Prosim o kontrolu logu - win32/cutwail.ba

[cuco11]

MS Security Essentials nasiel viac vyskytov tohoto trojana + Vundo.Gen.AU. Odvtedy sa neda aktualizovat nova vzorka. Chrome po spusteni - BSOD

Pripajam log z HijackThis!

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:10:32, on 10. 4. 2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\LibreOffice 3\program\soffice.exe
C:\Program Files\LibreOffice 3\program\soffice.bin
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\wuauclt.exe
C:\Users\kubinski\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IVUT073X\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ww.hahayouxi.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
O4 - HKLM\..\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [Regedit32] C:\Windows\system32\regedit.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ShowBatteryBar] "C:\Program Files\BatteryBar\ShowBatteryBar.exe" show
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - Startup: LibreOffice 3.3.lnk = C:\Program Files\LibreOffice 3\program\quickstart.exe
O4 - Startup: YoWindow.lnk = C:\Windows\yowindow.scr
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://195.28.70.134/kapor2/lib/mgaxctrl.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B516DA83-B218-49D5-8391-D7948DC3CB17}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CCS\Services\Tcpip\..\{FA3AFFD8-FDBB-4BF1-AC0C-184B21106696}: NameServer = 172.16.21.10
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: glowext - C:\Windows\system32\config\systemprofile\AppData\Local\glowext.dll (file missing)
O22 - SharedTaskScheduler: ObjectDockShellExt - {1984D045-52CF-49cd-DB77-08F378FEA4DB} - (no file)
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Mapihook (mapihook.exe) - Unknown owner - C:\Windows\system32\mapihook.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: Quick Config Service - Unknown owner - C:\Program Files\Quick Config\QCService.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: tvMobiliService - Unknown owner - C:\Program Files\TVMOBiLi\bin\tvMobiliService.exe

--
End of file - 5436 bytes

[Rudy]

Dejte log z RSIT: http://www.viry.cz/forum/viewtopic.php?f=13&t=105895 . je podrobnější, než HijackThis.

[cuco11]

Logfile of random's system information tool 1.08 (written by random/random)
Run by kubinski at 2011-04-10 22:40:07
Microsoft Windows 7 Ultimate
System drive C: has 8 GB (7%) free of 120 GB
Total RAM: 1918 MB (37% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:40:17, on 10. 4. 2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\LibreOffice 3\program\soffice.exe
C:\Program Files\LibreOffice 3\program\soffice.bin
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\FreeCommander\FreeCommander.exe
C:\Users\kubinski\Downloads\RSIT.exe
C:\Program Files\trend micro\kubinski.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ww.hahayouxi.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
O4 - HKLM\..\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [Regedit32] C:\Windows\system32\regedit.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ShowBatteryBar] "C:\Program Files\BatteryBar\ShowBatteryBar.exe" show
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: LibreOffice 3.3.lnk = C:\Program Files\LibreOffice 3\program\quickstart.exe
O4 - Startup: YoWindow.lnk = C:\Windows\yowindow.scr
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://195.28.70.134/kapor2/lib/mgaxctrl.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B516DA83-B218-49D5-8391-D7948DC3CB17}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CCS\Services\Tcpip\..\{FA3AFFD8-FDBB-4BF1-AC0C-184B21106696}: NameServer = 172.16.21.10
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: glowext - C:\Windows\system32\config\systemprofile\AppData\Local\glowext.dll
O22 - SharedTaskScheduler: ObjectDockShellExt - {1984D045-52CF-49cd-DB77-08F378FEA4DB} - (no file)
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Mapihook (mapihook.exe) - Unknown owner - C:\Windows\system32\mapihook.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: Quick Config Service - Unknown owner - C:\Program Files\Quick Config\QCService.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: tvMobiliService - Unknown owner - C:\Program Files\TVMOBiLi\bin\tvMobiliService.exe

--
End of file - 6043 bytes

======Scheduled tasks folder======

C:\Windows\tasks\At1.job
C:\Windows\tasks\At2.job
C:\Windows\tasks\{15A6CC48-750D-41B6-83C1-DFA853820894}.job
C:\Windows\tasks\{23DF3F6A-0C6D-47EC-860E-96088223388C}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-08-04 41760]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [2009-07-28 7625248]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2009-05-21 61440]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2008-08-14 1348904]
"TPwrMain"=C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [2009-11-05 480608]
"00TCrdMain"=C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [2009-11-10 738616]
"MSC"=C:\Program Files\Microsoft Security Client\msseces.exe [2010-11-30 997408]
"Regedit32"=C:\Windows\system32\regedit.exe []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2010-05-13 26192168]
"ShowBatteryBar"=C:\Program Files\BatteryBar\ShowBatteryBar.exe [2009-05-28 90624]
"PC Suite Tray"=C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe [2010-12-21 1483264]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FlashPlayerUpdate]
C:\Windows\system32\Macromed\Flash\FlashUtil10k_Plugin.exe -update plugin []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
C:\Users\kubinski\AppData\Local\Google\Update\GoogleUpdate.exe /c []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]
C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaOviSuite2]
C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe [2011-01-31 703360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe [2010-12-21 1483264]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-05-14 248552]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Mobile Device Center]
C:\Windows\WindowsMobile\wmdc.exe [2007-05-31 648072]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^kubinski^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk]
C:\PROGRA~1\OPENOF~1.ORG\program\QUICKS~1.EXE []

C:\Users\kubinski\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
LibreOffice 3.3.lnk - C:\Program Files\LibreOffice 3\program\quickstart.exe
YoWindow.lnk - C:\Windows\yowindow.scr

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\glowext]
C:\Windows\system32\config\system [2011-04-10 19398656]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler]
ObjectDockShellExt - {1984D045-52CF-49cd-DB77-08F378FEA4DB}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll, mthbnhtn.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2011-04-10 22:35:58 ----D---- C:\Program Files\trend micro
2011-04-10 22:35:57 ----D---- C:\rsit
2011-04-10 21:39:37 ----A---- C:\Windows\system32\mapisrv.dll
2011-04-10 20:16:45 ----A---- C:\Windows\system32\themedll.dll
2011-04-09 20:06:21 ----A---- C:\Windows\system32\tmp.tmp
2011-04-08 13:04:16 ----A---- C:\Windows\system32\mthbnhtn.dll
2011-04-07 20:23:39 ----A---- C:\Windows\system32\GnuHashes.ini
2011-04-07 20:17:18 ----D---- C:\Windows\system32\6C6C4F49DF9B981A4E8BF914A8494BCC
2011-04-07 20:17:07 ----A---- C:\Windows\system32\mapihook.exe.log.20110407201707
2011-04-07 20:17:05 ----A---- C:\Windows\system32\mapihook.exe.log
2011-04-07 20:17:05 ----A---- C:\Windows\system32\mapihook.exe
2011-04-07 12:33:08 ----D---- C:\Program Files\Microsoft Security Client
2011-04-07 12:32:52 ----A---- C:\Windows\system32\drivers\netio.sys
2011-04-07 12:17:56 ----D---- C:\WINSSLog
2011-04-07 09:05:47 ----D---- C:\ProgramData\Norton
2011-04-06 21:27:59 ----D---- C:\ProgramData\YoWindow
2011-04-06 21:22:53 ----A---- C:\Windows\keys.ini
2011-03-28 09:58:00 ----D---- C:\ProgramData\Dassault Systemes
2011-03-28 09:57:47 ----D---- C:\Program Files\Dassault Systemes
2011-03-26 15:41:02 ----D---- C:\Program Files\DrayTek Router Tools V4.2.0
2011-03-24 22:48:27 ----D---- C:\Windows\system32\SPReview
2011-03-24 13:26:36 ----A---- C:\Windows\system32\hpxp4500.dll
2011-03-24 13:26:36 ----A---- C:\Windows\system32\hpgtbb.dll
2011-03-24 13:26:36 ----A---- C:\Windows\system32\hp4500co.dll
2011-03-15 12:27:03 ----A---- C:\Windows\system32\wininet.dll
2011-03-15 12:27:03 ----A---- C:\Windows\system32\urlmon.dll
2011-03-15 12:27:03 ----A---- C:\Windows\system32\RegisterIEPKEYs.exe
2011-03-15 12:27:03 ----A---- C:\Windows\system32\msls31.dll
2011-03-15 12:27:03 ----A---- C:\Windows\system32\jsproxy.dll
2011-03-15 12:27:02 ----A---- C:\Windows\system32\SetIEInstalledDate.exe
2011-03-15 12:27:02 ----A---- C:\Windows\system32\msrating.dll
2011-03-15 12:27:02 ----A---- C:\Windows\system32\mshtmler.dll
2011-03-15 12:27:02 ----A---- C:\Windows\system32\msfeedssync.exe
2011-03-15 12:27:02 ----A---- C:\Windows\system32\msfeedsbs.dll
2011-03-15 12:27:02 ----A---- C:\Windows\system32\ieui.dll
2011-03-15 12:27:02 ----A---- C:\Windows\system32\iesysprep.dll
2011-03-15 12:27:02 ----A---- C:\Windows\system32\iertutil.dll
2011-03-15 12:27:02 ----A---- C:\Windows\system32\ieframe.dll
2011-03-15 12:27:02 ----A---- C:\Windows\system32\ieakeng.dll
2011-03-15 12:27:02 ----A---- C:\Windows\system32\IEAdvpack.dll
2011-03-15 12:27:01 ----A---- C:\Windows\system32\wextract.exe
2011-03-15 12:27:01 ----A---- C:\Windows\system32\webcheck.dll
2011-03-15 12:27:01 ----A---- C:\Windows\system32\vbscript.dll
2011-03-15 12:27:01 ----A---- C:\Windows\system32\url.dll
2011-03-15 12:27:01 ----A---- C:\Windows\system32\mshtmled.dll
2011-03-15 12:27:01 ----A---- C:\Windows\system32\mshtml.dll
2011-03-15 12:27:01 ----A---- C:\Windows\system32\msfeeds.dll
2011-03-15 12:27:01 ----A---- C:\Windows\system32\licmgr10.dll
2011-03-15 12:27:01 ----A---- C:\Windows\system32\inseng.dll
2011-03-15 12:27:01 ----A---- C:\Windows\system32\iexpress.exe
2011-03-15 12:27:01 ----A---- C:\Windows\system32\iesetup.dll
2011-03-15 12:27:01 ----A---- C:\Windows\system32\iernonce.dll
2011-03-15 12:27:01 ----A---- C:\Windows\system32\iedkcs32.dll
2011-03-15 12:27:01 ----A---- C:\Windows\system32\ieapfltr.dll
2011-03-15 12:27:01 ----A---- C:\Windows\system32\ie4uinit.exe
2011-03-15 12:27:01 ----A---- C:\Windows\system32\icardie.dll
2011-03-15 12:27:01 ----A---- C:\Windows\system32\dxtrans.dll
2011-03-15 12:27:01 ----A---- C:\Windows\system32\dxtmsft.dll
2011-03-15 12:27:00 ----A---- C:\Windows\system32\pngfilt.dll
2011-03-15 12:27:00 ----A---- C:\Windows\system32\occache.dll
2011-03-15 12:27:00 ----A---- C:\Windows\system32\mshta.exe
2011-03-15 12:27:00 ----A---- C:\Windows\system32\jscript9.dll
2011-03-15 12:27:00 ----A---- C:\Windows\system32\jscript.dll
2011-03-15 12:27:00 ----A---- C:\Windows\system32\imgutil.dll
2011-03-15 12:27:00 ----A---- C:\Windows\system32\ieUnatt.exe
2011-03-15 12:27:00 ----A---- C:\Windows\system32\iepeers.dll
2011-03-15 12:27:00 ----A---- C:\Windows\system32\ieakui.dll
2011-03-15 12:27:00 ----A---- C:\Windows\system32\ieaksie.dll
2011-03-15 12:27:00 ----A---- C:\Windows\system32\admparse.dll

======List of files/folders modified in the last 1 months======

2011-04-10 22:40:16 ----D---- C:\Windows\Prefetch
2011-04-10 22:39:40 ----D---- C:\Windows\Temp
2011-04-10 22:36:10 ----D---- C:\Users\kubinski\AppData\Roaming\Skype
2011-04-10 22:35:58 ----RD---- C:\Program Files
2011-04-10 22:14:35 ----D---- C:\Windows
2011-04-10 22:13:15 ----D---- C:\Windows\Minidump
2011-04-10 21:52:31 ----D---- C:\Windows\system32\config
2011-04-10 21:48:18 ----D---- C:\Windows\system32\drivers
2011-04-10 21:39:37 ----D---- C:\Windows\System32
2011-04-09 22:11:10 ----D---- C:\Users\kubinski\AppData\Roaming\Media Player Classic
2011-04-09 21:47:27 ----D---- C:\Users\kubinski\AppData\Roaming\FileZilla
2011-04-08 20:56:43 ----D---- C:\temp
2011-04-08 14:00:05 ----D---- C:\Windows\inf
2011-04-08 14:00:05 ----A---- C:\Windows\system32\PerfStringBackup.INI
2011-04-08 11:02:48 ----SHD---- C:\System Volume Information
2011-04-07 12:35:30 ----D---- C:\Windows\winsxs
2011-04-07 12:34:53 ----HD---- C:\Config.Msi
2011-04-07 12:33:57 ----SHD---- C:\Windows\Installer
2011-04-07 12:33:31 ----D---- C:\Windows\system32\catroot
2011-04-07 12:32:59 ----D---- C:\Windows\system32\catroot2
2011-04-07 12:30:09 ----HD---- C:\Windows\system32\GroupPolicy
2011-04-07 12:29:23 ----D---- C:\Downloads
2011-04-07 11:26:32 ----SD---- C:\ProgramData\Microsoft
2011-04-07 10:15:03 ----D---- C:\Windows\system32\Tasks
2011-04-07 10:15:02 ----D---- C:\Windows\Tasks
2011-04-07 09:13:31 ----D---- C:\Windows\Downloaded Program Files
2011-04-07 09:05:47 ----HD---- C:\ProgramData
2011-04-06 20:58:41 ----D---- C:\Windows\debug
2011-04-06 20:28:09 ----D---- C:\Windows\system32\drivers\etc
2011-04-05 19:47:50 ----D---- C:\Users\kubinski\AppData\Roaming\TeamViewer
2011-04-05 08:10:44 ----D---- C:\Users\kubinski\AppData\Roaming\gtk-2.0
2011-04-03 12:18:00 ----D---- C:\Windows\rescache
2011-04-03 11:11:02 ----D---- C:\Windows\system32\en-US
2011-04-03 11:11:02 ----D---- C:\Windows\system32\cs-CZ
2011-03-31 12:49:19 ----D---- C:\Program Files\LibreOffice 3
2011-03-31 12:48:47 ----RSD---- C:\Windows\assembly
2011-03-31 12:48:34 ----D---- C:\Windows\ShellNew
2011-03-31 12:47:33 ----RSD---- C:\Windows\Fonts
2011-03-31 12:25:00 ----D---- C:\Program Files\FileZilla FTP Client
2011-03-30 13:45:11 ----D---- C:\Windows\system32\DriverStore
2011-03-30 13:11:10 ----D---- C:\Program Files\Mozilla Firefox
2011-03-29 21:11:01 ----D---- C:\Program Files\Opera
2011-03-28 10:33:26 ----D---- C:\Windows\system32\FxsTmp
2011-03-28 09:58:55 ----D---- C:\Users\kubinski\AppData\Roaming\DraftSight
2011-03-28 09:51:40 ----D---- C:\Windows\system32\appmgmt
2011-03-24 22:50:56 ----D---- C:\Program Files\Internet Explorer
2011-03-24 22:50:33 ----D---- C:\Windows\Logs
2011-03-16 11:04:27 ----D---- C:\Windows\system32\sk-SK
2011-03-16 11:04:25 ----D---- C:\Windows\PolicyDefinitions
2011-03-16 11:04:24 ----D---- C:\Windows\system32\migration
2011-03-16 11:00:07 ----D---- C:\Users\kubinski\AppData\Roaming\Thinstall
2011-03-11 08:49:56 ----D---- C:\Program Files\Quick Config

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [2009-07-14 12368]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2009-07-14 173648]
R0 TVALZ;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Driver; C:\Windows\system32\DRIVERS\TVALZ_O.SYS [2009-07-14 23512]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2009-07-14 387584]
R1 ISODrive;ISO CD-ROM Device Driver; \??\D:\portables\UltraISO\UltraISO\drivers\ISODrive.sys [2007-01-24 67584]
R1 MpFilter;Microsoft Malware Protection Driver; C:\Windows\system32\DRIVERS\MpFilter.sys [2010-10-24 165264]
R1 MpKsl06710843;MpKsl06710843; \??\C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{6B72590E-73D8-4187-9937-147779ED593D}\MpKsl06710843.sys [2011-04-10 28752]
R1 MpKsl48906f94;MpKsl48906f94; \??\C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{6B72590E-73D8-4187-9937-147779ED593D}\MpKsl48906f94.sys [2011-04-10 28752]
R1 MpKsld9dca973;MpKsld9dca973; \??\C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{6B72590E-73D8-4187-9937-147779ED593D}\MpKsld9dca973.sys [2011-04-10 28752]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 48128]
R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2009-05-22 4450816]
R3 FwLnk;FwLnk Driver; C:\Windows\system32\DRIVERS\FwLnk.sys [2009-07-07 7680]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2009-07-28 2735504]
R3 NisDrv;Microsoft Network Inspection System; C:\Windows\system32\DRIVERS\NisDrvWFP.sys [2010-10-24 54144]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt86win7.sys [2011-01-21 328808]
R3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter; C:\Windows\system32\DRIVERS\RTL8187B.sys [2010-03-31 379904]
R3 SrvHsfHDA;SrvHsfHDA; C:\Windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-14 207360]
R3 SrvHsfV92;SrvHsfV92; C:\Windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-14 980992]
R3 SrvHsfWinac;SrvHsfWinac; C:\Windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-14 661504]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2008-08-14 203312]
S1 MpKsl12622aa5;MpKsl12622aa5; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{2F433A0C-181A-472C-AF7C-EA3D93AE0050}\MpKsl12622aa5.sys []
S1 MpKsl419ad562;MpKsl419ad562; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{B85AE7BE-FAFC-43D0-8D3A-45FBA3568206}\MpKsl419ad562.sys []
S2 MLPTDR_Q;MLPTDR_Q; \??\C:\Windows\system32\MLPTDR_Q.sys [2003-07-22 18848]
S2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]
S3 amdagp;AMD AGP Bus Filter Driver; C:\Windows\system32\DRIVERS\amdagp.sys [2009-07-14 53312]
S3 AVerHybrid;AVerMedia Hybrid Tuner (NTSC/PAL/SECAM/DVB-T/FM); C:\Windows\system32\drivers\averhbtv.sys [2009-08-20 306688]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-14 229888]
S3 EverestDriver;Lavalys EVEREST Kernel Driver; \??\D:\portables\Everest Ultimate Engineer 5.50.2100\kerneld.wnt [2010-03-31 27760]
S3 IT9135BDA;IT9135 BDA Devices; C:\Windows\System32\Drivers\IT9135BDA.sys [2010-02-03 94336]
S3 MpNWMon;Microsoft Malware Protection Network Driver; C:\Windows\system32\DRIVERS\MpNWMon.sys [2010-10-24 43392]
S3 nmwcd;Nokia USB Phone Parent Driver; C:\Windows\system32\drivers\ccdcmb.sys [2010-07-30 18048]
S3 nmwcdc;Nokia USB Communication Driver; C:\Windows\system32\drivers\ccdcmbo.sys [2010-07-30 23040]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent; C:\Windows\system32\drivers\nmwcdnsu.sys [2010-07-26 137600]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 ptO2_bus;O2 Composite Device; C:\Windows\System32\Drivers\ptO2_bus.sys [2007-04-26 22144]
S3 ptO2_flt;O2 USB Filter Service; C:\Windows\system32\DRIVERS\ptO2_flt.sys [2007-04-26 4608]
S3 ptO2_mdm;O2 USB Modem; C:\Windows\System32\Drivers\ptO2_mdm.sys [2007-04-26 39808]
S3 ptO2_prt;O2 Diagnostic Serial Port; C:\Windows\System32\Drivers\ptO2_prt.sys [2007-04-26 38528]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2009-07-14 133120]
S3 s3cap;s3cap; C:\Windows\system32\DRIVERS\vms3cap.sys [2009-07-14 5632]
S3 sisagp;SIS AGP Bus Filter; C:\Windows\system32\DRIVERS\sisagp.sys [2009-07-14 52304]
S3 StarOpen;StarOpen; C:\Windows\system32\drivers\StarOpen.sys []
S3 storvsc;storvsc; C:\Windows\system32\DRIVERS\storvsc.sys [2009-07-14 28224]
S3 upperdev;upperdev; C:\Windows\system32\DRIVERS\usbser_lowerflt.sys [2010-07-30 8192]
S3 usb_rndisx;USB RNDIS Adapter; C:\Windows\system32\DRIVERS\usb8023x.sys [2009-07-14 15872]
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2009-07-14 35840]
S3 usbser;Nokia USB Serial Port Driver ; C:\Windows\system32\drivers\usbser.sys [2009-07-14 27648]
S3 UsbserFilt;UsbserFilt; C:\Windows\system32\DRIVERS\usbser_lowerfltj.sys [2010-07-30 8192]
S3 viaagp;VIA AGP Bus Filter; C:\Windows\system32\DRIVERS\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]
S3 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\DRIVERS\vmbus.sys [2009-07-14 175824]
S3 VMBusHID;VMBusHID; C:\Windows\system32\DRIVERS\VMBusHID.sys [2009-07-14 17920]
S3 vsbus;Virtual Serial Bus Enumerator; C:\Windows\system32\DRIVERS\vsb.sys [2008-07-24 15264]
S3 vserial;ELTIMA Virtual Serial Ports Driver; C:\Windows\System32\DRIVERS\vserial.sys [2008-07-24 47744]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-14 14336]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2009-07-14 34944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati External Event Utility;Ati External Event Utility; C:\Windows\system32\Ati2evxx.exe [2009-05-22 733184]
R2 mapihook.exe;Mapihook; C:\Windows\system32\mapihook.exe [2011-04-07 564736]
R2 MsMpSvc;Microsoft Antimalware Service; C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe [2010-11-11 11736]
R2 NMSAccessU;NMSAccessU; C:\Program Files\CDBurnerXP\NMSAccessU.exe [2009-07-14 71096]
R2 Quick Config Service;Quick Config Service; C:\Program Files\Quick Config\QCService.exe [2011-02-10 242688]
R2 TosCoSrv;TOSHIBA Power Saver; C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe [2009-11-05 468320]
R2 tvMobiliService;tvMobiliService; C:\Program Files\TVMOBiLi\bin\tvMobiliService.exe [2011-02-07 884827]
R3 NisSrv;@C:\Program Files\Microsoft Security Client\Antimalware\MpAsDesc.dll,-243; C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 206360]
R3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2010-12-08 628736]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2010-06-11 136120]
S3 RapiMgr;Pripojenie zariadenia so systémom Windows Mobile; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 WcesComm;Pripojenie zariadenia so systémom Windows Mobile 2003; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S4 AMService;AMService; C:\Windows\TEMP\gter\setup.exe [2011-04-07 135168]
S4 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S4 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 20992]

-----------------EOF-----------------

[Rudy]

Ještě poprosím o sken Combofix a log z něho:

Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode, pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k nezadoucim kolizim s rezidentem antispyware

[cuco11]

combo fix po par sekundach cinnosti - BSOD skkusal som viackrat

[Rudy]

Zkuste ho spustit v nouz. režimu.

[cuco11]

detto znova BSOD aj v nudzovom rezime 2 x po sebe

[cuco11]

Takze niekam som pokrocil sam - dal som PC preskenovat jednorazovym AV - Kaspersky Virus Removal Tool - ktory vyhodil infekciu rootkitom TDSS.fa, sice ho nedokazal odstranit ale po googleni som ho zlikvidoval utilitou tiez od Kaspersky "tdsskiller".
Stav je nasledovny - chrome funguje, aktualizacia AV detto - nabehol aj ComboFix, tak prikladam log, poprosim o kontrolu ci tam este nieco nieje, v dalsom prispevku zavesim novy log z hijackera. Diky


ComboFix 11-04-10.02 - kubinski . 04. 2011 10:39:36.1.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1250.420.1051.18.1918.1116 [GMT 2:00]
Spuštěný z: c:\downloads\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\mazuki.dll
c:\windows\keys.ini
c:\windows\system32\advui.dll
c:\windows\system32\mapisrv.dll
c:\windows\system32\SysInfo_6_5_p.dll
c:\windows\system32\systeminfo.dll
c:\windows\system32\themedll.dll
c:\windows\system32\tmp.tmp
c:\windows\XSxS
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-03-11 do 2011-04-11 )))))))))))))))))))))))))))))))
.
.
2011-04-11 08:52 . 2011-04-11 08:52 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-04-11 08:30 . 2011-04-11 08:30 -------- d-----w- C:\TDSSKiller_Quarantine
2011-04-11 08:28 . 2011-04-11 08:28 28752 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{72CAD274-5FF9-4D35-94AA-F12CCA3AA7EC}\MpKsl3048db21.sys
2011-04-11 08:27 . 2011-03-23 08:11 6792528 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-04-11 08:27 . 2011-03-23 08:11 6792528 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{72CAD274-5FF9-4D35-94AA-F12CCA3AA7EC}\mpengine.dll
2011-04-11 07:50 . 2011-04-11 07:50 -------- d-----w- c:\program files\Sophos
2011-04-11 05:07 . 2011-04-11 08:25 -------- d-----w- c:\programdata\Kaspersky Lab
2011-04-11 05:05 . 2009-10-22 11:54 37392 ----a-w- c:\windows\system32\drivers\41794962.sys
2011-04-11 05:05 . 2009-10-09 21:31 311312 ----a-w- c:\windows\system32\drivers\4179496.sys
2011-04-11 05:05 . 2009-09-25 15:59 128016 ----a-w- c:\windows\system32\drivers\41794961.sys
2011-04-11 04:43 . 2011-04-11 04:47 -------- d-----w- c:\program files\ATI Technologies
2011-04-10 21:38 . 2011-04-10 21:38 -------- d-----w- c:\program files\ESET
2011-04-10 20:35 . 2011-04-10 20:40 -------- d-----w- c:\program files\trend micro
2011-04-10 20:35 . 2011-04-10 20:36 -------- d-----w- C:\rsit
2011-04-07 18:17 . 2011-04-07 18:17 -------- d-----w- c:\windows\system32\6C6C4F49DF9B981A4E8BF914A8494BCC
2011-04-07 10:40 . 2010-11-30 09:43 439632 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6C7F8B6E-DE2B-44BA-934C-20852D75D0AA}\gapaengine.dll
2011-04-07 10:33 . 2011-04-07 10:33 -------- d-----w- c:\program files\Microsoft Security Client
2011-04-07 10:32 . 2010-04-09 07:24 240008 ----a-w- c:\windows\system32\drivers\netio.sys
2011-04-07 10:17 . 2011-04-07 10:18 -------- d-----w- C:\WINSSLog
2011-04-07 07:05 . 2011-04-07 07:05 -------- d-----w- c:\programdata\Norton
2011-04-07 07:05 . 2011-04-07 07:09 -------- d-----w- c:\users\kubinski\AppData\Local\NPE
2011-04-06 19:27 . 2011-04-06 19:27 -------- d-----w- c:\programdata\YoWindow
2011-04-05 13:16 . 2011-04-05 13:16 687616 ----a-w- c:\windows\yowindow.scr
2011-03-28 07:58 . 2011-03-28 07:58 -------- d-----w- c:\programdata\Dassault Systemes
2011-03-28 07:57 . 2011-03-28 07:57 -------- d-----w- c:\program files\Dassault Systemes
2011-03-26 13:41 . 2011-03-26 13:41 -------- d-----w- c:\program files\DrayTek Router Tools V4.2.0
2011-03-24 20:48 . 2011-03-24 20:48 -------- d-----w- c:\windows\system32\SPReview
2011-03-24 12:32 . 2011-03-18 18:05 142296 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
2011-03-24 12:32 . 2011-03-18 18:05 781272 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll
2011-03-24 12:32 . 2011-03-18 18:05 728024 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll
2011-03-24 12:32 . 2011-03-18 18:05 1874904 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll
2011-03-24 12:32 . 2011-03-18 18:05 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll
2011-03-24 12:32 . 2011-03-18 18:05 1975768 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_42.dll
2011-03-24 12:32 . 2011-03-18 18:05 1893336 ----a-w- c:\program files\Mozilla Firefox\d3dx9_42.dll
2011-03-24 12:32 . 2011-03-18 18:05 142296 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll
2011-03-24 11:26 . 2007-01-25 07:42 634880 ----a-w- c:\windows\system32\hpxp4500.dll
2011-03-24 11:26 . 2007-01-25 07:40 438272 ----a-w- c:\windows\system32\hp4500co.dll
2011-03-24 11:26 . 2007-01-25 07:40 458752 ----a-w- c:\windows\system32\hpgtbb.dll
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-19 05:33 . 2011-03-09 06:51 802304 ----a-w- c:\windows\system32\FntCache.dll
2011-02-19 05:32 . 2011-03-09 06:51 1074176 ----a-w- c:\windows\system32\DWrite.dll
2011-02-19 05:32 . 2011-03-09 06:51 739840 ----a-w- c:\windows\system32\d2d1.dll
2011-02-17 19:48 . 2011-02-17 19:48 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2011-02-03 05:45 . 2011-02-09 04:58 219008 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2011-01-21 05:36 . 2011-01-21 05:36 80416 ----a-w- c:\windows\system32\RtNicProp32.dll
2011-01-21 05:36 . 2011-01-21 05:36 328808 ----a-w- c:\windows\system32\drivers\Rt86win7.sys
2011-01-21 05:36 . 2009-12-03 08:27 100896 ----a-w- c:\windows\system32\RTNUninst32.dll
2011-01-17 05:38 . 2011-02-23 05:13 161792 ----a-w- c:\windows\system32\d3d10_1.dll
2011-03-18 18:05 . 2011-03-24 12:32 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-05-13 26192168]
"ShowBatteryBar"="c:\program files\BatteryBar\ShowBatteryBar.exe" [2009-05-28 90624]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2010-12-21 1483264]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-07-28 7625248]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-08-14 1348904]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]
.
c:\users\kubinski\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
LibreOffice 3.3.lnk - c:\program files\LibreOffice 3\program\quickstart.exe [2011-3-15 120320]
setup_9.0.0.722_11.04.2011_06-45.lnk - c:\users\kubinski\Desktop\Virus Removal Tool\setup_9.0.0.722_11.04.2011_06-45\startup.exe [2011-4-11 72208]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders credssp.dll, mthbnhtn.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Users^kubinski^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk]
path=c:\users\kubinski\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
backup=c:\windows\pss\OpenOffice.org 3.2.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]
c:\program files\Common Files\Nokia\MPlatform\NokiaMServer [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaOviSuite2]
2011-01-31 11:16 703360 ----a-w- c:\program files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
2010-12-21 10:53 1483264 ----a-w- c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 09:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Mobile Device Center]
2007-05-31 07:21 648072 ----a-w- c:\windows\WindowsMobile\wmdc.exe
.
R1 aolehyyk;aolehyyk;c:\windows\system32\drivers\aolehyyk.sys [x]
R1 egptowfy;egptowfy;c:\windows\system32\drivers\egptowfy.sys [x]
R1 MpKsl06710843;MpKsl06710843;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6B72590E-73D8-4187-9937-147779ED593D}\MpKsl06710843.sys [x]
R1 MpKsl12622aa5;MpKsl12622aa5;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2F433A0C-181A-472C-AF7C-EA3D93AE0050}\MpKsl12622aa5.sys [x]
R1 MpKsl419ad562;MpKsl419ad562;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B85AE7BE-FAFC-43D0-8D3A-45FBA3568206}\MpKsl419ad562.sys [x]
R1 MpKsl48906f94;MpKsl48906f94;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6B72590E-73D8-4187-9937-147779ED593D}\MpKsl48906f94.sys [x]
R1 MpKsl5992794d;MpKsl5992794d;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7C8030B5-F83A-4868-9BB0-7F8B01F36095}\MpKsl5992794d.sys [x]
R1 MpKsld764629d;MpKsld764629d;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7C8030B5-F83A-4868-9BB0-7F8B01F36095}\MpKsld764629d.sys [x]
R1 MpKsld9dca973;MpKsld9dca973;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6B72590E-73D8-4187-9937-147779ED593D}\MpKsld9dca973.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 MLPTDR_Q;MLPTDR_Q;c:\windows\system32\MLPTDR_Q.sys [2003-07-22 18848]
R2 tvMobiliService;tvMobiliService;c:\program files\TVMOBiLi\bin\tvMobiliService.exe [2011-02-07 884827]
R3 AVerHybrid;AVerMedia Hybrid Tuner (NTSC/PAL/SECAM/DVB-T/FM);c:\windows\system32\drivers\averhbtv.sys [2009-08-20 306688]
R3 EverestDriver;Lavalys EVEREST Kernel Driver;d:\portables\Everest Ultimate Engineer 5.50.2100\kerneld.wnt [2010-03-30 27760]
R3 IT9135BDA;IT9135 BDA Devices;c:\windows\system32\Drivers\IT9135BDA.sys [2010-02-03 94336]
R3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\4440.tmp [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2010-10-24 54144]
R3 NisSrv;Kontrola siete od spoločnosti Microsoft;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 206360]
R3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2010-07-26 137600]
R3 ptO2_bus;O2 Composite Device;c:\windows\system32\Drivers\ptO2_bus.sys [2007-04-26 22144]
R3 ptO2_flt;O2 USB Filter Service;c:\windows\system32\DRIVERS\ptO2_flt.sys [2007-04-26 4608]
R3 ptO2_mdm;O2 USB Modem;c:\windows\system32\Drivers\ptO2_mdm.sys [2007-04-26 39808]
R3 ptO2_prt;O2 Diagnostic Serial Port;c:\windows\system32\Drivers\ptO2_prt.sys [2007-04-26 38528]
R3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8187B.sys [2010-03-31 379904]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
S0 41794962;41794962 Boot Guard Driver;c:\windows\system32\DRIVERS\41794962.sys [2009-10-22 37392]
S1 41794961;41794961;c:\windows\system32\DRIVERS\41794961.sys [2009-09-25 128016]
S1 MpKsl3048db21;MpKsl3048db21;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{72CAD274-5FF9-4D35-94AA-F12CCA3AA7EC}\MpKsl3048db21.sys [2011-04-11 28752]
S1 setup_9.0.0.722_11.04.2011_06-45drv;setup_9.0.0.722_11.04.2011_06-45drv;c:\windows\system32\DRIVERS\4179496.sys [2009-10-09 311312]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 Quick Config Service;Quick Config Service;c:\program files\Quick Config\QCService.exe [2011-02-10 242688]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [2009-07-07 7680]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-10-24 43392]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2011-01-21 328808]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - MPKSL3048DB21
*Deregistered* - klmd25
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
Obsah adresáře 'Naplánované úlohy'
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://ww.hahayouxi.com
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
TCP: {B516DA83-B218-49D5-8391-D7948DC3CB17} = 208.67.222.222,208.67.220.220
TCP: {FA3AFFD8-FDBB-4BF1-AC0C-184B21106696} = 195.146.128.60,195.146.132.59
FF - ProfilePath - c:\users\kubinski\AppData\Roaming\Mozilla\Firefox\Profiles\uvaisfme.default\
FF - prefs.js: browser.startup.homepage - chrome://speeddial/content/speeddial.xul
FF - prefs.js: keyword.URL - hxxp://search.qip.ru/search?from=FF&query=
FF - user.js: network.proxy.http -
FF - user.js: network.proxy.http_port - 0
FF - user.js: network.proxy.type - 5
FF - user.js: network.proxy.autoconfig_url -
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
HKLM-Run-TPwrMain - %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
HKLM-Run-00TCrdMain - %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
SharedTaskScheduler-{1984D045-52CF-49cd-DB77-08F378FEA4DB} - (no file)
MSConfigStartUp-FlashPlayerUpdate - c:\windows\system32\Macromed\Flash\FlashUtil10k_Plugin.exe
MSConfigStartUp-Google Update - c:\users\kubinski\AppData\Local\Google\Update\GoogleUpdate.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\EverestDriver]
"ImagePath"="\??\d:\portables\Everest Ultimate Engineer 5.50.2100\kerneld.wnt"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\4440.tmp"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2011-04-11 11:01:41
ComboFix-quarantined-files.txt 2011-04-11 09:01
.
Před spuštěním: 9 005 780 992 bytes free
Po spuštění: 9 224 531 968 bytes free
.
- - End Of File - - BA35F706700C605DC78BAD24D552608A

[cuco11]

aktualny log z RSIT


Logfile of random's system information tool 1.08 (written by random/random)
Run by kubinski at 2011-04-11 11:21:21
Microsoft Windows 7 Ultimate
System drive C: has 9 GB (7%) free of 120 GB
Total RAM: 1918 MB (40% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:21:38, on 11. 4. 2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\LibreOffice 3\program\soffice.bin
C:\Program Files\FreeCommander\FreeCommander.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\notepad.exe
C:\Windows\explorer.exe
D:\portables\ChromePlus\chrome.exe
D:\portables\ChromePlus\chrome.exe
D:\portables\ChromePlus\chrome.exe
D:\portables\ChromePlus\chrome.exe
D:\portables\ChromePlus\chrome.exe
D:\portables\ChromePlus\chrome.exe
D:\portables\ChromePlus\chrome.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\kubinski\Downloads\RSIT.exe
C:\Program Files\trend micro\kubinski.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ww.hahayouxi.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ShowBatteryBar] "C:\Program Files\BatteryBar\ShowBatteryBar.exe" show
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - Startup: LibreOffice 3.3.lnk = C:\Program Files\LibreOffice 3\program\quickstart.exe
O4 - Startup: setup_9.0.0.722_11.04.2011_06-45.lnk = kubinski\Desktop\Virus Removal Tool\setup_9.0.0.722_11.04.2011_06-45\startup.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://195.28.70.134/kapor2/lib/mgaxctrl.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B516DA83-B218-49D5-8391-D7948DC3CB17}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CCS\Services\Tcpip\..\{FA3AFFD8-FDBB-4BF1-AC0C-184B21106696}: NameServer = 195.146.128.60,195.146.132.59
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: Quick Config Service - Unknown owner - C:\Program Files\Quick Config\QCService.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: tvMobiliService - Unknown owner - C:\Program Files\TVMOBiLi\bin\tvMobiliService.exe

--
End of file - 4874 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-08-04 41760]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [2009-07-28 7625248]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2008-08-14 1348904]
"MSC"=C:\Program Files\Microsoft Security Client\msseces.exe [2010-11-30 997408]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2010-05-13 26192168]
"ShowBatteryBar"=C:\Program Files\BatteryBar\ShowBatteryBar.exe [2009-05-28 90624]
"PC Suite Tray"=C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe [2010-12-21 1483264]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]
C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaOviSuite2]
C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe [2011-01-31 703360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe [2010-12-21 1483264]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-05-14 248552]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Mobile Device Center]
C:\Windows\WindowsMobile\wmdc.exe [2007-05-31 648072]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^kubinski^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk]
C:\PROGRA~1\OPENOF~1.ORG\program\QUICKS~1.EXE []

C:\Users\kubinski\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
LibreOffice 3.3.lnk - C:\Program Files\LibreOffice 3\program\quickstart.exe
setup_9.0.0.722_11.04.2011_06-45.lnk - C:\Users\kubinski\Desktop\Virus Removal Tool\setup_9.0.0.722_11.04.2011_06-45\startup.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\system32\webcheck.dll [2011-03-15 203776]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"= []

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll, mthbnhtn.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

======List of files/folders created in the last 1 months======

2011-04-11 11:02:06 ----SHD---- C:\$RECYCLE.BIN
2011-04-11 11:01:55 ----D---- C:\Windows\temp
2011-04-11 11:01:46 ----A---- C:\ComboFix.txt
2011-04-11 10:36:41 ----A---- C:\Windows\zip.exe
2011-04-11 10:36:41 ----A---- C:\Windows\SWSC.exe
2011-04-11 10:36:41 ----A---- C:\Windows\SWREG.exe
2011-04-11 10:36:41 ----A---- C:\Windows\sed.exe
2011-04-11 10:36:41 ----A---- C:\Windows\PEV.exe
2011-04-11 10:36:41 ----A---- C:\Windows\NIRCMD.exe
2011-04-11 10:36:41 ----A---- C:\Windows\MBR.exe
2011-04-11 10:36:41 ----A---- C:\Windows\grep.exe
2011-04-11 10:34:14 ----A---- C:\Windows\SWXCACLS.exe
2011-04-11 10:33:29 ----D---- C:\Windows\ERDNT
2011-04-11 10:32:34 ----D---- C:\Qoobox
2011-04-11 10:30:11 ----D---- C:\TDSSKiller_Quarantine
2011-04-11 10:27:56 ----A---- C:\TDSSKiller.2.4.21.0_11.04.2011_10.27.56_log.txt
2011-04-11 10:18:08 ----A---- C:\TDSSKiller.2.4.21.0_11.04.2011_10.18.08_log.txt
2011-04-11 09:50:09 ----D---- C:\Program Files\Sophos
2011-04-11 07:07:03 ----D---- C:\ProgramData\Kaspersky Lab
2011-04-11 07:05:19 ----A---- C:\Windows\system32\drivers\41794962.sys
2011-04-11 07:05:19 ----A---- C:\Windows\system32\drivers\41794961.sys
2011-04-11 07:05:19 ----A---- C:\Windows\system32\drivers\4179496.sys
2011-04-11 06:43:57 ----D---- C:\Program Files\ATI Technologies
2011-04-10 23:38:37 ----D---- C:\Program Files\ESET
2011-04-10 23:07:38 ----A---- C:\Windows\ntbtlog.txt
2011-04-10 22:35:58 ----D---- C:\Program Files\trend micro
2011-04-10 22:35:57 ----D---- C:\rsit
2011-04-07 20:23:39 ----A---- C:\Windows\system32\GnuHashes.ini
2011-04-07 20:17:18 ----D---- C:\Windows\system32\6C6C4F49DF9B981A4E8BF914A8494BCC
2011-04-07 20:17:07 ----A---- C:\Windows\system32\mapihook.exe.log.20110407201707
2011-04-07 20:17:05 ----A---- C:\Windows\system32\mapihook.exe.log
2011-04-07 12:33:08 ----D---- C:\Program Files\Microsoft Security Client
2011-04-07 12:32:52 ----A---- C:\Windows\system32\drivers\netio.sys
2011-04-07 12:17:56 ----D---- C:\WINSSLog
2011-04-07 09:05:47 ----D---- C:\ProgramData\Norton
2011-04-06 21:27:59 ----D---- C:\ProgramData\YoWindow
2011-03-28 09:58:00 ----D---- C:\ProgramData\Dassault Systemes
2011-03-28 09:57:47 ----D---- C:\Program Files\Dassault Systemes
2011-03-26 15:41:02 ----D---- C:\Program Files\DrayTek Router Tools V4.2.0
2011-03-24 22:48:27 ----D---- C:\Windows\system32\SPReview
2011-03-24 13:26:36 ----A---- C:\Windows\system32\hpxp4500.dll
2011-03-24 13:26:36 ----A---- C:\Windows\system32\hpgtbb.dll
2011-03-24 13:26:36 ----A---- C:\Windows\system32\hp4500co.dll
2011-03-15 12:27:03 ----A---- C:\Windows\system32\wininet.dll
2011-03-15 12:27:03 ----A---- C:\Windows\system32\urlmon.dll
2011-03-15 12:27:03 ----A---- C:\Windows\system32\RegisterIEPKEYs.exe
2011-03-15 12:27:03 ----A---- C:\Windows\system32\msls31.dll
2011-03-15 12:27:03 ----A---- C:\Windows\system32\jsproxy.dll
2011-03-15 12:27:02 ----A---- C:\Windows\system32\SetIEInstalledDate.exe
2011-03-15 12:27:02 ----A---- C:\Windows\system32\msrating.dll
2011-03-15 12:27:02 ----A---- C:\Windows\system32\mshtmler.dll
2011-03-15 12:27:02 ----A---- C:\Windows\system32\msfeedssync.exe
2011-03-15 12:27:02 ----A---- C:\Windows\system32\msfeedsbs.dll
2011-03-15 12:27:02 ----A---- C:\Windows\system32\ieui.dll
2011-03-15 12:27:02 ----A---- C:\Windows\system32\iesysprep.dll
2011-03-15 12:27:02 ----A---- C:\Windows\system32\iertutil.dll
2011-03-15 12:27:02 ----A---- C:\Windows\system32\ieframe.dll
2011-03-15 12:27:02 ----A---- C:\Windows\system32\ieakeng.dll
2011-03-15 12:27:02 ----A---- C:\Windows\system32\IEAdvpack.dll
2011-03-15 12:27:01 ----A---- C:\Windows\system32\wextract.exe
2011-03-15 12:27:01 ----A---- C:\Windows\system32\webcheck.dll
2011-03-15 12:27:01 ----A---- C:\Windows\system32\vbscript.dll
2011-03-15 12:27:01 ----A---- C:\Windows\system32\url.dll
2011-03-15 12:27:01 ----A---- C:\Windows\system32\mshtmled.dll
2011-03-15 12:27:01 ----A---- C:\Windows\system32\mshtml.dll
2011-03-15 12:27:01 ----A---- C:\Windows\system32\msfeeds.dll
2011-03-15 12:27:01 ----A---- C:\Windows\system32\licmgr10.dll
2011-03-15 12:27:01 ----A---- C:\Windows\system32\inseng.dll
2011-03-15 12:27:01 ----A---- C:\Windows\system32\iexpress.exe
2011-03-15 12:27:01 ----A---- C:\Windows\system32\iesetup.dll
2011-03-15 12:27:01 ----A---- C:\Windows\system32\iernonce.dll
2011-03-15 12:27:01 ----A---- C:\Windows\system32\iedkcs32.dll
2011-03-15 12:27:01 ----A---- C:\Windows\system32\ieapfltr.dll
2011-03-15 12:27:01 ----A---- C:\Windows\system32\ie4uinit.exe
2011-03-15 12:27:01 ----A---- C:\Windows\system32\icardie.dll
2011-03-15 12:27:01 ----A---- C:\Windows\system32\dxtrans.dll
2011-03-15 12:27:01 ----A---- C:\Windows\system32\dxtmsft.dll
2011-03-15 12:27:00 ----A---- C:\Windows\system32\pngfilt.dll
2011-03-15 12:27:00 ----A---- C:\Windows\system32\occache.dll
2011-03-15 12:27:00 ----A---- C:\Windows\system32\mshta.exe
2011-03-15 12:27:00 ----A---- C:\Windows\system32\jscript9.dll
2011-03-15 12:27:00 ----A---- C:\Windows\system32\jscript.dll
2011-03-15 12:27:00 ----A---- C:\Windows\system32\imgutil.dll
2011-03-15 12:27:00 ----A---- C:\Windows\system32\ieUnatt.exe
2011-03-15 12:27:00 ----A---- C:\Windows\system32\iepeers.dll
2011-03-15 12:27:00 ----A---- C:\Windows\system32\ieakui.dll
2011-03-15 12:27:00 ----A---- C:\Windows\system32\ieaksie.dll
2011-03-15 12:27:00 ----A---- C:\Windows\system32\admparse.dll

======List of files/folders modified in the last 1 months======

2011-04-11 11:21:13 ----D---- C:\Users\kubinski\AppData\Roaming\Skype
2011-04-11 11:01:55 ----D---- C:\Windows
2011-04-11 11:00:46 ----D---- C:\Windows\Tasks
2011-04-11 11:00:45 ----D---- C:\Windows\system32\Tasks
2011-04-11 10:53:39 ----A---- C:\Windows\system.ini
2011-04-11 10:53:13 ----D---- C:\Windows\system32\drivers\etc
2011-04-11 10:49:49 ----D---- C:\Windows\System32
2011-04-11 10:49:46 ----D---- C:\ProgramData
2011-04-11 10:44:29 ----D---- C:\Windows\system32\drivers
2011-04-11 10:44:29 ----D---- C:\Windows\AppPatch
2011-04-11 10:44:26 ----D---- C:\Program Files\Common Files
2011-04-11 10:39:18 ----D---- C:\Windows\system32\config
2011-04-11 10:34:03 ----D---- C:\Downloads
2011-04-11 10:32:35 ----D---- C:\Windows\Prefetch
2011-04-11 10:27:43 ----SHD---- C:\System Volume Information
2011-04-11 09:50:09 ----RD---- C:\Program Files
2011-04-11 09:39:57 ----D---- C:\Windows\Minidump
2011-04-11 08:58:05 ----D---- C:\temp
2011-04-11 06:47:44 ----SHD---- C:\Windows\Installer
2011-04-11 06:47:43 ----D---- C:\Config.Msi
2011-04-11 06:47:42 ----RSD---- C:\Windows\assembly
2011-04-11 06:46:13 ----D---- C:\Windows\system32\catroot
2011-04-11 06:46:09 ----D---- C:\Windows\inf
2011-04-11 06:46:07 ----D---- C:\Windows\system32\DriverStore
2011-04-11 06:45:39 ----D---- C:\Windows\winsxs
2011-04-09 22:11:10 ----D---- C:\Users\kubinski\AppData\Roaming\Media Player Classic
2011-04-09 21:47:27 ----D---- C:\Users\kubinski\AppData\Roaming\FileZilla
2011-04-08 14:00:05 ----A---- C:\Windows\system32\PerfStringBackup.INI
2011-04-07 12:32:59 ----D---- C:\Windows\system32\catroot2
2011-04-07 12:30:09 ----HD---- C:\Windows\system32\GroupPolicy
2011-04-07 11:26:32 ----SD---- C:\ProgramData\Microsoft
2011-04-07 09:13:31 ----D---- C:\Windows\Downloaded Program Files
2011-04-06 20:58:41 ----D---- C:\Windows\debug
2011-04-05 19:47:50 ----D---- C:\Users\kubinski\AppData\Roaming\TeamViewer
2011-04-05 08:10:44 ----D---- C:\Users\kubinski\AppData\Roaming\gtk-2.0
2011-04-03 12:18:00 ----D---- C:\Windows\rescache
2011-04-03 11:11:02 ----D---- C:\Windows\system32\en-US
2011-04-03 11:11:02 ----D---- C:\Windows\system32\cs-CZ
2011-03-31 12:49:19 ----D---- C:\Program Files\LibreOffice 3
2011-03-31 12:48:34 ----D---- C:\Windows\ShellNew
2011-03-31 12:47:33 ----RSD---- C:\Windows\Fonts
2011-03-31 12:25:00 ----D---- C:\Program Files\FileZilla FTP Client
2011-03-30 13:11:10 ----D---- C:\Program Files\Mozilla Firefox
2011-03-29 21:11:01 ----D---- C:\Program Files\Opera
2011-03-28 10:33:26 ----D---- C:\Windows\system32\FxsTmp
2011-03-28 09:58:55 ----D---- C:\Users\kubinski\AppData\Roaming\DraftSight
2011-03-28 09:51:40 ----D---- C:\Windows\system32\appmgmt
2011-03-24 22:50:56 ----D---- C:\Program Files\Internet Explorer
2011-03-24 22:50:33 ----D---- C:\Windows\Logs
2011-03-16 11:04:27 ----D---- C:\Windows\system32\sk-SK
2011-03-16 11:04:25 ----D---- C:\Windows\PolicyDefinitions
2011-03-16 11:04:24 ----D---- C:\Windows\system32\migration
2011-03-16 11:00:07 ----D---- C:\Users\kubinski\AppData\Roaming\Thinstall

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 41794962;41794962 Boot Guard Driver; C:\Windows\system32\DRIVERS\41794962.sys [2009-10-22 37392]
R0 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [2009-07-14 12368]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2009-07-14 173648]
R0 TVALZ;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Driver; C:\Windows\system32\DRIVERS\TVALZ_O.SYS [2009-07-14 23512]
R1 41794961;41794961; C:\Windows\system32\DRIVERS\41794961.sys [2009-09-25 128016]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2009-07-14 387584]
R1 ISODrive;ISO CD-ROM Device Driver; \??\D:\portables\UltraISO\UltraISO\drivers\ISODrive.sys [2007-01-24 67584]
R1 MpFilter;Microsoft Malware Protection Driver; C:\Windows\system32\DRIVERS\MpFilter.sys [2010-10-24 165264]
R1 MpKsl0ad0a8d9;MpKsl0ad0a8d9; \??\C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{07C8FB38-B0F0-4D90-845F-5A89A337A612}\MpKsl0ad0a8d9.sys [2011-04-11 28752]
R1 setup_9.0.0.722_11.04.2011_06-45drv;setup_9.0.0.722_11.04.2011_06-45drv; C:\Windows\system32\DRIVERS\4179496.sys [2009-10-09 311312]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 48128]
R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2009-05-22 4450816]
R3 FwLnk;FwLnk Driver; C:\Windows\system32\DRIVERS\FwLnk.sys [2009-07-07 7680]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2009-07-28 2735504]
R3 MpNWMon;Microsoft Malware Protection Network Driver; C:\Windows\system32\DRIVERS\MpNWMon.sys [2010-10-24 43392]
R3 NisDrv;Microsoft Network Inspection System; C:\Windows\system32\DRIVERS\NisDrvWFP.sys [2010-10-24 54144]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt86win7.sys [2011-01-21 328808]
R3 SrvHsfHDA;SrvHsfHDA; C:\Windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-14 207360]
R3 SrvHsfV92;SrvHsfV92; C:\Windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-14 980992]
R3 SrvHsfWinac;SrvHsfWinac; C:\Windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-14 661504]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2008-08-14 203312]
S1 aolehyyk;aolehyyk; \??\C:\Windows\system32\drivers\aolehyyk.sys []
S1 egptowfy;egptowfy; \??\C:\Windows\system32\drivers\egptowfy.sys []
S1 MpKsl06710843;MpKsl06710843; \??\C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{6B72590E-73D8-4187-9937-147779ED593D}\MpKsl06710843.sys []
S1 MpKsl12622aa5;MpKsl12622aa5; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{2F433A0C-181A-472C-AF7C-EA3D93AE0050}\MpKsl12622aa5.sys []
S1 MpKsl419ad562;MpKsl419ad562; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{B85AE7BE-FAFC-43D0-8D3A-45FBA3568206}\MpKsl419ad562.sys []
S1 MpKsl48906f94;MpKsl48906f94; \??\C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{6B72590E-73D8-4187-9937-147779ED593D}\MpKsl48906f94.sys []
S1 MpKsl5992794d;MpKsl5992794d; \??\C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{7C8030B5-F83A-4868-9BB0-7F8B01F36095}\MpKsl5992794d.sys []
S1 MpKsld764629d;MpKsld764629d; \??\C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{7C8030B5-F83A-4868-9BB0-7F8B01F36095}\MpKsld764629d.sys []
S1 MpKsld9dca973;MpKsld9dca973; \??\C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{6B72590E-73D8-4187-9937-147779ED593D}\MpKsld9dca973.sys []
S2 MLPTDR_Q;MLPTDR_Q; \??\C:\Windows\system32\MLPTDR_Q.sys [2003-07-22 18848]
S2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]
S3 amdagp;AMD AGP Bus Filter Driver; C:\Windows\system32\DRIVERS\amdagp.sys [2009-07-14 53312]
S3 AVerHybrid;AVerMedia Hybrid Tuner (NTSC/PAL/SECAM/DVB-T/FM); C:\Windows\system32\drivers\averhbtv.sys [2009-08-20 306688]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-14 229888]
S3 catchme;catchme; \??\C:\Users\kubinski\AppData\Local\Temp\catchme.sys []
S3 EverestDriver;Lavalys EVEREST Kernel Driver; \??\D:\portables\Everest Ultimate Engineer 5.50.2100\kerneld.wnt [2010-03-31 27760]
S3 IT9135BDA;IT9135 BDA Devices; C:\Windows\System32\Drivers\IT9135BDA.sys [2010-02-03 94336]
S3 MEMSWEEP2;MEMSWEEP2; \??\C:\Windows\system32\4440.tmp []
S3 nmwcd;Nokia USB Phone Parent Driver; C:\Windows\system32\drivers\ccdcmb.sys [2010-07-30 18048]
S3 nmwcdc;Nokia USB Communication Driver; C:\Windows\system32\drivers\ccdcmbo.sys [2010-07-30 23040]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent; C:\Windows\system32\drivers\nmwcdnsu.sys [2010-07-26 137600]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 ptO2_bus;O2 Composite Device; C:\Windows\System32\Drivers\ptO2_bus.sys [2007-04-26 22144]
S3 ptO2_flt;O2 USB Filter Service; C:\Windows\system32\DRIVERS\ptO2_flt.sys [2007-04-26 4608]
S3 ptO2_mdm;O2 USB Modem; C:\Windows\System32\Drivers\ptO2_mdm.sys [2007-04-26 39808]
S3 ptO2_prt;O2 Diagnostic Serial Port; C:\Windows\System32\Drivers\ptO2_prt.sys [2007-04-26 38528]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2009-07-14 133120]
S3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter; C:\Windows\system32\DRIVERS\RTL8187B.sys [2010-03-31 379904]
S3 s3cap;s3cap; C:\Windows\system32\DRIVERS\vms3cap.sys [2009-07-14 5632]
S3 sisagp;SIS AGP Bus Filter; C:\Windows\system32\DRIVERS\sisagp.sys [2009-07-14 52304]
S3 StarOpen;StarOpen; C:\Windows\system32\drivers\StarOpen.sys []
S3 storvsc;storvsc; C:\Windows\system32\DRIVERS\storvsc.sys [2009-07-14 28224]
S3 upperdev;upperdev; C:\Windows\system32\DRIVERS\usbser_lowerflt.sys [2010-07-30 8192]
S3 usb_rndisx;USB RNDIS Adapter; C:\Windows\system32\DRIVERS\usb8023x.sys [2009-07-14 15872]
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2009-07-14 35840]
S3 usbser;Nokia USB Serial Port Driver ; C:\Windows\system32\drivers\usbser.sys [2009-07-14 27648]
S3 UsbserFilt;UsbserFilt; C:\Windows\system32\DRIVERS\usbser_lowerfltj.sys [2010-07-30 8192]
S3 viaagp;VIA AGP Bus Filter; C:\Windows\system32\DRIVERS\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]
S3 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\DRIVERS\vmbus.sys [2009-07-14 175824]
S3 VMBusHID;VMBusHID; C:\Windows\system32\DRIVERS\VMBusHID.sys [2009-07-14 17920]
S3 vsbus;Virtual Serial Bus Enumerator; C:\Windows\system32\DRIVERS\vsb.sys [2008-07-24 15264]
S3 vserial;ELTIMA Virtual Serial Ports Driver; C:\Windows\System32\DRIVERS\vserial.sys [2008-07-24 47744]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-14 14336]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2009-07-14 34944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati External Event Utility;Ati External Event Utility; C:\Windows\system32\Ati2evxx.exe [2009-05-22 733184]
R2 MsMpSvc;Microsoft Antimalware Service; C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe [2010-11-11 11736]
R2 NMSAccessU;NMSAccessU; C:\Program Files\CDBurnerXP\NMSAccessU.exe [2009-07-14 71096]
R2 Quick Config Service;Quick Config Service; C:\Program Files\Quick Config\QCService.exe [2011-02-10 242688]
R2 TosCoSrv;TOSHIBA Power Saver; C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe [2009-11-05 468320]
R3 NisSrv;@C:\Program Files\Microsoft Security Client\Antimalware\MpAsDesc.dll,-243; C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 206360]
R3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2010-12-08 628736]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 tvMobiliService;tvMobiliService; C:\Program Files\TVMOBiLi\bin\tvMobiliService.exe [2011-02-07 884827]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2010-06-11 136120]
S3 RapiMgr;Pripojenie zariadenia so systémom Windows Mobile; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 WcesComm;Pripojenie zariadenia so systémom Windows Mobile 2003; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S4 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S4 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 20992]

-----------------EOF-----------------

[JaRon]

sikulka zaskocim za kolegu:
pouzi CFScript:

Kód: Vybrat vše

Driver::
MEMSWEEP2
aolehyyk
egptowfy

[cuco11]

ComboFix 11-04-10.03 - kubinski . 04. 2011 11:37:36.2.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1250.420.1051.18.1918.840 [GMT 2:00]
Spuštěný z: c:\users\kubinski\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\kubinski\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\kubinski\Desktop\Internet Explorer.lnk
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_MEMSWEEP2
-------\Service_aolehyyk
-------\Service_egptowfy
-------\Service_MEMSWEEP2
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-03-11 do 2011-04-11 )))))))))))))))))))))))))))))))
.
.
2011-04-11 09:51 . 2011-04-11 09:51 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-04-11 09:13 . 2011-04-11 09:13 28752 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{07C8FB38-B0F0-4D90-845F-5A89A337A612}\MpKsl0ad0a8d9.sys
2011-04-11 09:13 . 2011-03-23 08:11 6792528 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{07C8FB38-B0F0-4D90-845F-5A89A337A612}\mpengine.dll
2011-04-11 08:30 . 2011-04-11 08:30 -------- d-----w- C:\TDSSKiller_Quarantine
2011-04-11 08:27 . 2011-03-23 08:11 6792528 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-04-11 07:50 . 2011-04-11 07:50 -------- d-----w- c:\program files\Sophos
2011-04-11 05:07 . 2011-04-11 08:25 -------- d-----w- c:\programdata\Kaspersky Lab
2011-04-11 05:05 . 2009-10-22 11:54 37392 ----a-w- c:\windows\system32\drivers\41794962.sys
2011-04-11 05:05 . 2009-10-09 21:31 311312 ----a-w- c:\windows\system32\drivers\4179496.sys
2011-04-11 05:05 . 2009-09-25 15:59 128016 ----a-w- c:\windows\system32\drivers\41794961.sys
2011-04-11 04:43 . 2011-04-11 04:47 -------- d-----w- c:\program files\ATI Technologies
2011-04-10 21:38 . 2011-04-10 21:38 -------- d-----w- c:\program files\ESET
2011-04-10 20:35 . 2011-04-11 09:21 -------- d-----w- c:\program files\trend micro
2011-04-10 20:35 . 2011-04-10 20:36 -------- d-----w- C:\rsit
2011-04-07 18:17 . 2011-04-07 18:17 -------- d-----w- c:\windows\system32\6C6C4F49DF9B981A4E8BF914A8494BCC
2011-04-07 10:40 . 2010-11-30 09:43 439632 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6C7F8B6E-DE2B-44BA-934C-20852D75D0AA}\gapaengine.dll
2011-04-07 10:33 . 2011-04-07 10:33 -------- d-----w- c:\program files\Microsoft Security Client
2011-04-07 10:32 . 2010-04-09 07:24 240008 ----a-w- c:\windows\system32\drivers\netio.sys
2011-04-07 10:17 . 2011-04-07 10:18 -------- d-----w- C:\WINSSLog
2011-04-07 07:05 . 2011-04-07 07:05 -------- d-----w- c:\programdata\Norton
2011-04-07 07:05 . 2011-04-07 07:09 -------- d-----w- c:\users\kubinski\AppData\Local\NPE
2011-04-06 19:27 . 2011-04-06 19:27 -------- d-----w- c:\programdata\YoWindow
2011-04-05 13:16 . 2011-04-05 13:16 687616 ----a-w- c:\windows\yowindow.scr
2011-03-28 07:58 . 2011-03-28 07:58 -------- d-----w- c:\programdata\Dassault Systemes
2011-03-28 07:57 . 2011-03-28 07:57 -------- d-----w- c:\program files\Dassault Systemes
2011-03-26 13:41 . 2011-03-26 13:41 -------- d-----w- c:\program files\DrayTek Router Tools V4.2.0
2011-03-24 20:48 . 2011-03-24 20:48 -------- d-----w- c:\windows\system32\SPReview
2011-03-24 12:32 . 2011-03-18 18:05 142296 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
2011-03-24 12:32 . 2011-03-18 18:05 781272 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll
2011-03-24 12:32 . 2011-03-18 18:05 728024 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll
2011-03-24 12:32 . 2011-03-18 18:05 1874904 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll
2011-03-24 12:32 . 2011-03-18 18:05 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll
2011-03-24 12:32 . 2011-03-18 18:05 1975768 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_42.dll
2011-03-24 12:32 . 2011-03-18 18:05 1893336 ----a-w- c:\program files\Mozilla Firefox\d3dx9_42.dll
2011-03-24 12:32 . 2011-03-18 18:05 142296 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll
2011-03-24 11:26 . 2007-01-25 07:42 634880 ----a-w- c:\windows\system32\hpxp4500.dll
2011-03-24 11:26 . 2007-01-25 07:40 438272 ----a-w- c:\windows\system32\hp4500co.dll
2011-03-24 11:26 . 2007-01-25 07:40 458752 ----a-w- c:\windows\system32\hpgtbb.dll
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-19 05:33 . 2011-03-09 06:51 802304 ----a-w- c:\windows\system32\FntCache.dll
2011-02-19 05:32 . 2011-03-09 06:51 1074176 ----a-w- c:\windows\system32\DWrite.dll
2011-02-19 05:32 . 2011-03-09 06:51 739840 ----a-w- c:\windows\system32\d2d1.dll
2011-02-17 19:48 . 2011-02-17 19:48 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2011-02-03 05:45 . 2011-02-09 04:58 219008 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2011-01-21 05:36 . 2011-01-21 05:36 80416 ----a-w- c:\windows\system32\RtNicProp32.dll
2011-01-21 05:36 . 2011-01-21 05:36 328808 ----a-w- c:\windows\system32\drivers\Rt86win7.sys
2011-01-21 05:36 . 2009-12-03 08:27 100896 ----a-w- c:\windows\system32\RTNUninst32.dll
2011-01-17 05:38 . 2011-02-23 05:13 161792 ----a-w- c:\windows\system32\d3d10_1.dll
2011-03-18 18:05 . 2011-03-24 12:32 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-05-13 26192168]
"ShowBatteryBar"="c:\program files\BatteryBar\ShowBatteryBar.exe" [2009-05-28 90624]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2010-12-21 1483264]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-07-28 7625248]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-08-14 1348904]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]
.
c:\users\kubinski\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
LibreOffice 3.3.lnk - c:\program files\LibreOffice 3\program\quickstart.exe [2011-3-15 120320]
setup_9.0.0.722_11.04.2011_06-45.lnk - c:\users\kubinski\Desktop\Virus Removal Tool\setup_9.0.0.722_11.04.2011_06-45\startup.exe [2011-4-11 72208]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders credssp.dll, mthbnhtn.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Users^kubinski^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk]
path=c:\users\kubinski\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
backup=c:\windows\pss\OpenOffice.org 3.2.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]
c:\program files\Common Files\Nokia\MPlatform\NokiaMServer [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaOviSuite2]
2011-01-31 11:16 703360 ----a-w- c:\program files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
2010-12-21 10:53 1483264 ----a-w- c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 09:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Mobile Device Center]
2007-05-31 07:21 648072 ----a-w- c:\windows\WindowsMobile\wmdc.exe
.
R1 MpKsl06710843;MpKsl06710843;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6B72590E-73D8-4187-9937-147779ED593D}\MpKsl06710843.sys [x]
R1 MpKsl12622aa5;MpKsl12622aa5;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2F433A0C-181A-472C-AF7C-EA3D93AE0050}\MpKsl12622aa5.sys [x]
R1 MpKsl419ad562;MpKsl419ad562;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B85AE7BE-FAFC-43D0-8D3A-45FBA3568206}\MpKsl419ad562.sys [x]
R1 MpKsl48906f94;MpKsl48906f94;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6B72590E-73D8-4187-9937-147779ED593D}\MpKsl48906f94.sys [x]
R1 MpKsl5992794d;MpKsl5992794d;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7C8030B5-F83A-4868-9BB0-7F8B01F36095}\MpKsl5992794d.sys [x]
R1 MpKsld764629d;MpKsld764629d;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7C8030B5-F83A-4868-9BB0-7F8B01F36095}\MpKsld764629d.sys [x]
R1 MpKsld9dca973;MpKsld9dca973;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6B72590E-73D8-4187-9937-147779ED593D}\MpKsld9dca973.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 MLPTDR_Q;MLPTDR_Q;c:\windows\system32\MLPTDR_Q.sys [2003-07-22 18848]
R3 AVerHybrid;AVerMedia Hybrid Tuner (NTSC/PAL/SECAM/DVB-T/FM);c:\windows\system32\drivers\averhbtv.sys [2009-08-20 306688]
R3 EverestDriver;Lavalys EVEREST Kernel Driver;d:\portables\Everest Ultimate Engineer 5.50.2100\kerneld.wnt [2010-03-30 27760]
R3 IT9135BDA;IT9135 BDA Devices;c:\windows\system32\Drivers\IT9135BDA.sys [2010-02-03 94336]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-10-24 43392]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2010-10-24 54144]
R3 NisSrv;Kontrola siete od spoločnosti Microsoft;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 206360]
R3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2010-07-26 137600]
R3 ptO2_bus;O2 Composite Device;c:\windows\system32\Drivers\ptO2_bus.sys [2007-04-26 22144]
R3 ptO2_flt;O2 USB Filter Service;c:\windows\system32\DRIVERS\ptO2_flt.sys [2007-04-26 4608]
R3 ptO2_mdm;O2 USB Modem;c:\windows\system32\Drivers\ptO2_mdm.sys [2007-04-26 39808]
R3 ptO2_prt;O2 Diagnostic Serial Port;c:\windows\system32\Drivers\ptO2_prt.sys [2007-04-26 38528]
R3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8187B.sys [2010-03-31 379904]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
S0 41794962;41794962 Boot Guard Driver;c:\windows\system32\DRIVERS\41794962.sys [2009-10-22 37392]
S1 41794961;41794961;c:\windows\system32\DRIVERS\41794961.sys [2009-09-25 128016]
S1 MpKsl0ad0a8d9;MpKsl0ad0a8d9;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{07C8FB38-B0F0-4D90-845F-5A89A337A612}\MpKsl0ad0a8d9.sys [2011-04-11 28752]
S1 setup_9.0.0.722_11.04.2011_06-45drv;setup_9.0.0.722_11.04.2011_06-45drv;c:\windows\system32\DRIVERS\4179496.sys [2009-10-09 311312]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 Quick Config Service;Quick Config Service;c:\program files\Quick Config\QCService.exe [2011-02-10 242688]
S2 tvMobiliService;tvMobiliService;c:\program files\TVMOBiLi\bin\tvMobiliService.exe [2011-02-07 884827]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [2009-07-07 7680]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2011-01-21 328808]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://ww.hahayouxi.com
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
TCP: {B516DA83-B218-49D5-8391-D7948DC3CB17} = 208.67.222.222,208.67.220.220
TCP: {FA3AFFD8-FDBB-4BF1-AC0C-184B21106696} = 195.146.128.60,195.146.132.59
FF - ProfilePath - c:\users\kubinski\AppData\Roaming\Mozilla\Firefox\Profiles\uvaisfme.default\
FF - prefs.js: browser.startup.homepage - chrome://speeddial/content/speeddial.xul
FF - prefs.js: keyword.URL - hxxp://search.qip.ru/search?from=FF&query=
FF - user.js: network.proxy.http -
FF - user.js: network.proxy.http_port - 0
FF - user.js: network.proxy.type - 5
FF - user.js: network.proxy.autoconfig_url -
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\EverestDriver]
"ImagePath"="\??\d:\portables\Everest Ultimate Engineer 5.50.2100\kerneld.wnt"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'Explorer.exe'(2056)
c:\program files\MediaMonkey\DeskPlayer.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_slk.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\CDBurnerXP\NMSAccessU.exe
c:\program files\TOSHIBA\Power Saver\TosCoSrv.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\program files\LibreOffice 3\program\soffice.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\program files\LibreOffice 3\program\soffice.bin
c:\program files\PC Connectivity Solution\ServiceLayer.exe
c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe
c:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe
.
**************************************************************************
.
Celkový čas: 2011-04-11 12:07:17 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-04-11 10:07
ComboFix2.txt 2011-04-11 09:01
.
Před spuštěním: 9 309 585 408 bytes free
Po spuštění: 8 988 921 856 bytes free
.
- - End Of File - - 85AE99DFDEE567AD9B6319454C23E7DC

[JaRon]

myslim, ze OK

[cuco11]

Dakujem velmi pekne za pomoc

[JaRon]

aj za Rudyho: radi sme pomohli