VIRY.CZ

Logfile of random's system information tool 1.09 (written by random/random)
Run by chorche at 2011-08-16 13:09:27
Microsoft Windows 7 Home Premium
System drive C: has 8 GB (13%) free of 61 GB
Total RAM: 3071 MB (61% free)

======Scheduled tasks folder======

C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-2641354541-1172337044-3281749162-1000Core.job
C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-2641354541-1172337044-3281749162-1000UA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0FB6A909-6086-458F-BD92-1F8EE10042A0}]
AC-Pro - C:\Program Files\AutocompletePro\AutocompletePro.dll [2010-07-14 97760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-06-19 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
Conduit Engine - C:\Program Files\ConduitEngine\ConduitEngine.dll [2010-09-12 3863136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
Symantec NCO BHO - C:\Program Files\Norton Internet Security\Engine\16.8.0.41\coIEPlg.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6B5863A0-C43F-4C0A-982B-CC0E9125783F}]
QipLI Class - C:\Users\chorche\AppData\Roaming\Microsoft\Internet Explorer\qstatsrv.dll [2010-04-12 45568]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
Symantec Intrusion Prevention - C:\Program Files\Norton Internet Security\Engine\16.8.0.41\IPSBHO.DLL []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office12\GR469A~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}]
QIPBHO Class - C:\Users\chorche\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll [2010-04-12 149968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype add-on for Internet Explorer - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-02-08 804136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-08-20 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{dfabc5b5-039b-4865-979a-de31cdf3e351}]
Media Star Toolbar - C:\Program Files\Media_Star\tbMedi.dll [2010-09-12 3863136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Norton Toolbar - C:\Program Files\Norton Internet Security\Engine\16.8.0.41\coIEPlg.dll []
{dfabc5b5-039b-4865-979a-de31cdf3e351} - Media Star Toolbar - C:\Program Files\Media_Star\tbMedi.dll [2010-09-12 3863136]
{30F9B915-B755-4826-820B-08FBA6BD249D} - Conduit Engine - C:\Program Files\ConduitEngine\ConduitEngine.dll [2010-09-12 3863136]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\windows\system32\NvCpl.dll [2009-07-23 13797920]
"ITSecMng"=C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe [2009-07-22 83336]
"MGSysCtrl"=C:\Program Files\System Control Manager\MGSysCtrl.exe [2009-07-24 2068480]
"ArcSoft Connection Service"=C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [2010-10-27 207424]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [2009-07-20 7625248]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2009-07-10 98304]
"Adobe Reader Speed Launcher"=D:\Programy\Acrobat Reader\Reader\Reader_sl.exe [2010-06-20 35760]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-09-21 932288]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-05-14 248552]
"USBToolTip"=C:\PROGRA~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe [2007-02-20 199752]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2006-10-27 31016]
"LogMeIn Hamachi Ui"=C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe [2010-03-30 1820040]
"wxpdrv"= []
"tray_ico"= []
"tray_ico0"=C:\windows\update.tray-10-0\svchost.exe [2011-07-21 1180672]
"tray_ico1"= []
"tray_ico2"= []
"tray_ico3"= []
"tray_ico4"= []
"Malwarebytes' Anti-Malware"=D:\Programy\Malwarebytes' Anti-Malware\mbamgui.exe [2011-07-06 449584]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Google Update"=C:\Users\chorche\AppData\Local\Google\Update\GoogleUpdate.exe [2010-06-23 136176]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\DTLite.exe [2010-04-01 357696]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-07-14 1173504]
"EA Core"=C:\Program Files\Electronic Arts\EADM\Core.exe [2009-03-28 3325952]
"Steam"=C:\Program Files\Steam\Steam.exe [2011-08-15 1242448]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe

C:\Users\chorche\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office12\GR469A~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wxpdrivers]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Hamachi2Svc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SymEFA.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\wxpdrivers]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableSecureUIAPaths"=0
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll
"VIDC.CFHD"=cfhd.dll
"vidc.VP60"=C:\windows\system32\vp6vfw.dll
"vidc.VP61"=C:\windows\system32\vp6vfw.dll
"vidc.mjpg"=pvmjpg30.dll

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2011-08-16 13:09:27 ----D---- C:\rsit
2011-08-16 13:09:27 ----D---- C:\Program Files\trend micro
2011-08-15 12:36:47 ----D---- C:\ATI
2011-08-15 12:26:30 ----D---- C:\Program Files\CCleaner
2011-08-15 12:24:52 ----A---- C:\TDSSKiller.2.5.11.0_15.08.2011_12.24.52_log.txt
2011-07-27 15:11:52 ----D---- C:\windows\ufa
2011-07-27 15:11:52 ----D---- C:\windows\rpcminer
2011-07-27 15:11:52 ----D---- C:\windows\phoenix
2011-07-27 15:11:32 ----A---- C:\windows\btc_client_iplist.txt
2011-07-22 12:33:41 ----D---- C:\Users\chorche\AppData\Roaming\Malwarebytes
2011-07-22 12:32:13 ----D---- C:\ProgramData\Malwarebytes
2011-07-22 12:32:13 ----A---- C:\windows\system32\drivers\mbamswissarmy.sys
2011-07-22 12:32:10 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2011-07-22 12:32:10 ----A---- C:\windows\system32\drivers\mbam.sys
2011-07-21 21:18:14 ----A---- C:\windows\ddh_iplist.txt
2011-07-21 21:17:36 ----A---- C:\windows\l1rezerv.exe
2011-07-21 21:17:30 ----A---- C:\windows\systemup.exe
2011-07-21 21:17:22 ----A---- C:\windows\iecheck_iplist.txt
2011-07-21 21:17:01 ----HD---- C:\windows\update.2
2011-07-21 21:16:54 ----A---- C:\windows\unrar.exe
2011-07-21 21:16:33 ----HD---- C:\windows\update.5.0
2011-07-21 21:16:19 ----A---- C:\windows\sysdriver32_.exe
2011-07-21 21:16:14 ----A---- C:\windows\iplist.txt
2011-07-21 21:16:05 ----A---- C:\windows\sysdriver32.exe
2011-07-21 21:15:38 ----A---- C:\windows\front_ip_list.txt
2011-07-21 21:15:33 ----D---- C:\windows\av_ico
2011-07-21 21:15:14 ----ASH---- C:\pagefile.sys
2011-07-21 21:14:08 ----HD---- C:\windows\update.1
2011-07-21 21:13:57 ----HD---- C:\windows\update.tray-10-0-lnk
2011-07-21 21:13:57 ----HD---- C:\windows\update.tray-10-0
2011-07-21 21:02:02 ----A---- C:\windows\winlog-ids.txt
2011-07-21 21:02:02 ----A---- C:\windows\winlog-dirs.txt
2011-07-21 21:01:58 ----A---- C:\windows\services32.exe

======List of files/folders modified in the last 1 month======

2011-08-16 13:09:32 ----D---- C:\windows\Temp
2011-08-16 13:09:27 ----RD---- C:\Program Files
2011-08-16 13:06:32 ----D---- C:\Program Files\Steam
2011-08-16 13:06:07 ----D---- C:\windows\system32\config
2011-08-16 13:05:36 ----D---- C:\windows\system32\drivers
2011-08-16 13:02:05 ----D---- C:\windows\system32\drivers\etc
2011-08-16 13:02:01 ----SHD---- C:\System Volume Information
2011-08-16 12:49:06 ----D---- C:\windows\Prefetch
2011-08-16 12:01:34 ----D---- C:\Program Files\Common Files\Steam
2011-08-15 12:31:53 ----D---- C:\Windows
2011-08-15 12:28:01 ----D---- C:\Users\chorche\AppData\Roaming\DAEMON Tools Lite
2011-08-15 12:27:44 ----D---- C:\windows\Logs
2011-08-15 12:27:44 ----D---- C:\windows\debug
2011-07-22 12:32:13 ----HD---- C:\ProgramData
2011-07-22 10:31:34 ----D---- C:\windows\System32
2011-07-21 18:34:36 ----D---- C:\windows\inf
2011-07-21 18:34:36 ----A---- C:\windows\system32\PerfStringBackup.INI
2011-07-20 10:43:17 ----D---- C:\windows\system32\NDF

Zdravim a pekne odpoledne preji

Poprosim o tento log C:\TDSSKiller.2.5.11.0_15.08.2011_12.24.52_log.txt

vidim nainstalovany MBAM - delal jste jim jiz sken

Dobré odpoledne i Vám

)

Tady je log jak jste chtěl:

2011/08/15 12:24:52.0831 1448 TDSS rootkit removing tool 2.5.11.0 Jul 11 2011 16:56:56
2011/08/15 12:24:52.0940 1448 ================================================================================
2011/08/15 12:24:52.0940 1448 SystemInfo:
2011/08/15 12:24:52.0940 1448
2011/08/15 12:24:52.0940 1448 OS Version: 6.1.7600 ServicePack: 0.0
2011/08/15 12:24:52.0940 1448 Product type: Workstation
2011/08/15 12:24:52.0940 1448 ComputerName: CHORCHE-MSI
2011/08/15 12:24:52.0940 1448 UserName: chorche
2011/08/15 12:24:52.0940 1448 Windows directory: C:\windows
2011/08/15 12:24:52.0940 1448 System windows directory: C:\windows
2011/08/15 12:24:52.0940 1448 Processor architecture: Intel x86
2011/08/15 12:24:52.0940 1448 Number of processors: 2
2011/08/15 12:24:52.0940 1448 Page size: 0x1000
2011/08/15 12:24:52.0940 1448 Boot type: Normal boot
2011/08/15 12:24:52.0940 1448 ================================================================================
2011/08/15 12:24:55.0046 1448 Initialize success
2011/08/15 12:24:59.0290 6828 ================================================================================
2011/08/15 12:24:59.0290 6828 Scan started
2011/08/15 12:24:59.0290 6828 Mode: Manual;
2011/08/15 12:24:59.0290 6828 ================================================================================
2011/08/15 12:25:01.0052 6828 1394ohci (2cc2633557be62ffadc32705b4d888f7) C:\windows\system32\DRIVERS\1394ohci.sys
2011/08/15 12:25:01.0068 6828 1394ohci - detected Rootkit.Win32.ZAccess.c (0)
2011/08/15 12:25:01.0115 6828 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\windows\system32\DRIVERS\ACPI.sys
2011/08/15 12:25:01.0162 6828 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\windows\system32\DRIVERS\acpipmi.sys
2011/08/15 12:25:01.0224 6828 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\windows\system32\DRIVERS\adp94xx.sys
2011/08/15 12:25:01.0255 6828 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\windows\system32\DRIVERS\adpahci.sys
2011/08/15 12:25:01.0286 6828 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\windows\system32\DRIVERS\adpu320.sys
2011/08/15 12:25:01.0349 6828 AFD (ddc040fdb01ef1712a6b13e52afb104c) C:\windows\system32\drivers\afd.sys
2011/08/15 12:25:01.0474 6828 AgereSoftModem (faa5a0b80e011464c7654851ce3d7fe7) C:\windows\system32\DRIVERS\AGRSM.sys
2011/08/15 12:25:01.0552 6828 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\windows\system32\DRIVERS\agp440.sys
2011/08/15 12:25:01.0598 6828 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\windows\system32\DRIVERS\djsvs.sys
2011/08/15 12:25:01.0661 6828 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\windows\system32\DRIVERS\aliide.sys
2011/08/15 12:25:01.0692 6828 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\windows\system32\DRIVERS\amdagp.sys
2011/08/15 12:25:01.0723 6828 amdide (cd5914170297126b6266860198d1d4f0) C:\windows\system32\DRIVERS\amdide.sys
2011/08/15 12:25:01.0770 6828 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\windows\system32\DRIVERS\amdk8.sys
2011/08/15 12:25:01.0817 6828 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\windows\system32\DRIVERS\amdppm.sys
2011/08/15 12:25:01.0848 6828 amdsata (2101a86c25c154f8314b24ef49d7fbc2) C:\windows\system32\DRIVERS\amdsata.sys
2011/08/15 12:25:01.0895 6828 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\windows\system32\DRIVERS\amdsbs.sys
2011/08/15 12:25:01.0926 6828 amdxata (b81c2b5616f6420a9941ea093a92b150) C:\windows\system32\DRIVERS\amdxata.sys
2011/08/15 12:25:01.0973 6828 AppID (feb834c02ce1e84b6a38f953ca067706) C:\windows\system32\drivers\appid.sys
2011/08/15 12:25:02.0020 6828 arc (2932004f49677bd84dbc72edb754ffb3) C:\windows\system32\DRIVERS\arc.sys
2011/08/15 12:25:02.0051 6828 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\windows\system32\DRIVERS\arcsas.sys
2011/08/15 12:25:02.0082 6828 ArcSoftKsUFilter (dfd07f0a36bd4f7e7ad2bc5548213694) C:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys
2011/08/15 12:25:02.0113 6828 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\windows\system32\DRIVERS\asyncmac.sys
2011/08/15 12:25:02.0144 6828 atapi (338c86357871c167a96ab976519bf59e) C:\windows\system32\DRIVERS\atapi.sys
2011/08/15 12:25:02.0207 6828 athr (2eb96571fe865f07ed1fd6017575026f) C:\windows\system32\DRIVERS\athr.sys
2011/08/15 12:25:02.0425 6828 atikmdag (c17c77e84b11b5e01f32dd6b98930f36) C:\windows\system32\DRIVERS\atikmdag.sys
2011/08/15 12:25:02.0628 6828 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\windows\system32\DRIVERS\bxvbdx.sys
2011/08/15 12:25:02.0675 6828 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\windows\system32\DRIVERS\b57nd60x.sys
2011/08/15 12:25:02.0722 6828 Beep (505506526a9d467307b3c393dedaf858) C:\windows\system32\drivers\Beep.sys
2011/08/15 12:25:02.0815 6828 BHDrvx86 (76154fa6a742c613b44bb636b1a7c057) C:\windows\System32\Drivers\NIS\1008000.029\BHDrvx86.sys
2011/08/15 12:25:02.0878 6828 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\windows\system32\DRIVERS\blbdrive.sys
2011/08/15 12:25:02.0893 6828 bowser (fcafaef6798d7b51ff029f99a9898961) C:\windows\system32\DRIVERS\bowser.sys
2011/08/15 12:25:02.0924 6828 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\windows\system32\DRIVERS\BrFiltLo.sys
2011/08/15 12:25:02.0956 6828 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\windows\system32\DRIVERS\BrFiltUp.sys
2011/08/15 12:25:03.0190 6828 Brserid (845b8ce732e67f3b4133164868c666ea) C:\windows\System32\Drivers\Brserid.sys
2011/08/15 12:25:03.0221 6828 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\windows\System32\Drivers\BrSerWdm.sys
2011/08/15 12:25:03.0268 6828 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\windows\System32\Drivers\BrUsbMdm.sys
2011/08/15 12:25:03.0314 6828 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\windows\System32\Drivers\BrUsbSer.sys
2011/08/15 12:25:03.0346 6828 BthEnum (2865a5c8e98c70c605f417908cebb3a4) C:\windows\system32\DRIVERS\BthEnum.sys
2011/08/15 12:25:03.0377 6828 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\windows\system32\DRIVERS\bthmodem.sys
2011/08/15 12:25:03.0408 6828 BthPan (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\windows\system32\DRIVERS\bthpan.sys
2011/08/15 12:25:03.0455 6828 BTHPORT (4a34888e13224678dd062466afec4240) C:\windows\system32\Drivers\BTHport.sys
2011/08/15 12:25:03.0486 6828 BTHUSB (fa04c63916fa221dbb91fce153d07a55) C:\windows\system32\Drivers\BTHUSB.sys
2011/08/15 12:25:03.0564 6828 ccHP (8973ff34b83572d867b5b928905ad5ac) C:\windows\System32\Drivers\NIS\1008000.029\ccHPx86.sys
2011/08/15 12:25:03.0595 6828 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\windows\system32\DRIVERS\cdfs.sys
2011/08/15 12:25:03.0642 6828 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\windows\system32\DRIVERS\cdrom.sys
2011/08/15 12:25:03.0704 6828 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\windows\system32\DRIVERS\circlass.sys
2011/08/15 12:25:03.0751 6828 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\windows\system32\CLFS.sys
2011/08/15 12:25:03.0814 6828 CmBatt (dea805815e587dad1dd2c502220b5616) C:\windows\system32\DRIVERS\CmBatt.sys
2011/08/15 12:25:03.0845 6828 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\windows\system32\DRIVERS\cmdide.sys
2011/08/15 12:25:03.0892 6828 CNG (1b675691ed940766149c93e8f4488d68) C:\windows\system32\Drivers\cng.sys
2011/08/15 12:25:03.0938 6828 Compbatt (a6023d3823c37043986713f118a89bee) C:\windows\system32\DRIVERS\compbatt.sys
2011/08/15 12:25:03.0985 6828 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\windows\system32\DRIVERS\CompositeBus.sys
2011/08/15 12:25:04.0016 6828 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\windows\system32\DRIVERS\crcdisk.sys
2011/08/15 12:25:04.0079 6828 DfsC (8e09e52ee2e3ceb199ef3dd99cf9e3fb) C:\windows\system32\Drivers\dfsc.sys
2011/08/15 12:25:04.0126 6828 discache (1a050b0274bfb3890703d490f330c0da) C:\windows\system32\drivers\discache.sys
2011/08/15 12:25:04.0204 6828 Disk (565003f326f99802e68ca78f2a68e9ff) C:\windows\system32\DRIVERS\disk.sys
2011/08/15 12:25:04.0266 6828 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\windows\system32\drivers\drmkaud.sys
2011/08/15 12:25:04.0328 6828 DXGKrnl (8b6c3464d7fac176500061dbfff42ad4) C:\windows\System32\drivers\dxgkrnl.sys
2011/08/15 12:25:04.0469 6828 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\windows\system32\DRIVERS\evbdx.sys
2011/08/15 12:25:04.0687 6828 eeCtrl (089296aedb9b72b4916ac959752bdc89) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
2011/08/15 12:25:04.0843 6828 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\windows\system32\DRIVERS\elxstor.sys
2011/08/15 12:25:04.0921 6828 enecir (70c764bfe0ec4b1b242e9626d3564443) C:\windows\system32\DRIVERS\enecir.sys
2011/08/15 12:25:04.0952 6828 enecirhid (65bf24816c2814596253f312dd35f171) C:\windows\system32\DRIVERS\enecirhid.sys
2011/08/15 12:25:04.0984 6828 enecirhidma (97d41e2831ac117af9bf8d0d9e9d027f) C:\windows\system32\DRIVERS\enecirhidma.sys
2011/08/15 12:25:05.0093 6828 EraserUtilRebootDrv (850259334652d392e33ee3412562e583) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
2011/08/15 12:25:05.0140 6828 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\windows\system32\DRIVERS\errdev.sys
2011/08/15 12:25:05.0202 6828 exfat (2dc9108d74081149cc8b651d3a26207f) C:\windows\system32\drivers\exfat.sys
2011/08/15 12:25:05.0249 6828 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\windows\system32\drivers\fastfat.sys
2011/08/15 12:25:05.0296 6828 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\windows\system32\DRIVERS\fdc.sys
2011/08/15 12:25:05.0327 6828 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\windows\system32\drivers\fileinfo.sys
2011/08/15 12:25:05.0342 6828 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\windows\system32\drivers\filetrace.sys
2011/08/15 12:25:05.0389 6828 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\windows\system32\DRIVERS\flpydisk.sys
2011/08/15 12:25:05.0420 6828 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\windows\system32\drivers\fltmgr.sys
2011/08/15 12:25:05.0452 6828 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\windows\system32\drivers\FsDepends.sys
2011/08/15 12:25:05.0483 6828 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\windows\system32\drivers\Fs_Rec.sys
2011/08/15 12:25:05.0530 6828 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\windows\system32\DRIVERS\fvevol.sys
2011/08/15 12:25:05.0576 6828 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\windows\system32\DRIVERS\gagp30kx.sys
2011/08/15 12:25:05.0639 6828 hamachi (833051c6c6c42117191935f734cfbd97) C:\windows\system32\DRIVERS\hamachi.sys
2011/08/15 12:25:05.0670 6828 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\windows\system32\drivers\hcw85cir.sys
2011/08/15 12:25:05.0717 6828 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\windows\system32\drivers\HdAudio.sys
2011/08/15 12:25:05.0764 6828 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\windows\system32\DRIVERS\HDAudBus.sys
2011/08/15 12:25:05.0795 6828 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\windows\system32\DRIVERS\HidBatt.sys
2011/08/15 12:25:05.0857 6828 HidBth (89448f40e6df260c206a193a4683ba78) C:\windows\system32\DRIVERS\hidbth.sys
2011/08/15 12:25:05.0888 6828 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\windows\system32\DRIVERS\hidir.sys
2011/08/15 12:25:05.0935 6828 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\windows\system32\DRIVERS\hidusb.sys
2011/08/15 12:25:05.0998 6828 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\windows\system32\DRIVERS\HpSAMD.sys
2011/08/15 12:25:06.0044 6828 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\windows\system32\drivers\HTTP.sys
2011/08/15 12:25:06.0076 6828 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\windows\system32\drivers\hwpolicy.sys
2011/08/15 12:25:06.0122 6828 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\windows\system32\DRIVERS\i8042prt.sys
2011/08/15 12:25:06.0154 6828 iaStorV (934af4d7c5f457b9f0743f4299b77b67) C:\windows\system32\DRIVERS\iaStorV.sys
2011/08/15 12:25:06.0232 6828 iirsp (4173ff5708f3236cf25195fecd742915) C:\windows\system32\DRIVERS\iirsp.sys
2011/08/15 12:25:06.0325 6828 IntcAzAudAddService (e345ec27c8dff8728f5c6f0413699dc5) C:\windows\system32\drivers\RTKVHDA.sys
2011/08/15 12:25:06.0388 6828 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\windows\system32\DRIVERS\intelide.sys
2011/08/15 12:25:06.0419 6828 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\windows\system32\DRIVERS\intelppm.sys
2011/08/15 12:25:06.0466 6828 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\windows\system32\DRIVERS\ipfltdrv.sys
2011/08/15 12:25:06.0512 6828 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\windows\system32\DRIVERS\IPMIDrv.sys
2011/08/15 12:25:06.0559 6828 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\windows\system32\drivers\ipnat.sys
2011/08/15 12:25:06.0606 6828 IRENUM (42996cff20a3084a56017b7902307e9f) C:\windows\system32\drivers\irenum.sys
2011/08/15 12:25:06.0653 6828 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\windows\system32\DRIVERS\isapnp.sys
2011/08/15 12:25:06.0684 6828 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\windows\system32\DRIVERS\msiscsi.sys
2011/08/15 12:25:06.0715 6828 JMCR (2137795d207280d5707554aaf936fd19) C:\windows\system32\DRIVERS\jmcr.sys
2011/08/15 12:25:06.0762 6828 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\windows\system32\DRIVERS\kbdclass.sys
2011/08/15 12:25:06.0809 6828 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\windows\system32\DRIVERS\kbdhid.sys
2011/08/15 12:25:06.0840 6828 KSecDD (e36a061ec11b373826905b21be10948f) C:\windows\system32\Drivers\ksecdd.sys
2011/08/15 12:25:06.0887 6828 KSecPkg (365c6154bbbc5377173f1ca7bfb6cc59) C:\windows\system32\Drivers\ksecpkg.sys
2011/08/15 12:25:06.0965 6828 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\windows\system32\DRIVERS\lltdio.sys
2011/08/15 12:25:07.0043 6828 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\windows\system32\DRIVERS\lsi_fc.sys
2011/08/15 12:25:07.0074 6828 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\windows\system32\DRIVERS\lsi_sas.sys
2011/08/15 12:25:07.0121 6828 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\windows\system32\DRIVERS\lsi_sas2.sys
2011/08/15 12:25:07.0152 6828 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\windows\system32\DRIVERS\lsi_scsi.sys
2011/08/15 12:25:07.0183 6828 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\windows\system32\drivers\luafv.sys
2011/08/15 12:25:07.0246 6828 MarvinBus (a3e700d78eec390f1208098cdca5c6b6) C:\windows\system32\DRIVERS\MarvinBus.sys
2011/08/15 12:25:07.0324 6828 MBAMProtector (eca00eed9ab95489007b0ef84c7149de) C:\windows\system32\drivers\mbam.sys
2011/08/15 12:25:07.0417 6828 MBAMSwissArmy (b18225739ed9caa83ba2df966e9f43e8) C:\windows\system32\drivers\mbamswissarmy.sys
2011/08/15 12:25:07.0495 6828 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\windows\system32\DRIVERS\megasas.sys
2011/08/15 12:25:07.0573 6828 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\windows\system32\DRIVERS\MegaSR.sys
2011/08/15 12:25:07.0667 6828 Modem (f001861e5700ee84e2d4e52c712f4964) C:\windows\system32\drivers\modem.sys
2011/08/15 12:25:07.0698 6828 monitor (79d10964de86b292320e9dfe02282a23) C:\windows\system32\DRIVERS\monitor.sys
2011/08/15 12:25:07.0760 6828 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\windows\system32\DRIVERS\mouclass.sys
2011/08/15 12:25:07.0807 6828 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\windows\system32\DRIVERS\mouhid.sys
2011/08/15 12:25:07.0870 6828 mountmgr (921c18727c5920d6c0300736646931c2) C:\windows\system32\drivers\mountmgr.sys
2011/08/15 12:25:07.0901 6828 mpio (2af5997438c55fb79d33d015c30e1974) C:\windows\system32\DRIVERS\mpio.sys
2011/08/15 12:25:08.0010 6828 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\windows\system32\drivers\mpsdrv.sys
2011/08/15 12:25:08.0057 6828 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\windows\system32\drivers\mrxdav.sys
2011/08/15 12:25:08.0166 6828 mrxsmb (f1b6aa08497ea86ca6ef6f7a08b0bfb8) C:\windows\system32\DRIVERS\mrxsmb.sys
2011/08/15 12:25:08.0228 6828 mrxsmb10 (5613358b4050f46f5a9832da8050d6e4) C:\windows\system32\DRIVERS\mrxsmb10.sys
2011/08/15 12:25:08.0275 6828 mrxsmb20 (25c9792778d80feb4c8201e62281bfdf) C:\windows\system32\DRIVERS\mrxsmb20.sys
2011/08/15 12:25:08.0322 6828 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\windows\system32\DRIVERS\msahci.sys
2011/08/15 12:25:08.0369 6828 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\windows\system32\DRIVERS\msdsm.sys
2011/08/15 12:25:08.0400 6828 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\windows\system32\drivers\Msfs.sys
2011/08/15 12:25:08.0416 6828 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\windows\System32\drivers\mshidkmdf.sys
2011/08/15 12:25:08.0447 6828 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\windows\system32\DRIVERS\msisadrv.sys
2011/08/15 12:25:08.0494 6828 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\windows\system32\drivers\MSKSSRV.sys
2011/08/15 12:25:08.0525 6828 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\windows\system32\drivers\MSPCLOCK.sys
2011/08/15 12:25:08.0556 6828 MSPQM (f456e973590d663b1073e9c463b40932) C:\windows\system32\drivers\MSPQM.sys
2011/08/15 12:25:08.0603 6828 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\windows\system32\drivers\MsRPC.sys
2011/08/15 12:25:08.0634 6828 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\windows\system32\DRIVERS\mssmbios.sys
2011/08/15 12:25:08.0681 6828 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\windows\system32\drivers\MSTEE.sys
2011/08/15 12:25:08.0712 6828 MTConfig (33599130f44e1f34631cea241de8ac84) C:\windows\system32\DRIVERS\MTConfig.sys
2011/08/15 12:25:08.0743 6828 Mup (159fad02f64e6381758c990f753bcc80) C:\windows\system32\Drivers\mup.sys
2011/08/15 12:25:08.0790 6828 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\windows\system32\DRIVERS\nwifi.sys
2011/08/15 12:25:08.0884 6828 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\windows\system32\drivers\ndis.sys
2011/08/15 12:25:08.0915 6828 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\windows\system32\DRIVERS\ndiscap.sys
2011/08/15 12:25:08.0946 6828 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\windows\system32\DRIVERS\ndistapi.sys
2011/08/15 12:25:08.0993 6828 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\windows\system32\DRIVERS\ndisuio.sys
2011/08/15 12:25:09.0024 6828 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\windows\system32\DRIVERS\ndiswan.sys
2011/08/15 12:25:09.0055 6828 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\windows\system32\drivers\NDProxy.sys
2011/08/15 12:25:09.0102 6828 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\windows\system32\DRIVERS\netbios.sys
2011/08/15 12:25:09.0133 6828 NetBT (e71088b82d6affd17bd1f7c176d77df1) C:\windows\system32\DRIVERS\netbt.sys
2011/08/15 12:25:09.0133 6828 Suspicious file (Forged): C:\windows\system32\DRIVERS\netbt.sys. Real md5: e71088b82d6affd17bd1f7c176d77df1, Fake md5: dd52a733bf4ca5af84562a5e2f963b91
2011/08/15 12:25:09.0149 6828 NetBT - detected ForgedFile.Multi.Generic (1)
2011/08/15 12:25:09.0211 6828 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\windows\system32\DRIVERS\nfrd960.sys
2011/08/15 12:25:09.0289 6828 npf (b9730495e0cf674680121e34bd95a73b) C:\windows\system32\drivers\npf.sys
2011/08/15 12:25:09.0336 6828 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\windows\system32\drivers\Npfs.sys
2011/08/15 12:25:09.0367 6828 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\windows\system32\drivers\nsiproxy.sys
2011/08/15 12:25:09.0430 6828 Ntfs (3795dcd21f740ee799fb7223234215af) C:\windows\system32\drivers\Ntfs.sys
2011/08/15 12:25:09.0492 6828 Null (f9756a98d69098dca8945d62858a812c) C:\windows\system32\drivers\Null.sys
2011/08/15 12:25:09.0539 6828 NVENETFD (b5e37e31c053bc9950455a257526514b) C:\windows\system32\DRIVERS\nvm62x32.sys
2011/08/15 12:25:09.0570 6828 NVHDA (d2f4c4b22969236382ca853b8daa2d4e) C:\windows\system32\drivers\nvhda32v.sys
2011/08/15 12:25:09.0976 6828 nvlddmkm (f484e314c710b9c297f9ab363ff74370) C:\windows\system32\DRIVERS\nvlddmkm.sys
2011/08/15 12:25:10.0178 6828 NVNET (5bf9c11586f4764446407f509f1beca8) C:\windows\system32\DRIVERS\nvmf6232.sys
2011/08/15 12:25:10.0225 6828 nvraid (3f3d04b1d08d43c16ea7963954ec768d) C:\windows\system32\DRIVERS\nvraid.sys
2011/08/15 12:25:10.0256 6828 nvsmu (f13618f0cb1e95232f4c2401592a59e9) C:\windows\system32\DRIVERS\nvsmu.sys
2011/08/15 12:25:10.0319 6828 nvstor (c99f251a5de63c6f129cf71933aced0f) C:\windows\system32\DRIVERS\nvstor.sys
2011/08/15 12:25:10.0366 6828 nvstor32 (3ff57a9a657c9690ecbc8b1e3b6e3979) C:\windows\system32\DRIVERS\nvstor32.sys
2011/08/15 12:25:10.0428 6828 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\windows\system32\DRIVERS\nv_agp.sys
2011/08/15 12:25:10.0459 6828 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\windows\system32\DRIVERS\ohci1394.sys
2011/08/15 12:25:10.0522 6828 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\windows\system32\DRIVERS\parport.sys
2011/08/15 12:25:10.0553 6828 partmgr (ff4218952b51de44fe910953a3e686b9) C:\windows\system32\drivers\partmgr.sys
2011/08/15 12:25:10.0584 6828 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\windows\system32\DRIVERS\parvdm.sys
2011/08/15 12:25:10.0631 6828 pci (c858cb77c577780ecc456a892e7e7d0f) C:\windows\system32\DRIVERS\pci.sys
2011/08/15 12:25:10.0662 6828 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\windows\system32\DRIVERS\pciide.sys
2011/08/15 12:25:10.0709 6828 pcmcia (f396431b31693e71e8a80687ef523506) C:\windows\system32\DRIVERS\pcmcia.sys
2011/08/15 12:25:10.0740 6828 pcw (250f6b43d2b613172035c6747aeeb19f) C:\windows\system32\drivers\pcw.sys
2011/08/15 12:25:10.0771 6828 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\windows\system32\drivers\peauth.sys
2011/08/15 12:25:10.0865 6828 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\windows\system32\DRIVERS\raspptp.sys
2011/08/15 12:25:10.0896 6828 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\windows\system32\DRIVERS\processr.sys
2011/08/15 12:25:10.0927 6828 Psched (6270ccae2a86de6d146529fe55b3246a) C:\windows\system32\DRIVERS\pacer.sys
2011/08/15 12:25:10.0990 6828 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\windows\system32\DRIVERS\ql2300.sys
2011/08/15 12:25:11.0052 6828 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\windows\system32\DRIVERS\ql40xx.sys
2011/08/15 12:25:11.0083 6828 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\windows\system32\drivers\qwavedrv.sys
2011/08/15 12:25:11.0114 6828 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\windows\system32\DRIVERS\rasacd.sys
2011/08/15 12:25:11.0146 6828 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\windows\system32\DRIVERS\AgileVpn.sys
2011/08/15 12:25:11.0177 6828 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\windows\system32\DRIVERS\rasl2tp.sys
2011/08/15 12:25:11.0224 6828 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\windows\system32\DRIVERS\raspppoe.sys
2011/08/15 12:25:11.0255 6828 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\windows\system32\DRIVERS\rassstp.sys
2011/08/15 12:25:11.0286 6828 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\windows\system32\DRIVERS\rdbss.sys
2011/08/15 12:25:11.0317 6828 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\windows\system32\DRIVERS\rdpbus.sys
2011/08/15 12:25:11.0333 6828 RDPCDD (1e016846895b15a99f9a176a05029075) C:\windows\system32\DRIVERS\RDPCDD.sys
2011/08/15 12:25:11.0364 6828 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\windows\system32\drivers\rdpencdd.sys
2011/08/15 12:25:11.0395 6828 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\windows\system32\drivers\rdprefmp.sys
2011/08/15 12:25:11.0442 6828 RDPWD (801371ba9782282892d00aadb08ee367) C:\windows\system32\drivers\RDPWD.sys
2011/08/15 12:25:11.0473 6828 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\windows\system32\drivers\rdyboost.sys
2011/08/15 12:25:11.0520 6828 RFCOMM (cb928d9e6daf51879dd6ba8d02f01321) C:\windows\system32\DRIVERS\rfcomm.sys
2011/08/15 12:25:11.0567 6828 rspndr (032b0d36ad92b582d869879f5af5b928) C:\windows\system32\DRIVERS\rspndr.sys
2011/08/15 12:25:11.0614 6828 RTL8167 (7dfd48e24479b68b258d8770121155a0) C:\windows\system32\DRIVERS\Rt86win7.sys
2011/08/15 12:25:11.0660 6828 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\windows\system32\DRIVERS\sbp2port.sys
2011/08/15 12:25:11.0692 6828 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\windows\system32\DRIVERS\scfilter.sys
2011/08/15 12:25:11.0723 6828 sdbus (7b48cff3a475fe849dea65ec4d35c425) C:\windows\system32\DRIVERS\sdbus.sys
2011/08/15 12:25:11.0770 6828 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\windows\system32\drivers\secdrv.sys
2011/08/15 12:25:11.0816 6828 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\windows\system32\DRIVERS\serenum.sys
2011/08/15 12:25:11.0832 6828 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\windows\system32\DRIVERS\serial.sys
2011/08/15 12:25:11.0879 6828 sermouse (79bffb520327ff916a582dfea17aa813) C:\windows\system32\DRIVERS\sermouse.sys
2011/08/15 12:25:11.0910 6828 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\windows\system32\DRIVERS\sffdisk.sys
2011/08/15 12:25:11.0941 6828 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\windows\system32\DRIVERS\sffp_mmc.sys
2011/08/15 12:25:11.0957 6828 sffp_sd (4f1e5b0fe7c8050668dbfade8999aefb) C:\windows\system32\DRIVERS\sffp_sd.sys
2011/08/15 12:25:12.0004 6828 sfloppy (db96666cc8312ebc45032f30b007a547) C:\windows\system32\DRIVERS\sfloppy.sys
2011/08/15 12:25:12.0035 6828 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\windows\system32\DRIVERS\sisagp.sys
2011/08/15 12:25:12.0066 6828 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\windows\system32\DRIVERS\SiSRaid2.sys
2011/08/15 12:25:12.0113 6828 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\windows\system32\DRIVERS\sisraid4.sys
2011/08/15 12:25:12.0160 6828 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\windows\system32\DRIVERS\smb.sys
2011/08/15 12:25:12.0238 6828 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\windows\system32\drivers\spldr.sys
2011/08/15 12:25:12.0316 6828 sptd (cdddec541bc3c96f91ecb48759673505) C:\windows\system32\Drivers\sptd.sys
2011/08/15 12:25:12.0316 6828 Suspicious file (NoAccess): C:\windows\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505
2011/08/15 12:25:12.0331 6828 sptd - detected LockedFile.Multi.Generic (1)
2011/08/15 12:25:12.0394 6828 SRTSP (e81f6caeab9ad5732e94c07c97866aa2) C:\windows\System32\Drivers\NIS\1008000.029\SRTSP.SYS
2011/08/15 12:25:12.0456 6828 SRTSPX (e28de499d942b08058bffac69d4122b6) C:\windows\system32\drivers\NIS\1008000.029\SRTSPX.SYS
2011/08/15 12:25:12.0503 6828 srv (50a83ca406c808bd35ac9141a0c7618f) C:\windows\system32\DRIVERS\srv.sys
2011/08/15 12:25:12.0534 6828 srv2 (dce7e10feaabd4cae95948b3de5340bb) C:\windows\system32\DRIVERS\srv2.sys
2011/08/15 12:25:12.0581 6828 srvnet (bd1433a32792fd0dc450479094fc435a) C:\windows\system32\DRIVERS\srvnet.sys
2011/08/15 12:25:12.0659 6828 stexstor (db32d325c192b801df274bfd12a7e72b) C:\windows\system32\DRIVERS\stexstor.sys
2011/08/15 12:25:12.0706 6828 swenum (e58c78a848add9610a4db6d214af5224) C:\windows\system32\DRIVERS\swenum.sys
2011/08/15 12:25:12.0768 6828 SymEFA (d0885f6e24259a6c65e68d6ad749910a) C:\windows\system32\drivers\NIS\1008000.029\SYMEFA.SYS
2011/08/15 12:25:12.0862 6828 SymEvent (a54ff04bd6e75dc4d8cb6f3e352635e0) C:\windows\system32\Drivers\SYMEVENT.SYS
2011/08/15 12:25:12.0940 6828 SYMFW (1e825026436c4eac3e1a11d1e9c33f2c) C:\windows\System32\Drivers\NIS\1008000.029\SYMFW.SYS
2011/08/15 12:25:12.0986 6828 SymIM (34f1c9d5dcc19df1e824d6b73767b8af) C:\windows\system32\DRIVERS\SymIMv.sys
2011/08/15 12:25:13.0080 6828 SYMNDISV (dcbf73da96cce94933c8cc6eded3c98b) C:\windows\System32\Drivers\NIS\1008000.029\SYMNDISV.SYS
2011/08/15 12:25:13.0142 6828 SYMTDI (e4fa8bbb96e314e9508865de1a767538) C:\windows\System32\Drivers\NIS\1008000.029\SYMTDI.SYS
2011/08/15 12:25:13.0220 6828 Tcpip (2cc3d75488abd3ec628bbb9a4fc84efc) C:\windows\system32\drivers\tcpip.sys
2011/08/15 12:25:13.0423 6828 TCPIP6 (2cc3d75488abd3ec628bbb9a4fc84efc) C:\windows\system32\DRIVERS\tcpip.sys
2011/08/15 12:25:13.0486 6828 tcpipreg (e64444523add154f86567c469bc0b17f) C:\windows\system32\drivers\tcpipreg.sys
2011/08/15 12:25:13.0532 6828 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\windows\system32\drivers\tdpipe.sys
2011/08/15 12:25:13.0548 6828 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\windows\system32\drivers\tdtcp.sys
2011/08/15 12:25:13.0579 6828 tdx (cb39e896a2a83702d1737bfd402b3542) C:\windows\system32\DRIVERS\tdx.sys
2011/08/15 12:25:13.0610 6828 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\windows\system32\DRIVERS\termdd.sys
2011/08/15 12:25:13.0673 6828 toshidpt (85b6ff02491b6db3572b4f93e56cab7c) C:\windows\system32\drivers\Toshidpt.sys
2011/08/15 12:25:13.0688 6828 tosporte (90afa1a4451bbbee87c9f18a665d8121) C:\windows\system32\DRIVERS\tosporte.sys
2011/08/15 12:25:13.0751 6828 tosrfbd (00371ce4da09b68ba0ff953e61820981) C:\windows\system32\DRIVERS\tosrfbd.sys
2011/08/15 12:25:13.0782 6828 tosrfbnp (74392bab3f0d4810da8436ec79d6955d) C:\windows\system32\Drivers\tosrfbnp.sys
2011/08/15 12:25:13.0813 6828 Tosrfcom (1ad9eb1b5abd0aeee4084c8153476f1e) C:\windows\system32\Drivers\tosrfcom.sys
2011/08/15 12:25:13.0844 6828 Tosrfhid (a72a3473180f378cc07d342803ffd580) C:\windows\system32\DRIVERS\Tosrfhid.sys
2011/08/15 12:25:13.0876 6828 tosrfnds (b2a1a6538245fd69578224bbf2fd4677) C:\windows\system32\DRIVERS\tosrfnds.sys
2011/08/15 12:25:13.0922 6828 TosRfSnd (f1ca74cca8241d8b8a024aecc643c547) C:\windows\system32\drivers\tosrfsnd.sys
2011/08/15 12:25:13.0954 6828 Tosrfusb (f400fb9616261a1b66e6d2e04b6c3538) C:\windows\system32\DRIVERS\tosrfusb.sys
2011/08/15 12:25:14.0000 6828 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\windows\system32\DRIVERS\tssecsrv.sys
2011/08/15 12:25:14.0032 6828 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\windows\system32\DRIVERS\tunnel.sys
2011/08/15 12:25:14.0078 6828 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\windows\system32\DRIVERS\uagp35.sys
2011/08/15 12:25:14.0110 6828 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\windows\system32\DRIVERS\udfs.sys
2011/08/15 12:25:14.0172 6828 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\windows\system32\DRIVERS\uliagpkx.sys
2011/08/15 12:25:14.0219 6828 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\windows\system32\DRIVERS\umbus.sys
2011/08/15 12:25:14.0250 6828 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\windows\system32\DRIVERS\umpass.sys
2011/08/15 12:25:14.0281 6828 usbccgp (8455c4ed038efd09e99327f9d2d48ffa) C:\windows\system32\DRIVERS\usbccgp.sys
2011/08/15 12:25:14.0312 6828 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\windows\system32\DRIVERS\usbcir.sys
2011/08/15 12:25:14.0359 6828 usbehci (1c333bfd60f2fed2c7ad5daf533cb742) C:\windows\system32\DRIVERS\usbehci.sys
2011/08/15 12:25:14.0406 6828 usbhub (ee6ef93ccfa94fae8c6ab298273d8ae2) C:\windows\system32\DRIVERS\usbhub.sys
2011/08/15 12:25:14.0453 6828 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\windows\system32\DRIVERS\usbohci.sys
2011/08/15 12:25:14.0484 6828 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\windows\system32\DRIVERS\usbprint.sys
2011/08/15 12:25:14.0531 6828 USBSTOR (d8889d56e0d27e57ed4591837fe71d27) C:\windows\system32\DRIVERS\USBSTOR.SYS
2011/08/15 12:25:14.0546 6828 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\windows\system32\DRIVERS\usbuhci.sys
2011/08/15 12:25:14.0593 6828 usbvideo (f642a7e4bf78cfa359cca0a3557c28d7) C:\windows\system32\Drivers\usbvideo.sys
2011/08/15 12:25:14.0624 6828 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\windows\system32\DRIVERS\vdrvroot.sys
2011/08/15 12:25:14.0656 6828 vga (17c408214ea61696cec9c66e388b14f3) C:\windows\system32\DRIVERS\vgapnp.sys
2011/08/15 12:25:14.0671 6828 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\windows\System32\drivers\vga.sys
2011/08/15 12:25:14.0718 6828 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\windows\system32\DRIVERS\vhdmp.sys
2011/08/15 12:25:14.0765 6828 viaagp (c829317a37b4bea8f39735d4b076e923) C:\windows\system32\DRIVERS\viaagp.sys
2011/08/15 12:25:14.0796 6828 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\windows\system32\DRIVERS\viac7.sys
2011/08/15 12:25:14.0843 6828 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\windows\system32\DRIVERS\viaide.sys
2011/08/15 12:25:14.0858 6828 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\windows\system32\DRIVERS\volmgr.sys
2011/08/15 12:25:14.0890 6828 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\windows\system32\drivers\volmgrx.sys
2011/08/15 12:25:14.0952 6828 volsnap (58df9d2481a56edde167e51b334d44fd) C:\windows\system32\DRIVERS\volsnap.sys
2011/08/15 12:25:14.0999 6828 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\windows\system32\DRIVERS\vsmraid.sys
2011/08/15 12:25:15.0061 6828 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\windows\system32\DRIVERS\vwifibus.sys
2011/08/15 12:25:15.0077 6828 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\windows\system32\DRIVERS\vwififlt.sys
2011/08/15 12:25:15.0124 6828 WacomPen (de3721e89c653aa281428c8a69745d90) C:\windows\system32\DRIVERS\wacompen.sys
2011/08/15 12:25:15.0155 6828 WANARP (692a712062146e96d28ba0b7d75de31b) C:\windows\system32\DRIVERS\wanarp.sys
2011/08/15 12:25:15.0155 6828 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\windows\system32\DRIVERS\wanarp.sys
2011/08/15 12:25:15.0233 6828 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\windows\system32\DRIVERS\wd.sys
2011/08/15 12:25:15.0264 6828 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\windows\system32\drivers\Wdf01000.sys
2011/08/15 12:25:15.0326 6828 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\windows\system32\DRIVERS\wfplwf.sys
2011/08/15 12:25:15.0358 6828 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\windows\system32\drivers\wimmount.sys
2011/08/15 12:25:15.0420 6828 WinUsb (30fc6e5448d0cbaaa95280eeef7fedae) C:\windows\system32\DRIVERS\WinUsb.sys
2011/08/15 12:25:15.0451 6828 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\windows\system32\DRIVERS\wmiacpi.sys
2011/08/15 12:25:15.0514 6828 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\windows\system32\drivers\ws2ifsl.sys
2011/08/15 12:25:15.0576 6828 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\windows\system32\drivers\WudfPf.sys
2011/08/15 12:25:15.0623 6828 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\windows\system32\DRIVERS\WUDFRd.sys
2011/08/15 12:25:15.0685 6828 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
2011/08/15 12:25:15.0716 6828 Boot (0x1200) (8d12255637b6365c41a3384c174aebd0) \Device\Harddisk0\DR0\Partition0
2011/08/15 12:25:15.0732 6828 Boot (0x1200) (d3e7898e11f3706897ede3e2ea6e4166) \Device\Harddisk0\DR0\Partition1
2011/08/15 12:25:15.0732 6828 ================================================================================
2011/08/15 12:25:15.0732 6828 Scan finished
2011/08/15 12:25:15.0732 6828 ================================================================================
2011/08/15 12:25:15.0748 7124 Detected object count: 3
2011/08/15 12:25:15.0748 7124 Actual detected object count: 3
2011/08/15 12:25:36.0745 7124 1394ohci (2cc2633557be62ffadc32705b4d888f7) C:\windows\system32\DRIVERS\1394ohci.sys
2011/08/15 12:25:40.0208 7124 Backup copy not found, trying to cure infected file..
2011/08/15 12:25:40.0208 7124 C:\windows\system32\DRIVERS\1394ohci.sys - Cure failed (FFFFFFFF)
2011/08/15 12:25:40.0208 7124 C:\windows\system32\DRIVERS\1394ohci.sys - processing error
2011/08/15 12:25:40.0208 7124 Rootkit.Win32.ZAccess.c(1394ohci) - User select action: Cure
2011/08/15 12:25:40.0208 7124 ForgedFile.Multi.Generic(NetBT) - User select action: Skip
2011/08/15 12:25:40.0224 7124 LockedFile.Multi.Generic(sptd) - User select action: Skip
2011/08/15 12:25:49.0210 5108 Deinitialize success

Přes MBAM jsem zkoušel dělat sken, ale vždy se mi to po chvíli samo vyplo a poté to hlasí že windows nemá přístup k určenému zařízení.

Stahnete RogueKiller http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe

Ukoncete vsechny programy
Pokud pouzivate Win Vista ci W7, kliknete na RogueKiller pravym a dejte Run As Administrator ci Spustit jako spravce
Zvolte moznost 2 a potvrte enterem
Utilita provede svou cinnost a da log - ten sem vlozte
Nyni znovu, ale zvolte moznost 3 a pote jeste 4 - logy opet vlozte

Děkuji

Tady je log z 2:

RogueKiller V5.2.7 [06/30/2011] by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-toile.com/discussion- ... ntees.html

Operating System: Windows 7 (6.1.7600 ) 32 bits version
Started in : Normal mode
User: chorche [Admin rights]
Mode: Remove -- Date : 08/16/2011 13:58:34

Bad processes: 0

Registry Entries: 0

HOSTS File:
127.0.0.1 localhost
127.0.0.1 vkontakte.ru
127.0.0.1 www.vkontakte.ru
127.0.0.1 login.vk.com
127.0.0.1 vk.com
127.0.0.1 www.vk.com
127.0.0.1 odnoklassniki.ru
127.0.0.1 www.odnoklassniki.ru
127.0.0.1 facebook.com
127.0.0.1 www.facebook.com
127.0.0.1 af-za.facebook.com
127.0.0.1 az-az.facebook.com
127.0.0.1 id-id.facebook.com
127.0.0.1 ms-my.facebook.com
127.0.0.1 bs-ba.facebook.com
127.0.0.1 ca-es.facebook.com
127.0.0.1 cs-cz.facebook.com
127.0.0.1 cy-gb.facebook.com
127.0.0.1 da-dk.facebook.com
127.0.0.1 de-de.facebook.com
[...]

Finished : << RKreport[7].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt ; RKreport[5].txt ;
RKreport[6].txt ; RKreport[7].txt

Log z postupu číslo 3:

RogueKiller V5.2.7 [06/30/2011] by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-toile.com/discussion- ... ntees.html

Operating System: Windows 7 (6.1.7600 ) 32 bits version
Started in : Normal mode
User: chorche [Admin rights]
Mode: HOSTSFix -- Date : 08/16/2011 14:00:24

Bad processes: 0

HOSTS File:
127.0.0.1 localhost
127.0.0.1 vkontakte.ru
127.0.0.1 www.vkontakte.ru
127.0.0.1 login.vk.com
127.0.0.1 vk.com
127.0.0.1 www.vk.com
127.0.0.1 odnoklassniki.ru
127.0.0.1 www.odnoklassniki.ru
127.0.0.1 facebook.com
127.0.0.1 www.facebook.com
127.0.0.1 af-za.facebook.com
127.0.0.1 az-az.facebook.com
127.0.0.1 id-id.facebook.com
127.0.0.1 ms-my.facebook.com
127.0.0.1 bs-ba.facebook.com
127.0.0.1 ca-es.facebook.com
127.0.0.1 cs-cz.facebook.com
127.0.0.1 cy-gb.facebook.com
127.0.0.1 da-dk.facebook.com
127.0.0.1 de-de.facebook.com
[...]

Resetted HOSTS:
127.0.0.1 localhost

Finished : << RKreport[8].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt ; RKreport[5].txt ;
RKreport[6].txt ; RKreport[7].txt ; RKreport[8].txt

a log z postupu číslo 4.

RogueKiller V5.2.7 [06/30/2011] by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-toile.com/discussion- ... ntees.html

Operating System: Windows 7 (6.1.7600 ) 32 bits version
Started in : Normal mode
User: chorche [Admin rights]
Mode: ProxyFix -- Date : 08/16/2011 14:01:10

Bad processes: 0

Registry Entries: 0

Finished : << RKreport[9].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt ; RKreport[5].txt ;
RKreport[6].txt ; RKreport[7].txt ; RKreport[8].txt ; RKreport[9].txt

jediný program, který jsem měl puštěný je google chrome přes který jsem na tomto foru, snad to nevadí

Ne nevadi, jdeme dale

Pri stahovani ComboFixu - navod a postup nize - jej ulozte jako Beruska.com

PROSIM CTETE DUKLADNE NAVOD - TATO UTILITA MA VELKOU SCHOPNOST MAZAT A JE NUTNE JI APLIKOVAT JEN NA DOPORUCENI, JINAK VAM MUZE JIT SYSTEM DO KYTEK

Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Pokud mate Win XP spustte pod uctem Spravce\Administratora
Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte
Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix

Bohužel tu mám ten samý problém jako dřív s mbam. Uložil jsem to jako Beruška.exe a první spuštění jako správce normálně šlo, ale po chvíli se program sám vypnul a od té doby, při zapnutí jako správce mi to hlásí tuto hlášku: "Systém Windows nemá přístup k určenému zařízení, cestě nebo soubotu. K přístupu k položce pravděpodobně nemáte patřičná oprávnění."

Opakujte postup v nouzovem rezimu (restart PC, mackat F8, zvolit Stav nouze s praci v siti)

Bohužel ani to nepomohlo

Pořád to hází tu samou hlášku, tak jsem to zkusil stáhnout znova s jiným názvem a i v nouzovém režimu s práci v síti se mi to po chvíli samo vyplo a od té doby to při opětovném spuštění jako správce hází tu hlášku.

Stahnete OTM (viz muj podpis)

Pokud pouzivate Win Vista ci W7, kliknete na OTM pravym a dejte Run As Administrator ci Spustit jako spravce
Do leveho okna Paste Instructions for Items to be Moved (pod zlutou caru) vlozte obsah, ktery mate nize

Kód: Vybrat vše

:reg
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"=-
"Adobe ARM"=-
"SunJavaUpdateSched"=-
"LogMeIn Hamachi Ui"=-
"wxpdrv"=-
"tray_ico"=-
"tray_ico0"=-
"tray_ico1"=
"tray_ico2"=-
"tray_ico3"=-
"tray_ico4"=-
"Malwarebytes' Anti-Malware"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6B5863A0-C43F-4C0A-982B-CC0E9125783F}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Google Update"=-
"DAEMON Tools Lite"=-
"EA Core"=-
"Steam"=-

:files
C:\windows\btc_client_iplist.txt
C:\windows\ddh_iplist.txt
C:\windows\l1rezerv.exe
C:\windows\systemup.exe
C:\windows\iecheck_iplist.txt
C:\windows\unrar.exe
C:\windows\sysdriver32_.exe
C:\windows\iplist.txt
C:\windows\sysdriver32.exe
C:\windows\front_ip_list.txt
C:\windows\winlog-ids.txt
C:\windows\winlog-dirs.txt
C:\windows\services32.exe
C:\windows\ufa
C:\windows\rpcminer
C:\windows\phoenix
C:\windows\update.2
C:\windows\update.5.0
C:\windows\av_ico
C:\windows\update.1
C:\windows\update.tray-10-0-lnk
C:\windows\update.tray-10-0
C:\Users\chorche\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll 
C:\Users\chorche\AppData\Roaming\Microsoft\Internet Explorer\qstatsrv.dll
%windir%\system32\*.tmp.dll /s
%windir%\system32\SET*.tmp /s
%windir%\*.tmp

:commands
[RESETHOSTS]
[EMPTYTEMP]
[EMPTYFLASH]

Kliknete na cervene tlacitko MoveIt!
Budete vyzvani na restart, dejte Yes, log pote najdete C:\_OTM\MovedFiles, obsah sem vlozte

Bohužel stále ten samý problém s i tímto programem, zkusil jsem ti rovnou i v nouzovém režimu a nic. Facebook už funguje, ale stále se mi stává že notebook po čase přestane na vše reagovat a jediné co mi zbývá je ho násilně vypnout.

Omlouvám se, ale musím jít z notebooka pryč, mám ještě nějaké zařízování. Mockrát děkuji za pomoc a když tu budete zítra, můžeme pokračovat.

S pozdravem
Jirka

Spustte znovu TDSKiller - log pak sem

Otevrete si poznamkovy blok

Start->spustit->notepad
Vlozte text nize

Kód: Vybrat vše

REGEDIT4

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"=-
"Adobe ARM"=-
"SunJavaUpdateSched"=-
"LogMeIn Hamachi Ui"=-
"wxpdrv"=-
"tray_ico"=-
"tray_ico0"=-
"tray_ico1"=
"tray_ico2"=-
"tray_ico3"=-
"tray_ico4"=-
"Malwarebytes' Anti-Malware"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6B5863A0-C43F-4C0A-982B-CC0E9125783F}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Google Update"=-
"DAEMON Tools Lite"=-
"EA Core"=-
"Steam"=-

Soubor ulozte jako oprava.reg
Pri ukladani dejte ulozit jako typ Vsechny soubory (nastevni je uvedeno na obrazku nize)
Zavrit notepad ale vytvoreny soubor nespoustejte
Soubor oprava.reg ulozte primo na disk c:\ tak aby nebyl v zadne slozce (cesta tedy bude c:\oprava.reg)

Stahnete Avenger (viz muj podpis)

Pokud pouzivate Win Vista ci W7, kliknete na Avenger pravym a dejte Run As Administrator ci Spustit jako spravce
Po spusteni Vas program upozorni, ze vse co delate, delate na vlastni riziko - Dejte OK
Po potvrzeni uz na Vas koukne hlavni okno, kam vlozite skript, ktery mate nize

Kód: Vybrat vše

Files to delete:
C:\windows\btc_client_iplist.txt
C:\windows\ddh_iplist.txt
C:\windows\l1rezerv.exe
C:\windows\systemup.exe
C:\windows\iecheck_iplist.txt
C:\windows\unrar.exe
C:\windows\sysdriver32_.exe
C:\windows\iplist.txt
C:\windows\sysdriver32.exe
C:\windows\front_ip_list.txt
C:\windows\winlog-ids.txt
C:\windows\winlog-dirs.txt
C:\windows\services32.exe

Folders to delete:
C:\windows\ufa
C:\windows\rpcminer
C:\windows\phoenix
C:\windows\update.2
C:\windows\update.5.0
C:\windows\av_ico
C:\windows\update.1
C:\windows\update.tray-10-0-lnk
C:\windows\update.tray-10-0

Programs launch on reboot:
c:\oprava.reg

Do ctverecku u Scan for rootkits a Automatically disable any rootkits found dejte fajecku
Nyni uz kliknete na Execute a potvrdte Yes v nasledujicim okne - timto potvrdite spusteni skriptu
Na otazku Reboot now odpovezte opet OK - timto se PC restartuje
Po restartu by se mel otevrit poznamkovy blok s logem a jeho obsah vlozte sem. Pokud se tak nestane, naleznete pozadovany dokument v C:\avenger.txt

VIRY.CZ

facebook vir

facebook vir

Re: facebook vir

Re: facebook vir

Re: facebook vir

Re: facebook vir

Re: facebook vir

Re: facebook vir

Re: facebook vir

Re: facebook vir

Re: facebook vir

Re: facebook vir

Re: facebook vir

Re: facebook vir