Bios ChipAwayVirus - nakaza

Zpráva

lesieone · #1 Příspěvek od **lesieone** » 08 říj 2011 14:56

Ahojte, velmi pekne by som Vas chcela poprosit o pomoc pri rieseni mojho problemu s nasim rodinnym pc.
Pri zapinani PC vybehne biosovoa hlaska "ChipAwayVirus". Myslim, ze viete o co ide,
uz sa to tu riesilo. Viem, ze to viem vypnut v BIOSE, ale nakolko to predtym nerobilo, tak predpokladam,
ze PC je niecim nakazeny a treba prist na koren nakazy. AVG zatial nic nezachytil.
Sekundarny problem je ten, ze PC odmieta citat z USB portov. Neviem ci to s tym suvisi, alebo nie.

DAKUJEM DOPREDU ZA OCHOTU A VAS CAS !!!

Pripajam log z GMERu.

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600

CreateFile("\\.\PHYSICALDRIVE0"): Proces nemôže získať prístup k súboru, pretože daný súbor práve používa iný proces.
device: opened successfully
user: error reading MBR
kernel: MBR read successfully
detected disk devices:
detected hooks:
\Driver\atapi -> 0x898eb8f8
IoDeviceObjectType -> ParseProcedure -> 0x895bcf0a
\Device\Harddisk0\DR0 -> ParseProcedure -> 0x895bcf0a
user != kernel MBR !!!
Warning: possible MBR rootkit infection !
MBR rootkit infection detected ! Use: "mbr.exe -f" to fix.

a logy s RSIT:

Logfile of random's system information tool 1.09 (written by random/random)
Run by etien at 2011-10-08 16:27:03
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 12 GB (23%) free of 50 GB
Total RAM: 2048 MB (61% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:27:13, on 8.10.2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17099)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Super_DVD_Creator_9.8\NMSAccessU.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Opera\opera.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\AVG\AVG8\avgui.exe
C:\Program Files\AVG\AVG8\avgscanx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\AVG\AVG PC Tuneup 2011\BoostSpeed.exe
C:\Documents and Settings\etien\Desktop\RSIT.exe
C:\Program Files\trend micro\etien.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.sk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - - (no file)
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10e.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10e.exe (User 'Default user')
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files\AVG\AVG8\Toolbar\ToolbarBroker.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\Super_DVD_Creator_9.8\NMSAccessU.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 7791 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2009-12-12 1111320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
AVG Security Toolbar BHO - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll [2011-05-30 2495816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-07-21 41368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-07-21 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - AVG Security Toolbar - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll [2011-05-30 2495816]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2010-07-09 2048352]
"Smapp"=C:\Program Files\Analog Devices\SoundMAX\SMTray.exe [2002-10-11 98304]
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2007-03-01 153136]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-11-12 141600]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2008-11-07 21633320]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2007-05-16 153136]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2011-03-30 937920]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2011-09-08 37296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2009-08-18 11952]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\AVG\AVG8\avgemc.exe"="C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG8\avgnsx.exe"="C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe"
"C:\Documents and Settings\etien\Desktop\sdc222\StrongDC.exe"="C:\Documents and Settings\etien\Desktop\sdc222\StrongDC.exe:*:Enabled:StrongDC++"
"C:\Program Files\Internet Explorer\iexplore.exe"="C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer"
"C:\Program Files\Sony\Vegas Pro 8.0\VegSrv80.exe"="C:\Program Files\Sony\Vegas Pro 8.0\VegSrv80.exe:*:Enabled:Sony Vegas Network Render Service Control"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\totalcmd\TOTALCMD.EXE"="C:\Program Files\totalcmd\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit"
"C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"
"C:\WINDOWS\explorer.exe"="C:\WINDOWS\explorer.exe:*:Enabled:Windows"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"VIDC.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"VIDC.IYUV"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVU9"=tsbyuv.dll
"VIDC.YVYU"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"MIDI1"=SYNCOR11.DLL
"MSVideo8"=VfWWDM32.dll
"vidc.dfsc"=dfsc.dll
"msacm.dfscacm"=dfscacm.dll

======List of files/folders created in the last 2 months======

2011-10-08 15:53:21 ----D---- C:\Program Files\trend micro
2011-10-08 15:53:20 ----D---- C:\rsit
2011-08-19 04:49:44 ----D---- C:\Program Files\Free PDF to Word Converter
2011-08-19 04:45:51 ----A---- C:\WINDOWS\system32\pdfmonnt.dll
2011-08-19 04:45:50 ----D---- C:\WINDOWS\system32\pdfconverter

======List of files/folders modified in the last 2 months======

2011-10-08 16:27:17 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2011-10-08 16:08:12 ----D---- C:\WINDOWS\Prefetch
2011-10-08 16:04:23 ----D---- C:\WINDOWS
2011-10-08 16:04:18 ----D---- C:\WINDOWS\Temp
2011-10-08 16:04:13 ----SD---- C:\WINDOWS\Tasks
2011-10-08 15:53:21 ----RD---- C:\Program Files
2011-10-08 15:43:58 ----SHD---- C:\WINDOWS\Installer
2011-10-08 15:43:57 ----D---- C:\WINDOWS\WinSxS
2011-10-08 15:39:30 ----DC---- C:\WINDOWS\system32\DRVSTORE
2011-10-08 15:39:30 ----D---- C:\WINDOWS\system32\drivers
2011-10-08 15:36:50 ----D---- C:\Documents and Settings\etien\Application Data\Skype
2011-10-08 15:36:41 ----D---- C:\Documents and Settings\All Users\Application Data\Easybits GO
2011-10-08 15:35:43 ----D---- C:\WINDOWS\system32\CatRoot2
2011-10-08 15:30:41 ----A---- C:\WINDOWS\SchedLgU.Txt
2011-10-08 12:30:11 ----D---- C:\Documents and Settings\etien\Application Data\go
2011-10-07 10:43:31 ----D---- C:\WINDOWS\system32\drivers\Avg
2011-10-06 23:20:39 ----HD---- C:\WINDOWS\inf
2011-09-27 23:23:38 ----A---- C:\WINDOWS\wincmd.ini
2011-09-26 21:50:18 ----D---- C:\WINDOWS\Minidump
2011-09-21 00:38:16 ----D---- C:\WINDOWS\system32
2011-09-16 15:54:32 ----HD---- C:\$AVG8.VAULT$
2011-08-23 17:54:35 ----D---- C:\WINDOWS\Debug
2011-08-21 12:26:21 ----D---- C:\WINDOWS\Microsoft.NET
2011-08-21 12:26:12 ----RSD---- C:\WINDOWS\assembly
2011-08-21 11:21:13 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2011-08-21 11:16:31 ----RSHDC---- C:\WINDOWS\system32\dllcache
2011-08-21 11:16:09 ----HD---- C:\WINDOWS\$hf_mig$
2011-08-21 11:15:52 ----D---- C:\WINDOWS\system32\en-US
2011-08-21 11:15:52 ----D---- C:\Program Files\Internet Explorer
2011-08-21 11:15:37 ----D---- C:\WINDOWS\ie7updates

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 a347bus;a347bus; C:\WINDOWS\system32\DRIVERS\a347bus.sys [2004-04-30 160640]
R0 a347scsi;a347scsi; C:\WINDOWS\System32\Drivers\a347scsi.sys [2004-04-30 5248]
R0 ohci1394;VIA OHCI Compliant IEEE 1394 Host Controller; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2008-04-14 61696]
R0 uagp35;Microsoft AGPv3.5 Filter; C:\WINDOWS\system32\DRIVERS\uagp35.sys [2008-04-14 44672]
R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2009-08-18 335240]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2009-08-18 27784]
R1 AvgTdiX;AVG Free8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2009-07-20 108552]
R1 DumaNT;NVIDIA Stereo Helper Service; C:\WINDOWS\system32\DRIVERS\dumant.sys [2002-11-18 399700]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 36352]
R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2002-04-01 4816]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-14 60800]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-14 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-04-14 1897408]
R3 SISNIC;SiS PCI Fast Ethernet Adapter Driver; C:\WINDOWS\system32\DRIVERS\sisnic.sys [2008-04-14 32768]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2002-12-05 534976]
S3 61883;61883 Unit Device; C:\WINDOWS\system32\DRIVERS\61883.sys [2008-04-14 48128]
S3 Avc;AVC Device; C:\WINDOWS\system32\DRIVERS\avc.sys [2008-04-14 38912]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 GMSIPCI;GMSIPCI; \??\G:\INSTALL\GMSIPCI.SYS []
S3 Lavasoft Kernexplorer;Lavasoft helper driver; \??\C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys []
S3 mbr;mbr; \??\C:\DOCUME~1\etien\LOCALS~1\Temp\mbr.sys []
S3 MSDV;Microsoft DV Camera and VCR; C:\WINDOWS\system32\DRIVERS\msdv.sys [2008-04-14 51200]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-08-28 144672]
R2 avg8emc;AVG Free8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2009-08-18 908056]
R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-08-18 297752]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 ezGOSvc;Easybits GO Services for Windows; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-07-21 152984]
R2 NMSAccessU;NMSAccessU; C:\Program Files\Super_DVD_Creator_9.8\NMSAccessU.exe [2008-05-03 71096]
R2 SoundMAX Agent Service (default);SoundMAX Agent Service; C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe [2002-09-20 45056]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-08-11 38912]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-11-12 545568]
R3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-05-16 271920]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-09-26 136176]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service; C:\Program Files\AVG\AVG8\Toolbar\ToolbarBroker.exe [2011-05-30 1025352]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-07-21 654848]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-09-26 136176]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-04-13 792112]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

info.txt logfile of random's system information tool 1.09 2011-10-08 15:54:11

======Uninstall list======

-->MsiExec.exe /X{E9F81423-211E-46B6-9AE0-38568BC5CF6F}
-->C:\Program Files\Nero\Nero 7\\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
-->C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
-->C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
-->C:\WINDOWS\UNRecode.exe /UNINSTALL
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe After Effects CS3 Presets-->MsiExec.exe /I{4B215C29-1A3E-4736-92AA-10C83FA56EB9}
Adobe After Effects CS3-->C:\Program Files\Common Files\Adobe\Installers\b7dd24a87e82dcf8af8876fd727b7cf\Setup.exe
Adobe After Effects CS3-->MsiExec.exe /I{8AF3FB06-BDA3-42A3-995C-308812D2F094}
Adobe Anchor Service CS3-->MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3-->MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge CS3-->MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting-->MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe Camera Raw 4.0-->MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps-->MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color - Photoshop Specific-->MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
Adobe Color Common Settings-->MsiExec.exe /I{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}
Adobe Color EU Extra Settings-->MsiExec.exe /I{51846830-E7B2-4218-8968-B77F0FF475B8}
Adobe Color JA Extra Settings-->MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
Adobe Color NA Recommended Settings-->MsiExec.exe /I{95655ED4-7CA5-46DF-907F-7144877A32E5}
Adobe Default Language CS3-->MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3-->MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe ExtendScript Toolkit 2-->MsiExec.exe /I{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 11 Plugin-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil11a_Plugin.exe -maintain plugin
Adobe Fonts All-->MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
Adobe Help Viewer CS3-->MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
Adobe Linguistics CS3-->MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe MotionPicture Color Files-->MsiExec.exe /I{6B708481-748A-4EB4-97C1-CD386244FF77}
Adobe PDF Library Files-->MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Photoshop CS3-->C:\Program Files\Common Files\Adobe\Installers\2ac78060bc5856b0c1cf873bb919b58\Setup.exe
Adobe Photoshop CS3-->MsiExec.exe /I{0046FA01-C5B9-4985-BACB-398DC480FC05}
Adobe Reader 9.4.6-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A94000000001}
Adobe Setup-->MsiExec.exe /I{2C294A0B-DF22-4023-B168-8C7645B10019}
Adobe Setup-->MsiExec.exe /I{D1BB4446-AE9C-4256-9A7F-4D46604D2462}
Adobe Shockwave Player 11.5-->"C:\WINDOWS\system32\Adobe\Shockwave 11\uninstaller.exe"
Adobe Stock Photos CS3-->MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
Adobe Type Support-->MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3-->MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client-->MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe Video Profiles-->MsiExec.exe /I{845A8DB9-8802-4FD3-9FE3-938A6C46A2EC}
Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Adobe XMP DVA Panels CS3-->MsiExec.exe /I{0224CACC-994D-45F8-B973-D65056EA9C2F}
Adobe XMP Panels CS3-->MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923}
AnyPic Image Resizer 1.0.7-->"C:\Program Files\AnyPic Image Resizer\unins000.exe"
Apple Application Support-->MsiExec.exe /I{3FA365DF-2D68-45ED-8F83-8C8A33E65143}
Apple Mobile Device Support-->MsiExec.exe /I{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
AudioEase Speakersphone VST RTAS v1.01-->"C:\Program Files\Audio Ease\Speakerphone\Uninstall\unins000.exe"
AVG Free 8.5-->C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
AVG PC Tuneup 2011-->"C:\Program Files\AVG\AVG PC Tuneup 2011\unins000.exe"
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
BS.Player FREE-->"C:\Program Files\Webteh\BSplayer\uninstall.exe"
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
Codec Pack - All In 1 6.0.3.0-->C:\WINDOWS\iun6002.exe "C:\Program Files\Codec Pack - All In 1\irunin.ini"
DebugMode FrameServer-->"C:\Program Files\DebugMode\FrameServer\fsuninst.exe"
DjVuLibre+DjView-->C:\Program Files\DjVuZone\DjVuLibre\uninst.exe
DVDEncoder 2.11-->"C:\Program Files\dvdencoder\unins000.exe"
Easy DVD Creator 2.0.17-->"C:\Program Files\Easy DVD Creator\unins000.exe"
Free PDF to Word Converter 1.5-->"C:\Program Files\Free PDF to Word Converter\unins000.exe"
Free Sound Recorder v6.7-->"C:\Program Files\Free Sound Recorder\unins000.exe"
Free Sound Recorder-->C:\PROGRA~1\FREESO~1\UNWISE.EXE C:\PROGRA~1\FREESO~1\INSTALL.LOG
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
IrfanView (remove only)-->C:\Program Files\IrfanView\iv_uninstall.exe
iTunes-->MsiExec.exe /I{A6FDF86A-F541-4E7B-AEA0-8849A2A700D5}
Java(TM) 6 Update 14-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216014FF}
MeldaProduction Free VST Effects-->C:/Program Files/MeldaProduction/MFreeVSTEffects/setup.exe
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office FrontPage 2003-->MsiExec.exe /I{90170405-6000-11D3-8CFE-0150048383C9}
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{9011041B-6000-11D3-8CFE-0150048383C9}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
MSXML 6.0 Parser (KB925673)-->MsiExec.exe /I{FE9126DB-5F84-495A-BB46-3C724F1C2D08}
Nero 7 Ultra Edition-->MsiExec.exe /X{D98C0C51-F9BB-4EE4-B791-22BF6EE31051}
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
NVIDIA Windows 95/98/ME/2000/XP Stereo Drivers-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall.NT 132 C:\WINDOWS\INF\nvstereo.inf
Opera 9.60-->MsiExec.exe /X{D2F5287E-5F0E-447B-9157-B08AA4E2AC76}
PDF Settings-->MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
PDFConverter Printer Driver version 2.00-->"C:\WINDOWS\system32\pdfconverter\unins000.exe"
QuickTime-->MsiExec.exe /I{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A8894F19-59C8-38D2-8A75-36C0CCE56A5B} /qb+ REBOOTPROMPT=""
Security Update for Windows Internet Explorer 7 (KB2183461)-->"C:\WINDOWS\ie7updates\KB2183461-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB2360131)-->"C:\WINDOWS\ie7updates\KB2360131-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB2416400)-->"C:\WINDOWS\ie7updates\KB2416400-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB2497640)-->"C:\WINDOWS\ie7updates\KB2497640-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB2530548)-->"C:\WINDOWS\ie7updates\KB2530548-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB2544521)-->"C:\WINDOWS\ie7updates\KB2544521-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB2559049)-->"C:\WINDOWS\ie7updates\KB2559049-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB972260)-->"C:\WINDOWS\ie7updates\KB972260-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB974455)-->"C:\WINDOWS\ie7updates\KB974455-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB976325)-->"C:\WINDOWS\ie7updates\KB976325-IE7\spuninst\spuninst.exe"
Security Update for Windows XP (KB2507938)-->"C:\WINDOWS\$NtUninstallKB2507938$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2536276-v2)-->"C:\WINDOWS\$NtUninstallKB2536276-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2555917)-->"C:\WINDOWS\$NtUninstallKB2555917$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2562937)-->"C:\WINDOWS\$NtUninstallKB2562937$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2566454)-->"C:\WINDOWS\$NtUninstallKB2566454$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2567680)-->"C:\WINDOWS\$NtUninstallKB2567680$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2570222)-->"C:\WINDOWS\$NtUninstallKB2570222$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Skype™ 3.8-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
Sony Noise Reduction Plug-In 2.0h-->MsiExec.exe /X{06A1BE8A-4CA4-4A39-B9E4-E815AA8FE05C}
Sony Sound Forge 8.0-->MsiExec.exe /X{767572FD-4D01-4FA3-B0A6-4B09FB2CFC37}
Sony Vegas Pro 8.0-->MsiExec.exe /X{7C9AD221-994C-45B2-B46D-26F5735158CF}
SoundMAX-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\Setup.exe"
Spelling Dictionaries Support For Adobe Reader 9-->MsiExec.exe /I{AC76BA86-7AD7-5464-3428-900000000004}
Super DVD Creator 9.8 Full Version-->"C:\Program Files\Super_DVD_Creator_9.8\unins000.exe"
Total Commander (Remove or Repair)-->C:\Program Files\totalcmd\tcuninst.exe
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Windows Internet Explorer 7 (KB980182)-->"C:\WINDOWS\ie7updates\KB980182-IE7\spuninst\spuninst.exe"
VideoLAN VLC media player 0.8.6i-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Voxengo Redunoise VST 1.6-->"C:\Program Files\Vstplugins\Voxengo Redunoise VST\uninstall.exe"
Windows Internet Explorer 7-->"C:\WINDOWS\ie7\spuninst\spuninst.exe"
Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Presentation Foundation-->MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe

======Security center information======

AV: AVG Anti-Virus Free

======System event log======

Computer Name: STEVIK
Event Code: 11
Message: Ovládač zistil chybu radiča na \Device\Harddisk2\D.

Record Number: 12162
Source Name: Disk
Time Written: 20110830034302.000000+120
Event Type: chyba
User:

Computer Name: STEVIK
Event Code: 11
Message: Ovládač zistil chybu radiča na \Device\Harddisk2\D.

Record Number: 12161
Source Name: Disk
Time Written: 20110830034301.000000+120
Event Type: chyba
User:

Computer Name: STEVIK
Event Code: 11
Message: Ovládač zistil chybu radiča na \Device\Harddisk2\D.

Record Number: 12160
Source Name: Disk
Time Written: 20110830034256.000000+120
Event Type: chyba
User:

Computer Name: STEVIK
Event Code: 11
Message: Ovládač zistil chybu radiča na \Device\Harddisk2\D.

Record Number: 12159
Source Name: Disk
Time Written: 20110830034255.000000+120
Event Type: chyba
User:

Computer Name: STEVIK
Event Code: 11
Message: Ovládač zistil chybu radiča na \Device\Harddisk2\D.

Record Number: 12158
Source Name: Disk
Time Written: 20110830034254.000000+120
Event Type: chyba
User:

=====Application event log=====

Computer Name: STEVIK
Event Code: 1041
Message: Systém Windows nemôže zadať dotaz na položku databázy Registry DllName pre rozšírenie {7B849a69-220F-451E-B3FE-2CB811AF94AE}, a rozšírenie preto nebude načítané. Toto je pravdepodobne spôsobené chybnou registráciou.

Record Number: 24724
Source Name: Userenv
Time Written: 20110802155500.000000+120
Event Type: chyba
User: NT AUTHORITY\SYSTEM

Computer Name: STEVIK
Event Code: 1041
Message: Systém Windows nemôže zadať dotaz na položku databázy Registry DllName pre rozšírenie {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}, a rozšírenie preto nebude načítané. Toto je pravdepodobne spôsobené chybnou registráciou.

Record Number: 24723
Source Name: Userenv
Time Written: 20110802155500.000000+120
Event Type: chyba
User: NT AUTHORITY\SYSTEM

Computer Name: STEVIK
Event Code: 1041
Message: Systém Windows nemôže zadať dotaz na položku databázy Registry DllName pre rozšírenie {7B849a69-220F-451E-B3FE-2CB811AF94AE}, a rozšírenie preto nebude načítané. Toto je pravdepodobne spôsobené chybnou registráciou.

Record Number: 24722
Source Name: Userenv
Time Written: 20110802155500.000000+120
Event Type: chyba
User: NT AUTHORITY\SYSTEM

Computer Name: STEVIK
Event Code: 0
Message:
Record Number: 24721
Source Name: gupdate
Time Written: 20110802144919.000000+120
Event Type: informácie
User:

Computer Name: STEVIK
Event Code: 0
Message:
Record Number: 24720
Source Name: gupdate
Time Written: 20110802144901.000000+120
Event Type: informácie
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 2 Stepping 9, GenuineIntel
"PROCESSOR_REVISION"=0209
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip

-----------------EOF-----------------

#2 Příspěvek od **vyosek** » 08 říj 2011 16:51

Zdravim a pekny podvecer preji

Nedavejte prosim logy do code, spatne se to lusti a boli z toho oci

Stahnete si TDSSKiller http://support.kaspersky.com/downloads/ ... killer.exe

Utilitu spustte a prikazte ji, at skenuje - klik na Start Scan
Pokud utilita najde infikekci, bude ji chtit lecit (Cure), povolte leceni kliknutim na Continue
Pokud utilita najde podezrely soubor (suspicious), bude jej chtit preskocit (Skip), povolte preskoceni kliknutim na Continue
Po dokonceni skenu bude mozna nutny restart PC, povolte jej kliknutim na Reboot now
Po restartu na Vas vyskoci log, pokud se tak nestane, najdete jej primo na disku, kde mate Windows (obvykle c:\) ve tvaru TDSSKiller.nejaka cisilka _log.txt - jeho obsah sem vlozte
Pokud restart nebude vyzadovan, kliknete na Close a nasledne na Report - vytvori se log - jeho obsah sem vlozte

lesieone · #3 Příspěvek od **lesieone** » 08 říj 2011 22:31

Dakujem za odpoved!!!! Vykonala som vsetko podla pokynov

Nejaky "sajrajt" tam naslo a odstranilo

Uz totiz PC nabehol bez "uvodneho zvitania" ChipAwayvirusom". Log prikladam:

23:19:37.0531 3728 TDSS rootkit removing tool 2.6.6.0 Oct 7 2011 12:45:24
23:19:37.0968 3728 ============================================================
23:19:38.0000 3728 Current date / time: 2011/10/08 23:19:37.0968
23:19:38.0000 3728 SystemInfo:
23:19:38.0000 3728
23:19:38.0000 3728 OS Version: 5.1.2600 ServicePack: 3.0
23:19:38.0000 3728 Product type: Workstation
23:19:38.0000 3728 ComputerName: STEVIK
23:19:38.0000 3728 UserName: etien
23:19:38.0000 3728 Windows directory: C:\WINDOWS
23:19:38.0000 3728 System windows directory: C:\WINDOWS
23:19:38.0000 3728 Processor architecture: Intel x86
23:19:38.0000 3728 Number of processors: 1
23:19:38.0000 3728 Page size: 0x1000
23:19:38.0000 3728 Boot type: Normal boot
23:19:38.0000 3728 ============================================================
23:19:40.0046 3728 Initialize success
23:19:43.0781 3192 ============================================================
23:19:43.0781 3192 Scan started
23:19:43.0781 3192 Mode: Manual;
23:19:43.0781 3192 ============================================================
23:19:45.0625 3192 61883 (914a9709fc3bf419ad2f85547f2a4832) C:\WINDOWS\system32\DRIVERS\61883.sys
23:19:45.0625 3192 61883 - ok
23:19:45.0703 3192 a347bus (1f61cacacb521215f39061789147968c) C:\WINDOWS\system32\DRIVERS\a347bus.sys
23:19:45.0703 3192 a347bus - ok
23:19:45.0765 3192 a347scsi (113e4b318bbaa7483ca4e582a4d63f49) C:\WINDOWS\system32\Drivers\a347scsi.sys
23:19:45.0765 3192 a347scsi - ok
23:19:45.0796 3192 Abiosdsk - ok
23:19:45.0843 3192 abp480n5 - ok
23:19:45.0906 3192 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
23:19:45.0921 3192 ACPI - ok
23:19:46.0000 3192 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
23:19:46.0015 3192 ACPIEC - ok
23:19:46.0093 3192 adpu160m - ok
23:19:46.0156 3192 aeaudio (11c04b17ed2abbb4833694bcd644ac90) C:\WINDOWS\system32\drivers\aeaudio.sys
23:19:46.0156 3192 aeaudio - ok
23:19:46.0234 3192 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
23:19:46.0234 3192 aec - ok
23:19:46.0296 3192 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys
23:19:46.0296 3192 AFD - ok
23:19:46.0328 3192 Aha154x - ok
23:19:46.0375 3192 aic78u2 - ok
23:19:46.0406 3192 aic78xx - ok
23:19:46.0453 3192 AliIde - ok
23:19:46.0484 3192 amsint - ok
23:19:46.0562 3192 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
23:19:46.0562 3192 Arp1394 - ok
23:19:46.0609 3192 asc - ok
23:19:46.0640 3192 asc3350p - ok
23:19:46.0671 3192 asc3550 - ok
23:19:46.0750 3192 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
23:19:46.0750 3192 AsyncMac - ok
23:19:46.0828 3192 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
23:19:46.0828 3192 Suspicious file (NoAccess): C:\WINDOWS\system32\DRIVERS\atapi.sys. md5: 9f3a2f5aa6875c72bf062c712cfa2674
23:19:46.0828 3192 atapi ( LockedFile.Multi.Generic ) - warning
23:19:46.0828 3192 atapi - detected LockedFile.Multi.Generic (1)
23:19:46.0859 3192 Atdisk - ok
23:19:46.0953 3192 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
23:19:46.0953 3192 Atmarpc - ok
23:19:47.0109 3192 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
23:19:47.0109 3192 audstub - ok
23:19:47.0187 3192 Avc (f8e6956a614f15a0860474c5e2a7de6b) C:\WINDOWS\system32\DRIVERS\avc.sys
23:19:47.0187 3192 Avc - ok
23:19:47.0296 3192 AvgLdx86 (bc12f2404bb6f2b6b2ff3c4c246cb752) C:\WINDOWS\System32\Drivers\avgldx86.sys
23:19:47.0312 3192 AvgLdx86 - ok
23:19:47.0390 3192 AvgMfx86 (5903d729d4f0c5bca74123c96a1b29e0) C:\WINDOWS\System32\Drivers\avgmfx86.sys
23:19:47.0390 3192 AvgMfx86 - ok
23:19:47.0468 3192 AvgTdiX (92d8e1e8502e649b60e70074eb29c380) C:\WINDOWS\System32\Drivers\avgtdix.sys
23:19:47.0468 3192 AvgTdiX - ok
23:19:47.0531 3192 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
23:19:47.0578 3192 Beep - ok
23:19:47.0640 3192 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
23:19:47.0656 3192 cbidf2k - ok
23:19:47.0765 3192 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
23:19:47.0765 3192 CCDECODE - ok
23:19:47.0937 3192 cd20xrnt - ok
23:19:47.0984 3192 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
23:19:48.0000 3192 Cdaudio - ok
23:19:48.0062 3192 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
23:19:48.0062 3192 Cdfs - ok
23:19:48.0140 3192 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
23:19:48.0140 3192 Cdrom - ok
23:19:48.0203 3192 Changer - ok
23:19:48.0250 3192 CmdIde - ok
23:19:48.0296 3192 Cpqarray - ok
23:19:48.0328 3192 dac2w2k - ok
23:19:48.0515 3192 dac960nt - ok
23:19:48.0593 3192 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
23:19:48.0593 3192 Disk - ok
23:19:48.0703 3192 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
23:19:48.0750 3192 dmboot - ok
23:19:48.0828 3192 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
23:19:48.0843 3192 dmio - ok
23:19:48.0921 3192 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
23:19:48.0921 3192 dmload - ok
23:19:49.0000 3192 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
23:19:49.0015 3192 DMusic - ok
23:19:49.0093 3192 dpti2o - ok
23:19:49.0140 3192 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
23:19:49.0140 3192 drmkaud - ok
23:19:49.0265 3192 DumaNT (5b40d257176b7c1ed4367532c737e8a7) C:\WINDOWS\system32\DRIVERS\dumant.sys
23:19:49.0281 3192 DumaNT - ok
23:19:49.0359 3192 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
23:19:49.0390 3192 Fastfat - ok
23:19:49.0453 3192 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
23:19:49.0468 3192 Fdc - ok
23:19:49.0562 3192 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
23:19:49.0625 3192 Fips - ok
23:19:49.0734 3192 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
23:19:49.0734 3192 Flpydisk - ok
23:19:49.0812 3192 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
23:19:49.0812 3192 FltMgr - ok
23:19:49.0890 3192 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
23:19:49.0906 3192 Fs_Rec - ok
23:19:49.0953 3192 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
23:19:49.0953 3192 Ftdisk - ok
23:19:50.0015 3192 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys
23:19:50.0015 3192 gameenum - ok
23:19:50.0093 3192 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
23:19:50.0109 3192 GEARAspiWDM - ok
23:19:50.0109 3192 GMSIPCI - ok
23:19:50.0187 3192 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
23:19:50.0187 3192 Gpc - ok
23:19:50.0281 3192 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
23:19:50.0312 3192 HidUsb - ok
23:19:50.0343 3192 hpn - ok
23:19:50.0406 3192 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
23:19:50.0421 3192 HTTP - ok
23:19:50.0484 3192 i2omgmt - ok
23:19:50.0515 3192 i2omp - ok
23:19:50.0593 3192 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
23:19:50.0593 3192 i8042prt - ok
23:19:50.0671 3192 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
23:19:50.0687 3192 Imapi - ok
23:19:50.0750 3192 ini910u - ok
23:19:50.0796 3192 IntelIde - ok
23:19:50.0859 3192 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
23:19:50.0859 3192 intelppm - ok
23:19:50.0937 3192 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
23:19:50.0953 3192 Ip6Fw - ok
23:19:51.0000 3192 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
23:19:51.0000 3192 IpFilterDriver - ok
23:19:51.0062 3192 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
23:19:51.0078 3192 IpInIp - ok
23:19:51.0140 3192 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
23:19:51.0156 3192 IpNat - ok
23:19:51.0281 3192 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
23:19:51.0281 3192 IPSec - ok
23:19:51.0343 3192 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
23:19:51.0343 3192 IRENUM - ok
23:19:51.0406 3192 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
23:19:51.0406 3192 isapnp - ok
23:19:51.0484 3192 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
23:19:51.0484 3192 Kbdclass - ok
23:19:51.0562 3192 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
23:19:51.0562 3192 kmixer - ok
23:19:51.0625 3192 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
23:19:51.0625 3192 KSecDD - ok
23:19:51.0671 3192 Lavasoft Kernexplorer - ok
23:19:51.0890 3192 lbrtfdc - ok
23:19:51.0968 3192 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
23:19:51.0984 3192 mnmdd - ok
23:19:52.0140 3192 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
23:19:52.0203 3192 Modem - ok
23:19:52.0265 3192 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
23:19:52.0265 3192 Mouclass - ok
23:19:52.0375 3192 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
23:19:52.0421 3192 mouhid - ok
23:19:52.0468 3192 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
23:19:52.0468 3192 MountMgr - ok
23:19:52.0546 3192 mraid35x - ok
23:19:52.0609 3192 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
23:19:52.0625 3192 MRxDAV - ok
23:19:52.0765 3192 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
23:19:52.0796 3192 MRxSmb - ok
23:19:52.0890 3192 MSDV (1477849772712bac69c144dcf2c9ce81) C:\WINDOWS\system32\DRIVERS\msdv.sys
23:19:52.0890 3192 MSDV - ok
23:19:52.0953 3192 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
23:19:52.0953 3192 Msfs - ok
23:19:53.0015 3192 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
23:19:53.0031 3192 MSKSSRV - ok
23:19:53.0093 3192 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
23:19:53.0093 3192 MSPCLOCK - ok
23:19:53.0171 3192 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
23:19:53.0171 3192 MSPQM - ok
23:19:53.0234 3192 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
23:19:53.0234 3192 mssmbios - ok
23:19:53.0296 3192 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
23:19:53.0296 3192 MSTEE - ok
23:19:53.0421 3192 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
23:19:53.0421 3192 Mup - ok
23:19:53.0484 3192 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
23:19:53.0500 3192 NABTSFEC - ok
23:19:53.0578 3192 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
23:19:53.0593 3192 NDIS - ok
23:19:53.0656 3192 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
23:19:53.0656 3192 NdisIP - ok
23:19:53.0734 3192 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
23:19:53.0734 3192 NdisTapi - ok
23:19:53.0796 3192 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
23:19:53.0796 3192 Ndisuio - ok
23:19:53.0875 3192 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
23:19:53.0875 3192 NdisWan - ok
23:19:53.0937 3192 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
23:19:53.0968 3192 NDProxy - ok
23:19:54.0031 3192 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
23:19:54.0031 3192 NetBIOS - ok
23:19:54.0078 3192 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
23:19:54.0093 3192 NetBT - ok
23:19:54.0171 3192 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
23:19:54.0187 3192 NIC1394 - ok
23:19:54.0265 3192 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
23:19:54.0265 3192 Npfs - ok
23:19:54.0343 3192 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
23:19:54.0375 3192 Ntfs - ok
23:19:54.0468 3192 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
23:19:54.0484 3192 Null - ok
23:19:54.0609 3192 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
23:19:54.0656 3192 nv - ok
23:19:54.0734 3192 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
23:19:54.0734 3192 NwlnkFlt - ok
23:19:54.0828 3192 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
23:19:54.0828 3192 NwlnkFwd - ok
23:19:54.0906 3192 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
23:19:54.0906 3192 ohci1394 - ok
23:19:54.0984 3192 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
23:19:54.0984 3192 Parport - ok
23:19:55.0046 3192 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
23:19:55.0046 3192 PartMgr - ok
23:19:55.0109 3192 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
23:19:55.0125 3192 ParVdm - ok
23:19:55.0203 3192 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
23:19:55.0203 3192 PCI - ok
23:19:55.0265 3192 PCIDump - ok
23:19:55.0343 3192 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
23:19:55.0343 3192 PCIIde - ok
23:19:55.0468 3192 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
23:19:55.0500 3192 Pcmcia - ok
23:19:55.0531 3192 PDCOMP - ok
23:19:55.0578 3192 PDFRAME - ok
23:19:55.0609 3192 PDRELI - ok
23:19:55.0625 3192 PDRFRAME - ok
23:19:55.0656 3192 perc2 - ok
23:19:55.0687 3192 perc2hib - ok
23:19:55.0765 3192 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
23:19:55.0765 3192 PptpMiniport - ok
23:19:55.0843 3192 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
23:19:55.0843 3192 PSched - ok
23:19:55.0906 3192 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
23:19:55.0906 3192 Ptilink - ok
23:19:55.0953 3192 ql1080 - ok
23:19:55.0984 3192 Ql10wnt - ok
23:19:56.0015 3192 ql12160 - ok
23:19:56.0046 3192 ql1240 - ok
23:19:56.0093 3192 ql1280 - ok
23:19:56.0125 3192 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
23:19:56.0125 3192 RasAcd - ok
23:19:56.0203 3192 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
23:19:56.0203 3192 Rasl2tp - ok
23:19:56.0281 3192 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
23:19:56.0281 3192 RasPppoe - ok
23:19:56.0343 3192 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
23:19:56.0359 3192 Raspti - ok
23:19:56.0453 3192 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
23:19:56.0453 3192 Rdbss - ok
23:19:56.0531 3192 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
23:19:56.0531 3192 RDPCDD - ok
23:19:56.0609 3192 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
23:19:56.0609 3192 rdpdr - ok
23:19:56.0703 3192 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
23:19:56.0734 3192 RDPWD - ok
23:19:56.0828 3192 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
23:19:56.0828 3192 redbook - ok
23:19:56.0953 3192 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
23:19:56.0953 3192 Secdrv - ok
23:19:57.0046 3192 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
23:19:57.0046 3192 serenum - ok
23:19:57.0125 3192 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
23:19:57.0125 3192 Serial - ok
23:19:57.0218 3192 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
23:19:57.0250 3192 Sfloppy - ok
23:19:57.0296 3192 Simbad - ok
23:19:57.0359 3192 SISNIC (3fbb6ef8b5a71a2fa11f5f461bb73219) C:\WINDOWS\system32\DRIVERS\sisnic.sys
23:19:57.0359 3192 SISNIC - ok
23:19:57.0453 3192 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
23:19:57.0453 3192 SLIP - ok
23:19:57.0531 3192 smwdm (3c8c1c6485a4a7e79a24ec688f1c4646) C:\WINDOWS\system32\drivers\smwdm.sys
23:19:57.0546 3192 smwdm - ok
23:19:57.0609 3192 Sparrow - ok
23:19:57.0656 3192 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
23:19:57.0656 3192 splitter - ok
23:19:57.0734 3192 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
23:19:57.0734 3192 sr - ok
23:19:57.0828 3192 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
23:19:57.0843 3192 Srv - ok
23:19:57.0937 3192 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
23:19:57.0937 3192 streamip - ok
23:19:58.0015 3192 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
23:19:58.0015 3192 swenum - ok
23:19:58.0078 3192 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
23:19:58.0078 3192 swmidi - ok
23:19:58.0109 3192 symc810 - ok
23:19:58.0156 3192 symc8xx - ok
23:19:58.0187 3192 sym_hi - ok
23:19:58.0218 3192 sym_u3 - ok
23:19:58.0296 3192 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
23:19:58.0296 3192 sysaudio - ok
23:19:58.0375 3192 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
23:19:58.0390 3192 Tcpip - ok
23:19:58.0484 3192 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
23:19:58.0515 3192 TDPIPE - ok
23:19:58.0593 3192 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
23:19:58.0609 3192 TDTCP - ok
23:19:58.0703 3192 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
23:19:58.0718 3192 TermDD - ok
23:19:58.0781 3192 TosIde - ok
23:19:58.0828 3192 uagp35 (d85938f272d1bcf3db3a31fc0a048928) C:\WINDOWS\system32\DRIVERS\uagp35.sys
23:19:58.0828 3192 uagp35 - ok
23:19:58.0890 3192 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
23:19:58.0921 3192 Udfs - ok
23:19:58.0968 3192 ultra - ok
23:19:59.0046 3192 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
23:19:59.0062 3192 Update - ok
23:19:59.0156 3192 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
23:19:59.0156 3192 usbehci - ok
23:19:59.0218 3192 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
23:19:59.0218 3192 usbhub - ok
23:19:59.0296 3192 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
23:19:59.0296 3192 usbohci - ok
23:19:59.0375 3192 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
23:19:59.0375 3192 USBSTOR - ok
23:19:59.0484 3192 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
23:19:59.0484 3192 VgaSave - ok
23:19:59.0531 3192 ViaIde - ok
23:19:59.0593 3192 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
23:19:59.0593 3192 VolSnap - ok
23:19:59.0687 3192 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
23:19:59.0687 3192 Wanarp - ok
23:19:59.0718 3192 WDICA - ok
23:19:59.0781 3192 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
23:19:59.0781 3192 wdmaud - ok
23:19:59.0906 3192 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
23:19:59.0921 3192 WSTCODEC - ok
23:19:59.0968 3192 MBR (0x1B8) (9c603bc3977968c891de319283e1e7af) \Device\Harddisk0\DR0
23:20:00.0000 3192 \Device\Harddisk0\DR0 ( Trojan-Clicker.Win32.Wistler.c ) - infected
23:20:00.0000 3192 \Device\Harddisk0\DR0 - detected Trojan-Clicker.Win32.Wistler.c (0)
23:20:00.0000 3192 MBR (0x1B8) (9c603bc3977968c891de319283e1e7af) \Device\Harddisk1\DR1
23:20:00.0171 3192 \Device\Harddisk1\DR1 - ok
23:20:00.0187 3192 Boot (0x1200) (5df00998a781c5ecf4d61e8307638695) \Device\Harddisk0\DR0\Partition0
23:20:00.0187 3192 \Device\Harddisk0\DR0\Partition0 - ok
23:20:00.0203 3192 Boot (0x1200) (3b1b430bc43fdae59b6a2c635aae64af) \Device\Harddisk0\DR0\Partition1
23:20:00.0203 3192 \Device\Harddisk0\DR0\Partition1 - ok
23:20:00.0203 3192 ============================================================
23:20:00.0203 3192 Scan finished
23:20:00.0203 3192 ============================================================
23:20:00.0234 1932 Detected object count: 2
23:20:00.0234 1932 Actual detected object count: 2
23:20:54.0234 1932 atapi ( LockedFile.Multi.Generic ) - skipped by user
23:20:54.0234 1932 atapi ( LockedFile.Multi.Generic ) - User select action: Skip
23:20:54.0265 1932 \Device\Harddisk0\DR0 ( Trojan-Clicker.Win32.Wistler.c ) - will be cured on reboot
23:20:54.0296 1932 \Device\Harddisk0\DR0 - ok
23:20:54.0296 1932 \Device\Harddisk0\DR0 ( Trojan-Clicker.Win32.Wistler.c ) - User select action: Cure
23:21:03.0843 2848 Deinitialize success

#4 Příspěvek od **vyosek** » 09 říj 2011 06:19

Dobre ranko

Havet tam byla a pekna mrcha, ale urcite bude i dalsi - kouknem na ni

Trvate na antiviru AVG - u nas neni moc obliben - vysoka zatez systemu, slabsi detekce. Spise bych se priklanel k jeho vymene za Avast, Aviru ci MSE

Pri stahovani ComboFixu (navod a postup nize), jej ulozte jako Beruska.com

PROSIM CTETE DUKLADNE NAVOD - TATO UTILITA MA VELKOU SCHOPNOST MAZAT A JE NUTNE JI APLIKOVAT JEN NA DOPORUCENI, JINAK VAM MUZE JIT SYSTEM DO KYTEK

Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.
Pokud mate Win XP spustte pod uctem Spravce\Administratora
Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte
Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix

lesieone · #5 Příspěvek od **lesieone** » 09 říj 2011 15:38

Havet tam byla a pekna mrcha, ale urcite bude i dalsi - kouknem na ni

dakujem !!!

Trvate na antiviru AVG - u nas neni moc obliben - vysoka zatez systemu, slabsi detekce. Spise bych se priklanel k jeho vymene za Avast, Aviru ci MSE

netrvam

Avast mi pride ako dobra alternativa, nahodim si ho teda potom po vylieceni pc

LOG z COMBOFIXU prikladam a este raz dakujem

------------------

ComboFix 11-10-09.01 - etien 09.10.2011 16:05:40.1.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.421.1033.18.2048.1403 [GMT 2:00]
Running from: c:\documents and settings\etien\Desktop\Beruska.com
AV: AVG Anti-Virus Free *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\etien\Application Data\AdVantage
c:\windows\system32\ezGOSvc.dll
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_EZGOSVC
-------\Service_ezGOSvc
.
.
((((((((((((((((((((((((( Files Created from 2011-09-09 to 2011-10-09 )))))))))))))))))))))))))))))))
.
.
2011-10-08 13:53 . 2011-10-08 14:27 -------- d-----w- c:\program files\trend micro
2011-10-08 13:53 . 2011-10-08 13:54 -------- d-----w- C:\rsit
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-08 18:52 . 2008-04-14 03:42 26112 ----a-w- c:\windows\system32\userinit.exe
2011-07-30 23:57 . 2011-03-12 00:01 403616 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-18 18:23 . 2011-07-18 18:23 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-07-15 13:29 . 2008-04-13 22:47 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2008-04-13 22:10 . !HASH: COULD NOT OPEN FILE !!!!! . 96512 . . [------] . . c:\windows\system32\drivers\atapi.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2011-05-30 09:33 2495816 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2011-05-30 2495816]
.
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2011-05-30 2495816]
.
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-11-07 21633320]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-05-16 153136]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2010-07-09 2048352]
"Smapp"="c:\program files\Analog Devices\SoundMAX\SMTray.exe" [2002-10-11 98304]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil10e.exe" [2010-01-27 256280]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-18 08:29 11952 ----a-w- c:\windows\system32\avgrsstx.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-03-30 04:59 937920 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-09-07 22:58 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Documents and Settings\\etien\\Desktop\\sdc222\\StrongDC.exe"=
"c:\\Program Files\\Sony\\Vegas Pro 8.0\\VegSrv80.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\totalcmd\\TOTALCMD.EXE"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R0 a347bus;a347bus;c:\windows\system32\drivers\a347bus.sys [6.8.2009 23:14 160640]
R0 a347scsi;a347scsi;c:\windows\system32\drivers\a347scsi.sys [6.8.2009 23:14 5248]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [20.7.2009 23:39 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [20.7.2009 23:39 108552]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [20.7.2009 23:38 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [20.7.2009 23:38 297752]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [26.9.2010 21:26 136176]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG8\Toolbar\ToolbarBroker.exe [26.10.2010 19:22 1025352]
S3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [26.9.2010 21:26 136176]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys --> c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [?]
.
Contents of the 'Scheduled Tasks' folder
.
2011-10-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-26 19:26]
.
2011-10-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-26 19:26]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.sk/
uInternet Settings,ProxyOverride = *.local
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.1.1
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-10-09 16:23
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(2276)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Super_DVD_Creator_9.8\NMSAccessU.exe
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\windows\system32\wdfmgr.exe
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe
c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
.
**************************************************************************
.
Completion time: 2011-10-09 16:31:52 - machine was rebooted
ComboFix-quarantined-files.txt 2011-10-09 14:31
.
Pre-Run: 11 937 329 152 bytes free
Post-Run: 11 942 141 952 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - A014ED8EE2F8ADF74141A28715F80BFF

#6 Příspěvek od **vyosek** » 09 říj 2011 19:25

Pokud nemate, tak presunte Combofix na plochu

Spustte poznamkovy blok (Start-spustit-notepad)
Zkopirujte skript nize

Kód: Vybrat vše

KillAll::

File::
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

Driver::
gupdate
gupdatem
NBService
JavaQuickStarterService

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"=-
"iTunesHelper"=-
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"=-
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=-

Mia::
c:\windows\system32\drivers\atapi.sys

Restore::
c:\windows\system32\drivers\atapi.sys

Reboot::

Ulozte vytvoreny TXT jako CFScript.txt
Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte

Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci

lesieone · #7 Příspěvek od **lesieone** » 12 říj 2011 19:22

Ospravedlnujem sa, za "meskanie". Bola som mimo, idem hned aplikovat postup na nakazeny pc a ozvem sa za par minut s logom

#8 Příspěvek od **vyosek** » 12 říj 2011 19:29

Nic se nedeje, pockam na log

lesieone · #9 Příspěvek od **lesieone** » 12 říj 2011 20:02

No, a je dokonano

Log:

ComboFix 11-10-09.01 - etien 12.10.2011 20:32:30.2.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.421.1033.18.2048.1373 [GMT 2:00]
Running from: c:\documents and settings\etien\Desktop\Beruska.com
Command switches used :: c:\docume~1\etien\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
* Created a new restore point
.
FILE ::
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\drivers\atapi.sys . . . is infected!!
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_GUPDATE
-------\Legacy_JAVAQUICKSTARTERSERVICE
-------\Service_gupdate
-------\Service_gupdatem
-------\Service_JavaQuickStarterService
-------\Service_NBService
.
.
((((((((((((((((((((((((( Files Created from 2011-09-12 to 2011-10-12 )))))))))))))))))))))))))))))))
.
.
2011-10-08 13:53 . 2011-10-08 14:27 -------- d-----w- c:\program files\trend micro
2011-10-08 13:53 . 2011-10-08 13:54 -------- d-----w- C:\rsit
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-08 18:52 . 2008-04-14 03:42 26112 ----a-w- c:\windows\system32\userinit.exe
2011-07-30 23:57 . 2011-03-12 00:01 403616 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-18 18:23 . 2011-07-18 18:23 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-07-15 13:29 . 2008-04-13 22:47 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2008-04-13 22:10 . !HASH: COULD NOT OPEN FILE !!!!! . 96512 . . [------] . . c:\windows\system32\drivers\atapi.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2011-05-30 09:33 2495816 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2011-05-30 2495816]
.
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2011-05-30 2495816]
.
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2010-07-09 2048352]
"Smapp"="c:\program files\Analog Devices\SoundMAX\SMTray.exe" [2002-10-11 98304]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-18 08:29 11952 ----a-w- c:\windows\system32\avgrsstx.dll
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Documents and Settings\\etien\\Desktop\\sdc222\\StrongDC.exe"=
"c:\\Program Files\\Sony\\Vegas Pro 8.0\\VegSrv80.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\totalcmd\\TOTALCMD.EXE"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R0 a347bus;a347bus;c:\windows\system32\drivers\a347bus.sys [6.8.2009 23:14 160640]
R0 a347scsi;a347scsi;c:\windows\system32\drivers\a347scsi.sys [6.8.2009 23:14 5248]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [20.7.2009 23:39 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [20.7.2009 23:39 108552]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [20.7.2009 23:38 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [20.7.2009 23:38 297752]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG8\Toolbar\ToolbarBroker.exe [26.10.2010 19:22 1025352]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys --> c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [?]
.
Contents of the 'Scheduled Tasks' folder
.
2011-10-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-26 19:26]
.
2011-10-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-26 19:26]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.sk/
uInternet Settings,ProxyOverride = *.local
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.1.1
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-10-12 20:46
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(1176)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Super_DVD_Creator_9.8\NMSAccessU.exe
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\windows\system32\wdfmgr.exe
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
.
**************************************************************************
.
Completion time: 2011-10-12 20:54:24 - machine was rebooted
ComboFix-quarantined-files.txt 2011-10-12 18:54
ComboFix2.txt 2011-10-09 14:31
.
Pre-Run: 10 924 830 720 bytes free
Post-Run: 11 adresárov, 10 918 387 712 voľných bajtov
.
- - End Of File - - E36342BCE32D1332F3BCA4486187C252

#10 Příspěvek od **vyosek** » 12 říj 2011 20:22

Nasledujici soubory otestujte na VirusTotalu (viz muj podpis)

c:\windows\system32\drivers\atapi.sys
Kliknete na Prochazet
Soubor nehledejte, jen vlozte cestu souboru, ktery chci otestovat
Kliknete na Send File
Pokud na Vas vyskoci obrazovka jako je nize, tak kliknete na ReAnalyse
Vysledek analyzy sem vlozte (jako odkaz)

Stahnete SytemLook (viz muj podpis) a ulozte jej na plochu

Do okna vlozte skript nize
Kód: Vybrat vše
```
:filefind
atapi.sys
```
Kliknete na Look
Tlacitko Look se zmeni na Scanning a zsedne
Pockejte pokud se tlacitko Scanning opet nezmeni na Look - tak poznate ze SystemLook dokoncil svou praci
Vyskoci na Vas log s nazvem SystemLook (pripadne bude ulozen na plose), jeho obsah mi sem vlozte

Stahnete SPTD http://www.duplexsecure.com/en/downloads

Vyberte z uvedene stranky verzi dle sveho operacniho systemu (32(x86)bit ci 64(x64)bit)
Ulozte na plochu a spustte
Zvolte moznost Uninstall a restartujte PC - pokud nepujde kliknout (tlacitko bude sede), krok preskocte

Stahnete Defogger http://www.jpshortstuff.247fixes.com/Defogger.exe

Ulozte na plochu a spustte
Kliknete na Disable a restartujte PC - pokud nepujde kliknout (tlacitko bude sede), krok preskocte

Stahnete MBR na plochu http://www2.gmer.net/mbr/mbr.exe ale nespoustejte

Kliknete na Start a pote Spustit, pripadne pouzijte klavesou zkratku Win+R

Vyskoci na Vas okenko, do ktereho zkopirujte text nize
Kód: Vybrat vše
```
"%userprofile%\plocha\mbr" -t -s
```
Kliknete na OK
Na plose se Vam vytvori log s nazvem mbr.txt, jeho obsah mi sem vlozte

Dejte logy z Gmeru - viz muj podpis

lesieone · #11 Příspěvek od **lesieone** » 12 říj 2011 20:47

dakujem, idem na to

#12 Příspěvek od **vyosek** » 12 říj 2011 20:49

Prozatim neni zac - postupne sem logy sypejte

lesieone · #13 Příspěvek od **lesieone** » 12 říj 2011 21:07

Zatial druhy "bod programu":

SystemLook 30.07.11 by jpshortstuff
Log created at 22:00 on 12/10/2011 by etien
Administrator - Elevation successful

========== filefind ==========

Searching for "atapi.sys"
C:\WINDOWS\system32\drivers\atapi.sys --a---- 96512 bytes [22:10 13/04/2008] [22:10 13/04/2008] (Unable to calculate MD5)

-= EOF =-

VirusTotal mi nereaguje /posiela to .. posiela .... ale potom to padne/, skusam opakovane....
a hned vlozim vysledok, ked sa mi to podari...

#14 Příspěvek od **vyosek** » 12 říj 2011 21:09

Kdyztak mi ten atapi uploadnete sem ke mne http://vyosek.ic.cz/havet/uploader.php

lesieone · #15 Příspěvek od **lesieone** » 12 říj 2011 21:15

Kdyztak mi ten atapi uploadnete sem ke mne http://vyosek.ic.cz/havet/uploader.php

divnô divnô.... "subor nelze najit" ale pritom ho tam vidim.....dam ho vlozit a ked kliknem na "uploadni"
tak "subor nelze najit" ......... hm

...idem zatial na tie dalsie kroky....

VIRY.CZ

Bios ChipAwayVirus - nakaza

Bios ChipAwayVirus - nakaza

Re: Bios ChipAwayVirus - nakaza

Re: Bios ChipAwayVirus - nakaza

Re: Bios ChipAwayVirus - nakaza

Re: Bios ChipAwayVirus - nakaza

Re: Bios ChipAwayVirus - nakaza

Re: Bios ChipAwayVirus - nakaza

Re: Bios ChipAwayVirus - nakaza

Re: Bios ChipAwayVirus - nakaza

Re: Bios ChipAwayVirus - nakaza

Re: Bios ChipAwayVirus - nakaza

Re: Bios ChipAwayVirus - nakaza

Re: Bios ChipAwayVirus - nakaza

Re: Bios ChipAwayVirus - nakaza

Re: Bios ChipAwayVirus - nakaza