Prosím o kontrolu - PC napadeno System Tool 2.20

Zpráva

sorcer · #1 Příspěvek od **sorcer** » 22 pro 2010 23:02

Logfile of random's system information tool 1.08 (written by random/random)
Run by Administrator at 2010-12-22 22:59:02
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 21 GB (40%) free of 51 GB
Total RAM: 3582 MB (90% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:59:10, on 22.12.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\Administrator\Plocha\RSIT.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\trend micro\Administrator.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\sdra64.exe,
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O2 - BHO: Media Access Startup - {25B8D58C-B0CB-46b0-BA64-05B3804E4E86} - (no file)
O2 - BHO: NP Helper Class - {35B8D58C-B0CB-46b0-BA64-05B3804E4E86} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: System Search Dispatcher - {CDBFB47B-58A8-4111-BF95-06178DCE326D} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &S-Rank - {B71B15CF-3093-459C-B764-AEB2486F2273} - C:\Program Files\Seznam\Postak\SRank.dll
O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: (no name) - {5617ECA9-488D-4BA2-8562-9710B9AB78D2} - (no file)
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\JM\JMInsIDE.exe
O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\JMRaidSetup.exe boot
O4 - HKLM\..\Run: [SMail] "C:\Program Files\Seznam\Postak\Postak.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [MyWebSearch Plugin] rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\M3PLUGIN.DLL,UPF
O4 - HKLM\..\Run: [My Web Search Bar] rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\MWSBAR.DLL,S
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [TO2SSM_McciTrayApp] C:\Program Files\TO2SSM\McciTrayApp.exe
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\RunOnce: [B Register C:\Program Files\DivX\DivX Plus Player\DSEPlugins\Direct3DVideoOutput.dll] "C:\WINDOWS\system32\rundll32.exe" "C:\Program Files\DivX\DivX Plus Player\DSEPlugins\Direct3DVideoOutput.dll",DllRegisterServer
O4 - HKLM\..\RunOnce: [B Register C:\Program Files\DivX\DivX Plus Player\DSEPlugins\DirectShowAudioDecode.dll] "C:\WINDOWS\system32\rundll32.exe" "C:\Program Files\DivX\DivX Plus Player\DSEPlugins\DirectShowAudioDecode.dll",DllRegisterServer
O4 - HKLM\..\RunOnce: [B Register C:\Program Files\DivX\DivX Plus Player\DSEPlugins\DirectSoundAudioOutput.dll] "C:\WINDOWS\system32\rundll32.exe" "C:\Program Files\DivX\DivX Plus Player\DSEPlugins\DirectSoundAudioOutput.dll",DllRegisterServer
O4 - HKLM\..\RunOnce: [B Register C:\Program Files\DivX\DivX Plus Player\DSEPlugins\DivXDeinterlaceFilter.dll] "C:\WINDOWS\system32\rundll32.exe" "C:\Program Files\DivX\DivX Plus Player\DSEPlugins\DivXDeinterlaceFilter.dll",DllRegisterServer
O4 - HKLM\..\RunOnce: [B Register C:\Program Files\DivX\DivX Plus Player\DSEPlugins\DivXPlaybackModule.dll] "C:\WINDOWS\system32\rundll32.exe" "C:\Program Files\DivX\DivX Plus Player\DSEPlugins\DivXPlaybackModule.dll",DllRegisterServer
O4 - HKLM\..\RunOnce: [B Register C:\Program Files\DivX\DivX Plus Player\DPXPlugins\DPXBannerAdPlugin.dll] "C:\WINDOWS\system32\rundll32.exe" "C:\Program Files\DivX\DivX Plus Player\DPXPlugins\DPXBannerAdPlugin.dll",DllRegisterServer
O4 - HKLM\..\RunOnce: [B Register C:\Program Files\DivX\DivX Plus Player\DPXPlugins\DPXDownloadManagerPlugin.dll] "C:\WINDOWS\system32\rundll32.exe" "C:\Program Files\DivX\DivX Plus Player\DPXPlugins\DPXDownloadManagerPlugin.dll",DllRegisterServer
O4 - HKLM\..\RunOnce: [B Register C:\Program Files\DivX\DivX Plus Player\DPXPlugins\DPXMediaManagerPlugin.dll] "C:\WINDOWS\system32\rundll32.exe" "C:\Program Files\DivX\DivX Plus Player\DPXPlugins\DPXMediaManagerPlugin.dll",DllRegisterServer
O4 - HKLM\..\RunOnce: [B Register C:\Program Files\DivX\DivX Plus Player\DPXPlugins\DPXPlayerPlugin.dll] "C:\WINDOWS\system32\rundll32.exe" "C:\Program Files\DivX\DivX Plus Player\DPXPlugins\DPXPlayerPlugin.dll",DllRegisterServer
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{90FED5C8-1222-45BE-BA81-414CF2A92F86}: NameServer = 93.188.163.182,93.188.166.182
O17 - HKLM\System\CCS\Services\Tcpip\..\{AB4DC11A-4F5F-49CD-A2DE-4431079D657A}: NameServer = 93.188.163.182,93.188.166.182
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 93.188.163.182,93.188.166.182
O17 - HKLM\System\CS4\Services\Tcpip\Parameters: NameServer = 93.188.163.182,93.188.166.182
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 93.188.163.182,93.188.166.182
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: My Web Search Service (MyWebSearchService) - MyWebSearch.com - C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

--
End of file - 10723 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\1-Click Maintenance.job
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1708537768-1035525444-725345543-1003Core.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1708537768-1035525444-725345543-1003UA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00A6FAF1-072E-44cf-8957-5838F569A31D}]
MyWebSearch Search Assistant BHO - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL [2008-06-17 61440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{07B18EA1-A523-4961-B6BB-170DE4475CCA}]
mwsBar BHO - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL [2008-06-17 409695]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{25B8D58C-B0CB-46b0-BA64-05B3804E4E86}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{35B8D58C-B0CB-46b0-BA64-05B3804E4E86}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CDBFB47B-58A8-4111-BF95-06178DCE326D}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-03-09 35840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-03-09 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A}]
EpsonToolBandKicker Class - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2005-02-22 368640]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{B71B15CF-3093-459C-B764-AEB2486F2273} - &S-Rank - C:\Program Files\Seznam\Postak\SRank.dll [2005-05-17 266240]
{07B18EA9-A523-4961-B6BB-170DE4475CCA} - My Web Search - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL [2008-06-17 409695]
{EE5D279F-081B-4404-994D-C6B60AAEBA6D} - EPSON Web-To-Page - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2005-02-22 368640]
{5617ECA9-488D-4BA2-8562-9710B9AB78D2}

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"JMB36X IDE Setup"=C:\WINDOWS\JM\JMInsIDE.exe [2006-10-30 36864]
"36X Raid Configurer"=C:\WINDOWS\system32\JMRaidSetup.exe [2007-02-06 1953792]
"SMail"=C:\Program Files\Seznam\Postak\Postak.exe [2006-05-18 450560]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2007-04-12 16132608]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2009-01-15 13680640]
"nwiz"=nwiz.exe /install []
"MyWebSearch Plugin"=rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\M3PLUGIN.DLL,UPF []
"My Web Search Bar"=rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\MWSBAR.DLL,S []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2009-01-15 86016]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2008-10-25 31072]
"TO2SSM_McciTrayApp"=C:\Program Files\TO2SSM\McciTrayApp.exe [2008-08-15 1473536]
"DivXUpdate"=C:\Program Files\DivX\DivX Update\DivXUpdate.exe [2010-09-01 1164584]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2010-09-08 421888]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2010-11-11 421160]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"B Register C:\Program Files\DivX\DivX Plus Player\DSEPlugins\Direct3DVideoOutput.dll"=C:\Program Files\DivX\DivX Plus Player\DSEPlugins\Direct3DVideoOutput.dll [2010-11-12 503808]
"B Register C:\Program Files\DivX\DivX Plus Player\DSEPlugins\DirectShowAudioDecode.dll"=C:\Program Files\DivX\DivX Plus Player\DSEPlugins\DirectShowAudioDecode.dll [2010-11-12 86016]
"B Register C:\Program Files\DivX\DivX Plus Player\DSEPlugins\DirectSoundAudioOutput.dll"=C:\Program Files\DivX\DivX Plus Player\DSEPlugins\DirectSoundAudioOutput.dll [2010-11-12 37888]
"B Register C:\Program Files\DivX\DivX Plus Player\DSEPlugins\DivXDeinterlaceFilter.dll"=C:\Program Files\DivX\DivX Plus Player\DSEPlugins\DivXDeinterlaceFilter.dll [2010-11-12 31232]
"B Register C:\Program Files\DivX\DivX Plus Player\DSEPlugins\DivXPlaybackModule.dll"=C:\Program Files\DivX\DivX Plus Player\DSEPlugins\DivXPlaybackModule.dll [2010-11-12 1966080]
"B Register C:\Program Files\DivX\DivX Plus Player\DPXPlugins\DPXBannerAdPlugin.dll"=C:\Program Files\DivX\DivX Plus Player\DPXPlugins\DPXBannerAdPlugin.dll [2010-11-12 86016]
"B Register C:\Program Files\DivX\DivX Plus Player\DPXPlugins\DPXDownloadManagerPlugin.dll"=C:\Program Files\DivX\DivX Plus Player\DPXPlugins\DPXDownloadManagerPlugin.dll [2010-11-12 63488]
"B Register C:\Program Files\DivX\DivX Plus Player\DPXPlugins\DPXMediaManagerPlugin.dll"=C:\Program Files\DivX\DivX Plus Player\DPXPlugins\DPXMediaManagerPlugin.dll [2010-11-12 319488]
"B Register C:\Program Files\DivX\DivX Plus Player\DPXPlugins\DPXPlayerPlugin.dll"=C:\Program Files\DivX\DivX Plus Player\DPXPlugins\DPXPlayerPlugin.dll [2010-11-12 1089536]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe [2009-03-17 203928]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS SmartDoctor]
C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe /start []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUSGamerOSD]
C:\Program Files\ASUS\GamerOSD\GamerOSD.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Comrade.exe]
C:\Program Files\GameSpy\Comrade\Comrade.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
C:\Program Files\DAEMON Tools\daemon.exe -lang 1033 []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Pro Agent]
C:\Program Files\DAEMON Tools Pro\DTProAgent.exe [2007-09-06 136136]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2008-10-25 31072]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2010-11-11 421160]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyWebSearch Email Plugin]
C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe [2008-06-17 32838]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
C:\Program Files\PowerISO\PWRISOVM.EXE []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2010-09-08 421888]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmileyApp]
C:\Program Files\DoubleD\GamingHarbor Toolbar\4.1.2.19770\stbapp.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe /systray /nologon []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre6\bin\jusched.exe [2009-03-09 148888]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VoipBuster]
C:\Program Files\VoipBuster.com\VoipBuster\VoipBuster.exe -nosplash -minimized []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Hlavní panel ATI CATALYST.lnk]
C:\PROGRA~1\ATITEC~1\ATI.ACE\Load.exe [2005-08-31 36864]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Raff^Nabídka Start^Programy^Po spuštění^Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk]
C:\PROGRA~1\MICROS~2\Office12\ONENOTEM.EXE [2009-02-26 97680]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2004-08-03 86016]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe"="C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe:*:Enabled:Sunbelt Kerio Firewall GUI"
"C:\Program Files\Winamp Remote\bin\Orb.exe"="C:\Program Files\Winamp Remote\bin\Orb.exe:*:Enabled:Orb"
"C:\Program Files\Winamp Remote\bin\OrbTray.exe"="C:\Program Files\Winamp Remote\bin\OrbTray.exe:*:Enabled:OrbTray"
"C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe"="C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:*:Enabled:Orb Stream Client"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\Program Files\VoipBuster.com\VoipBuster\VoipBuster.exe"="C:\Program Files\VoipBuster.com\VoipBuster\VoipBuster.exe:*:Enabled:VoipBuster"
"C:\Program Files\ICQ6\ICQ.exe"="C:\Program Files\ICQ6\ICQ.exe:*:Enabled:ICQ6"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"D:\Hry\S.T.A.L.K.E.R\S.T.A.L.K.E.R. - Clear Sky\bin\xrEngine.exe"="D:\Hry\S.T.A.L.K.E.R\S.T.A.L.K.E.R. - Clear Sky\bin\xrEngine.exe:*:Enabled:S.T.A.L.K.E.R. - Clear Sky (CLI)"
"D:\Hry\S.T.A.L.K.E.R\S.T.A.L.K.E.R. - Clear Sky\bin\dedicated\xrEngine.exe"="D:\Hry\S.T.A.L.K.E.R\S.T.A.L.K.E.R. - Clear Sky\bin\dedicated\xrEngine.exe:*:Enabled:S.T.A.L.K.E.R. - Clear Sky (SRV)"
"D:\Hry\Call of Duty 5 cz\CoDWaW.exe"="D:\Hry\Call of Duty 5 cz\CoDWaW.exe:*:Enabled:Call of Duty(R) - World at War(TM) "
"D:\Hry\Call of Duty 5 cz\CoDWaWmp.exe"="D:\Hry\Call of Duty 5 cz\CoDWaWmp.exe:*:Enabled:Call of Duty(R) - World at War(TM) "
"D:\Hry\CoD4\iw3mp.exe"="D:\Hry\CoD4\iw3mp.exe:*:Enabled:Call of Duty(R) 4 - Modern Warfare(TM) "
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"D:\Hry\Mafie II\Hra\Steam.exe"="D:\Hry\Mafie II\Hra\Steam.exe:*:Enabled:Steam"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2010-12-22 22:59:02 ----D---- C:\rsit
2010-12-22 22:59:02 ----D---- C:\Program Files\trend micro
2010-12-22 22:54:18 ----A---- C:\WINDOWS\ntbtlog.txt
2010-12-22 22:32:45 ----A---- C:\WINDOWS\system32\drivers\mouhid.sys
2010-12-22 22:32:39 ----A---- C:\WINDOWS\system32\drivers\hidusb.sys
2010-12-22 16:05:43 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-12-22 15:44:22 ----D---- C:\Documents and Settings\Administrator\Data aplikací\Macromedia
2010-12-22 15:44:22 ----D---- C:\Documents and Settings\Administrator\Data aplikací\Adobe
2010-12-22 01:11:03 ----D---- C:\Documents and Settings\All Users\Data aplikací\eChIa01804
2010-12-19 21:03:46 ----D---- C:\Program Files\Zrychleni Pocitace
2010-12-13 22:31:29 ----D---- C:\Program Files\Microsoft Silverlight
2010-12-10 17:20:18 ----D---- C:\Program Files\Common Files\Skype
2010-11-25 17:23:51 ----D---- C:\Program Files\ABBYY FineReader 6.0 Sprint
2010-11-25 17:21:23 ----A---- C:\WINDOWS\system32\E_FLBEFE.DLL
2010-11-25 17:21:23 ----A---- C:\WINDOWS\system32\E_FD4BEFE.DLL
2010-11-25 17:11:38 ----A---- C:\WINDOWS\CDE SX200EXPORT.ini

======List of files/folders modified in the last 1 months======

2010-12-22 22:59:02 ----RD---- C:\Program Files
2010-12-22 22:54:18 ----D---- C:\WINDOWS
2010-12-22 22:52:20 ----D---- C:\WINDOWS\Prefetch
2010-12-22 22:51:51 ----D---- C:\WINDOWS\Temp
2010-12-22 22:32:50 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-12-22 22:32:45 ----D---- C:\WINDOWS\system32\drivers
2010-12-22 22:32:33 ----D---- C:\WINDOWS\system32\CatRoot2
2010-12-22 16:05:39 ----D---- C:\WINDOWS\system32
2010-12-22 16:05:39 ----D---- C:\Program Files\ESET
2010-12-22 15:58:17 ----D---- C:\WINDOWS\system32\LogFiles
2010-12-22 15:58:16 ----SHD---- C:\RECYCLER
2010-12-22 15:55:36 ----D---- C:\Program Files\GoQ - NetRadio
2010-12-22 15:41:50 ----D---- C:\Documents and Settings\Administrator\Data aplikací\Mozilla
2010-12-22 10:06:56 ----SHD---- C:\WINDOWS\system32\lowsec
2010-12-22 01:45:11 ----A---- C:\WINDOWS\wincmd.ini
2010-12-21 22:17:01 ----D---- C:\Program Files\JDownloader
2010-12-13 22:31:37 ----SHD---- C:\WINDOWS\Installer
2010-12-13 22:31:34 ----D---- C:\Config.Msi
2010-12-11 17:27:35 ----D---- C:\Program Files\Mozilla Firefox
2010-12-10 17:20:18 ----RD---- C:\Program Files\Skype
2010-12-10 17:20:18 ----D---- C:\Program Files\Common Files
2010-12-10 17:20:12 ----D---- C:\Documents and Settings\All Users\Data aplikací\Skype
2010-11-25 17:25:11 ----D---- C:\Documents and Settings\All Users\Data aplikací\UDL
2010-11-25 17:22:42 ----D---- C:\Program Files\epson
2010-11-25 17:21:28 ----D---- C:\Documents and Settings\All Users\Data aplikací\EPSON
2010-11-25 17:21:12 ----HD---- C:\WINDOWS\inf
2010-11-25 17:12:33 ----DC---- C:\WINDOWS\system32\DRVSTORE
2010-11-24 16:37:55 ----D---- C:\Program Files\The KMPlayer

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 JGOGO;JMicron Hot-Plug Driver; C:\WINDOWS\system32\DRIVERS\JGOGO.sys [2006-02-07 6912]
R0 JRAID;JRAID; C:\WINDOWS\system32\DRIVERS\jraid.sys [2007-02-16 44928]
R0 ohci1394;Hostitelský řadič IEEE 1394 dle standardu OHCI Texas Instruments; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2008-04-13 61696]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2010-03-31 44944]
R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2009-03-21 717296]
R1 fwdrv;Firewall Driver; C:\WINDOWS\system32\drivers\fwdrv.sys [2007-02-20 302000]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2009-02-02 25280]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2007-03-01 90496]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S1 EIO_XP;EIO_XP; \??\C:\WINDOWS\system32\drivers\EIO_XP.sys []
S1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
S1 khips;Kerio HIPS Driver; C:\WINDOWS\system32\drivers\khips.sys [2007-02-20 71088]
S2 ADILOADER;General Purpose USB Driver (adildr.sys); C:\WINDOWS\System32\Drivers\adildr.sys []
S2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2008-10-31 279712]
S2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2008-10-31 25888]
S3 adiusbaw;USB ADSL WAN Adapter; C:\WINDOWS\system32\DRIVERS\adiusbaw.sys []
S3 adlnou10;adlnou10; C:\WINDOWS\system32\drivers\adlnou10.sys []
S3 ae4fdypw;ae4fdypw; C:\WINDOWS\system32\drivers\ae4fdypw.sys []
S3 ae7s8kai;ae7s8kai; C:\WINDOWS\system32\drivers\ae7s8kai.sys []
S3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
S3 asusgsb;ASUS Virtual Video Capture Device Driver; C:\WINDOWS\system32\drivers\asusgsb.sys [2007-10-23 12416]
S3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2004-08-03 768512]
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 ENTECH;ENTECH; \??\C:\WINDOWS\system32\DRIVERS\ENTECH.sys []
S3 gdrv;gdrv; \??\C:\WINDOWS\gdrv.sys []
S3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-04-23 4402176]
S3 MREMP50;MREMP50 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS []
S3 MREMP50a64;MREMP50a64 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS []
S3 MREMPR5;MREMPR5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS []
S3 MRENDIS5;MRENDIS5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS []
S3 MRESP50;MRESP50 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS []
S3 MRESP50a64;MRESP50a64 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 NCHSSVAD;SoundTap Recorder; C:\WINDOWS\system32\drivers\nchssvad.sys [2008-03-11 21120]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2009-01-15 6301248]
S3 RivaTuner32;RivaTuner32; \??\C:\Program Files\RivaTuner v2.06\RivaTuner32.sys []
S3 s616bus;Sony Ericsson Device 616 driver (WDM); C:\WINDOWS\system32\DRIVERS\s616bus.sys [2007-04-03 83208]
S3 s616mdfl;Sony Ericsson Device 616 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\s616mdfl.sys [2007-04-03 15112]
S3 s616mdm;Sony Ericsson Device 616 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\s616mdm.sys [2007-04-03 108680]
S3 s616mgmt;Sony Ericsson Device 616 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\s616mgmt.sys [2007-04-03 100360]
S3 s616nd5;Sony Ericsson Device 616 USB Ethernet Emulation SEMC616 (NDIS); C:\WINDOWS\system32\DRIVERS\s616nd5.sys [2007-04-03 23176]
S3 s616obex;Sony Ericsson Device 616 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\s616obex.sys [2007-04-03 98568]
S3 s616unic;Sony Ericsson Device 616 USB Ethernet Emulation SEMC616 (WDM); C:\WINDOWS\system32\DRIVERS\s616unic.sys [2007-04-03 99080]
S3 se58bus;Sony Ericsson Device 088 driver (WDM); C:\WINDOWS\system32\DRIVERS\se58bus.sys [2006-09-05 61536]
S3 se58mgmt;Sony Ericsson Device 088 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\se58mgmt.sys [2006-09-05 88624]
S3 se58nd5;Sony Ericsson Device 088 USB Ethernet Emulation SEMC58 (NDIS); C:\WINDOWS\system32\DRIVERS\se58nd5.sys [2006-09-05 18704]
S3 se58unic;Sony Ericsson Device 088 USB Ethernet Emulation SEMC58 (WDM); C:\WINDOWS\system32\DRIVERS\se58unic.sys [2006-09-05 90800]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 Video3D;ASUS Video3D Service; C:\WINDOWS\System32\Drivers\Video3D32.sys []
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-10-25 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

S2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2010-10-16 37664]
S2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2004-08-03 389120]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2004-08-03 516096]
S2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2010-10-07 345376]
S2 gupdate;Google Update Service (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-09-14 133104]
S2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-03-09 152984]
S2 KPF4;Sunbelt Kerio Personal Firewall 4; C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe [2007-02-20 1222192]
S2 McciCMService;McciCMService; C:\Program Files\Common Files\Motive\McciCMService.exe [2007-10-15 303104]
S2 MyWebSearchService;My Web Search Service; C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exe [2008-06-17 28739]
S2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2009-01-15 163908]
S2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2009-02-02 66872]
S2 PnkBstrB;PnkBstrB; C:\WINDOWS\system32\PnkBstrB.exe [2009-02-15 202040]
S2 StarWindServiceAE;StarWind AE Service; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2007-05-28 275968]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2010-11-11 820008]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 65888]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

#2 Příspěvek od **motji** » 22 pro 2010 23:24

Dobrý večer

Stahněte MBAM z mého podpisu
-Nainstalujte,dejte úplný sken

NIC NEMAZAT

-MBAM má občas falešné detekce,proto budeme mazat až po kontrole logu.
-Log zkopírujte sem.

sorcer · #3 Příspěvek od **sorcer** » 23 pro 2010 19:18

Bohužel ani v nouzovém režimu ani "normálně" nejde Mbam spustit

. Zkoušel jsem i přeinstalovat (také instalovat v Nz režimu), ale program se nespustí. Instalace probíhala vždy bez problému.

Zajímavé je, že po projetím Rsitem se již onen záškodník Sys Tool 2.20 nehlásí.... (včera před založením Topicu jednou projeto Anti fakeantivirus removalem, ale po vyžadovaném restartu se Sys Tool stále objevoval.

#4 Příspěvek od **motji** » 23 pro 2010 20:16

V nouzovém režimu spustte

Stahněte Rkill z jednoho z odkazů, pokud by ho vir blokoval, zkuste stahnout jiný

Rkill EXE:
http://download.bleepingcomputer.com/grinler/rkill.exe

Rkill COM:
http://download.bleepingcomputer.com/grinler/rkill.com

Rkill SCR:
http://download.bleepingcomputer.com/grinler/rkill.scr

Rkill PIF:
http://download.bleepingcomputer.com/grinler/rkill.pif

-spusťte ho a nechejte pracovat. Sám se ukončí.

-

Ted nerestartujte počítač!

Spusťte combofix podle tohoto návodu
http://www.bleepingcomputer.com/combofi ... t-combofix
-přejmenujte ocmbofix na brouček.com

Pokud nepujde spustit, napište

sorcer · #5 Příspěvek od **sorcer** » 24 pro 2010 11:48

Zdravím tak Combifix spustit šel. Nejdříve se několikrát zastavil s tím, že systém je napaden TDL3 Rootkitem a měl sem si poznamenat : C:/windows/system32/drivers/sptd.sys, jež budu potřebovat později, ale vyzván k nějaké další interakci sem už nebyl. Pak se Combix pokoušel o restart - ale vždy se zasekl a k restartu nedolšo tak sem mu musel pomoci. Na podruhé se to povedlo a on opět v NZ. režimu naběhl a pokračoval dále ve své práci.

LOG:
ComboFix 10-12-23.05 - Administrator 24.12.2010 11:24:53.2.2 - x86 NETWORK
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.3582.3316 [GMT 1:00]
Spuštěný z: c:\documents and settings\Administrator\Plocha\broucek.com.exe
FW: Sunbelt Kerio Personal Firewall *Enabled* {E659E0EE-10E6-49B7-8696-60F38D0EB174}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Data aplikací\eChIa01804
c:\documents and settings\All Users\Data aplikací\eChIa01804\eChIa01804
c:\documents and settings\All Users\Data aplikací\eChIa01804\eChIa01804.exe
c:\documents and settings\Raff\Data aplikací\Adobe\plugs
c:\documents and settings\Raff\Data aplikací\Adobe\plugs\KB13310703.exe
c:\documents and settings\Raff\Local Settings\Data aplikací\DoubleD
c:\documents and settings\Raff\Local Settings\Data aplikací\DoubleD\GamingHarbor Toolbar\4.1.2.19770\Cache\248d6576afce4ee94af42d7350131106.gif
c:\documents and settings\Raff\Local Settings\Data aplikací\DoubleD\GamingHarbor Toolbar\4.1.2.19770\Cache\24a70fb875fab686b6b3c217612bc07c.gif
c:\documents and settings\Raff\Local Settings\Data aplikací\DoubleD\GamingHarbor Toolbar\4.1.2.19770\Cache\2afcf6f3f2e19cc42d7f72f3b18b26ef.gif
c:\documents and settings\Raff\Local Settings\Data aplikací\DoubleD\GamingHarbor Toolbar\4.1.2.19770\Cache\50bffa6936b3e661971a58e3c8bdf4cb.gif
c:\documents and settings\Raff\Local Settings\Data aplikací\DoubleD\GamingHarbor Toolbar\4.1.2.19770\Cache\default1.dat
c:\documents and settings\Raff\Local Settings\Data aplikací\DoubleD\GamingHarbor Toolbar\4.1.2.19770\Cache\loading.dat
c:\documents and settings\Raff\Local Settings\Data aplikací\DoubleD\GamingHarbor Toolbar\4.1.2.19770\Cache\loading.gif
c:\documents and settings\Raff\Local Settings\Data aplikací\DoubleD\GamingHarbor Toolbar\4.1.2.19770\Data\baw.mx
c:\documents and settings\Raff\Local Settings\Data aplikací\DoubleD\GamingHarbor Toolbar\4.1.2.19770\Data\Module_Cursor.mx
c:\documents and settings\Raff\Local Settings\Data aplikací\DoubleD\GamingHarbor Toolbar\4.1.2.19770\Data\Module_DailyVideo.mx
c:\documents and settings\Raff\Local Settings\Data aplikací\DoubleD\GamingHarbor Toolbar\4.1.2.19770\Data\Module_Game.mx
c:\documents and settings\Raff\Local Settings\Data aplikací\DoubleD\GamingHarbor Toolbar\4.1.2.19770\Data\Module_Glitter.mx
c:\documents and settings\Raff\Local Settings\Data aplikací\DoubleD\GamingHarbor Toolbar\4.1.2.19770\Data\Module_Logo.mx
c:\documents and settings\Raff\Local Settings\Data aplikací\DoubleD\GamingHarbor Toolbar\4.1.2.19770\Data\Module_Option.mx
c:\documents and settings\Raff\Local Settings\Data aplikací\DoubleD\GamingHarbor Toolbar\4.1.2.19770\Data\Module_Recipe.mx
c:\documents and settings\Raff\Local Settings\Data aplikací\DoubleD\GamingHarbor Toolbar\4.1.2.19770\Data\Module_Ringtone.mx
c:\documents and settings\Raff\Local Settings\Data aplikací\DoubleD\GamingHarbor Toolbar\4.1.2.19770\Data\Module_Screensaver.mx
c:\documents and settings\Raff\Local Settings\Data aplikací\DoubleD\GamingHarbor Toolbar\4.1.2.19770\Data\Module_Search.mx
c:\documents and settings\Raff\Local Settings\Data aplikací\DoubleD\GamingHarbor Toolbar\4.1.2.19770\Data\Module_Smiley.mx
c:\documents and settings\Raff\Local Settings\Data aplikací\DoubleD\GamingHarbor Toolbar\4.1.2.19770\Data\Module_Smiley_Config.mx
c:\documents and settings\Raff\Local Settings\Data aplikací\DoubleD\GamingHarbor Toolbar\4.1.2.19770\Data\Module_Smiley_TellAFriend.mx
c:\documents and settings\Raff\Local Settings\Data aplikací\DoubleD\GamingHarbor Toolbar\4.1.2.19770\Data\Module_Wallpaper.mx
c:\documents and settings\Raff\Local Settings\Data aplikací\DoubleD\GamingHarbor Toolbar\4.1.2.19770\Data\Module_Web.mx
c:\documents and settings\Raff\Local Settings\Data aplikací\DoubleD\GamingHarbor Toolbar\4.1.2.19770\Data\Module_WebDropdown_01.mx
c:\documents and settings\Raff\Local Settings\Data aplikací\DoubleD\GamingHarbor Toolbar\4.1.2.19770\Data\Module_WebDropdown_02.mx
c:\documents and settings\Raff\Local Settings\Data aplikací\DoubleD\GamingHarbor Toolbar\4.1.2.19770\Data\Module_WebDropdown_03.mx
c:\documents and settings\Raff\Local Settings\Data aplikací\DoubleD\GamingHarbor Toolbar\4.1.2.19770\Data\Module_WebDropdown_04.mx
c:\documents and settings\Raff\Local Settings\Data aplikací\DoubleD\GamingHarbor Toolbar\4.1.2.19770\Data\Module_WebDropdown_05.mx
c:\documents and settings\Raff\Local Settings\Data aplikací\DoubleD\GamingHarbor Toolbar\4.1.2.19770\Data\Module_WebDropdown_06.mx
c:\documents and settings\Raff\Local Settings\Data aplikací\DoubleD\GamingHarbor Toolbar\4.1.2.19770\Data\Module_WebDropdown_07.mx
c:\documents and settings\Raff\Local Settings\Data aplikací\DoubleD\GamingHarbor Toolbar\4.1.2.19770\Data\pixel.mx
c:\documents and settings\Raff\Local Settings\Data aplikací\DoubleD\GamingHarbor Toolbar\4.1.2.19770\Data\ProductInfo.mx
c:\documents and settings\Raff\Local Settings\Data aplikací\DoubleD\GamingHarbor Toolbar\4.1.2.19770\Data\profile.mx
c:\documents and settings\Raff\Local Settings\Data aplikací\DoubleD\GamingHarbor Toolbar\4.1.2.19770\Data\SearchEngineList.mx
c:\documents and settings\Raff\Local Settings\Data aplikací\DoubleD\GamingHarbor Toolbar\4.1.2.19770\Data\tbcore.mx
c:\documents and settings\Raff\Local Settings\Data aplikací\DoubleD\GamingHarbor Toolbar\4.1.2.19770\Data\ToolbarLayout.mx
c:\documents and settings\Raff\Local Settings\Data aplikací\DoubleD\GamingHarbor Toolbar\4.1.2.19770\Data\UpdateCentre.mx
c:\documents and settings\Raff\Local Settings\Data aplikací\DoubleD\GamingHarbor Toolbar\4.1.2.19770\Data\UpdateCentreBk.mx
c:\documents and settings\Raff\Local Settings\Data aplikací\DoubleD\GamingHarbor Toolbar\4.1.2.19770\Data\URLDynamic.mx
c:\documents and settings\Raff\Local Settings\Data aplikací\DoubleD\GamingHarbor Toolbar\4.1.2.19770\Data\URLStatic.mx
c:\documents and settings\Raff\Local Settings\Data aplikací\DoubleD\GamingHarbor Toolbar\4.1.2.19770\Icons\About.mg
c:\documents and settings\Raff\Local Settings\Data aplikací\DoubleD\GamingHarbor Toolbar\4.1.2.19770\Icons\Component_ComboBox.mg
c:\documents and settings\Raff\Local Settings\Data aplikací\DoubleD\GamingHarbor Toolbar\4.1.2.19770\Icons\Module_Cursor.mg
c:\documents and settings\Raff\Local Settings\Data aplikací\DoubleD\GamingHarbor Toolbar\4.1.2.19770\Icons\Module_Cursor.png
c:\documents and settings\Raff\Local Settings\Data aplikací\DoubleD\GamingHarbor Toolbar\4.1.2.19770\Icons\Module_DailyVideo.mg
c:\documents and settings\Raff\Local Settings\Data aplikací\DoubleD\GamingHarbor Toolbar\4.1.2.19770\Icons\Module_Game.mg
c:\documents and settings\Raff\Local Settings\Data aplikací\DoubleD\GamingHarbor Toolbar\4.1.2.19770\Icons\Module_Glitter.mg
c:\documents and settings\Raff\Local Settings\Data aplikací\DoubleD\GamingHarbor Toolbar\4.1.2.19770\Icons\Module_Glitter.png
c:\documents and settings\Raff\Local Settings\Data aplikací\DoubleD\GamingHarbor Toolbar\4.1.2.19770\Icons\Module_Logo.mg
c:\documents and settings\Raff\Local Settings\Data aplikací\DoubleD\GamingHarbor Toolbar\4.1.2.19770\Icons\Module_Option.mg
c:\documents and settings\Raff\Local Settings\Data aplikací\DoubleD\GamingHarbor Toolbar\4.1.2.19770\Icons\Module_Recipe.mg
c:\documents and settings\Raff\Local Settings\Data aplikací\DoubleD\GamingHarbor Toolbar\4.1.2.19770\Icons\Module_Ringtone.mg
c:\documents and settings\Raff\Local Settings\Data aplikací\DoubleD\GamingHarbor Toolbar\4.1.2.19770\Icons\Module_Screensaver.mg
c:\documents and settings\Raff\Local Settings\Data aplikací\DoubleD\GamingHarbor Toolbar\4.1.2.19770\Icons\Module_Search.mg
c:\documents and settings\Raff\Local Settings\Data aplikací\DoubleD\GamingHarbor Toolbar\4.1.2.19770\Icons\Module_Smiley.mg
c:\documents and settings\Raff\Local Settings\Data aplikací\DoubleD\GamingHarbor Toolbar\4.1.2.19770\Icons\Module_Smiley.png
c:\documents and settings\Raff\Local Settings\Data aplikací\DoubleD\GamingHarbor Toolbar\4.1.2.19770\Icons\Module_Wallpaper.mg
c:\documents and settings\Raff\Local Settings\Data aplikací\DoubleD\GamingHarbor Toolbar\4.1.2.19770\Icons\Module_Web.mg
c:\documents and settings\Raff\Local Settings\Data aplikací\DoubleD\GamingHarbor Toolbar\4.1.2.19770\Icons\Module_WebDropdown_01.mg
c:\documents and settings\Raff\Local Settings\Data aplikací\DoubleD\GamingHarbor Toolbar\4.1.2.19770\Icons\Module_WebDropdown_01.png
c:\documents and settings\Raff\Local Settings\Data aplikací\DoubleD\GamingHarbor Toolbar\4.1.2.19770\Icons\Module_WebDropdown_02.mg
c:\documents and settings\Raff\Local Settings\Data aplikací\DoubleD\GamingHarbor Toolbar\4.1.2.19770\Icons\Module_WebDropdown_02.png
c:\documents and settings\Raff\Local Settings\Data aplikací\DoubleD\GamingHarbor Toolbar\4.1.2.19770\Icons\Module_WebDropdown_03.mg
c:\documents and settings\Raff\Local Settings\Data aplikací\DoubleD\GamingHarbor Toolbar\4.1.2.19770\Icons\Module_WebDropdown_03.png
c:\documents and settings\Raff\Local Settings\Data aplikací\DoubleD\GamingHarbor Toolbar\4.1.2.19770\Icons\Module_WebDropdown_04.mg
c:\documents and settings\Raff\Local Settings\Data aplikací\DoubleD\GamingHarbor Toolbar\4.1.2.19770\Icons\Module_WebDropdown_04.png
c:\documents and settings\Raff\Local Settings\Data aplikací\DoubleD\GamingHarbor Toolbar\4.1.2.19770\Icons\Module_WebDropdown_05.mg
c:\documents and settings\Raff\Local Settings\Data aplikací\DoubleD\GamingHarbor Toolbar\4.1.2.19770\Icons\Module_WebDropdown_05.png
c:\documents and settings\Raff\Local Settings\Data aplikací\DoubleD\GamingHarbor Toolbar\4.1.2.19770\Icons\Module_WebDropdown_06.mg
c:\documents and settings\Raff\Local Settings\Data aplikací\DoubleD\GamingHarbor Toolbar\4.1.2.19770\Icons\Module_WebDropdown_06.png
c:\documents and settings\Raff\Local Settings\Data aplikací\DoubleD\GamingHarbor Toolbar\4.1.2.19770\Icons\Module_WebDropdown_07.mg
c:\documents and settings\Raff\Local Settings\Data aplikací\DoubleD\GamingHarbor Toolbar\4.1.2.19770\Icons\Module_WebDropdown_07.png
c:\documents and settings\Raff\Local Settings\Data aplikací\DoubleD\GamingHarbor Toolbar\4.1.2.19770\Icons\TBBtnDefault.png
c:\documents and settings\Raff\Local Settings\Data aplikací\DoubleD\GamingHarbor Toolbar\4.1.2.19770\Icons\TBBtnDisplay.bmp
c:\documents and settings\Raff\Local Settings\Data aplikací\DoubleD\GamingHarbor Toolbar\4.1.2.19770\Icons\TBBtnDisplay.png
c:\documents and settings\Raff\Local Settings\Data aplikací\DoubleD\GamingHarbor Toolbar\4.1.2.19770\Icons\TBBtnDisplay18.bmp
c:\documents and settings\Raff\Local Settings\Data aplikací\DoubleD\GamingHarbor Toolbar\4.1.2.19770\Icons\TBBtnDisplay20.bmp
c:\documents and settings\Raff\Local Settings\Data aplikací\DoubleD\GamingHarbor Toolbar\4.1.2.19770\Icons\TBBtnGlitters.bmp
c:\documents and settings\Raff\Local Settings\Data aplikací\DoubleD\GamingHarbor Toolbar\4.1.2.19770\Icons\TBBtnGlitters.png
c:\documents and settings\Raff\Local Settings\Data aplikací\DoubleD\GamingHarbor Toolbar\4.1.2.19770\Icons\TBBtnGlitters18.bmp
c:\documents and settings\Raff\Local Settings\Data aplikací\DoubleD\GamingHarbor Toolbar\4.1.2.19770\Icons\TBBtnGlitters20.bmp
c:\documents and settings\Raff\Local Settings\Data aplikací\DoubleD\GamingHarbor Toolbar\4.1.2.19770\Icons\TBBtnOption.png
c:\documents and settings\Raff\Local Settings\Data aplikací\DoubleD\GamingHarbor Toolbar\4.1.2.19770\Icons\TBBtnSmiley.bmp
c:\documents and settings\Raff\Local Settings\Data aplikací\DoubleD\GamingHarbor Toolbar\4.1.2.19770\Icons\TBBtnSmiley.png
c:\documents and settings\Raff\Local Settings\Data aplikací\DoubleD\GamingHarbor Toolbar\4.1.2.19770\Icons\TBBtnSmiley18.bmp
c:\documents and settings\Raff\Local Settings\Data aplikací\DoubleD\GamingHarbor Toolbar\4.1.2.19770\Icons\TBBtnSmiley20.bmp
c:\documents and settings\Raff\Local Settings\Data aplikací\DoubleD\GamingHarbor Toolbar\4.1.2.19770\Icons\TBBtnTellFd.bmp
c:\documents and settings\Raff\Local Settings\Data aplikací\DoubleD\GamingHarbor Toolbar\4.1.2.19770\Icons\TBBtnTellFd.png
c:\documents and settings\Raff\Local Settings\Data aplikací\DoubleD\GamingHarbor Toolbar\4.1.2.19770\Icons\TBBtnTellFd18.bmp
c:\documents and settings\Raff\Local Settings\Data aplikací\DoubleD\GamingHarbor Toolbar\4.1.2.19770\Icons\TBBtnTellFd20.bmp
c:\documents and settings\Raff\Local Settings\Data aplikací\DoubleD\GamingHarbor Toolbar\4.1.2.19770\Icons\TBBtnWink.bmp
c:\documents and settings\Raff\Local Settings\Data aplikací\DoubleD\GamingHarbor Toolbar\4.1.2.19770\Icons\TBBtnWink.png
c:\documents and settings\Raff\Local Settings\Data aplikací\DoubleD\GamingHarbor Toolbar\4.1.2.19770\Icons\TBBtnWink18.bmp
c:\documents and settings\Raff\Local Settings\Data aplikací\DoubleD\GamingHarbor Toolbar\4.1.2.19770\Icons\TBBtnWink20.bmp
c:\documents and settings\Raff\Local Settings\Data aplikací\DoubleD\GamingHarbor Toolbar\4.1.2.19770\Skins\myskin1.skf
c:\documents and settings\Raff\Local Settings\Data aplikací\DoubleD\GamingHarbor Toolbar\4.1.2.19770\Skins\myskin2.skf
c:\documents and settings\Raff\Local Settings\Data aplikací\DoubleD\GamingHarbor Toolbar\4.1.2.19770\Skins\myskin3.skf
c:\documents and settings\Raff\Local Settings\Data aplikací\DoubleD\GamingHarbor Toolbar\4.1.2.19770\Skins\myskin4.skf
c:\documents and settings\Raff\Local Settings\Data aplikací\DoubleD\GamingHarbor Toolbar\4.1.2.19770\Skins\TellafriendSkin.skf
c:\documents and settings\Raff\Local Settings\Data aplikací\DoubleD\GamingHarbor Toolbar\4.1.2.19770\Skins\TellafriendSkin_s.skf
c:\documents and settings\Raff\Local Settings\Data aplikací\DoubleD\GamingHarbor Toolbar\4.1.2.19770\Skins\ToastSkin.skf
c:\program files\FunWebProducts
c:\program files\FunWebProducts\Shared\Cache\CursorManiaBtn.html
c:\program files\FunWebProducts\Shared\Cache\SmileyCentralBtn.html
c:\program files\ICQ6.5\updates\ICQLRun.exe.f9cb5bbb98c818d0e6c63e8613a6d549
c:\program files\Internet Explorer\msimg32.dll
c:\program files\Internet Saving Optimizer
c:\program files\Internet Saving Optimizer\3.4.0.4340\Data\config.md
c:\program files\Internet Saving Optimizer\3.4.0.4340\FF\components\NPFFAddOn.xpt
c:\program files\Internet Saving Optimizer\3.4.0.4340\FF\components\NPFFHelperComponent.js
c:\program files\Internet Saving Optimizer\3.4.0.4340\FF\chrome.manifest
c:\program files\Internet Saving Optimizer\3.4.0.4340\FF\chrome\content\NPAddOn.js
c:\program files\Internet Saving Optimizer\3.4.0.4340\FF\chrome\content\NPAddOn.xul
c:\program files\Internet Saving Optimizer\3.4.0.4340\FF\chrome\NPAddOn.jar
c:\program files\Internet Saving Optimizer\3.4.0.4340\FF\install.rdf
c:\program files\Internet Saving Optimizer\3.4.0.4340\NPCommon.dll
c:\program files\Internet Saving Optimizer\3.4.0.4340\unins000.dat
c:\program files\Internet Saving Optimizer\3.4.0.4340\unins000.exe
c:\program files\Media Access Startup
c:\program files\Media Access Startup\1.5.0.850\Data\config.md
c:\program files\Media Access Startup\1.5.0.850\FF\components\HPFFAddOn.xpt
c:\program files\Media Access Startup\1.5.0.850\FF\components\HPFFHelperComponent.js
c:\program files\Media Access Startup\1.5.0.850\FF\chrome.manifest
c:\program files\Media Access Startup\1.5.0.850\FF\chrome\content\HPAddOn.js
c:\program files\Media Access Startup\1.5.0.850\FF\chrome\content\HPAddOn.xul
c:\program files\Media Access Startup\1.5.0.850\FF\chrome\HPAddOn.jar
c:\program files\Media Access Startup\1.5.0.850\FF\install.rdf
c:\program files\Media Access Startup\1.5.0.850\HPCommon.dll
c:\program files\Media Access Startup\1.5.0.850\unins000.dat
c:\program files\Media Access Startup\1.5.0.850\unins000.exe
c:\program files\MyWebSearch
c:\program files\MyWebSearch\bar\1.bin\F3BKGERR.JPG
c:\program files\MyWebSearch\bar\1.bin\F3CJPEG.DLL
c:\program files\MyWebSearch\bar\1.bin\F3HTMLMU.DLL
c:\program files\MyWebSearch\bar\1.bin\F3HTTPCT.DLL
c:\program files\MyWebSearch\bar\1.bin\F3IMSTUB.DLL
c:\program files\MyWebSearch\bar\1.bin\F3PSSAVR.SCR
c:\program files\MyWebSearch\bar\1.bin\F3REPROX.DLL
c:\program files\MyWebSearch\bar\1.bin\F3RESTUB.DLL
c:\program files\MyWebSearch\bar\1.bin\F3SCRCTR.DLL
c:\program files\MyWebSearch\bar\1.bin\F3SPACER.WMV
c:\program files\MyWebSearch\bar\1.bin\F3WALLPP.DAT
c:\program files\MyWebSearch\bar\1.bin\F3WPHOOK.DLL
c:\program files\MyWebSearch\bar\1.bin\FWPBUDDY.PNG
c:\program files\MyWebSearch\bar\1.bin\M3FFXTBR.JAR
c:\program files\MyWebSearch\bar\1.bin\M3FFXTBR.MANIFEST
c:\program files\MyWebSearch\bar\1.bin\M3HIGHIN.EXE
c:\program files\MyWebSearch\bar\1.bin\M3HTML.DLL
c:\program files\MyWebSearch\bar\1.bin\M3IDLE.DLL
c:\program files\MyWebSearch\bar\1.bin\M3IMPIPE.EXE
c:\program files\MyWebSearch\bar\1.bin\M3MEDINT.EXE
c:\program files\MyWebSearch\bar\1.bin\M3MSG.DLL
c:\program files\MyWebSearch\bar\1.bin\M3NTSTBR.JAR
c:\program files\MyWebSearch\bar\1.bin\M3NTSTBR.MANIFEST
c:\program files\MyWebSearch\bar\1.bin\M3OUTLCN.DLL
c:\program files\MyWebSearch\bar\1.bin\M3PLUGIN.DLL
c:\program files\MyWebSearch\bar\1.bin\M3SKIN.DLL
c:\program files\MyWebSearch\bar\1.bin\M3SKPLAY.EXE
c:\program files\MyWebSearch\bar\1.bin\M3SLSRCH.EXE
c:\program files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE
c:\program files\MyWebSearch\bar\1.bin\MWSBAR.DLL
c:\program files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
c:\program files\MyWebSearch\bar\1.bin\MWSOEPLG.DLL
c:\program files\MyWebSearch\bar\1.bin\MWSOESTB.DLL
c:\program files\MyWebSearch\bar\1.bin\MWSSVC.EXE
c:\program files\MyWebSearch\bar\1.bin\NPMYWEBS.DLL
c:\program files\MyWebSearch\bar\Avatar\COMMON.F3S
c:\program files\MyWebSearch\bar\Cache\0001BCB3
c:\program files\MyWebSearch\bar\Cache\000201AC
c:\program files\MyWebSearch\bar\Cache\000208FF
c:\program files\MyWebSearch\bar\Cache\00022DAD
c:\program files\MyWebSearch\bar\Cache\0006F0AC
c:\program files\MyWebSearch\bar\Cache\000789A0
c:\program files\MyWebSearch\bar\Cache\00087D18
c:\program files\MyWebSearch\bar\Cache\0008F296
c:\program files\MyWebSearch\bar\Cache\000F2FC1
c:\program files\MyWebSearch\bar\Cache\001B4C38.bin
c:\program files\MyWebSearch\bar\Cache\0020665F
c:\program files\MyWebSearch\bar\Cache\002F3B20.bin
c:\program files\MyWebSearch\bar\Cache\00655141
c:\program files\MyWebSearch\bar\Cache\0073923E
c:\program files\MyWebSearch\bar\Cache\008A66E8
c:\program files\MyWebSearch\bar\Cache\0116F8FE.bin
c:\program files\MyWebSearch\bar\Cache\0116FB8E.bin
c:\program files\MyWebSearch\bar\Cache\0116FD82.bin
c:\program files\MyWebSearch\bar\Cache\0117009F.bin
c:\program files\MyWebSearch\bar\Cache\0143DBE5
c:\program files\MyWebSearch\bar\Cache\0164D6E4.bin
c:\program files\MyWebSearch\bar\Cache\0164DCA0.bin
c:\program files\MyWebSearch\bar\Cache\0164DDD9.bin
c:\program files\MyWebSearch\bar\Cache\01A96BD6
c:\program files\MyWebSearch\bar\Cache\0218D8EC
c:\program files\MyWebSearch\bar\Cache\02227C92
c:\program files\MyWebSearch\bar\Cache\02BC23A8
c:\program files\MyWebSearch\bar\Cache\02C8776B.bin
c:\program files\MyWebSearch\bar\Cache\02C87A1A.bin
c:\program files\MyWebSearch\bar\Cache\02C87B72.bin
c:\program files\MyWebSearch\bar\Cache\02C87D08.bin
c:\program files\MyWebSearch\bar\Cache\02C87E50
c:\program files\MyWebSearch\bar\Cache\02EE64F3
c:\program files\MyWebSearch\bar\Cache\files.ini
c:\program files\MyWebSearch\bar\Game\CHECKERS.F3S
c:\program files\MyWebSearch\bar\Game\CHESS.F3S
c:\program files\MyWebSearch\bar\Game\REVERSI.F3S
c:\program files\MyWebSearch\bar\History\search3
c:\program files\MyWebSearch\bar\icons\CM.ICO
c:\program files\MyWebSearch\bar\icons\MFC.ICO
c:\program files\MyWebSearch\bar\icons\PSS.ICO
c:\program files\MyWebSearch\bar\icons\SMILEY.ICO
c:\program files\MyWebSearch\bar\icons\WB.ICO
c:\program files\MyWebSearch\bar\icons\ZWINKY.ICO
c:\program files\MyWebSearch\bar\Message\COMMON.F3S
c:\program files\MyWebSearch\bar\Notifier\COMMON.F3S
c:\program files\MyWebSearch\bar\Notifier\DOG.F3S
c:\program files\MyWebSearch\bar\Notifier\FISH.F3S
c:\program files\MyWebSearch\bar\Notifier\KUNGFU.F3S
c:\program files\MyWebSearch\bar\Notifier\LIFEGARD.F3S
c:\program files\MyWebSearch\bar\Notifier\MAID.F3S
c:\program files\MyWebSearch\bar\Notifier\MAILBOX.F3S
c:\program files\MyWebSearch\bar\Notifier\OPERA.F3S
c:\program files\MyWebSearch\bar\Notifier\ROBOT.F3S
c:\program files\MyWebSearch\bar\Notifier\SEDUCT.F3S
c:\program files\MyWebSearch\bar\Notifier\SURFER.F3S
c:\program files\MyWebSearch\bar\Settings\prevcfg2.htm
c:\program files\MyWebSearch\bar\Settings\s_pid.dat
c:\program files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
c:\windows\OPTIONS\CABS\_desktop.ini
c:\windows\ST6UNST.000
c:\windows\system32\f3PSSavr.scr
c:\windows\system32\lowsec
c:\windows\system32\lowsec\local.ds
c:\windows\system32\lowsec\user.ds
c:\windows\system32\lowsec\user.ds.lll
c:\windows\system32\sdra64.exe

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_MYWEBSEARCHSERVICE
-------\Service_MyWebSearchService

((((((((((((((((((((((((( Soubory vytvořené od 2010-11-24 do 2010-12-24 )))))))))))))))))))))))))))))))
.

2010-12-23 18:06 . 2010-12-23 18:06 -------- d-----w- c:\program files\Mal
2010-12-23 17:57 . 2010-12-23 17:57 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2010-12-23 17:57 . 2010-12-20 17:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-23 17:57 . 2010-12-20 17:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-22 21:59 . 2010-12-22 21:59 -------- d-----w- C:\rsit
2010-12-22 21:59 . 2010-12-22 21:59 -------- d-----w- c:\program files\trend micro
2010-12-22 21:32 . 2001-10-24 10:54 12160 -c--a-w- c:\windows\system32\dllcache\mouhid.sys
2010-12-22 21:32 . 2001-10-24 10:54 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2010-12-22 21:32 . 2008-04-13 19:45 10368 -c--a-w- c:\windows\system32\dllcache\hidusb.sys
2010-12-22 21:32 . 2008-04-13 19:45 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys
2010-12-22 15:00 . 2010-12-22 15:00 -------- d-s---w- c:\documents and settings\Administrator\UserData
2010-12-19 20:03 . 2010-12-22 14:57 -------- d-----w- c:\program files\Zrychleni Pocitace
2010-12-13 21:31 . 2010-12-13 21:31 -------- d-----w- c:\program files\Microsoft Silverlight
2010-12-10 16:20 . 2010-12-10 16:20 -------- d-----w- c:\program files\Common Files\Skype
2010-11-25 16:23 . 2010-11-25 16:24 -------- d-----w- c:\program files\ABBYY FineReader 6.0 Sprint
2010-11-25 16:21 . 2007-12-07 02:08 86528 ----a-w- c:\windows\system32\E_FLBEFE.DLL
2010-11-25 16:21 . 2007-12-07 02:01 78848 ----a-w- c:\windows\system32\E_FD4BEFE.DLL

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-07 11:23 . 2010-10-07 11:23 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-10-07 11:23 . 2010-10-07 11:23 197920 ----a-w- c:\windows\system32\dnssdX.dll
2010-10-07 11:23 . 2010-10-07 11:23 107808 ----a-w- c:\windows\system32\dns-sd.exe
2004-01-28 04:00 . 2004-01-28 04:00 76677 ----a-w- c:\program files\unins000.exe
2003-08-09 09:31 . 2003-08-09 09:31 69120 ----a-w- c:\program files\sslcopy.exe
2003-08-05 21:57 . 2003-08-05 21:57 64000 ----a-w- c:\program files\regref.exe
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"JMB36X IDE Setup"="c:\windows\JM\JMInsIDE.exe" [2006-10-30 36864]
"36X Raid Configurer"="c:\windows\system32\JMRaidSetup.exe" [2007-02-06 1953792]
"SMail"="c:\program files\Seznam\Postak\Postak.exe" [2006-05-18 450560]
"RTHDCPL"="RTHDCPL.EXE" [2007-04-12 16132608]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-01-15 13680640]
"nwiz"="nwiz.exe" [2009-01-15 1657376]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-01-15 86016]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"TO2SSM_McciTrayApp"="c:\program files\TO2SSM\McciTrayApp.exe" [2008-08-15 1473536]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-09-01 1164584]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-11-10 421160]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Hlavní panel ATI CATALYST.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Hlavní panel ATI CATALYST.lnk
backup=c:\windows\pss\Hlavní panel ATI CATALYST.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Raff^Nabídka Start^Programy^Po spuštění^Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk]
path=c:\documents and settings\Raff\Nabídka Start\Programy\Po spuštění\Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk
backup=c:\windows\pss\Výřezy obrazovky a spuštění aplikace OneNote 2007.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-10-15 00:04 39792 -c--a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
2009-03-17 07:17 203928 ----a-w- c:\program files\Alcohol Soft\Alcohol 120\AxCmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2008-04-14 03:22 15360 ----a-w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Pro Agent]
2007-09-06 13:08 136136 ----a-w- c:\program files\DAEMON Tools Pro\DTProAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 10:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-11-10 23:40 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 03:22 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
2001-07-09 01:50 155648 -c--a-w- c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-09-08 10:17 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-03-09 03:19 148888 -c--a-w- c:\program files\Java\jre6\bin\jusched.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Sunbelt Software\\Personal Firewall\\kpf4gui.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\Hry\\CoD4\\iw3mp.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"d:\\Hry\\Mafie II\\Hra\\Steam.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [21.12.2007 20:10 717296]
R1 fwdrv;Firewall Driver;c:\windows\system32\drivers\fwdrv.sys [20.2.2007 13:34 302000]
S1 khips;Kerio HIPS Driver;c:\windows\system32\drivers\khips.sys [20.2.2007 13:34 71088]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [14.9.2009 14:25 133104]
S3 NCHSSVAD;SoundTap Recorder;c:\windows\system32\drivers\nchssvad.sys [11.3.2008 12:35 21120]
.
Obsah adresáře 'Naplánované úlohy'

2010-12-21 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

2010-12-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-14 13:25]

2010-12-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-14 13:25]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.yahoo.com
mStart Page = hxxp://www.yahoo.com
uInternet Connection Wizard,ShellNext = hxxp://www.yahoo.com/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\ywe9b6x2.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: The Browser Highlighter: browserhighlighter@ebay.com - c:\program files\Mozilla Firefox\extensions\browserhighlighter@ebay.com
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

HKLM-Run-MyWebSearch Plugin - c:\progra~1\MYWEBS~1\bar\1.bin\M3PLUGIN.DLL
Notify-WgaLogon - (no file)
MSConfigStartUp-ASUS SmartDoctor - c:\program files\ASUS\SmartDoctor\SmartDoctor.exe
MSConfigStartUp-ASUSGamerOSD - c:\program files\ASUS\GamerOSD\GamerOSD.exe
MSConfigStartUp-Comrade - c:\program files\GameSpy\Comrade\Comrade.exe
MSConfigStartUp-DAEMON Tools - c:\program files\DAEMON Tools\daemon.exe
MSConfigStartUp-MyWebSearch Email Plugin - c:\progra~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
MSConfigStartUp-PWRISOVM - c:\program files\PowerISO\PWRISOVM.EXE
MSConfigStartUp-RemoteControl - c:\program files\CyberLink\PowerDVD\PDVDServ.exe
MSConfigStartUp-SmileyApp - c:\program files\DoubleD\GamingHarbor Toolbar\4.1.2.19770\stbapp.exe
MSConfigStartUp-Sony Ericsson PC Suite - c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
MSConfigStartUp-VoipBuster - c:\program files\VoipBuster.com\VoipBuster\VoipBuster.exe
AddRemove-{16B6279B-9FF5-41fb-8BF9-404324F5DD1F}}_is1 - c:\program files\Media Access Startup\1.5.0.850\unins000.exe
AddRemove-{1FB52AB3-5987-45a2-85E0-F3EC30DDDC29}}_is1 - c:\program files\Internet Saving Optimizer\3.4.0.4340\unins000.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-24 11:39
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: WDC_WD2500YS-01SHB1 rev.20.06C06 -> Harddisk0\DR0 -> \Device\Ide\IdePort1 P1T0L0-4

device: opened successfully
user: MBR read successfully

Disk trace:
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8AF03ECC]<<
_asm { PUSH EBP; MOV EBP, ESP; SUB ESP, 0x1c; PUSH EBX; PUSH ESI; MOV DWORD [EBP-0x4], 0x86e5e879; SUB DWORD [EBP-0x4], 0x86e5e135; PUSH EDI; CALL 0xffffffffffffdf2c; }
1 nt!IofCallDriver[0x804E13B9] -> \Device\Harddisk0\DR0[0x8B047958]
3 CLASSPNP[0xF7667FD7] -> nt!IofCallDriver[0x804E13B9] -> \Device\00000079[0x8AFB59E8]
5 ACPI[0xF7496620] -> nt!IofCallDriver[0x804E13B9] -> [0x8AFB5D98]
[0x8B0079D8] -> IRP_MJ_CREATE -> 0x8AF03ECC
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
detected disk devices:
\Device\Ide\IdeDeviceP1T0L0-4 -> \??\IDE#DiskWDC_WD2500YS-01SHB1_____________________20.06C06#5&3d0951c&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
\Driver\atapi DriverStartIo -> 0x8AF03AF1
user & kernel MBR OK
sectors 490232637 (+255): user != kernel
Warning: possible TDL3 rootkit infection !

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(736)
c:\windows\system32\Ati2evxx.dll
.
Celkový čas: 2010-12-24 11:41:45 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-12-24 10:41

Před spuštěním: Volných bajtů: 21 303 767 040
Po spuštění: Volných bajtů: 22 364 196 864

Current=3 Default=3 Failed=1 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - F44CC1B5794E235EDC70B1547CA633E3

#6 Příspěvek od **motji** » 24 pro 2010 23:16

odinstalujte všechny virtuální jednotky (Daemon nebo alcohol)

Stáhněte SPTD http://www.duplexsecure.com/en/downloads
-vyberte verzi podle svého operačního systému. SPTD for Windows (32 bit) nebo (64b)
-uložte na plochu a spusťte
- zvolte možnost Uninstall
- restart PC

Stahněte http://www.jpshortstuff.247fixes.com/Defogger.exe
- spustte,
- potvrdte disabled
-log vložte zde

Stáhněte Gmer http://www.viry.cz/forum/viewtopic.php?f=29&t=62878
- rozbalte a spusťte
-proběhne sken, po skončení se otevře okno s výsledky, kliknete na Save a tím si uložíte log,který sem vložíte

-Podle návodu v odkazu proveďte druhý sken a log sem také vložte.

stáhněte MBR
http://www2.gmer.net/mbr/mbr.exe
-uložte ho na plochu

start-spustit
do okénka zkopírujte

Kód: Vybrat vše

"%userprofile%\plocha\mbr" -t

ok

vytvoří se log s názvem mbr.log, vložte ho zde

sorcer · #7 Příspěvek od **sorcer** » 25 pro 2010 00:20

DEFOGGER:
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 23:42 on 24/12/2010 (Administrator)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...
--------------------------------------------------------------------------
GMER 1
GMER 1.0.15.15530 - http://www.gmer.net
Rootkit quick scan 2010-12-24 23:45:38
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdePort0 WDC_WD2500YS-01SHB1 rev.20.06C06
Running: gmer.exe; Driver: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\kxtdrpob.sys

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 sectors 490232383 (+254): rootkit-like behavior;

---- Devices - GMER 1.0.15 ----

Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort0 8AFBCAF1
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort1 8AFBCAF1
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort2 8AFBCAF1
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP0T1L0-c 8AFBCAF1
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort3 8AFBCAF1
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP1T1L0-1b 8AFBCAF1

AttachedDevice \Driver\Tcpip \Device\Ip fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software)
AttachedDevice \Driver\Tcpip \Device\Tcp fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software)
AttachedDevice \Driver\Tcpip \Device\Udp fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software)
AttachedDevice \Driver\Tcpip \Device\RawIp fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software)

Device \Device\Ide\IdeDeviceP0T0L0-4 -> \??\IDE#DiskWDC_WD2500YS-01SHB1_____________________20.06C06#5&3d0951c&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found

---- EOF - GMER 1.0.15 -------------------------------------------------------------

GMER 2
GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2010-12-25 00:17:03
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdePort0 WDC_WD2500YS-01SHB1 rev.20.06C06
Running: gmer.exe; Driver: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\kxtdrpob.sys

---- System - GMER 1.0.15 ----

SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software) ZwClose [0xBA4BEF80]
SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software) ZwCreateFile [0xBA4BE552]
SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software) ZwCreateKey [0xBA4BA882]
SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software) ZwCreateProcess [0xBA4BDA1A]
SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software) ZwCreateProcessEx [0xBA4BD910]
SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software) ZwCreateThread [0xBA4BDF2A]
SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software) ZwDeleteFile [0xBA4BF034]
SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software) ZwDeleteKey [0xBA4BAD54]
SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software) ZwDeleteValueKey [0xBA4BAE70]
SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software) ZwOpenFile [0xBA4BE906]
SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software) ZwOpenKey [0xBA4BAB78]
SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software) ZwResumeThread [0xBA4BE0DC]
SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software) ZwSetInformationFile [0xBA4BECE0]
SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software) ZwSetValueKey [0xBA4BB038]
SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software) ZwWriteFile [0xBA4BEBB2]

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!ZwYieldExecution + 246 804E4AA0 4 Bytes JMP 945204F0
.rsrc C:\WINDOWS\system32\drivers\disk.sys entry point in ".rsrc" section [0xF765F514]
PAGENDSM NDIS.sys!NdisMIndicateStatus F79749EF 6 Bytes JMP BA4B2C5E \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software)

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Mozilla Firefox\firefox.exe[1364] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 004013F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[1952] USER32.dll!TrackPopupMenu 7E3B531E 5 Bytes JMP 10402342 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] [BA4B2B06] \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [BA4B2B26] \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [BA4B2B60] \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol] [BA4B2B60] \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisDeregisterProtocol] [BA4B2B86] \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisCloseAdapter] [BA4B2B06] \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter] [BA4B2B26] \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software)
AttachedDevice \Driver\Tcpip \Device\Tcp fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software)

Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort0 8AFBCAF1
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort1 8AFBCAF1
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort2 8AFBCAF1
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP0T1L0-c 8AFBCAF1
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort3 8AFBCAF1
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP1T1L0-1b 8AFBCAF1

AttachedDevice \Driver\Tcpip \Device\Udp fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software)
AttachedDevice \Driver\Tcpip \Device\RawIp fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software)

Device \Device\Ide\IdeDeviceP0T0L0-4 -> \??\IDE#DiskWDC_WD2500YS-01SHB1_____________________20.06C06#5&3d0951c&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Pro\
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x80 0x54 0xCB 0xC5 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xA9 0xDA 0xDE 0xC5 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x73 0x72 0xBE 0x91 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002@hdf12 0x98 0x52 0x61 0xA7 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq0@hdf12 0x39 0x38 0xFC 0xA9 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq1 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq1@hdf12 0x31 0x8A 0xDD 0x64 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x4A 0xF2 0x9E 0x50 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xF2 0x18 0x55 0xB9 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x72 0xFA 0x08 0x28 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Pro\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x40 0x8C 0x44 0x91 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x5F 0x63 0x33 0x6F ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x9A 0x4A 0x0C 0x04 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002@hdf12 0x72 0xC4 0xDE 0x5A ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq0@hdf12 0xF7 0xD1 0x36 0xF9 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq1 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq1@hdf12 0x31 0x8A 0xDD 0x64 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x4A 0xF2 0x9E 0x50 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xF2 0x18 0x55 0xB9 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x72 0xFA 0x08 0x28 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 2
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xC5 0xC4 0xE4 0x6D ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xCB 0x6B 0x74 0x40 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x4A 0xF2 0x9E 0x50 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xF2 0x18 0x55 0xB9 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x72 0xFA 0x08 0x28 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 2
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x67 0x0C 0xEC 0xDF ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0xE9 0xD4 0x10 0xB9 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x96 0xC5 0x82 0xD4 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Pro\
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x82 0x86 0xB9 0xC3 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x5F 0x63 0x33 0x6F ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xDC 0x99 0x1E 0xBE ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0xE4 0x38 0xAF 0x25 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002@hdf12 0x50 0x69 0x84 0x7A ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq0@hdf12 0xE7 0x83 0xED 0x9C ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq1 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq1@hdf12 0x03 0xB7 0xD9 0xBB ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x4A 0xF2 0x9E 0x50 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xF2 0x18 0x55 0xB9 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x72 0xFA 0x08 0x28 ...

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 sectors 490232383 (+254): rootkit-like behavior;

---- Files - GMER 1.0.15 ----

File C:\WINDOWS\system32\drivers\disk.sys suspicious modification; TDL3 <-- ROOTKIT !!!

---- EOF - GMER 1.0.15 -----------------------------------------------------------

MBR
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: WDC_WD2500YS-01SHB1 rev.20.06C06 -> Harddisk0\DR0 -> \Device\Ide\IdePort0 P0T0L0-4

device: opened successfully
user: MBR read successfully

Disk trace:
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8AFBCECC]<<
1 nt!IofCallDriver[0x804E13B9] -> \Device\Harddisk0\DR0[0x8B10DAB8]
3 CLASSPNP[0xF7667FD7] -> nt!IofCallDriver[0x804E13B9] -> \Device\00000073[0x8B0A0338]
5 ACPI[0xF75AE620] -> nt!IofCallDriver[0x804E13B9] -> [0x8B071D98]
[0x8B07F3A8] -> IRP_MJ_CREATE -> 0x8AFBCECC
kernel: MBR read successfully
detected disk devices:
\Device\Ide\IdeDeviceP0T0L0-4 -> \??\IDE#DiskWDC_WD2500YS-01SHB1_____________________20.06C06#5&3d0951c&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
\Driver\atapi DriverStartIo -> 0x8AFBCAF1
user & kernel MBR OK
sectors 490232637 (+255): user != kernel
Warning: possible TDL3 rootkit infection !

#8 Příspěvek od **motji** » 25 pro 2010 10:25

Máte tam jednu velikou potvoru, zkusíme ji odstranit. Budu tady zase asi až zítra, jsou svátky

.

Návod od kolegy Stella

Stiahnite si prosím TDSSKiller http://support.kaspersky.com/downloads/ ... killer.exe a uložte ho na plochu.

2x-klik na TDSSKiller.exe- spustiť aplikáciu, potom na Spustiť kontrolu-klik- Start Scan.
Ak je infikovaný súbor detekovaný, bude predvolená akcia Cure, kliknite na tlačidlo Continue.
Ak podozrivý[suspicious] súbor je detekovaný, bude predvolená akcia Skip, kliknite na Continue.
Môže vás požiadať, aby ste reštartovali počítač na dokončenie procesu. Kliknite na Reboot Now.
Ak nevyžaduje reštart, kliknite na tlačidlo Report. Log súbor by sa mal objaviť. Prosím, skopírujte a vložte obsah súboru tu.
Ak je vyžadované reštartovanie počítača, správa je k dispozícii vo vašom koreňovom adresari

Znovu spustte Mbr s paramentrem t

sorcer · #9 Příspěvek od **sorcer** » 25 pro 2010 19:46

Je úplně jedno kdy se připojíte. Léčba nespěchá. Děkuji Vám za ochotu a pomoc.

DDSS
2010/12/25 19:41:52.0171 TDSS rootkit removing tool 2.4.12.0 Dec 16 2010 09:46:46
2010/12/25 19:41:52.0171 ================================================================================
2010/12/25 19:41:52.0171 SystemInfo:
2010/12/25 19:41:52.0171
2010/12/25 19:41:52.0171 OS Version: 5.1.2600 ServicePack: 3.0
2010/12/25 19:41:52.0171 Product type: Workstation
2010/12/25 19:41:52.0171 ComputerName: RAFF-PC
2010/12/25 19:41:52.0171 UserName: Administrator
2010/12/25 19:41:52.0171 Windows directory: C:\WINDOWS
2010/12/25 19:41:52.0171 System windows directory: C:\WINDOWS
2010/12/25 19:41:52.0171 Processor architecture: Intel x86
2010/12/25 19:41:52.0171 Number of processors: 2
2010/12/25 19:41:52.0171 Page size: 0x1000
2010/12/25 19:41:52.0171 Boot type: Safe boot with network
2010/12/25 19:41:52.0171 ================================================================================
2010/12/25 19:41:52.0500 Initialize success
2010/12/25 19:41:53.0875 ================================================================================
2010/12/25 19:41:53.0875 Scan started
2010/12/25 19:41:53.0875 Mode: Manual;
2010/12/25 19:41:53.0875 ================================================================================
2010/12/25 19:41:57.0296 ac97intc (0f2d66d5f08ebe2f77bb904288dcf6f0) C:\WINDOWS\system32\drivers\ac97intc.sys
2010/12/25 19:41:57.0343 ACPI (4fe34f1f3126b61fcc6b2043aa8112c9) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/12/25 19:41:57.0375 ACPIEC (afdff022a01f0b11c776f0860c3b282f) C:\WINDOWS\system32\drivers\ACPIEC.sys
2010/12/25 19:41:57.0468 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2010/12/25 19:41:57.0531 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2010/12/25 19:41:57.0687 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2010/12/25 19:41:57.0812 asusgsb (d320732bcf5ff856120bd06855c66867) C:\WINDOWS\system32\drivers\asusgsb.sys
2010/12/25 19:41:57.0828 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/12/25 19:41:57.0875 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/12/25 19:41:57.0968 ati2mtag (58f6f26083828fd18696f3592323ba21) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
2010/12/25 19:41:58.0046 atksgt (f9c24d25d9ff29f894995a64812b4d85) C:\WINDOWS\system32\DRIVERS\atksgt.sys
2010/12/25 19:41:58.0078 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/12/25 19:41:58.0125 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/12/25 19:41:58.0171 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/12/25 19:41:58.0265 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/12/25 19:41:58.0296 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2010/12/25 19:41:58.0343 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/12/25 19:41:58.0375 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/12/25 19:41:58.0406 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/12/25 19:41:58.0562 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/12/25 19:41:58.0625 dmboot (db5fd2bf5b07dc54bfcb3664ff05bd7c) C:\WINDOWS\system32\drivers\dmboot.sys
2010/12/25 19:41:58.0687 dmio (fff1720af51171f32f1ead5cf71f2810) C:\WINDOWS\system32\drivers\dmio.sys
2010/12/25 19:41:58.0703 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/12/25 19:41:58.0734 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2010/12/25 19:41:58.0796 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/12/25 19:41:58.0828 EIO_XP (0daf3544804650526751c478aeccce63) C:\WINDOWS\system32\drivers\EIO_XP.sys
2010/12/25 19:41:58.0859 ENTECH (fd9fc82f134b1c91004ffc76a5ae494b) C:\WINDOWS\system32\DRIVERS\ENTECH.sys
2010/12/25 19:41:58.0906 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/12/25 19:41:58.0937 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
2010/12/25 19:41:58.0968 Fips (ac366695a0796560aa37215ad5762aaf) C:\WINDOWS\system32\drivers\Fips.sys
2010/12/25 19:41:58.0984 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2010/12/25 19:41:59.0015 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2010/12/25 19:41:59.0031 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/12/25 19:41:59.0062 Ftdisk (4e664d8541db4a66b73a24257e322e1f) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/12/25 19:41:59.0093 fwdrv (4700b7992432d9cae2a4766f36aff2c5) C:\WINDOWS\system32\drivers\fwdrv.sys
2010/12/25 19:41:59.0125 gdrv (54789f9ba0d59072cdd4e7c200e122c4) C:\WINDOWS\gdrv.sys
2010/12/25 19:41:59.0171 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2010/12/25 19:41:59.0203 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/12/25 19:41:59.0234 hamachi (7929a161f9951d173ca9900fe7067391) C:\WINDOWS\system32\DRIVERS\hamachi.sys
2010/12/25 19:41:59.0265 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2010/12/25 19:41:59.0312 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2010/12/25 19:41:59.0375 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/12/25 19:41:59.0437 i8042prt (c528e27945367191e7bae364930b6932) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/12/25 19:41:59.0468 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/12/25 19:41:59.0625 IntcAzAudAddService (e37589414437a60797e94c0f57c546db) C:\WINDOWS\system32\drivers\RtkHDAud.sys
2010/12/25 19:41:59.0750 intelppm (27b290d632af2cf3cf40bfddb7370985) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2010/12/25 19:41:59.0781 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2010/12/25 19:41:59.0812 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/12/25 19:41:59.0828 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/12/25 19:41:59.0859 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/12/25 19:41:59.0890 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/12/25 19:41:59.0906 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/12/25 19:41:59.0937 isapnp (cc9f8a2d60aed1a51a3ac34c59b987ae) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/12/25 19:41:59.0984 JGOGO (c995c0e8b4503fac38793bb0236ad246) C:\WINDOWS\system32\DRIVERS\JGOGO.sys
2010/12/25 19:42:00.0000 JRAID (f90a4e8657319a652e04c5362926cfea) C:\WINDOWS\system32\DRIVERS\jraid.sys
2010/12/25 19:42:00.0015 Kbdclass (1b6162fe7f66b1a71a4b70f941c4aa9b) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/12/25 19:42:00.0046 khips (f27a6d0bbca2893aad1a0018bac61eb3) C:\WINDOWS\system32\drivers\khips.sys
2010/12/25 19:42:00.0078 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2010/12/25 19:42:00.0125 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/12/25 19:42:00.0203 lirsgt (8ccf9ed46d52af1375875f74a91ffacf) C:\WINDOWS\system32\DRIVERS\lirsgt.sys
2010/12/25 19:42:00.0250 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/12/25 19:42:00.0281 Modem (44032b0c6d9954d3fd26438330b99ee7) C:\WINDOWS\system32\drivers\Modem.sys
2010/12/25 19:42:00.0296 Mouclass (4cb582831dbde63ce43b45d771218374) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/12/25 19:42:00.0328 mouhid (bb269eba740737ab749b214d568b6812) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2010/12/25 19:42:00.0343 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/12/25 19:42:00.0437 MREMP50 (9bd4dcb5412921864a7aacdedfbd1923) C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS
2010/12/25 19:42:00.0515 MRESP50 (07c02c892e8e1a72d6bf35004f0e9c5e) C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS
2010/12/25 19:42:00.0546 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/12/25 19:42:00.0609 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/12/25 19:42:00.0640 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2010/12/25 19:42:00.0671 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/12/25 19:42:00.0687 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/12/25 19:42:00.0750 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/12/25 19:42:00.0828 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/12/25 19:42:00.0843 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2010/12/25 19:42:00.0859 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2010/12/25 19:42:00.0890 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2010/12/25 19:42:00.0937 NCHSSVAD (7d28f86b96401a2c8209db1381678b61) C:\WINDOWS\system32\drivers\nchssvad.sys
2010/12/25 19:42:00.0953 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2010/12/25 19:42:00.0984 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2010/12/25 19:42:00.0984 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/12/25 19:42:01.0015 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/12/25 19:42:01.0046 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/12/25 19:42:01.0062 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/12/25 19:42:01.0078 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/12/25 19:42:01.0125 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/12/25 19:42:01.0171 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2010/12/25 19:42:01.0187 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2010/12/25 19:42:01.0218 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/12/25 19:42:01.0281 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/12/25 19:42:01.0468 nv (9e143fb3ef13b7ec1c1dd06529debadd) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2010/12/25 19:42:01.0625 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/12/25 19:42:01.0640 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/12/25 19:42:01.0671 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2010/12/25 19:42:01.0703 Parport (46f8db73b4a53e543f8e371dc7c75bae) C:\WINDOWS\system32\DRIVERS\parport.sys
2010/12/25 19:42:01.0718 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/12/25 19:42:01.0734 ParVdm (1fae19d0457176318bba4a8795656ebc) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/12/25 19:42:01.0750 PCI (6ce351d149cb4befc702951e471e1730) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/12/25 19:42:01.0812 PCIIde (2da4ec85e0ea7a45c6b2a05820492d5a) C:\WINDOWS\system32\DRIVERS\pciide.sys
2010/12/25 19:42:01.0843 Pcmcia (4fc31e6c19a5ce5198b1abff94cae758) C:\WINDOWS\system32\drivers\Pcmcia.sys
2010/12/25 19:42:02.0015 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/12/25 19:42:02.0046 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/12/25 19:42:02.0078 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/12/25 19:42:02.0093 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2010/12/25 19:42:02.0218 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/12/25 19:42:02.0234 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/12/25 19:42:02.0250 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/12/25 19:42:02.0281 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/12/25 19:42:02.0296 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/12/25 19:42:02.0312 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/12/25 19:42:02.0343 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2010/12/25 19:42:02.0375 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/12/25 19:42:02.0406 redbook (611bfd220305be3a85ae876ea47d4aa5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/12/25 19:42:02.0484 RivaTuner32 (c0c8909be3ecc9df8089112bf9be954e) C:\Program Files\RivaTuner v2.06\RivaTuner32.sys
2010/12/25 19:42:02.0531 RTLE8023xp (098de621085d7f922871a99b0ec7ddd6) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
2010/12/25 19:42:02.0562 s616bus (ef4b5a8d53f15cb269469dd4e4bb0109) C:\WINDOWS\system32\DRIVERS\s616bus.sys
2010/12/25 19:42:02.0593 s616mdfl (96187731eefcf83e844bc1ce6617aaeb) C:\WINDOWS\system32\DRIVERS\s616mdfl.sys
2010/12/25 19:42:02.0609 s616mdm (d2dd87368bfecfa099e50dc120f3f513) C:\WINDOWS\system32\DRIVERS\s616mdm.sys
2010/12/25 19:42:02.0625 s616mgmt (5f0be24e4d4fa134b0b2fef35d3a9d90) C:\WINDOWS\system32\DRIVERS\s616mgmt.sys
2010/12/25 19:42:02.0656 s616nd5 (b9b507fcc67e204ef38e05ffd4176345) C:\WINDOWS\system32\DRIVERS\s616nd5.sys
2010/12/25 19:42:02.0671 s616obex (f123a1f2a04a0e8dba80b64f0072475a) C:\WINDOWS\system32\DRIVERS\s616obex.sys
2010/12/25 19:42:02.0687 s616unic (e7e55048ebd5c17bfa791b4a6ec3d54b) C:\WINDOWS\system32\DRIVERS\s616unic.sys
2010/12/25 19:42:02.0750 se58bus (6c1bec4e12b4ed714e5f8065f680e9c2) C:\WINDOWS\system32\DRIVERS\se58bus.sys
2010/12/25 19:42:02.0781 se58mgmt (29efe7e788ea404344186a7c3a43d08e) C:\WINDOWS\system32\DRIVERS\se58mgmt.sys
2010/12/25 19:42:02.0781 se58nd5 (2485cd76889251fc9bc7a0cb112e47f6) C:\WINDOWS\system32\DRIVERS\se58nd5.sys
2010/12/25 19:42:02.0812 se58unic (f653642c39a7072bdce7f25404ec15ce) C:\WINDOWS\system32\DRIVERS\se58unic.sys
2010/12/25 19:42:02.0843 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/12/25 19:42:02.0875 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2010/12/25 19:42:02.0890 Serial (b842729337c9b921615c40d3c1a1af96) C:\WINDOWS\system32\DRIVERS\serial.sys
2010/12/25 19:42:02.0937 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2010/12/25 19:42:02.0984 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2010/12/25 19:42:03.0031 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2010/12/25 19:42:03.0078 sr (94610c8653635e4459316a0050d55ce7) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/12/25 19:42:03.0109 Srv (da852e3e0bf1cea75d756f9866241e57) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/12/25 19:42:03.0156 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2010/12/25 19:42:03.0171 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/12/25 19:42:03.0218 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2010/12/25 19:42:03.0312 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/12/25 19:42:03.0375 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/12/25 19:42:03.0406 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/12/25 19:42:03.0421 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/12/25 19:42:03.0468 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/12/25 19:42:03.0531 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2010/12/25 19:42:03.0593 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2010/12/25 19:42:03.0640 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2010/12/25 19:42:03.0656 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/12/25 19:42:03.0703 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/12/25 19:42:03.0750 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2010/12/25 19:42:03.0781 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2010/12/25 19:42:03.0828 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/12/25 19:42:03.0843 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2010/12/25 19:42:03.0890 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2010/12/25 19:42:03.0937 VolSnap (28a4b296b47782173c346e376cb374d1) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/12/25 19:42:03.0968 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/12/25 19:42:04.0031 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/12/25 19:42:04.0125 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
2010/12/25 19:42:04.0156 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2010/12/25 19:42:04.0187 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2010/12/25 19:42:04.0203 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2010/12/25 19:42:04.0500 ================================================================================
2010/12/25 19:42:04.0500 Scan finished
2010/12/25 19:42:04.0500 ================================================================================

MBR
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: WDC_WD2500YS-01SHB1 rev.20.06C06 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4

device: opened successfully
user: MBR read successfully

Disk trace:
called modules: ntoskrnl.exe CLASSPNP.SYS tsk3.tmp ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
tsk3.tmp
1 nt!IofCallDriver[0x804E13B9] -> \Device\Harddisk0\DR0[0x8B0699C0]
3 CLASSPNP[0xF7667FD7] -> nt!IofCallDriver[0x804E13B9] -> \Device\00000073[0x8B108968]
5 ACPI[0xF759C620] -> nt!IofCallDriver[0x804E13B9] -> \Device\Ide\IdeDeviceP0T0L0-4[0x8B108D98]
kernel: MBR read successfully
user & kernel MBR OK

#10 Příspěvek od **motji** » 26 pro 2010 00:04

Poprosím ještě o Gmer, nevidím že by TDSS rootkit něco opravil, ale Mbr.exe už nic nehlásí

sorcer · #11 Příspěvek od **sorcer** » 26 pro 2010 14:05

Opravil ale já dal hned restart, aniž bych uložil log. Vyléčil jeden soubor na .../win/system32/drivers/driver.sys

GMER 1.0.15.15530 - http://www.gmer.net
Rootkit quick scan 2010-12-26 13:17:46
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4 WDC_WD2500YS-01SHB1 rev.20.06C06
Running: gmer.exe; Driver: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\kxtdrpob.sys

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software)
AttachedDevice \Driver\Tcpip \Device\Tcp fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software)
AttachedDevice \Driver\Tcpip \Device\Udp fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software)
AttachedDevice \Driver\Tcpip \Device\RawIp fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software)

---- EOF - GMER 1.0.15 ----

GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2010-12-26 14:04:39
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4 WDC_WD2500YS-01SHB1 rev.20.06C06
Running: gmer.exe; Driver: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\kxtdrpob.sys

---- System - GMER 1.0.15 ----

SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software) ZwClose [0xBA4BEF80]
SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software) ZwCreateFile [0xBA4BE552]
SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software) ZwCreateKey [0xBA4BA882]
SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software) ZwCreateProcess [0xBA4BDA1A]
SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software) ZwCreateProcessEx [0xBA4BD910]
SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software) ZwCreateThread [0xBA4BDF2A]
SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software) ZwDeleteFile [0xBA4BF034]
SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software) ZwDeleteKey [0xBA4BAD54]
SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software) ZwDeleteValueKey [0xBA4BAE70]
SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software) ZwOpenFile [0xBA4BE906]
SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software) ZwOpenKey [0xBA4BAB78]
SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software) ZwResumeThread [0xBA4BE0DC]
SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software) ZwSetInformationFile [0xBA4BECE0]
SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software) ZwSetValueKey [0xBA4BB038]
SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software) ZwWriteFile [0xBA4BEBB2]

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!ZwYieldExecution + 246 804E4AA0 4 Bytes JMP 945204F0
PAGENDSM NDIS.sys!NdisMIndicateStatus F79749EF 6 Bytes JMP BA4B2C5E \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software)

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] [BA4B2B06] \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [BA4B2B26] \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [BA4B2B60] \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol] [BA4B2B60] \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisDeregisterProtocol] [BA4B2B86] \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisCloseAdapter] [BA4B2B06] \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter] [BA4B2B26] \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software)
AttachedDevice \Driver\Tcpip \Device\Tcp fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software)
AttachedDevice \Driver\Tcpip \Device\Udp fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software)
AttachedDevice \Driver\Tcpip \Device\RawIp fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Pro\
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x80 0x54 0xCB 0xC5 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xA9 0xDA 0xDE 0xC5 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x73 0x72 0xBE 0x91 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002@hdf12 0x98 0x52 0x61 0xA7 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq0@hdf12 0x39 0x38 0xFC 0xA9 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq1 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq1@hdf12 0x31 0x8A 0xDD 0x64 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x4A 0xF2 0x9E 0x50 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xF2 0x18 0x55 0xB9 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x72 0xFA 0x08 0x28 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Pro\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x40 0x8C 0x44 0x91 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x5F 0x63 0x33 0x6F ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x9A 0x4A 0x0C 0x04 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002@hdf12 0x72 0xC4 0xDE 0x5A ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq0@hdf12 0xF7 0xD1 0x36 0xF9 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq1 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq1@hdf12 0x31 0x8A 0xDD 0x64 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x4A 0xF2 0x9E 0x50 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xF2 0x18 0x55 0xB9 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x72 0xFA 0x08 0x28 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 2
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xC5 0xC4 0xE4 0x6D ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xCB 0x6B 0x74 0x40 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x4A 0xF2 0x9E 0x50 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xF2 0x18 0x55 0xB9 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x72 0xFA 0x08 0x28 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 2
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x67 0x0C 0xEC 0xDF ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0xE9 0xD4 0x10 0xB9 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x96 0xC5 0x82 0xD4 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Pro\
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x82 0x86 0xB9 0xC3 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x5F 0x63 0x33 0x6F ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xDC 0x99 0x1E 0xBE ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0xE4 0x38 0xAF 0x25 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002@hdf12 0x50 0x69 0x84 0x7A ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq0@hdf12 0xE7 0x83 0xED 0x9C ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq1 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq1@hdf12 0x03 0xB7 0xD9 0xBB ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x4A 0xF2 0x9E 0x50 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xF2 0x18 0x55 0xB9 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x72 0xFA 0x08 0x28 ...

---- EOF - GMER 1.0.15 ----

#12 Příspěvek od **motji** » 26 pro 2010 19:19

Ach jo, tomu se ale říká matení nepřítele, tedy mě

. Nebyl ten opravovaný soubor náhodou
C:\WINDOWS\system32\drivers\disk.sys

Spusťte znovu combofix

Stahněte z mého podpisu AVPTOOl http://www.viry.cz/forum/viewtopic.php?f=29&t=58179

-Podle návodu nainstalujte a proveďte sken
-co najde nechejte léčit, mazat
-sken může trvat několik hodin
-vložte zde log z výsledky

Nahlaste stav počítače

sorcer · #13 Příspěvek od **sorcer** » 27 pro 2010 12:56

$$$ COMBOFIX $$$
ComboFix 10-12-26.01 - Administrator 27.12.2010 10:28:43.3.2 - x86 NETWORK
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.3582.3302 [GMT 1:00]
Spuštěný z: c:\documents and settings\Administrator\Plocha\broucek.com.exe
FW: Sunbelt Kerio Personal Firewall *Enabled* {E659E0EE-10E6-49B7-8696-60F38D0EB174}
.

((((((((((((((((((((((((( Soubory vytvořené od 2010-11-27 do 2010-12-27 )))))))))))))))))))))))))))))))
.

2010-12-23 18:06 . 2010-12-23 18:06 -------- d-----w- c:\program files\Mal
2010-12-23 17:57 . 2010-12-23 17:57 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2010-12-23 17:57 . 2010-12-20 17:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-23 17:57 . 2010-12-20 17:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-22 21:59 . 2010-12-22 21:59 -------- d-----w- C:\rsit
2010-12-22 21:59 . 2010-12-22 21:59 -------- d-----w- c:\program files\trend micro
2010-12-22 21:32 . 2001-10-24 10:54 12160 -c--a-w- c:\windows\system32\dllcache\mouhid.sys
2010-12-22 21:32 . 2001-10-24 10:54 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2010-12-22 21:32 . 2008-04-13 19:45 10368 -c--a-w- c:\windows\system32\dllcache\hidusb.sys
2010-12-22 21:32 . 2008-04-13 19:45 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys
2010-12-22 15:00 . 2010-12-22 15:00 -------- d-s---w- c:\documents and settings\Administrator\UserData
2010-12-19 20:03 . 2010-12-22 14:57 -------- d-----w- c:\program files\Zrychleni Pocitace
2010-12-13 21:31 . 2010-12-13 21:31 -------- d-----w- c:\program files\Microsoft Silverlight
2010-12-10 16:20 . 2010-12-10 16:20 -------- d-----w- c:\program files\Common Files\Skype

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-25 18:40 . 2004-08-03 20:59 36352 ----a-w- c:\windows\system32\drivers\disk.sys
2010-10-07 11:23 . 2010-10-07 11:23 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-10-07 11:23 . 2010-10-07 11:23 197920 ----a-w- c:\windows\system32\dnssdX.dll
2010-10-07 11:23 . 2010-10-07 11:23 107808 ----a-w- c:\windows\system32\dns-sd.exe
2004-01-28 04:00 . 2004-01-28 04:00 76677 ----a-w- c:\program files\unins000.exe
2003-08-09 09:31 . 2003-08-09 09:31 69120 ----a-w- c:\program files\sslcopy.exe
2003-08-05 21:57 . 2003-08-05 21:57 64000 ----a-w- c:\program files\regref.exe
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"JMB36X IDE Setup"="c:\windows\JM\JMInsIDE.exe" [2006-10-30 36864]
"36X Raid Configurer"="c:\windows\system32\JMRaidSetup.exe" [2007-02-06 1953792]
"SMail"="c:\program files\Seznam\Postak\Postak.exe" [2006-05-18 450560]
"RTHDCPL"="RTHDCPL.EXE" [2007-04-12 16132608]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-01-15 13680640]
"nwiz"="nwiz.exe" [2009-01-15 1657376]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-01-15 86016]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"TO2SSM_McciTrayApp"="c:\program files\TO2SSM\McciTrayApp.exe" [2008-08-15 1473536]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-09-01 1164584]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-11-10 421160]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Hlavní panel ATI CATALYST.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Hlavní panel ATI CATALYST.lnk
backup=c:\windows\pss\Hlavní panel ATI CATALYST.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Raff^Nabídka Start^Programy^Po spuštění^Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk]
path=c:\documents and settings\Raff\Nabídka Start\Programy\Po spuštění\Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk
backup=c:\windows\pss\Výřezy obrazovky a spuštění aplikace OneNote 2007.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-10-15 00:04 39792 -c--a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2008-04-14 03:22 15360 ----a-w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 10:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-11-10 23:40 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 03:22 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
2001-07-09 01:50 155648 -c--a-w- c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-09-08 10:17 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-03-09 03:19 148888 -c--a-w- c:\program files\Java\jre6\bin\jusched.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Sunbelt Software\\Personal Firewall\\kpf4gui.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\Hry\\CoD4\\iw3mp.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"d:\\Hry\\Mafie II\\Hra\\Steam.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 fwdrv;Firewall Driver;c:\windows\system32\drivers\fwdrv.sys [20.2.2007 13:34 302000]
S1 khips;Kerio HIPS Driver;c:\windows\system32\drivers\khips.sys [20.2.2007 13:34 71088]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [14.9.2009 14:25 133104]
S3 NCHSSVAD;SoundTap Recorder;c:\windows\system32\drivers\nchssvad.sys [11.3.2008 12:35 21120]
S4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys --> c:\windows\system32\Drivers\sptd.sys [?]
.
Obsah adresáře 'Naplánované úlohy'

2010-12-21 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

2010-12-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-14 13:25]

2010-12-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-14 13:25]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.yahoo.com
mStart Page = hxxp://www.yahoo.com
uInternet Connection Wizard,ShellNext = hxxp://www.yahoo.com/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\ywe9b6x2.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: The Browser Highlighter: browserhighlighter@ebay.com - c:\program files\Mozilla Firefox\extensions\browserhighlighter@ebay.com
FF - Ext: Personas for Firefox: personas@christopher.beard - c:\program files\Mozilla Firefox\extensions\personas@christopher.beard
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Personas: personas@christopher.beard - %profile%\extensions\personas@christopher.beard
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

SafeBoot-klmdb.sys
MSConfigStartUp-AlcoholAutomount - c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe
MSConfigStartUp-DAEMON Tools Pro Agent - c:\program files\DAEMON Tools Pro\DTProAgent.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-27 10:32
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(716)
c:\windows\system32\Ati2evxx.dll
.
Celkový čas: 2010-12-27 10:33:51
ComboFix-quarantined-files.txt 2010-12-27 09:33
ComboFix2.txt 2010-12-24 10:41

Před spuštěním: Volných bajtů: 20 175 486 976
Po spuštění: Volných bajtů: 20 374 192 128

Current=3 Default=3 Failed=1 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - 629BAD987DFFB435D4DA8736AED46F6A

$$$ Kaspersky $$$
Automatická kontrola: dokončeno před 59 min. (události: 66, objekty: 403848, čas: 01:06:03)
27.12.2010 10:49:09 Úloha byla spuštěna
27.12.2010 10:52:23 Zjištěno: http://www.viruslist.com/cz/advisories/39259 C:\Program Files\QuickTime\QuickTimePlayer.exe
27.12.2010 10:53:55 Zjištěno: http://www.viruslist.com/cz/advisories/39259 C:\Program Files\QuickTime\QuickTimePlayer.exe
27.12.2010 10:54:05 Zjištěno: Exploit.Win32.IMG-WMF.cqm C:\Archyv\Crecky a patche\Pro CoD4\win32openSSL-v0.9.6m.exe/data0009
27.12.2010 10:54:08 Zjištěno: Exploit.Win32.IMG-WMF.cht C:\Archyv\Crecky a patche\Pro CoD4\win32openSSL-v0.9.6m.exe/data0018
27.12.2010 10:54:08 Zjištěno: Exploit.Win32.IMG-WMF.chu C:\Archyv\Crecky a patche\Pro CoD4\win32openSSL-v0.9.6m.exe/data0019
27.12.2010 10:54:08 Zjištěno: Exploit.Win32.IMG-WMF.cqn C:\Archyv\Crecky a patche\Pro CoD4\win32openSSL-v0.9.6m.exe/data0020
27.12.2010 10:54:08 Zjištěno: Exploit.Win32.IMG-WMF.chv C:\Archyv\Crecky a patche\Pro CoD4\win32openSSL-v0.9.6m.exe/data0021
27.12.2010 10:54:21 Odstraněno: Exploit.Win32.IMG-WMF.chv C:\Archyv\Crecky a patche\Pro CoD4\win32openSSL-v0.9.6m.exe
27.12.2010 10:57:31 Zjištěno: Trojan-Clicker.Win32.VB.l C:\Archyv\Programi od Anýžaka\kodeky\DivX 5.0.5 cracked\DivXPro505GAIN_Bundle.exe/system32.exe
27.12.2010 10:57:40 Odstraněno: Trojan-Clicker.Win32.VB.l C:\Archyv\Programi od Anýžaka\kodeky\DivX 5.0.5 cracked\DivXPro505GAIN_Bundle.exe
27.12.2010 11:00:39 Zjištěno: not-a-virus:AdWare.Win32.Agent.qhk C:\Documents and Settings\All Users\Data aplikací\{51FC4C90-DF10-4D41-963E-DB3050C1267C}\Setup.exe
27.12.2010 11:00:40 Zjištěno: not-a-virus:AdWare.Win32.Agent.sga C:\Documents and Settings\All Users\Data aplikací\{51FC4C90-DF10-4D41-963E-DB3050C1267C}\OFFLINE\6216A4BD\3E688669\stbYahoo8.dll
27.12.2010 11:00:44 Odstraněno: not-a-virus:AdWare.Win32.Agent.qhk C:\Documents and Settings\All Users\Data aplikací\{51FC4C90-DF10-4D41-963E-DB3050C1267C}\Setup.exe
27.12.2010 11:00:44 Zjištěno: not-a-virus:AdWare.Win32.Agent.sfx C:\Documents and Settings\All Users\Data aplikací\{51FC4C90-DF10-4D41-963E-DB3050C1267C}\OFFLINE\B3AC8875\3E688669\stbMsn.dll
27.12.2010 11:00:44 Zjištěno: not-a-virus:AdWare.Win32.Agent.sfy C:\Documents and Settings\All Users\Data aplikací\{51FC4C90-DF10-4D41-963E-DB3050C1267C}\OFFLINE\C41B8701\3E688669\stbAol.dll
27.12.2010 11:00:44 Odstraněno: not-a-virus:AdWare.Win32.Agent.sga C:\Documents and Settings\All Users\Data aplikací\{51FC4C90-DF10-4D41-963E-DB3050C1267C}\OFFLINE\6216A4BD\3E688669\stbYahoo8.dll
27.12.2010 11:00:45 Zjištěno: not-a-virus:AdWare.Win32.Agent.sfz C:\Documents and Settings\All Users\Data aplikací\{51FC4C90-DF10-4D41-963E-DB3050C1267C}\OFFLINE\D5797E3B\3E688669\stbYahoo9.dll
27.12.2010 11:00:45 Odstraněno: not-a-virus:AdWare.Win32.Agent.sfx C:\Documents and Settings\All Users\Data aplikací\{51FC4C90-DF10-4D41-963E-DB3050C1267C}\OFFLINE\B3AC8875\3E688669\stbMsn.dll
27.12.2010 11:00:45 Odstraněno: not-a-virus:AdWare.Win32.Agent.sfy C:\Documents and Settings\All Users\Data aplikací\{51FC4C90-DF10-4D41-963E-DB3050C1267C}\OFFLINE\C41B8701\3E688669\stbAol.dll
27.12.2010 11:00:46 Zjištěno: Trojan.Win32.Agent.gagn C:\Documents and Settings\All Users\Data aplikací\{51FC4C90-DF10-4D41-963E-DB3050C1267C}\OFFLINE\mFileBagIDE.dll\bag\FFToolbar.xpi/components/SmileyCore.dll
27.12.2010 11:00:46 Neošetřeno: Trojan.Win32.Agent.gagn C:\Documents and Settings\All Users\Data aplikací\{51FC4C90-DF10-4D41-963E-DB3050C1267C}\OFFLINE\mFileBagIDE.dll\bag\FFToolbar.xpi/components/SmileyCore.dll Zápis není podporován
27.12.2010 11:00:46 Odstraněno: not-a-virus:AdWare.Win32.Agent.sfz C:\Documents and Settings\All Users\Data aplikací\{51FC4C90-DF10-4D41-963E-DB3050C1267C}\OFFLINE\D5797E3B\3E688669\stbYahoo9.dll
27.12.2010 11:02:23 Zjištěno: http://www.viruslist.com/cz/advisories/42605 C:\Documents and Settings\Raff\Local Settings\Data aplikací\Google\Chrome\Application\8.0.552.215\nacl64.dll
27.12.2010 11:02:24 Zjištěno: http://www.viruslist.com/cz/advisories/42605 C:\Documents and Settings\Raff\Local Settings\Data aplikací\Google\Chrome\Application\8.0.552.215\chrome.dll
27.12.2010 11:03:52 Zjištěno: http://www.viruslist.com/cz/advisories/39272 C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.dll
27.12.2010 11:04:09 Zjištěno: Trojan.Win32.Agent2.pl C:\Program Files\ARWizard3\ARWizard3.exe/Armadillo
27.12.2010 11:04:13 Odstraněno: Trojan.Win32.Agent2.pl C:\Program Files\ARWizard3\ARWizard3.exe
27.12.2010 11:04:47 Zjištěno: Exploit.Win32.IMG-WMF.cqm C:\Program Files\bin\exptest.exe
27.12.2010 11:04:47 Zjištěno: Exploit.Win32.IMG-WMF.cht C:\Program Files\bin\randtest.exe
27.12.2010 11:04:47 Zjištěno: Exploit.Win32.IMG-WMF.chu C:\Program Files\bin\rc2test.exe
27.12.2010 11:04:47 Odstraněno: Exploit.Win32.IMG-WMF.cqm C:\Program Files\bin\exptest.exe
27.12.2010 11:04:47 Zjištěno: Exploit.Win32.IMG-WMF.cqn C:\Program Files\bin\rc4test.exe
27.12.2010 11:04:47 Odstraněno: Exploit.Win32.IMG-WMF.cht C:\Program Files\bin\randtest.exe
27.12.2010 11:04:47 Zjištěno: Exploit.Win32.IMG-WMF.chv C:\Program Files\bin\rc5test.exe
27.12.2010 11:04:47 Odstraněno: Exploit.Win32.IMG-WMF.chu C:\Program Files\bin\rc2test.exe
27.12.2010 11:04:48 Odstraněno: Exploit.Win32.IMG-WMF.chv C:\Program Files\bin\rc5test.exe
27.12.2010 11:04:48 Odstraněno: Exploit.Win32.IMG-WMF.cqn C:\Program Files\bin\rc4test.exe
27.12.2010 11:07:23 Zjištěno: http://www.viruslist.com/cz/advisories/39036 C:\Program Files\IrfanView\i_view32.exe
27.12.2010 11:07:49 Zjištěno: http://www.viruslist.com/cz/advisories/41791 C:\Program Files\Java\jre1.6.0_03\bin\java.exe
27.12.2010 11:07:55 Zjištěno: http://www.viruslist.com/cz/advisories/41791 C:\Program Files\Java\jre1.6.0_07\bin\java.exe
27.12.2010 11:08:01 Zjištěno: http://www.viruslist.com/cz/advisories/41791 C:\Program Files\Java\jre6\bin\java.exe
27.12.2010 11:10:46 Zjištěno: Packed.Win32.Krap.ao C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Data aplikací\eChIa01804\eChIa01804.exe.vir
27.12.2010 11:10:49 Zjištěno: Hoax.Win32.Screensaver.b C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3WPHOOK.DLL.vir
27.12.2010 11:10:49 Zjištěno: Trojan-Spy.Win32.Zbot.aeud C:\Qoobox\Quarantine\C\WINDOWS\system32\_sdra64_.exe.zip/sdra64.exe
27.12.2010 11:10:49 Odstraněno: Packed.Win32.Krap.ao C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Data aplikací\eChIa01804\eChIa01804.exe.vir
27.12.2010 11:10:50 Zjištěno: not-a-virus:Garbage.Win32.WebToolbar.ar C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3SLSRCH.EXE.vir
27.12.2010 11:10:51 Odstraněno: Trojan-Spy.Win32.Zbot.aeud C:\Qoobox\Quarantine\C\WINDOWS\system32\_sdra64_.exe.zip/sdra64.exe
27.12.2010 11:10:52 Odstraněno: not-a-virus:Garbage.Win32.WebToolbar.ar C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3SLSRCH.EXE.vir
27.12.2010 11:10:52 Odstraněno: Hoax.Win32.Screensaver.b C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3WPHOOK.DLL.vir
27.12.2010 11:50:39 Zjištěno: not-a-virus:AdWare.Win32.Excite.a H:\System Volume Information\_restore{830F1D3B-DA6F-4D0E-AF4B-DAEBC4B9AEC2}\RP10\A0000990.exe/data0038/data0000.res/data0001.res
27.12.2010 11:50:42 Zjištěno: not-a-virus:AdWare.Win32.MyWay.f H:\System Volume Information\_restore{830F1D3B-DA6F-4D0E-AF4B-DAEBC4B9AEC2}\RP10\A0000990.exe/data0038/data0000.res/data0005.res
27.12.2010 11:50:42 Zjištěno: not-a-virus:AdWare.Win32.Excite.a H:\System Volume Information\_restore{830F1D3B-DA6F-4D0E-AF4B-DAEBC4B9AEC2}\RP10\A0000990.exe/data0038/data0000.res/#
27.12.2010 11:50:42 Zjištěno: not-a-virus:AdWare.Win32.MyWay.f H:\System Volume Information\_restore{830F1D3B-DA6F-4D0E-AF4B-DAEBC4B9AEC2}\RP10\A0000990.exe/data0038/data0000.res/#
27.12.2010 11:50:42 Zjištěno: not-a-virus:AdWare.Win32.Excite.a H:\System Volume Information\_restore{830F1D3B-DA6F-4D0E-AF4B-DAEBC4B9AEC2}\RP10\A0000990.exe/data0038/#/data0001.res
27.12.2010 11:50:42 Zjištěno: not-a-virus:AdWare.Win32.MyWay.f H:\System Volume Information\_restore{830F1D3B-DA6F-4D0E-AF4B-DAEBC4B9AEC2}\RP10\A0000990.exe/data0038/#/data0005.res
27.12.2010 11:50:42 Zjištěno: not-a-virus:AdWare.Win32.Excite.a H:\System Volume Information\_restore{830F1D3B-DA6F-4D0E-AF4B-DAEBC4B9AEC2}\RP10\A0000990.exe/data0038/#
27.12.2010 11:50:42 Zjištěno: not-a-virus:AdWare.Win32.MyWay.f H:\System Volume Information\_restore{830F1D3B-DA6F-4D0E-AF4B-DAEBC4B9AEC2}\RP10\A0000990.exe/data0038/#
27.12.2010 11:50:43 Odstraněno: not-a-virus:AdWare.Win32.MyWay.f H:\System Volume Information\_restore{830F1D3B-DA6F-4D0E-AF4B-DAEBC4B9AEC2}\RP10\A0000990.exe
27.12.2010 11:54:28 Zjištěno: Exploit.Win32.IMG-WMF.cqm H:\Záloha 2007\Zaloha programků\RapGet + SSL knihovny\Win32OpenSSL-v0.9.6m.exe/data0009
27.12.2010 11:54:29 Zjištěno: Exploit.Win32.IMG-WMF.cht H:\Záloha 2007\Zaloha programků\RapGet + SSL knihovny\Win32OpenSSL-v0.9.6m.exe/data0018
27.12.2010 11:54:29 Zjištěno: Exploit.Win32.IMG-WMF.chu H:\Záloha 2007\Zaloha programků\RapGet + SSL knihovny\Win32OpenSSL-v0.9.6m.exe/data0019
27.12.2010 11:54:30 Zjištěno: Exploit.Win32.IMG-WMF.cqn H:\Záloha 2007\Zaloha programků\RapGet + SSL knihovny\Win32OpenSSL-v0.9.6m.exe/data0020
27.12.2010 11:54:30 Zjištěno: Exploit.Win32.IMG-WMF.chv H:\Záloha 2007\Zaloha programků\RapGet + SSL knihovny\Win32OpenSSL-v0.9.6m.exe/data0021
27.12.2010 11:54:34 Odstraněno: Exploit.Win32.IMG-WMF.chv H:\Záloha 2007\Zaloha programků\RapGet + SSL knihovny\Win32OpenSSL-v0.9.6m.exe
27.12.2010 11:55:13 Úloha byla dokončena

#14 Příspěvek od **motji** » 27 pro 2010 15:07

Co počítač?

Odinstalujte combofix přes Start - Spustit
- zkopírujte do okénka:

ComboFix /Uninstall

-stiskněte Enter
-To odinstaluje ComboFix a smaže s ním související soubory a složky.

***********

Stáhněte T-Cleaner
http://sweb.cz/Marinus/T-Cleaner.exe

-Spusťte,pro potvrzení volby mačkejte klávesu A, Enter
-po použití prográmek vymažte.Pozor,antiviry ho mohou falešně označit za vir

***********

Z mého podpisu stahněte Ccleaner
- nainstalujte, při výběru, co se má nainstalovat, dejte pryč fajfku u instalace yahoo toolbaru

Obrázek

záložka čistič
- nechejte v levém sloupečku zatrhnuté vše jak je, klikněte na analyzovat
- po analýze klikněte na Spustit Ccleaner

Obrázek

záložka Registry
- klikněte na hledej problémy
- pak klikněte na opravit vybrané problémy -- udělat zálohu registrů - nemusíte
- kliknete opravit všechny problémy

ok

zavřít

Záložka Nástroje
- zde můžete odinstalovat programy. Je to důkladnější odinstalace než u přidat/odebrat programy ve Windows.

Ccleaner - čistič doporučuji používat, krásně pročistí pc od dočasných souborů.
Registry pročistí třeba po odinstalaci nějakého programu.

***********

Stahněte OTC a použijte
http://oldtimer.geekstogo.com/OTC.exe
-vyčistí tempy a po použitých programech

***********

Vložte nový log ze RSIT a řekněte co počítač, jak se chová, už je vše v pořádku?

sorcer · #15 Příspěvek od **sorcer** » 27 pro 2010 23:36

Počítač se chová normálně. Žádné známky nákazy.

Velice Vám děkuji za Váš čas a vynaložené úsilí !

Logfile of random's system information tool 1.08 (written by random/random)
Run by Raff at 2010-12-27 23:33:31
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 25 GB (50%) free of 51 GB
Total RAM: 3582 MB (86% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:33:36 PM, on 12/27/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\Administrator\Plocha\RSIT.exe
C:\Program Files\trend micro\Raff.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.centrum.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.quick.cz/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &S-Rank - {B71B15CF-3093-459C-B764-AEB2486F2273} - C:\Program Files\Seznam\Postak\SRank.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: (no name) - {5617ECA9-488D-4BA2-8562-9710B9AB78D2} - (no file)
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\JM\JMInsIDE.exe
O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\JMRaidSetup.exe boot
O4 - HKLM\..\Run: [SMail] "C:\Program Files\Seznam\Postak\Postak.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [TO2SSM_McciTrayApp] C:\Program Files\TO2SSM\McciTrayApp.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\RunOnce: [B Register C:\Program Files\DivX\DivX Plus Player\DSEPlugins\Direct3DVideoOutput.dll] "C:\WINDOWS\system32\rundll32.exe" "C:\Program Files\DivX\DivX Plus Player\DSEPlugins\Direct3DVideoOutput.dll",DllRegisterServer
O4 - HKLM\..\RunOnce: [B Register C:\Program Files\DivX\DivX Plus Player\DSEPlugins\DirectShowAudioDecode.dll] "C:\WINDOWS\system32\rundll32.exe" "C:\Program Files\DivX\DivX Plus Player\DSEPlugins\DirectShowAudioDecode.dll",DllRegisterServer
O4 - HKLM\..\RunOnce: [B Register C:\Program Files\DivX\DivX Plus Player\DSEPlugins\DirectSoundAudioOutput.dll] "C:\WINDOWS\system32\rundll32.exe" "C:\Program Files\DivX\DivX Plus Player\DSEPlugins\DirectSoundAudioOutput.dll",DllRegisterServer
O4 - HKLM\..\RunOnce: [B Register C:\Program Files\DivX\DivX Plus Player\DSEPlugins\DivXDeinterlaceFilter.dll] "C:\WINDOWS\system32\rundll32.exe" "C:\Program Files\DivX\DivX Plus Player\DSEPlugins\DivXDeinterlaceFilter.dll",DllRegisterServer
O4 - HKLM\..\RunOnce: [B Register C:\Program Files\DivX\DivX Plus Player\DSEPlugins\DivXPlaybackModule.dll] "C:\WINDOWS\system32\rundll32.exe" "C:\Program Files\DivX\DivX Plus Player\DSEPlugins\DivXPlaybackModule.dll",DllRegisterServer
O4 - HKLM\..\RunOnce: [B Register C:\Program Files\DivX\DivX Plus Player\DPXPlugins\DPXBannerAdPlugin.dll] "C:\WINDOWS\system32\rundll32.exe" "C:\Program Files\DivX\DivX Plus Player\DPXPlugins\DPXBannerAdPlugin.dll",DllRegisterServer
O4 - HKLM\..\RunOnce: [B Register C:\Program Files\DivX\DivX Plus Player\DPXPlugins\DPXDownloadManagerPlugin.dll] "C:\WINDOWS\system32\rundll32.exe" "C:\Program Files\DivX\DivX Plus Player\DPXPlugins\DPXDownloadManagerPlugin.dll",DllRegisterServer
O4 - HKLM\..\RunOnce: [B Register C:\Program Files\DivX\DivX Plus Player\DPXPlugins\DPXMediaManagerPlugin.dll] "C:\WINDOWS\system32\rundll32.exe" "C:\Program Files\DivX\DivX Plus Player\DPXPlugins\DPXMediaManagerPlugin.dll",DllRegisterServer
O4 - HKLM\..\RunOnce: [B Register C:\Program Files\DivX\DivX Plus Player\DPXPlugins\DPXPlayerPlugin.dll] "C:\WINDOWS\system32\rundll32.exe" "C:\Program Files\DivX\DivX Plus Player\DPXPlugins\DPXPlayerPlugin.dll",DllRegisterServer
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EPSON Stylus SX400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIEGE.EXE /FU "C:\DOCUME~1\Raff\LOCALS~1\Temp\E_SA7A.tmp" /EF "HKCU"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredi ... p=ZCfox000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipamiti kategorií soueástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe

--
End of file - 9699 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-03-09 35840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-03-09 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A}]
EpsonToolBandKicker Class - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2005-02-22 368640]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{B71B15CF-3093-459C-B764-AEB2486F2273} - &S-Rank - C:\Program Files\Seznam\Postak\SRank.dll [2005-05-17 266240]
{EE5D279F-081B-4404-994D-C6B60AAEBA6D} - EPSON Web-To-Page - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2005-02-22 368640]
{5617ECA9-488D-4BA2-8562-9710B9AB78D2}

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"JMB36X IDE Setup"=C:\WINDOWS\JM\JMInsIDE.exe [2006-10-30 36864]
"36X Raid Configurer"=C:\WINDOWS\system32\JMRaidSetup.exe [2007-02-06 1953792]
"SMail"=C:\Program Files\Seznam\Postak\Postak.exe [2006-05-18 450560]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2007-04-12 16132608]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2009-01-15 13680640]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2009-01-15 86016]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2008-10-25 31072]
"TO2SSM_McciTrayApp"=C:\Program Files\TO2SSM\McciTrayApp.exe [2008-08-15 1473536]
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"B Register C:\Program Files\DivX\DivX Plus Player\DSEPlugins\Direct3DVideoOutput.dll"=C:\Program Files\DivX\DivX Plus Player\DSEPlugins\Direct3DVideoOutput.dll [2010-11-12 503808]
"B Register C:\Program Files\DivX\DivX Plus Player\DSEPlugins\DirectShowAudioDecode.dll"=C:\Program Files\DivX\DivX Plus Player\DSEPlugins\DirectShowAudioDecode.dll [2010-11-12 86016]
"B Register C:\Program Files\DivX\DivX Plus Player\DSEPlugins\DirectSoundAudioOutput.dll"=C:\Program Files\DivX\DivX Plus Player\DSEPlugins\DirectSoundAudioOutput.dll [2010-11-12 37888]
"B Register C:\Program Files\DivX\DivX Plus Player\DSEPlugins\DivXDeinterlaceFilter.dll"=C:\Program Files\DivX\DivX Plus Player\DSEPlugins\DivXDeinterlaceFilter.dll [2010-11-12 31232]
"B Register C:\Program Files\DivX\DivX Plus Player\DSEPlugins\DivXPlaybackModule.dll"=C:\Program Files\DivX\DivX Plus Player\DSEPlugins\DivXPlaybackModule.dll [2010-11-12 1966080]
"B Register C:\Program Files\DivX\DivX Plus Player\DPXPlugins\DPXBannerAdPlugin.dll"=C:\Program Files\DivX\DivX Plus Player\DPXPlugins\DPXBannerAdPlugin.dll [2010-11-12 86016]
"B Register C:\Program Files\DivX\DivX Plus Player\DPXPlugins\DPXDownloadManagerPlugin.dll"=C:\Program Files\DivX\DivX Plus Player\DPXPlugins\DPXDownloadManagerPlugin.dll [2010-11-12 63488]
"B Register C:\Program Files\DivX\DivX Plus Player\DPXPlugins\DPXMediaManagerPlugin.dll"=C:\Program Files\DivX\DivX Plus Player\DPXPlugins\DPXMediaManagerPlugin.dll [2010-11-12 319488]
"B Register C:\Program Files\DivX\DivX Plus Player\DPXPlugins\DPXPlayerPlugin.dll"=C:\Program Files\DivX\DivX Plus Player\DPXPlugins\DPXPlayerPlugin.dll [2010-11-12 1089536]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"EPSON Stylus SX400 Series"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIEGE.EXE [2007-12-17 188928]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
C:\Program Files\DivX\DivX Update\DivXUpdate.exe [2010-09-01 1164584]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
C:\Documents and Settings\Raff\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe [2010-10-15 136176]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2008-10-25 31072]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2010-11-11 421160]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2010-09-08 421888]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
D:\Hry\Mafie II\Hra\Steam.exe [2010-12-05 1242448]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre6\bin\jusched.exe [2009-03-09 148888]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Hlavní panel ATI CATALYST.lnk]
C:\PROGRA~1\ATITEC~1\ATI.ACE\Load.exe [2005-08-31 36864]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Raff^Nabídka Start^Programy^Po spuštění^Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk]
C:\PROGRA~1\MICROS~2\Office12\ONENOTEM.EXE [2009-02-26 97680]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2004-08-03 86016]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe"="C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe:*:Enabled:Sunbelt Kerio Firewall GUI"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"D:\Hry\CoD4\iw3mp.exe"="D:\Hry\CoD4\iw3mp.exe:*:Enabled:Call of Duty(R) 4 - Modern Warfare(TM) "
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"D:\Hry\Mafie II\Hra\Steam.exe"="D:\Hry\Mafie II\Hra\Steam.exe:*:Enabled:Steam"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2010-12-27 23:33:31 ----D---- C:\rsit
2010-12-27 23:17:30 ----D---- C:\Documents and Settings\Raff\Data aplikací\Malwarebytes
2010-12-27 10:44:18 ----A---- C:\WINDOWS\system32\drivers\71331272.sys
2010-12-27 10:44:18 ----A---- C:\WINDOWS\system32\drivers\71331271.sys
2010-12-27 10:44:18 ----A---- C:\WINDOWS\system32\drivers\7133127.sys
2010-12-27 10:40:10 ----SHD---- C:\RECYCLER
2010-12-27 10:37:39 ----D---- C:\Program Files\CleanUp!
2010-12-27 10:33:52 ----D---- C:\WINDOWS\temp
2010-12-24 02:07:32 ----RASHD---- C:\cmdcons
2010-12-24 02:04:03 ----D---- C:\Qoobox
2010-12-23 18:57:27 ----D---- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
2010-12-23 18:57:24 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-12-22 22:59:02 ----D---- C:\Program Files\trend micro
2010-12-22 22:32:45 ----A---- C:\WINDOWS\system32\drivers\mouhid.sys
2010-12-22 22:32:39 ----A---- C:\WINDOWS\system32\drivers\hidusb.sys
2010-12-22 16:05:43 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-12-19 21:03:46 ----D---- C:\Program Files\Zrychleni Pocitace
2010-12-13 22:31:29 ----D---- C:\Program Files\Microsoft Silverlight
2010-12-10 17:20:18 ----D---- C:\Program Files\Common Files\Skype

======List of files/folders modified in the last 1 months======

2010-12-27 23:33:08 ----D---- C:\WINDOWS\Prefetch
2010-12-27 23:31:10 ----D---- C:\WINDOWS
2010-12-27 23:31:02 ----SHD---- C:\System Volume Information
2010-12-27 23:31:02 ----D---- C:\WINDOWS\system32\Restore
2010-12-27 23:31:00 ----D---- C:\WINDOWS\system32\LogFiles
2010-12-27 23:18:19 ----SHD---- C:\WINDOWS\Installer
2010-12-27 23:17:58 ----D---- C:\WINDOWS\system32\drivers
2010-12-27 23:17:58 ----D---- C:\WINDOWS\system32
2010-12-27 23:17:58 ----D---- C:\Config.Msi
2010-12-27 23:17:32 ----RD---- C:\Program Files
2010-12-27 23:13:43 ----D---- C:\Program Files\CCleaner
2010-12-27 11:04:48 ----D---- C:\Program Files\bin
2010-12-27 11:04:13 ----D---- C:\Program Files\ARWizard3
2010-12-27 11:00:44 ----HDC---- C:\Documents and Settings\All Users\Data aplikací\{51FC4C90-DF10-4D41-963E-DB3050C1267C}
2010-12-27 10:44:27 ----HD---- C:\WINDOWS\inf
2010-12-27 10:44:18 ----D---- C:\WINDOWS\system32\CatRoot2
2010-12-27 10:32:41 ----A---- C:\WINDOWS\system.ini
2010-12-27 10:31:54 ----D---- C:\WINDOWS\AppPatch
2010-12-27 10:31:52 ----D---- C:\Program Files\Common Files
2010-12-26 13:16:56 ----SHD---- C:\WINDOWS\CSC
2010-12-24 11:41:12 ----SD---- C:\WINDOWS\Tasks
2010-12-24 11:38:40 ----D---- C:\WINDOWS\system32\drivers\etc
2010-12-24 11:36:48 ----D---- C:\WINDOWS\system32\config
2010-12-24 11:34:40 ----D---- C:\Program Files\Internet Explorer
2010-12-24 02:07:36 ----RASH---- C:\boot.ini
2010-12-22 22:32:50 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-12-22 16:05:39 ----D---- C:\Program Files\ESET
2010-12-22 15:55:36 ----D---- C:\Program Files\GoQ - NetRadio
2010-12-22 01:45:34 ----D---- C:\Documents and Settings\Raff\Data aplikací\Skype
2010-12-22 01:45:11 ----A---- C:\WINDOWS\wincmd.ini
2010-12-22 01:44:59 ----D---- C:\Documents and Settings\Raff\Data aplikací\skypePM
2010-12-21 22:17:01 ----D---- C:\Program Files\JDownloader
2010-12-13 12:25:59 ----D---- C:\Documents and Settings\Raff\Data aplikací\Adobe
2010-12-11 17:27:35 ----D---- C:\Program Files\Mozilla Firefox
2010-12-10 17:20:18 ----RD---- C:\Program Files\Skype
2010-12-10 17:20:12 ----D---- C:\Documents and Settings\All Users\Data aplikací\Skype

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 71331272;71331272 Boot Guard Driver; C:\WINDOWS\system32\DRIVERS\71331272.sys [2009-10-22 37392]
R0 JGOGO;JMicron Hot-Plug Driver; C:\WINDOWS\system32\DRIVERS\JGOGO.sys [2006-02-07 6912]
R0 JRAID;JRAID; C:\WINDOWS\system32\DRIVERS\jraid.sys [2007-02-16 44928]
R0 ohci1394;Hostitelský řadič IEEE 1394 dle standardu OHCI Texas Instruments; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2008-04-13 61696]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2010-03-31 44944]
R1 71331271;71331271; C:\WINDOWS\system32\DRIVERS\71331271.sys [2009-09-25 128016]
R1 EIO_XP;EIO_XP; \??\C:\WINDOWS\system32\drivers\EIO_XP.sys []
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 setup_9.0.0.722_27.12.2010_10-30drv;setup_9.0.0.722_27.12.2010_10-30drv; C:\WINDOWS\system32\DRIVERS\7133127.sys [2009-10-09 315408]
R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2008-10-31 279712]
R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2008-10-31 25888]
R3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2009-02-02 25280]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-04-23 4402176]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 NCHSSVAD;SoundTap Recorder; C:\WINDOWS\system32\drivers\nchssvad.sys [2008-03-11 21120]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2009-01-15 6301248]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2007-03-01 90496]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S2 ADILOADER;General Purpose USB Driver (adildr.sys); C:\WINDOWS\System32\Drivers\adildr.sys []
S3 adiusbaw;USB ADSL WAN Adapter; C:\WINDOWS\system32\DRIVERS\adiusbaw.sys []
S3 asusgsb;ASUS Virtual Video Capture Device Driver; C:\WINDOWS\system32\drivers\asusgsb.sys [2007-10-23 12416]
S3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2004-08-03 768512]
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 ENTECH;ENTECH; \??\C:\WINDOWS\system32\DRIVERS\ENTECH.sys []
S3 gdrv;gdrv; \??\C:\WINDOWS\gdrv.sys []
S3 MREMP50;MREMP50 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS []
S3 MREMP50a64;MREMP50a64 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS []
S3 MREMPR5;MREMPR5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS []
S3 MRENDIS5;MRENDIS5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS []
S3 MRESP50;MRESP50 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS []
S3 MRESP50a64;MRESP50a64 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 RivaTuner32;RivaTuner32; \??\C:\Program Files\RivaTuner v2.06\RivaTuner32.sys []
S3 s616bus;Sony Ericsson Device 616 driver (WDM); C:\WINDOWS\system32\DRIVERS\s616bus.sys [2007-04-03 83208]
S3 s616mdfl;Sony Ericsson Device 616 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\s616mdfl.sys [2007-04-03 15112]
S3 s616mdm;Sony Ericsson Device 616 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\s616mdm.sys [2007-04-03 108680]
S3 s616mgmt;Sony Ericsson Device 616 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\s616mgmt.sys [2007-04-03 100360]
S3 s616nd5;Sony Ericsson Device 616 USB Ethernet Emulation SEMC616 (NDIS); C:\WINDOWS\system32\DRIVERS\s616nd5.sys [2007-04-03 23176]
S3 s616obex;Sony Ericsson Device 616 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\s616obex.sys [2007-04-03 98568]
S3 s616unic;Sony Ericsson Device 616 USB Ethernet Emulation SEMC616 (WDM); C:\WINDOWS\system32\DRIVERS\s616unic.sys [2007-04-03 99080]
S3 se58bus;Sony Ericsson Device 088 driver (WDM); C:\WINDOWS\system32\DRIVERS\se58bus.sys [2006-09-05 61536]
S3 se58mgmt;Sony Ericsson Device 088 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\se58mgmt.sys [2006-09-05 88624]
S3 se58nd5;Sony Ericsson Device 088 USB Ethernet Emulation SEMC58 (NDIS); C:\WINDOWS\system32\DRIVERS\se58nd5.sys [2006-09-05 18704]
S3 se58unic;Sony Ericsson Device 088 USB Ethernet Emulation SEMC58 (WDM); C:\WINDOWS\system32\DRIVERS\se58unic.sys [2006-09-05 90800]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 Video3D;ASUS Video3D Service; C:\WINDOWS\System32\Drivers\Video3D32.sys []
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys []
S4 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-10-25 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2010-10-16 37664]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2010-10-07 345376]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-03-09 152984]
R2 McciCMService;McciCMService; C:\Program Files\Common Files\Motive\McciCMService.exe [2007-10-15 303104]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2009-01-15 163908]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2009-02-02 66872]
R2 PnkBstrB;PnkBstrB; C:\WINDOWS\system32\PnkBstrB.exe [2009-02-15 202040]
S2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2004-08-03 389120]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2004-08-03 516096]
S2 gupdate;Google Update Service (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-09-14 133104]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2010-11-11 820008]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 65888]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

VIRY.CZ

Prosím o kontrolu - PC napadeno System Tool 2.20

Prosím o kontrolu - PC napadeno System Tool 2.20

Re: Prosím o kontrolu - PC napadeno System Tool 2.20

Re: Prosím o kontrolu - PC napadeno System Tool 2.20

Re: Prosím o kontrolu - PC napadeno System Tool 2.20

Re: Prosím o kontrolu - PC napadeno System Tool 2.20

Re: Prosím o kontrolu - PC napadeno System Tool 2.20

Re: Prosím o kontrolu - PC napadeno System Tool 2.20

Re: Prosím o kontrolu - PC napadeno System Tool 2.20

Re: Prosím o kontrolu - PC napadeno System Tool 2.20

Re: Prosím o kontrolu - PC napadeno System Tool 2.20

Re: Prosím o kontrolu - PC napadeno System Tool 2.20

Re: Prosím o kontrolu - PC napadeno System Tool 2.20

Re: Prosím o kontrolu - PC napadeno System Tool 2.20

Re: Prosím o kontrolu - PC napadeno System Tool 2.20

Re: Prosím o kontrolu - PC napadeno System Tool 2.20