Viry

Zpráva

JuraFilth · #1 Příspěvek od **JuraFilth** » 05 zář 2011 12:15

Zdravím, moje segra ma v PC plno trojských koňů kopiruju co mi psala :" Po otevření pc se mi to restartuje na modrou obrazovku, někdy to trva i hodinu než se prihlásim, pokazde se to restartuje a neco se opravuje a když jsem po tom všem na plose,objevi se tohle ... a tady pridavam obrazek co se ji ukaze. Díky.

#2 Příspěvek od **vyosek** » 05 zář 2011 12:21

Zdravim a pekny den preji

Zatim pracujte v nouzovem rezimu (restart PC, mackat F8, zvolit Stav nouze s praci v siti)

Stahnete si TDSSKiller http://support.kaspersky.com/downloads/ ... killer.exe

Utilitu spustte a prikazte ji, at skenuje - klik na Start Scan
Pokud utilita najde infikekci, bude ji chtit lecit (Cure), povolte leceni kliknutim na Continue
Pokud utilita najde podezrely soubor (suspicious), bude jej chtit preskocit (Skip), povolte preskoceni kliknutim na Continue
Po dokonceni skenu bude mozna nutny restart PC, povolte jej kliknutim na Reboot now
Po restartu na Vas vyskoci log, pokud se tak nestane, najdete jej primo na disku, kde mate Windows (obvykle c:\) ve tvaru TDSSKiller.nejaka cisilka _log.txt - jeho obsah sem vlozte
Pokud restart nebude vyzadovan, kliknete na Close a nasledne na Report - vytvori se log - jeho obsah sem vlozte

Dejte log z RSIT http://www.viry.cz/forum/viewtopic.php?f=13&t=105895

JuraFilth · #3 Příspěvek od **JuraFilth** » 05 zář 2011 12:28

Hned to bude

je to totiz trochu komplikovanejsi ona totiz bydli v jinem meste takze nemam ten jeji notebook usebe takze to bude trochu pomalejsi xD ale vse casem bude

)

JuraFilth · #4 Příspěvek od **JuraFilth** » 05 zář 2011 12:32

tady je puvodni log pred tim nez se bude delat s tou utilitou

Logfile of random's system information tool 1.09 (written by random/random)
Run by Marthy at 2011-09-05 13:22:11
Microsoft® Windows Vista™ Home Premium Service Pack 2
System drive C: has 91 GB (62%) free of 148 GB
Total RAM: 2038 MB (31% free)

HijackThis download failed

======Scheduled tasks folder======

C:\Windows\tasks\At1.job
C:\Windows\tasks\At10.job
C:\Windows\tasks\At11.job
C:\Windows\tasks\At12.job
C:\Windows\tasks\At13.job
C:\Windows\tasks\At14.job
C:\Windows\tasks\At15.job
C:\Windows\tasks\At16.job
C:\Windows\tasks\At17.job
C:\Windows\tasks\At18.job
C:\Windows\tasks\At19.job
C:\Windows\tasks\At2.job
C:\Windows\tasks\At20.job
C:\Windows\tasks\At21.job
C:\Windows\tasks\At22.job
C:\Windows\tasks\At23.job
C:\Windows\tasks\At24.job
C:\Windows\tasks\At3.job
C:\Windows\tasks\At4.job
C:\Windows\tasks\At5.job
C:\Windows\tasks\At6.job
C:\Windows\tasks\At7.job
C:\Windows\tasks\At8.job
C:\Windows\tasks\At9.job
C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1044510239-3152094905-1695406771-1003Core.job
C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1044510239-3152094905-1695406771-1003UA.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2011-06-06 63912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
Conduit Engine - C:\Program Files\ConduitEngine\ConduitEngine.dll [2010-12-09 3911776]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG9\avgssie.dll [2010-11-25 1623392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2010-09-22 191792]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2011-08-27 305328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll [2011-05-20 1007160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
uTorrentBar Toolbar - C:\Program Files\uTorrentBar\tbuTor.dll [2010-12-09 3911776]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-07-14 42272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{0BF43445-2F28-4351-9252-17FE6E806AA0}
{5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - Acer eDataSecurity Management - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll [2008-01-03 155184]
{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - uTorrentBar Toolbar - C:\Program Files\uTorrentBar\tbuTor.dll [2010-12-09 3911776]
{30F9B915-B755-4826-820B-08FBA6BD249D} - Conduit Engine - C:\Program Files\ConduitEngine\ConduitEngine.dll [2010-12-09 3911776]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2011-08-27 305328]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"eRecoveryService"= []
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2007-10-31 141848]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2007-10-31 166424]
"Persistence"=C:\Windows\system32\igfxpers.exe [2007-10-31 133656]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-10-22 68856]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-21 125952]
"SpeedBitVideoAccelerator"=C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe [2011-04-13 2098376]
"msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe /background []
"Facebook Update"=C:\Users\Marthy\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-08-29 137536]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2011-06-06 937920]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG9_TRAY]
C:\PROGRA~1\AVG\AVG9\avgtray.exe [2011-03-15 2071904]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitComet]
C:\Program Files\BitComet\BitComet.exe /tray []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CleanUp Antivirus]
C:\ProgramData\c2e0354\CUc2e0.exe /s /d []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eDataSecurity Loader]
C:\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe [2008-01-03 521776]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
C:\Windows\ehome\ehTray.exe [2008-01-21 125952]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
C:\Windows\system32\hkcmd.exe [2007-10-31 166424]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
C:\Windows\system32\igfxtray.exe [2007-10-31 141848]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
C:\Program Files\CyberLink\PowerDVD\Language\Language.exe [2007-10-11 62760]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LManager]
C:\PROGRA~1\LAUNCH~1\LManager.exe [2008-01-08 858632]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe /runcleanupscript []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
C:\Program Files\Windows Live\Messenger\msnmsgr.exe /background []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
C:\Windows\system32\igfxpers.exe [2007-10-31 133656]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PLFSetI]
C:\Windows\PLFSetI.exe [2007-10-23 200704]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PLFSetL]
C:\Windows\PLFSetL.exe [2007-07-05 94208]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2009-01-05 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2008-01-22 81920]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
C:\Windows\RtHDVCpl.exe [2008-01-08 4853760]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skytel]
C:\Windows\Skytel.exe [2007-11-21 1826816]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre6\bin\jusched.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-10-22 68856]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPStart]
C:\Program Files\Synaptics\SynTP\SynTPStart.exe [2007-09-07 102400]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
C:\Program Files\uTorrent\uTorrent.exe [2011-06-17 399736]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WarReg_PopUp]
C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe [2008-01-29 303104]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
C:\Program Files\Windows Defender\MSASCui.exe [2008-01-21 1008184]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk]
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTTray.exe [2007-08-28 739880]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Empowering Technology Launcher.lnk]
C:\Acer\EMPOWE~1\EAPLAU~1.EXE [2007-04-14 535336]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Marthy^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma.lnk]
C:\PROGRA~1\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE [2005-03-16 113664]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Marthy^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.0.lnk]
C:\PROGRA~1\OPENOF~1.ORG\program\QUICKS~1.EXE [2010-12-13 1198592]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="AVGRSSTX.DLL,avgrsstx.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2007-10-31 200704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorUser"=2
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Acer\Empowering Technology\eDataSecurity\x86\eDSfsu.exe"="C:\Acer\Empowering Technology\eDataSecurity\x86\eDSfsu.exe:*:Enabled:eDSfsu"
"C:\Acer\Empowering Technology\eDataSecurity\x86\encryption.exe"="C:\Acer\Empowering Technology\eDataSecurity\x86\encryption.exe:*:Enabled:encryption"
"C:\Acer\Empowering Technology\eDataSecurity\x86\decryption.exe"="C:\Acer\Empowering Technology\eDataSecurity\x86\decryption.exe:*:Enabled:decryption"
"C:\Acer\Empowering Technology\eDataSecurity\x86\eDSMgr.exe"="C:\Acer\Empowering Technology\eDataSecurity\x86\eDSMgr.exe:*:Enabled:eDSMgr"
"C:\Acer\Empowering Technology\eDataSecurity\x86\eDStbmngr.exe"="C:\Acer\Empowering Technology\eDataSecurity\x86\eDStbmngr.exe:*:Enabled:eDStbmngr"
"C:\Acer\Empowering Technology\eDataSecurity\x64\eDSfsu.exe"="C:\Acer\Empowering Technology\eDataSecurity\x64\eDSfsu.exe:*:Enabled:eDSfsu"
"C:\Acer\Empowering Technology\eDataSecurity\x64\encryption.exe"="C:\Acer\Empowering Technology\eDataSecurity\x64\encryption.exe:*:Enabled:encryption"
"C:\Acer\Empowering Technology\eDataSecurity\x64\decryption.exe"="C:\Acer\Empowering Technology\eDataSecurity\x64\decryption.exe:*:Enabled:decryption"
"C:\Acer\Empowering Technology\eDataSecurity\x64\eDSMgr.exe"="C:\Acer\Empowering Technology\eDataSecurity\x64\eDSMgr.exe:*:Enabled:eDSMgr"
"C:\Acer\Empowering Technology\eDataSecurity\x64\eDStbmngr.exe"="C:\Acer\Empowering Technology\eDataSecurity\x64\eDStbmngr.exe:*:Enabled:eDStbmngr"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\brastk.exe]
"Debugger="svchost.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"MSVideo8"=VfWWDM32.dll
"MSACM.MSNAUDIO"=msnaudio.acm
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"VIDC.FMVC"=fmcodec.dll
"msacm.l3fhg"=mp3fhg.acm
"VIDC.XVID"=xvidvfw.dll
"msacm.ac3acm"=ac3acm.acm
"VIDC.FFDS"=ff_vfw.dll
"vidc.DIVX"=DivX.dll
"vidc.yv12"=DivX.dll

======List of files/folders created in the last 1 month======

2011-09-05 13:22:12 ----D---- C:\Program Files\trend micro
2011-09-05 13:22:11 ----D---- C:\rsit
2011-08-25 21:54:08 ----A---- C:\Windows\system32\MRT.INI
2011-08-25 21:48:38 ----D---- C:\f493e09c3922936649fd1136f6
2011-08-24 22:16:13 ----A---- C:\Windows\system32\winsrv.dll
2011-08-24 22:16:01 ----A---- C:\Windows\system32\drivers\mrxsmb10.sys
2011-08-24 22:15:55 ----A---- C:\Windows\system32\tzres.dll
2011-08-24 22:15:51 ----A---- C:\Windows\system32\mshtml.dll
2011-08-24 22:15:50 ----A---- C:\Windows\system32\wininet.dll
2011-08-24 22:15:50 ----A---- C:\Windows\system32\urlmon.dll
2011-08-24 22:15:50 ----A---- C:\Windows\system32\mshtmled.dll
2011-08-24 22:15:50 ----A---- C:\Windows\system32\iertutil.dll
2011-08-24 22:15:49 ----A---- C:\Windows\system32\url.dll
2011-08-24 22:15:49 ----A---- C:\Windows\system32\mstime.dll
2011-08-24 22:15:49 ----A---- C:\Windows\system32\ieframe.dll
2011-08-24 22:15:48 ----A---- C:\Windows\system32\msfeeds.dll
2011-08-24 22:15:48 ----A---- C:\Windows\system32\iepeers.dll
2011-08-24 22:15:48 ----A---- C:\Windows\system32\ieapfltr.dll
2011-08-24 22:15:06 ----A---- C:\Windows\system32\xmllite.dll
2011-08-24 22:14:48 ----A---- C:\Windows\system32\ntoskrnl.exe
2011-08-24 22:14:48 ----A---- C:\Windows\system32\ntkrnlpa.exe
2011-08-24 22:14:14 ----A---- C:\Windows\system32\drivers\tcpip.sys

======List of files/folders modified in the last 1 month======

2011-09-05 13:22:15 ----D---- C:\Windows\Temp
2011-09-05 13:22:12 ----D---- C:\Program Files
2011-09-05 13:21:59 ----D---- C:\Windows\Prefetch
2011-09-05 13:10:06 ----D---- C:\Users\Marthy\AppData\Roaming\Skype
2011-09-05 12:54:15 ----D---- C:\Windows\System32
2011-09-05 12:37:01 ----D---- C:\Windows\system32\drivers\Avg
2011-09-05 11:31:57 ----D---- C:\Users\Marthy\AppData\Roaming\skypePM
2011-09-05 09:20:35 ----D---- C:\Windows\Minidump
2011-09-05 09:19:50 ----D---- C:\Windows
2011-09-03 21:56:55 ----SHD---- C:\Windows\Installer
2011-09-03 15:55:35 ----A---- C:\Windows\system32\PerfStringBackup.INI
2011-09-03 15:55:34 ----D---- C:\Windows\inf
2011-09-03 08:26:04 ----D---- C:\Windows\system32\spool
2011-08-31 08:43:15 ----D---- C:\Users\Marthy\AppData\Roaming\uTorrent
2011-08-29 01:33:02 ----D---- C:\Windows\Tasks
2011-08-29 01:33:02 ----D---- C:\Windows\system32\Tasks
2011-08-27 11:24:23 ----D---- C:\Windows\system32\catroot2
2011-08-27 09:01:04 ----D---- C:\Windows\Microsoft.NET
2011-08-27 09:01:01 ----RSD---- C:\Windows\assembly
2011-08-26 20:31:23 ----SD---- C:\ProgramData\Microsoft
2011-08-26 20:30:40 ----D---- C:\Program Files\Common Files\microsoft shared
2011-08-26 20:17:05 ----D---- C:\Users\Marthy\AppData\Roaming\Weurbo
2011-08-25 22:36:32 ----D---- C:\Windows\winsxs
2011-08-25 22:31:42 ----D---- C:\Windows\rescache
2011-08-25 22:16:13 ----D---- C:\Windows\system32\catroot
2011-08-25 22:06:40 ----D---- C:\Windows\system32\drivers
2011-08-25 22:06:40 ----D---- C:\Windows\system32\cs-CZ
2011-08-25 22:06:39 ----D---- C:\Program Files\Windows Mail
2011-08-25 21:57:07 ----D---- C:\ProgramData\Microsoft Help
2011-08-25 21:48:50 ----A---- C:\Windows\system32\mrt.exe
2011-08-10 21:48:29 ----SHD---- C:\System Volume Information

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 AVGIDSErHrvtx;AVG9IDSErHr; C:\Windows\System32\Drivers\AVGIDSvx.sys [2010-06-22 25168]
R0 AvgRkx86;avgrkx86.sys; C:\Windows\System32\Drivers\avgrkx86.sys [2010-03-19 52872]
R0 iaStor;Intel AHCI Controller; C:\Windows\system32\DRIVERS\iaStor.sys [2007-09-29 308248]
R0 PSDFilter;PSDFilter; C:\Windows\system32\DRIVERS\psdfilter.sys [2008-01-03 18480]
R1 Avgfwfd;AVG network filter service; C:\Windows\system32\DRIVERS\avgfwd6x.sys [2010-03-19 24856]
R1 AvgLdx86;AVG AVI Loader Driver x86; C:\Windows\System32\Drivers\avgldx86.sys [2010-06-22 216400]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86; C:\Windows\System32\Drivers\avgmfx86.sys [2010-06-01 29584]
R1 AvgTdiX;AVG Network Redirector; C:\Windows\System32\Drivers\avgtdix.sys [2011-05-06 243152]
R2 int15;int15; \??\C:\Windows\system32\drivers\int15.sys [2007-11-30 15392]
R2 irda;IrDA Protocol; C:\Windows\system32\DRIVERS\irda.sys [2008-01-21 95744]
R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2006-06-20 12672]
R2 PSDNServ;PSDNServ; C:\Windows\system32\DRIVERS\PSDNServ.sys [2008-01-03 16432]
R2 psdvdisk;PSDVdisk; C:\Windows\system32\DRIVERS\PSDVdisk.sys [2008-01-03 59952]
R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2006-11-29 8192]
R3 AVGIDSDrivervtx;AVG9IDSDriver; \??\C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_Vista\AVGIDSDriver.sys [2010-06-22 122448]
R3 AVGIDSFiltervtx;AVG9IDSFilter; \??\C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_Vista\AVGIDSFilter.sys [2010-06-22 30288]
R3 AVGIDSShimvtx;AVG9IDSShim; \??\C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_Vista\AVGIDSShim.sys [2010-06-22 27216]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2007-07-22 180736]
R3 DKbFltr;Dritek Keyboard Filter Driver; C:\Windows\system32\DRIVERS\DKbFltr.sys [2006-11-03 21264]
R3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\HSX_DPV.sys [2006-12-22 985600]
R3 HSXHWAZL;HSXHWAZL; C:\Windows\system32\DRIVERS\HSXHWAZL.sys [2006-12-22 207360]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2007-10-31 2011136]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2008-01-09 2044896]
R3 NETw4v32;Ovladač adaptéru Intel(R) Wireless WiFi Link pro systém Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw4v32.sys [2007-10-31 2252800]
R3 NSCIRDA;NSC Infrared Device Driver; C:\Windows\system32\DRIVERS\nscirda.sys [2008-01-21 30720]
R3 NTIDrvr;Upper Class Filter Driver; C:\Windows\system32\DRIVERS\NTIDrvr.sys [2008-04-27 6144]
R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2009-04-11 89088]
R3 SNP2UVC;USB2.0 PC Camera (SNP2UVC); C:\Windows\system32\DRIVERS\snp2uvc.sys [2007-10-01 1769984]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2007-09-07 192816]
R3 tifm21;tifm21; C:\Windows\system32\drivers\tifm21.sys [2007-05-02 290816]
R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2006-12-22 659968]
S3 BthEnum;Služba Bluetooth Enumerator; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-04-11 22528]
S3 BthPan;Zařízení Bluetooth (síť PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2008-01-21 92160]
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2011-04-21 508416]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2009-06-17 30208]
S3 btwaudio;Bluetooth Audio Device Service; C:\Windows\system32\drivers\btwaudio.sys [2007-08-30 81448]
S3 btwavdt;Bluetooth AVDT Service; C:\Windows\system32\drivers\btwavdt.sys [2007-08-30 99880]
S3 btwl2cap;Bluetooth L2CAP Service; C:\Windows\system32\DRIVERS\btwl2cap.sys [2007-05-18 28464]
S3 btwrchid;btwrchid; C:\Windows\system32\DRIVERS\btwrchid.sys [2007-08-30 17448]
S3 drmkaud;Dekodér zvuků DRM jádra společnosti Microsoft; C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632]
S3 HdAudAddService;Ovladač funkce Microsoft 1.1 UAA pro službu zvuku High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 HSFHWAZL;HSFHWAZL; C:\Windows\system32\DRIVERS\VSTAZL3.SYS [2008-01-21 200704]
S3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\Windows\system32\DRIVERS\ewusbmdm.sys []
S3 MSKSSRV;Server proxy služby datových proudů Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192]
S3 MSPCLOCK;Server proxy hodin datových proudů Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888]
S3 MSPQM;Server proxy správce kvality datových proudů Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504]
S3 MSTEE;Konvertor jímka-jímka typu T datových proudů Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016]
S3 NETw3v32;Intel(R) PRO/Wireless 3945ABG Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw3v32.sys [2008-01-21 2225664]
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-04-11 148992]
S3 usbvideo;Zobrazovací zařízení USB (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-21 134016]
S3 WisINT15;WisINT15; \??\C:\Elements\1stboot\WisINT15.SYS []
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2009-10-01 40448]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
R2 avg9wd;AVG WatchDog; C:\Program Files\AVG\AVG9\avgwdsvc.exe [2010-06-22 308136]
R2 avgfws9;AVG Firewall; C:\Program Files\AVG\AVG9\avgfws9.exe [2010-11-25 2331544]
R2 AVGIDSAgent;AVG9IDSAgent; C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2010-06-22 5897808]
R2 BcmSqlStartupSvc;Služba spouštění serveru SQL Server aplikace Business Contact Manager; C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe [2008-01-16 30312]
R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 eDataSecurity Service;eDataSecurity Service; C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe [2008-01-03 506416]
R2 eLockService;eLock Service; C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe [2007-10-01 24576]
R2 eNet Service;eNet Service; C:\Acer\Empowering Technology\eNet\eNet Service.exe [2007-12-20 131072]
R2 eRecoveryService;eRecovery Service; C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe [2007-09-10 57344]
R2 eSettingsService;eSettings Service; C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe [2007-12-19 24576]
R2 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 Irmon;@%SystemRoot%\System32\irmon.dll,-2000; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2007-01-17 61440]
R2 MobilityService;MobilityService; C:\Acer\Mobility Center\MobilityService.exe [2007-11-27 110592]
R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2010-09-22 249136]
R2 SQLBrowser;SQL Server Browser; C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2010-12-10 238944]
R2 SQLWriter;SQL Server VSS Writer; C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2010-12-10 86880]
R2 VideoAcceleratorService;VideoAcceleratorService; C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe [2011-04-13 265928]
R2 WMIService;ePower Service; C:\Acer\Empowering Technology\ePower\ePowerSvc.exe [2007-09-20 167936]
R2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2006-11-29 386560]
S2 AMService;AMService; C:\Windows\TEMP\vbqvtx\setup.exe run []
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 gupdate1c98a38f5b8cd01;Google Update Service (gupdate1c98a38f5b8cd01); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-02-09 133104]
S2 nvUpdService;NVIDIA Update Service; C:\Windows\system32\config\system [2011-09-05 25165824]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2009-03-29 72704]
S3 AresChatServer;Ares Chatroom server; C:\Program Files\Ares\chatServer.exe []
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-02-09 133104]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-25 183280]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 65888]
S3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ); C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2010-12-10 29293408]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WPFFontCache_v0400;@c:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100; C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S4 MSSQLServerADHelper;SQL Server Active Directory Helper; C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [2010-12-10 44384]
S4 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe []

-----------------EOF-----------------

#5 Příspěvek od **vyosek** » 05 zář 2011 12:45

A myslite ze by sestra nezvladla postupy delat sama

Dejte jen log z TDSKilleru, novy RSIT neni zatim treba - havet je videt i zde

JuraFilth · #6 Příspěvek od **JuraFilth** » 05 zář 2011 12:58

tohle mi napsala xDD : napis mu odpoved,ne ona je blondyna ze i to mi musis trochu prekladat

2011/09/05 13:47:10.0598 1860 TDSS rootkit removing tool 2.5.18.0 Sep 5 2011 09:53:09
2011/09/05 13:47:11.0959 1860 ================================================================================
2011/09/05 13:47:11.0959 1860 SystemInfo:
2011/09/05 13:47:11.0959 1860
2011/09/05 13:47:11.0959 1860 OS Version: 6.0.6002 ServicePack: 2.0
2011/09/05 13:47:11.0959 1860 Product type: Workstation
2011/09/05 13:47:11.0960 1860 ComputerName: MARTINA
2011/09/05 13:47:11.0960 1860 UserName: Marthy
2011/09/05 13:47:11.0960 1860 Windows directory: C:\Windows
2011/09/05 13:47:11.0960 1860 System windows directory: C:\Windows
2011/09/05 13:47:11.0960 1860 Processor architecture: Intel x86
2011/09/05 13:47:11.0960 1860 Number of processors: 2
2011/09/05 13:47:11.0960 1860 Page size: 0x1000
2011/09/05 13:47:11.0960 1860 Boot type: Safe boot with network
2011/09/05 13:47:11.0960 1860 ================================================================================
2011/09/05 13:47:13.0503 1860 Initialize success
2011/09/05 13:47:22.0640 1584 ================================================================================
2011/09/05 13:47:22.0640 1584 Scan started
2011/09/05 13:47:22.0640 1584 Mode: Manual;
2011/09/05 13:47:22.0640 1584 ================================================================================
2011/09/05 13:47:23.0756 1584 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
2011/09/05 13:47:23.0840 1584 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
2011/09/05 13:47:23.0890 1584 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
2011/09/05 13:47:23.0933 1584 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
2011/09/05 13:47:23.0961 1584 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
2011/09/05 13:47:24.0034 1584 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
2011/09/05 13:47:24.0100 1584 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
2011/09/05 13:47:24.0146 1584 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/09/05 13:47:24.0191 1584 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
2011/09/05 13:47:24.0224 1584 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
2011/09/05 13:47:24.0257 1584 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
2011/09/05 13:47:24.0289 1584 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
2011/09/05 13:47:24.0327 1584 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
2011/09/05 13:47:24.0388 1584 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
2011/09/05 13:47:24.0435 1584 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
2011/09/05 13:47:24.0530 1584 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/09/05 13:47:24.0589 1584 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
2011/09/05 13:47:24.0682 1584 Avgfwfd (26a4640a8f16f8ce39b93329c83bb15a) C:\Windows\system32\DRIVERS\avgfwd6x.sys
2011/09/05 13:47:24.0809 1584 AVGIDSDrivervtx (1bf5706111544aefe29f64783c22d8fb) C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_Vista\AVGIDSDriver.sys
2011/09/05 13:47:24.0908 1584 AVGIDSErHrvtx (3efc8f7eae54b780d1e0730da23dad25) C:\Windows\system32\Drivers\AVGIDSvx.sys
2011/09/05 13:47:24.0953 1584 AVGIDSFiltervtx (a19902063d7368864cc5708f4d1b1c97) C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_Vista\AVGIDSFilter.sys
2011/09/05 13:47:24.0974 1584 AVGIDSShimvtx (034df5434a092e3bb963d1febff7aabf) C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_Vista\AVGIDSShim.sys
2011/09/05 13:47:25.0059 1584 AvgLdx86 (b8c187439d27aba430dd69fdcf1fa657) C:\Windows\System32\Drivers\avgldx86.sys
2011/09/05 13:47:25.0115 1584 AvgMfx86 (53b3f979930a786a614d29cafe99f645) C:\Windows\System32\Drivers\avgmfx86.sys
2011/09/05 13:47:25.0184 1584 AvgRkx86 (5bbcd8646074a3af4ee9b321d12c2b64) C:\Windows\system32\Drivers\avgrkx86.sys
2011/09/05 13:47:25.0226 1584 AvgTdiX (9a7a93388f503a34e7339ae7f9997449) C:\Windows\System32\Drivers\avgtdix.sys
2011/09/05 13:47:25.0269 1584 b57nd60x (aa6b367ca7da571dfc3374ec137d87a5) C:\Windows\system32\DRIVERS\b57nd60x.sys
2011/09/05 13:47:25.0314 1584 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2011/09/05 13:47:25.0388 1584 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
2011/09/05 13:47:25.0435 1584 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
2011/09/05 13:47:25.0491 1584 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/09/05 13:47:25.0546 1584 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/09/05 13:47:25.0620 1584 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/09/05 13:47:25.0655 1584 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/09/05 13:47:25.0701 1584 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/09/05 13:47:25.0759 1584 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/09/05 13:47:25.0820 1584 BthEnum (6d39c954799b63ba866910234cf7d726) C:\Windows\system32\DRIVERS\BthEnum.sys
2011/09/05 13:47:25.0892 1584 BTHMODEM (9a966a8e86d1771911ae34a20d11bff3) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/09/05 13:47:25.0954 1584 BthPan (5904efa25f829bf84ea6fb045134a1d8) C:\Windows\system32\DRIVERS\bthpan.sys
2011/09/05 13:47:26.0053 1584 BTHPORT (611ff3f2f095c8d4a6d4cfd9dcc09793) C:\Windows\system32\Drivers\BTHport.sys
2011/09/05 13:47:26.0122 1584 BTHUSB (d330803eab2a15caec7f011f1d4cb30e) C:\Windows\system32\Drivers\BTHUSB.sys
2011/09/05 13:47:26.0194 1584 btwaudio (f2195899900e358614fa535ea503373e) C:\Windows\system32\drivers\btwaudio.sys
2011/09/05 13:47:26.0238 1584 btwavdt (769dfbe72448b31221db818a049760a5) C:\Windows\system32\drivers\btwavdt.sys
2011/09/05 13:47:26.0286 1584 btwl2cap (d02f4d18aa4a38f781beefeb1892e144) C:\Windows\system32\DRIVERS\btwl2cap.sys
2011/09/05 13:47:26.0313 1584 btwrchid (9fa7311ce621683aab68a324e623f9b2) C:\Windows\system32\DRIVERS\btwrchid.sys
2011/09/05 13:47:26.0367 1584 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/09/05 13:47:26.0419 1584 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
2011/09/05 13:47:26.0459 1584 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
2011/09/05 13:47:26.0530 1584 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
2011/09/05 13:47:26.0646 1584 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/09/05 13:47:26.0683 1584 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
2011/09/05 13:47:26.0714 1584 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
2011/09/05 13:47:26.0755 1584 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
2011/09/05 13:47:26.0794 1584 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
2011/09/05 13:47:26.0880 1584 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
2011/09/05 13:47:26.0975 1584 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
2011/09/05 13:47:27.0029 1584 DKbFltr (73baf270d24fe726b9cd7f80bb17a23d) C:\Windows\system32\DRIVERS\DKbFltr.sys
2011/09/05 13:47:27.0083 1584 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2011/09/05 13:47:27.0138 1584 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
2011/09/05 13:47:27.0200 1584 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/09/05 13:47:27.0260 1584 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
2011/09/05 13:47:27.0366 1584 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
2011/09/05 13:47:27.0449 1584 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
2011/09/05 13:47:27.0542 1584 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
2011/09/05 13:47:27.0592 1584 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
2011/09/05 13:47:27.0648 1584 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
2011/09/05 13:47:27.0721 1584 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2011/09/05 13:47:27.0756 1584 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2011/09/05 13:47:27.0796 1584 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/09/05 13:47:27.0845 1584 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
2011/09/05 13:47:27.0891 1584 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2011/09/05 13:47:27.0924 1584 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
2011/09/05 13:47:28.0015 1584 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
2011/09/05 13:47:28.0069 1584 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/09/05 13:47:28.0124 1584 HidBth (fcb3f4be408f72c1bd81bcaba87fc22f) C:\Windows\system32\DRIVERS\hidbth.sys
2011/09/05 13:47:28.0151 1584 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2011/09/05 13:47:28.0213 1584 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
2011/09/05 13:47:28.0252 1584 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
2011/09/05 13:47:28.0311 1584 HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
2011/09/05 13:47:28.0388 1584 HSF_DPV (7bc42c65b5c6281777c1a7605b253ba8) C:\Windows\system32\DRIVERS\HSX_DPV.sys
2011/09/05 13:47:28.0521 1584 HSXHWAZL (9ebf2d102ccbb6bcdfbf1b7922f8ba2e) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
2011/09/05 13:47:28.0584 1584 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
2011/09/05 13:47:28.0687 1584 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
2011/09/05 13:47:28.0740 1584 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/09/05 13:47:28.0797 1584 iaStor (e5a0034847537eaee3c00349d5c34c5f) C:\Windows\system32\DRIVERS\iaStor.sys
2011/09/05 13:47:28.0835 1584 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
2011/09/05 13:47:28.0964 1584 igfx (d0bf041acf103ba66987db95480a6a0f) C:\Windows\system32\DRIVERS\igdkmd32.sys
2011/09/05 13:47:29.0046 1584 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/09/05 13:47:29.0112 1584 int15 (c6e5276c00ebdeb096bb5ef4b797d1b6) C:\Windows\system32\drivers\int15.sys
2011/09/05 13:47:29.0235 1584 IntcAzAudAddService (b795745f7e51aa20d46753ec5a811aca) C:\Windows\system32\drivers\RTKVHDA.sys
2011/09/05 13:47:29.0312 1584 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
2011/09/05 13:47:29.0364 1584 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2011/09/05 13:47:29.0420 1584 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/09/05 13:47:29.0487 1584 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
2011/09/05 13:47:29.0520 1584 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2011/09/05 13:47:29.0569 1584 irda (e50a95179211b12946f7e035d60af560) C:\Windows\system32\DRIVERS\irda.sys
2011/09/05 13:47:29.0597 1584 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2011/09/05 13:47:29.0640 1584 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
2011/09/05 13:47:29.0684 1584 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/09/05 13:47:29.0722 1584 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/09/05 13:47:29.0756 1584 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/09/05 13:47:29.0785 1584 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/09/05 13:47:29.0847 1584 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/09/05 13:47:29.0915 1584 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
2011/09/05 13:47:29.0986 1584 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/09/05 13:47:30.0049 1584 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
2011/09/05 13:47:30.0075 1584 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
2011/09/05 13:47:30.0117 1584 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
2011/09/05 13:47:30.0138 1584 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2011/09/05 13:47:30.0211 1584 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
2011/09/05 13:47:30.0264 1584 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
2011/09/05 13:47:30.0313 1584 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
2011/09/05 13:47:30.0375 1584 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2011/09/05 13:47:30.0403 1584 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2011/09/05 13:47:30.0441 1584 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2011/09/05 13:47:30.0486 1584 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2011/09/05 13:47:30.0517 1584 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2011/09/05 13:47:30.0558 1584 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
2011/09/05 13:47:30.0612 1584 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2011/09/05 13:47:30.0650 1584 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/09/05 13:47:30.0706 1584 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
2011/09/05 13:47:30.0772 1584 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/09/05 13:47:30.0830 1584 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/09/05 13:47:30.0871 1584 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/09/05 13:47:30.0900 1584 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
2011/09/05 13:47:30.0942 1584 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
2011/09/05 13:47:31.0007 1584 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2011/09/05 13:47:31.0039 1584 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2011/09/05 13:47:31.0083 1584 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2011/09/05 13:47:31.0125 1584 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/09/05 13:47:31.0147 1584 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2011/09/05 13:47:31.0207 1584 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
2011/09/05 13:47:31.0252 1584 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/09/05 13:47:31.0317 1584 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2011/09/05 13:47:31.0343 1584 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
2011/09/05 13:47:31.0415 1584 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
2011/09/05 13:47:31.0496 1584 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
2011/09/05 13:47:31.0528 1584 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/09/05 13:47:31.0564 1584 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/09/05 13:47:31.0616 1584 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/09/05 13:47:31.0641 1584 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2011/09/05 13:47:31.0681 1584 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2011/09/05 13:47:31.0739 1584 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
2011/09/05 13:47:31.0886 1584 NETw3v32 (35d5458d9a1b26b2005abffbf4c1c5e7) C:\Windows\system32\DRIVERS\NETw3v32.sys
2011/09/05 13:47:32.0036 1584 NETw4v32 (38d720e0c8b0ecb9a019980265679798) C:\Windows\system32\DRIVERS\NETw4v32.sys
2011/09/05 13:47:32.0114 1584 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/09/05 13:47:32.0185 1584 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
2011/09/05 13:47:32.0214 1584 NSCIRDA (6d8d2e5652fc2442c810c5d8be784148) C:\Windows\system32\DRIVERS\nscirda.sys
2011/09/05 13:47:32.0258 1584 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2011/09/05 13:47:32.0347 1584 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
2011/09/05 13:47:32.0415 1584 NTIDrvr (7f1c1f78d709c4a54cbb46ede7e0b48d) C:\Windows\system32\DRIVERS\NTIDrvr.sys
2011/09/05 13:47:32.0439 1584 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/09/05 13:47:32.0462 1584 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2011/09/05 13:47:32.0497 1584 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
2011/09/05 13:47:32.0523 1584 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
2011/09/05 13:47:32.0564 1584 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
2011/09/05 13:47:32.0717 1584 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/09/05 13:47:32.0788 1584 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2011/09/05 13:47:32.0828 1584 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
2011/09/05 13:47:32.0870 1584 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2011/09/05 13:47:32.0918 1584 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
2011/09/05 13:47:32.0947 1584 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
2011/09/05 13:47:33.0010 1584 pcmcia (3bb2244f343b610c29c98035504c9b75) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/09/05 13:47:33.0072 1584 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/09/05 13:47:33.0212 1584 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2011/09/05 13:47:33.0242 1584 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
2011/09/05 13:47:33.0305 1584 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
2011/09/05 13:47:33.0344 1584 PSDFilter (18de162f9b83079c24cd96f59292f5ed) C:\Windows\system32\DRIVERS\psdfilter.sys
2011/09/05 13:47:33.0375 1584 PSDNServ (bc1457a28e76ab3106d43802ac22a627) C:\Windows\system32\DRIVERS\PSDNServ.sys
2011/09/05 13:47:33.0398 1584 psdvdisk (ac151e5b0943304e368c98ec78b5fc4f) C:\Windows\system32\DRIVERS\PSDVdisk.sys
2011/09/05 13:47:33.0494 1584 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
2011/09/05 13:47:33.0564 1584 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/09/05 13:47:33.0604 1584 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2011/09/05 13:47:33.0629 1584 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2011/09/05 13:47:33.0668 1584 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/09/05 13:47:33.0721 1584 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/09/05 13:47:33.0765 1584 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
2011/09/05 13:47:33.0821 1584 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
2011/09/05 13:47:33.0884 1584 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/09/05 13:47:33.0932 1584 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
2011/09/05 13:47:33.0954 1584 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2011/09/05 13:47:34.0010 1584 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
2011/09/05 13:47:34.0090 1584 RFCOMM (6482707f9f4da0ecbab43b2e0398a101) C:\Windows\system32\DRIVERS\rfcomm.sys
2011/09/05 13:47:34.0136 1584 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2011/09/05 13:47:34.0180 1584 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/09/05 13:47:34.0284 1584 sdbus (8f36b54688c31eed4580129040c6a3d3) C:\Windows\system32\DRIVERS\sdbus.sys
2011/09/05 13:47:34.0327 1584 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/09/05 13:47:34.0376 1584 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
2011/09/05 13:47:34.0411 1584 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2011/09/05 13:47:34.0438 1584 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2011/09/05 13:47:34.0510 1584 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\DRIVERS\sffdisk.sys
2011/09/05 13:47:34.0534 1584 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
2011/09/05 13:47:34.0578 1584 sffp_sd (9f66a46c55d6f1ccabc79bb7afccc545) C:\Windows\system32\DRIVERS\sffp_sd.sys
2011/09/05 13:47:34.0624 1584 sfloppy (c33bfbd6e9e41fcd9ffef9729e9faed6) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/09/05 13:47:34.0672 1584 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
2011/09/05 13:47:34.0702 1584 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
2011/09/05 13:47:34.0738 1584 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
2011/09/05 13:47:34.0811 1584 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
2011/09/05 13:47:34.0936 1584 SNP2UVC (0302bc619d4a723317e7f8eb0c362bd3) C:\Windows\system32\DRIVERS\snp2uvc.sys
2011/09/05 13:47:35.0019 1584 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2011/09/05 13:47:35.0092 1584 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
2011/09/05 13:47:35.0148 1584 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
2011/09/05 13:47:35.0201 1584 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
2011/09/05 13:47:35.0280 1584 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2011/09/05 13:47:35.0323 1584 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/09/05 13:47:35.0364 1584 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/09/05 13:47:35.0398 1584 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/09/05 13:47:35.0444 1584 SynTP (c5f25d490d0915732508fd421bf76d93) C:\Windows\system32\DRIVERS\SynTP.sys
2011/09/05 13:47:35.0541 1584 Tcpip (2756186e287139310997090797e0182b) C:\Windows\system32\drivers\tcpip.sys
2011/09/05 13:47:35.0604 1584 Tcpip6 (2756186e287139310997090797e0182b) C:\Windows\system32\DRIVERS\tcpip.sys
2011/09/05 13:47:35.0657 1584 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
2011/09/05 13:47:35.0700 1584 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2011/09/05 13:47:35.0732 1584 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2011/09/05 13:47:35.0784 1584 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
2011/09/05 13:47:35.0827 1584 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
2011/09/05 13:47:35.0902 1584 tifm21 (78213f01ce781f93180bef5eb5b3ad81) C:\Windows\system32\drivers\tifm21.sys
2011/09/05 13:47:35.0963 1584 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/09/05 13:47:36.0019 1584 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2011/09/05 13:47:36.0065 1584 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
2011/09/05 13:47:36.0109 1584 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
2011/09/05 13:47:36.0154 1584 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
2011/09/05 13:47:36.0212 1584 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
2011/09/05 13:47:36.0251 1584 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
2011/09/05 13:47:36.0296 1584 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/09/05 13:47:36.0328 1584 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/09/05 13:47:36.0370 1584 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2011/09/05 13:47:36.0443 1584 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/09/05 13:47:36.0508 1584 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/09/05 13:47:36.0548 1584 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
2011/09/05 13:47:36.0611 1584 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
2011/09/05 13:47:36.0653 1584 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
2011/09/05 13:47:36.0682 1584 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys
2011/09/05 13:47:36.0719 1584 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/09/05 13:47:36.0746 1584 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/09/05 13:47:36.0795 1584 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
2011/09/05 13:47:36.0843 1584 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/09/05 13:47:36.0862 1584 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2011/09/05 13:47:36.0903 1584 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
2011/09/05 13:47:36.0937 1584 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
2011/09/05 13:47:36.0981 1584 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
2011/09/05 13:47:37.0039 1584 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2011/09/05 13:47:37.0087 1584 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
2011/09/05 13:47:37.0141 1584 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
2011/09/05 13:47:37.0179 1584 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
2011/09/05 13:47:37.0239 1584 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/09/05 13:47:37.0271 1584 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/09/05 13:47:37.0290 1584 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/09/05 13:47:37.0351 1584 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
2011/09/05 13:47:37.0396 1584 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2011/09/05 13:47:37.0506 1584 winachsf (5a77ac34a0ffb70ce8b35b524fede9ba) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
2011/09/05 13:47:37.0630 1584 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/09/05 13:47:37.0748 1584 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
2011/09/05 13:47:37.0786 1584 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/09/05 13:47:37.0865 1584 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/09/05 13:47:37.0914 1584 XAudio (88af537264f2b818da15479ceeaf5d7c) C:\Windows\system32\DRIVERS\xaudio.sys
2011/09/05 13:47:37.0984 1584 MBR (0x1B8) (036d4ebb79e13e67e78acf2dab65bcc3) \Device\Harddisk0\DR0
2011/09/05 13:47:37.0990 1584 \Device\Harddisk0\DR0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2011/09/05 13:47:38.0014 1584 Boot (0x1200) (709cc875920dda6308ea7469c1175712) \Device\Harddisk0\DR0\Partition0
2011/09/05 13:47:38.0052 1584 Boot (0x1200) (27a3e47df150fea1960b61c6346f4aa4) \Device\Harddisk0\DR0\Partition1
2011/09/05 13:47:38.0060 1584 ================================================================================
2011/09/05 13:47:38.0060 1584 Scan finished
2011/09/05 13:47:38.0060 1584 ================================================================================
2011/09/05 13:47:38.0074 1520 Detected object count: 1
2011/09/05 13:47:38.0074 1520 Actual detected object count: 1
2011/09/05 13:47:59.0624 1520 \Device\Harddisk0\DR0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot
2011/09/05 13:47:59.0624 1520 \Device\Harddisk0\DR0 - ok
2011/09/05 13:47:59.0625 1520 Rootkit.Win32.TDSS.tdl4(\Device\Harddisk0\DR0) - User select action: Cure
2011/09/05 13:49:57.0179 1916 Deinitialize success

#7 Příspěvek od **vyosek** » 05 zář 2011 13:43

Fajn, asi nejvetsiho svinaka mame z krku, jdeme dale

Stahnete RogueKiller http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe

Ukoncete vsechny programy
Pokud pouzivate Win Vista ci W7, kliknete na RogueKiller pravym a dejte Run As Administrator ci Spustit jako spravce
Zvolte moznost 2 a potvrte enterem
Utilita provede svou cinnost a da log - ten sem vlozte
Nyni znovu, ale zvolte moznost 3 a pote jeste 4 - logy opet vlozte

JuraFilth · #8 Příspěvek od **JuraFilth** » 05 zář 2011 14:02

RogueKiller V5.3.4 [08/30/2011] by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-toile.com/discussion- ... ntees.html

Operating System: Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Safe mode with network support
User: Marthy [Admin rights]
Mode: Remove -- Date : 09/05/2011 14:57:39

Bad processes: 0

Registry Entries: 12
[SUSP PATH] HKCU\[...]\Run : Facebook Update ("C:\Users\Marthy\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver) -> DELETED
[] HKUS\[...]\Run : () -> ACCESS DENIED
[] HKUS\[...]\Run : () -> ACCESS DENIED
[SUSP PATH] FacebookUpdateTaskUserS-1-5-21-1044510239-3152094905-1695406771-1003UA.job : C:\Users\Marthy\AppData\Local\Facebook\Update\FacebookUpdate.exe -> DELETED
[SUSP PATH] FacebookUpdateTaskUserS-1-5-21-1044510239-3152094905-1695406771-1003Core.job : C:\Users\Marthy\AppData\Local\Facebook\Update\FacebookUpdate.exe -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : brastk.exe (svchost.exe) -> DELETED
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[HJ] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[HJ] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[HJ] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> REPLACED (0)
[HJ] HKCU\[...]\NewStartPanel : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> REPLACED (0)

Particular Files / Folders:

HOSTS File:
::1 localhost
94.75.207.107 google.com
94.75.207.107 google.com.au
94.75.207.107 www.google.com.au
94.75.207.107 google.be
94.75.207.107 www.google.be
94.75.207.107 google.com.br
94.75.207.107 www.google.com.br
94.75.207.107 google.ca
94.75.207.107 www.google.ca
94.75.207.107 google.ch
94.75.207.107 www.google.ch
94.75.207.107 google.de
94.75.207.107 www.google.de
94.75.207.107 google.dk
94.75.207.107 www.google.dk
94.75.207.107 google.fr
94.75.207.107 www.google.fr
94.75.207.107 google.ie
94.75.207.107 www.google.ie
[...]

Finished : << RKreport[1].txt >>
RKreport[1].txt

RogueKiller V5.3.4 [08/30/2011] by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-toile.com/discussion- ... ntees.html

Operating System: Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Safe mode with network support
User: Marthy [Admin rights]
Mode: HOSTSFix -- Date : 09/05/2011 14:59:23

Bad processes: 0

HOSTS File:
::1 localhost
94.75.207.107 google.com
94.75.207.107 google.com.au
94.75.207.107 www.google.com.au
94.75.207.107 google.be
94.75.207.107 www.google.be
94.75.207.107 google.com.br
94.75.207.107 www.google.com.br
94.75.207.107 google.ca
94.75.207.107 www.google.ca
94.75.207.107 google.ch
94.75.207.107 www.google.ch
94.75.207.107 google.de
94.75.207.107 www.google.de
94.75.207.107 google.dk
94.75.207.107 www.google.dk
94.75.207.107 google.fr
94.75.207.107 www.google.fr
94.75.207.107 google.ie
94.75.207.107 www.google.ie
[...]

Resetted HOSTS:
127.0.0.1 localhost

Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt

RogueKiller V5.3.4 [08/30/2011] by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-toile.com/discussion- ... ntees.html

Operating System: Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Safe mode with network support
User: Marthy [Admin rights]
Mode: ProxyFix -- Date : 09/05/2011 15:00:00

Bad processes: 0

Registry Entries: 0

Finished : << RKreport[3].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt

#9 Příspěvek od **vyosek** » 05 zář 2011 14:12

No fajn, hezky ji to zatim jde, takze vzhuru na dalsi krok

PROSIM CTETE DUKLADNE NAVOD - TATO UTILITA MA VELKOU SCHOPNOST MAZAT A JE NUTNE JI APLIKOVAT JEN NA DOPORUCENI, JINAK VAM MUZE JIT SYSTEM DO KYTEK

Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.
Pokud mate Win XP spustte pod uctem Spravce\Administratora
Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte
Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix

JuraFilth · #10 Příspěvek od **JuraFilth** » 05 zář 2011 14:23

nevi jak se vypinaji firewall a to ostatni, a ja to taky nevim protoze nejsem vlastnikem win vista pokud bych mohl poprosit o rozsireni tohoto bodu

diky

EDIT: tak prej brana byla vypnuta a antivirak prej nejde ani zapnoout

#11 Příspěvek od **vyosek** » 05 zář 2011 14:46

Nechte tedy antiviry zapnute, dle meho jsou poskozene - pripadne varovani ComboFixu o jejich aktivite odkliknete...

JuraFilth · #12 Příspěvek od **JuraFilth** » 05 zář 2011 15:32

pise : na,coklov kliknu zobrazi se pokus pouzit neplatnou operaci na klic registru,ktery je oznacen pro odsraneni....nejde mi nic

#13 Příspěvek od **vyosek** » 05 zář 2011 15:36

Restart PC a pujde to

JuraFilth · #14 Příspěvek od **JuraFilth** » 05 zář 2011 15:36

ComboFix 11-09-05.02 - Marthy 05.09.2011 16:05:51.1.2 - x86 NETWORK
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.420.1029.18.2038.1540 [GMT 2:00]
Spuštěný z: c:\users\Marthy\Desktop\ComboFix.exe
AV: AVG Internet Security *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
FW: AVG Firewall *Enabled* {621CC794-9486-F902-D092-0484E8EA828B}
SP: AVG Internet Security *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Mozilla Firefox\searchplugins\search.xml
c:\users\Guest\AppData\Roaming\Qyodeg
c:\users\Guest\AppData\Roaming\Qyodeg\ewdi.exe
c:\users\Guest\AppData\Roaming\Svchost.exe
c:\users\Guest\AppData\Roaming\winlogons.exe
c:\users\Marthy\AppData\Roaming\CleanUp Antivirus
c:\users\Marthy\AppData\Roaming\CleanUp Antivirus\Instructions.ini
c:\users\Marthy\AppData\Roaming\Desktopicon
c:\users\Marthy\AppData\Roaming\Microsoft\Windows\Recent\ANTIGEN.exe
c:\users\Marthy\AppData\Roaming\Microsoft\Windows\Recent\ANTIGEN.sys
c:\users\Marthy\AppData\Roaming\Microsoft\Windows\Recent\ANTIGEN.tmp
c:\users\Marthy\AppData\Roaming\Microsoft\Windows\Recent\cid.exe
c:\users\Marthy\AppData\Roaming\Microsoft\Windows\Recent\CLSV.dll
c:\users\Marthy\AppData\Roaming\Microsoft\Windows\Recent\CLSV.drv
c:\users\Marthy\AppData\Roaming\Microsoft\Windows\Recent\DBOLE.dll
c:\users\Marthy\AppData\Roaming\Microsoft\Windows\Recent\DBOLE.exe
c:\users\Marthy\AppData\Roaming\Microsoft\Windows\Recent\ddv.sys
c:\users\Marthy\AppData\Roaming\Microsoft\Windows\Recent\delfile.exe
c:\users\Marthy\AppData\Roaming\Microsoft\Windows\Recent\eb.tmp
c:\users\Marthy\AppData\Roaming\Microsoft\Windows\Recent\energy.drv
c:\users\Marthy\AppData\Roaming\Microsoft\Windows\Recent\energy.exe
c:\users\Marthy\AppData\Roaming\Microsoft\Windows\Recent\exec.dll
c:\users\Marthy\AppData\Roaming\Microsoft\Windows\Recent\exec.drv
c:\users\Marthy\AppData\Roaming\Microsoft\Windows\Recent\exec.exe
c:\users\Marthy\AppData\Roaming\Microsoft\Windows\Recent\fan.sys
c:\users\Marthy\AppData\Roaming\Microsoft\Windows\Recent\fan.tmp
c:\users\Marthy\AppData\Roaming\Microsoft\Windows\Recent\FW.dll
c:\users\Marthy\AppData\Roaming\Microsoft\Windows\Recent\FW.drv
c:\users\Marthy\AppData\Roaming\Microsoft\Windows\Recent\FW.tmp
c:\users\Marthy\AppData\Roaming\Microsoft\Windows\Recent\grid.exe
c:\users\Marthy\AppData\Roaming\Microsoft\Windows\Recent\grid.tmp
c:\users\Marthy\AppData\Roaming\Microsoft\Windows\Recent\kernel32.exe
c:\users\Marthy\AppData\Roaming\Microsoft\Windows\Recent\PE.dll
c:\users\Marthy\AppData\Roaming\Microsoft\Windows\Recent\PE.exe
c:\users\Marthy\AppData\Roaming\Microsoft\Windows\Recent\PE.sys
c:\users\Marthy\AppData\Roaming\Microsoft\Windows\Recent\PE.tmp
c:\users\Marthy\AppData\Roaming\Microsoft\Windows\Recent\runddl.drv
c:\users\Marthy\AppData\Roaming\Microsoft\Windows\Recent\SICKBOY.dll
c:\users\Marthy\AppData\Roaming\Microsoft\Windows\Recent\sld.dll
c:\users\Marthy\AppData\Roaming\Microsoft\Windows\Recent\snl2w.dll
c:\users\Marthy\AppData\Roaming\Microsoft\Windows\Recent\tempdoc.drv
c:\users\Marthy\AppData\Roaming\Microsoft\Windows\Recent\tjd.drv
c:\users\Marthy\AppData\Roaming\Microsoft\Windows\Recent\tjd.sys
c:\users\Marthy\AppData\Roaming\Microsoft\Windows\Recent\tjd.tmp
c:\users\Marthy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CleanUp Antivirus.lnk
c:\windows\iun6002.exe
c:\windows\system32\drivers\hosts
c:\windows\system32\system
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_nvUpdService
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-08-05 do 2011-09-05 )))))))))))))))))))))))))))))))
.
.
2011-09-05 14:13 . 2011-09-05 14:20 -------- d-----w- c:\users\Marthy\AppData\Local\temp
2011-09-05 14:13 . 2011-09-05 14:13 -------- d-----w- c:\users\Guest\AppData\Local\temp
2011-09-05 14:13 . 2011-09-05 14:13 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-09-05 11:56 . 2007-10-31 07:37 176128 ----a-w- c:\windows\system32\igfxres.dll
2011-09-05 11:22 . 2011-09-05 11:22 -------- d-----w- c:\program files\trend micro
2011-09-05 11:22 . 2011-09-05 11:22 -------- d-----w- C:\rsit
2011-08-28 23:32 . 2011-08-28 23:33 -------- d-----w- c:\users\Marthy\AppData\Local\Facebook
2011-08-25 19:48 . 2011-08-25 19:54 -------- d-----w- C:\f493e09c3922936649fd1136f6
2011-08-24 20:16 . 2011-06-17 16:03 375808 ----a-w- c:\windows\system32\winsrv.dll
2011-08-24 20:16 . 2011-07-06 15:31 214016 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-08-24 20:14 . 2011-06-20 08:54 3602832 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-08-24 20:14 . 2011-06-20 08:54 3550096 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-08-24 20:14 . 2011-06-17 20:13 905104 ----a-w- c:\windows\system32\drivers\tcpip.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-01 21:46 . 2011-08-01 21:46 266752 ----a-w- c:\users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\enfeo.exe
.

Kód: Vybrat vše

<pre>
c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM .exe
c:\program files\Common Files\Java\Java Update\jusched .exe
c:\program files\DivX\DivX Update\DivXUpdate .exe
c:\program files\Microsoft Office\Office12\GrooveMonitor .exe
</pre>

.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files\uTorrentBar\tbuTor.dll" [2010-12-09 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-12-09 11:51 3911776 ----a-w- c:\program files\ConduitEngine\ConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
2010-12-09 11:51 3911776 ----a-w- c:\program files\uTorrentBar\tbuTor.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files\uTorrentBar\tbuTor.dll" [2010-12-09 3911776]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-12-09 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}"= "c:\program files\uTorrentBar\tbuTor.dll" [2010-12-09 3911776]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-12-09 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-01-03 00:00 39472 ----a-w- c:\acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-10-22 68856]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"SpeedBitVideoAccelerator"="c:\program files\SpeedBit Video Accelerator\VideoAccelerator.exe" [2011-04-12 2098376]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [N/A]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"eRecoveryService"="" [N/A]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-10-31 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-10-31 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-10-31 133656]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"KB394027.exe"="c:\windows\system32\config\systemprofile\AppData\Roaming\KB394027.exe" [N/A]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
enfeo.exe [2011-8-1 266752]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 2 (0x2)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=AVGRSSTX.DLL,avgrsstx.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
backup=c:\windows\pss\Bluetooth.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Empowering Technology Launcher.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Empowering Technology Launcher.lnk
backup=c:\windows\pss\Empowering Technology Launcher.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Marthy^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=c:\users\Marthy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=c:\windows\pss\Adobe Gamma.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Marthy^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.0.lnk]
path=c:\users\Marthy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk
backup=c:\windows\pss\OpenOffice.org 3.0.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-06-06 10:55 937920 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG9_TRAY]
2011-03-15 15:57 2071904 ----a-w- c:\progra~1\AVG\AVG9\avgtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitComet]
c:\program files\BitComet\BitComet.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CleanUp Antivirus]
c:\programdata\c2e0354\CUc2e0.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eDataSecurity Loader]
2008-01-02 23:55 521776 ----a-w- c:\acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
2008-01-21 02:25 125952 ----a-w- c:\windows\ehome\ehtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2007-10-31 08:05 166424 ----a-w- c:\windows\System32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2007-10-31 08:05 141848 ----a-w- c:\windows\System32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
2007-10-11 10:06 62760 ----a-w- c:\program files\CyberLink\PowerDVD\Language\Language.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LManager]
2008-01-07 23:51 858632 ----a-w- c:\progra~1\LAUNCH~1\LManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
c:\program files\Malwarebytes' Anti-Malware\mbam.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
c:\program files\Windows Live\Messenger\msnmsgr.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2007-10-31 08:05 133656 ----a-w- c:\windows\System32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PLFSetI]
2007-10-23 08:56 200704 ----a-w- c:\windows\PLFSetI.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PLFSetL]
2007-07-05 10:35 94208 ----a-w- c:\windows\PLFSetL.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-01-05 14:18 413696 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2008-01-22 12:23 81920 ------w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2008-01-08 00:25 4853760 ----a-w- c:\windows\RtHDVCpl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skytel]
2007-11-21 02:15 1826816 ----a-w- c:\windows\SkyTel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
c:\program files\Java\jre6\bin\jusched.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2008-10-22 16:00 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPStart]
2007-09-07 19:35 102400 ----a-w- c:\program files\Synaptics\SynTP\SynTPStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
2011-06-17 01:35 399736 ----a-w- c:\program files\uTorrent\uTorrent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WarReg_PopUp]
2008-01-29 07:03 303104 ----a-w- c:\program files\Acer\WR_PopUp\WarReg_PopUp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-21 02:23 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2010-06-22 216400]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
R2 AMService;AMService;c:\windows\TEMP\vbqvtx\setup.exe run [x]
R2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2010-06-22 308136]
R2 avgfws9;AVG Firewall;c:\program files\AVG\AVG9\avgfws9.exe [2010-11-25 2331544]
R2 AVGIDSAgent;AVG9IDSAgent;c:\program files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe AVGIDSAgent [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate1c98a38f5b8cd01;Google Update Service (gupdate1c98a38f5b8cd01);c:\program files\Google\Update\GoogleUpdate.exe [2009-02-08 133104]
R2 VideoAcceleratorService;VideoAcceleratorService;c:\progra~1\SPEEDB~1\VideoAcceleratorService.exe [2011-04-12 265928]
R3 AVGIDSDrivervtx;AVG9IDSDriver;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_Vista\AVGIDSDriver.sys [2010-06-22 122448]
R3 AVGIDSFiltervtx;AVG9IDSFilter;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_Vista\AVGIDSFilter.sys [2010-06-22 30288]
R3 AVGIDSShimvtx;AVG9IDSShim;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_Vista\AVGIDSShim.sys [2010-06-22 27216]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2007-05-18 28464]
R3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2009-02-08 133104]
R3 WisINT15;WisINT15;c:\elements\1stboot\WisINT15.SYS [x]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 AVGIDSErHrvtx;AVG9IDSErHr;c:\windows\System32\Drivers\AVGIDSvx.sys [2010-06-22 25168]
S0 AvgRkx86;avgrkx86.sys;c:\windows\System32\Drivers\avgrkx86.sys [2010-03-19 52872]
S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6x.sys [2010-03-19 24856]
S1 AvgTdiX;AVG Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2011-05-06 243152]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2007-07-22 180736]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Obsah adresáře 'Naplánované úlohy'
.
2011-09-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-08 22:02]
.
2011-09-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-08 22:02]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0405&s=2&o=vp32&d=1008&m=extensa_5620
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: WikiKomentáře Google... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
LSP: c:\program files\SpeedBit Video Accelerator\SBLSP.dll
TCP: DhcpNameServer = 10.0.0.138
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
URLSearchHooks-{72ae8426-3b8d-4ead-b191-8d0ad1c62158} - (no file)
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
AddRemove-CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFAOR2C06_118 - c:\program files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFAOR2C06_118\UIU32m.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-09-05 16:22
Windows 6.0.6002 Service Pack 2 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'Explorer.exe'(224)
c:\acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
c:\acer\Empowering Technology\eDataSecurity\x86\sysenv.dll
c:\windows\system32\btncopy.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\helppane.exe
c:\windows\system32\wbem\unsecapp.exe
.
**************************************************************************
.
Celkový čas: 2011-09-05 16:27:53 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-09-05 14:27
.
Před spuštěním: Volných bajtů: 95 776 804 864
Po spuštění: Volných bajtů: 95 983 460 352
.
- - End Of File - - 7BF339F686D977A15A8031E1C2F0F1F2

#15 Příspěvek od **vyosek** » 05 zář 2011 15:44

Pokud nemate, tak presunte Combofix na plochu

Spustte poznamkovy blok (Start-spustit-notepad)
Zkopirujte skript nize

Kód: Vybrat vše

KillAll::

RenV::
c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM .exe
c:\program files\Common Files\Java\Java Update\jusched .exe
c:\program files\DivX\DivX Update\DivXUpdate .exe
c:\program files\Microsoft Office\Office12\GrooveMonitor .exe

Driver::
AMService
gupdate1c98a38f5b8cd01
gupdatem

Folder::
c:\program files\uTorrentBar
c:\windows\TEMP\vbqvtx
c:\programdata\c2e0354

Registry::
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"=-
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"=-
"{30F9B915-B755-4826-820B-08FBA6BD249D}"=-
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"=-
"{30F9B915-B755-4826-820B-08FBA6BD249D}"=-
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"=-
"msnmsgr"=-
"WMPNSCFG"=-
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"KB394027.exe"=-
[-HKLM\~\startupfolder\C:^Users^Marthy^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma.lnk]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitComet]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CleanUp Antivirus]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
[-HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]

File::
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1044510239-3152094905-1695406771-1003Core.job
C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1044510239-3152094905-1695406771-1003UA.job

Collect::
c:\windows\TEMP\vbqvtx\setup.exe
c:\windows\system32\config\systemprofile\AppData\Roaming\KB394027.exe
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\enfeo.exe

DDS::
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACA ... tensa_5620

RegLock::[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]

AtJob::

MBR::

Reboot::

Ulozte vytvoreny TXT jako CFScript.txt
Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte

Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci

VIRY.CZ

Viry

Viry

Re: Viry

Re: Viry

Re: Viry

Re: Viry

Re: Viry

Re: Viry

Re: Viry

Re: Viry

Re: Viry

Re: Viry

Re: Viry

Re: Viry

Re: Viry

Re: Viry