VIRY.CZ

Zdravim hladacov virov.
Dnes som bol po dlhsom case vo WinXP a z nicoho nic sa spustil konzolovy program dl.exe. Zrusit isiel lahko, alezbavit sa ho uz ani nie. Takmer vsetky spustitelne subory ohlasia chybu a ukoncia sa. Po hladani som niekde vycital, ze napada vsetky spustitelne subory, ktore spustim. Tak som spustil v SafeMode Combofix a nestacil som sa cudovat. Problem nevyriesil, tak som spravil aj log z RSIT. Log z Combofix je na edisku, pretoze do fora sa nedaju vkladat prilohy a je dost dlhy.
Je este nejaka sanca rozbehat to alebo pomoze uz len format?

Dakujem za kazdu radu.

Logfile of random's system information tool 1.08 (written by random/random)
Run by Administrator at 2010-12-05 16:14:30
Microsoft Windows XP Professional Service Pack 3
System drive C: has 7 GB (34%) free of 20 GB
Total RAM: 1979 MB (78% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:15:04, on 5.12.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.21293)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\system32\00THotkey.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\TOSHIBA\TouchED\TouchED.exe
C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Apoint2K\HidFind.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\RSIT.exe
C:\Program Files\trend micro\Administrator.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
F2 - REG:system.ini: UserInit=C:\WINDOWS\explorer.exe,
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\system32\00THotkey.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.exe
O4 - HKLM\..\Run: [TosHKCW.exe] "C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe"
O4 - HKLM\..\Run: [TPSODDCtl] TPSODDCtl.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NVRotateSysTray] rundll32.exe C:\WINDOWS\system32\nvsysrot.dll,Enable
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /installquiet
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Global Startup: Bluetooth Manager.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftup ... 5629292937
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 5629285765
O17 - HKLM\System\CCS\Services\Tcpip\..\{167C735D-430F-4067-8179-15A6D5DD88F6}: NameServer = 192.168.0.1,192.168.0.2
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

--
End of file - 6248 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2008-04-10 16861184]
"Apoint"=C:\Program Files\Apoint2K\Apoint.exe [2010-12-05 188416]
"00THotkey"=C:\WINDOWS\system32\00THotkey.exe [2006-08-07 253952]
"000StTHK"=C:\WINDOWS\system32\000StTHK.exe [2010-12-05 28672]
"TouchED"=C:\Program Files\TOSHIBA\TouchED\TouchED.exe [2010-12-05 131072]
"TosHKCW.exe"=C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe [2010-12-05 176128]
"TPSODDCtl"=C:\WINDOWS\system32\TPSODDCtl.exe [2010-12-05 122880]
"TPSMain"=C:\WINDOWS\system32\TPSMain.exe [2007-11-15 299008]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-12-05 33792]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-09-20 932288]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2010-09-09 110696]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2010-09-09 13851752]
"NVRotateSysTray"=C:\WINDOWS\system32\nvsysrot.dll [2010-09-09 49152]
"nwiz"=C:\Program Files\NVIDIA Corporation\nView\nwiz.exe [2010-12-05 1750016]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"H/PC Connection Agent"=C:\Program Files\Microsoft ActiveSync\Wcescomm.exe [2010-12-05 1286144]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2009-03-08 37376]

C:\Users\All Users\Start Menu\Programs\Startup
Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-27 241704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\wpdshserviceobj.dll [2009-03-08 133632]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"SynchronousMachineGroupPolicy"=0
"SynchronousUserGroupPolicy"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoSMHelp"=1
"NoSMConfigurePrograms"=1
"NoBandCustomize"=0
"NoMovingBands"=0
"NoCloseDragDropBands"=0
"NoSMMyDocs"=0x01000000
"NoSMMyPictures"=0x01000000
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoSMConfigurePrograms"=1
"NoBandCustomize"=0
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"

======File associations======

.txt - open - "C:\Program Files\PSPad editor\PSPad.exe" "%1"

======List of files/folders created in the last 1 months======

2010-12-05 16:14:31 ----D---- C:\Program Files\trend micro
2010-12-05 16:14:30 ----D---- C:\rsit
2010-12-05 16:11:36 ----A---- C:\RSIT.exe
2010-12-05 15:37:10 ----D---- C:\WINDOWS\temp
2010-12-05 15:37:08 ----A---- C:\ComboFix.txt
2010-12-05 15:15:33 ----A---- C:\WINDOWS\zip.exe
2010-12-05 15:15:33 ----A---- C:\WINDOWS\SWXCACLS.exe
2010-12-05 15:15:33 ----A---- C:\WINDOWS\SWSC.exe
2010-12-05 15:15:33 ----A---- C:\WINDOWS\SWREG.exe
2010-12-05 15:15:33 ----A---- C:\WINDOWS\sed.exe
2010-12-05 15:15:33 ----A---- C:\WINDOWS\PEV.exe
2010-12-05 15:15:33 ----A---- C:\WINDOWS\NIRCMD.exe
2010-12-05 15:15:33 ----A---- C:\WINDOWS\MBR.exe
2010-12-05 15:15:33 ----A---- C:\WINDOWS\grep.exe
2010-12-05 15:15:26 ----D---- C:\WINDOWS\ERDNT
2010-12-05 15:15:25 ----D---- C:\ComboFix
2010-12-05 15:15:02 ----AD---- C:\Qoobox
2010-12-05 15:11:11 ----A---- C:\WINDOWS\ntbtlog.txt
2010-12-05 14:16:31 ----D---- C:\Users\All Users\Application Data\Installations
2010-11-30 14:49:57 ----D---- C:\Config.Msi

======List of files/folders modified in the last 1 months======

2010-12-05 16:14:42 ----D---- C:\WINDOWS\Prefetch
2010-12-05 16:14:31 ----AD---- C:\Program Files
2010-12-05 16:13:19 ----HD---- C:\WINDOWS\inf
2010-12-05 15:37:10 ----AD---- C:\WINDOWS
2010-12-05 15:36:01 ----AD---- C:\WINDOWS\system32
2010-12-05 15:36:01 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-12-05 15:35:26 ----D---- C:\WINDOWS\system32\CatRoot2
2010-12-05 15:32:27 ----N---- C:\WINDOWS\system.ini
2010-12-05 15:32:16 ----D---- C:\WINDOWS\system32\drivers\etc
2010-12-05 15:28:50 ----D---- C:\WINDOWS\system32\dllcache
2010-12-05 15:27:29 ----D---- C:\WINDOWS\system32\drivers
2010-12-05 15:20:49 ----D---- C:\WINDOWS\AppPatch
2010-12-05 15:20:47 ----D---- C:\Program Files\Common Files
2010-12-05 15:16:34 ----SHD---- C:\System Volume Information
2010-12-05 15:16:34 ----D---- C:\WINDOWS\system32\Restore
2010-12-05 14:17:47 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-12-05 13:59:24 ----A---- C:\WINDOWS\winhlp32.exe
2010-12-05 13:59:24 ----A---- C:\WINDOWS\twunk_32.exe
2010-12-05 13:59:22 ----A---- C:\WINDOWS\TASKMAN.EXE
2010-12-05 13:59:22 ----A---- C:\WINDOWS\system32\XXMKLINK.EXE
2010-12-05 13:59:22 ----A---- C:\WINDOWS\system32\xcopy.exe
2010-12-05 13:59:22 ----A---- C:\WINDOWS\system32\wupdmgr.exe
2010-12-05 13:59:22 ----A---- C:\WINDOWS\system32\wudfhost.exe
2010-12-05 13:59:22 ----A---- C:\WINDOWS\system32\wuauclt1.exe
2010-12-05 13:59:22 ----A---- C:\WINDOWS\system32\wscript.exe
2010-12-05 13:59:22 ----A---- C:\WINDOWS\system32\wscntfy.exe
2010-12-05 13:59:22 ----A---- C:\WINDOWS\system32\write.exe
2010-12-05 13:59:22 ----A---- C:\WINDOWS\system32\wpnpinst.exe
2010-12-05 13:59:22 ----A---- C:\WINDOWS\system32\wpdshextautoplay.exe
2010-12-05 13:59:22 ----A---- C:\WINDOWS\system32\wpabaln.exe
2010-12-05 13:59:22 ----A---- C:\WINDOWS\system32\WISPTIS.EXE
2010-12-05 13:59:22 ----A---- C:\WINDOWS\system32\winver.exe
2010-12-05 13:59:22 ----A---- C:\WINDOWS\system32\winmsd.exe
2010-12-05 13:59:22 ----A---- C:\WINDOWS\system32\winmine.exe
2010-12-05 13:59:22 ----A---- C:\WINDOWS\system32\winhlp32.exe
2010-12-05 13:59:22 ----A---- C:\WINDOWS\system32\winfxdocobj.exe
2010-12-05 13:59:21 ----A---- C:\WINDOWS\system32\winchat.exe
2010-12-05 13:59:21 ----A---- C:\WINDOWS\system32\wiaacmgr.exe
2010-12-05 13:59:21 ----A---- C:\WINDOWS\system32\wgatray.exe
2010-12-05 13:59:21 ----A---- C:\WINDOWS\system32\wextract.exe
2010-12-05 13:59:21 ----A---- C:\WINDOWS\system32\wdfmgr.exe
2010-12-05 13:59:20 ----A---- C:\WINDOWS\system32\w32tm.exe
2010-12-05 13:59:20 ----A---- C:\WINDOWS\system32\vssvc.exe
2010-12-05 13:59:20 ----A---- C:\WINDOWS\system32\vssadmin.exe
2010-12-05 13:59:20 ----A---- C:\WINDOWS\system32\vsjitdebugger.exe
2010-12-05 13:59:20 ----A---- C:\WINDOWS\system32\verifier.exe
2010-12-05 13:59:20 ----A---- C:\WINDOWS\system32\verclsid.exe
2010-12-05 13:59:20 ----A---- C:\WINDOWS\system32\uWDF.exe
2010-12-05 13:59:20 ----A---- C:\WINDOWS\system32\utilman.exe
2010-12-05 13:59:20 ----A---- C:\WINDOWS\system32\usrshuta.exe
2010-12-05 13:59:20 ----A---- C:\WINDOWS\system32\usrprbda.exe
2010-12-05 13:59:20 ----A---- C:\WINDOWS\system32\usrmlnka.exe
2010-12-05 13:59:20 ----A---- C:\WINDOWS\system32\userinit.exe
2010-12-05 13:59:20 ----A---- C:\WINDOWS\system32\ups.exe
2010-12-05 13:59:20 ----A---- C:\WINDOWS\system32\upnpcont.exe
2010-12-05 13:59:20 ----A---- C:\WINDOWS\system32\unlodctr.exe
2010-12-05 13:59:20 ----A---- C:\WINDOWS\system32\tzchange.exe
2010-12-05 13:59:20 ----A---- C:\WINDOWS\system32\typeperf.exe
2010-12-05 13:59:20 ----A---- C:\WINDOWS\system32\Tweakui.exe
2010-12-05 13:59:20 ----A---- C:\WINDOWS\system32\TWarnMsg.exe
2010-12-05 13:59:20 ----A---- C:\WINDOWS\system32\tswpfwrp.exe
2010-12-05 13:59:20 ----A---- C:\WINDOWS\system32\tsshutdn.exe
2010-12-05 13:59:20 ----A---- C:\WINDOWS\system32\tskill.exe
2010-12-05 13:59:20 ----A---- C:\WINDOWS\system32\tsdiscon.exe
2010-12-05 13:59:20 ----A---- C:\WINDOWS\system32\tscon.exe
2010-12-05 13:59:20 ----A---- C:\WINDOWS\system32\tracert6.exe
2010-12-05 13:59:20 ----A---- C:\WINDOWS\system32\tracert.exe
2010-12-05 13:59:20 ----A---- C:\WINDOWS\system32\tracerpt.exe
2010-12-05 13:59:20 ----A---- C:\WINDOWS\system32\TPSODDCtl.exe
2010-12-05 13:59:20 ----A---- C:\WINDOWS\system32\tourstart.exe
2010-12-05 13:59:19 ----A---- C:\WINDOWS\system32\tlntsvr.exe
2010-12-05 13:59:19 ----A---- C:\WINDOWS\system32\tlntsess.exe
2010-12-05 13:59:19 ----A---- C:\WINDOWS\system32\tlntadmn.exe
2010-12-05 13:59:19 ----A---- C:\WINDOWS\system32\tftp.exe
2010-12-05 13:59:19 ----A---- C:\WINDOWS\system32\telnet.exe
2010-12-05 13:59:19 ----A---- C:\WINDOWS\system32\tcpsvcs.exe
2010-12-05 13:59:19 ----A---- C:\WINDOWS\system32\TCPOptimizer.exe
2010-12-05 13:59:19 ----A---- C:\WINDOWS\system32\tcmsetup.exe
2010-12-05 13:59:19 ----A---- C:\WINDOWS\system32\taskman.exe
2010-12-05 13:59:19 ----A---- C:\WINDOWS\system32\tasklist.exe
2010-12-05 13:59:19 ----A---- C:\WINDOWS\system32\taskkill.exe
2010-12-05 13:59:19 ----A---- C:\WINDOWS\system32\systray.exe
2010-12-05 13:59:19 ----A---- C:\WINDOWS\system32\systeminfo.exe
2010-12-05 13:59:19 ----A---- C:\WINDOWS\system32\sysocmgr.exe
2010-12-05 13:59:19 ----A---- C:\WINDOWS\system32\syskey.exe
2010-12-05 13:59:19 ----A---- C:\WINDOWS\system32\syncapp.exe
2010-12-05 13:59:19 ----A---- C:\WINDOWS\system32\subst.exe
2010-12-05 13:59:19 ----A---- C:\WINDOWS\system32\stimon.exe
2010-12-05 13:59:19 ----A---- C:\WINDOWS\system32\spupdsvc.exe
2010-12-05 13:59:19 ----A---- C:\WINDOWS\system32\sprestrt.exe
2010-12-05 13:59:19 ----A---- C:\WINDOWS\system32\spnpinst.exe
2010-12-05 13:59:19 ----A---- C:\WINDOWS\system32\spiisupd.exe
2010-12-05 13:59:19 ----A---- C:\WINDOWS\system32\spider.exe
2010-12-05 13:59:19 ----A---- C:\WINDOWS\system32\sort.exe
2010-12-05 13:59:19 ----A---- C:\WINDOWS\system32\sol.exe
2010-12-05 13:59:19 ----A---- C:\WINDOWS\system32\sndvol32.exe
2010-12-05 13:59:19 ----A---- C:\WINDOWS\system32\sndrec32.exe
2010-12-05 13:59:19 ----A---- C:\WINDOWS\system32\smlogsvc.exe
2010-12-05 13:59:18 ----A---- C:\WINDOWS\system32\smbinst.exe
2010-12-05 13:59:18 ----A---- C:\WINDOWS\system32\slide_wallpapers.exe
2010-12-05 13:59:18 ----A---- C:\WINDOWS\system32\skeys.exe
2010-12-05 13:59:18 ----A---- C:\WINDOWS\system32\sigverif.exe
2010-12-05 13:59:18 ----A---- C:\WINDOWS\system32\schtasks.exe
2010-12-05 13:59:18 ----A---- C:\WINDOWS\system32\shutdown.exe
2010-12-05 13:59:18 ----A---- C:\WINDOWS\system32\shrpubw.exe
2010-12-05 13:59:18 ----A---- C:\WINDOWS\system32\shmgrate.exe
2010-12-05 13:59:18 ----A---- C:\WINDOWS\system32\shadow.exe
2010-12-05 13:59:18 ----A---- C:\WINDOWS\system32\sfc.exe
2010-12-05 13:59:18 ----A---- C:\WINDOWS\system32\setupn.exe
2010-12-05 13:59:18 ----A---- C:\WINDOWS\system32\sethc.exe
2010-12-05 13:59:18 ----A---- C:\WINDOWS\system32\sessmgr.exe
2010-12-05 13:59:18 ----A---- C:\WINDOWS\system32\secedit.exe
2010-12-05 13:59:18 ----A---- C:\WINDOWS\system32\sdbinst.exe
2010-12-05 13:59:18 ----A---- C:\WINDOWS\system32\scardsvr.exe
2010-12-05 13:59:18 ----A---- C:\WINDOWS\system32\sc.exe
2010-12-05 13:59:18 ----A---- C:\WINDOWS\system32\savedump.exe
2010-12-05 13:59:18 ----A---- C:\WINDOWS\system32\rwinsta.exe
2010-12-05 13:59:18 ----A---- C:\WINDOWS\system32\runonce.exe
2010-12-05 13:59:18 ----A---- C:\WINDOWS\system32\runas.exe
2010-12-05 13:59:18 ----A---- C:\WINDOWS\system32\rtcshare.exe
2010-12-05 13:59:18 ----A---- C:\WINDOWS\system32\rsvp.exe
2010-12-05 13:59:18 ----A---- C:\WINDOWS\system32\rspndr.exe
2010-12-05 13:59:18 ----A---- C:\WINDOWS\system32\rsopprov.exe
2010-12-05 13:59:18 ----A---- C:\WINDOWS\system32\rsnotify.exe
2010-12-05 13:59:17 ----A---- C:\WINDOWS\system32\rsmui.exe
2010-12-05 13:59:17 ----A---- C:\WINDOWS\system32\rsmsink.exe
2010-12-05 13:59:17 ----A---- C:\WINDOWS\system32\rsm.exe
2010-12-05 13:59:17 ----A---- C:\WINDOWS\system32\rsh.exe
2010-12-05 13:59:17 ----A---- C:\WINDOWS\system32\routemon.exe
2010-12-05 13:59:17 ----A---- C:\WINDOWS\system32\route.exe
2010-12-05 13:59:17 ----A---- C:\WINDOWS\system32\RmActivate_ssp_isv.exe
2010-12-05 13:59:17 ----A---- C:\WINDOWS\system32\RmActivate_ssp.exe
2010-12-05 13:59:17 ----A---- C:\WINDOWS\system32\RmActivate_isv.exe
2010-12-05 13:59:17 ----A---- C:\WINDOWS\system32\RmActivate.exe
2010-12-05 13:59:17 ----A---- C:\WINDOWS\system32\rexec.exe
2010-12-05 13:59:17 ----A---- C:\WINDOWS\system32\reset.exe
2010-12-05 13:59:17 ----A---- C:\WINDOWS\system32\replace.exe
2010-12-05 13:59:17 ----A---- C:\WINDOWS\system32\renuser.exe
2010-12-05 13:59:17 ----A---- C:\WINDOWS\system32\relog.exe
2010-12-05 13:59:17 ----A---- C:\WINDOWS\system32\regwiz.exe
2010-12-05 13:59:17 ----A---- C:\WINDOWS\system32\regsvr32.exe
2010-12-05 13:59:17 ----A---- C:\WINDOWS\system32\regshot.exe
2010-12-05 13:59:17 ----A---- C:\WINDOWS\system32\regini.exe
2010-12-05 13:59:17 ----A---- C:\WINDOWS\system32\regedt32.exe
2010-12-05 13:59:17 ----A---- C:\WINDOWS\system32\reg.exe
2010-12-05 13:59:17 ----A---- C:\WINDOWS\system32\Refresh.exe
2010-12-05 13:59:17 ----A---- C:\WINDOWS\system32\recover.exe
2010-12-05 13:59:17 ----A---- C:\WINDOWS\system32\rdshost.exe
2010-12-05 13:59:17 ----A---- C:\WINDOWS\system32\rdsaddin.exe
2010-12-05 13:59:17 ----A---- C:\WINDOWS\system32\rdpclip.exe
2010-12-05 13:59:17 ----A---- C:\WINDOWS\system32\rcp.exe
2010-12-05 13:59:17 ----A---- C:\WINDOWS\system32\rcimlby.exe
2010-12-05 13:59:17 ----A---- C:\WINDOWS\system32\rasphone.exe
2010-12-05 13:59:17 ----A---- C:\WINDOWS\system32\rasdial.exe
2010-12-05 13:59:17 ----A---- C:\WINDOWS\system32\rasautou.exe
2010-12-05 13:59:16 ----A---- C:\WINDOWS\system32\qwinsta.exe
2010-12-05 13:59:16 ----A---- C:\WINDOWS\system32\qprocess.exe
2010-12-05 13:59:16 ----A---- C:\WINDOWS\system32\qfecheck.exe
2010-12-05 13:59:16 ----A---- C:\WINDOWS\system32\qappsrv.exe
2010-12-05 13:59:16 ----A---- C:\WINDOWS\system32\pxinsa64.exe
2010-12-05 13:59:16 ----A---- C:\WINDOWS\system32\pxhpinst.exe
2010-12-05 13:59:16 ----A---- C:\WINDOWS\system32\pxcpya64.exe
2010-12-05 13:59:16 ----A---- C:\WINDOWS\system32\pskill.exe
2010-12-05 13:59:16 ----A---- C:\WINDOWS\system32\proxycfg.exe
2010-12-05 13:59:16 ----A---- C:\WINDOWS\system32\PROUnstl.exe
2010-12-05 13:59:16 ----A---- C:\WINDOWS\system32\proquota.exe
2010-12-05 13:59:16 ----A---- C:\WINDOWS\system32\progman.exe
2010-12-05 13:59:16 ----A---- C:\WINDOWS\system32\print.exe
2010-12-05 13:59:16 ----A---- C:\WINDOWS\system32\PresentationHost.exe
2010-12-05 13:59:16 ----A---- C:\WINDOWS\system32\powercfg.exe
2010-12-05 13:59:16 ----A---- C:\WINDOWS\system32\pintool.exe
2010-12-05 13:59:16 ----A---- C:\WINDOWS\system32\ping6.exe
2010-12-05 13:59:16 ----A---- C:\WINDOWS\system32\ping.exe
2010-12-05 13:59:16 ----A---- C:\WINDOWS\system32\perfmon.exe
2010-12-05 13:59:16 ----A---- C:\WINDOWS\system32\pentnt.exe
2010-12-05 13:59:16 ----A---- C:\WINDOWS\system32\pathping.exe
2010-12-05 13:59:16 ----A---- C:\WINDOWS\system32\packager.exe
2010-12-05 13:59:16 ----A---- C:\WINDOWS\system32\osuninst.exe
2010-12-05 13:59:16 ----A---- C:\WINDOWS\system32\osk.exe
2010-12-05 13:59:16 ----A---- C:\WINDOWS\system32\openfiles.exe
2010-12-05 13:59:15 ----A---- C:\WINDOWS\system32\odbcconf.exe
2010-12-05 13:59:15 ----A---- C:\WINDOWS\system32\odbcad32.exe
2010-12-05 13:59:15 ----A---- C:\WINDOWS\system32\nwscript.exe
2010-12-05 13:59:14 ----A---- C:\WINDOWS\system32\nvcolor.exe
2010-12-05 13:59:14 ----A---- C:\WINDOWS\system32\ntvdm.exe
2010-12-05 13:59:14 ----A---- C:\WINDOWS\system32\ntsd.exe
2010-12-05 13:59:14 ----A---- C:\WINDOWS\system32\ntkrnlpa.exe
2010-12-05 13:59:14 ----A---- C:\WINDOWS\system32\ntbackup.exe
2010-12-05 13:59:14 ----A---- C:\WINDOWS\system32\nslookup.exe
2010-12-05 13:59:14 ----A---- C:\WINDOWS\system32\notepad.exe
2010-12-05 13:59:14 ----A---- C:\WINDOWS\system32\NoSplash.exe
2010-12-05 13:59:14 ----A---- C:\WINDOWS\system32\NoHardwareWin.exe
2010-12-05 13:59:14 ----A---- C:\WINDOWS\system32\nircmdc.exe
2010-12-05 13:59:14 ----A---- C:\WINDOWS\system32\nircmd.exe
2010-12-05 13:59:14 ----A---- C:\WINDOWS\system32\netstat.exe
2010-12-05 13:59:14 ----A---- C:\WINDOWS\system32\netsh.exe
2010-12-05 13:59:14 ----A---- C:\WINDOWS\system32\netsetup.exe
2010-12-05 13:59:14 ----A---- C:\WINDOWS\system32\netdde.exe
2010-12-05 13:59:14 ----A---- C:\WINDOWS\system32\net1.exe
2010-12-05 13:59:14 ----A---- C:\WINDOWS\system32\net.exe
2010-12-05 13:59:14 ----A---- C:\WINDOWS\system32\nddeapir.exe
2010-12-05 13:59:14 ----A---- C:\WINDOWS\system32\nbtstat.exe
2010-12-05 13:59:14 ----A---- C:\WINDOWS\system32\narrator.exe
2010-12-05 13:59:14 ----A---- C:\WINDOWS\system32\napstat.exe
2010-12-05 13:59:14 ----A---- C:\WINDOWS\system32\myuninst.exe
2010-12-05 13:59:14 ----A---- C:\WINDOWS\system32\MyCleaner.exe
2010-12-05 13:59:13 ----A---- C:\WINDOWS\system32\mstsc.exe
2010-12-05 13:59:13 ----A---- C:\WINDOWS\system32\mstinit.exe
2010-12-05 13:59:13 ----A---- C:\WINDOWS\system32\msswchx.exe
2010-12-05 13:59:13 ----A---- C:\WINDOWS\system32\mspaint.exe
2010-12-05 13:59:13 ----A---- C:\WINDOWS\system32\msiexec.exe
2010-12-05 13:59:13 ----A---- C:\WINDOWS\system32\mshta.exe
2010-12-05 13:59:13 ----A---- C:\WINDOWS\system32\mshearts.exe
2010-12-05 13:59:13 ----A---- C:\WINDOWS\system32\msg.exe
2010-12-05 13:59:13 ----A---- C:\WINDOWS\system32\msfeedssync.exe
2010-12-05 13:59:13 ----A---- C:\WINDOWS\system32\msdtc.exe
2010-12-05 13:59:13 ----A---- C:\WINDOWS\system32\MRT.exe
2010-12-05 13:59:13 ----A---- C:\WINDOWS\system32\mrinfo.exe
2010-12-05 13:59:13 ----A---- C:\WINDOWS\system32\mqtgsvc.exe
2010-12-05 13:59:12 ----A---- C:\WINDOWS\system32\mqsvc.exe
2010-12-05 13:59:12 ----A---- C:\WINDOWS\system32\mqbkup.exe
2010-12-05 13:59:12 ----A---- C:\WINDOWS\system32\mpnotify.exe
2010-12-05 13:59:12 ----A---- C:\WINDOWS\system32\mplay32.exe
2010-12-05 13:59:12 ----A---- C:\WINDOWS\system32\mountvol.exe
2010-12-05 13:59:12 ----A---- C:\WINDOWS\system32\mobsync.exe
2010-12-05 13:59:12 ----A---- C:\WINDOWS\system32\mnmsrvc.exe
2010-12-05 13:59:12 ----A---- C:\WINDOWS\system32\mmcperf.exe
2010-12-05 13:59:12 ----A---- C:\WINDOWS\system32\mmc.exe
2010-12-05 13:59:12 ----A---- C:\WINDOWS\system32\migpwd.exe
2010-12-05 13:59:12 ----A---- C:\WINDOWS\system32\makecab.exe
2010-12-05 13:59:12 ----A---- C:\WINDOWS\system32\magnify.exe
2010-12-05 13:59:12 ----A---- C:\WINDOWS\system32\lpr.exe
2010-12-05 13:59:12 ----A---- C:\WINDOWS\system32\lpq.exe
2010-12-05 13:59:12 ----A---- C:\WINDOWS\system32\logonui.exe
2010-12-05 13:59:12 ----A---- C:\WINDOWS\system32\logoff.exe
2010-12-05 13:59:12 ----A---- C:\WINDOWS\system32\logman.exe
2010-12-05 13:59:12 ----A---- C:\WINDOWS\system32\logagent.exe
2010-12-05 13:59:12 ----A---- C:\WINDOWS\system32\lodctr.exe
2010-12-05 13:59:12 ----A---- C:\WINDOWS\system32\locator.exe
2010-12-05 13:59:12 ----A---- C:\WINDOWS\system32\lnkstub.exe
2010-12-05 13:59:12 ----A---- C:\WINDOWS\system32\lights.exe
2010-12-05 13:59:12 ----A---- C:\WINDOWS\system32\lcid.exe
2010-12-05 13:59:12 ----A---- C:\WINDOWS\system32\label.exe
2010-12-05 13:59:12 ----A---- C:\WINDOWS\system32\killproc.exe
2010-12-05 13:59:11 ----A---- C:\WINDOWS\system32\ipxroute.exe
2010-12-05 13:59:11 ----A---- C:\WINDOWS\system32\ipv6.exe
2010-12-05 13:59:11 ----A---- C:\WINDOWS\system32\ipsec6.exe
2010-12-05 13:59:11 ----A---- C:\WINDOWS\system32\ipconfig.exe
2010-12-05 13:59:11 ----A---- C:\WINDOWS\system32\InstallTheme.exe
2010-12-05 13:59:11 ----A---- C:\WINDOWS\system32\imapi.exe
2010-12-05 13:59:11 ----A---- C:\WINDOWS\system32\iexpress.exe
2010-12-05 13:59:11 ----A---- C:\WINDOWS\system32\ieudinit.exe
2010-12-05 13:59:11 ----A---- C:\WINDOWS\system32\ie4uinit.exe
2010-12-05 13:59:11 ----A---- C:\WINDOWS\system32\icardagt.exe
2010-12-05 13:59:11 ----A---- C:\WINDOWS\system32\hwid.exe
2010-12-05 13:59:11 ----A---- C:\WINDOWS\system32\hostname.exe
2010-12-05 13:59:11 ----A---- C:\WINDOWS\system32\HideCMD.exe
2010-12-05 13:59:11 ----A---- C:\WINDOWS\system32\help.exe
2010-12-05 13:59:11 ----A---- C:\WINDOWS\system32\grpconv.exe
2010-12-05 13:59:11 ----A---- C:\WINDOWS\system32\gpupdate.exe
2010-12-05 13:59:11 ----A---- C:\WINDOWS\system32\gpresult.exe
2010-12-05 13:59:11 ----A---- C:\WINDOWS\system32\getmac.exe
2010-12-05 13:59:10 ----A---- C:\WINDOWS\system32\ftp.exe
2010-12-05 13:59:10 ----A---- C:\WINDOWS\system32\fsutil.exe
2010-12-05 13:59:10 ----A---- C:\WINDOWS\system32\fsquirt.exe
2010-12-05 13:59:10 ----A---- C:\WINDOWS\system32\freecell.exe
2010-12-05 13:59:10 ----A---- C:\WINDOWS\system32\forcedos.exe
2010-12-05 13:59:10 ----A---- C:\WINDOWS\system32\fontview.exe
2010-12-05 13:59:10 ----A---- C:\WINDOWS\system32\FontReg.exe
2010-12-05 13:59:10 ----A---- C:\WINDOWS\system32\fltMc.exe
2010-12-05 13:59:10 ----A---- C:\WINDOWS\system32\fixmapi.exe
2010-12-05 13:59:10 ----A---- C:\WINDOWS\system32\FixBootINI.exe
2010-12-05 13:59:10 ----A---- C:\WINDOWS\system32\finger.exe
2010-12-05 13:59:10 ----A---- C:\WINDOWS\system32\findstr.exe
2010-12-05 13:59:10 ----A---- C:\WINDOWS\system32\find.exe
2010-12-05 13:59:10 ----A---- C:\WINDOWS\system32\fc.exe
2010-12-05 13:59:10 ----A---- C:\WINDOWS\system32\extrac32.exe
2010-12-05 13:59:10 ----A---- C:\WINDOWS\system32\expand.exe
2010-12-05 13:59:10 ----A---- C:\WINDOWS\system32\eventvwr.exe
2010-12-05 13:59:10 ----A---- C:\WINDOWS\system32\eventtriggers.exe
2010-12-05 13:59:10 ----A---- C:\WINDOWS\system32\eventcreate.exe
2010-12-05 13:59:10 ----A---- C:\WINDOWS\system32\eudcedit.exe
2010-12-05 13:59:10 ----A---- C:\WINDOWS\system32\esentutl.exe
2010-12-05 13:59:10 ----A---- C:\WINDOWS\system32\dxdiag.exe
2010-12-05 13:59:10 ----A---- C:\WINDOWS\system32\dwwin.exe
2010-12-05 13:59:10 ----A---- C:\WINDOWS\system32\dvdupgrd.exe
2010-12-05 13:59:10 ----A---- C:\WINDOWS\system32\dvdplay.exe
2010-12-05 13:59:10 ----A---- C:\WINDOWS\system32\dumprep.exe
2010-12-05 13:59:10 ----A---- C:\WINDOWS\system32\drwtsn32.exe
2010-12-05 13:59:09 ----A---- C:\WINDOWS\system32\drmupgds.exe
2010-12-05 13:59:09 ----A---- C:\WINDOWS\system32\driverquery.exe
2010-12-05 13:59:09 ----A---- C:\WINDOWS\system32\dpvsetup.exe
2010-12-05 13:59:09 ----A---- C:\WINDOWS\system32\dpnsvr.exe
2010-12-05 13:59:09 ----A---- C:\WINDOWS\system32\dplaysvr.exe
2010-12-05 13:59:09 ----A---- C:\WINDOWS\system32\doskey.exe
2010-12-05 13:59:08 ----A---- C:\WINDOWS\system32\dmremote.exe
2010-12-05 13:59:08 ----A---- C:\WINDOWS\system32\dmadmin.exe
2010-12-05 13:59:08 ----A---- C:\WINDOWS\system32\dllhst3g.exe
2010-12-05 13:59:08 ----A---- C:\WINDOWS\system32\dllhost.exe
2010-12-05 13:59:08 ----A---- C:\WINDOWS\system32\diskperf.exe
2010-12-05 13:59:08 ----A---- C:\WINDOWS\system32\diskpart.exe
2010-12-05 13:59:07 ----A---- C:\WINDOWS\system32\diantz.exe
2010-12-05 13:59:07 ----A---- C:\WINDOWS\system32\dfrgntfs.exe
2010-12-05 13:59:07 ----A---- C:\WINDOWS\system32\dfrgfat.exe
2010-12-05 13:59:07 ----A---- C:\WINDOWS\system32\defrag.exe
2010-12-05 13:59:07 ----A---- C:\WINDOWS\system32\ddeshare.exe
2010-12-05 13:59:07 ----A---- C:\WINDOWS\system32\dcomcnfg.exe
2010-12-05 13:59:07 ----A---- C:\WINDOWS\system32\cWnd.exe
2010-12-05 13:59:07 ----A---- C:\WINDOWS\system32\cscript.exe
2010-12-05 13:59:07 ----A---- C:\WINDOWS\system32\convert.exe
2010-12-05 13:59:07 ----A---- C:\WINDOWS\system32\control.exe
2010-12-05 13:59:07 ----A---- C:\WINDOWS\system32\conime.exe
2010-12-05 13:59:06 ----A---- C:\WINDOWS\system32\chkntfs.exe
2010-12-05 13:59:06 ----A---- C:\WINDOWS\system32\chkdsk.exe
2010-12-05 13:59:06 ----A---- C:\WINDOWS\system32\charmap.exe
2010-12-05 13:59:06 ----A---- C:\WINDOWS\system32\ChangeWallpaper.exe
2010-12-05 13:59:06 ----A---- C:\WINDOWS\system32\compact.exe
2010-12-05 13:59:06 ----A---- C:\WINDOWS\system32\comp.exe
2010-12-05 13:59:06 ----A---- C:\WINDOWS\system32\cmstp.exe
2010-12-05 13:59:06 ----A---- C:\WINDOWS\system32\cmmon32.exe
2010-12-05 13:59:06 ----A---- C:\WINDOWS\system32\cmdow.exe
2010-12-05 13:59:06 ----A---- C:\WINDOWS\system32\cmdl32.exe
2010-12-05 13:59:06 ----A---- C:\WINDOWS\system32\cmdhide.exe
2010-12-05 13:59:06 ----A---- C:\WINDOWS\system32\cmd.exe
2010-12-05 13:59:06 ----A---- C:\WINDOWS\system32\clipsrv.exe
2010-12-05 13:59:06 ----A---- C:\WINDOWS\system32\cliconfg.exe
2010-12-05 13:59:06 ----A---- C:\WINDOWS\system32\cleanmgr.exe
2010-12-05 13:59:06 ----A---- C:\WINDOWS\system32\ckcnv.exe
2010-12-05 13:59:06 ----A---- C:\WINDOWS\system32\cisvc.exe
2010-12-05 13:59:06 ----A---- C:\WINDOWS\system32\cipher.exe
2010-12-05 13:59:06 ----A---- C:\WINDOWS\system32\cidaemon.exe
2010-12-05 13:59:05 ----A---- C:\WINDOWS\system32\calc.exe
2010-12-05 13:59:05 ----A---- C:\WINDOWS\system32\cacls.exe
2010-12-05 13:59:05 ----A---- C:\WINDOWS\system32\bootvrfy.exe
2010-12-05 13:59:05 ----A---- C:\WINDOWS\system32\bootok.exe
2010-12-05 13:59:05 ----A---- C:\WINDOWS\system32\bootcfg.exe
2010-12-05 13:59:05 ----A---- C:\WINDOWS\system32\autolfn.exe
2010-12-05 13:59:05 ----A---- C:\WINDOWS\system32\autochk.exe
2010-12-05 13:59:05 ----A---- C:\WINDOWS\system32\autofmt.exe
2010-12-05 13:59:05 ----A---- C:\WINDOWS\system32\autoconv.exe
2010-12-05 13:59:05 ----A---- C:\WINDOWS\system32\auditusr.exe
2010-12-05 13:59:05 ----A---- C:\WINDOWS\system32\attrib.exe
2010-12-05 13:59:05 ----A---- C:\WINDOWS\system32\atmadm.exe
2010-12-05 13:59:05 ----A---- C:\WINDOWS\system32\at.exe
2010-12-05 13:59:05 ----A---- C:\WINDOWS\system32\asr_pfu.exe
2010-12-05 13:59:05 ----A---- C:\WINDOWS\system32\asr_ldm.exe
2010-12-05 13:59:05 ----A---- C:\WINDOWS\system32\asr_fmt.exe
2010-12-05 13:59:05 ----A---- C:\WINDOWS\system32\arp.exe
2010-12-05 13:59:04 ----A---- C:\WINDOWS\system32\ahui.exe
2010-12-05 13:59:04 ----A---- C:\WINDOWS\system32\actmovie.exe
2010-12-05 13:59:04 ----A---- C:\WINDOWS\system32\accwiz.exe
2010-12-05 13:59:04 ----A---- C:\WINDOWS\system32\7z.exe
2010-12-05 13:59:04 ----A---- C:\WINDOWS\system32\2apply.exe
2010-12-05 13:59:04 ----A---- C:\WINDOWS\system32\000StTHK.exe
2010-12-05 13:59:03 ----A---- C:\WINDOWS\SOUNDMAN.EXE
2010-12-05 13:59:02 ----A---- C:\WINDOWS\SkyTel.exe
2010-12-05 13:59:02 ----A---- C:\WINDOWS\RtlUpd.exe
2010-12-05 13:59:02 ----A---- C:\WINDOWS\RTLCPL.EXE
2010-12-05 13:59:01 ----A---- C:\WINDOWS\regedit.exe
2010-12-05 13:58:58 ----A---- C:\WINDOWS\NOTEPAD.EXE
2010-12-05 13:58:54 ----A---- C:\WINDOWS\MicCal.exe
2010-12-05 13:58:41 ----A---- C:\WINDOWS\hh.exe
2010-12-05 13:58:29 ----A---- C:\WINDOWS\ALCWZRD.EXE
2010-12-01 13:38:41 ----D---- C:\Users\Administrator\Application Data\Adobe
2010-11-30 14:51:02 ----D---- C:\Users\All Users\Application Data\Microsoft Help
2010-11-30 14:50:54 ----SHD---- C:\WINDOWS\Installer

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 ohci1394;OHCI Compliant IEEE 1394 Host Controller; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2009-03-08 61824]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2009-04-28 44944]
R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2010-09-27 691696]
R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver; C:\WINDOWS\system32\DRIVERS\Thpevm.SYS [2009-05-11 6528]
R0 TVALZ;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Driver; C:\WINDOWS\system32\DRIVERS\TVALZ.SYS [2007-02-15 16768]
R0 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R1 Tosrfcom;Bluetooth RFCOMM; C:\WINDOWS\System32\Drivers\tosrfcom.sys [2009-07-28 69480]
R1 VBoxDrv;VirtualBox Service; C:\WINDOWS\system32\DRIVERS\VBoxDrv.sys [2010-10-08 143184]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver; C:\WINDOWS\system32\DRIVERS\VBoxUSBMon.sys [2010-10-08 41936]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832]
R2 rspndr;Link-Layer Topology Discovery Responder; C:\WINDOWS\system32\DRIVERS\rspndr.sys [2009-03-08 62848]
R3 ApfiltrService;Alps Pointing-device Filter Driver; C:\WINDOWS\system32\DRIVERS\Apfiltr.sys [2008-02-06 166448]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2009-03-08 60800]
R3 e1yexpress;Intel(R) Gigabit Network Connections Driver; C:\WINDOWS\system32\DRIVERS\e1y5132.sys [2008-08-07 244368]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HECI;Intel(R) Management Engine Interface; C:\WINDOWS\system32\DRIVERS\HECI.sys [2008-06-19 40832]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 IFXTPM;IFXTPM; C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS [2007-01-23 36608]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-04-17 4707328]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 NETw5x32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows XP 32 Bit; C:\WINDOWS\system32\DRIVERS\NETw5x32.sys [2009-03-04 4202496]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2009-03-08 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2010-09-10 9586400]
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-13 79232]
R3 tosporte;Bluetooth COM Port; C:\WINDOWS\system32\DRIVERS\tosporte.sys [2009-06-17 46984]
R3 tosrfec;Bluetooth ACPI; C:\WINDOWS\system32\DRIVERS\tosrfec.sys [2010-06-18 15160]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
R3 xpvcom;XPVCOM Port; C:\WINDOWS\system32\DRIVERS\XPVCOM.sys [2007-03-23 30032]
S3 a8n1nqm9;a8n1nqm9; C:\WINDOWS\system32\drivers\a8n1nqm9.sys []
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 ENUM1394;%1394\031887&040892.DeviceDesc%; C:\WINDOWS\system32\DRIVERS\enum1394.sys [2001-08-17 6400]
S3 tosrfbd;Bluetooth RFBUS; C:\WINDOWS\system32\DRIVERS\tosrfbd.sys [2010-04-07 171240]
S3 tosrfbnp;Bluetooth RFBNEP; C:\WINDOWS\System32\Drivers\tosrfbnp.sys [2009-06-19 42472]
S3 Tosrfhid;Bluetooth RFHID; C:\WINDOWS\system32\DRIVERS\Tosrfhid.sys [2009-06-19 79872]
S3 tosrfnds;Bluetooth Personal Area Network; C:\WINDOWS\system32\DRIVERS\tosrfnds.sys [2009-07-24 21608]
S3 TosRfSnd;Bluetooth Audio; C:\WINDOWS\system32\drivers\tosrfsnd.sys [2009-08-10 59888]
S3 Tosrfusb;Bluetooth USB Controller; C:\WINDOWS\system32\DRIVERS\tosrfusb.sys [2010-05-13 50232]
S3 usb_rndisx;USB RNDIS Adapter; C:\WINDOWS\system32\DRIVERS\usb8023x.sys [2008-04-13 12800]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2009-03-08 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2009-03-08 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 MSSQL$SQLEXPRESS;SQL Server (SQLEXPRESS); c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2010-12-05 29260288]
R2 nvsvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2010-09-09 156776]
R2 SQLBrowser;SQL Server Browser; c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2010-12-05 237056]
R2 SQLWriter;SQL Server VSS Writer; c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2010-12-05 84480]
R2 TOSHIBA Bluetooth Service;TOSHIBA Bluetooth Service; C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe [2010-12-05 151552]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2010-12-05 28672]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2010-12-05 64000]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2010-12-05 36864]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2010-12-05 872448]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2010-12-05 438272]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-12-05 142336]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2010-12-05 917504]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 MSSQLServerADHelper;SQL Server Active Directory Helper; c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [2010-12-05 41984]
S4 msvsmon90;Visual Studio 2008 Remote Debugger; C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x86\msvsmon.exe [2010-12-05 2998784]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2010-12-05 122880]

-----------------EOF-----------------

Log zkopírujte standardně přes kopírovat/vložit, pokud se jedná o prostý text. Zkuste na to pustit nejprve trial Kasperského: http://www.kaspersky.com/downloads a pokuste se ty soubory vyléčit. Doporučuji udělat zálohu důležitých dat.

No super, na "uzivatelskej" particii mi Win32.Tenga.a zmenil asi vsetky .exe dokonca nejake javascripty a perlove skripty, dokopy 417. Na systemovej particii som to vzdal pri 700. Keby zmenil len systemove, tak je mi to jedno, ale ostatne fakt nemusel. Udajne aj po vylieceni nie su subory v poriadku.

Njn, smůla. Tenga je souborový vir, který se musí vyléčit (pokud lze), soubory nelze mazat, nejsou-li zálohovány. Nezbude vám, než oprava systému z instal. média, nebo reinstal. Věřte, že Kaspersky je to nejlepší, co jsme mohli použít. Speciální remover neexistuje.

Infikovane subory som zmazal z linuxu. Takyto agresivny virus som este na vlastnej kozi nezazil, tak ma to zaskocilo.
Dakujem za rady a pevne nervy s virusmi.

Nemáte zač!