:35:47.0328 2828 WebClient (47ae51048a82dfa1cd6b51d369f7e169) C:\WINDOWS\System32\webclnt.dll
12:35:47.0328 2828 WebClient - ok
12:35:47.0375 2828 winmgmt (e488332126e3b1182d2b8a0c35408ec6) C:\WINDOWS\system32\wbem\WMIsvc.dll
12:35:47.0375 2828 winmgmt - ok
12:35:47.0421 2828 WmBEnum (59c90bc8317bd3f6e5559a4deaf35090) C:\WINDOWS\system32\drivers\WmBEnum.sys
12:35:47.0421 2828 WmBEnum - ok
12:35:47.0437 2828 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\mspmsnsv.dll
12:35:47.0437 2828 WmdmPmSN - ok
12:35:47.0453 2828 WmFilter (999a4539ad634a741afd357e290bd461) C:\WINDOWS\system32\drivers\WmFilter.sys
12:35:47.0453 2828 WmFilter - ok
12:35:47.0484 2828 Wmi (0171cff34bba8c5977f18c48d8aef8c6) C:\WINDOWS\System32\advapi32.dll
12:35:47.0484 2828 Wmi - ok
12:35:47.0500 2828 WmiApSrv (23f6f03272f7e5679f1f050aed5acee6) C:\WINDOWS\system32\wbem\wmiapsrv.exe
12:35:47.0515 2828 WmiApSrv - ok
12:35:47.0578 2828 WMPNetworkSvc (3739866d20abd42f26a7b85f9e2560af) C:\Program Files\Windows Media Player\WMPNetwk.exe
12:35:47.0593 2828 WMPNetworkSvc - ok
12:35:47.0625 2828 WmVirHid (0b8c64b13776f17537f0705fe62799c6) C:\WINDOWS\system32\drivers\WmVirHid.sys
12:35:47.0625 2828 WmVirHid - ok
12:35:47.0640 2828 WmXlCore (8d388aeb1a12c1192aa9b4ebceabcba6) C:\WINDOWS\system32\drivers\WmXlCore.sys
12:35:47.0640 2828 WmXlCore - ok
12:35:47.0734 2828 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
12:35:47.0750 2828 WPFFontCache_v0400 - ok
12:35:47.0765 2828 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
12:35:47.0765 2828 WS2IFSL - ok
12:35:47.0781 2828 wscsvc (4c86d5faf78194995af9cc1075f65dd3) C:\WINDOWS\system32\wscsvc.dll
12:35:47.0796 2828 wscsvc - ok
12:35:47.0812 2828 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
12:35:47.0812 2828 WSTCODEC - ok
12:35:47.0828 2828 wuauserv (c1364564800ee9784192145324a23308) C:\WINDOWS\system32\wuauserv.dll
12:35:47.0828 2828 wuauserv - ok
12:35:47.0843 2828 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
12:35:47.0843 2828 WudfPf - ok
12:35:47.0859 2828 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
12:35:47.0859 2828 WudfRd - ok
12:35:47.0875 2828 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
12:35:47.0875 2828 WudfSvc - ok
12:35:47.0906 2828 WZCSVC (a27d4ba7264c0bf52f32d10405bea1d4) C:\WINDOWS\System32\wzcsvc.dll
12:35:47.0906 2828 WZCSVC - ok
12:35:47.0937 2828 xmlprov (eaa4bb9edb3fb10cf8979fe65e63658f) C:\WINDOWS\System32\xmlprov.dll
12:35:47.0937 2828 xmlprov - ok
12:35:47.0953 2828 MBR (0x1B8) (75496518b69109c8b5470492b3cda641) \Device\Harddisk0\DR0
12:35:48.0421 2828 \Device\Harddisk0\DR0 - ok
12:35:48.0437 2828 MBR (0x1B8) (d1ad4c53eadd115593e05fa56d6b9dea) \Device\Harddisk1\DR1
12:35:48.0859 2828 \Device\Harddisk1\DR1 - ok
12:35:48.0859 2828 Boot (0x1200) (b8c8d358f61378c562176c6a7904e355) \Device\Harddisk0\DR0\Partition0
12:35:48.0859 2828 \Device\Harddisk0\DR0\Partition0 - ok
12:35:48.0859 2828 Boot (0x1200) (317e6e837cdc639612a2f2d27453baea) \Device\Harddisk0\DR0\Partition1
12:35:48.0859 2828 \Device\Harddisk0\DR0\Partition1 - ok
12:35:48.0875 2828 Boot (0x1200) (24c99ac0cb89fc12eba065ec31e0cad0) \Device\Harddisk0\DR0\Partition2
12:35:48.0875 2828 \Device\Harddisk0\DR0\Partition2 - ok
12:35:48.0875 2828 Boot (0x1200) (79d36ee253aa84c08378e57d84934518) \Device\Harddisk0\DR0\Partition3
12:35:48.0875 2828 \Device\Harddisk0\DR0\Partition3 - ok
12:35:48.0875 2828 Boot (0x1200) (2264351e5a4f19ed4cfd309739ce5cc8) \Device\Harddisk0\DR0\Partition4
12:35:48.0875 2828 \Device\Harddisk0\DR0\Partition4 - ok
12:35:48.0890 2828 Boot (0x1200) (98d938e695a88bb8d89296efe659172d) \Device\Harddisk1\DR1\Partition0
12:35:48.0890 2828 \Device\Harddisk1\DR1\Partition0 - ok
12:35:48.0890 2828 ============================================================
12:35:48.0890 2828 Scan finished
12:35:48.0890 2828 ============================================================
12:35:48.0906 3084 Detected object count: 0
12:35:48.0906 3084 Actual detected object count: 0
Nikdo není dobrý náhodně,ctnosti je třeba se učit.
SENECA
SENECA
Re: Rootkit
Dobre daj este jeden log a potom to doriesime.
Stiahni na plochu a spust, a FRST.txt vloz sem.
http://download.bleepingcomputer.com/farbar/FRST.exe
Stiahni na plochu a spust, a FRST.txt vloz sem.
http://download.bleepingcomputer.com/farbar/FRST.exe
Dôležité informácie.
NEŠLAPE Vám počítač?
Je zavirovaný? Šlape pomalu? Nefunguje program? Problém s instalací?
Využíjte služby vzdálené pomoci!
e-mail: stell(zavináč)forum.viry.cz
Thanks! Vďaka!
NEŠLAPE Vám počítač?
Je zavirovaný? Šlape pomalu? Nefunguje program? Problém s instalací?
Využíjte služby vzdálené pomoci!
e-mail: stell(zavináč)forum.viry.cz
Thanks! Vďaka!
Re: Rootkit
Tak tu je to
Scan result of Farbar Recovery Scan Tool (FRST written by farbar) Version: 19-05-2012
Ran by Karel at 20-05-2012 12:58:49
Running from C:\Stahování
Service Pack 3 (X86) OS Language: Czech
Attention: Could not load system hive.
Error: Proces nemá přístup k souboru, neboť jej právě využívá jiný proces.
ATTENTION: THE TOOL IS NOT RUN FROM RECOVERY ENVIRONMENT AND WILL NOT FUNTION PROPERLY.
========================== Registry (Whitelisted) =============
HKU\Default User\...\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE [15360 2008-04-14] (Microsoft Corporation)
HKLM\...\Winlogon: [Userinit] [x]
HKLM\...\Winlogon: [Shell]
================================ Services (Whitelisted) ==================
========================== Drivers (Whitelisted) =============
========================== NetSvcs (Whitelisted) ===========
============ One Month Created Files and Folders ==============
2012-05-20 12:58 - 2012-05-20 12:58 - 0000000 ____D C:\FRST
2012-05-20 12:50 - 2012-05-20 12:50 - 0000000 ____D C:\TDSSKiller_Quarantine
2012-05-20 12:48 - 2012-05-20 12:51 - 0184250 ____A C:\TDSSKiller.2.7.35.0_20.05.2012_12.48.41_log.txt
2012-05-20 12:35 - 2012-05-20 12:36 - 0093782 ____A C:\TDSSKiller.2.7.35.0_20.05.2012_12.35.35_log.txt
2012-05-20 11:39 - 2012-05-20 11:39 - 0016962 ____A C:\ComboFix.txt
2012-05-20 11:24 - 2012-05-20 11:38 - 0000000 ____D C:\Windows\ERDNT
2012-05-20 11:24 - 2011-06-26 08:45 - 0256000 ____A C:\Windows\PEV.exe
2012-05-20 11:24 - 2010-11-07 19:20 - 0208896 ____A C:\Windows\MBR.exe
2012-05-20 11:24 - 2009-04-20 06:56 - 0060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2012-05-20 11:24 - 2000-08-31 02:00 - 0518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2012-05-20 11:24 - 2000-08-31 02:00 - 0406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2012-05-20 11:24 - 2000-08-31 02:00 - 0212480 ____A (SteelWerX) C:\Windows\SWXCACLS.exe
2012-05-20 11:24 - 2000-08-31 02:00 - 0098816 ____A C:\Windows\sed.exe
2012-05-20 11:24 - 2000-08-31 02:00 - 0080412 ____A C:\Windows\grep.exe
2012-05-20 11:24 - 2000-08-31 02:00 - 0068096 ____A C:\Windows\zip.exe
2012-05-20 11:23 - 2012-05-20 11:39 - 0000000 ____D C:\Qoobox
2012-05-19 23:26 - 2012-05-19 23:57 - 0000000 ____D C:\Program Files\Raxco
2012-05-19 22:12 - 2012-05-19 22:12 - 0205072 ____A (Trend Micro Inc.) C:\Windows\System32\Drivers\tmcomm.sys
2012-05-18 22:24 - 2012-05-20 11:36 - 2145693696 __ASH C:\hiberfil.sys
2012-05-09 04:04 - 2012-05-09 04:25 - 0000000 ___HD C:\Windows\$hf_mig$
2012-05-06 10:26 - 2012-05-06 10:26 - 0000000 ____D C:\Program Files\Free OCR to Word
2012-04-28 21:13 - 2012-04-28 21:14 - 0000000 ____D C:\Program Files\Total Uninstall 6
2012-04-27 20:34 - 2012-04-27 20:34 - 0227784 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe
2012-04-27 20:34 - 2012-04-27 20:34 - 0174024 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe
2012-04-27 20:34 - 2012-04-27 20:34 - 0174024 ____A (Oracle Corporation) C:\Windows\System32\java.exe
2012-04-27 20:34 - 2012-04-27 20:34 - 0143872 ____A (Oracle Corporation) C:\Windows\System32\javacpl.cpl
2012-04-24 22:10 - 2012-04-24 22:10 - 0000000 ____D C:\Program Files\Mozilla Maintenance Service
============ 3 Months Modified Files and Folders ===============
2012-05-20 12:58 - 2012-05-20 12:58 - 0000000 ____D C:\FRST
2012-05-20 12:58 - 2011-01-21 18:03 - 0000000 ___RD C:\Stahování
2012-05-20 12:51 - 2012-05-20 12:48 - 0184250 ____A C:\TDSSKiller.2.7.35.0_20.05.2012_12.48.41_log.txt
2012-05-20 12:50 - 2012-05-20 12:50 - 0000000 ____D C:\TDSSKiller_Quarantine
2012-05-20 12:48 - 2011-01-21 16:31 - 2030944 ____A C:\Windows\WindowsUpdate.log
2012-05-20 12:42 - 2011-01-21 16:36 - 0000000 ___HD C:\Documents and Settings\Karel Finger\Okolní síť
2012-05-20 12:36 - 2012-05-20 12:35 - 0093782 ____A C:\TDSSKiller.2.7.35.0_20.05.2012_12.35.35_log.txt
2012-05-20 12:13 - 2012-04-03 03:34 - 0000914 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-05-20 12:06 - 2011-01-21 16:36 - 0000178 ___SH C:\Documents and Settings\Karel Finger\ntuser.ini
2012-05-20 12:06 - 2011-01-21 16:36 - 0000062 __ASH C:\Documents and Settings\Karel Finger\Local Settings\desktop.ini
2012-05-20 12:06 - 2011-01-21 16:36 - 0000000 ____D C:\Documents and Settings\Karel Finger\Plocha
2012-05-20 12:06 - 2007-08-02 14:00 - 0013646 ____A C:\Windows\System32\wpa.dbl
2012-05-20 11:39 - 2012-05-20 11:39 - 0016962 ____A C:\ComboFix.txt
2012-05-20 11:39 - 2012-05-20 11:23 - 0000000 ____D C:\Qoobox
2012-05-20 11:38 - 2012-05-20 11:24 - 0000000 ____D C:\Windows\ERDNT
2012-05-20 11:37 - 2011-01-21 17:25 - 0000159 ____A C:\Windows\wiadebug.log
2012-05-20 11:37 - 2011-01-21 17:25 - 0000049 ____A C:\Windows\wiaservc.log
2012-05-20 11:37 - 2011-01-21 16:36 - 0000000 __SHD C:\Documents and Settings\Karel Finger\Local Settings\Temporary Internet Files
2012-05-20 11:37 - 2011-01-21 16:35 - 0000062 __ASH C:\Documents and Settings\LocalService\Local Settings\desktop.ini
2012-05-20 11:37 - 2011-01-21 16:35 - 0000006 ___AH C:\Windows\Tasks\SA.DAT
2012-05-20 11:37 - 2011-01-21 16:34 - 0000062 __ASH C:\Documents and Settings\NetworkService\Local Settings\desktop.ini
2012-05-20 11:37 - 2007-08-02 14:00 - 0000227 ____A C:\Windows\system.ini
2012-05-20 11:37 - 2007-08-02 14:00 - 0000027 ____A C:\Windows\System32\Drivers\etc\hosts
2012-05-20 11:36 - 2012-05-18 22:24 - 2145693696 __ASH C:\hiberfil.sys
2012-05-20 11:35 - 2011-01-21 17:22 - 0000000 __SHD C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files
2012-05-20 11:35 - 2011-01-21 16:35 - 0000000 ___HD C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files
2012-05-20 11:35 - 2011-01-21 16:34 - 0000000 ___HD C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files
2012-05-20 11:32 - 2011-01-21 16:35 - 0032564 ____A C:\Windows\SchedLgU.Txt
2012-05-20 11:29 - 2011-01-21 16:30 - 0000000 ____D C:\Windows\System32\Restore
2012-05-20 11:25 - 2011-01-21 16:36 - 0000000 __RHD C:\Documents and Settings\Karel Finger\Data aplikací
2012-05-19 23:57 - 2012-05-19 23:26 - 0000000 ____D C:\Program Files\Raxco
2012-05-19 23:33 - 2011-03-23 05:18 - 0000000 ____D C:\Config.Msi
2012-05-19 23:26 - 2011-01-21 17:22 - 0000000 __RHD C:\Documents and Settings\All Users\Data aplikací
2012-05-19 23:01 - 2011-01-22 11:07 - 0000000 ____D C:\VueScan
2012-05-19 22:23 - 2011-01-21 17:53 - 0000000 ____D C:\Program Files\Mozilla Thunderbird
2012-05-19 22:12 - 2012-05-19 22:12 - 0205072 ____A (Trend Micro Inc.) C:\Windows\System32\Drivers\tmcomm.sys
2012-05-19 21:45 - 2008-04-14 08:51 - 0006656 ____A C:\Windows\System32\lpcio.dll
2012-05-18 14:55 - 2011-01-21 17:45 - 0000000 ____D C:\Windows\System32\Drivers\NIS
2012-05-16 14:58 - 2011-01-22 09:50 - 0347985 ____A C:\fftrlog.txt
2012-05-16 14:58 - 2011-01-22 09:49 - 0000000 ____D C:\Program Files\Recepty doma
2012-05-15 21:40 - 2011-01-22 14:23 - 0000000 ____A C:\Windows\XXLGSC
2012-05-13 13:37 - 2011-01-21 17:08 - 0000000 ____D C:\Winrar temp
2012-05-13 13:16 - 2012-03-18 08:51 - 0000000 ____D C:\Documents and Settings\Karel Finger\Local Settings\Data aplikacíLow
2012-05-11 20:16 - 2011-01-21 16:36 - 0000000 ___AD C:\Documents and Settings\Karel Finger\Dokumenty
2012-05-11 04:03 - 2011-01-22 09:23 - 0000000 ____D C:\Program Files\rajce
2012-05-09 15:13 - 2011-01-21 19:48 - 0000000 ____D C:\Windows\Microsoft.NET
2012-05-09 14:26 - 2011-01-21 21:27 - 0000000 ____D C:\Program Files\Microsoft Silverlight
2012-05-09 14:26 - 2011-01-21 17:22 - 0256656 ____A C:\Windows\System32\FNTCACHE.DAT
2012-05-09 04:35 - 2011-01-21 20:13 - 0000000 ____D C:\Windows\System32\XPSViewer
2012-05-09 04:33 - 2011-01-21 19:53 - 55656824 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-05-09 04:33 - 2011-01-21 17:23 - 1140664 ____A C:\Windows\System32\PerfStringBackup.INI
2012-05-09 04:25 - 2012-05-09 04:04 - 0000000 ___HD C:\Windows\$hf_mig$
2012-05-07 10:57 - 2011-01-21 16:36 - 0000000 ___HD C:\Documents and Settings\Karel Finger\Local Settings\Data aplikací
2012-05-06 10:26 - 2012-05-06 10:26 - 0000000 ____D C:\Program Files\Free OCR to Word
2012-05-06 10:26 - 2011-01-21 16:36 - 0000000 ___RD C:\Documents and Settings\Karel Finger\Nabídka Start
2012-05-04 22:13 - 2012-04-03 03:34 - 0419488 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2012-05-04 22:13 - 2011-05-15 21:15 - 0070304 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2012-04-29 19:19 - 2011-01-21 17:22 - 0000000 ____D C:\Documents and Settings\All Users\Plocha
2012-04-29 06:28 - 2011-01-21 16:53 - 0285176 ____A C:\Windows\System32\nvdrsdb1.bin
2012-04-29 06:28 - 2011-01-21 16:53 - 0000001 ____A C:\Windows\System32\nvdrssel.bin
2012-04-28 21:36 - 2011-01-25 00:04 - 0000000 ____D C:\Windows\Album
2012-04-28 21:36 - 2011-01-21 16:47 - 0000000 ___HD C:\Program Files\InstallShield Installation Information
2012-04-28 21:23 - 2012-02-26 11:25 - 0000000 ____D C:\Program Files\Mozilla Firefox
2012-04-28 21:14 - 2012-04-28 21:13 - 0000000 ____D C:\Program Files\Total Uninstall 6
2012-04-28 21:13 - 2011-01-21 17:17 - 0000000 ____D C:\Windows\system
2012-04-27 20:34 - 2012-04-27 20:34 - 0227784 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe
2012-04-27 20:34 - 2012-04-27 20:34 - 0174024 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe
2012-04-27 20:34 - 2012-04-27 20:34 - 0174024 ____A (Oracle Corporation) C:\Windows\System32\java.exe
2012-04-27 20:34 - 2012-04-27 20:34 - 0143872 ____A (Oracle Corporation) C:\Windows\System32\javacpl.cpl
2012-04-27 20:34 - 2011-12-13 23:47 - 0772552 ____A (Oracle Corporation) C:\Windows\System32\npdeployJava1.dll
2012-04-25 22:29 - 2011-01-23 08:50 - 0000000 ____D C:\Zalohy registru
2012-04-25 22:28 - 2011-01-21 20:14 - 0000000 ____D C:\Program Files\CCleaner
2012-04-24 22:10 - 2012-04-24 22:10 - 0000000 ____D C:\Program Files\Mozilla Maintenance Service
2012-04-18 23:32 - 2011-01-30 13:10 - 0000031 ____A C:\Windows\progress
2012-04-15 18:07 - 2012-04-10 15:45 - 0000000 ____D C:\Program Files\Common Files\Logitech
2012-04-15 18:07 - 2011-10-21 04:34 - 0000000 ____D C:\Program Files\Logitech
2012-04-15 18:07 - 2011-01-21 16:39 - 0000000 ____D C:\Windows\System32\ReinstallBackups
2012-04-15 17:48 - 2011-01-21 18:08 - 0000000 ____D C:\Program Files\Common Files\LogiShrd
2012-04-14 17:12 - 2012-04-14 17:09 - 0119296 ____A C:\Windows\System32\zlib.dll
2012-04-14 16:25 - 2011-01-21 16:31 - 0000000 ____D C:\Windows\System32\DirectX
2012-04-14 16:22 - 2011-01-21 17:22 - 0000000 ___SD C:\Documents and Settings\All Users\Dokumenty
2012-04-14 11:36 - 2012-04-14 09:01 - 0000000 ____D C:\Xpadder
2012-04-14 10:53 - 2011-11-03 20:27 - 0000000 ____D C:\Pdf spojení souborů
2012-04-11 21:31 - 2011-01-21 19:32 - 0000000 ____D C:\Windows\ie8updates
2012-04-11 15:55 - 2011-01-21 19:11 - 2194816 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\ntoskrnl.exe
2012-04-11 15:55 - 2011-01-21 19:11 - 2150400 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\ntkrnlmp.exe
2012-04-11 15:55 - 2011-01-21 19:11 - 2028544 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\ntkrpamp.exe
2012-04-11 15:55 - 2009-02-10 20:09 - 2071296 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\ntkrnlpa.exe
2012-04-11 15:55 - 2008-04-14 10:06 - 2028544 ____A (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe
2012-04-11 15:55 - 2008-04-14 08:06 - 2150400 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-04-11 15:55 - 2008-04-14 07:45 - 1862272 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\win32k.sys
2012-04-11 15:55 - 2008-04-14 07:45 - 1862272 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-04-08 20:25 - 2011-01-21 18:59 - 0000000 ____D C:\Program Files\AIMP2
2012-04-01 10:10 - 2012-03-31 18:41 - 0000000 ____D C:\Projekt
2012-03-26 21:48 - 2011-01-21 17:45 - 0141944 ____A (Symantec Corporation) C:\Windows\System32\Drivers\SYMEVENT.SYS
2012-03-26 21:48 - 2011-01-21 17:45 - 0060872 ____A (Symantec Corporation) C:\Windows\System32\S32EVNT1.DLL
2012-03-26 21:48 - 2011-01-21 17:45 - 0007468 ____A C:\Windows\System32\Drivers\SYMEVENT.CAT
2012-03-26 21:48 - 2011-01-21 17:45 - 0000805 ____A C:\Windows\System32\Drivers\SYMEVENT.INF
2012-03-26 21:48 - 2011-01-21 17:45 - 0000000 ____D C:\Program Files\Symantec
2012-03-26 17:09 - 2011-01-21 22:57 - 0000000 ____D C:\Program Files\The KMPlayer
2012-03-24 18:47 - 2011-02-26 18:27 - 0082320 ____A (EZB Systems, Inc.) C:\Windows\System32\Drivers\ISODrive.sys
2012-03-24 18:14 - 2012-03-24 18:14 - 0000000 ____D C:\Program Files\CleanUp!
2012-03-24 14:02 - 2011-01-22 10:05 - 0000000 ___RD C:\Program Files\Skype
2012-03-17 10:45 - 2006-05-02 11:12 - 0293888 ____A (Analog Devices, Inc.) C:\Windows\System32\Drivers\ADIHdAud.sys
2012-03-17 10:45 - 2006-04-27 00:42 - 0093952 ____A (Andrea Electronics Corporation) C:\Windows\System32\Drivers\aeaudio.sys
2012-03-17 10:45 - 2006-03-17 12:18 - 0392960 ____A (Sensaura) C:\Windows\System32\Drivers\senfilt.sys
2012-03-17 10:45 - 2006-02-06 09:54 - 0028160 ____A (Analog Devices, Inc.) C:\Windows\System32\PostProc.dll
2012-03-17 10:45 - 2003-08-19 13:36 - 0065536 ___AC (Sensaura Ltd) C:\Windows\System32\dllcache\a3d.dll
2012-03-17 10:45 - 2003-08-19 13:36 - 0065536 ____A (Sensaura Ltd) C:\Windows\System32\a3d.dll
2012-03-17 10:39 - 2011-01-21 17:22 - 0000000 ___RD C:\Documents and Settings\All Users\Nabídka Start
2012-03-17 09:24 - 2011-01-21 16:35 - 0000178 ___SH C:\Documents and Settings\LocalService\ntuser.ini
2012-03-17 08:58 - 2011-01-21 16:36 - 0000000 ___HD C:\Documents and Settings\Karel Finger\Šablony
2012-03-14 04:18 - 2012-03-14 04:18 - 0000000 ____D C:\Documents and Settings\All Users\Data aplikacÝ
2012-03-02 20:36 - 2012-01-10 21:34 - 0000116 ____A C:\Windows\NeroDigital.ini
2012-03-02 05:59 - 2011-01-21 19:26 - 11082752 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\ieframe.dll
2012-03-02 05:59 - 2009-03-08 05:39 - 11082752 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-03-01 12:59 - 2011-01-21 19:26 - 2000384 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\iertutil.dll
2012-03-01 12:59 - 2011-01-21 19:26 - 0743424 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\iedvtool.dll
2012-03-01 12:59 - 2011-01-21 19:26 - 0602112 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\msfeeds.dll
2012-03-01 12:59 - 2011-01-21 19:26 - 0247808 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\ieproxy.dll
2012-03-01 12:59 - 2011-01-21 19:26 - 0055296 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\msfeedsbs.dll
2012-03-01 12:59 - 2011-01-21 19:26 - 0012800 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\xpshims.dll
2012-03-01 12:59 - 2009-03-08 05:32 - 2000384 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-03-01 12:59 - 2009-03-08 05:32 - 0602112 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-03-01 12:59 - 2009-03-08 05:31 - 0055296 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2012-03-01 12:59 - 2008-04-14 08:52 - 1469440 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\inetcpl.cpl
2012-03-01 12:59 - 2008-04-14 08:52 - 1469440 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-03-01 12:59 - 2008-04-14 08:52 - 1212416 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\urlmon.dll
2012-03-01 12:59 - 2008-04-14 08:52 - 1212416 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-03-01 12:59 - 2008-04-14 08:52 - 0916992 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\wininet.dll
2012-03-01 12:59 - 2008-04-14 08:52 - 0916992 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-03-01 12:59 - 2008-04-14 08:52 - 0105984 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\url.dll
2012-03-01 12:59 - 2008-04-14 08:52 - 0105984 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-03-01 12:59 - 2008-04-14 08:51 - 5978624 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\mshtml.dll
2012-03-01 12:59 - 2008-04-14 08:51 - 5978624 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-03-01 12:59 - 2008-04-14 08:51 - 0611840 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\mstime.dll
2012-03-01 12:59 - 2008-04-14 08:51 - 0611840 ____A (Microsoft Corporation) C:\Windows\System32\mstime.dll
2012-03-01 12:59 - 2008-04-14 08:51 - 0387584 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\iedkcs32.dll
2012-03-01 12:59 - 2008-04-14 08:51 - 0387584 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2012-03-01 12:59 - 2008-04-14 08:51 - 0206848 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\occache.dll
2012-03-01 12:59 - 2008-04-14 08:51 - 0206848 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
2012-03-01 12:59 - 2008-04-14 08:51 - 0184320 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\iepeers.dll
2012-03-01 12:59 - 2008-04-14 08:51 - 0184320 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2012-03-01 12:59 - 2008-04-14 08:51 - 0066560 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\mshtmled.dll
2012-03-01 12:59 - 2008-04-14 08:51 - 0066560 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-03-01 12:59 - 2008-04-14 08:51 - 0043520 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\licmgr10.dll
2012-03-01 12:59 - 2008-04-14 08:51 - 0043520 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2012-03-01 12:59 - 2008-04-14 08:51 - 0025600 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\jsproxy.dll
2012-03-01 12:59 - 2008-04-14 08:51 - 0025600 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-02-29 16:10 - 2008-04-14 08:52 - 0177664 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\wintrust.dll
2012-02-29 16:10 - 2008-04-14 08:52 - 0177664 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll
2012-02-29 16:10 - 2008-04-14 08:51 - 0148480 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\imagehlp.dll
2012-02-29 16:10 - 2008-04-14 08:51 - 0148480 ____A (Microsoft Corporation) C:\Windows\System32\imagehlp.dll
2012-02-29 14:17 - 2008-04-14 08:52 - 0174080 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\ie4uinit.exe
2012-02-29 14:17 - 2008-04-14 08:52 - 0174080 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2012-02-29 14:17 - 2008-04-14 07:50 - 0385024 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2012-02-26 07:58 - 2012-02-26 07:58 - 0000000 ____D C:\Program Files\trend micro
2012-02-23 15:25 - 2012-03-17 09:37 - 0021336 ____A (IObit) C:\Windows\System32\RegistryDefragBootTime.exe
2012-02-21 22:12 - 2012-02-21 22:12 - 0000000 ____D C:\Program Files\Common Files\Skype
2012-02-21 21:32 - 2012-02-21 21:32 - 0000000 ____D C:\Program Files\Common Files\Java
2012-02-21 21:31 - 2012-02-21 21:31 - 0000000 ____D C:\Program Files\Java
2012-02-21 21:24 - 2011-01-21 17:05 - 0000000 ____D C:\Program Files\WinRAR
2012-02-21 19:42 - 2011-01-21 16:53 - 0285176 ____A C:\Windows\System32\nvdrsdb0.bin
========================= Known DLLs (Whitelisted) ============
========================= Bamital & volsnap Check ============
C:\Windows\explorer.exe
[2008-04-14 08:52] - [2008-04-14 08:52] - 1034240 ____A (Microsoft Corporation) 27afd587c462e280ee046b8cca3c2cd1
C:\Windows\System32\winlogon.exe
[2008-04-14 08:52] - [2008-04-14 08:52] - 0507904 ____A (Microsoft Corporation) cddb1f8e1aea356f3ad106f2cf9b7fea
C:\Windows\System32\svchost.exe
[2008-04-14 08:52] - [2008-04-14 08:52] - 0014336 ____A (Microsoft Corporation) be4a520e29b6391f49e79ccc52044d93
C:\Windows\System32\User32.dll
[2008-04-14 08:52] - [2008-04-14 08:52] - 0578560 ____A (Microsoft Corporation) e16e0990967374e76f3e40cacafd3d53
C:\Windows\System32\userinit.exe
[2008-04-14 08:52] - [2008-04-14 08:52] - 0026112 ____A (Microsoft Corporation) 7dc1830f22e7d275b438127b68030239
C:\Windows\System32\Drivers\volsnap.sys
[2008-04-14 07:42] - [2008-04-14 07:42] - 0052480 ____A (Microsoft Corporation) 28a4b296b47782173c346e376cb374d1
==================== EXE ASSOCIATION =====================
HKLM\...\.exe: <===== ATTENTION!
HKLM\...\exefile\DefaultIcon: <===== ATTENTION!
HKLM\...\exefile\open\command: <===== ATTENTION!
==================== Restore Points (XP) =====================
RP: -> 2012-05-20 11:30 - 024576 _restore{C30B0C72-F18C-492E-BA2A-F3034CE59033}\RP1
========================= Memory info ======================
Percentage of memory in use: 49%
Total physical RAM: 2046.22 MB
Available physical RAM: 1042.1 MB
Total Pagefile: 3936.33 MB
Available Pagefile: 3193.25 MB
Total Virtual: 2047.88 MB
Available Virtual: 1994.49 MB
======================= Partitions =========================
1 Drive c: (Systém) (Fixed) (Total:50.01 GB) (Free:31.49 GB) NTFS ==>[Drive with boot components (Windows XP)]
2 Drive d: (Různé) (Fixed) (Total:80.01 GB) (Free:16.76 GB) NTFS
3 Drive e: (Fotografie) (Fixed) (Total:100.01 GB) (Free:29.51 GB) NTFS
4 Drive f: (Zálohy programů) (Fixed) (Total:100.01 GB) (Free:44.25 GB) NTFS
5 Drive g: (Písně z kazet mag.) (Fixed) (Total:100.01 GB) (Free:47.66 GB) NTFS
6 Drive h: (Zálohy C) (Fixed) (Total:74.52 GB) (Free:21.2 GB) NTFS
V počítači: KAREL
Disk ### Stav Velikost Volné Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 0 Online 466 GB 0 B
Disk 1 Online 75 GB 0 B
Probíhá ukončení programu DiskPart...
Partitions of Disk 0:
===============
V počítači: KAREL
Nyní je vybrán disk 0.
Oddíl ### Typ Velikost Posunutí
------------- ---------------- ------- -------
Oddíl 1 Primární 50 GB 32 KB
Oddíl 2 Rozšířený 416 GB 50 GB
Oddíl 3 Logický 80 GB 50 GB
Oddíl 4 Logický 100 GB 130 GB
Oddíl 5 Logický 100 GB 230 GB
Oddíl 6 Logický 100 GB 330 GB
Oddíl 7 Logický 36 GB 430 GB
Probíhá ukončení programu DiskPart...
======================================================================================================
Partitions of Disk 1:
===============
V počítači: KAREL
Nyní je vybrán disk 1.
Oddíl ### Typ Velikost Posunutí
------------- ---------------- ------- -------
Oddíl 1 Rozšířený 75 GB 8033 KB
Oddíl 2 Logický 75 GB 8064 KB
Probíhá ukončení programu DiskPart...
======================================================================================================
======================= End Of Log ==========================
Nikdo není dobrý náhodně,ctnosti je třeba se učit.
SENECA
SENECA
Re: Rootkit
Oprav asociaciu suborov
sprav a spust ako fix.reg
2:Sprav CFSCRIPT.txt a spust do combofixu, log vloz sem.
sprav a spust ako fix.reg
Kód: Vybrat vše
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\.exe]
@="exefile"
"Content Type"="application/x-msdownload"
[HKEY_CLASSES_ROOT\.exe\PersistentHandler]
@="{098f2470-bae0-11cd-b579-08002b30bfeb}"
[HKEY_CLASSES_ROOT\exefile]
@="Application"
"EditFlags"=hex:38,07,00,00
"TileInfo"="prop:FileDescription;Company;FileVersion"
"InfoTip"="prop:FileDescription;Company;FileVersion;Create;Size"
[HKEY_CLASSES_ROOT\exefile\DefaultIcon]
@="%1"
[HKEY_CLASSES_ROOT\exefile\shell]
[HKEY_CLASSES_ROOT\exefile\shell\open]
"EditFlags"=hex:00,00,00,00
[HKEY_CLASSES_ROOT\exefile\shell\open\command]
@="\"%1\" %*"
[HKEY_CLASSES_ROOT\exefile\shell\runas]
[HKEY_CLASSES_ROOT\exefile\shell\runas\command]
@="\"%1\" %*"
[HKEY_CLASSES_ROOT\exefile\shellex]
[HKEY_CLASSES_ROOT\exefile\shellex\DropHandler]
@="{86C86720-42A0-1069-A2E8-08002B30309D}"
[HKEY_CLASSES_ROOT\exefile\shellex\PropertySheetHandlers]
[HKEY_CLASSES_ROOT\exefile\shellex\PropertySheetHandlers\PEAnalyser]
@="{09A63660-16F9-11d0-B1DF-004F56001CA7}"
[HKEY_CLASSES_ROOT\exefile\shellex\PropertySheetHandlers\PifProps]
@="{86F19A00-42A0-1069-A2E9-08002B30309D}"
[HKEY_CLASSES_ROOT\exefile\shellex\PropertySheetHandlers\ShimLayer Property Page]
@="{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"2:Sprav CFSCRIPT.txt a spust do combofixu, log vloz sem.
Kód: Vybrat vše
KILLALL::
Extra::
FireFox::
FF - ProfilePath - c:\documents and settings\Karel Finger\Data aplikací\Mozilla\Firefox\Profiles\h9v4fxn9.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.as ... ource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - InnoGames International Customized Web Search
FF - user.js: extensions.BabylonToolbar_i.id - 4c4141b90000000000000018f36508fa
FF - user.js: extensions.BabylonToolbar_i.hardId - 4c4141b90000000000000018f36508fa
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15357
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1723:28
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.newTab - false
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=101067
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
RegNull::
[HKEY_USERS\S-1-5-21-1482476501-362288127-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{370F93AB-C1C9-DDD1-797E-0FE7CC76263F}*]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{370F93AB-C1C9-DDD1-797E-0FE7CC76263F}\InProcServer32*]
ClearJavaCache::
Dôležité informácie.
NEŠLAPE Vám počítač?
Je zavirovaný? Šlape pomalu? Nefunguje program? Problém s instalací?
Využíjte služby vzdálené pomoci!
e-mail: stell(zavináč)forum.viry.cz
Thanks! Vďaka!
NEŠLAPE Vám počítač?
Je zavirovaný? Šlape pomalu? Nefunguje program? Problém s instalací?
Využíjte služby vzdálené pomoci!
e-mail: stell(zavináč)forum.viry.cz
Thanks! Vďaka!
Re: Rootkit
Uff tak tady to je za tři roky první potvora co se mi vlastně dostala do pc co vubec dělá za neplechu ?,
ComboFix 12-05-20.03 - Karel Finger 20.05.2012 13:25:34.2.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2046.1232 [GMT 2:00]
Spuštěný z: c:\documents and settings\Karel Finger\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Karel Finger\Plocha\CFSCRIPT.txt
AV: Norton Internet Security *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *Enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.
VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-04-20 do 2012-05-20 )))))))))))))))))))))))))))))))
.
.
2012-05-20 10:58 . 2012-05-20 10:59 -------- d-----w- C:\FRST
2012-05-20 10:50 . 2012-05-20 10:50 -------- d-----w- C:\TDSSKiller_Quarantine
2012-05-19 21:26 . 2012-05-19 21:26 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Raxco
2012-05-19 21:26 . 2012-05-19 21:57 -------- d-----w- c:\program files\Raxco
2012-05-19 20:12 . 2012-05-19 20:12 205072 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2012-05-18 12:55 . 2012-05-18 12:55 -------- d-----w- c:\windows\system32\drivers\NIS\1307010.005
2012-05-09 20:11 . 2012-05-19 20:23 -------- d-----w- C:\Downloads
2012-05-09 02:04 . 2012-05-09 02:25 -------- d--h--w- c:\windows\$hf_mig$
2012-05-07 08:57 . 2012-05-07 08:57 -------- d-----w- c:\documents and settings\Karel Finger\Local Settings\Data aplikací\SkinSoft
2012-05-06 08:26 . 2012-05-06 08:26 -------- d-----w- c:\program files\Free OCR to Word
2012-04-28 19:13 . 2012-04-28 19:13 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Martau
2012-04-28 19:13 . 2012-04-28 19:14 -------- d-----w- c:\program files\Total Uninstall 6
2012-04-27 18:34 . 2012-04-27 18:34 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-04-24 20:10 . 2012-04-24 20:10 -------- d-----w- c:\program files\Mozilla Maintenance Service
2012-04-24 20:10 . 2012-04-24 20:10 157352 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice_installer.exe
2012-04-24 20:10 . 2012-04-24 20:10 129976 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice.exe
2012-04-24 12:59 . 2012-04-24 12:59 -------- d-----w- c:\windows\system32\drivers\NIS\1307000.009
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-19 19:45 . 2008-04-14 06:51 6656 ----a-w- c:\windows\system32\lpcio.dll
2012-05-04 20:13 . 2012-04-03 01:34 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-04 20:13 . 2011-05-15 19:15 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-27 18:34 . 2011-12-13 21:47 772552 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-04-15 15:48 . 2012-04-15 15:48 53248 ----a-r- c:\documents and settings\Karel Finger\Data aplikací\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2012-04-14 15:12 . 2012-04-14 15:09 119296 ----a-w- c:\windows\system32\zlib.dll
2012-04-11 13:55 . 2008-04-14 08:06 2028544 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-11 13:55 . 2008-04-14 05:45 1862272 ----a-w- c:\windows\system32\win32k.sys
2012-04-11 13:55 . 2008-04-14 06:06 2150400 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-26 19:48 . 2011-01-21 15:45 60872 ----a-w- c:\windows\system32\S32EVNT1.DLL
2012-03-26 19:48 . 2011-01-21 15:45 141944 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2012-03-24 16:47 . 2011-02-26 16:27 82320 ----a-w- c:\windows\system32\drivers\ISODrive.sys
2012-03-17 08:45 . 2006-05-02 09:12 293888 ----a-w- c:\windows\system32\drivers\ADIHdAud.sys
2012-03-17 08:45 . 2006-04-26 22:42 93952 ----a-w- c:\windows\system32\drivers\aeaudio.sys
2012-03-17 08:45 . 2006-03-17 10:18 392960 ----a-w- c:\windows\system32\drivers\senfilt.sys
2012-03-17 08:45 . 2006-02-06 07:54 28160 ----a-w- c:\windows\system32\PostProc.dll
2012-03-17 08:45 . 2003-08-19 11:36 65536 ----a-w- c:\windows\system32\a3d.dll
2012-03-17 08:45 . 2001-09-19 05:47 765952 ----a-w- c:\windows\system\crlds3d.dll
2012-03-01 10:59 . 2008-04-14 06:52 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-03-01 10:59 . 2008-04-14 06:52 916992 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 10:59 . 2008-04-14 06:51 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-02-29 14:10 . 2008-04-14 06:52 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:10 . 2008-04-14 06:51 148480 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 12:17 . 2008-04-14 05:50 385024 ----a-w- c:\windows\system32\html.iec
2012-02-23 13:25 . 2012-03-17 07:37 21336 ----a-w- c:\windows\system32\RegistryDefragBootTime.exe
2012-04-24 20:10 . 2012-02-26 09:25 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2009-12-14 4377960]
"AcronisTimounterMonitor"="c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe" [2009-12-14 962272]
"Acronis Služba Plánovač2"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2009-12-14 377600]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-10-08 16744256]
"NvMediaCenter"="NvMCTray.dll" [2011-10-08 203072]
"nwiz"="c:\program files\NVIDIA Corporation\nview\nwiz.exe" [2011-10-08 1632360]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-15 644696]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-04 1603152]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2012-03-17 868352]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1387288]
"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2009-01-21 92168]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
USB Sharing.lnk - c:\program files\USB Sharing\usbshare.exe [2011-10-21 139264]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2010-10-28 10:13 64592 ----a-w- c:\program files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *\0auto_reactivate c:\bootwiz\asrm.bin
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"d:\\utorrent-portable\\utorrent.exe"=
"c:\\Program Files\\EfficientPIM\\EfficientPIM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R0 mv614x;mv614x;c:\windows\system32\drivers\mv614x.sys [16.2.2006 10:21 35200]
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NIS\1307000.009\symds.sys [24.4.2012 14:59 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1307000.009\symefa.sys [24.4.2012 14:59 905336]
R0 tdrpman251;Acronis Try&Decide and Restore Points filter (build 251);c:\windows\system32\drivers\tdrpm251.sys [21.1.2011 17:12 902432]
R1 Asapi;Asapi;c:\windows\system32\drivers\asapi.sys [23.12.2011 12:04 10240]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Data aplikací\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20120507.001\BHDrvx86.sys [8.5.2012 22:00 821880]
R1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NIS\1307000.009\ccsetx86.sys [24.4.2012 14:59 132744]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NIS\1307000.009\ironx86.sys [24.4.2012 14:59 149624]
R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [21.1.2011 18:09 12184]
R2 NIS;Norton Internet Security;c:\program files\Norton Internet Security\Engine\19.7.0.9\ccsvchst.exe [24.4.2012 14:59 138232]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [15.2.2012 14:30 158856]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [17.3.2012 8:35 106104]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Data aplikací\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20120518.001\IDSXpx86.sys [19.5.2012 13:08 356792]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 13:16 130384]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [3.4.2012 3:34 257696]
S3 ALSysIO;ALSysIO;\??\c:\docume~1\KARELF~1\LOCALS~1\Temp\ALSysIO.sys --> c:\docume~1\KARELF~1\LOCALS~1\Temp\ALSysIO.sys [?]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys --> c:\windows\system32\drivers\LGBusEnum.sys [?]
S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys --> c:\windows\system32\drivers\LGVirHid.sys [?]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [24.4.2012 22:10 129976]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.3.2010 13:16 753504]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
sskbfd
tosrfec
bdfsdrv
upsmonservice
.
Obsah adresáře 'Naplánované úlohy'
.
2012-05-20 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 20:13]
.
.
------- Doplňkový sken -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = local
IE: &Download with DAM - c:\program files\Tensons\Download Accelerator Manager\\addUrl.htm
IE: Download &All with DAM - c:\program files\Tensons\Download Accelerator Manager\\addAllUrls.htm
IE: Download with &Media Finder
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Run DAM Media&Grabber - c:\program files\Tensons\Download Accelerator Manager\\runMg.htm
IE: {{DA42DC2A-5456-482B-BB8A-593272304F67}
TCP: DhcpNameServer = 192.168.0.254
FF - ProfilePath - c:\documents and settings\Karel Finger\Data aplikací\Mozilla\Firefox\Profiles\h9v4fxn9.default\
FF - prefs.js: browser.startup.homepage - about:blank
FF - user.js: nglayout.initialpaint.delay - 100
FF - user.js: content.notify.ontimer - true
FF - user.js: content.notify.interval - 100000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.max-connections - 32
FF - user.js: network.http.max-connections-per-server - 8
FF - user.js: network.http.max-persistent-connections-per-proxy - 4
FF - user.js: network.http.max-persistent-connections-per-server - 2
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-05-20 13:30
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NIS]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\19.7.0.9\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\19.7.0.9\diMaster.dll\" /prefetch:1"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-1482476501-362288127-682003330-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:7b,da,2a,20,d1,e2,2a,d9,c2,22,81,62,1c,3d,49,71,a0,46,cb,34,ef,49,b3,
62,04,3f,5b,1c,01,45,db,28,35,d9,2f,f6,92,5f,b6,03,2f,7a,0d,06,bb,2d,f6,c8,\
"??"=hex:12,44,69,7d,ab,0e,8e,c6,e6,5f,d7,78,64,63,90,43
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(1372)
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
.
- - - - - - - > 'explorer.exe'(3976)
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Common Files\Acronis\Schedule2\schedul2.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Raxco\PerfectDisk10\PDAgent.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\RunDLL32.exe
c:\program files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
.
**************************************************************************
.
Celkový čas: 2012-05-20 13:32:32 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-05-20 11:32
ComboFix2.txt 2012-05-20 09:39
.
Před spuštěním: Volných bajtů: 33 781 673 984
Po spuštění: Volných bajtů: 33 753 792 512
.
- - End Of File - - D9C5264F59ED6AABC1E26B10A51FB7DA
Nikdo není dobrý náhodně,ctnosti je třeba se učit.
SENECA
SENECA
Re: Rootkit
Dobre Carlsi, ak uz nemas problem tak podla mna ok, pretoze uz toho Rootkita som nikde nevidel,odinstaluj combofix, a precistime temp,
stiahno OTL a spust dole do okna vloz tento script, a klikni opravit,
http://oldtimer.geekstogo.com/OTL.exe
A ak chces vloz sem log a napis co je noveho.
stiahno OTL a spust dole do okna vloz tento script, a klikni opravit,
http://oldtimer.geekstogo.com/OTL.exe
Kód: Vybrat vše
:Files
ipconfig /flushdns /c
:Commands
[clearallrestorepoints]
[resethosts]
[emptytemp] Dôležité informácie.
NEŠLAPE Vám počítač?
Je zavirovaný? Šlape pomalu? Nefunguje program? Problém s instalací?
Využíjte služby vzdálené pomoci!
e-mail: stell(zavináč)forum.viry.cz
Thanks! Vďaka!
NEŠLAPE Vám počítač?
Je zavirovaný? Šlape pomalu? Nefunguje program? Problém s instalací?
Využíjte služby vzdálené pomoci!
e-mail: stell(zavináč)forum.viry.cz
Thanks! Vďaka!
Re: Rootkit
Vše maká jak má doufám že bude už zas nadlouho pokoj a co ty jak se máš ja sem furt v jednom kole od rána do večera v práci a soboty taky sice ne všechny ale převážně všechny
All processes killed
========== FILES ==========
< ipconfig /flushdns /c >
Konfigurace protokolu IP systému Windows
Mezipaměť překládání DNS byla úspěšně vyprázdněna.
C:\Documents and Settings\Karel Finger\Plocha\cmd.bat deleted successfully.
C:\Documents and Settings\Karel Finger\Plocha\cmd.txt deleted successfully.
========== COMMANDS ==========
Unable to stop System Restore Service. Error code 1717. Restore points not cleared.
Restore point Set: OTL Restore Point
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
[EMPTYTEMP]
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
User: Karel
->Temp folder emptied: 466 bytes
->Temporary Internet Files folder emptied: 360742 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 54701179 bytes
->Flash cache emptied: 515 bytes
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2366305 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 16384 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 55,00 mb
OTL by OldTimer - Version 3.2.43.0 log created on 05202012_135609
Files\Folders moved on Reboot...
File\Folder C:\WINDOWS\temp\Perflib_Perfdata_374.dat not found!
Registry entries deleted on Reboot...
Nikdo není dobrý náhodně,ctnosti je třeba se učit.
SENECA
SENECA
Re: Rootkit
Ja som uz na penzii, takze rano stanem a sichta, 
Takto Carlsi, OTL, nevedel vymazat Obnovu systemu, takze vymaz to rucne, vypnut a restartovat.
Maj sa a drz sa.
Ahoj.
Dôležité informácie.
NEŠLAPE Vám počítač?
Je zavirovaný? Šlape pomalu? Nefunguje program? Problém s instalací?
Využíjte služby vzdálené pomoci!
e-mail: stell(zavináč)forum.viry.cz
Thanks! Vďaka!
NEŠLAPE Vám počítač?
Je zavirovaný? Šlape pomalu? Nefunguje program? Problém s instalací?
Využíjte služby vzdálené pomoci!
e-mail: stell(zavináč)forum.viry.cz
Thanks! Vďaka!
Re: Rootkit
Díky moc a měj se no ja to mám diky soudruhům ve vládě ještě za moc 12 roků
Ať se daří a všem tady zdar.
Ps Obnovu mam standartně vypnutou ja ji nesnáším
Pro ostatní normální uživatele nedělejte to a nevypínejte ji pokud nejste o toto požádáni !!!!
Ať se daří a všem tady zdar.
Ps Obnovu mam standartně vypnutou ja ji nesnáším
Pro ostatní normální uživatele nedělejte to a nevypínejte ji pokud nejste o toto požádáni !!!!
Nikdo není dobrý náhodně,ctnosti je třeba se učit.
SENECA
SENECA
Re: Rootkit
No sakra este to mas daleko, to treba aj dozit. 
Maj sa a nemas zaco
Maj sa a nemas zaco
Dôležité informácie.
NEŠLAPE Vám počítač?
Je zavirovaný? Šlape pomalu? Nefunguje program? Problém s instalací?
Využíjte služby vzdálené pomoci!
e-mail: stell(zavináč)forum.viry.cz
Thanks! Vďaka!
NEŠLAPE Vám počítač?
Je zavirovaný? Šlape pomalu? Nefunguje program? Problém s instalací?
Využíjte služby vzdálené pomoci!
e-mail: stell(zavináč)forum.viry.cz
Thanks! Vďaka!
Přispějete na provoz fóra?