Nelze spustit Microsoft Security, prosim o kontrolu logu

Zpráva

honzaboy2010 · #1 Příspěvek od **honzaboy2010** » 16 pro 2010 13:54

Logfile of random's system information tool 1.08 (written by random/random)
Run by jmlcek at 2010-12-16 13:40:58
Microsoft Windows 7 Professional
System drive C: has 279 GB (59%) free of 477 GB
Total RAM: 3580 MB (65% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:41:42, on 16.12.2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16700)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Windows\Uzocic.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\CounterPath\X-Lite\x-lite.exe
C:\Program Files\Ditto\Ditto.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\RelevantKnowledge\rlvknlg.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10d.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\jmlcek\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\44H5PEZZ\RSIT[1].exe
C:\Program Files\trend micro\jmlcek.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKCU\..\Run: [eyeBeam SIP Client] "C:\Program Files\CounterPath\X-Lite\x-lite.exe"
O4 - HKCU\..\Run: [Ditto] C:\Program Files\Ditto\Ditto.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [JP595IR86O] C:\Users\jmlcek\AppData\Local\Temp\Uhl.exe
O4 - HKCU\..\Run: [Z30KYPG3WS] C:\Users\jmlcek\AppData\Local\Temp\Uhj.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Acrobat Synchronizer.lnk = C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~1\Office14\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O16 - DPF: {BF17C411-9ADA-4C73-B12C-BD814BDE187F} (ScheduleServices.CtlScheduleServices) - https://training.partner.microsoft.com/ ... rvices.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: RelevantKnowledge - TMRG, Inc. - C:\Program Files\RelevantKnowledge\rlservice.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: TgbIke Starter - TheGreenBow - C:\Windows\system32\TgbStarter.exe

--
End of file - 11580 bytes

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\PEVP.job
C:\Windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
C:\Windows\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL [2010-03-25 4222864]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18 403840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
Adobe PDF Conversion Toolbar Helper - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2006-10-22 321120]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL [2010-02-28 561552]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2006-10-22 321120]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Apoint"=C:\Program Files\DellTPad\Apoint.exe [2009-01-23 217088]
"QuickSet"=C:\Program Files\Dell\QuickSet\QuickSet.exe [2008-08-27 1662032]
"VirtualCloneDrive"=C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [2009-06-17 85160]
"Windows Mobile Device Center"=C:\Windows\WindowsMobile\wmdc.exe [2007-05-31 648072]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2008-08-29 61440]
"WinampAgent"=C:\Program Files\Winamp\winampa.exe [2010-07-12 74752]
"AdobeAAMUpdater-1.0"=C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-03-06 500208]
"SwitchBoard"=C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
"AdobeCS5ServiceManager"=C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [2010-02-22 406992]
"Acrobat Assistant 8.0"=C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe [2006-10-22 620152]
""= []
"BCSSync"=C:\Program Files\Microsoft Office\Office14\BCSSync.exe [2010-03-13 91520]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-09-23 35760]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-09-20 932288]
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2007-03-01 153136]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2010-09-08 421888]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2010-11-17 421160]
"avast5"=C:\Program Files\Alwil Software\Avast5\avastUI.exe [2010-09-07 2838912]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"eyeBeam SIP Client"=C:\Program Files\CounterPath\X-Lite\x-lite.exe [2010-01-04 23941120]
"Ditto"=C:\Program Files\Ditto\Ditto.exe [2009-08-16 716800]
"AdobeBridge"= []
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2007-06-27 152872]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2010-12-03 14944136]
"JP595IR86O"=C:\Users\jmlcek\AppData\Local\Temp\Uhl.exe []
"Z30KYPG3WS"=C:\Users\jmlcek\AppData\Local\Temp\Uhj.exe [2010-12-16 377344]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Adobe Acrobat Speed Launcher.lnk - C:\Windows\Installer\{AC76BA86-1033-F400-7760-000000000003}\_SC_Acrobat.exe
Adobe Acrobat Synchronizer.lnk - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL [2010-03-25 4222864]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2010-12-16 13:40:58 ----D---- C:\rsit
2010-12-16 13:40:58 ----D---- C:\Program Files\trend micro
2010-12-16 13:29:08 ----A---- C:\Windows\Uzocic.exe
2010-12-16 12:16:42 ----A---- C:\Windows\system32\drivers\aswSP.sys
2010-12-16 12:16:42 ----A---- C:\Windows\system32\drivers\aswFsBlk.sys
2010-12-16 12:16:40 ----A---- C:\Windows\system32\drivers\aswRdr.sys
2010-12-16 12:16:39 ----A---- C:\Windows\system32\drivers\aswTdi.sys
2010-12-16 12:16:37 ----A---- C:\Windows\system32\drivers\aswMonFlt.sys
2010-12-16 12:16:20 ----A---- C:\Windows\system32\aswBoot.exe
2010-12-16 12:16:17 ----D---- C:\ProgramData\Alwil Software
2010-12-16 12:16:17 ----D---- C:\Program Files\Alwil Software
2010-12-16 12:12:06 ----A---- C:\Windows\system32\drivers\mwlapkvrd.sys
2010-12-16 11:58:06 ----A---- C:\Windows\Uzocib.exe
2010-12-16 11:20:57 ----D---- C:\ProgramData\GoldWave
2010-12-16 11:04:10 ----A---- C:\Users\jmlcek\AppData\Roaming\google__u1[s7_7]rk-h.tmp
2010-12-16 11:04:09 ----A---- C:\Users\jmlcek\AppData\Roaming\google_u1[s7_7]rk-h.tmp
2010-12-16 11:04:01 ----RSH---- C:\Program Files\winlogon.exe
2010-12-16 11:03:47 ----A---- C:\Windows\Uzocia.exe
2010-12-16 11:03:36 ----RASH---- C:\Windows\system32\imapic.dll
2010-12-16 09:54:41 ----A---- C:\Windows\system32\tzres.dll
2010-12-16 09:54:37 ----A---- C:\Windows\system32\iertutil.dll
2010-12-16 09:54:36 ----A---- C:\Windows\system32\mstime.dll
2010-12-16 09:54:36 ----A---- C:\Windows\system32\mshtml.dll
2010-12-16 09:54:35 ----A---- C:\Windows\system32\ieframe.dll
2010-12-16 09:54:34 ----A---- C:\Windows\system32\wininet.dll
2010-12-16 09:54:34 ----A---- C:\Windows\system32\urlmon.dll
2010-12-16 09:54:33 ----A---- C:\Windows\system32\mshtmled.dll
2010-12-16 09:54:33 ----A---- C:\Windows\system32\msfeedssync.exe
2010-12-16 09:54:33 ----A---- C:\Windows\system32\msfeedsbs.dll
2010-12-16 09:54:33 ----A---- C:\Windows\system32\msfeeds.dll
2010-12-16 09:54:33 ----A---- C:\Windows\system32\licmgr10.dll
2010-12-16 09:54:33 ----A---- C:\Windows\system32\jsproxy.dll
2010-12-16 09:54:33 ----A---- C:\Windows\system32\ieui.dll
2010-12-16 09:54:33 ----A---- C:\Windows\system32\iepeers.dll
2010-12-16 09:54:33 ----A---- C:\Windows\system32\iedkcs32.dll
2010-12-16 09:54:29 ----A---- C:\Windows\system32\wmicmiplugin.dll
2010-12-16 09:54:29 ----A---- C:\Windows\system32\taskschd.dll
2010-12-16 09:54:29 ----A---- C:\Windows\system32\schedsvc.dll
2010-12-16 09:54:28 ----A---- C:\Windows\system32\taskeng.exe
2010-12-16 09:54:28 ----A---- C:\Windows\system32\taskcomp.dll
2010-12-16 09:54:28 ----A---- C:\Windows\system32\schtasks.exe
2010-12-16 09:54:27 ----A---- C:\Windows\system32\atmlib.dll
2010-12-16 09:54:27 ----A---- C:\Windows\system32\atmfd.dll
2010-12-16 09:54:26 ----A---- C:\Windows\system32\webio.dll
2010-12-16 09:54:25 ----A---- C:\Windows\system32\consent.exe
2010-12-16 09:54:24 ----A---- C:\Windows\system32\win32k.sys
2010-12-15 16:23:22 ----D---- C:\Program Files\avsysinfo
2010-12-15 16:23:14 ----A---- C:\Windows\system32\unicows.dll
2010-12-15 16:23:14 ----A---- C:\Windows\system32\pthreadGC2.dll
2010-12-15 16:23:14 ----A---- C:\Windows\system32\ff_vfw.dll.manifest
2010-12-15 16:23:14 ----A---- C:\Windows\system32\ff_vfw.dll
2010-12-15 16:23:11 ----D---- C:\Program Files\Cucusoft
2010-12-15 11:21:45 ----D---- C:\Users\jmlcek\AppData\Roaming\GetRightToGo
2010-12-14 16:35:31 ----RD---- C:\Program Files\Skype
2010-12-14 13:35:45 ----D---- C:\Users\jmlcek\AppData\Roaming\Thunderbird
2010-12-13 07:21:07 ----D---- C:\Program Files\MozBackup
2010-12-06 19:08:40 ----D---- C:\Program Files\Mozilla Thunderbird
2010-12-02 17:04:54 ----A---- C:\Windows\system32\GEARAspi.dll
2010-12-02 17:04:54 ----A---- C:\Windows\system32\drivers\GEARAspiWDM.sys
2010-12-02 17:04:04 ----D---- C:\Program Files\iPod
2010-12-02 17:04:02 ----D---- C:\Program Files\iTunes
2010-12-02 17:02:52 ----D---- C:\Program Files\QuickTime
2010-12-02 17:01:58 ----D---- C:\Program Files\Apple Software Update

======List of files/folders modified in the last 1 months======

2010-12-16 13:40:58 ----RD---- C:\Program Files
2010-12-16 13:40:35 ----D---- C:\Windows\system32\drivers
2010-12-16 13:40:30 ----D---- C:\Windows\Temp
2010-12-16 13:39:32 ----D---- C:\Users\jmlcek\AppData\Roaming\Ditto
2010-12-16 13:35:38 ----D---- C:\Windows\system32\config
2010-12-16 13:34:10 ----D---- C:\Users\jmlcek\AppData\Roaming\Skype
2010-12-16 13:33:14 ----D---- C:\Windows\Tasks
2010-12-16 13:29:14 ----D---- C:\Windows\system32\Tasks
2010-12-16 13:29:08 ----D---- C:\Windows
2010-12-16 12:16:36 ----SHD---- C:\Windows\Installer
2010-12-16 12:16:30 ----D---- C:\Windows\winsxs
2010-12-16 12:16:20 ----D---- C:\Windows\System32
2010-12-16 12:16:17 ----HD---- C:\ProgramData
2010-12-16 12:10:52 ----D---- C:\Windows\Prefetch
2010-12-16 12:09:15 ----D---- C:\Windows\system32\migration
2010-12-16 12:09:15 ----D---- C:\Windows\system32\en-US
2010-12-16 12:09:15 ----D---- C:\Program Files\Windows Mail
2010-12-16 12:09:15 ----D---- C:\Program Files\Internet Explorer
2010-12-16 12:00:09 ----D---- C:\ProgramData\Microsoft Help
2010-12-16 11:59:32 ----D---- C:\Windows\system32\catroot
2010-12-16 11:59:29 ----A---- C:\Windows\system32\MRT.exe
2010-12-16 11:20:07 ----D---- C:\! Home
2010-12-16 11:02:36 ----D---- C:\Users\jmlcek\AppData\Roaming\uTorrent
2010-12-16 09:54:12 ----D---- C:\Windows\system32\catroot2
2010-12-15 17:15:05 ----D---- C:\Program Files\Mozilla Firefox
2010-12-15 12:18:28 ----SHD---- C:\System Volume Information
2010-12-15 10:15:00 ----D---- C:\Program Files\RelevantKnowledge
2010-12-14 16:33:55 ----D---- C:\Program Files\Common Files
2010-12-14 16:06:18 ----D---- C:\Users\jmlcek\AppData\Roaming\skypePM
2010-12-13 10:37:09 ----D---- C:\ProgramData\Skype
2010-12-13 10:16:00 ----D---- C:\Users\jmlcek\AppData\Roaming\AFMDir
2010-12-05 21:19:22 ----D---- C:\Program Files\Seznam.cz
2010-12-05 21:19:05 ----D---- C:\Program Files\rajce
2010-12-05 19:47:45 ----D---- C:\Program Files\AVS4YOU
2010-12-05 19:47:22 ----D---- C:\Program Files\Common Files\AVSMedia
2010-12-05 17:25:39 ----D---- C:\Windows\inf
2010-12-05 17:25:39 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-12-02 17:05:20 ----D---- C:\Users\jmlcek\AppData\Roaming\ICQ
2010-12-02 17:05:05 ----D---- C:\Program Files\ICQ7.0
2010-12-02 17:04:54 ----DC---- C:\Windows\system32\DRVSTORE
2010-12-02 17:04:02 ----D---- C:\Program Files\Common Files\Apple
2010-12-02 17:02:52 ----D---- C:\ProgramData\Apple Computer
2010-12-02 17:01:50 ----D---- C:\Windows\system32\DriverStore
2010-12-02 17:01:08 ----D---- C:\Program Files\Bonjour
2010-11-17 13:17:03 ----D---- C:\Program Files\Microsoft Games for Windows - LIVE
2010-11-17 13:16:41 ----D---- C:\Program Files\Common Files\microsoft shared

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2009-07-14 173648]
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr.sys [2010-09-07 23376]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2010-09-07 165584]
R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2010-09-07 46672]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2009-07-14 387584]
R1 ElbyCDIO;ElbyCDIO Driver; C:\Windows\System32\Drivers\ElbyCDIO.sys [2009-12-17 26024]
R1 MpFilter;Microsoft Malware Protection Driver; C:\Windows\system32\DRIVERS\MpFilter.sys [2010-03-25 151216]
R1 NdisTgb;TheGreenBow NDIS filter driver; C:\Windows\system32\DRIVERS\ndistgb.sys [2009-06-23 25584]
R1 vmm;Virtual Machine Monitor; \??\C:\Windows\system32\Drivers\vmm.sys [2010-03-09 229208]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 48128]
R2 aswFsBlk;aswFsBlk; C:\Windows\system32\drivers\aswFsBlk.sys [2010-09-07 17744]
R2 aswMonFlt;aswMonFlt; \??\C:\Windows\system32\drivers\aswMonFlt.sys [2010-09-07 50768]
R3 ApfiltrService;Alps Touch Pad Filter Driver for Windows 2000/XP/Vista; C:\Windows\system32\DRIVERS\Apfiltr.sys [2009-02-05 192048]
R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2009-08-18 4994560]
R3 BCM43XX;Broadcom 802.11 Network Adapter Driver; C:\Windows\system32\DRIVERS\bcmwl6.sys [2009-07-08 2506232]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 OA009Ufd;Creative Camera OA009 Upper Filter Driver; C:\Windows\system32\DRIVERS\OA009Ufd.sys [2008-06-03 144672]
R3 OA009Vid;Creative Camera OA009 Function Driver; C:\Windows\system32\DRIVERS\OA009Vid.sys [2008-08-25 269216]
R3 VClone;VClone; C:\Windows\system32\DRIVERS\VClone.sys [2009-08-09 29696]
R3 VPCNetS2;Virtual Machine Network Services Driver; C:\Windows\system32\DRIVERS\VMNetSrv.sys [2007-01-29 59280]
S1 TgbHook;TgbHook; C:\Windows\System32\Drivers\vistahook.sys [2009-06-23 17904]
S1 TgbIpSec;TgbIpSec; C:\Windows\System32\Drivers\dfiltervpn.sys [2009-06-23 102384]
S2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]
S3 amdagp;AMD AGP Bus Filter Driver; C:\Windows\system32\DRIVERS\amdagp.sys [2009-07-14 53312]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-13 229888]
S3 cpuz130;cpuz130; \??\C:\Users\jmlcek\AppData\Local\Temp\cpuz130\cpuz_x32.sys []
S3 MpNWMon;Microsoft Malware Protection Network Driver; C:\Windows\system32\DRIVERS\MpNWMon.sys [2010-03-25 42368]
S3 Netaapl;Apple Mobile Device Ethernet Service; C:\Windows\system32\DRIVERS\netaapl.sys [2010-04-19 18432]
S3 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [2009-07-14 12368]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2009-07-14 133120]
S3 s3cap;s3cap; C:\Windows\system32\DRIVERS\vms3cap.sys [2009-07-14 5632]
S3 sisagp;SIS AGP Bus Filter; C:\Windows\system32\DRIVERS\sisagp.sys [2009-07-14 52304]
S3 storvsc;storvsc; C:\Windows\system32\DRIVERS\storvsc.sys [2009-07-14 28224]
S3 usb_rndisx;USB RNDIS Adapter; C:\Windows\system32\DRIVERS\usb8023x.sys [2009-07-14 15872]
S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2010-09-28 41984]
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2009-07-14 35840]
S3 viaagp;VIA AGP Bus Filter; C:\Windows\system32\DRIVERS\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]
S3 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\DRIVERS\vmbus.sys [2009-07-14 175824]
S3 VMBusHID;VMBusHID; C:\Windows\system32\DRIVERS\VMBusHID.sys [2009-07-14 17920]
S3 WinUsb;WinUsb Driver; C:\Windows\system32\DRIVERS\WinUsb.sys [2009-07-14 34944]
S4 RsFx0150;RsFx0150 Driver; C:\Windows\system32\DRIVERS\RsFx0150.sys [2010-04-03 240608]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2009-08-18 176128]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2010-10-16 37664]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-09-07 40384]
R2 BcmSqlStartupSvc;Business Contact Manager SQL Server Startup Service; C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe [2008-01-11 30312]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2010-10-07 345376]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [2006-10-26 335872]
R2 MSSQL$SQLEXPRESS;SQL Server (SQLEXPRESS); c:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe [2009-05-27 29262680]
R2 MSSQLSERVER;SQL Server (MSSQLSERVER); c:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\sqlservr.exe [2010-04-03 42884448]
R2 RapiMgr;@%windir%\WindowsMobile\rapimgr.dll,-104; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R2 RelevantKnowledge;RelevantKnowledge; C:\Program Files\RelevantKnowledge\rlservice.exe [2010-11-08 107136]
R2 SQLBrowser;SQL Server Browser; c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2010-04-03 267616]
R2 SQLWriter;SQL Server VSS Writer; c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2010-04-03 97632]
R2 TgbIke Starter;TgbIke Starter; C:\Windows\system32\TgbStarter.exe [2009-06-23 129520]
R2 WcesComm;@%windir%\WindowsMobile\wcescomm.dll,-40079; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-08-18 1529728]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-09-07 40384]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-09-07 40384]
R3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2010-09-03 654848]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2010-11-17 820008]
R3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ); c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2009-05-27 29262680]
R3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-06-27 279848]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-09-02 136176]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2010-03-18 35160]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-12-22 136120]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service; C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-06-29 800040]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 SwitchBoard;SwitchBoard; C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2010-05-27 1343400]
S4 MsMpSvc;Microsoft Antimalware Service; c:\Program Files\Microsoft Security Essentials\MsMpEng.exe [2010-03-25 17904]
S4 MSSQLServerADHelper;SQL Server Active Directory Helper; c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [2008-11-24 45408]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service; c:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2010-04-03 44896]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 SQLSERVERAGENT;SQL Server Agent (MSSQLSERVER); c:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\SQLAGENT.EXE [2010-04-03 367456]

-----------------EOF-----------------

#2 Příspěvek od **vyosek** » 16 pro 2010 14:11

Zdravim a pekny den preji

Mate tam Avast tak proc davat dalsi antivir - to je leda tak na skodu a na p*user - nestabilita systemu

Ale haveti tam je pozehnane

Stahnete RKill http://download.bleepingcomputer.com/grinler/rkill.com

Pokud ho havet blokuje, pouzijte jeden z nasledujicich
motji píše: Rkill EXE:
http://download.bleepingcomputer.com/grinler/rkill.exe

Rkill SCR:
http://download.bleepingcomputer.com/grinler/rkill.scr

Rkill PIF:
http://download.bleepingcomputer.com/grinler/rkill.pif
Ulozte nejlepena plochu a ukoncete vsechny aplikace (jinak to udela RKill za Vas)
Spustte tradicne dvojklikem - program probehne temer okamzite a ukonci i svou cinnost
RKill ukonci vsechny ne-systemove procesy - tedy i procesy, pod kterymi bezi havet
V zadnem pripade ted nerestartujte PC - prisli byste o ucinek RKillu

PROSIM CTETE DUKLADNE NAVOD - TATO UTILITA MA VELKOU SCHOPNOST MAZAT A JE NUTNE JI APLIKOVAT JEN NA DOPORUCENI, JINAK VAM MUZE JIT SYSTEM DO KYTEK

Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.
Pokud mate Win XP spustte pod uctem Spravce\Administratora
Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte
Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix

honzaboy2010 · #3 Příspěvek od **honzaboy2010** » 16 pro 2010 14:32

Avast jsem nainstaloval az po problemu, WSE neslo spustit, proto jsem Pouzil Avast scan.
Rkill mi hodil modrou obrazovku s tim ze system bude ukoncen, to se opakovalo 2x. Nyni jsem v safe modu bez konektivity a pisi z mobilniho telefonu.

#4 Příspěvek od **vyosek** » 16 pro 2010 15:12

Nedostanete se ani do nouzaku s praci v siti

RKill tedy vynechejte - asi je hodne naboren system - kdyz tohle dela, mel by jen ukoncit bezici ne-systemove procesy...

Aplikujte ComboFix

honzaboy2010 · #5 Příspěvek od **honzaboy2010** » 16 pro 2010 16:16

Nouzovy s praci v siti funguje, pristup na internet ale ne. Zkusim combofix

#6 Příspěvek od **vyosek** » 16 pro 2010 16:21

Je mozne ze jej havet blokla, jelikoz je ji tam opravdu hodne...uvidime co CF provede...

honzaboy2010 · #7 Příspěvek od **honzaboy2010** » 16 pro 2010 17:37

ComboFix 10-12-15.07 - jmlcek 16.12.2010 16:55:16.1.2 - x86 NETWORK
Microsoft Windows 7 Professional 6.1.7600.0.1250.420.1033.18.3580.3153 [GMT 1:00]
Spuštěný z: c:\users\jmlcek\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {BF5CEBDC-F2D3-7540-343C-F0CE11FD6E66}
SP: Microsoft Security Essentials *Enabled/Updated* {043D0A38-D4E9-7ACE-0E8C-CBBC6A7A24DB}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\RelevantKnowledge
c:\program files\RelevantKnowledge\MSVCP71.DLL
c:\program files\RelevantKnowledge\MSVCR71.DLL
c:\program files\RelevantKnowledge\nscf.dat
c:\program files\RelevantKnowledge\rlls.dll
c:\program files\RelevantKnowledge\rlls64.dll
c:\program files\RelevantKnowledge\rloci.bin
c:\program files\RelevantKnowledge\rlservice.exe
c:\program files\RelevantKnowledge\rlvknlg.exe
c:\program files\RelevantKnowledge\rlvknlg64.exe
c:\program files\winlogon.exe
c:\users\jmlcek\AppData\Roaming\google__u1[s7_7]rk-h.tmp
c:\users\jmlcek\AppData\Roaming\Microsoft\~DFKfbb24b1.tmp
c:\users\jmlcek\AppData\Roaming\Microsoft\1eaadjc.dll
c:\users\jmlcek\AppData\Roaming\Microsoft\bass.dll
c:\users\jmlcek\AppData\Roaming\Microsoft\kfgresk.dll
c:\users\jmlcek\AppData\Roaming\Microsoft\mjcriu.dll
c:\users\jmlcek\AppData\Roaming\Microsoft\peaadje.dll
c:\users\jmlcek\AppData\Roaming\Microsoft\qwadjb.dll
c:\users\jmlcek\AppData\Roaming\Microsoft\rsaadjd.dll
c:\windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_RelevantKnowledge

((((((((((((((((((((((((( Soubory vytvořené od 2010-11-16 do 2010-12-16 )))))))))))))))))))))))))))))))
.

2010-12-16 16:00 . 2010-12-16 16:05 -------- d-----w- c:\users\jmlcek\AppData\Local\temp
2010-12-16 16:00 . 2010-12-16 16:00 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-12-16 13:48 . 2010-12-16 13:48 -------- d-----w- c:\users\jmlcek\AppData\Local\ElevatedDiagnostics
2010-12-16 13:42 . 2010-12-16 11:11 377344 ----a-w- c:\windows\Uzocie.exe
2010-12-16 13:22 . 2010-12-16 11:11 377344 ----a-w- c:\windows\Uzocid.exe
2010-12-16 12:40 . 2010-12-16 12:41 -------- d-----w- C:\rsit
2010-12-16 12:40 . 2010-12-16 12:41 -------- d-----w- c:\program files\trend micro
2010-12-16 12:29 . 2010-12-16 11:11 377344 ----a-w- c:\windows\Uzocic.exe
2010-12-16 11:16 . 2010-09-07 15:52 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-12-16 11:16 . 2010-09-07 15:47 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-12-16 11:16 . 2010-09-07 15:47 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-12-16 11:16 . 2010-09-07 15:52 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-12-16 11:16 . 2010-09-07 15:47 50768 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2010-12-16 11:16 . 2010-09-07 16:12 38848 ----a-w- c:\windows\avastSS.scr
2010-12-16 11:16 . 2010-09-07 16:11 167592 ----a-w- c:\windows\system32\aswBoot.exe
2010-12-16 11:16 . 2010-12-16 11:16 -------- d-----w- c:\programdata\Alwil Software
2010-12-16 11:16 . 2010-12-16 11:16 -------- d-----w- c:\program files\Alwil Software
2010-12-16 10:58 . 2010-12-16 10:04 377344 ----a-w- c:\windows\Uzocib.exe
2010-12-16 10:20 . 2010-12-16 10:20 -------- d-----w- c:\programdata\GoldWave
2010-12-16 10:04 . 2010-12-16 10:04 9 ----a-w- c:\users\jmlcek\AppData\Roaming\google_u1[s7_7]rk-h.tmp
2010-12-16 10:03 . 2010-12-16 10:03 377344 ----a-w- c:\windows\Uzocia.exe
2010-12-16 10:03 . 2010-12-16 10:03 54272 --sha-r- c:\windows\system32\imapic.dll
2010-12-15 15:23 . 2010-12-15 15:23 -------- d-----w- c:\program files\avsysinfo
2010-12-15 15:23 . 2008-12-18 00:22 57344 ----a-w- c:\windows\system32\ff_vfw.dll
2010-12-15 15:23 . 2008-06-15 20:13 6144 ----a-w- c:\windows\system32\ff_acm.acm
2010-12-15 15:23 . 2008-06-15 09:01 60273 ----a-w- c:\windows\system32\pthreadGC2.dll
2010-12-15 15:23 . 2008-06-15 09:01 258352 ----a-w- c:\windows\system32\unicows.dll
2010-12-15 15:23 . 2003-03-30 19:08 372736 ----a-w- c:\windows\system32\xvid.ax
2010-12-15 15:23 . 2003-03-25 05:49 98304 ----a-w- c:\windows\system32\L3CODECX.AX
2010-12-15 15:23 . 2010-12-15 15:23 -------- d-----w- c:\program files\Cucusoft
2010-12-15 10:21 . 2010-12-15 15:23 -------- d-----w- c:\users\jmlcek\AppData\Roaming\GetRightToGo
2010-12-15 09:00 . 2010-11-10 04:33 6273872 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E17093ED-018C-4326-AED3-8FF93CA65409}\mpengine.dll
2010-12-14 15:35 . 2010-12-14 15:35 -------- d-----r- c:\program files\Skype
2010-12-14 12:35 . 2010-12-16 08:59 -------- d-----w- c:\users\jmlcek\AppData\Local\Thunderbird
2010-12-14 12:35 . 2010-12-14 12:35 -------- d-----w- c:\users\jmlcek\AppData\Roaming\Thunderbird
2010-12-06 18:08 . 2010-12-09 15:33 -------- d-----w- c:\program files\Mozilla Thunderbird
2010-12-02 16:04 . 2009-05-18 12:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-12-02 16:04 . 2008-04-17 11:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2010-12-02 16:04 . 2010-12-02 16:04 -------- d-----w- c:\program files\iPod
2010-12-02 16:04 . 2010-12-02 16:04 -------- d-----w- c:\program files\iTunes
2010-12-02 16:01 . 2010-12-02 16:01 -------- d-----w- c:\program files\Apple Software Update
2010-11-24 08:38 . 2010-10-19 08:10 7680 ----a-w- c:\program files\Internet Explorer\iecompat.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-10 04:33 . 2010-01-11 11:53 6273872 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2010-10-19 20:51 . 2010-01-08 10:41 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-10-14 00:36 . 2010-10-14 00:36 15451288 ----a-w- c:\windows\system32\xlive.dll
2010-10-14 00:36 . 2010-10-14 00:36 13642904 ----a-w- c:\windows\system32\xlivefnt.dll
2010-10-07 11:23 . 2010-10-07 11:23 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-10-07 11:23 . 2010-10-07 11:23 75040 ----a-w- c:\windows\system32\jdns_sd.dll
2010-10-07 11:23 . 2010-10-07 11:23 197920 ----a-w- c:\windows\system32\dnssdX.dll
2010-10-07 11:23 . 2010-10-07 11:23 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-09-28 14:44 . 2010-09-28 14:44 41984 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2010-09-28 14:44 . 2010-09-28 14:44 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"eyeBeam SIP Client"="c:\program files\CounterPath\X-Lite\x-lite.exe" [2010-01-04 23941120]
"Ditto"="c:\program files\Ditto\Ditto.exe" [2009-08-16 716800]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-12-03 14944136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2009-01-23 217088]
"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-06-17 85160]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2010-07-12 74752]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2006-10-22 620152]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-11-17 421160]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-F400-7760-000000000003}\_SC_Acrobat.exe [2010-9-16 295606]
Adobe Acrobat Synchronizer.lnk - c:\program files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe [2006-10-22 734872]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0aswBoot.exe /M:3a93d62c7

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-09-02 136176]
R3 cpuz130;cpuz130;c:\users\jmlcek\AppData\Local\Temp\cpuz130\cpuz_x32.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-03-25 42368]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl.sys [2010-04-19 18432]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-27 1343400]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2010-04-03 44896]
R4 RsFx0150;RsFx0150 Driver;c:\windows\system32\DRIVERS\RsFx0150.sys [2010-04-03 240608]
S1 aswSP;aswSP; [x]
S1 NdisTgb;TheGreenBow NDIS filter driver;c:\windows\system32\DRIVERS\ndistgb.sys [2009-06-23 25584]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-08-18 176128]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-09-07 50768]
S2 TgbIke Starter;TgbIke Starter;c:\windows\system32\TgbStarter.exe [2009-06-23 129520]
S3 OA009Ufd;Creative Camera OA009 Upper Filter Driver;c:\windows\system32\DRIVERS\OA009Ufd.sys [2008-06-03 144672]
S3 OA009Vid;Creative Camera OA009 Function Driver;c:\windows\system32\DRIVERS\OA009Vid.sys [2008-08-25 269216]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-09-28 315392]

--- Ostatní služby/ovladače v paměti ---

*Deregistered* - mwlapkvrd
*Deregistered* - TgbHook
*Deregistered* - TgbIpSec

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
Obsah adresáře 'Naplánované úlohy'

2010-12-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-02 15:18]

2010-12-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-02 15:18]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://start.icq.com/
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~1\Office14\ONBttnIE.dll/105
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
FF - ProfilePath - c:\users\jmlcek\AppData\Roaming\Mozilla\Firefox\Profiles\bnuskcqc.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.cz/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.0&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: 20-20 3D Viewer: 2020Player@2020Technologies.com - %profile%\extensions\2020Player@2020Technologies.com
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

HKCU-Run-AdobeBridge - (no file)
AddRemove-{d08d9f98-1c78-4704-87e6-368b0023d831} - c:\program files\RelevantKnowledge\rlvknlg.exe

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.1.7600 Disk: Hitachi_HTS545050B9A300 rev.PB4OC63G -> Harddisk0\DR0 -> \Device\Ide\IdePort0 P0T0L0-0

device: opened successfully
user: MBR read successfully

Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x8694C555]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x869527b0]; MOV EAX, [0x8695282c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 ntkrnlpa!IofCallDriver[0x82C3E458] -> \Device\Harddisk0\DR0[0x8692E030]
3 CLASSPNP[0x8CA6559E] -> ntkrnlpa!IofCallDriver[0x82C3E458] -> [0x86D2C348]
\Driver\atapi[0x8692F9A0] -> IRP_MJ_CREATE -> 0x8694C555
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; PUSHA ; MOV CX, 0x132; MOV BP, 0x62a; ROR BYTE [BP+0x0], CL; INC BP; }
detected disk devices:
\Device\Ide\IdeDeviceP0T0L0-0 -> \??\IDE#DiskHitachi_HTS545050B9A300_________________PB4OC63G#5&1a70c3a&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
user != kernel MBR !!!
Warning: possible TDL4 rootkit infection !
TDL4 rootkit infection detected ! Use: "mbr.exe -f" to fix.

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\mwlapkvrd]

.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'Explorer.exe'(12360)
c:\program files\Microsoft Virtual PC\VPCShExH.DLL
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\atieclxx.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\windows\system32\rundll32.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\program files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe
c:\program files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\sqlservr.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Celkový čas: 2010-12-16 17:15:37 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-12-16 16:15

Před spuštěním: 292 779 581 440 bytes free
Po spuštění: 296 201 351 168 bytes free

- - End Of File - - DD3174921DC57E826CCDF80A40A662BF

#8 Příspěvek od **vyosek** » 16 pro 2010 20:14

Stahnete MBR na plochu http://www2.gmer.net/mbr/mbr.exe

Kliknete na Start a pote Spustit, pripadne pouzijte klavesou zkratku Win+R

Vyskoci na Vas okenko, do ktereho zkopirujte text nize
Kód: Vybrat vše
```
"%userprofile%\Desktop\mbr" -f
```
Kliknete na OK

Pokud nemate, tak presunte Combofix na plochu

Spustte poznamkovy blok (Start-spustit-notepad)
Zkopirujte skript nize

Kód: Vybrat vše

KillAll::

Collect::
c:\windows\Uzocie.exe
c:\windows\Uzocid.exe
c:\windows\Uzocic.exe
c:\windows\Uzocib.exe
c:\windows\Uzocia.exe

File::
c:\users\jmlcek\AppData\Roaming\google_u1[s7_7]rk-h.tmp
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat Synchronizer.lnk
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=-
"Skype"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinampAgent"=-
"AdobeAAMUpdater-1.0"=-
"SwitchBoard"=-
"AdobeCS5ServiceManager"=-
"Acrobat Assistant 8.0"=-
"Adobe Reader Speed Launcher"=-
"Adobe ARM"=-
"NeroFilterCheck"=-
"QuickTime Task"=-
"iTunesHelper"=-

Driver::
mwlapkvrd
TgbHook
TgbIpSec

DDS::
uStart Page = hxxp://start.icq.com/

Firefox::
FF - ProfilePath - c:\users\jmlcek\AppData\Roaming\Mozilla\Firefox\Profiles\bnuskcqc.default\
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_result ... 2.0.0.0&q=

RegLock::
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

Ulozte vytvoreny TXT jako CFScript.txt
Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte

Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci

Stahnete SPTD http://www.duplexsecure.com/en/downloads

Vyberte z uvedene stranky verzi dle sveho operacniho systemu (32(x86)bit ci 64(x64)bit)
Ulozte na plochu a spustte
Zvolte moznost Uninstall a restartujte PC - pokud nepujde kliknout (tlacitko bude sede), krok preskocte

Stahnete Defogger http://www.jpshortstuff.247fixes.com/Defogger.exe

Ulozte na plochu a spustte
Kliknete na Disable a restartujte PC - pokud nepujde kliknout (tlacitko bude sede), krok preskocte

Kliknete na Start a pote Spustit, pripadne pouzijte klavesou zkratku Win+R

Vyskoci na Vas okenko, do ktereho zkopirujte text nize
Kód: Vybrat vše
```
"%userprofile%\Desktop\mbr" -t
```
Kliknete na OK
Na plose se Vam vytvori log s nazvem mbr.txt, jeho obsah mi sem vlozte

honzaboy2010 · #9 Příspěvek od **honzaboy2010** » 17 pro 2010 10:14

Dobry den, pokusim se popsat co se stalo.
MBR probehlo viz log:

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.1.7600 Disk: Hitachi_HTS545050B9A300 rev.PB4OC63G -> Harddisk0\DR0 -> \Device\Ide\IdePort0 P0T0L0-0

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
detected disk devices:
\Device\Ide\IdeDeviceP0T0L0-0 -> \??\IDE#DiskHitachi_HTS545050B9A300_________________PB4OC63G#5&1a70c3a&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
user != kernel MBR !!!
sectors 976773166 (+255): user != kernel

Spustil jsem ComboFix se skriptem podle navodu. CF se rozbehl a nalezl rootkit a restartoval pc. Po restartu nabehl CF znovu a zacal normalne pracovat. U faze cislo 3 nastala "modra smrt". Log nebyl vygenerovan.
SPTD nelze spustit, hlasi ze neni platna Win32 aplikace.
Deffoger probehl po te restart.
MBR probehl viz log:

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.1.7600 Disk: Hitachi_HTS545050B9A300 rev.PB4OC63G -> Harddisk0\DR0 -> \Device\Ide\IdePort0 P0T0L0-0

device: opened successfully
user: MBR read successfully

Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x86964555]<<
1 ntkrnlpa!IofCallDriver[0x82C81458] -> \Device\Harddisk0\DR0[0x86942030]
3 CLASSPNP[0x8C7BB59E] -> ntkrnlpa!IofCallDriver[0x82C81458] -> [0x86DE12E0]
\Driver\atapi[0x86945BD0] -> IRP_MJ_CREATE -> 0x86964555
kernel: MBR read successfully
detected disk devices:
\Device\Ide\IdeDeviceP0T0L0-0 -> \??\IDE#DiskHitachi_HTS545050B9A300_________________PB4OC63G#5&1a70c3a&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
user != kernel MBR !!!
sectors 976773166 (+255): user != kernel
Warning: possible TDL4 rootkit infection !
TDL4 rootkit infection detected ! Use: "mbr.exe -f" to fix.

predem dekuji

#10 Příspěvek od **vyosek** » 17 pro 2010 10:49

Zkusime to tedy jinak, udelejte krok dle navodu kolegy

stell píše:Stiahnite si prosím TDSSKiller http://support.kaspersky.com/downloads/ ... killer.exe a uložte ho na plochu.

2x-klik na TDSSKiller.exe- spustiť aplikáciu, potom na Spustiť kontrolu-klik- Start Scan.
Ak je infikovaný súbor detekovaný, bude predvolená akcia Cure, kliknite na tlačidlo Continue.
Ak podozrivý[suspicious] súbor je detekovaný, bude predvolená akcia Skip, kliknite na Continue.
Môže vás požiadať, aby ste reštartovali počítač na dokončenie procesu. Kliknite na Reboot Now.
Ak nevyžaduje reštart, kliknite na tlačidlo Report. Log súbor by sa mal objaviť. Prosím, skopírujte a vložte obsah súboru tu.
Ak je vyžadované reštartovanie počítača, správa je k dispozícii vo vašom koreňovom
adresári

honzaboy2010 · #11 Příspěvek od **honzaboy2010** » 17 pro 2010 11:08

2010/12/17 11:04:25.0915 TDSS rootkit removing tool 2.4.11.0 Dec 8 2010 14:46:40
2010/12/17 11:04:25.0915 ================================================================================
2010/12/17 11:04:25.0915 SystemInfo:
2010/12/17 11:04:25.0915
2010/12/17 11:04:25.0915 OS Version: 6.1.7600 ServicePack: 0.0
2010/12/17 11:04:25.0915 Product type: Workstation
2010/12/17 11:04:25.0915 ComputerName: INTEC03
2010/12/17 11:04:25.0920 UserName: jmlcek
2010/12/17 11:04:25.0920 Windows directory: C:\Windows
2010/12/17 11:04:25.0920 System windows directory: C:\Windows
2010/12/17 11:04:25.0920 Processor architecture: Intel x86
2010/12/17 11:04:25.0920 Number of processors: 2
2010/12/17 11:04:25.0920 Page size: 0x1000
2010/12/17 11:04:25.0920 Boot type: Normal boot
2010/12/17 11:04:25.0920 ================================================================================
2010/12/17 11:04:26.0685 Initialize success
2010/12/17 11:04:31.0345 ================================================================================
2010/12/17 11:04:31.0345 Scan started
2010/12/17 11:04:31.0345 Mode: Manual;
2010/12/17 11:04:31.0345 ================================================================================
2010/12/17 11:04:32.0280 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys
2010/12/17 11:04:32.0375 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys
2010/12/17 11:04:32.0470 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys
2010/12/17 11:04:32.0580 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
2010/12/17 11:04:32.0660 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
2010/12/17 11:04:32.0755 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
2010/12/17 11:04:32.0875 AFD (ddc040fdb01ef1712a6b13e52afb104c) C:\Windows\system32\drivers\afd.sys
2010/12/17 11:04:32.0985 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys
2010/12/17 11:04:33.0060 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
2010/12/17 11:04:33.0145 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys
2010/12/17 11:04:33.0255 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys
2010/12/17 11:04:33.0310 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys
2010/12/17 11:04:33.0420 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
2010/12/17 11:04:33.0455 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
2010/12/17 11:04:33.0540 amdsata (2101a86c25c154f8314b24ef49d7fbc2) C:\Windows\system32\DRIVERS\amdsata.sys
2010/12/17 11:04:33.0605 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
2010/12/17 11:04:33.0640 amdxata (b81c2b5616f6420a9941ea093a92b150) C:\Windows\system32\DRIVERS\amdxata.sys
2010/12/17 11:04:33.0720 ApfiltrService (5bffa4db168d2d0f99c182732535e82f) C:\Windows\system32\DRIVERS\Apfiltr.sys
2010/12/17 11:04:33.0825 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys
2010/12/17 11:04:34.0005 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
2010/12/17 11:04:34.0035 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
2010/12/17 11:04:34.0110 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
2010/12/17 11:04:34.0170 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys
2010/12/17 11:04:34.0400 atikmdag (04f09923a393e4e0e8453a8f78361e73) C:\Windows\system32\DRIVERS\atikmdag.sys
2010/12/17 11:04:34.0560 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
2010/12/17 11:04:34.0690 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
2010/12/17 11:04:34.0830 BCM43XX (f9ce9b5e049efc66b8e6c73c18ee8438) C:\Windows\system32\DRIVERS\bcmwl6.sys
2010/12/17 11:04:34.0980 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
2010/12/17 11:04:35.0065 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
2010/12/17 11:04:35.0220 bowser (fcafaef6798d7b51ff029f99a9898961) C:\Windows\system32\DRIVERS\bowser.sys
2010/12/17 11:04:35.0240 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2010/12/17 11:04:35.0275 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2010/12/17 11:04:35.0440 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
2010/12/17 11:04:35.0485 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
2010/12/17 11:04:35.0515 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
2010/12/17 11:04:35.0545 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
2010/12/17 11:04:35.0630 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
2010/12/17 11:04:35.0935 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
2010/12/17 11:04:36.0010 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys
2010/12/17 11:04:36.0140 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
2010/12/17 11:04:36.0225 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
2010/12/17 11:04:36.0365 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
2010/12/17 11:04:36.0400 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys
2010/12/17 11:04:36.0465 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
2010/12/17 11:04:36.0585 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
2010/12/17 11:04:36.0640 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys
2010/12/17 11:04:36.0870 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
2010/12/17 11:04:36.0955 CSC (27c9490bdd0ae48911ab8cf1932591ed) C:\Windows\system32\drivers\csc.sys
2010/12/17 11:04:37.0095 DfsC (8e09e52ee2e3ceb199ef3dd99cf9e3fb) C:\Windows\system32\Drivers\dfsc.sys
2010/12/17 11:04:37.0125 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
2010/12/17 11:04:37.0240 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
2010/12/17 11:04:37.0380 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
2010/12/17 11:04:37.0440 DXGKrnl (8b6c3464d7fac176500061dbfff42ad4) C:\Windows\System32\drivers\dxgkrnl.sys
2010/12/17 11:04:37.0630 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
2010/12/17 11:04:37.0835 ElbyCDIO (44996a2addd2db7454f2ca40b67d8941) C:\Windows\system32\Drivers\ElbyCDIO.sys
2010/12/17 11:04:37.0915 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
2010/12/17 11:04:38.0005 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys
2010/12/17 11:04:38.0085 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
2010/12/17 11:04:38.0130 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
2010/12/17 11:04:38.0245 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
2010/12/17 11:04:38.0290 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
2010/12/17 11:04:38.0315 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
2010/12/17 11:04:38.0500 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
2010/12/17 11:04:38.0535 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
2010/12/17 11:04:38.0570 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
2010/12/17 11:04:38.0680 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
2010/12/17 11:04:38.0760 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys
2010/12/17 11:04:38.0880 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
2010/12/17 11:04:38.0965 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2010/12/17 11:04:39.0110 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
2010/12/17 11:04:39.0200 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\Windows\system32\drivers\HdAudio.sys
2010/12/17 11:04:39.0330 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys
2010/12/17 11:04:39.0350 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
2010/12/17 11:04:39.0385 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
2010/12/17 11:04:39.0525 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
2010/12/17 11:04:39.0605 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys
2010/12/17 11:04:39.0745 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys
2010/12/17 11:04:39.0815 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys
2010/12/17 11:04:39.0900 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys
2010/12/17 11:04:39.0950 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
2010/12/17 11:04:40.0045 iaStorV (934af4d7c5f457b9f0743f4299b77b67) C:\Windows\system32\DRIVERS\iaStorV.sys
2010/12/17 11:04:40.0170 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
2010/12/17 11:04:40.0205 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys
2010/12/17 11:04:40.0290 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
2010/12/17 11:04:40.0320 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2010/12/17 11:04:40.0415 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys
2010/12/17 11:04:40.0460 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
2010/12/17 11:04:40.0535 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
2010/12/17 11:04:40.0615 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys
2010/12/17 11:04:40.0655 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys
2010/12/17 11:04:40.0765 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
2010/12/17 11:04:40.0825 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys
2010/12/17 11:04:40.0925 KSecDD (e36a061ec11b373826905b21be10948f) C:\Windows\system32\Drivers\ksecdd.sys
2010/12/17 11:04:40.0970 KSecPkg (365c6154bbbc5377173f1ca7bfb6cc59) C:\Windows\system32\Drivers\ksecpkg.sys
2010/12/17 11:04:41.0065 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
2010/12/17 11:04:41.0190 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
2010/12/17 11:04:41.0225 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
2010/12/17 11:04:41.0255 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2010/12/17 11:04:41.0285 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2010/12/17 11:04:41.0350 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
2010/12/17 11:04:41.0445 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
2010/12/17 11:04:41.0540 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
2010/12/17 11:04:41.0615 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
2010/12/17 11:04:41.0685 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
2010/12/17 11:04:41.0780 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
2010/12/17 11:04:41.0850 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
2010/12/17 11:04:41.0915 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys
2010/12/17 11:04:42.0035 MpFilter (c98301ad8173a2235a9ab828955c32bb) C:\Windows\system32\DRIVERS\MpFilter.sys
2010/12/17 11:04:42.0075 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys
2010/12/17 11:04:42.0125 MpNWMon (aeb186afff5d9cfed823c15d846aac3b) C:\Windows\system32\DRIVERS\MpNWMon.sys
2010/12/17 11:04:42.0195 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
2010/12/17 11:04:42.0250 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys
2010/12/17 11:04:42.0300 mrxsmb (f1b6aa08497ea86ca6ef6f7a08b0bfb8) C:\Windows\system32\DRIVERS\mrxsmb.sys
2010/12/17 11:04:42.0360 mrxsmb10 (5613358b4050f46f5a9832da8050d6e4) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2010/12/17 11:04:42.0395 mrxsmb20 (25c9792778d80feb4c8201e62281bfdf) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2010/12/17 11:04:42.0430 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys
2010/12/17 11:04:42.0500 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys
2010/12/17 11:04:42.0585 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
2010/12/17 11:04:42.0610 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
2010/12/17 11:04:42.0685 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys
2010/12/17 11:04:42.0760 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
2010/12/17 11:04:42.0870 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
2010/12/17 11:04:42.0885 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
2010/12/17 11:04:42.0925 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
2010/12/17 11:04:42.0955 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
2010/12/17 11:04:43.0095 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
2010/12/17 11:04:43.0130 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
2010/12/17 11:04:43.0170 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
2010/12/17 11:04:43.0290 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
2010/12/17 11:04:43.0390 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys
2010/12/17 11:04:43.0510 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
2010/12/17 11:04:43.0580 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
2010/12/17 11:04:43.0660 NdisTgb (3565c551166f42095f08089d806a6a94) C:\Windows\system32\DRIVERS\ndistgb.sys
2010/12/17 11:04:43.0715 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys
2010/12/17 11:04:43.0760 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys
2010/12/17 11:04:43.0795 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys
2010/12/17 11:04:43.0935 Netaapl (7afd0e39ab15cb355487b7cc19f4e2c5) C:\Windows\system32\DRIVERS\netaapl.sys
2010/12/17 11:04:44.0010 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
2010/12/17 11:04:44.0040 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys
2010/12/17 11:04:44.0215 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
2010/12/17 11:04:44.0325 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
2010/12/17 11:04:44.0355 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
2010/12/17 11:04:44.0450 Ntfs (3795dcd21f740ee799fb7223234215af) C:\Windows\system32\drivers\Ntfs.sys
2010/12/17 11:04:44.0530 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
2010/12/17 11:04:44.0595 nvraid (3f3d04b1d08d43c16ea7963954ec768d) C:\Windows\system32\DRIVERS\nvraid.sys
2010/12/17 11:04:44.0615 nvstor (c99f251a5de63c6f129cf71933aced0f) C:\Windows\system32\DRIVERS\nvstor.sys
2010/12/17 11:04:44.0680 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys
2010/12/17 11:04:44.0785 OA009Ufd (a015dd2ba6009c8bdd00a6c431302d06) C:\Windows\system32\DRIVERS\OA009Ufd.sys
2010/12/17 11:04:44.0845 OA009Vid (d4e1f63a07c58563a73fd5aa20dcfb65) C:\Windows\system32\DRIVERS\OA009Vid.sys
2010/12/17 11:04:44.0940 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys
2010/12/17 11:04:45.0075 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
2010/12/17 11:04:45.0110 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys
2010/12/17 11:04:45.0135 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
2010/12/17 11:04:45.0170 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys
2010/12/17 11:04:45.0275 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys
2010/12/17 11:04:45.0320 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
2010/12/17 11:04:45.0345 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
2010/12/17 11:04:45.0380 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
2010/12/17 11:04:45.0675 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
2010/12/17 11:04:45.0710 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
2010/12/17 11:04:45.0785 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
2010/12/17 11:04:45.0930 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
2010/12/17 11:04:46.0050 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
2010/12/17 11:04:46.0080 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
2010/12/17 11:04:46.0170 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
2010/12/17 11:04:46.0300 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
2010/12/17 11:04:46.0355 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
2010/12/17 11:04:46.0490 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
2010/12/17 11:04:46.0525 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
2010/12/17 11:04:46.0560 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys
2010/12/17 11:04:46.0680 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
2010/12/17 11:04:46.0705 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys
2010/12/17 11:04:46.0755 RDPDR (c5ff95883ffef704d50c40d21cfb3ab5) C:\Windows\system32\drivers\rdpdr.sys
2010/12/17 11:04:46.0890 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
2010/12/17 11:04:46.0920 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
2010/12/17 11:04:46.0950 RDPWD (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys
2010/12/17 11:04:47.0045 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys
2010/12/17 11:04:47.0170 RsFx0150 (a95840a95a9ff74b0009e5d848cddb39) C:\Windows\system32\DRIVERS\RsFx0150.sys
2010/12/17 11:04:47.0250 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
2010/12/17 11:04:47.0290 s3cap (5423d8437051e89dd34749f242c98648) C:\Windows\system32\DRIVERS\vms3cap.sys
2010/12/17 11:04:47.0400 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys
2010/12/17 11:04:47.0430 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys
2010/12/17 11:04:47.0525 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2010/12/17 11:04:47.0640 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
2010/12/17 11:04:47.0725 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
2010/12/17 11:04:47.0815 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
2010/12/17 11:04:47.0920 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
2010/12/17 11:04:47.0960 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
2010/12/17 11:04:47.0995 sffp_sd (a0708bbd07d245c06ff9de549ca47185) C:\Windows\system32\drivers\sffp_sd.sys
2010/12/17 11:04:48.0025 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
2010/12/17 11:04:48.0160 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys
2010/12/17 11:04:48.0240 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2010/12/17 11:04:48.0270 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
2010/12/17 11:04:48.0390 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
2010/12/17 11:04:48.0500 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
2010/12/17 11:04:48.0645 srv (2dbedfb1853f06110ec2aa7f3213c89f) C:\Windows\system32\DRIVERS\srv.sys
2010/12/17 11:04:48.0705 srv2 (db37131d1027c50ea7ee21c8bb4536aa) C:\Windows\system32\DRIVERS\srv2.sys
2010/12/17 11:04:48.0735 srvnet (f5980b74124db9233b33f86fc5ebbb4f) C:\Windows\system32\DRIVERS\srvnet.sys
2010/12/17 11:04:48.0855 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
2010/12/17 11:04:48.0945 storflt (957e346ca948668f2496a6ccf6ff82cc) C:\Windows\system32\DRIVERS\vmstorfl.sys
2010/12/17 11:04:49.0005 storvsc (d5751969dc3e4b88bf482ac8ec9fe019) C:\Windows\system32\DRIVERS\storvsc.sys
2010/12/17 11:04:49.0040 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
2010/12/17 11:04:49.0220 Tcpip (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\drivers\tcpip.sys
2010/12/17 11:04:49.0380 TCPIP6 (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\DRIVERS\tcpip.sys
2010/12/17 11:04:49.0465 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys
2010/12/17 11:04:49.0500 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys
2010/12/17 11:04:49.0540 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys
2010/12/17 11:04:49.0570 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys
2010/12/17 11:04:49.0650 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys
2010/12/17 11:04:49.0765 TgbHook (46955f87698338cd67ab53800ce457fc) C:\Windows\system32\Drivers\vistahook.sys
2010/12/17 11:04:49.0820 TgbIpSec (9d53a1ba0112d983dd7fe3ac93584885) C:\Windows\system32\Drivers\dfiltervpn.sys
2010/12/17 11:04:49.0910 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys
2010/12/17 11:04:50.0025 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys
2010/12/17 11:04:50.0055 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
2010/12/17 11:04:50.0085 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys
2010/12/17 11:04:50.0225 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys
2010/12/17 11:04:50.0310 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys
2010/12/17 11:04:50.0435 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
2010/12/17 11:04:50.0525 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) C:\Windows\system32\Drivers\usbaapl.sys
2010/12/17 11:04:50.0640 usbaudio (2436a42aab4ad48a9b714e5b0f344627) C:\Windows\system32\drivers\usbaudio.sys
2010/12/17 11:04:50.0685 usbccgp (8455c4ed038efd09e99327f9d2d48ffa) C:\Windows\system32\DRIVERS\usbccgp.sys
2010/12/17 11:04:50.0750 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys
2010/12/17 11:04:50.0870 usbehci (1c333bfd60f2fed2c7ad5daf533cb742) C:\Windows\system32\DRIVERS\usbehci.sys
2010/12/17 11:04:50.0940 usbhub (ee6ef93ccfa94fae8c6ab298273d8ae2) C:\Windows\system32\DRIVERS\usbhub.sys
2010/12/17 11:04:50.0980 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys
2010/12/17 11:04:51.0085 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
2010/12/17 11:04:51.0165 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
2010/12/17 11:04:51.0220 USBSTOR (d8889d56e0d27e57ed4591837fe71d27) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2010/12/17 11:04:51.0345 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys
2010/12/17 11:04:51.0385 usbvideo (b5f6a992d996282b7fae7048e50af83a) C:\Windows\System32\Drivers\usbvideo.sys
2010/12/17 11:04:51.0510 usb_rndisx (d82f43d15fdaa666856c0190cb73e7c9) C:\Windows\system32\DRIVERS\usb8023x.sys
2010/12/17 11:04:51.0565 VClone (94d73b62e458fb56c9ce60aa96d914f9) C:\Windows\system32\DRIVERS\VClone.sys
2010/12/17 11:04:51.0680 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys
2010/12/17 11:04:51.0740 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
2010/12/17 11:04:51.0770 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
2010/12/17 11:04:51.0850 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys
2010/12/17 11:04:51.0915 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys
2010/12/17 11:04:51.0935 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
2010/12/17 11:04:52.0020 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys
2010/12/17 11:04:52.0060 vmbus (379b349f65f453d2a6e75ea6b7448e49) C:\Windows\system32\DRIVERS\vmbus.sys
2010/12/17 11:04:52.0085 VMBusHID (ec2bbab4b84d0738c6c83d2234dc36fe) C:\Windows\system32\DRIVERS\VMBusHID.sys
2010/12/17 11:04:52.0225 vmm (e41fef9e3056fe88c71e411f705be41e) C:\Windows\system32\Drivers\vmm.sys
2010/12/17 11:04:52.0275 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys
2010/12/17 11:04:52.0295 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
2010/12/17 11:04:52.0335 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys
2010/12/17 11:04:52.0450 VPCNetS2 (f96a678debdccb0b4bb7f38cb2580589) C:\Windows\system32\DRIVERS\VMNetSrv.sys
2010/12/17 11:04:52.0525 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
2010/12/17 11:04:52.0615 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
2010/12/17 11:04:52.0650 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
2010/12/17 11:04:52.0690 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
2010/12/17 11:04:52.0755 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
2010/12/17 11:04:52.0775 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
2010/12/17 11:04:52.0940 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
2010/12/17 11:04:52.0970 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
2010/12/17 11:04:53.0115 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
2010/12/17 11:04:53.0145 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
2010/12/17 11:04:53.0330 WinUsb (30fc6e5448d0cbaaa95280eeef7fedae) C:\Windows\system32\DRIVERS\WinUsb.sys
2010/12/17 11:04:53.0425 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2010/12/17 11:04:53.0575 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
2010/12/17 11:04:53.0635 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
2010/12/17 11:04:53.0720 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
2010/12/17 11:04:53.0845 yukonw7 (30b73eb97218a16cbc6de535782a1b35) C:\Windows\system32\DRIVERS\yk62x86.sys
2010/12/17 11:04:53.0935 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2010/12/17 11:04:53.0940 ================================================================================
2010/12/17 11:04:53.0940 Scan finished
2010/12/17 11:04:53.0940 ================================================================================
2010/12/17 11:04:53.0955 Detected object count: 1
2010/12/17 11:05:01.0770 \HardDisk0 - will be cured after reboot
2010/12/17 11:05:01.0770 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure
2010/12/17 11:05:07.0800 Deinitialize success

#12 Příspěvek od **vyosek** » 17 pro 2010 11:41

Pokud jste nerestartoval PC po TDSSKilleru, tak tak ucinte

Smazte z plochy log mbr.txt, udelame si novy

Kliknete na Start a pote Spustit, pripadne pouzijte klavesou zkratku Win+R

Vyskoci na Vas okenko, do ktereho zkopirujte text nize
Kód: Vybrat vše
```
"%userprofile%\Desktop\mbr" -t
```
Kliknete na OK
Na plose se Vam vytvori log s nazvem mbr.txt, jeho obsah mi sem vlozte

honzaboy2010 · #13 Příspěvek od **honzaboy2010** » 17 pro 2010 12:03

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.1.7600 Disk: Hitachi_HTS545050B9A300 rev.PB4OC63G -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0

device: opened successfully
user: MBR read successfully

Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS halmacpi.dll PCIIDEX.SYS msahci.sys dxgkrnl.sys atikmdag.sys dxgmms1.sys
C:\Windows\system32\DRIVERS\atikmdag.sys ATI Technologies Inc. ATI Radeon Family
1 ntkrnlpa!IofCallDriver[0x82C79458] -> \Device\Harddisk0\DR0[0x86539030]
3 CLASSPNP[0x8C78159E] -> ntkrnlpa!IofCallDriver[0x82C79458] -> \Device\Ide\IdeDeviceP0T0L0-0[0x8609C030]
kernel: MBR read successfully
user & kernel MBR OK

#14 Příspěvek od **vyosek** » 17 pro 2010 12:26

Parada

TDSS je pryc...

Zkuste nyni aplikovat CFScript

honzaboy2010 · #15 Příspěvek od **honzaboy2010** » 17 pro 2010 12:55

ComboFix 10-12-15.07 - jmlcek 17.12.2010 12:40:39.2.2 - x86
Microsoft Windows 7 Professional 6.1.7600.0.1250.420.1033.18.3580.2400 [GMT 1:00]
Spuštěný z: c:\users\jmlcek\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\jmlcek\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
SP: avast! Antivirus *Disabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FILE ::
"c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk"
"c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat Synchronizer.lnk"
"c:\users\jmlcek\AppData\Roaming\google_u1[s7_7]rk-h.tmp"
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat Synchronizer.lnk
c:\users\jmlcek\AppData\Roaming\google_u1[s7_7]rk-h.tmp
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

.
\\.\PhysicalDrive0 - Bootkit TDL4 was found and disinfected
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_TGBHOOK
-------\Legacy_TGBIPSEC
-------\Service_TgbHook
-------\Service_TgbIpSec

((((((((((((((((((((((((( Soubory vytvořené od 2010-11-17 do 2010-12-17 )))))))))))))))))))))))))))))))
.

2010-12-17 11:47 . 2010-12-17 11:50 -------- d-----w- c:\users\jmlcek\AppData\Local\temp
2010-12-17 11:47 . 2010-12-17 11:47 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-12-17 11:35 . 2010-11-16 11:01 6273872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8BD1C799-590E-4827-8176-2506E481D402}\mpengine.dll
2010-12-17 11:14 . 2010-12-17 11:14 -------- d-----w- c:\programdata\Lavasoft
2010-12-17 10:45 . 2010-09-07 15:47 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-12-17 10:45 . 2010-09-07 15:52 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-12-17 10:45 . 2010-09-07 15:47 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-12-17 10:45 . 2010-09-07 15:52 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-12-17 10:45 . 2010-09-07 15:47 50768 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2010-12-17 10:44 . 2010-09-07 16:12 38848 ----a-w- c:\windows\avastSS.scr
2010-12-17 10:44 . 2010-09-07 16:11 167592 ----a-w- c:\windows\system32\aswBoot.exe
2010-12-17 10:10 . 2010-10-16 04:41 101760 ----a-w- c:\windows\system32\consent.exe
2010-12-17 10:10 . 2010-10-20 04:54 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-12-17 10:10 . 2010-10-20 02:58 294400 ----a-w- c:\windows\system32\atmfd.dll
2010-12-17 10:10 . 2010-10-16 04:36 314368 ----a-w- c:\windows\system32\webio.dll
2010-12-17 10:10 . 2010-10-12 04:25 516096 ----a-w- c:\program files\Windows Mail\wab.exe
2010-12-17 09:58 . 2010-12-17 10:11 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-12-17 09:58 . 2010-12-17 09:58 -------- d-----w- c:\program files\Hitman Pro 3.5
2010-12-17 09:58 . 2010-12-17 09:58 -------- d-----w- c:\programdata\Hitman Pro
2010-12-16 13:48 . 2010-12-16 13:48 -------- d-----w- c:\users\jmlcek\AppData\Local\ElevatedDiagnostics
2010-12-16 12:40 . 2010-12-17 03:43 -------- d-----w- c:\program files\trend micro
2010-12-16 12:40 . 2010-12-16 12:41 -------- d-----w- C:\rsit
2010-12-16 11:16 . 2010-12-16 11:16 -------- d-----w- c:\programdata\Alwil Software
2010-12-16 11:16 . 2010-12-16 11:16 -------- d-----w- c:\program files\Alwil Software
2010-12-15 15:23 . 2010-12-15 15:23 -------- d-----w- c:\program files\avsysinfo
2010-12-15 15:23 . 2010-12-15 15:23 -------- d-----w- c:\program files\Cucusoft
2010-12-14 15:35 . 2010-12-14 15:35 -------- d-----r- c:\program files\Skype
2010-12-14 12:35 . 2010-12-17 03:42 -------- d-----w- c:\users\jmlcek\AppData\Local\Thunderbird
2010-12-14 12:35 . 2010-12-14 12:35 -------- d-----w- c:\users\jmlcek\AppData\Roaming\Thunderbird
2010-12-13 06:21 . 2010-12-17 03:43 -------- d-----w- c:\program files\MozBackup
2010-12-06 18:08 . 2010-12-09 15:33 -------- d-----w- c:\program files\Mozilla Thunderbird
2010-12-02 16:04 . 2009-05-18 12:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-12-02 16:04 . 2008-04-17 11:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2010-12-02 16:04 . 2010-12-02 16:04 -------- d-----w- c:\program files\iPod
2010-12-02 16:04 . 2010-12-02 16:04 -------- d-----w- c:\program files\iTunes
2010-12-02 16:01 . 2010-12-02 16:01 -------- d-----w- c:\program files\Apple Software Update
2010-11-24 08:38 . 2010-10-19 08:10 7680 ----a-w- c:\program files\Internet Explorer\iecompat.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-19 09:41 . 2010-01-08 10:41 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-10-14 00:36 . 2010-10-14 00:36 15451288 ----a-w- c:\windows\system32\xlive.dll
2010-10-14 00:36 . 2010-10-14 00:36 13642904 ----a-w- c:\windows\system32\xlivefnt.dll
2010-10-07 11:23 . 2010-10-07 11:23 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-10-07 11:23 . 2010-10-07 11:23 75040 ----a-w- c:\windows\system32\jdns_sd.dll
2010-10-07 11:23 . 2010-10-07 11:23 197920 ----a-w- c:\windows\system32\dnssdX.dll
2010-10-07 11:23 . 2010-10-07 11:23 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-09-28 14:44 . 2010-09-28 14:44 41984 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2010-09-28 14:44 . 2010-09-28 14:44 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"eyeBeam SIP Client"="c:\program files\CounterPath\X-Lite\x-lite.exe" [2010-01-04 23941120]
"Ditto"="c:\program files\Ditto\Ditto.exe" [2009-08-16 716800]
"AdobeBridge"="" [BU]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2009-01-23 217088]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-09-07 2838912]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-09-02 136176]
R3 cpuz130;cpuz130;c:\users\jmlcek\AppData\Local\Temp\cpuz130\cpuz_x32.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl.sys [2010-04-19 18432]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-27 1343400]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2010-04-03 44896]
R4 RsFx0150;RsFx0150 Driver;c:\windows\system32\DRIVERS\RsFx0150.sys [2010-04-03 240608]
S1 aswSP;aswSP; [x]
S1 NdisTgb;TheGreenBow NDIS filter driver;c:\windows\system32\DRIVERS\ndistgb.sys [2009-06-23 25584]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-08-18 176128]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-09-07 50768]
S2 TgbIke Starter;TgbIke Starter;c:\windows\system32\TgbStarter.exe [2009-06-23 129520]
S3 OA009Ufd;Creative Camera OA009 Upper Filter Driver;c:\windows\system32\DRIVERS\OA009Ufd.sys [2008-06-03 144672]
S3 OA009Vid;Creative Camera OA009 Function Driver;c:\windows\system32\DRIVERS\OA009Vid.sys [2008-08-25 269216]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-09-28 315392]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
.
------- Doplňkový sken -------
.
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~1\Office14\ONBttnIE.dll/105
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
FF - ProfilePath - c:\users\jmlcek\AppData\Roaming\Mozilla\Firefox\Profiles\bnuskcqc.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.viry.cz/forum/index.php
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: 20-20 3D Viewer: 2020Player@2020Technologies.com - %profile%\extensions\2020Player@2020Technologies.com
.
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'Explorer.exe'(2804)
c:\program files\Microsoft Virtual PC\VPCShExH.DLL
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\atieclxx.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\windows\system32\taskhost.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\program files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe
c:\program files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\sqlservr.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\conhost.exe
c:\windows\system32\sppsvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Celkový čas: 2010-12-17 12:54:40 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-12-17 11:54
ComboFix2.txt 2010-12-16 19:17
ComboFix3.txt 2010-12-16 16:15

Před spuštěním: 297 325 252 608 bytes free
Po spuštění: 296 893 616 128 bytes free

- - End Of File - - 07D4841C3393D8B2BA7A7DDE42E663F7

VIRY.CZ

Nelze spustit Microsoft Security, prosim o kontrolu logu

Nelze spustit Microsoft Security, prosim o kontrolu logu

Re: Nelze spustit Microsoft Security, prosim o kontrolu logu

Re: Nelze spustit Microsoft Security, prosim o kontrolu logu

Re: Nelze spustit Microsoft Security, prosim o kontrolu logu

Re: Nelze spustit Microsoft Security, prosim o kontrolu logu

Re: Nelze spustit Microsoft Security, prosim o kontrolu logu

Re: Nelze spustit Microsoft Security, prosim o kontrolu logu

Re: Nelze spustit Microsoft Security, prosim o kontrolu logu

Re: Nelze spustit Microsoft Security, prosim o kontrolu logu

Re: Nelze spustit Microsoft Security, prosim o kontrolu logu

Re: Nelze spustit Microsoft Security, prosim o kontrolu logu

Re: Nelze spustit Microsoft Security, prosim o kontrolu logu

Re: Nelze spustit Microsoft Security, prosim o kontrolu logu

Re: Nelze spustit Microsoft Security, prosim o kontrolu logu

Re: Nelze spustit Microsoft Security, prosim o kontrolu logu