Prosim o kontrolu logu - odstranoval jsem Cycbot.B - ujištěn

[mkozlovsky]

Logfile of random's system information tool 1.09 (written by random/random)
Run by Michal at 2011-07-16 14:46:56
Microsoft Windows 7 Ultimate
System drive C: has 242 GB (81%) free of 300 GB
Total RAM: 3582 MB (67% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 14:46:59, on 16.7.2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\PC Tools Security\pctsGui.exe
C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Users\Michal\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Michal\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\Michal\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\trend micro\Michal.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:59657
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {472734EA-242A-422b-ADF8-83D1E48CC825} - (no file)
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files (x86)\PC Tools Security\pctsGui.exe" /hideGUI
O4 - HKCU\..\Run: [Google Update] "C:\Users\Michal\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Unknown owner - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (file missing)
O23 - Service: Avira AntiVir Guard (AntiVirService) - Unknown owner - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @C:\Program Files (x86)\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files (x86)\Nero\Update\NASvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files (x86)\PC Tools Security\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files (x86)\PC Tools Security\pctsSvc.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 7664 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
atieclxx
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\PC Tools Security\pctsAuxs.exe"
"taskhost.exe"
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
"C:\Program Files (x86)\PC Tools Security\pctsSvc.exe"
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files (x86)\PC Tools Security\pctsGui.exe" /hideGUI
"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
"C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe"
"C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe"
"C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe"
"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
"C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe" -quickstart
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM"
"C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe" "-quickstart" "-env:OOO_CWD=2C:\\Program Files (x86)\\OpenOffice.org 3\\program"
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe" 0
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe"
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe" -Embedding
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"C:\Windows\system32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-663416ad-e035-4172-a48b-5cfcf862da29 -SystemEventPortName:HostProcess-8b2e0a39-f026-4e59-bf6b-b0cec98b1995 -IoCancelEventPortName:HostProcess-4a6baa10-6946-412a-b218-18b5f4fe04f6 -NonStateChangingEventPortName:HostProcess-5a16ee84-4928-4cc2-bdba-b6fdbd192cf1 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:5aa3a353-2aa0-4aab-bc9c-05d0f1aee223
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe_S-1-5-21-1629529035-4043197320-510236382-10001_ Global\UsGthrCtrlFltPipeMssGthrPipe_S-1-5-21-1629529035-4043197320-510236382-10001 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon" "1"
"C:\Windows\system32\SearchFilterHost.exe" 0 512 516 524 65536 520
"C:\Users\Michal\AppData\Local\Google\Chrome\Application\chrome.exe"
"C:\Users\Michal\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --disable-client-side-phishing-detection --lang=cs --force-fieldtest=CacheSize/CacheSizeGroup_6/ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/default_enabled_prefetch/DnsParallelism/parallel_default/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_60/Prefetch/ContentPrefetchDisabled/ProxyConnectionImpact/proxy_connections_32/SSLFalseStart/FalseStart_disabled/SpdyCwnd/cwndDynamic/SpdyImpact/npn_with_spdy/ --channel=4184.07421688.358067003 /prefetch:3
C:\Windows\system32\rundll32.exe "C:\Users\Michal\AppData\Local\Google\Chrome\APPLIC~1\120742~1.122\gcswf32.dll",BrokerMain browser=chrome
"C:\Users\Michal\AppData\Local\Google\Chrome\Application\chrome.exe" --type=plugin --plugin-path="C:\Users\Michal\AppData\Local\Google\Chrome\Application\12.0.742.122\gcswf32.dll" --lang=cs --channel=4184.0A764DC8.712681639 /prefetch:4 --flash-broker=4372
"C:\Users\Michal\Downloads\RSITx64.exe"

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1629529035-4043197320-510236382-1000Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1629529035-4043197320-510236382-1000UA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~2\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2010-11-02 11545192]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Google Update"=C:\Users\Michal\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-08 136176]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe [2007-05-16 153136]
"SpybotSD TeaTimer"=C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2009-01-26 2144088]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"=C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2010-04-06 102400]
"avgnt"=C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe /min []
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2011-04-08 254696]
"tray_ico"= []
"tray_ico1"= []
"tray_ico2"= []
"tray_ico3"= []
"tray_ico4"= []
"ISTray"=C:\Program Files (x86)\PC Tools Security\pctsGui.exe [2011-01-13 1589208]

C:\Users\Michal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
OpenOffice.org 3.3.lnk - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableSecureUIAPaths"=0
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2011-07-16 14:46:56 ----D---- C:\rsit
2011-07-16 14:46:56 ----D---- C:\Program Files\trend micro
2011-07-16 14:38:18 ----D---- C:\Users\Michal\AppData\Roaming\Malwarebytes
2011-07-16 14:38:15 ----A---- C:\Windows\SYSWOW64\drivers\mbamswissarmy.sys
2011-07-16 14:38:14 ----D---- C:\ProgramData\Malwarebytes
2011-07-16 14:38:12 ----D---- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-07-16 14:38:12 ----A---- C:\Windows\system32\drivers\mbam.sys
2011-07-16 14:17:20 ----D---- C:\ProgramData\Spybot - Search & Destroy
2011-07-16 14:17:20 ----D---- C:\Program Files (x86)\Spybot - Search & Destroy
2011-07-16 12:19:27 ----A---- C:\Windows\ntbtlog.txt
2011-07-16 12:06:54 ----A---- C:\Windows\system32\drivers\pctEFA64.sys
2011-07-16 12:06:54 ----A---- C:\Windows\system32\drivers\pctDS64.sys
2011-07-16 12:06:54 ----A---- C:\Windows\system32\drivers\Cat.DB
2011-07-16 12:06:53 ----A---- C:\Windows\system32\drivers\pctwfpfilter64.sys
2011-07-16 12:06:53 ----A---- C:\Windows\system32\drivers\pctgntdi64.sys
2011-07-16 12:06:52 ----A---- C:\Windows\system32\drivers\PCTCore64.sys
2011-07-16 12:06:50 ----A---- C:\Windows\system32\drivers\pctplsg64.sys
2011-07-16 12:06:42 ----D---- C:\Users\Michal\AppData\Roaming\PC Tools
2011-07-16 12:06:42 ----D---- C:\Program Files (x86)\PC Tools Security
2011-07-16 12:06:42 ----AD---- C:\ProgramData\TEMP
2011-07-16 12:04:01 ----D---- C:\ProgramData\PC Tools
2011-07-16 11:20:51 ----D---- C:\Program Files (x86)\Trend Micro
2011-07-16 10:38:21 ----A---- C:\Windows\ddh_iplist.txt
2011-07-16 10:34:56 ----A---- C:\Windows\iecheck_iplist.txt
2011-07-16 10:34:38 ----HD---- C:\Windows\update.2
2011-07-16 10:34:16 ----D---- C:\Windows\ufa
2011-07-16 10:34:16 ----D---- C:\Windows\rpcminer
2011-07-16 10:34:16 ----D---- C:\Windows\phoenix
2011-07-16 10:34:15 ----A---- C:\Windows\unrar.exe
2011-07-16 10:33:24 ----A---- C:\Windows\btc_client_iplist.txt
2011-07-16 10:33:02 ----HD---- C:\Windows\update.5.0
2011-07-16 10:31:47 ----A---- C:\Windows\iplist.txt
2011-07-16 10:31:21 ----D---- C:\Windows\av_ico
2011-07-16 10:31:16 ----A---- C:\Windows\front_ip_list.txt
2011-07-16 10:30:17 ----HD---- C:\Windows\update.1
2011-07-16 10:30:16 ----HD---- C:\Windows\update.tray-8-0-lnk
2011-07-16 10:30:16 ----HD---- C:\Windows\update.tray-8-0
2011-07-16 10:20:42 ----A---- C:\Windows\winlog-ids.txt
2011-07-16 10:20:42 ----A---- C:\Windows\winlog-dirs.txt
2011-07-08 15:02:21 ----D---- C:\Users\Michal\AppData\Roaming\Ahead
2011-07-08 15:02:13 ----D---- C:\ProgramData\Ahead
2011-07-08 14:21:55 ----D---- C:\Users\Michal\AppData\Roaming\Nero
2011-07-08 14:21:22 ----D---- C:\ProgramData\Nero
2011-07-08 14:21:10 ----D---- C:\Program Files (x86)\Nero
2011-07-06 23:54:47 ----D---- C:\Program Files (x86)\Runes of Magic
2011-07-06 20:20:34 ----D---- C:\Users\Michal\AppData\Roaming\FOG Downloader
2011-07-04 16:29:59 ----D---- C:\Program Files (x86)\Bethesda Softworks
2011-06-30 20:37:04 ----SD---- C:\Program Files (x86)\HLSW
2011-06-30 20:37:04 ----D---- C:\Users\Michal\AppData\Roaming\HLSW
2011-06-30 15:40:56 ----SHD---- C:\Windows\ftpcache
2011-06-30 15:40:45 ----A---- C:\Windows\game.ini
2011-06-30 15:27:16 ----D---- C:\Program Files (x86)\Activision
2011-06-26 11:30:18 ----D---- C:\Users\Michal\AppData\Roaming\OpenOffice.org
2011-06-26 11:26:16 ----D---- C:\Program Files (x86)\OpenOffice.org 3
2011-06-26 11:25:49 ----A---- C:\Windows\SYSWOW64\RENEBC8.tmp
2011-06-26 11:25:49 ----A---- C:\Windows\SYSWOW64\RENEBC7.tmp
2011-06-26 11:25:49 ----A---- C:\Windows\SYSWOW64\RENEBC6.tmp
2011-06-26 11:25:39 ----D---- C:\Program Files (x86)\Java
2011-06-23 17:57:46 ----D---- C:\Users\Michal\AppData\Roaming\WinRAR
2011-06-23 17:57:41 ----D---- C:\Program Files\WinRAR
2011-06-22 22:53:35 ----D---- C:\Program Files\Microsoft
2011-06-22 20:42:20 ----D---- C:\Users\Michal\AppData\Roaming\PSpad
2011-06-22 20:42:13 ----D---- C:\Program Files (x86)\PSPad editor
2011-06-19 10:38:47 ----A---- C:\Windows\system32\drivers\dtsoftbus01.sys
2011-06-19 10:38:43 ----D---- C:\Program Files\DAEMON Tools Lite
2011-06-19 10:38:09 ----D---- C:\Users\Michal\AppData\Roaming\DAEMON Tools Lite
2011-06-19 10:38:09 ----D---- C:\ProgramData\DAEMON Tools Lite
2011-06-19 10:35:19 ----D---- C:\Users\Michal\AppData\Roaming\DAEMON Tools

======List of files/folders modified in the last 1 month======

2011-07-16 14:46:58 ----D---- C:\Windows\Temp
2011-07-16 14:46:56 ----RD---- C:\Program Files
2011-07-16 14:42:56 ----D---- C:\Windows
2011-07-16 14:38:15 ----D---- C:\Windows\SYSWOW64\drivers
2011-07-16 14:38:14 ----HD---- C:\ProgramData
2011-07-16 14:38:12 ----RD---- C:\Program Files (x86)
2011-07-16 14:38:12 ----D---- C:\Windows\system32\drivers
2011-07-16 14:33:58 ----D---- C:\Windows\system32\drivers\etc
2011-07-16 14:00:30 ----D---- C:\Windows\System32
2011-07-16 14:00:30 ----D---- C:\Windows\inf
2011-07-16 14:00:30 ----A---- C:\Windows\system32\PerfStringBackup.INI
2011-07-16 13:57:36 ----D---- C:\Program Files\Mozilla Firefox
2011-07-16 13:41:32 ----SD---- C:\Users\Michal\AppData\Roaming\Microsoft
2011-07-16 12:17:50 ----D---- C:\Windows\system32\NDF
2011-07-16 12:06:54 ----SHD---- C:\System Volume Information
2011-07-16 12:06:46 ----SHD---- C:\Windows\Installer
2011-07-16 12:06:42 ----D---- C:\Program Files (x86)\Common Files
2011-07-16 11:38:35 ----D---- C:\Windows\system32\Tasks
2011-07-16 10:37:47 ----D---- C:\Windows\Prefetch
2011-07-16 10:20:50 ----D---- C:\Windows\system32\config
2011-07-16 10:15:20 ----D---- C:\Windows\system32\catroot2
2011-07-14 16:11:55 ----D---- C:\Windows\system32\wdi
2011-07-08 15:02:00 ----D---- C:\Windows\ehome
2011-07-08 15:01:40 ----D---- C:\Windows\SysWOW64
2011-07-08 14:21:46 ----D---- C:\Windows\winsxs
2011-07-04 16:29:58 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2011-06-29 22:06:24 ----D---- C:\ProgramData\PMB Files
2011-06-28 18:47:00 ----D---- C:\Windows\system32\catroot
2011-06-26 11:26:42 ----RSD---- C:\Windows\assembly
2011-06-26 11:26:23 ----RSD---- C:\Windows\Fonts
2011-06-26 11:25:03 ----D---- C:\Program Files\Common Files\Microsoft Shared
2011-06-23 15:40:40 ----D---- C:\Windows\Microsoft.NET
2011-06-19 10:40:54 ----D---- C:\Program Files\LucasArts
2011-06-19 10:39:02 ----D---- C:\Windows\system32\DriverStore

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 AtiPcie;AMD PCI Express (3GIO) Filter; C:\Windows\system32\DRIVERS\AtiPcie.sys [2009-05-05 16440]
R0 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [2009-07-14 12352]
R0 PCTCore;PCTools KDS; C:\Windows\system32\drivers\PCTCore64.sys [2010-12-10 257232]
R0 pctDS;PC Tools Data Store; C:\Windows\system32\drivers\pctDS64.sys [2010-06-29 452872]
R0 pctEFA;PC Tools Extended File Attributes; C:\Windows\system32\drivers\pctEFA64.sys [2010-07-16 816016]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2009-07-14 214096]
R1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [2011-06-28 123784]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2009-07-14 514048]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2011-06-19 254528]
R2 avgntflt;avgntflt; C:\Windows\system32\DRIVERS\avgntflt.sys [2011-06-28 88288]
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2010-04-07 6659072]
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2010-04-07 195584]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2010-11-02 2536040]
R3 RTHDMIAzAudService;Service for HDMI; C:\Windows\system32\drivers\RtHDMIVX.sys [2010-05-25 253728]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2011-01-13 413800]
R3 usbfilter;AMD USB Filter Driver; C:\Windows\system32\DRIVERS\usbfilter.sys [2009-12-22 38456]
S3 gdrv;gdrv; \??\C:\Windows\gdrv.sys []
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2009-07-14 165376]
S3 s3cap;s3cap; C:\Windows\system32\DRIVERS\vms3cap.sys [2009-07-14 6656]
S3 storvsc;storvsc; C:\Windows\system32\DRIVERS\storvsc.sys [2009-07-14 34896]
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2009-07-14 41984]
S3 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\DRIVERS\vmbus.sys [2009-07-14 200272]
S3 VMBusHID;VMBusHID; C:\Windows\system32\DRIVERS\VMBusHID.sys [2009-07-14 21760]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2010-04-07 202752]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 SBSDWSCService;SBSD Security Center Service; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
R2 sdAuxService;PC Tools Auxiliary Service; C:\Program Files (x86)\PC Tools Security\pctsAuxs.exe [2010-03-15 366840]
R2 sdCoreService;PC Tools Security Service; C:\Program Files (x86)\PC Tools Security\pctsSvc.exe [2010-11-19 1150936]
R3 NMIndexingService;NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [2007-05-16 271920]
S2 AntiVirService;Avira AntiVir Guard; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe []
S2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe []
S2 NAUpdate;@C:\Program Files (x86)\Nero\Update\NASvc.exe,-200; C:\Program Files (x86)\Nero\Update\NASvc.exe [2010-05-04 503080]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S3 NBService;NBService; C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-04-13 792112]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136]

-----------------EOF-----------------

[vyosek]

Zdravim a pekny den preji

Vidim nainstalovany MBAM, predpokladam, ze jste jim delal skeny - na zalozce Protokoly by mely byt logy, mohl byste mi je prosim zabalit do raru a uploadnnout sem http://vyosek.ic.cz/havet/uploader.php

PROSIM CTETE DUKLADNE NAVOD - TATO UTILITA MA VELKOU SCHOPNOST MAZAT A JE NUTNE JI APLIKOVAT JEN NA DOPORUCENI, JINAK VAM MUZE JIT SYSTEM DO KYTEK
Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe

• Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.
• Pokud mate Win XP spustte pod uctem Spravce\Administratora
• Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
• Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
• Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
• Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
• Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
• Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte
• Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix

[mkozlovsky]

Díky moc za radu, protokol z MAM jsem zaslal, zde přikládám log z Combofixu.


ComboFix 11-07-15.03 - Michal 16.07.2011 21:32:05.1.4 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1250.420.1029.18.3582.2389 [GMT 2:00]
Spuštěný z: c:\users\Michal\Downloads\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\btc_client_iplist.txt
c:\windows\ddh_iplist.txt
c:\windows\front_ip_list.txt
c:\windows\iecheck_iplist.txt
c:\windows\info1
c:\windows\iplist.txt
c:\windows\loader2.exe_ok
c:\windows\proc_list1.log
c:\windows\system32\drivers\etc\HSTS~1
c:\windows\update.1
c:\windows\update.2
c:\windows\update.5.0
c:\windows\winlog-dirs.txt
c:\windows\winlog-ids.txt
c:\windows\winsetupapi.log
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-06-16 do 2011-07-16 )))))))))))))))))))))))))))))))
.
.
2011-07-16 19:31 . 2011-07-16 19:31 -------- d-----w- C:\32788R22FWJFW
2011-07-16 19:23 . 2011-06-07 17:10 8873296 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7E15793A-E104-44F5-B9DF-889925C80FA8}\mpengine.dll
2011-07-16 12:46 . 2011-07-16 12:47 -------- d-----w- C:\rsit
2011-07-16 12:46 . 2011-07-16 12:46 -------- d-----w- c:\program files\trend micro
2011-07-16 12:38 . 2011-07-16 12:38 -------- d-----w- c:\users\Michal\AppData\Roaming\Malwarebytes
2011-07-16 12:38 . 2010-12-20 16:09 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-07-16 12:38 . 2011-07-16 12:38 -------- d-----w- c:\programdata\Malwarebytes
2011-07-16 12:38 . 2011-07-16 12:38 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-07-16 12:38 . 2010-12-20 16:08 24152 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-16 12:17 . 2011-07-16 12:33 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-07-16 12:17 . 2011-07-16 12:17 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2011-07-16 12:05 . 2011-07-16 12:05 -------- d-----w- c:\users\Michal\AppData\Local\Downloaded Installations
2011-07-16 11:53 . 2011-07-16 11:53 -------- d-----w- c:\users\Michal\DoctorWeb
2011-07-16 10:17 . 2011-07-16 10:17 -------- d-----w- c:\users\Michal\AppData\Local\ElevatedDiagnostics
2011-07-16 10:04 . 2011-07-16 19:22 -------- d-----w- c:\programdata\PC Tools
2011-07-16 09:20 . 2011-07-16 09:20 388096 ----a-r- c:\users\Michal\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-07-16 09:20 . 2011-07-16 09:20 -------- d-----w- c:\program files (x86)\Trend Micro
2011-07-16 08:34 . 2011-07-16 08:34 -------- d-----w- c:\windows\ufa
2011-07-16 08:34 . 2011-07-16 08:34 -------- d-----w- c:\windows\rpcminer
2011-07-16 08:34 . 2011-07-16 08:34 -------- d-----w- c:\windows\phoenix
2011-07-16 08:34 . 2011-07-16 08:34 246272 ----a-w- c:\windows\unrar.exe
2011-07-16 08:31 . 2011-07-16 08:31 -------- d-----w- c:\windows\av_ico
2011-07-16 08:30 . 2011-07-16 08:30 -------- d--h--w- c:\windows\update.tray-8-0
2011-07-16 08:30 . 2011-07-16 08:30 -------- d--h--w- c:\windows\update.tray-8-0-lnk
2011-07-08 13:02 . 2011-07-08 13:03 -------- d-----w- c:\users\Michal\AppData\Local\Ahead
2011-07-08 13:02 . 2011-07-08 13:04 -------- d-----w- c:\users\Michal\AppData\Roaming\Ahead
2011-07-08 13:02 . 2011-07-08 13:02 -------- d-----w- c:\programdata\Ahead
2011-07-08 13:01 . 2011-07-08 13:02 -------- d-----w- c:\program files (x86)\Common Files\Ahead
2011-07-08 12:21 . 2011-07-08 12:21 -------- d-----w- c:\users\Michal\AppData\Roaming\Nero
2011-07-08 12:21 . 2011-07-08 13:01 -------- d-----w- c:\programdata\Nero
2011-07-08 12:21 . 2011-07-08 12:21 -------- d-----w- c:\program files (x86)\Common Files\Nero
2011-07-08 12:21 . 2011-07-08 13:01 -------- d-----w- c:\program files (x86)\Nero
2011-07-06 21:54 . 2011-07-15 20:34 -------- d-----w- c:\program files (x86)\Runes of Magic
2011-07-06 18:20 . 2011-07-06 21:54 -------- d-----w- c:\users\Michal\AppData\Roaming\FOG Downloader
2011-07-04 14:29 . 2011-07-04 14:29 -------- d-----w- c:\program files (x86)\Bethesda Softworks
2011-07-04 14:29 . 2005-04-03 21:02 753664 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iKernel.dll
2011-07-04 14:29 . 2005-04-03 21:02 69714 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\ctor.dll
2011-07-04 14:29 . 2005-04-03 21:01 274432 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iscript.dll
2011-07-04 14:29 . 2005-04-03 21:00 184320 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iuser.dll
2011-07-04 14:29 . 2005-04-03 21:00 63488 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\ISBEW64.exe
2011-07-04 14:29 . 2005-04-03 20:59 5632 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\DotNetInstaller.exe
2011-07-04 14:29 . 2011-07-04 14:29 200836 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iGdi.dll
2011-07-04 14:29 . 2011-07-04 14:29 331908 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\setup.dll
2011-07-04 14:28 . 2011-07-04 14:35 -------- d-----w- c:\users\Michal\AppData\Local\Oblivion
2011-06-30 19:18 . 2011-06-30 19:18 -------- d-----w- c:\users\Michal\AppData\Local\PunkBuster
2011-06-30 18:37 . 2011-07-02 19:47 -------- d-----w- c:\users\Michal\AppData\Roaming\HLSW
2011-06-30 18:37 . 2011-06-30 18:37 -------- d-s---w- c:\program files (x86)\HLSW
2011-06-30 13:40 . 2011-06-30 13:40 -------- d-sh--w- c:\windows\ftpcache
2011-06-30 13:27 . 2011-06-30 13:27 -------- d-----w- c:\program files (x86)\Activision
2011-06-26 09:30 . 2011-06-26 09:30 -------- d-----w- c:\users\Michal\AppData\Roaming\OpenOffice.org
2011-06-26 09:26 . 2011-06-26 09:26 -------- d-----w- c:\program files (x86)\OpenOffice.org 3
2011-06-26 09:25 . 2011-06-26 09:25 0 ----a-w- c:\windows\SysWow64\RENEBC8.tmp
2011-06-26 09:25 . 2011-06-26 09:25 0 ----a-w- c:\windows\SysWow64\RENEBC7.tmp
2011-06-26 09:25 . 2011-06-26 09:25 0 ----a-w- c:\windows\SysWow64\RENEBC6.tmp
2011-06-26 09:25 . 2011-06-26 09:25 -------- d-----w- c:\program files (x86)\Java
2011-06-22 20:54 . 2011-06-22 20:54 -------- d-----w- c:\users\Michal\AppData\Local\SmallBasic
2011-06-22 20:53 . 2011-06-22 20:53 900608 ----a-r- c:\users\Michal\AppData\Roaming\Microsoft\Installer\{7AAA27E4-CDB3-49C0-AA2D-41827C001BA3}\StartMenuIcon.exe
2011-06-22 20:53 . 2011-06-22 20:53 -------- d-----w- c:\program files\Microsoft
2011-06-22 18:42 . 2011-06-22 19:47 -------- d-----w- c:\users\Michal\AppData\Roaming\PSpad
2011-06-22 18:42 . 2011-06-22 18:42 -------- d-----w- c:\program files (x86)\PSPad editor
2011-06-19 08:38 . 2011-06-19 08:38 254528 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2011-06-19 08:38 . 2011-06-19 08:39 -------- d-----w- c:\program files\DAEMON Tools Lite
2011-06-19 08:38 . 2011-06-19 08:40 -------- d-----w- c:\users\Michal\AppData\Roaming\DAEMON Tools Lite
2011-06-19 08:38 . 2011-06-19 08:38 -------- d-----w- c:\programdata\DAEMON Tools Lite
2011-06-19 08:35 . 2011-06-19 08:35 -------- d-----w- c:\users\Michal\AppData\Roaming\DAEMON Tools
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-28 16:46 . 2011-06-06 20:55 88288 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-06-28 16:46 . 2011-06-06 20:55 123784 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-06-07 14:37 . 2011-06-06 21:43 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-05-24 17:14 . 2011-06-06 21:18 270720 ------w- c:\windows\system32\MpSigStub.exe
2011-05-04 02:52 . 2011-06-08 19:44 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-04-14 16:38 . 2011-06-07 14:28 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-05-16 153136]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-04-06 102400]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
.
c:\users\Michal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableSecureUIAPaths"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wxpdrivers]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"DisableThumbnailCache"=dword:00000001
.
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
R2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2010-05-04 503080]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]
.
.
Obsah adresáře 'Naplánované úlohy'
.
2011-07-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1629529035-4043197320-510236382-1000Core.job
- c:\users\Michal\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-08 19:47]
.
2011-07-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1629529035-4043197320-510236382-1000UA.job
- c:\users\Michal\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-08 19:47]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-11-02 11545192]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyServer = http=127.0.0.1:59657
Trusted Zone: facebook.com\www
Trusted Zone: leagueoflegends.com\ll
TCP: DhcpNameServer = 10.0.34.3 88.86.107.86
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Wow6432Node-HKLM-Run-avgnt - c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe
Wow6432Node-HKLM-Run-tray_ico - (no file)
Wow6432Node-HKLM-Run-tray_ico1 - (no file)
Wow6432Node-HKLM-Run-tray_ico2 - (no file)
Wow6432Node-HKLM-Run-tray_ico3 - (no file)
Wow6432Node-HKLM-Run-tray_ico4 - (no file)
AddRemove-Avira AntiVir Desktop - c:\program files (x86)\Avira\AntiVir Desktop\setup.exe
AddRemove-DAEMON Tools Lite - c:\program files (x86)\DAEMON Tools Lite\uninst.exe
AddRemove-Mozilla Firefox 4.0.1 (x86 cs) - c:\program files (x86)\Mozilla Firefox\uninstall\helper.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10s_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10s_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10s.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10s.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10s.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10s.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\OpenOffice.org 3\program\soffice.exe
c:\program files (x86)\OpenOffice.org 3\program\soffice.bin
c:\program files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
c:\program files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
.
**************************************************************************
.
Celkový čas: 2011-07-16 21:38:05 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-07-16 19:38
.
Před spuštěním: Volných bajtů: 256 994 734 080
Po spuštění: Volných bajtů: 256 607 256 576
.
- - End Of File - - C2E44C83CC80934DCB25E0EE87727A32

[vyosek]

Odinstalujtre Spybot - je uz davno za zanitem, po ukonceni leceni tam dame nejakou lepsi nahradu

Nainstalujte antivir - doporucuji Avast

Stahnete si TDSSKiller http://support.kaspersky.com/downloads/ ... killer.exe

• Utilitu spustte a prikazte ji, at skenuje - klik na Start Scan
• Pokud utilita najde infikekci, bude ji chtit lecit (Cure), povolte leceni kliknutim na Continue
• Pokud utilita najde podezrely soubor (suspicious), bude jej chtit preskocit (Skip), povolte preskoceni kliknutim na Continue
• Po dokonceni skenu bude mozna nutny restart PC, povolte jej kliknutim na Reboot now
• Po restartu na Vas vyskoci log, pokud se tak nestane, najdete jej primo na disku, kde mate Windows (obvykle c:\) ve tvaru TDSSKiller.nejaka cisilka _log.txt - jeho obsah sem vlozte
• Pokud restart nebude vyzadovan, kliknete na Close a nasledne na Report - vytvori se log - jeho obsah sem vlozte

Pokud nemate, tak presunte Combofix na plochu

• Spustte poznamkovy blok (Start-spustit-notepad)
• Zkopirujte skript nize

• Kód: Vybrat vše

  KillAll::
  
  Folder::
  c:\windows\ufa
  c:\windows\phoenix
  c:\windows\rpcminer
  c:\windows\av_ico
  c:\windows\update.tray-8-0
  c:\windows\update.tray-8-0-lnk
  
  File::
  c:\windows\SysWow64\RENEBC8.tmp
  c:\windows\SysWow64\RENEBC7.tmp
  c:\windows\SysWow64\RENEBC6.tmp
  c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1629529035-4043197320-510236382-1000Core.job
  c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1629529035-4043197320-510236382-1000UA.job
  
  Driver::
  NAUpdate
  
  Collect::
  c:\windows\unrar.exe
  
  Registry::
  [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=-
  "SpybotSD TeaTimer"=-
  [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
  "SunJavaUpdateSched"=-
  [HKEY_LOCAL_MACHINE\software\microsoft\security center]
  "DisableThumbnailCache"=dword:00000000
  
  DDS::
  uInternet Settings,ProxyServer = http=127.0.0.1:59657
  Trusted Zone: facebook.com\www
  Trusted Zone: leagueoflegends.com\ll
  
  RegLock::
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
  [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
  
  Reboot::
  

• Ulozte vytvoreny TXT jako CFScript.txt
• Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
  
• Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte

Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci

[mkozlovsky]

2011/07/16 23:51:54.0949 3164 TDSS rootkit removing tool 2.5.11.0 Jul 11 2011 16:56:56
2011/07/16 23:51:55.0135 3164 ================================================================================
2011/07/16 23:51:55.0135 3164 SystemInfo:
2011/07/16 23:51:55.0135 3164
2011/07/16 23:51:55.0135 3164 OS Version: 6.1.7600 ServicePack: 0.0
2011/07/16 23:51:55.0135 3164 Product type: Workstation
2011/07/16 23:51:55.0136 3164 ComputerName: MICHAL-PC
2011/07/16 23:51:55.0136 3164 UserName: Michal
2011/07/16 23:51:55.0136 3164 Windows directory: C:\Windows
2011/07/16 23:51:55.0136 3164 System windows directory: C:\Windows
2011/07/16 23:51:55.0136 3164 Running under WOW64
2011/07/16 23:51:55.0137 3164 Processor architecture: Intel x64
2011/07/16 23:51:55.0137 3164 Number of processors: 4
2011/07/16 23:51:55.0137 3164 Page size: 0x1000
2011/07/16 23:51:55.0137 3164 Boot type: Normal boot
2011/07/16 23:51:55.0137 3164 ================================================================================
2011/07/16 23:51:57.0030 3164 Initialize success
2011/07/16 23:51:59.0759 0844 ================================================================================
2011/07/16 23:51:59.0759 0844 Scan started
2011/07/16 23:51:59.0759 0844 Mode: Manual;
2011/07/16 23:51:59.0759 0844 ================================================================================
2011/07/16 23:52:01.0456 0844 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
2011/07/16 23:52:01.0524 0844 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
2011/07/16 23:52:01.0559 0844 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
2011/07/16 23:52:01.0605 0844 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/07/16 23:52:01.0649 0844 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
2011/07/16 23:52:01.0701 0844 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
2011/07/16 23:52:01.0863 0844 AFD (b9384e03479d2506bc924c16a3db87bc) C:\Windows\system32\drivers\afd.sys
2011/07/16 23:52:01.0926 0844 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
2011/07/16 23:52:01.0970 0844 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
2011/07/16 23:52:02.0011 0844 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
2011/07/16 23:52:02.0061 0844 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
2011/07/16 23:52:02.0272 0844 amdkmdag (cc0b8b1912967d429c4a2d2bd7a9e52d) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/07/16 23:52:02.0594 0844 amdkmdap (b855c99c23a57edeca29f49a3210b95c) C:\Windows\system32\DRIVERS\atikmpag.sys
2011/07/16 23:52:02.0652 0844 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
2011/07/16 23:52:02.0684 0844 amdsata (53d8d46d51d390abdb54eca623165cb7) C:\Windows\system32\DRIVERS\amdsata.sys
2011/07/16 23:52:02.0724 0844 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/07/16 23:52:02.0748 0844 amdxata (75c51148154e34eb3d7bb84749a758d5) C:\Windows\system32\DRIVERS\amdxata.sys
2011/07/16 23:52:02.0817 0844 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
2011/07/16 23:52:02.0883 0844 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
2011/07/16 23:52:02.0905 0844 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
2011/07/16 23:52:02.0959 0844 aswFsBlk (55353cd0da287b2c3782485740965b54) C:\Windows\system32\drivers\aswFsBlk.sys
2011/07/16 23:52:03.0002 0844 aswMonFlt (b38061cdefb71361e0c7547ac60527e8) C:\Windows\system32\drivers\aswMonFlt.sys
2011/07/16 23:52:03.0064 0844 aswRdr (91e7aca95933633b2557f47cdfdb74c3) C:\Windows\system32\drivers\aswRdr.sys
2011/07/16 23:52:03.0117 0844 aswSnx (2b15499f68fad60ce69264a327e9b0f0) C:\Windows\system32\drivers\aswSnx.sys
2011/07/16 23:52:03.0147 0844 aswSP (4d939ecb19dc930056593390d1c87c43) C:\Windows\system32\drivers\aswSP.sys
2011/07/16 23:52:03.0334 0844 aswTdi (d633426c5a207ce21767569aa4946891) C:\Windows\system32\drivers\aswTdi.sys
2011/07/16 23:52:03.0395 0844 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/07/16 23:52:03.0437 0844 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
2011/07/16 23:52:03.0500 0844 AtiPcie (7c5d273e29dcc5505469b299c6f29163) C:\Windows\system32\DRIVERS\AtiPcie.sys
2011/07/16 23:52:03.0681 0844 avgntflt (b1224e6b086cd6548315b04ab575a23e) C:\Windows\system32\DRIVERS\avgntflt.sys
2011/07/16 23:52:03.0741 0844 avipbb (ed45f12cfa62b83765c9c1496758cc87) C:\Windows\system32\DRIVERS\avipbb.sys
2011/07/16 23:52:03.0825 0844 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
2011/07/16 23:52:03.0907 0844 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
2011/07/16 23:52:03.0959 0844 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
2011/07/16 23:52:04.0022 0844 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/07/16 23:52:04.0043 0844 bowser (91ce0d3dc57dd377e690a2d324022b08) C:\Windows\system32\DRIVERS\bowser.sys
2011/07/16 23:52:04.0063 0844 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/07/16 23:52:04.0075 0844 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/07/16 23:52:04.0096 0844 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
2011/07/16 23:52:04.0112 0844 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/07/16 23:52:04.0127 0844 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/07/16 23:52:04.0141 0844 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/07/16 23:52:04.0339 0844 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/07/16 23:52:04.0650 0844 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/07/16 23:52:04.0735 0844 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
2011/07/16 23:52:04.0799 0844 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
2011/07/16 23:52:04.0837 0844 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
2011/07/16 23:52:04.0884 0844 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/07/16 23:52:04.0908 0844 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
2011/07/16 23:52:04.0937 0844 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
2011/07/16 23:52:04.0960 0844 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
2011/07/16 23:52:04.0996 0844 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
2011/07/16 23:52:05.0035 0844 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/07/16 23:52:05.0094 0844 CSC (4a6173c2279b498cd8f57cae504564cb) C:\Windows\system32\drivers\csc.sys
2011/07/16 23:52:05.0160 0844 DfsC (3f1dc527070acb87e40afe46ef6da749) C:\Windows\system32\Drivers\dfsc.sys
2011/07/16 23:52:05.0184 0844 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
2011/07/16 23:52:05.0233 0844 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
2011/07/16 23:52:05.0377 0844 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
2011/07/16 23:52:05.0459 0844 dtsoftbus01 (fb9bef3401ee5ecc2603311b9c64f44a) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
2011/07/16 23:52:05.0513 0844 DXGKrnl (7cb7d2b73813ce05c7bc0f5f95d27cec) C:\Windows\System32\drivers\dxgkrnl.sys
2011/07/16 23:52:05.0608 0844 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
2011/07/16 23:52:05.0739 0844 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
2011/07/16 23:52:05.0760 0844 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
2011/07/16 23:52:05.0807 0844 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
2011/07/16 23:52:05.0822 0844 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
2011/07/16 23:52:05.0840 0844 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
2011/07/16 23:52:05.0868 0844 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
2011/07/16 23:52:05.0888 0844 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
2011/07/16 23:52:05.0900 0844 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/07/16 23:52:05.0927 0844 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
2011/07/16 23:52:05.0958 0844 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
2011/07/16 23:52:05.0975 0844 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
2011/07/16 23:52:05.0993 0844 fvevol (b8b2a6e1558f8f5de5ce431c5b2c7b09) C:\Windows\system32\DRIVERS\fvevol.sys
2011/07/16 23:52:06.0025 0844 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/07/16 23:52:06.0064 0844 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
2011/07/16 23:52:06.0113 0844 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
2011/07/16 23:52:06.0152 0844 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/07/16 23:52:06.0177 0844 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/07/16 23:52:06.0195 0844 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
2011/07/16 23:52:06.0214 0844 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
2011/07/16 23:52:06.0258 0844 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
2011/07/16 23:52:06.0292 0844 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
2011/07/16 23:52:06.0353 0844 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
2011/07/16 23:52:06.0377 0844 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
2011/07/16 23:52:06.0400 0844 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/07/16 23:52:06.0441 0844 iaStorV (d83efb6fd45df9d55e9a1afc63640d50) C:\Windows\system32\DRIVERS\iaStorV.sys
2011/07/16 23:52:06.0469 0844 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
2011/07/16 23:52:06.0590 0844 IntcAzAudAddService (dab7318ccfa8081200d5b7b486793f74) C:\Windows\system32\drivers\RTKVHD64.sys
2011/07/16 23:52:06.0666 0844 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
2011/07/16 23:52:06.0791 0844 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
2011/07/16 23:52:06.0821 0844 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/07/16 23:52:06.0844 0844 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
2011/07/16 23:52:06.0868 0844 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
2011/07/16 23:52:06.0894 0844 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
2011/07/16 23:52:06.0916 0844 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
2011/07/16 23:52:06.0948 0844 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/07/16 23:52:06.0990 0844 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/07/16 23:52:07.0022 0844 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/07/16 23:52:07.0049 0844 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
2011/07/16 23:52:07.0070 0844 KSecPkg (bbe1bf6d9b661c354d4857d5fadb943b) C:\Windows\system32\Drivers\ksecpkg.sys
2011/07/16 23:52:07.0107 0844 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
2011/07/16 23:52:07.0160 0844 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
2011/07/16 23:52:07.0208 0844 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/07/16 23:52:07.0225 0844 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/07/16 23:52:07.0379 0844 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/07/16 23:52:07.0427 0844 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/07/16 23:52:07.0469 0844 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
2011/07/16 23:52:07.0492 0844 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
2011/07/16 23:52:07.0520 0844 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/07/16 23:52:07.0552 0844 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
2011/07/16 23:52:07.0592 0844 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
2011/07/16 23:52:07.0609 0844 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
2011/07/16 23:52:07.0771 0844 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
2011/07/16 23:52:07.0806 0844 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
2011/07/16 23:52:07.0829 0844 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
2011/07/16 23:52:07.0852 0844 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
2011/07/16 23:52:07.0884 0844 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
2011/07/16 23:52:07.0909 0844 mrxsmb (cfdcd8ca87c2a657debc150ac35b5e08) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/07/16 23:52:07.0930 0844 mrxsmb10 (1bee517b220b7f024f411aec1571dd5a) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/07/16 23:52:07.0953 0844 mrxsmb20 (6b2d5fef385828b6e485c1c90afb8195) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/07/16 23:52:07.0971 0844 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
2011/07/16 23:52:07.0993 0844 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
2011/07/16 23:52:08.0022 0844 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
2011/07/16 23:52:08.0038 0844 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
2011/07/16 23:52:08.0053 0844 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
2011/07/16 23:52:08.0096 0844 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
2011/07/16 23:52:08.0109 0844 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/07/16 23:52:08.0125 0844 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
2011/07/16 23:52:08.0156 0844 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
2011/07/16 23:52:08.0177 0844 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/07/16 23:52:08.0260 0844 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
2011/07/16 23:52:08.0285 0844 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/07/16 23:52:08.0344 0844 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
2011/07/16 23:52:08.0405 0844 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
2011/07/16 23:52:08.0467 0844 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
2011/07/16 23:52:08.0518 0844 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/07/16 23:52:08.0543 0844 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/07/16 23:52:08.0573 0844 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/07/16 23:52:08.0600 0844 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/07/16 23:52:08.0617 0844 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
2011/07/16 23:52:08.0638 0844 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
2011/07/16 23:52:08.0663 0844 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
2011/07/16 23:52:08.0715 0844 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/07/16 23:52:08.0759 0844 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
2011/07/16 23:52:08.0785 0844 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
2011/07/16 23:52:08.0826 0844 Ntfs (356698a13c4630d5b31c37378d469196) C:\Windows\system32\drivers\Ntfs.sys
2011/07/16 23:52:08.0898 0844 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
2011/07/16 23:52:08.0942 0844 nvraid (3e38712941e9bb4ddbee00affe3fed3d) C:\Windows\system32\DRIVERS\nvraid.sys
2011/07/16 23:52:08.0968 0844 nvstor (477dc4d6deb99be37084c9ac6d013da1) C:\Windows\system32\DRIVERS\nvstor.sys
2011/07/16 23:52:09.0009 0844 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
2011/07/16 23:52:09.0030 0844 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/07/16 23:52:09.0073 0844 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
2011/07/16 23:52:09.0100 0844 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
2011/07/16 23:52:09.0121 0844 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
2011/07/16 23:52:09.0144 0844 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
2011/07/16 23:52:09.0167 0844 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/07/16 23:52:09.0189 0844 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
2011/07/16 23:52:09.0215 0844 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
2011/07/16 23:52:09.0312 0844 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
2011/07/16 23:52:09.0338 0844 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
2011/07/16 23:52:09.0383 0844 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
2011/07/16 23:52:09.0447 0844 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
2011/07/16 23:52:09.0639 0844 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/07/16 23:52:09.0674 0844 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
2011/07/16 23:52:09.0698 0844 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
2011/07/16 23:52:09.0744 0844 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/07/16 23:52:09.0790 0844 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/07/16 23:52:09.0811 0844 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/07/16 23:52:09.0853 0844 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
2011/07/16 23:52:09.0873 0844 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
2011/07/16 23:52:09.0897 0844 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/07/16 23:52:09.0911 0844 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/07/16 23:52:09.0948 0844 RDPDR (9706b84dbabfc4b4ca46c5a82b14dfa3) C:\Windows\system32\drivers\rdpdr.sys
2011/07/16 23:52:09.0994 0844 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
2011/07/16 23:52:10.0033 0844 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
2011/07/16 23:52:10.0062 0844 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
2011/07/16 23:52:10.0099 0844 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
2011/07/16 23:52:10.0147 0844 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
2011/07/16 23:52:10.0206 0844 RTHDMIAzAudService (116d03e901246ac7af006121e1e22842) C:\Windows\system32\drivers\RtHDMIVX.sys
2011/07/16 23:52:10.0379 0844 RTL8167 (6d3c7e7d82d3dc92dc2a8b0df9f20f8a) C:\Windows\system32\DRIVERS\Rt64win7.sys
2011/07/16 23:52:10.0444 0844 s3cap (88af6e02ab19df7fd07ecdf9c91e9af6) C:\Windows\system32\DRIVERS\vms3cap.sys
2011/07/16 23:52:10.0511 0844 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
2011/07/16 23:52:10.0559 0844 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
2011/07/16 23:52:10.0634 0844 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
2011/07/16 23:52:10.0671 0844 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
2011/07/16 23:52:10.0714 0844 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
2011/07/16 23:52:10.0728 0844 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
2011/07/16 23:52:10.0757 0844 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
2011/07/16 23:52:10.0772 0844 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
2011/07/16 23:52:10.0787 0844 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys
2011/07/16 23:52:10.0807 0844 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/07/16 23:52:10.0856 0844 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/07/16 23:52:10.0872 0844 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/07/16 23:52:10.0902 0844 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
2011/07/16 23:52:10.0936 0844 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
2011/07/16 23:52:10.0984 0844 srv (ec8f67289105bf270498095f14963464) C:\Windows\system32\DRIVERS\srv.sys
2011/07/16 23:52:11.0003 0844 srv2 (f773d2ed090b7baa1c1a034f3ca476c8) C:\Windows\system32\DRIVERS\srv2.sys
2011/07/16 23:52:11.0025 0844 srvnet (26e84d3649019c3244622e654dfcd75b) C:\Windows\system32\DRIVERS\srvnet.sys
2011/07/16 23:52:11.0073 0844 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
2011/07/16 23:52:11.0106 0844 storflt (ffd7a6f15b14234b5b0e5d49e7961895) C:\Windows\system32\DRIVERS\vmstorfl.sys
2011/07/16 23:52:11.0133 0844 storvsc (8fccbefc5c440b3c23454656e551b09a) C:\Windows\system32\DRIVERS\storvsc.sys
2011/07/16 23:52:11.0151 0844 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
2011/07/16 23:52:11.0286 0844 Tcpip (912107716bab424c7870e8e6af5e07e1) C:\Windows\system32\drivers\tcpip.sys
2011/07/16 23:52:11.0478 0844 TCPIP6 (912107716bab424c7870e8e6af5e07e1) C:\Windows\system32\DRIVERS\tcpip.sys
2011/07/16 23:52:11.0517 0844 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
2011/07/16 23:52:11.0541 0844 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
2011/07/16 23:52:11.0554 0844 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
2011/07/16 23:52:11.0591 0844 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
2011/07/16 23:52:11.0610 0844 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
2011/07/16 23:52:11.0653 0844 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/07/16 23:52:11.0693 0844 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
2011/07/16 23:52:11.0731 0844 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
2011/07/16 23:52:11.0769 0844 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
2011/07/16 23:52:11.0821 0844 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
2011/07/16 23:52:11.0854 0844 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
2011/07/16 23:52:11.0869 0844 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
2011/07/16 23:52:11.0896 0844 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/07/16 23:52:11.0933 0844 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
2011/07/16 23:52:11.0965 0844 usbehci (2ea4aff7be7eb4632e3aa8595b0803b5) C:\Windows\system32\DRIVERS\usbehci.sys
2011/07/16 23:52:11.0996 0844 usbfilter (2c780746dc44a28fe67004dc58173f05) C:\Windows\system32\DRIVERS\usbfilter.sys
2011/07/16 23:52:12.0048 0844 usbhub (4c9042b8df86c1e8e6240c218b99b39b) C:\Windows\system32\DRIVERS\usbhub.sys
2011/07/16 23:52:12.0072 0844 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
2011/07/16 23:52:12.0111 0844 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
2011/07/16 23:52:12.0133 0844 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
2011/07/16 23:52:12.0156 0844 USBSTOR (080d3820da6c046be82fc8b45a893e83) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/07/16 23:52:12.0169 0844 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/07/16 23:52:12.0218 0844 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
2011/07/16 23:52:12.0407 0844 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/07/16 23:52:12.0462 0844 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
2011/07/16 23:52:12.0478 0844 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
2011/07/16 23:52:12.0505 0844 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
2011/07/16 23:52:12.0537 0844 vmbus (1501699d7eda984abc4155a7da5738d1) C:\Windows\system32\DRIVERS\vmbus.sys
2011/07/16 23:52:12.0552 0844 VMBusHID (ae10c35761889e65a6f7176937c5592c) C:\Windows\system32\DRIVERS\VMBusHID.sys
2011/07/16 23:52:12.0576 0844 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
2011/07/16 23:52:12.0597 0844 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
2011/07/16 23:52:12.0614 0844 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
2011/07/16 23:52:12.0638 0844 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/07/16 23:52:12.0664 0844 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
2011/07/16 23:52:12.0727 0844 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
2011/07/16 23:52:12.0774 0844 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2011/07/16 23:52:12.0803 0844 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2011/07/16 23:52:12.0853 0844 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
2011/07/16 23:52:12.0883 0844 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
2011/07/16 23:52:13.0005 0844 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/07/16 23:52:13.0035 0844 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
2011/07/16 23:52:13.0103 0844 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/07/16 23:52:13.0266 0844 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
2011/07/16 23:52:13.0497 0844 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
2011/07/16 23:52:13.0622 0844 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/07/16 23:52:13.0693 0844 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
2011/07/16 23:52:13.0743 0844 MBR (0x1B8) (413fc2a0c716421b3158746d63736515) \Device\Harddisk1\DR1
2011/07/16 23:52:22.0389 0844 MBR (0x1B8) (65e858a8a0293be11a920b0bc99d695e) \Device\Harddisk2\DR2
2011/07/16 23:52:22.0434 0844 Boot (0x1200) (f36c09d2bb799e54f859934f484a2e49) \Device\Harddisk0\DR0\Partition0
2011/07/16 23:52:22.0452 0844 Boot (0x1200) (43e5d0a4b993f1263d8391ebea6c3cb0) \Device\Harddisk0\DR0\Partition1
2011/07/16 23:52:22.0479 0844 Boot (0x1200) (b579d1bf06b7f715c7cc98ca890ed2f0) \Device\Harddisk0\DR0\Partition2
2011/07/16 23:52:22.0499 0844 Boot (0x1200) (66d5c5b8f500ff967aafe3c8bc69e50f) \Device\Harddisk1\DR1\Partition0
2011/07/16 23:52:22.0547 0844 Boot (0x1200) (b765138833d9d8697db40f15642b8942) \Device\Harddisk2\DR2\Partition0
2011/07/16 23:52:22.0561 0844 ================================================================================
2011/07/16 23:52:22.0561 0844 Scan finished
2011/07/16 23:52:22.0561 0844 ================================================================================
2011/07/16 23:52:22.0574 3952 Detected object count: 0
2011/07/16 23:52:22.0574 3952 Actual detected object count: 0



ComboFix 11-07-15.03 - Michal 17.07.2011 0:03.4.4 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1250.420.1029.18.3582.2309 [GMT 2:00]
Spuštěný z: c:\users\Michal\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Michal\Desktop\CFScript.txt
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\SysWow64\RENEBC6.tmp"
"c:\windows\SysWow64\RENEBC7.tmp"
"c:\windows\SysWow64\RENEBC8.tmp"
"c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1629529035-4043197320-510236382-1000Core.job"
"c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1629529035-4043197320-510236382-1000UA.job"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_NAUpdate
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-06-16 do 2011-07-16 )))))))))))))))))))))))))))))))
.
.
2011-07-16 22:06 . 2011-07-16 22:06 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-07-16 21:31 . 2011-07-04 11:36 288088 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-07-16 21:31 . 2011-07-04 11:32 22360 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-07-16 21:30 . 2011-07-04 11:32 31064 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-07-16 21:30 . 2011-07-04 11:36 600920 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-07-16 21:30 . 2011-07-04 11:35 45400 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-07-16 21:30 . 2011-07-04 11:43 253888 ----a-w- c:\windows\system32\aswBoot.exe
2011-07-16 21:30 . 2011-07-04 11:32 64856 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-07-16 21:30 . 2011-07-04 11:43 40112 ----a-w- c:\windows\avastSS.scr
2011-07-16 21:30 . 2011-07-04 11:43 199304 ----a-w- c:\windows\SysWow64\aswBoot.exe
2011-07-16 21:30 . 2011-07-16 21:30 -------- d-----w- c:\programdata\AVAST Software
2011-07-16 21:30 . 2011-07-16 21:30 -------- d-----w- c:\program files\AVAST Software
2011-07-16 19:23 . 2011-06-07 17:10 8873296 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7E15793A-E104-44F5-B9DF-889925C80FA8}\mpengine.dll
2011-07-16 12:46 . 2011-07-16 12:47 -------- d-----w- C:\rsit
2011-07-16 12:46 . 2011-07-16 12:46 -------- d-----w- c:\program files\trend micro
2011-07-16 12:38 . 2011-07-16 12:38 -------- d-----w- c:\users\Michal\AppData\Roaming\Malwarebytes
2011-07-16 12:38 . 2010-12-20 16:09 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-07-16 12:38 . 2011-07-16 12:38 -------- d-----w- c:\programdata\Malwarebytes
2011-07-16 12:38 . 2011-07-16 12:38 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-07-16 12:38 . 2010-12-20 16:08 24152 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-16 12:17 . 2011-07-16 21:26 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-07-16 12:17 . 2011-07-16 21:26 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2011-07-16 12:05 . 2011-07-16 12:05 -------- d-----w- c:\users\Michal\AppData\Local\Downloaded Installations
2011-07-16 11:53 . 2011-07-16 11:53 -------- d-----w- c:\users\Michal\DoctorWeb
2011-07-16 10:17 . 2011-07-16 10:17 -------- d-----w- c:\users\Michal\AppData\Local\ElevatedDiagnostics
2011-07-16 10:04 . 2011-07-16 19:22 -------- d-----w- c:\programdata\PC Tools
2011-07-16 09:20 . 2011-07-16 09:20 388096 ----a-r- c:\users\Michal\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-07-16 09:20 . 2011-07-16 09:20 -------- d-----w- c:\program files (x86)\Trend Micro
2011-07-08 13:02 . 2011-07-08 13:03 -------- d-----w- c:\users\Michal\AppData\Local\Ahead
2011-07-08 13:02 . 2011-07-08 13:04 -------- d-----w- c:\users\Michal\AppData\Roaming\Ahead
2011-07-08 13:02 . 2011-07-08 13:02 -------- d-----w- c:\programdata\Ahead
2011-07-08 13:01 . 2011-07-08 13:02 -------- d-----w- c:\program files (x86)\Common Files\Ahead
2011-07-08 12:21 . 2011-07-08 12:21 -------- d-----w- c:\users\Michal\AppData\Roaming\Nero
2011-07-08 12:21 . 2011-07-08 13:01 -------- d-----w- c:\programdata\Nero
2011-07-08 12:21 . 2011-07-08 12:21 -------- d-----w- c:\program files (x86)\Common Files\Nero
2011-07-08 12:21 . 2011-07-08 13:01 -------- d-----w- c:\program files (x86)\Nero
2011-07-06 21:54 . 2011-07-15 20:34 -------- d-----w- c:\program files (x86)\Runes of Magic
2011-07-06 18:20 . 2011-07-06 21:54 -------- d-----w- c:\users\Michal\AppData\Roaming\FOG Downloader
2011-07-04 14:29 . 2011-07-04 14:29 -------- d-----w- c:\program files (x86)\Bethesda Softworks
2011-07-04 14:29 . 2005-04-03 21:02 753664 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iKernel.dll
2011-07-04 14:29 . 2005-04-03 21:02 69714 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\ctor.dll
2011-07-04 14:29 . 2005-04-03 21:01 274432 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iscript.dll
2011-07-04 14:29 . 2005-04-03 21:00 184320 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iuser.dll
2011-07-04 14:29 . 2005-04-03 21:00 63488 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\ISBEW64.exe
2011-07-04 14:29 . 2005-04-03 20:59 5632 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\DotNetInstaller.exe
2011-07-04 14:29 . 2011-07-04 14:29 200836 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iGdi.dll
2011-07-04 14:29 . 2011-07-04 14:29 331908 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\setup.dll
2011-07-04 14:28 . 2011-07-04 14:35 -------- d-----w- c:\users\Michal\AppData\Local\Oblivion
2011-06-30 19:18 . 2011-06-30 19:18 -------- d-----w- c:\users\Michal\AppData\Local\PunkBuster
2011-06-30 18:37 . 2011-07-02 19:47 -------- d-----w- c:\users\Michal\AppData\Roaming\HLSW
2011-06-30 18:37 . 2011-06-30 18:37 -------- d-s---w- c:\program files (x86)\HLSW
2011-06-30 13:40 . 2011-06-30 13:40 -------- d-sh--w- c:\windows\ftpcache
2011-06-30 13:27 . 2011-06-30 13:27 -------- d-----w- c:\program files (x86)\Activision
2011-06-26 09:30 . 2011-06-26 09:30 -------- d-----w- c:\users\Michal\AppData\Roaming\OpenOffice.org
2011-06-26 09:26 . 2011-06-26 09:26 -------- d-----w- c:\program files (x86)\OpenOffice.org 3
2011-06-26 09:25 . 2011-06-26 09:25 -------- d-----w- c:\program files (x86)\Java
2011-06-22 20:54 . 2011-06-22 20:54 -------- d-----w- c:\users\Michal\AppData\Local\SmallBasic
2011-06-22 20:53 . 2011-06-22 20:53 900608 ----a-r- c:\users\Michal\AppData\Roaming\Microsoft\Installer\{7AAA27E4-CDB3-49C0-AA2D-41827C001BA3}\StartMenuIcon.exe
2011-06-22 20:53 . 2011-06-22 20:53 -------- d-----w- c:\program files\Microsoft
2011-06-22 18:42 . 2011-06-22 19:47 -------- d-----w- c:\users\Michal\AppData\Roaming\PSpad
2011-06-22 18:42 . 2011-06-22 18:42 -------- d-----w- c:\program files (x86)\PSPad editor
2011-06-19 08:38 . 2011-06-19 08:38 254528 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2011-06-19 08:38 . 2011-06-19 08:39 -------- d-----w- c:\program files\DAEMON Tools Lite
2011-06-19 08:38 . 2011-06-19 08:40 -------- d-----w- c:\users\Michal\AppData\Roaming\DAEMON Tools Lite
2011-06-19 08:38 . 2011-06-19 08:38 -------- d-----w- c:\programdata\DAEMON Tools Lite
2011-06-19 08:35 . 2011-06-19 08:35 -------- d-----w- c:\users\Michal\AppData\Roaming\DAEMON Tools
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-28 16:46 . 2011-06-06 20:55 88288 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-06-28 16:46 . 2011-06-06 20:55 123784 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-06-07 14:37 . 2011-06-06 21:43 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-05-24 17:14 . 2011-06-06 21:18 270720 ------w- c:\windows\system32\MpSigStub.exe
2011-05-04 02:52 . 2011-06-08 19:44 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-04-14 16:38 . 2011-06-07 14:28 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-07-16_19.36.15 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-14 04:54 . 2011-07-16 22:07 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2011-07-16 19:18 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2011-07-16 19:18 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-07-16 22:07 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-07-16 19:18 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2011-07-16 22:07 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-06-06 18:47 . 2011-07-16 22:01 33380 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-07-16 22:01 29740 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
- 2011-06-06 20:50 . 2011-07-16 19:36 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-06-06 20:50 . 2011-07-16 22:08 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-06-06 20:50 . 2011-07-16 22:08 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-06-06 20:50 . 2011-07-16 19:36 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-06-06 20:50 . 2011-07-16 22:08 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-06-06 20:50 . 2011-07-16 19:36 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-06-06 19:14 . 2011-07-16 19:36 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-06-06 19:14 . 2011-07-16 22:08 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-06-06 19:14 . 2011-07-16 22:08 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-06-06 19:14 . 2011-07-16 19:36 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-06-06 18:39 . 2011-07-16 22:01 7476 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1629529035-4043197320-510236382-1000_UserData.bin
- 2011-07-16 19:36 . 2011-07-16 19:36 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-07-16 22:07 . 2011-07-16 22:07 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-14 02:36 . 2011-07-16 22:04 606992 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2011-07-16 19:30 606992 c:\windows\system32\perfh009.dat
- 2009-07-14 15:18 . 2011-07-16 19:30 622422 c:\windows\system32\perfh005.dat
+ 2009-07-14 15:18 . 2011-07-16 22:04 622422 c:\windows\system32\perfh005.dat
+ 2009-07-14 02:36 . 2011-07-16 22:04 103370 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2011-07-16 19:30 103370 c:\windows\system32\perfc009.dat
- 2009-07-14 15:18 . 2011-07-16 19:30 118604 c:\windows\system32\perfc005.dat
+ 2009-07-14 15:18 . 2011-07-16 22:04 118604 c:\windows\system32\perfc005.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-04-06 102400]
"tray_ico2"="" [BU]
"tray_ico3"="" [BU]
"tray_ico4"="" [BU]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-07-04 3493720]
.
c:\users\Michal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableSecureUIAPaths"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]
.
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-07-04 11:43 134384 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"combofix"="c:\combofix\CF12475.cfxxe" [X]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-11-02 11545192]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 10.0.34.3 88.86.107.86
.
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\OpenOffice.org 3\program\soffice.exe
c:\program files (x86)\OpenOffice.org 3\program\soffice.bin
.
**************************************************************************
.
Celkový čas: 2011-07-17 00:09:51 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-07-16 22:09
ComboFix2.txt 2011-07-16 19:38
.
Před spuštěním: Volných bajtů: 258 082 390 016
Po spuštění: Volných bajtů: 258 001 313 792
.
- - End Of File - - A84212D8DC096E916BB0B6A02F676C99
Nahr nˇ probŘhlo ŁspŘçnŘ

[vyosek]

Jeste jeden skript pro ComboFix - postup je stejny

Kód: Vybrat vše

KillAll::

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"tray_ico2"=-
"tray_ico3"=-
"tray_ico4"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"combofix"=-

Reboot::

[mkozlovsky]

ComboFix 11-07-17.01 - Michal 17.07.2011 11:25:37.5.4 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1250.420.1029.18.3582.2513 [GMT 2:00]
Spuštěný z: c:\users\Michal\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Michal\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-06-17 do 2011-07-17 )))))))))))))))))))))))))))))))
.
.
2011-07-17 09:29 . 2011-07-17 09:29 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-07-16 21:31 . 2011-07-04 11:36 288088 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-07-16 21:31 . 2011-07-04 11:32 22360 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-07-16 21:30 . 2011-07-04 11:32 31064 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-07-16 21:30 . 2011-07-04 11:36 600920 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-07-16 21:30 . 2011-07-04 11:35 45400 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-07-16 21:30 . 2011-07-04 11:43 253888 ----a-w- c:\windows\system32\aswBoot.exe
2011-07-16 21:30 . 2011-07-04 11:32 64856 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-07-16 21:30 . 2011-07-04 11:43 40112 ----a-w- c:\windows\avastSS.scr
2011-07-16 21:30 . 2011-07-04 11:43 199304 ----a-w- c:\windows\SysWow64\aswBoot.exe
2011-07-16 21:30 . 2011-07-16 21:30 -------- d-----w- c:\programdata\AVAST Software
2011-07-16 21:30 . 2011-07-16 21:30 -------- d-----w- c:\program files\AVAST Software
2011-07-16 19:23 . 2011-06-07 17:10 8873296 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7E15793A-E104-44F5-B9DF-889925C80FA8}\mpengine.dll
2011-07-16 12:46 . 2011-07-16 12:47 -------- d-----w- C:\rsit
2011-07-16 12:46 . 2011-07-16 12:46 -------- d-----w- c:\program files\trend micro
2011-07-16 12:38 . 2011-07-16 12:38 -------- d-----w- c:\users\Michal\AppData\Roaming\Malwarebytes
2011-07-16 12:38 . 2010-12-20 16:09 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-07-16 12:38 . 2011-07-16 12:38 -------- d-----w- c:\programdata\Malwarebytes
2011-07-16 12:38 . 2011-07-16 12:38 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-07-16 12:38 . 2010-12-20 16:08 24152 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-16 12:17 . 2011-07-16 21:26 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-07-16 12:17 . 2011-07-16 21:26 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2011-07-16 12:05 . 2011-07-16 12:05 -------- d-----w- c:\users\Michal\AppData\Local\Downloaded Installations
2011-07-16 11:53 . 2011-07-16 11:53 -------- d-----w- c:\users\Michal\DoctorWeb
2011-07-16 10:17 . 2011-07-16 10:17 -------- d-----w- c:\users\Michal\AppData\Local\ElevatedDiagnostics
2011-07-16 10:04 . 2011-07-16 19:22 -------- d-----w- c:\programdata\PC Tools
2011-07-16 09:20 . 2011-07-16 09:20 388096 ----a-r- c:\users\Michal\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-07-16 09:20 . 2011-07-16 09:20 -------- d-----w- c:\program files (x86)\Trend Micro
2011-07-08 13:02 . 2011-07-08 13:03 -------- d-----w- c:\users\Michal\AppData\Local\Ahead
2011-07-08 13:02 . 2011-07-08 13:04 -------- d-----w- c:\users\Michal\AppData\Roaming\Ahead
2011-07-08 13:02 . 2011-07-08 13:02 -------- d-----w- c:\programdata\Ahead
2011-07-08 13:01 . 2011-07-08 13:02 -------- d-----w- c:\program files (x86)\Common Files\Ahead
2011-07-08 12:21 . 2011-07-08 12:21 -------- d-----w- c:\users\Michal\AppData\Roaming\Nero
2011-07-08 12:21 . 2011-07-08 13:01 -------- d-----w- c:\programdata\Nero
2011-07-08 12:21 . 2011-07-08 12:21 -------- d-----w- c:\program files (x86)\Common Files\Nero
2011-07-08 12:21 . 2011-07-08 13:01 -------- d-----w- c:\program files (x86)\Nero
2011-07-06 21:54 . 2011-07-15 20:34 -------- d-----w- c:\program files (x86)\Runes of Magic
2011-07-06 18:20 . 2011-07-06 21:54 -------- d-----w- c:\users\Michal\AppData\Roaming\FOG Downloader
2011-07-04 14:29 . 2011-07-04 14:29 -------- d-----w- c:\program files (x86)\Bethesda Softworks
2011-07-04 14:29 . 2005-04-03 21:02 753664 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iKernel.dll
2011-07-04 14:29 . 2005-04-03 21:02 69714 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\ctor.dll
2011-07-04 14:29 . 2005-04-03 21:01 274432 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iscript.dll
2011-07-04 14:29 . 2005-04-03 21:00 184320 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iuser.dll
2011-07-04 14:29 . 2005-04-03 21:00 63488 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\ISBEW64.exe
2011-07-04 14:29 . 2005-04-03 20:59 5632 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\DotNetInstaller.exe
2011-07-04 14:29 . 2011-07-04 14:29 200836 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iGdi.dll
2011-07-04 14:29 . 2011-07-04 14:29 331908 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\setup.dll
2011-07-04 14:28 . 2011-07-04 14:35 -------- d-----w- c:\users\Michal\AppData\Local\Oblivion
2011-06-30 19:18 . 2011-06-30 19:18 -------- d-----w- c:\users\Michal\AppData\Local\PunkBuster
2011-06-30 18:37 . 2011-07-02 19:47 -------- d-----w- c:\users\Michal\AppData\Roaming\HLSW
2011-06-30 18:37 . 2011-06-30 18:37 -------- d-s---w- c:\program files (x86)\HLSW
2011-06-30 13:40 . 2011-06-30 13:40 -------- d-sh--w- c:\windows\ftpcache
2011-06-30 13:27 . 2011-06-30 13:27 -------- d-----w- c:\program files (x86)\Activision
2011-06-26 09:30 . 2011-06-26 09:30 -------- d-----w- c:\users\Michal\AppData\Roaming\OpenOffice.org
2011-06-26 09:26 . 2011-06-26 09:26 -------- d-----w- c:\program files (x86)\OpenOffice.org 3
2011-06-26 09:25 . 2011-06-26 09:25 -------- d-----w- c:\program files (x86)\Java
2011-06-22 20:54 . 2011-06-22 20:54 -------- d-----w- c:\users\Michal\AppData\Local\SmallBasic
2011-06-22 20:53 . 2011-06-22 20:53 900608 ----a-r- c:\users\Michal\AppData\Roaming\Microsoft\Installer\{7AAA27E4-CDB3-49C0-AA2D-41827C001BA3}\StartMenuIcon.exe
2011-06-22 20:53 . 2011-06-22 20:53 -------- d-----w- c:\program files\Microsoft
2011-06-22 18:42 . 2011-06-22 19:47 -------- d-----w- c:\users\Michal\AppData\Roaming\PSpad
2011-06-22 18:42 . 2011-06-22 18:42 -------- d-----w- c:\program files (x86)\PSPad editor
2011-06-19 08:38 . 2011-06-19 08:38 254528 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2011-06-19 08:38 . 2011-06-19 08:39 -------- d-----w- c:\program files\DAEMON Tools Lite
2011-06-19 08:38 . 2011-06-19 08:40 -------- d-----w- c:\users\Michal\AppData\Roaming\DAEMON Tools Lite
2011-06-19 08:38 . 2011-06-19 08:38 -------- d-----w- c:\programdata\DAEMON Tools Lite
2011-06-19 08:35 . 2011-06-19 08:35 -------- d-----w- c:\users\Michal\AppData\Roaming\DAEMON Tools
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-28 16:46 . 2011-06-06 20:55 88288 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-06-28 16:46 . 2011-06-06 20:55 123784 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-06-07 14:37 . 2011-06-06 21:43 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-05-24 17:14 . 2011-06-06 21:18 270720 ------w- c:\windows\system32\MpSigStub.exe
2011-05-04 02:52 . 2011-06-08 19:44 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-04-14 16:38 . 2011-06-07 14:28 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-07-16_19.36.15 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-14 04:54 . 2011-07-17 09:29 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2011-07-16 19:18 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2011-07-16 19:18 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-07-17 09:29 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-07-16 19:18 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2011-07-17 09:29 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-06-06 18:47 . 2011-07-17 09:22 33774 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-07-17 09:22 29876 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
- 2011-06-06 20:50 . 2011-07-16 19:36 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-06-06 20:50 . 2011-07-17 09:30 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-06-06 20:50 . 2011-07-17 09:30 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-06-06 20:50 . 2011-07-16 19:36 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-06-06 20:50 . 2011-07-17 09:30 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-06-06 20:50 . 2011-07-16 19:36 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-06-06 19:14 . 2011-07-16 19:36 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-06-06 19:14 . 2011-07-17 09:30 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-06-06 19:14 . 2011-07-17 09:30 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-06-06 19:14 . 2011-07-16 19:36 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-06-06 18:39 . 2011-07-17 09:22 7612 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1629529035-4043197320-510236382-1000_UserData.bin
- 2011-07-16 19:36 . 2011-07-16 19:36 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-07-17 09:29 . 2011-07-17 09:29 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-14 02:36 . 2011-07-17 09:25 606992 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2011-07-16 19:30 606992 c:\windows\system32\perfh009.dat
- 2009-07-14 15:18 . 2011-07-16 19:30 622422 c:\windows\system32\perfh005.dat
+ 2009-07-14 15:18 . 2011-07-17 09:25 622422 c:\windows\system32\perfh005.dat
+ 2009-07-14 02:36 . 2011-07-17 09:25 103370 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2011-07-16 19:30 103370 c:\windows\system32\perfc009.dat
- 2009-07-14 15:18 . 2011-07-16 19:30 118604 c:\windows\system32\perfc005.dat
+ 2009-07-14 15:18 . 2011-07-17 09:25 118604 c:\windows\system32\perfc005.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-04-06 102400]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-07-04 3493720]
.
c:\users\Michal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableSecureUIAPaths"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]
.
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-07-04 11:43 134384 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-11-02 11545192]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 10.0.34.3 88.86.107.86
.
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\OpenOffice.org 3\program\soffice.exe
c:\program files (x86)\OpenOffice.org 3\program\soffice.bin
c:\program files\AVAST Software\Avast\setup\avast.setup
.
**************************************************************************
.
Celkový čas: 2011-07-17 11:31:52 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-07-17 09:31
ComboFix2.txt 2011-07-16 22:10
ComboFix3.txt 2011-07-16 19:38
.
Před spuštěním: Volných bajtů: 258 088 738 816
Po spuštění: Volných bajtů: 257 760 460 800
.
- - End Of File - - 7ECB9722C125A891DC0B93F81B12EE65

[vyosek]

Jak se chova PC

[mkozlovsky]

Počítač pracuje bez problému. Je potřeba jestě něco udělat? Jinak díky moc za veškerou pomoc .

[vyosek]

Odinstalujte Combofix

• Start - Spustit (nebo pouzijte klavesobou zkratku Win+R)
• Napiste ComboFix /Uninstall
• Stisknete Enter
• Tohle smaze Combofix a jeho slozky

T-Cleaner http://vyosek.ic.cz/pro_usery/T-Cleaner.exe

• Stahnete a spustte
• Pro potvrzeni volby mackejte A, Enter
• Po pouziti utilitu smazte
• Antiviry touhou utilitu chybne oznacit jako vir - jedna se o falesny poplach - takze v pohode stahnete (pripadne vypnete pri stahovani antivir)

OTC http://oldtimer.geekstogo.com/OTC.exe

• Stahnete a spustte
• Kliknete na CleanUp a potvrdte YES
• Program uklidi a restartuje PC

TFC http://oldtimer.geekstogo.com/TFC.exe

• Stahnete a spustte
• Kliknete na Start a potvrdte OK
• Program uklidi a restartuje pc
• Po pouziti utilitu smazte

Stahnete Ccleaner (viz muj podpis)
Panel čistič

• Vse nechte jak je, jen dejte Analyzovat a pote Spustit CCleaner

Panel registry

• dejte Hledej problémy
• nasledne Opravit problémy - zalohu registru doporucuji udelat, opravte vsechny problemy
• postup opakujte dokud nebude bez problemu - vetsinou cca 3x

Panel nástroje

• Zde muzete odinstalovat nepotrebne programy

CCleaner doporucuji pouzivat cca jednou za tyden

Doinstalujte ServicePack 1 pro windows

A melo by to byt vse

[mkozlovsky]

Provedeno. Jestě jednou díky moc za pomoc, nevim co bych s tim jinak dělal..

[vyosek]

Nemate zac, rad jsem pomohl Zase nekdy