Pro Diallixe - vir Tenga

[jarek89]

Ahoj mám problém s tímto virem na Nas uložišti. Kasperský mi ho sice identifikuje a dezinfikuje ale soubory jsou pak nepoužitelné. Jak se ho zbavit dělá mi to jen u NASE u skoro každého souboru, bez toho abych musel mazat nějaké soubory. Jsou tam věci o které bych nerad přišel. Díky moc za rady

[Diallix]

ahoj.

tie subory na tom ulozisti si ty upoval a teraz ich chces stiahnut, no pri stahovani ich hlasi, ze su infikovane? ak som tomu spravne takto pochopil?

mohol by si jeden infikovany subor zrarovat zahesluj to heslo infected a upni na leteckaposta.cz . odkaz mi potom posli v sukromnej sprave.

[jarek89]

Tu máš RSIT od počítače jak si chtěl

Logfile of random's system information tool 1.08 (written by random/random)
Run by Rodina at 2011-01-25 05:28:22
Microsoft Windows 7 Ultimate
System drive C: has 65 GB (65%) free of 100 GB
Total RAM: 6135 MB (73% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 5:28:33, on 25.1.2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16700)
Boot mode: Normal

Running processes:
F:\Program Files (x86)\ASUS\EPU-6 Engine\SixEngine.exe
C:\Program Files (x86)\Analog Devices\SoundMAX\SoundMAX.exe
F:\Program Files (x86)\QIP Infium\infium.exe
F:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
F:\Program Files (x86)\Kaspersky Internet Security 2011\avp.exe
C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
F:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe
F:\Program Files (x86)\HTC\HTC Sync\Application Launcher\Application Launcher.exe
F:\Program Files (x86)\ASUS\TurboV\TurboV.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Common Files\Teleca Shared\CapabilityManager.exe
C:\Program Files (x86)\Common Files\Teleca Shared\logger.exe
C:\Program Files (x86)\Common Files\Teleca Shared\Generic.exe
F:\Program Files (x86)\HTC\HTC Sync\ClientInitiatedStarter\ClientInitiatedStarter.exe
F:\Program Files (x86)\HTC\HTC Sync\Mobile Phone Monitor\epmworker.exe
F:\Program Files (x86)\HTC\HTC Sync\Mobile Phone Monitor\HTCVBTServer.exe
F:\Program Files (x86)\HTC\HTC Sync\Mobile Phone Monitor\FsynSrvStarter.exe
F:\Program Files (x86)\Mozilla Firefox\firefox.exe
F:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files\trend micro\Rodina.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = jarek89.dlinkddns.com:80
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\ProgramData\LangSoft\WebIE.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - F:\Program Files (x86)\Kaspersky Internet Security 2011\ievkbd.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - F:\Program Files (x86)\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - F:\Program Files (x86)\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - F:\Program Files (x86)\Kaspersky Internet Security 2011\klwtbbho.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\ProgramData\LangSoft\WebIE.dll
O4 - HKLM\..\Run: [AVP] "F:\Program Files (x86)\Kaspersky Internet Security 2011\avp.exe"
O4 - HKLM\..\Run: [BCSSync] "F:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [NBAgent] "F:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe" /WinStart
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "F:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Mobile Connectivity Suite] "F:\Program Files (x86)\HTC\HTC Sync\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [TurboV] "F:\Program Files (x86)\ASUS\TurboV\TurboV.exe" -b
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [SandboxieControl] "F:\Program Files\Sandboxie\SbieCtrl.exe"
O4 - HKCU\..\Run: [Infium] "F:\Program Files (x86)\QIP Infium\infium.exe" /autorun
O4 - HKCU\..\Run: [DAEMON Tools Lite] "F:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://F:\Program Files (x86)\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://F:\Program Files (x86)\MICROS~1\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: Přidat do Anti-Banner - F:\Program Files (x86)\Kaspersky Internet Security 2011\ie_banner_deny.htm
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - F:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - F:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: &Virtuální klávesnice - {4248FE82-7FCB-46AC-B270-339F08212110} - F:\Program Files (x86)\Kaspersky Internet Security 2011\klwtbbho.dll
O9 - Extra button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - F:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - F:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra button: K&ontrola adres URL - {CCF151D8-D089-449F-A5A4-D9909053F20F} - F:\Program Files (x86)\Kaspersky Internet Security 2011\klwtbbho.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{251BFF37-A0A5-4233-9231-F8E264118FB5}: NameServer = 62.129.50.20,85.135.32.100
O17 - HKLM\System\CS1\Services\Tcpip\..\{251BFF37-A0A5-4233-9231-F8E264118FB5}: NameServer = 62.129.50.20,85.135.32.100
O17 - HKLM\System\CS2\Services\Tcpip\..\{251BFF37-A0A5-4233-9231-F8E264118FB5}: NameServer = 62.129.50.20,85.135.32.100
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\PROGRA~3\AVP11\mzvkbd3.dll,C:\PROGRA~3\AVP11\sbhook.dll
O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Unknown owner - C:\Windows\system32\AEADISRV.EXE (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: ASUS System Control Service (AsSysCtrlService) - ASUSTeK Computer Inc. - C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
O23 - Service: Služba Kaspersky Anti-Virus (AVP) - Kaspersky Lab ZAO - F:\Program Files (x86)\Kaspersky Internet Security 2011\avp.exe
O23 - Service: BWMeter Connections Service (BWMeterConSvc) - Unknown owner - F:\Program Files (x86)\BWMeter\BWMeterConSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @C:\Program Files (x86)\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files (x86)\Nero\Update\NASvc.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Sandboxie Service (SbieSvc) - tzuk - F:\Program Files\Sandboxie\SbieSvc.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 12822 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
winlogon.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe"
C:\Windows\system32\nvvsvc.exe -session -first
C:\Windows\system32\AEADISRV.EXE
"C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe"
"taskhost.exe"
"F:\Program Files (x86)\Kaspersky Internet Security 2011\avp.exe" -r
"F:\Program Files (x86)\BWMeter\BWMeterConSvc.exe"
"F:\Program Files\Sandboxie\SbieSvc.exe"
taskeng.exe {4E5913F7-0814-40E8-8571-36968B9F212C}
"F:\Program Files (x86)\ASUS\EPU-6 Engine\SixEngine.exe" -b
"C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe"
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
WLIDSvcM.exe 2184
"C:\Program Files (x86)\Analog Devices\SoundMAX\SoundMAX.exe" /tray
"C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun
"F:\Program Files\Sandboxie\SbieCtrl.exe"
"F:\Program Files (x86)\QIP Infium\infium.exe" /autorun
"F:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
KHALMNPR.EXE /API
"C:\Program Files\Logitech\SetPointG\SetPointII.exe"
"F:\Program Files (x86)\Kaspersky Internet Security 2011\avp.exe"
"C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe"
"F:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe" /WinStart
"F:\Program Files (x86)\HTC\HTC Sync\Application Launcher\Application Launcher.exe" /startoptions
"F:\Program Files (x86)\ASUS\TurboV\TurboV.exe" -b
"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
"C:\Program Files (x86)\Common Files\Teleca Shared\CapabilityManager.exe" -Embedding
"C:\Program Files (x86)\Common Files\Teleca Shared\logger.exe" -Embedding
"C:\Program Files (x86)\Common Files\Teleca Shared\Generic.exe" -Embedding
"F:\Program Files (x86)\HTC\HTC Sync\ClientInitiatedStarter\ClientInitiatedStarter.exe"
"F:\Program Files (x86)\HTC\HTC Sync\Mobile Phone Monitor\epmworker.exe" -Embedding
"F:\Program Files (x86)\HTC\HTC Sync\Mobile Phone Monitor\HTCVBTServer.exe" -Embedding
"F:\Program Files (x86)\HTC\HTC Sync\Mobile Phone Monitor\FsynSrvStarter.exe"
"C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE"
C:\Windows\system32\SearchIndexer.exe /Embedding
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
C:\Windows\System32\mobsync.exe -Embedding
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe /Processid:{30D49246-D217-465F-B00B-AC9DDD652EB7}
"C:\Program Files (x86)\Nero\Update\NASvc.exe"
C:\Windows\System32\svchost.exe -k secsvcs
"F:\Program Files (x86)\Mozilla Firefox\firefox.exe"
"F:\Program Files (x86)\Mozilla Firefox\plugin-container.exe" --channel=5660.9561ba0.382817421 "C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll" 5660 plugin \\.\pipe\gecko-crash-server-pipe.5660
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe3_ Global\UsGthrCtrlFltPipeMssGthrPipe3 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Windows\system32\SearchFilterHost.exe" 0 528 532 540 65536 536
"c:\program files\windows defender\MpCmdRun.exe" SpyNetService -RestrictPrivileges -AccessKey 91A10E9D-A879-BE09-9FD8-F1BDCAD62724 -Reinvoke
"C:\Users\Rodina\Desktop\RSITx64.exe"
C:\Windows\system32\wbem\wmiprvse.exe

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}]
IEVkbdBHO Class - F:\Program Files (x86)\Kaspersky Internet Security 2011\x64\ievkbd.dll [2010-07-01 61624]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [2010-03-25 6722448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18 532336]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL [2010-02-28 688528]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E33CF602-D945-461A-83F0-819F76A199F8}]
FilterBHO Class - F:\Program Files (x86)\Kaspersky Internet Security 2011\x64\klwtbbho.dll [2010-07-01 234168]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2DB66063-BB98-466A-AA0D-3E7ACF5ED853}]
WebTransBHO Class - C:\ProgramData\LangSoft\WebIE.dll [2010-12-25 520192]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}]
IEVkbdBHO Class - F:\Program Files (x86)\Kaspersky Internet Security 2011\ievkbd.dll [2010-07-01 68280]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - F:\Program Files (x86)\MICROS~1\Office14\GROOVEEX.DLL [2010-03-25 4222864]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18 403840]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - F:\Program Files (x86)\MICROS~1\Office14\URLREDIR.DLL [2010-02-28 561552]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2010-11-24 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E33CF602-D945-461A-83F0-819F76A199F8}]
FilterBHO Class - F:\Program Files (x86)\Kaspersky Internet Security 2011\klwtbbho.dll [2010-07-01 191160]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{BFC32E1D-EE75-4A48-BC60-104E11EE2431} - WebTranslator - C:\ProgramData\LangSoft\WebIE.dll [2010-12-25 520192]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SoundMAX"=C:\Program Files (x86)\Analog Devices\SoundMAX\soundmax.exe [2009-05-18 3866624]
"EvtMgr6"=C:\Program Files\Logitech\SetPointP\SetPoint.exe [2010-10-29 1680976]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-07-14 1475072]
"SandboxieControl"=F:\Program Files\Sandboxie\SbieCtrl.exe [2010-02-03 570600]
"Infium"=F:\Program Files (x86)\QIP Infium\infium.exe [2010-10-05 5939664]
"DAEMON Tools Lite"=F:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [2010-04-01 357696]
"OEXPRESS"= []

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"AVP"=F:\Program Files (x86)\Kaspersky Internet Security 2011\avp.exe [2010-10-11 352976]
"BCSSync"=F:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [2010-03-13 91520]
"SoundMAXPnP"=C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe [2009-06-05 1310720]
"NBAgent"=F:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe [2010-02-22 1226024]
"Adobe Reader Speed Launcher"=F:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-09-23 35760]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-09-20 932288]
"Mobile Connectivity Suite"=F:\Program Files (x86)\HTC\HTC Sync\Application Launcher\Application Launcher.exe [2009-11-19 598016]
"TurboV"=F:\Program Files (x86)\ASUS\TurboV\TurboV.exe [2010-03-08 5672576]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2010-05-14 248552]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
C:\Windows\System32\klogon.dll [2010-07-01 233656]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LBTWlgn]
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll [2010-10-28 66640]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [2010-03-25 6722448]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=F:\Program Files (x86)\MICROS~1\Office14\GROOVEEX.DLL [2010-03-25 4222864]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableLinkedConnections"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2011-01-25 05:28:22 ----D---- C:\rsit
2011-01-25 05:28:22 ----D---- C:\Program Files\trend micro
2011-01-21 18:22:29 ----D---- C:\ProgramData\Synetic
2011-01-21 18:21:25 ----D---- C:\Program Files (x86)\ProtectDisc Driver Installer
2011-01-21 18:21:17 ----D---- C:\Users\Rodina\AppData\Roaming\ProtectDISC
2011-01-21 07:53:50 ----A---- C:\Windows\system32\drivers\atksgt.sys
2011-01-21 07:53:49 ----A---- C:\Windows\system32\drivers\lirsgt.sys
2011-01-21 07:37:54 ----D---- C:\Windows\DD1865F0AD7340FBB23E1822E02396FF.TMP
2011-01-21 07:37:43 ----D---- C:\Program Files\WMV9_VCM
2011-01-21 07:19:05 ----D---- C:\Users\Rodina\AppData\Roaming\NVIDIA
2011-01-21 07:08:18 ----D---- C:\Windows\DEA314C409294250BC9298E4C105F28D.TMP
2011-01-20 20:24:37 ----D---- C:\Windows\SYSWOW64\xlive
2011-01-20 20:24:37 ----D---- C:\Program Files (x86)\Microsoft Games for Windows - LIVE
2011-01-20 19:52:41 ----D---- C:\Program Files (x86)\NVIDIA Corporation
2011-01-20 19:51:02 ----D---- C:\ProgramData\NVIDIA Corporation
2011-01-20 19:47:19 ----A---- C:\Windows\SYSWOW64\OpenCL.dll
2011-01-20 19:47:19 ----A---- C:\Windows\SYSWOW64\nvwgf2um.dll
2011-01-20 19:47:19 ----A---- C:\Windows\SYSWOW64\nvoglv32.dll
2011-01-20 19:47:19 ----A---- C:\Windows\SYSWOW64\nvd3dum.dll
2011-01-20 19:47:19 ----A---- C:\Windows\SYSWOW64\nvcuvid.dll
2011-01-20 19:47:19 ----A---- C:\Windows\SYSWOW64\nvcuvenc.dll
2011-01-20 19:47:19 ----A---- C:\Windows\SYSWOW64\nvcuda.dll
2011-01-20 19:47:19 ----A---- C:\Windows\SYSWOW64\nvcompiler.dll
2011-01-20 19:47:19 ----A---- C:\Windows\SYSWOW64\nvapi.dll
2011-01-20 19:47:19 ----A---- C:\Windows\system32\OpenCL.dll
2011-01-20 19:47:19 ----A---- C:\Windows\system32\nvwgf2umx.dll
2011-01-20 19:47:19 ----A---- C:\Windows\system32\nvoglv64.dll
2011-01-20 19:47:19 ----A---- C:\Windows\system32\nvgenco642040.dll
2011-01-20 19:47:19 ----A---- C:\Windows\system32\nvdispco642090.dll
2011-01-20 19:47:19 ----A---- C:\Windows\system32\nvcuvid.dll
2011-01-20 19:47:19 ----A---- C:\Windows\system32\nvcuvenc.dll
2011-01-20 19:47:19 ----A---- C:\Windows\system32\nvcuda.dll
2011-01-20 19:47:19 ----A---- C:\Windows\system32\nvcompiler.dll
2011-01-20 19:47:19 ----A---- C:\Windows\system32\drivers\nvlddmkm.sys
2011-01-20 19:47:01 ----D---- C:\Program Files\NVIDIA Corporation
2011-01-20 19:46:33 ----D---- C:\NVIDIA
2011-01-20 19:29:45 ----D---- C:\Users\Rodina\AppData\Roaming\Rovio
2011-01-18 16:08:36 ----D---- C:\Users\Rodina\AppData\Roaming\Winter Sports 2011
2011-01-17 17:57:13 ----RHD---- C:\Users\Rodina\AppData\Roaming\SecuROM
2011-01-17 11:59:47 ----D---- C:\ProgramData\Apache
2011-01-11 19:55:34 ----A---- C:\Windows\system32\d3d10warp.dll
2011-01-11 19:55:33 ----A---- C:\Windows\SYSWOW64\d3d10warp.dll
2011-01-11 19:55:33 ----A---- C:\Windows\SYSWOW64\d2d1.dll
2011-01-11 19:55:33 ----A---- C:\Windows\system32\WMVDECOD.DLL
2011-01-11 19:55:33 ----A---- C:\Windows\system32\mf.dll
2011-01-11 19:55:33 ----A---- C:\Windows\system32\DWrite.dll
2011-01-11 19:55:33 ----A---- C:\Windows\system32\d2d1.dll
2011-01-11 19:55:32 ----A---- C:\Windows\SYSWOW64\mf.dll
2011-01-11 19:55:32 ----A---- C:\Windows\SYSWOW64\DWrite.dll
2011-01-11 19:55:32 ----A---- C:\Windows\system32\XpsPrint.dll
2011-01-11 19:55:32 ----A---- C:\Windows\system32\FntCache.dll
2011-01-11 19:55:31 ----A---- C:\Windows\SYSWOW64\XpsPrint.dll
2011-01-11 19:55:31 ----A---- C:\Windows\SYSWOW64\XpsGdiConverter.dll
2011-01-11 19:55:31 ----A---- C:\Windows\SYSWOW64\WMVDECOD.DLL
2011-01-11 19:55:31 ----A---- C:\Windows\SYSWOW64\mfreadwrite.dll
2011-01-11 19:55:31 ----A---- C:\Windows\SYSWOW64\ExplorerFrame.dll
2011-01-11 19:55:31 ----A---- C:\Windows\SYSWOW64\d3d10_1core.dll
2011-01-11 19:55:31 ----A---- C:\Windows\system32\XpsGdiConverter.dll
2011-01-11 19:55:31 ----A---- C:\Windows\system32\mfreadwrite.dll
2011-01-11 19:55:31 ----A---- C:\Windows\system32\ExplorerFrame.dll
2011-01-11 19:55:31 ----A---- C:\Windows\system32\drivers\dxgkrnl.sys
2011-01-11 19:55:31 ----A---- C:\Windows\system32\d3d10_1core.dll
2011-01-11 19:55:30 ----A---- C:\Windows\SYSWOW64\XpsRasterService.dll
2011-01-11 19:55:30 ----A---- C:\Windows\SYSWOW64\d3d10_1.dll
2011-01-11 19:55:30 ----A---- C:\Windows\system32\XpsRasterService.dll
2011-01-11 19:55:30 ----A---- C:\Windows\system32\mfps.dll
2011-01-11 19:55:30 ----A---- C:\Windows\system32\drivers\dxgmms1.sys
2011-01-11 19:55:30 ----A---- C:\Windows\system32\d3d10_1.dll
2011-01-11 19:55:30 ----A---- C:\Windows\system32\cdd.dll
2011-01-11 19:54:32 ----A---- C:\Windows\system32\odbc32.dll
2011-01-11 19:54:31 ----A---- C:\Windows\SYSWOW64\odbc32.dll
2011-01-07 20:49:34 ----A---- C:\Windows\system32\easyUpdatusAPIU64.dll
2011-01-07 20:49:28 ----A---- C:\Windows\system32\nvcpl.dll
2011-01-07 20:49:10 ----A---- C:\Windows\system32\nvsvc64.dll
2011-01-07 20:48:58 ----A---- C:\Windows\system32\nvvsvc.exe
2011-01-07 20:48:58 ----A---- C:\Windows\system32\nvshext.dll
2011-01-07 20:48:58 ----A---- C:\Windows\system32\nvmctray.dll
2011-01-05 21:25:02 ----D---- C:\Program Files (x86)\OpenAL
2011-01-01 21:07:55 ----A---- C:\Windows\SYSWOW64\javaws.exe
2011-01-01 21:07:55 ----A---- C:\Windows\SYSWOW64\javaw.exe
2011-01-01 21:07:55 ----A---- C:\Windows\SYSWOW64\java.exe

======List of files/folders modified in the last 1 months======

2011-01-25 05:28:33 ----D---- C:\Windows\Prefetch
2011-01-25 05:28:30 ----D---- C:\Windows\Temp
2011-01-25 05:28:22 ----RD---- C:\Program Files
2011-01-25 05:27:13 ----D---- C:\Windows\system32\config
2011-01-25 05:14:50 ----D---- C:\Windows
2011-01-25 05:14:14 ----D---- C:\ProgramData\Kaspersky Lab
2011-01-25 05:13:38 ----D---- C:\ProgramData\NVIDIA
2011-01-24 19:18:16 ----D---- C:\Windows\Tasks
2011-01-24 18:47:13 ----D---- C:\Windows\System32
2011-01-24 18:47:13 ----D---- C:\Windows\inf
2011-01-24 18:47:13 ----A---- C:\Windows\system32\PerfStringBackup.INI
2011-01-22 21:03:33 ----A---- C:\Windows\Sandboxie.ini
2011-01-22 20:25:06 ----D---- C:\Windows\system32\Tasks
2011-01-21 18:22:29 ----HD---- C:\ProgramData
2011-01-21 18:21:25 ----RD---- C:\Program Files (x86)
2011-01-21 18:21:24 ----D---- C:\Windows\system32\drivers
2011-01-21 18:18:13 ----RSD---- C:\Windows\assembly
2011-01-21 18:17:19 ----SHD---- C:\System Volume Information
2011-01-21 07:53:41 ----SHD---- C:\Windows\Installer
2011-01-21 07:50:32 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2011-01-21 07:49:35 ----D---- C:\ProgramData\Solidshield
2011-01-21 07:37:43 ----D---- C:\Windows\SysWOW64
2011-01-21 07:08:17 ----D---- C:\Program Files (x86)\Common Files
2011-01-20 23:54:40 ----D---- C:\Program Files\Common Files\Microsoft Shared
2011-01-20 20:17:59 ----SD---- C:\ProgramData\Microsoft
2011-01-20 19:47:47 ----D---- C:\Windows\system32\catroot
2011-01-20 19:47:46 ----D---- C:\Windows\system32\DriverStore
2011-01-20 18:07:26 ----RSD---- C:\Windows\Fonts
2011-01-18 08:45:17 ----D---- C:\Users\Rodina\AppData\Roaming\Vso
2011-01-15 09:12:43 ----D---- C:\Windows\system32\catroot2
2011-01-12 03:20:00 ----D---- C:\Windows\winsxs
2011-01-12 03:01:16 ----A---- C:\Windows\system32\MRT.exe
2011-01-12 03:01:00 ----D---- C:\ProgramData\Microsoft Help
2011-01-08 04:27:00 ----A---- C:\Windows\system32\nvd3dumx.dll
2011-01-08 04:27:00 ----A---- C:\Windows\system32\nvapi64.dll
2011-01-05 21:25:02 ----A---- C:\Windows\SYSWOW64\wrap_oal.dll
2011-01-05 21:25:02 ----A---- C:\Windows\SYSWOW64\OpenAL32.dll
2011-01-05 21:25:02 ----A---- C:\Windows\system32\wrap_oal.dll
2011-01-05 21:25:02 ----A---- C:\Windows\system32\OpenAL32.dll
2011-01-01 21:07:52 ----D---- C:\Program Files (x86)\Java

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 KL1;kl1; C:\Windows\system32\DRIVERS\kl1.sys [2010-06-09 460888]
R0 mv61xx;mv61xx; C:\Windows\system32\DRIVERS\mv61xx.sys [2008-06-23 173096]
R0 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [2009-07-14 12352]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2009-07-14 214096]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2010-10-15 834544]
R1 AsIO;AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [2009-08-04 13440]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2009-07-14 514048]
R1 ElbyCDIO;ElbyCDIO Driver; C:\Windows\System32\Drivers\ElbyCDIO.sys [2010-01-01 34472]
R1 kl2;kl2; C:\Windows\system32\DRIVERS\kl2.sys [2010-06-09 11864]
R1 KLIF;Kaspersky Lab Driver; C:\Windows\system32\DRIVERS\klif.sys [2010-10-11 556120]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter; C:\Windows\system32\DRIVERS\klim6.sys [2010-04-22 27736]
R2 acedrv11;acedrv11; \??\C:\Windows\system32\drivers\acedrv11.sys [2010-02-24 191616]
R2 atksgt;atksgt; C:\Windows\system32\DRIVERS\atksgt.sys [2011-01-21 314016]
R2 lirsgt;lirsgt; C:\Windows\system32\DRIVERS\lirsgt.sys [2011-01-21 43680]
R2 RMCAST;@%SystemRoot%\system32\wshrm.dll,-102; C:\Windows\system32\DRIVERS\RMCAST.sys [2009-07-14 145920]
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\ADIHdAud.sys [2009-06-05 475136]
R3 dsnpfdMP;dsnpfdMP; C:\Windows\system32\DRIVERS\dsnpfd.sys [2010-10-15 34184]
R3 klmouflt;Kaspersky Lab KLMOUFLT; C:\Windows\system32\DRIVERS\klmouflt.sys [2009-11-02 22544]
R3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\Windows\system32\DRIVERS\LHidFilt.Sys [2010-08-24 63568]
R3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\Windows\system32\DRIVERS\LMouFilt.Sys [2010-08-24 57936]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\Windows\system32\DRIVERS\ASACPI.sys [2009-07-16 15416]
R3 pcouffin;VSO Software pcouffin; C:\Windows\System32\Drivers\pcouffin.sys [2010-10-19 82816]
R3 SbieDrv;SbieDrv; \??\F:\Program Files\Sandboxie\SbieDrv.sys [2010-02-03 134760]
R3 seehcri;Sony Ericsson seehcri Device Driver; C:\Windows\system32\DRIVERS\seehcri.sys [2008-01-09 34032]
R3 yukonx64;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller; C:\Windows\system32\DRIVERS\yk60x64.sys [2007-08-15 369152]
S3 avpii9pr;avpii9pr; C:\Windows\system32\drivers\avpii9pr.sys []
S3 dsnpfd;Dsnpfd Service; C:\Windows\system32\DRIVERS\dsnpfd.sys [2010-10-15 34184]
S3 FARMNTIO;FARMNTIO; \??\c:\windows\system32\drivers\farmntio.sys [2009-11-26 23056]
S3 HTCAND64;HTC Device Driver; C:\Windows\System32\Drivers\ANDROIDUSB.sys [2009-10-26 32768]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2009-07-14 165376]
S3 s125bus;Sony Ericsson Device 125 driver (WDM); C:\Windows\system32\DRIVERS\s125bus.sys [2007-04-24 108296]
S3 s125mdfl;Sony Ericsson Device 125 USB WMC Modem Filter; C:\Windows\system32\DRIVERS\s125mdfl.sys [2007-04-24 19720]
S3 s125mdm;Sony Ericsson Device 125 USB WMC Modem Driver; C:\Windows\system32\DRIVERS\s125mdm.sys [2007-04-24 144648]
S3 s125mgmt;Sony Ericsson Device 125 USB WMC Device Management Drivers (WDM); C:\Windows\system32\DRIVERS\s125mgmt.sys [2007-04-24 126216]
S3 s125obex;Sony Ericsson Device 125 USB WMC OBEX Interface; C:\Windows\system32\DRIVERS\s125obex.sys [2007-04-24 123656]
S3 s3cap;s3cap; C:\Windows\system32\DRIVERS\vms3cap.sys [2009-07-14 6656]
S3 storvsc;storvsc; C:\Windows\system32\DRIVERS\storvsc.sys [2009-07-14 34896]
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2009-07-14 41984]
S3 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\DRIVERS\vmbus.sys [2009-07-14 200272]
S3 VMBusHID;VMBusHID; C:\Windows\system32\DRIVERS\VMBusHID.sys [2009-07-14 21760]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AEADIFilters;Andrea ADI Filters Service; C:\Windows\system32\AEADISRV.EXE [2009-06-05 111616]
R2 AsSysCtrlService;ASUS System Control Service; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [2009-12-28 96896]
R2 AVP;Služba Kaspersky Anti-Virus; F:\Program Files (x86)\Kaspersky Internet Security 2011\avp.exe [2010-10-11 352976]
R2 BWMeterConSvc;BWMeter Connections Service; F:\Program Files (x86)\BWMeter\BWMeterConSvc.exe [2010-10-15 64512]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 NAUpdate;@C:\Program Files (x86)\Nero\Update\NASvc.exe,-200; C:\Program Files (x86)\Nero\Update\NASvc.exe [2010-02-18 462632]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2011-01-07 1005160]
R2 SbieSvc;Sandboxie Service; F:\Program Files\Sandboxie\SbieSvc.exe [2010-02-03 94440]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service; C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-01-07 378984]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-08-18 2291568]
R3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S3 LBTServ;Logitech Bluetooth Service; C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe [2010-10-28 357456]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service; F:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2010-10-11 1255736]

-----------------EOF-----------------

[Diallix]

Ok, sz poslana, testy mozu chvilku trvat.

[Diallix]

ta haluz uplne modifikuje system, disabluje net. Tebe internet normalne funguje ?, pretoze ho blokuje dost rafinovanym sposobom.

napodruhe to po prvom restartu zhodilo system, co je dost problem, pretoze obnovu suborov musim urobit po restarte.

tebe ten system nepadol ?

[jarek89]

ta haluz uplne modifikuje system, disabluje net. Tebe internet normalne funguje ?, pretoze ho blokuje dost rafinovanym sposobom.

napodruhe to po prvom restartu zhodilo system, co je dost problem, pretoze obnovu suborov musim urobit po restarte.

tebe ten system nepadol ?

Net mi jede v pohodě jen mám problém se soubory které napadl že po dezinfekci nejdou spustit.
Už si na něco dál přišel jak se toho zbavit?

[Diallix]

este sa opytam, ty si dal system liecit alebo si ho preinstaloval? Lebo sa to infikuje medzi sietami, u lokalnej su infikovane vsetky compy napojene na siet - zdielane.

kolko je tych suborov?

[jarek89]

este sa opytam, ty si dal system liecit alebo si ho preinstaloval? Lebo sa to infikuje medzi sietami, u lokalnej su infikovane vsetky compy napojene na siet - zdielane.

kolko je tych suborov?

Ne system v kompu mi to nenapadlo jen ty soubory na serveru

A těch souboru infikovaných bylo asi 10 pokud myslíš tohle

[Diallix]

je to file infector...cize, tie subory sa niekde nakazit museli..ak si ich odniekial doniesol a nespustil, tak to je v pohode. Ak nie, tak mas napadnuty system so sietov a to si vyziada isto minimalne reinstal ...ak vsak mas len infikovane tie subory a nespustal si ich, tak mi ich prosim zraruj (infikovane) ak idu spustit, upni a odosli mi ich. Ak tie subory uz nejaky antivir vyliecil (kazdy ma svoj postup, preto moze dojst ku modifikacii), tak to bude troska mozno problem, ale aj tak ich upni...

pisal si, ze sa ti na servery vytvarali dievne (neziaduce) subory...prave v tomto vidim stadium infekcie...vsetky compy prever hlbkovou analyzou kasperaka v nudzovom rezime.

[jarek89]

je to file infector...cize, tie subory sa niekde nakazit museli..ak si ich odniekial doniesol a nespustil, tak to je v pohode. Ak nie, tak mas napadnuty system so sietov a to si vyziada isto minimalne reinstal ...ak vsak mas len infikovane tie subory a nespustal si ich, tak mi ich prosim zraruj (infikovane) ak idu spustit, upni a odosli mi ich. Ak tie subory uz nejaky antivir vyliecil (kazdy ma svoj postup, preto moze dojst ku modifikacii), tak to bude troska mozno problem, ale aj tak ich upni...

pisal si, ze sa ti na servery vytvarali dievne (neziaduce) subory...prave v tomto vidim stadium infekcie...vsetky compy prever hlbkovou analyzou kasperaka v nudzovom rezime.

Nespustil jsem je protože je kaspersky při otevření dezinfikoval a ty co se mi na serveru vytvořili bez mého vědomí sem hned mazal......ale přesto to davam z analyzovat kasperského.......Mohl bys mi poradit jak ten server zabezpečit aby se to nestávalo jak říkam používam windowsanckou branu firewall a kasperaka. Jestli není lepší ten firewall nahradit třeba keriem nebo tak

[Diallix]

neviem aku mas licencnu politiku, ale ak prevadzkujes siet a server, tak to jedine investovat, pretoze free verzie su o nicom... cize, ja by som ti doporucil investovat do kompletneho balicku IT security. Ja som zastancom aviry, je vyborna : http://www.avira.com/en/for-home-avira- ... rity-suite Tam mas uz vsetko, je to kopletny balik zabespecenia.

Alebo teda aj kaspersky, ten ma vsak trosku vyssie naroky, na hw : http://www.kaspersky.cz/produkty/domaci ... nti-virus/

Ale ak si nezainvestoval, tak nevahaj a hned zainvetuj, mas to milion krat vratene.


Dalej, mozes zainvestovat aj dolepsieho routra ak taky nemas...funkcie ako integrovany firewall, blokovanie stranok, je urcite vyhoda. Znamemu som to doporucoval, tiez ma siet a ak by som mal server, tak by som nevahal....otazka, ci nestaci SW firewall je asi taka, ze pre niekoho staci, niekomu nie. Bezpesnost nadovsetko, mozes nim iba ziskat. Ale Windowsacky firewal, to uz davno firewallom nie je.

Dalsim krokom pri bezpecnosti je na kazdom pocitaci vytvorit obmedzene konta a aj na hlavnom pocitaci. Väcsina virov sa spusta len pod adminskym opravnenim .

[jarek89]

neviem aku mas licencnu politiku, ale ak prevadzkujes siet a server, tak to jedine investovat, pretoze free verzie su o nicom... cize, ja by som ti doporucil investovat do kompletneho balicku IT security. Ja som zastancom aviry, je vyborna : http://www.avira.com/en/for-home-avira- ... rity-suite Tam mas uz vsetko, je to kopletny balik zabespecenia.

Alebo teda aj kaspersky, ten ma vsak trosku vyssie naroky, na hw : http://www.kaspersky.cz/produkty/domaci ... nti-virus/

Ale ak si nezainvestoval, tak nevahaj a hned zainvetuj, mas to milion krat vratene.


Dalej, mozes zainvestovat aj dolepsieho routra ak taky nemas...funkcie ako integrovany firewall, blokovanie stranok, je urcite vyhoda. Znamemu som to doporucoval, tiez ma siet a ak by som mal server, tak by som nevahal....otazka, ci nestaci SW firewall je asi taka, ze pre niekoho staci, niekomu nie. Bezpesnost nadovsetko, mozes nim iba ziskat. Ale Windowsacky firewal, to uz davno firewallom nie je.

Dalsim krokom pri bezpecnosti je na kazdom pocitaci vytvorit obmedzene konta a aj na hlavnom pocitaci. Väcsina virov sa spusta len pod adminskym opravnenim .

A nevíš jak se bude chovat avira ve společnosti kaspersky internet security kterýpoužívám a který firewall bys mi doporučil.

[Diallix]

na pc mozes mat len jeden balik. viacej nie. a ono to uz je komplet security vybavenie, vratanie firewallu, cize dalsi firewall je nanajvys zbytocny, moze sa to bit.

s tymi infikovanymi subormi, skus mi ich poslat, pokusim sa ich vyliecit.

[jarek89]

na pc mozes mat len jeden balik. viacej nie. a ono to uz je komplet security vybavenie, vratanie firewallu, cize dalsi firewall je nanajvys zbytocny, moze sa to bit.

s tymi infikovanymi subormi, skus mi ich poslat, pokusim sa ich vyliecit.

Polovičku už jsem smazal.....měl jsem strach at mi to neinfikuje komplet ale zatím ne tak těch 10 souboru raději někde najdu doufam že se to nebude šířit za vše ti děkuju kdyby náhodou tak se ještě ozvu.

[Diallix]

mam tu nejake removery, tie vsak som sam neotestoval, akurat s kolegynou sa do toho pustame, preto ti moc nechcem davat postupy, ktore mozu byt zdlhave a neucinne, ak tak, nahodil by som to na system a vyliecil to , videlo by sa hned, ci to zaberie alebo nie samozrejme je to na tebe.