VIRY.CZ

teraz musim ist do prace,okolo 2-hej sa vratim odstaveny eset //tLogfile of random's system information tool 1.09 (written by random/random)
Run by Administrator at 2011-12-02 06:18:57
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 2 GB (28%) free of 8 GB
Total RAM: 511 MB (50% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 06:19:19, on 2.12.2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
D:\ANTIVIRY\SUPERANTISPYWER\SASCORE.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
D:\ANTIVIRY\ESS\ekrn.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
E:\Programy\RSIT.exe
C:\Program Files\Trend Micro\Administrator.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.sk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O20 - Winlogon Notify: !SASWinLogon - D:\ANTIVIRY\SUPERANTISPYWER\SASWINLO.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - D:\ANTIVIRY\SUPERANTISPYWER\SASCORE.EXE
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ESET Service (ekrn) - Unknown owner - D:\ANTIVIRY\ESS\ekrn.exe (file missing)

--
End of file - 2473 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Adobe Flash Player Updater.job

======Registry dump======

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
D:\ANTIVIRY\MBAM\Malwarebytes' Anti-Malware\mbamgui.exe [2010-12-20 443728]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
D:\ANTIVIRY\SUPERANTISPYWER\SUPERAntiSpyware.exe [2011-11-28 4617600]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
D:\UTILITY\Unlocker\UnlockerAssistant.exe [2010-07-04 17408]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"sdCoreService"=2
"sdAuxService"=2
"sp_rssrv"=2
"cmdAgent"=2

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
D:\ANTIVIRY\SUPERANTISPYWER\SASWINLO.DLL [2011-05-04 551296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=D:\ANTIVIRY\SUPERANTISPYWER\SASSEH.DLL [2011-07-19 113024]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\!SASCORE]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=67108863
"NoDrives"=0
"NoInstrumentation"=1
"NoDriveTypeAutoRun"=0x43010000

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0
"HonorAutoRunSetting"=1
"NoResolveSearch"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"D:\My Download Files\Subory\Skype\Phone\Skype.exe"="D:\My Download Files\Subory\Skype\Phone\Skype.exe:*:Enabled:Skype"
"D:\My Download Files\Subory\Skype\Plugin Manager\skypePM.exe"="D:\My Download Files\Subory\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"VIDC.I420"=msh263.drv
"vidc.iv31"=C:\WINDOWS\system32\ir32_32.dll
"vidc.iv32"=C:\WINDOWS\system32\ir32_32.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVU9"=tsbyuv.dll
"VIDC.YVYU"=msyuv.dll
"wavemapper"=msacm32.drv
"wave"=serwvdrv.dll
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.l3acm"=C:\WINDOWS\System32\l3codeca.acm
"MSVideo8"=VfWWDM32.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer"=wdmaud.drv
"vidc.iv50"=ir50_32.dll
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"VIDC.IV41"=IR41_32.AX
"wave2"=wdmaud.drv
"wave3"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer1"=wdmaud.drv
"wave4"=serwvdrv.dll
"wave5"=serwvdrv.dll
"midi"=wdmaud.drv

======List of files/folders created in the last 1 month======

2011-12-02 06:18:57 ----D---- C:\rsit
2011-12-02 05:02:50 ----A---- C:\WINDOWS\system32\PerfStringBackup.TMP
2011-12-02 05:01:17 ----D---- C:\Program Files\Microsoft.NET
2011-12-02 04:59:38 ----D---- C:\WINDOWS\LastGood
2011-12-01 23:27:37 ----N---- C:\WINDOWS\SchedLgU.Txt
2011-12-01 23:08:40 ----D---- C:\Avenger
2011-12-01 22:34:44 ----D---- C:\Documents and Settings\All Users\Data aplikací\RH_Backups
2011-12-01 22:29:27 ----A---- C:\avenger.txt
2011-12-01 21:12:05 ----AD---- C:\Documents and Settings\All Users\Data aplikací\TEMP
2011-12-01 21:11:50 ----A---- C:\WINDOWS\system32\ssubtmr6.dll
2011-12-01 20:39:02 ----D---- C:\Documents and Settings\All Users\Data aplikací\AVAST Software
2011-12-01 18:59:20 ----D---- C:\Documents and Settings\All Users\Data aplikací\NortonInstaller
2011-12-01 15:00:49 ----HD---- C:\Program Files\InstallShield Installation Information
2011-12-01 15:00:13 ----D---- C:\Program Files\Common Files\InstallShield
2011-12-01 08:44:28 ----A---- C:\WINDOWS\system32\drivers\69663908.sys
2011-11-30 20:21:49 ----D---- C:\Documents and Settings\Administrator\Data aplikací\ESET
2011-11-30 20:19:24 ----D---- C:\Documents and Settings\All Users\Data aplikací\ESET
2011-11-29 22:55:54 ----SHD---- C:\RECYCLER
2011-11-29 22:52:31 ----D---- C:\WINDOWS\temp
2011-11-29 19:09:59 ----A---- C:\WINDOWS\system32\cmfdll32.dll
2011-11-28 15:36:03 ----A---- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2011-11-28 15:35:54 ----A---- C:\WINDOWS\system32\drivers\mbam.sys
2011-11-28 05:22:30 ----D---- C:\Program Files\DVDVideoSoft
2011-11-28 05:22:30 ----D---- C:\Program Files\Common Files\DVDVideoSoft
2011-11-27 18:37:52 ----D---- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
2011-11-27 17:05:42 ----A---- C:\WINDOWS\UC.PIF
2011-11-27 17:05:42 ----A---- C:\WINDOWS\RAR.PIF
2011-11-27 17:05:42 ----A---- C:\WINDOWS\NOCLOSE.PIF
2011-11-27 17:05:42 ----A---- C:\WINDOWS\LHA.PIF
2011-11-27 17:05:42 ----A---- C:\WINDOWS\ARJ.PIF
2011-11-27 14:32:13 ----A---- C:\WINDOWS\system32\FlashPlayerApp.exe
2011-11-27 10:43:55 ----D---- C:\Program Files\Google
2011-11-26 21:12:06 ----RASHD---- C:\cmdcons
2011-11-26 20:05:18 ----D---- C:\Documents and Settings\Administrator\Data aplikací\SUPERAntiSpyware.com
2011-11-26 20:03:58 ----D---- C:\Documents and Settings\All Users\Data aplikací\SUPERAntiSpyware.com
2011-11-26 20:03:19 ----D---- C:\Documents and Settings\All Users\Data aplikací\SUPERSetup
2011-11-26 14:09:06 ----A---- C:\WINDOWS\CMDLIC.DLL
2011-11-26 13:50:02 ----D---- C:\Documents and Settings\Administrator\Data aplikací\Comodo
2011-11-26 00:45:22 ----A---- C:\WINDOWS\system32\bootdelete.exe
2011-11-25 20:02:43 ----D---- C:\Documents and Settings\All Users\Data aplikací\Comodo
2011-11-25 19:33:13 ----A---- C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2011-11-25 19:27:14 ----D---- C:\Documents and Settings\All Users\Data aplikací\Webroot
2011-11-23 21:25:42 ----D---- C:\Program Files\Lavalys
2011-11-23 20:44:05 ----A---- C:\WINDOWS\system32\IDEproperty.dll
2011-11-23 20:44:05 ----A---- C:\WINDOWS\system32\drivers\sisidex.sys
2011-11-23 20:44:04 ----A---- C:\WINDOWS\system32\drivers\sisperf.sys
2011-11-23 20:43:37 ----A---- C:\WINDOWS\IsUn041b.exe
2011-11-23 20:42:45 ----A---- C:\WINDOWS\system32\drivers\siside.sys
2011-11-23 20:41:22 ----A---- C:\WINDOWS\system32\drivers\mdmxsdk.sys
2011-11-23 20:41:21 ----A---- C:\WINDOWS\system32\mdmxsdk.dll
2011-11-23 19:07:18 ----A---- C:\WINDOWS\system32\drivers\sfi.dat
2011-11-21 16:46:19 ----D---- C:\Documents and Settings\Administrator\Data aplikací\Malwarebytes
2011-11-07 20:46:21 ----A---- C:\WINDOWS\system32\drivers\01981899.sys
2011-11-03 19:15:13 ----D---- C:\Documents and Settings\All Users\Data aplikací\CheckPoint
2011-11-03 06:26:18 ----D---- C:\Program Files\Sun
2011-11-03 05:07:35 ----D---- C:\Documents and Settings\All Users\Data aplikací\Office Genuine Advantage

======List of files/folders modified in the last 1 month======

2011-12-02 06:18:59 ----D---- C:\Program Files\Trend Micro
2011-12-02 06:16:05 ----D---- C:\WINDOWS\Prefetch
2011-12-02 06:04:34 ----D---- C:\WINDOWS\system32
2011-12-02 05:14:43 ----SHD---- C:\WINDOWS\Installer
2011-12-02 05:14:43 ----D---- C:\Config.Msi
2011-12-02 05:14:35 ----D---- C:\WINDOWS\assembly
2011-12-02 05:13:55 ----D---- C:\WINDOWS\system32\cs-CZ
2011-12-02 05:12:19 ----D---- C:\WINDOWS\WinSxS
2011-12-02 05:02:19 ----D---- C:\WINDOWS\system32\en-US
2011-12-02 05:01:58 ----D---- C:\WINDOWS\Microsoft.NET
2011-12-02 05:01:46 ----D---- C:\WINDOWS
2011-12-02 05:01:17 ----RD---- C:\Program Files
2011-12-02 04:59:52 ----HD---- C:\WINDOWS\inf
2011-12-02 04:59:51 ----D---- C:\WINDOWS\system32\drivers
2011-12-02 04:59:39 ----D---- C:\WINDOWS\system32\CatRoot2
2011-12-01 23:39:43 ----D---- C:\WINDOWS\system32\CatRoot
2011-12-01 23:28:28 ----D---- C:\WINDOWS\SoftwareDistribution
2011-12-01 20:55:34 ----SHD---- C:\System Volume Information
2011-12-01 19:36:28 ----D---- C:\Program Files\Common Files
2011-12-01 13:48:46 ----SD---- C:\WINDOWS\Downloaded Program Files
2011-12-01 13:00:25 ----D---- C:\Program Files\WinRAR
2011-12-01 13:00:19 ----D---- C:\WINDOWS\system32\NtmsData
2011-12-01 12:58:13 ----A---- C:\WINDOWS\system.ini
2011-12-01 04:04:48 ----D---- C:\WINDOWS\Help
2011-11-30 15:06:17 ----D---- C:\WINDOWS\Resources
2011-11-30 14:38:32 ----HDC---- C:\WINDOWS\ie8
2011-11-30 05:45:46 ----HD---- C:\WINDOWS\$hf_mig$
2011-11-29 23:49:09 ----D---- C:\WINDOWS\system32\Restore
2011-11-29 22:43:38 ----D---- C:\WINDOWS\system32\drivers\etc
2011-11-29 22:32:45 ----D---- C:\WINDOWS\AppPatch
2011-11-29 21:55:24 ----SHD---- C:\WINDOWS\CSC
2011-11-29 21:55:22 ----D---- C:\WINDOWS\system32\usmt
2011-11-29 14:36:48 ----D---- C:\Documents and Settings\Administrator\Data aplikací\Opera
2011-11-28 22:51:58 ----D---- C:\WINDOWS\Debug
2011-11-28 21:41:46 ----D---- C:\Documents and Settings\Administrator\Data aplikací\CheckPoint
2011-11-28 20:40:09 ----D---- C:\WINDOWS\system32\config
2011-11-27 19:13:24 ----SD---- C:\WINDOWS\Tasks
2011-11-27 18:50:49 ----D---- C:\WINDOWS\Driver Cache
2011-11-27 18:48:51 ----D---- C:\WINDOWS\security
2011-11-27 14:36:17 ----SD---- C:\Documents and Settings\Administrator\Data aplikací\Microsoft
2011-11-27 14:30:02 ----D---- C:\Program Files\Adobe
2011-11-27 11:27:18 ----D---- C:\WINDOWS\Minidump
2011-11-27 10:12:30 ----D---- C:\Documents and Settings\Administrator\Data aplikací\Auslogics
2011-11-27 09:17:05 ----D---- C:\WINDOWS\Registration
2011-11-26 22:57:40 ----D---- C:\WINDOWS\repair
2011-11-26 21:12:13 ----RASH---- C:\boot.ini
2011-11-23 20:43:59 ----D---- C:\WINDOWS\system32\ReinstallBackups
2011-11-05 07:34:05 ----A---- C:\WINDOWS\system32\deployJava1.dll
2011-11-03 05:36:20 ----D---- C:\Program Files\Messenger
2011-11-03 04:46:58 ----A---- C:\WINDOWS\win.ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 01981899;01981899; C:\WINDOWS\system32\DRIVERS\01981899.sys [2011-11-07 133208]
R0 69663908;69663908; C:\WINDOWS\system32\DRIVERS\69663908.sys [2011-12-01 133208]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2007-03-08 43528]
R0 sisagp;Filtr SIS sběrnice AGP ; C:\WINDOWS\System32\DRIVERS\sisagp.sys [2008-04-13 40960]
R0 SiSide;SiSide; C:\WINDOWS\system32\DRIVERS\siside.sys [2000-01-01 4096]
R0 sisidex;sisidex; C:\WINDOWS\system32\drivers\sisidex.sys [2000-01-01 49024]
R0 sisperf;Add Performance Filter Driver; C:\WINDOWS\system32\drivers\sisperf.sys [2000-01-01 9472]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2009-07-13 91904]
R1 SASDIFSV;SASDIFSV; \??\D:\ANTIVIRY\SUPERANTISPYWER\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\D:\ANTIVIRY\SUPERANTISPYWER\SASKUTIL.SYS []
R2 Fallback;Fallback; C:\WINDOWS\System32\DRIVERS\HSF_FALL.sys [2001-08-17 289887]
R2 Fsks;Fsks; C:\WINDOWS\System32\DRIVERS\HSF_FSKS.sys [2001-08-17 115807]
R2 K56;K56; C:\WINDOWS\System32\DRIVERS\HSF_K56K.sys [2001-08-17 391199]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys [2004-08-03 11868]
R2 SoftFax;SoftFax; C:\WINDOWS\System32\DRIVERS\HSF_FAXX.sys [2001-08-17 199711]
R2 SpeakerPhone;SpeakerPhone; C:\WINDOWS\System32\DRIVERS\HSF_SPKP.sys [2001-08-17 73279]
R2 Tones;Tones; C:\WINDOWS\System32\DRIVERS\HSF_TONE.sys [2001-08-17 50751]
R2 V124;V124; C:\WINDOWS\System32\DRIVERS\HSF_V124.sys [2001-08-17 488383]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2008-09-24 4122368]
R3 HSF_DP;HSF_DP; C:\WINDOWS\System32\DRIVERS\HSFDPSP2.sys [2004-08-03 1041536]
R3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\System32\DRIVERS\HSFBS2S2.sys [2004-08-03 220032]
R3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
R3 PAC207;Trust WB-1400T Webcam; C:\WINDOWS\system32\DRIVERS\PFC027.SYS [2007-05-14 508288]
R3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
R3 S3SAVAGE4;S3SAVAGE4; C:\WINDOWS\system32\DRIVERS\s3savg4m.sys [2000-08-10 84704]
R3 winachsf;winachsf; C:\WINDOWS\System32\DRIVERS\HSFCXTS2.sys [2004-08-03 685056]
R4 eamon;eamon; C:\WINDOWS\system32\DRIVERS\eamon.sys []
R4 ehdrv;ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys []
R4 epfw;epfw; C:\WINDOWS\system32\DRIVERS\epfw.sys []
R4 Epfwndis;Eset Personal Firewall; C:\WINDOWS\system32\DRIVERS\Epfwndis.sys []
R4 epfwtdi;epfwtdi; C:\WINDOWS\system32\DRIVERS\epfwtdi.sys []
S0 dwshd;dwshd; C:\WINDOWS\system32\drivers\dwshd.sys []
S2 cmfd;cmfd; \??\D:\FIREWALLY\ComodoFirewall\cmfd.sys []
S3 Afc;PPdus ASPI Shell; C:\WINDOWS\system32\drivers\Afc.sys [2005-02-23 11776]
S3 ALCXSENS;Service for WDM 3D Audio Driver; C:\WINDOWS\system32\drivers\ALCXSENS.sys []
S3 AmdLLD;AMD Low Level Device Driver; C:\WINDOWS\system32\drivers\AmdLLD.sys []
S3 basic2;basic2; C:\WINDOWS\System32\DRIVERS\HSF_BSC2.sys [2001-08-17 67167]
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 hsf_msft;hsf_msft; C:\WINDOWS\System32\DRIVERS\HSF_MSFT.sys [2001-08-17 542879]
S3 ms_mpu401;Microsoft MPU-401 MIDI UART Driver; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-17 2944]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 PRODIGY;PRODIGY; C:\WINDOWS\System32\Drivers\PRODIGY.SYS [2006-08-29 32377]
S3 Revoflt;Revoflt; C:\WINDOWS\system32\DRIVERS\revoflt.sys [2009-12-30 27064]
S3 Rksample;Rksample; C:\WINDOWS\System32\DRIVERS\HSF_SAMP.sys [2001-08-17 57471]
S3 S3SAVAGE4M;S3SAVAGE4M; C:\WINDOWS\System32\DRIVERS\s3sav4m.sys [2001-08-17 77824]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 SWUMX20;Sierra Wireless USB MUX Driver (UMTS20); C:\WINDOWS\system32\DRIVERS\swumx20.sys []
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 usbser;USB Modem Driver; C:\WINDOWS\system32\drivers\usbser.sys [2008-04-13 26112]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2009-07-14 444136]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2009-07-13 132224]
S4 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-10-25 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 !SASCORE;SAS Core Service; D:\ANTIVIRY\SUPERANTISPYWER\SASCORE.EXE [2011-08-12 116608]
R2 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:\Program Files\Bonjour\mDNSResponder.exe [2006-02-28 229376]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 ekrn;ESET Service; D:\ANTIVIRY\ESS\ekrn.exe []
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2011-11-27 252064]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2010-03-18 35160]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S4 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-30 69632]
S4 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2011-11-27 136176]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]

-----------------EOF-----------------

Zdravim a pekny den preji

Ten ESET mate legalni = zakoupena licence

Stahnete si TDSSKiller http://support.kaspersky.com/downloads/ ... killer.exe

• Utilitu spustte a prikazte ji, at skenuje - klik na Start Scan
• Pokud utilita najde infikekci, bude ji chtit lecit (Cure), povolte leceni kliknutim na Continue
• Pokud utilita najde podezrely soubor (suspicious), bude jej chtit preskocit (Skip), povolte preskoceni kliknutim na Continue
• Po dokonceni skenu bude mozna nutny restart PC, povolte jej kliknutim na Reboot now
• Po restartu na Vas vyskoci log, pokud se tak nestane, najdete jej primo na disku, kde mate Windows (obvykle c:\) ve tvaru TDSSKiller.nejaka cisilka _log.txt - jeho obsah sem vlozte
• Pokud restart nebude vyzadovan, kliknete na Close a nasledne na Report - vytvori se log - jeho obsah sem vlozte

PROSIM CTETE DUKLADNE NAVOD - TATO UTILITA MA VELKOU SCHOPNOST MAZAT A JE NUTNE JI APLIKOVAT JEN NA DOPORUCENI, JINAK VAM MUZE JIT SYSTEM DO KYTEK
Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe

• Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.
• Pokud mate Win XP spustte pod uctem Spravce\Administratora
• Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
• Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
• Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
• Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
• Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
• Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte
• Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix

Eset mam na 30dni-----14:46:17.0284 0628 TDSS rootkit removing tool 2.6.21.0 Nov 24 2011 12:32:44
14:46:17.0634 0628 ============================================================
14:46:17.0634 0628 Current date / time: 2011/12/02 14:46:17.0634
14:46:17.0634 0628 SystemInfo:
14:46:17.0634 0628
14:46:17.0634 0628 OS Version: 5.1.2600 ServicePack: 3.0
14:46:17.0634 0628 Product type: Workstation
14:46:17.0634 0628 ComputerName: TEREZIA
14:46:17.0634 0628 UserName: Administrator
14:46:17.0634 0628 Windows directory: C:\WINDOWS
14:46:17.0634 0628 System windows directory: C:\WINDOWS
14:46:17.0634 0628 Processor architecture: Intel x86
14:46:17.0634 0628 Number of processors: 1
14:46:17.0634 0628 Page size: 0x1000
14:46:17.0634 0628 Boot type: Normal boot
14:46:17.0634 0628 ============================================================
14:46:18.0205 0628 Initialize success
14:46:22.0071 0620 ============================================================
14:46:22.0071 0620 Scan started
14:46:22.0071 0620 Mode: Manual;
14:46:22.0071 0620 ============================================================
14:46:22.0722 0620 01981899 (186b54479d98e48aee0e9ada4b3c4d31) C:\WINDOWS\system32\DRIVERS\01981899.sys
14:46:22.0732 0620 01981899 - ok
14:46:22.0932 0620 69663908 (186b54479d98e48aee0e9ada4b3c4d31) C:\WINDOWS\system32\DRIVERS\69663908.sys
14:46:22.0942 0620 69663908 - ok
14:46:23.0062 0620 Abiosdsk - ok
14:46:23.0162 0620 abp480n5 - ok
14:46:23.0312 0620 ACPI (4fe34f1f3126b61fcc6b2043aa8112c9) C:\WINDOWS\system32\DRIVERS\ACPI.sys
14:46:23.0332 0620 ACPI - ok
14:46:23.0553 0620 ACPIEC (afdff022a01f0b11c776f0860c3b282f) C:\WINDOWS\system32\drivers\ACPIEC.sys
14:46:23.0553 0620 ACPIEC - ok
14:46:23.0673 0620 adpu160m - ok
14:46:23.0813 0620 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
14:46:23.0823 0620 aec - ok
14:46:23.0933 0620 Afc (a7b8a3a79d35215d798a300df49ed23f) C:\WINDOWS\system32\drivers\Afc.sys
14:46:23.0933 0620 Afc - ok
14:46:24.0063 0620 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
14:46:24.0073 0620 AFD - ok
14:46:24.0184 0620 Aha154x - ok
14:46:24.0284 0620 aic78u2 - ok
14:46:24.0374 0620 aic78xx - ok
14:46:24.0464 0620 ALCXSENS - ok
14:46:24.0835 0620 ALCXWDM (dd8520280304b6145a6be31008748c7c) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
14:46:25.0055 0620 ALCXWDM - ok
14:46:25.0185 0620 AliIde - ok
14:46:25.0275 0620 AmdLLD - ok
14:46:25.0365 0620 amsint - ok
14:46:25.0445 0620 asc - ok
14:46:25.0586 0620 asc3350p - ok
14:46:25.0736 0620 asc3550 - ok
14:46:25.0926 0620 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
14:46:25.0926 0620 AsyncMac - ok
14:46:26.0086 0620 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
14:46:26.0086 0620 atapi - ok
14:46:26.0217 0620 Atdisk - ok
14:46:26.0387 0620 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
14:46:26.0397 0620 Atmarpc - ok
14:46:26.0567 0620 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
14:46:26.0567 0620 audstub - ok
14:46:26.0707 0620 basic2 (1b9c81ab9a456eabd9f8335f04b5f495) C:\WINDOWS\system32\DRIVERS\HSF_BSC2.sys
14:46:26.0717 0620 basic2 - ok
14:46:26.0867 0620 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
14:46:26.0867 0620 Beep - ok
14:46:27.0068 0620 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
14:46:27.0068 0620 cbidf2k - ok
14:46:27.0208 0620 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
14:46:27.0208 0620 CCDECODE - ok
14:46:27.0348 0620 cd20xrnt - ok
14:46:27.0488 0620 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
14:46:27.0498 0620 Cdaudio - ok
14:46:27.0639 0620 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
14:46:27.0649 0620 Cdfs - ok
14:46:27.0789 0620 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
14:46:27.0789 0620 Cdrom - ok
14:46:27.0929 0620 Changer - ok
14:46:28.0179 0620 CmdIde - ok
14:46:28.0239 0620 cmfd - ok
14:46:28.0410 0620 Cpqarray - ok
14:46:28.0520 0620 dac2w2k - ok
14:46:28.0640 0620 dac960nt - ok
14:46:28.0830 0620 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
14:46:28.0840 0620 Disk - ok
14:46:29.0061 0620 dmboot (db5fd2bf5b07dc54bfcb3664ff05bd7c) C:\WINDOWS\system32\drivers\dmboot.sys
14:46:29.0101 0620 dmboot - ok
14:46:29.0281 0620 dmio (fff1720af51171f32f1ead5cf71f2810) C:\WINDOWS\system32\drivers\dmio.sys
14:46:29.0281 0620 dmio - ok
14:46:29.0441 0620 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
14:46:29.0441 0620 dmload - ok
14:46:29.0641 0620 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
14:46:29.0641 0620 DMusic - ok
14:46:29.0802 0620 dpti2o - ok
14:46:29.0922 0620 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
14:46:29.0922 0620 drmkaud - ok
14:46:30.0052 0620 dwshd - ok
14:46:30.0312 0620 Fallback (c823debe2548656549f84a875d65237b) C:\WINDOWS\system32\DRIVERS\HSF_FALL.sys
14:46:30.0322 0620 Fallback - ok
14:46:30.0513 0620 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
14:46:30.0563 0620 Fastfat - ok
14:46:30.0713 0620 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
14:46:30.0723 0620 Fdc - ok
14:46:30.0923 0620 Fips (ac366695a0796560aa37215ad5762aaf) C:\WINDOWS\system32\drivers\Fips.sys
14:46:30.0923 0620 Fips - ok
14:46:31.0084 0620 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
14:46:31.0084 0620 Flpydisk - ok
14:46:31.0234 0620 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
14:46:31.0264 0620 FltMgr - ok
14:46:31.0414 0620 Fsks (6483414841d4cab6c3b4db2ac6edd70b) C:\WINDOWS\system32\DRIVERS\HSF_FSKS.sys
14:46:31.0424 0620 Fsks - ok
14:46:31.0544 0620 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
14:46:31.0554 0620 Fs_Rec - ok
14:46:31.0684 0620 Ftdisk (4e664d8541db4a66b73a24257e322e1f) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
14:46:31.0694 0620 Ftdisk - ok
14:46:31.0835 0620 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys
14:46:31.0845 0620 gameenum - ok
14:46:32.0025 0620 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
14:46:32.0035 0620 Gpc - ok
14:46:32.0205 0620 hpn - ok
14:46:32.0355 0620 HSFHWBS2 (970178e8e003eb1481293830069624b9) C:\WINDOWS\system32\DRIVERS\HSFBS2S2.sys
14:46:32.0385 0620 HSFHWBS2 - ok
14:46:32.0576 0620 HSF_DP (ebb354438a4c5a3327fb97306260714a) C:\WINDOWS\system32\DRIVERS\HSFDPSP2.sys
14:46:32.0656 0620 HSF_DP - ok
14:46:32.0826 0620 hsf_msft (74e379857d4c0dfb56de2d19b8f4c434) C:\WINDOWS\system32\DRIVERS\HSF_MSFT.sys
14:46:32.0896 0620 hsf_msft - ok
14:46:33.0016 0620 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
14:46:33.0026 0620 HTTP - ok
14:46:33.0167 0620 i2omgmt - ok
14:46:33.0267 0620 i2omp - ok
14:46:33.0407 0620 i8042prt (c528e27945367191e7bae364930b6932) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
14:46:33.0407 0620 i8042prt - ok
14:46:33.0547 0620 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
14:46:33.0547 0620 Imapi - ok
14:46:33.0677 0620 ini910u - ok
14:46:33.0797 0620 IntelIde - ok
14:46:33.0928 0620 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
14:46:33.0928 0620 ip6fw - ok
14:46:34.0048 0620 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
14:46:34.0048 0620 IpFilterDriver - ok
14:46:34.0168 0620 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
14:46:34.0168 0620 IpInIp - ok
14:46:34.0288 0620 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
14:46:34.0298 0620 IpNat - ok
14:46:34.0418 0620 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
14:46:34.0438 0620 IPSec - ok
14:46:34.0549 0620 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
14:46:34.0549 0620 IRENUM - ok
14:46:34.0679 0620 isapnp (cc9f8a2d60aed1a51a3ac34c59b987ae) C:\WINDOWS\system32\DRIVERS\isapnp.sys
14:46:34.0679 0620 isapnp - ok
14:46:34.0799 0620 K56 (9c5e3fdbfcc30cf71a49ca178b9ad442) C:\WINDOWS\system32\DRIVERS\HSF_K56K.sys
14:46:34.0819 0620 K56 - ok
14:46:34.0959 0620 Kbdclass (1b6162fe7f66b1a71a4b70f941c4aa9b) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
14:46:34.0959 0620 Kbdclass - ok
14:46:35.0099 0620 kmixer (d93cad07c5683db066b0b2d2d3790ead) C:\WINDOWS\system32\drivers\kmixer.sys
14:46:35.0109 0620 kmixer - ok
14:46:35.0240 0620 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
14:46:35.0240 0620 KSecDD - ok
14:46:35.0380 0620 lbrtfdc - ok
14:46:35.0540 0620 mdmxsdk (195741aee20369980796b557358cd774) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
14:46:35.0540 0620 mdmxsdk - ok
14:46:35.0660 0620 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
14:46:35.0670 0620 mnmdd - ok
14:46:35.0790 0620 Modem (44032b0c6d9954d3fd26438330b99ee7) C:\WINDOWS\system32\drivers\Modem.sys
14:46:35.0790 0620 Modem - ok
14:46:35.0921 0620 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
14:46:35.0921 0620 MODEMCSA - ok
14:46:36.0071 0620 Mouclass (4cb582831dbde63ce43b45d771218374) C:\WINDOWS\system32\DRIVERS\mouclass.sys
14:46:36.0071 0620 Mouclass - ok
14:46:36.0191 0620 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
14:46:36.0201 0620 MountMgr - ok
14:46:36.0311 0620 mraid35x - ok
14:46:36.0441 0620 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
14:46:36.0451 0620 MRxDAV - ok
14:46:36.0642 0620 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
14:46:36.0662 0620 MRxSmb - ok
14:46:36.0852 0620 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
14:46:36.0852 0620 Msfs - ok
14:46:36.0972 0620 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
14:46:36.0982 0620 MSKSSRV - ok
14:46:37.0122 0620 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
14:46:37.0122 0620 MSPCLOCK - ok
14:46:37.0232 0620 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
14:46:37.0242 0620 MSPQM - ok
14:46:37.0373 0620 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
14:46:37.0373 0620 mssmbios - ok
14:46:37.0483 0620 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
14:46:37.0493 0620 MSTEE - ok
14:46:37.0603 0620 ms_mpu401 (ca3e22598f411199adc2dfee76cd0ae0) C:\WINDOWS\system32\drivers\msmpu401.sys
14:46:37.0603 0620 ms_mpu401 - ok
14:46:37.0733 0620 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
14:46:37.0743 0620 Mup - ok
14:46:37.0883 0620 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
14:46:37.0883 0620 NABTSFEC - ok
14:46:38.0034 0620 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
14:46:38.0044 0620 NDIS - ok
14:46:38.0194 0620 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
14:46:38.0194 0620 NdisIP - ok
14:46:38.0304 0620 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
14:46:38.0304 0620 NdisTapi - ok
14:46:38.0434 0620 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
14:46:38.0434 0620 Ndisuio - ok
14:46:38.0554 0620 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
14:46:38.0564 0620 NdisWan - ok
14:46:38.0684 0620 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
14:46:38.0695 0620 NDProxy - ok
14:46:38.0805 0620 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
14:46:38.0815 0620 NetBIOS - ok
14:46:38.0955 0620 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
14:46:38.0965 0620 NetBT - ok
14:46:39.0195 0620 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
14:46:39.0195 0620 Npfs - ok
14:46:39.0355 0620 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
14:46:39.0416 0620 Ntfs - ok
14:46:39.0566 0620 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
14:46:39.0566 0620 Null - ok
14:46:39.0696 0620 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
14:46:39.0696 0620 NwlnkFlt - ok
14:46:39.0816 0620 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
14:46:39.0816 0620 NwlnkFwd - ok
14:46:39.0996 0620 PAC207 (54183d1ec4a8658bbacb31acd0c8f6df) C:\WINDOWS\system32\DRIVERS\PFC027.SYS
14:46:40.0016 0620 PAC207 - ok
14:46:40.0157 0620 Parport (46f8db73b4a53e543f8e371dc7c75bae) C:\WINDOWS\system32\DRIVERS\parport.sys
14:46:40.0157 0620 Parport - ok
14:46:40.0287 0620 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
14:46:40.0297 0620 PartMgr - ok
14:46:40.0417 0620 ParVdm (1fae19d0457176318bba4a8795656ebc) C:\WINDOWS\system32\drivers\ParVdm.sys
14:46:40.0417 0620 ParVdm - ok
14:46:40.0547 0620 pccsmcfd (fd2041e9ba03db7764b2248f02475079) C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys
14:46:40.0547 0620 pccsmcfd - ok
14:46:40.0657 0620 PCI (6ce351d149cb4befc702951e471e1730) C:\WINDOWS\system32\DRIVERS\pci.sys
14:46:40.0657 0620 PCI - ok
14:46:40.0767 0620 PCIDump - ok
14:46:40.0898 0620 PCIIde (2da4ec85e0ea7a45c6b2a05820492d5a) C:\WINDOWS\system32\DRIVERS\pciide.sys
14:46:40.0898 0620 PCIIde - ok
14:46:41.0048 0620 Pcmcia (4fc31e6c19a5ce5198b1abff94cae758) C:\WINDOWS\system32\drivers\Pcmcia.sys
14:46:41.0058 0620 Pcmcia - ok
14:46:41.0178 0620 PDCOMP - ok
14:46:41.0288 0620 PDFRAME - ok
14:46:41.0388 0620 PDRELI - ok
14:46:41.0519 0620 PDRFRAME - ok
14:46:41.0609 0620 perc2 - ok
14:46:41.0699 0620 perc2hib - ok
14:46:41.0939 0620 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
14:46:41.0939 0620 PptpMiniport - ok
14:46:42.0069 0620 Processor (7eb15dce4ec3a0220bd796a15c18186e) C:\WINDOWS\system32\DRIVERS\processr.sys
14:46:42.0069 0620 Processor - ok
14:46:42.0170 0620 PRODIGY (65937a34c9a5741e3030a86905400d91) C:\WINDOWS\system32\Drivers\PRODIGY.SYS
14:46:42.0180 0620 PRODIGY - ok
14:46:42.0320 0620 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
14:46:42.0320 0620 PSched - ok
14:46:42.0440 0620 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
14:46:42.0440 0620 Ptilink - ok
14:46:42.0570 0620 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys
14:46:42.0570 0620 PxHelp20 - ok
14:46:42.0670 0620 ql1080 - ok
14:46:42.0790 0620 Ql10wnt - ok
14:46:42.0891 0620 ql12160 - ok
14:46:42.0981 0620 ql1240 - ok
14:46:43.0091 0620 ql1280 - ok
14:46:43.0211 0620 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
14:46:43.0211 0620 RasAcd - ok
14:46:43.0321 0620 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
14:46:43.0331 0620 Rasl2tp - ok
14:46:43.0451 0620 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
14:46:43.0451 0620 RasPppoe - ok
14:46:43.0572 0620 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
14:46:43.0572 0620 Raspti - ok
14:46:43.0712 0620 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
14:46:43.0712 0620 Rdbss - ok
14:46:43.0852 0620 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
14:46:43.0862 0620 RDPCDD - ok
14:46:43.0982 0620 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
14:46:43.0992 0620 rdpdr - ok
14:46:44.0142 0620 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
14:46:44.0142 0620 RDPWD - ok
14:46:44.0273 0620 redbook (611bfd220305be3a85ae876ea47d4aa5) C:\WINDOWS\system32\DRIVERS\redbook.sys
14:46:44.0283 0620 redbook - ok
14:46:44.0423 0620 Revoflt (8b5b8a11306190c6963d3473f052d3c8) C:\WINDOWS\system32\DRIVERS\revoflt.sys
14:46:44.0423 0620 Revoflt - ok
14:46:44.0543 0620 Rksample (bb7549bd94d1aac3599c7606c50c48a0) C:\WINDOWS\system32\DRIVERS\HSF_SAMP.sys
14:46:44.0543 0620 Rksample - ok
14:46:44.0693 0620 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
14:46:44.0693 0620 rtl8139 - ok
14:46:44.0813 0620 S3SAVAGE4 (d623d3198d23b85674f56506854c04f1) C:\WINDOWS\system32\DRIVERS\s3savg4m.sys
14:46:44.0823 0620 S3SAVAGE4 - ok
14:46:44.0943 0620 S3SAVAGE4M (dddc792753e657a9932029c46e60fe52) C:\WINDOWS\system32\DRIVERS\s3sav4m.sys
14:46:44.0954 0620 S3SAVAGE4M - ok
14:46:45.0044 0620 SASDIFSV (39763504067962108505bff25f024345) D:\ANTIVIRY\SUPERANTISPYWER\SASDIFSV.SYS
14:46:45.0044 0620 SASDIFSV - ok
14:46:45.0084 0620 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) D:\ANTIVIRY\SUPERANTISPYWER\SASKUTIL.SYS
14:46:45.0094 0620 SASKUTIL - ok
14:46:45.0244 0620 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
14:46:45.0254 0620 Secdrv - ok
14:46:45.0384 0620 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
14:46:45.0394 0620 serenum - ok
14:46:45.0494 0620 Serial (b842729337c9b921615c40d3c1a1af96) C:\WINDOWS\system32\DRIVERS\serial.sys
14:46:45.0504 0620 Serial - ok
14:46:45.0735 0620 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
14:46:45.0745 0620 Sfloppy - ok
14:46:45.0875 0620 Simbad - ok
14:46:46.0005 0620 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
14:46:46.0005 0620 sisagp - ok
14:46:46.0115 0620 SiSide (b4485881bd8aed9b157a2e6cf43c2d51) C:\WINDOWS\system32\DRIVERS\siside.sys
14:46:46.0115 0620 SiSide - ok
14:46:46.0245 0620 sisidex (6225224b8e846ac230f8d9b343635910) C:\WINDOWS\system32\drivers\sisidex.sys
14:46:46.0255 0620 sisidex - ok
14:46:46.0366 0620 sisperf (596d4a7052002d2bd344d8937da6f66d) C:\WINDOWS\system32\drivers\sisperf.sys
14:46:46.0366 0620 sisperf - ok
14:46:46.0496 0620 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
14:46:46.0496 0620 SLIP - ok
14:46:46.0656 0620 SoftFax (d9e8e0ce154a2f6430d9efabdf730867) C:\WINDOWS\system32\DRIVERS\HSF_FAXX.sys
14:46:46.0676 0620 SoftFax - ok
14:46:46.0776 0620 Sparrow - ok
14:46:46.0876 0620 SpeakerPhone (6c843c43fd7f0b42cfe477ce88d0f9b3) C:\WINDOWS\system32\DRIVERS\HSF_SPKP.sys
14:46:46.0876 0620 SpeakerPhone - ok
14:46:47.0006 0620 splitter (8e186b8f23295d1e42c573b82b80d548) C:\WINDOWS\system32\drivers\splitter.sys
14:46:47.0016 0620 splitter - ok
14:46:47.0137 0620 sr (94610c8653635e4459316a0050d55ce7) C:\WINDOWS\system32\DRIVERS\sr.sys
14:46:47.0147 0620 sr - ok
14:46:47.0287 0620 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
14:46:47.0307 0620 Srv - ok
14:46:47.0497 0620 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
14:46:47.0497 0620 streamip - ok
14:46:47.0607 0620 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
14:46:47.0617 0620 swenum - ok
14:46:47.0748 0620 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
14:46:47.0748 0620 swmidi - ok
14:46:47.0848 0620 SWUMX20 - ok
14:46:48.0148 0620 symc810 - ok
14:46:48.0228 0620 symc8xx - ok
14:46:48.0328 0620 sym_hi - ok
14:46:48.0429 0620 sym_u3 - ok
14:46:48.0539 0620 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
14:46:48.0549 0620 sysaudio - ok
14:46:48.0709 0620 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
14:46:48.0729 0620 Tcpip - ok
14:46:48.0889 0620 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
14:46:48.0899 0620 TDPIPE - ok
14:46:49.0029 0620 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
14:46:49.0039 0620 TDTCP - ok
14:46:49.0150 0620 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
14:46:49.0150 0620 TermDD - ok
14:46:49.0310 0620 Tones (8021a499db46b2961c285168671cb9af) C:\WINDOWS\system32\DRIVERS\HSF_TONE.sys
14:46:49.0320 0620 Tones - ok
14:46:49.0420 0620 TosIde - ok
14:46:49.0560 0620 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
14:46:49.0570 0620 Udfs - ok
14:46:49.0670 0620 ultra - ok
14:46:49.0790 0620 UnlockerDriver5 (bb879dcfd22926efbeb3298129898cbb) D:\UTILITY\Unlocker\UnlockerDriver5.sys
14:46:49.0800 0620 UnlockerDriver5 - ok
14:46:49.0931 0620 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
14:46:49.0931 0620 usbhub - ok
14:46:50.0051 0620 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
14:46:50.0061 0620 usbohci - ok
14:46:50.0171 0620 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
14:46:50.0171 0620 usbprint - ok
14:46:50.0301 0620 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
14:46:50.0311 0620 usbscan - ok
14:46:50.0451 0620 usbser (1c888b000c2f9492f4b15b5b6b84873e) C:\WINDOWS\system32\drivers\usbser.sys
14:46:50.0451 0620 usbser - ok
14:46:50.0582 0620 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
14:46:50.0592 0620 USBSTOR - ok
14:46:50.0732 0620 V124 (269c0ade94b90029b12497747be408cb) C:\WINDOWS\system32\DRIVERS\HSF_V124.sys
14:46:50.0752 0620 V124 - ok
14:46:50.0882 0620 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
14:46:50.0882 0620 VgaSave - ok
14:46:50.0982 0620 ViaIde - ok
14:46:51.0102 0620 VolSnap (28a4b296b47782173c346e376cb374d1) C:\WINDOWS\system32\drivers\VolSnap.sys
14:46:51.0112 0620 VolSnap - ok
14:46:51.0303 0620 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
14:46:51.0303 0620 Wanarp - ok
14:46:51.0453 0620 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys
14:46:51.0473 0620 Wdf01000 - ok
14:46:51.0563 0620 WDICA - ok
14:46:51.0683 0620 wdmaud (2797f33ebf50466020c430ee4f037933) C:\WINDOWS\system32\drivers\wdmaud.sys
14:46:51.0693 0620 wdmaud - ok
14:46:51.0863 0620 winachsf (1225ebea76aac3c84df6c54fe5e5d8be) C:\WINDOWS\system32\DRIVERS\HSFCXTS2.sys
14:46:51.0914 0620 winachsf - ok
14:46:52.0224 0620 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\Drivers\wpdusb.sys
14:46:52.0224 0620 WpdUsb - ok
14:46:52.0344 0620 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
14:46:52.0344 0620 WS2IFSL - ok
14:46:52.0464 0620 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
14:46:52.0464 0620 WSTCODEC - ok
14:46:52.0594 0620 WudfPf (eaa6324f51214d2f6718977ec9ce0def) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
14:46:52.0594 0620 WudfPf - ok
14:46:52.0715 0620 WudfRd (f91ff1e51fca30b3c3981db7d5924252) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
14:46:52.0725 0620 WudfRd - ok
14:46:52.0865 0620 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
14:46:52.0975 0620 \Device\Harddisk0\DR0 - ok
14:46:53.0015 0620 MBR (0x1B8) (2fa2d9d019ef58b58c807f4ee8e85b13) \Device\Harddisk1\DR1
14:46:53.0025 0620 \Device\Harddisk1\DR1 - ok
14:46:53.0055 0620 Boot (0x1200) (499deed875e7b2049409d425e1bc4ec7) \Device\Harddisk0\DR0\Partition0
14:46:53.0055 0620 \Device\Harddisk0\DR0\Partition0 - ok
14:46:53.0105 0620 Boot (0x1200) (a20e844dfe7c2bfe8656d7df84bf53a0) \Device\Harddisk0\DR0\Partition1
14:46:53.0105 0620 \Device\Harddisk0\DR0\Partition1 - ok
14:46:53.0125 0620 Boot (0x1200) (da0a70061743cc4204587989511e5314) \Device\Harddisk1\DR1\Partition0
14:46:53.0135 0620 \Device\Harddisk1\DR1\Partition0 - ok
14:46:53.0185 0620 Boot (0x1200) (b0ca11f298d0bceabf4e59f93def6979) \Device\Harddisk1\DR1\Partition1
14:46:53.0185 0620 \Device\Harddisk1\DR1\Partition1 - ok
14:46:53.0195 0620 ============================================================
14:46:53.0195 0620 Scan finished
14:46:53.0195 0620 ============================================================
14:46:53.0265 1036 Detected object count: 0
14:46:53.0265 1036 Actual detected object count: 0
14:47:07.0806 0928 Deinitialize success

ComboFix 11-12-02.01 - Administrator 02.12.2011 14:53:39.12.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.421.1029.18.511.195 [GMT 1:00]
Running from: c:\documents and settings\Administrator\Plocha\ComboFix.exe
AV: ESET Smart Security 5.0 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET personal firewall *Enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
.
.
((((((((((((((((((((((((( Files Created from 2011-11-02 to 2011-12-02 )))))))))))))))))))))))))))))))
.
.
2011-12-02 05:18 . 2011-12-02 05:19 -------- d-----w- C:\rsit
2011-12-02 04:02 . 2011-12-02 04:14 6508 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2011-12-02 04:01 . 2011-12-02 04:01 -------- d-----w- c:\program files\Microsoft.NET
2011-12-01 21:34 . 2011-12-01 21:34 -------- d-----w- c:\documents and settings\All Users\Data aplikací\RH_Backups
2011-12-01 20:12 . 2011-12-01 20:43 -------- d---a-w- c:\documents and settings\All Users\Data aplikací\TEMP
2011-12-01 20:11 . 2007-08-15 12:09 40960 ----a-w- c:\windows\system32\ssubtmr6.dll
2011-12-01 20:11 . 2007-08-15 12:09 167683 ----a-w- c:\windows\system32\COMCT232.OCX
2011-12-01 19:39 . 2011-12-01 22:41 -------- d-----w- c:\documents and settings\All Users\Data aplikací\AVAST Software
2011-12-01 17:59 . 2011-12-01 17:59 -------- d-----w- c:\documents and settings\All Users\Data aplikací\NortonInstaller
2011-12-01 14:00 . 2011-12-01 14:00 -------- d--h--w- c:\program files\InstallShield Installation Information
2011-12-01 14:00 . 2011-12-01 14:00 -------- d-----w- c:\program files\Common Files\InstallShield
2011-12-01 07:44 . 2011-12-01 09:16 133208 ----a-w- c:\windows\system32\drivers\69663908.sys
2011-11-30 19:21 . 2011-11-30 19:21 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Data aplikací\ESET
2011-11-30 19:21 . 2011-11-30 19:21 -------- d-----w- c:\documents and settings\Administrator\Data aplikací\ESET
2011-11-30 19:21 . 2011-11-30 19:21 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Data aplikací\ESET
2011-11-30 19:19 . 2011-12-01 23:06 -------- d-----w- c:\documents and settings\All Users\Data aplikací\ESET
2011-11-29 18:09 . 2011-11-29 18:09 77568 ----a-w- c:\windows\system32\cmfdll32.dll
2011-11-28 21:49 . 2011-11-29 13:36 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Data aplikací\Opera
2011-11-28 21:01 . 2011-11-28 21:01 -------- d-----w- c:\documents and settings\All Users\Data aplikaci
2011-11-28 14:36 . 2010-12-20 17:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-11-28 14:35 . 2010-12-20 17:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-28 04:22 . 2011-11-28 04:23 -------- d-----w- c:\program files\Common Files\DVDVideoSoft
2011-11-28 04:22 . 2011-11-28 04:22 -------- d-----w- c:\program files\DVDVideoSoft
2011-11-27 17:37 . 2011-11-27 17:37 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2011-11-27 16:08 . 2011-11-27 16:08 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Data aplikací\GHISLER
2011-11-27 16:05 . 2010-12-17 06:56 545 ----a-w- c:\windows\UC.PIF
2011-11-27 16:05 . 2010-12-17 06:56 545 ----a-w- c:\windows\RAR.PIF
2011-11-27 16:05 . 2010-12-17 06:56 545 ----a-w- c:\windows\NOCLOSE.PIF
2011-11-27 16:05 . 2010-12-17 06:56 545 ----a-w- c:\windows\LHA.PIF
2011-11-27 16:05 . 2010-12-17 06:56 545 ----a-w- c:\windows\ARJ.PIF
2011-11-27 13:36 . 2011-11-27 13:36 388096 ----a-r- c:\documents and settings\Administrator\Data aplikací\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-11-27 13:32 . 2011-11-27 18:13 417952 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2011-11-27 09:44 . 2011-11-27 09:44 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Data aplikací\Google
2011-11-27 09:43 . 2011-11-27 09:58 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Data aplikací\Google
2011-11-27 09:43 . 2011-11-27 09:46 -------- d-----w- c:\program files\Google
2011-11-26 19:05 . 2011-11-28 13:59 -------- d-----w- c:\documents and settings\Administrator\Data aplikací\SUPERAntiSpyware.com
2011-11-26 19:03 . 2011-11-28 13:57 -------- d-----w- c:\documents and settings\All Users\Data aplikací\SUPERAntiSpyware.com
2011-11-26 19:03 . 2011-11-28 13:56 -------- d-----w- c:\documents and settings\All Users\Data aplikací\SUPERSetup
2011-11-26 13:09 . 2008-04-14 03:22 24576 ----a-w- c:\windows\system32\wsock32.dlb
2011-11-26 13:09 . 2008-07-14 04:09 212728 ----a-w- c:\windows\CMDLIC.DLL
2011-11-26 13:04 . 2011-11-26 13:05 -------- d-----w- c:\documents and settings\NetworkService\Data aplikací\Comodo
2011-11-26 12:50 . 2011-12-01 02:45 -------- d-----w- c:\documents and settings\Administrator\Data aplikací\Comodo
2011-11-25 23:45 . 2011-11-25 23:45 12872 ----a-w- c:\windows\system32\bootdelete.exe
2011-11-25 19:02 . 2011-12-01 02:45 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Comodo
2011-11-25 18:33 . 2011-06-21 10:24 32768 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys
2011-11-25 18:27 . 2011-11-25 18:27 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Webroot
2011-11-23 20:25 . 2011-11-25 19:23 -------- d-----w- c:\program files\Lavalys
2011-11-23 19:44 . 2000-01-01 00:00 49024 ----a-w- c:\windows\system32\drivers\sisidex.sys
2011-11-23 19:44 . 2000-01-01 00:00 139264 ----a-w- c:\windows\system32\IDEproperty.dll
2011-11-23 19:44 . 2000-01-01 00:00 9472 ----a-w- c:\windows\system32\drivers\sisperf.sys
2011-11-23 19:43 . 1998-01-23 13:08 304640 ----a-w- c:\windows\IsUn041b.exe
2011-11-23 19:42 . 2000-01-01 00:00 4096 ----a-w- c:\windows\system32\drivers\siside.sys
2011-11-23 19:41 . 2004-08-03 21:41 11868 ----a-w- c:\windows\system32\drivers\mdmxsdk.sys
2011-11-23 19:41 . 2008-04-14 04:21 86016 ----a-w- c:\windows\system32\mdmxsdk.dll
2011-11-23 18:07 . 2011-11-26 14:50 65216 ----a-w- c:\windows\system32\drivers\sfi.dat
2011-11-21 15:46 . 2011-11-21 15:46 -------- d-----w- c:\documents and settings\Administrator\Data aplikací\Malwarebytes
2011-11-07 19:46 . 2011-11-07 20:51 133208 ----a-w- c:\windows\system32\drivers\01981899.sys
2011-11-03 18:15 . 2011-11-29 18:25 -------- d-----w- c:\documents and settings\All Users\Data aplikací\CheckPoint
2011-11-03 05:26 . 2011-11-03 05:26 -------- d-----w- c:\program files\Sun
2011-11-03 05:18 . 2011-11-03 05:29 -------- dc----w- c:\documents and settings\Administrator\.nbi
2011-11-03 04:07 . 2011-11-03 04:07 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Office Genuine Advantage
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-27 18:57 . 2011-05-30 11:17 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-05 06:34 . 2010-08-02 15:22 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-10-31 23:07 . 2011-10-31 23:07 60416 ----a-w- c:\windows\ALCFDRTM.EXE
2011-10-31 23:07 . 2011-10-31 23:07 60416 ----a-w- c:\windows\ALCFDRTM.VER
2011-10-30 23:21 . 2011-10-30 23:18 5777519 ----a-w- c:\windows\REGBK00.ZIP
2011-09-26 09:41 . 2008-07-29 18:59 613376 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 09:41 . 2001-10-25 12:00 22528 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-26 09:41 . 2001-10-25 12:00 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-09 09:12 . 2002-09-20 18:03 602112 ----a-w- c:\windows\system32\crypt32.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "d:\antiviry\SUPERANTISPYWER\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- d:\antiviry\SUPERANTISPYWER\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 03:22 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2010-12-20 17:08 443728 ----a-w- d:\antiviry\MBAM\Malwarebytes' Anti-Malware\mbamgui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2011-11-28 14:03 4617600 ----a-w- d:\antiviry\SUPERANTISPYWER\SUPERANTISPYWARE.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
2010-07-04 19:51 17408 ----a-w- d:\utility\Unlocker\UnlockerAssistant.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"sdCoreService"=2 (0x2)
"sdAuxService"=2 (0x2)
"sp_rssrv"=2 (0x2)
"cmdAgent"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
.
R0 01981899;01981899;c:\windows\system32\drivers\01981899.sys [7.11.2011 20:46 133208]
R0 69663908;69663908;c:\windows\system32\drivers\69663908.sys [1.12.2011 8:44 133208]
R1 SASDIFSV;SASDIFSV;d:\antiviry\SUPERANTISPYWER\sasdifsv.sys [22.7.2011 17:27 12880]
R1 SASKUTIL;SASKUTIL;d:\antiviry\SUPERANTISPYWER\SASKUTIL.SYS [12.7.2011 22:55 67664]
R2 !SASCORE;SAS Core Service;d:\antiviry\SUPERANTISPYWER\SASCore.exe [12.8.2011 0:38 116608]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 13:16 130384]
R3 PAC207;Trust WB-1400T Webcam;c:\windows\system32\drivers\PFC027.SYS [14.5.2007 9:26 508288]
R3 S3SAVAGE4;S3SAVAGE4;c:\windows\system32\drivers\s3savg4m.sys [10.8.2000 13:03 84704]
S2 cmfd;cmfd;\??\d:\firewally\ComodoFirewall\cmfd.sys --> d:\firewally\ComodoFirewall\cmfd.sys [?]
S2 ekrn;ESET Service;d:\antiviry\ESS\ekrn.exe --> d:\antiviry\ESS\ekrn.exe [?]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [27.11.2011 14:32 252064]
S3 PRODIGY;PRODIGY;c:\windows\system32\drivers\prodigy.sys [15.5.2011 11:55 32377]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [12.6.2011 15:08 27064]
S3 S3SAVAGE4M;S3SAVAGE4M;c:\windows\system32\drivers\s3sav4m.sys [7.7.2008 17:00 77824]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.3.2010 13:16 753504]
S4 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [27.11.2011 10:44 136176]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 64422293
*Deregistered* - 64422293
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-02 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2011-11-27 18:13]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.sk/
uDefault_Search_URL = hxxp://www.google.com
mWindow Title = Microsoft Internet Explorer
uSearchAssistant = hxxp://www.google.com/ie
TCP: DhcpNameServer = 192.168.100.1
DPF: DirectAnimation Java Classes
DPF: Microsoft XML Parser for Java
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-12-02 15:04
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1957994488-1677128483-854245398-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,6e,58,b7,0d,55,62,69,4c,b3,c9,46,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,b3,22,01,3a,f3,8c,ea,4d,8d,d2,45,\
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,78,fd,3f,f9,2f,3e,97,47,af,20,ad,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(704)
d:\antiviry\SUPERANTISPYWER\SASWINLO.DLL
.
- - - - - - - > 'explorer.exe'(740)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2011-12-02 15:07:49
ComboFix-quarantined-files.txt 2011-12-02 14:07
.
Pre-Run: 2 164 678 656
Post-Run: 2 106 839 040
.
- - End Of File - - 76F12FDDDC6AF4FDFEE390525FFC43F9

Dal som aj sken s Superantispywer a nasiel mi toto------SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 12/02/2011 at 05:01 PM

Application Version : 5.0.1136

Core Rules Database Version : 8008
Trace Rules Database Version: 5820

Scan type : Complete Scan
Total Scan Time : 00:45:25

Operating System Information
Windows XP Professional 32-bit, Service Pack 3 (Build 5.01.2600)
Administrator

Memory items scanned : 386
Memory threats detected : 0
Registry items scanned : 34838
Registry threats detected : 0
File items scanned : 38651
File threats detected : 1

Trojan.Agent/Gen-Nullo[Short]
D:\SYSTEM VOLUME INFORMATION\_RESTORE{FC23D85B-19FA-41A3-A1E8-3F78EADE4914}(2)\RP19\A0007890.EXE

Nainstaloval som Avast a Zone Alarm a zatial idu v pohode.Dufam ze som s tym nepokazil

Pokud nemate, tak presunte Combofix na plochu

• Spustte poznamkovy blok (Start-spustit-notepad)
• Zkopirujte skript nize

• Kód: Vybrat vše

  KillAll::
  
  Collect::
  c:\windows\system32\drivers\69663908.sys
  c:\windows\system32\drivers\01981899.sys
  
  Driver::
  01981899
  69663908
  ekrn
  gupdate
  
  File::
  c:\windows\system32\PerfStringBackup.TMP
  c:\windows\system32\FlashPlayerApp.exe
  c:\windows\Tasks\Adobe Flash Player Updater.job
  
  Folder::
  c:\documents and settings\Administrator\Local Settings\Data aplikací\ESET
  c:\documents and settings\Administrator\Data aplikací\ESET
  c:\documents and settings\NetworkService\Local Settings\Data aplikací\ESET
  c:\documents and settings\All Users\Data aplikací\ESET
  d:\antiviry\ESS
  
  Registry::
  [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
  
  RegLock::
  [HKEY_USERS\S-1-5-21-1957994488-1677128483-854245398-500\Software\Microsoft\Internet Explorer\User Preferences]
  
  Reboot::

• Ulozte vytvoreny TXT jako CFScript.txt
• Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
  
• Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte

Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci

ComboFix 11-12-02.02 - Administrator 03.12.2011 6:17.13.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.421.1029.18.511.256 [GMT 1:00]
Running from: c:\documents and settings\Administrator\Plocha\ComboFix.exe
Command switches used :: c:\documents and settings\Administrator\Plocha\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: ESET Smart Security 5.0 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: COMODO Firewall *Enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
FW: ESET personal firewall *Enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
.
FILE ::
"c:\windows\system32\FlashPlayerApp.exe"
"c:\windows\system32\PerfStringBackup.TMP"
"c:\windows\Tasks\Adobe Flash Player Updater.job"
.
file zipped: c:\windows\system32\drivers\01981899.sys
file zipped: c:\windows\system32\drivers\69663908.sys
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\msmqinst.log
c:\windows\system32\drivers\01981899.sys
c:\windows\system32\drivers\69663908.sys
c:\windows\system32\drivers\etc\lmhosts
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_01981899
-------\Legacy_69663908
-------\Legacy_EKRN
-------\Legacy_GUPDATE
-------\Service_01981899
-------\Service_69663908
-------\Service_ekrn
-------\Service_gupdate
.
.
((((((((((((((((((((((((( Files Created from 2011-11-03 to 2011-12-03 )))))))))))))))))))))))))))))))
.
.
2011-12-03 04:36 . 2011-11-28 17:51 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-12-03 04:36 . 2011-11-28 17:53 314456 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-12-03 04:36 . 2011-11-28 17:53 435032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-12-03 04:36 . 2011-11-28 17:52 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-12-03 04:36 . 2011-11-28 17:52 52952 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-12-03 04:36 . 2011-11-28 17:52 111320 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-12-03 04:36 . 2011-11-28 17:51 105176 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-12-03 04:36 . 2011-11-28 17:48 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-12-03 04:35 . 2011-11-28 18:01 41184 ----a-w- c:\windows\avastSS.scr
2011-12-03 04:35 . 2011-11-28 18:01 199816 ----a-w- c:\windows\system32\aswBoot.exe
2011-12-02 20:10 . 2011-12-02 20:10 -------- d-----w- c:\documents and settings\Administrator\Data aplikací\Panda Security
2011-12-02 05:18 . 2011-12-02 05:19 -------- d-----w- C:\rsit
2011-12-02 04:01 . 2011-12-02 04:01 -------- d-----w- c:\program files\Microsoft.NET
2011-12-01 21:34 . 2011-12-01 21:34 -------- d-----w- c:\documents and settings\All Users\Data aplikací\RH_Backups
2011-12-01 20:12 . 2011-12-01 20:43 -------- d---a-w- c:\documents and settings\All Users\Data aplikací\TEMP
2011-12-01 20:11 . 2007-08-15 12:09 40960 ----a-w- c:\windows\system32\ssubtmr6.dll
2011-12-01 20:11 . 2007-08-15 12:09 167683 ----a-w- c:\windows\system32\COMCT232.OCX
2011-12-01 19:39 . 2011-12-03 04:35 -------- d-----w- c:\documents and settings\All Users\Data aplikací\AVAST Software
2011-12-01 14:00 . 2011-12-01 14:00 -------- d--h--w- c:\program files\InstallShield Installation Information
2011-12-01 14:00 . 2011-12-01 14:00 -------- d-----w- c:\program files\Common Files\InstallShield
2011-11-30 19:21 . 2011-12-02 15:50 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Data aplikací\ESET
2011-11-29 18:09 . 2011-11-29 18:09 77568 ----a-w- c:\windows\system32\cmfdll32.dll
2011-11-28 21:49 . 2011-11-29 13:36 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Data aplikací\Opera
2011-11-28 21:01 . 2011-12-02 20:40 -------- d-----w- c:\documents and settings\All Users\Data aplikaci
2011-11-28 14:36 . 2010-12-20 17:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-11-28 14:35 . 2010-12-20 17:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-28 04:22 . 2011-11-28 04:23 -------- d-----w- c:\program files\Common Files\DVDVideoSoft
2011-11-28 04:22 . 2011-11-28 04:22 -------- d-----w- c:\program files\DVDVideoSoft
2011-11-27 17:37 . 2011-11-27 17:37 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2011-11-27 16:08 . 2011-11-27 16:08 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Data aplikací\GHISLER
2011-11-27 16:05 . 2010-12-17 06:56 545 ----a-w- c:\windows\UC.PIF
2011-11-27 16:05 . 2010-12-17 06:56 545 ----a-w- c:\windows\RAR.PIF
2011-11-27 16:05 . 2010-12-17 06:56 545 ----a-w- c:\windows\NOCLOSE.PIF
2011-11-27 16:05 . 2010-12-17 06:56 545 ----a-w- c:\windows\LHA.PIF
2011-11-27 16:05 . 2010-12-17 06:56 545 ----a-w- c:\windows\ARJ.PIF
2011-11-27 13:36 . 2011-11-27 13:36 388096 ----a-r- c:\documents and settings\Administrator\Data aplikací\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-11-27 13:32 . 2011-11-27 18:13 417952 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2011-11-27 09:44 . 2011-11-27 09:44 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Data aplikací\Google
2011-11-27 09:43 . 2011-11-27 09:58 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Data aplikací\Google
2011-11-27 09:43 . 2011-11-27 09:46 -------- d-----w- c:\program files\Google
2011-11-26 19:05 . 2011-11-28 13:59 -------- d-----w- c:\documents and settings\Administrator\Data aplikací\SUPERAntiSpyware.com
2011-11-26 19:03 . 2011-11-28 13:57 -------- d-----w- c:\documents and settings\All Users\Data aplikací\SUPERAntiSpyware.com
2011-11-26 19:03 . 2011-11-28 13:56 -------- d-----w- c:\documents and settings\All Users\Data aplikací\SUPERSetup
2011-11-26 13:09 . 2008-04-14 03:22 24576 ----a-w- c:\windows\system32\wsock32.dlb
2011-11-26 13:09 . 2008-07-14 04:09 212728 ----a-w- c:\windows\CMDLIC.DLL
2011-11-26 13:04 . 2011-11-26 13:05 -------- d-----w- c:\documents and settings\NetworkService\Data aplikací\Comodo
2011-11-26 12:50 . 2011-12-01 02:45 -------- d-----w- c:\documents and settings\Administrator\Data aplikací\Comodo
2011-11-25 23:45 . 2011-11-25 23:45 12872 ----a-w- c:\windows\system32\bootdelete.exe
2011-11-25 19:02 . 2011-12-02 20:20 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Comodo
2011-11-25 18:33 . 2011-06-21 10:24 32768 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys
2011-11-25 18:27 . 2011-11-25 18:27 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Webroot
2011-11-23 20:25 . 2011-11-25 19:23 -------- d-----w- c:\program files\Lavalys
2011-11-23 19:44 . 2000-01-01 00:00 49024 ----a-w- c:\windows\system32\drivers\sisidex.sys
2011-11-23 19:44 . 2000-01-01 00:00 139264 ----a-w- c:\windows\system32\IDEproperty.dll
2011-11-23 19:44 . 2000-01-01 00:00 9472 ----a-w- c:\windows\system32\drivers\sisperf.sys
2011-11-23 19:43 . 1998-01-23 13:08 304640 ----a-w- c:\windows\IsUn041b.exe
2011-11-23 19:42 . 2000-01-01 00:00 4096 ----a-w- c:\windows\system32\drivers\siside.sys
2011-11-23 19:41 . 2004-08-03 21:41 11868 ----a-w- c:\windows\system32\drivers\mdmxsdk.sys
2011-11-23 19:41 . 2008-04-14 04:21 86016 ----a-w- c:\windows\system32\mdmxsdk.dll
2011-11-23 18:07 . 2011-11-26 14:50 65216 ----a-w- c:\windows\system32\drivers\sfi.dat
2011-11-21 15:46 . 2011-11-21 15:46 -------- d-----w- c:\documents and settings\Administrator\Data aplikací\Malwarebytes
2011-11-03 18:15 . 2011-12-02 20:17 -------- d-----w- c:\documents and settings\All Users\Data aplikací\CheckPoint
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-27 18:57 . 2011-05-30 11:17 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-05 06:34 . 2010-08-02 15:22 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-10-31 23:07 . 2011-10-31 23:07 60416 ----a-w- c:\windows\ALCFDRTM.EXE
2011-10-31 23:07 . 2011-10-31 23:07 60416 ----a-w- c:\windows\ALCFDRTM.VER
2011-10-30 23:21 . 2011-10-30 23:18 5777519 ----a-w- c:\windows\REGBK00.ZIP
2011-09-26 09:41 . 2008-07-29 18:59 613376 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 09:41 . 2001-10-25 12:00 22528 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-26 09:41 . 2001-10-25 12:00 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-09 09:12 . 2002-09-20 18:03 602112 ----a-w- c:\windows\system32\crypt32.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-12-02_14.04.11 )))))))))))))))))))))))))))))))))))))))))
.
- 2011-12-02 14:04 . 2011-12-02 14:04 53248 c:\windows\temp\catchme.dll
+ 2011-12-03 05:38 . 2011-12-03 05:38 53248 c:\windows\temp\catchme.dll
+ 2011-06-30 08:38 . 2011-06-30 08:38 97504 c:\windows\system32\drivers\inspect.sys
+ 2011-06-30 08:38 . 2011-06-30 08:38 29400 c:\windows\system32\drivers\cmdhlp.sys
+ 2011-06-30 08:38 . 2011-06-30 08:38 17416 c:\windows\system32\drivers\cmderd.sys
+ 2011-09-17 15:51 . 2011-12-03 04:17 2836 c:\windows\system32\d3d9caps.dat
- 2011-09-17 15:51 . 2011-12-02 05:04 2836 c:\windows\system32\d3d9caps.dat
+ 2011-06-30 08:37 . 2011-06-30 08:37 285256 c:\windows\system32\guard32.dll
+ 2011-12-03 05:00 . 2011-12-03 05:00 138056 c:\windows\system32\FNTCACHE.DAT
- 2011-12-02 13:33 . 2011-12-02 13:33 138056 c:\windows\system32\FNTCACHE.DAT
+ 2011-06-30 08:38 . 2011-06-30 08:38 242600 c:\windows\system32\drivers\cmdGuard.sys
+ 2011-12-02 20:01 . 2011-12-02 20:01 8761856 c:\windows\Installer\8edc99.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-11-28 18:01 122512 ----a-w- d:\antiviry\Avast\ashShell.dll
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "d:\antiviry\SUPERANTISPYWER\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- d:\antiviry\SUPERANTISPYWER\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\guard32.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 03:22 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2011-11-28 14:03 4617600 ----a-w- d:\antiviry\SUPERANTISPYWER\SUPERANTISPYWARE.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
2010-07-04 19:51 17408 ----a-w- d:\utility\Unlocker\UnlockerAssistant.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"sdCoreService"=2 (0x2)
"sdAuxService"=2 (0x2)
"sp_rssrv"=2 (0x2)
"cmdAgent"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [3.12.2011 5:36 435032]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [3.12.2011 5:36 314456]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [30.6.2011 9:38 242600]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [30.6.2011 9:38 29400]
R1 SASDIFSV;SASDIFSV;d:\antiviry\SUPERANTISPYWER\sasdifsv.sys [22.7.2011 17:27 12880]
R1 SASKUTIL;SASKUTIL;d:\antiviry\SUPERANTISPYWER\SASKUTIL.SYS [12.7.2011 22:55 67664]
R2 !SASCORE;SAS Core Service;d:\antiviry\SUPERANTISPYWER\SASCore.exe [12.8.2011 0:38 116608]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [3.12.2011 5:36 20568]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 13:16 130384]
R3 PAC207;Trust WB-1400T Webcam;c:\windows\system32\drivers\PFC027.SYS [14.5.2007 9:26 508288]
R3 S3SAVAGE4;S3SAVAGE4;c:\windows\system32\drivers\s3savg4m.sys [10.8.2000 13:03 84704]
S2 cmfd;cmfd;\??\d:\firewally\ComodoFirewall\cmfd.sys --> d:\firewally\ComodoFirewall\cmfd.sys [?]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [27.11.2011 14:32 252064]
S3 PRODIGY;PRODIGY;c:\windows\system32\drivers\prodigy.sys [15.5.2011 11:55 32377]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [12.6.2011 15:08 27064]
S3 S3SAVAGE4M;S3SAVAGE4M;c:\windows\system32\drivers\s3sav4m.sys [7.7.2008 17:00 77824]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.3.2010 13:16 753504]
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-03 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2011-11-27 18:13]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.sk/
uDefault_Search_URL = hxxp://www.google.com
mWindow Title = Microsoft Internet Explorer
uSearchAssistant = hxxp://www.google.com/ie
TCP: DhcpNameServer = 192.168.100.1
DPF: DirectAnimation Java Classes
DPF: Microsoft XML Parser for Java
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-12-03 06:38
Windows 5.1.2600 Service Pack 3 NTFS
.
detected NTDLL code modification:
ZwClose
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(800)
d:\antiviry\SUPERANTISPYWER\SASWINLO.DLL
.
- - - - - - - > 'lsass.exe'(880)
c:\windows\system32\MPR.dll
c:\windows\system32\guard32.dll
.
- - - - - - - > 'explorer.exe'(1048)
c:\windows\system32\guard32.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\MPR.dll
.
------------------------ Other Running Processes ------------------------
.
d:\antiviry\Avast\AvastSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
d:\antiviry\Avast\avastUI.exe
.
**************************************************************************
.
Completion time: 2011-12-03 07:23:16 - machine was rebooted
ComboFix-quarantined-files.txt 2011-12-03 06:23
ComboFix2.txt 2011-12-02 14:07
.
Pre-Run: 2 096 738 304
Post-Run: 1 881 841 664
.
- - End Of File - - 202E0183350AB2F6318CB3EC1D005280
Upload was successful

Stahnete aswMBR http://public.avast.com/%7Egmerek/aswMBR.exe a ulozte jej na plochu.

• Utilitu spustte a prikazte ji, at skenuje - klik na Scan
• Kliknutim na Save log ulozte log aswMBR na plochu
• Obsah logu aswMBR mi sem vlozte

aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-12-03 10:08:31
-----------------------------
10:08:31.912 OS Version: Windows 5.1.2600 Service Pack 3
10:08:31.912 Number of processors: 1 586 0x301
10:08:31.912 ComputerName: TEREZIA UserName:
10:08:45.201 Initialize success
10:08:47.354 AVAST engine defs: 11120201
10:08:52.982 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4
10:08:52.993 Disk 0 Vendor: MAXTOR_6L020J1 AR1.0400 Size: 19595MB BusType: 3
10:08:53.003 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T1L0-c
10:08:53.013 Disk 1 Vendor: WDC_WD400BB-60DGA0 05.03E05 Size: 38166MB BusType: 3
10:08:55.035 Disk 0 MBR read successfully
10:08:55.045 Disk 0 MBR scan
10:08:55.065 Disk 0 Windows XP default MBR code
10:08:55.076 Disk 0 scanning sectors +26346600
10:08:55.156 Disk 0 scanning C:\WINDOWS\system32\drivers
10:09:18.109 Service scanning
10:09:22.365 Modules scanning
10:09:33.250 Disk 0 trace - called modules:
10:09:33.290 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys siside.sys PCIIDEX.SYS
10:09:33.310 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x83351ab8]
10:09:33.331 3 CLASSPNP.SYS[f87f5fd7] -> nt!IofCallDriver -> \Device\00000066[0x83376f18]
10:09:33.341 5 ACPI.sys[f876c620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-4[0x8337ad98]
10:09:33.441 AVAST engine scan C:\WINDOWS
10:09:38.969 AVAST engine scan C:\WINDOWS\system32
10:12:22.804 AVAST engine scan C:\WINDOWS\system32\drivers
10:12:41.952 AVAST engine scan C:\Documents and Settings\Administrator
10:13:12.996 AVAST engine scan C:\Documents and Settings\All Users
10:14:53.631 Scan finished successfully
10:15:06.990 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Administrator\Plocha\MBR.dat"
10:15:07.010 The log file has been saved successfully to "C:\Documents and Settings\Administrator\Plocha\aswMBR.txt"

Nasledujici soubory otestujte na VirusTotalu (viz muj podpis)

• C:\Documents and Settings\Administrator\Plocha\MBR.dat
• Kliknete na Prochazet
• Soubor nehledejte, jen vlozte cestu souboru, ktery chci otestovat
• Kliknete na Send File
• Pokud na Vas vyskoci obrazovka jako je nize, tak kliknete na ReAnalyse
  
• Vysledek analyzy sem vlozte (jako odkaz)

Jeste jeden skript pro ComboFix - postup je stejny

ComboFix 11-12-03.01 - Administrator 03.12.2011 12:38:06.14.1 - x86 NETWORK
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.421.1029.18.511.258 [GMT 1:00]
Running from: c:\documents and settings\Administrator\Plocha\ComboFix.exe
Command switches used :: c:\documents and settings\Administrator\Plocha\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\CSC\d6
.
.
((((((((((((((((((((((((( Files Created from 2011-11-03 to 2011-12-03 )))))))))))))))))))))))))))))))
.
.
2011-12-03 04:36 . 2011-11-28 17:51 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-12-03 04:36 . 2011-11-28 17:53 314456 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-12-03 04:36 . 2011-11-28 17:53 435032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-12-03 04:36 . 2011-11-28 17:52 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-12-03 04:36 . 2011-11-28 17:52 52952 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-12-03 04:36 . 2011-11-28 17:52 111320 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-12-03 04:36 . 2011-11-28 17:51 105176 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-12-03 04:36 . 2011-11-28 17:48 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-12-03 04:35 . 2011-11-28 18:01 41184 ----a-w- c:\windows\avastSS.scr
2011-12-03 04:35 . 2011-11-28 18:01 199816 ----a-w- c:\windows\system32\aswBoot.exe
2011-12-02 20:10 . 2011-12-02 20:10 -------- d-----w- c:\documents and settings\Administrator\Data aplikací\Panda Security
2011-12-02 05:18 . 2011-12-02 05:19 -------- d-----w- C:\rsit
2011-12-02 04:01 . 2011-12-02 04:01 -------- d-----w- c:\program files\Microsoft.NET
2011-12-01 21:34 . 2011-12-01 21:34 -------- d-----w- c:\documents and settings\All Users\Data aplikací\RH_Backups
2011-12-01 20:12 . 2011-12-01 20:43 -------- d---a-w- c:\documents and settings\All Users\Data aplikací\TEMP
2011-12-01 20:11 . 2007-08-15 12:09 40960 ----a-w- c:\windows\system32\ssubtmr6.dll
2011-12-01 20:11 . 2007-08-15 12:09 167683 ----a-w- c:\windows\system32\COMCT232.OCX
2011-12-01 19:39 . 2011-12-03 04:35 -------- d-----w- c:\documents and settings\All Users\Data aplikací\AVAST Software
2011-12-01 14:00 . 2011-12-01 14:00 -------- d--h--w- c:\program files\InstallShield Installation Information
2011-12-01 14:00 . 2011-12-01 14:00 -------- d-----w- c:\program files\Common Files\InstallShield
2011-11-30 19:21 . 2011-12-02 15:50 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Data aplikací\ESET
2011-11-29 18:09 . 2011-11-29 18:09 77568 ----a-w- c:\windows\system32\cmfdll32.dll
2011-11-28 21:49 . 2011-11-29 13:36 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Data aplikací\Opera
2011-11-28 21:01 . 2011-12-02 20:40 -------- d-----w- c:\documents and settings\All Users\Data aplikaci
2011-11-28 04:22 . 2011-11-28 04:23 -------- d-----w- c:\program files\Common Files\DVDVideoSoft
2011-11-28 04:22 . 2011-11-28 04:22 -------- d-----w- c:\program files\DVDVideoSoft
2011-11-27 17:37 . 2011-11-27 17:37 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2011-11-27 16:08 . 2011-11-27 16:08 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Data aplikací\GHISLER
2011-11-27 16:05 . 2010-12-17 06:56 545 ----a-w- c:\windows\UC.PIF
2011-11-27 16:05 . 2010-12-17 06:56 545 ----a-w- c:\windows\RAR.PIF
2011-11-27 16:05 . 2010-12-17 06:56 545 ----a-w- c:\windows\NOCLOSE.PIF
2011-11-27 16:05 . 2010-12-17 06:56 545 ----a-w- c:\windows\LHA.PIF
2011-11-27 16:05 . 2010-12-17 06:56 545 ----a-w- c:\windows\ARJ.PIF
2011-11-27 13:36 . 2011-11-27 13:36 388096 ----a-r- c:\documents and settings\Administrator\Data aplikací\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-11-27 13:32 . 2011-11-27 18:13 417952 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2011-11-27 09:44 . 2011-11-27 09:44 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Data aplikací\Google
2011-11-27 09:43 . 2011-11-27 09:58 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Data aplikací\Google
2011-11-27 09:43 . 2011-11-27 09:46 -------- d-----w- c:\program files\Google
2011-11-26 19:05 . 2011-11-28 13:59 -------- d-----w- c:\documents and settings\Administrator\Data aplikací\SUPERAntiSpyware.com
2011-11-26 19:03 . 2011-11-28 13:57 -------- d-----w- c:\documents and settings\All Users\Data aplikací\SUPERAntiSpyware.com
2011-11-26 19:03 . 2011-11-28 13:56 -------- d-----w- c:\documents and settings\All Users\Data aplikací\SUPERSetup
2011-11-26 13:09 . 2008-04-14 03:22 24576 ----a-w- c:\windows\system32\wsock32.dlb
2011-11-26 13:09 . 2008-07-14 04:09 212728 ----a-w- c:\windows\CMDLIC.DLL
2011-11-26 13:04 . 2011-11-26 13:05 -------- d-----w- c:\documents and settings\NetworkService\Data aplikací\Comodo
2011-11-26 12:50 . 2011-12-01 02:45 -------- d-----w- c:\documents and settings\Administrator\Data aplikací\Comodo
2011-11-25 23:45 . 2011-11-25 23:45 12872 ----a-w- c:\windows\system32\bootdelete.exe
2011-11-25 19:02 . 2011-12-02 20:20 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Comodo
2011-11-25 18:33 . 2011-06-21 10:24 32768 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys
2011-11-25 18:27 . 2011-11-25 18:27 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Webroot
2011-11-23 20:25 . 2011-11-25 19:23 -------- d-----w- c:\program files\Lavalys
2011-11-23 19:44 . 2000-01-01 00:00 49024 ----a-w- c:\windows\system32\drivers\sisidex.sys
2011-11-23 19:44 . 2000-01-01 00:00 139264 ----a-w- c:\windows\system32\IDEproperty.dll
2011-11-23 19:44 . 2000-01-01 00:00 9472 ----a-w- c:\windows\system32\drivers\sisperf.sys
2011-11-23 19:43 . 1998-01-23 13:08 304640 ----a-w- c:\windows\IsUn041b.exe
2011-11-23 19:42 . 2000-01-01 00:00 4096 ----a-w- c:\windows\system32\drivers\siside.sys
2011-11-23 19:41 . 2004-08-03 21:41 11868 ----a-w- c:\windows\system32\drivers\mdmxsdk.sys
2011-11-23 19:41 . 2008-04-14 04:21 86016 ----a-w- c:\windows\system32\mdmxsdk.dll
2011-11-23 18:07 . 2011-11-26 14:50 65216 ----a-w- c:\windows\system32\drivers\sfi.dat
2011-11-21 15:46 . 2011-11-21 15:46 -------- d-----w- c:\documents and settings\Administrator\Data aplikací\Malwarebytes
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-27 18:57 . 2011-05-30 11:17 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-05 06:34 . 2010-08-02 15:22 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-10-31 23:07 . 2011-10-31 23:07 60416 ----a-w- c:\windows\ALCFDRTM.EXE
2011-10-31 23:07 . 2011-10-31 23:07 60416 ----a-w- c:\windows\ALCFDRTM.VER
2011-10-30 23:21 . 2011-10-30 23:18 5777519 ----a-w- c:\windows\REGBK00.ZIP
2011-09-26 09:41 . 2008-07-29 18:59 613376 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 09:41 . 2001-10-25 12:00 22528 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-26 09:41 . 2001-10-25 12:00 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-09 09:12 . 2002-09-20 18:03 602112 ----a-w- c:\windows\system32\crypt32.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-12-02_14.04.11 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-06-30 08:38 . 2011-06-30 08:38 97504 c:\windows\system32\drivers\inspect.sys
+ 2011-06-30 08:38 . 2011-06-30 08:38 29400 c:\windows\system32\drivers\cmdhlp.sys
+ 2011-06-30 08:38 . 2011-06-30 08:38 17416 c:\windows\system32\drivers\cmderd.sys
+ 2011-12-03 05:49 . 2011-12-03 05:49 54784 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Xaml.Hosting\bbc6ece70ffd3b02dc90a01239866c94\System.Xaml.Hosting.ni.dll
+ 2011-12-03 05:52 . 2011-12-03 05:52 35328 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Pres#\c0ed04db7c18a6c59eddfc18e40e0fb3\System.Windows.Presentation.ni.dll
+ 2011-12-03 05:52 . 2011-12-03 05:52 24064 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Routing\6ff76e48097532cc810b562e400083a7\System.Web.Routing.ni.dll
+ 2011-12-03 05:51 . 2011-12-03 05:51 46592 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.DynamicD#\26a1f081525c6660025f7a395202b7a7\System.Web.DynamicData.Design.ni.dll
+ 2011-12-03 05:51 . 2011-12-03 05:51 24576 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Abstract#\67a520a4d7be1f516b5d8f6ee09e0669\System.Web.Abstractions.ni.dll
+ 2011-12-03 05:50 . 2011-12-03 05:50 82432 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\eeae22dcbdfe5fbe6ee7aa8810c8d330\System.ServiceModel.Channels.ni.dll
+ 2011-12-03 05:51 . 2011-12-03 05:51 12288 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\da2a86e36db14a9487e04536f8639511\System.ServiceModel.ServiceMoniker40.ni.dll
- 2011-09-17 15:51 . 2011-12-02 05:04 2836 c:\windows\system32\d3d9caps.dat
+ 2011-09-17 15:51 . 2011-12-03 08:28 2836 c:\windows\system32\d3d9caps.dat
+ 2011-12-03 11:53 . 2011-12-03 11:53 474906 c:\windows\temp\_asw_aisI.tm~a03968\sig.bin
+ 2011-06-30 08:37 . 2011-06-30 08:37 285256 c:\windows\system32\guard32.dll
+ 2011-12-03 11:34 . 2011-12-03 11:34 138056 c:\windows\system32\FNTCACHE.DAT
- 2011-12-02 13:33 . 2011-12-02 13:33 138056 c:\windows\system32\FNTCACHE.DAT
+ 2011-06-30 08:38 . 2011-06-30 08:38 242600 c:\windows\system32\drivers\cmdGuard.sys
+ 2011-12-03 05:54 . 2011-12-03 05:54 399360 c:\windows\assembly\NativeImages_v4.0.30319_32\XamlBuildTask\9cf95bf323a2e8b8ebb09767edca7daa\XamlBuildTask.ni.dll
+ 2011-12-03 05:54 . 2011-12-03 05:54 245760 c:\windows\assembly\NativeImages_v4.0.30319_32\WindowsFormsIntegra#\bf56bd4e9996950950b4685dac7f2156\WindowsFormsIntegration.ni.dll
+ 2011-12-03 05:53 . 2011-12-03 05:53 481792 c:\windows\assembly\NativeImages_v4.0.30319_32\UIAutomationClient\00798a39f87603ae67392c44f85b1957\UIAutomationClient.ni.dll
+ 2011-12-03 05:52 . 2011-12-03 05:52 192512 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Form#\16146a27e749aa3b41f8614ac5d91a5a\System.Windows.Forms.DataVisualization.Design.ni.dll
+ 2011-12-03 05:52 . 2011-12-03 05:52 858112 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Extensio#\163a3ad4fcf047cc8fd58a704d465303\System.Web.Extensions.Design.ni.dll
+ 2011-12-03 05:51 . 2011-12-03 05:51 332288 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Entity\18d0e75a379b8a7b78c2ea388a8dee5e\System.Web.Entity.ni.dll
+ 2011-12-03 05:52 . 2011-12-03 05:52 296448 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Entity.D#\bdd0e7e97aeb4583b027c1f5c3dc70e3\System.Web.Entity.Design.ni.dll
+ 2011-12-03 05:51 . 2011-12-03 05:51 705536 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.DynamicD#\11dc66898c59964bafafa26015af7e33\System.Web.DynamicData.ni.dll
+ 2011-12-03 05:51 . 2011-12-03 05:51 256512 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.DataVisu#\ffe809526f44287843af04f8395bf3db\System.Web.DataVisualization.Design.ni.dll
+ 2011-12-03 05:49 . 2011-12-03 05:49 421888 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\bda2abbd99329ec5754835ef42f7b67e\System.ServiceModel.Activation.ni.dll
+ 2011-12-03 05:51 . 2011-12-03 05:51 365056 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\82ed1ab8f0885159082e80a036ff644b\System.ServiceModel.Routing.ni.dll
+ 2011-12-03 05:50 . 2011-12-03 05:50 651264 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Net\6826a32db8001b220cdd0d6e58aa465a\System.Net.ni.dll
+ 2011-12-03 05:49 . 2011-12-03 05:49 625152 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Messaging\291408f3000e5c3cf1b37a19fe92805d\System.Messaging.ni.dll
+ 2011-12-03 05:50 . 2011-12-03 05:50 392704 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Management.I#\9d6d586577a11ea9a64a425ef3c71908\System.Management.Instrumentation.ni.dll
+ 2011-12-03 05:50 . 2011-12-03 05:50 405504 c:\windows\assembly\NativeImages_v4.0.30319_32\System.IO.Log\f7cf3d2a43d81edd5f92789f6f3ee35c\System.IO.Log.ni.dll
+ 2011-12-03 05:49 . 2011-12-03 05:49 228352 c:\windows\assembly\NativeImages_v4.0.30319_32\System.IdentityMode#\9959125c968b7f2c43c656e1393b35ad\System.IdentityModel.Selectors.ni.dll
+ 2011-12-03 05:50 . 2011-12-03 05:50 911872 c:\windows\assembly\NativeImages_v4.0.30319_32\System.DirectorySer#\ee2d12ef14e9b70fac2f6d27146f2fe5\System.DirectoryServices.AccountManagement.ni.dll
+ 2011-12-03 05:50 . 2011-12-03 05:50 112128 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Device\27cf40470d358fe4a57e502a8350353d\System.Device.ni.dll
+ 2011-12-03 05:50 . 2011-12-03 05:50 499712 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.Service#\76cbd17901dceb508e8033ec9b1aedff\System.Data.Services.Design.ni.dll
+ 2011-12-02 20:01 . 2011-12-02 20:01 8761856 c:\windows\Installer\8edc99.msi
+ 2011-12-03 05:53 . 2011-12-03 05:53 1055744 c:\windows\assembly\NativeImages_v4.0.30319_32\UIAutomationClients#\f307842a5d932b4c92a71a1b77d1148b\UIAutomationClientsideProviders.ni.dll
+ 2011-12-03 05:53 . 2011-12-03 05:53 1203712 c:\windows\assembly\NativeImages_v4.0.30319_32\System.WorkflowServ#\c78cd3b6665dfbfb79a089860c4b5657\System.WorkflowServices.ni.dll
+ 2011-12-03 05:53 . 2011-12-03 05:53 1956352 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Workflow.Run#\f2cf4e023618dcfea77ea277f8d1ab1c\System.Workflow.Runtime.ni.dll
+ 2011-12-03 05:53 . 2011-12-03 05:53 4428800 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Workflow.Com#\6f60072b7dd1438d68763d4fb6fc0e58\System.Workflow.ComponentModel.ni.dll
+ 2011-12-03 05:53 . 2011-12-03 05:53 2839552 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Workflow.Act#\e11585c3b32f117d59213ed9f705de62\System.Workflow.Activities.ni.dll
+ 2011-12-03 05:52 . 2011-12-03 05:52 4496384 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Form#\7775d84ce45d39ac5eede2ba5e966a8a\System.Windows.Forms.DataVisualization.ni.dll
+ 2011-12-03 05:52 . 2011-12-03 05:52 2324992 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Mobile\fa3ff250eb47ea19e9ca5ca76b401dc9\System.Web.Mobile.ni.dll
+ 2011-12-03 05:49 . 2011-12-03 05:49 3078144 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Extensio#\e8ee7970db622d7593533307a2940507\System.Web.Extensions.ni.dll
+ 2011-12-03 05:51 . 2011-12-03 05:51 4429312 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.DataVisu#\c3cf77ba0b64c0199014512b1cc4bb3b\System.Web.DataVisualization.ni.dll
+ 2011-12-03 05:51 . 2011-12-03 05:51 1992192 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Speech\e59f0799f4351c001f2e4b72064df5de\System.Speech.ni.dll
+ 2011-12-03 05:47 . 2011-12-03 05:47 1046528 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\693efbadb4cca18d1a0fe24a355d7fba\System.ServiceModel.Web.ni.dll
+ 2011-12-03 05:49 . 2011-12-03 05:49 1388032 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\67c54ed5743b27d8e8570a7688de93ae\System.ServiceModel.Activities.ni.dll
+ 2011-12-03 05:50 . 2011-12-03 05:50 1127424 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\589e9eded9e383f4b7dfa4c66aa5c9bf\System.ServiceModel.Discovery.ni.dll
+ 2011-12-03 05:49 . 2011-12-03 05:49 1159168 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Management\848c4005079e434e04096d683fab1ded\System.Management.ni.dll
+ 2011-12-03 05:49 . 2011-12-03 05:49 1065984 c:\windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\81558b32b261e911f8f822f1de63fdca\System.IdentityModel.ni.dll
+ 2011-12-03 05:47 . 2011-12-03 05:47 2008576 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.Services\bdf098f2f805550379b6513ed626b9af\System.Data.Services.ni.dll
+ 2011-12-03 05:50 . 2011-12-03 05:50 1332736 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.Service#\b5abc386410cb0b80710bf5b1ca511dc\System.Data.Services.Client.ni.dll
+ 2011-12-03 05:47 . 2011-12-03 05:47 1398272 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.Entity.#\db3f400537f935d0417ee450fee31533\System.Data.Entity.Design.ni.dll
+ 2011-12-03 05:49 . 2011-12-03 05:49 2441728 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.JScript\657c944537a05caa1b1f55cffb8aabb9\Microsoft.JScript.ni.dll
+ 2011-12-03 05:49 . 2011-12-03 05:49 17919488 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\40f4f298c3c655b834c73b5046a9cd0b\System.ServiceModel.ni.dll
+ 2011-12-03 05:47 . 2011-12-03 05:47 13273600 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.Entity\7afa32d3d9ab340abd33e960a849685c\System.Data.Entity.ni.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-11-28 18:01 122512 ----a-w- d:\antiviry\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"COMODO Internet Security"="d:\firewally\ComodoFirewall\COMODO\COMODO Internet Security\cfp.exe" [2011-06-30 2554696]
"avast"="d:\antiviry\Avast\avastUI.exe" [2011-11-28 3744552]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "d:\antiviry\SUPERANTISPYWER\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- d:\antiviry\SUPERANTISPYWER\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\guard32.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 03:22 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2011-11-28 14:03 4617600 ----a-w- d:\antiviry\SUPERANTISPYWER\SUPERANTISPYWARE.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
2010-07-04 19:51 17408 ----a-w- d:\utility\Unlocker\UnlockerAssistant.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"sdCoreService"=2 (0x2)
"sdAuxService"=2 (0x2)
"sp_rssrv"=2 (0x2)
"cmdAgent"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [3.12.2011 5:36 435032]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [3.12.2011 5:36 314456]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [30.6.2011 9:38 242600]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [30.6.2011 9:38 29400]
R1 SASDIFSV;SASDIFSV;d:\antiviry\SUPERANTISPYWER\sasdifsv.sys [22.7.2011 17:27 12880]
R1 SASKUTIL;SASKUTIL;d:\antiviry\SUPERANTISPYWER\SASKUTIL.SYS [12.7.2011 22:55 67664]
R2 !SASCORE;SAS Core Service;d:\antiviry\SUPERANTISPYWER\SASCore.exe [12.8.2011 0:38 116608]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [3.12.2011 5:36 20568]
R3 PAC207;Trust WB-1400T Webcam;c:\windows\system32\drivers\PFC027.SYS [14.5.2007 9:26 508288]
R3 S3SAVAGE4;S3SAVAGE4;c:\windows\system32\drivers\s3savg4m.sys [10.8.2000 13:03 84704]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 13:16 130384]
S2 cmfd;cmfd;\??\d:\firewally\ComodoFirewall\cmfd.sys --> d:\firewally\ComodoFirewall\cmfd.sys [?]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [27.11.2011 14:32 252064]
S3 PRODIGY;PRODIGY;c:\windows\system32\drivers\prodigy.sys [15.5.2011 11:55 32377]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [12.6.2011 15:08 27064]
S3 S3SAVAGE4M;S3SAVAGE4M;c:\windows\system32\drivers\s3sav4m.sys [7.7.2008 17:00 77824]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.3.2010 13:16 753504]
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-03 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2011-11-27 18:13]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.sk/
uDefault_Search_URL = hxxp://www.google.com
mWindow Title = Microsoft Internet Explorer
uSearchAssistant = hxxp://www.google.com/ie
TCP: DhcpNameServer = 192.168.100.1
DPF: DirectAnimation Java Classes
DPF: Microsoft XML Parser for Java
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-12-03 12:51
Windows 5.1.2600 Service Pack 3 NTFS
.
detected NTDLL code modification:
ZwClose
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(820)
d:\antiviry\SUPERANTISPYWER\SASWINLO.DLL
.
- - - - - - - > 'lsass.exe'(900)
c:\windows\system32\MPR.dll
c:\windows\system32\guard32.dll
.
- - - - - - - > 'explorer.exe'(3784)
c:\windows\system32\guard32.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
d:\antiviry\SUPERANTISPYWER\SASSEH.DLL
c:\windows\system32\MPR.dll
.
------------------------ Other Running Processes ------------------------
.
d:\antiviry\Avast\AvastSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Google\Chrome\Application\chrome.exe
c:\program files\Google\Chrome\Application\chrome.exe
c:\program files\Google\Chrome\Application\chrome.exe
c:\program files\Google\Chrome\Application\chrome.exe
.
**************************************************************************
.
Completion time: 2011-12-03 12:59:53 - machine was rebooted
ComboFix-quarantined-files.txt 2011-12-03 11:59
ComboFix2.txt 2011-12-03 06:24
ComboFix3.txt 2011-12-02 14:07
.
Pre-Run: 1 950 113 792
Post-Run: 1 939 353 600
.
- - End Of File - - 13FEEA10A25346B4885C484D2C876ECB

Funguje Vam FW Comodo?

jak se chova PC