VIRY.CZ

Dobrý den,

žena si prohlédla azbukou psaný spam a zřejmě ta nahrála nějaký vir,avast ma deaktivivaný webový štít a nejde zapnout. našel tyto viry win64:Sirefef-A, Win32:Sirefef-KB, Win32: Sirefef-F, Win32:Trojan-gen, Win32:Bamital-AG, Win32:Zbooter-C
zasílám vytvořené logy.

Děkuji za pomoc

Logfile of random's system information tool 1.09 (written by random/random)
Run by Tobi at 2012-01-19 19:24:22
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 853 MB (6%) free of 13 GB
Total RAM: 511 MB (33% free)

HijackThis download failed

======Scheduled tasks folder======

C:\WINDOWS\tasks\ASC4_PerformanceMonitor.job

=========Mozilla firefox=========

ProfilePath - C:\Documents and Settings\Tobi\Data aplikací\Mozilla\Firefox\Profiles\9ssd5uko.default

prefs.js - "browser.startup.homepage" - "http://www.google.cz/"
prefs.js - "extensions.enabledItems" - "2020Player_IKEA@2020Technologies.com:5.0.93.0, xmlfiller@software602.cz:3.16.2, {A0A87DB2-80BA-493a-B22F-FAFBAEA3E0A2}:0.3.7, {0538E3E3-7E9B-4d49-8831-A227C80A7AD3}:2.0.21, {A4732521-77D9-447E-A557-B279AC923F06}:0.6.7, {1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}:0.4.6, {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21, jqs@sun.com:1.0, {20a82645-c095-46ed-80e3-08825760534b}:1.2.1, {37E4D8EA-8BDA-4831-8EA1-89053939A250}:3.0.0.2, wrc@avast.com:6.0.1367, {cc6ef5ab-35be-4300-bd07-d12850fc97ff}:4.0.2, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.5"

"{20a82645-c095-46ed-80e3-08825760534b}"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
"jqs@sun.com"=C:\Program Files\Java\jre6\lib\deploy\jqs\ff
"wrc@avast.com"=C:\Program Files\Alwil Software\Avast5\WebRep\FF


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=D:\PROGRA~2\Office14\NPAUTHZ.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=D:\PROGRA~2\Office14\NPSPWRAP.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

C:\Program Files\Mozilla Firefox\extensions\
xmlfiller@software602.cz
{972ce4c6-7e08-4474-a285-3208198ce6fd}
{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

C:\Program Files\Mozilla Firefox\components\
aboutCertError.js
aboutPrivateBrowsing.js
aboutRights.js
aboutRobots.js
aboutSessionRestore.js
browser.xpt
browserdirprovider.dll
brwsrcmp.dll
compreg.dat
FeedConverter.js
FeedProcessor.js
FeedWriter.js
fuelApplication.js
jsconsole-clhandler.js
NetworkGeolocationProvider.js
npCortona.xpt
nsAddonRepository.js
nsBadCertHandler.js
nsBlocklistService.js
nsBrowserContentHandler.js
nsBrowserGlue.js
nsContentDispatchChooser.js
nsContentPrefService.js
nsDefaultCLH.js
nsDownloadManagerUI.js
nsExtensionManager.js
nsHandlerService.js
nsHelperAppDlg.js
nsIFillerPlugin.xpt
nsIQTScriptablePlugin.xpt
nsLivemarkService.js
nsLoginInfo.js
nsLoginManager.js
nsLoginManagerPrompter.js
nsMicrosummaryService.js
nsPlacesDBFlush.js
nsPlacesTransactionsService.js
nsPostUpdateWin.js
nsPrivateBrowsingService.js
nsProxyAutoConfig.js
nsSafebrowsingApplication.js
nsSearchService.js
nsSearchSuggestions.js
nsSessionStartup.js
nsSessionStore.js
nsSetDefaultBrowser.js
nsSidebar.js
nsTaggingService.js
nsTryToClose.js
nsUpdateService.js
nsUrlClassifierLib.js
nsUrlClassifierListManager.js
nsURLFormatter.js
nsWebHandlerApp.js
pluginGlue.js
storage-Legacy.js
storage-mozStorage.js
txEXSLTRegExFunctions.js
WebContentConverter.js

C:\Program Files\Mozilla Firefox\plugins\
npCortona.dll
npdeployJava1.dll
npfiller.dll
npnul32.dll
nppdf32.dll
npqtplugin.dll
npqtplugin2.dll
npqtplugin3.dll
npqtplugin4.dll
npqtplugin5.dll
npqtplugin6.dll
npqtplugin7.dll
plywood.jar
QuickTimePlugin.class

C:\Program Files\Mozilla Firefox\searchplugins\
google.xml
jyxo-cz.xml
mall-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml

C:\Documents and Settings\Tobi\Data aplikací\Mozilla\Firefox\Profiles\9ssd5uko.default\extensions\
2020Player_IKEA@2020Technologies.com
staged-xpis
temp
xmlfiller@software602.cz
{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}
{20a82645-c095-46ed-80e3-08825760534b}
{37E4D8EA-8BDA-4831-8EA1-89053939A250}
{A0A87DB2-80BA-493a-B22F-FAFBAEA3E0A2}
{A4732521-77D9-447E-A557-B279AC923F06}
{cc6ef5ab-35be-4300-bd07-d12850fc97ff}
{FB5A4470-185E-442a-AF55-7F4669A5FF9F}
{FireCat-e3170330-0f65-11d9-9669-0800200c9a66}

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0347C33E-8762-4905-BF09-768834316C61}]
HP Print Enhancer - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2007-11-06 322880]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2011-09-05 63912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! WebRep - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll [2011-11-28 809040]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - D:\PROGRA~2\Office14\URLREDIR.DLL [2010-02-28 561552]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-08-18 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-08-18 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}]
HP Smart BHO Class - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2007-11-06 542016]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - avast! WebRep - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll [2011-11-28 809040]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2004-08-25 339968]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2006-01-11 577536]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-05-14 248552]
"avast"=C:\Program Files\Alwil Software\Avast5\avastUI.exe [2011-11-28 3744552]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-01-03 843712]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-09-06 413696]
"BCSSync"=D:\PROGRAMKY\Office14\BCSSync.exe [2010-03-13 91520]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"Advanced SystemCare 4"=C:\Program Files\IObit\Advanced SystemCare 4\ASCTray.exe [2011-05-28 412560]
"Spyware Doctor"=C:\Documents and Settings\Tobi\Plocha\sdsetup_revwire207[1].exe -min []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ioloDelayModule]
C:\Program Files\iolo\System Mechanic Professional 6\delay.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE2]
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe [2003-05-08 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Tobi^Nabídka Start^Programy^Po spuštění^OpenOffice.org 2.0.lnk]
C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe []

C:\Documents and Settings\Tobi\Nabídka Start\Programy\Po spuštění
_uninst_87978010.lnk - C:\Documents and Settings\Tobi\Local Settings\Temp\_uninst_87978010.bat

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2004-08-25 86016]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"G:\winbox.exe"="G:\winbox.exe:*:Enabled:winbox"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"D:\PROGRAMKY\strong dc\StrongDC.exe"="D:\PROGRAMKY\strong dc\StrongDC.exe:*:Enabled:StrongDC++"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\Azureus\Azureus.exe"="C:\Program Files\Azureus\Azureus.exe:*:Enabled:Azureus"
"C:\Program Files\FileZilla FTP Client\filezilla.exe"="C:\Program Files\FileZilla FTP Client\filezilla.exe:*:Enabled:FileZilla FTP Client"
"D:\PROGRAMKY\Archicad13\ArchiCAD.exe"="D:\PROGRAMKY\Archicad13\ArchiCAD.exe:*:Enabled:ArchiCAD 13.0.0 Component"
"C:\WINDOWS\explorer.exe"="C:\WINDOWS\explorer.exe:*:Enabled:Průzkumník Windows"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Disabled:Firefox"
"C:\Program Files\Internet Explorer\iexplore.exe"="C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer"
"C:\Documents and Settings\Tobi\Local Settings\Temporary Internet Files\Content.IE5\9NBPGLCK\sdsetup_revwire207[1].exe"="C:\Documents and Settings\Tobi\Local Settings\Temporary Internet Files\Content.IE5\9NBPGLCK\sdsetup_revwire207[1].exe:*:Enabled:PC Tools Installer"
"C:\Documents and Settings\Tobi\Local Settings\Temp\is-C761Q.tmp\sdsetup_revwire207_aff_dl.tmp"="C:\Documents and Settings\Tobi\Local Settings\Temp\is-C761Q.tmp\sdsetup_revwire207_aff_dl.tmp:*:Enabled:Setup/Uninstall"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"VIDC.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"VIDC.IYUV"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVU9"=tsbyuv.dll
"VIDC.YVYU"=msyuv.dll
"wavemapper"=msacm32.drv
"midi"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll
"wave"=serwvdrv.dll
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer1"=wdmaud.drv
"VIDC.HFYU"=huffyuv.dll
"VIDC.VIFP"=VFCodec.dll
"vidc.CDVC"=cdvccodc.dll
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer2"=wdmaud.drv

======File associations======

.js - open - NOTEPAD.EXE %1
.vbs - open - NOTEPAD.EXE %1

======List of files/folders created in the last 1 month======

2012-01-19 19:01:39 ----D---- C:\WINDOWS\LastGood
2012-01-19 19:00:47 ----A---- C:\TDSSKiller.2.7.5.0_19.01.2012_19.00.47_log.txt
2012-01-19 18:54:41 ----A---- C:\TDSSKiller.2.7.5.0_19.01.2012_18.54.41_log.txt
2012-01-19 18:53:42 ----D---- C:\Program Files\trend micro
2012-01-19 18:53:41 ----D---- C:\rsit
2012-01-19 18:51:19 ----A---- C:\WINDOWS\system32\drivers\TrueSight.sys
2012-01-16 21:33:51 ----D---- C:\Documents and Settings\All Users\Data aplikací\TEMP
2012-01-16 21:31:29 ----D---- C:\Documents and Settings\All Users\Data aplikací\PC Tools
2012-01-16 21:27:51 ----A---- C:\WINDOWS\ntbtlog.txt
2012-01-16 20:23:36 ----ASH---- C:\WINDOWS\system32\dds_log_trash.cmd
2012-01-11 14:07:14 ----HDC---- C:\WINDOWS\$NtUninstallKB2646524$
2012-01-11 14:06:58 ----HDC---- C:\WINDOWS\$NtUninstallKB2631813$
2012-01-11 14:02:21 ----HDC---- C:\WINDOWS\$NtUninstallKB2598479$
2012-01-11 13:56:17 ----HDC---- C:\WINDOWS\$NtUninstallKB2603381$
2012-01-11 13:56:04 ----HDC---- C:\WINDOWS\$NtUninstallKB2584146$

======List of files/folders modified in the last 1 month======

2012-01-19 19:23:11 ----D---- C:\Program Files\Mozilla Firefox
2012-01-19 19:22:10 ----D---- C:\WINDOWS\Temp
2012-01-19 19:22:10 ----D---- C:\WINDOWS\system32\drivers
2012-01-19 19:15:36 ----D---- C:\WINDOWS
2012-01-19 19:06:53 ----D---- C:\WINDOWS\Prefetch
2012-01-19 19:03:14 ----SHD---- C:\System Volume Information
2012-01-19 19:01:47 ----HD---- C:\WINDOWS\inf
2012-01-19 19:01:37 ----D---- C:\WINDOWS\system32\CatRoot2
2012-01-19 19:00:21 ----AC---- C:\WINDOWS\NeroDigital.ini
2012-01-19 18:58:19 ----A---- C:\WINDOWS\SchedLgU.Txt
2012-01-19 18:53:42 ----D---- C:\Program Files
2012-01-18 19:59:11 ----D---- C:\WINDOWS\system32
2012-01-18 07:57:48 ----RSHDC---- C:\WINDOWS\system32\dllcache
2012-01-17 20:27:30 ----SD---- C:\WINDOWS\Tasks
2012-01-17 20:27:30 ----D---- C:\WINDOWS\AutoKMS
2012-01-17 12:52:27 ----A---- C:\WINDOWS\KMSEmulator.exe
2012-01-15 13:43:44 ----D---- C:\Documents and Settings\All Users\Data aplikací\Microsoft Help
2012-01-14 19:46:42 ----D---- C:\Program Files\Mozilla Thunderbird
2012-01-11 16:26:23 ----D---- C:\WINDOWS\Microsoft.NET
2012-01-11 16:26:17 ----RSD---- C:\WINDOWS\assembly
2012-01-11 14:07:06 ----A---- C:\WINDOWS\imsins.BAK
2012-01-11 14:02:39 ----A---- C:\WINDOWS\system32\MRT.exe
2012-01-11 14:02:07 ----SHD---- C:\WINDOWS\Installer
2012-01-11 14:02:07 ----HD---- C:\Config.Msi
2012-01-11 14:00:53 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2012-01-11 14:00:17 ----D---- C:\WINDOWS\WinSxS
2012-01-11 13:56:13 ----HD---- C:\WINDOWS\$hf_mig$

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 nv_agp;NVIDIA nForce AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\nv_agp.sys [2002-09-06 13568]
R0 nvatabus;nvatabus; C:\WINDOWS\system32\DRIVERS\nvatabus.sys [2005-01-20 88960]
R0 nvidesm;nvidesm; C:\WINDOWS\system32\drivers\nvidesm.sys [2002-11-13 20224]
R0 prohlp02;StarForce Protection Helper Driver v2; C:\WINDOWS\System32\drivers\prohlp02.sys [2004-05-13 111808]
R0 prosync1;StarForce Protection Synchronization Driver v1; C:\WINDOWS\System32\drivers\prosync1.sys [2003-09-06 6944]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2005-12-05 20640]
R0 RecAgent;RecAgent; C:\WINDOWS\system32\DRIVERS\RecAgent.sys [2004-08-03 13776]
R0 sfhlp01;StarForce Protection Helper Driver; C:\WINDOWS\System32\drivers\sfhlp01.sys [2003-12-01 4832]
R0 xmasbus;xmasbus; C:\WINDOWS\system32\DRIVERS\xmasbus.sys [2003-12-25 141184]
R0 xmasscsi;xmasscsi; C:\WINDOWS\System32\Drivers\xmasscsi.sys [2003-12-23 5248]
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2011-11-28 30808]
R1 AmdK7;Ovladač procesoru AMD K7; C:\WINDOWS\system32\DRIVERS\amdk7.sys [2008-04-14 41600]
R1 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2011-11-28 34392]
R1 aswSnx;aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [2011-11-28 435032]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2011-11-28 314456]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2011-11-28 52952]
R1 cpuidlep;CpuIdle Pro System Driver; C:\WINDOWS\system32\drivers\cpuidlep.sys [2006-04-01 4484]
R1 GhPciScan;GhostPciScanner; \??\C:\Program Files\Symantec\Norton Ghost 2003\ghpciscan.sys []
R1 mbmiodrvr;mbmiodrvr; \??\C:\WINDOWS\system32\mbmiodrvr.sys []
R1 PQNTDrv;PQNTDrv; C:\WINDOWS\system32\drivers\PQNTDrv.sys [2002-09-16 4228]
R1 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-10-25 12032]
R2 Aspi32;Aspi32; C:\WINDOWS\System32\drivers\aspi32.sys [2005-11-21 16512]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2011-11-28 20568]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2011-11-28 111320]
R2 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2005-04-21 10624]
R2 hardlock;hardlock; \??\C:\WINDOWS\system32\drivers\hardlock.sys []
R2 Haspnt;Haspnt; \??\C:\WINDOWS\system32\drivers\Haspnt.sys []
R2 WIBUKEY;WIBU-KEY Kernel Driver; C:\WINDOWS\SYSTEM32\DRIVERS\WibuKey.sys [2006-11-22 72704]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2006-02-17 3846848]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2004-08-25 787456]
R3 atinevxx;ATI WDM Rage Theater Video NSP; C:\WINDOWS\system32\DRIVERS\atinevxx.sys [2005-02-01 165888]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 ms_mpu401;Microsoft MPU-401 MIDI UART Driver; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-17 2944]
R3 MVDCODEC;ATI WDM Specialized MVD Codec; C:\WINDOWS\system32\DRIVERS\atinmdxx.sys [2005-02-01 15360]
R3 Pcouffin;Low level access layer for CD devices; C:\WINDOWS\System32\Drivers\Pcouffin.sys [2006-04-29 47360]
R3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
R3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
S3 .afd;.afd; \? []
S3 .i8042prt;.i8042prt; \? []
S3 .ipsec;.ipsec; \? []
S3 .meiudf;.meiudf; \? []
S3 .mrxsmb;.mrxsmb; \? []
S3 .netbt;.netbt; \? []
S3 .prodrv06;.prodrv06; \? []
S3 .serial;.serial; \? []
S3 ALCXSENS;Service for WDM 3D Audio Driver; C:\WINDOWS\system32\drivers\ALCXSENS.SYS [2003-12-11 391424]
S3 ATICDSDr;ATICDSDr; \??\C:\Program Files\ATI Technologies\ATI Control Panel\atiicdxx.sys []
S3 atinrvxx;ATI WDM Rage Theater Video; C:\WINDOWS\system32\DRIVERS\atinrvxx.sys [2003-01-21 102400]
S3 ATITool;ATITool; \??\E:\zaloha thunderbird\Skype\atitool.sys []
S3 Bridge;Most MAC; C:\WINDOWS\system32\DRIVERS\bridge.sys [2008-04-13 71552]
S3 BridgeMP;Miniport mostu MAC; C:\WINDOWS\system32\DRIVERS\bridge.sys [2008-04-13 71552]
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 EL90XBC;3Com EtherLink XL 90XB/C Adapter Driver; C:\WINDOWS\system32\DRIVERS\el90xbc5.sys [2001-08-17 66591]
S3 ElbyDelay;ElbyDelay; C:\WINDOWS\System32\Drivers\ElbyDelay.sys [2005-04-12 4608]
S3 ENTECH;ENTECH; \??\C:\WINDOWS\system32\DRIVERS\ENTECH.sys []
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2007-10-31 49920]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2007-10-31 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2007-10-31 21568]
S3 kvpndev;Kerio VPN adapter; C:\WINDOWS\system32\DRIVERS\kvpndrv.sys [2005-07-26 66048]
S3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 Mtlmnt5;Mtlmnt5; C:\WINDOWS\system32\DRIVERS\Mtlmnt5.sys [2004-08-03 126686]
S3 Mtlstrm;Mtlstrm; C:\WINDOWS\system32\DRIVERS\Mtlstrm.sys [2004-08-03 1309184]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 NSNDIS5;NSNDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\NSNDIS5.SYS []
S3 NtMtlFax;NtMtlFax; C:\WINDOWS\system32\DRIVERS\NtMtlFax.sys [2004-08-03 180360]
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]
S3 nvax;Service for NVIDIA(R) nForce(TM) Audio Enumerator; C:\WINDOWS\system32\drivers\nvax.sys [2005-01-26 53376]
S3 nvnforce;Service for NVIDIA(R) nForce(TM) Audio; C:\WINDOWS\system32\drivers\nvapu.sys [2005-01-26 414336]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 Slntamr;Smart Link 56K Modem Driver; C:\WINDOWS\system32\DRIVERS\slntamr.sys [2004-08-03 404990]
S3 SlNtHal;SlNtHal; C:\WINDOWS\system32\DRIVERS\Slnthal.sys [2004-08-03 95424]
S3 SlWdmSup;SlWdmSup; C:\WINDOWS\system32\DRIVERS\SlWdmSup.sys [2004-08-03 13240]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 TrueSight;TrueSight; \??\c:\windows\system32\drivers\TrueSight.sys []
S3 usb_rndisx;Adaptér USB RNDIS; C:\WINDOWS\system32\DRIVERS\usb8023x.sys [2008-04-13 12800]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 usbser;Motorola USB Modem Driver; C:\WINDOWS\system32\DRIVERS\usbser.sys [2008-04-13 26112]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 ZD1211U(OvisLink);OvisLink WL-5480USB WLAN USB Driver(OvisLink); C:\WINDOWS\system32\DRIVERS\zd1211u.sys [2004-09-29 247296]
S3 ZDPNDIS5;ZDPNDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\ZDPNDIS5.SYS []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdvancedSystemCareService;Advanced SystemCare Service; C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe [2011-05-28 353168]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2004-08-25 389120]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2011-11-28 44768]
R2 DVD-RAM_Service;DVD-RAM_Service; C:\WINDOWS\system32\DVDRAMSV.exe [2003-05-23 106496]
R2 GhostStartService;GhostStartService; C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe [2002-08-14 200704]
R2 HNetInfo FTP Server;HNetInfo FTP Server; C:\Program Files\HNetInfo2\HServer\startsrv.exe [2004-11-20 57344]
R2 hpqddsvc;Služba HP CUE DeviceDiscovery; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-08-18 153376]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe [2001-02-23 270336]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 ofcservice;Lpds; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 SLService;SmartLinkService; C:\WINDOWS\system32\slserv.exe [2008-04-14 73796]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
R3 hpqcxs08;hpqcxs08; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2004-08-25 516096]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
S3 WinRM;Windows Remote Management (WS-Management); C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

RogueKiller V6.2.4 [01/12/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/fi ... guekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: Tobi [Admin rights]
Mode: Scan -- Date : 01/19/2012 19:23:12

¤¤¤ Bad processes: 2 ¤¤¤
[BLACKLIST] setup_11.0.0.1245.x01_2012_01_18_22_41.exe -- G:\viry\setup_11.0.0.1245.x01_2012_01_18_22_41.exe -> KILLED [TermProc]
[ROGUE ST] 2149787.exe -- C:\DOCUME~1\Tobi\LOCALS~1\Temp\RarSFX0\2149787.exe -> KILLED [TermProc]

¤¤¤ Registry Entries: 7 ¤¤¤
[SUSP PATH] HKCU\[...]\Run : Spyware Doctor (C:\Documents and Settings\Tobi\Plocha\sdsetup_revwire207[1].exe -min) -> FOUND
[SUSP PATH] HKUS\S-1-5-21-839522115-436374069-2146926659-1003[...]\Run : Spyware Doctor (C:\Documents and Settings\Tobi\Plocha\sdsetup_revwire207[1].exe -min) -> FOUND
[SUSP PATH] _uninst_87978010.lnk : C:\Documents and Settings\Tobi\Local Settings\Temp\_uninst_87978010.bat -> FOUND
[PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (219.93.174.108:553) -> FOUND
[DNS] HKLM\[...]\ControlSet001\Parameters\Interfaces\{724F97BB-5BE7-4E0F-A164-823B131CE347} : NameServer (212.158.128.2,212.158.128.3) -> FOUND
[DNS] HKLM\[...]\ControlSet003\Parameters\Interfaces\{724F97BB-5BE7-4E0F-A164-823B131CE347} : NameServer (212.158.128.2,212.158.128.3) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [LOADED] ¤¤¤
SSDT[277] : NtWriteVirtualMemory @ 0x8057F712 -> HOOKED (\SystemRoot\system32\DRIVERS\2149787drv.sys @ 0xB0977B52)
SSDT[267] : NtUnmapViewOfSection @ 0x8057A81E -> HOOKED (\SystemRoot\system32\DRIVERS\2149787drv.sys @ 0xB097B552)
SSDT[258] : NtTerminateThread @ 0x80577F1F -> HOOKED (\SystemRoot\system32\DRIVERS\2149787drv.sys @ 0xB09779C8)
SSDT[257] : NtTerminateProcess @ 0x805839B9 -> HOOKED (\SystemRoot\system32\DRIVERS\2149787drv.sys @ 0xB0977A68)
SSDT[255] : NtSystemDebugControl @ 0x8064AA57 -> HOOKED (\SystemRoot\system32\DRIVERS\2149787drv.sys @ 0xB097AA3E)
SSDT[254] : NtSuspendThread @ 0x805E05AB -> HOOKED (\SystemRoot\system32\DRIVERS\2149787drv.sys @ 0xB097BA2A)
SSDT[253] : NtSuspendProcess @ 0x8062FF21 -> HOOKED (\SystemRoot\system32\DRIVERS\2149787drv.sys @ 0xB097B8F0)
SSDT[247] : NtSetValueKey @ 0x8057BC5B -> HOOKED (\SystemRoot\system32\DRIVERS\2149787drv.sys @ 0xB0976816)
SSDT[240] : NtSetSystemInformation @ 0x805A8349 -> HOOKED (\SystemRoot\system32\DRIVERS\2149787drv.sys @ 0xB097B7FE)
SSDT[237] : NtSetSecurityObject @ 0x8059D2BD -> HOOKED (\SystemRoot\system32\DRIVERS\2149787drv.sys @ 0xB097ADAA)
SSDT[230] : NtSetInformationToken @ 0x805A8E5C -> HOOKED (\SystemRoot\system32\DRIVERS\2149787drv.sys @ 0xB097A154)
SSDT[213] : NtSetContextThread @ 0x8062E33F -> HOOKED (\SystemRoot\system32\DRIVERS\2149787drv.sys @ 0xB0977E38)
SSDT[210] : NtSecureConnectPort @ 0x80599040 -> HOOKED (\SystemRoot\system32\DRIVERS\2149787drv.sys @ 0xB0978B0E)
SSDT[207] : NtSaveKey @ 0x8064FB1A -> HOOKED (\SystemRoot\system32\DRIVERS\2149787drv.sys @ 0xB0975EAE)
SSDT[206] : NtResumeThread @ 0x80578E76 -> HOOKED (\SystemRoot\system32\DRIVERS\2149787drv.sys @ 0xB097BBC8)
SSDT[204] : NtRestoreKey @ 0x8064FA19 -> HOOKED (\SystemRoot\system32\DRIVERS\2149787drv.sys @ 0xB097628E)
SSDT[200] : NtRequestWaitReplyPort @ 0x8056DC86 -> HOOKED (\SystemRoot\system32\DRIVERS\2149787drv.sys @ 0xB097A8B4)
SSDT[195] : NtReplyWaitReceivePort @ 0x8056BC24 -> HOOKED (\SystemRoot\system32\DRIVERS\2149787drv.sys @ 0xB09796F2)
SSDT[194] : NtReplyPort @ 0x8057E67C -> HOOKED (\SystemRoot\system32\DRIVERS\2149787drv.sys @ 0xB097982C)
SSDT[193] : NtReplaceKey @ 0x8064FE82 -> HOOKED (\SystemRoot\system32\DRIVERS\2149787drv.sys @ 0xB0975F16)
SSDT[192] : NtRenameKey @ 0x8064F526 -> HOOKED (\SystemRoot\system32\DRIVERS\2149787drv.sys @ 0xB0976C2C)
SSDT[180] : NtQueueApcThread @ 0x8058F954 -> HOOKED (\SystemRoot\system32\DRIVERS\2149787drv.sys @ 0xB097AFA0)
SSDT[177] : NtQueryValueKey @ 0x8056A419 -> HOOKED (\SystemRoot\system32\DRIVERS\2149787drv.sys @ 0xB097699C)
SSDT[167] : NtQuerySection @ 0x8057EE6E -> HOOKED (\SystemRoot\system32\DRIVERS\2149787drv.sys @ 0xB097B6AE)
SSDT[161] : NtQueryMultipleValueKey @ 0x8064F0A7 -> HOOKED (\SystemRoot\system32\DRIVERS\2149787drv.sys @ 0xB0976D72)
SSDT[160] : NtQueryKey @ 0x80573B86 -> HOOKED (\SystemRoot\system32\DRIVERS\2149787drv.sys @ 0xB097713A)
SSDT[128] : NtOpenThread @ 0x8059323B -> HOOKED (\SystemRoot\system32\DRIVERS\2149787drv.sys @ 0xB09777BE)
SSDT[126] : NtOpenSemaphore @ 0x805DD9AC -> HOOKED (\SystemRoot\system32\DRIVERS\2149787drv.sys @ 0xB09794C8)
SSDT[125] : NtOpenSection @ 0x8056E467 -> HOOKED (\SystemRoot\system32\DRIVERS\2149787drv.sys @ 0xB097B10E)
SSDT[122] : NtOpenProcess @ 0x80574AA9 -> HOOKED (\SystemRoot\system32\DRIVERS\2149787drv.sys @ 0xB09778CC)
SSDT[120] : NtOpenMutant @ 0x80577676 -> HOOKED (\SystemRoot\system32\DRIVERS\2149787drv.sys @ 0xB0979288)
SSDT[119] : NtOpenKey @ 0x80568F68 -> HOOKED (\SystemRoot\system32\DRIVERS\2149787drv.sys @ 0xB09766C0)
SSDT[116] : NtOpenFile @ 0x8056F7FF -> HOOKED (\SystemRoot\system32\DRIVERS\2149787drv.sys @ 0xB0978016)
SSDT[114] : NtOpenEvent @ 0x8057FC98 -> HOOKED (\SystemRoot\system32\DRIVERS\2149787drv.sys @ 0xB09793A8)
SSDT[111] : NtNotifyChangeKey @ 0x80593FAA -> HOOKED (\SystemRoot\system32\DRIVERS\2149787drv.sys @ 0xB09771CE)
SSDT[108] : NtMapViewOfSection @ 0x8057AC99 -> HOOKED (\SystemRoot\system32\DRIVERS\2149787drv.sys @ 0xB097B374)
SSDT[99] : NtLoadKey2 @ 0x805AF400 -> HOOKED (\SystemRoot\system32\DRIVERS\2149787drv.sys @ 0xB09764EE)
SSDT[98] : NtLoadKey @ 0x805AF5C3 -> HOOKED (\SystemRoot\system32\DRIVERS\2149787drv.sys @ 0xB09764DC)
SSDT[97] : NtLoadDriver @ 0x805A425D -> HOOKED (\SystemRoot\system32\DRIVERS\2149787drv.sys @ 0xB097AC0C)
SSDT[84] : NtFsControlFile @ 0x805770E0 -> HOOKED (\SystemRoot\system32\DRIVERS\2149787drv.sys @ 0xB0978500)
SSDT[73] : NtEnumerateValueKey @ 0x8057FB2B -> HOOKED (\SystemRoot\system32\DRIVERS\2149787drv.sys @ 0xB09770A2)
SSDT[71] : NtEnumerateKey @ 0x80573E7D -> HOOKED (\SystemRoot\system32\DRIVERS\2149787drv.sys @ 0xB097700A)
SSDT[68] : NtDuplicateObject @ 0x805748C2 -> HOOKED (\SystemRoot\system32\DRIVERS\2149787drv.sys @ 0xB097BD26)
SSDT[66] : NtDeviceIoControlFile @ 0x805795B9 -> HOOKED (\SystemRoot\system32\DRIVERS\2149787drv.sys @ 0xB09786F2)
SSDT[65] : NtDeleteValueKey @ 0x80595C1A -> HOOKED (\SystemRoot\system32\DRIVERS\2149787drv.sys @ 0xB0976EBE)
SSDT[63] : NtDeleteKey @ 0x80597FFA -> HOOKED (\SystemRoot\system32\DRIVERS\2149787drv.sys @ 0xB0976B0A)
SSDT[57] : NtDebugActiveProcess @ 0x8065BF7D -> HOOKED (\SystemRoot\system32\DRIVERS\2149787drv.sys @ 0xB097AB1A)
SSDT[56] : NtCreateWaitablePort @ 0x805DB3E4 -> HOOKED (\SystemRoot\system32\DRIVERS\2149787drv.sys @ 0xB0979162)
SSDT[53] : NtCreateThread @ 0x80578803 -> HOOKED (\SystemRoot\system32\DRIVERS\2149787drv.sys @ 0xB0977C1C)
SSDT[51] : NtCreateSemaphore @ 0x8057B80D -> HOOKED (\SystemRoot\system32\DRIVERS\2149787drv.sys @ 0xB0979432)
SSDT[50] : NtCreateSection @ 0x80565333 -> HOOKED (\SystemRoot\system32\DRIVERS\2149787drv.sys @ 0xB0977426)
SSDT[46] : NtCreatePort @ 0x805893C7 -> HOOKED (\SystemRoot\system32\DRIVERS\2149787drv.sys @ 0xB09790CC)
SSDT[44] : NtCreateNamedPipeFile @ 0x80585619 -> HOOKED (\SystemRoot\system32\DRIVERS\2149787drv.sys @ 0xB097727E)
SSDT[43] : NtCreateMutant @ 0x805775C8 -> HOOKED (\SystemRoot\system32\DRIVERS\2149787drv.sys @ 0xB09791F8)
SSDT[41] : NtCreateKey @ 0x8057376F -> HOOKED (\SystemRoot\system32\DRIVERS\2149787drv.sys @ 0xB0976500)
SSDT[37] : NtCreateFile @ 0x8056F864 -> HOOKED (\SystemRoot\system32\DRIVERS\2149787drv.sys @ 0xB0978270)
SSDT[35] : NtCreateEvent @ 0x80570022 -> HOOKED (\SystemRoot\system32\DRIVERS\2149787drv.sys @ 0xB0979312)
SSDT[31] : NtConnectPort @ 0x8059110B -> HOOKED (\SystemRoot\system32\DRIVERS\2149787drv.sys @ 0xB0978DC8)
SSDT[25] : NtClose @ 0x80567AED -> HOOKED (\SystemRoot\system32\DRIVERS\2149787drv.sys @ 0xB0977F94)
SSDT[11] : NtAdjustPrivilegesToken @ 0x8059B554 -> HOOKED (\SystemRoot\system32\DRIVERS\2149787drv.sys @ 0xB0977690)
S_SSDT[552] : Unknown -> HOOKED (\SystemRoot\system32\DRIVERS\2149787drv.sys @ 0xB0987CE8)
S_SSDT[549] : Unknown -> HOOKED (\SystemRoot\system32\DRIVERS\2149787drv.sys @ 0xB0987C90)
S_SSDT[529] : Unknown -> HOOKED (\SystemRoot\system32\DRIVERS\2149787drv.sys @ 0xB0988698)
S_SSDT[502] : Unknown -> HOOKED (\SystemRoot\system32\DRIVERS\2149787drv.sys @ 0xB0987EEE)
S_SSDT[491] : Unknown -> HOOKED (\SystemRoot\system32\DRIVERS\2149787drv.sys @ 0xB0987FD2)
S_SSDT[476] : Unknown -> HOOKED (\SystemRoot\system32\DRIVERS\2149787drv.sys @ 0xB0987E36)
S_SSDT[475] : Unknown -> HOOKED (\SystemRoot\system32\DRIVERS\2149787drv.sys @ 0xB0987DE2)
S_SSDT[460] : Unknown -> HOOKED (\SystemRoot\system32\DRIVERS\2149787drv.sys @ 0xB0987E8E)
S_SSDT[416] : Unknown -> HOOKED (\SystemRoot\system32\DRIVERS\2149787drv.sys @ 0xB0987D96)
S_SSDT[414] : Unknown -> HOOKED (\SystemRoot\system32\DRIVERS\2149787drv.sys @ 0xB098804A)
S_SSDT[383] : Unknown -> HOOKED (\SystemRoot\system32\DRIVERS\2149787drv.sys @ 0xB0987D4A)
S_SSDT[378] : Unknown -> HOOKED (\SystemRoot\system32\DRIVERS\2149787drv.sys @ 0xB0987F3C)
S_SSDT[312] : Unknown -> HOOKED (\SystemRoot\system32\DRIVERS\2149787drv.sys @ 0xB09882C6)
S_SSDT[307] : Unknown -> HOOKED (\SystemRoot\system32\DRIVERS\2149787drv.sys @ 0xB09887E6)
S_SSDT[292] : Unknown -> HOOKED (\SystemRoot\system32\DRIVERS\2149787drv.sys @ 0xB0988182)
S_SSDT[237] : Unknown -> HOOKED (\SystemRoot\system32\DRIVERS\2149787drv.sys @ 0xB098825E)
S_SSDT[227] : Unknown -> HOOKED (\SystemRoot\system32\DRIVERS\2149787drv.sys @ 0xB09881EE)
S_SSDT[13] : Unknown -> HOOKED (\SystemRoot\system32\DRIVERS\2149787drv.sys @ 0xB0988118)

¤¤¤ Infection : ZeroAccess ¤¤¤
[ZeroAccess] (LOCKED) windir\NtUpdateKBxxxx present!

¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: +++++
--- User ---
[MBR] 3272c7ebfa7a61b8aaa974765e9b6d54
[BSP] c21399dcc2413c7f81cfdaea07eba051 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS [VISIBLE] Offset (sectors): 63 | Size: 14155 Mo
1 - [XXXXXX] UNKNW [VISIBLE] Offset (sectors): 27647865 | Size: 235901 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

+++++ PhysicalDrive1: +++++
--- User ---
[MBR] 566e4ce2aaab807a903a45caea1d6724
[BSP] 33a07a59d299ab4ea9f4ab0156f9d86f : Windows XP MBR Code
Partition table:
0 - [ACTIVE] FAT32 [VISIBLE] Offset (sectors): 63 | Size: 4051 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt

Zdravim a pekne rano preji

Poprosim o tyto logy

• C:\TDSSKiller.2.7.5.0_19.01.2012_19.00.47_log.txt
  C:\TDSSKiller.2.7.5.0_19.01.2012_18.54.41_log.txt

Spustte znovu RogueKiller

• Ukoncete vsechny programy
• Pokud pouzivate Win Vista ci W7, kliknete na RogueKiller pravym a dejte Run As Administrator ci Spustit jako spravce
• Zvolte moznost 2 a potvrte enterem
• Utilita provede svou cinnost a da log - ten sem vlozte
• Nyni znovu, ale zvolte moznost 3 a pote jeste 4 - logy opet vlozte

tak posilam vsechny logy, dekuji

18:54:41.0265 3700 TDSS rootkit removing tool 2.7.5.0 Jan 18 2012 09:26:24
18:54:41.0312 3700 ============================================================
18:54:41.0312 3700 Current date / time: 2012/01/19 18:54:41.0312
18:54:41.0312 3700 SystemInfo:
18:54:41.0312 3700
18:54:41.0312 3700 OS Version: 5.1.2600 ServicePack: 3.0
18:54:41.0312 3700 Product type: Workstation
18:54:41.0312 3700 ComputerName: CERNA-DIRA07
18:54:41.0312 3700 UserName: Tobi
18:54:41.0312 3700 Windows directory: C:\WINDOWS
18:54:41.0312 3700 System windows directory: C:\WINDOWS
18:54:41.0312 3700 Processor architecture: Intel x86
18:54:41.0312 3700 Number of processors: 1
18:54:41.0328 3700 Page size: 0x1000
18:54:41.0328 3700 Boot type: Normal boot
18:54:41.0328 3700 ============================================================
18:54:42.0062 3700 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
18:54:42.0078 3700 Drive \Device\Harddisk1\DR5 - Size: 0xF1800000 (3.77 Gb), SectorSize: 0x200, Cylinders: 0x1EC, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
18:54:42.0203 3700 Initialize success
18:54:46.0421 3744 ============================================================
18:54:46.0421 3744 Scan started
18:54:46.0421 3744 Mode: Manual;
18:54:46.0421 3744 ============================================================
18:54:46.0515 3744 .afd - ok
18:54:46.0531 3744 .i8042prt - ok
18:54:46.0546 3744 .ipsec - ok
18:54:46.0562 3744 .meiudf - ok
18:54:46.0578 3744 .mrxsmb - ok
18:54:46.0640 3744 .netbt - ok
18:54:46.0671 3744 .prodrv06 - ok
18:54:46.0812 3744 .serial - ok
18:54:47.0437 3744 Aavmker4 (b6de0336f9f4b687b4ff57939f7b657a) C:\WINDOWS\system32\drivers\Aavmker4.sys
18:54:47.0453 3744 Aavmker4 - ok
18:54:47.0484 3744 Abiosdsk - ok
18:54:47.0515 3744 abp480n5 - ok
18:54:47.0578 3744 ACPI (4fe34f1f3126b61fcc6b2043aa8112c9) C:\WINDOWS\system32\DRIVERS\ACPI.sys
18:54:47.0578 3744 ACPI - ok
18:54:47.0625 3744 ACPIEC (afdff022a01f0b11c776f0860c3b282f) C:\WINDOWS\system32\drivers\ACPIEC.sys
18:54:47.0625 3744 ACPIEC - ok
18:54:47.0656 3744 adpu160m - ok
18:54:47.0734 3744 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
18:54:47.0734 3744 aec - ok
18:54:47.0765 3744 Aha154x - ok
18:54:47.0796 3744 aic78u2 - ok
18:54:47.0828 3744 aic78xx - ok
18:54:47.0890 3744 ALCXSENS (fbbcb95f677cbaa924140b6ea2d9a97b) C:\WINDOWS\system32\drivers\ALCXSENS.SYS
18:54:47.0906 3744 ALCXSENS - ok
18:54:48.0078 3744 ALCXWDM (1f753af649021cece56451fb60d0a015) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
18:54:48.0203 3744 ALCXWDM - ok
18:54:48.0265 3744 AliIde - ok
18:54:48.0312 3744 AmdK7 (3980814f8027d27ea003e2e3d9d4f604) C:\WINDOWS\system32\DRIVERS\amdk7.sys
18:54:48.0312 3744 AmdK7 - ok
18:54:48.0359 3744 amsint - ok
18:54:48.0390 3744 asc - ok
18:54:48.0421 3744 asc3350p - ok
18:54:48.0468 3744 asc3550 - ok
18:54:48.0531 3744 Aspi32 (54ab078660e536da72b21a27f56b035b) C:\WINDOWS\system32\drivers\aspi32.sys
18:54:48.0531 3744 Aspi32 - ok
18:54:48.0593 3744 aswFsBlk (054df24c92b55427e0757cfff160e4f2) C:\WINDOWS\system32\drivers\aswFsBlk.sys
18:54:48.0593 3744 aswFsBlk - ok
18:54:48.0640 3744 aswMon2 (ef0e9ad83380724bd6fbbb51d2d0f5b8) C:\WINDOWS\system32\drivers\aswMon2.sys
18:54:48.0656 3744 aswMon2 - ok
18:54:48.0703 3744 aswRdr (352d5a48ebab35a7693b048679304831) C:\WINDOWS\system32\drivers\aswRdr.sys
18:54:48.0703 3744 aswRdr - ok
18:54:48.0828 3744 aswSnx (8d34d2b24297e27d93e847319abfdec4) C:\WINDOWS\system32\drivers\aswSnx.sys
18:54:48.0843 3744 aswSnx - ok
18:54:48.0921 3744 aswSP (010012597333da1f46c3243f33f8409e) C:\WINDOWS\system32\drivers\aswSP.sys
18:54:48.0921 3744 aswSP - ok
18:54:48.0968 3744 aswTdi (f9f84364416658e9786235904d448d37) C:\WINDOWS\system32\drivers\aswTdi.sys
18:54:48.0984 3744 aswTdi - ok
18:54:49.0015 3744 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
18:54:49.0031 3744 AsyncMac - ok
18:54:49.0062 3744 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
18:54:49.0078 3744 atapi - ok
18:54:49.0109 3744 Atdisk - ok
18:54:49.0187 3744 ati2mtag (f0d0b0cdec0be32d775f404cac2604bf) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
18:54:49.0218 3744 ati2mtag - ok
18:54:49.0265 3744 ATICDSDr (e79e06347fecb3d70135bc9776393e51) C:\Program Files\ATI Technologies\ATI Control Panel\atiicdxx.sys
18:54:49.0281 3744 ATICDSDr - ok
18:54:49.0328 3744 atinevxx (3a1e812f42e1729ca85abf2d756837d3) C:\WINDOWS\system32\DRIVERS\atinevxx.sys
18:54:49.0328 3744 atinevxx - ok
18:54:49.0375 3744 atinrvxx (3c8b609eb8a2498772ce4defee718f14) C:\WINDOWS\system32\DRIVERS\atinrvxx.sys
18:54:49.0375 3744 atinrvxx - ok
18:54:49.0390 3744 ATITool - ok
18:54:49.0437 3744 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
18:54:49.0437 3744 Atmarpc - ok
18:54:49.0500 3744 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
18:54:49.0500 3744 audstub - ok
18:54:49.0562 3744 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
18:54:49.0562 3744 Beep - ok
18:54:49.0609 3744 Bridge (f934d1b230f84e1d19dd00ac5a7a83ed) C:\WINDOWS\system32\DRIVERS\bridge.sys
18:54:49.0609 3744 Bridge - ok
18:54:49.0625 3744 BridgeMP (f934d1b230f84e1d19dd00ac5a7a83ed) C:\WINDOWS\system32\DRIVERS\bridge.sys
18:54:49.0640 3744 BridgeMP - ok
18:54:49.0687 3744 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
18:54:49.0687 3744 cbidf2k - ok
18:54:49.0734 3744 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
18:54:49.0734 3744 CCDECODE - ok
18:54:49.0750 3744 cd20xrnt - ok
18:54:49.0796 3744 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
18:54:49.0812 3744 Cdaudio - ok
18:54:49.0843 3744 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
18:54:49.0843 3744 Cdfs - ok
18:54:49.0890 3744 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
18:54:49.0890 3744 Cdrom - ok
18:54:49.0921 3744 Changer - ok
18:54:49.0984 3744 CmdIde - ok
18:54:50.0046 3744 Cpqarray - ok
18:54:50.0078 3744 cpuidlep (3a1dc7c08ae1af450ffd753a0fd82f9d) C:\WINDOWS\system32\drivers\cpuidlep.sys
18:54:50.0078 3744 cpuidlep - ok
18:54:50.0125 3744 dac2w2k - ok
18:54:50.0156 3744 dac960nt - ok
18:54:50.0218 3744 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
18:54:50.0218 3744 Disk - ok
18:54:50.0296 3744 dmboot (db5fd2bf5b07dc54bfcb3664ff05bd7c) C:\WINDOWS\system32\drivers\dmboot.sys
18:54:50.0312 3744 dmboot - ok
18:54:50.0359 3744 dmio (fff1720af51171f32f1ead5cf71f2810) C:\WINDOWS\system32\drivers\dmio.sys
18:54:50.0375 3744 dmio - ok
18:54:50.0421 3744 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
18:54:50.0421 3744 dmload - ok
18:54:50.0468 3744 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
18:54:50.0484 3744 DMusic - ok
18:54:50.0531 3744 dpti2o - ok
18:54:50.0562 3744 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
18:54:50.0562 3744 drmkaud - ok
18:54:50.0625 3744 EL90XBC (6e883bf518296a40959131c2304af714) C:\WINDOWS\system32\DRIVERS\el90xbc5.sys
18:54:50.0625 3744 EL90XBC - ok
18:54:50.0671 3744 ElbyCDIO (084a13f18856d610d44d3109a9d2acde) C:\WINDOWS\system32\Drivers\ElbyCDIO.sys
18:54:50.0671 3744 ElbyCDIO - ok
18:54:50.0718 3744 ElbyDelay (df9957db3bfe5136aad3c2c101806c98) C:\WINDOWS\system32\Drivers\ElbyDelay.sys
18:54:50.0718 3744 ElbyDelay - ok
18:54:50.0781 3744 ENTECH (fd9fc82f134b1c91004ffc76a5ae494b) C:\WINDOWS\system32\DRIVERS\ENTECH.sys
18:54:50.0781 3744 ENTECH - ok
18:54:50.0843 3744 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
18:54:50.0843 3744 Fastfat - ok
18:54:50.0890 3744 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
18:54:50.0890 3744 Fdc - ok
18:54:50.0937 3744 Fips (ac366695a0796560aa37215ad5762aaf) C:\WINDOWS\system32\drivers\Fips.sys
18:54:50.0937 3744 Fips - ok
18:54:50.0968 3744 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
18:54:50.0968 3744 Flpydisk - ok
18:54:51.0015 3744 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
18:54:51.0015 3744 FltMgr - ok
18:54:51.0062 3744 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
18:54:51.0062 3744 Fs_Rec - ok
18:54:51.0093 3744 Ftdisk (4e664d8541db4a66b73a24257e322e1f) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
18:54:51.0109 3744 Ftdisk - ok
18:54:51.0140 3744 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys
18:54:51.0156 3744 gameenum - ok
18:54:51.0203 3744 GhPciScan (4d0e1ddfc571285a0bbabb0a534f4d3d) C:\Program Files\Symantec\Norton Ghost 2003\ghpciscan.sys
18:54:51.0218 3744 GhPciScan - ok
18:54:51.0250 3744 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
18:54:51.0250 3744 Gpc - ok
18:54:51.0312 3744 hardlock (f3e34776d8b8ab665d051a8674fdf4cc) C:\WINDOWS\system32\drivers\hardlock.sys
18:54:51.0343 3744 hardlock - ok
18:54:51.0375 3744 Haspnt (2dd25f060dc9f79b5cdf33d90ed93669) C:\WINDOWS\system32\drivers\Haspnt.sys
18:54:51.0390 3744 Haspnt - ok
18:54:51.0453 3744 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
18:54:51.0453 3744 HidUsb - ok
18:54:51.0500 3744 hpn - ok
18:54:51.0562 3744 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
18:54:51.0578 3744 HPZid412 - ok
18:54:51.0625 3744 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
18:54:51.0625 3744 HPZipr12 - ok
18:54:51.0671 3744 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
18:54:51.0671 3744 HPZius12 - ok
18:54:51.0734 3744 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
18:54:51.0750 3744 HTTP - ok
18:54:51.0796 3744 i2omgmt - ok
18:54:51.0812 3744 i2omp - ok
18:54:51.0875 3744 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
18:54:51.0890 3744 Imapi - ok
18:54:51.0937 3744 ini910u - ok
18:54:51.0984 3744 IntelIde - ok
18:54:52.0015 3744 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
18:54:52.0031 3744 Ip6Fw - ok
18:54:52.0062 3744 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
18:54:52.0078 3744 IpFilterDriver - ok
18:54:52.0109 3744 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
18:54:52.0125 3744 IpInIp - ok
18:54:52.0171 3744 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
18:54:52.0171 3744 IpNat - ok
18:54:52.0203 3744 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
18:54:52.0203 3744 IRENUM - ok
18:54:52.0250 3744 isapnp (cc9f8a2d60aed1a51a3ac34c59b987ae) C:\WINDOWS\system32\DRIVERS\isapnp.sys
18:54:52.0250 3744 isapnp - ok
18:54:52.0296 3744 Kbdclass (1b6162fe7f66b1a71a4b70f941c4aa9b) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
18:54:52.0296 3744 Kbdclass - ok
18:54:52.0343 3744 kbdhid (86c8f23616c6c6e5b2776901c17b945b) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
18:54:52.0343 3744 kbdhid - ok
18:54:52.0390 3744 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
18:54:52.0406 3744 kmixer - ok
18:54:52.0453 3744 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
18:54:52.0468 3744 KSecDD - ok
18:54:52.0515 3744 kvpndev (40a4bcbc4d016a3798d9a736817a9c28) C:\WINDOWS\system32\DRIVERS\kvpndrv.sys
18:54:52.0515 3744 kvpndev - ok
18:54:52.0578 3744 lbrtfdc - ok
18:54:52.0640 3744 mbmiodrvr (290fb01f7f51eff0960599404a09f8d6) C:\WINDOWS\system32\mbmiodrvr.sys
18:54:52.0640 3744 mbmiodrvr - ok
18:54:52.0703 3744 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
18:54:52.0718 3744 mnmdd - ok
18:54:52.0765 3744 Modem (44032b0c6d9954d3fd26438330b99ee7) C:\WINDOWS\system32\drivers\Modem.sys
18:54:52.0765 3744 Modem - ok
18:54:52.0812 3744 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
18:54:52.0812 3744 MODEMCSA - ok
18:54:52.0859 3744 Mouclass (4cb582831dbde63ce43b45d771218374) C:\WINDOWS\system32\DRIVERS\mouclass.sys
18:54:52.0859 3744 Mouclass - ok
18:54:52.0906 3744 mouhid (bb269eba740737ab749b214d568b6812) C:\WINDOWS\system32\DRIVERS\mouhid.sys
18:54:52.0906 3744 mouhid - ok
18:54:52.0953 3744 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
18:54:52.0953 3744 MountMgr - ok
18:54:52.0984 3744 mraid35x - ok
18:54:53.0031 3744 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
18:54:53.0031 3744 MRxDAV - ok
18:54:53.0093 3744 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
18:54:53.0093 3744 Msfs - ok
18:54:53.0140 3744 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
18:54:53.0140 3744 MSKSSRV - ok
18:54:53.0171 3744 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
18:54:53.0187 3744 MSPCLOCK - ok
18:54:53.0218 3744 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
18:54:53.0218 3744 MSPQM - ok
18:54:53.0250 3744 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
18:54:53.0265 3744 mssmbios - ok
18:54:53.0296 3744 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
18:54:53.0296 3744 MSTEE - ok
18:54:53.0343 3744 ms_mpu401 (ca3e22598f411199adc2dfee76cd0ae0) C:\WINDOWS\system32\drivers\msmpu401.sys
18:54:53.0343 3744 ms_mpu401 - ok
18:54:53.0390 3744 Mtlmnt5 (c53775780148884ac87c455489a0c070) C:\WINDOWS\system32\DRIVERS\Mtlmnt5.sys
18:54:53.0390 3744 Mtlmnt5 - ok
18:54:53.0484 3744 Mtlstrm (54886a652bf5685192141df304e923fd) C:\WINDOWS\system32\DRIVERS\Mtlstrm.sys
18:54:53.0531 3744 Mtlstrm - ok
18:54:53.0578 3744 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
18:54:53.0593 3744 Mup - ok
18:54:53.0625 3744 MVDCODEC (266dda3309e41b2e28f718e050a7f558) C:\WINDOWS\system32\DRIVERS\atinmdxx.sys
18:54:53.0625 3744 MVDCODEC - ok
18:54:53.0671 3744 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
18:54:53.0671 3744 NABTSFEC - ok
18:54:53.0718 3744 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
18:54:53.0718 3744 NDIS - ok
18:54:53.0765 3744 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
18:54:53.0765 3744 NdisIP - ok
18:54:53.0828 3744 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
18:54:53.0828 3744 NdisTapi - ok
18:54:53.0859 3744 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
18:54:53.0859 3744 Ndisuio - ok
18:54:53.0906 3744 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
18:54:53.0906 3744 NdisWan - ok
18:54:53.0953 3744 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
18:54:53.0968 3744 NDProxy - ok
18:54:54.0015 3744 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
18:54:54.0015 3744 NetBIOS - ok
18:54:54.0093 3744 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
18:54:54.0109 3744 Npfs - ok
18:54:54.0156 3744 NSNDIS5 (53f7546e8daefb3a0813f5e19c4613c9) C:\WINDOWS\system32\NSNDIS5.SYS
18:54:54.0156 3744 NSNDIS5 - ok
18:54:54.0218 3744 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
18:54:54.0250 3744 Ntfs - ok
18:54:54.0312 3744 NtMtlFax (576b34ceae5b7e5d9fd2775e93b3db53) C:\WINDOWS\system32\DRIVERS\NtMtlFax.sys
18:54:54.0328 3744 NtMtlFax - ok
18:54:54.0359 3744 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
18:54:54.0359 3744 Null - ok
18:54:54.0484 3744 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
18:54:54.0546 3744 nv - ok
18:54:54.0593 3744 nvatabus (a1f88223528aadbb6374132becbbdcc1) C:\WINDOWS\system32\DRIVERS\nvatabus.sys
18:54:54.0593 3744 nvatabus - ok
18:54:54.0640 3744 nvax (2cfb1d1a2851d97bd78060dc447b1762) C:\WINDOWS\system32\drivers\nvax.sys
18:54:54.0640 3744 nvax - ok
18:54:54.0687 3744 nvidesm (857acf58d21d6a7f2eab84fb54b4eda4) C:\WINDOWS\system32\drivers\nvidesm.sys
18:54:54.0687 3744 nvidesm - ok
18:54:54.0734 3744 nvnforce (24a515429c91a905b97781752110d7fe) C:\WINDOWS\system32\drivers\nvapu.sys
18:54:54.0765 3744 nvnforce - ok
18:54:54.0796 3744 nv_agp (db36442c20793c53b4128eb85f9a3d32) C:\WINDOWS\system32\DRIVERS\nv_agp.sys
18:54:54.0796 3744 nv_agp - ok
18:54:54.0843 3744 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
18:54:54.0843 3744 NwlnkFlt - ok
18:54:54.0890 3744 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
18:54:54.0890 3744 NwlnkFwd - ok
18:54:54.0968 3744 Parport (46f8db73b4a53e543f8e371dc7c75bae) C:\WINDOWS\system32\DRIVERS\parport.sys
18:54:54.0968 3744 Parport - ok
18:54:55.0015 3744 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
18:54:55.0015 3744 PartMgr - ok
18:54:55.0046 3744 ParVdm (1fae19d0457176318bba4a8795656ebc) C:\WINDOWS\system32\drivers\ParVdm.sys
18:54:55.0062 3744 ParVdm - ok
18:54:55.0093 3744 PCI (6ce351d149cb4befc702951e471e1730) C:\WINDOWS\system32\DRIVERS\pci.sys
18:54:55.0093 3744 PCI - ok
18:54:55.0125 3744 PCIDump - ok
18:54:55.0171 3744 PCIIde (2da4ec85e0ea7a45c6b2a05820492d5a) C:\WINDOWS\system32\DRIVERS\pciide.sys
18:54:55.0171 3744 PCIIde - ok
18:54:55.0218 3744 Pcmcia (4fc31e6c19a5ce5198b1abff94cae758) C:\WINDOWS\system32\drivers\Pcmcia.sys
18:54:55.0218 3744 Pcmcia - ok
18:54:55.0265 3744 Pcouffin (cd2425fd848e5fa09c9a213da56817a9) C:\WINDOWS\system32\Drivers\Pcouffin.sys
18:54:55.0265 3744 Pcouffin - ok
18:54:55.0296 3744 PDCOMP - ok
18:54:55.0328 3744 PDFRAME - ok
18:54:55.0359 3744 PDRELI - ok
18:54:55.0390 3744 PDRFRAME - ok
18:54:55.0421 3744 perc2 - ok
18:54:55.0453 3744 perc2hib - ok
18:54:55.0562 3744 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
18:54:55.0562 3744 PptpMiniport - ok
18:54:55.0609 3744 PQNTDrv (4228630829c0e521c43d882a00533374) C:\WINDOWS\system32\drivers\PQNTDrv.sys
18:54:55.0625 3744 PQNTDrv - ok
18:54:55.0656 3744 prohlp02 (150307b52807d0c493c605ab913038ad) C:\WINDOWS\system32\drivers\prohlp02.sys
18:54:55.0671 3744 prohlp02 - ok
18:54:55.0703 3744 prosync1 (f3471e7971ee62420451d958da635064) C:\WINDOWS\system32\drivers\prosync1.sys
18:54:55.0703 3744 prosync1 - ok
18:54:55.0750 3744 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
18:54:55.0765 3744 PSched - ok
18:54:55.0812 3744 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
18:54:55.0812 3744 Ptilink - ok
18:54:55.0859 3744 PxHelp20 (183ef96bcc2ec3d5294cb2c2c0ecbcd1) C:\WINDOWS\system32\Drivers\PxHelp20.sys
18:54:55.0859 3744 PxHelp20 - ok
18:54:55.0890 3744 ql1080 - ok
18:54:55.0921 3744 Ql10wnt - ok
18:54:55.0953 3744 ql12160 - ok
18:54:55.0984 3744 ql1240 - ok
18:54:56.0015 3744 ql1280 - ok
18:54:56.0062 3744 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
18:54:56.0062 3744 RasAcd - ok
18:54:56.0109 3744 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
18:54:56.0125 3744 Rasl2tp - ok
18:54:56.0156 3744 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
18:54:56.0171 3744 RasPppoe - ok
18:54:56.0203 3744 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
18:54:56.0203 3744 Raspti - ok
18:54:56.0234 3744 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
18:54:56.0250 3744 Rdbss - ok
18:54:56.0281 3744 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
18:54:56.0296 3744 RDPCDD - ok
18:54:56.0343 3744 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
18:54:56.0343 3744 rdpdr - ok
18:54:56.0406 3744 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
18:54:56.0421 3744 RDPWD - ok
18:54:56.0468 3744 RecAgent (e9aaa0092d74a9d371659c4c38882e12) C:\WINDOWS\system32\DRIVERS\RecAgent.sys
18:54:56.0484 3744 RecAgent - ok
18:54:56.0562 3744 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
18:54:56.0578 3744 rtl8139 - ok
18:54:56.0656 3744 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
18:54:56.0671 3744 Secdrv - ok
18:54:56.0718 3744 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
18:54:56.0718 3744 serenum - ok
18:54:56.0796 3744 sfhlp01 (462aee0ea0481ea8bd45cac876a4ccc4) C:\WINDOWS\system32\drivers\sfhlp01.sys
18:54:56.0796 3744 sfhlp01 - ok
18:54:56.0843 3744 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
18:54:56.0843 3744 Sfloppy - ok
18:54:56.0890 3744 Simbad - ok
18:54:56.0937 3744 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
18:54:56.0937 3744 SLIP - ok
18:54:56.0984 3744 Slntamr (2c1779c0feb1f4a6033600305eba623a) C:\WINDOWS\system32\DRIVERS\slntamr.sys
18:54:57.0015 3744 Slntamr - ok
18:54:57.0046 3744 SlNtHal (f9b8e30e82ee95cf3e1d3e495599b99c) C:\WINDOWS\system32\DRIVERS\Slnthal.sys
18:54:57.0062 3744 SlNtHal - ok
18:54:57.0093 3744 SlWdmSup (db56bb2c55723815cf549d7fc50cfceb) C:\WINDOWS\system32\DRIVERS\SlWdmSup.sys
18:54:57.0109 3744 SlWdmSup - ok
18:54:57.0140 3744 Sparrow - ok
18:54:57.0187 3744 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
18:54:57.0187 3744 splitter - ok
18:54:57.0234 3744 sr (94610c8653635e4459316a0050d55ce7) C:\WINDOWS\system32\DRIVERS\sr.sys
18:54:57.0250 3744 sr - ok
18:54:57.0328 3744 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
18:54:57.0343 3744 Srv - ok
18:54:57.0390 3744 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
18:54:57.0390 3744 streamip - ok
18:54:57.0421 3744 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
18:54:57.0437 3744 swenum - ok
18:54:57.0468 3744 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
18:54:57.0468 3744 swmidi - ok
18:54:57.0531 3744 symc810 - ok
18:54:57.0562 3744 symc8xx - ok
18:54:57.0593 3744 sym_hi - ok
18:54:57.0625 3744 sym_u3 - ok
18:54:57.0656 3744 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
18:54:57.0656 3744 sysaudio - ok
18:54:57.0734 3744 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
18:54:57.0765 3744 Tcpip - ok
18:54:57.0796 3744 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
18:54:57.0796 3744 TDPIPE - ok
18:54:57.0843 3744 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
18:54:57.0843 3744 TDTCP - ok
18:54:57.0890 3744 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
18:54:57.0890 3744 TermDD - ok
18:54:57.0953 3744 TosIde - ok
18:54:58.0031 3744 TrueSight (f69641efdb19acb4753b0155f7fdeed5) c:\windows\system32\drivers\TrueSight.sys
18:54:58.0031 3744 TrueSight - ok
18:54:58.0078 3744 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
18:54:58.0093 3744 Udfs - ok
18:54:58.0125 3744 ultra - ok
18:54:58.0187 3744 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
18:54:58.0203 3744 Update - ok
18:54:58.0265 3744 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
18:54:58.0265 3744 usbccgp - ok
18:54:58.0312 3744 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
18:54:58.0312 3744 usbehci - ok
18:54:58.0359 3744 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
18:54:58.0375 3744 usbhub - ok
18:54:58.0421 3744 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
18:54:58.0437 3744 usbohci - ok
18:54:58.0468 3744 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
18:54:58.0484 3744 usbprint - ok
18:54:58.0531 3744 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
18:54:58.0531 3744 usbscan - ok
18:54:58.0562 3744 usbser (1c888b000c2f9492f4b15b5b6b84873e) C:\WINDOWS\system32\DRIVERS\usbser.sys
18:54:58.0578 3744 usbser - ok
18:54:58.0609 3744 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
18:54:58.0609 3744 USBSTOR - ok
18:54:58.0656 3744 usb_rndisx (b6cc50279d6cd28e090a5d33244adc9a) C:\WINDOWS\system32\DRIVERS\usb8023x.sys
18:54:58.0671 3744 usb_rndisx - ok
18:54:58.0703 3744 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
18:54:58.0703 3744 VgaSave - ok
18:54:58.0734 3744 ViaIde - ok
18:54:58.0781 3744 VolSnap (28a4b296b47782173c346e376cb374d1) C:\WINDOWS\system32\drivers\VolSnap.sys
18:54:58.0781 3744 VolSnap - ok
18:54:58.0843 3744 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
18:54:58.0859 3744 Wanarp - ok
18:54:58.0875 3744 WDICA - ok
18:54:58.0921 3744 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
18:54:58.0937 3744 wdmaud - ok
18:54:59.0000 3744 WIBUKEY (afcea7939925378f867dde6af76f3924) C:\WINDOWS\system32\DRIVERS\WibuKey.sys
18:54:59.0015 3744 WIBUKEY - ok
18:54:59.0156 3744 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
18:54:59.0156 3744 WS2IFSL - ok
18:54:59.0203 3744 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
18:54:59.0203 3744 WSTCODEC - ok
18:54:59.0281 3744 xmasbus (c38479487659fb973db8ecccd1783c50) C:\WINDOWS\system32\DRIVERS\xmasbus.sys
18:54:59.0281 3744 xmasbus - ok
18:54:59.0312 3744 xmasscsi (4059ad5e639fa47e334304cbe82e9572) C:\WINDOWS\system32\Drivers\xmasscsi.sys
18:54:59.0328 3744 xmasscsi - ok
18:54:59.0390 3744 ZD1211U(OvisLink) (748ebbf816261873307695d02989e78a) C:\WINDOWS\system32\DRIVERS\zd1211u.sys
18:54:59.0421 3744 ZD1211U(OvisLink) - ok
18:54:59.0468 3744 ZDPNDIS5 (29c917279d79848b3dd94909fc00e2a8) C:\WINDOWS\system32\ZDPNDIS5.SYS
18:54:59.0484 3744 ZDPNDIS5 - ok
18:54:59.0578 3744 MBR (0x1B8) (413fc2a0c716421b3158746d63736515) \Device\Harddisk0\DR0
18:54:59.0671 3744 \Device\Harddisk0\DR0 - ok
18:54:59.0687 3744 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR5
18:55:04.0156 3744 \Device\Harddisk1\DR5 - ok
18:55:04.0171 3744 Boot (0x1200) (edb00e7976b2b685096a320ec61bcbce) \Device\Harddisk0\DR0\Partition0
18:55:04.0171 3744 \Device\Harddisk0\DR0\Partition0 - ok
18:55:04.0203 3744 Boot (0x1200) (82f6c85d4ff7cf41d916c4d0779f3e11) \Device\Harddisk0\DR0\Partition1
18:55:04.0203 3744 \Device\Harddisk0\DR0\Partition1 - ok
18:55:04.0218 3744 Boot (0x1200) (0521746086083ef4ae3394eb756d8c3e) \Device\Harddisk1\DR5\Partition0
18:55:04.0218 3744 \Device\Harddisk1\DR5\Partition0 - ok
18:55:04.0218 3744 ============================================================
18:55:04.0218 3744 Scan finished
18:55:04.0218 3744 ============================================================
18:55:04.0250 3736 Detected object count: 0
18:55:04.0250 3736 Actual detected object count: 0
18:55:12.0484 3696 Deinitialize success

19:00:47.0296 2772 TDSS rootkit removing tool 2.7.5.0 Jan 18 2012 09:26:24
19:00:47.0343 2772 ============================================================
19:00:47.0343 2772 Current date / time: 2012/01/19 19:00:47.0343
19:00:47.0343 2772 SystemInfo:
19:00:47.0343 2772
19:00:47.0343 2772 OS Version: 5.1.2600 ServicePack: 3.0
19:00:47.0343 2772 Product type: Workstation
19:00:47.0343 2772 ComputerName: CERNA-DIRA07
19:00:47.0343 2772 UserName: Tobi
19:00:47.0343 2772 Windows directory: C:\WINDOWS
19:00:47.0343 2772 System windows directory: C:\WINDOWS
19:00:47.0343 2772 Processor architecture: Intel x86
19:00:47.0343 2772 Number of processors: 1
19:00:47.0343 2772 Page size: 0x1000
19:00:47.0343 2772 Boot type: Normal boot
19:00:47.0343 2772 ============================================================
19:00:48.0140 2772 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
19:00:48.0140 2772 Drive \Device\Harddisk1\DR5 - Size: 0xF1800000 (3.77 Gb), SectorSize: 0x200, Cylinders: 0x1EC, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
19:00:48.0265 2772 Initialize success
19:00:53.0859 2768 Deinitialize success

RogueKiller V6.2.4 [01/12/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/fi ... guekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: Tobi [Admin rights]
Mode: Remove -- Date : 01/21/2012 10:53:01

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 6 ¤¤¤
[SUSP PATH] HKCU\[...]\Run : Spyware Doctor (C:\Documents and Settings\Tobi\Plocha\sdsetup_revwire207[1].exe -min) -> DELETED
[SUSP PATH] _uninst_87978010.lnk : C:\Documents and Settings\Tobi\Local Settings\Temp\_uninst_87978010.bat -> DELETED
[PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (219.93.174.108:553) -> NOT REMOVED, USE PROXYFIX
[DNS] HKLM\[...]\ControlSet001\Parameters\Interfaces\{724F97BB-5BE7-4E0F-A164-823B131CE347} : NameServer (212.158.128.2,212.158.128.3) -> NOT REMOVED, USE DNSFIX
[DNS] HKLM\[...]\ControlSet003\Parameters\Interfaces\{724F97BB-5BE7-4E0F-A164-823B131CE347} : NameServer (212.158.128.2,212.158.128.3) -> NOT REMOVED, USE DNSFIX
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [LOADED] ¤¤¤

¤¤¤ Infection : ZeroAccess ¤¤¤
[ZeroAccess] (LOCKED) windir\NtUpdateKBxxxx present!

¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: +++++
--- User ---
[MBR] 3272c7ebfa7a61b8aaa974765e9b6d54
[BSP] c21399dcc2413c7f81cfdaea07eba051 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS [VISIBLE] Offset (sectors): 63 | Size: 14155 Mo
1 - [XXXXXX] UNKNW [VISIBLE] Offset (sectors): 27647865 | Size: 235901 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

+++++ PhysicalDrive1: +++++
--- User ---
[MBR] 566e4ce2aaab807a903a45caea1d6724
[BSP] 33a07a59d299ab4ea9f4ab0156f9d86f : Windows XP MBR Code
Partition table:
0 - [ACTIVE] FAT32 [VISIBLE] Offset (sectors): 63 | Size: 4051 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[3].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt



RogueKiller V6.2.4 [01/12/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/fi ... guekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: Tobi [Admin rights]
Mode: HOSTSFix -- Date : 01/21/2012 10:54:50

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Driver: [LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 localhost


¤¤¤ Resetted HOSTS: ¤¤¤
127.0.0.1 localhost

Finished : << RKreport[4].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt



RogueKiller V6.2.4 [01/12/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/fi ... guekiller/
Blog: http://tigzyrk.blogspot.com


Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: Tobi [Admin rights]
Mode: ProxyFix -- Date : 01/21/2012 10:55:30

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Driver: [LOADED] ¤¤¤

¤¤¤ Registry Entries: 1 ¤¤¤
[PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (219.93.174.108:553) -> DELETED

Finished : << RKreport[5].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt ; RKreport[5].txt

PROSIM CTETE DUKLADNE NAVOD - TATO UTILITA MA VELKOU SCHOPNOST MAZAT A JE NUTNE JI APLIKOVAT JEN NA DOPORUCENI, JINAK VAM MUZE JIT SYSTEM DO KYTEK
Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe

• Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.
• Pokud mate Win XP spustte pod uctem Spravce\Administratora
• Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
• Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
• Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
• Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
• Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
• Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte
• Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix

tak combofix spusten, byl problem s vypnutim Avastu - podarilo se jen pozastavit sluzby. Dale kvuli zablokovani sitove karty nemohla byt nainstalovana konzole prpo zotaveni.
po nekolika restartech doslo k dokonceni prace CF

sitovka uz pracuje

priladam log

ComboFix 12-01-21.01 - Tobi 21.01.2012 21:31:20.1.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.511.272 [GMT 1:00]
Spuštěný z: g:\viry\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Tobi\Local Settings\Data aplikací\83da8487\U\000000cf.@
c:\documents and settings\Tobi\WINDOWS
c:\windows\$NtUninstallKB63650$\1098990024
c:\windows\msmqinst.log
c:\windows\system32\SE26bus.dll
D:\install.exe
.
c:\windows\system32\drivers\afd.sys chyběl.
Obnovena kopie z - c:\windows\system32\dllcache\afd.sys
.
c:\windows\system32\drivers\netbt.sys chyběl.
Obnovena kopie z - c:\windows\ServicePackFiles\i386\netbt.sys
.
c:\windows\system32\drivers\Serial.sys chyběl.
Obnovena kopie z - c:\windows\ServicePackFiles\i386\serial.sys
.
c:\windows\system32\drivers\i8042prt.sys chyběl.
Obnovena kopie z - c:\windows\ServicePackFiles\i386\i8042prt.sys
.
c:\windows\system32\drivers\ipsec.sys chyběl.
Obnovena kopie z - c:\windows\ServicePackFiles\i386\ipsec.sys
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_.afd
-------\Service_.i8042prt
-------\Service_.ipsec
-------\Service_.mrxsmb
-------\Service_.netbt
-------\Service_.serial
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-12-21 do 2012-01-21 )))))))))))))))))))))))))))))))
.
.
2012-01-21 20:44 . 2008-04-13 19:19 75264 -c--a-w- c:\windows\system32\dllcache\ipsec.sys
2012-01-21 20:44 . 2008-04-13 19:19 75264 ----a-w- c:\windows\system32\drivers\ipsec.sys
2012-01-21 20:44 . 2008-04-14 02:21 52096 -c--a-w- c:\windows\system32\dllcache\i8042prt.sys
2012-01-21 20:44 . 2008-04-14 02:21 52096 ----a-w- c:\windows\system32\drivers\i8042prt.sys
2012-01-21 20:44 . 2008-04-14 02:21 64256 -c--a-w- c:\windows\system32\dllcache\serial.sys
2012-01-21 20:44 . 2008-04-14 02:21 64256 ----a-w- c:\windows\system32\drivers\Serial.sys
2012-01-21 20:44 . 2008-04-13 19:21 162816 -c--a-w- c:\windows\system32\dllcache\netbt.sys
2012-01-21 20:44 . 2008-04-13 19:21 162816 ----a-w- c:\windows\system32\drivers\netbt.sys
2012-01-21 20:44 . 2011-08-17 13:49 138496 -c--a-w- c:\windows\system32\dllcache\afd.sys
2012-01-21 20:44 . 2011-08-17 13:49 138496 ----a-w- c:\windows\system32\drivers\afd.sys
2012-01-21 09:51 . 2012-01-19 12:10 2054448 ----a-w- C:\TDSSKiller.exe
2012-01-19 17:53 . 2012-01-19 17:53 -------- d-----w- c:\program files\trend micro
2012-01-19 17:53 . 2012-01-19 17:53 -------- d-----w- C:\rsit
2012-01-19 17:51 . 2012-01-21 09:55 111872 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2012-01-16 20:33 . 2012-01-16 20:33 -------- d-----w- c:\documents and settings\All Users\Data aplikací\TEMP
2012-01-16 20:31 . 2012-01-16 20:31 -------- d-----w- c:\documents and settings\All Users\Data aplikací\PC Tools
2012-01-16 19:23 . 2012-01-18 06:48 0 --sha-w- c:\windows\system32\dds_log_trash.cmd
2012-01-16 19:06 . 2012-01-17 18:26 -------- d-sh--w- c:\documents and settings\Tobi\Local Settings\Data aplikací\83da8487
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-17 11:52 . 2011-12-19 07:57 151552 ----a-w- c:\windows\KMSEmulator.exe
2011-11-28 18:01 . 2010-08-09 16:25 41184 ----a-w- c:\windows\avastSS.scr
2011-11-28 18:01 . 2010-08-09 16:25 199816 ----a-w- c:\windows\system32\aswBoot.exe
2011-11-28 17:53 . 2011-03-21 19:41 435032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-11-28 17:53 . 2010-08-09 16:25 314456 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-11-28 17:52 . 2010-08-09 16:25 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-11-28 17:52 . 2010-08-09 16:25 52952 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-11-28 17:52 . 2010-08-09 16:25 111320 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-11-28 17:51 . 2010-08-09 16:25 105176 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-11-28 17:51 . 2010-08-09 16:25 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-11-28 17:48 . 2010-08-09 16:25 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-11-25 21:57 . 2004-08-17 15:49 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-11-23 14:40 . 2004-08-17 15:44 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-20 06:12 . 2004-08-17 15:49 60416 ----a-w- c:\windows\system32\packager.exe
2011-11-04 19:13 . 2004-08-17 15:49 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-11-04 19:13 . 2004-08-17 15:49 916992 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 19:13 . 2004-08-17 15:49 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-11-04 11:23 . 2004-08-17 15:44 385024 ----a-w- c:\windows\system32\html.iec
2011-11-03 15:29 . 2004-08-17 15:49 386560 ----a-w- c:\windows\system32\qdvd.dll
2011-11-03 15:29 . 2004-08-17 15:49 1294848 ----a-w- c:\windows\system32\quartz.dll
2011-11-01 16:07 . 2004-08-17 15:49 1288192 ----a-w- c:\windows\system32\ole32.dll
2011-10-28 05:32 . 2004-08-17 15:49 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-26 10:50 . 2004-08-17 15:45 2194944 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-10-26 10:50 . 2004-08-17 15:45 2071552 ----a-w- c:\windows\system32\ntkrnlpa.exe
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-11-28 18:01 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Advanced SystemCare 4"="c:\program files\IObit\Advanced SystemCare 4\ASCTray.exe" [2011-05-28 412560]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-25 339968]
"SoundMan"="SOUNDMAN.EXE" [2006-01-11 577536]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"avast"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2011-11-28 3744552]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
"BCSSync"="d:\programky\Office14\BCSSync.exe" [2010-03-13 91520]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0smrgdf c:\program files\iolo\System Mechanic Professional 6\
.
[HKLM\~\startupfolder\C:^Documents and Settings^Tobi^Nabídka Start^Programy^Po spuštění^OpenOffice.org 2.0.lnk]
path=c:\documents and settings\Tobi\Nabídka Start\Programy\Po spuštění\OpenOffice.org 2.0.lnk
backup=c:\windows\pss\OpenOffice.org 2.0.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 08:50 155648 -c--a-w- c:\windows\system32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE2]
2003-05-08 11:00 49152 -c--a-w- c:\program files\ScanSoft\OmniPageSE2.0\opwareSE2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\PROGRAMKY\\strong dc\\StrongDC.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Azureus\\Azureus.exe"=
"c:\\Program Files\\FileZilla FTP Client\\filezilla.exe"=
"d:\\PROGRAMKY\\Archicad13\\ArchiCAD.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Vzdálená správa systému Windows
.
R0 xmasbus;xmasbus;c:\windows\system32\drivers\xmasbus.sys [11.3.2006 13:46 141184]
R0 xmasscsi;xmasscsi;c:\windows\system32\drivers\xmasscsi.sys [11.3.2006 13:46 5248]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [21.3.2011 20:41 435032]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [9.8.2010 17:25 314456]
R1 GhPciScan;GhostPciScanner;c:\program files\Symantec\Norton Ghost 2003\GhPciScan.sys [14.8.2002 15:11 5632]
R2 AdvancedSystemCareService;Advanced SystemCare Service;c:\program files\IObit\Advanced SystemCare 4\ASCService.exe [15.5.2011 13:41 353168]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [9.8.2010 17:25 20568]
R2 HNetInfo FTP Server;HNetInfo FTP Server;c:\program files\HNetInfo2\HServer\startsrv.exe [20.11.2004 20:22 57344]
R3 Pcouffin;Low level access layer for CD devices;c:\windows\system32\drivers\Pcouffin.sys [29.4.2006 15:53 47360]
S3 ATICDSDr;ATICDSDr;c:\program files\ATI Technologies\ATI Control Panel\atiicdxx.sys [11.3.2006 12:50 5376]
S3 kvpndev;Kerio VPN adapter;c:\windows\system32\drivers\kvpndrv.sys [11.3.2006 13:47 66048]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [9.1.2010 21:37 4640000]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [17.8.2004 16:49 14336]
S3 ZD1211U(OvisLink);OvisLink WL-5480USB WLAN USB Driver(OvisLink);c:\windows\system32\drivers\ZD1211U.sys [28.4.2006 18:04 247296]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
WINRM REG_MULTI_SZ WINRM
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ofcservice
.
Obsah adresáře 'Naplánované úlohy'
.
2012-01-21 c:\windows\Tasks\ASC4_PerformanceMonitor.job
- c:\program files\IObit\Advanced SystemCare 4\PMonitor.exe [2011-05-15 12:46]
.
.
------- Doplňkový sken -------
.
IE: E&xportovat do aplikace Microsoft Excel - d:\progra~2\Office14\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{724F97BB-5BE7-4E0F-A164-823B131CE347}: NameServer = 212.158.128.2,212.158.128.3
FF - ProfilePath - c:\documents and settings\Tobi\Data aplikací\Mozilla\Firefox\Profiles\9ssd5uko.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.cz/
FF - prefs.js: network.proxy.type - 4
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: 602XML Filler: xmlfiller@software602.cz - c:\program files\Mozilla Firefox\extensions\xmlfiller@software602.cz
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Forecastfox: {0538E3E3-7E9B-4d49-8831-A227C80A7AD3} - %profile%\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
FF - Ext: Image Zoom: {1A2D0EC4-75F5-4c91-89C4-3656F6E44B68} - %profile%\extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}
FF - Ext: PDF Download: {37E4D8EA-8BDA-4831-8EA1-89053939A250} - %profile%\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}
FF - Ext: EditCSS: {A0A87DB2-80BA-493a-B22F-FAFBAEA3E0A2} - %profile%\extensions\{A0A87DB2-80BA-493a-B22F-FAFBAEA3E0A2}
FF - Ext: Curacao: {cc6ef5ab-35be-4300-bd07-d12850fc97ff} - %profile%\extensions\{cc6ef5ab-35be-4300-bd07-d12850fc97ff}
FF - Ext: Image Toolbar: {A4732521-77D9-447E-A557-B279AC923F06} - %profile%\extensions\{A4732521-77D9-447E-A557-B279AC923F06}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: 602XML Filler: xmlfiller@software602.cz - %profile%\extensions\xmlfiller@software602.cz
FF - Ext: 20-20 3D Viewer - IKEA: 2020Player_IKEA@2020Technologies.com - %profile%\extensions\2020Player_IKEA@2020Technologies.com
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: avast! WebRep: wrc@avast.com - c:\program files\Alwil Software\Avast5\WebRep\FF
.
.
------- Asociace souborů -------
.
JSEFile=NOTEPAD.EXE %1
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
MSConfigStartUp-ioloDelayModule - c:\program files\iolo\System Mechanic Professional 6\delay.exe
MSConfigStartUp-RemoteControl - c:\program files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
AddRemove-StrongDC++ - d:\programky\strong dc\StrongDC++\uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-01-21 21:52
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
.
c:\windows\$NtUninstallKB63650$:SummaryInformation 0 bytes hidden from API
c:\windows\TEMP\_asw_aisI.tm~a01524\onefile 0 bytes
.
sken byl úspešně dokončen
skryté soubory: 2
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\.meiudf]
"ImagePath"="\?"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\.prodrv06]
"ImagePath"="\?"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(532)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(2936)
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\DVDRAMSV.exe
c:\program files\Symantec\Norton Ghost 2003\GhostStartService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\windows\system32\wdfmgr.exe
c:\windows\SOUNDMAN.EXE
c:\program files\Alwil Software\Avast5\setup\avast.setup
.
**************************************************************************
.
Celkový čas: 2012-01-21 21:57:01 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-01-21 20:56
.
Před spuštěním: 863 649 792
Po spuštění: 813 125 632
.
- - End Of File - - 687553090B6EB6C212C083A5B6F83607

Odinstalujte Advanced SystemCare 5 a nasledne i vse od IOBit - jsou to cinske smejdy a spise jen skodi nez jsou uzitkem. Hledaji nesmyslne a neexistujici problemy, databazi haveti ukradli jine renomovane spolecnosti

Uvolnete volne misto na disku alespon na 3 giga, system se dusi

Stahnete si instalacku Recovery Konzole odsud http://vyosek.ic.cz/pro_usery/rc.exe a ulozte ji primo na disk c:\ tak at neni v zadne slozce - je to nutne, pac na ni odkazuje skript

Klik na kouli Avastu pravym - Ovladani stitu - pozastavit do restartu

Pokud nemate, tak presunte Combofix na plochu

• Spustte poznamkovy blok (Start-spustit-notepad)
• Zkopirujte skript nize

• Kód: Vybrat vše

  KillAll::
  
  RecoveryConsole::
  c:\rc.exe
  
  Folder::
  c:\documents and settings\Tobi\Local Settings\Data aplikací\83da8487
  c:\program files\IObit
  c:\windows\$NtUninstallKB63650$
  
  File::
  c:\windows\Tasks\ASC4_PerformanceMonitor.job
  
  Collect::
  c:\windows\KMSEmulator.exe
  
  Driver::
  ofcservice
  .meiudf
  .prodrv06
  
  NetSvc::
  ofcservice
  
  Registry::
  [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "Advanced SystemCare 4"=-
  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "SunJavaUpdateSched"=-
  "Adobe ARM"=-
  "QuickTime Task"=-
  [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
  [HKEY_LOCAL_MACHINE\software\microsoft\security center]
  "AntiVirusOverride"=dword:00000000
  [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
  "5985:TCP"=-
  
  ClearJavaCache::
  
  Reboot::

• Ulozte vytvoreny TXT jako CFScript.txt
• Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
  
• Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte

Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci

posílám poslední log, po restartu už není vyžadován check disc. Klávesnice stále nefunguje

ComboFix 12-01-21.02 - Tobi 21.01.2012 23:42:25.2.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.511.237 [GMT 1:00]
Spuštěný z: g:\viry\ComboFix.exe
Použité ovládací přepínače :: g:\viry\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
FILE ::
"c:\windows\Tasks\ASC4_PerformanceMonitor.job"
.
file zipped: c:\windows\KMSEmulator.exe
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\$NtUninstallKB63650$
c:\windows\$NtUninstallKB63650$\2618239464
c:\windows\msmqinst.log
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_OFCSERVICE
-------\Service_.meiudf
-------\Service_.prodrv06
-------\Service_ofcservice
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-12-21 do 2012-01-21 )))))))))))))))))))))))))))))))
.
.
2012-01-21 22:22 . 2012-01-21 21:27 4631272 ----a-w- C:\rc.exe
2012-01-21 20:44 . 2008-04-13 19:19 75264 -c--a-w- c:\windows\system32\dllcache\ipsec.sys
2012-01-21 20:44 . 2008-04-13 19:19 75264 ----a-w- c:\windows\system32\drivers\ipsec.sys
2012-01-21 20:44 . 2008-04-14 02:21 52096 -c--a-w- c:\windows\system32\dllcache\i8042prt.sys
2012-01-21 20:44 . 2008-04-14 02:21 52096 ----a-w- c:\windows\system32\drivers\i8042prt.sys
2012-01-21 20:44 . 2008-04-14 02:21 64256 -c--a-w- c:\windows\system32\dllcache\serial.sys
2012-01-21 20:44 . 2008-04-14 02:21 64256 ----a-w- c:\windows\system32\drivers\Serial.sys
2012-01-21 20:44 . 2008-04-13 19:21 162816 -c--a-w- c:\windows\system32\dllcache\netbt.sys
2012-01-21 20:44 . 2008-04-13 19:21 162816 ----a-w- c:\windows\system32\drivers\netbt.sys
2012-01-21 20:44 . 2011-08-17 13:49 138496 -c--a-w- c:\windows\system32\dllcache\afd.sys
2012-01-21 20:44 . 2011-08-17 13:49 138496 ----a-w- c:\windows\system32\drivers\afd.sys
2012-01-21 09:51 . 2012-01-19 12:10 2054448 ----a-w- C:\TDSSKiller.exe
2012-01-19 17:53 . 2012-01-19 17:53 -------- d-----w- c:\program files\trend micro
2012-01-19 17:53 . 2012-01-19 17:53 -------- d-----w- C:\rsit
2012-01-19 17:51 . 2012-01-21 09:55 111872 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2012-01-16 20:33 . 2012-01-16 20:33 -------- d-----w- c:\documents and settings\All Users\Data aplikací\TEMP
2012-01-16 20:31 . 2012-01-16 20:31 -------- d-----w- c:\documents and settings\All Users\Data aplikací\PC Tools
2012-01-16 19:23 . 2012-01-18 06:48 0 --sha-w- c:\windows\system32\dds_log_trash.cmd
2012-01-16 19:06 . 2012-01-17 18:26 -------- d-sh--w- c:\documents and settings\Tobi\Local Settings\Data aplikací\83da8487
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-17 11:52 . 2011-12-19 07:57 151552 ----a-w- c:\windows\KMSEmulator.exe
2011-11-28 18:01 . 2010-08-09 16:25 41184 ----a-w- c:\windows\avastSS.scr
2011-11-28 18:01 . 2010-08-09 16:25 199816 ----a-w- c:\windows\system32\aswBoot.exe
2011-11-28 17:53 . 2011-03-21 19:41 435032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-11-28 17:53 . 2010-08-09 16:25 314456 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-11-28 17:52 . 2010-08-09 16:25 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-11-28 17:52 . 2010-08-09 16:25 52952 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-11-28 17:52 . 2010-08-09 16:25 111320 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-11-28 17:51 . 2010-08-09 16:25 105176 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-11-28 17:51 . 2010-08-09 16:25 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-11-28 17:48 . 2010-08-09 16:25 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-11-25 21:57 . 2004-08-17 15:49 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-11-23 14:40 . 2004-08-17 15:44 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-20 06:12 . 2004-08-17 15:49 60416 ----a-w- c:\windows\system32\packager.exe
2011-11-04 19:13 . 2004-08-17 15:49 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-11-04 19:13 . 2004-08-17 15:49 916992 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 19:13 . 2004-08-17 15:49 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-11-04 11:23 . 2004-08-17 15:44 385024 ----a-w- c:\windows\system32\html.iec
2011-11-03 15:29 . 2004-08-17 15:49 386560 ----a-w- c:\windows\system32\qdvd.dll
2011-11-03 15:29 . 2004-08-17 15:49 1294848 ----a-w- c:\windows\system32\quartz.dll
2011-11-01 16:07 . 2004-08-17 15:49 1288192 ----a-w- c:\windows\system32\ole32.dll
2011-10-28 05:32 . 2004-08-17 15:49 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-26 10:50 . 2004-08-17 15:45 2194944 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-10-26 10:50 . 2004-08-17 15:45 2071552 ----a-w- c:\windows\system32\ntkrnlpa.exe
.
.
((((((((((((((((((((((((((((( SnapShot@2012-01-21_20.51.29 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-01-21 22:54 . 2012-01-21 22:54 16384 c:\windows\Temp\Perflib_Perfdata_7f4.dat
+ 2006-03-11 12:51 . 2008-04-13 19:45 26112 c:\windows\system32\drivers\usbser.sys
- 2006-03-11 12:51 . 2008-04-13 18:45 26112 c:\windows\system32\drivers\usbser.sys
+ 2006-03-11 12:51 . 2008-04-13 19:45 26112 c:\windows\system32\dllcache\usbser.sys
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-11-28 18:01 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-25 339968]
"SoundMan"="SOUNDMAN.EXE" [2006-01-11 577536]
"avast"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2011-11-28 3744552]
"BCSSync"="d:\programky\Office14\BCSSync.exe" [2010-03-13 91520]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0smrgdf c:\program files\iolo\System Mechanic Professional 6\
.
[HKLM\~\startupfolder\C:^Documents and Settings^Tobi^Nabídka Start^Programy^Po spuštění^OpenOffice.org 2.0.lnk]
path=c:\documents and settings\Tobi\Nabídka Start\Programy\Po spuštění\OpenOffice.org 2.0.lnk
backup=c:\windows\pss\OpenOffice.org 2.0.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE2]
2003-05-08 11:00 49152 -c--a-w- c:\program files\ScanSoft\OmniPageSE2.0\opwareSE2.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\PROGRAMKY\\strong dc\\StrongDC.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Azureus\\Azureus.exe"=
"c:\\Program Files\\FileZilla FTP Client\\filezilla.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
.
R0 xmasbus;xmasbus;c:\windows\system32\drivers\xmasbus.sys [11.3.2006 13:46 141184]
R0 xmasscsi;xmasscsi;c:\windows\system32\drivers\xmasscsi.sys [11.3.2006 13:46 5248]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [21.3.2011 20:41 435032]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [9.8.2010 17:25 314456]
R1 GhPciScan;GhostPciScanner;c:\program files\Symantec\Norton Ghost 2003\GhPciScan.sys [14.8.2002 15:11 5632]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [9.8.2010 17:25 20568]
R2 HNetInfo FTP Server;HNetInfo FTP Server;c:\program files\HNetInfo2\HServer\startsrv.exe [20.11.2004 20:22 57344]
R3 Pcouffin;Low level access layer for CD devices;c:\windows\system32\drivers\Pcouffin.sys [29.4.2006 15:53 47360]
S3 ATICDSDr;ATICDSDr;c:\program files\ATI Technologies\ATI Control Panel\atiicdxx.sys [11.3.2006 12:50 5376]
S3 kvpndev;Kerio VPN adapter;c:\windows\system32\drivers\kvpndrv.sys [11.3.2006 13:47 66048]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [9.1.2010 21:37 4640000]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [17.8.2004 16:49 14336]
S3 ZD1211U(OvisLink);OvisLink WL-5480USB WLAN USB Driver(OvisLink);c:\windows\system32\drivers\ZD1211U.sys [28.4.2006 18:04 247296]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
WINRM REG_MULTI_SZ WINRM
.
Obsah adresáře 'Naplánované úlohy'
.
.
------- Doplňkový sken -------
.
IE: E&xportovat do aplikace Microsoft Excel - d:\progra~2\Office14\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{724F97BB-5BE7-4E0F-A164-823B131CE347}: NameServer = 212.158.128.2,212.158.128.3
FF - ProfilePath - c:\documents and settings\Tobi\Data aplikací\Mozilla\Firefox\Profiles\9ssd5uko.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.cz/
FF - prefs.js: network.proxy.type - 4
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: 602XML Filler: xmlfiller@software602.cz - c:\program files\Mozilla Firefox\extensions\xmlfiller@software602.cz
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Forecastfox: {0538E3E3-7E9B-4d49-8831-A227C80A7AD3} - %profile%\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
FF - Ext: Image Zoom: {1A2D0EC4-75F5-4c91-89C4-3656F6E44B68} - %profile%\extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}
FF - Ext: PDF Download: {37E4D8EA-8BDA-4831-8EA1-89053939A250} - %profile%\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}
FF - Ext: EditCSS: {A0A87DB2-80BA-493a-B22F-FAFBAEA3E0A2} - %profile%\extensions\{A0A87DB2-80BA-493a-B22F-FAFBAEA3E0A2}
FF - Ext: Curacao: {cc6ef5ab-35be-4300-bd07-d12850fc97ff} - %profile%\extensions\{cc6ef5ab-35be-4300-bd07-d12850fc97ff}
FF - Ext: Image Toolbar: {A4732521-77D9-447E-A557-B279AC923F06} - %profile%\extensions\{A4732521-77D9-447E-A557-B279AC923F06}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: 602XML Filler: xmlfiller@software602.cz - %profile%\extensions\xmlfiller@software602.cz
FF - Ext: 20-20 3D Viewer - IKEA: 2020Player_IKEA@2020Technologies.com - %profile%\extensions\2020Player_IKEA@2020Technologies.com
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: avast! WebRep: wrc@avast.com - c:\program files\Alwil Software\Avast5\WebRep\FF
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-01-21 23:56
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(520)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(2556)
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\DVDRAMSV.exe
c:\program files\Symantec\Norton Ghost 2003\GhostStartService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\windows\system32\wdfmgr.exe
c:\windows\SOUNDMAN.EXE
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Celkový čas: 2012-01-21 23:59:48 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-01-21 22:59
ComboFix2.txt 2012-01-21 20:57
.
Před spuštěním: 3 971 805 184
Po spuštění: 3 973 193 728
.
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 1B554F8CD2E31589FC2EA8368237533A

Pouzivate nejake multimedialni klavesnici? Pres to je pripojena - PS2 nebo USB

klavesnice je obycejna, stara pres PS2. sviti na ni LEDky ale nereaguje. prozatim pouizivam klavesnici ńa obrazovce v usnadneni.
zkusim doma pohledat jestli nemam nekde USB klavesnici, trab bude fungovat?

diky

Zkuste pripadne jinou klavesnici do PS2 ci do USB, at vyloucime, ze tahle je vadna...

Tak klávesnici jsme vyměnil, našel jsem novou také do PS2. Nefunguje stejně jako ta první. Svítí LED u Caps lock, není možné ji vypnout (klávesnice nereaguje na pokusy o přepnutí Caps Lock, Num lock, Scroll lock...

Nevíte co s tím?
Můžu zítra zkusit ještě klávesnici co mám v práci přes USB, ale tuším, že by to mohlo být stejné

Díky moc

Právě jsem se podíval do ovládacích panelů na kartu klávsnice (Win XP) a u stravu zařízení je napsáno:
Hardwarové zařízení nelze spustit, protože konfigurační informace (uložené v registru) jsou neúplné nebo poškozené. (kod 19).

Jak na to? pomůže instalační CD win XP - opravit systém?

Vyřešeno, ten prevít smazal konfigurační souboru ke klávesnici, optickým mechanikám a COm portům.

Myslíte, že PC už je čistý?

Děkuji moc za pomoc

Udelejte jeste sken pomoci AVPTool http://forum.viry.cz/viewtopic.php?f=29&t=58179