rootkit Alureon-C

Zpráva

pete2006 · #1 Příspěvek od **pete2006** » 03 čer 2011 10:59

Dobrý den, Avast mi hlásí: "MBR:\\.\PHYSICALDRIVE0 ROOTKIT:skrytý boot sector, napaden Alureon-C@mbr[rtk]" a neumim sae toho zbavit. po proskenovani celeho disku najde nove napadene soubory, ktere smaze a po restartu je tam zase. muzete mi prosím pomoct? vkládám log. diky pete

Logfile of random's system information tool 1.08 (written by random/random)
Run by tomáš at 2011-06-03 11:25:44
Microsoft® Windows Vista™ Ultimate Service Pack 1
System drive C: has 15 GB (39%) free of 37 GB
Total RAM: 1014 MB (32% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:26:01, on 3.6.2011
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.19019)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\install\RSIT.exe
C:\Program Files\trend micro\tomáš.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\msfeedssync.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://toolbar.inbox.com/search/dispatc ... &%language
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Inbox Toolbar - {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - C:\PROGRA~1\INBOXT~1\Inbox.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll
O2 - BHO: Inbox Toolbar - {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - C:\PROGRA~1\INBOXT~1\Inbox.dll
O3 - Toolbar: &Inbox Toolbar - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\PROGRA~1\INBOXT~1\Inbox.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Windows Explorer] rundll32.exe "C:\Windows\system32\config\SYSTEM~1\AppData\Roaming\qhyggjpb.dll",EntryPoint (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Windows Explorer] rundll32.exe "C:\Windows\system32\config\SYSTEM~1\AppData\Roaming\qhyggjpb.dll",EntryPoint (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: WikiKomentáře Google... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{474DB2FE-B645-4498-AE76-6C14829198A6}: NameServer = 10.0.0.138
O17 - HKLM\System\CS2\Services\Tcpip\..\{0B3263F9-8342-4270-8A96-2C72FCE50DC7}: NameServer = 62.141.0.1 213.162.65.1
O17 - HKLM\System\CS3\Services\Tcpip\..\{0B3263F9-8342-4270-8A96-2C72FCE50DC7}: NameServer = 62.141.0.1 213.162.65.1
O17 - HKLM\System\CS4\Services\Tcpip\..\{0B3263F9-8342-4270-8A96-2C72FCE50DC7}: NameServer = 62.141.0.1 213.162.65.1
O17 - HKLM\System\CS5\Services\Tcpip\..\{0B3263F9-8342-4270-8A96-2C72FCE50DC7}: NameServer = 62.141.0.1 213.162.65.1
O17 - HKLM\System\CS6\Services\Tcpip\..\{0B3263F9-8342-4270-8A96-2C72FCE50DC7}: NameServer = 62.141.0.1 213.162.65.1
O17 - HKLM\System\CS7\Services\Tcpip\..\{0B3263F9-8342-4270-8A96-2C72FCE50DC7}: NameServer = 62.141.0.1 213.162.65.1
O17 - HKLM\System\CS8\Services\Tcpip\..\{0B3263F9-8342-4270-8A96-2C72FCE50DC7}: NameServer = 62.141.0.1 213.162.65.1
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: inbox - {37540F19-DD4C-478B-B2DF-C19281BCAF27} - C:\PROGRA~1\INBOXT~1\Inbox.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: AMService - Unknown owner - C:\Windows\Temp\qywi\setup.exe (file missing)
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

--
End of file - 7153 bytes

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\User_Feed_Synchronization-{7429BF20-62A8-4DAC-B5A9-E0E897CA3D5A}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2011-05-20 305328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll [2011-05-21 1007160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}]
Inbox Toolbar - C:\PROGRA~1\INBOXT~1\Inbox.dll [2010-11-04 870904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{D7E97865-918F-41E4-9CD0-25AB1C574CE8} - &Inbox Toolbar - C:\PROGRA~1\INBOXT~1\Inbox.dll [2010-11-04 870904]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2011-05-20 305328]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-04-05 1008184]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2008-10-25 31072]
"avast5"=C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe [2011-05-10 3459712]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2008-04-05 1233920]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2010-12-21 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll, mfhyyybu.dll

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableLUA"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"\"="C:\Windows\system\178153.exe:*:Enabled:KL"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 3 months======

2011-06-03 11:25:45 ----D---- C:\Program Files\trend micro
2011-06-03 11:25:44 ----D---- C:\rsit
2011-06-03 10:21:31 ----A---- C:\Windows\system32\drivers\AvgArCln.sys
2011-06-03 10:21:29 ----D---- C:\Program Files\GRISOFT
2011-06-03 09:54:41 ----D---- C:\Program Files\CCleaner
2011-06-01 16:22:06 ----A---- C:\Windows\system32\drivers\aswSnx.sys
2011-04-12 17:30:15 ----A---- C:\Windows\system32\mfhyyybu.dll
2011-04-02 09:31:50 ----D---- C:\Users\tomáš\AppData\Roaming\Mozilla
2011-04-02 09:31:42 ----D---- C:\Program Files\Mozilla Firefox
2011-03-29 22:45:05 ----D---- C:\ProgramData\WindowsSearch
2011-03-24 21:00:47 ----RASH---- C:\MSDOS.SYS
2011-03-24 21:00:47 ----RASH---- C:\IO.SYS
2011-03-24 21:00:44 ----A---- C:\Windows\system32\tmp.tmp

======List of files/folders modified in the last 3 months======

2011-06-03 11:25:57 ----D---- C:\Windows\Prefetch
2011-06-03 11:25:48 ----D---- C:\Windows\Temp
2011-06-03 11:25:45 ----RD---- C:\Program Files
2011-06-03 11:23:01 ----D---- C:\install
2011-06-03 11:14:10 ----D---- C:\Windows\System32
2011-06-03 11:14:10 ----D---- C:\Windows\inf
2011-06-03 11:14:10 ----A---- C:\Windows\system32\PerfStringBackup.INI
2011-06-03 10:24:03 ----D---- C:\Windows\Minidump
2011-06-03 10:24:03 ----D---- C:\Windows
2011-06-03 10:21:31 ----D---- C:\Windows\system32\drivers
2011-06-03 10:04:27 ----D---- C:\Windows\Logs
2011-06-03 10:04:27 ----D---- C:\Windows\Debug
2011-06-03 09:54:15 ----D---- C:\Program Files\Google
2011-06-03 00:05:56 ----D---- C:\Windows\tracing
2011-06-02 20:37:23 ----SHD---- C:\System Volume Information
2011-05-31 21:02:00 ----D---- C:\Windows\system32\catroot2
2011-05-21 09:57:23 ----SHD---- C:\Windows\Installer
2011-05-10 14:10:55 ----A---- C:\Windows\system32\aswBoot.exe
2011-05-04 10:06:21 ----D---- C:\Windows\system32\Tasks
2011-05-04 10:06:20 ----D---- C:\Windows\Tasks
2011-04-25 16:32:10 ----D---- C:\Windows\system32\WDI
2011-04-19 18:11:52 ----D---- C:\Program Files\Windows Media Player
2011-04-08 16:09:25 ----D---- C:\Windows\system32\drivers\etc
2011-03-31 05:08:14 ----D---- C:\Windows\system
2011-03-29 22:45:05 ----HD---- C:\ProgramData
2011-03-24 21:00:32 ----D---- C:\Windows\Web

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 AVG Anti-Rootkit;AVG Anti-Rootkit; C:\Windows\System32\DRIVERS\avgarkt.sys [2007-01-31 5632]
R0 fvevol;BitLocker Drive Encryption Filter Driver; C:\Windows\System32\DRIVERS\fvevol.sys [2008-04-05 145464]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2009-10-13 685816]
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr.sys [2011-05-10 25432]
R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2011-05-10 441176]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2011-05-10 307928]
R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2011-05-10 49240]
R1 AvgArCln;Avg Anti-Rootkit Clean Driver; C:\Windows\System32\DRIVERS\AvgArCln.sys [2007-01-18 3968]
R2 aswFsBlk;aswFsBlk; C:\Windows\system32\drivers\aswFsBlk.sys [2011-05-10 19544]
R2 aswMonFlt;aswMonFlt; \??\C:\Windows\system32\drivers\aswMonFlt.sys [2011-05-10 53592]
R2 irda;IrDA Protocol; C:\Windows\system32\DRIVERS\irda.sys [2008-04-05 95744]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2008-04-05 179712]
R3 BCM43XV;Broadcom Extensible 802.11 Network Adapter Driver; C:\Windows\system32\DRIVERS\bcmwl6.sys [2006-11-02 464384]
R3 HdAudAddService;Ovladač funkce Microsoft 1.1 UAA pro službu zvuku High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
R3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\VSTDPV3.SYS [2008-04-05 987648]
R3 HSFHWAZL;HSFHWAZL; C:\Windows\system32\DRIVERS\VSTAZL3.SYS [2008-04-05 200704]
R3 NSCIRDA;NSC Infrared Device Driver; C:\Windows\system32\DRIVERS\nscirda.sys [2008-04-05 30720]
R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2008-04-05 88576]
R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\VSTCNXT3.SYS [2008-04-05 654336]
S3 am1tgik5;am1tgik5; C:\Windows\system32\drivers\am1tgik5.sys []
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2008-04-29 220160]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2008-04-29 29184]
S3 drmkaud;Dekodér zvuků DRM jádra společnosti Microsoft; C:\Windows\system32\drivers\drmkaud.sys [2008-04-05 5632]
S3 IpwP;IPWireless 3G Network Adapter; C:\Windows\system32\DRIVERS\ipw3gnet.sys [2007-06-12 51040]
S3 MSKSSRV;Server proxy služby datových proudů Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2008-04-05 8192]
S3 MSPCLOCK;Server proxy hodin datových proudů Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-04-05 5888]
S3 MSPQM;Server proxy správce kvality datových proudů Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2008-04-05 5504]
S3 MSTEE;Konvertor jímka-jímka typu T datových proudů Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2008-04-05 6016]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-04-05 83328]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-04-05 6656]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-04-05 386616]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2011-05-10 42184]
R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-04-05 21504]
R2 Irmon;@%SystemRoot%\System32\irmon.dll,-2000; C:\Windows\system32\svchost.exe [2008-04-05 21504]
R2 StarWindServiceAE;StarWind AE Service; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2007-05-28 275968]
S2 AMService;AMService; C:\Windows\Temp\qywi\setup.exe run []
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-12-21 135664]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-12-21 135664]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2010-12-21 182768]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 65888]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]

-----------------EOF-----------------

#2 Příspěvek od **motji** » 03 čer 2011 13:07

Hezké odpoledne

Spusťte combofix podle tohoto návodu
http://www.bleepingcomputer.com/combofi ... t-combofix
-přejmenujte combofix na žižala.com

pete2006 · #3 Příspěvek od **pete2006** » 03 čer 2011 16:12

zdravim,
tak jsem se pokusil jej spustit, ale mam problem: nejdriv zahlasil, ze jeho platnost vyprsela a po odkliknuti to bezelo az do chvile, nez meli nabihat ty faze. tam nabehla pouze 49 a pak to hodilo chybu: system nenasel zadane ??? davky - Check_Hal a prestalo pracovat
Kdyz jej necham aktualizovat, tak probehne aktualizace, spusti se a po zazalohovani systemu hodi chybu, ze REGT není názvem příkazu... a že windows nemuze najit položku NIRKMD a po odkliknuti jeste chvili bezi a pak se mi NB natvrdo restartuje do modre obrazovky a vypisu pameti...
I po restartu a nekolika opakovanych pokusech je to stejne
dik

pete2006 · #4 Příspěvek od **pete2006** » 03 čer 2011 16:36

zdravim, ted jsem jeste stahnul jiny combofix a ten mi mimo jine jeste vypise ze windows nemuze spustit NIRCMDC a MTEE protoze neni nazvem .... souboru ani spustitelneho nebo jineho prikazu a zustane cekat a nic se nedeje. muzu do nej neco psat, nebo jej normalne krizkem zavrit.

#5 Příspěvek od **motji** » 03 čer 2011 18:20

Potvora ho blokuje

.

Stáhněte TDSSKiller http://support.kaspersky.com/downloads/ ... killer.exe
- a uložte ho na plochu.
- 2x klikněte na ikonu programu a spusťte
- dejte volbu Spustit kontrolu - pak potvrdte start sken
- pokud program najde infikovaný soubor, ukáže se Vám předvolená akce Cure, v tom případě potvrdte tlačítko Continue
- pokud bude chtít program restartovat počítač, klikněte na tlačítko Reboot Now
- pokud si restart nevyžádá, klikněte na tlačítko Report. Měl vy na Vás vyskočit log, obsah logu zkopírujte do svého topicu.
- pokud se log nezobrazí, je uložený ve Vašem kořenovém adresáři.

pete2006 · #6 Příspěvek od **pete2006** » 03 čer 2011 18:56

tak jsem to spustil a vypada to, ze neco nasel a odstranil:

2011/06/03 19:39:30.0534 1040 TDSS rootkit removing tool 2.5.3.0 May 25 2011 07:09:24
2011/06/03 19:39:30.0690 1040 ================================================================================
2011/06/03 19:39:30.0690 1040 SystemInfo:
2011/06/03 19:39:30.0690 1040
2011/06/03 19:39:30.0690 1040 OS Version: 6.0.6001 ServicePack: 1.0
2011/06/03 19:39:30.0690 1040 Product type: Workstation
2011/06/03 19:39:30.0690 1040 ComputerName: TOMÁŠ-PC
2011/06/03 19:39:30.0690 1040 UserName: tomáš
2011/06/03 19:39:30.0690 1040 Windows directory: C:\Windows
2011/06/03 19:39:30.0690 1040 System windows directory: C:\Windows
2011/06/03 19:39:30.0690 1040 Processor architecture: Intel x86
2011/06/03 19:39:30.0690 1040 Number of processors: 1
2011/06/03 19:39:30.0690 1040 Page size: 0x1000
2011/06/03 19:39:30.0690 1040 Boot type: Normal boot
2011/06/03 19:39:30.0690 1040 ================================================================================
2011/06/03 19:39:32.0172 1040 Initialize success
2011/06/03 19:39:35.0963 2108 ================================================================================
2011/06/03 19:39:35.0963 2108 Scan started
2011/06/03 19:39:35.0963 2108 Mode: Manual;
2011/06/03 19:39:35.0963 2108 ================================================================================
2011/06/03 19:39:36.0587 2108 ACPI (fcb8c7210f0135e24c6580f7f649c73c) C:\Windows\system32\drivers\acpi.sys
2011/06/03 19:39:36.0696 2108 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
2011/06/03 19:39:36.0852 2108 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
2011/06/03 19:39:36.0961 2108 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
2011/06/03 19:39:37.0024 2108 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
2011/06/03 19:39:37.0164 2108 AFD (763e172a55177e478cb419f88fd0ba03) C:\Windows\system32\drivers\afd.sys
2011/06/03 19:39:37.0336 2108 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
2011/06/03 19:39:37.0398 2108 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/06/03 19:39:37.0476 2108 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
2011/06/03 19:39:37.0617 2108 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
2011/06/03 19:39:37.0679 2108 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
2011/06/03 19:39:37.0741 2108 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
2011/06/03 19:39:37.0788 2108 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
2011/06/03 19:39:38.0022 2108 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
2011/06/03 19:39:38.0100 2108 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
2011/06/03 19:39:38.0209 2108 aswFsBlk (7f08d9c504b015d81a8abd75c80028c5) C:\Windows\system32\drivers\aswFsBlk.sys
2011/06/03 19:39:38.0381 2108 aswMonFlt (9bdc8e9ce17b773f69d2c6696c768c4f) C:\Windows\system32\drivers\aswMonFlt.sys
2011/06/03 19:39:38.0459 2108 aswRdr (ac48bdd4cd5d44af33087c06d6e9511c) C:\Windows\system32\drivers\aswRdr.sys
2011/06/03 19:39:38.0599 2108 aswSnx (b64134316fcd1f20e0f10ef3e65bd522) C:\Windows\system32\drivers\aswSnx.sys
2011/06/03 19:39:38.0724 2108 aswSP (d6788e3211afa9951ed7a4d617f68a4f) C:\Windows\system32\drivers\aswSP.sys
2011/06/03 19:39:38.0849 2108 aswTdi (4d100c45517809439c7b6dd98997fa00) C:\Windows\system32\drivers\aswTdi.sys
2011/06/03 19:39:38.0958 2108 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/06/03 19:39:39.0036 2108 atapi (2d9c903dc76a66813d350a562de40ed9) C:\Windows\system32\drivers\atapi.sys
2011/06/03 19:39:39.0208 2108 AVG Anti-Rootkit (e8054a423e5d2bdae6062bab6da159c4) C:\Windows\system32\DRIVERS\avgarkt.sys
2011/06/03 19:39:39.0270 2108 AvgArCln (ec08d1625f5c6cf2a57b79eb35186f8c) C:\Windows\system32\DRIVERS\AvgArCln.sys
2011/06/03 19:39:39.0364 2108 b57nd60x (502f1c30bd50b32d00ce4dcaecc3d3c7) C:\Windows\system32\DRIVERS\b57nd60x.sys
2011/06/03 19:39:39.0567 2108 BCM43XV (cf6a67c90951e3e763d2135dede44b85) C:\Windows\system32\DRIVERS\bcmwl6.sys
2011/06/03 19:39:39.0691 2108 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2011/06/03 19:39:39.0863 2108 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
2011/06/03 19:39:39.0910 2108 bowser (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys
2011/06/03 19:39:39.0988 2108 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/06/03 19:39:40.0081 2108 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/06/03 19:39:40.0206 2108 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/06/03 19:39:40.0253 2108 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/06/03 19:39:40.0347 2108 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/06/03 19:39:40.0612 2108 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/06/03 19:39:40.0799 2108 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2011/06/03 19:39:40.0908 2108 BTHPORT (73d53f8e90550ba81e2cf44a0873b410) C:\Windows\system32\Drivers\BTHport.sys
2011/06/03 19:39:40.0971 2108 BTHUSB (32045a4bb143bbc5bab1298c4e9e309a) C:\Windows\system32\Drivers\BTHUSB.sys
2011/06/03 19:39:41.0111 2108 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/06/03 19:39:41.0205 2108 cdrom (1ec25cea0de6ac4718bf89f9e1778b57) C:\Windows\system32\DRIVERS\cdrom.sys
2011/06/03 19:39:41.0267 2108 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
2011/06/03 19:39:41.0439 2108 CLFS (465745561c832b29f7c48b488aab3842) C:\Windows\system32\CLFS.sys
2011/06/03 19:39:41.0563 2108 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/06/03 19:39:41.0688 2108 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
2011/06/03 19:39:41.0751 2108 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
2011/06/03 19:39:41.0797 2108 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
2011/06/03 19:39:41.0875 2108 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
2011/06/03 19:39:42.0109 2108 CSC (9a5434125c3dfe42393de4bbb791bd19) C:\Windows\system32\drivers\csc.sys
2011/06/03 19:39:42.0343 2108 DfsC (9e635ae5e8ad93e2b5989e2e23679f97) C:\Windows\system32\Drivers\dfsc.sys
2011/06/03 19:39:42.0499 2108 disk (64109e623abd6955c8fb110b592e68b7) C:\Windows\system32\drivers\disk.sys
2011/06/03 19:39:42.0640 2108 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2011/06/03 19:39:42.0765 2108 DXGKrnl (85f33880b8cfb554bd3d9ccdb486845a) C:\Windows\System32\drivers\dxgkrnl.sys
2011/06/03 19:39:42.0936 2108 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/06/03 19:39:43.0014 2108 Ecache (dd2cd259d83d8b72c02c5f2331ff9d68) C:\Windows\system32\drivers\ecache.sys
2011/06/03 19:39:43.0155 2108 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
2011/06/03 19:39:43.0326 2108 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
2011/06/03 19:39:43.0373 2108 exfat (0d858eb20589a34efb25695acaa6aa2d) C:\Windows\system32\drivers\exfat.sys
2011/06/03 19:39:43.0451 2108 fastfat (3c489390c2e2064563727752af8eab9e) C:\Windows\system32\drivers\fastfat.sys
2011/06/03 19:39:43.0560 2108 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
2011/06/03 19:39:43.0623 2108 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2011/06/03 19:39:43.0701 2108 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2011/06/03 19:39:43.0779 2108 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/06/03 19:39:43.0935 2108 FltMgr (05ea53afe985443011e36dab07343b46) C:\Windows\system32\drivers\fltmgr.sys
2011/06/03 19:39:44.0044 2108 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2011/06/03 19:39:44.0247 2108 fvevol (1400c747e2b73966b100fdce5426b7b2) C:\Windows\system32\DRIVERS\fvevol.sys
2011/06/03 19:39:44.0699 2108 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
2011/06/03 19:39:44.0933 2108 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
2011/06/03 19:39:45.0011 2108 HDAudBus (c87b1ee051c0464491c1a7b03fa0bc99) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/06/03 19:39:45.0151 2108 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2011/06/03 19:39:45.0198 2108 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2011/06/03 19:39:45.0307 2108 HidUsb (854ca287ab7faf949617a788306d967e) C:\Windows\system32\DRIVERS\hidusb.sys
2011/06/03 19:39:45.0417 2108 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
2011/06/03 19:39:45.0510 2108 HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
2011/06/03 19:39:45.0604 2108 HSF_DPV (ec36f1d542ed4252390d446bf6d4dfd0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS
2011/06/03 19:39:46.0197 2108 HTTP (96e241624c71211a79c84f50a8e71cab) C:\Windows\system32\drivers\HTTP.sys
2011/06/03 19:39:46.0446 2108 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
2011/06/03 19:39:46.0540 2108 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/06/03 19:39:46.0665 2108 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
2011/06/03 19:39:46.0774 2108 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/06/03 19:39:46.0899 2108 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
2011/06/03 19:39:46.0945 2108 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2011/06/03 19:39:47.0023 2108 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/06/03 19:39:47.0164 2108 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
2011/06/03 19:39:47.0211 2108 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2011/06/03 19:39:47.0335 2108 IpwP (d3f6df74534cfdccf49803e739acaea0) C:\Windows\system32\DRIVERS\ipw3gnet.sys
2011/06/03 19:39:47.0445 2108 irda (e50a95179211b12946f7e035d60af560) C:\Windows\system32\DRIVERS\irda.sys
2011/06/03 19:39:47.0476 2108 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2011/06/03 19:39:47.0601 2108 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
2011/06/03 19:39:47.0679 2108 iScsiPrt (f247eec28317f6c739c16de420097301) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/06/03 19:39:47.0772 2108 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/06/03 19:39:47.0819 2108 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/06/03 19:39:47.0913 2108 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/06/03 19:39:47.0959 2108 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\drivers\kbdhid.sys
2011/06/03 19:39:48.0100 2108 KSecDD (7a0cf7908b6824d6a2a1d313e5ae3dca) C:\Windows\system32\Drivers\ksecdd.sys
2011/06/03 19:39:48.0303 2108 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/06/03 19:39:48.0427 2108 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
2011/06/03 19:39:48.0490 2108 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
2011/06/03 19:39:48.0661 2108 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
2011/06/03 19:39:48.0724 2108 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2011/06/03 19:39:48.0817 2108 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
2011/06/03 19:39:48.0958 2108 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
2011/06/03 19:39:49.0145 2108 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2011/06/03 19:39:49.0223 2108 monitor (ec839ba91e45cce6eadafc418fff8206) C:\Windows\system32\DRIVERS\monitor.sys
2011/06/03 19:39:49.0301 2108 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2011/06/03 19:39:49.0426 2108 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2011/06/03 19:39:49.0473 2108 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2011/06/03 19:39:49.0551 2108 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
2011/06/03 19:39:49.0629 2108 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2011/06/03 19:39:49.0769 2108 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/06/03 19:39:49.0831 2108 MRxDAV (ae3de84536b6799d2267443cec8edbb9) C:\Windows\system32\drivers\mrxdav.sys
2011/06/03 19:39:49.0894 2108 mrxsmb (7afc42e60432fd1014f5342f2b1b1f74) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/06/03 19:39:49.0956 2108 mrxsmb10 (8a75752ae17924f65452746674b14b78) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/06/03 19:39:50.0065 2108 mrxsmb20 (f4d0f3252e651f02be64984ffa738394) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/06/03 19:39:50.0159 2108 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
2011/06/03 19:39:50.0253 2108 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
2011/06/03 19:39:50.0315 2108 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2011/06/03 19:39:50.0440 2108 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2011/06/03 19:39:50.0533 2108 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2011/06/03 19:39:50.0611 2108 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/06/03 19:39:50.0736 2108 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2011/06/03 19:39:50.0814 2108 MsRPC (b5614aecb05a9340aa0fb55bf561cc63) C:\Windows\system32\drivers\MsRPC.sys
2011/06/03 19:39:50.0877 2108 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/06/03 19:39:50.0939 2108 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2011/06/03 19:39:51.0017 2108 Mup (6dfd1d322de55b0b7db7d21b90bec49c) C:\Windows\system32\Drivers\mup.sys
2011/06/03 19:39:51.0142 2108 NativeWifiP (3c21ce48ff529bb73dadb98770b54025) C:\Windows\system32\DRIVERS\nwifi.sys
2011/06/03 19:39:51.0267 2108 NDIS (9bdc71790fa08f0a0b5f10462b1bd0b1) C:\Windows\system32\drivers\ndis.sys
2011/06/03 19:39:51.0438 2108 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/06/03 19:39:51.0516 2108 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/06/03 19:39:51.0579 2108 NdisWan (3d14c3b3496f88890d431e8aa022a411) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/06/03 19:39:51.0625 2108 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2011/06/03 19:39:51.0797 2108 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2011/06/03 19:39:51.0891 2108 netbt (7c5fee5b1c5728507cd96fb4a13e7a02) C:\Windows\system32\DRIVERS\netbt.sys
2011/06/03 19:39:52.0015 2108 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/06/03 19:39:52.0140 2108 Npfs (ecb5003f484f9ed6c608d6d6c7886cbb) C:\Windows\system32\drivers\Npfs.sys
2011/06/03 19:39:52.0218 2108 NSCIRDA (6d8d2e5652fc2442c810c5d8be784148) C:\Windows\system32\DRIVERS\nscirda.sys
2011/06/03 19:39:52.0296 2108 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2011/06/03 19:39:52.0452 2108 Ntfs (b4effe29eb4f15538fd8a9681108492d) C:\Windows\system32\drivers\Ntfs.sys
2011/06/03 19:39:52.0624 2108 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/06/03 19:39:52.0671 2108 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2011/06/03 19:39:52.0717 2108 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
2011/06/03 19:39:52.0795 2108 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
2011/06/03 19:39:52.0842 2108 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
2011/06/03 19:39:53.0045 2108 ohci1394 (790e27c3db53410b40ff9ef2fd10a1d9) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/06/03 19:39:53.0107 2108 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2011/06/03 19:39:53.0154 2108 partmgr (3b38467e7c3daed009dfe359e17f139f) C:\Windows\system32\drivers\partmgr.sys
2011/06/03 19:39:53.0201 2108 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2011/06/03 19:39:53.0341 2108 pci (01b94418deb235dff777cc80076354b4) C:\Windows\system32\drivers\pci.sys
2011/06/03 19:39:53.0404 2108 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
2011/06/03 19:39:53.0466 2108 pcmcia (b7c5a8769541900f6dfa6fe0c5e4d513) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/06/03 19:39:53.0591 2108 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/06/03 19:39:53.0950 2108 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2011/06/03 19:39:54.0012 2108 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
2011/06/03 19:39:54.0121 2108 PSched (bfef604508a0ed1eae2a73e872555ffb) C:\Windows\system32\DRIVERS\pacer.sys
2011/06/03 19:39:54.0324 2108 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
2011/06/03 19:39:54.0496 2108 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/06/03 19:39:54.0574 2108 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2011/06/03 19:39:54.0621 2108 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2011/06/03 19:39:54.0683 2108 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/06/03 19:39:54.0761 2108 RasPppoe (3e9d9b048107b40d87b97df2e48e0744) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/06/03 19:39:54.0917 2108 RasSstp (a7d141684e9500ac928a772ed8e6b671) C:\Windows\system32\DRIVERS\rassstp.sys
2011/06/03 19:39:54.0979 2108 rdbss (6e1c5d0457622f9ee35f683110e93d14) C:\Windows\system32\DRIVERS\rdbss.sys
2011/06/03 19:39:55.0042 2108 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/06/03 19:39:55.0135 2108 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\DRIVERS\rdpdr.sys
2011/06/03 19:39:55.0260 2108 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2011/06/03 19:39:55.0323 2108 RDPWD (e1c18f4097a5abcec941dc4b2f99db7e) C:\Windows\system32\drivers\RDPWD.sys
2011/06/03 19:39:55.0432 2108 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2011/06/03 19:39:55.0525 2108 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/06/03 19:39:55.0635 2108 sdbus (126ea89bcc413ee45e3004fb0764888f) C:\Windows\system32\DRIVERS\sdbus.sys
2011/06/03 19:39:55.0775 2108 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/06/03 19:39:55.0853 2108 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
2011/06/03 19:39:55.0915 2108 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2011/06/03 19:39:55.0962 2108 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2011/06/03 19:39:56.0056 2108 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
2011/06/03 19:39:56.0118 2108 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
2011/06/03 19:39:56.0243 2108 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
2011/06/03 19:39:56.0305 2108 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2011/06/03 19:39:56.0383 2108 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
2011/06/03 19:39:56.0430 2108 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
2011/06/03 19:39:56.0493 2108 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
2011/06/03 19:39:56.0633 2108 Smb (031e6bcd53c9b2b9ace111eafec347b6) C:\Windows\system32\DRIVERS\smb.sys
2011/06/03 19:39:56.0711 2108 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2011/06/03 19:39:56.0820 2108 sptd (d390675b8ce45e5fb359338e5e649329) C:\Windows\system32\Drivers\sptd.sys
2011/06/03 19:39:56.0820 2108 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: d390675b8ce45e5fb359338e5e649329
2011/06/03 19:39:56.0836 2108 sptd - detected LockedFile.Multi.Generic (1)
2011/06/03 19:39:57.0007 2108 srv (5754e8bae40943871d0ab9becbf335e8) C:\Windows\system32\DRIVERS\srv.sys
2011/06/03 19:39:57.0117 2108 srv2 (d47b09ff7d28ee44d728f57c2d1fab86) C:\Windows\system32\DRIVERS\srv2.sys
2011/06/03 19:39:57.0163 2108 srvnet (32d52290341a740881521e118106acd6) C:\Windows\system32\DRIVERS\srvnet.sys
2011/06/03 19:39:57.0335 2108 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2011/06/03 19:39:57.0429 2108 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/06/03 19:39:57.0507 2108 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/06/03 19:39:57.0553 2108 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/06/03 19:39:57.0709 2108 Tcpip (782568ab6a43160a159b6215b70bcce9) C:\Windows\system32\drivers\tcpip.sys
2011/06/03 19:39:57.0897 2108 Tcpip6 (782568ab6a43160a159b6215b70bcce9) C:\Windows\system32\DRIVERS\tcpip.sys
2011/06/03 19:39:58.0068 2108 tcpipreg (d4a2e4a4b011f3a883af77315a5ae76b) C:\Windows\system32\drivers\tcpipreg.sys
2011/06/03 19:39:58.0131 2108 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2011/06/03 19:39:58.0177 2108 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2011/06/03 19:39:58.0224 2108 tdx (d09276b1fab033ce1d40dcbdf303d10f) C:\Windows\system32\DRIVERS\tdx.sys
2011/06/03 19:39:58.0318 2108 TermDD (a048056f5e1a96a9bf3071b91741a5aa) C:\Windows\system32\DRIVERS\termdd.sys
2011/06/03 19:39:58.0489 2108 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/06/03 19:39:58.0599 2108 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2011/06/03 19:39:58.0739 2108 tunnel (119b8184e106baedc83fce5ddf3950da) C:\Windows\system32\DRIVERS\tunnel.sys
2011/06/03 19:39:58.0817 2108 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
2011/06/03 19:39:58.0864 2108 udfs (8b5088058fa1d1cd897a2113ccff6c58) C:\Windows\system32\DRIVERS\udfs.sys
2011/06/03 19:39:58.0989 2108 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
2011/06/03 19:39:59.0082 2108 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
2011/06/03 19:39:59.0191 2108 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/06/03 19:39:59.0316 2108 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/06/03 19:39:59.0379 2108 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2011/06/03 19:39:59.0457 2108 usbccgp (8bd3ae150d97ba4e633c6c5c51b41ae1) C:\Windows\system32\drivers\usbccgp.sys
2011/06/03 19:39:59.0550 2108 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/06/03 19:39:59.0675 2108 usbehci (cebe90821810e76320155beba722fcf9) C:\Windows\system32\DRIVERS\usbehci.sys
2011/06/03 19:39:59.0737 2108 usbhub (cc6b28e4ce39951357963119ce47b143) C:\Windows\system32\DRIVERS\usbhub.sys
2011/06/03 19:39:59.0815 2108 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
2011/06/03 19:39:59.0940 2108 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys
2011/06/03 19:40:00.0018 2108 USBSTOR (87ba6b83c5d19b69160968d07d6e2982) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/06/03 19:40:00.0112 2108 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/06/03 19:40:00.0283 2108 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/06/03 19:40:00.0361 2108 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2011/06/03 19:40:00.0439 2108 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
2011/06/03 19:40:00.0486 2108 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
2011/06/03 19:40:00.0580 2108 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
2011/06/03 19:40:00.0658 2108 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2011/06/03 19:40:00.0751 2108 volmgrx (98f5ffe6316bd74e9e2c97206c190196) C:\Windows\system32\drivers\volmgrx.sys
2011/06/03 19:40:00.0861 2108 volsnap (d8b4a53dd2769f226b3eb374374987c9) C:\Windows\system32\drivers\volsnap.sys
2011/06/03 19:40:00.0939 2108 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
2011/06/03 19:40:01.0063 2108 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/06/03 19:40:01.0126 2108 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/06/03 19:40:01.0173 2108 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/06/03 19:40:01.0344 2108 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
2011/06/03 19:40:01.0422 2108 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2011/06/03 19:40:01.0641 2108 winachsf (5c7bdcf5864db00323fe2d90fa26a8a2) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
2011/06/03 19:40:01.0937 2108 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/06/03 19:40:02.0077 2108 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/06/03 19:40:02.0218 2108 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/06/03 19:40:02.0296 2108 MBR (0x1B8) (e2623ec53824142420ae2f36878e5488) \Device\Harddisk0\DR0
2011/06/03 19:40:02.0311 2108 \Device\Harddisk0\DR0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2011/06/03 19:40:02.0327 2108 ================================================================================
2011/06/03 19:40:02.0327 2108 Scan finished
2011/06/03 19:40:02.0327 2108 ================================================================================
2011/06/03 19:40:02.0389 0472 Detected object count: 2
2011/06/03 19:40:02.0389 0472 Actual detected object count: 2
2011/06/03 19:41:54.0007 0472 LockedFile.Multi.Generic(sptd) - User select action: Skip
2011/06/03 19:41:54.0039 0472 \Device\Harddisk0\DR0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot
2011/06/03 19:41:54.0039 0472 \Device\Harddisk0\DR0 - ok
2011/06/03 19:41:54.0039 0472 Rootkit.Win32.TDSS.tdl4(\Device\Harddisk0\DR0) - User select action: Cure
2011/06/03 19:42:29.0092 3712 Deinitialize success

#7 Příspěvek od **motji** » 03 čer 2011 19:03

Fajn, ted spustte ten combofix.

pete2006 · #8 Příspěvek od **pete2006** » 03 čer 2011 19:38

chova se stejne, i ten stary, i ten novy

#9 Příspěvek od **motji** » 03 čer 2011 19:40

Přejmenujte ho a předtím spustte

Stahněte Rkill z jednoho z odkazů, pokud by ho vir blokoval, zkuste stahnout jiný

Rkill EXE:
http://download.bleepingcomputer.com/grinler/rkill.exe

Rkill COM:
http://download.bleepingcomputer.com/grinler/rkill.com

Rkill PIF:
http://download.bleepingcomputer.com/grinler/rkill.pif

-spusťte ho a nechejte pracovat. Sám se ukončí.

-

Ted nerestartujte počítač!

pete2006 · #10 Příspěvek od **pete2006** » 03 čer 2011 20:19

rkill probehl a ukoncil se, ale combofix je na tom porad stejne

#11 Příspěvek od **motji** » 03 čer 2011 20:31

Stahněte OTL http://oldtimer.geekstogo.com/OTL.exe
-uložte ho na plochu a spustte soubor OTL.exe.
-do bílého okna dole skopírujte tento skript:

Kód: Vybrat vše

netsvcs
drivers32
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s
c:\windows\*.* /U
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys
symmpi.sys
adp3132.sys
mv61xx.sys
nvraid.sys
ndis.sys
winlogon.exe
explorer.exe
userinit.exe
lsass.exe
svchost.exe
smss.exe
hal.dll
ws2_32.dll
tcpip.sys
cryptsvc.dll
Changer.sys
JakNDis.sys
isapnp.sys
cdrom.sys
/md5stop
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c
%systemroot%\system32\drivers\*.sys /3
%systemroot%\system32\*.* /3
CREATERESTOREPOINT

- zaškrtněte okénko Pro všechny uživatele.
-označte okénka Kontrola na havěť "LOP" a Kontrola na havěť "Purity"
- Klikněte na tlačítko Prohledat
-po dokončení skenu se objeví logy OTL.Txt a Extras.txt, vložte je zde

pete2006 · #12 Příspěvek od **pete2006** » 03 čer 2011 22:01

OTL logfile created on: 2011-06-03 21:50:32 - Run 1
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Users\tomáš\Desktop
Windows Vista Ultimate Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19019)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: yyyy-MM-dd

1013.68 Mb Total Physical Memory | 304.86 Mb Available Physical Memory | 30.07% Memory free
2.24 Gb Paging File | 1.47 Gb Available in Paging File | 65.59% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 36.16 Gb Total Space | 13.32 Gb Free Space | 36.82% Space Free | Partition Type: NTFS
Drive D: | 28.35 Gb Total Space | 24.87 Gb Free Space | 87.73% Space Free | Partition Type: NTFS

Computer Name: TOMÁŠ-PC | User Name: tomáš | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011-06-03 21:48:45 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\tomáš\Desktop\OTL.exe
PRC - [2011-06-03 21:26:57 | 000,318,976 | R--- | M] () -- C:\zizala_6021z\CF10535.cfxxe
PRC - [2011-05-20 04:05:24 | 000,307,376 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
PRC - [2011-05-10 14:10:58 | 003,459,712 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2011-05-10 14:10:57 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2008-10-29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008-04-05 19:14:22 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2007-05-28 18:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

========== Modules (SafeList) ==========

MOD - [2011-06-03 21:48:45 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\tomáš\Desktop\OTL.exe
MOD - [2010-08-31 17:39:57 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_5cdd65e20837faf2\comctl32.dll
MOD - [2008-11-27 06:35:06 | 001,748,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\GdiPlus.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (AMService)
SRV - [2011-05-10 14:10:57 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2008-04-05 19:12:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007-05-28 18:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) [Auto | Running] -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)

========== Driver Services (SafeList) ==========

DRV - [2011-05-10 14:03:54 | 000,441,176 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011-05-10 14:03:44 | 000,307,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011-05-10 14:02:37 | 000,049,240 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011-05-10 13:59:56 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011-05-10 13:59:44 | 000,053,592 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2011-05-10 13:59:35 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2009-10-13 16:20:43 | 000,685,816 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2007-06-12 13:15:10 | 000,051,040 | ---- | M] (IPWireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ipw3gnet.sys -- (IpwP)
DRV - [2007-01-31 15:33:46 | 000,005,632 | ---- | M] (GRISOFT, s.r.o.) [Kernel | Boot | Running] -- C:\Windows\System32\DRIVERS\avgarkt.sys -- (AVG Anti-Rootkit)
DRV - [2007-01-18 14:00:28 | 000,003,968 | ---- | M] (GRISOFT, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\AvgArCln.sys -- (AvgArCln)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - C:\Program Files\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011-05-27 16:45:19 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2011-04-02 09:31:44 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011-04-02 09:31:44 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\distribution\extensions
[2011-04-02 09:31:44 | 000,000,000 | ---D | M] (Seznam liĹˇtiÄŤka) -- C:\Program Files\Mozilla Firefox\distribution\extensions\{ea614400-e918-4741-9a97-7a972ff7c30b}
File not found (No name found) --
File not found (No name found) -- C:\USERS\TOMĂˇĹˇ\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7C5WK9SC.DEFAULT\EXTENSIONS\{EA614400-E918-4741-9A97-7A972FF7C30B}
[2010-11-09 19:20:42 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011-05-27 16:45:15 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2010-01-01 10:00:00 | 000,002,208 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\heureka-cz.xml
[2010-01-01 10:00:00 | 000,000,638 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\jyxo-cz.xml
[2010-01-01 10:00:00 | 000,001,367 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\seznam-cz.xml
[2010-01-01 10:00:00 | 000,000,654 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\slunecnice-cz.xml
[2010-01-01 10:00:00 | 000,001,179 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-cz.xml

Hosts file not found
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O2 - BHO: (Inbox Toolbar) - {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - C:\Program Files\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
O3 - HKLM\..\Toolbar: (&Inbox Toolbar) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\Program Files\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Inbox Toolbar) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\Program Files\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: WikiKomentáře Google... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll (Google Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.102.0.252 10.102.0.253
O18 - Protocol\Handler\inbox {37540F19-DD4C-478B-B2DF-C19281BCAF27} - C:\Program Files\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\tomáš\AppData\Roaming\Microsoft\Windows Photo Gallery\Tapeta galerie Windows Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\tomáš\AppData\Roaming\Microsoft\Windows Photo Gallery\Tapeta galerie Windows Fotogalerie.jpg
O29 - HKLM SecurityProviders - (mfhyyybu.dll) - C:\Windows\System32\mfhyyybu.dll (Bfrrwlx Software)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

Drivers32: msacm.divxa32 - C:\Windows\System32\divxa32.acm (Kristal StudioDFileDescription)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\Windows\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FFDS - C:\Windows\System32\ff_vfw.dll ()
Drivers32: vidc.XVID - C:\Windows\System32\xvidvfw.dll ()

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011-06-03 21:27:04 | 000,000,000 | --SD | C] -- C:\zizala_6021z
[2011-06-03 21:27:04 | 000,000,000 | --SD | C] -- \zizala_6021z
[2011-06-03 21:26:16 | 000,000,000 | --SD | C] -- C:\zizala_6567z
[2011-06-03 21:26:16 | 000,000,000 | --SD | C] -- \zizala_6567z
[2011-06-03 21:22:17 | 000,000,000 | --SD | C] -- C:\zizala_22603z
[2011-06-03 21:22:17 | 000,000,000 | --SD | C] -- \zizala_22603z
[2011-06-03 21:07:08 | 000,000,000 | --SD | C] -- C:\žižala5307ž
[2011-06-03 21:07:08 | 000,000,000 | --SD | C] -- \žižala5307ž
[2011-06-03 21:01:20 | 000,000,000 | ---D | C] -- C:\zizala
[2011-06-03 21:01:20 | 000,000,000 | ---D | C] -- \zizala
[2011-06-03 21:01:19 | 000,318,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CF5496.exe
[2011-06-03 20:29:34 | 000,000,000 | --SD | C] -- C:\žižala17098ž
[2011-06-03 20:29:34 | 000,000,000 | --SD | C] -- \žižala17098ž
[2011-06-03 20:20:57 | 000,318,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CF30355.exe
[2011-06-03 20:10:06 | 000,000,000 | --SD | C] -- C:\žižala
[2011-06-03 20:10:06 | 000,000,000 | --SD | C] -- \žižala
[2011-06-03 17:26:47 | 000,000,000 | --SD | C] -- C:\ComboFix
[2011-06-03 17:26:47 | 000,000,000 | --SD | C] -- \ComboFix
[2011-06-03 17:19:40 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011-06-03 17:17:51 | 000,318,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CF27231.exe
[2011-06-03 17:06:24 | 000,000,000 | --SD | C] -- C:\zizala_376z
[2011-06-03 17:06:24 | 000,000,000 | --SD | C] -- \zizala_376z
[2011-06-03 16:29:42 | 000,000,000 | --SD | C] -- C:\zizala_
[2011-06-03 16:29:42 | 000,000,000 | --SD | C] -- \zizala_
[2011-06-03 16:19:50 | 000,318,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CF15837.exe
[2011-06-03 16:13:43 | 000,000,000 | --SD | C] -- C:\zizala4077z
[2011-06-03 16:13:43 | 000,000,000 | --SD | C] -- \zizala4077z
[2011-06-03 16:10:03 | 000,000,000 | --SD | C] -- C:\zizala20615z
[2011-06-03 16:10:03 | 000,000,000 | --SD | C] -- \zizala20615z
[2011-06-03 16:09:05 | 000,318,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CF13770.exe
[2011-06-03 15:58:30 | 000,318,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CF11700.exe
[2011-06-03 15:10:09 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011-06-03 15:10:09 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011-06-03 15:10:09 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011-06-03 15:09:50 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011-06-03 15:09:48 | 000,318,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CF2148.exe
[2011-06-03 15:09:47 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\swsc.exe
[2011-06-03 15:09:44 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011-06-03 15:09:44 | 000,000,000 | ---D | C] -- \Qoobox
[2011-06-03 11:25:45 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2011-06-03 11:25:44 | 000,000,000 | ---D | C] -- C:\rsit
[2011-06-03 11:25:44 | 000,000,000 | ---D | C] -- \rsit
[2011-06-03 10:21:31 | 000,003,968 | ---- | C] (GRISOFT, s.r.o.) -- C:\Windows\System32\drivers\AvgArCln.sys
[2011-06-03 10:21:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG Anti-Rootkit Free
[2011-06-03 10:21:29 | 000,000,000 | ---D | C] -- C:\Program Files\GRISOFT
[2011-06-03 09:54:41 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011-06-03 09:54:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2011-06-01 16:22:06 | 000,441,176 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys

========== Files - Modified Within 30 Days ==========

[2011-06-03 22:06:02 | 000,000,436 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{7429BF20-62A8-4DAC-B5A9-E0E897CA3D5A}.job
[2011-06-03 21:32:00 | 000,000,938 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011-06-03 21:26:40 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011-06-03 21:26:40 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011-06-03 21:01:13 | 000,318,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\CF5496.exe
[2011-06-03 20:25:54 | 000,016,384 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2011-06-03 20:25:48 | 000,000,934 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011-06-03 20:25:30 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011-06-03 20:24:32 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011-06-03 20:20:51 | 000,318,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\CF30355.exe
[2011-06-03 19:10:33 | 171,658,885 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011-06-03 17:17:41 | 000,318,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\CF27231.exe
[2011-06-03 16:50:19 | 002,335,270 | ---- | M] () -- C:\Windows\System32\4e8890C.mht
[2011-06-03 16:38:51 | 002,335,270 | ---- | M] () -- C:\Windows\System32\f97952.mht
[2011-06-03 16:23:29 | 000,601,396 | ---- | M] () -- C:\Windows\System32\perfh005.dat
[2011-06-03 16:23:29 | 000,589,670 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011-06-03 16:23:29 | 000,115,826 | ---- | M] () -- C:\Windows\System32\perfc005.dat
[2011-06-03 16:23:29 | 000,101,682 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011-06-03 16:19:29 | 000,318,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\CF15837.exe
[2011-06-03 16:08:58 | 000,318,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\CF13770.exe
[2011-06-03 15:58:24 | 000,318,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\CF11700.exe
[2011-06-03 15:09:39 | 000,318,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\CF2148.exe
[2011-06-03 10:21:31 | 000,000,968 | ---- | M] () -- C:\Users\Public\Desktop\AVG Anti-Rootkit Free.lnk
[2011-06-03 09:54:38 | 000,001,971 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2011-06-01 16:22:06 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2011-05-10 14:10:59 | 000,040,112 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2011-05-10 14:10:55 | 000,199,304 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2011-05-10 14:03:54 | 000,441,176 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2011-05-10 14:03:44 | 000,307,928 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2011-05-10 14:02:37 | 000,049,240 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2011-05-10 13:59:56 | 000,025,432 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2011-05-10 13:59:44 | 000,053,592 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2011-05-10 13:59:35 | 000,019,544 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys

========== Files Created - No Company Name ==========

[2011-06-03 16:50:19 | 002,335,270 | ---- | C] () -- C:\Windows\System32\4e8890C.mht
[2011-06-03 16:38:51 | 002,335,270 | ---- | C] () -- C:\Windows\System32\f97952.mht
[2011-06-03 16:16:15 | 171,658,885 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011-06-03 16:10:14 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2011-06-03 16:10:14 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011-06-03 15:10:09 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011-06-03 15:10:09 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011-06-03 15:10:09 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011-06-03 10:21:31 | 000,000,968 | ---- | C] () -- C:\Users\Public\Desktop\AVG Anti-Rootkit Free.lnk
[2011-06-03 09:54:38 | 000,001,971 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2011-04-02 09:31:52 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011-03-24 21:00:47 | 000,000,000 | RHS- | C] () -- \MSDOS.SYS
[2011-03-24 21:00:47 | 000,000,000 | RHS- | C] () -- \IO.SYS
[2011-01-20 16:42:42 | 000,000,358 | ---- | C] () -- C:\Windows\wincmd.ini
[2010-11-09 19:09:13 | 000,000,118 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2010-07-08 16:49:57 | 000,000,109 | ---- | C] () -- C:\Windows\ChssBase.ini
[2010-01-06 19:29:18 | 000,000,001 | ---- | C] () -- \s
[2009-11-29 21:06:02 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2009-10-10 17:06:43 | 000,008,192 | R-S- | C] () -- \BOOTSECT.BAK
[2009-10-10 17:06:42 | 000,333,203 | RHS- | C] () -- \bootmgr
[2009-10-10 17:06:02 | 000,171,136 | RHS- | C] () -- \grldr
[2009-10-10 16:08:04 | 1377,497,088 | -HS- | C] () --
[2008-06-12 20:36:38 | 000,007,680 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2008-04-12 07:41:20 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2008-04-12 07:30:20 | 000,765,952 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2008-04-05 19:17:50 | 000,081,158 | ---- | C] () -- C:\Windows\System32\manage-bde.ini.en
[2008-04-05 19:17:47 | 000,062,976 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2008-04-05 19:14:23 | 000,100,043 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2007-02-05 20:05:26 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI
[2007-01-08 23:15:40 | 000,601,396 | ---- | C] () -- C:\Windows\System32\perfh005.dat
[2007-01-08 23:15:40 | 000,286,912 | ---- | C] () -- C:\Windows\System32\perfi005.dat
[2007-01-08 23:15:40 | 000,115,826 | ---- | C] () -- C:\Windows\System32\perfc005.dat
[2007-01-08 23:15:40 | 000,034,724 | ---- | C] () -- C:\Windows\System32\perfd005.dat
[2006-11-02 14:55:52 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006-11-02 14:46:27 | 000,384,016 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006-11-02 14:34:20 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006-11-02 12:33:01 | 000,589,670 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006-11-02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006-11-02 12:33:01 | 000,101,682 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006-11-02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006-11-02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006-11-02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006-11-02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006-11-02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006-11-02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006-11-02 09:22:43 | 000,018,271 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2006-11-02 08:25:08 | 000,000,010 | ---- | C] () -- \config.sys

========== LOP Check ==========

[2011-06-03 20:24:36 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011-06-03 22:06:02 | 000,000,436 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{7429BF20-62A8-4DAC-B5A9-E0E897CA3D5A}.job

========== Purity Check ==========

========== Custom Scans ==========

< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"Sidebar" = C:\Program Files\Windows Sidebar\sidebar.exe /autoRun -- [2008-04-05 19:12:23 | 001,233,920 | ---- | M] (Microsoft Corporation)
"swg" = "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" -- [2010-12-21 20:15:53 | 000,039,408 | ---- | M] (Google Inc.)

< c:\windows\*.* /U >

< %SYSTEMDRIVE%\*.exe >

< %ALLUSERSPROFILE%\Application Data\*. >

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

< %APPDATA%\*. >
[2011-01-20 16:48:32 | 000,000,000 | ---D | M] -- C:\Users\tomáš\AppData\Roaming\Adobe
[2010-07-08 17:14:54 | 000,000,000 | ---D | M] -- C:\Users\tomáš\AppData\Roaming\ChessBase
[2010-12-21 20:26:40 | 000,000,000 | ---D | M] -- C:\Users\tomáš\AppData\Roaming\Google
[2009-10-10 16:22:28 | 000,000,000 | ---D | M] -- C:\Users\tomáš\AppData\Roaming\Identities
[2009-10-16 17:34:02 | 000,000,000 | ---D | M] -- C:\Users\tomáš\AppData\Roaming\Macromedia
[2006-11-02 14:35:50 | 000,000,000 | ---D | M] -- C:\Users\tomáš\AppData\Roaming\Media Center Programs
[2011-02-01 09:36:33 | 000,000,000 | --SD | M] -- C:\Users\tomáš\AppData\Roaming\Microsoft
[2011-04-02 09:32:27 | 000,000,000 | ---D | M] -- C:\Users\tomáš\AppData\Roaming\Mozilla
[2009-10-13 12:12:14 | 000,000,000 | ---D | M] -- C:\Users\tomáš\AppData\Roaming\Opera
[2009-10-31 12:25:05 | 000,000,000 | ---D | M] -- C:\Users\tomáš\AppData\Roaming\Real
[2009-11-30 12:54:01 | 000,000,000 | ---D | M] -- C:\Users\tomáš\AppData\Roaming\Tific
[2009-10-13 12:18:52 | 000,000,000 | ---D | M] -- C:\Users\tomáš\AppData\Roaming\WinRAR

< %APPDATA%\*.exe /s >

< MD5 for: AGP440.SYS >
[2008-04-05 19:10:41 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys
[2008-04-05 19:10:41 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008-04-05 19:10:41 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008-04-05 19:10:41 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006-11-02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

< MD5 for: ATAPI.SYS >
[2008-04-05 19:10:40 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\drivers\atapi.sys
[2008-04-05 19:10:40 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008-04-05 19:10:40 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006-11-02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys

< MD5 for: CDROM.SYS >
[2008-04-05 19:10:45 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=1EC25CEA0DE6AC4718BF89F9E1778B57 -- C:\Windows\System32\drivers\cdrom.sys
[2008-04-05 19:10:45 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=1EC25CEA0DE6AC4718BF89F9E1778B57 -- C:\Windows\System32\DriverStore\FileRepository\cdrom.inf_a29e71c6\cdrom.sys
[2008-04-05 19:10:45 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=1EC25CEA0DE6AC4718BF89F9E1778B57 -- C:\Windows\winsxs\x86_cdrom.inf_31bf3856ad364e35_6.0.6001.18000_none_5fa95be2a3c76a4a\cdrom.sys
[2006-11-02 10:51:44 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=8D1866E61AF096AE8B582454F5E4D303 -- C:\Windows\System32\DriverStore\FileRepository\cdrom.inf_e487f727\cdrom.sys

< MD5 for: CNGAUDIT.DLL >
[2006-11-02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006-11-02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< MD5 for: CRYPTSVC.DLL >
[2006-11-02 11:46:03 | 000,123,392 | ---- | M] (Microsoft Corporation) MD5=1C26FB097170A2A91066D1E3A24366E3 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.0.6000.16386_none_73c8d7689de43d15\cryptsvc.dll
[2008-04-05 19:15:09 | 000,128,000 | ---- | M] (Microsoft Corporation) MD5=6DE363F9F99334514C46AEC02D3E3678 -- C:\Windows\System32\cryptsvc.dll
[2008-04-05 19:15:09 | 000,128,000 | ---- | M] (Microsoft Corporation) MD5=6DE363F9F99334514C46AEC02D3E3678 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.0.6001.18000_none_75ff99649acf4de9\cryptsvc.dll

< MD5 for: EXPLORER.EXE >
[2008-10-29 08:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008-10-29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\explorer.exe
[2008-10-29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008-10-30 05:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2008-10-28 04:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2006-11-02 11:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe
[2008-04-05 19:14:48 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

< MD5 for: HAL.DLL >
[2008-04-05 19:10:41 | 000,177,208 | ---- | M] (Microsoft Corporation) MD5=A00B0EDD048786E30EBB2DA65D9A8F74 -- C:\Windows\System32\hal.dll

< MD5 for: IASTORV.SYS >
[2008-04-05 19:12:07 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys
[2008-04-05 19:12:07 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008-04-05 19:12:07 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006-11-02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

< MD5 for: ISAPNP.SYS >
[2006-11-02 11:50:24 | 000,047,208 | ---- | M] (Microsoft Corporation) MD5=350FCA7E73CF65BCEF43FAE1E4E91293 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\isapnp.sys
[2008-04-05 19:10:41 | 000,049,720 | ---- | M] (Microsoft Corporation) MD5=6C70698A3E5C4376C6AB5C7C17FB0614 -- C:\Windows\System32\drivers\isapnp.sys
[2008-04-05 19:10:41 | 000,049,720 | ---- | M] (Microsoft Corporation) MD5=6C70698A3E5C4376C6AB5C7C17FB0614 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\isapnp.sys
[2008-04-05 19:10:41 | 000,049,720 | ---- | M] (Microsoft Corporation) MD5=6C70698A3E5C4376C6AB5C7C17FB0614 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\isapnp.sys
[2008-04-05 19:10:41 | 000,049,720 | ---- | M] (Microsoft Corporation) MD5=6C70698A3E5C4376C6AB5C7C17FB0614 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\isapnp.sys

< MD5 for: LSASS.EXE >
[2009-06-15 14:51:56 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=203D86EBD6D8E4C8501B222421E81506 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6002.22152_none_a886901f7335e2fc\lsass.exe
[2009-09-10 16:44:14 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=2D3AC5E7AC01E905F3ABD2D745FE3A9B -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6002.22223_none_a8a80213731ca5a7\lsass.exe
[2009-06-15 14:48:49 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=3978F3540329E16C0AC3BCF677E5669F -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6002.18051_none_a7fbf30a5a1929db\lsass.exe
[2009-02-13 09:26:04 | 000,007,680 | ---- | M] (Microsoft Corporation) MD5=59DE082968FDD257FFF0D209B9A5B460 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.16820_none_a44eb0105fb4d975\lsass.exe
[2006-11-02 11:45:21 | 000,007,680 | ---- | M] (Microsoft Corporation) MD5=6A0E382E74280E4CC0DF17FE2661D003 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.16386_none_a413c8c65fe02762\lsass.exe
[2009-06-15 15:03:38 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=6F1F23D3599EAE17734451936B7F17C6 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.22450_none_a69e1da376115b2a\lsass.exe
[2009-06-15 14:57:59 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=A911ECAC81F94ADEAFBE8E3F7873EDB0 -- C:\Windows\System32\lsass.exe
[2009-06-15 14:57:59 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=A911ECAC81F94ADEAFBE8E3F7873EDB0 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.18272_none_a600dfae5d0228c9\lsass.exe
[2009-02-13 06:58:37 | 000,007,680 | ---- | M] (Microsoft Corporation) MD5=AFF8A58280863629CA4FFA9E0B259F1E -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.21010_none_a4e2f4e978ca9090\lsass.exe
[2009-06-15 14:59:08 | 000,007,680 | ---- | M] (Microsoft Corporation) MD5=BA9A67672E025078C77967731BCFC560 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.21067_none_a4b3e75378eccda6\lsass.exe
[2009-06-15 15:10:12 | 000,007,680 | ---- | M] (Microsoft Corporation) MD5=C731B1FE449D4E9CEA358C9D55B69BE9 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.16870_none_a418a0745fdd652a\lsass.exe
[2009-09-09 13:09:38 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=CB7E838C140B4087B2DA323F2D4523C5 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.22518_none_a6d1618975e9b345\lsass.exe
[2009-09-10 16:47:51 | 000,007,680 | ---- | M] (Microsoft Corporation) MD5=D09A5DA84B7C9CA9B02EBCD7FAE41C8D -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.21125_none_a4dd285578ce285b\lsass.exe
[2008-04-05 19:14:26 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=DCF733788C7D088D814E5F80EB4B3E0F -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.18000_none_a64a8ac25ccb3836\lsass.exe
[2008-04-05 19:14:26 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=DCF733788C7D088D814E5F80EB4B3E0F -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.18215_none_a644c0145ccecd28\lsass.exe
[2008-04-05 19:14:26 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=DCF733788C7D088D814E5F80EB4B3E0F -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6002.18005_none_a83603ce59ed0382\lsass.exe
[2009-02-13 10:20:29 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=F4C62B07E5BF96F1FDCA9DB393ECED22 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.22376_none_a68e7da1761c2def\lsass.exe

< MD5 for: NDIS.SYS >
[2006-11-02 11:51:42 | 000,500,840 | ---- | M] (Microsoft Corporation) MD5=227C11E1E7CF6EF8AFB2A238D209760C -- C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.0.6000.16386_none_a59069cb1f23fc44\ndis.sys
[2008-04-05 19:13:22 | 000,529,464 | ---- | M] (Microsoft Corporation) MD5=9BDC71790FA08F0A0B5F10462B1BD0B1 -- C:\Windows\System32\drivers\ndis.sys
[2008-04-05 19:13:22 | 000,529,464 | ---- | M] (Microsoft Corporation) MD5=9BDC71790FA08F0A0B5F10462B1BD0B1 -- C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.0.6001.18000_none_a7c72bc71c0f0d18\ndis.sys

< MD5 for: NETLOGON.DLL >
[2006-11-02 11:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll
[2008-04-05 19:13:57 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\System32\netlogon.dll
[2008-04-05 19:13:57 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

< MD5 for: NVRAID.SYS >
[2008-04-05 19:12:02 | 000,102,968 | ---- | M] (NVIDIA Corporation) MD5=2EDF9E7751554B42CBB60116DE727101 -- C:\Windows\System32\drivers\nvraid.sys
[2008-04-05 19:12:02 | 000,102,968 | ---- | M] (NVIDIA Corporation) MD5=2EDF9E7751554B42CBB60116DE727101 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvraid.sys
[2008-04-05 19:12:02 | 000,102,968 | ---- | M] (NVIDIA Corporation) MD5=2EDF9E7751554B42CBB60116DE727101 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvraid.sys
[2006-11-02 11:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) MD5=E69E946F80C1C31C53003BFBF50CBB7C -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvraid.sys

< MD5 for: NVSTOR.SYS >
[2006-11-02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008-04-05 19:12:02 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys
[2008-04-05 19:12:02 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008-04-05 19:12:02 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

< MD5 for: SCECLI.DLL >
[2008-04-05 19:15:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\System32\scecli.dll
[2008-04-05 19:15:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2006-11-02 11:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll

< MD5 for: SMSS.EXE >
[2008-04-05 19:13:20 | 000,064,000 | ---- | M] (Microsoft Corporation) MD5=6701DDAF68BEDE6BBEEA9D514D73A35B -- C:\Windows\System32\smss.exe
[2008-04-05 19:13:20 | 000,064,000 | ---- | M] (Microsoft Corporation) MD5=6701DDAF68BEDE6BBEEA9D514D73A35B -- C:\Windows\winsxs\x86_microsoft-windows-smss_31bf3856ad364e35_6.0.6001.18000_none_ac3aa7fd19319fba\smss.exe
[2006-11-02 11:45:45 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=CAA75757BB3695478C23CB0624342A61 -- C:\Windows\winsxs\x86_microsoft-windows-smss_31bf3856ad364e35_6.0.6000.16386_none_aa03e6011c468ee6\smss.exe

< MD5 for: SVCHOST.EXE >
[2006-11-02 11:45:47 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=10DA15933D582D2FEDCF705EFE394B09 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6000.16386_none_b38497a50862ad11\svchost.exe
[2008-04-05 19:13:05 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\System32\svchost.exe
[2008-04-05 19:13:05 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe

< MD5 for: TCPIP.SYS >
[2008-04-26 10:08:16 | 000,891,448 | ---- | M] (Microsoft Corporation) MD5=01EC1E92595F839BEE70D439C46796E3 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22167_none_b36dd19b7fae39c7\tcpip.sys
[2009-12-08 22:52:30 | 000,897,624 | ---- | M] (Microsoft Corporation) MD5=1ACBB7A47E78F4CC82D2EFFB72901528 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18377_none_b2d96a966698ad63\tcpip.sys
[2009-08-15 23:30:53 | 000,816,640 | ---- | M] (Microsoft Corporation) MD5=2512B4D1353370D6688B1AF1F5AFA1CF -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.21108_none_6030d425ab49af00\tcpip.sys
[2009-08-14 19:01:55 | 000,900,168 | ---- | M] (Microsoft Corporation) MD5=2608E71AAD54564647D4BB984E1925AA -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22497_none_b34d67897fc6850f\tcpip.sys
[2010-02-18 13:51:51 | 000,818,688 | ---- | M] (Microsoft Corporation) MD5=2C1F7005AA3B62721BFDB307BD5F5010 -- C:\Windows\SoftwareDistribution\Download\2e00d1ae0f234ed468fbb47c2cd92fae\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.21226_none_6019359fab5bb15b\tcpip.sys
[2010-02-18 16:49:38 | 000,898,952 | ---- | M] (Microsoft Corporation) MD5=2EAE4500984C2F8DACFB977060300A15 -- C:\Windows\SoftwareDistribution\Download\2e00d1ae0f234ed468fbb47c2cd92fae\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18427_none_b30f7c1866701ed5\tcpip.sys
[2009-08-14 16:24:47 | 000,813,568 | ---- | M] (Microsoft Corporation) MD5=300208927321066EA53761FDC98747C6 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.16908_none_5fa75f38922bdbf4\tcpip.sys
[2009-12-08 22:15:00 | 000,907,832 | ---- | M] (Microsoft Corporation) MD5=46E6685F3E92AEC743773ADD4CD54F57 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22283_none_b53aaa1b7ce8560d\tcpip.sys
[2010-02-18 16:07:16 | 000,904,576 | ---- | M] (Microsoft Corporation) MD5=48CBE6D53632D0067C2D6B20F90D84CA -- C:\Windows\SoftwareDistribution\Download\2e00d1ae0f234ed468fbb47c2cd92fae\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18209_none_b50d905263846bec\tcpip.sys
[2010-02-18 14:05:37 | 000,815,104 | ---- | M] (Microsoft Corporation) MD5=4A82FA8F0DF67AA354580C3FAAF8BDE3 -- C:\Windows\SoftwareDistribution\Download\2e00d1ae0f234ed468fbb47c2cd92fae\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.17021_none_5f8a957c924295b7\tcpip.sys
[2009-12-08 22:37:09 | 000,900,696 | ---- | M] (Microsoft Corporation) MD5=5653230D480A9C54D169E1B080B72CF5 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22577_none_b36309477fb64a54\tcpip.sys
[2010-06-16 17:55:58 | 000,902,032 | ---- | M] (Microsoft Corporation) MD5=6216A954ED7045B62880A92D6C9B9FC7 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys
[2009-08-14 18:27:34 | 000,904,776 | ---- | M] (Microsoft Corporation) MD5=65877AA1B6A7CB797488E831698973E9 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18091_none_b4a43aea63d4a25f\tcpip.sys
[2010-06-16 18:39:32 | 000,912,776 | ---- | M] (Microsoft Corporation) MD5=6A10AFCE0B38371064BE41C1FBFD3C6B -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22425_none_b57d8e037cb5db63\tcpip.sys
[2010-06-16 17:59:54 | 000,898,952 | ---- | M] (Microsoft Corporation) MD5=782568AB6A43160A159B6215B70BCCE9 -- C:\Windows\System32\drivers\tcpip.sys
[2010-06-16 17:59:54 | 000,898,952 | ---- | M] (Microsoft Corporation) MD5=782568AB6A43160A159B6215B70BCCE9 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18493_none_b2bfcb7c66ac7d10\tcpip.sys
[2008-04-26 10:26:49 | 000,891,448 | ---- | M] (Microsoft Corporation) MD5=82E266BEE5F0167E41C6ECFDD2A79C02 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18063_none_b2e033a8669434a1\tcpip.sys
[2009-12-08 19:58:13 | 000,813,568 | ---- | M] (Microsoft Corporation) MD5=8734BD051FFDCBF8425CF222141C3741 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.16973_none_5f56ae52926920d8\tcpip.sys
[2009-08-14 19:07:56 | 000,897,608 | ---- | M] (Microsoft Corporation) MD5=8A7AD2A214233F684242F289ED83EBC3 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18311_none_b3144862666d6db3\tcpip.sys
[2010-02-18 19:36:50 | 000,902,024 | ---- | M] (Microsoft Corporation) MD5=93A5655CD9CD2F080EF1CB71A3666215 -- C:\Windows\SoftwareDistribution\Download\2e00d1ae0f234ed468fbb47c2cd92fae\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22636_none_b38d4a937f96be60\tcpip.sys
[2010-06-16 18:04:57 | 000,905,088 | ---- | M] (Microsoft Corporation) MD5=A474879AFA4A596B3A531F3E69730DBF -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18272_none_b4baded863c37e22\tcpip.sys
[2009-12-08 19:45:32 | 000,816,640 | ---- | M] (Microsoft Corporation) MD5=CA3A5756672013A66BB9D547A5A62DCA -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.21175_none_5fe223d3ab852692\tcpip.sys
[2006-11-02 10:58:38 | 000,802,816 | ---- | M] (Microsoft Corporation) MD5=D944522B048A5FEB7700B5170D3D9423 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.16386_none_5f4ed3e0926e99e4\tcpip.sys
[2010-02-18 16:22:11 | 000,910,216 | ---- | M] (Microsoft Corporation) MD5=D9F5DD5BBC8348E8F8220CCBF14C022E -- C:\Windows\SoftwareDistribution\Download\2e00d1ae0f234ed468fbb47c2cd92fae\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22341_none_b563eb1d7cc9b0c2\tcpip.sys
[2009-12-08 22:01:08 | 000,904,776 | ---- | M] (Microsoft Corporation) MD5=DA467E7619AE5F4588E6262C13C8940A -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18160_none_b4c3ac4a63bd325c\tcpip.sys
[2008-04-05 19:16:28 | 000,891,448 | ---- | M] (Microsoft Corporation) MD5=FC6E2835D667774D409C7C7021EAF9C4 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18000_none_b31e1252666640f6\tcpip.sys
[2009-08-14 18:33:50 | 000,905,784 | ---- | M] (Microsoft Corporation) MD5=FF71856BD4CD6D4367F9FD84BE79A874 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22200_none_b58e289d7caa2a80\tcpip.sys

< MD5 for: USERINIT.EXE >
[2008-04-05 19:15:45 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008-04-05 19:15:45 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2006-11-02 11:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe

< MD5 for: WINLOGON.EXE >
[2006-11-02 11:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2008-04-05 19:15:47 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\System32\winlogon.exe
[2008-04-05 19:15:47 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

< MD5 for: WS2_32.DLL >
[2006-11-02 11:46:14 | 000,178,688 | ---- | M] (Microsoft Corporation) MD5=D99A071C1018BB3D4ABAAD4B62048AC2 -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.0.6000.16386_none_f080eec6d16af4f0\ws2_32.dll
[2008-04-05 19:15:44 | 000,179,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\ws2_32.dll
[2008-04-05 19:15:44 | 000,179,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.0.6001.18000_none_f2b7b0c2ce5605c4\ws2_32.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2009-03-08 13:31:42 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtmsft.dll
[2009-03-08 13:31:37 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtrans.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2009-10-13 16:20:43 | 000,685,816 | ---- | M] () Unable to obtain MD5 -- C:\Windows\System32\drivers\sptd.sys

< %systemroot%\System32\config\*.sav >
[2006-11-02 12:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2006-11-02 12:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2006-11-02 12:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006-11-02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006-11-02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %systemroot%\system32\*.dll /lockedfiles >
[2009-03-08 13:31:42 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtmsft.dll
[2009-03-08 13:31:37 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtrans.dll

< reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c >

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c >
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WUAUSERV
IMAGEPATH REG_EXPAND_SZ %systemroot%\system32\svchost.exe -k netsvcs

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c >
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\BITS
IMAGEPATH REG_EXPAND_SZ %SystemRoot%\system32\svchost.exe -k netsvcs

< %systemroot%\system32\drivers\*.sys /3 >

< %systemroot%\system32\*.* /3 >
[2011-06-03 16:50:19 | 002,335,270 | ---- | M] () -- C:\Windows\System32\4e8890C.mht
[2011-06-03 22:26:01 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011-06-03 22:26:01 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011-06-03 15:58:24 | 000,318,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\CF11700.exe
[2011-06-03 16:08:58 | 000,318,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\CF13770.exe
[2011-06-03 16:19:29 | 000,318,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\CF15837.exe
[2011-06-03 15:09:39 | 000,318,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\CF2148.exe
[2011-06-03 17:17:41 | 000,318,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\CF27231.exe
[2011-06-03 20:20:51 | 000,318,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\CF30355.exe
[2011-06-03 21:01:13 | 000,318,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\CF5496.exe
[2011-06-01 16:22:06 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2011-06-03 16:38:51 | 002,335,270 | ---- | M] () -- C:\Windows\System32\f97952.mht
[2011-06-03 20:25:54 | 000,016,384 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2011-06-03 16:23:29 | 000,115,826 | ---- | M] () -- C:\Windows\System32\perfc005.dat
[2011-06-03 16:23:29 | 000,101,682 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011-06-03 16:23:29 | 000,601,396 | ---- | M] () -- C:\Windows\System32\perfh005.dat
[2011-06-03 16:23:29 | 000,589,670 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011-06-03 16:23:29 | 001,402,506 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI

< >

< >

< End of report >

pete2006 · #13 Příspěvek od **pete2006** » 03 čer 2011 22:02

OTL Extras logfile created on: 2011-06-03 21:50:32 - Run 1
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Users\tomáš\Desktop
Windows Vista Ultimate Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19019)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: yyyy-MM-dd

1013.68 Mb Total Physical Memory | 304.86 Mb Available Physical Memory | 30.07% Memory free
2.24 Gb Paging File | 1.47 Gb Available in Paging File | 65.59% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 36.16 Gb Total Space | 13.32 Gb Free Space | 36.82% Space Free | Partition Type: NTFS
Drive D: | 28.35 Gb Total Space | 24.87 Gb Free Space | 87.73% Space Free | Partition Type: NTFS

Computer Name: TOMÁŠ-PC | User Name: tomáš | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-145100264-1461140624-168581430-1000]
"EnableNotifications" = 0
"EnableNotificationsRef" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"\" = C:\Windows\system\178153.exe:*:Enabled:KL

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1D9CF016-38D5-4245-BA39-5B08194DBED8}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{2CA319E0-FFC7-4C94-A4AB-8830F2CD0DAE}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{5AF7EFB1-9B1C-419E-800C-3FA3F3372350}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{8695A73C-C1F7-4C4C-B296-92D0C308E09F}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{9F5E029B-BEDF-4FEE-B8B7-623ADFF2B48B}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"TCP Query User{9C86984F-E651-467D-AD32-A759EBB95428}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"TCP Query User{FDA91A79-7D6E-4589-985A-93D6107D66D9}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{B19BD003-89B6-4501-A5D5-20D4AC869F3E}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{D17732D2-C5A6-488B-8C78-62D66728FC8D}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{4FAA46FA-D8C1-488C-A979-83F41BB1E1DA}_is1" = Fritz 9
"{612AD33D-9824-4E87-8396-92374E91C4BB}_is1" = Inbox Toolbar
"{6DB7AD00-F781-11DF-9EEF-001279CD8240}" = Google Earth
"{74DCC43B-33C9-3389-BD0D-33EB37973657}" = Microsoft .NET Framework 3.5 Language Pack - csy
"{90120000-0015-0405-0000-0000000FF1CE}" = Microsoft Office Access MUI (Czech) 2007
"{90120000-0015-0405-0000-0000000FF1CE}_ENTERPRISE_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0405-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Czech) 2007
"{90120000-0016-0405-0000-0000000FF1CE}_ENTERPRISE_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0405-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Czech) 2007
"{90120000-0018-0405-0000-0000000FF1CE}_ENTERPRISE_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0405-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Czech) 2007
"{90120000-0019-0405-0000-0000000FF1CE}_ENTERPRISE_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0405-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Czech) 2007
"{90120000-001A-0405-0000-0000000FF1CE}_ENTERPRISE_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0405-0000-0000000FF1CE}" = Microsoft Office Word MUI (Czech) 2007
"{90120000-001B-0405-0000-0000000FF1CE}_ENTERPRISE_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0405-0000-0000000FF1CE}" = Microsoft Office Proof (Czech) 2007
"{90120000-001F-0405-0000-0000000FF1CE}_ENTERPRISE_{294B4278-CF7B-40B9-86A1-2D3FF0C2C524}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-041B-0000-0000000FF1CE}" = Microsoft Office Proof (Slovak) 2007
"{90120000-001F-041B-0000-0000000FF1CE}_ENTERPRISE_{10EC59E5-9BCE-4884-BB1A-E28627220232}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0405-0000-0000000FF1CE}" = Microsoft Office Proofing (Czech) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0405-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Czech) 2007
"{90120000-0044-0405-0000-0000000FF1CE}_ENTERPRISE_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0405-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Czech) 2007
"{90120000-006E-0405-0000-0000000FF1CE}_ENTERPRISE_{E12F9D31-4025-4BC6-B1B2-AB262C5580B0}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0405-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Czech) 2007
"{90120000-00A1-0405-0000-0000000FF1CE}_ENTERPRISE_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0405-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Czech) 2007
"{90120000-00BA-0405-0000-0000000FF1CE}_ENTERPRISE_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9CAF9762-B107-4E7B-A459-68F083298C58}" = Rybka 4
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1029-7B44-A90000000001}" = Adobe Reader 9 - Czech
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D9226EB1-C528-48AC-B423-BD9240E1F60B}" = Opera 9.62
"{E2E7A0E8-77C4-495F-8FA3-63DAEDAA2DB3}" = F-Secure PSC Prerequisites
"{F9683839-1A7F-4874-91B7-64CDF4AC4679}" = Rybka 4
"{F9FD80CE-0448-4D4F-8BCD-77FC514C3F99}" = Vista Codec Package
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"avast" = avast! Free Antivirus
"CCleaner" = CCleaner
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Google Chrome" = Google Chrome
"Microsoft .NET Framework 3.5 Language Pack - csy" = Microsoft .NET Framework 3.5 Language Pack - CSY
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 4.0.1 (x86 cs)" = Mozilla Firefox 4.0.1 (x86 cs)
"Totalcmd" = Total Commander (Remove or Repair)
"WinRAR archiver" = WinRAR

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2011-06-03 11:07:01 | Computer Name = tomáš-PC | Source = SPP | ID = 16387
Description =

Error - 2011-06-03 11:07:01 | Computer Name = tomáš-PC | Source = System Restore | ID = 8193
Description =

Error - 2011-06-03 11:27:24 | Computer Name = tomáš-PC | Source = SPP | ID = 16387
Description =

Error - 2011-06-03 11:27:24 | Computer Name = tomáš-PC | Source = System Restore | ID = 8193
Description =

Error - 2011-06-03 12:08:00 | Computer Name = tomáš-PC | Source = SPP | ID = 16387
Description =

Error - 2011-06-03 12:08:00 | Computer Name = tomáš-PC | Source = System Restore | ID = 8193
Description =

Error - 2011-06-03 12:08:00 | Computer Name = tomáš-PC | Source = System Restore | ID = 8210
Description =

Error - 2011-06-03 12:16:07 | Computer Name = tomáš-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 2011-06-03 12:16:07 | Computer Name = tomáš-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 2011-06-03 12:16:08 | Computer Name = tomáš-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

[ OSession Events ]
Error - 2010-11-18 23:51:22 | Computer Name = tomáš-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 5
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 2011-06-03 13:07:14 | Computer Name = tomáš-PC | Source = HTTP | ID = 15016
Description =

Error - 2011-06-03 13:08:13 | Computer Name = tomáš-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 2011-06-03 13:10:45 | Computer Name = tomáš-PC | Source = EventLog | ID = 6008
Description = Předchozí vypnutí systému (19:09:43, 3.6.2011) bylo neočekávané.

Error - 2011-06-03 13:11:03 | Computer Name = tomáš-PC | Source = HTTP | ID = 15016
Description =

Error - 2011-06-03 13:12:13 | Computer Name = tomáš-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 2011-06-03 13:43:50 | Computer Name = tomáš-PC | Source = HTTP | ID = 15016
Description =

Error - 2011-06-03 13:45:15 | Computer Name = tomáš-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 2011-06-03 14:06:55 | Computer Name = tomáš-PC | Source = DCOM | ID = 10010
Description =

Error - 2011-06-03 14:25:44 | Computer Name = tomáš-PC | Source = HTTP | ID = 15016
Description =

Error - 2011-06-03 14:27:11 | Computer Name = tomáš-PC | Source = Service Control Manager | ID = 7000
Description =

< End of report >

#14 Příspěvek od **motji** » 04 čer 2011 07:12

Stahněte z mého podpisu AVPTOOl http://www.viry.cz/forum/viewtopic.php?f=29&t=58179

-Podle návodu nainstalujte a proveďte sken
-co najde nechejte léčit, mazat
-sken může trvat několik hodin
-vložte zde log z výsledky

pete2006 · #15 Příspěvek od **pete2006** » 04 čer 2011 10:33

Automatická kontrola: dokončeno před 23 min. (události: 48, objekty: 673103, čas: 02:00:08)
2011-06-04 09:05 Úloha byla spuštěna
2011-06-04 09:12 Zjištěno: HEUR:Trojan.Win32.Generic c:\windows\system32\mfhyyybu.dll
2011-06-04 09:14 Zjištěno: Rootkit.Win32.TDSS.mbr c:\Documents and Settings\All Users\Alwil Software\Avast5\arpot\8474c-7e4-0.dat
2011-06-04 09:14 Zjištěno: Rootkit.Win32.TDSS.mbr c:\Documents and Settings\All Users\Alwil Software\Avast5\arpot\421a83-41c-0.dat
2011-06-04 09:14 Dezinfekce při restartování systému se nezdařila: Rootkit.Win32.TDSS.mbr c:\Documents and Settings\All Users\Alwil Software\Avast5\arpot\8474c-7e4-0.dat
2011-06-04 09:14 Dezinfekce při restartování systému se nezdařila: Rootkit.Win32.TDSS.mbr c:\Documents and Settings\All Users\Alwil Software\Avast5\arpot\421a83-41c-0.dat
2011-06-04 09:14 Zjištěno: Rootkit.Win32.TDSS.mbr c:\Documents and Settings\All Users\Alwil Software\Avast5\arpot\8756d-68c-0.dat
2011-06-04 09:14 Dezinfekce při restartování systému se nezdařila: Rootkit.Win32.TDSS.mbr c:\Documents and Settings\All Users\Alwil Software\Avast5\arpot\8756d-68c-0.dat
2011-06-04 09:14 Bude odstraněno při restartování systému: Rootkit.Win32.TDSS.mbr c:\Documents and Settings\All Users\Alwil Software\Avast5\arpot\8756d-68c-0.dat
2011-06-04 09:14 Bude odstraněno při restartování systému: Rootkit.Win32.TDSS.mbr c:\Documents and Settings\All Users\Alwil Software\Avast5\arpot\421a83-41c-0.dat
2011-06-04 09:14 Bude odstraněno při restartování systému: Rootkit.Win32.TDSS.mbr c:\Documents and Settings\All Users\Alwil Software\Avast5\arpot\8474c-7e4-0.dat
2011-06-04 09:14 Zjištěno: Rootkit.Win32.TDSS.mbr c:\Documents and Settings\All Users\Alwil Software\Avast5\arpot\8c1a9-774-0.dat
2011-06-04 09:14 Dezinfekce při restartování systému se nezdařila: Rootkit.Win32.TDSS.mbr c:\Documents and Settings\All Users\Alwil Software\Avast5\arpot\8c1a9-774-0.dat
2011-06-04 09:14 Bude odstraněno při restartování systému: Rootkit.Win32.TDSS.mbr c:\Documents and Settings\All Users\Alwil Software\Avast5\arpot\8c1a9-774-0.dat
2011-06-04 09:16 Zjištěno: EICAR-Test-File C:\Documents and Settings\tomáš\AppData\Local\Temp\Av-test.txt
2011-06-04 09:16 Neošetřeno: EICAR-Test-File C:\Documents and Settings\tomáš\AppData\Local\Temp\Av-test.txt Nelze dezinfikovat
2011-06-04 09:16 Odstraněno: EICAR-Test-File C:\Documents and Settings\tomáš\AppData\Local\Temp\Av-test.txt
2011-06-04 09:19 Zjištěno: Trojan.Win32.Agent.ftsk C:\install\T-Cleaner.exe
2011-06-04 09:19 Odstraněno: Trojan.Win32.Agent.ftsk C:\install\T-Cleaner.exe
2011-06-04 09:30 Zjištěno: Rootkit.Win32.TDSS.mbr C:\ProgramData\Alwil Software\Avast5\arpot\421a83-41c-0.dat
2011-06-04 09:30 Zjištěno: Rootkit.Win32.TDSS.mbr C:\ProgramData\Alwil Software\Avast5\arpot\8474c-7e4-0.dat
2011-06-04 09:30 Dezinfekce při restartování systému se nezdařila: Rootkit.Win32.TDSS.mbr C:\ProgramData\Alwil Software\Avast5\arpot\421a83-41c-0.dat
2011-06-04 09:30 Zjištěno: Rootkit.Win32.TDSS.mbr C:\ProgramData\Alwil Software\Avast5\arpot\8756d-68c-0.dat
2011-06-04 09:30 Dezinfekce při restartování systému se nezdařila: Rootkit.Win32.TDSS.mbr C:\ProgramData\Alwil Software\Avast5\arpot\8474c-7e4-0.dat
2011-06-04 09:30 Dezinfekce při restartování systému se nezdařila: Rootkit.Win32.TDSS.mbr C:\ProgramData\Alwil Software\Avast5\arpot\8756d-68c-0.dat
2011-06-04 09:30 Bude odstraněno při restartování systému: Rootkit.Win32.TDSS.mbr C:\ProgramData\Alwil Software\Avast5\arpot\8474c-7e4-0.dat
2011-06-04 09:30 Bude odstraněno při restartování systému: Rootkit.Win32.TDSS.mbr C:\ProgramData\Alwil Software\Avast5\arpot\8756d-68c-0.dat
2011-06-04 09:30 Bude odstraněno při restartování systému: Rootkit.Win32.TDSS.mbr C:\ProgramData\Alwil Software\Avast5\arpot\421a83-41c-0.dat
2011-06-04 09:31 Zjištěno: Rootkit.Win32.TDSS.mbr C:\ProgramData\Alwil Software\Avast5\arpot\8c1a9-774-0.dat
2011-06-04 09:31 Dezinfekce při restartování systému se nezdařila: Rootkit.Win32.TDSS.mbr C:\ProgramData\Alwil Software\Avast5\arpot\8c1a9-774-0.dat
2011-06-04 09:31 Bude odstraněno při restartování systému: Rootkit.Win32.TDSS.mbr C:\ProgramData\Alwil Software\Avast5\arpot\8c1a9-774-0.dat
2011-06-04 09:32 Zjištěno: Backdoor.Win32.Agent.bhxg C:\System Volume Information\_restore{568CB8F6-645E-4D8A-9548-36DD26FA0C63}\RP32\A0010523.exe
2011-06-04 09:32 Zjištěno: Backdoor.Win32.Kbot.azm C:\System Volume Information\_restore{568CB8F6-645E-4D8A-9548-36DD26FA0C63}\RP32\A0010524.exe/#
2011-06-04 09:33 Odstraněno: Backdoor.Win32.Kbot.azm C:\System Volume Information\_restore{568CB8F6-645E-4D8A-9548-36DD26FA0C63}\RP32\A0010524.exe
2011-06-04 09:33 Odstraněno: Backdoor.Win32.Agent.bhxg C:\System Volume Information\_restore{568CB8F6-645E-4D8A-9548-36DD26FA0C63}\RP32\A0010523.exe
2011-06-04 09:33 Zjištěno: Rootkit.Win32.TDSS.mbr C:\Users\All Users\Alwil Software\Avast5\arpot\421a83-41c-0.dat
2011-06-04 09:33 Dezinfekce při restartování systému se nezdařila: Rootkit.Win32.TDSS.mbr C:\Users\All Users\Alwil Software\Avast5\arpot\421a83-41c-0.dat
2011-06-04 09:33 Bude odstraněno při restartování systému: Rootkit.Win32.TDSS.mbr C:\Users\All Users\Alwil Software\Avast5\arpot\421a83-41c-0.dat
2011-06-04 09:33 Zjištěno: Rootkit.Win32.TDSS.mbr C:\Users\All Users\Alwil Software\Avast5\arpot\8474c-7e4-0.dat
2011-06-04 09:33 Dezinfekce při restartování systému se nezdařila: Rootkit.Win32.TDSS.mbr C:\Users\All Users\Alwil Software\Avast5\arpot\8474c-7e4-0.dat
2011-06-04 09:33 Bude odstraněno při restartování systému: Rootkit.Win32.TDSS.mbr C:\Users\All Users\Alwil Software\Avast5\arpot\8474c-7e4-0.dat
2011-06-04 09:33 Zjištěno: Rootkit.Win32.TDSS.mbr C:\Users\All Users\Alwil Software\Avast5\arpot\8756d-68c-0.dat
2011-06-04 09:33 Zjištěno: Rootkit.Win32.TDSS.mbr C:\Users\All Users\Alwil Software\Avast5\arpot\8c1a9-774-0.dat
2011-06-04 09:33 Dezinfekce při restartování systému se nezdařila: Rootkit.Win32.TDSS.mbr C:\Users\All Users\Alwil Software\Avast5\arpot\8756d-68c-0.dat
2011-06-04 09:33 Bude odstraněno při restartování systému: Rootkit.Win32.TDSS.mbr C:\Users\All Users\Alwil Software\Avast5\arpot\8756d-68c-0.dat
2011-06-04 09:33 Dezinfekce při restartování systému se nezdařila: Rootkit.Win32.TDSS.mbr C:\Users\All Users\Alwil Software\Avast5\arpot\8c1a9-774-0.dat
2011-06-04 09:33 Bude odstraněno při restartování systému: Rootkit.Win32.TDSS.mbr C:\Users\All Users\Alwil Software\Avast5\arpot\8c1a9-774-0.dat
2011-06-04 11:05 Úloha byla dokončena

VIRY.CZ

rootkit Alureon-C

rootkit Alureon-C

Re: rootkit Alureon-C

Re: rootkit Alureon-C

Re: rootkit Alureon-C

Re: rootkit Alureon-C

Re: rootkit Alureon-C

Re: rootkit Alureon-C

Re: rootkit Alureon-C

Re: rootkit Alureon-C

Re: rootkit Alureon-C

Re: rootkit Alureon-C

Re: rootkit Alureon-C

Re: rootkit Alureon-C

Re: rootkit Alureon-C

Re: rootkit Alureon-C