VIRY.CZ

Eset mi hlasi v operacni pameti win32/ Mebroot. Kontrola pomoci NOD32 ho nikde jinde neukaze. Zkusil jsem pustit combofix. Nepomohlo. Log z MBR je cisty...
Prikladam log z RSIT:

Logfile of random's system information tool 1.08 (written by random/random)
Run by Karel at 2011-03-11 11:38:32
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 102 GB (68%) free of 150 GB
Total RAM: 1023 MB (38% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:38:38, on 11.3.2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\vsnp2std.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Documents and Settings\Karel\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\Karel\Dokumenty\Stažené soubory\RSIT.exe
C:\Program Files\trend micro\Karel.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Karel\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Rychlý začátek s aplikací HP Photosmart Premier.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 6304800687
O16 - DPF: {93B08541-9F6B-4697-9F9A-7058F1E33785} (NTR ActiveX 1.1.8.2) - http://213.226.254.58/inquiero/mod/setu ... ex1182.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ESET HTTP Server (EHttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O24 - Desktop Component 0: (no name) - (no file)

--
End of file - 6923 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2011-01-30 62376]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Plug-In - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-11-22 1242504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-01-30 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2011-01-30 79648]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2006-12-19 16062464]
"SkyTel"=C:\WINDOWS\SkyTel.EXE [2006-05-16 2879488]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-05-14 248552]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-03-11 49152]
"snp2std"=C:\WINDOWS\vsnp2std.exe [2005-11-16 344064]
"RemoteControl"=C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2004-11-02 32768]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-11-15 932288]
"egui"=C:\Program Files\ESET\ESET Smart Security\egui.exe [2011-01-12 2219184]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Google Update"=C:\Documents and Settings\Karel\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe [2011-01-30 136176]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
Rychlý začátek s aplikací HP Photosmart Premier.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2010-06-22 159744]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Java\jre6\launch4j-tmp\frd.exe"="C:\Program Files\Java\jre6\launch4j-tmp\frd.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\Java\jre6\bin\javaw.exe"="C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Program Files\Google\Google Earth\client\googleearth.exe"="C:\Program Files\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2011-03-11 11:38:33 ----D---- C:\Program Files\trend micro
2011-03-11 11:38:32 ----D---- C:\rsit
2011-03-11 11:37:09 ----HDC---- C:\WINDOWS\$NtUninstallKB2479943$
2011-03-11 11:35:30 ----HDC---- C:\WINDOWS\$NtUninstallKB2481109$
2011-03-11 11:35:03 ----D---- C:\WINDOWS\LastGood
2011-03-10 20:31:22 ----SHD---- C:\RECYCLER
2011-03-01 21:19:49 ----SHD---- C:\$RECYCLE.BIN
2011-02-28 22:50:41 ----A---- C:\WINDOWS\ntbtlog.txt
2011-02-28 22:34:27 ----A---- C:\ComboFix.txt
2011-02-28 22:11:15 ----A---- C:\WINDOWS\zip.exe
2011-02-28 22:11:15 ----A---- C:\WINDOWS\SWXCACLS.exe
2011-02-28 22:11:15 ----A---- C:\WINDOWS\SWSC.exe
2011-02-28 22:11:15 ----A---- C:\WINDOWS\SWREG.exe
2011-02-28 22:11:15 ----A---- C:\WINDOWS\sed.exe
2011-02-28 22:11:15 ----A---- C:\WINDOWS\PEV.exe
2011-02-28 22:11:15 ----A---- C:\WINDOWS\NIRCMD.exe
2011-02-28 22:11:15 ----A---- C:\WINDOWS\MBR.exe
2011-02-28 22:11:15 ----A---- C:\WINDOWS\grep.exe
2011-02-28 22:11:11 ----D---- C:\WINDOWS\ERDNT
2011-02-28 22:08:06 ----D---- C:\Qoobox
2011-02-28 20:56:36 ----A---- C:\WINDOWS\system32\drivers\kbdhid.sys
2011-02-27 15:09:25 ----D---- C:\Documents and Settings\Karel\Data aplikací\ESET
2011-02-27 14:54:06 ----D---- C:\Program Files\ESET
2011-02-27 14:54:06 ----D---- C:\Documents and Settings\All Users\Data aplikací\ESET
2011-02-23 07:31:01 ----HDC---- C:\WINDOWS\$NtUninstallKB971029$
2011-02-15 18:11:36 ----D---- C:\Documents and Settings\Karel\Data aplikací\ntr
2011-02-13 16:08:56 ----D---- C:\Program Files\Screamer Radio
2011-02-13 15:41:10 ----A---- C:\WINDOWS\system32\drivers\AtiHdmi.sys
2011-02-13 15:40:41 ----A---- C:\WINDOWS\system32\ATIDEMGX.dll
2011-02-13 15:40:39 ----A---- C:\WINDOWS\system32\atiiiexx.dll
2011-02-13 15:39:50 ----D---- C:\Program Files\ATI Technologies

======List of files/folders modified in the last 1 months======

2011-03-11 11:38:33 ----RD---- C:\Program Files
2011-03-11 11:38:33 ----D---- C:\WINDOWS\Temp
2011-03-11 11:37:12 ----HD---- C:\WINDOWS\inf
2011-03-11 11:37:12 ----D---- C:\WINDOWS\Prefetch
2011-03-11 11:37:11 ----D---- C:\WINDOWS
2011-03-11 11:37:10 ----RSHDC---- C:\WINDOWS\system32\dllcache
2011-03-11 11:37:10 ----D---- C:\WINDOWS\system32
2011-03-11 11:35:47 ----D---- C:\WINDOWS\Debug
2011-03-11 11:35:44 ----A---- C:\WINDOWS\system32\MRT.exe
2011-03-11 11:35:40 ----A---- C:\WINDOWS\imsins.BAK
2011-03-11 11:34:28 ----D---- C:\Program Files\Mozilla Firefox
2011-03-11 11:34:03 ----D---- C:\Config.Msi
2011-03-11 11:33:51 ----SHD---- C:\WINDOWS\Installer
2011-03-11 11:30:11 ----D---- C:\WINDOWS\system32\CatRoot2
2011-03-10 20:36:45 ----A---- C:\WINDOWS\SchedLgU.Txt
2011-03-10 20:21:25 ----HD---- C:\WINDOWS\$hf_mig$
2011-03-10 20:11:26 ----D---- C:\WINDOWS\system32\drivers
2011-02-28 22:33:57 ----SD---- C:\WINDOWS\Tasks
2011-02-28 22:29:39 ----A---- C:\WINDOWS\system.ini
2011-02-28 22:29:30 ----D---- C:\WINDOWS\system32\drivers\etc
2011-02-28 22:26:03 ----D---- C:\WINDOWS\AppPatch
2011-02-28 22:26:02 ----D---- C:\Program Files\Common Files
2011-02-27 14:50:32 ----D---- C:\Documents and Settings\All Users\Data aplikací\Alwil Software
2011-02-27 14:28:45 ----D---- C:\Program Files\JDownloader
2011-02-24 14:19:46 ----A---- C:\WINDOWS\NeroDigital.ini
2011-02-18 17:29:06 ----D---- C:\Documents and Settings\Karel\Data aplikací\Skype
2011-02-18 16:05:01 ----D---- C:\Documents and Settings\Karel\Data aplikací\skypePM
2011-02-17 11:19:09 ----D---- C:\FreeRapid-0.85-build555
2011-02-15 18:11:36 ----SD---- C:\WINDOWS\Downloaded Program Files
2011-02-15 13:04:18 ----D---- C:\Documents and Settings\Karel\Data aplikací\Vso
2011-02-13 16:02:37 ----HD---- C:\Program Files\InstallShield Installation Information
2011-02-13 15:41:10 ----DC---- C:\WINDOWS\system32\DRVSTORE
2011-02-13 15:36:31 ----D---- C:\Program Files\ATI
2011-02-13 07:46:21 ----D---- C:\WINDOWS\Minidump

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 iaStor;Intel AHCI Controller; C:\WINDOWS\system32\drivers\iaStor.sys [2005-03-09 870912]
R0 ohci1394;Hostitelský řadič IEEE 1394 dle standardu OHCI Texas Instruments; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2008-04-14 61696]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2005-08-19 46080]
R1 ehdrv;ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [2010-12-21 115008]
R1 epfwtdi;epfwtdi; C:\WINDOWS\system32\DRIVERS\epfwtdi.sys [2010-08-03 55256]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R2 eamon;eamon; C:\WINDOWS\system32\DRIVERS\eamon.sys [2010-12-21 141264]
R2 epfw;epfw; C:\WINDOWS\system32\DRIVERS\epfw.sys [2010-12-21 134000]
R3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-14 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2010-06-23 5068288]
R3 AtiHdmiService;ATI Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\AtiHdmi.sys [2010-05-17 101904]
R3 Epfwndis;Eset Personal Firewall; C:\WINDOWS\system32\DRIVERS\Epfwndis.sys [2010-12-21 33120]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-12-21 4405248]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2011-01-29 5810]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-14 61824]
R3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2011-01-30 47360]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
R3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:\WINDOWS\system32\DRIVERS\yk51x86.sys [2005-02-01 229888]
S1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2007-03-08 49920]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2007-03-08 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2007-03-08 21568]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 SNP2STD;USB2.0 PC Camera (SNP2STD); C:\WINDOWS\system32\DRIVERS\snp2sxp.sys [2005-11-18 10192896]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 AtiHDAudioService;ATI Function Driver for HD Audio Service; C:\WINDOWS\system32\drivers\AtihdXP3.sys []
S4 dwshd;dwshd; C:\WINDOWS\System32\drivers\dwshd.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2010-06-22 602112]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2011-01-12 810144]
R2 hpqddsvc;Služba HP CUE DeviceDiscovery; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2011-01-30 153376]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R3 hpqcxs08;hpqcxs08; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S2 gupdate;Google Update Service (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2011-01-30 136176]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 EHttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe [2011-01-12 33584]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2010-06-11 136120]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

Zdravim a pekny den preji

Kdyz date log z RSIT po CFku tak je videt kulovy

Log z CF jste si vylustil

Navic CFko se nema pouzivat bez doporuceni radce - vizte nize

Nebezpeci CFka

Je urcen primarne pro radce - jeho svevolnym pouzitim ztracite narok na podporu
Maze stopy po haveti, takze v logu z RSIT neni nic videt
Jeho log je treba dolustit, jelikoz neumi smazat vse - to ovsem tezko zvladnete pokud k tomu nejste vyskolen
CF muze mit bug = sunda Vam system, pokud nevite kam co uklada, jak co obnovit, mate system v kytkam a ceka Vas reinstal
CF taky bohuzel prozatim nekontroluje nektere dulezite knihovny (napr. hal.dll) - ty treba mazou nektere typy haveti (napr. angela) - smaze Vam po restartu hal.dll = nenajede Vam system a jste o radek vyse = reinstal

Poprosim o ten log z CF, je ulozen v c:\combofix.txt

Priste se polepsim

Log z combofix:

ComboFix 11-02-28.02 - Karel 28.02.2011 22:20:45.1.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1023.720 [GMT 1:00]
Spuštěný z: c:\documents and settings\Karel\Dokumenty\Stažené soubory\ComboFix.exe

VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Karel\Local Settings\Temporary Internet Files\dxva_sig.txt
c:\windows\system32\AutoRun.inf

Nakažená kopie c:\windows\regedit.exe byla nalezena a vyléčena.
Obnovena kopie z - c:\windows\ServicePackFiles\i386\regedit.exe

.
((((((((((((((((((((((((( Soubory vytvořené od 2011-01-28 do 2011-02-28 )))))))))))))))))))))))))))))))
.

2011-02-28 19:56 . 2008-04-14 06:59 14592 -c--a-w- c:\windows\system32\dllcache\kbdhid.sys
2011-02-28 19:56 . 2008-04-14 06:59 14592 ----a-w- c:\windows\system32\drivers\kbdhid.sys
2011-02-27 14:23 . 2011-02-27 14:23 -------- d-----w- c:\windows\system32\config\systemprofile\Data aplikací\ESET
2011-02-27 14:09 . 2011-02-27 14:09 -------- d-----w- c:\documents and settings\Karel\Local Settings\Data aplikací\ESET
2011-02-27 14:09 . 2011-02-27 14:09 -------- d-----w- c:\documents and settings\Karel\Data aplikací\ESET
2011-02-27 14:09 . 2011-02-27 14:09 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Data aplikací\ESET
2011-02-27 13:54 . 2011-02-27 13:54 -------- d-----w- c:\program files\ESET
2011-02-27 13:54 . 2011-02-27 13:54 -------- d-----w- c:\documents and settings\All Users\Data aplikací\ESET
2011-02-15 17:11 . 2011-02-22 17:33 -------- d-----w- c:\documents and settings\Karel\Data aplikací\ntr
2011-02-13 15:08 . 2011-02-13 15:09 -------- d-----w- c:\program files\Screamer Radio
2011-02-13 14:41 . 2010-05-17 07:04 101904 ----a-w- c:\windows\system32\drivers\AtiHdmi.sys
2011-02-13 14:40 . 2010-06-22 21:58 446464 ----a-w- c:\windows\system32\ATIDEMGX.dll
2011-02-13 14:40 . 2010-06-22 22:02 311296 ----a-w- c:\windows\system32\atiiiexx.dll
2011-02-13 14:39 . 2011-02-13 14:39 -------- d-----w- c:\program files\ATI Technologies
2011-02-08 17:55 . 2011-02-08 17:55 -------- d-----w- C:\spoolerlogs
2011-02-08 17:51 . 2011-02-08 17:51 -------- d-----w- c:\windows\Sun
2011-02-05 16:41 . 2011-02-05 16:41 -------- d-----w- c:\documents and settings\All Users\Data aplikací\vsosdk
2011-02-05 14:31 . 2011-02-05 14:31 -------- d-----w- c:\documents and settings\All Users\Data aplikací\SUPERAntiSpyware.com
2011-02-05 14:08 . 2008-04-14 07:52 26624 ----a-w- c:\documents and settings\LocalService\Data aplikací\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
2011-02-05 14:07 . 2011-02-05 14:07 -------- d-----w- c:\program files\Windows Media Connect 2
2011-02-05 14:05 . 2011-02-05 14:06 -------- d-----w- c:\windows\system32\drivers\UMDF
2011-02-05 14:05 . 2011-02-05 14:05 -------- d-----w- c:\windows\system32\LogFiles
2011-01-31 08:22 . 2011-01-31 08:22 -------- d-----w- c:\program files\MSXML 4.0
2011-01-31 07:31 . 2008-04-14 07:52 221184 ----a-w- c:\windows\system32\wmpns.dll
2011-01-31 00:27 . 2011-01-31 00:27 -------- d-----w- c:\documents and settings\Karel\Data aplikací\CyberLink
2011-01-30 17:20 . 2011-01-30 17:20 -------- d-----w- c:\documents and settings\Karel\Local Settings\Data aplikací\Ahead
2011-01-30 14:13 . 2011-01-30 14:13 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Data aplikací\Google
2011-01-30 14:08 . 2011-01-30 14:08 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Data aplikací\Google
2011-01-30 14:03 . 2011-02-27 13:28 -------- d-----w- c:\program files\JDownloader
2011-01-30 14:01 . 2011-02-18 15:05 -------- d-----w- c:\documents and settings\Karel\Data aplikací\skypePM
2011-01-30 13:50 . 2011-01-30 13:50 -------- d-----w- c:\program files\Common Files\Skype
2011-01-30 13:50 . 2011-01-30 13:50 -------- d-----r- c:\program files\Skype
2011-01-30 13:50 . 2011-02-18 16:29 -------- d-----w- c:\documents and settings\Karel\Data aplikací\Skype
2011-01-30 13:50 . 2011-01-30 13:50 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Skype
2011-01-30 13:48 . 2011-02-18 13:57 -------- d-----w- c:\documents and settings\Karel\Local Settings\Data aplikací\Temp
2011-01-30 13:48 . 2011-01-30 13:48 -------- d-----w- c:\documents and settings\Karel\Local Settings\Data aplikací\Adobe
2011-01-30 13:47 . 2011-01-30 13:47 -------- d-----w- c:\program files\Common Files\Adobe
2011-01-30 13:44 . 2011-01-30 13:44 -------- d-----w- c:\documents and settings\Karel\Local Settings\Data aplikací\Mozilla
2011-01-30 13:41 . 2011-01-30 13:42 -------- d-----w- c:\program files\The KMPlayer
2011-01-30 13:38 . 2011-01-30 13:38 -------- d-----w- c:\documents and settings\All Users\Data aplikací\CyberLink
2011-01-30 13:38 . 2011-01-30 13:38 -------- d-----w- c:\program files\CyberLink
2011-01-30 13:31 . 2001-09-05 04:18 77824 ----a-w- c:\program files\Common Files\InstallShield\engine\6\Intel 32\ctor.dll
2011-01-30 13:31 . 2001-09-05 04:18 225280 ----a-w- c:\program files\Common Files\InstallShield\IScript\iscript.dll
2011-01-30 13:31 . 2001-09-05 04:14 176128 ----a-w- c:\program files\Common Files\InstallShield\engine\6\Intel 32\iuser.dll
2011-01-30 13:31 . 2001-09-05 04:13 32768 ----a-w- c:\program files\Common Files\InstallShield\engine\6\Intel 32\objectps.dll
2011-01-30 13:31 . 2006-06-07 15:27 212992 ----a-w- c:\program files\Common Files\InstallShield\engine\6\Intel 32\ILog.dll
2011-01-30 13:25 . 1998-06-24 10:06 297984 ----a-w- c:\windows\unin0405.exe
2011-01-30 13:25 . 2011-01-30 13:25 -------- d-----w- c:\documents and settings\Karel\WINDOWS
2011-01-30 13:21 . 2004-08-09 16:43 94208 ----a-w- c:\windows\amcap.exe
2011-01-30 13:19 . 2011-01-30 13:19 -------- d-----w- c:\documents and settings\All Users\Data aplikací\WEBREG
2011-01-30 13:16 . 2011-01-30 13:16 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Data aplikací\HP
2011-01-30 13:13 . 2007-03-08 04:20 21568 ----a-r- c:\windows\system32\drivers\HPZius12.sys
2011-01-30 13:13 . 2007-03-08 04:20 364544 ----a-r- c:\windows\system32\hppldcoi.dll
2011-01-30 13:13 . 2007-03-08 04:20 309760 ----a-r- c:\windows\system32\difxapi.dll
2011-01-30 13:08 . 2011-01-30 13:08 -------- d-----w- c:\documents and settings\All Users\Data aplikací\HP Product Assistant
2011-01-30 13:08 . 2011-01-30 13:08 -------- d-----w- c:\documents and settings\All Users\Data aplikací\HP
2011-01-30 13:04 . 2008-04-13 23:15 32128 -c--a-w- c:\windows\system32\dllcache\usbccgp.sys
2011-01-30 13:04 . 2008-04-13 23:15 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2011-01-30 13:04 . 2008-04-13 23:17 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys
2011-01-30 13:04 . 2008-04-13 23:17 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2011-01-30 12:48 . 2007-01-24 08:46 438272 ----a-r- c:\windows\system32\hpg400co.dll
2011-01-30 12:48 . 2008-04-13 23:15 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2011-01-30 12:48 . 2008-04-13 23:15 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2011-01-30 12:43 . 2011-01-30 12:49 -------- d-----w- c:\documents and settings\Karel\Data aplikací\HP
2011-01-30 12:42 . 2011-01-30 12:42 -------- d-----w- c:\documents and settings\Karel\Local Settings\Data aplikací\IsolatedStorage
2011-01-30 12:42 . 2011-01-30 12:42 -------- d-----w- c:\documents and settings\Karel\Local Settings\Data aplikací\HP
2011-01-30 12:42 . 2011-02-28 21:29 -------- d-----w- c:\documents and settings\Karel\Local Settings\Data aplikací\ApplicationHistory
2011-01-30 12:39 . 2011-01-30 12:39 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Sonic
2011-01-30 12:39 . 2011-01-30 12:39 -------- d-----w- c:\program files\Common Files\Sonic Shared
2011-01-30 12:38 . 2011-01-30 12:39 -------- d-----w- c:\program files\Common Files\HP
2011-01-30 12:37 . 2011-01-30 12:37 -------- d-----w- c:\windows\system32\URTTEMP
2011-01-30 12:35 . 2011-01-30 12:35 -------- d-----w- c:\program files\Common Files\Hewlett-Packard
2011-01-30 12:35 . 2011-01-30 13:11 -------- d-----w- c:\program files\Hewlett-Packard
2011-01-30 12:33 . 2011-01-30 13:11 -------- d-----w- c:\program files\HP
2011-01-30 12:29 . 2008-04-14 07:51 21504 -c--a-w- c:\windows\system32\dllcache\hidserv.dll
2011-01-30 12:29 . 2008-04-14 07:51 21504 ----a-w- c:\windows\system32\hidserv.dll
2011-01-30 12:29 . 2001-10-24 10:54 12160 -c--a-w- c:\windows\system32\dllcache\mouhid.sys
2011-01-30 12:29 . 2001-10-24 10:54 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2011-01-30 12:29 . 2008-04-13 23:15 10368 -c--a-w- c:\windows\system32\dllcache\hidusb.sys
2011-01-30 12:29 . 2008-04-13 23:15 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys
2011-01-30 11:09 . 2011-01-30 11:14 -------- d-----w- c:\documents and settings\Karel\Data aplikací\Zoner
2011-01-30 11:08 . 2011-01-30 11:08 -------- d-----w- c:\program files\Zoner
2011-01-30 11:04 . 2011-01-30 11:04 -------- d-----w- c:\program files\AVI MPEG RM WMV Joiner
2011-01-30 11:02 . 2011-01-30 11:02 -------- d-----w- c:\program files\Lavalys
2011-01-30 10:57 . 2011-01-30 11:02 -------- d-----w- c:\program files\CDex
2011-01-30 10:52 . 2011-01-30 10:52 -------- d-----w- c:\program files\Common Files\Nero
2011-01-30 10:50 . 2000-06-26 09:45 106496 ----a-w- c:\windows\system32\TwnLib20.dll
2011-01-30 10:50 . 2004-07-26 15:16 471040 ------w- c:\windows\system32\ImagXRA7.dll
2011-01-30 10:50 . 2004-07-26 15:16 476320 ------w- c:\windows\system32\ImagXpr7.dll
2011-01-30 10:50 . 2004-07-26 15:16 262144 ------w- c:\windows\system32\ImagXR7.dll
2011-01-30 10:50 . 2004-07-26 15:16 1568768 ------w- c:\windows\system32\ImagX7.dll
2011-01-30 10:50 . 2011-01-30 10:50 -------- d-----w- c:\program files\Common Files\Ahead
2011-01-30 10:50 . 2001-07-09 09:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe
2011-01-30 10:50 . 2011-01-30 10:50 -------- d-----w- c:\program files\Ahead
2011-01-30 10:43 . 2011-01-30 10:43 -------- d-----w- c:\program files\DVDFab 5
2011-01-30 10:41 . 2011-01-30 10:41 -------- d-----w- c:\program files\7-Zip
2011-01-30 10:23 . 2011-01-30 10:43 87608 ----a-w- c:\documents and settings\Karel\Data aplikací\inst.exe
2011-01-30 10:23 . 2011-01-30 10:43 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2011-01-30 10:23 . 2011-01-30 10:43 47360 ----a-w- c:\documents and settings\Karel\Data aplikací\pcouffin.sys
2011-01-30 10:18 . 2011-02-15 12:04 -------- d-----w- c:\documents and settings\Karel\Data aplikací\Vso
2011-01-30 10:18 . 2009-09-02 11:44 65602 ----a-w- c:\windows\system32\cook3260.dll
2011-01-30 10:18 . 2009-09-02 11:44 217127 ----a-w- c:\windows\system32\drv43260.dll
2011-01-30 10:18 . 2009-09-02 11:44 208935 ----a-w- c:\windows\system32\drv33260.dll
2011-01-30 10:18 . 2009-09-02 11:44 176165 ----a-w- c:\windows\system32\drv23260.dll
2011-01-30 10:18 . 2009-09-02 11:44 102439 ----a-w- c:\windows\system32\sipr3260.dll
2011-01-30 10:18 . 2009-09-02 11:44 626688 ----a-w- c:\windows\system32\vp7vfw.dll
2011-01-30 10:18 . 2011-01-30 10:18 -------- d-----w- c:\program files\VSO
2011-01-30 09:29 . 2011-02-27 13:50 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Alwil Software
2011-01-30 09:29 . 2011-01-30 09:29 -------- d-----w- c:\program files\Alwil Software
2011-01-30 09:21 . 2009-08-06 18:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2011-01-30 09:19 . 2011-01-30 09:19 -------- d-----w- c:\documents and settings\Karel\Data aplikací\VitySoft
2011-01-30 09:19 . 2011-01-30 09:19 -------- d-----w- c:\program files\Common Files\Java
2011-01-30 09:18 . 2011-01-30 09:18 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-01-30 09:18 . 2011-01-30 09:18 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-01-30 09:18 . 2011-01-30 09:18 -------- d-----w- c:\program files\Java
2011-01-30 09:16 . 2011-01-30 09:16 -------- d-----w- c:\program files\CCleaner
2011-01-30 08:45 . 2011-01-30 08:45 -------- d-----w- c:\documents and settings\Karel\Local Settings\Data aplikací\GHISLER
2011-01-30 08:29 . 2011-01-30 08:29 -------- d-----w- C:\totalcmd
2011-01-30 08:29 . 2011-01-30 08:29 -------- d-----w- c:\documents and settings\Karel\Data aplikací\GHISLER
2011-01-30 08:29 . 2010-12-17 06:56 545 ----a-w- c:\windows\UC.PIF
2011-01-30 08:29 . 2010-12-17 06:56 545 ----a-w- c:\windows\RAR.PIF
2011-01-30 08:29 . 2010-12-17 06:56 545 ----a-w- c:\windows\PKZIP.PIF
2011-01-30 08:29 . 2010-12-17 06:56 545 ----a-w- c:\windows\PKUNZIP.PIF
2011-01-30 08:29 . 2010-12-17 06:56 545 ----a-w- c:\windows\NOCLOSE.PIF
2011-01-30 08:29 . 2010-12-17 06:56 545 ----a-w- c:\windows\LHA.PIF

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-29 12:09 . 2004-08-13 09:56 5810 ----a-w- c:\windows\system32\drivers\ASACPI.sys
2011-01-29 11:57 . 2011-01-29 11:57 32768 ----a-w- c:\windows\inf\UpdateUSB.exe
2011-01-21 14:44 . 2006-03-02 12:00 440320 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-07 14:09 . 2006-03-02 12:00 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 14:04 . 2006-03-02 12:00 1854976 ----a-w- c:\windows\system32\win32k.sys
2010-12-22 12:34 . 2006-03-02 12:00 301568 ----a-w- c:\windows\system32\kerberos.dll
2010-12-21 14:04 . 2010-12-21 14:04 141264 ----a-w- c:\windows\system32\drivers\eamon.sys
2010-12-21 12:47 . 2010-12-21 12:47 33120 ----a-w- c:\windows\system32\drivers\epfwndis.sys
2010-12-21 12:47 . 2010-12-21 12:47 134000 ----a-w- c:\windows\system32\drivers\epfw.sys
2010-12-20 23:52 . 2006-03-02 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-12-20 23:52 . 2006-03-02 12:00 43520 ------w- c:\windows\system32\licmgr10.dll
2010-12-20 23:52 . 2006-03-02 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-12-20 17:25 . 2006-03-02 12:00 729088 ----a-w- c:\windows\system32\lsasrv.dll
2010-12-20 12:55 . 2006-03-02 12:00 385024 ------w- c:\windows\system32\html.iec
2010-12-09 15:15 . 2006-03-02 12:00 713216 ----a-w- c:\windows\system32\ntdll.dll
2010-12-09 15:14 . 2004-08-17 15:45 2029056 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-12-09 15:14 . 2006-03-02 12:00 2150912 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-12-09 14:30 . 2006-03-02 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2010-12-07 11:14 . 2010-12-07 11:14 51200 ----a-w- c:\windows\system32\OpenCL.dll
2010-12-02 03:35 . 2010-12-02 03:35 4280320 ----a-w- c:\windows\system32\GPhotos.scr
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\Karel\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" [2011-01-30 136176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2006-12-19 16062464]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]
"snp2std"="c:\windows\vsnp2std.exe" [2005-11-16 344064]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-15 932288]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2011-01-12 2219184]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]
Rychlě zaź tek s aplikacˇ HP Photosmart Premier.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2006-2-10 73728]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Java\\jre6\\launch4j-tmp\\frd.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:Remote Desktop
"65533:TCP"= 65533:TCP:Services
"52344:TCP"= 52344:TCP:Services
"2622:TCP"= 2622:TCP:Services
"3744:TCP"= 3744:TCP:Services
"4484:TCP"= 4484:TCP:Services
"7468:TCP"= 7468:TCP:Services
"7587:TCP"= 7587:TCP:Services
"9258:TCP"= 9258:TCP:Services
"4414:TCP"= 4414:TCP:Services
"2898:TCP"= 2898:TCP:Services
"7086:TCP"= 7086:TCP:Services
"3274:TCP"= 3274:TCP:Services
"9867:TCP"= 9867:TCP:Services
"2259:TCP"= 2259:TCP:Services
"8008:TCP"= 8008:TCP:Services
"2040:TCP"= 2040:TCP:Services
"4319:TCP"= 4319:TCP:Services
"9336:TCP"= 9336:TCP:Services
"2680:TCP"= 2680:TCP:Services
"4289:TCP"= 4289:TCP:Services
"6945:TCP"= 6945:TCP:Services
"9553:TCP"= 9553:TCP:Services
"8040:TCP"= 8040:TCP:Services
"6149:TCP"= 6149:TCP:Services
"4040:TCP"= 4040:TCP:Services
"1774:TCP"= 1774:TCP:Services
"9991:TCP"= 9991:TCP:Services
"3259:TCP"= 3259:TCP:Services
"2009:TCP"= 2009:TCP:Services
"3321:TCP"= 3321:TCP:Services
"1976:TCP"= 1976:TCP:Services
"3681:TCP"= 3681:TCP:Services
"8368:TCP"= 8368:TCP:Services
"9851:TCP"= 9851:TCP:Services
"2837:TCP"= 2837:TCP:Services
"7515:TCP"= 7515:TCP:Services
"1602:TCP"= 1602:TCP:Services
"4446:TCP"= 4446:TCP:Services
"3539:TCP"= 3539:TCP:Services
"4705:TCP"= 4705:TCP:Services
"5882:TCP"= 5882:TCP:Services
"3569:TCP"= 3569:TCP:Services
"1695:TCP"= 1695:TCP:Services
"4586:TCP"= 4586:TCP:Services
"8682:TCP"= 8682:TCP:Services
"3164:TCP"= 3164:TCP:Services
"4828:TCP"= 4828:TCP:Services

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [30.1.2011 15:08 136176]
S4 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys --> c:\windows\system32\drivers\AtihdXP3.sys [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Obsah adresáře 'Naplánované úlohy'

2011-02-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-30 14:08]

2011-02-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-30 14:08]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: {93B08541-9F6B-4697-9F9A-7058F1E33785} - hxxp://213.226.254.58/inquiero/mod/setup/ntractivex1182.cab
FF - ProfilePath - c:\documents and settings\Karel\Data aplikací\Mozilla\Firefox\Profiles\63gpcm26.default\
FF - prefs.js: browser.search.selectedEngine - SluneÄŤnice
FF - prefs.js: browser.startup.homepage - www.seznam.cz
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Skype extension: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-02-28 22:29
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(584)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll

- - - - - - - > 'explorer.exe'(156)
c:\windows\system32\webcheck.dll
c:\progra~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
c:\program files\Common Files\Microsoft Shared\Web Components\10\1029\OWCI10.DLL
c:\progra~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
c:\program files\Common Files\Microsoft Shared\Web Components\11\1029\OWCI11.DLL
c:\windows\system32\msls31.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\wscntfy.exe
c:\windows\RTHDCPL.EXE
c:\program files\HP\Digital Imaging\bin\hpqimzone.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
.
**************************************************************************
.
Celkový čas: 2011-02-28 22:34:27 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-02-28 21:34

Před spuštěním: Volných bajtů: 105 947 729 920
Po spuštění: Volných bajtů: 107 530 510 336

- - End Of File - - 88AAE5493F1F6250B7DEC8E9B140D63B

Tyhle porty mate otevrene ve firewallu umyslne

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:Remote Desktop
"65533:TCP"= 65533:TCP:Services
"52344:TCP"= 52344:TCP:Services
"2622:TCP"= 2622:TCP:Services
"3744:TCP"= 3744:TCP:Services
"4484:TCP"= 4484:TCP:Services
"7468:TCP"= 7468:TCP:Services
"7587:TCP"= 7587:TCP:Services
"9258:TCP"= 9258:TCP:Services
"4414:TCP"= 4414:TCP:Services
"2898:TCP"= 2898:TCP:Services
"7086:TCP"= 7086:TCP:Services
"3274:TCP"= 3274:TCP:Services
"9867:TCP"= 9867:TCP:Services
"2259:TCP"= 2259:TCP:Services
"8008:TCP"= 8008:TCP:Services
"2040:TCP"= 2040:TCP:Services
"4319:TCP"= 4319:TCP:Services
"9336:TCP"= 9336:TCP:Services
"2680:TCP"= 2680:TCP:Services
"4289:TCP"= 4289:TCP:Services
"6945:TCP"= 6945:TCP:Services
"9553:TCP"= 9553:TCP:Services
"8040:TCP"= 8040:TCP:Services
"6149:TCP"= 6149:TCP:Services
"4040:TCP"= 4040:TCP:Services
"1774:TCP"= 1774:TCP:Services
"9991:TCP"= 9991:TCP:Services
"3259:TCP"= 3259:TCP:Services
"2009:TCP"= 2009:TCP:Services
"3321:TCP"= 3321:TCP:Services
"1976:TCP"= 1976:TCP:Services
"3681:TCP"= 3681:TCP:Services
"8368:TCP"= 8368:TCP:Services
"9851:TCP"= 9851:TCP:Services
"2837:TCP"= 2837:TCP:Services
"7515:TCP"= 7515:TCP:Services
"1602:TCP"= 1602:TCP:Services
"4446:TCP"= 4446:TCP:Services
"3539:TCP"= 3539:TCP:Services
"4705:TCP"= 4705:TCP:Services
"5882:TCP"= 5882:TCP:Services
"3569:TCP"= 3569:TCP:Services
"1695:TCP"= 1695:TCP:Services
"4586:TCP"= 4586:TCP:Services
"8682:TCP"= 8682:TCP:Services
"3164:TCP"= 3164:TCP:Services
"4828:TCP"= 4828:TCP:Services

vyosek píše: Tyhle porty mate otevrene ve firewallu umyslne

Urcite ne. Jedine, ze by si je oteviral Rapid downloader, nebo jdownloader...

Stahnete si TDSSKiller http://support.kaspersky.com/downloads/ ... killer.exe

Utilitu spustte a prikazte ji, at skenuje - klik na Start Scan
Pokud utilita najde infikekci, bude ji chtit lecit (Cure), povolte leceni kliknutim na Continue
Pokud utilita najde podezrely soubor (suspicious), bude jej chtit preskocit (Skip), povolte preskoceni kliknutim na Continue
Po dokonceni skenu bude mozna nutny restart PC, povolte jej kliknutim na Reboot now
Po restartu na Vas vyskoci log, pokud se tak nestane, najdete jej primo na disku, kde mate Windows (obvykle c:\) ve tvaru TDSSKiller.nejaka cisilka _log.txt - jeho obsah sem vlozte
Pokud restart nebude vyzadovan, kliknete na Close a nasledne na Report - vytvori se log - jeho obsah sem vlozte

2011/03/11 14:23:01.0296 0220 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
2011/03/11 14:23:01.0593 0220 ================================================================================
2011/03/11 14:23:01.0593 0220 SystemInfo:
2011/03/11 14:23:01.0593 0220
2011/03/11 14:23:01.0593 0220 OS Version: 5.1.2600 ServicePack: 3.0
2011/03/11 14:23:01.0593 0220 Product type: Workstation
2011/03/11 14:23:01.0593 0220 ComputerName: STASTNIK
2011/03/11 14:23:01.0593 0220 UserName: Karel
2011/03/11 14:23:01.0593 0220 Windows directory: C:\WINDOWS
2011/03/11 14:23:01.0593 0220 System windows directory: C:\WINDOWS
2011/03/11 14:23:01.0593 0220 Processor architecture: Intel x86
2011/03/11 14:23:01.0593 0220 Number of processors: 2
2011/03/11 14:23:01.0593 0220 Page size: 0x1000
2011/03/11 14:23:01.0593 0220 Boot type: Normal boot
2011/03/11 14:23:01.0593 0220 ================================================================================
2011/03/11 14:23:01.0843 0220 Initialize success
2011/03/11 14:23:04.0984 0592 ================================================================================
2011/03/11 14:23:04.0984 0592 Scan started
2011/03/11 14:23:04.0984 0592 Mode: Manual;
2011/03/11 14:23:04.0984 0592 ================================================================================
2011/03/11 14:23:05.0296 0592 ACPI (4fe34f1f3126b61fcc6b2043aa8112c9) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/03/11 14:23:05.0343 0592 ACPIEC (afdff022a01f0b11c776f0860c3b282f) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/03/11 14:23:05.0406 0592 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/03/11 14:23:05.0468 0592 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2011/03/11 14:23:05.0562 0592 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/03/11 14:23:05.0656 0592 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/03/11 14:23:05.0687 0592 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/03/11 14:23:05.0906 0592 ati2mtag (e53b55aff4845751f2c612d2640cdc23) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
2011/03/11 14:23:05.0984 0592 AtiHdmiService (7e13f3f0f4c4c337a6949a18d1d23089) C:\WINDOWS\system32\drivers\AtiHdmi.sys
2011/03/11 14:23:06.0031 0592 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/03/11 14:23:06.0078 0592 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/03/11 14:23:06.0140 0592 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/03/11 14:23:06.0203 0592 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/03/11 14:23:06.0265 0592 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/03/11 14:23:06.0312 0592 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/03/11 14:23:06.0343 0592 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/03/11 14:23:06.0390 0592 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/03/11 14:23:06.0890 0592 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/03/11 14:23:07.0140 0592 dmboot (db5fd2bf5b07dc54bfcb3664ff05bd7c) C:\WINDOWS\system32\drivers\dmboot.sys
2011/03/11 14:23:07.0281 0592 dmio (fff1720af51171f32f1ead5cf71f2810) C:\WINDOWS\system32\drivers\dmio.sys
2011/03/11 14:23:07.0421 0592 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/03/11 14:23:07.0609 0592 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/03/11 14:23:08.0000 0592 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/03/11 14:23:08.0187 0592 eamon (d42dd9021acd47683b33adf21bca49aa) C:\WINDOWS\system32\DRIVERS\eamon.sys
2011/03/11 14:23:08.0250 0592 ehdrv (fe7824239d132ad9ebd8645fe1199b30) C:\WINDOWS\system32\DRIVERS\ehdrv.sys
2011/03/11 14:23:08.0296 0592 epfw (73411c14a8c6062bb6a510772cf2f38c) C:\WINDOWS\system32\DRIVERS\epfw.sys
2011/03/11 14:23:08.0343 0592 Epfwndis (490329bf80f333e788df9596a752a915) C:\WINDOWS\system32\DRIVERS\Epfwndis.sys
2011/03/11 14:23:08.0375 0592 epfwtdi (bdde7dd8fcdb1de7e879bb320b0605c0) C:\WINDOWS\system32\DRIVERS\epfwtdi.sys
2011/03/11 14:23:08.0437 0592 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/03/11 14:23:08.0484 0592 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/03/11 14:23:08.0500 0592 Fips (ac366695a0796560aa37215ad5762aaf) C:\WINDOWS\system32\drivers\Fips.sys
2011/03/11 14:23:08.0531 0592 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/03/11 14:23:08.0593 0592 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/03/11 14:23:08.0625 0592 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/03/11 14:23:08.0640 0592 Ftdisk (4e664d8541db4a66b73a24257e322e1f) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/03/11 14:23:08.0687 0592 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/03/11 14:23:08.0765 0592 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/03/11 14:23:08.0828 0592 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/03/11 14:23:08.0906 0592 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
2011/03/11 14:23:08.0937 0592 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
2011/03/11 14:23:08.0984 0592 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
2011/03/11 14:23:09.0046 0592 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/03/11 14:23:09.0093 0592 i8042prt (c528e27945367191e7bae364930b6932) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/03/11 14:23:09.0140 0592 iaStor (79ae2a97c120f282845d854d0f070ea9) C:\WINDOWS\system32\drivers\iaStor.sys
2011/03/11 14:23:09.0218 0592 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/03/11 14:23:09.0406 0592 IntcAzAudAddService (001aaca6ed0e6b00fc5b8faf74977e81) C:\WINDOWS\system32\drivers\RtkHDAud.sys
2011/03/11 14:23:09.0484 0592 intelppm (27b290d632af2cf3cf40bfddb7370985) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/03/11 14:23:09.0515 0592 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/03/11 14:23:09.0546 0592 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/03/11 14:23:09.0562 0592 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/03/11 14:23:09.0578 0592 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/03/11 14:23:09.0609 0592 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/03/11 14:23:09.0625 0592 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/03/11 14:23:09.0656 0592 isapnp (cc9f8a2d60aed1a51a3ac34c59b987ae) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/03/11 14:23:09.0687 0592 Kbdclass (1b6162fe7f66b1a71a4b70f941c4aa9b) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/03/11 14:23:09.0734 0592 kbdhid (86c8f23616c6c6e5b2776901c17b945b) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/03/11 14:23:09.0781 0592 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/03/11 14:23:09.0812 0592 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/03/11 14:23:09.0906 0592 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/03/11 14:23:09.0937 0592 Modem (44032b0c6d9954d3fd26438330b99ee7) C:\WINDOWS\system32\drivers\Modem.sys
2011/03/11 14:23:09.0953 0592 Mouclass (4cb582831dbde63ce43b45d771218374) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/03/11 14:23:09.0968 0592 mouhid (bb269eba740737ab749b214d568b6812) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/03/11 14:23:09.0984 0592 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/03/11 14:23:10.0031 0592 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/03/11 14:23:10.0093 0592 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/03/11 14:23:10.0125 0592 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/03/11 14:23:10.0171 0592 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/03/11 14:23:10.0187 0592 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/03/11 14:23:10.0203 0592 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/03/11 14:23:10.0234 0592 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/03/11 14:23:10.0281 0592 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/03/11 14:23:10.0328 0592 MTsensor (d48659bb24c48345d926ecb45c1ebdf5) C:\WINDOWS\system32\DRIVERS\ASACPI.sys
2011/03/11 14:23:10.0343 0592 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/03/11 14:23:10.0390 0592 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/03/11 14:23:10.0453 0592 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/03/11 14:23:10.0468 0592 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/03/11 14:23:10.0500 0592 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/03/11 14:23:10.0515 0592 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/03/11 14:23:10.0531 0592 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/03/11 14:23:10.0562 0592 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/03/11 14:23:10.0593 0592 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/03/11 14:23:10.0625 0592 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/03/11 14:23:10.0671 0592 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/03/11 14:23:10.0687 0592 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/03/11 14:23:10.0734 0592 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/03/11 14:23:10.0796 0592 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/03/11 14:23:10.0828 0592 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/03/11 14:23:10.0843 0592 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/03/11 14:23:10.0875 0592 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/03/11 14:23:10.0906 0592 Parport (46f8db73b4a53e543f8e371dc7c75bae) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/03/11 14:23:10.0921 0592 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/03/11 14:23:10.0953 0592 ParVdm (1fae19d0457176318bba4a8795656ebc) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/03/11 14:23:10.0984 0592 PCI (6ce351d149cb4befc702951e471e1730) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/03/11 14:23:11.0031 0592 PCIIde (2da4ec85e0ea7a45c6b2a05820492d5a) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/03/11 14:23:11.0062 0592 Pcmcia (4fc31e6c19a5ce5198b1abff94cae758) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/03/11 14:23:11.0109 0592 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\WINDOWS\system32\Drivers\pcouffin.sys
2011/03/11 14:23:11.0250 0592 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/03/11 14:23:11.0281 0592 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/03/11 14:23:11.0312 0592 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/03/11 14:23:11.0328 0592 PxHelp20 (0457e25bb122b854e267cf552dcdc370) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/03/11 14:23:11.0421 0592 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/03/11 14:23:11.0453 0592 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/03/11 14:23:11.0468 0592 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/03/11 14:23:11.0484 0592 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/03/11 14:23:11.0515 0592 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/03/11 14:23:11.0531 0592 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/03/11 14:23:11.0546 0592 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/03/11 14:23:11.0593 0592 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/03/11 14:23:11.0625 0592 redbook (611bfd220305be3a85ae876ea47d4aa5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/03/11 14:23:11.0687 0592 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/03/11 14:23:11.0734 0592 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/03/11 14:23:11.0765 0592 Serial (b842729337c9b921615c40d3c1a1af96) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/03/11 14:23:11.0796 0592 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/03/11 14:23:11.0859 0592 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/03/11 14:23:12.0218 0592 SNP2STD (e7e68ecb968c9812d9faf68517426673) C:\WINDOWS\system32\DRIVERS\snp2sxp.sys
2011/03/11 14:23:12.0531 0592 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/03/11 14:23:12.0562 0592 sr (94610c8653635e4459316a0050d55ce7) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/03/11 14:23:12.0609 0592 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/03/11 14:23:12.0656 0592 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/03/11 14:23:12.0671 0592 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/03/11 14:23:12.0750 0592 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/03/11 14:23:12.0859 0592 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/03/11 14:23:12.0921 0592 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/03/11 14:23:12.0968 0592 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/03/11 14:23:12.0984 0592 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/03/11 14:23:13.0000 0592 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/03/11 14:23:13.0046 0592 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/03/11 14:23:13.0109 0592 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/03/11 14:23:13.0171 0592 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/03/11 14:23:13.0234 0592 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/03/11 14:23:13.0265 0592 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/03/11 14:23:13.0312 0592 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/03/11 14:23:13.0343 0592 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/03/11 14:23:13.0359 0592 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/03/11 14:23:13.0406 0592 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/03/11 14:23:13.0421 0592 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/03/11 14:23:13.0453 0592 VolSnap (28a4b296b47782173c346e376cb374d1) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/03/11 14:23:13.0484 0592 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/03/11 14:23:13.0531 0592 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/03/11 14:23:13.0671 0592 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/03/11 14:23:13.0718 0592 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/03/11 14:23:13.0734 0592 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/03/11 14:23:13.0812 0592 yukonwxp (deb4c7d9f61a75c360b925bf0592275d) C:\WINDOWS\system32\DRIVERS\yk51x86.sys
2011/03/11 14:23:13.0843 0592 \HardDisk0 - detected Backdoor.Win32.Sinowal.knf (0)
2011/03/11 14:23:13.0843 0592 ================================================================================
2011/03/11 14:23:13.0843 0592 Scan finished
2011/03/11 14:23:13.0843 0592 ================================================================================
2011/03/11 14:23:13.0859 3848 Detected object count: 1
2011/03/11 14:23:33.0375 3848 \HardDisk0 (Backdoor.Win32.Sinowal.knf) - will be cured after reboot
2011/03/11 14:23:33.0375 3848 \HardDisk0 - ok
2011/03/11 14:23:33.0375 3848 Backdoor.Win32.Sinowal.knf(\HardDisk0) - User select action: Cure
2011/03/11 14:23:38.0703 0776 Deinitialize success

Parada TDSKiller udelal co mel, ted jeste docistime

Pokud nemate, tak presunte Combofix na plochu

Spustte poznamkovy blok (Start-spustit-notepad)
Zkopirujte skript nize

Kód: Vybrat vše

KillAll::

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"=-
"NeroFilterCheck"=-
"HP Software Update"=-
"RemoteControl"=-
"Adobe ARM"=-
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"=-
"65533:TCP"=-
"52344:TCP"=-
"2622:TCP"=-
"3744:TCP"=-
"4484:TCP"=-
"7468:TCP"=-
"7587:TCP"=-
"9258:TCP"=-
"4414:TCP"=-
"2898:TCP"=-
"7086:TCP"=-
"3274:TCP"=-
"9867:TCP"=-
"2259:TCP"=-
"8008:TCP"=-
"2040:TCP"=-
"4319:TCP"=-
"9336:TCP"=-
"2680:TCP"=-
"4289:TCP"=-
"6945:TCP"=-
"9553:TCP"=-
"8040:TCP"=-
"6149:TCP"=-
"4040:TCP"=-
"1774:TCP"=-
"9991:TCP"=-
"3259:TCP"=-
"2009:TCP"=-
"3321:TCP"=-
"1976:TCP"=-
"3681:TCP"=-
"8368:TCP"=-
"9851:TCP"=-
"2837:TCP"=-
"7515:TCP"=-
"1602:TCP"=-
"4446:TCP"=-
"3539:TCP"=-
"4705:TCP"=-
"5882:TCP"=-
"3569:TCP"=-
"1695:TCP"=-
"4586:TCP"=-
"8682:TCP"=-
"3164:TCP"=-
"4828:TCP"=-

File::
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

Driver::
gupdate

RegLock::
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

Reboot::

Ulozte vytvoreny TXT jako CFScript.txt
Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte

Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci

Log Combofix:

ComboFix 11-03-10.03 - Karel 11.03.2011 14:58:52.2.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1023.664 [GMT 1:00]
Spuštěný z: c:\documents and settings\Karel\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Karel\Plocha\CFScript.txt.txt
AV: ESET Smart Security 4.2 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET personal firewall *Disabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
* Rezidentní štít AV je zapnutý
.
.
FILE ::
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_GUPDATE
-------\Service_gupdate
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-02-11 do 2011-03-11 )))))))))))))))))))))))))))))))
.
.
2011-03-11 10:38 . 2011-03-11 10:38 -------- d-----w- c:\program files\trend micro
2011-03-11 10:38 . 2011-03-11 10:38 -------- d-----w- C:\rsit
2011-03-03 20:19 . 2011-03-03 20:19 -------- d-----w- c:\documents and settings\Karel\DoctorWeb
2011-02-28 19:56 . 2008-04-14 06:59 14592 -c--a-w- c:\windows\system32\dllcache\kbdhid.sys
2011-02-28 19:56 . 2008-04-14 06:59 14592 ----a-w- c:\windows\system32\drivers\kbdhid.sys
2011-02-27 14:09 . 2011-02-27 14:09 -------- d-----w- c:\documents and settings\Karel\Local Settings\Data aplikací\ESET
2011-02-27 14:09 . 2011-02-27 14:09 -------- d-----w- c:\documents and settings\Karel\Data aplikací\ESET
2011-02-27 14:09 . 2011-02-27 14:09 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Data aplikací\ESET
2011-02-27 13:54 . 2011-02-27 13:54 -------- d-----w- c:\program files\ESET
2011-02-27 13:54 . 2011-02-27 13:54 -------- d-----w- c:\documents and settings\All Users\Data aplikací\ESET
2011-02-15 17:11 . 2011-02-22 17:33 -------- d-----w- c:\documents and settings\Karel\Data aplikací\ntr
2011-02-13 15:08 . 2011-02-13 15:09 -------- d-----w- c:\program files\Screamer Radio
2011-02-13 14:41 . 2010-05-17 07:04 101904 ----a-w- c:\windows\system32\drivers\AtiHdmi.sys
2011-02-13 14:40 . 2010-06-22 21:58 446464 ----a-w- c:\windows\system32\ATIDEMGX.dll
2011-02-13 14:40 . 2010-06-22 22:02 311296 ----a-w- c:\windows\system32\atiiiexx.dll
2011-02-13 14:39 . 2011-02-13 14:39 -------- d-----w- c:\program files\ATI Technologies
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-09 13:53 . 2006-03-02 12:00 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53 . 2006-03-02 12:00 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-02 07:58 . 2011-01-29 11:14 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-01-30 10:43 . 2011-01-30 10:23 87608 ----a-w- c:\documents and settings\Karel\Data aplikací\inst.exe
2011-01-30 10:43 . 2011-01-30 10:23 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2011-01-30 10:43 . 2011-01-30 10:23 47360 ----a-w- c:\documents and settings\Karel\Data aplikací\pcouffin.sys
2011-01-30 09:18 . 2011-01-30 09:18 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-01-30 09:18 . 2011-01-30 09:18 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-01-29 12:09 . 2004-08-13 09:56 5810 ----a-w- c:\windows\system32\drivers\ASACPI.sys
2011-01-29 11:57 . 2011-01-29 11:57 32768 ----a-w- c:\windows\inf\UpdateUSB.exe
2011-01-27 11:57 . 2011-01-29 11:14 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-01-21 14:44 . 2006-03-02 12:00 440320 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-07 14:09 . 2006-03-02 12:00 290048 ----a-w- c:\windows\system32\atmfd.dll
2011-01-05 02:46 . 2011-02-05 13:51 1112576 ----a-w- c:\windows\system32\ativvamv.dll
2010-12-31 14:04 . 2006-03-02 12:00 1854976 ----a-w- c:\windows\system32\win32k.sys
2010-12-22 12:34 . 2006-03-02 12:00 301568 ----a-w- c:\windows\system32\kerberos.dll
2010-12-21 14:04 . 2010-12-21 14:04 141264 ----a-w- c:\windows\system32\drivers\eamon.sys
2010-12-21 14:04 . 2010-12-21 14:04 115008 ----a-w- c:\windows\system32\drivers\ehdrv.sys
2010-12-21 12:47 . 2010-12-21 12:47 33120 ----a-w- c:\windows\system32\drivers\epfwndis.sys
2010-12-21 12:47 . 2010-12-21 12:47 134000 ----a-w- c:\windows\system32\drivers\epfw.sys
2010-12-20 23:52 . 2006-03-02 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-12-20 23:52 . 2006-03-02 12:00 43520 ------w- c:\windows\system32\licmgr10.dll
2010-12-20 23:52 . 2006-03-02 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-12-20 17:25 . 2006-03-02 12:00 729088 ----a-w- c:\windows\system32\lsasrv.dll
2010-12-20 12:55 . 2006-03-02 12:00 385024 ------w- c:\windows\system32\html.iec
2010-12-17 06:56 . 2011-01-30 08:29 545 ----a-w- c:\windows\UC.PIF
2010-12-17 06:56 . 2011-01-30 08:29 545 ----a-w- c:\windows\RAR.PIF
2010-12-17 06:56 . 2011-01-30 08:29 545 ----a-w- c:\windows\PKZIP.PIF
2010-12-17 06:56 . 2011-01-30 08:29 545 ----a-w- c:\windows\PKUNZIP.PIF
2010-12-17 06:56 . 2011-01-30 08:29 545 ----a-w- c:\windows\NOCLOSE.PIF
2010-12-17 06:56 . 2011-01-30 08:29 545 ----a-w- c:\windows\LHA.PIF
2010-12-17 06:56 . 2011-01-30 08:29 545 ----a-w- c:\windows\ARJ.PIF
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2006-12-19 16062464]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"snp2std"="c:\windows\vsnp2std.exe" [2005-11-16 344064]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2011-01-12 2219184]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]
Rychlě zaź tek s aplikacˇ HP Photosmart Premier.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2006-2-10 73728]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Java\\jre6\\launch4j-tmp\\frd.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9117:TCP"= 9117:TCP:Services
"9116:TCP"= 9116:TCP:Services
"4694:TCP"= 4694:TCP:Services
"9882:TCP"= 9882:TCP:Services
"9148:TCP"= 9148:TCP:Services
"2445:TCP"= 2445:TCP:Services
"3390:TCP"= 3390:TCP:Services
.
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [21.12.2010 15:04 115008]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [12.1.2011 16:41 810144]
S4 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys --> c:\windows\system32\drivers\AtihdXP3.sys [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: {93B08541-9F6B-4697-9F9A-7058F1E33785} - hxxp://213.226.254.58/inquiero/mod/setup/ntractivex1182.cab
FF - ProfilePath - c:\documents and settings\Karel\Data aplikací\Mozilla\Firefox\Profiles\63gpcm26.default\
FF - prefs.js: browser.search.selectedEngine - SluneÄŤnice
FF - prefs.js: browser.startup.homepage - www.seznam.cz
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Skype extension: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-11 15:07
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(1020)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
.
- - - - - - - > 'explorer.exe'(372)
c:\windows\system32\webcheck.dll
c:\progra~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
c:\program files\Common Files\Microsoft Shared\Web Components\10\1029\OWCI10.DLL
c:\progra~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
c:\program files\Common Files\Microsoft Shared\Web Components\11\1029\OWCI11.DLL
c:\windows\system32\msls31.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\RTHDCPL.EXE
c:\program files\HP\Digital Imaging\bin\hpqimzone.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Celkový čas: 2011-03-11 15:12:25 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-03-11 14:12
ComboFix2.txt 2011-02-28 21:34
.
Před spuštěním: Volných bajtů: 107 009 724 416
Po spuštění: Volných bajtů: 106 936 864 768
.
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - A36F33E9FFB61F262D8D8A7ED6A9591D

Otevrete si poznamkovy blok

Start->spustit->notepad
Vlozte text nize

Kód: Vybrat vše

Windows Registry Editor Version 5.00

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9117:TCP"=-
"9116:TCP"=-
"4694:TCP"=-
"9882:TCP"=-
"9148:TCP"=-
"2445:TCP"=-
"3390:TCP"=-

Soubor ulozte jako oprava.reg
Pri ukladani dejte ulozit jako typ Vsechny soubory (nastevni je uvedeno na obrazku nize)
Zavrit notepad a spustit dvojklikem oprava.reg
Pripadny dotaz na zmenu registru potvrdte
Okno jen problikne a opravi regsitry - soubor muzete smazat

Jak se chova PC

Zda se ze je to OK. NOD uz v pameti nic nehlasi. Pri kontrole nasel jeden napadeny soubor (Kryptik.KPL) v jednom z bodu obnoveni. Ten vylecil.
PC mel jeste problemy pri stahovani vetsich souboru, treba filmu z ulozto. Vyzkousim a kdyby byl problem, ozval bych se.

Diky za pomoc!

Havet se usadila v bodech obnoveni - smazte je dle navodu kolegy riffa http://www.viry.cz/forum/viewtopic.php?f=11&t=47040

Kdyby neco, tak napiste. Jinak nemate zac, rad jsem pomohl

VIRY.CZ

Mebroot v operační paměti.

Mebroot v operační paměti.

Re: Mebroot v operační paměti.

Re: Mebroot v operační paměti.

Re: Mebroot v operační paměti.

Re: Mebroot v operační paměti.

Re: Mebroot v operační paměti.

Re: Mebroot v operační paměti.

Re: Mebroot v operační paměti.

Re: Mebroot v operační paměti.

Re: Mebroot v operační paměti.

Re: Mebroot v operační paměti.

Re: Mebroot v operační paměti.