Facebook virus (notebook)

[brseker]

Zdravím.
Bratrovi se dostal do notebooku Facebook virus (klasicky "neni flash player"), ovšem "bonusovým" problémem oproti ostatním je, že nefunguje interní klávesnice ani touchpad a momentálně ani síť. Funguje externí klávesnice i myš, ovšem interní kláv. a touchpad třeba v live Linuxu jdou. Pokusil jsem se to projet Avira antivirus z Hirens boot CD, ale nepomohlo.
Přikládám log z RSIT:

Logfile of random's system information tool 1.09 (written by random/random)
Run by iva at 2011-11-02 15:41:51
Systém Microsoft Windows XP Professional Service Pack 2
System drive C: has 8 GB (6%) free of 147 GB
Total RAM: 1014 MB (68% free)

HijackThis download failed

======Scheduled tasks folder======

C:\WINDOWS\tasks\ASC4_PerformanceMonitor.job
C:\WINDOWS\tasks\Game_Booster_Startup.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-776561741-1604221776-682003330-1003Core.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-776561741-1604221776-682003330-1003UA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0BDA0769-FD72-49F4-9266-E1FB004F4D8F}]
IObit Toolbar - C:\Program Files\IObit Toolbar\IE\4.7\iobitToolbarIE.dll [2011-09-27 1050464]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
Conduit Engine - C:\Program Files\ConduitEngine\prxConduitEngine.dll [2011-03-28 176936]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}]
BitComet Helper - C:\Program Files\BitComet\tools\BitCometBHO_1.4.8.11.dll [2010-08-11 735024]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{51a86bb3-6602-4c85-92a5-130ee4864f13}]
BrotherSoft Extreme Toolbar - C:\Program Files\BrotherSoft_Extreme\prxtbBrot.dll [2011-03-28 176936]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
DVDVideoSoftTB Toolbar

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{32099AAC-C132-4136-9E9A-4E364A424E17} - DAEMON Tools Toolbar - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll [2010-03-25 968000]
{872b5b88-9db5-4310-bdd0-ac189557e5f5} -
{0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - IObit Toolbar - C:\Program Files\IObit Toolbar\IE\4.7\iobitToolbarIE.dll [2011-09-27 1050464]
{51a86bb3-6602-4c85-92a5-130ee4864f13} - BrotherSoft Extreme Toolbar - C:\Program Files\BrotherSoft_Extreme\prxtbBrot.dll [2011-03-28 176936]
{30F9B915-B755-4826-820B-08FBA6BD249D} - Conduit Engine - C:\Program Files\ConduitEngine\prxConduitEngine.dll [2011-03-28 176936]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Broadcom Wireless Manager UI"=C:\WINDOWS\system32\WLTRAY.exe [2007-10-09 2183168]
"igfxtray"=C:\WINDOWS\system32\igfxtray.exe [2005-12-13 98304]
"igfxhkcmd"=C:\WINDOWS\system32\hkcmd.exe [2005-12-13 77824]
"igfxpers"=C:\WINDOWS\system32\igfxpers.exe [2005-12-13 118784]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2006-03-08 761947]
"SigmatelSysTrayApp"=C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe [2007-05-10 405504]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-05-14 248552]
"Microsoft Startup Manager"=C:\WINDOWS\system32\sysservice.exe [2004-08-18 24576]
"Regedit32"=C:\WINDOWS\system32\regedit.exe [2004-08-18 24576]
"OODefragTray"=C:\Program Files\OO Software\Defrag\oodtray.exe [2010-11-25 2781000]
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []
"LogMeIn Hamachi Ui"=C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe [2011-08-04 1955208]
"SearchSettings"=C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe [2011-09-27 894304]
"wxpdrv"=C:\WINDOWS\services32.exe [2011-10-31 1204736]
"tray_ico"= []
"tray_ico0"=C:\WINDOWS\update.tray-2-0\svchost.exe [2011-10-31 1208832]
"tray_ico1"= []
"tray_ico2"= []
"tray_ico3"= []
"tray_ico4"= []
"5353085.exe"=C:\WINDOWS\TEMP\5353085.exe []
"sysdriver32.exe"=C:\WINDOWS\sysdriver32.exe [2011-10-31 263680]
"sysdriver32_.exe"=C:\WINDOWS\sysdriver32_.exe [2011-10-31 258048]
"3771349.exe"=C:\WINDOWS\TEMP\3771349.exe []
"2789694.exe"=C:\DOCUME~1\Nigs\LOCALS~1\Temp\2789694.exe [2011-10-31 258048]
"3444809.exe"=C:\WINDOWS\TEMP\3444809.exe []
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe /hide /waitservice []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2004-08-18 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
C:\Program Files\DAEMON Tools Lite\DTLite.exe [2010-04-01 357696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui]
C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe [2011-08-04 1955208]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NexonEULauncher]
C:\Program Files\Skype\Phone\Skype.exe [2010-09-02 13351304]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Program Files\Skype\Phone\Skype.exe [2010-09-02 13351304]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vovy]
C:\WINDOWS\system32\bibouf.exe [2004-08-18 24576]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Bluetooth.lnk]
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTTray.exe [2006-05-24 622653]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^GamersFirst LIVE!.lnk]
C:\PROGRA~1\GAMERS~1\LIVE!\Live.exe /silent []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Nigs^Nabídka Start^Programy^Po spuštění^0zfplgh.exe]
C:\Documents and Settings\Nigs\Nabídka Start\Programy\Po spuštění\0zfplgh.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Nigs^Nabídka Start^Programy^Po spuštění^5ooefk8.exe]
C:\Documents and Settings\Nigs\Nabídka Start\Programy\Po spuštění\5ooefk8.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Nigs^Nabídka Start^Programy^Po spuštění^afvb60dyze.exe]
C:\Documents and Settings\Nigs\Nabídka Start\Programy\Po spuštění\afvb60dyze.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Nigs^Nabídka Start^Programy^Po spuštění^faqg0hxd66u.exe]
C:\Documents and Settings\Nigs\Nabídka Start\Programy\Po spuštění\faqg0hxd66u.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Nigs^Nabídka Start^Programy^Po spuštění^ggwxc86o.exe]
C:\Documents and Settings\Nigs\Nabídka Start\Programy\Po spuštění\ggwxc86o.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Nigs^Nabídka Start^Programy^Po spuštění^h60jpzvq.exe]
C:\Documents and Settings\Nigs\Nabídka Start\Programy\Po spuštění\h60jpzvq.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Nigs^Nabídka Start^Programy^Po spuštění^i7081kvwr.exe]
C:\Documents and Settings\Nigs\Nabídka Start\Programy\Po spuštění\i7081kvwr.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Nigs^Nabídka Start^Programy^Po spuštění^ity81vqrw.exe]
C:\Documents and Settings\Nigs\Nabídka Start\Programy\Po spuštění\ity81vqrw.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Nigs^Nabídka Start^Programy^Po spuštění^lq81nijo.exe]
C:\Documents and Settings\Nigs\Nabídka Start\Programy\Po spuštění\lq81nijo.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Nigs^Nabídka Start^Programy^Po spuštění^pfl66c86.exe]
C:\Documents and Settings\Nigs\Nabídka Start\Programy\Po spuštění\pfl66c86.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Nigs^Nabídka Start^Programy^Po spuštění^sty86k81wh.exe]
C:\Documents and Settings\Nigs\Nabídka Start\Programy\Po spuštění\sty86k81wh.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Nigs^Nabídka Start^Programy^Po spuštění^ty81vqg0.exe]
C:\Documents and Settings\Nigs\Nabídka Start\Programy\Po spuštění\ty81vqg0.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Nigs^Nabídka Start^Programy^Po spuštění^tz60bhrn.exe]
C:\Documents and Settings\Nigs\Nabídka Start\Programy\Po spuštění\tz60bhrn.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Nigs^Nabídka Start^Programy^Po spuštění^u1l703s0.exe]
C:\Documents and Settings\Nigs\Nabídka Start\Programy\Po spuštění\u1l703s0.exe []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2005-12-13 139264]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\bfnsbdkl]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\cbxsrdlp]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\cjccdddc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\gzrjeuze]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\imnpybfn]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\jszaaimi.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\klujaobs]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\nrnricou]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\pnyrzefd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\unarwcht]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wxpdrivers]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\xjifouqi]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\xxsefcmd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ybivcbos]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\bfnsbdkl]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\cbxsrdlp]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\cjccdddc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\gzrjeuze]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Hamachi2Svc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\imnpybfn]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\jszaaimi.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\klujaobs]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nrnricou]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\pnyrzefd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\unarwcht]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\wxpdrivers]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\xjifouqi]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\xxsefcmd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ybivcbos]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableLUA"=0
"EnableSecureUIAPaths"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\[PSY] Garrys Mod 11(1.o.o.5)\hl2.exe"="C:\Program Files\[PSY] Garrys Mod 11(1.o.o.5)\hl2.exe:*:Disabled:hl2"
"C:\Program Files\Garena\Garena.exe"="C:\Program Files\Garena\Garena.exe:*:Enabled:Garena"
"C:\Program Files\Hry\Warcraft III\War3.exe"="C:\Program Files\Hry\Warcraft III\War3.exe:*:Enabled:Warcraft III"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Nexon\NEXON_EU_Downloader\NEXON_EU_Downloader_Engine.exe"="C:\Nexon\NEXON_EU_Downloader\NEXON_EU_Downloader_Engine.exe:*:Enabled:NEXON_EU_Downloader_Engine"
"C:\Documents and Settings\All Users\Data aplikací\NexonEU\NGM\NGM.exe"="C:\Documents and Settings\All Users\Data aplikací\NexonEU\NGM\NGM.exe:*:Enabled:Nexon Game Manager"
"C:\Program Files\BitComet\BitComet.exe"="C:\Program Files\BitComet\BitComet.exe:*:Enabled:BitComet.exe"
"C:\WINDOWS\system32\sysservice.exe"="C:\WINDOWS\system32\sysservice.exe:*:Enabled:dnsclient"
"C:\DOCUME~1\Nigs\LOCALS~1\Temp\7452003.exe"="C:\DOCUME~1\Nigs\LOCALS~1\Temp\7452003.exe:*:Enabled:Microsoft Office"
"C:\Program Files\Pando Networks\Media Booster\PMB.exe"="C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Documents and Settings\Nigs\Dokumenty\Downloads\Flash-Player.exe"="C:\Documents and Settings\Nigs\Dokumenty\Downloads\Flash-Player.exe:*:Enabled:C:\Documents and Settings\Nigs\Dokumenty\Downloads\Flash-Player.exe"
"C:\WINDOWS\update.1\svchost.exe"="C:\WINDOWS\update.1\svchost.exe:*:Enabled:C:\WINDOWS\update.1\svchost.exe"
"C:\WINDOWS\services32.exe"="C:\WINDOWS\services32.exe:*:Enabled:C:\WINDOWS\services32.exe"
"C:\WINDOWS\update.tray-2-0\svchost.exe"="C:\WINDOWS\update.tray-2-0\svchost.exe:*:Enabled:C:\WINDOWS\update.tray-2-0\svchost.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Combat Arms EU\CombatArms.exe"="C:\Program Files\Combat Arms EU\CombatArms.exe:*Enabled:CombatArms.exe"
"C:\Program Files\Combat Arms EU\Engine.exe"="C:\Program Files\Combat Arms EU\Engine.exe:*Enabled:Engine.exe"
"C:\Program Files\Pando Networks\Media Booster\PMB.exe"="C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"msacm.vorbis"=vorbis.acm

======File associations======

.reg - open - "regedit.exe" "%1"

======List of files/folders created in the last 1 month======

2011-11-02 15:41:52 ----D---- C:\Program Files\trend micro
2011-11-02 15:41:51 ----D---- C:\rsit
2011-11-02 15:40:31 ----D---- C:\WINDOWS\av_ico
2011-11-02 15:40:20 ----D---- C:\WINDOWS\tmpb
2011-11-02 15:40:19 ----HD---- C:\WINDOWS\update.1
2011-11-02 15:40:16 ----D---- C:\WINDOWS\update.2
2011-11-02 15:40:15 ----D---- C:\WINDOWS\update.5.0
2011-11-02 15:40:04 ----HD---- C:\WINDOWS\update.tray-2-0
2011-11-02 15:40:03 ----HD---- C:\WINDOWS\update.tray-2-0-lnk
2011-11-02 15:40:01 ----A---- C:\WINDOWS\winlog-ids.txt
2011-11-02 15:40:01 ----A---- C:\WINDOWS\winlog-dirs.txt
2011-11-02 15:40:01 ----A---- C:\WINDOWS\unrar.exe
2011-11-02 15:40:01 ----A---- C:\WINDOWS\sysdriver32_.exe
2011-11-02 15:40:01 ----A---- C:\WINDOWS\sysdriver32.exe
2011-11-02 15:40:01 ----A---- C:\WINDOWS\services32.exe
2011-11-02 15:40:01 ----A---- C:\WINDOWS\iplist.txt
2011-11-02 15:40:01 ----A---- C:\WINDOWS\iecheck_iplist.txt
2011-11-02 15:40:01 ----A---- C:\WINDOWS\front_ip_list.txt
2011-11-02 15:39:10 ----A---- C:\WINDOWS\system32\drivers\usbccgp.sys
2011-11-02 15:28:44 ----ASH---- C:\hiberfil.sys
2011-11-01 21:43:34 ----D---- C:\Documents and Settings\iva\Data aplikací\GHISLER
2011-11-01 21:23:02 ----AD---- C:\.Trash-999
2011-11-01 19:49:14 ----A---- C:\WINDOWS\ntbtlog.txt
2011-11-01 19:45:36 ----A---- C:\WINDOWS\OEWABLog.txt
2011-10-31 20:13:30 ----A---- C:\WINDOWS\system32\drivers\epfwtdir.sys
2011-10-31 20:13:29 ----A---- C:\WINDOWS\system32\drivers\eamon.sys
2011-10-31 20:13:27 ----A---- C:\WINDOWS\system32\drivers\ehdrv.sys
2011-10-31 20:12:48 ----D---- C:\Program Files\ESET
2011-10-30 10:12:32 ----A---- C:\WINDOWS\SchedLgU.Txt
2011-10-27 17:35:37 ----D---- C:\Program Files\ConduitEngine
2011-10-27 17:35:37 ----A---- C:\WINDOWS\system32\ConduitEngine.tmp
2011-10-27 17:35:30 ----D---- C:\Program Files\BrotherSoft_Extreme
2011-10-03 08:17:54 ----D---- C:\Program Files\Application Updater
2011-10-03 08:17:52 ----D---- C:\Program Files\IObit Toolbar

======List of files/folders modified in the last 1 month======

2011-11-02 15:41:52 ----D---- C:\Program Files
2011-11-02 15:41:26 ----D---- C:\WINDOWS\Prefetch
2011-11-02 15:39:15 ----RSHDC---- C:\WINDOWS\system32\dllcache
2011-11-02 15:39:10 ----D---- C:\WINDOWS\system32\drivers
2011-11-02 15:37:14 ----AD---- C:\WINDOWS\Temp
2011-11-02 15:35:56 ----D---- C:\WINDOWS\system32
2011-11-02 15:35:56 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2011-11-02 15:35:35 ----D---- C:\WINDOWS\system32\CatRoot2
2011-11-02 15:31:59 ----D---- C:\WINDOWS
2011-11-02 15:31:37 ----D---- C:\Program Files\Common Files\Akamai
2011-11-02 14:58:21 ----A---- C:\boot.ini
2011-11-02 14:54:14 ----HD---- C:\WINDOWS\inf
2011-11-02 14:48:18 ----SHD---- C:\WINDOWS\CSC
2011-10-31 20:13:44 ----SHD---- C:\WINDOWS\Installer
2011-10-31 19:44:07 ----D---- C:\Program Files\QipGuard
2011-10-31 19:44:02 ----D---- C:\Program Files\LogMeIn Hamachi
2011-10-31 19:43:59 ----SHD---- C:\System Volume Information
2011-10-31 19:43:59 ----D---- C:\WINDOWS\system32\Restore
2011-10-31 19:40:51 ----RSD---- C:\WINDOWS\assembly
2011-10-31 19:34:29 ----D---- C:\Program Files\QIP 2010
2011-10-30 20:53:01 ----D---- C:\Documents and Settings\All Users\Data aplikací\PMB Files
2011-10-30 11:18:30 ----D---- C:\Program Files\Garena
2011-10-30 10:10:19 ----D---- C:\WINDOWS\Logs
2011-10-30 09:21:35 ----D---- C:\Documents and Settings\All Users\Data aplikací\IObit
2011-10-29 16:19:07 ----SD---- C:\WINDOWS\Tasks
2011-10-27 18:50:53 ----D---- C:\WINDOWS\Minidump
2011-10-26 12:58:17 ----D---- C:\Program Files\Hry
2011-10-21 20:01:46 ----D---- C:\Program Files\Valve
2011-10-09 10:33:21 ----A---- C:\WINDOWS\system32\CmdLineExt03.dll
2011-10-03 08:17:55 ----D---- C:\WINDOWS\WinSxS
2011-10-03 08:17:53 ----D---- C:\Program Files\Common Files\Spigot

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 jszaaimi;jszaaimi; C:\WINDOWS\System32\Drivers\jszaaimi.sys [2010-11-13 40128]
R0 ohci1394;Hostitelský řadič IEEE 1394 dle standardu OHCI; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2004-08-18 61056]
R0 sfdrv01;StarForce Protection Environment Driver (version 1.x); C:\WINDOWS\System32\drivers\sfdrv01.sys [2005-05-17 50176]
R0 sfhlp02;StarForce Protection Helper Driver (version 2.x); C:\WINDOWS\System32\drivers\sfhlp02.sys [2005-05-16 6656]
R0 sfsync02;StarForce Protection Synchronization Driver (version 2.x); C:\WINDOWS\System32\drivers\sfsync02.sys [2005-05-16 19968]
R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2010-07-04 691696]
R1 ehdrv;ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [2010-04-28 114984]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-18 39936]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-18 14848]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2004-08-04 8832]
R2 BTSERIAL;Bluetooth Serial Driver; \??\C:\WINDOWS\system32\drivers\btserial.sys []
R2 eamon;eamon; C:\WINDOWS\system32\DRIVERS\eamon.sys [2010-07-02 140752]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2004-03-17 13059]
R2 rimmptsk;rimmptsk; C:\WINDOWS\system32\DRIVERS\rimmptsk.sys [2006-11-14 32256]
R2 rimsptsk;rimsptsk; C:\WINDOWS\system32\DRIVERS\rimsptsk.sys [2006-11-14 43520]
R2 rismxdp;Ricoh xD-Picture Card Driver; C:\WINDOWS\system32\DRIVERS\rixdptsk.sys [2006-11-14 37376]
R3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys [2006-08-17 44544]
R3 btaudio;Bluetooth Audio Device; C:\WINDOWS\system32\drivers\btaudio.sys [2006-05-24 328237]
R3 BTKRNL;Bluetooth Bus Enumerator; C:\WINDOWS\system32\DRIVERS\btkrnl.sys [2006-05-24 851434]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2004-08-12 137728]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2004-08-18 9600]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2005-07-22 1035008]
R3 HSFHWAZL;HSFHWAZL; C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys [2005-07-22 201600]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2005-12-13 1364574]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-18 12160]
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2004-08-18 67584]
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2007-05-10 1222840]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
R3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-03 20480]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2005-07-22 717952]
S0 cercsr6;cercsr6; C:\WINDOWS\system32\drivers\cercsr6.sys [2004-12-13 39904]
S1 ehhd4c4;ehhd4c4; C:\WINDOWS\System32\drivers\ehhd4c4.sys []
S1 epfwtdir;epfwtdir; C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2010-07-02 95896]
S1 hps9395;hps9395; C:\WINDOWS\System32\drivers\hps9395.sys []
S1 prsbdc2;prsbdc2; C:\WINDOWS\System32\drivers\prsbdc2.sys []
S1 qss5860;qss5860; C:\WINDOWS\System32\drivers\qss5860.sys []
S2 nrnricou;nrnricou; C:\WINDOWS\system32\drivers\nrnricou.sys []
S2 xjifouqi;xjifouqi; C:\WINDOWS\system32\drivers\xjifouqi.sys []
S3 aa07tmgr;aa07tmgr; C:\WINDOWS\system32\drivers\aa07tmgr.sys []
S3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-18 60800]
S3 BCM43XX;Ovladač bezdrátové karty Dell WLAN; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2007-10-09 1123328]
S3 BTDriver;Bluetooth Virtual Communications Driver; C:\WINDOWS\system32\DRIVERS\btport.sys [2006-05-24 30427]
S3 BTWDNDIS;Bluetooth LAN Access Server; C:\WINDOWS\system32\DRIVERS\btwdndis.sys [2006-05-24 148900]
S3 btwmodem;Bluetooth Fax Modem; C:\WINDOWS\system32\DRIVERS\btwmodem.sys [2006-05-24 30285]
S3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2006-05-24 66488]
S3 cpuz132;cpuz132; \??\C:\DOCUME~1\Nigs\LOCALS~1\Temp\cpuz132\cpuz132_x32.sys []
S3 EagleNT;EagleNT; \??\C:\WINDOWS\system32\drivers\EagleNT.sys []
S3 FileMonitor;FileMonitor; \??\C:\Program Files\IObit\IObit Malware Fighter\Drivers\wxp_x86\FileMonitor.sys []
S3 GarenaPEngine;GarenaPEngine; \??\C:\DOCUME~1\Nigs\LOCALS~1\Temp\WUC8A.tmp []
S3 GGSAFERDriver;GGSAFER Driver; \??\C:\Program Files\Garena\safedrv.sys []
S3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2010-02-03 26176]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-18 61824]
S3 NPF;WinPcap Packet Driver (NPF); C:\WINDOWS\system32\drivers\NPF.sys [2010-11-21 50704]
S3 Passthru;Service; C:\WINDOWS\system32\DRIVERS\ndisvvan.sys [2010-11-13 57856]
S3 RegFilter;RegFilter; \??\C:\Program Files\IObit\IObit Malware Fighter\drivers\wxp_x86\regfilter.sys []
S3 sffdisk;Ovladač třídy úložiště SFF; C:\WINDOWS\system32\DRIVERS\sffdisk.sys [2004-08-18 11136]
S3 sffp_sd;Ovladač protokolu úložiště SFF pro paměť sběrnici SDBus; C:\WINDOWS\system32\DRIVERS\sffp_sd.sys [2004-08-18 10240]
S3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2006-03-08 191872]
S3 UrlFilter;UrlFilter; \??\C:\Program Files\IObit\IObit Malware Fighter\drivers\wxp_x86\UrlFilter.sys []
S3 XDva375;XDva375; \??\C:\WINDOWS\system32\XDva375.sys []
S3 XDva380;XDva380; \??\C:\WINDOWS\system32\XDva380.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdvancedSystemCareService;Advanced SystemCare Service; C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe [2011-08-09 328536]
R2 Akamai;Akamai NetSession Interface; C:\WINDOWS\System32\svchost.exe [2004-08-18 14336]
R2 Application Updater;Application Updater; C:\Program Files\Application Updater\ApplicationUpdater.exe [2011-09-27 745880]
R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe [2006-05-24 270336]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-10-10 153376]
R2 QipGuard;QipGuard; C:\Program Files\QipGuard\QipGuard.exe [2011-07-18 190464]
R2 STacSV;SigmaTel Audio Service; C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\StacSV.exe [2007-05-10 94208]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
R2 wxpdrivers;wxpdrivers; C:\WINDOWS\update.1\svchost.exe [2011-10-31 1208832]
S2 ekrn;ESET Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe []
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine; C:\Program Files\LogMeIn Hamachi\hamachi-2.exe [2011-08-04 1361288]
S2 IMFservice;IMF Service; C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe [2011-07-14 820568]
S2 OODefragAgent;O&O Defrag Agent; C:\Program Files\OO Software\Defrag\oodag.exe [2010-11-25 2404168]
S2 oopo6taiiatk2ae;Asset Management Daemon; C:\WINDOWS\system32\vahywoudy.exe [2004-08-18 24576]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe []
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 npggsvc;nProtect GameGuard Service; C:\WINDOWS\system32\GameMon.des [2011-04-24 4066168]
S3 Steam Client Service;Steam Client Service; C:\Program Files\Common Files\Steam\SteamService.exe [2011-08-06 411432]

-----------------EOF-----------------

[chodnik74]

Zdravím

Stáhněte program RogueKiller

• Spuste program
• Stiskněte klávesu 2 a enter
• Objeví se vám log a ten sem vložte
• Stějně tak opakujte s volbou 3 a 4 a vložte logy

[brseker]

Díky, tady jsou logy:

RogueKiller V6.1.6 [11/01/2011] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/fi ... guekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 2) 32 bits version
Started in : Normal mode
User: brseker [Admin rights]
Mode: Remove -- Date : 11/02/2011 16:09:13

Bad processes: 4
[HJ NAME] svchost.exe -- C:\WINDOWS\update.1\svchost.exe -> KILLED [TermProc]
[SVCHOST] svchost.exe -- C:\WINDOWS\update.tray-2-0\svchost.exe -> KILLED [TermProc]
[SVCHOST] svchost.exe -- C:\WINDOWS\update.tray-2-0\svchost.exe -> KILLED [TermProc]
[SERVICE] wxpdrivers -- C:\WINDOWS\update.1\svchost.exe srv -> STOPPED

Registry Entries: 18
[SUSP PATH] HKLM\[...]\Run : wxpdrv (C:\WINDOWS\services32.exe) -> DELETED
[HJ NAME] HKLM\[...]\Run : tray_ico0 (C:\WINDOWS\update.tray-2-0\svchost.exe) -> DELETED
[SUSP PATH] HKLM\[...]\Run : 5353085.exe ("C:\WINDOWS\TEMP\5353085.exe") -> DELETED
[SUSP PATH] HKLM\[...]\Run : sysdriver32.exe ("C:\WINDOWS\sysdriver32.exe" rezerv) -> DELETED
[SUSP PATH] HKLM\[...]\Run : sysdriver32_.exe ("C:\WINDOWS\sysdriver32_.exe" rezerv) -> DELETED
[SUSP PATH] HKLM\[...]\Run : 3771349.exe ("C:\WINDOWS\TEMP\3771349.exe") -> DELETED
[SUSP PATH] HKLM\[...]\Run : 2789694.exe ("C:\DOCUME~1\Nigs\LOCALS~1\Temp\2789694.exe") -> DELETED
[SUSP PATH] HKLM\[...]\Run : 3444809.exe ("C:\WINDOWS\TEMP\3444809.exe") -> DELETED
[BLACKLIST] HKLM\[...]\services : srvbtcclient (C:\WINDOWS\update.5.0\svchost.exe srv) -> DELETED
[BLACKLIST] HKLM\[...]\services : srviecheck (C:\WINDOWS\update.2\svchost.exe srv) -> DELETED
[BLACKLIST] HKLM\[...]\services : srvsysdriver32 (C:\WINDOWS\sysdriver32.exe srv) -> DELETED
[BLACKLIST] HKLM\[...]\services : wxpdrivers (C:\WINDOWS\update.1\svchost.exe srv) -> DELETED
[BLACKLIST] HKLM\[...]\services : wxpdrivers (C:\WINDOWS\update.1\svchost.exe srv) -> DELETED
[HJ] HKLM\[...]\System : EnableLUA (0) -> REPLACED ()
[HJ] HKLM\[...]\Security Center : AntiVirusDisableNotify (1) -> REPLACED ()
[HJ] HKLM\[...]\Security Center : FirewallDisableNotify (1) -> REPLACED ()
[HJ] HKLM\[...]\Security Center : UpdatesDisableNotify (1) -> REPLACED ()
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED ()

Particular Files / Folders:

Driver: [LOADED]

HOSTS File:
127.0.0.1 localhost
127.0.0.1 facebook.com
127.0.0.1 http://www.facebook.com
127.0.0.1 af-za.facebook.com
127.0.0.1 az-az.facebook.com
127.0.0.1 id-id.facebook.com
127.0.0.1 ms-my.facebook.com
127.0.0.1 bs-ba.facebook.com
127.0.0.1 ca-es.facebook.com
127.0.0.1 cs-cz.facebook.com
127.0.0.1 cy-gb.facebook.com
127.0.0.1 da-dk.facebook.com
127.0.0.1 de-de.facebook.com
127.0.0.1 et-ee.facebook.com
127.0.0.1 en-gb.facebook.com
127.0.0.1 es-la.facebook.com
127.0.0.1 eo-eo.facebook.com
127.0.0.1 eu-es.facebook.com
127.0.0.1 tl-ph.facebook.com
127.0.0.1 fo-fo.facebook.com
[...]


Finished : << RKreport[1].txt >>
RKreport[1].txt



RogueKiller V6.1.6 [11/01/2011] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/fi ... guekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 2) 32 bits version
Started in : Normal mode
User: brseker [Admin rights]
Mode: HOSTSFix -- Date : 11/02/2011 16:09:56

Bad processes: 0

Driver: [LOADED]

HOSTS File:
127.0.0.1 localhost
127.0.0.1 facebook.com
127.0.0.1 http://www.facebook.com
127.0.0.1 af-za.facebook.com
127.0.0.1 az-az.facebook.com
127.0.0.1 id-id.facebook.com
127.0.0.1 ms-my.facebook.com
127.0.0.1 bs-ba.facebook.com
127.0.0.1 ca-es.facebook.com
127.0.0.1 cs-cz.facebook.com
127.0.0.1 cy-gb.facebook.com
127.0.0.1 da-dk.facebook.com
127.0.0.1 de-de.facebook.com
127.0.0.1 et-ee.facebook.com
127.0.0.1 en-gb.facebook.com
127.0.0.1 es-la.facebook.com
127.0.0.1 eo-eo.facebook.com
127.0.0.1 eu-es.facebook.com
127.0.0.1 tl-ph.facebook.com
127.0.0.1 fo-fo.facebook.com
[...]


Resetted HOSTS:
127.0.0.1 localhost

Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt



RogueKiller V6.1.6 [11/01/2011] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/fi ... guekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 2) 32 bits version
Started in : Normal mode
User: brseker [Admin rights]
Mode: ProxyFix -- Date : 11/02/2011 16:10:02

Bad processes: 0

Driver: [LOADED]

Registry Entries: 0

Finished : << RKreport[3].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt

[chodnik74]

Program nepoužívejte bez doporučení Rádce a pozorně se řiďte následujících pokynu,protože program netoleruje chyby a může dojít k úplnému poškození systému!!

• Stáhneme si Combofix
• Program uložíme nejlépe na Plochu
• Vypneme všechny rezidentní štíty.Jak antiviru,tak antispywaru a firewallu
• Vypneme všechny běžící aplikace (ICQ,prohlížeč,programy) a necháme pouze Combofix
• Spustíme Combofix.exe s administrátorským oprávněním
  U Windows XP se přihlásíme pod účtem správce
  Ve Windows 7 a Vista klikněte pravým tlačítkem myši na Combofix.exe a dejte ,,Spustit jako správce,,)
• Hned po startu programu na vás vyskočí licenční podmínky,tak potvrdíme tlačítkemANO
• Pokud vám Combofix nabídne instalaci Konzoly pro zotavení,tak souhlaste a nechte nainstalovat(zde je potřeba aktivní připojení na internet)
• Pokračujte dle pokynů programu a během skenování na nic neklikejte,na pc nepracujte(ICQ,jiné aplikace,internet..).Nechte počítač v klidu.
• Celý sken tvá mezi 5-15 min,ale pokud je v PC hodně havěti,tak se čas může lišit.
• Po skončení skenování(případném restartu počítače) se vám zobrazí log z Combofixu,který mi vložte sem(Kdyby se log nezobrazil,tak jej najdete zde: C:\ComboFix.txt
• (Pokud si nevíte rady s kterýmkoliv z výše uvedených kroků,tak se ptejte nebo mrkněte na detailnější návod včetně obrázků http://www.bleepingcomputer.com/combofi ... t-combofix )

[brseker]

Log z ComboFixu:

ComboFix 11-11-02.01 - brseker 02.11.2011 16:30:11.1.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.1014.761 [GMT 1:00]
Spuštěný z: c:\documents and settings\brseker\Plocha\ComboFix.exe
AV: ESET NOD32 Antivirus 5.0 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Vytvořen nový Bod Obnovení
.
VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\6164.exe
c:\documents and settings\LocalService\Local Settings\Data aplikací\68b753f6\X
c:\documents and settings\Nigs\secupdat.dat
c:\program files\Common Files\Java\Java Update\jusched.exe
c:\program files\Common Files\Spigot\Search Settings\SearchSettings.exe
c:\program files\Synaptics\SynTP\SynTPEnh.exe
c:\windows\
c:\windows\$NtUninstallKB50366$\4097381698
c:\windows\av_ico
c:\windows\av_ico\ico_NOD_AV_START.ico
c:\windows\av_ico\ico_NOD_SYSINSP.ico
c:\windows\av_ico\ico_NOD_SYSRESC.ico
c:\windows\av_ico\ico_NOD_TXT.ico
c:\windows\av_ico\ico_NOD_UNINSTALL.ico
c:\windows\front_ip_list.txt
c:\windows\geoiplist
c:\windows\geoiplist.rar
c:\windows\help\tours\htmltour\unlock_playing.htm
c:\windows\iecheck_iplist.txt
c:\windows\info1
c:\windows\iplist.txt
c:\windows\loader2.exe_ok
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\proc_list1.log
c:\windows\services32.exe
c:\windows\sysdriver32.exe
c:\windows\sysdriver32_.exe
c:\windows\system32\
c:\windows\system32\c_45082.nls
c:\windows\system32\coredb
c:\windows\system32\coredb\storage
c:\windows\system32\d.dll
c:\windows\system32\drivers\640.exe
c:\windows\system32\drivers\750.exe
c:\windows\system32\drivers\atmapi.sys
c:\windows\system32\drivers\etc\HSTS~1
c:\windows\system32\drivers\ndisvvan.sys
c:\windows\system32\drivers\npf.sys
c:\windows\system32\eeeee
c:\windows\system32\job.log
c:\windows\system32\mycom.crt
c:\windows\system32\n.dll
c:\windows\system32\o.dll
c:\windows\system32\p.dll
c:\windows\system32\Packet.dll
c:\windows\system32\regedit.exe
c:\windows\system32\secupdat.dat
c:\windows\system32\sysservice.dll
c:\windows\system32\sysservice.exe
c:\windows\system32\WLTRAY.exe
c:\windows\system32\wpcap.dll
c:\windows\update.1
c:\windows\update.1\svchost.exe
c:\windows\update.2
c:\windows\update.2\svchost.exe
c:\windows\update.5.0
c:\windows\update.5.0\svchost.exe
c:\windows\winlog-dirs.txt
c:\windows\winlog-ids.txt
c:\windows\winsetupapi.log
c:\windows\worklog0
c:\windows\wpe pro.INI
c:\windows\$NtUninstallKB50366$ . . . . nemohl být smazán
.
Nakažená kopie c:\windows\system32\drivers\i8042prt.sys byla nalezena a vyléčena.
Obnovena kopie z - The cat found it
c:\windows\system32\ole32.dll . . . je infikován!!
.
Nakažená kopie c:\windows\system32\drivers\redbook.sys byla nalezena a vyléčena.
Obnovena kopie z - c:\system volume information\_restore{E2013DCC-D8F7-4B45-8714-CC4315CE318B}\RP171\A0319735.sys
.
Nakažená kopie c:\program files\IObit\Advanced SystemCare 4\ASCService.exe byla nalezena a vyléčena.
Obnovena kopie z - c:\system volume information\_restore{E2013DCC-D8F7-4B45-8714-CC4315CE318B}\RP169\A0319678.exe
.
Nakažená kopie c:\program files\Application Updater\ApplicationUpdater.exe byla nalezena a vyléčena.
Obnovena kopie z - c:\system volume information\_restore{E2013DCC-D8F7-4B45-8714-CC4315CE318B}\RP169\A0319679.exe
.
Nakažená kopie c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe byla nalezena a vyléčena.
Obnovena kopie z - c:\system volume information\_restore{E2013DCC-D8F7-4B45-8714-CC4315CE318B}\RP169\A0319680.exe
.
Nakažená kopie c:\program files\LogMeIn Hamachi\hamachi-2.exe byla nalezena a vyléčena.
Obnovena kopie z - c:\system volume information\_restore{E2013DCC-D8F7-4B45-8714-CC4315CE318B}\RP169\A0319681.exe
.
Nakažená kopie c:\program files\IObit\IObit Malware Fighter\IMFsrv.exe byla nalezena a vyléčena.
Obnovena kopie z - c:\system volume information\_restore{E2013DCC-D8F7-4B45-8714-CC4315CE318B}\RP169\A0319677.exe
.
Nakažená kopie c:\program files\Java\jre6\bin\jqs.exe byla nalezena a vyléčena.
Obnovena kopie z - c:\system volume information\_restore{E2013DCC-D8F7-4B45-8714-CC4315CE318B}\RP169\A0319682.exe
.
Nakažená kopie c:\program files\OO Software\Defrag\oodag.exe byla nalezena a vyléčena.
Obnovena kopie z - c:\system volume information\_restore{E2013DCC-D8F7-4B45-8714-CC4315CE318B}\RP169\A0319683.exe
.
Nakažená kopie c:\program files\QipGuard\QipGuard.exe byla nalezena a vyléčena.
Obnovena kopie z - c:\system volume information\_restore{E2013DCC-D8F7-4B45-8714-CC4315CE318B}\RP169\A0319694.exe
.
Nakažená kopie c:\program files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\StacSV.exe byla nalezena a vyléčena.
Obnovena kopie z - c:\windows\system32\stacsv.exe
.
Nakažená kopie c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe byla nalezena a vyléčena.
Obnovena kopie z - c:\system volume information\_restore{E2013DCC-D8F7-4B45-8714-CC4315CE318B}\RP169\A0319680.exe
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
-------\Legacy_WXPDRIVERS
-------\Service_NPF
-------\Service_Passthru
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-10-02 do 2011-11-02 )))))))))))))))))))))))))))))))
.
.
2011-11-02 15:25 . 2004-08-18 10:00 52352 -c--a-w- c:\windows\system32\dllcache\i8042prt.sys
2011-11-02 15:25 . 2004-08-18 10:00 52352 ----a-w- c:\windows\system32\drivers\i8042prt.sys
2011-11-02 14:46 . 2011-11-02 14:49 -------- d-----w- c:\documents and settings\brseker\Local Settings\Data aplikací\LogMeIn Hamachi
2011-11-02 14:46 . 2011-11-02 14:46 -------- d-----w- c:\documents and settings\brseker\Data aplikací\Search Settings
2011-11-02 14:42 . 2011-11-02 14:42 -------- d-----w- c:\documents and settings\iva\Local Settings\Data aplikací\GHISLER
2011-11-02 14:41 . 2011-11-02 14:41 -------- d-----w- c:\program files\trend micro
2011-11-02 14:41 . 2011-11-02 14:41 -------- d-----w- C:\rsit
2011-11-02 14:40 . 2011-11-02 14:40 -------- d-----w- c:\windows\tmpb
2011-11-02 14:40 . 2011-11-02 14:40 -------- d--h--w- c:\windows\update.tray-2-0
2011-11-02 14:40 . 2011-11-02 14:40 -------- d--h--w- c:\windows\update.tray-2-0-lnk
2011-11-02 14:40 . 2011-10-31 18:36 246272 ----a-w- c:\windows\unrar.exe
2011-11-02 14:39 . 2004-08-03 22:08 31616 -c--a-w- c:\windows\system32\dllcache\usbccgp.sys
2011-11-02 14:39 . 2004-08-03 22:08 31616 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2011-11-01 20:43 . 2011-11-01 20:43 -------- d-----w- c:\documents and settings\iva\Data aplikací\GHISLER
2011-11-01 20:23 . 2011-11-01 20:23 -------- d---a-w- C:\.Trash-999
2011-10-31 19:15 . 2011-10-31 19:15 48016 --sha-w- c:\windows\system32\c_45082.nl_
2011-10-31 19:13 . 2010-07-02 11:43 95896 ----a-w- c:\windows\system32\drivers\epfwtdir.sys
2011-10-31 19:13 . 2010-07-02 11:43 140752 ----a-w- c:\windows\system32\drivers\eamon.sys
2011-10-31 19:13 . 2010-04-28 07:17 114984 ----a-w- c:\windows\system32\drivers\ehdrv.sys
2011-10-31 19:12 . 2011-10-31 19:12 -------- d-----w- c:\program files\ESET
2011-10-31 18:40 . 2011-11-02 15:36 -------- d-sh--w- c:\documents and settings\LocalService\Local Settings\Data aplikací\68b753f6
2011-10-30 18:59 . 2011-10-31 16:22 -------- d-----w- c:\documents and settings\Nigs\Fast and Furious 5 soundtrack
2011-10-27 16:35 . 2011-10-27 16:35 -------- d-----w- c:\program files\ConduitEngine
2011-10-27 16:35 . 2011-10-27 16:35 0 ----a-w- c:\windows\system32\ConduitEngine.tmp
2011-10-27 16:35 . 2011-10-27 16:35 -------- d-----w- c:\program files\BrotherSoft_Extreme
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-09 09:33 . 2010-08-29 19:25 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[7] 2008-06-20 . 2A5554FC5B1E04E131230E3CE035C3F9 . 360320 . . [5.1.2600.3394] . . c:\windows\system32\dllcache\tcpip.sys
[-] 2008-06-20 . 01D5EAAFF224415A7FF513E4C882BE30 . 360320 . . [5.1.2600.3394] . . c:\windows\system32\drivers\tcpip.sys
[7] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[-] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\44c8256673ca0542cb198384f8131b68\tcpip.sys
[7] 2004-08-18 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB951748$\tcpip.sys
.
[-] 2010-02-16 . C47F40F3450A0CF24D7217675D7B5219 . 1281024 . . [5.1.2600.2180] . . c:\windows\system32\ole32.dll
[-] 2008-04-14 . 21F836AAB269FF644E0E708B794B0DF7 . 1287168 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\44c8256673ca0542cb198384f8131b68\ole32.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-03-28 16:22 176936 ----a-w- c:\program files\ConduitEngine\prxConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{51a86bb3-6602-4c85-92a5-130ee4864f13}]
2011-03-28 16:22 176936 ----a-w- c:\program files\BrotherSoft_Extreme\prxtbBrot.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{51a86bb3-6602-4c85-92a5-130ee4864f13}"= "c:\program files\BrotherSoft_Extreme\prxtbBrot.dll" [2011-03-28 176936]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\prxConduitEngine.dll" [2011-03-28 176936]
.
[HKEY_CLASSES_ROOT\clsid\{51a86bb3-6602-4c85-92a5-130ee4864f13}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-12-13 98304]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-12-13 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-12-13 118784]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 405504]
"OODefragTray"="c:\program files\OO Software\Defrag\oodtray.exe" [2010-11-25 2781000]
"LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2011-08-04 1955208]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-18 15360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableSecureUIAPaths"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\jszaaimi.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Bluetooth.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Bluetooth.lnk
backup=c:\windows\pss\Bluetooth.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^GamersFirst LIVE!.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\GamersFirst LIVE!.lnk
backup=c:\windows\pss\GamersFirst LIVE!.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Nigs^Nabídka Start^Programy^Po spuštění^0zfplgh.exe]
path=c:\documents and settings\Nigs\Nabídka Start\Programy\Po spuštění\0zfplgh.exe
backup=c:\windows\pss\0zfplgh.exeStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Nigs^Nabídka Start^Programy^Po spuštění^5ooefk8.exe]
path=c:\documents and settings\Nigs\Nabídka Start\Programy\Po spuštění\5ooefk8.exe
backup=c:\windows\pss\5ooefk8.exeStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Nigs^Nabídka Start^Programy^Po spuštění^afvb60dyze.exe]
path=c:\documents and settings\Nigs\Nabídka Start\Programy\Po spuštění\afvb60dyze.exe
backup=c:\windows\pss\afvb60dyze.exeStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Nigs^Nabídka Start^Programy^Po spuštění^faqg0hxd66u.exe]
path=c:\documents and settings\Nigs\Nabídka Start\Programy\Po spuštění\faqg0hxd66u.exe
backup=c:\windows\pss\faqg0hxd66u.exeStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Nigs^Nabídka Start^Programy^Po spuštění^ggwxc86o.exe]
path=c:\documents and settings\Nigs\Nabídka Start\Programy\Po spuštění\ggwxc86o.exe
backup=c:\windows\pss\ggwxc86o.exeStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Nigs^Nabídka Start^Programy^Po spuštění^h60jpzvq.exe]
path=c:\documents and settings\Nigs\Nabídka Start\Programy\Po spuštění\h60jpzvq.exe
backup=c:\windows\pss\h60jpzvq.exeStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Nigs^Nabídka Start^Programy^Po spuštění^i7081kvwr.exe]
path=c:\documents and settings\Nigs\Nabídka Start\Programy\Po spuštění\i7081kvwr.exe
backup=c:\windows\pss\i7081kvwr.exeStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Nigs^Nabídka Start^Programy^Po spuštění^ity81vqrw.exe]
path=c:\documents and settings\Nigs\Nabídka Start\Programy\Po spuštění\ity81vqrw.exe
backup=c:\windows\pss\ity81vqrw.exeStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Nigs^Nabídka Start^Programy^Po spuštění^lq81nijo.exe]
path=c:\documents and settings\Nigs\Nabídka Start\Programy\Po spuštění\lq81nijo.exe
backup=c:\windows\pss\lq81nijo.exeStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Nigs^Nabídka Start^Programy^Po spuštění^pfl66c86.exe]
path=c:\documents and settings\Nigs\Nabídka Start\Programy\Po spuštění\pfl66c86.exe
backup=c:\windows\pss\pfl66c86.exeStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Nigs^Nabídka Start^Programy^Po spuštění^sty86k81wh.exe]
path=c:\documents and settings\Nigs\Nabídka Start\Programy\Po spuštění\sty86k81wh.exe
backup=c:\windows\pss\sty86k81wh.exeStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Nigs^Nabídka Start^Programy^Po spuštění^ty81vqg0.exe]
path=c:\documents and settings\Nigs\Nabídka Start\Programy\Po spuštění\ty81vqg0.exe
backup=c:\windows\pss\ty81vqg0.exeStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Nigs^Nabídka Start^Programy^Po spuštění^tz60bhrn.exe]
path=c:\documents and settings\Nigs\Nabídka Start\Programy\Po spuštění\tz60bhrn.exe
backup=c:\windows\pss\tz60bhrn.exeStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Nigs^Nabídka Start^Programy^Po spuštění^u1l703s0.exe]
path=c:\documents and settings\Nigs\Nabídka Start\Programy\Po spuštění\u1l703s0.exe
backup=c:\windows\pss\u1l703s0.exeStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2010-04-01 09:16 357696 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui]
2011-08-04 12:34 1955208 ----a-w- c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NexonEULauncher]
2010-09-02 13:15 13351304 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2010-09-02 13:15 13351304 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vovy]
2004-08-18 10:00 24576 ----a-w- c:\windows\system32\bibouf.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
"DisableThumbnailCache"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\[PSY] Garrys Mod 11(1.o.o.5)\\hl2.exe"=
"c:\\Program Files\\Garena\\Garena.exe"=
"c:\\Program Files\\Hry\\Warcraft III\\War3.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Nexon\\NEXON_EU_Downloader\\NEXON_EU_Downloader_Engine.exe"=
"c:\\Documents and Settings\\All Users\\Data aplikací\\NexonEU\\NGM\\NGM.exe"=
"c:\\Program Files\\BitComet\\BitComet.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Documents and Settings\\Nigs\\Dokumenty\\Downloads\\Flash-Player.exe"=
"c:\\WINDOWS\\update.tray-2-0\\svchost.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"57008:TCP"= 57008:TCP:Pando Media Booster
"57008:UDP"= 57008:UDP:Pando Media Booster
"15327:TCP"= 15327:TCP:BitComet 15327 TCP
"15327:UDP"= 15327:UDP:BitComet 15327 UDP
"58927:TCP"= 58927:TCP:Pando Media Booster
"58927:UDP"= 58927:UDP:Pando Media Booster
.
R0 jszaaimi;jszaaimi;c:\windows\system32\drivers\jszaaimi.sys [13.11.2010 11:28 40128]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [4.7.2010 21:45 691696]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [31.10.2011 20:13 114984]
R2 AdvancedSystemCareService;Advanced SystemCare Service;c:\program files\IObit\Advanced SystemCare 4\ASCService.exe [10.7.2011 16:13 328536]
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [18.8.2004 11:00 14336]
R2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [27.9.2011 19:08 745880]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [4.8.2011 13:34 1361288]
R2 IMFservice;IMF Service;c:\program files\IObit\IObit Malware Fighter\IMFsrv.exe [10.7.2011 16:16 820568]
R2 QipGuard;QipGuard;c:\program files\QipGuard\QipGuard.exe [20.7.2011 9:44 190336]
S1 ehhd4c4;ehhd4c4;c:\windows\system32\drivers\ehhd4c4.sys --> c:\windows\system32\drivers\ehhd4c4.sys [?]
S1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [31.10.2011 20:13 95896]
S1 hps9395;hps9395;c:\windows\system32\drivers\hps9395.sys --> c:\windows\system32\drivers\hps9395.sys [?]
S1 prsbdc2;prsbdc2;c:\windows\system32\drivers\prsbdc2.sys --> c:\windows\system32\drivers\prsbdc2.sys [?]
S1 qss5860;qss5860;c:\windows\system32\drivers\qss5860.sys --> c:\windows\system32\drivers\qss5860.sys [?]
S2 ekrn;ESET Service;"c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe" --> c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [?]
S2 nrnricou;nrnricou; [x]
S2 OODefragAgent;O&O Defrag Agent;c:\program files\OO Software\Defrag\oodag.exe [25.11.2010 8:44 2404168]
S2 oopo6taiiatk2ae;Asset Management Daemon;c:\windows\system32\vahywoudy.exe [27.11.2010 20:07 24576]
S2 SvcWandoor;SvcWandoor; [x]
S2 WandServer3;WandServer3; [x]
S2 xjifouqi;xjifouqi; [x]
S3 FileMonitor;FileMonitor;c:\program files\IObit\IObit Malware Fighter\Drivers\wxp_x86\FileMonitor.sys [19.7.2011 11:44 239600]
S3 GarenaPEngine;GarenaPEngine;\??\c:\docume~1\Nigs\LOCALS~1\Temp\WUC8A.tmp --> c:\docume~1\Nigs\LOCALS~1\Temp\WUC8A.tmp [?]
S3 GGSAFERDriver;GGSAFER Driver;\??\c:\program files\Garena\safedrv.sys --> c:\program files\Garena\safedrv.sys [?]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 RegFilter;RegFilter;c:\program files\IObit\IObit Malware Fighter\Drivers\wxp_x86\RegFilter.sys [19.7.2011 11:44 30368]
S3 UrlFilter;UrlFilter;c:\program files\IObit\IObit Malware Fighter\Drivers\wxp_x86\UrlFilter.sys [19.7.2011 11:44 16080]
S3 XDva375;XDva375;\??\c:\windows\system32\XDva375.sys --> c:\windows\system32\XDva375.sys [?]
S3 XDva380;XDva380;\??\c:\windows\system32\XDva380.sys --> c:\windows\system32\XDva380.sys [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Obsah adresáře 'Naplánované úlohy'
.
2011-11-02 c:\windows\Tasks\ASC4_PerformanceMonitor.job
- c:\program files\IObit\Advanced SystemCare 4\PMonitor.exe [2011-07-10 14:40]
.
2011-11-02 c:\windows\Tasks\Game_Booster_Startup.job
- c:\program files\IObit\Game Booster\gbtray.exe [2011-01-13 13:52]
.
.
------- Doplňkový sken -------
.
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
TCP: DhcpNameServer = 62.84.132.6 62.84.128.6
FF - ProfilePath - c:\documents and settings\brseker\Data aplikací\Mozilla\Firefox\Profiles\ywauk01q.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
BHO-{872b5b88-9db5-4310-bdd0-ac189557e5f5} - (no file)
Toolbar-{872b5b88-9db5-4310-bdd0-ac189557e5f5} - (no file)
HKLM-Run-Broadcom Wireless Manager UI - c:\windows\system32\WLTRAY.exe
HKLM-Run-SynTPEnh - c:\program files\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-SunJavaUpdateSched - c:\program files\Common Files\Java\Java Update\jusched.exe
HKLM-Run-SearchSettings - c:\program files\Common Files\Spigot\Search Settings\SearchSettings.exe
HKLM-Run-tray_ico - (no file)
HKLM-Run-tray_ico1 - (no file)
HKLM-Run-tray_ico2 - (no file)
HKLM-Run-tray_ico3 - (no file)
HKLM-Run-tray_ico4 - (no file)
HKLM-Run-egui - c:\program files\ESET\ESET NOD32 Antivirus\egui.exe
SafeBoot-bfnsbdkl
SafeBoot-cbxsrdlp
SafeBoot-cjccdddc
SafeBoot-gzrjeuze
SafeBoot-imnpybfn
SafeBoot-klujaobs
SafeBoot-nrnricou
SafeBoot-pnyrzefd
SafeBoot-unarwcht
SafeBoot-xjifouqi
SafeBoot-xxsefcmd
SafeBoot-ybivcbos
AddRemove-Steam App 440 - c:\program files\Steam\steam.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-11-02 16:41
Windows 5.1.2600 Service Pack 2 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
.
c:\windows\4132681576:2538122249.exe 816 bytes executable
.
sken byl úspešně dokončen
skryté soubory: 1
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\GarenaPEngine]
"ImagePath"="\??\c:\docume~1\Nigs\LOCALS~1\Temp\WUC8A.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG14.00.00.01PROFESSIONAL"="F1E182C483A4954571B3F3D932BC94D188AB6A83130212664AEFEE3E59DCCF42E811D284FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808A2D97226D213B5555D575E7D6A3B9808C038D530D6EB345289C27684D7457343B78562E384B245FECBCD5D4C49C99B4CA8D88CAEAB036B16A64C6F41E30E9EB6E34F0DF5132E71E9DD37F4F3C631945DE0C00F25D16D273CC35ABC586957815BF2814AED1FA54BECCB26AF98A2FDE6CB4E2E9C2558BB254D1579DE613E44D328237F11061A638F6D817797350AC3F30FA716F50CCA6D0DF0BE556DBAE85AA19729CF6BBB2B185057DEAACD8B5FFB73A11C91F178E761D8D4DC411205A603CD25AA9D79512A56741938E3879B39027083CADDF7CF24DFDA28FBB18AA5670F0B55C3B7EF4CA595B42454E90C2F6317C93949DA863AA690B4A01EC029C5D12F63AB029113785DB21FEF712A374E5B5FB0CA200F2F23CA005F76B9ADD5D13DF8B3B16AC1C0E2C8EA15F63E35FACBD4E32E424EA1153B20A1A66738DA09FBB469AC76F182E7DD91E2CD395FBCD938B30F9BB0C26073F5EA4AA932784BD1B87A5DD28B05330A7F932251376C19ECEA15342829E2BC988CA0B2DC1DCC2B52C10317FD0502D7BFA16113FDF8F047E08047845643894AE2FA707887F07A47411376BD5D7EBB15B46241860588EC6674574A9B7D1A8143C980B59DC5F83B12E76F30DB6F93F938A7A52A2FED75D53B7E12D7F3C74E0C82D421078707863D22265AC25E0A6777AE6B8F4C2311D1922C6498D8ECB383DF0CA326AA7E106EA3AF6C9E7298541FE28A688A09DF9CB37F47A4956CCD15E0A482659B9B307789831B42C837C04EE45F0598C5734492B6ECB9CE78E4BC921277AF60D00BAF2933E6E24029BC72C56684F78C33D71348F81ED907F3C7C7A6C6697F6D5ADAEF65CD4C30975664A9E0D3DCE1E587B1F3681C4B9D8400D1DD203300037A91A34CBFBD25CB082843CB98E368E5DDBDB472EEC921231657EED3210EB3700890B080206A57A1E93CA01CB95119CA3F1643FD2FA93EA81AF84362219372212B38813042C03DC6A5F3F9C7645755FB688EFA69CE6B399205A826A5EA849C8F0FAC49DD3533256F3A74FEDB8C3AF887CC71A5EC474217685F6CA01E1D22865D6F5770F5DDB351F5B92715C9FC3ED32174C6C6A466E456D6C590F031AA36F9501C6211C3733E77D74BB8D56AD02C289F79DB130ECD8C652DE7238AA5D98AB4D0FDBFFBF9024CC137A79A8A767AD22D7E8CC4740DF378A95F8B781429C570666C0BA1332DE95F4D5A9E01B68CBD050D5AEF57096AA1EC790507A7674A5DBAB4D2520270D6DCFCAC2B91660D2FB295E7F87BACA1CFF42E23DAC68A1300E341B85AF41C9D54652E66B677077745C6E0D03F9A24"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(1588)
c:\windows\system32\msi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\StacSV.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\igfxsrvc.exe
.
**************************************************************************
.
Celkový čas: 2011-11-02 16:43:45 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-11-02 15:43
.
Před spuštěním: 8 466 415 616
Po spuštění: 8 422 625 280
.
- - End Of File - - 26055EAAB22D15D0079EE226DD62348A

[chodnik74]

Otevřeme si Poznámkový blok

• (stiskneme klávesovou kombinaci WIN+R a napíšeme ,,notepad,, bez úvozovek a dáme enter)
• Vložíme do něj následující script:

  Kód: Vybrat vše

  
  KillAll::
  
  Restore::
  c:\windows\system32\ole32.dll
  c:\windows\system32\drivers\tcpip.sys
  
  File::
  c:\windows\unrar.exe
  c:\windows\system32\ConduitEngine.tmp
  c:\windows\system32\drivers\jszaaimi.sys
  c:\windows\system32\drivers\ehhd4c4.sys
  c:\windows\system32\drivers\hps9395.sys
  c:\windows\system32\drivers\prsbdc2.sys
  c:\windows\system32\drivers\qss5860.sys
  c:\windows\system32\XDva375.sys
  c:\windows\system32\XDva380.sys
  c:\windows\Tasks\ASC4_PerformanceMonitor.job
  
  Folder::
  c:\windows\update.tray-2-0
  c:\windows\update.tray-2-0-lnk
  C:\.Trash-999
  c:\documents and settings\LocalService\Local Settings\Data aplikací\68b753f6
  c:\program files\ConduitEngine
  
  Registry::
  [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
  [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{51a86bb3-6602-4c85-92a5-130ee4864f13}]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
  "{51a86bb3-6602-4c85-92a5-130ee4864f13}"=-
  "{30F9B915-B755-4826-820B-08FBA6BD249D}"=-
  [HKEY_CLASSES_ROOT\clsid\{51a86bb3-6602-4c85-92a5-130ee4864f13}]
  [HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "igfxtray"=-
  "igfxhkcmd"=-
  "igfxpers"=-
  [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\jszaaimi.sys]
  [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Bluetooth.lnk]
  [-HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^GamersFirst LIVE!.lnk]
  [-HKLM\~\startupfolder\C:^Documents and Settings^Nigs^Nabídka Start^Programy^Po spuštění^0zfplgh.exe]
  [-HKLM\~\startupfolder\C:^Documents and Settings^Nigs^Nabídka Start^Programy^Po spuštění^5ooefk8.exe]
  [-HKLM\~\startupfolder\C:^Documents and Settings^Nigs^Nabídka Start^Programy^Po spuštění^afvb60dyze.exe]
  [-HKLM\~\startupfolder\C:^Documents and Settings^Nigs^Nabídka Start^Programy^Po spuštění^faqg0hxd66u.exe]
  [-HKLM\~\startupfolder\C:^Documents and Settings^Nigs^Nabídka Start^Programy^Po spuštění^ggwxc86o.exe]
  [-HKLM\~\startupfolder\C:^Documents and Settings^Nigs^Nabídka Start^Programy^Po spuštění^h60jpzvq.exe]
  [-HKLM\~\startupfolder\C:^Documents and Settings^Nigs^Nabídka Start^Programy^Po spuštění^i7081kvwr.exe]
  [-HKLM\~\startupfolder\C:^Documents and Settings^Nigs^Nabídka Start^Programy^Po spuštění^ity81vqrw.exe]
  [-HKLM\~\startupfolder\C:^Documents and Settings^Nigs^Nabídka Start^Programy^Po spuštění^lq81nijo.exe]
  [-HKLM\~\startupfolder\C:^Documents and Settings^Nigs^Nabídka Start^Programy^Po spuštění^pfl66c86.exe]
  [-HKLM\~\startupfolder\C:^Documents and Settings^Nigs^Nabídka Start^Programy^Po spuštění^sty86k81wh.exe]
  [-HKLM\~\startupfolder\C:^Documents and Settings^Nigs^Nabídka Start^Programy^Po spuštění^ty81vqg0.exe]
  [-HKLM\~\startupfolder\C:^Documents and Settings^Nigs^Nabídka Start^Programy^Po spuštění^tz60bhrn.exe]
  [-HKLM\~\startupfolder\C:^Documents and Settings^Nigs^Nabídka Start^Programy^Po spuštění^u1l703s0.exe]
  [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
  [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui]
  [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NexonEULauncher]
  [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
  [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vovy]
  [HKEY_LOCAL_MACHINE\software\microsoft\security center]
  "AntiVirusOverride"=dword:00000000
  "FirewallOverride"=dword:00000000
  "DisableThumbnailCache"=dword:00000000
  [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
  "EnableFirewall"=dword:00000001
  [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
  "c:\\Documents and Settings\\Nigs\\Dokumenty\\Downloads\\Flash-Player.exe"=-
  "c:\\WINDOWS\\update.tray-2-0\\svchost.exe"=-
  [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
  "57008:TCP"=-
  "57008:UDP"=-
  "15327:TCP"=-
  "15327:UDP"=-
  "58927:TCP"=-
  "58927:UDP"=-
  
  Driver::
  jszaaimi
  Akamai
  ehhd4c4
  hps9395
  prsbdc2
  qss5860
  nrnricou
  SvcWandoor
  WandServer3
  xjifouqi
  XDva375
  XDva380
  
  NetSvc::
  Akamai	
  
  Reboot::
  

• Soubor uložíme na Plochu jako CFScript.txt
• Poté tento soubor uchopíme levým tlačítkem myši a přetáhneme na ikonu Combofixu a upustíme
  
  
• Poté Combofix provede všechny operace a udělá nový log,který sem vložte

Může se stát,že po aplikaci scriptu nenaběhne Windows běžným způsobem.V tomto případě restartujte počítač a při startu mačkejte F8 a zvolte možnost Poslední známá funkční konfigurace


Poté poprosím o následující..


Stáhněte si TDSSKiller

• Spuste program a klikněte na Start Scan
• Pokud program najde infikekci,tak ji bude lecit (Cure), povolte léčení kliknutím na tlačítko Continue
• Pokud program najde podezrely soubor (suspicious),bude ho chtít přeskočit (Skip), povolte přeskočení kliknutim na tlačítko Continue
• Po dokončení skenování bude možná potřeba restartovat počítač,ten povolíte programu kliknutím na tlačítko Reboot now
• Po restartování počítače na vás vyskočí log(pokud se tak nestane,tak ho najdete na disku,kde máte nainstalovaná systém s názvem TDSSKiller.xxxx_log.txt) a vložte mi sem jeho obsah
• Pokud nebude program požadovat restartování počítače,klikněte na tlačítko Close a následně na Report , čímž se Vám vytvoří log a jeho obsah mu sem vložte

[brseker]

Dobře, log z ComboFixu:

ComboFix 11-11-02.01 - brseker 02.11.2011 17:16:19.2.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.1014.699 [GMT 1:00]
Spuštěný z: c:\documents and settings\brseker\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\brseker\Plocha\CFScript.txt
AV: ESET NOD32 Antivirus 5.0 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.
FILE ::
"c:\windows\system32\ConduitEngine.tmp"
"c:\windows\system32\drivers\ehhd4c4.sys"
"c:\windows\system32\drivers\hps9395.sys"
"c:\windows\system32\drivers\jszaaimi.sys"
"c:\windows\system32\drivers\prsbdc2.sys"
"c:\windows\system32\drivers\qss5860.sys"
"c:\windows\system32\XDva375.sys"
"c:\windows\system32\XDva380.sys"
"c:\windows\Tasks\ASC4_PerformanceMonitor.job"
"c:\windows\unrar.exe"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\.Trash-999
c:\.trash-999\files\1033479.EXE-3018688C.pf
c:\.trash-999\files\233087407.EXE-19D78AFD.pf
c:\.trash-999\files\2789694.EXE-1572388C.pf
c:\.trash-999\files\3444809.EXE-0D58EC91.pf
c:\.trash-999\files\3771349.EXE-3A0A525D.pf
c:\.trash-999\files\3981677.EXE-22A8C693.pf
c:\.trash-999\files\4132681576
c:\.trash-999\files\6868295.EXE-3A5E43A5.pf
c:\.trash-999\files\9156902.EXE-39C7BD97.pf
c:\.trash-999\files\av_ico\ico_NOD_AV_START.ico
c:\.trash-999\files\av_ico\ico_NOD_SYSINSP.ico
c:\.trash-999\files\av_ico\ico_NOD_SYSRESC.ico
c:\.trash-999\files\av_ico\ico_NOD_TXT.ico
c:\.trash-999\files\av_ico\ico_NOD_UNINSTALL.ico
c:\.trash-999\files\back2.tar.gz
c:\.trash-999\files\CMD.EXE-034B0549.pf
c:\.trash-999\files\CTFMON.EXE-05E57A5E.pf
c:\.trash-999\files\DRWTSN32.EXE-01DDCF15.pf
c:\.trash-999\files\DUMPREP.EXE-0AF2BF67.pf
c:\.trash-999\files\DWWIN.EXE-2C373FB7.pf
c:\.trash-999\files\EKRN.EXE-10A7199C.pf
c:\.trash-999\files\EXPLORER.EXE-02121B1A.pf
c:\.trash-999\files\FFMPEG.EXE-0718F1E3.pf
c:\.trash-999\files\FLASH-PLAYER.EXE-3430465A.pf
c:\.trash-999\files\FREEYOUTUBETOMP3CONVERTER.EXE-1374ED14.pf
c:\.trash-999\files\front_ip_list.txt
c:\.trash-999\files\GBTRAY.EXE-01ECC947.pf
c:\.trash-999\files\GOOGLECRASHHANDLER.EXE-0259CEB9.pf
c:\.trash-999\files\GOOGLEUPDATE.EXE-0DE60DAA.pf
c:\.trash-999\files\HAMACHI-2-UI.EXE-32756E9E.pf
c:\.trash-999\files\HKCMD.EXE-0F06AE14.pf
c:\.trash-999\files\HL.EXE-028B4466.pf
c:\.trash-999\files\CHCP.COM-17EDBDC9.pf
c:\.trash-999\files\CHROME.EXE-0E0B6521.pf
c:\.trash-999\files\CHROME.EXE-0E0B6524.pf
c:\.trash-999\files\CHROME.EXE-0E0B6525.pf
c:\.trash-999\files\CHROME.EXE-0E0B6528.pf
c:\.trash-999\files\iecheck_iplist.txt
c:\.trash-999\files\IGFXPERS.EXE-19DA7B04.pf
c:\.trash-999\files\IGFXTRAY.EXE-0A23D403.pf
c:\.trash-999\files\IMAPI.EXE-201490BB.pf
c:\.trash-999\files\iplist.txt
c:\.trash-999\files\JAVA.EXE-32FD225F.pf
c:\.trash-999\files\JUCHECK.EXE-20BD56D6.pf
c:\.trash-999\files\LAME.EXE-128EDD96.pf
c:\.trash-999\files\Layout.ini
c:\.trash-999\files\LEAGUE OF LEGENDS.EXE-080A7F84.pf
c:\.trash-999\files\LOGON.SCR-24ADF392.pf
c:\.trash-999\files\LOGONUI.EXE-312BE1BF.pf
c:\.trash-999\files\LOL.LAUNCHER.ADMIN.EXE-2C1C0890.pf
c:\.trash-999\files\LOL.LAUNCHER.EXE-0D94DAE7.pf
c:\.trash-999\files\LOLLAUNCHER.EXE-0BDB9922.pf
c:\.trash-999\files\MSIEXEC.EXE-330626DC.pf
c:\.trash-999\files\NET.EXE-151FD66D.pf
c:\.trash-999\files\NET1.EXE-02C3403D.pf
c:\.trash-999\files\NETSH.EXE-23AED181.pf
c:\.trash-999\files\NETSTAT.EXE-04F18BC0.pf
c:\.trash-999\files\NEW111.EXE-339BB69C.pf
c:\.trash-999\files\NTOSBOOT-B00DFAAD.pf
c:\.trash-999\files\OODTRAY.EXE-0FC61DB5.pf
c:\.trash-999\files\PMB.EXE-1DFABEDC.pf
c:\.trash-999\files\proc_list1.log
c:\.trash-999\files\RADS_USER_KERNEL.EXE-2B73923E.pf
c:\.trash-999\files\REG.EXE-07FA5B3F.pf
c:\.trash-999\files\RUNDLL32.EXE-3F577FC3.pf
c:\.trash-999\files\RUNDLL32.EXE-3FFBE751.pf
c:\.trash-999\files\RUNDLL32.EXE-43793BF9.pf
c:\.trash-999\files\RUNDLL32.EXE-4EEEE518.pf
c:\.trash-999\files\RUNDLL32.EXE-4F6A8981.pf
c:\.trash-999\files\RUNDLL32.EXE-67B8623C.pf
c:\.trash-999\files\RUNDLL32.EXE-6E8D4657.pf
c:\.trash-999\files\SC.EXE-28F2B663.pf
c:\.trash-999\files\SEARCHSETTINGS.EXE-0BD8AE9C.pf
c:\.trash-999\files\SERVICES32.EXE-24A17781.pf
c:\.trash-999\files\services32.exe
c:\.trash-999\files\SHUTDOWN.EXE-00AD91B0.pf
c:\.trash-999\files\STSYSTRA.EXE-3A4C1B11.pf
c:\.trash-999\files\SVCHOST.EXE-00B5C1AC.pf
c:\.trash-999\files\SVCHOST.EXE-19979488.pf
c:\.trash-999\files\SVCHOST.EXE-2D5FBD18.pf
c:\.trash-999\files\SVCHOST.EXE-3110C4DA.pf
c:\.trash-999\files\SVCHOST.EXE-37665998.pf
c:\.trash-999\files\SYNTPENH.EXE-2B70B91C.pf
c:\.trash-999\files\SYSDRIVER32.EXE-0CC6A53A.pf
c:\.trash-999\files\sysdriver32.exe
c:\.trash-999\files\sysdriver32_.exe
c:\.trash-999\files\SYSTEMINFO.EXE-26B98D27.pf
c:\.trash-999\files\TASKKILL.EXE-1EEA7CB4.pf
c:\.trash-999\files\TBOFFER.EXE-14ABEEC2.pf
c:\.trash-999\files\tmpb\{E9C1E1AC-C9B2-4c85-94DE-9C1518918D02}.tlb
c:\.trash-999\files\tmpb\1033479.exe
c:\.trash-999\files\tmpb\233087407.exe
c:\.trash-999\files\tmpb\3444809.exe
c:\.trash-999\files\tmpb\3771349.exe
c:\.trash-999\files\tmpb\3981677.exe
c:\.trash-999\files\tmpb\5353085.exe
c:\.trash-999\files\tmpb\6868295.exe
c:\.trash-999\files\tmpb\9156902.exe
c:\.trash-999\files\tmpb\au-descriptor-1.6.0_29-b110.xml
c:\.trash-999\files\tmpb\AUCHECK_CORE.txt
c:\.trash-999\files\tmpb\AUCHECK_PARSER.txt
c:\.trash-999\files\tmpb\js_fb_p_0
c:\.trash-999\files\tmpb\js_vk_0
c:\.trash-999\files\tmpb\js_vk_1
c:\.trash-999\files\tmpb\jusched.log
c:\.trash-999\files\tmpb\log115.txt
c:\.trash-999\files\tmpb\Perflib_Perfdata_188.dat
c:\.trash-999\files\tmpb\Perflib_Perfdata_1c0.dat
c:\.trash-999\files\tmpb\Perflib_Perfdata_2a0.dat
c:\.trash-999\files\tmpb\Perflib_Perfdata_2a4.dat
c:\.trash-999\files\tmpb\Perflib_Perfdata_2e8.dat
c:\.trash-999\files\tmpb\Perflib_Perfdata_2ec.dat
c:\.trash-999\files\tmpb\Perflib_Perfdata_2f0.dat
c:\.trash-999\files\tmpb\Perflib_Perfdata_32c.dat
c:\.trash-999\files\tmpb\Perflib_Perfdata_4ec.dat
c:\.trash-999\files\tmpb\Perflib_Perfdata_51c.dat
c:\.trash-999\files\tmpb\Perflib_Perfdata_528.dat
c:\.trash-999\files\tmpb\Perflib_Perfdata_52c.dat
c:\.trash-999\files\tmpb\Perflib_Perfdata_578.dat
c:\.trash-999\files\tmpb\Perflib_Perfdata_bb4.dat
c:\.trash-999\files\TOTALCMD.EXE-2B24920D.pf
c:\.trash-999\files\UNRAR.EXE-1F5A1F81.pf
c:\.trash-999\files\unrar.exe
c:\.trash-999\files\update.1\svchost.exe
c:\.trash-999\files\update.2\svchost.exe
c:\.trash-999\files\update.5.0\svchost.exe
c:\.trash-999\files\update.tray-2-0-lnk\svchost.exe
c:\.trash-999\files\update.tray-2-0\svchost.exe
c:\.trash-999\files\UPNP.EXE-113F7333.pf
c:\.trash-999\files\VLC.EXE-02F29DFD.pf
c:\.trash-999\files\WAR3.EXE-21359875.pf
c:\.trash-999\files\winlog-dirs.txt
c:\.trash-999\files\winlog-ids.txt
c:\.trash-999\files\WLTRAY.EXE-0D3A5A80.pf
c:\.trash-999\files\WMIADAP.EXE-32F99497.pf
c:\.trash-999\files\WMIPRVSE.EXE-0D449B4F.pf
c:\.trash-999\files\WSCNTFY.EXE-0B14C27D.pf
c:\.trash-999\files\X-395FBCEF.pf
c:\.trash-999\info\1033479.EXE-3018688C.pf.trashinfo
c:\.trash-999\info\233087407.EXE-19D78AFD.pf.trashinfo
c:\.trash-999\info\2789694.EXE-1572388C.pf.trashinfo
c:\.trash-999\info\3444809.EXE-0D58EC91.pf.trashinfo
c:\.trash-999\info\3771349.EXE-3A0A525D.pf.trashinfo
c:\.trash-999\info\3981677.EXE-22A8C693.pf.trashinfo
c:\.trash-999\info\4132681576.trashinfo
c:\.trash-999\info\6868295.EXE-3A5E43A5.pf.trashinfo
c:\.trash-999\info\9156902.EXE-39C7BD97.pf.trashinfo
c:\.trash-999\info\av_ico.trashinfo
c:\.trash-999\info\back2.tar.gz.trashinfo
c:\.trash-999\info\CMD.EXE-034B0549.pf.trashinfo
c:\.trash-999\info\CTFMON.EXE-05E57A5E.pf.trashinfo
c:\.trash-999\info\DRWTSN32.EXE-01DDCF15.pf.trashinfo
c:\.trash-999\info\DUMPREP.EXE-0AF2BF67.pf.trashinfo
c:\.trash-999\info\DWWIN.EXE-2C373FB7.pf.trashinfo
c:\.trash-999\info\EKRN.EXE-10A7199C.pf.trashinfo
c:\.trash-999\info\EXPLORER.EXE-02121B1A.pf.trashinfo
c:\.trash-999\info\FFMPEG.EXE-0718F1E3.pf.trashinfo
c:\.trash-999\info\FLASH-PLAYER.EXE-3430465A.pf.trashinfo
c:\.trash-999\info\FREEYOUTUBETOMP3CONVERTER.EXE-1374ED14.pf.trashinfo
c:\.trash-999\info\front_ip_list.txt.trashinfo
c:\.trash-999\info\GBTRAY.EXE-01ECC947.pf.trashinfo
c:\.trash-999\info\GOOGLECRASHHANDLER.EXE-0259CEB9.pf.trashinfo
c:\.trash-999\info\GOOGLEUPDATE.EXE-0DE60DAA.pf.trashinfo
c:\.trash-999\info\HAMACHI-2-UI.EXE-32756E9E.pf.trashinfo
c:\.trash-999\info\HKCMD.EXE-0F06AE14.pf.trashinfo
c:\.trash-999\info\HL.EXE-028B4466.pf.trashinfo
c:\.trash-999\info\CHCP.COM-17EDBDC9.pf.trashinfo
c:\.trash-999\info\CHROME.EXE-0E0B6521.pf.trashinfo
c:\.trash-999\info\CHROME.EXE-0E0B6524.pf.trashinfo
c:\.trash-999\info\CHROME.EXE-0E0B6525.pf.trashinfo
c:\.trash-999\info\CHROME.EXE-0E0B6528.pf.trashinfo
c:\.trash-999\info\iecheck_iplist.txt.trashinfo
c:\.trash-999\info\IGFXPERS.EXE-19DA7B04.pf.trashinfo
c:\.trash-999\info\IGFXTRAY.EXE-0A23D403.pf.trashinfo
c:\.trash-999\info\IMAPI.EXE-201490BB.pf.trashinfo
c:\.trash-999\info\iplist.txt.trashinfo
c:\.trash-999\info\JAVA.EXE-32FD225F.pf.trashinfo
c:\.trash-999\info\JUCHECK.EXE-20BD56D6.pf.trashinfo
c:\.trash-999\info\LAME.EXE-128EDD96.pf.trashinfo
c:\.trash-999\info\Layout.ini.trashinfo
c:\.trash-999\info\LEAGUE OF LEGENDS.EXE-080A7F84.pf.trashinfo
c:\.trash-999\info\LOGON.SCR-24ADF392.pf.trashinfo
c:\.trash-999\info\LOGONUI.EXE-312BE1BF.pf.trashinfo
c:\.trash-999\info\LOL.LAUNCHER.ADMIN.EXE-2C1C0890.pf.trashinfo
c:\.trash-999\info\LOL.LAUNCHER.EXE-0D94DAE7.pf.trashinfo
c:\.trash-999\info\LOLLAUNCHER.EXE-0BDB9922.pf.trashinfo
c:\.trash-999\info\MSIEXEC.EXE-330626DC.pf.trashinfo
c:\.trash-999\info\NET.EXE-151FD66D.pf.trashinfo
c:\.trash-999\info\NET1.EXE-02C3403D.pf.trashinfo
c:\.trash-999\info\NETSH.EXE-23AED181.pf.trashinfo
c:\.trash-999\info\NETSTAT.EXE-04F18BC0.pf.trashinfo
c:\.trash-999\info\NEW111.EXE-339BB69C.pf.trashinfo
c:\.trash-999\info\NTOSBOOT-B00DFAAD.pf.trashinfo
c:\.trash-999\info\OODTRAY.EXE-0FC61DB5.pf.trashinfo
c:\.trash-999\info\PMB.EXE-1DFABEDC.pf.trashinfo
c:\.trash-999\info\proc_list1.log.trashinfo
c:\.trash-999\info\RADS_USER_KERNEL.EXE-2B73923E.pf.trashinfo
c:\.trash-999\info\REG.EXE-07FA5B3F.pf.trashinfo
c:\.trash-999\info\RUNDLL32.EXE-3F577FC3.pf.trashinfo
c:\.trash-999\info\RUNDLL32.EXE-3FFBE751.pf.trashinfo
c:\.trash-999\info\RUNDLL32.EXE-43793BF9.pf.trashinfo
c:\.trash-999\info\RUNDLL32.EXE-4EEEE518.pf.trashinfo
c:\.trash-999\info\RUNDLL32.EXE-4F6A8981.pf.trashinfo
c:\.trash-999\info\RUNDLL32.EXE-67B8623C.pf.trashinfo
c:\.trash-999\info\RUNDLL32.EXE-6E8D4657.pf.trashinfo
c:\.trash-999\info\SC.EXE-28F2B663.pf.trashinfo
c:\.trash-999\info\SEARCHSETTINGS.EXE-0BD8AE9C.pf.trashinfo
c:\.trash-999\info\SERVICES32.EXE-24A17781.pf.trashinfo
c:\.trash-999\info\services32.exe.trashinfo
c:\.trash-999\info\SHUTDOWN.EXE-00AD91B0.pf.trashinfo
c:\.trash-999\info\STSYSTRA.EXE-3A4C1B11.pf.trashinfo
c:\.trash-999\info\SVCHOST.EXE-00B5C1AC.pf.trashinfo
c:\.trash-999\info\SVCHOST.EXE-19979488.pf.trashinfo
c:\.trash-999\info\SVCHOST.EXE-2D5FBD18.pf.trashinfo
c:\.trash-999\info\SVCHOST.EXE-3110C4DA.pf.trashinfo
c:\.trash-999\info\SVCHOST.EXE-37665998.pf.trashinfo
c:\.trash-999\info\SYNTPENH.EXE-2B70B91C.pf.trashinfo
c:\.trash-999\info\SYSDRIVER32.EXE-0CC6A53A.pf.trashinfo
c:\.trash-999\info\sysdriver32.exe.trashinfo
c:\.trash-999\info\sysdriver32_.exe.trashinfo
c:\.trash-999\info\SYSTEMINFO.EXE-26B98D27.pf.trashinfo
c:\.trash-999\info\TASKKILL.EXE-1EEA7CB4.pf.trashinfo
c:\.trash-999\info\TBOFFER.EXE-14ABEEC2.pf.trashinfo
c:\.trash-999\info\tmpb.trashinfo
c:\.trash-999\info\TOTALCMD.EXE-2B24920D.pf.trashinfo
c:\.trash-999\info\UNRAR.EXE-1F5A1F81.pf.trashinfo
c:\.trash-999\info\unrar.exe.trashinfo
c:\.trash-999\info\update.1.trashinfo
c:\.trash-999\info\update.2.trashinfo
c:\.trash-999\info\update.5.0.trashinfo
c:\.trash-999\info\update.tray-2-0-lnk.trashinfo
c:\.trash-999\info\update.tray-2-0.trashinfo
c:\.trash-999\info\UPNP.EXE-113F7333.pf.trashinfo
c:\.trash-999\info\VLC.EXE-02F29DFD.pf.trashinfo
c:\.trash-999\info\WAR3.EXE-21359875.pf.trashinfo
c:\.trash-999\info\winlog-dirs.txt.trashinfo
c:\.trash-999\info\winlog-ids.txt.trashinfo
c:\.trash-999\info\WLTRAY.EXE-0D3A5A80.pf.trashinfo
c:\.trash-999\info\WMIADAP.EXE-32F99497.pf.trashinfo
c:\.trash-999\info\WMIPRVSE.EXE-0D449B4F.pf.trashinfo
c:\.trash-999\info\WSCNTFY.EXE-0B14C27D.pf.trashinfo
c:\.trash-999\info\X-395FBCEF.pf.trashinfo
c:\windows\system32\ConduitEngine.tmp
c:\windows\system32\drivers\jszaaimi.sys
c:\windows\unrar.exe
c:\windows\update.tray-2-0-lnk
c:\windows\update.tray-2-0-lnk\svchost.exe
c:\windows\update.tray-2-0
c:\windows\update.tray-2-0\svchost.exe
.
Nakažená kopie c:\windows\system32\drivers\tcpip.sys byla nalezena a vyléčena.
Obnovena kopie z - c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
.
c:\windows\system32\ole32.dll . . . je infikován!!
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_AKAMAI
-------\Legacy_EHHD4C4
-------\Legacy_HPS9395
-------\Legacy_JSZAAIMI
-------\Legacy_NRNRICOU
-------\Legacy_PRSBDC2
-------\Legacy_QSS5860
-------\Legacy_SVCWANDOOR
-------\Legacy_WANDSERVER3
-------\Legacy_XDVA375
-------\Legacy_XDVA380
-------\Legacy_XJIFOUQI
-------\Service_Akamai
-------\Service_ehhd4c4
-------\Service_hps9395
-------\Service_jszaaimi
-------\Service_nrnricou
-------\Service_prsbdc2
-------\Service_qss5860
-------\Service_SvcWandoor
-------\Service_WandServer3
-------\Service_XDva375
-------\Service_XDva380
-------\Service_xjifouqi
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-10-02 do 2011-11-02 )))))))))))))))))))))))))))))))
.
.
2011-11-02 16:04 . 2011-11-02 16:04 -------- d-----w- c:\documents and settings\brseker\Data aplikací\IObit
2011-11-02 15:57 . 2011-11-02 15:57 -------- d-----w- c:\documents and settings\brseker\Local Settings\Data aplikací\BrotherSoft_Extreme
2011-11-02 15:57 . 2011-11-02 15:57 -------- d-----w- c:\documents and settings\brseker\Local Settings\Data aplikací\Conduit
2011-11-02 15:57 . 2011-11-02 15:57 -------- d-----w- c:\documents and settings\brseker\Local Settings\Data aplikací\temp
2011-11-02 15:25 . 2004-08-18 10:00 52352 -c--a-w- c:\windows\system32\dllcache\i8042prt.sys
2011-11-02 15:25 . 2004-08-18 10:00 52352 ----a-w- c:\windows\system32\drivers\i8042prt.sys
2011-11-02 14:46 . 2011-11-02 15:52 -------- d-----w- c:\documents and settings\brseker\Local Settings\Data aplikací\LogMeIn Hamachi
2011-11-02 14:46 . 2011-11-02 14:46 -------- d-----w- c:\documents and settings\brseker\Data aplikací\Search Settings
2011-11-02 14:42 . 2011-11-02 14:42 -------- d-----w- c:\documents and settings\iva\Local Settings\Data aplikací\GHISLER
2011-11-02 14:41 . 2011-11-02 14:41 -------- d-----w- c:\program files\trend micro
2011-11-02 14:41 . 2011-11-02 14:41 -------- d-----w- C:\rsit
2011-11-02 14:40 . 2011-11-02 14:40 -------- d-----w- c:\windows\tmpb
2011-11-02 14:39 . 2004-08-03 22:08 31616 -c--a-w- c:\windows\system32\dllcache\usbccgp.sys
2011-11-02 14:39 . 2004-08-03 22:08 31616 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2011-11-01 20:43 . 2011-11-01 20:43 -------- d-----w- c:\documents and settings\iva\Data aplikací\GHISLER
2011-10-31 19:15 . 2011-10-31 19:15 48016 --sha-w- c:\windows\system32\c_45082.nl_
2011-10-31 19:13 . 2010-07-02 11:43 95896 ----a-w- c:\windows\system32\drivers\epfwtdir.sys
2011-10-31 19:13 . 2010-07-02 11:43 140752 ----a-w- c:\windows\system32\drivers\eamon.sys
2011-10-31 19:13 . 2010-04-28 07:17 114984 ----a-w- c:\windows\system32\drivers\ehdrv.sys
2011-10-31 19:12 . 2011-10-31 19:12 -------- d-----w- c:\program files\ESET
2011-10-31 18:40 . 2011-11-02 15:36 -------- d-sh--w- c:\documents and settings\LocalService\Local Settings\Data aplikací\68b753f6
2011-10-30 18:59 . 2011-10-31 16:22 -------- d-----w- c:\documents and settings\Nigs\Fast and Furious 5 soundtrack
2011-10-27 16:35 . 2011-10-27 16:35 -------- d-----w- c:\program files\BrotherSoft_Extreme
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-09 09:33 . 2010-08-29 19:25 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2010-02-16 . C47F40F3450A0CF24D7217675D7B5219 . 1281024 . . [5.1.2600.2180] . . c:\windows\system32\ole32.dll
[-] 2008-04-14 . 21F836AAB269FF644E0E708B794B0DF7 . 1287168 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\44c8256673ca0542cb198384f8131b68\ole32.dll
.
((((((((((((((((((((((((((((( SnapShot@2011-11-02_15.39.39 )))))))))))))))))))))))))))))))))))))))))
.
+ 2004-08-18 10:00 . 2008-06-20 11:59 361600 c:\windows\system32\drivers\tcpip.sys
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 405504]
"LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2011-08-04 1955208]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-18 15360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableSecureUIAPaths"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Bluetooth.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Bluetooth.lnk
backup=c:\windows\pss\Bluetooth.lnkCommon Startup
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\[PSY] Garrys Mod 11(1.o.o.5)\\hl2.exe"=
"c:\\Program Files\\Garena\\Garena.exe"=
"c:\\Program Files\\Hry\\Warcraft III\\War3.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Nexon\\NEXON_EU_Downloader\\NEXON_EU_Downloader_Engine.exe"=
"c:\\Documents and Settings\\All Users\\Data aplikací\\NexonEU\\NGM\\NGM.exe"=
"c:\\Program Files\\BitComet\\BitComet.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [4.7.2010 21:45 691696]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [31.10.2011 20:13 114984]
R2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [27.9.2011 19:08 745880]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [4.8.2011 13:34 1361288]
R2 QipGuard;QipGuard;c:\program files\QipGuard\QipGuard.exe [20.7.2011 9:44 190336]
S1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [31.10.2011 20:13 95896]
S2 ekrn;ESET Service;"c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe" --> c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [?]
S2 oopo6taiiatk2ae;Asset Management Daemon;c:\windows\system32\vahywoudy.exe [27.11.2010 20:07 24576]
S3 GarenaPEngine;GarenaPEngine;\??\c:\docume~1\Nigs\LOCALS~1\Temp\WUC8A.tmp --> c:\docume~1\Nigs\LOCALS~1\Temp\WUC8A.tmp [?]
S3 GGSAFERDriver;GGSAFER Driver;\??\c:\program files\Garena\safedrv.sys --> c:\program files\Garena\safedrv.sys [?]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Obsah adresáře 'Naplánované úlohy'
.
2011-11-02 c:\windows\Tasks\Game_Booster_Startup.job
- c:\program files\IObit\Game Booster\gbtray.exe [2011-01-13 13:52]
.
.
------- Doplňkový sken -------
.
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
TCP: DhcpNameServer = 62.84.132.6 62.84.128.6
FF - ProfilePath - c:\documents and settings\brseker\Data aplikací\Mozilla\Firefox\Profiles\ywauk01q.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-11-02 17:25
Windows 5.1.2600 Service Pack 2 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
.
c:\windows\4132681576:2538122249.exe 816 bytes executable
.
sken byl úspešně dokončen
skryté soubory: 1
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\GarenaPEngine]
"ImagePath"="\??\c:\docume~1\Nigs\LOCALS~1\Temp\WUC8A.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG14.00.00.01PROFESSIONAL"="F1E182C483A4954571B3F3D932BC94D188AB6A83130212664AEFEE3E59DCCF42E811D284FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808A2D97226D213B5555D575E7D6A3B9808C038D530D6EB345289C27684D7457343B78562E384B245FECBCD5D4C49C99B4CA8D88CAEAB036B16A64C6F41E30E9EB6E34F0DF5132E71E9DD37F4F3C631945DE0C00F25D16D273CC35ABC586957815BF2814AED1FA54BECCB26AF98A2FDE6CB4E2E9C2558BB254D1579DE613E44D328237F11061A638F6D817797350AC3F30FA716F50CCA6D0DF0BE556DBAE85AA19729CF6BBB2B185057DEAACD8B5FFB73A11C91F178E761D8D4DC411205A603CD25AA9D79512A56741938E3879B39027083CADDF7CF24DFDA28FBB18AA5670F0B55C3B7EF4CA595B42454E90C2F6317C93949DA863AA690B4A01EC029C5D12F63AB029113785DB21FEF712A374E5B5FB0CA200F2F23CA005F76B9ADD5D13DF8B3B16AC1C0E2C8EA15F63E35FACBD4E32E424EA1153B20A1A66738DA09FBB469AC76F182E7DD91E2CD395FBCD938B30F9BB0C26073F5EA4AA932784BD1B87A5DD28B05330A7F932251376C19ECEA15342829E2BC988CA0B2DC1DCC2B52C10317FD0502D7BFA16113FDF8F047E08047845643894AE2FA707887F07A47411376BD5D7EBB15B46241860588EC6674574A9B7D1A8143C980B59DC5F83B12E76F30DB6F93F938A7A52A2FED75D53B7E12D7F3C74E0C82D421078707863D22265AC25E0A6777AE6B8F4C2311D1922C6498D8ECB383DF0CA326AA7E106EA3AF6C9E7298541FE28A688A09DF9CB37F47A4956CCD15E0A482659B9B307789831B42C837C04EE45F0598C5734492B6ECB9CE78E4BC921277AF60D00BAF2933E6E24029BC72C56684F78C33D71348F81ED907F3C7C7A6C6697F6D5ADAEF65CD4C30975664A9E0D3DCE1E587B1F3681C4B9D8400D1DD203300037A91A34CBFBD25CB082843CB98E368E5DDBDB472EEC921231657EED3210EB3700890B080206A57A1E93CA01CB95119CA3F1643FD2FA93EA81AF84362219372212B38813042C03DC6A5F3F9C7645755FB688EFA69CE6B399205A826A5EA849C8F0FAC49DD3533256F3A74FEDB8C3AF887CC71A5EC474217685F6CA01E1D22865D6F5770F5DDB351F5B92715C9FC3ED32174C6C6A466E456D6C590F031AA36F9501C6211C3733E77D74BB8D56AD02C289F79DB130ECD8C652DE7238AA5D98AB4D0FDBFFBF9024CC137A79A8A767AD22D7E8CC4740DF378A95F8B781429C570666C0BA1332DE95F4D5A9E01B68CBD050D5AEF57096AA1EC790507A7674A5DBAB4D2520270D6DCFCAC2B91660D2FB295E7F87BACA1CFF42E23DAC68A1300E341B85AF41C9D54652E66B677077745C6E0D03F9A24"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(2276)
c:\windows\system32\msi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\StacSV.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Celkový čas: 2011-11-02 17:27:15 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-11-02 16:27
ComboFix2.txt 2011-11-02 15:43
.
Před spuštěním: 8 443 965 440
Po spuštění: 8 415 305 728
.
- - End Of File - - E64AE33230583A5A34251768068292FE

[brseker]

Log z TSDSSKilleru:

17:28:24.0140 2512 TDSS rootkit removing tool 2.6.14.0 Oct 28 2011 11:11:01
17:28:24.0187 2512 ============================================================
17:28:24.0187 2512 Current date / time: 2011/11/02 17:28:24.0187
17:28:24.0187 2512 SystemInfo:
17:28:24.0187 2512
17:28:24.0187 2512 OS Version: 5.1.2600 ServicePack: 2.0
17:28:24.0187 2512 Product type: Workstation
17:28:24.0187 2512 ComputerName: MACAC
17:28:24.0187 2512 UserName: brseker
17:28:24.0187 2512 Windows directory: C:\WINDOWS
17:28:24.0187 2512 System windows directory: C:\WINDOWS
17:28:24.0187 2512 Processor architecture: Intel x86
17:28:24.0187 2512 Number of processors: 2
17:28:24.0187 2512 Page size: 0x1000
17:28:24.0187 2512 Boot type: Normal boot
17:28:24.0187 2512 ============================================================
17:28:25.0796 2512 Initialize success
17:28:34.0687 1228 ============================================================
17:28:34.0687 1228 Scan started
17:28:34.0687 1228 Mode: Manual;
17:28:34.0687 1228 ============================================================
17:28:35.0640 1228 Abiosdsk - ok
17:28:35.0656 1228 abp480n5 - ok
17:28:35.0718 1228 ACPI (fa2fbcda96d2385f773b059fe5a125a6) C:\WINDOWS\system32\DRIVERS\ACPI.sys
17:28:35.0718 1228 ACPI - ok
17:28:35.0750 1228 ACPIEC (afdff022a01f0b11c776f0860c3b282f) C:\WINDOWS\system32\drivers\ACPIEC.sys
17:28:35.0750 1228 ACPIEC - ok
17:28:35.0765 1228 adpu160m - ok
17:28:35.0812 1228 aec (841f385c6cfaf66b58fbd898722bb4f0) C:\WINDOWS\system32\drivers\aec.sys
17:28:35.0812 1228 aec - ok
17:28:35.0859 1228 AFD (55e6e1c51b6d30e54335750955453702) C:\WINDOWS\System32\drivers\afd.sys
17:28:35.0875 1228 AFD - ok
17:28:35.0875 1228 Aha154x - ok
17:28:35.0890 1228 aic78u2 - ok
17:28:35.0906 1228 aic78xx - ok
17:28:35.0921 1228 AliIde - ok
17:28:35.0937 1228 amsint - ok
17:28:35.0968 1228 Arp1394 (f0d692b0bffb46e30eb3cea168bbc49f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
17:28:35.0968 1228 Arp1394 - ok
17:28:35.0984 1228 asc - ok
17:28:35.0984 1228 asc3350p - ok
17:28:36.0000 1228 asc3550 - ok
17:28:36.0031 1228 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
17:28:36.0046 1228 AsyncMac - ok
17:28:36.0062 1228 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
17:28:36.0062 1228 atapi - ok
17:28:36.0078 1228 Atdisk - ok
17:28:36.0093 1228 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
17:28:36.0093 1228 Atmarpc - ok
17:28:36.0125 1228 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
17:28:36.0140 1228 audstub - ok
17:28:36.0203 1228 BCM43XX (e9ea635b8432d68f0005b3f6cebab837) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
17:28:36.0234 1228 BCM43XX - ok
17:28:36.0343 1228 bcm4sbxp (6489310d11971f6ba6c7f49be0baf6e0) C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
17:28:36.0343 1228 bcm4sbxp - ok
17:28:36.0375 1228 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
17:28:36.0375 1228 Beep - ok
17:28:36.0421 1228 btaudio (8893ae0b6b9b60e0521a60e8b2160216) C:\WINDOWS\system32\drivers\btaudio.sys
17:28:36.0437 1228 btaudio - ok
17:28:36.0468 1228 BTDriver (fde318e3569f57264af74b7e431f60ae) C:\WINDOWS\system32\DRIVERS\btport.sys
17:28:36.0468 1228 BTDriver - ok
17:28:36.0546 1228 BTKRNL (9c3c8b9e2eda516eb44b51dab81dbd68) C:\WINDOWS\system32\DRIVERS\btkrnl.sys
17:28:36.0546 1228 BTKRNL - ok
17:28:36.0562 1228 BTSERIAL (089f7526ff41c17b0a43896d0553d5a2) C:\WINDOWS\system32\drivers\btserial.sys
17:28:36.0578 1228 BTSERIAL - ok
17:28:36.0593 1228 BTWDNDIS (28531ab3183f498e58d93d585e6a6b70) C:\WINDOWS\system32\DRIVERS\btwdndis.sys
17:28:36.0593 1228 BTWDNDIS - ok
17:28:36.0609 1228 btwmodem (7d295223c172ab4d61dc256721b2f09e) C:\WINDOWS\system32\DRIVERS\btwmodem.sys
17:28:36.0609 1228 btwmodem - ok
17:28:36.0625 1228 BTWUSB (56c701580f2891952761362ba7594b3d) C:\WINDOWS\system32\Drivers\btwusb.sys
17:28:36.0625 1228 BTWUSB - ok
17:28:36.0625 1228 catchme - ok
17:28:36.0656 1228 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
17:28:36.0656 1228 cbidf2k - ok
17:28:36.0671 1228 cd20xrnt - ok
17:28:36.0671 1228 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
17:28:36.0687 1228 Cdaudio - ok
17:28:36.0718 1228 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
17:28:36.0718 1228 Cdfs - ok
17:28:36.0765 1228 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
17:28:36.0765 1228 Cdrom - ok
17:28:36.0796 1228 cercsr6 (84853b3fd012251690570e9e7e43343f) C:\WINDOWS\system32\drivers\cercsr6.sys
17:28:36.0796 1228 cercsr6 - ok
17:28:36.0796 1228 Changer - ok
17:28:36.0843 1228 CmBatt (4266be808f85826aedf3c64c1e240203) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
17:28:36.0859 1228 CmBatt - ok
17:28:36.0859 1228 CmdIde - ok
17:28:36.0875 1228 Compbatt (df1b1a24bf52d0ebc01ed4ece8979f50) C:\WINDOWS\system32\DRIVERS\compbatt.sys
17:28:36.0875 1228 Compbatt - ok
17:28:36.0890 1228 Cpqarray - ok
17:28:36.0984 1228 cpuz132 - ok
17:28:37.0000 1228 dac2w2k - ok
17:28:37.0015 1228 dac960nt - ok
17:28:37.0031 1228 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
17:28:37.0031 1228 Disk - ok
17:28:37.0093 1228 dmboot (e1968edec81c430108feb23ab07bdb14) C:\WINDOWS\system32\drivers\dmboot.sys
17:28:37.0109 1228 dmboot - ok
17:28:37.0125 1228 dmio (1b1520a82e396e46b9ae9fa6b03ff6c6) C:\WINDOWS\system32\drivers\dmio.sys
17:28:37.0140 1228 dmio - ok
17:28:37.0156 1228 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
17:28:37.0156 1228 dmload - ok
17:28:37.0187 1228 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
17:28:37.0187 1228 DMusic - ok
17:28:37.0203 1228 dpti2o - ok
17:28:37.0218 1228 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
17:28:37.0218 1228 drmkaud - ok
17:28:37.0234 1228 EagleNT - ok
17:28:37.0281 1228 eamon (8361ed1ca4dcd406a1a5a39bcd714e03) C:\WINDOWS\system32\DRIVERS\eamon.sys
17:28:37.0281 1228 eamon - ok
17:28:37.0328 1228 ehdrv (299a7ce452023a99a65d0d28f3b2bbf6) C:\WINDOWS\system32\DRIVERS\ehdrv.sys
17:28:37.0328 1228 ehdrv - ok
17:28:37.0375 1228 epfwtdir (b90a262e77c6cafa1561956b01171426) C:\WINDOWS\system32\DRIVERS\epfwtdir.sys
17:28:37.0375 1228 epfwtdir - ok
17:28:37.0406 1228 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
17:28:37.0406 1228 Fastfat - ok
17:28:37.0437 1228 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\drivers\Fdc.sys
17:28:37.0437 1228 Fdc - ok
17:28:37.0468 1228 Fips (266dab58619b17bdf37fabbd48d875ca) C:\WINDOWS\system32\drivers\Fips.sys
17:28:37.0468 1228 Fips - ok
17:28:37.0484 1228 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\drivers\Flpydisk.sys
17:28:37.0484 1228 Flpydisk - ok
17:28:37.0500 1228 FltMgr (157754f0df355a9e0a6f54721914f9c6) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
17:28:37.0500 1228 FltMgr - ok
17:28:37.0515 1228 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
17:28:37.0515 1228 Fs_Rec - ok
17:28:37.0546 1228 Ftdisk (4e664d8541db4a66b73a24257e322e1f) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
17:28:37.0546 1228 Ftdisk - ok
17:28:37.0640 1228 GarenaPEngine - ok
17:28:37.0734 1228 GGSAFERDriver - ok
17:28:37.0750 1228 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
17:28:37.0750 1228 Gpc - ok
17:28:37.0781 1228 hamachi (833051c6c6c42117191935f734cfbd97) C:\WINDOWS\system32\DRIVERS\hamachi.sys
17:28:37.0781 1228 hamachi - ok
17:28:37.0812 1228 HDAudBus (e31363d186b3e1d7c4e9117884a6aee5) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
17:28:37.0828 1228 HDAudBus - ok
17:28:37.0843 1228 hidusb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
17:28:37.0859 1228 hidusb - ok
17:28:37.0859 1228 hpn - ok
17:28:37.0906 1228 HSFHWAZL (1c8caa80e91fb71864e9426f9eed048d) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
17:28:37.0921 1228 HSFHWAZL - ok
17:28:37.0968 1228 HSF_DPV (698204d9c2832e53633e53a30a53fc3d) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
17:28:37.0984 1228 HSF_DPV - ok
17:28:38.0046 1228 HTTP (9f8b0f4276f618964fd118be4289b7cd) C:\WINDOWS\system32\Drivers\HTTP.sys
17:28:38.0046 1228 HTTP - ok
17:28:38.0062 1228 i2omgmt - ok
17:28:38.0078 1228 i2omp - ok
17:28:38.0125 1228 i8042prt (0f42de9909b5dbf2c48dd1a79d491af5) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
17:28:38.0140 1228 i8042prt - ok
17:28:38.0203 1228 ialm (cc449157474d5e43daea7e20f52c635a) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
17:28:38.0234 1228 ialm - ok
17:28:38.0265 1228 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
17:28:38.0265 1228 Imapi - ok
17:28:38.0281 1228 ini910u - ok
17:28:38.0296 1228 IntelIde - ok
17:28:38.0328 1228 intelppm (10a3ac0f0df720ad3c3fd13861d50eb9) C:\WINDOWS\system32\DRIVERS\intelppm.sys
17:28:38.0328 1228 intelppm - ok
17:28:38.0359 1228 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
17:28:38.0359 1228 Ip6Fw - ok
17:28:38.0390 1228 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
17:28:38.0390 1228 IpFilterDriver - ok
17:28:38.0390 1228 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
17:28:38.0406 1228 IpInIp - ok
17:28:38.0421 1228 IpNat (b5a8e215ac29d24d60b4d1250ef05ace) C:\WINDOWS\system32\DRIVERS\ipnat.sys
17:28:38.0437 1228 IpNat - ok
17:28:38.0484 1228 IPSec (2a31d835f437b84a358d184b6a5e0e57) C:\WINDOWS\system32\DRIVERS\ipsec.sys
17:28:38.0484 1228 IPSec - ok
17:28:38.0515 1228 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
17:28:38.0515 1228 IRENUM - ok
17:28:38.0546 1228 isapnp (1091528512e4dd7ed5fddcc4df1c53d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
17:28:38.0546 1228 isapnp - ok
17:28:38.0578 1228 Kbdclass (6f877bf8dc01a550cd666f3bedb2213c) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
17:28:38.0578 1228 Kbdclass - ok
17:28:38.0609 1228 kbdhid (065b5a83aa78c0c7047bf22e0ab5c821) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
17:28:38.0609 1228 kbdhid - ok
17:28:38.0656 1228 kmixer (d93cad07c5683db066b0b2d2d3790ead) C:\WINDOWS\system32\drivers\kmixer.sys
17:28:38.0656 1228 kmixer - ok
17:28:38.0671 1228 KSecDD (674d3e5a593475915dc6643317192403) C:\WINDOWS\system32\drivers\KSecDD.sys
17:28:38.0687 1228 KSecDD - ok
17:28:38.0703 1228 lbrtfdc - ok
17:28:38.0734 1228 mdmxsdk (3c318b9cd391371bed62126581ee9961) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
17:28:38.0734 1228 mdmxsdk - ok
17:28:38.0765 1228 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
17:28:38.0765 1228 mnmdd - ok
17:28:38.0796 1228 Modem (60210deb037846afe521ebf349964f6b) C:\WINDOWS\system32\drivers\Modem.sys
17:28:38.0796 1228 Modem - ok
17:28:38.0812 1228 Mouclass (b160ec94114715675509115986400fd9) C:\WINDOWS\system32\DRIVERS\mouclass.sys
17:28:38.0812 1228 Mouclass - ok
17:28:38.0828 1228 mouhid (bb269eba740737ab749b214d568b6812) C:\WINDOWS\system32\DRIVERS\mouhid.sys
17:28:38.0828 1228 mouhid - ok
17:28:38.0843 1228 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
17:28:38.0843 1228 MountMgr - ok
17:28:38.0843 1228 mraid35x - ok
17:28:38.0875 1228 MRxDAV (46edcc8f2db2f322c24f48785cb46366) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
17:28:38.0890 1228 MRxDAV - ok
17:28:38.0937 1228 MRxSmb (fb6c89bb3ce282b08bdb1e3c179e1c39) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
17:28:38.0937 1228 MRxSmb - ok
17:28:38.0968 1228 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
17:28:38.0968 1228 Msfs - ok
17:28:39.0000 1228 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
17:28:39.0000 1228 MSKSSRV - ok
17:28:39.0015 1228 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
17:28:39.0015 1228 MSPCLOCK - ok
17:28:39.0031 1228 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
17:28:39.0031 1228 MSPQM - ok
17:28:39.0062 1228 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
17:28:39.0062 1228 mssmbios - ok
17:28:39.0078 1228 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
17:28:39.0078 1228 Mup - ok
17:28:39.0093 1228 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
17:28:39.0093 1228 NDIS - ok
17:28:39.0125 1228 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
17:28:39.0125 1228 NdisTapi - ok
17:28:39.0156 1228 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
17:28:39.0156 1228 Ndisuio - ok
17:28:39.0156 1228 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
17:28:39.0171 1228 NdisWan - ok
17:28:39.0187 1228 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
17:28:39.0187 1228 NDProxy - ok
17:28:39.0203 1228 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
17:28:39.0203 1228 NetBIOS - ok
17:28:39.0234 1228 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
17:28:39.0234 1228 NetBT - ok
17:28:39.0265 1228 NIC1394 (5c5c53db4fef16cf87b9911c7e8c6fbc) C:\WINDOWS\system32\DRIVERS\nic1394.sys
17:28:39.0265 1228 NIC1394 - ok
17:28:39.0281 1228 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
17:28:39.0281 1228 Npfs - ok
17:28:39.0328 1228 Ntfs (b78be402c3f63dd55521f73876951cdd) C:\WINDOWS\system32\drivers\Ntfs.sys
17:28:39.0343 1228 Ntfs - ok
17:28:39.0359 1228 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
17:28:39.0359 1228 Null - ok
17:28:39.0390 1228 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
17:28:39.0390 1228 NwlnkFlt - ok
17:28:39.0406 1228 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
17:28:39.0406 1228 NwlnkFwd - ok
17:28:39.0437 1228 ohci1394 (0951db8e5823ea366b0e408d71e1ba2a) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
17:28:39.0437 1228 ohci1394 - ok
17:28:39.0468 1228 Parport (76a18caa2fefb28a4ced38d76837e86e) C:\WINDOWS\system32\drivers\Parport.sys
17:28:39.0468 1228 Parport - ok
17:28:39.0484 1228 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
17:28:39.0484 1228 PartMgr - ok
17:28:39.0515 1228 ParVdm (1fae19d0457176318bba4a8795656ebc) C:\WINDOWS\system32\drivers\ParVdm.sys
17:28:39.0515 1228 ParVdm - ok
17:28:39.0546 1228 PCI (b7979f37bb7b9df2230046134955e6e7) C:\WINDOWS\system32\DRIVERS\pci.sys
17:28:39.0546 1228 PCI - ok
17:28:39.0546 1228 PCIDump - ok
17:28:39.0562 1228 PCIIde (2da4ec85e0ea7a45c6b2a05820492d5a) C:\WINDOWS\system32\DRIVERS\pciide.sys
17:28:39.0562 1228 PCIIde - ok
17:28:39.0593 1228 Pcmcia (90505755634407d4ef4c6dea60fc1df9) C:\WINDOWS\system32\drivers\Pcmcia.sys
17:28:39.0593 1228 Pcmcia - ok
17:28:39.0609 1228 PDCOMP - ok
17:28:39.0609 1228 PDFRAME - ok
17:28:39.0625 1228 PDRELI - ok
17:28:39.0640 1228 PDRFRAME - ok
17:28:39.0656 1228 perc2 - ok
17:28:39.0671 1228 perc2hib - ok
17:28:39.0703 1228 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
17:28:39.0703 1228 PptpMiniport - ok
17:28:39.0718 1228 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
17:28:39.0718 1228 PSched - ok
17:28:39.0734 1228 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
17:28:39.0734 1228 Ptilink - ok
17:28:39.0750 1228 ql1080 - ok
17:28:39.0765 1228 Ql10wnt - ok
17:28:39.0781 1228 ql12160 - ok
17:28:39.0781 1228 ql1240 - ok
17:28:39.0796 1228 ql1280 - ok
17:28:39.0812 1228 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
17:28:39.0812 1228 RasAcd - ok
17:28:39.0843 1228 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
17:28:39.0843 1228 Rasl2tp - ok
17:28:39.0859 1228 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
17:28:39.0859 1228 RasPppoe - ok
17:28:39.0875 1228 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
17:28:39.0875 1228 Raspti - ok
17:28:39.0906 1228 Rdbss (29d66245adba878fff574cd66abd2884) C:\WINDOWS\system32\DRIVERS\rdbss.sys
17:28:39.0906 1228 Rdbss - ok
17:28:39.0921 1228 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
17:28:39.0937 1228 RDPCDD - ok
17:28:39.0984 1228 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
17:28:39.0984 1228 rdpdr - ok
17:28:40.0015 1228 RDPWD (d4f5643d7714ef499ae9527fdcd50894) C:\WINDOWS\system32\drivers\RDPWD.sys
17:28:40.0015 1228 RDPWD - ok
17:28:40.0062 1228 redbook (aba13d33e1f888c9a68599a48a8840d6) C:\WINDOWS\system32\DRIVERS\redbook.sys
17:28:40.0062 1228 redbook - ok
17:28:40.0109 1228 rimmptsk (d85e3fa9f5b1f29bb4ed185c450d1470) C:\WINDOWS\system32\DRIVERS\rimmptsk.sys
17:28:40.0109 1228 rimmptsk - ok
17:28:40.0125 1228 rimsptsk (db8eb01c58c9fada00c70b1775278ae0) C:\WINDOWS\system32\DRIVERS\rimsptsk.sys
17:28:40.0125 1228 rimsptsk - ok
17:28:40.0140 1228 rismxdp (6c1f93c0760c9f79a1869d07233df39d) C:\WINDOWS\system32\DRIVERS\rixdptsk.sys
17:28:40.0140 1228 rismxdp - ok
17:28:40.0187 1228 sdbus (02fc71b020ec8700ee8a46c58bc6f276) C:\WINDOWS\system32\DRIVERS\sdbus.sys
17:28:40.0187 1228 sdbus - ok
17:28:40.0218 1228 Secdrv (d26e26ea516450af9d072635c60387f4) C:\WINDOWS\system32\DRIVERS\secdrv.sys
17:28:40.0218 1228 Secdrv - ok
17:28:40.0265 1228 Serial (c1ddbc85251551a840212999da3d95f3) C:\WINDOWS\system32\drivers\Serial.sys
17:28:40.0265 1228 Serial - ok
17:28:40.0312 1228 sfdrv01 (0b179a959ff6b6ca5927d4f255ab9f90) C:\WINDOWS\system32\drivers\sfdrv01.sys
17:28:40.0312 1228 sfdrv01 - ok
17:28:40.0328 1228 sffdisk (1d9f1bec651815741f088a8fb88e17ee) C:\WINDOWS\system32\DRIVERS\sffdisk.sys
17:28:40.0343 1228 sffdisk - ok
17:28:40.0343 1228 sffp_sd (586499fd312ffd7f78553f408e71682e) C:\WINDOWS\system32\DRIVERS\sffp_sd.sys
17:28:40.0343 1228 sffp_sd - ok
17:28:40.0359 1228 sfhlp02 (15be2b5e4dc5b8623cf167720682abc9) C:\WINDOWS\system32\drivers\sfhlp02.sys
17:28:40.0359 1228 sfhlp02 - ok
17:28:40.0390 1228 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
17:28:40.0390 1228 Sfloppy - ok
17:28:40.0421 1228 sfsync02 (a62efe6aa55c6a599ddbb6bd00e8fb9c) C:\WINDOWS\system32\drivers\sfsync02.sys
17:28:40.0421 1228 sfsync02 - ok
17:28:40.0437 1228 Simbad - ok
17:28:40.0453 1228 Sparrow - ok
17:28:40.0484 1228 splitter (8e186b8f23295d1e42c573b82b80d548) C:\WINDOWS\system32\drivers\splitter.sys
17:28:40.0484 1228 splitter - ok
17:28:40.0562 1228 sptd (cdddec541bc3c96f91ecb48759673505) C:\WINDOWS\system32\Drivers\sptd.sys
17:28:40.0562 1228 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505
17:28:40.0578 1228 sptd ( LockedFile.Multi.Generic ) - warning
17:28:40.0578 1228 sptd - detected LockedFile.Multi.Generic (1)
17:28:40.0609 1228 sr (a74035ea526db97d9d50d2143a55f5cf) C:\WINDOWS\system32\DRIVERS\sr.sys
17:28:40.0609 1228 sr - ok
17:28:40.0640 1228 Srv (7a4f147cc6b133f905f6e65e2f8669fb) C:\WINDOWS\system32\DRIVERS\srv.sys
17:28:40.0640 1228 Srv - ok
17:28:40.0718 1228 STHDA (951801dfb54d86f611f0af47825476f9) C:\WINDOWS\system32\drivers\sthda.sys
17:28:40.0734 1228 STHDA - ok
17:28:40.0781 1228 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
17:28:40.0781 1228 swenum - ok
17:28:40.0828 1228 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
17:28:40.0828 1228 swmidi - ok
17:28:40.0843 1228 symc810 - ok
17:28:40.0843 1228 symc8xx - ok
17:28:40.0859 1228 sym_hi - ok
17:28:40.0875 1228 sym_u3 - ok
17:28:40.0921 1228 SynTP (fa2daa32bed908023272a0f77d625dae) C:\WINDOWS\system32\DRIVERS\SynTP.sys
17:28:40.0937 1228 SynTP - ok
17:28:40.0953 1228 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
17:28:40.0953 1228 sysaudio - ok
17:28:41.0015 1228 Tcpip (ad978a1b783b5719720cff204b666c8e) C:\WINDOWS\system32\DRIVERS\tcpip.sys
17:28:41.0015 1228 Tcpip - ok
17:28:41.0062 1228 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
17:28:41.0062 1228 TDPIPE - ok
17:28:41.0093 1228 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
17:28:41.0093 1228 TDTCP - ok
17:28:41.0109 1228 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
17:28:41.0125 1228 TermDD - ok
17:28:41.0140 1228 TosIde - ok
17:28:41.0156 1228 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
17:28:41.0156 1228 Udfs - ok
17:28:41.0171 1228 ultra - ok
17:28:41.0187 1228 Update (aff2e5045961bbc0a602bb6f95eb1345) C:\WINDOWS\system32\DRIVERS\update.sys
17:28:41.0203 1228 Update - ok
17:28:41.0250 1228 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
17:28:41.0250 1228 usbccgp - ok
17:28:41.0281 1228 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys
17:28:41.0281 1228 usbehci - ok
17:28:41.0328 1228 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
17:28:41.0328 1228 usbhub - ok
17:28:41.0375 1228 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
17:28:41.0375 1228 USBSTOR - ok
17:28:41.0390 1228 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
17:28:41.0406 1228 usbuhci - ok
17:28:41.0437 1228 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
17:28:41.0437 1228 VgaSave - ok
17:28:41.0453 1228 ViaIde - ok
17:28:41.0500 1228 VolSnap (cd8cce067f7e9cbd762c00bdddecaa34) C:\WINDOWS\system32\drivers\VolSnap.sys
17:28:41.0500 1228 VolSnap - ok
17:28:41.0515 1228 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
17:28:41.0515 1228 Wanarp - ok
17:28:41.0531 1228 WDICA - ok
17:28:41.0578 1228 wdmaud (2797f33ebf50466020c430ee4f037933) C:\WINDOWS\system32\drivers\wdmaud.sys
17:28:41.0578 1228 wdmaud - ok
17:28:41.0640 1228 winachsf (74cf3f2e4e40c4a2e18d39d6300a5c24) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
17:28:41.0656 1228 winachsf - ok
17:28:41.0718 1228 WmiAcpi (ae2c8544e747c20062db27456ea2d67a) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
17:28:41.0718 1228 WmiAcpi - ok
17:28:41.0765 1228 MBR (0x1B8) (413fc2a0c716421b3158746d63736515) \Device\Harddisk0\DR0
17:28:42.0046 1228 \Device\Harddisk0\DR0 - ok
17:28:42.0046 1228 MBR (0x1B8) (08b26729634452d0c2889c002b1bb97c) \Device\Harddisk1\DR5
17:28:42.0953 1228 \Device\Harddisk1\DR5 - ok
17:28:42.0968 1228 Boot (0x1200) (0acce5140fc26621e986354390aaa4cc) \Device\Harddisk0\DR0\Partition0
17:28:42.0968 1228 \Device\Harddisk0\DR0\Partition0 - ok
17:28:42.0968 1228 Boot (0x1200) (1230a21145bafd7831109170943759be) \Device\Harddisk1\DR5\Partition0
17:28:42.0968 1228 \Device\Harddisk1\DR5\Partition0 - ok
17:28:42.0968 1228 ============================================================
17:28:42.0968 1228 Scan finished
17:28:42.0968 1228 ============================================================
17:28:42.0968 1840 Detected object count: 1
17:28:42.0968 1840 Actual detected object count: 1
17:28:54.0250 1840 sptd ( LockedFile.Multi.Generic ) - skipped by user
17:28:54.0250 1840 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
17:28:59.0359 2056 ============================================================
17:28:59.0359 2056 Scan started
17:28:59.0359 2056 Mode: Manual;
17:28:59.0359 2056 ============================================================
17:28:59.0671 2056 Abiosdsk - ok
17:28:59.0671 2056 abp480n5 - ok
17:28:59.0703 2056 ACPI (fa2fbcda96d2385f773b059fe5a125a6) C:\WINDOWS\system32\DRIVERS\ACPI.sys
17:28:59.0703 2056 ACPI - ok
17:28:59.0734 2056 ACPIEC (afdff022a01f0b11c776f0860c3b282f) C:\WINDOWS\system32\drivers\ACPIEC.sys
17:28:59.0734 2056 ACPIEC - ok
17:28:59.0750 2056 adpu160m - ok
17:28:59.0796 2056 aec (841f385c6cfaf66b58fbd898722bb4f0) C:\WINDOWS\system32\drivers\aec.sys
17:28:59.0796 2056 aec - ok
17:28:59.0812 2056 AFD (55e6e1c51b6d30e54335750955453702) C:\WINDOWS\System32\drivers\afd.sys
17:28:59.0828 2056 AFD - ok
17:28:59.0828 2056 Aha154x - ok
17:28:59.0843 2056 aic78u2 - ok
17:28:59.0859 2056 aic78xx - ok
17:28:59.0875 2056 AliIde - ok
17:28:59.0875 2056 amsint - ok
17:28:59.0906 2056 Arp1394 (f0d692b0bffb46e30eb3cea168bbc49f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
17:28:59.0906 2056 Arp1394 - ok
17:28:59.0921 2056 asc - ok
17:28:59.0937 2056 asc3350p - ok
17:28:59.0953 2056 asc3550 - ok
17:28:59.0968 2056 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
17:28:59.0968 2056 AsyncMac - ok
17:29:00.0000 2056 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
17:29:00.0000 2056 atapi - ok
17:29:00.0015 2056 Atdisk - ok
17:29:00.0031 2056 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
17:29:00.0031 2056 Atmarpc - ok
17:29:00.0062 2056 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
17:29:00.0062 2056 audstub - ok
17:29:00.0140 2056 BCM43XX (e9ea635b8432d68f0005b3f6cebab837) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
17:29:00.0156 2056 BCM43XX - ok
17:29:00.0218 2056 bcm4sbxp (6489310d11971f6ba6c7f49be0baf6e0) C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
17:29:00.0234 2056 bcm4sbxp - ok
17:29:00.0265 2056 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
17:29:00.0265 2056 Beep - ok
17:29:00.0312 2056 btaudio (8893ae0b6b9b60e0521a60e8b2160216) C:\WINDOWS\system32\drivers\btaudio.sys
17:29:00.0328 2056 btaudio - ok
17:29:00.0359 2056 BTDriver (fde318e3569f57264af74b7e431f60ae) C:\WINDOWS\system32\DRIVERS\btport.sys
17:29:00.0359 2056 BTDriver - ok
17:29:00.0437 2056 BTKRNL (9c3c8b9e2eda516eb44b51dab81dbd68) C:\WINDOWS\system32\DRIVERS\btkrnl.sys
17:29:00.0437 2056 BTKRNL - ok
17:29:00.0453 2056 BTSERIAL (089f7526ff41c17b0a43896d0553d5a2) C:\WINDOWS\system32\drivers\btserial.sys
17:29:00.0468 2056 BTSERIAL - ok
17:29:00.0500 2056 BTWDNDIS (28531ab3183f498e58d93d585e6a6b70) C:\WINDOWS\system32\DRIVERS\btwdndis.sys
17:29:00.0500 2056 BTWDNDIS - ok
17:29:00.0515 2056 btwmodem (7d295223c172ab4d61dc256721b2f09e) C:\WINDOWS\system32\DRIVERS\btwmodem.sys
17:29:00.0515 2056 btwmodem - ok
17:29:00.0531 2056 BTWUSB (56c701580f2891952761362ba7594b3d) C:\WINDOWS\system32\Drivers\btwusb.sys
17:29:00.0531 2056 BTWUSB - ok
17:29:00.0546 2056 catchme - ok
17:29:00.0562 2056 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
17:29:00.0562 2056 cbidf2k - ok
17:29:00.0578 2056 cd20xrnt - ok
17:29:00.0609 2056 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
17:29:00.0609 2056 Cdaudio - ok
17:29:00.0656 2056 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
17:29:00.0656 2056 Cdfs - ok
17:29:00.0703 2056 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
17:29:00.0703 2056 Cdrom - ok
17:29:00.0718 2056 cercsr6 (84853b3fd012251690570e9e7e43343f) C:\WINDOWS\system32\drivers\cercsr6.sys
17:29:00.0734 2056 cercsr6 - ok
17:29:00.0734 2056 Changer - ok
17:29:00.0781 2056 CmBatt (4266be808f85826aedf3c64c1e240203) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
17:29:00.0781 2056 CmBatt - ok
17:29:00.0781 2056 CmdIde - ok
17:29:00.0796 2056 Compbatt (df1b1a24bf52d0ebc01ed4ece8979f50) C:\WINDOWS\system32\DRIVERS\compbatt.sys
17:29:00.0796 2056 Compbatt - ok
17:29:00.0812 2056 Cpqarray - ok
17:29:00.0906 2056 cpuz132 - ok
17:29:00.0921 2056 dac2w2k - ok
17:29:00.0937 2056 dac960nt - ok
17:29:00.0953 2056 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
17:29:00.0953 2056 Disk - ok
17:29:01.0015 2056 dmboot (e1968edec81c430108feb23ab07bdb14) C:\WINDOWS\system32\drivers\dmboot.sys
17:29:01.0031 2056 dmboot - ok
17:29:01.0046 2056 dmio (1b1520a82e396e46b9ae9fa6b03ff6c6) C:\WINDOWS\system32\drivers\dmio.sys
17:29:01.0046 2056 dmio - ok
17:29:01.0062 2056 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
17:29:01.0062 2056 dmload - ok
17:29:01.0109 2056 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
17:29:01.0109 2056 DMusic - ok
17:29:01.0125 2056 dpti2o - ok
17:29:01.0125 2056 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
17:29:01.0125 2056 drmkaud - ok
17:29:01.0140 2056 EagleNT - ok
17:29:01.0187 2056 eamon (8361ed1ca4dcd406a1a5a39bcd714e03) C:\WINDOWS\system32\DRIVERS\eamon.sys
17:29:01.0187 2056 eamon - ok
17:29:01.0234 2056 ehdrv (299a7ce452023a99a65d0d28f3b2bbf6) C:\WINDOWS\system32\DRIVERS\ehdrv.sys
17:29:01.0234 2056 ehdrv - ok
17:29:01.0296 2056 epfwtdir (b90a262e77c6cafa1561956b01171426) C:\WINDOWS\system32\DRIVERS\epfwtdir.sys
17:29:01.0296 2056 epfwtdir - ok
17:29:01.0312 2056 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
17:29:01.0312 2056 Fastfat - ok
17:29:01.0343 2056 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\drivers\Fdc.sys
17:29:01.0343 2056 Fdc - ok
17:29:01.0375 2056 Fips (266dab58619b17bdf37fabbd48d875ca) C:\WINDOWS\system32\drivers\Fips.sys
17:29:01.0375 2056 Fips - ok
17:29:01.0390 2056 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\drivers\Flpydisk.sys
17:29:01.0390 2056 Flpydisk - ok
17:29:01.0421 2056 FltMgr (157754f0df355a9e0a6f54721914f9c6) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
17:29:01.0421 2056 FltMgr - ok
17:29:01.0437 2056 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
17:29:01.0437 2056 Fs_Rec - ok
17:29:01.0468 2056 Ftdisk (4e664d8541db4a66b73a24257e322e1f) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
17:29:01.0468 2056 Ftdisk - ok
17:29:01.0546 2056 GarenaPEngine - ok
17:29:01.0625 2056 GGSAFERDriver - ok
17:29:01.0656 2056 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
17:29:01.0656 2056 Gpc - ok
17:29:01.0671 2056 hamachi (833051c6c6c42117191935f734cfbd97) C:\WINDOWS\system32\DRIVERS\hamachi.sys
17:29:01.0687 2056 hamachi - ok
17:29:01.0718 2056 HDAudBus (e31363d186b3e1d7c4e9117884a6aee5) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
17:29:01.0718 2056 HDAudBus - ok
17:29:01.0750 2056 hidusb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
17:29:01.0750 2056 hidusb - ok
17:29:01.0765 2056 hpn - ok
17:29:01.0812 2056 HSFHWAZL (1c8caa80e91fb71864e9426f9eed048d) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
17:29:01.0812 2056 HSFHWAZL - ok
17:29:01.0859 2056 HSF_DPV (698204d9c2832e53633e53a30a53fc3d) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
17:29:01.0875 2056 HSF_DPV - ok
17:29:01.0937 2056 HTTP (9f8b0f4276f618964fd118be4289b7cd) C:\WINDOWS\system32\Drivers\HTTP.sys
17:29:01.0937 2056 HTTP - ok
17:29:01.0953 2056 i2omgmt - ok
17:29:01.0953 2056 i2omp - ok
17:29:02.0000 2056 i8042prt (0f42de9909b5dbf2c48dd1a79d491af5) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
17:29:02.0000 2056 i8042prt - ok
17:29:02.0093 2056 ialm (cc449157474d5e43daea7e20f52c635a) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
17:29:02.0109 2056 ialm - ok
17:29:02.0156 2056 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
17:29:02.0156 2056 Imapi - ok
17:29:02.0171 2056 ini910u - ok
17:29:02.0187 2056 IntelIde - ok
17:29:02.0203 2056 intelppm (10a3ac0f0df720ad3c3fd13861d50eb9) C:\WINDOWS\system32\DRIVERS\intelppm.sys
17:29:02.0203 2056 intelppm - ok
17:29:02.0234 2056 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
17:29:02.0234 2056 Ip6Fw - ok
17:29:02.0265 2056 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
17:29:02.0265 2056 IpFilterDriver - ok
17:29:02.0281 2056 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
17:29:02.0281 2056 IpInIp - ok
17:29:02.0312 2056 IpNat (b5a8e215ac29d24d60b4d1250ef05ace) C:\WINDOWS\system32\DRIVERS\ipnat.sys
17:29:02.0312 2056 IpNat - ok
17:29:02.0328 2056 IPSec (2a31d835f437b84a358d184b6a5e0e57) C:\WINDOWS\system32\DRIVERS\ipsec.sys
17:29:02.0328 2056 IPSec - ok
17:29:02.0359 2056 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
17:29:02.0359 2056 IRENUM - ok
17:29:02.0390 2056 isapnp (1091528512e4dd7ed5fddcc4df1c53d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
17:29:02.0406 2056 isapnp - ok
17:29:02.0421 2056 Kbdclass (6f877bf8dc01a550cd666f3bedb2213c) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
17:29:02.0421 2056 Kbdclass - ok
17:29:02.0468 2056 kbdhid (065b5a83aa78c0c7047bf22e0ab5c821) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
17:29:02.0468 2056 kbdhid - ok
17:29:02.0500 2056 kmixer (d93cad07c5683db066b0b2d2d3790ead) C:\WINDOWS\system32\drivers\kmixer.sys
17:29:02.0515 2056 kmixer - ok
17:29:02.0531 2056 KSecDD (674d3e5a593475915dc6643317192403) C:\WINDOWS\system32\drivers\KSecDD.sys
17:29:02.0531 2056 KSecDD - ok
17:29:02.0546 2056 lbrtfdc - ok
17:29:02.0593 2056 mdmxsdk (3c318b9cd391371bed62126581ee9961) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
17:29:02.0593 2056 mdmxsdk - ok
17:29:02.0625 2056 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
17:29:02.0625 2056 mnmdd - ok
17:29:02.0656 2056 Modem (60210deb037846afe521ebf349964f6b) C:\WINDOWS\system32\drivers\Modem.sys
17:29:02.0656 2056 Modem - ok
17:29:02.0656 2056 Mouclass (b160ec94114715675509115986400fd9) C:\WINDOWS\system32\DRIVERS\mouclass.sys
17:29:02.0656 2056 Mouclass - ok
17:29:02.0687 2056 mouhid (bb269eba740737ab749b214d568b6812) C:\WINDOWS\system32\DRIVERS\mouhid.sys
17:29:02.0687 2056 mouhid - ok
17:29:02.0703 2056 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
17:29:02.0703 2056 MountMgr - ok
17:29:02.0718 2056 mraid35x - ok
17:29:02.0734 2056 MRxDAV (46edcc8f2db2f322c24f48785cb46366) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
17:29:02.0750 2056 MRxDAV - ok
17:29:02.0796 2056 MRxSmb (fb6c89bb3ce282b08bdb1e3c179e1c39) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
17:29:02.0796 2056 MRxSmb - ok
17:29:02.0812 2056 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
17:29:02.0812 2056 Msfs - ok
17:29:02.0843 2056 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
17:29:02.0843 2056 MSKSSRV - ok
17:29:02.0859 2056 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
17:29:02.0859 2056 MSPCLOCK - ok
17:29:02.0875 2056 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
17:29:02.0875 2056 MSPQM - ok
17:29:02.0906 2056 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
17:29:02.0906 2056 mssmbios - ok
17:29:02.0921 2056 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
17:29:02.0921 2056 Mup - ok
17:29:02.0937 2056 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
17:29:02.0937 2056 NDIS - ok
17:29:02.0953 2056 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
17:29:02.0953 2056 NdisTapi - ok
17:29:03.0000 2056 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
17:29:03.0000 2056 Ndisuio - ok
17:29:03.0015 2056 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
17:29:03.0015 2056 NdisWan - ok
17:29:03.0046 2056 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
17:29:03.0046 2056 NDProxy - ok
17:29:03.0062 2056 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
17:29:03.0062 2056 NetBIOS - ok
17:29:03.0093 2056 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
17:29:03.0109 2056 NetBT - ok
17:29:03.0125 2056 NIC1394 (5c5c53db4fef16cf87b9911c7e8c6fbc) C:\WINDOWS\system32\DRIVERS\nic1394.sys
17:29:03.0125 2056 NIC1394 - ok
17:29:03.0140 2056 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
17:29:03.0140 2056 Npfs - ok
17:29:03.0171 2056 Ntfs (b78be402c3f63dd55521f73876951cdd) C:\WINDOWS\system32\drivers\Ntfs.sys
17:29:03.0187 2056 Ntfs - ok
17:29:03.0203 2056 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
17:29:03.0203 2056 Null - ok
17:29:03.0250 2056 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
17:29:03.0250 2056 NwlnkFlt - ok
17:29:03.0250 2056 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
17:29:03.0250 2056 NwlnkFwd - ok
17:29:03.0281 2056 ohci1394 (0951db8e5823ea366b0e408d71e1ba2a) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
17:29:03.0281 2056 ohci1394 - ok
17:29:03.0312 2056 Parport (76a18caa2fefb28a4ced38d76837e86e) C:\WINDOWS\system32\drivers\Parport.sys
17:29:03.0312 2056 Parport - ok
17:29:03.0328 2056 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
17:29:03.0328 2056 PartMgr - ok
17:29:03.0359 2056 ParVdm (1fae19d0457176318bba4a8795656ebc) C:\WINDOWS\system32\drivers\ParVdm.sys
17:29:03.0359 2056 ParVdm - ok
17:29:03.0375 2056 PCI (b7979f37bb7b9df2230046134955e6e7) C:\WINDOWS\system32\DRIVERS\pci.sys
17:29:03.0375 2056 PCI - ok
17:29:03.0390 2056 PCIDump - ok
17:29:03.0406 2056 PCIIde (2da4ec85e0ea7a45c6b2a05820492d5a) C:\WINDOWS\system32\DRIVERS\pciide.sys
17:29:03.0406 2056 PCIIde - ok
17:29:03.0421 2056 Pcmcia (90505755634407d4ef4c6dea60fc1df9) C:\WINDOWS\system32\drivers\Pcmcia.sys
17:29:03.0421 2056 Pcmcia - ok
17:29:03.0437 2056 PDCOMP - ok
17:29:03.0453 2056 PDFRAME - ok
17:29:03.0468 2056 PDRELI - ok
17:29:03.0468 2056 PDRFRAME - ok
17:29:03.0484 2056 perc2 - ok
17:29:03.0500 2056 perc2hib - ok
17:29:03.0546 2056 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
17:29:03.0546 2056 PptpMiniport - ok
17:29:03.0562 2056 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
17:29:03.0562 2056 PSched - ok
17:29:03.0578 2056 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
17:29:03.0578 2056 Ptilink - ok
17:29:03.0578 2056 ql1080 - ok
17:29:03.0593 2056 Ql10wnt - ok
17:29:03.0609 2056 ql12160 - ok
17:29:03.0625 2056 ql1240 - ok
17:29:03.0640 2056 ql1280 - ok
17:29:03.0656 2056 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
17:29:03.0656 2056 RasAcd - ok
17:29:03.0671 2056 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
17:29:03.0671 2056 Rasl2tp - ok
17:29:03.0687 2056 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
17:29:03.0687 2056 RasPppoe - ok
17:29:03.0703 2056 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
17:29:03.0703 2056 Raspti - ok
17:29:03.0718 2056 Rdbss (29d66245adba878fff574cd66abd2884) C:\WINDOWS\system32\DRIVERS\rdbss.sys
17:29:03.0734 2056 Rdbss - ok
17:29:03.0750 2056 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
17:29:03.0750 2056 RDPCDD - ok
17:29:03.0812 2056 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
17:29:03.0812 2056 rdpdr - ok
17:29:03.0843 2056 RDPWD (d4f5643d7714ef499ae9527fdcd50894) C:\WINDOWS\system32\drivers\RDPWD.sys
17:29:03.0843 2056 RDPWD - ok
17:29:03.0890 2056 redbook (aba13d33e1f888c9a68599a48a8840d6) C:\WINDOWS\system32\DRIVERS\redbook.sys
17:29:03.0890 2056 redbook - ok
17:29:03.0921 2056 rimmptsk (d85e3fa9f5b1f29bb4ed185c450d1470) C:\WINDOWS\system32\DRIVERS\rimmptsk.sys
17:29:03.0937 2056 rimmptsk - ok
17:29:03.0937 2056 rimsptsk (db8eb01c58c9fada00c70b1775278ae0) C:\WINDOWS\system32\DRIVERS\rimsptsk.sys
17:29:03.0937 2056 rimsptsk - ok
17:29:03.0953 2056 rismxdp (6c1f93c0760c9f79a1869d07233df39d) C:\WINDOWS\system32\DRIVERS\rixdptsk.sys
17:29:03.0953 2056 rismxdp - ok
17:29:04.0000 2056 sdbus (02fc71b020ec8700ee8a46c58bc6f276) C:\WINDOWS\system32\DRIVERS\sdbus.sys
17:29:04.0015 2056 sdbus - ok
17:29:04.0031 2056 Secdrv (d26e26ea516450af9d072635c60387f4) C:\WINDOWS\system32\DRIVERS\secdrv.sys
17:29:04.0031 2056 Secdrv - ok
17:29:04.0078 2056 Serial (c1ddbc85251551a840212999da3d95f3) C:\WINDOWS\system32\drivers\Serial.sys
17:29:04.0093 2056 Serial - ok
17:29:04.0140 2056 sfdrv01 (0b179a959ff6b6ca5927d4f255ab9f90) C:\WINDOWS\system32\drivers\sfdrv01.sys
17:29:04.0140 2056 sfdrv01 - ok
17:29:04.0156 2056 sffdisk (1d9f1bec651815741f088a8fb88e17ee) C:\WINDOWS\system32\DRIVERS\sffdisk.sys
17:29:04.0156 2056 sffdisk - ok
17:29:04.0171 2056 sffp_sd (586499fd312ffd7f78553f408e71682e) C:\WINDOWS\system32\DRIVERS\sffp_sd.sys
17:29:04.0171 2056 sffp_sd - ok
17:29:04.0187 2056 sfhlp02 (15be2b5e4dc5b8623cf167720682abc9) C:\WINDOWS\system32\drivers\sfhlp02.sys
17:29:04.0187 2056 sfhlp02 - ok
17:29:04.0218 2056 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
17:29:04.0218 2056 Sfloppy - ok
17:29:04.0234 2056 sfsync02 (a62efe6aa55c6a599ddbb6bd00e8fb9c) C:\WINDOWS\system32\drivers\sfsync02.sys
17:29:04.0234 2056 sfsync02 - ok
17:29:04.0265 2056 Simbad - ok
17:29:04.0265 2056 Sparrow - ok
17:29:04.0312 2056 splitter (8e186b8f23295d1e42c573b82b80d548) C:\WINDOWS\system32\drivers\splitter.sys
17:29:04.0312 2056 splitter - ok
17:29:04.0390 2056 sptd (cdddec541bc3c96f91ecb48759673505) C:\WINDOWS\system32\Drivers\sptd.sys
17:29:04.0390 2056 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505
17:29:04.0390 2056 sptd ( LockedFile.Multi.Generic ) - warning
17:29:04.0390 2056 sptd - detected LockedFile.Multi.Generic (1)
17:29:04.0421 2056 sr (a74035ea526db97d9d50d2143a55f5cf) C:\WINDOWS\system32\DRIVERS\sr.sys
17:29:04.0421 2056 sr - ok
17:29:04.0453 2056 Srv (7a4f147cc6b133f905f6e65e2f8669fb) C:\WINDOWS\system32\DRIVERS\srv.sys
17:29:04.0468 2056 Srv - ok
17:29:04.0546 2056 STHDA (951801dfb54d86f611f0af47825476f9) C:\WINDOWS\system32\drivers\sthda.sys
17:29:04.0562 2056 STHDA - ok
17:29:04.0609 2056 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
17:29:04.0609 2056 swenum - ok
17:29:04.0640 2056 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
17:29:04.0640 2056 swmidi - ok
17:29:04.0656 2056 symc810 - ok
17:29:04.0671 2056 symc8xx - ok
17:29:04.0687 2056 sym_hi - ok
17:29:04.0703 2056 sym_u3 - ok
17:29:04.0750 2056 SynTP (fa2daa32bed908023272a0f77d625dae) C:\WINDOWS\system32\DRIVERS\SynTP.sys
17:29:04.0750 2056 SynTP - ok
17:29:04.0781 2056 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
17:29:04.0781 2056 sysaudio - ok
17:29:04.0843 2056 Tcpip (ad978a1b783b5719720cff204b666c8e) C:\WINDOWS\system32\DRIVERS\tcpip.sys
17:29:04.0843 2056 Tcpip - ok
17:29:04.0890 2056 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
17:29:04.0890 2056 TDPIPE - ok
17:29:04.0921 2056 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
17:29:04.0921 2056 TDTCP - ok
17:29:04.0953 2056 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
17:29:04.0953 2056 TermDD - ok
17:29:04.0968 2056 TosIde - ok
17:29:05.0000 2056 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
17:29:05.0000 2056 Udfs - ok
17:29:05.0015 2056 ultra - ok
17:29:05.0031 2056 Update (aff2e5045961bbc0a602bb6f95eb1345) C:\WINDOWS\system32\DRIVERS\update.sys
17:29:05.0031 2056 Update - ok
17:29:05.0062 2056 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
17:29:05.0062 2056 usbccgp - ok
17:29:05.0093 2056 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys
17:29:05.0093 2056 usbehci - ok
17:29:05.0125 2056 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
17:29:05.0125 2056 usbhub - ok
17:29:05.0156 2056 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
17:29:05.0156 2056 USBSTOR - ok
17:29:05.0171 2056 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
17:29:05.0171 2056 usbuhci - ok
17:29:05.0218 2056 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
17:29:05.0218 2056 VgaSave - ok
17:29:05.0234 2056 ViaIde - ok
17:29:05.0250 2056 VolSnap (cd8cce067f7e9cbd762c00bdddecaa34) C:\WINDOWS\system32\drivers\VolSnap.sys
17:29:05.0250 2056 VolSnap - ok
17:29:05.0281 2056 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
17:29:05.0281 2056 Wanarp - ok
17:29:05.0296 2056 WDICA - ok
17:29:05.0328 2056 wdmaud (2797f33ebf50466020c430ee4f037933) C:\WINDOWS\system32\drivers\wdmaud.sys
17:29:05.0328 2056 wdmaud - ok
17:29:05.0390 2056 winachsf (74cf3f2e4e40c4a2e18d39d6300a5c24) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
17:29:05.0406 2056 winachsf - ok
17:29:05.0468 2056 WmiAcpi (ae2c8544e747c20062db27456ea2d67a) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
17:29:05.0468 2056 WmiAcpi - ok
17:29:05.0515 2056 MBR (0x1B8) (413fc2a0c716421b3158746d63736515) \Device\Harddisk0\DR0
17:29:05.0796 2056 \Device\Harddisk0\DR0 - ok
17:29:05.0796 2056 MBR (0x1B8) (08b26729634452d0c2889c002b1bb97c) \Device\Harddisk1\DR5
17:29:06.0750 2056 \Device\Harddisk1\DR5 - ok
17:29:06.0750 2056 Boot (0x1200) (0acce5140fc26621e986354390aaa4cc) \Device\Harddisk0\DR0\Partition0
17:29:06.0750 2056 \Device\Harddisk0\DR0\Partition0 - ok
17:29:06.0765 2056 Boot (0x1200) (1230a21145bafd7831109170943759be) \Device\Harddisk1\DR5\Partition0
17:29:06.0765 2056 \Device\Harddisk1\DR5\Partition0 - ok
17:29:06.0765 2056 ============================================================
17:29:06.0765 2056 Scan finished
17:29:06.0765 2056 ============================================================
17:29:06.0765 2796 Detected object count: 1
17:29:06.0765 2796 Actual detected object count: 1
17:29:13.0828 2796 sptd ( LockedFile.Multi.Generic ) - skipped by user
17:29:13.0828 2796 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
17:29:20.0687 0896 Deinitialize success

[brseker]

A ještě log z Malwarebytes:

Malwarebytes' Anti-Malware
www.malwarebytes.org

Verze databáze:

Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

2.11.2011 18:15:16
mbam-log-2011-11-02 (18-15-16).txt

Typ: Úplná kontrola (C:\|)
Kontrolované objekty: 339067
Uplynulý čas: 42 minut, 54 sekund

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče v registru: 0
Infikované hodnoty v registru: 1
Infikované datové položky v registru: 0
Infikované složky: 0
Infikované soubory: 37

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované hodnoty v registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\PROGRAM FILES\COMMON FILES\SPIGOT\WTXPCOM\COMPONENTS\WIDGITOOLBARFF.DLL (Adware.WidgiToolbar) -> Value: WIDGITOOLBARFF.DLL -> Quarantined and deleted successfully.

Infikované datové položky v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
c:\qoobox\quarantine\c\.trash-999\.trash-999\files\tmpb\ (Trojan.Downloader) -> Delete on reboot.
c:\Qoobox\quarantine\C\.trash-999\files\sysdriver32_.exe.vir (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\.trash-999\files\tmpb\3771349.exe.vir (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\.trash-999\files\tmpb\3981677.exe.vir (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\.trash-999\files\tmpb\5353085.exe.vir (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\.trash-999\files\tmpb\6868295.exe.vir (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\.trash-999\files\update.5.0\svchost.exe.vir (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\WINDOWS\ .vir (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\WINDOWS\sysdriver32_.exe.vir (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\WINDOWS\update.5.0\svchost.exe.vir (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\system volume information\_restore{e2013dcc-d8f7-4b45-8714-cc4315ce318b}\RP169\A0319697.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{e2013dcc-d8f7-4b45-8714-cc4315ce318b}\RP169\A0319701.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\system volume information\_restore{e2013dcc-d8f7-4b45-8714-cc4315ce318b}\RP170\A0319710.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\system volume information\_restore{e2013dcc-d8f7-4b45-8714-cc4315ce318b}\RP172\A0324992.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{e2013dcc-d8f7-4b45-8714-cc4315ce318b}\RP172\A0325010.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\system volume information\_restore{e2013dcc-d8f7-4b45-8714-cc4315ce318b}\RP173\A0325378.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{e2013dcc-d8f7-4b45-8714-cc4315ce318b}\RP173\A0325383.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{e2013dcc-d8f7-4b45-8714-cc4315ce318b}\RP173\A0325384.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\system volume information\_restore{e2013dcc-d8f7-4b45-8714-cc4315ce318b}\RP173\A0325385.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{e2013dcc-d8f7-4b45-8714-cc4315ce318b}\RP173\A0325386.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{e2013dcc-d8f7-4b45-8714-cc4315ce318b}\RP173\A0325391.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\tmpb\3771349.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\tmpb\3981677.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\tmpb\5353085.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\tmpb\6868295.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\Nigs\data aplikací\QIP\Profiles\445798590@qip.ru\rcvdfiles\rikki_606877293\rld-nu2k.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\documents and settings\Nigs\dokumenty\downloads\mediapluginsetup.exe (Spyware.GamePlayLabs) -> Quarantined and deleted successfully.
c:\documents and settings\Nigs\dokumenty\stažené soubory\female-ownage\female_ownage\femaleownage.exe (HackTool.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\Nigs\local settings\Temp\2789694.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\program files\iobit toolbar\IE\4.7\iobittoolbarie.dll (PUP.Dealio.TB) -> Not selected for removal.
c:\program files\common files\Spigot\wtxpcom\components\widgitoolbarff.dll (Adware.WidgiToolbar) -> Quarantined and deleted successfully.
c:\program files\common files\Spigot\wtxpcom\components\widgitoolbarff.dll.5 (Adware.WidgiToolbar) -> Quarantined and deleted successfully.
c:\program files\common files\Spigot\wtxpcom\components\widgitoolbarff.dll.6 (Adware.WidgiToolbar) -> Quarantined and deleted successfully.
c:\program files\common files\Spigot\wtxpcom\components\widgitoolbarff.dll.7 (Adware.WidgiToolbar) -> Quarantined and deleted successfully.
c:\program files\common files\Spigot\wtxpcom\components\widgitoolbarff.dll.8 (Adware.WidgiToolbar) -> Quarantined and deleted successfully.
c:\documents and settings\Nigs\data aplikací\BG0Ai.txt (Malware.Trace) -> Quarantined and deleted successfully.
c:\documents and settings\all users\data aplikací\common.data (Malware.Trace) -> Quarantined and deleted successfully.

[chodnik74]

Výborně.. dořešte ten SP 3 a náhradu souborů, jak jsem psal v PM

Kód: Vybrat vše

c:\windows\system32\ole32.dll
c:\windows\system32\drivers\tcpip.sys

Tyhle soubory nahradit http://leteckaposta.cz/885210886 zde jsou soubory...

[brseker]

Tak po instalaci SP3 funguje už i síť.
Moc děkuji za pomoc.

[chodnik74]

Ještě dočistíme od používaných programů:

Stiskněte klávesovou kombinaci WIN+R( nebo start-spustit ),čímž se vám otevře okno pro zadání příkazu pro spuštění a zkopírujte a vložte sem následujíci text: Combofix /Uninstall a dejte enter

OTC

• Spustíme,zmáčkneme CleanUp a potvrdíme YES Program uklidí a následně restartuje

T-Cleaner

• Spustíme,zmáčkneme klávesu A a potvrdíme ENTER(některé antiviry mohou detekovat utilitu jako vir-jedá se o falešný poplach,proto IGNOROVAT nebo dočasně vypnout antivir )
• po použití T-Cleaner smažte

TFC

• Stáhneme a spustíme program
• Klikneme na Start a potvrdíme OK
• Program začne uklízet,poté restartuje pc
• po použití program smažte

Údržba PC:

1)Čištění dočasných složek + neplatné registry
Ccleaner

• Stáhneme a nainstalujeme program
• Spustíme program
• ČISTIČ
  Windows zde necháme vše jak je (pokud používáme IE,tak odškrkneme jeho položky) a zaškrkneme položky Start Menu zástupci a Zástupci na ploše a odškrkneme volbu Zbytky souborů v paměti
  Aplikace - necháme jak je,ale pokud používáme nějaký prohlížeč (Google chrome,Firefox,Opera..) tak odškrkneme jeho položky
  >Stiskeneme tlačítko Analyzovat a poté Spustit Cleaner
• Registry
  >Stiskneme tlačítko Hledej problémy,program začne hledat neplatné registry..podé zvolíme Opravit vybrané problémy..
  >Program se zeptá,zda chceme vytvořit zálohu registrů,zvolíme ano a uložíme si někde zálohu(kdyby byli po opravení registru s něčím problémy,tak zálohu obnovíme tak,že spustíme uloženou zálohu a potvrdíme ano),dále zvolíme Opravit všechny problémy a Zavřít
  >opakujte dokud nebude registr bez problémů
• Program používáme 1x 14dní (záleží na používání pc,můžeme i jednou týdně)

2)Defragmentace disku
Defraggler

• Stáhneme a nainstalujeme program
• Spustíme program
• Vybereme disk ( C:,D:..prostě který používáme)
• Pokud je ve sloupci Fragmentace více než 5% dejte Defragmentovat
• Proveďte se všemi používanými disky
• Provádíme 1x za měsíc

3)Aktualizace programů
FileHippo.com Update Checker

• Stáhneme a nainstalujeme program(Při instalaci odškrkneme volbu Run at Startup )
• Spustíme program
• Program vyhledá nainstalované programy v PC a zjistí dostupné aktualizace
• Poté se vám otevře internetová stránka,kde budou nabídnuté aplikace k aktualizování
  >X Updates Detected..to jsou dostupné aktualizace..
  > klikneme na zelenou šipečku a stáhneme program,poté nainstalujeme jeho aktuální verzi
  > X Beta Updates Detected..tyto aktualizace nestahujte,jedná se o betaverze,které jsou ve vývoji a jsou nestabilní
• Provádíme 1x za 14 dní nebo jednou za měsíc

Jak se chová PC + nový RSIT