Pomaly start PC a ICQ rozesila ruské odkazy

[luki123]

Otestujte na http://www.virustotal.com
C:\WINDOWS\system32\DRIVERS\ndis.sys
C:\WINDOWS\system32\DRIVERS\ntoskrnl.exe

Používáte daemon nebo alcohol?

Stahněte dr. Web CureIt http://www.viry.cz/forum/viewtopic.php?f=29&t=47721
-udělejte sken , co najde nechte léčit, smazat
-sken může trvat několik hodin
-Soubor/Uložit výsledky - uložíte jako textovy soubor a zkopírujete zde

Alkohol používam
porogram Web Cureit mi pri konci skenu restartuje cely PC tak nemuzu zaslat text dokumet

[luki123]

Otestujte na http://www.virustotal.com
C:\WINDOWS\system32\DRIVERS\ndis.sys
C:\WINDOWS\system32\DRIVERS\ntoskrnl.exe

Používáte daemon nebo alcohol?

Stahněte dr. Web CureIt http://www.viry.cz/forum/viewtopic.php?f=29&t=47721
-udělejte sken , co najde nechte léčit, smazat
-sken může trvat několik hodin
-Soubor/Uložit výsledky - uložíte jako textovy soubor a zkopírujete zde

C:\WINDOWS\system32\DRIVERS\ndis.sys
http://www.virustotal.com/cs/analisis/8 ... 1263750557

soubor nemam na pozici C:\WINDOWS\system32\DRIVERS\ntoskrnl.exe ale C:\WINDOWS\system32
http://www.virustotal.com/cs/analisis/9 ... 1263750918

Alkohol pouzivam

Program Web Cureit mi pri konci skenu restartuje cely PC tak nemuzu zaslat text dokument

[motji]

Jak to vypadá s počítačem ted?

[luki123]

Jak to vypadá s počítačem ted?

PC najizdi porad stejne dlouho asi 2min k obrazovce VITEJTE
ICQ nevim spamy rozesila sporadicky ta uvidim

[motji]

U icq změnte heslo.

odinstalujte všechny virtuální jednotky (Daemon nebo alcohol)

Stáhněte SPTD http://www.duplexsecure.com/en/downloads
-vyberte verzi podle svého operačního systému. SPTD for Windows (32 bit) nebo (64b)
-uložte na plochu a spusťte
- zvolte možnost Uninstall
- restart PC
- spusťte gmer


Stáhněte Gmer http://www.viry.cz/forum/viewtopic.php?f=29&t=62878
- rozbalte a spusťte
-proběhne sken, po skončení se otevře okno s výsledky, kliknete na Save a tím si uložíte log,který sem vložíte

-Podle návodu v odkazu proveďte druhý sken a log sem také vložte.

stáhněte MBR
http://www2.gmer.net/mbr/mbr.exe
-uložte ho na plochu


start-spustit
do okénka zkopírujte

Kód: Vybrat vše

"%userprofile%\plocha\mbr" -t

ok

vytvoří se log s názvem mbr.log, vložte ho zde

[luki123]

U icq změnte heslo.

odinstalujte všechny virtuální jednotky (Daemon nebo alcohol)

Stáhněte SPTD http://www.duplexsecure.com/en/downloads
-vyberte verzi podle svého operačního systému. SPTD for Windows (32 bit) nebo (64b)
-uložte na plochu a spusťte
- zvolte možnost Uninstall
- restart PC
- spusťte gmer


Stáhněte Gmer http://www.viry.cz/forum/viewtopic.php?f=29&t=62878
- rozbalte a spusťte
-proběhne sken, po skončení se otevře okno s výsledky, kliknete na Save a tím si uložíte log,který sem vložíte

-Podle návodu v odkazu proveďte druhý sken a log sem také vložte.

stáhněte MBR
http://www2.gmer.net/mbr/mbr.exe
-uložte ho na plochu


start-spustit
do okénka zkopírujte

Kód: Vybrat vše

"%userprofile%\plocha\mbr" -t

ok

vytvoří se log s názvem mbr.log, vložte ho zde

ICQ heslo zmeneno
Alkohol odinstalovan
duplexsecure jsem spustil ale nejde zmacknout tlasitko Uninstall tak neprovedeno

Gmer Log 1

GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2010-01-18 11:53:58
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.14 ----

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwEnumerateKey [0xF4A49940]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwEnumerateValueKey [0xF4A499A8]

Code \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) FsRtlCheckLockForReadAccess
Code \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) IoIsOperationSynchronous

---- Devices - GMER 1.0.14 ----

AttachedDevice \Driver\Tcpip \Device\Ip kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
AttachedDevice \Driver\Tcpip \Device\Tcp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
AttachedDevice \Driver\Tcpip \Device\Udp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
AttachedDevice \Driver\Tcpip \Device\RawIp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)

---- Threads - GMER 1.0.14 ----

Thread 4:364 822CA170
Thread 4:368 822A8000
Thread 4:372 822A8000
Thread 4:376 822757E0
Thread 4:380 822757E0
Thread 4:388 822777D0
Thread 4:392 822777D0
Thread 4:396 822757E0
Thread 4:420 822A8000
Thread 4:580 822A8000
Thread 4:2188 81CB6190

---- EOF - GMER 1.0.14 ----


Gmer log 2

GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2010-01-18 12:01:57
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.14 ----

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwAdjustPrivilegesToken [0xF4A49A72]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwClose [0xF4A4A01E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwConnectPort [0xF4A4BA82]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwCreateFile [0xF4A4B438]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwCreateKey [0xF4A491E8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwCreateSymbolicLinkObject [0xF4A4D3E4]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwCreateThread [0xF4A49E1A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwDeleteKey [0xF4A4962A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwDeleteValueKey [0xF4A4982A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwDeviceIoControlFile [0xF4A4B744]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwDuplicateObject [0xF4A4D8F0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwEnumerateKey [0xF4A49940]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwEnumerateValueKey [0xF4A499A8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwFsControlFile [0xF4A4B5FA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwLoadDriver [0xF4A4CEA8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwOpenFile [0xF4A4B294]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwOpenKey [0xF4A4934A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwOpenProcess [0xF4A49C40]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwOpenSection [0xF4A4D40E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwOpenThread [0xF4A49B96]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwQueryKey [0xF4A49A10]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwQueryMultipleValueKey [0xF4A49714]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwQueryValueKey [0xF4A494F2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwQueueApcThread [0xF4A4D110]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwReplaceKey [0xF4A48E6A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwRequestWaitReplyPort [0xF4A4C30C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwRestoreKey [0xF4A48FCC]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwResumeThread [0xF4A4D7C0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwSaveKey [0xF4A48C68]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwSecureConnectPort [0xF4A4B924]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwSetContextThread [0xF4A49F18]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwSetSecurityObject [0xF4A4CFA2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwSetSystemInformation [0xF4A4D438]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwSetValueKey [0xF4A493A0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwSuspendProcess [0xF4A4D51C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwSuspendThread [0xF4A4D648]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwSystemDebugControl [0xF4A4CDD4]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwTerminateProcess [0xF4A49CEA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwWriteVirtualMemory [0xF4A49D5C]

Code \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) FsRtlCheckLockForReadAccess
Code \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) IoIsOperationSynchronous

---- Kernel code sections - GMER 1.0.14 ----

.text ntoskrnl.exe!_abnormal_termination + 443 804E3114 12 Bytes [ 1C, D5, A4, F4, 48, D6, A4, ... ]
.text ntoskrnl.exe!IoIsOperationSynchronous 804E8EBA 5 Bytes JMP F4A605A2 \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab)
.text ntoskrnl.exe!FsRtlCheckLockForReadAccess 804FDAF1 5 Bytes JMP F4A601E8 \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab)

---- User code sections - GMER 1.0.14 ----

? C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe[356] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
.text C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe[356] USER32.dll!VRipOutput + FFFA5010 77D32A78 4 Bytes [ 70, 11, 41, 35 ]
? C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe[1752] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
.text C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe[1752] USER32.dll!VRipOutput + FFFA5010 77D32A78 4 Bytes [ 70, 11, 41, 35 ]

---- Kernel IAT/EAT - GMER 1.0.14 ----

IAT \SystemRoot\System32\DRIVERS\tcpip.sys[ntoskrnl.exe!IoCreateDevice] 822676D0
IAT \SystemRoot\System32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] 822A1660
IAT \SystemRoot\System32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] 822A1070
IAT \SystemRoot\System32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] 822A1250
IAT \SystemRoot\System32\DRIVERS\tcpip.sys[TDI.SYS!TdiRegisterDeviceObject] 82267820
IAT \SystemRoot\System32\DRIVERS\sermouse.sys[ntoskrnl.exe!IoCreateDevice] 822676D0
IAT \SystemRoot\System32\DRIVERS\netbt.sys[ntoskrnl.exe!IoCreateDevice] 822676D0
IAT \SystemRoot\System32\DRIVERS\netbt.sys[TDI.SYS!TdiRegisterDeviceObject] 82267820
IAT \SystemRoot\System32\drivers\afd.sys[ntoskrnl.exe!IoCreateDevice] 822676D0
IAT \SystemRoot\System32\DRIVERS\netbios.sys[ntoskrnl.exe!IoCreateDevice] 822676D0
IAT \SystemRoot\System32\DRIVERS\rdbss.sys[ntoskrnl.exe!IoCreateDevice] 822676D0
IAT \SystemRoot\System32\DRIVERS\mrxsmb.sys[ntoskrnl.exe!IoCreateDevice] 822676D0
IAT \SystemRoot\System32\Drivers\Fips.SYS[ntoskrnl.exe!IoCreateDevice] 822676D0
IAT \SystemRoot\System32\DRIVERS\ipnat.sys[ntoskrnl.exe!IoCreateDevice] 822676D0
IAT \SystemRoot\System32\DRIVERS\wanarp.sys[ntoskrnl.exe!IoCreateDevice] 822676D0
IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] 822A1830
IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] 822A1070
IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] 822A1250
IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter] 822A1660
IAT \SystemRoot\System32\Drivers\Cdfs.SYS[ntoskrnl.exe!IoCreateDevice] 822676D0
IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[ntoskrnl.exe!IoCreateDevice] 822676D0
IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol] 822A1070
IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisDeregisterProtocol] 822A1830
IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisCloseAdapter] 822A1660
IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter] 822A1250
IAT \SystemRoot\system32\drivers\wdmaud.sys[ntoskrnl.exe!IoCreateDevice] 822676D0
IAT \SystemRoot\system32\drivers\sysaudio.sys[ntoskrnl.exe!IoCreateDevice] 822676D0
IAT \SystemRoot\System32\DRIVERS\mrxdav.sys[ntoskrnl.exe!IoCreateDevice] 822676D0
IAT \SystemRoot\System32\Drivers\ParVdm.SYS[ntoskrnl.exe!IoCreateDevice] 822676D0
IAT \SystemRoot\System32\DRIVERS\srv.sys[ntoskrnl.exe!IoCreateDevice] 822676D0
IAT \SystemRoot\System32\Drivers\HTTP.sys[ntoskrnl.exe!IoCreateDevice] 822676D0
IAT \SystemRoot\system32\drivers\kmixer.sys[ntoskrnl.exe!IoCreateDevice] 822676D0

---- Devices - GMER 1.0.14 ----

AttachedDevice \Driver\Tcpip \Device\Ip kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
AttachedDevice \Driver\Tcpip \Device\Tcp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
AttachedDevice \Driver\Tcpip \Device\Udp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
AttachedDevice \Driver\Tcpip \Device\RawIp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)

---- Threads - GMER 1.0.14 ----

Thread 4:364 822CA170
Thread 4:368 822A8000
Thread 4:372 822A8000
Thread 4:376 822757E0
Thread 4:380 822757E0
Thread 4:388 822777D0
Thread 4:392 822777D0
Thread 4:396 822757E0
Thread 4:420 822A8000
Thread 4:580 822A8000
Thread 4:2188 81CB6190

---- Registry - GMER 1.0.14 ----

Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\Bags\258\Shell@MinPos1680x1050(1).x -32000
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\Bags\258\Shell@MinPos1680x1050(1).y -32000

---- EOF - GMER 1.0.14 ----


Mbr log

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys videX32.sys PCIIDEX.SYS
kernel: MBR read successfully
user & kernel MBR OK

[motji]

Odinstalujte combofix přes
Start >> Spustit zkopírujte do okénka:

ComboFix /Uninstall

stiskněte Enter
-To odinstaluje ComboFix a smaže s ním související soubory a složky.



Stáhněte T-Cleaner
http://sweb.cz/Marinus/T-Cleaner.exe

-Spusťte,pro potvrzení volby mačkejte klávesu A, Enter
-po použití prográmek vymažte.Pozor,antiviry ho mohou falešně označit za vir


Stahněte TFC a použijte
TFC (http://oldtimer.geekstogo.com/TFC.exe)


Stáhněte Ccleaner,viz můj podpis
-nainstalujte a vyčištěte dočasné soubory, i registry

Vložte nový log ze RSIT a řekněte co počítač,jak se chová,už je vše v pořádku?

Stahněte z mého podpisu AVPTOOl http://www.viry.cz/forum/viewtopic.php?f=29&t=58179

-Podle návodu nainstalujte a proveďte sken
-co najde nechejte léčit, mazat
-sken může trvat několik hodin
-vložte zde log z výsledky

[luki123]

Odinstalujte combofix přes
Start >> Spustit zkopírujte do okénka:

ComboFix /Uninstall

stiskněte Enter
-To odinstaluje ComboFix a smaže s ním související soubory a složky.



Stáhněte T-Cleaner
http://sweb.cz/Marinus/T-Cleaner.exe

-Spusťte,pro potvrzení volby mačkejte klávesu A, Enter
-po použití prográmek vymažte.Pozor,antiviry ho mohou falešně označit za vir


Stahněte TFC a použijte
TFC (http://oldtimer.geekstogo.com/TFC.exe)


Stáhněte Ccleaner,viz můj podpis
-nainstalujte a vyčištěte dočasné soubory, i registry

Vložte nový log ze RSIT a řekněte co počítač,jak se chová,už je vše v pořádku?

Stahněte z mého podpisu AVPTOOl http://www.viry.cz/forum/viewtopic.php?f=29&t=58179

-Podle návodu nainstalujte a proveďte sken
-co najde nechejte léčit, mazat
-sken může trvat několik hodin
-vložte zde log z výsledky

Virus Removal Tool log

Autoscan: completed 2 minutes ago (events: 2, objects: 149993, time: 01:02:35)
18.1.2010 14:27:22 Task started
18.1.2010 15:29:57 Task completed

RSIT log

Logfile of random's system information tool 1.06 (written by random/random)
Run by Lukáš at 2010-01-18 15:35:34
Systém Microsoft Windows XP Professional Service Pack 2
System drive C: has 14 GB (69%) free of 20 GB
Total RAM: 767 MB (65% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:36:19, on 18.1.2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Lukáš\Plocha\RSIT.exe
C:\Program Files\trend micro\Lukáš.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: setup_9.0.0.722_18.01.2010_13-47.lnk = ?
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: officejet 6100.lnk = ?
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Statisktika ochrany webového provozu - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{56BDE3E6-7A4E-4560-B662-0E130044557B}: NameServer = 192.168.30.2,192.168.30.4
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 5774 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\FRU Task #Hewlett-Packard#hp psc 2200 series#1261759127.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-12-21 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}]
IEVkbdBHO Class - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll [2009-12-24 62728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"P17Helper"=Rundll32 P17.dll,P17Helper []
"NvCplDaemon"=C:\WINDOWS\System32\NvCpl.dll [2004-12-15 5513216]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\System32\NvMcTray.dll [2004-12-15 86016]
"AVP"=C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe [2009-12-24 201992]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2006-10-27 31016]
"Share-to-Web Namespace Daemon"=C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe [2002-04-11 69632]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-12-22 35760]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-12-11 948672]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2004-08-17 1667584]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-17 15360]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
hp psc 2000 Series.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
officejet 6100.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe

C:\Documents and Settings\Lukáš\Nabídka Start\Programy\Po spuštění
setup_9.0.0.722_18.01.2010_13-47.lnk - C:\Documents and Settings\Lukáš\Plocha\Virus Removal Tool\setup_9.0.0.722_18.01.2010_13-47\startup.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
C:\WINDOWS\system32\klogon.dll [2008-04-25 206088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=
"NoDriveAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Documents and Settings\All Users\Data aplikací\Kaspersky Lab Setup Files\Kaspersky Internet Security 2009\Czech\setup.exe"="C:\Documents and Settings\All Users\Data aplikací\Kaspersky Lab Setup Files\Kaspersky Internet Security 2009\Czech\setup.exe:*:Enabled:Kaspersky Internet Security 2009 Setup"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======List of files/folders created in the last 1 months======

2010-01-18 15:35:34 ----D---- C:\rsit
2010-01-18 14:20:31 ----D---- C:\WINDOWS\LastGood
2010-01-18 14:11:12 ----D---- C:\Program Files\CCleaner
2010-01-15 23:02:52 ----D---- C:\Program Files\Adobe
2010-01-15 09:57:54 ----SHD---- C:\RECYCLER
2010-01-15 09:14:55 ----D---- C:\Documents and Settings\Lukáš\Data aplikací\Malwarebytes
2010-01-15 09:14:47 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-01-15 09:14:47 ----D---- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
2010-01-14 23:50:23 ----D---- C:\WINDOWS\temp
2010-01-14 22:58:33 ----RASHD---- C:\cmdcons
2010-01-14 22:57:14 ----A---- C:\WINDOWS\MBR.exe
2010-01-13 18:19:03 ----D---- C:\Program Files\trend micro
2010-01-05 16:21:38 ----A---- C:\WINDOWS\isxdl.dll
2010-01-05 16:19:17 ----D---- C:\Program Files\TeaTimer (Spybot - Search & Destroy)
2010-01-05 16:19:11 ----D---- C:\Program Files\Misc. Support Library (Spybot - Search & Destroy)
2010-01-05 16:19:09 ----D---- C:\Program Files\SDHelper (Spybot - Search & Destroy)
2010-01-05 16:18:46 ----D---- C:\Program Files\File Scanner Library (Spybot - Search & Destroy)
2010-01-05 16:15:24 ----D---- C:\Program Files\Spybot - Search & Destroy
2010-01-03 19:55:54 ----D---- C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy
2009-12-25 17:38:38 ----A---- C:\WINDOWS\pagesuit.ini
2009-12-25 17:38:37 ----A---- C:\WINDOWS\system32\irisco32.dll
2009-12-25 17:38:11 ----D---- C:\Program Files\ReadIris
2009-12-25 17:35:39 ----RA---- C:\WINDOWS\system32\HPZisn12.dll
2009-12-25 17:35:39 ----RA---- C:\WINDOWS\system32\HPZipt12.dll
2009-12-25 17:35:39 ----RA---- C:\WINDOWS\system32\HPZipr12.dll
2009-12-25 17:35:39 ----RA---- C:\WINDOWS\system32\HPZipm12.exe
2009-12-25 17:35:39 ----RA---- C:\WINDOWS\system32\HPZinw12.exe
2009-12-25 17:35:39 ----RA---- C:\WINDOWS\system32\HPZidr12.dll
2009-12-25 17:32:21 ----D---- C:\Program Files\Common Files\Hewlett-Packard
2009-12-25 17:31:58 ----D---- C:\Documents and Settings\Lukáš\Data aplikací\Složka odesílání Share-to-Web
2009-12-25 17:30:46 ----D---- C:\Program Files\Hewlett-Packard
2009-12-25 12:11:40 ----A---- C:\WINDOWS\system32\msonpmon.dll
2009-12-25 12:08:23 ----D---- C:\Program Files\Microsoft Works
2009-12-25 12:08:06 ----D---- C:\Program Files\MSBuild
2009-12-25 12:07:32 ----D---- C:\Program Files\Microsoft Visual Studio
2009-12-25 12:07:32 ----D---- C:\Program Files\Common Files\DESIGNER
2009-12-25 12:06:27 ----D---- C:\Program Files\Microsoft.NET
2009-12-25 12:03:33 ----D---- C:\Program Files\Microsoft Visual Studio 8
2009-12-25 12:02:41 ----D---- C:\WINDOWS\SHELLNEW
2009-12-25 12:02:04 ----D---- C:\Documents and Settings\All Users\Data aplikací\Microsoft Help
2009-12-24 19:51:31 ----D---- C:\Documents and Settings\Lukáš\Data aplikací\ICQ
2009-12-24 19:51:02 ----D---- C:\Program Files\ICQ6.5
2009-12-24 19:32:52 ----D---- C:\Documents and Settings\Lukáš\Data aplikací\InstallShield
2009-12-24 19:07:11 ----D---- C:\Documents and Settings\Lukáš\Data aplikací\Jpeg Resampler
2009-12-24 07:58:25 ----D---- C:\Program Files\Kaspersky Lab
2009-12-24 07:58:25 ----D---- C:\Documents and Settings\All Users\Data aplikací\Kaspersky Lab
2009-12-24 07:36:02 ----D---- C:\Documents and Settings\Lukáš\Data aplikací\Kaspersky_Key_Finder_(KKF
2009-12-24 07:12:13 ----D---- C:\WINDOWS\SoftwareDistribution
2009-12-24 07:12:10 ----D---- C:\WINDOWS\Prefetch
2009-12-24 07:05:30 ----N---- C:\WINDOWS\system32\comsdupd.exe
2009-12-24 07:05:24 ----N---- C:\WINDOWS\system32\ativtmxx.dll
2009-12-24 07:05:24 ----N---- C:\WINDOWS\system32\ati3duag.dll
2009-12-24 07:05:24 ----N---- C:\WINDOWS\system32\ati3d1ag.dll
2009-12-24 07:05:24 ----N---- C:\WINDOWS\system32\ati2dvag.dll
2009-12-24 07:05:24 ----N---- C:\WINDOWS\system32\ati2dvaa.dll
2009-12-24 07:05:24 ----N---- C:\WINDOWS\system32\ati2cqag.dll
2009-12-24 07:05:23 ----N---- C:\WINDOWS\system32\hsfcisp2.dll
2009-12-24 07:05:23 ----N---- C:\WINDOWS\system32\fwcfg.dll
2009-12-24 07:05:23 ----N---- C:\WINDOWS\system32\fsquirt.exe
2009-12-24 07:05:23 ----N---- C:\WINDOWS\system32\fltmc.exe
2009-12-24 07:05:23 ----N---- C:\WINDOWS\system32\fltlib.dll
2009-12-24 07:05:23 ----N---- C:\WINDOWS\system32\extmgr.dll
2009-12-24 07:05:23 ----N---- C:\WINDOWS\system32\cmsetacl.dll
2009-12-24 07:05:23 ----N---- C:\WINDOWS\system32\btpanui.dll
2009-12-24 07:05:23 ----N---- C:\WINDOWS\system32\bthserv.dll
2009-12-24 07:05:23 ----N---- C:\WINDOWS\system32\bthci.dll
2009-12-24 07:05:23 ----N---- C:\WINDOWS\system32\blastcln.exe
2009-12-24 07:05:23 ----N---- C:\WINDOWS\system32\bitsprx3.dll
2009-12-24 07:05:23 ----N---- C:\WINDOWS\system32\bitsprx2.dll
2009-12-24 07:05:23 ----N---- C:\WINDOWS\system32\auditusr.exe
2009-12-24 07:05:23 ----N---- C:\WINDOWS\system32\ativvaxx.dll
2009-12-24 07:05:22 ----N---- C:\WINDOWS\system32\mspmsnsv.dll
2009-12-24 07:05:22 ----N---- C:\WINDOWS\system32\msdadiag.dll
2009-12-24 07:05:22 ----N---- C:\WINDOWS\system32\mp4sdmod.dll
2009-12-24 07:05:22 ----N---- C:\WINDOWS\system32\mp43dmod.dll
2009-12-24 07:05:22 ----N---- C:\WINDOWS\system32\mdmxsdk.dll
2009-12-24 07:05:22 ----N---- C:\WINDOWS\system32\kbdukx.dll
2009-12-24 07:05:22 ----N---- C:\WINDOWS\system32\kbdsmsno.dll
2009-12-24 07:05:22 ----N---- C:\WINDOWS\system32\kbdsmsfi.dll
2009-12-24 07:05:22 ----N---- C:\WINDOWS\system32\kbdno1.dll
2009-12-24 07:05:22 ----N---- C:\WINDOWS\system32\kbdmlt48.dll
2009-12-24 07:05:22 ----N---- C:\WINDOWS\system32\kbdmlt47.dll
2009-12-24 07:05:22 ----N---- C:\WINDOWS\system32\kbdmaori.dll
2009-12-24 07:05:22 ----N---- C:\WINDOWS\system32\kbdinmal.dll
2009-12-24 07:05:22 ----N---- C:\WINDOWS\system32\kbdinben.dll
2009-12-24 07:05:22 ----N---- C:\WINDOWS\system32\kbdinbe1.dll
2009-12-24 07:05:22 ----N---- C:\WINDOWS\system32\kbdfi1.dll
2009-12-24 07:05:22 ----N---- C:\WINDOWS\system32\ir50_qcx.dll
2009-12-24 07:05:22 ----N---- C:\WINDOWS\system32\ir50_qc.dll
2009-12-24 07:05:22 ----N---- C:\WINDOWS\system32\ir50_32.dll
2009-12-24 07:05:22 ----N---- C:\WINDOWS\system32\ir41_qcx.dll
2009-12-24 07:05:22 ----N---- C:\WINDOWS\system32\ir41_qc.dll
2009-12-24 07:05:22 ----N---- C:\WINDOWS\system32\ieencode.dll
2009-12-24 07:05:22 ----N---- C:\WINDOWS\system32\httpapi.dll
2009-12-24 07:05:21 ----N---- C:\WINDOWS\system32\xpsp2res.dll
2009-12-24 07:05:21 ----N---- C:\WINDOWS\system32\xpob2res.dll
2009-12-24 07:05:21 ----N---- C:\WINDOWS\system32\twext.dll
2009-12-24 07:05:21 ----N---- C:\WINDOWS\system32\strmfilt.dll
2009-12-24 07:05:21 ----N---- C:\WINDOWS\system32\smbinst.exe
2009-12-24 07:05:21 ----N---- C:\WINDOWS\system32\slserv.exe
2009-12-24 07:05:21 ----N---- C:\WINDOWS\system32\slrundll.exe
2009-12-24 07:05:21 ----N---- C:\WINDOWS\system32\slgen.dll
2009-12-24 07:05:21 ----N---- C:\WINDOWS\system32\slextspk.dll
2009-12-24 07:05:21 ----N---- C:\WINDOWS\system32\slcoinst.dll
2009-12-24 07:05:21 ----N---- C:\WINDOWS\system32\sdhcinst.dll
2009-12-24 07:05:21 ----N---- C:\WINDOWS\system32\s3gnb.dll
2009-12-24 07:05:21 ----N---- C:\WINDOWS\system32\powercfg.exe
2009-12-24 07:05:21 ----N---- C:\WINDOWS\system32\pnrpnsp.dll
2009-12-24 07:05:21 ----N---- C:\WINDOWS\system32\p2psvc.dll
2009-12-24 07:05:21 ----N---- C:\WINDOWS\system32\p2pnetsh.dll
2009-12-24 07:05:21 ----N---- C:\WINDOWS\system32\p2pgraph.dll
2009-12-24 07:05:21 ----N---- C:\WINDOWS\system32\p2pgasvc.dll
2009-12-24 07:05:21 ----N---- C:\WINDOWS\system32\p2p.dll
2009-12-24 07:05:21 ----N---- C:\WINDOWS\system32\mtxparhd.dll
2009-12-24 07:05:20 ----N---- C:\WINDOWS\system32\wmidx.dll
2009-12-24 07:05:20 ----N---- C:\WINDOWS\system32\wmerror.dll
2009-12-24 07:05:20 ----N---- C:\WINDOWS\system32\winshfhc.dll
2009-12-24 07:05:20 ----N---- C:\WINDOWS\system32\w3ssl.dll
2009-12-24 07:05:19 ----N---- C:\WINDOWS\system32\wuaueng1.dll
2009-12-24 07:05:19 ----N---- C:\WINDOWS\system32\wuauclt1.exe
2009-12-24 07:05:19 ----N---- C:\WINDOWS\system32\wuapi.dll
2009-12-24 07:05:19 ----N---- C:\WINDOWS\system32\wshbth.dll
2009-12-24 07:05:19 ----N---- C:\WINDOWS\system32\wscsvc.dll
2009-12-24 07:05:19 ----N---- C:\WINDOWS\system32\wscntfy.exe
2009-12-24 07:05:19 ----N---- C:\WINDOWS\system32\wmvdmoe2.dll
2009-12-24 07:05:19 ----N---- C:\WINDOWS\system32\wmspdmoe.dll
2009-12-24 07:05:19 ----N---- C:\WINDOWS\system32\wmspdmod.dll
2009-12-24 07:05:19 ----N---- C:\WINDOWS\system32\wmsdmoe2.dll
2009-12-24 07:05:19 ----N---- C:\WINDOWS\system32\wmpdxm.dll
2009-12-24 07:05:19 ----N---- C:\WINDOWS\system32\wmpasf.dll
2009-12-24 07:05:19 ----N---- C:\WINDOWS\system32\wmp.dll
2009-12-24 07:05:18 ----N---- C:\WINDOWS\system32\xmlprovi.dll
2009-12-24 07:05:18 ----N---- C:\WINDOWS\system32\xmlprov.dll
2009-12-24 07:05:18 ----N---- C:\WINDOWS\system32\wuweb.dll
2009-12-24 07:05:18 ----N---- C:\WINDOWS\system32\wups.dll
2009-12-24 07:05:18 ----N---- C:\WINDOWS\system32\wucltui.dll
2009-12-24 07:05:18 ----N---- C:\WINDOWS\slrundll.exe
2009-12-24 07:05:12 ----D---- C:\WINDOWS\peernet
2009-12-24 07:05:10 ----D---- C:\WINDOWS\provisioning
2009-12-24 07:03:26 ----D---- C:\WINDOWS\ServicePackFiles
2009-12-24 07:00:33 ----A---- C:\WINDOWS\system32\spupdsvc.exe
2009-12-24 06:59:21 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2009-12-24 06:59:17 ----D---- C:\WINDOWS\EHome
2009-12-23 19:29:06 ----D---- C:\Documents and Settings\All Users\Data aplikací\Kaspersky Lab Setup Files
2009-12-23 19:19:28 ----A---- C:\WINDOWS\system32\capicom.dll
2009-12-23 19:19:21 ----D---- C:\Documents and Settings\All Users\Data aplikací\Symantec
2009-12-23 12:47:25 ----D---- C:\Documents and Settings\All Users\Data aplikací\Adobe
2009-12-23 12:47:21 ----D---- C:\Program Files\Common Files\Adobe
2009-12-21 10:42:36 ----D---- C:\WINDOWS\system32\appmgmt
2009-12-20 18:27:20 ----A---- C:\WINDOWS\ODBC.INI
2009-12-20 18:27:16 ----A---- C:\WINDOWS\system32\mdimon.dll
2009-12-20 18:25:40 ----D---- C:\Program Files\Microsoft Office
2009-12-20 15:04:54 ----D---- C:\Program Files\Light Artist
2009-12-20 15:01:01 ----D---- C:\WINDOWS\Downloaded Installations
2009-12-19 15:52:25 ----D---- C:\Documents and Settings\Lukáš\Data aplikací\Thinstall
2009-12-19 15:42:43 ----D---- C:\Program Files\iXi Tools

======List of files/folders modified in the last 1 months======

2010-01-18 14:22:51 ----SHD---- C:\System Volume Information
2010-01-18 14:21:24 ----HD---- C:\WINDOWS\inf
2010-01-18 14:21:24 ----D---- C:\WINDOWS\system32\drivers
2010-01-18 14:20:46 ----D---- C:\WINDOWS
2010-01-18 14:20:30 ----D---- C:\WINDOWS\system32\CatRoot2
2010-01-18 14:14:03 ----D---- C:\WINDOWS\system32\Restore
2010-01-18 14:11:54 ----D---- C:\Program Files\Mozilla Firefox
2010-01-18 14:11:12 ----RD---- C:\Program Files
2010-01-18 14:05:26 ----N---- C:\WINDOWS\SchedLgU.Txt
2010-01-18 14:05:09 ----D---- C:\WINDOWS\system32
2010-01-18 11:33:13 ----SHD---- C:\WINDOWS\Installer
2010-01-16 12:05:52 ----D---- C:\WINDOWS\system32\ReinstallBackups
2010-01-14 23:46:56 ----A---- C:\WINDOWS\system.ini
2010-01-14 23:04:55 ----D---- C:\WINDOWS\system32\config
2010-01-14 23:02:52 ----D---- C:\WINDOWS\AppPatch
2010-01-14 23:02:49 ----D---- C:\Program Files\Common Files
2010-01-14 22:58:53 ----RASH---- C:\boot.ini
2010-01-05 16:15:12 ----D---- C:\Documents and Settings\Lukáš\Data aplikací\GetRightToGo
2010-01-03 19:50:51 ----D---- C:\WINDOWS\Debug
2009-12-26 10:00:34 ----SD---- C:\Documents and Settings\Lukáš\Data aplikací\Microsoft
2009-12-25 17:48:08 ----A---- C:\WINDOWS\win.ini
2009-12-25 17:39:13 ----SD---- C:\WINDOWS\Tasks
2009-12-25 17:38:16 ----HD---- C:\Program Files\InstallShield Installation Information
2009-12-25 17:38:08 ----D---- C:\Program Files\Common Files\InstallShield
2009-12-25 17:35:49 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-12-25 17:34:43 ----D---- C:\WINDOWS\twain_32
2009-12-25 17:14:02 ----D---- C:\WINDOWS\system32\wbem
2009-12-25 17:14:02 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-12-25 12:11:53 ----RSD---- C:\WINDOWS\assembly
2009-12-25 12:08:17 ----D---- C:\Program Files\Common Files\Microsoft Shared
2009-12-25 12:08:10 ----D---- C:\WINDOWS\WinSxS
2009-12-25 12:06:48 ----RSD---- C:\WINDOWS\Fonts
2009-12-25 12:06:27 ----SD---- C:\Documents and Settings\All Users\Data aplikací\Microsoft
2009-12-25 12:02:54 ----D---- C:\Program Files\Common Files\System
2009-12-24 09:09:05 ----D---- C:\Program Files\Outlook Express
2009-12-24 07:21:30 ----D---- C:\WINDOWS\security
2009-12-24 07:13:07 ----D---- C:\WINDOWS\system32\inetsrv
2009-12-24 07:11:54 ----D---- C:\Program Files\Messenger
2009-12-24 07:09:14 ----D---- C:\WINDOWS\system32\CatRoot
2009-12-24 07:06:31 ----D---- C:\Program Files\Windows Media Player
2009-12-24 07:05:30 ----D---- C:\WINDOWS\system32\Setup
2009-12-24 07:05:30 ----D---- C:\WINDOWS\ime
2009-12-24 07:05:30 ----D---- C:\WINDOWS\Help
2009-12-24 07:05:18 ----D---- C:\WINDOWS\system32\oobe
2009-12-24 07:05:13 ----D---- C:\Program Files\Internet Explorer
2009-12-24 07:05:12 ----D---- C:\Program Files\Movie Maker
2009-12-24 07:05:10 ----D---- C:\WINDOWS\Media
2009-12-24 07:03:08 ----D---- C:\WINDOWS\system32\npp
2009-12-24 07:03:08 ----D---- C:\WINDOWS\msagent
2009-12-24 07:03:06 ----D---- C:\WINDOWS\srchasst
2009-12-24 07:03:05 ----D---- C:\Program Files\NetMeeting
2009-12-24 07:03:04 ----D---- C:\WINDOWS\system32\Com
2009-12-24 07:02:56 ----D---- C:\Program Files\Windows NT
2009-12-24 07:02:30 ----D---- C:\WINDOWS\system32\usmt
2009-12-24 07:02:29 ----D---- C:\WINDOWS\system
2009-12-24 07:01:26 ----RD---- C:\WINDOWS\Web
2009-12-24 07:01:16 ----RASH---- C:\NTDETECT.COM
2009-12-23 12:48:19 ----D---- C:\Documents and Settings\Lukáš\Data aplikací\Adobe
2009-12-20 16:00:19 ----D---- C:\WINDOWS\Microsoft.NET
2009-12-20 14:51:32 ----D---- C:\Documents and Settings\Lukáš\Data aplikací\Uniblue
2009-12-20 14:51:32 ----D---- C:\Documents and Settings\All Users\Data aplikací\DriverScanner

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 15140911;15140911; C:\WINDOWS\system32\DRIVERS\15140911.sys [2009-09-25 128016]
R1 AFS2K;AFS2k; C:\WINDOWS\system32\drivers\AFS2K.sys [2009-12-25 82380]
R1 AmdK7;Ovladač procesoru AMD K7; C:\WINDOWS\System32\DRIVERS\amdk7.sys [2004-08-17 41216]
R1 asuskbnt;Enhanced Display Driver Helper Service; C:\WINDOWS\system32\drivers\atkkbnt.sys [2004-07-20 20096]
R1 KLIF;Kaspersky Lab Driver; C:\WINDOWS\system32\DRIVERS\klif.sys [2009-12-24 213520]
R1 setup_9.0.0.722_18.01.2010_13-47drv;setup_9.0.0.722_18.01.2010_13-47drv; C:\WINDOWS\system32\DRIVERS\1514091.sys [2009-10-09 315408]
R2 EIO;EIO; \??\C:\WINDOWS\system32\drivers\EIO.sys []
R3 ctsfm2k;Creative SoundFont Management Device Driver; C:\WINDOWS\System32\DRIVERS\ctsfm2k.sys [2005-01-10 138752]
R3 KLFLTDEV;Kaspersky Lab KLFltDev; C:\WINDOWS\system32\DRIVERS\klfltdev.sys [2008-03-13 26640]
R3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2004-12-15 3329504]
R3 ossrv;Creative OS Services Driver; C:\WINDOWS\System32\DRIVERS\ctoss2k.sys [2005-01-10 106496]
R3 P17;SB Live! 24-bit; C:\WINDOWS\system32\drivers\P17.sys [2007-06-15 1127936]
R3 RTL8023xp;Realtek 10/100/1000 PCI NIC Family NDIS XP Driver; C:\WINDOWS\System32\DRIVERS\Rtnicxp.sys [2009-03-25 130432]
R3 sermouse;Ovladač sériové myši; C:\WINDOWS\System32\DRIVERS\sermouse.sys [2001-10-25 17664]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2004-08-03 26624]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2004-08-03 20480]
R3 vulfnths;VIA USB Host Controller Lower Filter; C:\WINDOWS\System32\Drivers\vulfnth.sys [2005-01-05 6912]
R3 vulfntrs;VIA USB Roothub Lower Filter; C:\WINDOWS\System32\Drivers\vulfntr.sys [2005-06-06 11264]
R4 sr;Ovladač filtru Obnovy systému; C:\WINDOWS\System32\DRIVERS\sr.sys [2004-08-17 73344]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2002-02-15 50960]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2002-03-21 16112]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2002-03-08 22512]
S3 rkhdrv40;Rootkit Unhooker Driver; C:\WINDOWS\system32\drivers\rkhdrv40.sys []
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 viafilter;VIA USB Filter; C:\WINDOWS\System32\Drivers\viausb1.sys [2001-09-19 9728]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ATKKeyboardService;ATK Keyboard Service; C:\WINDOWS\ATKKBService.exe [2004-07-20 90112]
R2 AVP;Kaspersky Internet Security; C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe [2009-12-24 201992]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\System32\nvsvc32.exe [2004-12-15 139331]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-27 65824]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2002-03-15 81920]

-----------------EOF-----------------

[motji]

smažte
C:\WINDOWS\MBR.exe
C:\Documents and Settings\Lukáš\Plocha\Virus Removal Tool\setup_9.0.0.722_18.01.2010_13-47\startup.exe

můžete se podívat co je v této složce?
C:\WINDOWS\system32\npp

Smažte cache Opery bud ručně nebo ATF Cleanerem
http://www.slunecnice.cz/sw/atf-cleaner/

- v menu nahoře vyberte záložku Firefox / Opera a klikněte na ni
-zatrhněte Select All a pak klikněte na Empty Selected

pozor - přijdete o všechna hesla uložená ve FF /Opere!

-Na záložce main zaškrtněte All users temp a potvrdte Empty selected



Stahněte TFC a použijte
TFC (http://oldtimer.geekstogo.com/TFC.exe)



vyčistění disku
start-spustit - napište cleanmgr - ok..ok
-dát fajfku temporary ,,,offline,,koš,,,dočasné soubory - ok,


start-spustit - napište cleanmgr - ok..ok
-další možnosti - obnovení systému - vyčistit - ok

start-spustit - napište chkdsk /f/r
-[enter]
souhlas - restartuje se pc a nechá se disk zkontrolovat

defragmentace disku
start - ovládací panely - nástroje pro správu - správa počítače - defragmentace disku
-můžete použít i jiný nástroj na defragmentaci, ten ve windows není nic moc

Za sebe můžu doporučit JK defrag, který se neinstaluje
http://www.slunecnice.cz/sw/jkdefrag/

napište zda to pomohlo

[luki123]

Ve složce C:\WINDOWS\system32\npp jsou soubory 2 soubory ndisnpp.dll , nppagent

pc najizdi rychleji presna za minutu k obrazovce vitejte je to podstatne lepsi ale melo by to byt jeste rychlejsi

Muzu zpatky nainstalolvat alkohol ?

nemte nejaky programek ke kontrole ovladacu ?

[motji]

Můžete pro jistotu ty dva soubory otestovat na www.virustotal.com
Alcohol můžete nainstalovat.
Jak dlouho máte systém po reinstalu? mě třeba také ted dlouho pc nabíhá...něco přes minutu.
Na jakou kontrolu myslíte? Já jsem to nepochopila

[luki123]

ndisnpp.dll
http://www.virustotal.com/cs/analisis/5 ... 1263893576

nppagent
http://www.virustotal.com/cs/analisis/4 ... 1263893775

Ja myslel neco jako driver doctor nebo driver detective

[motji]

A nač to potřebujete? jestli potřebujete zkontrolovat jestli nechybí nějaký ovladač, tak se stačí podívat do správce zařízení

start - spustit - devmgmt.msc - ok
nejsou tam njaké žluté otazníky?

[luki123]

ne nejsou jenom jsem myslel ze by si pocitac stahnul aktualni verce ovladacu

jinak system mam nainstalovan par mesicu presne to nevim delam to tak jednou rocne nekdy dvakrat

[motji]

Zeptám se kolegů, přiznám se že tohle nevím