Jeste spravim kontrolu s mBam ale mam posledny dotaz:Co s esetom ???
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
FB-vir
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Re: FB-vir
Jo super PC ide uplne normalne a ja som us nedufal.Toto je fakt dobre forum s este lepsimi ludmi.Dakujem vam ze ste mi pomohli Jeste spravim kontrolu s mBam ale mam posledny dotaz:Co s esetom ???
Jeste spravim kontrolu s mBam ale mam posledny dotaz:Co s esetom ???NO PASARAN
Re: FB-vir
1. Až dojede MBAM, tak dejte log. 
2. Antivirus přeinstalujte.
3. Ještě v ComboFix udělejte následující věc:
Přesuňte ComboFix na plochu. Otevřte poznámkový blok a zkopírujte do něj:
Změna skriptu - Proveďte tento skript prosím znovu, měl jsem v něm chybu.
A dejte nový log z ComboFix. + Pokud bude hotový MBAM, tak i ten.
2. Antivirus přeinstalujte.
3. Ještě v ComboFix udělejte následující věc:
Přesuňte ComboFix na plochu. Otevřte poznámkový blok a zkopírujte do něj:
Uložte na plochu jako CFScript.txt . Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.
Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000000
"FirewallOverride"=dword:00000000
"DisableThumbnailCache"=dword:00000000
Změna skriptu - Proveďte tento skript prosím znovu, měl jsem v něm chybu.
A dejte nový log z ComboFix. + Pokud bude hotový MBAM, tak i ten.
Pokud došlo k virové nákaze systému, udělejte zálohu důležitých dat.
Při odstranění virové infiltrace by mohlo dojít ke ztrátě dat.
Aplikování jednotlivých programů používáte na vlastní nebezpečí!
Při odstranění virové infiltrace by mohlo dojít ke ztrátě dat.
Aplikování jednotlivých programů používáte na vlastní nebezpečí!
Re: FB-vir
Takze mam vysledok :
Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org
Verzia databázy: 7310
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
28.7.2011 23:27:40
mbam-log-2011-07-28 (23-27-40).txt
Typ kontroly: Úplná kontrola (C:\|Z:\|)
Objektov kontrolovaných: 332284
Uplynutý čas: 1 hod, 50 min, 49 sek
Infikované služby pamäte: 0
Infikované moduly pamäte: 0
Infikované registračné kľúče: 0
Infikované registračné hodnoty: 0
Infikované položky registračných dát: 0
Infikované priečinky: 0
Infikované súbory: 4
Infikované služby pamäte:
(Škodlivé položky neboli zistené)
Infikované moduly pamäte:
(Škodlivé položky neboli zistené)
Infikované registračné kľúče:
(Škodlivé položky neboli zistené)
Infikované registračné hodnoty:
(Škodlivé položky neboli zistené)
Infikované položky registračných dát:
(Škodlivé položky neboli zistené)
Infikované priečinky:
(Škodlivé položky neboli zistené)
Infikované súbory:
z:\system volume information\_restore{53af324a-787a-4ec7-aeab-6ce236e4664f}\RP498\A0153888.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
z:\system volume information\_restore{53af324a-787a-4ec7-aeab-6ce236e4664f}\RP498\A0153889.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.
z:\system volume information\_restore{53af324a-787a-4ec7-aeab-6ce236e4664f}\RP498\A0153890.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.
z:\system volume information\_restore{53af324a-787a-4ec7-aeab-6ce236e4664f}\RP498\A0153891.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.
ComboFix 11-07-28.06 - HARDMAN 28.07.2011 23:43:36.3.1 - x86
Running from: c:\documents and settings\HARDMAN\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\HARDMAN\Desktop\CFScript.txt.txt
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2011-06-28 to 2011-07-28 )))))))))))))))))))))))))))))))
.
.
2011-07-28 12:02 . 2008-04-13 23:10 62976 ----a-w- c:\windows\system32\drivers\cdrom.sys
2011-07-27 20:13 . 2011-07-27 20:13 -------- d-----w- c:\documents and settings\Administrator
2011-07-27 20:12 . 2011-07-27 20:28 44560 --sha-w- c:\windows\system32\c_47380.nl_
2011-07-27 17:41 . 2011-07-06 17:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-27 17:41 . 2011-07-28 18:13 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-07-27 17:41 . 2011-07-06 17:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-27 13:36 . 2011-07-27 13:36 -------- d-----w- c:\program files\trend micro
2011-07-27 13:36 . 2011-07-27 13:36 -------- d-----w- C:\rsit
2011-07-22 16:20 . 2011-07-22 16:20 -------- d-----w- c:\documents and settings\HARDMAN\Application Data\Malwarebytes
2011-07-22 16:20 . 2011-07-22 16:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-07-22 15:44 . 2011-07-22 15:44 -------- d-----w- C:\ERDNT
2011-07-06 19:14 . 2011-07-19 10:54 -------- d-----w- c:\documents and settings\HARDMAN\Application Data\go
2011-07-06 19:14 . 2011-07-19 10:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Easybits GO
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-27 20:19 . 2008-12-11 22:06 115200 ----a-w- c:\windows\system32\drivers\redbook.sys
2011-06-23 13:00 . 2011-05-18 11:53 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-02 17:53 . 2011-06-02 17:53 94208 ----a-w- c:\windows\system32\dpl100.dll
2011-06-02 14:02 . 2001-08-23 12:00 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-05-02 15:31 . 2008-12-14 14:05 692736 ----a-w- c:\windows\system32\inetcomm.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872]
"STYLEXP"="c:\program files\TGTSoft\StyleXP\StyleXP.exe" [2006-05-24 1372160]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2009-04-24 203928]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2004-10-27 61952]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696]
"PAC207_Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2006-11-03 319488]
"Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2006-11-03 319488]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"SecurDisc"="c:\program files\Nero\Nero 7\InCD\NBHGui.exe" [2007-06-25 1629480]
"InCD"="c:\program files\Nero\Nero 7\InCD\InCD.exe" [2007-06-25 1057064]
"ASUS Update Checker"="c:\program files\ASUS\ASUSUpdate\UpdateChecker\UpdateChecker.exe" [2008-12-11 114688]
"Ai Nap"="c:\program files\ASUS\AI Suite\AiNap\AiNap.exe" [2007-12-10 1412608]
"CPU Power Monitor"="c:\program files\ASUS\AI Suite\AiGear3\CpuPowerMonitor.exe" [2007-10-16 626176]
"Cpu Level Up help"="c:\program files\ASUS\AI Suite\CpuLevelUpHelp.exe" [2007-11-30 881152]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-06-02 1753192]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-06-07 110696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-06-07 13902440]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2009-11-18 54576]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\HARDMAN\Start Menu\Programs\Startup\
Kalend r.lnk - c:\windows\MENINY.EXE [2009-2-15 49312]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072]
Ralink Wireless Utility.lnk - c:\program files\RALINK\Common\RaUI.exe [2008-12-14 614400]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableSecureUIAPaths"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\DivX\\DivX Update\\DivXUpdate.exe"=
"c:\\Documents and Settings\\HARDMAN\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe"=
"z:\\Hry\\Valve\\hl.exe"=
"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=
"c:\\Program Files\\Google\\Update\\GoogleUpdate.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [x]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-03-01 135664]
R3 GGSAFERDriver;GGSAFER Driver;c:\program files\Garena\safedrv.sys [x]
R3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-03-01 135664]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-07-06 41272]
R3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\DRIVERS\teamviewervpn.sys [2008-01-25 25088]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-02-04 691696]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2009-05-14 107256]
S1 epfwtdir;epfwtdir;c:\windows\system32\DRIVERS\epfwtdir.sys [2009-05-14 94360]
S2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [2010-11-21 247608]
S3 PAC207;e-Messenger 112;c:\windows\system32\DRIVERS\PFC027.SYS [2007-10-25 616064]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder
.
2011-07-28 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2009-11-16 15:54]
.
2011-07-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cb0d9d335d472e.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-01 12:30]
.
2011-07-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-01 12:30]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://start.icq.com/
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files\ICQ7.5\ICQ.exe
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\HARDMAN\Application Data\Mozilla\Firefox\Profiles\2xv5asca.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2418376&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://start.icq.com/
FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-28 23:55
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\.cdrom]
"ImagePath"="\*"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\.redbook]
"ImagePath"="\*"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1957994488-789336058-725345543-1003\Software\SecuROM\License information*]
"datasecu"=hex:1b,93,ac,a1,67,b0,04,ef,ce,2d,68,33,de,3f,a4,ad,90,8b,c4,d2,a6,
e6,1d,21,47,01,46,f5,f0,cd,9f,23,5d,1a,7a,b6,0a,b1,54,16,d3,52,56,32,12,71,\
"rkeysecu"=hex:a6,d9,8e,f3,ed,6f,c7,99,40,e5,5c,37,91,b0,fe,85
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(3180)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2011-07-29 00:00:35
ComboFix-quarantined-files.txt 2011-07-28 22:00
ComboFix2.txt 2011-07-28 19:06
ComboFix3.txt 2011-07-28 12:33
.
Pre-Run: 10 743 541 760 bytes free
Post-Run: 13 adresárov, 10 722 934 784 voľných bajtov
.
- - End Of File - - 8350A88CCBA32CA651DF8773BCAD9F7A
Myslim ze vsetko je us v poriadku ale netreba este pre istotu spustit napr Ccleaner a podobne
Nevyznam sa v tom tak sa pitam 
Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org
Verzia databázy: 7310
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
28.7.2011 23:27:40
mbam-log-2011-07-28 (23-27-40).txt
Typ kontroly: Úplná kontrola (C:\|Z:\|)
Objektov kontrolovaných: 332284
Uplynutý čas: 1 hod, 50 min, 49 sek
Infikované služby pamäte: 0
Infikované moduly pamäte: 0
Infikované registračné kľúče: 0
Infikované registračné hodnoty: 0
Infikované položky registračných dát: 0
Infikované priečinky: 0
Infikované súbory: 4
Infikované služby pamäte:
(Škodlivé položky neboli zistené)
Infikované moduly pamäte:
(Škodlivé položky neboli zistené)
Infikované registračné kľúče:
(Škodlivé položky neboli zistené)
Infikované registračné hodnoty:
(Škodlivé položky neboli zistené)
Infikované položky registračných dát:
(Škodlivé položky neboli zistené)
Infikované priečinky:
(Škodlivé položky neboli zistené)
Infikované súbory:
z:\system volume information\_restore{53af324a-787a-4ec7-aeab-6ce236e4664f}\RP498\A0153888.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
z:\system volume information\_restore{53af324a-787a-4ec7-aeab-6ce236e4664f}\RP498\A0153889.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.
z:\system volume information\_restore{53af324a-787a-4ec7-aeab-6ce236e4664f}\RP498\A0153890.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.
z:\system volume information\_restore{53af324a-787a-4ec7-aeab-6ce236e4664f}\RP498\A0153891.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.
ComboFix 11-07-28.06 - HARDMAN 28.07.2011 23:43:36.3.1 - x86
Running from: c:\documents and settings\HARDMAN\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\HARDMAN\Desktop\CFScript.txt.txt
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2011-06-28 to 2011-07-28 )))))))))))))))))))))))))))))))
.
.
2011-07-28 12:02 . 2008-04-13 23:10 62976 ----a-w- c:\windows\system32\drivers\cdrom.sys
2011-07-27 20:13 . 2011-07-27 20:13 -------- d-----w- c:\documents and settings\Administrator
2011-07-27 20:12 . 2011-07-27 20:28 44560 --sha-w- c:\windows\system32\c_47380.nl_
2011-07-27 17:41 . 2011-07-06 17:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-27 17:41 . 2011-07-28 18:13 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-07-27 17:41 . 2011-07-06 17:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-27 13:36 . 2011-07-27 13:36 -------- d-----w- c:\program files\trend micro
2011-07-27 13:36 . 2011-07-27 13:36 -------- d-----w- C:\rsit
2011-07-22 16:20 . 2011-07-22 16:20 -------- d-----w- c:\documents and settings\HARDMAN\Application Data\Malwarebytes
2011-07-22 16:20 . 2011-07-22 16:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-07-22 15:44 . 2011-07-22 15:44 -------- d-----w- C:\ERDNT
2011-07-06 19:14 . 2011-07-19 10:54 -------- d-----w- c:\documents and settings\HARDMAN\Application Data\go
2011-07-06 19:14 . 2011-07-19 10:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Easybits GO
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-27 20:19 . 2008-12-11 22:06 115200 ----a-w- c:\windows\system32\drivers\redbook.sys
2011-06-23 13:00 . 2011-05-18 11:53 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-02 17:53 . 2011-06-02 17:53 94208 ----a-w- c:\windows\system32\dpl100.dll
2011-06-02 14:02 . 2001-08-23 12:00 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-05-02 15:31 . 2008-12-14 14:05 692736 ----a-w- c:\windows\system32\inetcomm.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872]
"STYLEXP"="c:\program files\TGTSoft\StyleXP\StyleXP.exe" [2006-05-24 1372160]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2009-04-24 203928]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2004-10-27 61952]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696]
"PAC207_Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2006-11-03 319488]
"Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2006-11-03 319488]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"SecurDisc"="c:\program files\Nero\Nero 7\InCD\NBHGui.exe" [2007-06-25 1629480]
"InCD"="c:\program files\Nero\Nero 7\InCD\InCD.exe" [2007-06-25 1057064]
"ASUS Update Checker"="c:\program files\ASUS\ASUSUpdate\UpdateChecker\UpdateChecker.exe" [2008-12-11 114688]
"Ai Nap"="c:\program files\ASUS\AI Suite\AiNap\AiNap.exe" [2007-12-10 1412608]
"CPU Power Monitor"="c:\program files\ASUS\AI Suite\AiGear3\CpuPowerMonitor.exe" [2007-10-16 626176]
"Cpu Level Up help"="c:\program files\ASUS\AI Suite\CpuLevelUpHelp.exe" [2007-11-30 881152]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-06-02 1753192]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-06-07 110696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-06-07 13902440]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2009-11-18 54576]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\HARDMAN\Start Menu\Programs\Startup\
Kalend r.lnk - c:\windows\MENINY.EXE [2009-2-15 49312]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072]
Ralink Wireless Utility.lnk - c:\program files\RALINK\Common\RaUI.exe [2008-12-14 614400]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableSecureUIAPaths"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\DivX\\DivX Update\\DivXUpdate.exe"=
"c:\\Documents and Settings\\HARDMAN\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe"=
"z:\\Hry\\Valve\\hl.exe"=
"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=
"c:\\Program Files\\Google\\Update\\GoogleUpdate.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [x]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-03-01 135664]
R3 GGSAFERDriver;GGSAFER Driver;c:\program files\Garena\safedrv.sys [x]
R3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-03-01 135664]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-07-06 41272]
R3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\DRIVERS\teamviewervpn.sys [2008-01-25 25088]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-02-04 691696]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2009-05-14 107256]
S1 epfwtdir;epfwtdir;c:\windows\system32\DRIVERS\epfwtdir.sys [2009-05-14 94360]
S2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [2010-11-21 247608]
S3 PAC207;e-Messenger 112;c:\windows\system32\DRIVERS\PFC027.SYS [2007-10-25 616064]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder
.
2011-07-28 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2009-11-16 15:54]
.
2011-07-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cb0d9d335d472e.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-01 12:30]
.
2011-07-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-01 12:30]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://start.icq.com/
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files\ICQ7.5\ICQ.exe
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\HARDMAN\Application Data\Mozilla\Firefox\Profiles\2xv5asca.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2418376&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://start.icq.com/
FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-28 23:55
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\.cdrom]
"ImagePath"="\*"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\.redbook]
"ImagePath"="\*"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1957994488-789336058-725345543-1003\Software\SecuROM\License information*]
"datasecu"=hex:1b,93,ac,a1,67,b0,04,ef,ce,2d,68,33,de,3f,a4,ad,90,8b,c4,d2,a6,
e6,1d,21,47,01,46,f5,f0,cd,9f,23,5d,1a,7a,b6,0a,b1,54,16,d3,52,56,32,12,71,\
"rkeysecu"=hex:a6,d9,8e,f3,ed,6f,c7,99,40,e5,5c,37,91,b0,fe,85
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(3180)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2011-07-29 00:00:35
ComboFix-quarantined-files.txt 2011-07-28 22:00
ComboFix2.txt 2011-07-28 19:06
ComboFix3.txt 2011-07-28 12:33
.
Pre-Run: 10 743 541 760 bytes free
Post-Run: 13 adresárov, 10 722 934 784 voľných bajtov
.
- - End Of File - - 8350A88CCBA32CA651DF8773BCAD9F7A
Myslim ze vsetko je us v poriadku ale netreba este pre istotu spustit napr Ccleaner a podobne
Nevyznam sa v tom tak sa pitam NO PASARAN
Re: FB-vir
Vše už vypadá v pořádku.
Ještě zkuste tento soubor c:\windows\system32\c_47380.nl_ otestovat na http://www.virustotal.com/.
Zkopírujte tuto cestu do políčka, které je vedle procházet - a zvolte možnost - Send file a zašlete sem výsledek.
Jinak určitě Ccleaner udělat můžete ten Vašemu počítači pomůže od zbytečných věcí.
Dejte zprávu, jak to vypadá s Vaším počítačem, ať máte vše v pořádku.
Pěkný den.
Ještě zkuste tento soubor c:\windows\system32\c_47380.nl_ otestovat na http://www.virustotal.com/.
Zkopírujte tuto cestu do políčka, které je vedle procházet - a zvolte možnost - Send file a zašlete sem výsledek.
Jinak určitě Ccleaner udělat můžete ten Vašemu počítači pomůže od zbytečných věcí.
Dejte zprávu, jak to vypadá s Vaším počítačem, ať máte vše v pořádku.
Pěkný den.
Pokud došlo k virové nákaze systému, udělejte zálohu důležitých dat.
Při odstranění virové infiltrace by mohlo dojít ke ztrátě dat.
Aplikování jednotlivých programů používáte na vlastní nebezpečí!
Při odstranění virové infiltrace by mohlo dojít ke ztrátě dat.
Aplikování jednotlivých programů používáte na vlastní nebezpečí!
Re: FB-vir
Takze ten subor v system32 vobec nemam,skusal som aj Hladat ale nic.Jediny jemu podobny je c_437 ale ziedne (.nl) na konci.PC beží v pohode 
ale jedna vec ma trapi, nainstaloval som Eset smart security a hned po instalaci program pisal ze nefunguje Antispyware a Antivirus.No ked som PC vypol a zapol program ide na 100% a vsade su zelene fajky ale Centrum zabezpecenia systemu windows pise ze Ochrana proti virusom- NENASLO SA a je to cervene.Neviem co s tim inokedy mi to nerobilo ale priznavam takto to bolo us aj pred chytenim toho FB viru a mal som tam stav Nesleduje sa aby ma to neotravovalo no zrejme tam bude nejaka vada. 
ale jedna vec ma trapi, nainstaloval som Eset smart security a hned po instalaci program pisal ze nefunguje Antispyware a Antivirus.No ked som PC vypol a zapol program ide na 100% a vsade su zelene fajky ale Centrum zabezpecenia systemu windows pise ze Ochrana proti virusom- NENASLO SA a je to cervene.Neviem co s tim inokedy mi to nerobilo ale priznavam takto to bolo us aj pred chytenim toho FB viru a mal som tam stav Nesleduje sa aby ma to neotravovalo no zrejme tam bude nejaka vada. NO PASARAN
Re: FB-vir
A predsa som nasiel este jednu chybu a neviem co s tym.Ide o program InCD ktory je sucastou napalovacieho programu Nero 7 a ked sa pohybujem na internete tak niekedy vyskoci hlasenie ze: Sluzba pomocnika Incd nie je spravne nainstalovana.aplikaciu Incd nemozno spustit. Mozno to staci len vyhodit no neviem 
NO PASARAN
Re: FB-vir
Dobrý večer ,
problém přetrvává?
,problém přetrvává?
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Re: FB-vir
No PC us bezi a aj internet ale eset mi vypisuje ze zachtil infultraciu v pamati ale nejde to liecit je to subor PnkBstra.exe neviem ci to ma nieco spolocne s tym virom.A chcem sa spytat este ze co s tima programami ako combofix,Rsit mam to vyhodit? dkujem
NO PASARAN
Re: FB-vir
Poprosím o nový log ze rsitu a ten soubor otestujte na www.virustotal.com a výsledek sem vložte.
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Re: FB-vir
Novy log RSIT
Logfile of random's system information tool 1.09 (written by random/random)
Run by HARDMAN at 2011-08-25 23:00:59
WIN_XP Service Pack 3
System drive C: has 9 GB (31%) free of 29 GB
Total RAM: 1022 MB (58% free)
======Scheduled tasks folder======
C:\WINDOWS\tasks\1-Click Maintenance.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore1cb0d9d335d472e.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
=========Mozilla firefox=========
ProfilePath - C:\Documents and Settings\HARDMAN\Application Data\Mozilla\Firefox\Profiles\2xv5asca.default
prefs.js - "browser.search.useDBForOrder" - true
prefs.js - "browser.startup.homepage" - "http://start.icq.com/"
prefs.js - "extensions.enabledItems" - "{972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.18"
prefs.js - "keyword.URL" - "http://search.sweetim.com/search.asp?src=2&q="
"bkmrksync@nokia.com"=C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\
"{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}"=C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\
"{20a82645-c095-46ed-80e3-08825760534b}"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
"smartwebprinting@hp.com"=C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
"{23fcfd51-4958-4f00-80a3-ae97e717ed8b}"=C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0]
"Description"=DivX® Player Plugin for VOD Content
"Path"=C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0]
"Description"=DivX VOD Helper Plug-in
"Path"=C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Google.com/GoogleEarthPlugin]
"Description"=Google Earth in your browser
"Path"=C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@pandonetworks.com/PandoWebPlugin]
"Description"=This plugin detects and launches Pando Media Booster
"Path"=C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69]
"Description"=RealPlayer(tm) LiveConnect-Enabled Plug-In
"Path"=C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69]
"Description"=6.0.12.69
"Path"=C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=]
"Description"=
"Path"=
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}
C:\Program Files\Mozilla Firefox\components\
AskHPRFF.js
browser.xpt
browserdirprovider.dll
brwsrcmp.dll
components.list
FeedConverter.js
FeedProcessor.js
FeedWriter.js
fuelApplication.js
GPSDGeolocationProvider.js
jsconsole-clhandler.js
NetworkGeolocationProvider.js
npCouponPrinter.xpt
nppl3260.xpt
nsAddonRepository.js
nsBadCertHandler.js
nsBlocklistService.js
nsBrowserContentHandler.js
nsBrowserGlue.js
nsContentDispatchChooser.js
nsContentPrefService.js
nsDefaultCLH.js
nsDownloadManagerUI.js
nsExtensionManager.js
nsFormAutoComplete.js
nsHandlerService.js
nsHelperAppDlg.js
nsINIProcessor.js
nsJSRealPlayerPlugin.xpt
nsLivemarkService.js
nsLoginInfo.js
nsLoginManager.js
nsLoginManagerPrompter.js
nsMicrosummaryService.js
nsPlacesAutoComplete.js
nsPlacesDBFlush.js
nsPlacesTransactionsService.js
nsPrivateBrowsingService.js
nsProxyAutoConfig.js
nsSafebrowsingApplication.js
nsSearchService.js
nsSearchSuggestions.js
nsSessionStartup.js
nsSessionStore.js
nsSetDefaultBrowser.js
nsSidebar.js
nsTaggingService.js
nsTryToClose.js
nsUpdateService.js
nsUpdateServiceStub.js
nsUpdateTimerManager.js
nsUrlClassifierLib.js
nsUrlClassifierListManager.js
nsURLFormatter.js
nsWebHandlerApp.js
pluginGlue.js
storage-Legacy.js
storage-mozStorage.js
txEXSLTRegExFunctions.js
WebContentConverter.js
C:\Program Files\Mozilla Firefox\plugins\
np32dsw.dll
npCouponPrinter.dll
npDivxPlayerPlugin.dll
npMozCouponPrinter.dll
npnul32.dll
NPOFF12.DLL
nppdf32.dll
nppl3260.dll
nprpjplug.dll
nsIDivxPlayerPlugin.xpt
ShockwavePlugin.class
C:\Program Files\Mozilla Firefox\searchplugins\
atlas-sk.xml
azet-sk.xml
dunaj-sk.xml
eBay.xml
google.xml
slovnik-sk.xml
wikipedia-sk.xml
zoznam-sk.xml
C:\Documents and Settings\HARDMAN\Application Data\Mozilla\Firefox\Profiles\2xv5asca.default\extensions\
DTToolbar@toolbarnet.com
{20a82645-c095-46ed-80e3-08825760534b}
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0347C33E-8762-4905-BF09-768834316C61}]
HP Print Enhancer - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-10-22 328248]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{326E768D-4182-46FD-9C16-1449A49795F4}]
DivX Plus Web Player HTML5 <video> - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll [2011-05-23 115072]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-27 2210608]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}]
HP Smart BHO Class - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-10-22 517688]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{855F3B16-6D32-4fe6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2010-11-21 1054520]
{32099AAC-C132-4136-9E9A-4E364A424E17} - DAEMON Tools Toolbar - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll [2009-04-23 937416]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"High Definition Audio Property Page Shortcut"=C:\WINDOWS\system32\HDAShCut.exe [2004-10-27 61952]
"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2005-05-20 925696]
"PAC207_Monitor"=C:\WINDOWS\PixArt\PAC207\Monitor.exe [2006-11-03 319488]
"Monitor"=C:\WINDOWS\PixArt\PAC207\Monitor.exe [2006-11-03 319488]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2006-10-27 31016]
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2007-03-01 153136]
"SecurDisc"=C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe [2007-06-25 1629480]
"ASUS Update Checker"=C:\Program Files\ASUS\ASUSUpdate\UpdateChecker\UpdateChecker.exe [2008-12-11 114688]
"Ai Nap"=C:\Program Files\ASUS\AI Suite\AiNap\AiNap.exe [2007-12-10 1412608]
"CPU Power Monitor"=C:\Program Files\ASUS\AI Suite\AiGear3\CpuPowerMonitor.exe [2007-10-16 626176]
"Cpu Level Up help"=C:\Program Files\ASUS\AI Suite\CpuLevelUpHelp.exe [2007-11-30 881152]
"NokiaMServer"=C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup []
"nwiz"=C:\Program Files\NVIDIA Corporation\nView\nwiz.exe [2010-06-03 1753192]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2010-06-07 110696]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2010-06-07 13902440]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2011-06-08 37296]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2011-03-30 937920]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2009-11-18 54576]
"Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2011-07-06 449584]
"egui"=C:\Program Files\ESET\ESET Smart Security\egui.exe [2009-02-06 2021400]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2007-06-27 152872]
"STYLEXP"=C:\Program Files\TGTSoft\StyleXP\StyleXP.exe [2006-05-24 1372160]
"AlcoholAutomount"=C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe [2009-04-24 203928]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"Pando Media Booster"=C:\Program Files\Pando Networks\Media Booster\PMB.exe [2011-08-10 3077528]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
Ralink Wireless Utility.lnk - C:\Program Files\RALINK\Common\RaUI.exe
C:\Documents and Settings\HARDMAN\Start Menu\Programs\Startup
Kalendár.lnk - C:\WINDOWS\MENINY.EXE
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-04-16 190464]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-27 2210608]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableSecureUIAPaths"=0
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\DivX\DivX Update\DivXUpdate.exe"="C:\Program Files\DivX\DivX Update\DivXUpdate.exe:*:Enabled:DivX Update"
"Z:\Hry\Valve\hl.exe"="Z:\Hry\Valve\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe"="C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe:*:Enabled:Malwarebytes' Anti-Malware"
"C:\Program Files\Google\Update\GoogleUpdate.exe"="C:\Program Files\Google\Update\GoogleUpdate.exe:*:Enabled:Inštalačný program Google"
"C:\Program Files\Pando Networks\Media Booster\PMB.exe"="C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster"
"C:\Documents and Settings\HARDMAN\Local Settings\Application Data\Google\Chrome\Application\chrome.exe"="C:\Documents and Settings\HARDMAN\Local Settings\Application Data\Google\Chrome\Application\chrome.exe:*:Enabled:Google Chrome"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype "
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Pando Networks\Media Booster\PMB.exe"="C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"VIDC.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"VIDC.IYUV"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVU9"=tsbyuv.dll
"VIDC.YVYU"=msyuv.dll
"wavemapper"=msacm32.drv
"midi"=wdmaud.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\System32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"VIDC.VP60"=vp6vfw.dll
"VIDC.VP61"=vp6vfw.dll
"VIDC.VP62"=vp6vfw.dll
"VIDC.VP70"=vp7vfw.dll
"msacm.l3fhg"=mp3fhg.acm
"msacm.divxa32"=divxa32.acm
"msacm.vorbis"=vorbis.acm
"VIDC.X264"=x264vfw.dll
"VIDC.XVID"=xvidvfw.dll
"VIDC.HFYU"=huffyuv.dll
"vidc.i263"=i263_32.drv
"msacm.ac3acm"=ac3acm.acm
"msacm.lameacm"=lameACM.acm
"VIDC.FFDS"=ff_vfw.dll
"MSVideo8"=VfWWDM32.dll
"VIDC.FPS1"=frapsvid.dll
"vidc.DIVX"=DivX.dll
"vidc.yv12"=DivX.dll
======List of files/folders created in the last 1 month======
2011-08-24 17:24:33 ----HDC---- C:\WINDOWS\$NtUninstallKB2570791$
2011-08-10 15:11:06 ----HDC---- C:\WINDOWS\$NtUninstallKB2567680$
2011-08-10 15:10:57 ----HDC---- C:\WINDOWS\$NtUninstallKB2536276-v2$
2011-08-10 15:10:48 ----HDC---- C:\WINDOWS\$NtUninstallKB2570222$
2011-08-10 15:02:15 ----HDC---- C:\WINDOWS\$NtUninstallKB2566454$
2011-08-10 15:02:07 ----A---- C:\WINDOWS\imsins.BAK
2011-08-10 15:02:00 ----HDC---- C:\WINDOWS\$NtUninstallKB2562937$
2011-08-10 14:48:55 ----D---- C:\Documents and Settings\HARDMAN\Application Data\LolClient
2011-08-10 12:00:16 ----D---- C:\Documents and Settings\All Users\Application Data\PMB Files
2011-08-10 11:09:26 ----D---- C:\Program Files\Pando Networks
2011-07-29 17:00:58 ----D---- C:\Program Files\ESET
2011-07-29 17:00:58 ----D---- C:\Documents and Settings\All Users\Application Data\ESET
2011-07-29 16:47:11 ----D---- C:\Program Files\CCleaner
2011-07-29 01:26:35 ----D---- C:\WINDOWS\system32\NtmsData
2011-07-29 01:15:07 ----D---- C:\Documents and Settings\All Users\Application Data\Avira
2011-07-29 00:03:29 ----SHD---- C:\RECYCLER
2011-07-29 00:00:35 ----A---- C:\ComboFix.txt
2011-07-28 23:42:00 ----D---- C:\ComboFix
2011-07-28 14:02:23 ----A---- C:\WINDOWS\system32\drivers\cdrom.sys
2011-07-28 13:57:01 ----A---- C:\Boot.bak
2011-07-28 13:56:49 ----RASHD---- C:\cmdcons
2011-07-28 13:53:44 ----A---- C:\WINDOWS\zip.exe
2011-07-28 13:53:44 ----A---- C:\WINDOWS\SWXCACLS.exe
2011-07-28 13:53:44 ----A---- C:\WINDOWS\SWSC.exe
2011-07-28 13:53:44 ----A---- C:\WINDOWS\SWREG.exe
2011-07-28 13:53:44 ----A---- C:\WINDOWS\sed.exe
2011-07-28 13:53:44 ----A---- C:\WINDOWS\PEV.exe
2011-07-28 13:53:44 ----A---- C:\WINDOWS\NIRCMD.exe
2011-07-28 13:53:44 ----A---- C:\WINDOWS\MBR.exe
2011-07-28 13:53:44 ----A---- C:\WINDOWS\grep.exe
2011-07-28 13:53:34 ----D---- C:\WINDOWS\ERDNT
2011-07-28 13:53:27 ----D---- C:\Qoobox
2011-07-27 19:41:40 ----A---- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2011-07-27 19:41:37 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2011-07-27 19:41:37 ----A---- C:\WINDOWS\system32\drivers\mbam.sys
2011-07-27 17:54:12 ----D---- C:\WINDOWS\pss
2011-07-27 15:36:50 ----D---- C:\rsit
2011-07-27 15:36:50 ----D---- C:\Program Files\trend micro
======List of files/folders modified in the last 1 month======
2011-08-25 23:01:05 ----D---- C:\WINDOWS\Prefetch
2011-08-25 23:00:59 ----D---- C:\WINDOWS\Temp
2011-08-25 22:51:10 ----A---- C:\WINDOWS\win.ini
2011-08-25 01:44:14 ----A---- C:\WINDOWS\SchedLgU.Txt
2011-08-25 00:17:31 ----A---- C:\WINDOWS\NeroDigital.ini
2011-08-24 20:08:09 ----D---- C:\WINDOWS
2011-08-24 17:24:44 ----HD---- C:\WINDOWS\inf
2011-08-24 17:24:36 ----D---- C:\WINDOWS\system32
2011-08-24 17:24:29 ----D---- C:\WINDOWS\system32\CatRoot2
2011-08-24 02:12:03 ----D---- C:\Documents and Settings\HARDMAN\Application Data\Skype
2011-08-23 23:09:48 ----SHD---- C:\WINDOWS\Installer
2011-08-23 23:07:05 ----D---- C:\Documents and Settings\All Users\Application Data\Skype
2011-08-23 23:04:55 ----D---- C:\Config.Msi
2011-08-23 23:04:48 ----RD---- C:\Program Files\Skype
2011-08-11 01:00:00 ----RSD---- C:\WINDOWS\assembly
2011-08-11 00:33:53 ----D---- C:\WINDOWS\Microsoft.NET
2011-08-10 15:14:41 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2011-08-10 15:13:50 ----D---- C:\WINDOWS\WinSxS
2011-08-10 15:11:08 ----RSHDC---- C:\WINDOWS\system32\dllcache
2011-08-10 15:11:00 ----D---- C:\WINDOWS\system32\drivers
2011-08-10 15:10:56 ----HD---- C:\WINDOWS\$hf_mig$
2011-08-10 15:03:06 ----A---- C:\WINDOWS\system32\MRT.exe
2011-08-10 15:02:50 ----D---- C:\Program Files\Internet Explorer
2011-08-10 13:48:48 ----D---- C:\WINDOWS\system32\DirectX
2011-08-10 13:45:02 ----HD---- C:\Program Files\InstallShield Installation Information
2011-08-10 11:09:26 ----D---- C:\Program Files
2011-08-09 20:47:36 ----D---- C:\Documents and Settings
2011-07-29 16:52:56 ----D---- C:\Documents and Settings\HARDMAN\Application Data\Media Player Classic
2011-07-29 16:52:17 ----D---- C:\WINDOWS\Minidump
2011-07-29 16:52:17 ----D---- C:\WINDOWS\Debug
2011-07-29 01:28:17 ----D---- C:\Program Files\ICQ6Toolbar
2011-07-29 01:26:27 ----D---- C:\WINDOWS\repair
2011-07-29 01:26:02 ----D---- C:\WINDOWS\Registration
2011-07-29 00:56:43 ----D---- C:\Documents and Settings\HARDMAN\Application Data\HPAppData
2011-07-28 23:56:12 ----A---- C:\WINDOWS\system.ini
2011-07-28 23:52:04 ----D---- C:\WINDOWS\AppPatch
2011-07-28 23:52:02 ----D---- C:\Program Files\Common Files
2011-07-28 23:29:22 ----HDC---- C:\WINDOWS\$NtUninstallKB2279986$
2011-07-28 20:57:14 ----D---- C:\WINDOWS\system32\drivers\etc
2011-07-28 20:32:57 ----D---- C:\WINDOWS\java
2011-07-28 14:21:41 ----D---- C:\WINDOWS\system32\config
2011-07-28 14:20:19 ----DC---- C:\WINDOWS\$NtUninstallKB35244$
2011-07-28 13:57:01 ----RASH---- C:\boot.ini
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 gagp30kx;Microsoft Generic AGPv3.0 Filter for K8 Processor Platforms; C:\WINDOWS\System32\DRIVERS\gagp30kx.sys [2008-04-14 46464]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2010-07-12 45648]
R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2010-02-04 691696]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2008-01-18 77696]
R1 AsIO;AsIO; C:\WINDOWS\system32\drivers\AsIO.sys [2007-12-17 12400]
R1 ehdrv;ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [2009-02-06 106208]
R1 epfwtdi;epfwtdi; C:\WINDOWS\system32\DRIVERS\epfwtdi.sys [2009-02-06 56280]
R1 epfwtdir;epfwtdir; C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2009-05-14 94360]
R1 InCDPass;InCDPass; C:\WINDOWS\system32\drivers\InCDPass.sys [2007-06-25 36776]
R1 incdrm;InCD Reader; C:\WINDOWS\system32\drivers\InCDRm.sys [2007-06-25 38440]
R1 ISODrive;ISO DVD/CD-ROM Device Driver; \??\C:\Program Files\UltraISO\drivers\ISODrive.sys []
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 StyleXPHelper;StyleXPHelper; \??\C:\Program Files\TGTSoft\StyleXP\StyleXPHelper.exe []
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.10.0; C:\WINDOWS\System32\DRIVERS\AegisP.sys [2008-12-14 21275]
R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2009-06-13 278984]
R2 eamon;eamon; C:\WINDOWS\system32\DRIVERS\eamon.sys [2009-02-06 113448]
R2 epfw;epfw; C:\WINDOWS\system32\DRIVERS\epfw.sys [2009-02-06 130952]
R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2009-05-23 18048]
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\ADIHdAud.sys [2005-10-05 141312]
R3 AEAudioService;AEAudio Service; C:\WINDOWS\system32\drivers\AEAudio.sys [2005-03-04 127872]
R3 Epfwndis;Eset Personal Firewall; C:\WINDOWS\system32\DRIVERS\Epfwndis.sys [2009-02-06 33096]
R3 FETND5BV;VIA Rhine-Family Fast Ethernet Adapter Driver Service; C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2004-12-16 42496]
R3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2010-03-14 25280]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 MBAMProtector;MBAMProtector; \??\C:\WINDOWS\system32\drivers\mbam.sys []
R3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-23 12160]
R3 ms_mpu401;Microsoft MPU-401 MIDI UART Driver; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-17 2944]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-13 5810]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2010-06-08 10531200]
R3 PAC207;e-Messenger 112; C:\WINDOWS\system32\DRIVERS\PFC027.SYS [2007-10-25 616064]
R3 RT61;Ralink RT61 Wireless Driver; C:\WINDOWS\System32\DRIVERS\RT61.sys [2006-05-04 380928]
R3 SenFiltService;SenFilt Service; C:\WINDOWS\system32\drivers\Senfilt.sys [2005-08-11 393088]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-14 20608]
R4 InCDfs;InCD File System; C:\WINDOWS\system32\drivers\InCDFs.sys [2007-06-25 119080]
S3 .cdrom;.cdrom; \* []
S3 .redbook;.redbook; \* []
S3 agmdkasg;agmdkasg; C:\WINDOWS\system32\drivers\agmdkasg.sys []
S3 ayf9sz5r;ayf9sz5r; C:\WINDOWS\system32\drivers\ayf9sz5r.sys []
S3 catchme;catchme; \??\C:\DOCUME~1\HARDMAN\LOCALS~1\Temp\catchme.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver; C:\WINDOWS\System32\DRIVERS\fetnd5.sys [2001-08-17 27165]
S3 GGSAFERDriver;GGSAFER Driver; \??\C:\Program Files\Garena\safedrv.sys []
S3 HdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\HdAudio.sys [2004-10-27 145920]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\ccdcmb.sys [2010-01-21 18048]
S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2009-12-30 22016]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 StillCam;Still Serial Digital Camera Driver; C:\WINDOWS\system32\DRIVERS\serscan.sys [2001-08-17 6784]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 teamviewervpn;TeamViewer VPN Adapter; C:\WINDOWS\system32\DRIVERS\teamviewervpn.sys [2008-01-25 25088]
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2009-12-30 7936]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 usbser;USB Modem Driver; C:\WINDOWS\system32\drivers\usbser.sys [2008-04-14 26112]
S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2009-12-30 7936]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2008-03-27 503008]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2008-01-18 83328]
S4 WS2IFSL;Prostredie podpory poskytovateľa služby Windows Socket 2.0 Non-IFS Service; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-08-23 12032]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2009-02-06 727720]
R2 hpqddsvc;HP CUE DeviceDiscovery Service; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 HPSLPSVC;HP Network Devices Support; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 MBAMService;MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-07-06 366640]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2009-01-20 81920]
R2 UxTuneUp;TuneUp Theme Extension; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R3 hpqcxs08;hpqcxs08; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 gupdate;Google Update Service (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-03-01 135664]
S2 ICQ Service;ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe []
S2 InCDsrv;InCD Helper; C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe []
S2 NMSAccessU;NMSAccessU; C:\Documents and Settings\HARDMAN\Local Settings\Temp\{9B4E5612-20B6-4B4D-BBB2-0B8F07250D46}\NMSAccessU.exe []
S2 nvsvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe []
S2 StarWindServiceAE;StarWind AE Service; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2007-05-28 275968]
S2 StyleXPService;StyleXPService; C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe [2006-05-24 372736]
S2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service; C:\WINDOWS\System32\TUProgSt.exe []
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe [2009-02-06 20680]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-03-01 135664]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-27 65824]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-06-29 800040]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe []
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2010-01-26 652800]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service; C:\WINDOWS\System32\TuneUpDefragService.exe [2010-02-06 355840]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
-----------------EOF-----------------
Skusal som ten subor na virustotal ale nejako mi to neslo.Eset vypisuje ze Win32/Patched.HN trojsky kun
Logfile of random's system information tool 1.09 (written by random/random)
Run by HARDMAN at 2011-08-25 23:00:59
WIN_XP Service Pack 3
System drive C: has 9 GB (31%) free of 29 GB
Total RAM: 1022 MB (58% free)
======Scheduled tasks folder======
C:\WINDOWS\tasks\1-Click Maintenance.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore1cb0d9d335d472e.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
=========Mozilla firefox=========
ProfilePath - C:\Documents and Settings\HARDMAN\Application Data\Mozilla\Firefox\Profiles\2xv5asca.default
prefs.js - "browser.search.useDBForOrder" - true
prefs.js - "browser.startup.homepage" - "http://start.icq.com/"
prefs.js - "extensions.enabledItems" - "{972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.18"
prefs.js - "keyword.URL" - "http://search.sweetim.com/search.asp?src=2&q="
"bkmrksync@nokia.com"=C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\
"{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}"=C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\
"{20a82645-c095-46ed-80e3-08825760534b}"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
"smartwebprinting@hp.com"=C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
"{23fcfd51-4958-4f00-80a3-ae97e717ed8b}"=C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0]
"Description"=DivX® Player Plugin for VOD Content
"Path"=C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0]
"Description"=DivX VOD Helper Plug-in
"Path"=C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Google.com/GoogleEarthPlugin]
"Description"=Google Earth in your browser
"Path"=C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@pandonetworks.com/PandoWebPlugin]
"Description"=This plugin detects and launches Pando Media Booster
"Path"=C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69]
"Description"=RealPlayer(tm) LiveConnect-Enabled Plug-In
"Path"=C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69]
"Description"=6.0.12.69
"Path"=C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=]
"Description"=
"Path"=
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}
C:\Program Files\Mozilla Firefox\components\
AskHPRFF.js
browser.xpt
browserdirprovider.dll
brwsrcmp.dll
components.list
FeedConverter.js
FeedProcessor.js
FeedWriter.js
fuelApplication.js
GPSDGeolocationProvider.js
jsconsole-clhandler.js
NetworkGeolocationProvider.js
npCouponPrinter.xpt
nppl3260.xpt
nsAddonRepository.js
nsBadCertHandler.js
nsBlocklistService.js
nsBrowserContentHandler.js
nsBrowserGlue.js
nsContentDispatchChooser.js
nsContentPrefService.js
nsDefaultCLH.js
nsDownloadManagerUI.js
nsExtensionManager.js
nsFormAutoComplete.js
nsHandlerService.js
nsHelperAppDlg.js
nsINIProcessor.js
nsJSRealPlayerPlugin.xpt
nsLivemarkService.js
nsLoginInfo.js
nsLoginManager.js
nsLoginManagerPrompter.js
nsMicrosummaryService.js
nsPlacesAutoComplete.js
nsPlacesDBFlush.js
nsPlacesTransactionsService.js
nsPrivateBrowsingService.js
nsProxyAutoConfig.js
nsSafebrowsingApplication.js
nsSearchService.js
nsSearchSuggestions.js
nsSessionStartup.js
nsSessionStore.js
nsSetDefaultBrowser.js
nsSidebar.js
nsTaggingService.js
nsTryToClose.js
nsUpdateService.js
nsUpdateServiceStub.js
nsUpdateTimerManager.js
nsUrlClassifierLib.js
nsUrlClassifierListManager.js
nsURLFormatter.js
nsWebHandlerApp.js
pluginGlue.js
storage-Legacy.js
storage-mozStorage.js
txEXSLTRegExFunctions.js
WebContentConverter.js
C:\Program Files\Mozilla Firefox\plugins\
np32dsw.dll
npCouponPrinter.dll
npDivxPlayerPlugin.dll
npMozCouponPrinter.dll
npnul32.dll
NPOFF12.DLL
nppdf32.dll
nppl3260.dll
nprpjplug.dll
nsIDivxPlayerPlugin.xpt
ShockwavePlugin.class
C:\Program Files\Mozilla Firefox\searchplugins\
atlas-sk.xml
azet-sk.xml
dunaj-sk.xml
eBay.xml
google.xml
slovnik-sk.xml
wikipedia-sk.xml
zoznam-sk.xml
C:\Documents and Settings\HARDMAN\Application Data\Mozilla\Firefox\Profiles\2xv5asca.default\extensions\
DTToolbar@toolbarnet.com
{20a82645-c095-46ed-80e3-08825760534b}
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0347C33E-8762-4905-BF09-768834316C61}]
HP Print Enhancer - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-10-22 328248]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{326E768D-4182-46FD-9C16-1449A49795F4}]
DivX Plus Web Player HTML5 <video> - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll [2011-05-23 115072]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-27 2210608]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}]
HP Smart BHO Class - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-10-22 517688]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{855F3B16-6D32-4fe6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2010-11-21 1054520]
{32099AAC-C132-4136-9E9A-4E364A424E17} - DAEMON Tools Toolbar - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll [2009-04-23 937416]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"High Definition Audio Property Page Shortcut"=C:\WINDOWS\system32\HDAShCut.exe [2004-10-27 61952]
"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2005-05-20 925696]
"PAC207_Monitor"=C:\WINDOWS\PixArt\PAC207\Monitor.exe [2006-11-03 319488]
"Monitor"=C:\WINDOWS\PixArt\PAC207\Monitor.exe [2006-11-03 319488]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2006-10-27 31016]
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2007-03-01 153136]
"SecurDisc"=C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe [2007-06-25 1629480]
"ASUS Update Checker"=C:\Program Files\ASUS\ASUSUpdate\UpdateChecker\UpdateChecker.exe [2008-12-11 114688]
"Ai Nap"=C:\Program Files\ASUS\AI Suite\AiNap\AiNap.exe [2007-12-10 1412608]
"CPU Power Monitor"=C:\Program Files\ASUS\AI Suite\AiGear3\CpuPowerMonitor.exe [2007-10-16 626176]
"Cpu Level Up help"=C:\Program Files\ASUS\AI Suite\CpuLevelUpHelp.exe [2007-11-30 881152]
"NokiaMServer"=C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup []
"nwiz"=C:\Program Files\NVIDIA Corporation\nView\nwiz.exe [2010-06-03 1753192]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2010-06-07 110696]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2010-06-07 13902440]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2011-06-08 37296]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2011-03-30 937920]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2009-11-18 54576]
"Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2011-07-06 449584]
"egui"=C:\Program Files\ESET\ESET Smart Security\egui.exe [2009-02-06 2021400]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2007-06-27 152872]
"STYLEXP"=C:\Program Files\TGTSoft\StyleXP\StyleXP.exe [2006-05-24 1372160]
"AlcoholAutomount"=C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe [2009-04-24 203928]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"Pando Media Booster"=C:\Program Files\Pando Networks\Media Booster\PMB.exe [2011-08-10 3077528]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
Ralink Wireless Utility.lnk - C:\Program Files\RALINK\Common\RaUI.exe
C:\Documents and Settings\HARDMAN\Start Menu\Programs\Startup
Kalendár.lnk - C:\WINDOWS\MENINY.EXE
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-04-16 190464]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-27 2210608]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableSecureUIAPaths"=0
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\DivX\DivX Update\DivXUpdate.exe"="C:\Program Files\DivX\DivX Update\DivXUpdate.exe:*:Enabled:DivX Update"
"Z:\Hry\Valve\hl.exe"="Z:\Hry\Valve\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe"="C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe:*:Enabled:Malwarebytes' Anti-Malware"
"C:\Program Files\Google\Update\GoogleUpdate.exe"="C:\Program Files\Google\Update\GoogleUpdate.exe:*:Enabled:Inštalačný program Google"
"C:\Program Files\Pando Networks\Media Booster\PMB.exe"="C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster"
"C:\Documents and Settings\HARDMAN\Local Settings\Application Data\Google\Chrome\Application\chrome.exe"="C:\Documents and Settings\HARDMAN\Local Settings\Application Data\Google\Chrome\Application\chrome.exe:*:Enabled:Google Chrome"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype "
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Pando Networks\Media Booster\PMB.exe"="C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"VIDC.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"VIDC.IYUV"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVU9"=tsbyuv.dll
"VIDC.YVYU"=msyuv.dll
"wavemapper"=msacm32.drv
"midi"=wdmaud.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\System32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"VIDC.VP60"=vp6vfw.dll
"VIDC.VP61"=vp6vfw.dll
"VIDC.VP62"=vp6vfw.dll
"VIDC.VP70"=vp7vfw.dll
"msacm.l3fhg"=mp3fhg.acm
"msacm.divxa32"=divxa32.acm
"msacm.vorbis"=vorbis.acm
"VIDC.X264"=x264vfw.dll
"VIDC.XVID"=xvidvfw.dll
"VIDC.HFYU"=huffyuv.dll
"vidc.i263"=i263_32.drv
"msacm.ac3acm"=ac3acm.acm
"msacm.lameacm"=lameACM.acm
"VIDC.FFDS"=ff_vfw.dll
"MSVideo8"=VfWWDM32.dll
"VIDC.FPS1"=frapsvid.dll
"vidc.DIVX"=DivX.dll
"vidc.yv12"=DivX.dll
======List of files/folders created in the last 1 month======
2011-08-24 17:24:33 ----HDC---- C:\WINDOWS\$NtUninstallKB2570791$
2011-08-10 15:11:06 ----HDC---- C:\WINDOWS\$NtUninstallKB2567680$
2011-08-10 15:10:57 ----HDC---- C:\WINDOWS\$NtUninstallKB2536276-v2$
2011-08-10 15:10:48 ----HDC---- C:\WINDOWS\$NtUninstallKB2570222$
2011-08-10 15:02:15 ----HDC---- C:\WINDOWS\$NtUninstallKB2566454$
2011-08-10 15:02:07 ----A---- C:\WINDOWS\imsins.BAK
2011-08-10 15:02:00 ----HDC---- C:\WINDOWS\$NtUninstallKB2562937$
2011-08-10 14:48:55 ----D---- C:\Documents and Settings\HARDMAN\Application Data\LolClient
2011-08-10 12:00:16 ----D---- C:\Documents and Settings\All Users\Application Data\PMB Files
2011-08-10 11:09:26 ----D---- C:\Program Files\Pando Networks
2011-07-29 17:00:58 ----D---- C:\Program Files\ESET
2011-07-29 17:00:58 ----D---- C:\Documents and Settings\All Users\Application Data\ESET
2011-07-29 16:47:11 ----D---- C:\Program Files\CCleaner
2011-07-29 01:26:35 ----D---- C:\WINDOWS\system32\NtmsData
2011-07-29 01:15:07 ----D---- C:\Documents and Settings\All Users\Application Data\Avira
2011-07-29 00:03:29 ----SHD---- C:\RECYCLER
2011-07-29 00:00:35 ----A---- C:\ComboFix.txt
2011-07-28 23:42:00 ----D---- C:\ComboFix
2011-07-28 14:02:23 ----A---- C:\WINDOWS\system32\drivers\cdrom.sys
2011-07-28 13:57:01 ----A---- C:\Boot.bak
2011-07-28 13:56:49 ----RASHD---- C:\cmdcons
2011-07-28 13:53:44 ----A---- C:\WINDOWS\zip.exe
2011-07-28 13:53:44 ----A---- C:\WINDOWS\SWXCACLS.exe
2011-07-28 13:53:44 ----A---- C:\WINDOWS\SWSC.exe
2011-07-28 13:53:44 ----A---- C:\WINDOWS\SWREG.exe
2011-07-28 13:53:44 ----A---- C:\WINDOWS\sed.exe
2011-07-28 13:53:44 ----A---- C:\WINDOWS\PEV.exe
2011-07-28 13:53:44 ----A---- C:\WINDOWS\NIRCMD.exe
2011-07-28 13:53:44 ----A---- C:\WINDOWS\MBR.exe
2011-07-28 13:53:44 ----A---- C:\WINDOWS\grep.exe
2011-07-28 13:53:34 ----D---- C:\WINDOWS\ERDNT
2011-07-28 13:53:27 ----D---- C:\Qoobox
2011-07-27 19:41:40 ----A---- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2011-07-27 19:41:37 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2011-07-27 19:41:37 ----A---- C:\WINDOWS\system32\drivers\mbam.sys
2011-07-27 17:54:12 ----D---- C:\WINDOWS\pss
2011-07-27 15:36:50 ----D---- C:\rsit
2011-07-27 15:36:50 ----D---- C:\Program Files\trend micro
======List of files/folders modified in the last 1 month======
2011-08-25 23:01:05 ----D---- C:\WINDOWS\Prefetch
2011-08-25 23:00:59 ----D---- C:\WINDOWS\Temp
2011-08-25 22:51:10 ----A---- C:\WINDOWS\win.ini
2011-08-25 01:44:14 ----A---- C:\WINDOWS\SchedLgU.Txt
2011-08-25 00:17:31 ----A---- C:\WINDOWS\NeroDigital.ini
2011-08-24 20:08:09 ----D---- C:\WINDOWS
2011-08-24 17:24:44 ----HD---- C:\WINDOWS\inf
2011-08-24 17:24:36 ----D---- C:\WINDOWS\system32
2011-08-24 17:24:29 ----D---- C:\WINDOWS\system32\CatRoot2
2011-08-24 02:12:03 ----D---- C:\Documents and Settings\HARDMAN\Application Data\Skype
2011-08-23 23:09:48 ----SHD---- C:\WINDOWS\Installer
2011-08-23 23:07:05 ----D---- C:\Documents and Settings\All Users\Application Data\Skype
2011-08-23 23:04:55 ----D---- C:\Config.Msi
2011-08-23 23:04:48 ----RD---- C:\Program Files\Skype
2011-08-11 01:00:00 ----RSD---- C:\WINDOWS\assembly
2011-08-11 00:33:53 ----D---- C:\WINDOWS\Microsoft.NET
2011-08-10 15:14:41 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2011-08-10 15:13:50 ----D---- C:\WINDOWS\WinSxS
2011-08-10 15:11:08 ----RSHDC---- C:\WINDOWS\system32\dllcache
2011-08-10 15:11:00 ----D---- C:\WINDOWS\system32\drivers
2011-08-10 15:10:56 ----HD---- C:\WINDOWS\$hf_mig$
2011-08-10 15:03:06 ----A---- C:\WINDOWS\system32\MRT.exe
2011-08-10 15:02:50 ----D---- C:\Program Files\Internet Explorer
2011-08-10 13:48:48 ----D---- C:\WINDOWS\system32\DirectX
2011-08-10 13:45:02 ----HD---- C:\Program Files\InstallShield Installation Information
2011-08-10 11:09:26 ----D---- C:\Program Files
2011-08-09 20:47:36 ----D---- C:\Documents and Settings
2011-07-29 16:52:56 ----D---- C:\Documents and Settings\HARDMAN\Application Data\Media Player Classic
2011-07-29 16:52:17 ----D---- C:\WINDOWS\Minidump
2011-07-29 16:52:17 ----D---- C:\WINDOWS\Debug
2011-07-29 01:28:17 ----D---- C:\Program Files\ICQ6Toolbar
2011-07-29 01:26:27 ----D---- C:\WINDOWS\repair
2011-07-29 01:26:02 ----D---- C:\WINDOWS\Registration
2011-07-29 00:56:43 ----D---- C:\Documents and Settings\HARDMAN\Application Data\HPAppData
2011-07-28 23:56:12 ----A---- C:\WINDOWS\system.ini
2011-07-28 23:52:04 ----D---- C:\WINDOWS\AppPatch
2011-07-28 23:52:02 ----D---- C:\Program Files\Common Files
2011-07-28 23:29:22 ----HDC---- C:\WINDOWS\$NtUninstallKB2279986$
2011-07-28 20:57:14 ----D---- C:\WINDOWS\system32\drivers\etc
2011-07-28 20:32:57 ----D---- C:\WINDOWS\java
2011-07-28 14:21:41 ----D---- C:\WINDOWS\system32\config
2011-07-28 14:20:19 ----DC---- C:\WINDOWS\$NtUninstallKB35244$
2011-07-28 13:57:01 ----RASH---- C:\boot.ini
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 gagp30kx;Microsoft Generic AGPv3.0 Filter for K8 Processor Platforms; C:\WINDOWS\System32\DRIVERS\gagp30kx.sys [2008-04-14 46464]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2010-07-12 45648]
R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2010-02-04 691696]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2008-01-18 77696]
R1 AsIO;AsIO; C:\WINDOWS\system32\drivers\AsIO.sys [2007-12-17 12400]
R1 ehdrv;ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [2009-02-06 106208]
R1 epfwtdi;epfwtdi; C:\WINDOWS\system32\DRIVERS\epfwtdi.sys [2009-02-06 56280]
R1 epfwtdir;epfwtdir; C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2009-05-14 94360]
R1 InCDPass;InCDPass; C:\WINDOWS\system32\drivers\InCDPass.sys [2007-06-25 36776]
R1 incdrm;InCD Reader; C:\WINDOWS\system32\drivers\InCDRm.sys [2007-06-25 38440]
R1 ISODrive;ISO DVD/CD-ROM Device Driver; \??\C:\Program Files\UltraISO\drivers\ISODrive.sys []
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 StyleXPHelper;StyleXPHelper; \??\C:\Program Files\TGTSoft\StyleXP\StyleXPHelper.exe []
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.10.0; C:\WINDOWS\System32\DRIVERS\AegisP.sys [2008-12-14 21275]
R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2009-06-13 278984]
R2 eamon;eamon; C:\WINDOWS\system32\DRIVERS\eamon.sys [2009-02-06 113448]
R2 epfw;epfw; C:\WINDOWS\system32\DRIVERS\epfw.sys [2009-02-06 130952]
R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2009-05-23 18048]
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\ADIHdAud.sys [2005-10-05 141312]
R3 AEAudioService;AEAudio Service; C:\WINDOWS\system32\drivers\AEAudio.sys [2005-03-04 127872]
R3 Epfwndis;Eset Personal Firewall; C:\WINDOWS\system32\DRIVERS\Epfwndis.sys [2009-02-06 33096]
R3 FETND5BV;VIA Rhine-Family Fast Ethernet Adapter Driver Service; C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2004-12-16 42496]
R3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2010-03-14 25280]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 MBAMProtector;MBAMProtector; \??\C:\WINDOWS\system32\drivers\mbam.sys []
R3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-23 12160]
R3 ms_mpu401;Microsoft MPU-401 MIDI UART Driver; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-17 2944]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-13 5810]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2010-06-08 10531200]
R3 PAC207;e-Messenger 112; C:\WINDOWS\system32\DRIVERS\PFC027.SYS [2007-10-25 616064]
R3 RT61;Ralink RT61 Wireless Driver; C:\WINDOWS\System32\DRIVERS\RT61.sys [2006-05-04 380928]
R3 SenFiltService;SenFilt Service; C:\WINDOWS\system32\drivers\Senfilt.sys [2005-08-11 393088]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-14 20608]
R4 InCDfs;InCD File System; C:\WINDOWS\system32\drivers\InCDFs.sys [2007-06-25 119080]
S3 .cdrom;.cdrom; \* []
S3 .redbook;.redbook; \* []
S3 agmdkasg;agmdkasg; C:\WINDOWS\system32\drivers\agmdkasg.sys []
S3 ayf9sz5r;ayf9sz5r; C:\WINDOWS\system32\drivers\ayf9sz5r.sys []
S3 catchme;catchme; \??\C:\DOCUME~1\HARDMAN\LOCALS~1\Temp\catchme.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver; C:\WINDOWS\System32\DRIVERS\fetnd5.sys [2001-08-17 27165]
S3 GGSAFERDriver;GGSAFER Driver; \??\C:\Program Files\Garena\safedrv.sys []
S3 HdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\HdAudio.sys [2004-10-27 145920]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\ccdcmb.sys [2010-01-21 18048]
S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2009-12-30 22016]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 StillCam;Still Serial Digital Camera Driver; C:\WINDOWS\system32\DRIVERS\serscan.sys [2001-08-17 6784]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 teamviewervpn;TeamViewer VPN Adapter; C:\WINDOWS\system32\DRIVERS\teamviewervpn.sys [2008-01-25 25088]
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2009-12-30 7936]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 usbser;USB Modem Driver; C:\WINDOWS\system32\drivers\usbser.sys [2008-04-14 26112]
S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2009-12-30 7936]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2008-03-27 503008]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2008-01-18 83328]
S4 WS2IFSL;Prostredie podpory poskytovateľa služby Windows Socket 2.0 Non-IFS Service; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-08-23 12032]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2009-02-06 727720]
R2 hpqddsvc;HP CUE DeviceDiscovery Service; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 HPSLPSVC;HP Network Devices Support; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 MBAMService;MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-07-06 366640]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2009-01-20 81920]
R2 UxTuneUp;TuneUp Theme Extension; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R3 hpqcxs08;hpqcxs08; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 gupdate;Google Update Service (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-03-01 135664]
S2 ICQ Service;ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe []
S2 InCDsrv;InCD Helper; C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe []
S2 NMSAccessU;NMSAccessU; C:\Documents and Settings\HARDMAN\Local Settings\Temp\{9B4E5612-20B6-4B4D-BBB2-0B8F07250D46}\NMSAccessU.exe []
S2 nvsvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe []
S2 StarWindServiceAE;StarWind AE Service; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2007-05-28 275968]
S2 StyleXPService;StyleXPService; C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe [2006-05-24 372736]
S2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service; C:\WINDOWS\System32\TUProgSt.exe []
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe [2009-02-06 20680]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-03-01 135664]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-27 65824]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-06-29 800040]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe []
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2010-01-26 652800]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service; C:\WINDOWS\System32\TuneUpDefragService.exe [2010-02-06 355840]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
-----------------EOF-----------------
Skusal som ten subor na virustotal ale nejako mi to neslo.Eset vypisuje ze Win32/Patched.HN trojsky kun
NO PASARAN
Re: FB-vir
Odinstalujte combofix přes Start - Spustit- zkopírujte do okénka:
ComboFix /Uninstall
-stiskněte Enter
-To odinstaluje ComboFix a smaže s ním související soubory a složky.
***********
Stáhněte T-Cleaner http://tharifas.sweb.cz/T-Cleaner.exe
-Spusťte,pro potvrzení volby mačkejte klávesu A, Enter
-po použití prográmek vymažte.Pozor,antiviry ho mohou falešně označit za vir
***********
Spusťte combofix podle tohoto návoduhttp://www.bleepingcomputer.com/combofi ... t-combofix
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Re: FB-vir
Tu je log
ComboFix 11-08-25.01 - HARDMAN 25.08.2011 23:44:10.4.1 - x86
Running from: c:\documents and settings\HARDMAN\Desktop\ComboFix.exe
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\messenger\msmsgsin.exe
.
c:\windows\system32\PnkBstrA.exe . . . is infected!!
.
Infected copy of c:\windows\system32\DRIVERS\redbook.sys was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\redbook.sys
.
.
((((((((((((((((((((((((( Files Created from 2011-07-25 to 2011-08-25 )))))))))))))))))))))))))))))))
.
.
2011-08-10 20:20 . 2011-08-17 00:30 -------- d-----w- c:\documents and settings\HARDMAN\riotsGamesLogs
2011-08-10 12:48 . 2011-08-10 12:48 -------- d-----w- c:\documents and settings\HARDMAN\Application Data\LolClient
2011-08-10 11:43 . 2011-07-08 14:02 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys
2011-08-10 11:43 . 2011-06-24 14:10 139656 -c----w- c:\windows\system32\dllcache\rdpwd.sys
2011-08-10 10:00 . 2011-08-25 22:00 -------- d-----w- c:\documents and settings\HARDMAN\Local Settings\Application Data\PMB Files
2011-08-10 10:00 . 2011-08-17 00:35 -------- d-----w- c:\documents and settings\All Users\Application Data\PMB Files
2011-08-10 09:09 . 2011-08-10 09:09 -------- d-----w- c:\program files\Pando Networks
2011-08-09 18:47 . 2011-08-09 18:47 -------- d-----w- c:\documents and settings\Guest
2011-07-29 15:00 . 2011-07-29 15:00 -------- d-----w- c:\program files\ESET
2011-07-29 15:00 . 2011-07-29 15:00 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET
2011-07-29 14:47 . 2011-07-29 14:47 -------- d-----w- c:\program files\CCleaner
2011-07-28 23:15 . 2011-07-29 14:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2011-07-28 12:02 . 2008-04-13 23:10 62976 ----a-w- c:\windows\system32\drivers\cdrom.sys
2011-07-27 20:13 . 2011-07-27 20:13 -------- d-----w- c:\documents and settings\Administrator
2011-07-27 20:12 . 2011-07-27 20:28 44560 --sha-w- c:\windows\system32\c_47380.nl_
2011-07-27 17:41 . 2011-07-06 17:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-27 17:41 . 2011-07-28 18:13 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-07-27 17:41 . 2011-07-06 17:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-27 13:36 . 2011-08-25 21:00 -------- d-----w- c:\program files\trend micro
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-15 13:29 . 2001-08-23 12:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-08 14:02 . 2001-08-23 12:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
2011-06-24 14:10 . 2008-12-14 14:03 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2011-06-23 18:36 . 2001-08-23 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2011-06-23 18:36 . 2001-08-23 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-06-23 18:36 . 2001-08-23 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-06-23 13:00 . 2011-05-18 11:53 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-23 12:05 . 2008-12-16 16:17 385024 ----a-w- c:\windows\system32\html.iec
2011-06-20 17:44 . 2001-08-23 12:00 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-06-02 17:53 . 2011-06-02 17:53 94208 ----a-w- c:\windows\system32\dpl100.dll
2011-06-02 14:02 . 2001-08-23 12:00 1858944 ----a-w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872]
"STYLEXP"="c:\program files\TGTSoft\StyleXP\StyleXP.exe" [2006-05-24 1372160]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2009-04-24 203928]
"Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2011-08-10 3077528]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2004-10-27 61952]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696]
"PAC207_Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2006-11-03 319488]
"Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2006-11-03 319488]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"SecurDisc"="c:\program files\Nero\Nero 7\InCD\NBHGui.exe" [2007-06-25 1629480]
"ASUS Update Checker"="c:\program files\ASUS\ASUSUpdate\UpdateChecker\UpdateChecker.exe" [2008-12-11 114688]
"Ai Nap"="c:\program files\ASUS\AI Suite\AiNap\AiNap.exe" [2007-12-10 1412608]
"CPU Power Monitor"="c:\program files\ASUS\AI Suite\AiGear3\CpuPowerMonitor.exe" [2007-10-16 626176]
"Cpu Level Up help"="c:\program files\ASUS\AI Suite\CpuLevelUpHelp.exe" [2007-11-30 881152]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-06-02 1753192]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-06-07 110696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-06-07 13902440]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2009-11-18 54576]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-06 449584]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2009-02-06 2021400]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\HARDMAN\Start Menu\Programs\Startup\
Kalend r.lnk - c:\windows\MENINY.EXE [2009-2-15 49312]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072]
Ralink Wireless Utility.lnk - c:\program files\RALINK\Common\RaUI.exe [2008-12-14 614400]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableSecureUIAPaths"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\DivX\\DivX Update\\DivXUpdate.exe"=
"z:\\Hry\\Valve\\hl.exe"=
"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=
"c:\\Program Files\\Google\\Update\\GoogleUpdate.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Documents and Settings\\HARDMAN\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"58653:TCP"= 58653:TCP:Pando Media Booster
"58653:UDP"= 58653:UDP:Pando Media Booster
.
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-03-01 135664]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [x]
R3 GGSAFERDriver;GGSAFER Driver;c:\program files\Garena\safedrv.sys [x]
R3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-03-01 135664]
R3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\DRIVERS\teamviewervpn.sys [2008-01-25 25088]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-02-04 691696]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2009-02-06 106208]
S1 epfwtdir;epfwtdir;c:\windows\system32\DRIVERS\epfwtdir.sys [2009-05-14 94360]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2009-02-06 727720]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-07-06 366640]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-07-06 22712]
S3 PAC207;e-Messenger 112;c:\windows\system32\DRIVERS\PFC027.SYS [2007-10-25 616064]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder
.
2011-08-25 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2009-11-16 15:54]
.
2011-08-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cb0d9d335d472e.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-01 12:30]
.
2011-08-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-01 12:30]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://start.icq.com/
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files\ICQ7.5\ICQ.exe
FF - ProfilePath - c:\documents and settings\HARDMAN\Application Data\Mozilla\Firefox\Profiles\2xv5asca.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2418376&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://start.icq.com/
FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-08-25 23:57
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\.cdrom]
"ImagePath"="\*"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\.redbook]
"ImagePath"="\*"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1957994488-789336058-725345543-1003\Software\SecuROM\License information*]
"datasecu"=hex:1b,93,ac,a1,67,b0,04,ef,ce,2d,68,33,de,3f,a4,ad,90,8b,c4,d2,a6,
e6,1d,21,47,01,46,f5,f0,cd,9f,23,5d,1a,7a,b6,0a,b1,54,16,d3,52,56,32,12,71,\
"rkeysecu"=hex:a6,d9,8e,f3,ed,6f,c7,99,40,e5,5c,37,91,b0,fe,85
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(3788)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_slk.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\wscntfy.exe
c:\program files\Common Files\Nokia\MPlatform\NokiaMServer.exe
c:\windows\system32\RUNDLL32.EXE
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\HP\Digital Imaging\bin\hpqbam08.exe
c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe
.
**************************************************************************
.
Completion time: 2011-08-26 00:09:14 - machine was rebooted
ComboFix-quarantined-files.txt 2011-08-25 22:09
.
Pre-Run: 9 742 807 040 bytes free
Post-Run: 9 697 693 696 bytes free
.
- - End Of File - - 5A2840D64F7D0123239CF7B8D2CBD6E0
ComboFix 11-08-25.01 - HARDMAN 25.08.2011 23:44:10.4.1 - x86
Running from: c:\documents and settings\HARDMAN\Desktop\ComboFix.exe
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\messenger\msmsgsin.exe
.
c:\windows\system32\PnkBstrA.exe . . . is infected!!
.
Infected copy of c:\windows\system32\DRIVERS\redbook.sys was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\redbook.sys
.
.
((((((((((((((((((((((((( Files Created from 2011-07-25 to 2011-08-25 )))))))))))))))))))))))))))))))
.
.
2011-08-10 20:20 . 2011-08-17 00:30 -------- d-----w- c:\documents and settings\HARDMAN\riotsGamesLogs
2011-08-10 12:48 . 2011-08-10 12:48 -------- d-----w- c:\documents and settings\HARDMAN\Application Data\LolClient
2011-08-10 11:43 . 2011-07-08 14:02 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys
2011-08-10 11:43 . 2011-06-24 14:10 139656 -c----w- c:\windows\system32\dllcache\rdpwd.sys
2011-08-10 10:00 . 2011-08-25 22:00 -------- d-----w- c:\documents and settings\HARDMAN\Local Settings\Application Data\PMB Files
2011-08-10 10:00 . 2011-08-17 00:35 -------- d-----w- c:\documents and settings\All Users\Application Data\PMB Files
2011-08-10 09:09 . 2011-08-10 09:09 -------- d-----w- c:\program files\Pando Networks
2011-08-09 18:47 . 2011-08-09 18:47 -------- d-----w- c:\documents and settings\Guest
2011-07-29 15:00 . 2011-07-29 15:00 -------- d-----w- c:\program files\ESET
2011-07-29 15:00 . 2011-07-29 15:00 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET
2011-07-29 14:47 . 2011-07-29 14:47 -------- d-----w- c:\program files\CCleaner
2011-07-28 23:15 . 2011-07-29 14:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2011-07-28 12:02 . 2008-04-13 23:10 62976 ----a-w- c:\windows\system32\drivers\cdrom.sys
2011-07-27 20:13 . 2011-07-27 20:13 -------- d-----w- c:\documents and settings\Administrator
2011-07-27 20:12 . 2011-07-27 20:28 44560 --sha-w- c:\windows\system32\c_47380.nl_
2011-07-27 17:41 . 2011-07-06 17:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-27 17:41 . 2011-07-28 18:13 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-07-27 17:41 . 2011-07-06 17:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-27 13:36 . 2011-08-25 21:00 -------- d-----w- c:\program files\trend micro
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-15 13:29 . 2001-08-23 12:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-08 14:02 . 2001-08-23 12:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
2011-06-24 14:10 . 2008-12-14 14:03 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2011-06-23 18:36 . 2001-08-23 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2011-06-23 18:36 . 2001-08-23 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-06-23 18:36 . 2001-08-23 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-06-23 13:00 . 2011-05-18 11:53 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-23 12:05 . 2008-12-16 16:17 385024 ----a-w- c:\windows\system32\html.iec
2011-06-20 17:44 . 2001-08-23 12:00 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-06-02 17:53 . 2011-06-02 17:53 94208 ----a-w- c:\windows\system32\dpl100.dll
2011-06-02 14:02 . 2001-08-23 12:00 1858944 ----a-w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872]
"STYLEXP"="c:\program files\TGTSoft\StyleXP\StyleXP.exe" [2006-05-24 1372160]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2009-04-24 203928]
"Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2011-08-10 3077528]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2004-10-27 61952]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696]
"PAC207_Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2006-11-03 319488]
"Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2006-11-03 319488]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"SecurDisc"="c:\program files\Nero\Nero 7\InCD\NBHGui.exe" [2007-06-25 1629480]
"ASUS Update Checker"="c:\program files\ASUS\ASUSUpdate\UpdateChecker\UpdateChecker.exe" [2008-12-11 114688]
"Ai Nap"="c:\program files\ASUS\AI Suite\AiNap\AiNap.exe" [2007-12-10 1412608]
"CPU Power Monitor"="c:\program files\ASUS\AI Suite\AiGear3\CpuPowerMonitor.exe" [2007-10-16 626176]
"Cpu Level Up help"="c:\program files\ASUS\AI Suite\CpuLevelUpHelp.exe" [2007-11-30 881152]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-06-02 1753192]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-06-07 110696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-06-07 13902440]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2009-11-18 54576]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-06 449584]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2009-02-06 2021400]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\HARDMAN\Start Menu\Programs\Startup\
Kalend r.lnk - c:\windows\MENINY.EXE [2009-2-15 49312]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072]
Ralink Wireless Utility.lnk - c:\program files\RALINK\Common\RaUI.exe [2008-12-14 614400]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableSecureUIAPaths"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\DivX\\DivX Update\\DivXUpdate.exe"=
"z:\\Hry\\Valve\\hl.exe"=
"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=
"c:\\Program Files\\Google\\Update\\GoogleUpdate.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Documents and Settings\\HARDMAN\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"58653:TCP"= 58653:TCP:Pando Media Booster
"58653:UDP"= 58653:UDP:Pando Media Booster
.
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-03-01 135664]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [x]
R3 GGSAFERDriver;GGSAFER Driver;c:\program files\Garena\safedrv.sys [x]
R3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-03-01 135664]
R3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\DRIVERS\teamviewervpn.sys [2008-01-25 25088]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-02-04 691696]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2009-02-06 106208]
S1 epfwtdir;epfwtdir;c:\windows\system32\DRIVERS\epfwtdir.sys [2009-05-14 94360]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2009-02-06 727720]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-07-06 366640]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-07-06 22712]
S3 PAC207;e-Messenger 112;c:\windows\system32\DRIVERS\PFC027.SYS [2007-10-25 616064]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder
.
2011-08-25 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2009-11-16 15:54]
.
2011-08-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cb0d9d335d472e.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-01 12:30]
.
2011-08-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-01 12:30]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://start.icq.com/
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files\ICQ7.5\ICQ.exe
FF - ProfilePath - c:\documents and settings\HARDMAN\Application Data\Mozilla\Firefox\Profiles\2xv5asca.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2418376&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://start.icq.com/
FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-08-25 23:57
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\.cdrom]
"ImagePath"="\*"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\.redbook]
"ImagePath"="\*"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1957994488-789336058-725345543-1003\Software\SecuROM\License information*]
"datasecu"=hex:1b,93,ac,a1,67,b0,04,ef,ce,2d,68,33,de,3f,a4,ad,90,8b,c4,d2,a6,
e6,1d,21,47,01,46,f5,f0,cd,9f,23,5d,1a,7a,b6,0a,b1,54,16,d3,52,56,32,12,71,\
"rkeysecu"=hex:a6,d9,8e,f3,ed,6f,c7,99,40,e5,5c,37,91,b0,fe,85
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(3788)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_slk.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\wscntfy.exe
c:\program files\Common Files\Nokia\MPlatform\NokiaMServer.exe
c:\windows\system32\RUNDLL32.EXE
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\HP\Digital Imaging\bin\hpqbam08.exe
c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe
.
**************************************************************************
.
Completion time: 2011-08-26 00:09:14 - machine was rebooted
ComboFix-quarantined-files.txt 2011-08-25 22:09
.
Pre-Run: 9 742 807 040 bytes free
Post-Run: 9 697 693 696 bytes free
.
- - End Of File - - 5A2840D64F7D0123239CF7B8D2CBD6E0
NO PASARAN
Re: FB-vir
kde jste k tomu zas přišel. Používáte nějaké nelegální programy a stahujete cracky a keygeny? Ale pravdu. Stáhněte TDSSKiller http://support.kaspersky.com/downloads/ ... killer.exe- a uložte ho na plochu.
- 2x klikněte na ikonu programu a spusťte
- dejte volbu Spustit kontrolu - pak potvrdte start sken
- pokud program najde infikovaný soubor, ukáže se Vám předvolená akce Cure, v tom případě potvrdte tlačítko Continue
- pokud bude chtít program restartovat počítač, klikněte na tlačítko Reboot Now
- pokud si restart nevyžádá, klikněte na tlačítko Report. Měl vy na Vás vyskočit log, obsah logu zkopírujte do svého topicu.
- pokud se log nezobrazí, je uložený ve Vašem kořenovém adresáři.
odinstalujte všechny virtuální jednotky (Daemon nebo alcohol) Stáhněte SPTD http://www.duplexsecure.com/en/downloads-vyberte verzi podle svého operačního systému. SPTD for Windows (32 bit) nebo (64b)
-uložte na plochu a spusťte
- zvolte možnost Uninstall
- restart PC
Stahněte http://www.jpshortstuff.247fixes.com/Defogger.exe - spustte,
- potvrdte disabled
-log vložte zde
Stáhněte Gmer http://www.viry.cz/forum/viewtopic.php?f=29&t=62878- rozbalte a spusťte
-proběhne sken, po skončení se otevře okno s výsledky, kliknete na Save a tím si uložíte log,který sem vložíte
-Podle návodu v odkazu proveďte druhý sken a log sem také vložte.
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Re: FB-vir
V poslednej dobe som nestahoval ziadny crack ani podobne 
jedine hudbu z dilandau a pod. zatial som spravil log z TDS:
2011/08/26 12:07:01.0281 2156 TDSS rootkit removing tool 2.5.17.0 Aug 22 2011 15:46:57
2011/08/26 12:07:01.0453 2156 ================================================================================
2011/08/26 12:07:01.0453 2156 SystemInfo:
2011/08/26 12:07:01.0453 2156
2011/08/26 12:07:01.0453 2156 OS Version: 5.1.2600 ServicePack: 3.0
2011/08/26 12:07:01.0453 2156 Product type: Workstation
2011/08/26 12:07:01.0453 2156 ComputerName: GENEK
2011/08/26 12:07:01.0453 2156 UserName: HARDMAN
2011/08/26 12:07:01.0453 2156 Windows directory: C:\WINDOWS
2011/08/26 12:07:01.0453 2156 System windows directory: C:\WINDOWS
2011/08/26 12:07:01.0453 2156 Processor architecture: Intel x86
2011/08/26 12:07:01.0453 2156 Number of processors: 1
2011/08/26 12:07:01.0453 2156 Page size: 0x1000
2011/08/26 12:07:01.0453 2156 Boot type: Normal boot
2011/08/26 12:07:01.0453 2156 ================================================================================
2011/08/26 12:07:03.0750 2156 Initialize success
2011/08/26 12:07:36.0328 1044 ================================================================================
2011/08/26 12:07:36.0328 1044 Scan started
2011/08/26 12:07:36.0328 1044 Mode: Manual;
2011/08/26 12:07:36.0328 1044 ================================================================================
2011/08/26 12:07:37.0328 1044 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/08/26 12:07:37.0515 1044 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/08/26 12:07:37.0734 1044 ADIHdAudAddService (d392183cc5379e302e50ceba635248eb) C:\WINDOWS\system32\drivers\ADIHdAud.sys
2011/08/26 12:07:38.0031 1044 AEAudioService (9f59ae2de835641fbb0c6afd80d8fa9b) C:\WINDOWS\system32\drivers\AEAudio.sys
2011/08/26 12:07:38.0234 1044 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/08/26 12:07:38.0437 1044 AegisP (91f3df93f40a74d222cd166fe95db633) C:\WINDOWS\system32\DRIVERS\AegisP.sys
2011/08/26 12:07:38.0640 1044 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys
2011/08/26 12:07:39.0375 1044 AsIO (2b4e66fac6503494a2c6f32bb6ab3826) C:\WINDOWS\system32\drivers\AsIO.sys
2011/08/26 12:07:39.0609 1044 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/08/26 12:07:39.0828 1044 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/08/26 12:07:40.0109 1044 atksgt (3c4b9850a2631c2263507400d029057b) C:\WINDOWS\system32\DRIVERS\atksgt.sys
2011/08/26 12:07:40.0343 1044 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/08/26 12:07:40.0546 1044 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/08/26 12:07:40.0750 1044 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/08/26 12:07:41.0015 1044 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/08/26 12:07:41.0218 1044 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/08/26 12:07:41.0468 1044 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/08/26 12:07:41.0656 1044 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/08/26 12:07:41.0859 1044 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/08/26 12:07:42.0453 1044 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/08/26 12:07:42.0703 1044 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/08/26 12:07:42.0937 1044 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/08/26 12:07:43.0062 1044 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/08/26 12:07:43.0265 1044 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/08/26 12:07:43.0718 1044 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/08/26 12:07:43.0921 1044 eamon (59d9e5dbcfef1e0e3dbac1b55c718f2d) C:\WINDOWS\system32\DRIVERS\eamon.sys
2011/08/26 12:07:44.0078 1044 ehdrv (3bd67a869964bf57266cbbd1dca38c6a) C:\WINDOWS\system32\DRIVERS\ehdrv.sys
2011/08/26 12:07:44.0265 1044 epfw (1a7384d0684adc204178f593994194b1) C:\WINDOWS\system32\DRIVERS\epfw.sys
2011/08/26 12:07:44.0453 1044 Epfwndis (82ccb9d92dd674f3a4758f4a6a18fc1c) C:\WINDOWS\system32\DRIVERS\Epfwndis.sys
2011/08/26 12:07:44.0656 1044 epfwtdi (db4fe66ecc47e6934dd769ff00e170bc) C:\WINDOWS\system32\DRIVERS\epfwtdi.sys
2011/08/26 12:07:44.0828 1044 epfwtdir (4699a50183b792d994be657c68f18e9e) C:\WINDOWS\system32\DRIVERS\epfwtdir.sys
2011/08/26 12:07:45.0156 1044 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/08/26 12:07:45.0390 1044 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/08/26 12:07:45.0593 1044 FETND5BV (cfc4cc73c903152a23e1db28eaba1f03) C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys
2011/08/26 12:07:45.0750 1044 FETNDIS (e9648254056bce81a85380c0c3647dc4) C:\WINDOWS\system32\DRIVERS\fetnd5.sys
2011/08/26 12:07:46.0000 1044 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/08/26 12:07:46.0234 1044 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/08/26 12:07:46.0468 1044 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/08/26 12:07:46.0625 1044 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/08/26 12:07:46.0781 1044 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/08/26 12:07:46.0937 1044 gagp30kx (3a74c423cf6bcca6982715878f450a3b) C:\WINDOWS\system32\DRIVERS\gagp30kx.sys
2011/08/26 12:07:47.0171 1044 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys
2011/08/26 12:07:47.0562 1044 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/08/26 12:07:47.0796 1044 hamachi (7929a161f9951d173ca9900fe7067391) C:\WINDOWS\system32\DRIVERS\hamachi.sys
2011/08/26 12:07:48.0046 1044 HdAudAddService (f58d2900c66a1e773e3375098e0e9337) C:\WINDOWS\system32\drivers\HdAudio.sys
2011/08/26 12:07:48.0265 1044 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/08/26 12:07:48.0437 1044 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/08/26 12:07:48.0796 1044 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/08/26 12:07:49.0156 1044 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/08/26 12:07:49.0390 1044 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/08/26 12:07:49.0593 1044 InCDfs (580a81790cd0a48d85da322267da7ac4) C:\WINDOWS\system32\drivers\InCDFs.sys
2011/08/26 12:07:49.0656 1044 InCDPass (aaa2789d2ce21b31be9406ba1ceb7285) C:\WINDOWS\system32\drivers\InCDPass.sys
2011/08/26 12:07:49.0765 1044 InCDrec (4d022577e9072b5d22e0a383a7806bbb) C:\WINDOWS\system32\drivers\InCDrec.sys
2011/08/26 12:07:49.0859 1044 incdrm (c258e57321a3c3737f4fa815fa69ee0b) C:\WINDOWS\system32\drivers\InCDRm.sys
2011/08/26 12:07:50.0171 1044 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/08/26 12:07:50.0375 1044 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/08/26 12:07:50.0578 1044 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/08/26 12:07:50.0796 1044 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/08/26 12:07:51.0031 1044 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/08/26 12:07:51.0250 1044 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/08/26 12:07:51.0406 1044 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/08/26 12:07:51.0625 1044 ISODrive (bf71a06ff065e3fd7e32ea67dca34885) C:\Program Files\UltraISO\drivers\ISODrive.sys
2011/08/26 12:07:51.0859 1044 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/08/26 12:07:52.0109 1044 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/08/26 12:07:52.0359 1044 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/08/26 12:07:52.0562 1044 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/08/26 12:07:52.0843 1044 lirsgt (975b6cf65f44e95883f3855bae8cecaf) C:\WINDOWS\system32\DRIVERS\lirsgt.sys
2011/08/26 12:07:53.0062 1044 MBAMProtector (eca00eed9ab95489007b0ef84c7149de) C:\WINDOWS\system32\drivers\mbam.sys
2011/08/26 12:07:53.0296 1044 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/08/26 12:07:53.0515 1044 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/08/26 12:07:53.0734 1044 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/08/26 12:07:53.0921 1044 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/08/26 12:07:54.0187 1044 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/08/26 12:07:54.0375 1044 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/08/26 12:07:54.0578 1044 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/08/26 12:07:54.0828 1044 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/08/26 12:07:55.0062 1044 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/08/26 12:07:55.0281 1044 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/08/26 12:07:55.0484 1044 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/08/26 12:07:55.0640 1044 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/08/26 12:07:55.0812 1044 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/08/26 12:07:56.0046 1044 ms_mpu401 (ca3e22598f411199adc2dfee76cd0ae0) C:\WINDOWS\system32\drivers\msmpu401.sys
2011/08/26 12:07:56.0156 1044 MTsensor (d48659bb24c48345d926ecb45c1ebdf5) C:\WINDOWS\system32\DRIVERS\ASACPI.sys
2011/08/26 12:07:56.0312 1044 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
2011/08/26 12:07:56.0500 1044 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/08/26 12:07:56.0718 1044 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/08/26 12:07:56.0875 1044 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/08/26 12:07:57.0093 1044 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/08/26 12:07:57.0265 1044 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/08/26 12:07:57.0484 1044 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/08/26 12:07:57.0687 1044 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/08/26 12:07:57.0937 1044 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/08/26 12:07:58.0203 1044 NetBT (97fe4a6c3bacd6ba52b6543b49f8ee4c) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/08/26 12:07:58.0218 1044 NetBT - detected Rootkit.Win32.ZAccess.e (0)
2011/08/26 12:07:58.0484 1044 nmwcd (28e36e677849174c910faaead3e60e9e) C:\WINDOWS\system32\drivers\ccdcmb.sys
2011/08/26 12:07:58.0687 1044 nmwcdc (3823deb17f9f6775de0187a98fa0536d) C:\WINDOWS\system32\drivers\ccdcmbo.sys
2011/08/26 12:07:58.0906 1044 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/08/26 12:07:59.0125 1044 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/08/26 12:07:59.0421 1044 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/08/26 12:08:00.0140 1044 nv (18281a647f8d2a0afd00f4a9f52c59f4) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/08/26 12:08:00.0953 1044 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/08/26 12:08:01.0156 1044 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/08/26 12:08:01.0437 1044 PAC207 (9482616a0f87384c5afb5f34a317bf6c) C:\WINDOWS\system32\DRIVERS\PFC027.SYS
2011/08/26 12:08:01.0687 1044 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/08/26 12:08:01.0859 1044 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/08/26 12:08:02.0031 1044 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/08/26 12:08:02.0281 1044 pccsmcfd (fd2041e9ba03db7764b2248f02475079) C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys
2011/08/26 12:08:02.0484 1044 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/08/26 12:08:02.0750 1044 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/08/26 12:08:02.0921 1044 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/08/26 12:08:03.0640 1044 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/08/26 12:08:03.0843 1044 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
2011/08/26 12:08:04.0078 1044 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/08/26 12:08:04.0281 1044 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/08/26 12:08:04.0453 1044 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/08/26 12:08:04.0921 1044 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/08/26 12:08:05.0171 1044 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/08/26 12:08:05.0343 1044 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/08/26 12:08:05.0578 1044 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/08/26 12:08:05.0828 1044 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/08/26 12:08:06.0000 1044 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/08/26 12:08:06.0250 1044 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/08/26 12:08:06.0500 1044 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/08/26 12:08:06.0718 1044 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/08/26 12:08:07.0000 1044 RT61 (da84c3ed2f31b1d5d68f775eba4ecb59) C:\WINDOWS\system32\DRIVERS\RT61.sys
2011/08/26 12:08:07.0281 1044 Secdrv (07f7f501ad50de2ba2d5842d9b6d6155) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/08/26 12:08:07.0515 1044 SenFiltService (eca77beeb2be8d573cf1b265e44fbfbd) C:\WINDOWS\system32\drivers\Senfilt.sys
2011/08/26 12:08:07.0812 1044 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/08/26 12:08:08.0046 1044 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/08/26 12:08:08.0312 1044 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/08/26 12:08:08.0562 1044 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/08/26 12:08:08.0890 1044 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/08/26 12:08:09.0125 1044 sptd (cdddec541bc3c96f91ecb48759673505) C:\WINDOWS\system32\Drivers\sptd.sys
2011/08/26 12:08:09.0125 1044 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505
2011/08/26 12:08:09.0156 1044 sptd - detected LockedFile.Multi.Generic (1)
2011/08/26 12:08:09.0343 1044 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/08/26 12:08:09.0562 1044 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/08/26 12:08:09.0765 1044 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys
2011/08/26 12:08:09.0968 1044 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/08/26 12:08:10.0171 1044 StyleXPHelper (7e40b43922b2896f40a5930af7489c60) C:\Program Files\TGTSoft\StyleXP\StyleXPHelper.exe
2011/08/26 12:08:10.0453 1044 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/08/26 12:08:10.0640 1044 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/08/26 12:08:11.0125 1044 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/08/26 12:08:11.0359 1044 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/08/26 12:08:11.0546 1044 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/08/26 12:08:11.0750 1044 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/08/26 12:08:11.0953 1044 teamviewervpn (9101fffcfccd1a30e870a5b8a9091b10) C:\WINDOWS\system32\DRIVERS\teamviewervpn.sys
2011/08/26 12:08:12.0171 1044 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/08/26 12:08:12.0500 1044 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/08/26 12:08:12.0781 1044 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/08/26 12:08:13.0062 1044 upperdev (b1b8bee26227dad9835019201552cb05) C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys
2011/08/26 12:08:13.0281 1044 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/08/26 12:08:13.0468 1044 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/08/26 12:08:13.0656 1044 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/08/26 12:08:13.0859 1044 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/08/26 12:08:14.0125 1044 usbser (1c888b000c2f9492f4b15b5b6b84873e) C:\WINDOWS\system32\drivers\usbser.sys
2011/08/26 12:08:14.0328 1044 UsbserFilt (98e1ff1d732c6c7200b6c59d4ff8c1c3) C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys
2011/08/26 12:08:14.0546 1044 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/08/26 12:08:14.0734 1044 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/08/26 12:08:14.0968 1044 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/08/26 12:08:15.0171 1044 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
2011/08/26 12:08:15.0406 1044 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/08/26 12:08:15.0656 1044 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/08/26 12:08:15.0859 1044 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
2011/08/26 12:08:16.0234 1044 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/08/26 12:08:16.0515 1044 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
2011/08/26 12:08:16.0734 1044 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
2011/08/26 12:08:16.0984 1044 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/08/26 12:08:17.0203 1044 WudfPf (6ff66513d372d479ef1810223c8d20ce) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/08/26 12:08:17.0468 1044 WudfRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/08/26 12:08:17.0625 1044 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
2011/08/26 12:08:17.0687 1044 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
2011/08/26 12:08:17.0921 1044 Boot (0x1200) (bb423df4ebaab8fe78685237035432c4) \Device\Harddisk1\DR1\Partition0
2011/08/26 12:08:17.0937 1044 ================================================================================
2011/08/26 12:08:17.0937 1044 Scan finished
2011/08/26 12:08:17.0937 1044 ================================================================================
2011/08/26 12:08:17.0968 2284 Detected object count: 2
2011/08/26 12:08:17.0968 2284 Actual detected object count: 2
2011/08/26 12:08:47.0734 2284 NetBT (97fe4a6c3bacd6ba52b6543b49f8ee4c) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/08/26 12:08:47.0750 2284 VerifyFileNameVersionInfo: GetFileVersionInfoSizeW(C:\WINDOWS\system32\drivers\netbt.sys) error 1813
2011/08/26 12:08:48.0875 2284 Backup copy found, using it..
2011/08/26 12:08:48.0921 2284 C:\WINDOWS\system32\DRIVERS\netbt.sys - will be cured after reboot
2011/08/26 12:08:48.0921 2284 Rootkit.Win32.ZAccess.e(NetBT) - User select action: Cure
2011/08/26 12:08:48.0921 2284 LockedFile.Multi.Generic(sptd) - User select action: Skip
2011/08/26 12:08:58.0578 2108 Deinitialize success
jedine hudbu z dilandau a pod. zatial som spravil log z TDS: 2011/08/26 12:07:01.0281 2156 TDSS rootkit removing tool 2.5.17.0 Aug 22 2011 15:46:57
2011/08/26 12:07:01.0453 2156 ================================================================================
2011/08/26 12:07:01.0453 2156 SystemInfo:
2011/08/26 12:07:01.0453 2156
2011/08/26 12:07:01.0453 2156 OS Version: 5.1.2600 ServicePack: 3.0
2011/08/26 12:07:01.0453 2156 Product type: Workstation
2011/08/26 12:07:01.0453 2156 ComputerName: GENEK
2011/08/26 12:07:01.0453 2156 UserName: HARDMAN
2011/08/26 12:07:01.0453 2156 Windows directory: C:\WINDOWS
2011/08/26 12:07:01.0453 2156 System windows directory: C:\WINDOWS
2011/08/26 12:07:01.0453 2156 Processor architecture: Intel x86
2011/08/26 12:07:01.0453 2156 Number of processors: 1
2011/08/26 12:07:01.0453 2156 Page size: 0x1000
2011/08/26 12:07:01.0453 2156 Boot type: Normal boot
2011/08/26 12:07:01.0453 2156 ================================================================================
2011/08/26 12:07:03.0750 2156 Initialize success
2011/08/26 12:07:36.0328 1044 ================================================================================
2011/08/26 12:07:36.0328 1044 Scan started
2011/08/26 12:07:36.0328 1044 Mode: Manual;
2011/08/26 12:07:36.0328 1044 ================================================================================
2011/08/26 12:07:37.0328 1044 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/08/26 12:07:37.0515 1044 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/08/26 12:07:37.0734 1044 ADIHdAudAddService (d392183cc5379e302e50ceba635248eb) C:\WINDOWS\system32\drivers\ADIHdAud.sys
2011/08/26 12:07:38.0031 1044 AEAudioService (9f59ae2de835641fbb0c6afd80d8fa9b) C:\WINDOWS\system32\drivers\AEAudio.sys
2011/08/26 12:07:38.0234 1044 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/08/26 12:07:38.0437 1044 AegisP (91f3df93f40a74d222cd166fe95db633) C:\WINDOWS\system32\DRIVERS\AegisP.sys
2011/08/26 12:07:38.0640 1044 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys
2011/08/26 12:07:39.0375 1044 AsIO (2b4e66fac6503494a2c6f32bb6ab3826) C:\WINDOWS\system32\drivers\AsIO.sys
2011/08/26 12:07:39.0609 1044 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/08/26 12:07:39.0828 1044 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/08/26 12:07:40.0109 1044 atksgt (3c4b9850a2631c2263507400d029057b) C:\WINDOWS\system32\DRIVERS\atksgt.sys
2011/08/26 12:07:40.0343 1044 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/08/26 12:07:40.0546 1044 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/08/26 12:07:40.0750 1044 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/08/26 12:07:41.0015 1044 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/08/26 12:07:41.0218 1044 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/08/26 12:07:41.0468 1044 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/08/26 12:07:41.0656 1044 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/08/26 12:07:41.0859 1044 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/08/26 12:07:42.0453 1044 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/08/26 12:07:42.0703 1044 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/08/26 12:07:42.0937 1044 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/08/26 12:07:43.0062 1044 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/08/26 12:07:43.0265 1044 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/08/26 12:07:43.0718 1044 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/08/26 12:07:43.0921 1044 eamon (59d9e5dbcfef1e0e3dbac1b55c718f2d) C:\WINDOWS\system32\DRIVERS\eamon.sys
2011/08/26 12:07:44.0078 1044 ehdrv (3bd67a869964bf57266cbbd1dca38c6a) C:\WINDOWS\system32\DRIVERS\ehdrv.sys
2011/08/26 12:07:44.0265 1044 epfw (1a7384d0684adc204178f593994194b1) C:\WINDOWS\system32\DRIVERS\epfw.sys
2011/08/26 12:07:44.0453 1044 Epfwndis (82ccb9d92dd674f3a4758f4a6a18fc1c) C:\WINDOWS\system32\DRIVERS\Epfwndis.sys
2011/08/26 12:07:44.0656 1044 epfwtdi (db4fe66ecc47e6934dd769ff00e170bc) C:\WINDOWS\system32\DRIVERS\epfwtdi.sys
2011/08/26 12:07:44.0828 1044 epfwtdir (4699a50183b792d994be657c68f18e9e) C:\WINDOWS\system32\DRIVERS\epfwtdir.sys
2011/08/26 12:07:45.0156 1044 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/08/26 12:07:45.0390 1044 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/08/26 12:07:45.0593 1044 FETND5BV (cfc4cc73c903152a23e1db28eaba1f03) C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys
2011/08/26 12:07:45.0750 1044 FETNDIS (e9648254056bce81a85380c0c3647dc4) C:\WINDOWS\system32\DRIVERS\fetnd5.sys
2011/08/26 12:07:46.0000 1044 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/08/26 12:07:46.0234 1044 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/08/26 12:07:46.0468 1044 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/08/26 12:07:46.0625 1044 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/08/26 12:07:46.0781 1044 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/08/26 12:07:46.0937 1044 gagp30kx (3a74c423cf6bcca6982715878f450a3b) C:\WINDOWS\system32\DRIVERS\gagp30kx.sys
2011/08/26 12:07:47.0171 1044 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys
2011/08/26 12:07:47.0562 1044 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/08/26 12:07:47.0796 1044 hamachi (7929a161f9951d173ca9900fe7067391) C:\WINDOWS\system32\DRIVERS\hamachi.sys
2011/08/26 12:07:48.0046 1044 HdAudAddService (f58d2900c66a1e773e3375098e0e9337) C:\WINDOWS\system32\drivers\HdAudio.sys
2011/08/26 12:07:48.0265 1044 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/08/26 12:07:48.0437 1044 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/08/26 12:07:48.0796 1044 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/08/26 12:07:49.0156 1044 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/08/26 12:07:49.0390 1044 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/08/26 12:07:49.0593 1044 InCDfs (580a81790cd0a48d85da322267da7ac4) C:\WINDOWS\system32\drivers\InCDFs.sys
2011/08/26 12:07:49.0656 1044 InCDPass (aaa2789d2ce21b31be9406ba1ceb7285) C:\WINDOWS\system32\drivers\InCDPass.sys
2011/08/26 12:07:49.0765 1044 InCDrec (4d022577e9072b5d22e0a383a7806bbb) C:\WINDOWS\system32\drivers\InCDrec.sys
2011/08/26 12:07:49.0859 1044 incdrm (c258e57321a3c3737f4fa815fa69ee0b) C:\WINDOWS\system32\drivers\InCDRm.sys
2011/08/26 12:07:50.0171 1044 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/08/26 12:07:50.0375 1044 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/08/26 12:07:50.0578 1044 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/08/26 12:07:50.0796 1044 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/08/26 12:07:51.0031 1044 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/08/26 12:07:51.0250 1044 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/08/26 12:07:51.0406 1044 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/08/26 12:07:51.0625 1044 ISODrive (bf71a06ff065e3fd7e32ea67dca34885) C:\Program Files\UltraISO\drivers\ISODrive.sys
2011/08/26 12:07:51.0859 1044 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/08/26 12:07:52.0109 1044 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/08/26 12:07:52.0359 1044 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/08/26 12:07:52.0562 1044 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/08/26 12:07:52.0843 1044 lirsgt (975b6cf65f44e95883f3855bae8cecaf) C:\WINDOWS\system32\DRIVERS\lirsgt.sys
2011/08/26 12:07:53.0062 1044 MBAMProtector (eca00eed9ab95489007b0ef84c7149de) C:\WINDOWS\system32\drivers\mbam.sys
2011/08/26 12:07:53.0296 1044 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/08/26 12:07:53.0515 1044 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/08/26 12:07:53.0734 1044 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/08/26 12:07:53.0921 1044 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/08/26 12:07:54.0187 1044 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/08/26 12:07:54.0375 1044 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/08/26 12:07:54.0578 1044 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/08/26 12:07:54.0828 1044 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/08/26 12:07:55.0062 1044 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/08/26 12:07:55.0281 1044 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/08/26 12:07:55.0484 1044 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/08/26 12:07:55.0640 1044 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/08/26 12:07:55.0812 1044 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/08/26 12:07:56.0046 1044 ms_mpu401 (ca3e22598f411199adc2dfee76cd0ae0) C:\WINDOWS\system32\drivers\msmpu401.sys
2011/08/26 12:07:56.0156 1044 MTsensor (d48659bb24c48345d926ecb45c1ebdf5) C:\WINDOWS\system32\DRIVERS\ASACPI.sys
2011/08/26 12:07:56.0312 1044 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
2011/08/26 12:07:56.0500 1044 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/08/26 12:07:56.0718 1044 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/08/26 12:07:56.0875 1044 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/08/26 12:07:57.0093 1044 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/08/26 12:07:57.0265 1044 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/08/26 12:07:57.0484 1044 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/08/26 12:07:57.0687 1044 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/08/26 12:07:57.0937 1044 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/08/26 12:07:58.0203 1044 NetBT (97fe4a6c3bacd6ba52b6543b49f8ee4c) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/08/26 12:07:58.0218 1044 NetBT - detected Rootkit.Win32.ZAccess.e (0)
2011/08/26 12:07:58.0484 1044 nmwcd (28e36e677849174c910faaead3e60e9e) C:\WINDOWS\system32\drivers\ccdcmb.sys
2011/08/26 12:07:58.0687 1044 nmwcdc (3823deb17f9f6775de0187a98fa0536d) C:\WINDOWS\system32\drivers\ccdcmbo.sys
2011/08/26 12:07:58.0906 1044 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/08/26 12:07:59.0125 1044 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/08/26 12:07:59.0421 1044 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/08/26 12:08:00.0140 1044 nv (18281a647f8d2a0afd00f4a9f52c59f4) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/08/26 12:08:00.0953 1044 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/08/26 12:08:01.0156 1044 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/08/26 12:08:01.0437 1044 PAC207 (9482616a0f87384c5afb5f34a317bf6c) C:\WINDOWS\system32\DRIVERS\PFC027.SYS
2011/08/26 12:08:01.0687 1044 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/08/26 12:08:01.0859 1044 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/08/26 12:08:02.0031 1044 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/08/26 12:08:02.0281 1044 pccsmcfd (fd2041e9ba03db7764b2248f02475079) C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys
2011/08/26 12:08:02.0484 1044 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/08/26 12:08:02.0750 1044 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/08/26 12:08:02.0921 1044 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/08/26 12:08:03.0640 1044 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/08/26 12:08:03.0843 1044 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
2011/08/26 12:08:04.0078 1044 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/08/26 12:08:04.0281 1044 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/08/26 12:08:04.0453 1044 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/08/26 12:08:04.0921 1044 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/08/26 12:08:05.0171 1044 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/08/26 12:08:05.0343 1044 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/08/26 12:08:05.0578 1044 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/08/26 12:08:05.0828 1044 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/08/26 12:08:06.0000 1044 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/08/26 12:08:06.0250 1044 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/08/26 12:08:06.0500 1044 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/08/26 12:08:06.0718 1044 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/08/26 12:08:07.0000 1044 RT61 (da84c3ed2f31b1d5d68f775eba4ecb59) C:\WINDOWS\system32\DRIVERS\RT61.sys
2011/08/26 12:08:07.0281 1044 Secdrv (07f7f501ad50de2ba2d5842d9b6d6155) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/08/26 12:08:07.0515 1044 SenFiltService (eca77beeb2be8d573cf1b265e44fbfbd) C:\WINDOWS\system32\drivers\Senfilt.sys
2011/08/26 12:08:07.0812 1044 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/08/26 12:08:08.0046 1044 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/08/26 12:08:08.0312 1044 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/08/26 12:08:08.0562 1044 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/08/26 12:08:08.0890 1044 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/08/26 12:08:09.0125 1044 sptd (cdddec541bc3c96f91ecb48759673505) C:\WINDOWS\system32\Drivers\sptd.sys
2011/08/26 12:08:09.0125 1044 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505
2011/08/26 12:08:09.0156 1044 sptd - detected LockedFile.Multi.Generic (1)
2011/08/26 12:08:09.0343 1044 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/08/26 12:08:09.0562 1044 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/08/26 12:08:09.0765 1044 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys
2011/08/26 12:08:09.0968 1044 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/08/26 12:08:10.0171 1044 StyleXPHelper (7e40b43922b2896f40a5930af7489c60) C:\Program Files\TGTSoft\StyleXP\StyleXPHelper.exe
2011/08/26 12:08:10.0453 1044 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/08/26 12:08:10.0640 1044 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/08/26 12:08:11.0125 1044 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/08/26 12:08:11.0359 1044 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/08/26 12:08:11.0546 1044 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/08/26 12:08:11.0750 1044 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/08/26 12:08:11.0953 1044 teamviewervpn (9101fffcfccd1a30e870a5b8a9091b10) C:\WINDOWS\system32\DRIVERS\teamviewervpn.sys
2011/08/26 12:08:12.0171 1044 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/08/26 12:08:12.0500 1044 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/08/26 12:08:12.0781 1044 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/08/26 12:08:13.0062 1044 upperdev (b1b8bee26227dad9835019201552cb05) C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys
2011/08/26 12:08:13.0281 1044 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/08/26 12:08:13.0468 1044 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/08/26 12:08:13.0656 1044 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/08/26 12:08:13.0859 1044 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/08/26 12:08:14.0125 1044 usbser (1c888b000c2f9492f4b15b5b6b84873e) C:\WINDOWS\system32\drivers\usbser.sys
2011/08/26 12:08:14.0328 1044 UsbserFilt (98e1ff1d732c6c7200b6c59d4ff8c1c3) C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys
2011/08/26 12:08:14.0546 1044 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/08/26 12:08:14.0734 1044 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/08/26 12:08:14.0968 1044 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/08/26 12:08:15.0171 1044 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
2011/08/26 12:08:15.0406 1044 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/08/26 12:08:15.0656 1044 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/08/26 12:08:15.0859 1044 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
2011/08/26 12:08:16.0234 1044 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/08/26 12:08:16.0515 1044 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
2011/08/26 12:08:16.0734 1044 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
2011/08/26 12:08:16.0984 1044 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/08/26 12:08:17.0203 1044 WudfPf (6ff66513d372d479ef1810223c8d20ce) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/08/26 12:08:17.0468 1044 WudfRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/08/26 12:08:17.0625 1044 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
2011/08/26 12:08:17.0687 1044 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
2011/08/26 12:08:17.0921 1044 Boot (0x1200) (bb423df4ebaab8fe78685237035432c4) \Device\Harddisk1\DR1\Partition0
2011/08/26 12:08:17.0937 1044 ================================================================================
2011/08/26 12:08:17.0937 1044 Scan finished
2011/08/26 12:08:17.0937 1044 ================================================================================
2011/08/26 12:08:17.0968 2284 Detected object count: 2
2011/08/26 12:08:17.0968 2284 Actual detected object count: 2
2011/08/26 12:08:47.0734 2284 NetBT (97fe4a6c3bacd6ba52b6543b49f8ee4c) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/08/26 12:08:47.0750 2284 VerifyFileNameVersionInfo: GetFileVersionInfoSizeW(C:\WINDOWS\system32\drivers\netbt.sys) error 1813
2011/08/26 12:08:48.0875 2284 Backup copy found, using it..
2011/08/26 12:08:48.0921 2284 C:\WINDOWS\system32\DRIVERS\netbt.sys - will be cured after reboot
2011/08/26 12:08:48.0921 2284 Rootkit.Win32.ZAccess.e(NetBT) - User select action: Cure
2011/08/26 12:08:48.0921 2284 LockedFile.Multi.Generic(sptd) - User select action: Skip
2011/08/26 12:08:58.0578 2108 Deinitialize success
NO PASARAN
Re: FB-vir
Program defoger mi nedal ziadny log a prikladam prvy log z programu Gmer pri dalsom skenovani mi log nespravilo pretoze pred koncom sa PC automaticky resetol
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2011-08-26 14:08:40
Windows 5.1.2600 Service Pack 3 Harddisk1\DR1 -> \Device\Ide\IdeDeviceP2T0L0-24 Maxtor_2F030J0 rev.VAM51JJ0
Running: gmer.exe; Driver: C:\DOCUME~1\HARDMAN\LOCALS~1\Temp\uxtdqpow.sys
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs InCDrec.SYS (InCD File System Recognizer/Nero AG)
AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET)
AttachedDevice \FileSystem\Fastfat \Fat InCDrec.SYS (InCD File System Recognizer/Nero AG)
AttachedDevice \FileSystem\Fastfat \Fat eamon.sys (Amon monitor/ESET)
AttachedDevice \Driver\Tcpip \Device\Ip epfwtdi.sys (ESET Personal Firewall TDI filter/ESET)
AttachedDevice \Driver\Tcpip \Device\Tcp epfwtdi.sys (ESET Personal Firewall TDI filter/ESET)
AttachedDevice \Driver\Tcpip \Device\Udp epfwtdi.sys (ESET Personal Firewall TDI filter/ESET)
AttachedDevice \Driver\Tcpip \Device\RawIp epfwtdi.sys (ESET Personal Firewall TDI filter/ESET)
---- EOF - GMER 1.0.15 ----
a prikladam prvy log z programu Gmer pri dalsom skenovani mi log nespravilo pretoze pred koncom sa PC automaticky resetol GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2011-08-26 14:08:40
Windows 5.1.2600 Service Pack 3 Harddisk1\DR1 -> \Device\Ide\IdeDeviceP2T0L0-24 Maxtor_2F030J0 rev.VAM51JJ0
Running: gmer.exe; Driver: C:\DOCUME~1\HARDMAN\LOCALS~1\Temp\uxtdqpow.sys
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs InCDrec.SYS (InCD File System Recognizer/Nero AG)
AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET)
AttachedDevice \FileSystem\Fastfat \Fat InCDrec.SYS (InCD File System Recognizer/Nero AG)
AttachedDevice \FileSystem\Fastfat \Fat eamon.sys (Amon monitor/ESET)
AttachedDevice \Driver\Tcpip \Device\Ip epfwtdi.sys (ESET Personal Firewall TDI filter/ESET)
AttachedDevice \Driver\Tcpip \Device\Tcp epfwtdi.sys (ESET Personal Firewall TDI filter/ESET)
AttachedDevice \Driver\Tcpip \Device\Udp epfwtdi.sys (ESET Personal Firewall TDI filter/ESET)
AttachedDevice \Driver\Tcpip \Device\RawIp epfwtdi.sys (ESET Personal Firewall TDI filter/ESET)
---- EOF - GMER 1.0.15 ----
NO PASARAN
Přispějete na provoz fóra?