virus Trojan:DOS/Alureon.A

[pppalec]

Dobry den, Microsoft Safety scanner mi nasiel virus Trojan:DOS/Alureon.A, robi mi pekne problemy s pripojenim k internetu.
Odstranenie si vyzaduje rucne kroky a neviem si s tym rady. Viem ze tato tema tu bola riesena uz pred par mesiacmi, cital som cely
prispevok ale som len uzivatel a v logoch sa vobec nevyznam, takze prosim o pomoc, na zaciatok pripajam log z RSIT:

Logfile of random's system information tool 1.09 (written by random/random)
Run by uzivatel at 2011-07-13 11:29:25
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 116 GB (38%) free of 305 GB
Total RAM: 2909 MB (59% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:29:51, on 13.7.2011
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\System32\StikyNot.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Users\uzivatel\Downloads\RSIT.exe
C:\Program Files\trend micro\uzivatel.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/sm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: (no name) - {51a86bb3-6602-4c85-92a5-130ee4864f13} - (no file)
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [igfxtray.exe] C:\Program Files\Adobe\Adobe Photoshop CS4\Patch.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\uzivatel\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - Winlogon Notify: macfero - C:\Windows\system32\config\systemprofile\AppData\Local\macfero.dll
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

--
End of file - 6854 bytes

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-165429109-1893578679-3397494018-1000Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-165429109-1893578679-3397494018-1000UA.job

=========Mozilla firefox=========

ProfilePath - C:\Users\uzivatel\AppData\Roaming\Mozilla\Firefox\Profiles\y7wljoc6.default

prefs.js - "browser.startup.homepage" - "http://www.google.cz/"

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/ShockwavePlayer]
"Description"=Adobe Shockwave Player
"Path"=C:\Windows\system32\Adobe\Director\np32dsw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@nexon.net/NxGame]
"Description"=Nexon Game Controller
"Path"=C:\ProgramData\NexonUS\NGM\npNxGameUS.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@ngm.nexoneu.com/NxGame]
"Description"=Nexon Game Controller 1.0.0.1
"Path"=C:\ProgramData\NexonEU\NGM\npNxGameeu.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nppl3260;version=6.0.12.448]
"Description"=RealPlayer(tm) LiveConnect-Enabled Plug-In
"Path"=C:\Program Files\Win7codecs\rm\browser\plugins\nppl3260.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448]
"Description"=6.0.12.448
"Path"=C:\Program Files\Win7codecs\rm\browser\plugins\nprpjplug.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=]
"Description"=
"Path"=

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}

C:\Program Files\Mozilla Firefox\components\
binary.manifest
browsercomps.dll

C:\Program Files\Mozilla Firefox\searchplugins\
google.xml
heureka-cz.xml
jyxo-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 439168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-05-04 42272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{855F3B16-6D32-4FE6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2010-06-21 1018680]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2008-10-25 31072]
"IntelliPoint"=C:\Program Files\Microsoft IntelliPoint\ipoint.exe [2009-11-11 1468256]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2009-08-28 1557800]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2011-06-08 37296]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2011-03-30 937920]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2010-08-25 136216]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2010-08-25 171032]
"Persistence"=C:\Windows\system32\igfxpers.exe [2010-08-25 170520]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2010-11-29 421888]
"igfxtray.exe"=C:\Program Files\Adobe\Adobe Photoshop CS4\Patch.exe []
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2009-11-16 2054360]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2011-04-08 254696]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2010-11-20 1174016]
"RESTART_STICKY_NOTES"=C:\Windows\System32\StikyNot.exe [2009-07-14 354304]
"Google Update"=C:\Users\uzivatel\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-03 136176]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
C:\Program Files\DAEMON Tools Lite\DTLite.exe [2009-10-30 369200]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
C:\Program Files\ICQ7.5\ICQ.exe [2011-05-12 124216]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2010-11-10 4240760]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^uzivatel^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk]
C:\PROGRA~1\MICROS~2\Office12\ONENOTEM.EXE [2009-02-26 97680]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2010-08-25 228864]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\macfero]
C:\Windows\system32\config\system [2011-07-13 14155776]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Users\uzivatel\AppData\Local\Temp\msupdate.exe"="C:\Users\uzivatel\AppData\Local\Temp\msupdate.exe:*:Enabled:Windows Messenger"
"C:\Windows\TEMP\shrr\setup.exe"="C:\Windows\TEMP\shrr\setup.exe:*:Enabled:setup"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll
"msacm.ac3filter"=ac3filter.acm
"msacm.siren"=sirenacm.dll
"vidc.XVID"=xvidvfw.dll
"VIDC.FFDS"=ff_vfw.dll
"msacm.avis"=ff_acm.acm

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2011-07-13 11:29:27 ----D---- C:\Program Files\trend micro
2011-07-13 11:29:25 ----D---- C:\rsit
2011-07-13 00:26:37 ----A---- C:\Windows\system32\MRT.INI
2011-07-12 23:34:03 ----D---- C:\Program Files\Mozilla Firefox
2011-07-03 12:51:05 ----D---- C:\ProgramData\Canneverbe Limited
2011-07-03 12:51:03 ----D---- C:\Users\uzivatel\AppData\Roaming\Canneverbe Limited
2011-07-03 12:50:51 ----D---- C:\Program Files\CDBurnerXP
2011-07-02 17:53:45 ----D---- C:\ProgramData\Media Center Programs
2011-07-01 00:12:47 ----D---- C:\Program Files\Common Files\Java
2011-07-01 00:12:17 ----A---- C:\Windows\system32\javaws.exe
2011-07-01 00:12:17 ----A---- C:\Windows\system32\javaw.exe
2011-07-01 00:12:17 ----A---- C:\Windows\system32\java.exe
2011-06-29 08:47:47 ----A---- C:\Windows\system32\umpnpmgr.dll
2011-06-29 08:47:42 ----A---- C:\Windows\system32\tquery.dll
2011-06-29 08:47:42 ----A---- C:\Windows\system32\mssrch.dll
2011-06-29 08:47:41 ----A---- C:\Windows\system32\SearchIndexer.exe
2011-06-29 08:47:40 ----A---- C:\Windows\system32\SearchProtocolHost.exe
2011-06-29 08:47:40 ----A---- C:\Windows\system32\mssvp.dll
2011-06-29 08:47:40 ----A---- C:\Windows\system32\mssph.dll
2011-06-29 08:47:39 ----A---- C:\Windows\system32\SearchFilterHost.exe
2011-06-29 08:47:39 ----A---- C:\Windows\system32\mssphtb.dll
2011-06-29 08:47:39 ----A---- C:\Windows\system32\msscntrs.dll
2011-06-23 00:26:13 ----SHD---- C:\Windows\system32\%APPDATA%
2011-06-22 09:46:04 ----A---- C:\Windows\system32\drivers\srvnet.sys
2011-06-22 09:46:04 ----A---- C:\Windows\system32\drivers\srv2.sys
2011-06-22 09:46:04 ----A---- C:\Windows\system32\drivers\srv.sys
2011-06-22 09:46:01 ----A---- C:\Windows\system32\drivers\tcpip.sys
2011-06-22 09:46:00 ----A---- C:\Windows\system32\drivers\afd.sys
2011-06-22 09:45:58 ----A---- C:\Windows\system32\oleaut32.dll
2011-06-22 09:45:54 ----A---- C:\Windows\system32\inetcomm.dll
2011-06-22 09:45:40 ----A---- C:\Windows\system32\mshtml.dll
2011-06-22 09:45:38 ----A---- C:\Windows\system32\ieframe.dll
2011-06-22 09:45:36 ----A---- C:\Windows\system32\urlmon.dll
2011-06-22 09:45:34 ----A---- C:\Windows\system32\wininet.dll
2011-06-22 09:45:34 ----A---- C:\Windows\system32\msfeeds.dll
2011-06-22 09:45:34 ----A---- C:\Windows\system32\iertutil.dll
2011-06-22 09:45:33 ----A---- C:\Windows\system32\ieui.dll
2011-06-22 09:45:32 ----A---- C:\Windows\system32\jsproxy.dll
2011-06-22 09:45:20 ----A---- C:\Windows\system32\d3d10_1.dll
2011-06-22 09:45:14 ----A---- C:\Windows\system32\drivers\Diskdump.sys
2011-06-22 09:45:10 ----A---- C:\Windows\system32\drivers\mrxsmb20.sys
2011-06-22 09:45:10 ----A---- C:\Windows\system32\drivers\mrxsmb10.sys
2011-06-22 09:45:09 ----A---- C:\Windows\system32\drivers\mrxsmb.sys
2011-06-17 09:13:05 ----D---- C:\Program Files\ESET
2011-06-16 17:01:27 ----D---- C:\ProgramData\FarmFrenzy3_Arctica
2011-06-14 15:08:31 ----D---- C:\ProgramData\FarmFrenzy_Rome
2011-06-14 13:56:32 ----D---- C:\Program Files\Games

======List of files/folders modified in the last 1 month======

2011-07-13 11:29:29 ----D---- C:\Windows\Temp
2011-07-13 11:29:27 ----RD---- C:\Program Files
2011-07-13 09:17:22 ----D---- C:\Windows\system32\config
2011-07-13 02:26:36 ----D---- C:\Windows\debug
2011-07-13 00:49:31 ----D---- C:\Windows
2011-07-13 00:49:30 ----D---- C:\Windows\winsxs
2011-07-13 00:49:03 ----D---- C:\Windows\system32\drivers
2011-07-13 00:47:17 ----D---- C:\Windows\system32\DriverStore
2011-07-13 00:41:07 ----D---- C:\my
2011-07-13 00:26:44 ----D---- C:\Windows\System32
2011-07-13 00:23:09 ----A---- C:\Windows\system32\MRT.exe
2011-07-13 00:23:01 ----SHD---- C:\Windows\Installer
2011-07-13 00:22:54 ----D---- C:\ProgramData\Microsoft Help
2011-07-13 00:21:58 ----SHD---- C:\System Volume Information
2011-07-12 23:34:23 ----D---- C:\Users\uzivatel\AppData\Roaming\Mozilla
2011-07-12 23:29:42 ----D---- C:\Windows\system32\catroot
2011-07-12 23:29:32 ----D---- C:\Windows\system32\catroot2
2011-07-12 23:29:32 ----D---- C:\Windows\Prefetch
2011-07-12 23:20:58 ----D---- C:\Windows\Tasks
2011-07-12 23:20:58 ----D---- C:\Windows\system32\wfp
2011-07-12 23:20:54 ----D---- C:\Windows\system32\wbem
2011-07-12 23:20:01 ----D---- C:\Windows\system32\CodeIntegrity
2011-07-12 23:20:00 ----D---- C:\Windows\AppCompat
2011-07-12 23:20:00 ----D---- C:\Users\uzivatel\AppData\Roaming\XnView
2011-07-12 23:20:00 ----D---- C:\Users\uzivatel\AppData\Roaming\Winamp
2011-07-12 23:19:58 ----D---- C:\ProgramData\Spybot - Search & Destroy
2011-07-12 23:19:57 ----D---- C:\Windows\registration
2011-07-12 23:19:52 ----D---- C:\Users\uzivatel\AppData\Roaming\Skype
2011-07-11 01:11:54 ----D---- C:\Users\uzivatel\AppData\Roaming\uTorrent
2011-07-06 19:32:29 ----D---- C:\ProgramData\AlawarWrapper
2011-07-06 19:32:25 ----HD---- C:\ProgramData
2011-07-04 18:11:44 ----D---- C:\Windows\inf
2011-07-04 18:11:44 ----A---- C:\Windows\system32\PerfStringBackup.INI
2011-07-03 15:01:14 ----D---- C:\Windows\system32\Tasks
2011-07-03 15:01:08 ----RD---- C:\Program Files\Skype
2011-07-03 15:01:05 ----D---- C:\ProgramData\Skype
2011-07-03 15:01:01 ----D---- C:\Program Files\Common Files
2011-07-03 02:26:32 ----D---- C:\ProgramData\Easybits GO
2011-07-03 00:06:32 ----D---- C:\Users\uzivatel\AppData\Roaming\go
2011-07-02 17:49:45 ----D---- C:\Games
2011-07-01 09:41:19 ----D---- C:\ProgramData\Skype Extras
2011-07-01 00:12:12 ----D---- C:\Program Files\Java
2011-06-29 10:18:10 ----RSD---- C:\Windows\Fonts
2011-06-29 08:49:11 ----D---- C:\Program Files\Microsoft Office
2011-06-26 21:03:52 ----D---- C:\Windows\Microsoft.NET
2011-06-26 21:03:49 ----RSD---- C:\Windows\assembly
2011-06-23 15:59:52 ----D---- C:\Windows\system32\migration
2011-06-23 15:59:52 ----D---- C:\Program Files\Internet Explorer
2011-06-23 00:26:44 ----D---- C:\Program Files\Microsoft Silverlight
2011-06-23 00:25:19 ----D---- C:\Program Files\Common Files\microsoft shared
2011-06-17 09:29:02 ----D---- C:\Program Files\Google
2011-06-16 18:17:54 ----AD---- C:\ProgramData\TEMP
2011-06-15 01:22:09 ----D---- C:\Windows\Minidump
2011-06-15 01:02:35 ----D---- C:\Program Files\Common Files\InstallShield
2011-06-15 00:15:01 ----D---- C:\Garmin
2011-06-14 23:19:47 ----HD---- C:\Program Files\InstallShield Installation Information

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 173440]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2010-03-16 691696]
R0 TVALZ;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Driver; C:\Windows\system32\DRIVERS\TVALZ_O.SYS [2007-11-09 23640]
R1 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [2009-11-16 108792]
R2 eamon;eamon; C:\Windows\system32\DRIVERS\eamon.sys [2009-11-16 116520]
R2 epfwwfpr;epfwwfpr; C:\Windows\system32\DRIVERS\epfwwfpr.sys [2009-12-18 95896]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2010-08-25 9024512]
R3 Point32;Microsoft IntelliPoint Filter Driver; C:\Windows\system32\DRIVERS\point32k.sys [2009-11-11 30576]
R3 RTL8167;Ovladač Realtek 8167 NT; C:\Windows\system32\DRIVERS\Rt86win7.sys [2009-07-14 139776]
R3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 - síťový adaptér; C:\Windows\system32\DRIVERS\RTL8187B.sys [2009-07-14 347136]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2009-08-28 228784]
S2 adfs;adfs; C:\Windows\system32\drivers\adfs.sys []
S2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
S3 a8kzpful;a8kzpful; C:\Windows\system32\drivers\a8kzpful.sys []
S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]
S3 amdagp;Ovladač filtru AMD portu AGP; C:\Windows\system32\drivers\amdagp.sys [2009-07-14 53312]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-14 229888]
S3 EagleNT;EagleNT; \??\C:\Windows\system32\drivers\EagleNT.sys []
S3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2009-03-18 26176]
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12368]
S3 sisagp;Filtr SIS sběrnice AGP; C:\Windows\system32\drivers\sisagp.sys [2009-07-14 52304]
S3 TsUsbFlt;@%SystemRoot%\system32\drivers\tsusbflt.sys,-1; C:\Windows\System32\drivers\tsusbflt.sys [2010-11-20 52224]
S3 viaagp;Filtr VIA sběrnice AGP; C:\Windows\system32\drivers\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-20 35968]
S3 XDva337;XDva337; \??\C:\Windows\system32\XDva337.sys []
S3 XDva341;XDva341; \??\C:\Windows\system32\XDva341.sys []
S3 XDva342;XDva342; \??\C:\Windows\system32\XDva342.sys []
S3 XDva343;XDva343; \??\C:\Windows\system32\XDva343.sys []
S3 XDva344;XDva344; \??\C:\Windows\system32\XDva344.sys []
S3 XDva345;XDva345; \??\C:\Windows\system32\XDva345.sys []
S3 XDva346;XDva346; \??\C:\Windows\system32\XDva346.sys []
S3 XDva347;XDva347; \??\C:\Windows\system32\XDva347.sys []
S3 XDva349;XDva349; \??\C:\Windows\system32\XDva349.sys []
S3 XDva352;XDva352; \??\C:\Windows\system32\XDva352.sys []
S3 XDva358;XDva358; \??\C:\Windows\system32\XDva358.sys []
S3 XDva359;XDva359; \??\C:\Windows\system32\XDva359.sys []
S3 XDva362;XDva362; \??\C:\Windows\system32\XDva362.sys []
S3 XDva366;XDva366; \??\C:\Windows\system32\XDva366.sys []
S3 XDva367;XDva367; \??\C:\Windows\system32\XDva367.sys []
S3 XDva368;XDva368; \??\C:\Windows\system32\XDva368.sys []
S3 XDva370;XDva370; \??\C:\Windows\system32\XDva370.sys []
S3 XDva372;XDva372; \??\C:\Windows\system32\XDva372.sys []
S3 XDva374;XDva374; \??\C:\Windows\system32\XDva374.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ekrn;ESET Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2009-11-16 735960]
R2 ICQ Service;ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [2010-06-21 246584]
R2 PnkBstrA;PnkBstrA; C:\Windows\system32\PnkBstrA.exe [2011-05-05 75136]
R2 SBSDWSCService;SBSD Security Center Service; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2010-09-21 1710464]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 gupdate;Google Update Service (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-06-02 136176]
S3 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2009-06-10 31064]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2009-11-16 20680]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2010-12-28 867080]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-06-02 136176]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 65888]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2010-05-27 1343400]

-----------------EOF-----------------

[vyosek]

Zdravim a pekny den preji

Stahnete si TDSSKiller http://support.kaspersky.com/downloads/ ... killer.exe

• Utilitu spustte a prikazte ji, at skenuje - klik na Start Scan
• Pokud utilita najde infikekci, bude ji chtit lecit (Cure), povolte leceni kliknutim na Continue
• Pokud utilita najde podezrely soubor (suspicious), bude jej chtit preskocit (Skip), povolte preskoceni kliknutim na Continue
• Po dokonceni skenu bude mozna nutny restart PC, povolte jej kliknutim na Reboot now
• Po restartu na Vas vyskoci log, pokud se tak nestane, najdete jej primo na disku, kde mate Windows (obvykle c:\) ve tvaru TDSSKiller.nejaka cisilka _log.txt - jeho obsah sem vlozte
• Pokud restart nebude vyzadovan, kliknete na Close a nasledne na Report - vytvori se log - jeho obsah sem vlozte

[pppalec]

ok, ale teraz prave odchadzam do prace takze to budem scanovat az neskoro vecer, takze log vlozim az dnes okolo 23.00 hod, zatial dakujem

[vyosek]

Bud tu jeste tak pozde vecer budu nebo na to mrknu rano

Prozatim nemate zac

[pppalec]

vkladam log z TDSSKiller

2011/07/13 23:18:52.0126 3232 TDSS rootkit removing tool 2.5.11.0 Jul 11 2011 16:56:56
2011/07/13 23:18:52.0922 3232 ================================================================================
2011/07/13 23:18:52.0922 3232 SystemInfo:
2011/07/13 23:18:52.0922 3232
2011/07/13 23:18:52.0922 3232 OS Version: 6.1.7601 ServicePack: 1.0
2011/07/13 23:18:52.0922 3232 Product type: Workstation
2011/07/13 23:18:52.0922 3232 ComputerName: UZIVATEL-PC
2011/07/13 23:18:52.0922 3232 UserName: uzivatel
2011/07/13 23:18:52.0922 3232 Windows directory: C:\Windows
2011/07/13 23:18:52.0922 3232 System windows directory: C:\Windows
2011/07/13 23:18:52.0922 3232 Processor architecture: Intel x86
2011/07/13 23:18:52.0922 3232 Number of processors: 2
2011/07/13 23:18:52.0922 3232 Page size: 0x1000
2011/07/13 23:18:52.0922 3232 Boot type: Normal boot
2011/07/13 23:18:52.0922 3232 ================================================================================
2011/07/13 23:18:55.0043 3232 Initialize success
2011/07/13 23:19:13.0030 1940 ================================================================================
2011/07/13 23:19:13.0030 1940 Scan started
2011/07/13 23:19:13.0030 1940 Mode: Manual;
2011/07/13 23:19:13.0030 1940 ================================================================================
2011/07/13 23:19:15.0417 1940 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
2011/07/13 23:19:15.0557 1940 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
2011/07/13 23:19:15.0713 1940 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
2011/07/13 23:19:15.0979 1940 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/07/13 23:19:16.0135 1940 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
2011/07/13 23:19:16.0291 1940 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
2011/07/13 23:19:16.0478 1940 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
2011/07/13 23:19:16.0634 1940 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
2011/07/13 23:19:16.0774 1940 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
2011/07/13 23:19:16.0961 1940 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
2011/07/13 23:19:17.0102 1940 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
2011/07/13 23:19:17.0258 1940 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
2011/07/13 23:19:17.0414 1940 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
2011/07/13 23:19:17.0585 1940 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
2011/07/13 23:19:17.0741 1940 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
2011/07/13 23:19:17.0866 1940 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/07/13 23:19:17.0944 1940 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
2011/07/13 23:19:18.0069 1940 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
2011/07/13 23:19:18.0272 1940 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
2011/07/13 23:19:18.0397 1940 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
2011/07/13 23:19:18.0537 1940 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/07/13 23:19:18.0677 1940 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
2011/07/13 23:19:18.0818 1940 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
2011/07/13 23:19:18.0943 1940 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
2011/07/13 23:19:19.0099 1940 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
2011/07/13 23:19:19.0255 1940 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/07/13 23:19:19.0379 1940 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
2011/07/13 23:19:19.0457 1940 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/07/13 23:19:19.0551 1940 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/07/13 23:19:19.0676 1940 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
2011/07/13 23:19:19.0785 1940 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/07/13 23:19:19.0894 1940 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/07/13 23:19:20.0003 1940 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/07/13 23:19:20.0097 1940 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/07/13 23:19:20.0425 1940 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
2011/07/13 23:19:20.0581 1940 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\drivers\cdrom.sys
2011/07/13 23:19:20.0752 1940 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
2011/07/13 23:19:20.0846 1940 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
2011/07/13 23:19:20.0986 1940 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/07/13 23:19:21.0142 1940 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
2011/07/13 23:19:21.0283 1940 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
2011/07/13 23:19:21.0392 1940 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
2011/07/13 23:19:21.0548 1940 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
2011/07/13 23:19:21.0657 1940 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/07/13 23:19:21.0829 1940 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
2011/07/13 23:19:21.0953 1940 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
2011/07/13 23:19:22.0094 1940 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
2011/07/13 23:19:22.0265 1940 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
2011/07/13 23:19:22.0421 1940 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
2011/07/13 23:19:22.0858 1940 eamon (af82dc664e3d8e2cba3b95e68f6448a7) C:\Windows\system32\DRIVERS\eamon.sys
2011/07/13 23:19:23.0061 1940 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
2011/07/13 23:19:23.0342 1940 ehdrv (686a799c1bf1b18941994daf9f45db06) C:\Windows\system32\DRIVERS\ehdrv.sys
2011/07/13 23:19:23.0560 1940 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
2011/07/13 23:19:23.0732 1940 epfwwfpr (8700eadc8bdfa27d948fcc43ee0ae434) C:\Windows\system32\DRIVERS\epfwwfpr.sys
2011/07/13 23:19:23.0872 1940 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
2011/07/13 23:19:24.0028 1940 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
2011/07/13 23:19:24.0169 1940 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
2011/07/13 23:19:24.0309 1940 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
2011/07/13 23:19:24.0387 1940 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
2011/07/13 23:19:24.0496 1940 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
2011/07/13 23:19:24.0668 1940 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/07/13 23:19:24.0808 1940 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
2011/07/13 23:19:24.0933 1940 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
2011/07/13 23:19:25.0073 1940 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
2011/07/13 23:19:25.0198 1940 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
2011/07/13 23:19:25.0370 1940 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/07/13 23:19:25.0588 1940 hamachi (833051c6c6c42117191935f734cfbd97) C:\Windows\system32\DRIVERS\hamachi.sys
2011/07/13 23:19:25.0697 1940 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
2011/07/13 23:19:25.0853 1940 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
2011/07/13 23:19:26.0041 1940 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
2011/07/13 23:19:26.0150 1940 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/07/13 23:19:26.0275 1940 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
2011/07/13 23:19:26.0384 1940 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
2011/07/13 23:19:26.0555 1940 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\drivers\hidusb.sys
2011/07/13 23:19:26.0727 1940 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
2011/07/13 23:19:26.0899 1940 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
2011/07/13 23:19:27.0055 1940 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
2011/07/13 23:19:27.0226 1940 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
2011/07/13 23:19:27.0398 1940 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
2011/07/13 23:19:27.0788 1940 igfx (8266ae06df974e5ba047b3e9e9e70b3f) C:\Windows\system32\DRIVERS\igdkmd32.sys
2011/07/13 23:19:28.0131 1940 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
2011/07/13 23:19:28.0271 1940 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
2011/07/13 23:19:28.0412 1940 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
2011/07/13 23:19:28.0537 1940 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/07/13 23:19:28.0693 1940 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
2011/07/13 23:19:28.0817 1940 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
2011/07/13 23:19:28.0973 1940 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
2011/07/13 23:19:29.0114 1940 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
2011/07/13 23:19:29.0270 1940 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
2011/07/13 23:19:29.0441 1940 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\drivers\kbdclass.sys
2011/07/13 23:19:29.0582 1940 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\drivers\kbdhid.sys
2011/07/13 23:19:29.0738 1940 KSecDD (412cea1aa78cc02a447f5c9e62b32ff1) C:\Windows\system32\Drivers\ksecdd.sys
2011/07/13 23:19:29.0863 1940 KSecPkg (26c046977e85b95036453d7b88ba1820) C:\Windows\system32\Drivers\ksecpkg.sys
2011/07/13 23:19:30.0034 1940 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/07/13 23:19:30.0175 1940 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/07/13 23:19:30.0315 1940 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/07/13 23:19:30.0455 1940 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/07/13 23:19:30.0580 1940 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/07/13 23:19:30.0736 1940 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
2011/07/13 23:19:30.0861 1940 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
2011/07/13 23:19:31.0001 1940 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/07/13 23:19:31.0157 1940 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
2011/07/13 23:19:31.0329 1940 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
2011/07/13 23:19:31.0516 1940 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\drivers\mouclass.sys
2011/07/13 23:19:31.0688 1940 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
2011/07/13 23:19:31.0828 1940 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
2011/07/13 23:19:31.0969 1940 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
2011/07/13 23:19:32.0125 1940 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
2011/07/13 23:19:32.0249 1940 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
2011/07/13 23:19:32.0327 1940 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/07/13 23:19:32.0452 1940 mrxsmb10 (a70c828a93cce4c11617f6249f4d87fc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/07/13 23:19:32.0593 1940 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/07/13 23:19:32.0733 1940 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
2011/07/13 23:19:32.0873 1940 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
2011/07/13 23:19:33.0045 1940 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
2011/07/13 23:19:33.0170 1940 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
2011/07/13 23:19:33.0295 1940 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
2011/07/13 23:19:33.0435 1940 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
2011/07/13 23:19:33.0575 1940 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/07/13 23:19:33.0716 1940 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
2011/07/13 23:19:33.0825 1940 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
2011/07/13 23:19:33.0950 1940 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
2011/07/13 23:19:34.0075 1940 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
2011/07/13 23:19:34.0199 1940 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/07/13 23:19:34.0324 1940 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
2011/07/13 23:19:34.0480 1940 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
2011/07/13 23:19:34.0621 1940 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
2011/07/13 23:19:34.0792 1940 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/07/13 23:19:34.0917 1940 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/07/13 23:19:35.0167 1940 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/07/13 23:19:35.0291 1940 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/07/13 23:19:35.0432 1940 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
2011/07/13 23:19:35.0588 1940 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
2011/07/13 23:19:35.0744 1940 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
2011/07/13 23:19:35.0915 1940 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/07/13 23:19:36.0071 1940 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
2011/07/13 23:19:36.0196 1940 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
2011/07/13 23:19:36.0368 1940 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
2011/07/13 23:19:36.0524 1940 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
2011/07/13 23:19:36.0649 1940 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
2011/07/13 23:19:36.0805 1940 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
2011/07/13 23:19:36.0961 1940 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
2011/07/13 23:19:37.0117 1940 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
2011/07/13 23:19:37.0257 1940 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
2011/07/13 23:19:37.0335 1940 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys
2011/07/13 23:19:37.0475 1940 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
2011/07/13 23:19:37.0616 1940 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
2011/07/13 23:19:37.0756 1940 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
2011/07/13 23:19:37.0881 1940 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/07/13 23:19:38.0006 1940 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
2011/07/13 23:19:38.0146 1940 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
2011/07/13 23:19:38.0365 1940 Point32 (04df0452fbededf9297fd2e5440cb3c9) C:\Windows\system32\DRIVERS\point32k.sys
2011/07/13 23:19:38.0521 1940 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
2011/07/13 23:19:38.0661 1940 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
2011/07/13 23:19:38.0801 1940 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
2011/07/13 23:19:38.0957 1940 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
2011/07/13 23:19:39.0098 1940 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/07/13 23:19:39.0238 1940 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
2011/07/13 23:19:39.0363 1940 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
2011/07/13 23:19:39.0503 1940 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/07/13 23:19:39.0644 1940 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/07/13 23:19:39.0800 1940 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/07/13 23:19:39.0940 1940 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
2011/07/13 23:19:40.0065 1940 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
2011/07/13 23:19:40.0252 1940 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/07/13 23:19:40.0377 1940 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/07/13 23:19:40.0533 1940 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
2011/07/13 23:19:40.0673 1940 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
2011/07/13 23:19:40.0798 1940 RDPWD (288b06960d78428ff89e811632684e20) C:\Windows\system32\drivers\RDPWD.sys
2011/07/13 23:19:40.0970 1940 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
2011/07/13 23:19:41.0141 1940 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
2011/07/13 23:19:41.0313 1940 RTL8167 (7dfd48e24479b68b258d8770121155a0) C:\Windows\system32\DRIVERS\Rt86win7.sys
2011/07/13 23:19:41.0453 1940 RTL8187B (ca5a4fbfe341f13733955b8aac98f0b5) C:\Windows\system32\DRIVERS\RTL8187B.sys
2011/07/13 23:19:41.0609 1940 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
2011/07/13 23:19:41.0812 1940 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
2011/07/13 23:19:41.0937 1940 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/07/13 23:19:42.0093 1940 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
2011/07/13 23:19:42.0233 1940 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
2011/07/13 23:19:42.0374 1940 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
2011/07/13 23:19:42.0545 1940 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
2011/07/13 23:19:42.0686 1940 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
2011/07/13 23:19:42.0826 1940 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
2011/07/13 23:19:42.0951 1940 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/07/13 23:19:43.0123 1940 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
2011/07/13 23:19:43.0263 1940 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/07/13 23:19:43.0419 1940 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/07/13 23:19:43.0575 1940 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
2011/07/13 23:19:43.0731 1940 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
2011/07/13 23:19:43.0903 1940 sptd (cdddec541bc3c96f91ecb48759673505) C:\Windows\system32\Drivers\sptd.sys
2011/07/13 23:19:43.0903 1940 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505
2011/07/13 23:19:43.0934 1940 sptd - detected LockedFile.Multi.Generic (1)
2011/07/13 23:19:44.0043 1940 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
2011/07/13 23:19:44.0199 1940 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
2011/07/13 23:19:44.0339 1940 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
2011/07/13 23:19:44.0495 1940 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
2011/07/13 23:19:44.0651 1940 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
2011/07/13 23:19:44.0807 1940 SynTP (6bef3acd6ee22eec55b68699e8aace09) C:\Windows\system32\DRIVERS\SynTP.sys
2011/07/13 23:19:44.0995 1940 Tcpip (24326784df8f3d5f5bbb9f878ce33c14) C:\Windows\system32\drivers\tcpip.sys
2011/07/13 23:19:45.0182 1940 TCPIP6 (24326784df8f3d5f5bbb9f878ce33c14) C:\Windows\system32\DRIVERS\tcpip.sys
2011/07/13 23:19:45.0322 1940 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
2011/07/13 23:19:45.0478 1940 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
2011/07/13 23:19:45.0619 1940 TDTCP (2c10395baa4847f83042813c515cc289) C:\Windows\system32\drivers\tdtcp.sys
2011/07/13 23:19:45.0759 1940 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
2011/07/13 23:19:45.0915 1940 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
2011/07/13 23:19:46.0102 1940 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/07/13 23:19:46.0305 1940 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
2011/07/13 23:19:46.0461 1940 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
2011/07/13 23:19:46.0586 1940 TVALZ (792a8b80f8188aba4b2be271583f3e46) C:\Windows\system32\DRIVERS\TVALZ_O.SYS
2011/07/13 23:19:46.0711 1940 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
2011/07/13 23:19:46.0851 1940 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
2011/07/13 23:19:47.0038 1940 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
2011/07/13 23:19:47.0163 1940 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys
2011/07/13 23:19:47.0319 1940 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
2011/07/13 23:19:47.0459 1940 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/07/13 23:19:47.0647 1940 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
2011/07/13 23:19:47.0787 1940 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys
2011/07/13 23:19:47.0927 1940 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
2011/07/13 23:19:48.0052 1940 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys
2011/07/13 23:19:48.0193 1940 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
2011/07/13 23:19:48.0349 1940 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\drivers\USBSTOR.SYS
2011/07/13 23:19:48.0473 1940 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/07/13 23:19:48.0645 1940 usbvideo (45f4e7bf43db40a6c6b4d92c76cbc3f2) C:\Windows\System32\Drivers\usbvideo.sys
2011/07/13 23:19:48.0785 1940 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
2011/07/13 23:19:48.0941 1940 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/07/13 23:19:49.0066 1940 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
2011/07/13 23:19:49.0222 1940 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
2011/07/13 23:19:49.0409 1940 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
2011/07/13 23:19:49.0487 1940 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
2011/07/13 23:19:49.0612 1940 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
2011/07/13 23:19:49.0768 1940 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
2011/07/13 23:19:49.0924 1940 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
2011/07/13 23:19:50.0096 1940 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
2011/07/13 23:19:50.0283 1940 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/07/13 23:19:50.0408 1940 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
2011/07/13 23:19:50.0548 1940 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
2011/07/13 23:19:50.0704 1940 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
2011/07/13 23:19:50.0735 1940 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
2011/07/13 23:19:50.0891 1940 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
2011/07/13 23:19:51.0032 1940 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
2011/07/13 23:19:51.0235 1940 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/07/13 23:19:51.0359 1940 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
2011/07/13 23:19:51.0578 1940 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUsb.sys
2011/07/13 23:19:51.0718 1940 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
2011/07/13 23:19:51.0890 1940 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/07/13 23:19:52.0046 1940 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
2011/07/13 23:19:52.0217 1940 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/07/13 23:19:54.0277 1940 MBR (0x1B8) (de1996b5390bac8242e23168f828c750) \Device\Harddisk0\DR0
2011/07/13 23:19:54.0277 1940 \Device\Harddisk0\DR0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2011/07/13 23:19:54.0292 1940 Boot (0x1200) (bbb05a9c5a110f9336b7a519f334ced5) \Device\Harddisk0\DR0\Partition0
2011/07/13 23:19:54.0323 1940 Boot (0x1200) (581ba59df2e9b6c8240db778146c92f4) \Device\Harddisk0\DR0\Partition1
2011/07/13 23:19:54.0323 1940 ================================================================================
2011/07/13 23:19:54.0323 1940 Scan finished
2011/07/13 23:19:54.0323 1940 ================================================================================
2011/07/13 23:19:54.0339 0852 Detected object count: 2
2011/07/13 23:19:54.0339 0852 Actual detected object count: 2
2011/07/13 23:20:54.0196 0852 LockedFile.Multi.Generic(sptd) - User select action: Skip
2011/07/13 23:20:54.0274 0852 \Device\Harddisk0\DR0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot
2011/07/13 23:20:54.0274 0852 \Device\Harddisk0\DR0 - ok
2011/07/13 23:20:54.0337 0852 Rootkit.Win32.TDSS.tdl4(\Device\Harddisk0\DR0) - User select action: Cure
2011/07/13 23:21:09.0406 4044 Deinitialize success

[vyosek]

Presne jak jsem tusil, pekna mrcha tam byla

Pri stahovani ComboFixu - navod a postup nize - jej ulozte jako beruska.com

PROSIM CTETE DUKLADNE NAVOD - TATO UTILITA MA VELKOU SCHOPNOST MAZAT A JE NUTNE JI APLIKOVAT JEN NA DOPORUCENI, JINAK VAM MUZE JIT SYSTEM DO KYTEK
Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe

• Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.
• Pokud mate Win XP spustte pod uctem Spravce\Administratora
• Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
• Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
• Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
• Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
• Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
• Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte
• Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix

[pppalec]

Log z Combofix. Este som si spomenul na jednu vec, vcera ked som cital ten starsi prispevok kde sa riesil rovnaky
problem ako mam ja, tak som podla toho spravil log z RSIT a hned ho vlozil, a dalsi v prispevku bol log z Combofix, takze
ja samozrejme superaktivny som ho tak isto spravil podla navodu radcu ale v poslednej chvili som si to rozmyslel a nevlozil
som ho a vymazal ho. S tym ze mozno bude treba logy z inych utilit. Takze vam to radsej oznamujem, dufam ze som nieco nepokazil, uz mi docvaklo ze taketo moje amaterske unahlovanie moze byt skor na skodu.


ComboFix 11-07-13.04 - uzivatel 14.07.2011 9:31.2.2 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.2909.2007 [GMT 2:00]
Spuštěný z: c:\users\uzivatel\Desktop\beruska.com.exe
AV: ESET NOD32 Antivirus 4.0 *Disabled/Updated* {CB0F8167-5331-BA19-698E-64816B6801A5}
SP: ESET NOD32 Antivirus 4.0 *Disabled/Updated* {706E6083-750B-B597-533E-5FF310EF4B18}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-06-14 do 2011-07-14 )))))))))))))))))))))))))))))))
.
.
2011-07-14 07:36 . 2011-07-14 07:36 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-07-14 07:09 . 2011-06-20 06:57 7074640 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6EE85B35-3CF1-40EC-AD2C-115252533603}\mpengine.dll
2011-07-13 21:42 . 2011-07-13 21:42 -------- d-----w- c:\program files\ESET
2011-07-13 19:06 . 2011-07-13 19:06 -------- d-----w- c:\users\uzivatel\AppData\Roaming\VampireSagaHL
2011-07-13 18:59 . 2011-07-13 18:59 -------- d-----w- c:\windows\Vampire Saga - Welcome To Hell Lock
2011-07-13 10:11 . 2011-07-14 07:36 -------- d-----w- c:\users\uzivatel\AppData\Local\temp
2011-07-13 09:29 . 2011-07-13 09:29 -------- d-----w- c:\program files\trend micro
2011-07-13 09:29 . 2011-07-13 09:29 -------- d-----w- C:\rsit
2011-07-03 10:51 . 2011-07-03 10:51 -------- d-----w- c:\programdata\Canneverbe Limited
2011-07-03 10:51 . 2011-07-03 10:51 -------- d-----w- c:\users\uzivatel\AppData\Roaming\Canneverbe Limited
2011-07-03 10:50 . 2011-07-03 10:50 -------- d-----w- c:\program files\CDBurnerXP
2011-07-02 15:53 . 2011-07-02 15:53 -------- d-----w- c:\programdata\Media Center Programs
2011-06-30 22:12 . 2011-06-30 22:12 -------- d-----w- c:\program files\Common Files\Java
2011-06-29 06:47 . 2011-05-24 10:44 293376 ----a-w- c:\windows\system32\umpnpmgr.dll
2011-06-29 06:47 . 2011-05-04 04:34 1549312 ----a-w- c:\windows\system32\tquery.dll
2011-06-29 06:47 . 2011-05-04 04:32 1401344 ----a-w- c:\windows\system32\mssrch.dll
2011-06-29 06:47 . 2011-05-04 04:28 427520 ----a-w- c:\windows\system32\SearchIndexer.exe
2011-06-29 06:47 . 2011-05-04 04:32 666624 ----a-w- c:\windows\system32\mssvp.dll
2011-06-29 06:47 . 2011-05-04 04:32 337408 ----a-w- c:\windows\system32\mssph.dll
2011-06-29 06:47 . 2011-05-04 04:28 164352 ----a-w- c:\windows\system32\SearchProtocolHost.exe
2011-06-29 06:47 . 2011-05-04 04:32 197120 ----a-w- c:\windows\system32\mssphtb.dll
2011-06-29 06:47 . 2011-05-04 04:32 59392 ----a-w- c:\windows\system32\msscntrs.dll
2011-06-29 06:47 . 2011-05-04 04:28 86528 ----a-w- c:\windows\system32\SearchFilterHost.exe
2011-06-24 15:01 . 2011-06-24 15:01 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-22 22:26 . 2011-06-22 22:26 -------- d-sh--w- c:\windows\system32\%APPDATA%
2011-06-22 07:46 . 2011-04-29 02:46 311808 ----a-w- c:\windows\system32\drivers\srv.sys
2011-06-22 07:46 . 2011-04-29 02:46 310272 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-06-22 07:46 . 2011-04-29 02:46 114688 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-06-22 07:46 . 2011-04-25 04:31 1290624 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-06-22 07:46 . 2011-04-25 02:18 338944 ----a-w- c:\windows\system32\drivers\afd.sys
2011-06-16 15:01 . 2011-06-16 16:21 -------- d-----w- c:\programdata\FarmFrenzy3_Arctica
2011-06-14 13:08 . 2011-06-14 13:33 -------- d-----w- c:\programdata\FarmFrenzy_Rome
2011-06-14 12:01 . 2011-06-14 12:01 -------- d-----w- c:\users\uzivatel\AppData\Local\Astar Games
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-24 17:14 . 2010-02-15 15:36 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-05-08 12:29 . 2011-05-04 22:05 138264 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2011-05-08 12:28 . 2011-05-04 22:14 234768 ----a-w- c:\windows\system32\PnkBstrB.xtr
2011-05-08 12:28 . 2011-05-04 22:04 234768 ----a-w- c:\windows\system32\PnkBstrB.exe
2011-05-04 22:05 . 2011-05-04 22:05 138056 ----a-w- c:\users\uzivatel\AppData\Roaming\PnkBstrK.sys
2011-05-04 22:04 . 2011-05-04 22:04 75136 ----a-w- c:\windows\system32\PnkBstrA.exe
2011-05-04 02:52 . 2010-05-14 13:44 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-07-08 07:29 . 2011-07-12 21:34 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"RESTART_STICKY_NOTES"="c:\windows\System32\StikyNot.exe" [2009-07-14 354304]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2009-11-11 1468256]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-08-28 1557800]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-25 136216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-25 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-25 170520]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-11-16 2054360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\macfero]
2011-07-01 11:48 11264 ----a-w- c:\windows\System32\config\systemprofile\AppData\Local\macfero.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKLM\~\startupfolder\C:^Users^uzivatel^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk]
path=c:\users\uzivatel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk
backup=c:\windows\pss\Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2009-10-30 11:57 369200 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
2011-05-12 15:26 124216 ----a-w- c:\program files\ICQ7.5\ICQ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2010-11-10 00:54 4240760 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-06-02 136176]
R3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-06-02 136176]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-27 1343400]
R3 XDva337;XDva337;c:\windows\system32\XDva337.sys [x]
R3 XDva341;XDva341;c:\windows\system32\XDva341.sys [x]
R3 XDva342;XDva342;c:\windows\system32\XDva342.sys [x]
R3 XDva343;XDva343;c:\windows\system32\XDva343.sys [x]
R3 XDva344;XDva344;c:\windows\system32\XDva344.sys [x]
R3 XDva345;XDva345;c:\windows\system32\XDva345.sys [x]
R3 XDva346;XDva346;c:\windows\system32\XDva346.sys [x]
R3 XDva347;XDva347;c:\windows\system32\XDva347.sys [x]
R3 XDva349;XDva349;c:\windows\system32\XDva349.sys [x]
R3 XDva352;XDva352;c:\windows\system32\XDva352.sys [x]
R3 XDva358;XDva358;c:\windows\system32\XDva358.sys [x]
R3 XDva359;XDva359;c:\windows\system32\XDva359.sys [x]
R3 XDva362;XDva362;c:\windows\system32\XDva362.sys [x]
R3 XDva366;XDva366;c:\windows\system32\XDva366.sys [x]
R3 XDva367;XDva367;c:\windows\system32\XDva367.sys [x]
R3 XDva368;XDva368;c:\windows\system32\XDva368.sys [x]
R3 XDva370;XDva370;c:\windows\system32\XDva370.sys [x]
R3 XDva372;XDva372;c:\windows\system32\XDva372.sys [x]
R3 XDva374;XDva374;c:\windows\system32\XDva374.sys [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-03-16 691696]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2009-11-16 108792]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2009-11-16 735960]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2009-12-18 95896]
S2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [2010-06-21 246584]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 RTL8167;Ovladač Realtek 8167 NT;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]
S3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 - síťový adaptér;c:\windows\system32\DRIVERS\RTL8187B.sys [2009-07-13 347136]
.
.
Obsah adresáře 'Naplánované úlohy'
.
2011-07-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-02 08:52]
.
2011-07-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-02 08:52]
.
2011-07-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-165429109-1893578679-3397494018-1000Core.job
- c:\users\uzivatel\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-27 17:07]
.
2011-07-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-165429109-1893578679-3397494018-1000UA.job
- c:\users\uzivatel\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-27 17:07]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://start.icq.com/sm
uInternet Settings,ProxyOverride = *.local
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files\ICQ7.5\ICQ.exe
TCP: DhcpNameServer = 213.46.172.36 213.46.172.37
FF - ProfilePath - c:\users\uzivatel\AppData\Roaming\Mozilla\Firefox\Profiles\y7wljoc6.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.cz/
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2011-07-14 09:38:02
ComboFix-quarantined-files.txt 2011-07-14 07:38
.
Před spuštěním: Volných bajtů: 122 815 238 144
Po spuštění: Volných bajtů: 122 765 676 544
.
- - End Of File - - 71EB49BC24A096F793C5F2C94FCF3B5E

[vyosek]

Budte rad, ze jste si tim CFkem nesundal system - ctete nize

Nebezpeci CFka

• Je urcen primarne pro radce - jeho svevolnym pouzitim ztracite narok na podporu
• Maze stopy po haveti, takze v logu z RSIT neni nic videt
• Jeho log je treba dolustit, jelikoz neumi smazat vse - to ovsem tezko zvladnete pokud k tomu nejste vyskolen
• CF muze mit bug = sunda Vam system, pokud nevite kam co uklada, jak co obnovit, mate system v kytkam a ceka Vas reinstal
• CF taky bohuzel prozatim nekontroluje nektere dulezite knihovny (napr. hal.dll) - ty treba mazou nektere typy haveti (napr. angela) - smaze Vam po restartu hal.dll = nenajede Vam system a jste o radek vyse = reinstal

Pokud nemate, tak presunte Combofix na plochu

• Spustte poznamkovy blok (Start-spustit-notepad)
• Zkopirujte skript nize

• Kód: Vybrat vše

  KillAll::
  
  RegLock::
  [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
  
  File::
  c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
  c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
  c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-165429109-1893578679-3397494018-1000Core.job
  c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-165429109-1893578679-3397494018-1000UA.job
  
  DDS::
  uStart Page = hxxp://start.icq.com/sm
  
  Driver::
  ICQ Service
  gupdate
  gupdatem
  XDva337
  XDva341
  XDva342
  XDva343
  XDva344
  XDva345
  XDva346
  XDva347
  XDva349
  XDva352
  XDva358
  XDva359
  XDva362
  XDva366
  XDva367
  XDva368
  XDva370
  XDva372
  XDva374
  
  Folder::
  c:\program files\ICQ6Toolbar
  
  Registry::
  [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
  [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
  [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "QuickTime Task"=-
  "SunJavaUpdateSched"=-
  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
  "{855F3B16-6D32-4FE6-8A56-BBB695989046}"=-
  [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
  "{855F3B16-6D32-4fe6-8A56-BBB695989046}"=-
  "{51a86bb3-6602-4c85-92a5-130ee4864f13}"=-
  
  Reboot::

• Ulozte vytvoreny TXT jako CFScript.txt
• Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
  
• Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte

Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci

[pppalec]

ComboFix 11-07-14.05 - uzivatel 15.07.2011 0:38.3.2 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.2909.1911 [GMT 2:00]
Spuštěný z: c:\users\uzivatel\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\uzivatel\Desktop\CFScript.txt
AV: ESET NOD32 Antivirus 4.0 *Disabled/Updated* {CB0F8167-5331-BA19-698E-64816B6801A5}
SP: ESET NOD32 Antivirus 4.0 *Disabled/Updated* {706E6083-750B-B597-533E-5FF310EF4B18}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
FILE ::
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
"c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-165429109-1893578679-3397494018-1000Core.job"
"c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-165429109-1893578679-3397494018-1000UA.job"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\ICQ6Toolbar
c:\program files\ICQ6Toolbar\config.xml
c:\program files\ICQ6Toolbar\Icons.bmp
c:\program files\ICQ6Toolbar\ICQ Service.exe
c:\program files\ICQ6Toolbar\icq6Toolbar.ico
c:\program files\ICQ6Toolbar\ICQToolBar.dll
c:\program files\ICQ6Toolbar\ICQUnToolbar.exe
c:\program files\ICQ6Toolbar\logo_small.gif
c:\program files\ICQ6Toolbar\ServiceStarter.exe
c:\program files\ICQ6Toolbar\short.wav
c:\program files\ICQ6Toolbar\Version.txt
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-165429109-1893578679-3397494018-1000Core.job
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-165429109-1893578679-3397494018-1000UA.job
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_XDVA337
-------\Legacy_XDVA341
-------\Legacy_XDVA342
-------\Legacy_XDVA343
-------\Legacy_XDVA344
-------\Legacy_XDVA345
-------\Legacy_XDVA346
-------\Legacy_XDVA347
-------\Legacy_XDVA349
-------\Legacy_XDVA352
-------\Legacy_XDVA358
-------\Legacy_XDVA359
-------\Legacy_XDVA362
-------\Legacy_XDVA366
-------\Legacy_XDVA367
-------\Legacy_XDVA368
-------\Legacy_XDVA370
-------\Legacy_XDVA372
-------\Legacy_XDVA374
-------\Service_gupdate
-------\Service_gupdatem
-------\Service_ICQ Service
-------\Service_XDva337
-------\Service_XDva341
-------\Service_XDva342
-------\Service_XDva343
-------\Service_XDva344
-------\Service_XDva345
-------\Service_XDva346
-------\Service_XDva347
-------\Service_XDva349
-------\Service_XDva352
-------\Service_XDva358
-------\Service_XDva359
-------\Service_XDva362
-------\Service_XDva366
-------\Service_XDva367
-------\Service_XDva368
-------\Service_XDva370
-------\Service_XDva372
-------\Service_XDva374
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-06-14 do 2011-07-14 )))))))))))))))))))))))))))))))
.
.
2011-07-14 22:45 . 2011-07-14 22:47 -------- d-----w- c:\users\uzivatel\AppData\Local\temp
2011-07-14 22:45 . 2011-07-14 22:45 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-07-14 13:02 . 2011-07-14 13:02 -------- d-----w- c:\users\uzivatel\AppData\Local\fd
2011-07-14 10:53 . 2011-07-14 10:53 -------- d-----w- c:\users\uzivatel\AppData\Roaming\SulusGames
2011-07-14 10:53 . 2011-07-14 10:53 -------- d-----w- c:\programdata\SulusGames
2011-07-14 07:09 . 2011-06-20 06:57 7074640 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6EE85B35-3CF1-40EC-AD2C-115252533603}\mpengine.dll
2011-07-13 21:42 . 2011-07-13 21:42 -------- d-----w- c:\program files\ESET
2011-07-13 19:06 . 2011-07-13 19:06 -------- d-----w- c:\users\uzivatel\AppData\Roaming\VampireSagaHL
2011-07-13 18:59 . 2011-07-13 18:59 -------- d-----w- c:\windows\Vampire Saga - Welcome To Hell Lock
2011-07-13 09:29 . 2011-07-13 09:29 -------- d-----w- c:\program files\trend micro
2011-07-13 09:29 . 2011-07-13 09:29 -------- d-----w- C:\rsit
2011-07-03 10:51 . 2011-07-03 10:51 -------- d-----w- c:\programdata\Canneverbe Limited
2011-07-03 10:51 . 2011-07-03 10:51 -------- d-----w- c:\users\uzivatel\AppData\Roaming\Canneverbe Limited
2011-07-03 10:50 . 2011-07-03 10:50 -------- d-----w- c:\program files\CDBurnerXP
2011-07-02 15:53 . 2011-07-02 15:53 -------- d-----w- c:\programdata\Media Center Programs
2011-06-30 22:12 . 2011-06-30 22:12 -------- d-----w- c:\program files\Common Files\Java
2011-06-29 06:47 . 2011-05-24 10:44 293376 ----a-w- c:\windows\system32\umpnpmgr.dll
2011-06-29 06:47 . 2011-05-04 04:34 1549312 ----a-w- c:\windows\system32\tquery.dll
2011-06-29 06:47 . 2011-05-04 04:32 1401344 ----a-w- c:\windows\system32\mssrch.dll
2011-06-29 06:47 . 2011-05-04 04:28 427520 ----a-w- c:\windows\system32\SearchIndexer.exe
2011-06-29 06:47 . 2011-05-04 04:32 666624 ----a-w- c:\windows\system32\mssvp.dll
2011-06-29 06:47 . 2011-05-04 04:32 337408 ----a-w- c:\windows\system32\mssph.dll
2011-06-29 06:47 . 2011-05-04 04:28 164352 ----a-w- c:\windows\system32\SearchProtocolHost.exe
2011-06-29 06:47 . 2011-05-04 04:32 197120 ----a-w- c:\windows\system32\mssphtb.dll
2011-06-29 06:47 . 2011-05-04 04:32 59392 ----a-w- c:\windows\system32\msscntrs.dll
2011-06-29 06:47 . 2011-05-04 04:28 86528 ----a-w- c:\windows\system32\SearchFilterHost.exe
2011-06-24 15:01 . 2011-06-24 15:01 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-22 22:26 . 2011-06-22 22:26 -------- d-sh--w- c:\windows\system32\%APPDATA%
2011-06-22 07:46 . 2011-04-29 02:46 311808 ----a-w- c:\windows\system32\drivers\srv.sys
2011-06-22 07:46 . 2011-04-29 02:46 310272 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-06-22 07:46 . 2011-04-29 02:46 114688 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-06-22 07:46 . 2011-04-25 04:31 1290624 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-06-22 07:46 . 2011-04-25 02:18 338944 ----a-w- c:\windows\system32\drivers\afd.sys
2011-06-16 15:01 . 2011-06-16 16:21 -------- d-----w- c:\programdata\FarmFrenzy3_Arctica
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-24 17:14 . 2010-02-15 15:36 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-05-08 12:29 . 2011-05-04 22:05 138264 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2011-05-08 12:28 . 2011-05-04 22:14 234768 ----a-w- c:\windows\system32\PnkBstrB.xtr
2011-05-08 12:28 . 2011-05-04 22:04 234768 ----a-w- c:\windows\system32\PnkBstrB.exe
2011-05-04 22:05 . 2011-05-04 22:05 138056 ----a-w- c:\users\uzivatel\AppData\Roaming\PnkBstrK.sys
2011-05-04 22:04 . 2011-05-04 22:04 75136 ----a-w- c:\windows\system32\PnkBstrA.exe
2011-05-04 02:52 . 2010-05-14 13:44 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-04-20 07:11 . 2011-04-20 07:11 82832 ------w- c:\windows\system32\SoftekBarcodePDF.dll
2011-04-20 07:11 . 2011-04-20 07:11 56720 ------w- c:\windows\system32\bardecode_jni.dll
2011-04-20 07:11 . 2011-04-20 07:11 465296 ------w- c:\windows\system32\SoftekBarcodeLib2.dll
2011-04-20 07:11 . 2011-04-20 07:11 422800 ------w- c:\windows\system32\SoftekBarcode.ocx
2011-04-20 07:11 . 2011-04-20 07:11 216464 ------w- c:\windows\system32\SoftekATL.dll
2011-04-20 07:11 . 2011-04-20 07:11 1110928 ------w- c:\windows\system32\SoftekBarcode.dll
2011-07-08 07:29 . 2011-07-12 21:34 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"RESTART_STICKY_NOTES"="c:\windows\System32\StikyNot.exe" [2009-07-14 354304]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2009-11-11 1468256]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-08-28 1557800]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-25 136216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-25 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-25 170520]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-11-16 2054360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\macfero]
2011-07-01 11:48 11264 ----a-w- c:\windows\System32\config\systemprofile\AppData\Local\macfero.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKLM\~\startupfolder\C:^Users^uzivatel^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk]
path=c:\users\uzivatel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk
backup=c:\windows\pss\Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk.Startup
backupExtension=.Startup
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-27 1343400]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-03-16 691696]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2009-11-16 108792]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2009-11-16 735960]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2009-12-18 95896]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 RTL8167;Ovladač Realtek 8167 NT;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]
S3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 - síťový adaptér;c:\windows\system32\DRIVERS\RTL8187B.sys [2009-07-13 347136]
.
.
.
------- Doplňkový sken -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files\ICQ7.5\ICQ.exe
TCP: DhcpNameServer = 213.46.172.36 213.46.172.37
FF - ProfilePath - c:\users\uzivatel\AppData\Roaming\Mozilla\Firefox\Profiles\y7wljoc6.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.cz/
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
AddRemove-ICQToolbar - c:\program files\ICQ6Toolbar\ICQUnToolbar.exe
.
.
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\PnkBstrA.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\taskhost.exe
c:\program files\Google\Update\GoogleUpdate.exe
c:\windows\system32\conhost.exe
c:\windows\system32\DllHost.exe
c:\windows\system32\sppsvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Celkový čas: 2011-07-15 00:51:53 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-07-14 22:51
.
Před spuštěním: Volných bajtů: 121 539 932 160
Po spuštění: Volných bajtů: 121 197 649 920
.
- - End Of File - - 6B8204AEC9823DA316700C808A245585

[vyosek]

Log vypada jiz cisty, jak se chova PC

[pppalec]

PC sa chova normalne, pripojenie k internetu funguje bez problemov, po vcerajsej kontorole zmizli
Ikony oznamovaci oblasti a Miniaplikace z plochy, ale po dalsom restarte to bolo ok.

[vyosek]

Tak jeste uklidime

Odinstalujte Combofix

• Start - Spustit (nebo pouzijte klavesobou zkratku Win+R)
• Napiste ComboFix /UninstallA
• Stisknete Enter
• Tohle smaze Combofix a jeho slozky

T-Cleaner http://vyosek.ic.cz/pro_usery/T-Cleaner.exe

• Stahnete a spustte
• Pro potvrzeni volby mackejte A, Enter
• Po pouziti utilitu smazte
• Antiviry touhou utilitu chybne oznacit jako vir - jedna se o falesny poplach - takze v pohode stahnete (pripadne vypnete pri stahovani antivir)

OTC http://oldtimer.geekstogo.com/OTC.exe

• Stahnete a spustte
• Kliknete na CleanUp a potvrdte YES
• Program uklidi a restartuje PC

TFC http://oldtimer.geekstogo.com/TFC.exe

• Stahnete a spustte
• Kliknete na Start a potvrdte OK
• Program uklidi a restartuje pc
• Po pouziti utilitu smazte

Stahnete Ccleaner (viz muj podpis)
Panel čistič

• Vse nechte jak je, jen dejte Analyzovat a pote Spustit CCleaner

Panel registry

• dejte Hledej problémy
• nasledne Opravit problémy - zalohu registru doporucuji udelat, opravte vsechny problemy
• postup opakujte dokud nebude bez problemu - vetsinou cca 3x

Panel nástroje

• Zde muzete odinstalovat nepotrebne programy

CCleaner doporucuji pouzivat cca jednou za tyden

Doporucuji kompletni zmenu hesel - TDL rootkit je rad krade a povida si o nich s okolim

A pokud nejsou problemy ci dotazy, je to z me strany vse

[pppalec]

Ok vsetko som spravil podla navodov, CCleaner mam a pravidelne pouzivam.
Takze OBROVSKE DAKUJEM za ochotu a trpezlivost!!! Toto forum budem odteraz asi dost pravidelne sledovat,
tak nech sa dari, zatial sa lucim

[vyosek]

Nemate zac, rad jsem pomohl Zase nekdy

[pppalec]

Doby den, tak to som znova ja, presli tri dni a PC sa bud nepripoji k strankam, alebo nacitava dlhe minuty, NOD 32 sa vzdy sekne v polovici kontroly, pustal som Microsoft Safety Scanner a Spybot - vsetko ok, nic nenasly. Po poslednych problemoch a po dnesnych problemoch som sa definitivne rozhodol, ze cez vikend preinstalujem system, sformatujem disc, a zacnem od nuly, notas ma dva roky. Uz som pre istotu zalohoval vsetky dolezite veci.Len dufam ze prezije do soboty, pretoze dovtedy na to nemam volny cas.