WIN32/Agent.SDG.Gen trojský kůň

Zpráva

krombi · #1 Příspěvek od **krombi** » 13 pro 2011 13:25

Dobrý den,

rád bych Vás poprosil o pomoc. NOD32 mi nalezl v boot sektoru následující vir: WIN32/Agent.SDG.Gen trojský kůň, ESET mi hlasí MBR sektor 1. fyzického disku. Léčení nezabírá.

Přikládám výpis z RSIT a mnohokrát děkuji předem za pomoc.

---------------------------------------------------------------------------------------
Logfile of random's system information tool 1.09 (written by random/random)
Run by Krombi at 2011-12-13 13:19:55
Microsoft Windows 7 Ultimate Service Pack 1
System drive C: has 4 GB (3%) free of 145 GB
Total RAM: 3062 MB (42% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:08:43, on 13.12.2011
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Bitvise WinSSHD\sshdctrl.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Lenovo\HOTKEY\tpfnf6r.exe
C:\Program Files\Lenovo\Message Center Plus\MCPLaunch.exe
C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\Windows\System32\TpShocks.exe
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\Program Files\Lenovo\Zoom\TpScrex.exe
C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe
C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE
C:\Windows\System32\rundll32.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Acronis\OnlineBackupStandalone\TrueImageMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Windows\Samsung\PanelMgr\SSMMgr.exe
C:\Windows\twain_32\Samsung\SCX4623W\Scan2Pc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Citrix\GoToMeeting\457\g2mstart.exe
C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe
C:\Users\Krombi\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Citrix\GoToMeeting\457\g2mcomm.exe
C:\Users\Krombi\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Citrix\GoToMeeting\457\g2mlauncher.exe
C:\Program Files\ThinkPad\Bluetooth Software\BtStackServer.exe
C:\Program Files\Lenovo\Client Security Solution\tvtpwm_tray.exe
C:\Windows\System32\mobsync.exe
C:\Users\Krombi\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Krombi\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
C:\Users\Krombi\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Krombi\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\rundll32.exe
C:\Users\Krombi\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Krombi\Desktop\RSIT.exe
C:\Program Files\trend micro\Krombi.exe
C:\Users\Krombi\AppData\Local\Google\Chrome\Application\chrome.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - c:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: ThinkVantage Password Manager - {F040E541-A427-4CF7-85D8-75E3E0F476C5} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - c:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [AwaySch] C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
O4 - HKLM\..\Run: [CameraApplicationLauncher] C:\Program Files\Lenovo\Camera Center\bin\CameraApplicationLaunchpadLauncher.exe
O4 - HKLM\..\Run: [cssauth] "C:\Program Files\Lenovo\Client Security Solution\cssauth.exe" silent
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [IaNvSrv] C:\Program Files\Intel\Intel Matrix Storage Manager\OROM\IaNvSrv\IaNvSrv.exe
O4 - HKLM\..\Run: [LENOVO.TPFNF6R] C:\Program Files\Lenovo\HOTKEY\TPFNF6R.exe
O4 - HKLM\..\Run: [Message Center Plus] C:\Program Files\LENOVO\Message Center Plus\MCPLaunch.exe /start
O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\ThinkVantage Fingerprint Software\launcher.exe" /startup
O4 - HKLM\..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
O4 - HKLM\..\Run: [WD Drive Manager] C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe
O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BTVLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [PWMTRV] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWMTR32V.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [WinSSHD Activation State Checker] "C:\Program Files\Bitvise WinSSHD\WinsshdActStateCheck.exe"
O4 - HKLM\..\Run: [SAOB Monitor] C:\Program Files\Acronis\OnlineBackupStandalone\TrueImageMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe /autorun
O4 - HKLM\..\Run: [4623FW Scan2PC] "C:\Windows\twain_32\Samsung\SCX4623W\Scan2Pc.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [GoToMeeting] "C:\Program Files\Citrix\GoToMeeting\457\g2mstart.exe" "/Trigger RunAtLogon"
O4 - HKCU\..\Run: [NokiaOviSuite2] C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe -tray
O4 - HKCU\..\Run: [chromium] C:\Users\Krombi\AppData\Local\Google\Chrome\Application\chrome.exe --no-startup-window
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Check for TWS Updates.lnk = C:\Jts\WiseUpdt.exe
O4 - Startup: Dropbox.lnk = Krombi\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O8 - Extra context menu item: &Translate - C:\Program Files\Arsenal Company\SOCRAT Internet\HTML\WSocrat.js
O8 - Extra context menu item: &Windows Live Search - res://c:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - DctMapping - (no file)
O9 - Extra button: (no name) - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O9 - Extra 'Tools' menuitem: ThinkVantage Password Manager... - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O9 - Extra button: Internet Translator 1.0 - {17FA5CD6-5737-45c2-B194-74C8A4A7F7E7} - C:\Program Files\Arsenal Company\SOCRAT Internet\SocratInternet.dll
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Internet Translator 1.0 Settings - {71F65890-5ED6-11d4-9665-00E02962D81A} - C:\Program Files\Arsenal Company\SOCRAT Internet\SocratInternetT.dll
O9 - Extra button: ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files\ICQ7.4\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files\ICQ7.4\ICQ.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: Translate Page - {DFDC8970-FD66-4385-B8C0-835A4AA1DA00} - C:\Program Files\Arsenal Company\SOCRAT Internet\SocratInternet.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Andrea Electronics Corporation - C:\Windows\system32\AEADISRV.EXE
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AST Service (astcc) - Advanced Software Technologies - C:\Windows\SYSTEM32\astsrv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
O23 - Service: CrossLoop Service (CrossLoopService) - CrossLoop - C:\Users\Krombi\AppData\Local\CrossLoop\CrossLoopService.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\Windows\system32\ibmpmsvc.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IPS Core Service (IPSSVC) - Lenovo Group Limited - C:\Windows\system32\IPSSVC.EXE
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: Lenovo Microphone Mute (LENOVO.MICMUTE) - Lenovo Group Limited - C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
O23 - Service: Power Manager DBC Service - Lenovo - C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Samsung Network Fax Server - Samsung Software Center, Moscow - C:\Windows\system32\spool\drivers\w32x86\3\NetFaxServer.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\program files\lenovo\system update\suservice.exe
O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\Windows\System32\TPHDEXLG.exe
O23 - Service: On Screen Display (TPHKSVC) - Lenovo Group Limited - C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
O23 - Service: TSS Core Service (TSSCoreService) - IBM - C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
O23 - Service: TightVNC Server (tvnserver) - GlavSoft LLC. - C:\Users\Krombi\AppData\Local\CrossLoop\tvnserver.exe
O23 - Service: TVT Backup Protection Service - Unknown owner - C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
O23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
O23 - Service: WD Drive Manager Service (WDBtnMgrSvc.exe) - WDC - C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe
O23 - Service: WinSSHD - Bitvise - C:\Program Files\Bitvise WinSSHD\WinSSHD.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 18089 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Check Updates for Windows Live Toolbar.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-852458815-2499913598-1969615966-1002Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-852458815-2499913598-1969615966-1002UA.job

=========Mozilla firefox=========

ProfilePath - C:\Users\Krombi\AppData\Roaming\Mozilla\Firefox\Profiles\5x3q1a5q.default

prefs.js - "browser.startup.homepage" - "http://www.igoogle.com/"
prefs.js - "extensions.enabledItems" - "{b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.7.3, smartwebprinting@hp.com:4.5, {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}:6.0.05, {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}:6.0.07, {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}:6.0.12, {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13, {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}:6.0.15, {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}:6.0.17, {20a82645-c095-46ed-80e3-08825760534b}:1.1, {a6ca9b3b-5e52-4f47-85d8-cca35bb57596}:1.4.6, {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.9, {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.15"
prefs.js - "keyword.URL" - "http://search.icq.com/search/afe_result ... r=1.3.3&q="

"bkmrksync@nokia.com"=C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\
"smartwebprinting@hp.com"=C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
"{20a82645-c095-46ed-80e3-08825760534b}"=c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
"{ABDE892B-13A8-4d1b-88E6-365A6E755758}"=C:\Program Files\Real\RealPlayer\browserrecord

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Apple.com/iTunes,version=]
"Description"=iTunes Detector Plug-in
"Path"=

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Apple.com/iTunes,version=1.0]
"Description"=
"Path"=C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@google.com/npPicasa3,version=3.0.0]
"Description"=Picasa3 plugin
"Path"=C:\Program Files\Picasa2\npPicasa3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nppl3260;version=6.0.12.46]
"Description"=RealPlayer(tm) LiveConnect-Enabled Plug-In
"Path"=C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nprjplug;version=1.0.3.46]
"Description"=RealJukebox Netscape Plugin
"Path"=C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.46]
"Description"=6.0.12.46
"Path"=C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=]
"Description"=
"Path"=

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll

C:\Program Files\Mozilla Firefox\extensions\
inspector@mozilla.org
{972ce4c6-7e08-4474-a285-3208198ce6fd}
{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}

C:\Program Files\Mozilla Firefox\components\
binary.manifest
browsercomps.dll
nppl3260.xpt
nsIQTScriptablePlugin.xpt
nsJSRealPlayerPlugin.xpt

C:\Program Files\Mozilla Firefox\plugins\
np-mswmp.dll
npatgpc.dll
npdeployJava1.dll
NPOFF12.DLL
nppdf32.dll
nppl3260.dll
npqtplugin.dll
npqtplugin2.dll
npqtplugin3.dll
npqtplugin4.dll
npqtplugin5.dll
npqtplugin6.dll
npqtplugin7.dll
nprjplug.dll
nprpjplug.dll
QuickTimePlugin.class
WMP Firefox Plugin License.rtf
WMP Firefox Plugin RelNotes.txt

C:\Program Files\Mozilla Firefox\searchplugins\
amazondotcom.xml
answers.xml
bing.xml
creativecommons.xml
eBay.xml
google.xml
wikipedia.xml
yahoo.xml

C:\Users\Krombi\AppData\Roaming\Mozilla\Firefox\Profiles\5x3q1a5q.default\extensions\
{20a82645-c095-46ed-80e3-08825760534b}
{800b5000-a755-47e1-992b-48a1c1357f07}
{a3b24d40-bac4-11dc-95ff-0800200c9a66}
{b9db16a4-6edc-47ec-a1f4-b86292ed211d}

C:\Users\Krombi\AppData\Roaming\Mozilla\Firefox\Profiles\5x3q1a5q.default\searchplugins\
icqplugin-1.xml
icqplugin-2.xml
icqplugin.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0347C33E-8762-4905-BF09-768834316C61}]
HP Print Enhancer - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-05-21 328248]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2008-04-17 308856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}]
Windows Live Toolbar Helper - c:\Program Files\Windows Live Toolbar\msntb.dll [2007-02-12 546672]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-10-18 42272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F040E541-A427-4CF7-85D8-75E3E0F476C5}]
CPwmIEBrowserHelper Object - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll [2007-08-09 795960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}]
HP Smart BHO Class - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-05-21 509496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - Windows Live Toolbar - c:\Program Files\Windows Live Toolbar\msntb.dll [2007-02-12 546672]
{855F3B16-6D32-4FE6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2010-09-06 1048888]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2007-12-07 1282048]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2008-10-06 824616]
"AwaySch"=C:\Program Files\Lenovo\AwayTask\AwaySch.EXE [2006-11-07 91688]
"CameraApplicationLauncher"=C:\Program Files\Lenovo\Camera Center\bin\CameraApplicationLaunchpadLauncher.exe [2007-08-23 16384]
"cssauth"=C:\Program Files\Lenovo\Client Security Solution\cssauth.exe [2007-08-09 2630968]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-05-08 54840]
"IAAnotif"=C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [2009-08-07 186904]
"IaNvSrv"=C:\Program Files\Intel\Intel Matrix Storage Manager\OROM\IaNvSrv\IaNvSrv.exe [2009-08-20 33304]
"LENOVO.TPFNF6R"=C:\Program Files\Lenovo\HOTKEY\TPFNF6R.exe [2009-08-20 62752]
"Message Center Plus"=C:\Program Files\LENOVO\Message Center Plus\MCPLaunch.exe [2009-05-27 49976]
"PSQLLauncher"=C:\Program Files\ThinkVantage Fingerprint Software\launcher.exe [2008-11-20 49928]
"TPHOTKEY"=C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe [2009-03-13 68976]
"TPKMAPHELPER"=C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe [2007-02-26 992816]
"TpShocks"=C:\Windows\system32\TpShocks.exe [2009-07-08 337184]
"TVT Scheduler Proxy"=C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe [2008-03-04 487424]
"WD Drive Manager"=C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe [2008-05-16 430080]
"BLOG"=rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BTVLogEx.DLL,StartBattLog []
"EZEJMNAP"=C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe [2008-10-08 256576]
"PWMTRV"=rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWMTR32V.DLL,PwrMgrBkGndMonitor []
"egui"=C:\Program Files\ESET\ESET Smart Security\egui.exe [2009-11-16 2054360]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2008-04-17 185896]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2009-08-06 141848]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2009-08-06 173592]
"Persistence"=C:\Windows\system32\igfxpers.exe [2009-08-06 150552]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2011-06-08 37296]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2011-03-30 937920]
"WinSSHD Activation State Checker"=C:\Program Files\Bitvise WinSSHD\WinsshdActStateCheck.exe [2011-02-15 247040]
"SAOB Monitor"=C:\Program Files\Acronis\OnlineBackupStandalone\TrueImageMonitor.exe [2010-03-02 2535312]
"Acronis Scheduler2 Service"=C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe [2010-03-02 361632]
"NokiaMServer"=C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup []
"Windows Mobile Device Center"=C:\Windows\WindowsMobile\wmdc.exe [2007-05-31 648072]
"Samsung PanelMgr"=C:\Windows\Samsung\PanelMgr\SSMMgr.exe [2010-02-09 618496]
"4623FW Scan2PC"=C:\Windows\twain_32\Samsung\SCX4623W\Scan2Pc.exe [2010-02-11 1982464]
"APSDaemon"=C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [2011-09-27 59240]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2011-10-09 421736]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2011-10-24 421888]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2011-06-09 254696]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"GoToMeeting"=C:\Program Files\Citrix\GoToMeeting\457\g2mstart.exe [2010-06-03 39816]
"NokiaOviSuite2"=C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe [2011-09-01 966712]
"chromium"=C:\Users\Krombi\AppData\Local\Google\Chrome\Application\chrome.exe [2011-11-15 1036344]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2011-10-13 17351304]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ACTray]
C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe [2009-07-29 435488]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ACWlIcon]
C:\Program Files\ThinkPad\ConnectUtilities\ACWlIcon.exe [2009-07-29 177440]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AMSG]
C:\PROGRA~1\THINKV~1\AMSG\Amsg.exe [2009-04-29 424512]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe [2006-09-28 57344]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
C:\Program Files\ICQ7.0\ICQ.exe silent loginmode=4 []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LPMailChecker]
C:\PROGRA~1\THINKV~1\PrdCtr\LPMLCHK.EXE [2009-01-29 124248]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LPManager]
C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.EXE [2009-01-29 185688]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe [2009-11-11 1451520]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2011-10-24 421888]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2008-04-17 185896]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPFNF7]
C:\PROGRA~1\Lenovo\NPDIRECT\TPFNF7SP.exe [2009-04-16 61728]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
C:\PROGRA~1\Adobe\READER~1.0\Reader\READER~1.EXE [2011-06-08 37296]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
C:\PROGRA~1\Adobe\READER~1.0\Reader\ADOBEC~1.EXE [2011-06-07 550360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe [2009-05-21 275768]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Krombi^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Check for TWS Updates.lnk]
C:\Jts\WiseUpdt.exe [2006-11-08 194775]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Bluetooth.lnk - C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe

C:\Users\Krombi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
Check for TWS Updates.lnk - C:\Jts\WiseUpdt.exe
Dropbox.lnk - C:\Users\Krombi\AppData\Roaming\Dropbox\bin\Dropbox.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2007-04-19 294912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2009-08-06 217600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\psfus]
C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll [2008-11-20 95496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\system32\webcheck.dll [2011-04-24 203776]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=scecli
C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"DisableCAD"=1
"legalnoticetext"=
"SynchronousMachineGroupPolicy"=0
"SynchronousUserGroupPolicy"=0
"SoftwareSASGeneration"=3

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDesktopCleanupWizard"=1
"NoDriveTypeAutoRun"=145
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=0
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll
"MSVideo"=CSvidcap.dll
"vidc.tscc"=tsccvid.dll
"vidc.XVID"=xvidvfw.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"VIDC.YV12"=yv12vfw.dll
"msacm.ac3acm"=ac3acm.acm
"msacm.lameacm"=lameACM.acm
"VIDC.FFDS"=ff_vfw.dll

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

======List of files/folders created in the last 1 month======

2011-12-13 13:08:22 ----D---- C:\rsit
2011-12-13 13:08:22 ----D---- C:\Program Files\trend micro
2011-12-12 22:54:11 ----D---- C:\ProgramData\I.CA SecureStore
2011-12-12 22:54:11 ----D---- C:\Program Files\I.CA SecureStore
2011-12-12 22:53:28 ----D---- C:\Program Files\Gemalto
2011-12-12 22:27:28 ----D---- C:\$RECYCLE.BIN
2011-12-12 22:11:35 ----A---- C:\Windows\zip.exe
2011-12-12 22:11:35 ----A---- C:\Windows\SWSC.exe
2011-12-12 22:11:35 ----A---- C:\Windows\SWREG.exe
2011-12-12 22:11:35 ----A---- C:\Windows\sed.exe
2011-12-12 22:11:35 ----A---- C:\Windows\PEV.exe
2011-12-12 22:11:35 ----A---- C:\Windows\NIRCMD.exe
2011-12-12 22:11:35 ----A---- C:\Windows\MBR.exe
2011-12-12 22:11:35 ----A---- C:\Windows\grep.exe
2011-12-12 22:11:28 ----D---- C:\Windows\ERDNT
2011-12-12 22:11:28 ----D---- C:\ComboFix
2011-12-12 22:11:26 ----D---- C:\Qoobox
2011-12-12 21:03:47 ----A---- C:\TDSSKiller.2.6.22.0_12.12.2011_21.03.47_log.txt
2011-12-12 20:53:58 ----A---- C:\TDSSKiller.2.6.22.0_12.12.2011_20.53.58_log.txt
2011-11-22 20:04:06 ----D---- C:\Program Files\NinjaTrader 7
2011-11-21 11:01:19 ----A---- C:\Windows\system32\javaws.exe
2011-11-21 11:01:19 ----A---- C:\Windows\system32\javaw.exe
2011-11-21 11:01:19 ----A---- C:\Windows\system32\java.exe
2011-11-16 13:39:59 ----D---- C:\BracketTrader
2011-11-16 13:23:11 ----D---- C:\Program Files\TSimPlus

======List of files/folders modified in the last 1 month======

2011-12-13 13:08:42 ----D---- C:\Windows\Temp
2011-12-13 13:08:22 ----RD---- C:\Program Files
2011-12-13 13:04:00 ----D---- C:\Users\Krombi\AppData\Roaming\Skype
2011-12-13 12:07:19 ----D---- C:\Windows\system32\config
2011-12-12 23:09:54 ----D---- C:\Windows\system32\drivers
2011-12-12 23:09:41 ----D---- C:\Windows\inf
2011-12-12 22:54:38 ----D---- C:\Windows\system32\Tasks
2011-12-12 22:54:19 ----D---- C:\Windows\Tasks
2011-12-12 22:54:15 ----SHD---- C:\Windows\Installer
2011-12-12 22:54:14 ----D---- C:\Config.Msi
2011-12-12 22:54:11 ----D---- C:\Windows\System32
2011-12-12 22:54:11 ----D---- C:\ProgramData
2011-12-12 22:53:53 ----SHD---- C:\System Volume Information
2011-12-12 22:53:32 ----D---- C:\Windows\system32\DriverStore
2011-12-12 22:53:32 ----D---- C:\Windows\system32\catroot
2011-12-12 22:52:30 ----D---- C:\Windows\winsxs
2011-12-12 22:37:57 ----D---- C:\Program Files\Mozilla Thunderbird
2011-12-12 22:30:09 ----A---- C:\Windows\system32\PROCDB.INI
2011-12-12 22:29:50 ----D---- C:\Users\Krombi\AppData\Roaming\Dropbox
2011-12-12 22:29:08 ----D---- C:\Windows\Prefetch
2011-12-12 22:27:35 ----D---- C:\Windows
2011-12-12 22:27:35 ----A---- C:\Windows\system.ini
2011-12-12 22:27:21 ----D---- C:\Windows\system32\drivers\etc
2011-12-12 22:26:54 ----A---- C:\Windows\system32\IPSCtrl.INI
2011-12-12 22:20:36 ----D---- C:\Windows\AppPatch
2011-12-12 22:20:35 ----D---- C:\Program Files\Common Files
2011-12-12 22:12:56 ----D---- C:\Windows\system32\catroot2
2011-12-12 21:32:32 ----D---- C:\Program Files\ESET
2011-12-12 21:28:16 ----D---- C:\Program Files\MagicISO
2011-12-12 21:27:37 ----RSD---- C:\Windows\Fonts
2011-12-12 21:27:37 ----N---- C:\Windows\win.ini
2011-12-12 21:25:31 ----D---- C:\Program Files\Common Files\Arsenal Shared
2011-12-12 17:51:06 ----D---- C:\Windows\debug
2011-12-11 23:07:05 ----D---- C:\Program Files\Opera
2011-12-11 18:56:47 ----RD---- C:\Program Files\Skype
2011-12-11 18:56:44 ----D---- C:\ProgramData\Skype
2011-12-05 23:47:54 ----D---- C:\Jts
2011-11-27 23:07:36 ----A---- C:\Windows\system32\PerfStringBackup.INI
2011-11-23 19:37:01 ----A---- C:\Windows\ib.ini
2011-11-23 00:55:45 ----D---- C:\Program Files\SamsungPrinterLiveUpdate
2011-11-22 22:16:37 ----RSD---- C:\Windows\Media
2011-11-21 11:01:55 ----D---- C:\Program Files\Common Files\Java
2011-11-21 11:01:18 ----D---- C:\Program Files\Java
2011-11-14 20:21:26 ----D---- C:\Program Files\QuickTime
2011-11-14 20:19:24 ----D---- C:\Program Files\Common Files\Apple

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 DRVMCDB;DRVMCDB; C:\Windows\System32\Drivers\DRVMCDB.SYS [2007-03-12 99848]
R0 iaNvStor;Intel(R) Turbo Memory Controller; C:\Windows\system32\DRIVERS\iaNvStor.sys [2009-02-02 229400]
R0 iaStor;Intel AHCI Controller; C:\Windows\system32\DRIVERS\iaStor.sys [2009-08-07 330264]
R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12368]
R0 PxHelp20;PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [2007-02-02 43528]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 173440]
R0 Shockprf;Shockprf; C:\Windows\System32\DRIVERS\Apsx86.sys [2009-06-29 117800]
R0 TPDIGIMN;TPDIGIMN; C:\Windows\System32\DRIVERS\ApsHM86.sys [2009-06-29 20520]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-20 388096]
R1 DLACDBHM;DLACDBHM; C:\Windows\System32\Drivers\DLACDBHM.SYS [2007-02-09 12856]
R1 DLARTL_M;DLARTL_M; C:\Windows\System32\Drivers\DLARTL_M.SYS [2007-02-09 28120]
R1 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [2009-11-16 108792]
R1 ElbyCDIO;ElbyCDIO Driver; C:\Windows\System32\Drivers\ElbyCDIO.sys [2007-08-07 25160]
R1 lenovo.smi;Lenovo System Interface Driver; C:\Windows\system32\DRIVERS\smiif32.sys [2008-05-12 13480]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [2008-03-01 8944]
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys [2008-03-01 51440]
R1 TPPWRIF;TPPWRIF; C:\Windows\System32\drivers\Tppwr32v.sys [2009-09-09 11552]
R2 DLABMFSM;DLABMFSM; C:\Windows\System32\DLA\DLABMFSM.SYS [2007-03-14 35064]
R2 DLABOIOM;DLABOIOM; C:\Windows\System32\DLA\DLABOIOM.SYS [2007-03-14 32472]
R2 DLADResM;DLADResM; C:\Windows\System32\DLA\DLADResM.SYS [2007-03-14 9400]
R2 DLAIFS_M;DLAIFS_M; C:\Windows\System32\DLA\DLAIFS_M.SYS [2007-03-14 104824]
R2 DLAOPIOM;DLAOPIOM; C:\Windows\System32\DLA\DLAOPIOM.SYS [2007-03-14 26744]
R2 DLAPoolM;DLAPoolM; C:\Windows\System32\DLA\DLAPoolM.SYS [2007-03-14 14520]
R2 DLAUDF_M;DLAUDF_M; C:\Windows\System32\DLA\DLAUDF_M.SYS [2007-03-14 98104]
R2 DLAUDFAM;DLAUDFAM; C:\Windows\System32\DLA\DLAUDFAM.SYS [2007-03-14 94648]
R2 DRVNDDM;DRVNDDM; C:\Windows\System32\Drivers\DRVNDDM.SYS [2007-02-09 51768]
R2 eamon;eamon; C:\Windows\system32\DRIVERS\eamon.sys [2009-11-16 116520]
R2 epfw;epfw; C:\Windows\system32\DRIVERS\epfw.sys [2009-12-18 135048]
R2 epfwwfp;epfwwfp; C:\Windows\system32\DRIVERS\epfwwfp.sys [2009-12-18 38240]
R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2006-06-19 12672]
R2 PROCDD;IPS Helper Driver; C:\Windows\system32\DRIVERS\PROCDD.SYS [2006-11-06 12080]
R2 smihlp2;SMI Helper Driver (smihlp2); \??\C:\Program Files\Common Files\ThinkVantage Fingerprint Software\Drivers\smihlp.sys [2008-11-20 12560]
R2 SSPORT;SSPORT; \??\C:\Windows\system32\Drivers\SSPORT.sys [2009-10-27 5120]
R2 tvtfilter;tvtfilter; C:\Windows\system32\DRIVERS\tvtfilter.sys [2009-12-19 40384]
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\ADIHdAud.sys [2007-12-07 348160]
R3 BthEnum;Bluetooth Request Block Driver; C:\Windows\system32\drivers\BthEnum.sys [2009-07-14 34816]
R3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 93696]
R3 BTHUSB;Bluetooth Radio USB Driver; C:\Windows\System32\Drivers\BTHUSB.sys [2011-04-28 60416]
R3 btwaudio;Bluetooth Audio Device Service; C:\Windows\system32\drivers\btwaudio.sys [2008-03-17 81960]
R3 btwavdt;Bluetooth AVDT Service; C:\Windows\system32\drivers\btwavdt.sys [2008-03-17 100392]
R3 btwl2cap;Bluetooth L2CAP Service; C:\Windows\system32\DRIVERS\btwl2cap.sys [2008-01-29 29736]
R3 btwrchid;btwrchid; C:\Windows\system32\DRIVERS\btwrchid.sys [2008-03-17 17320]
R3 e1express;Intel(R) PRO/1000 PCI Express Network Connection Driver; C:\Windows\system32\DRIVERS\e1e6032.sys [2008-03-05 223360]
R3 ElbyCDFL;ElbyCDFL; C:\Windows\System32\Drivers\ElbyCDFL.sys [2007-02-16 34760]
R3 Epfwndis;Eset Personal Firewall; C:\Windows\system32\DRIVERS\Epfwndis.sys [2010-01-08 33096]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\HSX_DPV.sys [2007-11-01 985600]
R3 HSXHWAZL;HSXHWAZL; C:\Windows\system32\DRIVERS\HSXHWAZL.sys [2007-11-01 208896]
R3 IBMPMDRV;IBMPMDRV; C:\Windows\system32\DRIVERS\ibmpmdrv.sys [2009-08-24 24872]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2009-08-06 4786688]
R3 LenovoRd;LenovoRd; C:\Windows\System32\Drivers\LenovoRd.sys [2007-06-08 81280]
R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
R3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 129536]
R3 SNP2UVC;USB2.0 PC Camera (SNP2UVC); C:\Windows\system32\DRIVERS\snp2uvc.sys [2008-11-25 1754368]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2008-10-06 181168]
R3 TcUsb;TC USB Kernel Driver; C:\Windows\System32\Drivers\tcusb.sys [2008-10-10 50704]
R3 TPM;TPM; C:\Windows\system32\drivers\tpm.sys [2009-07-14 30720]
S2 DgiVecp;DgiVecp; \??\C:\Windows\system32\Drivers\DgiVecp.sys []
S2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
S3 adusbser;AnyDATA USB Device for Legacy Serial Communication; C:\Windows\system32\DRIVERS\adusbser.sys [2007-11-14 100992]
S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]
S3 amdagp;AMD AGP Bus Filter Driver; C:\Windows\system32\drivers\amdagp.sys [2009-07-14 53312]
S3 ASPI;Advanced SCSI Programming Interface Driver; \??\C:\Windows\System32\DRIVERS\ASPI32.sys [2002-07-17 84832]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-13 229888]
S3 BTHPORT;Bluetooth Port Driver; C:\Windows\System32\Drivers\BTHport.sys [2011-04-28 393728]
S3 catchme;catchme; \??\C:\Users\JANROH~1\AppData\Local\Temp\catchme.sys []
S3 dot4;MS IEEE-1284.4 Driver; C:\Windows\system32\DRIVERS\Dot4.sys [2009-07-14 131072]
S3 Dot4Print;Print Class Driver for IEEE-1284.4; C:\Windows\system32\drivers\Dot4Prt.sys [2010-11-20 16384]
S3 dot4usb;Dot4USB Filter Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys [2009-07-14 36864]
S3 GemCCID;GemCCID; C:\Windows\System32\Drivers\GemCCID.sys [2009-08-10 89600]
S3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2008-10-01 25280]
S3 nmwcd;Nokia USB Phone Parent Driver; C:\Windows\system32\drivers\ccdcmb.sys [2011-05-18 18176]
S3 nmwcdc;Nokia USB Communication Driver; C:\Windows\system32\drivers\ccdcmbo.sys [2011-05-18 23168]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-20 133632]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2010-11-20 15872]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-20 5632]
S3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS [2006-02-17 4096]
S3 sisagp;SIS AGP Bus Filter; C:\Windows\system32\drivers\sisagp.sys [2009-07-14 52304]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-20 28032]
S3 Synth3dVsc;Synth3dVsc; C:\Windows\System32\drivers\synth3dvsc.sys []
S3 TsUsbFlt;@%SystemRoot%\system32\drivers\tsusbflt.sys,-1; C:\Windows\System32\drivers\tsusbflt.sys [2010-11-20 52224]
S3 tsusbhub;@%SystemRoot%\system32\drivers\tsusbhub.sys,-1; C:\Windows\system32\drivers\tsusbhub.sys []
S3 upperdev;upperdev; C:\Windows\system32\DRIVERS\usbser_lowerflt.sys [2011-05-18 8192]
S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2011-08-02 42496]
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2009-07-14 35840]
S3 usbser;USB Modem Driver; C:\Windows\system32\drivers\usbser.sys [2010-11-20 27648]
S3 UsbserFilt;UsbserFilt; C:\Windows\system32\DRIVERS\usbser_lowerfltj.sys [2011-05-18 8192]
S4 RsFx0150;RsFx0150 Driver; C:\Windows\system32\DRIVERS\RsFx0150.sys [2010-04-03 240608]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AcPrfMgrSvc;Ac Profile Manager Service; C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe [2009-07-29 124192]
R2 AcrSch2Svc;Acronis Scheduler2 Service; C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [2010-03-02 660664]
R2 AcSvc;Access Connections Main Service; C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe [2009-07-29 238880]
R2 AEADIFilters;Andrea ADI Filters Service; C:\Windows\system32\AEADISRV.EXE [2007-12-07 69632]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2011-10-09 55144]
R2 astcc;AST Service; C:\Windows\SYSTEM32\astsrv.exe [2006-02-26 53248]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2011-08-30 390504]
R2 btwdins;Bluetooth Service; C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe [2008-03-17 518696]
R2 CrossLoopService;CrossLoop Service; C:\Users\Krombi\AppData\Local\CrossLoop\CrossLoopService.exe [2011-09-07 569072]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2009-11-16 735960]
R2 EvtEng;Intel(R) PROSet/Wireless Event Log; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [2007-11-19 794624]
R2 hpqddsvc;HP CUE DeviceDiscovery Service; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R2 HPSLPSVC;HP Network Devices Support; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R2 IAANTMON;Intel(R) Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe [2009-08-07 354840]
R2 IBMPMSVC;ThinkPad PM Service; C:\Windows\system32\ibmpmsvc.exe [2009-08-24 38176]
R2 ICQ Service;ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [2010-09-06 247096]
R2 IPSSVC;IPS Core Service; C:\Windows\system32\IPSSVC.EXE [2007-01-30 108080]
R2 IviRegMgr;IviRegMgr; C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe [2007-01-05 112152]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2006-10-26 335872]
R2 MSSQL$SQLEXPRESS;SQL Server (SQLEXPRESS); c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2010-12-10 29293408]
R2 MSSQLSERVER;SQL Server (MSSQLSERVER); c:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\sqlservr.exe [2010-04-03 42884448]
R2 Power Manager DBC Service;Power Manager DBC Service; C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE [2009-09-09 75040]
R2 RapiMgr;@%windir%\WindowsMobile\rapimgr.dll,-104; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R2 RegSrvc;Intel(R) PROSet/Wireless Registry Service; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [2007-11-19 483328]
R2 Samsung Network Fax Server;Samsung Network Fax Server; C:\Windows\system32\spool\drivers\w32x86\3\NetFaxServer.exe [2009-12-02 165888]
R2 SQLBrowser;SQL Server Browser; c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2010-04-03 267616]
R2 SQLWriter;SQL Server VSS Writer; c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2010-04-03 97632]
R2 SUService;System Update; c:\program files\lenovo\system update\suservice.exe [2009-05-15 28672]
R2 TPHKSVC;On Screen Display; C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe [2009-07-15 62320]
R2 TSSCoreService;TSS Core Service; C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe [2007-08-09 722232]
R3 hpqcxs08;hpqcxs08; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2011-10-09 821608]
R3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2011-06-08 633856]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 LENOVO.MICMUTE;Lenovo Microphone Mute; C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe [2009-07-03 45424]
S2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S2 Roxio Upnp Server 9;Roxio Upnp Server 9; C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe [2007-01-12 294912]
S2 ThinkVantage Registry Monitor Service;ThinkVantage Registry Monitor Service; C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe [2007-08-09 644408]
S2 TVT Backup Protection Service;TVT Backup Protection Service; C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe [2007-07-10 569344]
S2 TVT Backup Service;TVT Backup Service; C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe [2009-02-11 958464]
S2 TVT Scheduler;TVT Scheduler; c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe [2008-03-04 1122304]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2008-04-19 72704]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe [2009-11-16 20680]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-12-19 655624]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-01-04 136120]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2008-10-24 145248]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 Roxio UPnP Renderer 9;Roxio UPnP Renderer 9; C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe [2007-01-12 57344]
S3 RoxMediaDB9;RoxMediaDB9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [2007-04-22 880640]
S3 stllssvr;stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe [2007-05-30 73728]
S3 TPHDEXLGSVC;ThinkPad HDD APS Logging Service; C:\Windows\System32\TPHDEXLG.exe [2009-06-29 39976]
S3 tvnserver;TightVNC Server; C:\Users\Krombi\AppData\Local\CrossLoop\tvnserver.exe [2010-07-21 814080]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S4 MSSQLServerADHelper;SQL Server Active Directory Helper; c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [2010-12-10 44384]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service; c:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2010-04-03 44896]
S4 SQLSERVERAGENT;SQL Server Agent (MSSQLSERVER); c:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\SQLAGENT.EXE [2010-04-03 367456]

-----------------EOF-----------------

#2 Příspěvek od **vyosek** » 13 pro 2011 13:41

Zdravim a pekny den preji

vy umite pouzivat ComboFix - aplikovat, vylustit log a nasledne napsat skript na docisteni

Nebezpeci CFka

Je urcen primarne pro radce - jeho svevolnym pouzitim ztracite narok na podporu
Maze stopy po haveti, takze v logu z RSIT neni nic videt
Jeho log je treba dolustit, jelikoz neumi smazat vse - to ovsem tezko zvladnete pokud k tomu nejste vyskolen
CF muze mit bug = sunda Vam system, pokud nevite kam co uklada, jak co obnovit, mate system v kytkam a ceka Vas reinstal
CF taky bohuzel prozatim nekontroluje nektere dulezite knihovny (napr. hal.dll) - ty treba mazou nektere typy haveti (napr. angela) - smaze Vam po restartu hal.dll = nenajede Vam system a jste o radek vyse = reinstal

Mrknete jestli mate log z ComboFixu (c:\combofix.txt)

vcera jste delal 2x TDSSKiller, poprosim o oba logy - jsou primo na c:\

Takoveto samoleceni a pak az si prijit pro radu je na prd, jen smazete stopy a stejne si nepomuzete, jelikoz nevite jak co pouzit a v jakem poradi

krombi · #3 Příspěvek od **krombi** » 13 pro 2011 14:54

Děkuji za rychlou odpověď.

Ad combofix - měl bych to zvládnout, včera jsem si ho stáhl z jiného vlákna, které řeší tento trojan. Ten log ale z combofixu nemám.

Provedl jsem i 2x ten proces TDSKiller, jak píšete. Co mě trochu zarazilo je, že v podstatě nic nenalezl, pokud to čtu správně.

Omlouvám se, příště samozřejmě budu psát rovnou, snažil jsem se inspirovat předchozími návody, zatím ale neúspěšně...

První:

20:53:58.0637 6088 TDSS rootkit removing tool 2.6.22.0 Dec 7 2011 13:21:06
20:53:59.0584 6088 ============================================================
20:53:59.0584 6088 Current date / time: 2011/12/12 20:53:59.0584
20:53:59.0584 6088 SystemInfo:
20:53:59.0584 6088
20:53:59.0584 6088 OS Version: 6.1.7601 ServicePack: 1.0
20:53:59.0584 6088 Product type: Workstation
20:53:59.0585 6088 ComputerName: JOHNY
20:53:59.0585 6088 UserName: Krombi
20:53:59.0585 6088 Windows directory: C:\Windows
20:53:59.0585 6088 System windows directory: C:\Windows
20:53:59.0585 6088 Processor architecture: Intel x86
20:53:59.0585 6088 Number of processors: 2
20:53:59.0585 6088 Page size: 0x1000
20:53:59.0585 6088 Boot type: Normal boot
20:53:59.0585 6088 ============================================================
20:54:00.0546 6088 Initialize success
20:54:07.0134 4620 ============================================================
20:54:07.0134 4620 Scan started
20:54:07.0134 4620 Mode: Manual;
20:54:07.0135 4620 ============================================================
20:54:12.0510 4620 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
20:54:12.0542 4620 1394ohci - ok
20:54:12.0648 4620 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
20:54:12.0663 4620 ACPI - ok
20:54:12.0719 4620 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
20:54:12.0749 4620 AcpiPmi - ok
20:54:12.0989 4620 ADIHdAudAddService (a51ea92451897824c5c7474a160af773) C:\Windows\system32\drivers\ADIHdAud.sys
20:54:13.0062 4620 ADIHdAudAddService - ok
20:54:13.0128 4620 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
20:54:13.0201 4620 adp94xx - ok
20:54:13.0241 4620 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
20:54:13.0261 4620 adpahci - ok
20:54:13.0447 4620 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
20:54:13.0474 4620 adpu320 - ok
20:54:13.0545 4620 adusbser (d9fde4ee2b1b115a78014921b84da635) C:\Windows\system32\DRIVERS\adusbser.sys
20:54:13.0551 4620 adusbser - ok
20:54:13.0641 4620 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
20:54:13.0646 4620 AFD - ok
20:54:13.0821 4620 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
20:54:13.0856 4620 agp440 - ok
20:54:13.0958 4620 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
20:54:13.0991 4620 aic78xx - ok
20:54:14.0090 4620 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
20:54:14.0115 4620 aliide - ok
20:54:14.0153 4620 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
20:54:14.0178 4620 amdagp - ok
20:54:14.0357 4620 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
20:54:14.0394 4620 amdide - ok
20:54:14.0477 4620 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
20:54:14.0506 4620 AmdK8 - ok
20:54:14.0540 4620 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
20:54:14.0569 4620 AmdPPM - ok
20:54:14.0644 4620 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
20:54:14.0669 4620 amdsata - ok
20:54:14.0808 4620 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
20:54:14.0838 4620 amdsbs - ok
20:54:14.0886 4620 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
20:54:14.0902 4620 amdxata - ok
20:54:14.0986 4620 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
20:54:15.0044 4620 AppID - ok
20:54:15.0270 4620 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
20:54:15.0287 4620 arc - ok
20:54:15.0337 4620 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
20:54:15.0354 4620 arcsas - ok
20:54:15.0436 4620 ASPI (e54e27976e2c5a6465d44c10b1d87ac0) C:\Windows\System32\DRIVERS\ASPI32.sys
20:54:15.0473 4620 ASPI - ok
20:54:15.0671 4620 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
20:54:15.0711 4620 AsyncMac - ok
20:54:15.0814 4620 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
20:54:15.0847 4620 atapi - ok
20:54:15.0926 4620 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
20:54:15.0935 4620 b06bdrv - ok
20:54:15.0984 4620 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
20:54:16.0043 4620 b57nd60x - ok
20:54:16.0222 4620 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
20:54:16.0256 4620 Beep - ok
20:54:16.0319 4620 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
20:54:16.0357 4620 blbdrive - ok
20:54:16.0426 4620 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
20:54:16.0462 4620 bowser - ok
20:54:16.0502 4620 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
20:54:16.0505 4620 BrFiltLo - ok
20:54:16.0676 4620 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
20:54:16.0681 4620 BrFiltUp - ok
20:54:16.0754 4620 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
20:54:16.0764 4620 Brserid - ok
20:54:16.0807 4620 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
20:54:16.0813 4620 BrSerWdm - ok
20:54:16.0846 4620 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
20:54:16.0851 4620 BrUsbMdm - ok
20:54:16.0888 4620 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
20:54:16.0892 4620 BrUsbSer - ok
20:54:17.0049 4620 BthEnum (2865a5c8e98c70c605f417908cebb3a4) C:\Windows\system32\drivers\BthEnum.sys
20:54:17.0050 4620 BthEnum - ok
20:54:17.0132 4620 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
20:54:17.0168 4620 BTHMODEM - ok
20:54:17.0242 4620 BthPan (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\Windows\system32\DRIVERS\bthpan.sys
20:54:17.0244 4620 BthPan - ok
20:54:17.0287 4620 BTHPORT (c2fbf6d271d9a94d839c416bf186ead9) C:\Windows\system32\Drivers\BTHport.sys
20:54:17.0298 4620 BTHPORT - ok
20:54:17.0354 4620 BTHUSB (c81e9413a25a439f436b1d4b6a0cf9e9) C:\Windows\system32\Drivers\BTHUSB.sys
20:54:17.0380 4620 BTHUSB - ok
20:54:17.0557 4620 btwaudio (f2f7342742180d5060285499dee50f99) C:\Windows\system32\drivers\btwaudio.sys
20:54:17.0598 4620 btwaudio - ok
20:54:17.0641 4620 btwavdt (32f59f26a30cfc508da11db3ea0f8b77) C:\Windows\system32\drivers\btwavdt.sys
20:54:17.0662 4620 btwavdt - ok
20:54:17.0733 4620 btwl2cap (ecb98391c756a7b9cfbae89d9d1235e1) C:\Windows\system32\DRIVERS\btwl2cap.sys
20:54:17.0769 4620 btwl2cap - ok
20:54:17.0827 4620 btwrchid (03658734ef7d0f3b3f4636d3e8a38964) C:\Windows\system32\DRIVERS\btwrchid.sys
20:54:17.0833 4620 btwrchid - ok
20:54:18.0012 4620 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
20:54:18.0044 4620 cdfs - ok
20:54:18.0121 4620 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\DRIVERS\cdrom.sys
20:54:18.0169 4620 cdrom - ok
20:54:18.0222 4620 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
20:54:18.0226 4620 circlass - ok
20:54:18.0299 4620 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
20:54:18.0305 4620 CLFS - ok
20:54:18.0513 4620 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
20:54:18.0556 4620 CmBatt - ok
20:54:18.0631 4620 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
20:54:18.0667 4620 cmdide - ok
20:54:18.0708 4620 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
20:54:18.0717 4620 CNG - ok
20:54:18.0768 4620 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
20:54:18.0802 4620 Compbatt - ok
20:54:18.0869 4620 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
20:54:18.0877 4620 CompositeBus - ok
20:54:19.0059 4620 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
20:54:19.0092 4620 crcdisk - ok
20:54:19.0212 4620 CSC (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\Windows\system32\drivers\csc.sys
20:54:19.0261 4620 CSC - ok
20:54:19.0381 4620 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
20:54:19.0414 4620 DfsC - ok
20:54:19.0561 4620 DgiVecp - ok
20:54:19.0655 4620 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
20:54:19.0697 4620 discache - ok
20:54:19.0797 4620 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
20:54:19.0823 4620 Disk - ok
20:54:19.0968 4620 DLABMFSM (475024f44e0b0ff2e89b0b7450c51e9a) C:\Windows\system32\DLA\DLABMFSM.SYS
20:54:19.0997 4620 DLABMFSM - ok
20:54:20.0135 4620 DLABOIOM (d418a2c037f0367af8ceb955f8162219) C:\Windows\system32\DLA\DLABOIOM.SYS
20:54:20.0184 4620 DLABOIOM - ok
20:54:20.0221 4620 DLACDBHM (5230cdb7e715f3a3b4a882e254cdd35d) C:\Windows\system32\Drivers\DLACDBHM.SYS
20:54:20.0237 4620 DLACDBHM - ok
20:54:20.0280 4620 DLADResM (c696b47b36c278a349b433b206e4b105) C:\Windows\system32\DLA\DLADResM.SYS
20:54:20.0295 4620 DLADResM - ok
20:54:20.0342 4620 DLAIFS_M (97e1cc730f1f931c5232013432584334) C:\Windows\system32\DLA\DLAIFS_M.SYS
20:54:20.0359 4620 DLAIFS_M - ok
20:54:20.0482 4620 DLAOPIOM (d98be003d85c0251a3db5851a29c6ba8) C:\Windows\system32\DLA\DLAOPIOM.SYS
20:54:20.0529 4620 DLAOPIOM - ok
20:54:20.0665 4620 DLAPoolM (3821ad5aa0ac0f05625923cfcc0c0fbb) C:\Windows\system32\DLA\DLAPoolM.SYS
20:54:20.0697 4620 DLAPoolM - ok
20:54:20.0742 4620 DLARTL_M (77fe51f0f8d86804cb81f6ef6bfb86dd) C:\Windows\system32\Drivers\DLARTL_M.SYS
20:54:20.0766 4620 DLARTL_M - ok
20:54:20.0803 4620 DLAUDFAM (0fdd55d09da1657fc28ebc015f5f45d6) C:\Windows\system32\DLA\DLAUDFAM.SYS
20:54:20.0819 4620 DLAUDFAM - ok
20:54:20.0944 4620 DLAUDF_M (147bc35eba264118988f5c5580860336) C:\Windows\system32\DLA\DLAUDF_M.SYS
20:54:20.0989 4620 DLAUDF_M - ok
20:54:21.0180 4620 dot4 (b5e479eb83707dd698f66953e922042c) C:\Windows\system32\DRIVERS\Dot4.sys
20:54:21.0216 4620 dot4 - ok
20:54:21.0277 4620 Dot4Print (caefd09b6a6249c53a67d55a9a9fcabf) C:\Windows\system32\drivers\Dot4Prt.sys
20:54:21.0293 4620 Dot4Print - ok
20:54:21.0377 4620 dot4usb (cf491ff38d62143203c065260567e2f7) C:\Windows\system32\DRIVERS\dot4usb.sys
20:54:21.0419 4620 dot4usb - ok
20:54:21.0502 4620 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
20:54:21.0527 4620 drmkaud - ok
20:54:21.0696 4620 DRVMCDB (83106585494d5eb96f59187200c144bd) C:\Windows\system32\Drivers\DRVMCDB.SYS
20:54:21.0738 4620 DRVMCDB - ok
20:54:21.0778 4620 DRVNDDM (ffc371525aa55d1bae18715ebcb8797c) C:\Windows\system32\Drivers\DRVNDDM.SYS
20:54:21.0804 4620 DRVNDDM - ok
20:54:21.0907 4620 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
20:54:22.0069 4620 DXGKrnl - ok
20:54:22.0260 4620 e1express (e4563be48ef4e8d8ad3edd92bb01ad9a) C:\Windows\system32\DRIVERS\e1e6032.sys
20:54:22.0280 4620 e1express - ok
20:54:22.0360 4620 eamon (af82dc664e3d8e2cba3b95e68f6448a7) C:\Windows\system32\DRIVERS\eamon.sys
20:54:22.0368 4620 eamon - ok
20:54:22.0633 4620 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
20:54:22.0761 4620 ebdrv - ok
20:54:22.0883 4620 ehdrv (686a799c1bf1b18941994daf9f45db06) C:\Windows\system32\DRIVERS\ehdrv.sys
20:54:22.0915 4620 ehdrv - ok
20:54:23.0117 4620 ElbyCDFL (ce37e3d51912e59c80c6d84337c0b4cd) C:\Windows\system32\Drivers\ElbyCDFL.sys
20:54:23.0156 4620 ElbyCDFL - ok
20:54:23.0200 4620 ElbyCDIO (aaa8999a169e39fb8b48ae49cd6ac30a) C:\Windows\system32\Drivers\ElbyCDIO.sys
20:54:23.0208 4620 ElbyCDIO - ok
20:54:23.0317 4620 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
20:54:23.0381 4620 elxstor - ok
20:54:23.0447 4620 epfw (39f48a0784be8465cd1ac80b36d61613) C:\Windows\system32\DRIVERS\epfw.sys
20:54:23.0457 4620 epfw - ok
20:54:23.0588 4620 Epfwndis (3b47010b2425b69826004767e59045ba) C:\Windows\system32\DRIVERS\Epfwndis.sys
20:54:23.0635 4620 Epfwndis - ok
20:54:23.0686 4620 epfwwfp (702a4695ca4ebdefa30235dda300c9d0) C:\Windows\system32\DRIVERS\epfwwfp.sys
20:54:23.0694 4620 epfwwfp - ok
20:54:23.0776 4620 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
20:54:23.0805 4620 ErrDev - ok
20:54:23.0917 4620 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
20:54:23.0956 4620 exfat - ok
20:54:24.0090 4620 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
20:54:24.0121 4620 fastfat - ok
20:54:24.0176 4620 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
20:54:24.0226 4620 fdc - ok
20:54:24.0275 4620 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
20:54:24.0293 4620 FileInfo - ok
20:54:24.0370 4620 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
20:54:24.0403 4620 Filetrace - ok
20:54:24.0445 4620 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
20:54:24.0476 4620 flpydisk - ok
20:54:24.0623 4620 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
20:54:24.0661 4620 FltMgr - ok
20:54:24.0722 4620 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
20:54:24.0752 4620 FsDepends - ok
20:54:24.0784 4620 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
20:54:24.0799 4620 Fs_Rec - ok
20:54:24.0894 4620 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
20:54:24.0899 4620 fvevol - ok
20:54:25.0095 4620 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
20:54:25.0128 4620 gagp30kx - ok
20:54:25.0210 4620 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
20:54:25.0220 4620 GEARAspiWDM - ok
20:54:25.0332 4620 hamachi (7929a161f9951d173ca9900fe7067391) C:\Windows\system32\DRIVERS\hamachi.sys
20:54:25.0338 4620 hamachi - ok
20:54:25.0377 4620 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
20:54:25.0400 4620 hcw85cir - ok
20:54:25.0564 4620 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
20:54:25.0569 4620 HDAudBus - ok
20:54:25.0658 4620 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
20:54:25.0697 4620 HidBatt - ok
20:54:25.0747 4620 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
20:54:25.0767 4620 HidBth - ok
20:54:25.0801 4620 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
20:54:25.0822 4620 HidIr - ok
20:54:25.0981 4620 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\DRIVERS\hidusb.sys
20:54:26.0027 4620 HidUsb - ok
20:54:26.0111 4620 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
20:54:26.0156 4620 HpSAMD - ok
20:54:26.0284 4620 HSF_DPV (cc267848cb3508e72762be65734e764d) C:\Windows\system32\DRIVERS\HSX_DPV.sys
20:54:26.0352 4620 HSF_DPV - ok
20:54:26.0497 4620 HSXHWAZL (a2882945cc4b6e3e4e9e825590438888) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
20:54:26.0507 4620 HSXHWAZL - ok
20:54:26.0626 4620 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
20:54:26.0681 4620 HTTP - ok
20:54:26.0768 4620 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
20:54:26.0785 4620 hwpolicy - ok
20:54:26.0985 4620 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
20:54:27.0011 4620 i8042prt - ok
20:54:27.0093 4620 iaNvStor (89a5bf70f2f23f502f4b87aa38b7eb74) C:\Windows\system32\DRIVERS\iaNvStor.sys
20:54:27.0097 4620 iaNvStor - ok
20:54:27.0189 4620 iaStor (01446278d4563b3013c92830ae6cbb26) C:\Windows\system32\DRIVERS\iaStor.sys
20:54:27.0193 4620 iaStor - ok
20:54:27.0340 4620 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
20:54:27.0361 4620 iaStorV - ok
20:54:27.0542 4620 IBMPMDRV (4dcfc1792be8fc092ab41eafa9d0fde5) C:\Windows\system32\DRIVERS\ibmpmdrv.sys
20:54:27.0584 4620 IBMPMDRV - ok
20:54:27.0811 4620 igfx (1f50623259df354776df04c56504a2d7) C:\Windows\system32\DRIVERS\igdkmd32.sys
20:54:27.0931 4620 igfx - ok
20:54:28.0030 4620 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
20:54:28.0070 4620 iirsp - ok
20:54:28.0240 4620 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
20:54:28.0278 4620 intelide - ok
20:54:28.0331 4620 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
20:54:28.0335 4620 intelppm - ok
20:54:28.0395 4620 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:54:28.0420 4620 IpFilterDriver - ok
20:54:28.0493 4620 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
20:54:28.0524 4620 IPMIDRV - ok
20:54:28.0699 4620 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
20:54:28.0767 4620 IPNAT - ok
20:54:28.0828 4620 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
20:54:28.0858 4620 IRENUM - ok
20:54:28.0951 4620 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
20:54:28.0986 4620 isapnp - ok
20:54:29.0170 4620 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
20:54:29.0208 4620 iScsiPrt - ok
20:54:29.0323 4620 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\drivers\kbdclass.sys
20:54:29.0354 4620 kbdclass - ok
20:54:29.0434 4620 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\drivers\kbdhid.sys
20:54:29.0462 4620 kbdhid - ok
20:54:29.0631 4620 KSecDD (412cea1aa78cc02a447f5c9e62b32ff1) C:\Windows\system32\Drivers\ksecdd.sys
20:54:29.0635 4620 KSecDD - ok
20:54:29.0721 4620 KSecPkg (26c046977e85b95036453d7b88ba1820) C:\Windows\system32\Drivers\ksecpkg.sys
20:54:29.0739 4620 KSecPkg - ok
20:54:29.0835 4620 lenovo.smi (3c3f7f424e324c6971632c5de5ff458f) C:\Windows\system32\DRIVERS\smiif32.sys
20:54:29.0850 4620 lenovo.smi - ok
20:54:29.0954 4620 LenovoRd (007c3a7e6a864ab2b8c52df717a7254c) C:\Windows\system32\Drivers\LenovoRd.sys
20:54:30.0013 4620 LenovoRd - ok
20:54:30.0204 4620 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
20:54:30.0221 4620 lltdio - ok
20:54:30.0271 4620 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
20:54:30.0288 4620 LSI_FC - ok
20:54:30.0332 4620 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
20:54:30.0349 4620 LSI_SAS - ok
20:54:30.0394 4620 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
20:54:30.0423 4620 LSI_SAS2 - ok
20:54:30.0465 4620 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
20:54:30.0516 4620 LSI_SCSI - ok
20:54:30.0698 4620 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
20:54:30.0739 4620 luafv - ok
20:54:30.0813 4620 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
20:54:30.0816 4620 mdmxsdk - ok
20:54:30.0854 4620 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
20:54:30.0883 4620 megasas - ok
20:54:30.0941 4620 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
20:54:30.0984 4620 MegaSR - ok
20:54:31.0166 4620 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
20:54:31.0213 4620 Modem - ok
20:54:31.0317 4620 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
20:54:31.0318 4620 monitor - ok
20:54:31.0422 4620 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
20:54:31.0439 4620 mouclass - ok
20:54:31.0588 4620 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
20:54:31.0634 4620 mouhid - ok
20:54:31.0711 4620 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
20:54:31.0715 4620 mountmgr - ok
20:54:31.0769 4620 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
20:54:31.0818 4620 mpio - ok
20:54:31.0907 4620 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
20:54:31.0937 4620 mpsdrv - ok
20:54:32.0024 4620 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
20:54:32.0042 4620 MRxDAV - ok
20:54:32.0193 4620 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
20:54:32.0238 4620 mrxsmb - ok
20:54:32.0299 4620 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:54:32.0327 4620 mrxsmb10 - ok
20:54:32.0377 4620 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:54:32.0395 4620 mrxsmb20 - ok
20:54:32.0539 4620 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
20:54:32.0576 4620 msahci - ok
20:54:32.0717 4620 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
20:54:32.0753 4620 msdsm - ok
20:54:32.0854 4620 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
20:54:32.0886 4620 Msfs - ok
20:54:32.0928 4620 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
20:54:32.0961 4620 mshidkmdf - ok
20:54:33.0035 4620 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
20:54:33.0063 4620 msisadrv - ok
20:54:33.0213 4620 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
20:54:33.0216 4620 MSKSSRV - ok
20:54:33.0292 4620 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
20:54:33.0320 4620 MSPCLOCK - ok
20:54:33.0377 4620 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
20:54:33.0380 4620 MSPQM - ok
20:54:33.0422 4620 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
20:54:33.0428 4620 MsRPC - ok
20:54:33.0503 4620 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
20:54:33.0535 4620 mssmbios - ok
20:54:33.0770 4620 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
20:54:33.0801 4620 MSTEE - ok
20:54:33.0836 4620 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
20:54:33.0860 4620 MTConfig - ok
20:54:33.0897 4620 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
20:54:33.0902 4620 Mup - ok
20:54:33.0976 4620 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
20:54:34.0009 4620 NativeWifiP - ok
20:54:34.0117 4620 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
20:54:34.0198 4620 NDIS - ok
20:54:34.0373 4620 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
20:54:34.0390 4620 NdisCap - ok
20:54:34.0440 4620 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
20:54:34.0443 4620 NdisTapi - ok
20:54:34.0539 4620 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
20:54:34.0579 4620 Ndisuio - ok
20:54:34.0662 4620 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
20:54:34.0701 4620 NdisWan - ok
20:54:34.0884 4620 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
20:54:34.0953 4620 NDProxy - ok
20:54:35.0053 4620 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
20:54:35.0104 4620 NetBIOS - ok
20:54:35.0185 4620 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
20:54:35.0188 4620 NetBT - ok
20:54:35.0526 4620 netw5v32 (58218ec6b61b1169cf54aab0d00f5fe2) C:\Windows\system32\DRIVERS\netw5v32.sys
20:54:35.0684 4620 netw5v32 - ok
20:54:35.0784 4620 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
20:54:35.0823 4620 nfrd960 - ok
20:54:35.0902 4620 nmwcd (cfe3462a9e94a57dcd9676f6b7fe7f67) C:\Windows\system32\drivers\ccdcmb.sys
20:54:35.0918 4620 nmwcd - ok
20:54:36.0069 4620 nmwcdc (8f2a94f991f8c73cec26b4b5620d1edc) C:\Windows\system32\drivers\ccdcmbo.sys
20:54:36.0077 4620 nmwcdc - ok
20:54:36.0180 4620 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
20:54:36.0207 4620 Npfs - ok
20:54:36.0248 4620 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
20:54:36.0249 4620 nsiproxy - ok
20:54:36.0357 4620 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
20:54:36.0407 4620 Ntfs - ok
20:54:36.0533 4620 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
20:54:36.0565 4620 Null - ok
20:54:36.0678 4620 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
20:54:36.0710 4620 nvraid - ok
20:54:36.0821 4620 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
20:54:36.0865 4620 nvstor - ok
20:54:36.0987 4620 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
20:54:37.0022 4620 nv_agp - ok
20:54:37.0131 4620 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
20:54:37.0138 4620 ohci1394 - ok
20:54:37.0321 4620 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
20:54:37.0366 4620 Parport - ok
20:54:37.0493 4620 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys
20:54:37.0543 4620 partmgr - ok
20:54:37.0637 4620 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
20:54:37.0666 4620 Parvdm - ok
20:54:37.0762 4620 pccsmcfd (fd2041e9ba03db7764b2248f02475079) C:\Windows\system32\DRIVERS\pccsmcfd.sys
20:54:37.0770 4620 pccsmcfd - ok
20:54:37.0910 4620 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
20:54:37.0940 4620 pci - ok
20:54:38.0028 4620 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
20:54:38.0053 4620 pciide - ok
20:54:38.0183 4620 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
20:54:38.0212 4620 pcmcia - ok
20:54:38.0301 4620 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
20:54:38.0317 4620 pcw - ok
20:54:38.0435 4620 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
20:54:38.0469 4620 PEAUTH - ok
20:54:38.0665 4620 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
20:54:38.0699 4620 PptpMiniport - ok
20:54:38.0778 4620 PROCDD (1d80309fed4babf8ea9e7b84a394348b) C:\Windows\system32\DRIVERS\PROCDD.SYS
20:54:38.0806 4620 PROCDD - ok
20:54:38.0864 4620 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
20:54:38.0885 4620 Processor - ok
20:54:38.0937 4620 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
20:54:38.0953 4620 Psched - ok
20:54:39.0087 4620 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\Windows\system32\Drivers\PxHelp20.sys
20:54:39.0135 4620 PxHelp20 - ok
20:54:39.0305 4620 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
20:54:39.0385 4620 ql2300 - ok
20:54:39.0486 4620 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
20:54:39.0504 4620 ql40xx - ok
20:54:39.0595 4620 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
20:54:39.0620 4620 QWAVEdrv - ok
20:54:39.0732 4620 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
20:54:39.0771 4620 RasAcd - ok
20:54:39.0905 4620 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
20:54:39.0938 4620 RasAgileVpn - ok
20:54:40.0079 4620 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
20:54:40.0127 4620 Rasl2tp - ok
20:54:40.0262 4620 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
20:54:40.0312 4620 RasPppoe - ok
20:54:40.0411 4620 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
20:54:40.0458 4620 RasSstp - ok
20:54:40.0584 4620 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
20:54:40.0657 4620 rdbss - ok
20:54:40.0807 4620 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
20:54:40.0848 4620 rdpbus - ok
20:54:40.0983 4620 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
20:54:40.0986 4620 RDPCDD - ok
20:54:41.0069 4620 RDPDR (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys
20:54:41.0080 4620 RDPDR - ok
20:54:41.0145 4620 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
20:54:41.0182 4620 RDPENCDD - ok
20:54:41.0278 4620 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
20:54:41.0314 4620 RDPREFMP - ok
20:54:41.0473 4620 RdpVideoMiniport (68a0387f58e226deee23d9715955572a) C:\Windows\system32\drivers\rdpvideominiport.sys
20:54:41.0503 4620 RdpVideoMiniport - ok
20:54:41.0590 4620 RDPWD (288b06960d78428ff89e811632684e20) C:\Windows\system32\drivers\RDPWD.sys
20:54:41.0631 4620 RDPWD - ok
20:54:41.0776 4620 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
20:54:41.0816 4620 rdyboost - ok
20:54:41.0984 4620 RFCOMM (cb928d9e6daf51879dd6ba8d02f01321) C:\Windows\system32\DRIVERS\rfcomm.sys
20:54:42.0036 4620 RFCOMM - ok
20:54:42.0161 4620 RsFx0150 (a95840a95a9ff74b0009e5d848cddb39) C:\Windows\system32\DRIVERS\RsFx0150.sys
20:54:42.0176 4620 RsFx0150 - ok
20:54:42.0289 4620 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
20:54:42.0344 4620 rspndr - ok
20:54:42.0439 4620 s3cap (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows\system32\drivers\vms3cap.sys
20:54:42.0454 4620 s3cap - ok
20:54:42.0579 4620 SASDIFSV (c5d996556c9df4716a09e7f8c3ddd2cf) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
20:54:42.0611 4620 SASDIFSV - ok
20:54:42.0630 4620 SASENUM (7f1085895e499907f68df7731924122b) C:\Program Files\SUPERAntiSpyware\SASENUM.SYS
20:54:42.0645 4620 SASENUM - ok
20:54:42.0660 4620 SASKUTIL (1380ab4ac393b5d3e21521fced3cd834) C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
20:54:42.0676 4620 SASKUTIL - ok
20:54:42.0791 4620 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
20:54:42.0824 4620 sbp2port - ok
20:54:42.0970 4620 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
20:54:42.0977 4620 scfilter - ok
20:54:43.0078 4620 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
20:54:43.0111 4620 secdrv - ok
20:54:43.0148 4620 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
20:54:43.0164 4620 Serenum - ok
20:54:43.0229 4620 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
20:54:43.0262 4620 Serial - ok
20:54:43.0397 4620 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
20:54:43.0434 4620 sermouse - ok
20:54:43.0513 4620 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
20:54:43.0554 4620 sffdisk - ok
20:54:43.0603 4620 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
20:54:43.0639 4620 sffp_mmc - ok
20:54:43.0756 4620 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
20:54:43.0791 4620 sffp_sd - ok
20:54:43.0915 4620 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
20:54:43.0963 4620 sfloppy - ok
20:54:44.0045 4620 Shockprf (fc0127343bd1ce1986ba12f8937f1057) C:\Windows\system32\DRIVERS\Apsx86.sys
20:54:44.0082 4620 Shockprf - ok
20:54:44.0160 4620 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
20:54:44.0194 4620 sisagp - ok
20:54:44.0293 4620 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
20:54:44.0352 4620 SiSRaid2 - ok
20:54:44.0480 4620 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
20:54:44.0536 4620 SiSRaid4 - ok
20:54:44.0577 4620 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
20:54:44.0594 4620 Smb - ok
20:54:44.0702 4620 smihlp2 (2a348e2292eb57775787ec4be7622715) C:\Program Files\Common Files\ThinkVantage Fingerprint Software\Drivers\smihlp.sys
20:54:44.0706 4620 smihlp2 - ok
20:54:44.0932 4620 SNP2UVC (1ef34706531b188d1ce12127d8233e87) C:\Windows\system32\DRIVERS\snp2uvc.sys
20:54:45.0007 4620 SNP2UVC - ok
20:54:45.0137 4620 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
20:54:45.0145 4620 spldr - ok
20:54:45.0270 4620 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
20:54:45.0310 4620 srv - ok
20:54:45.0367 4620 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
20:54:45.0404 4620 srv2 - ok
20:54:45.0445 4620 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
20:54:45.0475 4620 srvnet - ok
20:54:45.0593 4620 SSPORT (5f77725ec309de1242d8efc8e9259a9f) C:\Windows\system32\Drivers\SSPORT.sys
20:54:45.0623 4620 SSPORT - ok
20:54:45.0712 4620 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
20:54:45.0755 4620 stexstor - ok
20:54:45.0833 4620 storflt (472af0311073dceceaa8fa18ba2bdf89) C:\Windows\system32\drivers\vmstorfl.sys
20:54:45.0867 4620 storflt - ok
20:54:45.0941 4620 storvsc (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows\system32\drivers\storvsc.sys
20:54:45.0973 4620 storvsc - ok
20:54:46.0102 4620 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
20:54:46.0109 4620 swenum - ok
20:54:46.0155 4620 Synth3dVsc - ok
20:54:46.0266 4620 SynTP (130332e29759fd0eeffbb143edf4e8d3) C:\Windows\system32\DRIVERS\SynTP.sys
20:54:46.0302 4620 SynTP - ok
20:54:46.0411 4620 Tcpip (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\drivers\tcpip.sys
20:54:46.0479 4620 Tcpip - ok
20:54:46.0670 4620 TCPIP6 (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\DRIVERS\tcpip.sys
20:54:46.0689 4620 TCPIP6 - ok
20:54:46.0779 4620 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
20:54:46.0820 4620 tcpipreg - ok
20:54:46.0918 4620 TcUsb (a54b8fc62db00c018eafafb47d00511e) C:\Windows\system32\Drivers\tcusb.sys
20:54:46.0924 4620 TcUsb - ok
20:54:47.0100 4620 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
20:54:47.0132 4620 TDPIPE - ok
20:54:47.0179 4620 TDTCP (2c10395baa4847f83042813c515cc289) C:\Windows\system32\drivers\tdtcp.sys
20:54:47.0196 4620 TDTCP - ok
20:54:47.0277 4620 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
20:54:47.0330 4620 tdx - ok
20:54:47.0418 4620 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
20:54:47.0443 4620 TermDD - ok
20:54:47.0621 4620 TPDIGIMN (521866a3ce5a1a69b4b4a87bdb52be26) C:\Windows\system32\DRIVERS\ApsHM86.sys
20:54:47.0649 4620 TPDIGIMN - ok
20:54:47.0758 4620 TPM (5ad05191dc8b444a7ba4d79b76c42a30) C:\Windows\system32\drivers\tpm.sys
20:54:47.0810 4620 TPM - ok
20:54:47.0891 4620 TPPWRIF (6412da2b8d079d821b99b3a99943284e) C:\Windows\system32\drivers\Tppwr32v.sys
20:54:47.0923 4620 TPPWRIF - ok
20:54:48.0026 4620 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
20:54:48.0092 4620 tssecsrv - ok
20:54:48.0272 4620 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
20:54:48.0316 4620 TsUsbFlt - ok
20:54:48.0354 4620 tsusbhub - ok
20:54:48.0446 4620 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
20:54:48.0481 4620 tunnel - ok
20:54:48.0570 4620 tvtfilter (79e8d72b321d6e0ebc83b31d9cccd19c) C:\Windows\system32\DRIVERS\tvtfilter.sys
20:54:48.0598 4620 tvtfilter - ok
20:54:48.0685 4620 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
20:54:48.0712 4620 uagp35 - ok
20:54:48.0890 4620 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
20:54:48.0960 4620 udfs - ok
20:54:49.0072 4620 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
20:54:49.0100 4620 uliagpkx - ok
20:54:49.0169 4620 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\DRIVERS\umbus.sys
20:54:49.0200 4620 umbus - ok
20:54:49.0392 4620 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
20:54:49.0417 4620 UmPass - ok
20:54:49.0486 4620 upperdev (ec01da44b090d2651fc032c8b9257232) C:\Windows\system32\DRIVERS\usbser_lowerflt.sys
20:54:49.0489 4620 upperdev - ok
20:54:49.0581 4620 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
20:54:49.0614 4620 USBAAPL - ok
20:54:49.0675 4620 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys
20:54:49.0729 4620 usbccgp - ok
20:54:49.0821 4620 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
20:54:49.0861 4620 usbcir - ok
20:54:50.0040 4620 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\drivers\usbehci.sys
20:54:50.0086 4620 usbehci - ok
20:54:50.0185 4620 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
20:54:50.0223 4620 usbhub - ok
20:54:50.0279 4620 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\drivers\usbohci.sys
20:54:50.0311 4620 usbohci - ok
20:54:50.0407 4620 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
20:54:50.0440 4620 usbprint - ok
20:54:50.0606 4620 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
20:54:50.0654 4620 usbscan - ok
20:54:50.0760 4620 usbser (31181de6190b39fc8007dffd1a48ffd6) C:\Windows\system32\drivers\usbser.sys
20:54:50.0793 4620 usbser - ok
20:54:50.0866 4620 UsbserFilt (4abd37cfbd710e64f01f9da8710c73f7) C:\Windows\system32\DRIVERS\usbser_lowerfltj.sys
20:54:50.0872 4620 UsbserFilt - ok
20:54:51.0032 4620 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:54:51.0079 4620 USBSTOR - ok
20:54:51.0149 4620 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\drivers\usbuhci.sys
20:54:51.0174 4620 usbuhci - ok
20:54:51.0262 4620 usb_rndisx (d82f43d15fdaa666856c0190cb73e7c9) C:\Windows\system32\DRIVERS\usb8023x.sys
20:54:51.0286 4620 usb_rndisx - ok
20:54:51.0402 4620 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
20:54:51.0418 4620 vdrvroot - ok
20:54:51.0590 4620 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
20:54:51.0614 4620 vga - ok
20:54:51.0647 4620 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
20:54:51.0675 4620 VgaSave - ok
20:54:51.0742 4620 VGPU - ok
20:54:51.0799 4620 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
20:54:51.0835 4620 vhdmp - ok
20:54:52.0017 4620 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
20:54:52.0065 4620 viaagp - ok
20:54:52.0157 4620 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
20:54:52.0187 4620 ViaC7 - ok
20:54:52.0275 4620 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
20:54:52.0306 4620 viaide - ok
20:54:52.0356 4620 vmbus (c2f2911156fdc7817c52829c86da494e) C:\Windows\system32\drivers\vmbus.sys
20:54:52.0361 4620 vmbus - ok
20:54:52.0537 4620 VMBusHID (d4d77455211e204f370d08f4963063ce) C:\Windows\system32\drivers\VMBusHID.sys
20:54:52.0541 4620 VMBusHID - ok
20:54:52.0644 4620 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
20:54:52.0697 4620 volmgr - ok
20:54:52.0798 4620 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
20:54:52.0803 4620 volmgrx - ok
20:54:52.0851 4620 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
20:54:52.0894 4620 volsnap - ok
20:54:53.0046 4620 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
20:54:53.0091 4620 vsmraid - ok
20:54:53.0135 4620 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
20:54:53.0160 4620 vwifibus - ok
20:54:53.0263 4620 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
20:54:53.0294 4620 WacomPen - ok
20:54:53.0392 4620 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
20:54:53.0421 4620 WANARP - ok
20:54:53.0425 4620 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
20:54:53.0426 4620 Wanarpv6 - ok
20:54:53.0704 4620 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
20:54:53.0747 4620 Wd - ok
20:54:53.0792 4620 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
20:54:53.0836 4620 Wdf01000 - ok
20:54:53.0904 4620 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
20:54:53.0937 4620 WfpLwf - ok
20:54:54.0071 4620 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
20:54:54.0104 4620 WIMMount - ok
20:54:54.0202 4620 winachsf (0acd399f5db3df1b58903cf4949ab5a8) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
20:54:54.0265 4620 winachsf - ok
20:54:54.0489 4620 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUsb.sys
20:54:54.0498 4620 WinUsb - ok
20:54:54.0595 4620 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
20:54:54.0627 4620 WmiAcpi - ok
20:54:54.0731 4620 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
20:54:54.0763 4620 ws2ifsl - ok
20:54:54.0929 4620 WSDPrintDevice (553f6ccd7c58eb98d4a8fbdaf283d7a9) C:\Windows\system32\DRIVERS\WSDPrint.sys
20:54:54.0975 4620 WSDPrintDevice - ok
20:54:55.0070 4620 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
20:54:55.0097 4620 WudfPf - ok
20:54:55.0164 4620 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
20:54:55.0175 4620 WUDFRd - ok
20:54:55.0374 4620 XAudio (dab33cfa9dd24251aaa389ff36b64d4b) C:\Windows\system32\DRIVERS\xaudio.sys
20:54:55.0407 4620 XAudio - ok
20:54:55.0446 4620 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
20:54:55.0471 4620 \Device\Harddisk0\DR0 - ok
20:54:55.0500 4620 Boot (0x1200) (1972614f54c9eea5ad06a1ddef86c456) \Device\Harddisk0\DR0\Partition0
20:54:55.0501 4620 \Device\Harddisk0\DR0\Partition0 - ok
20:54:55.0504 4620 Boot (0x1200) (12f2d3c39c66888468cdb1a5e383bc84) \Device\Harddisk0\DR0\Partition1
20:54:55.0505 4620 \Device\Harddisk0\DR0\Partition1 - ok
20:54:55.0505 4620 ============================================================
20:54:55.0505 4620 Scan finished
20:54:55.0506 4620 ============================================================
20:54:55.0514 4168 Detected object count: 0
20:54:55.0514 4168 Actual detected object count: 0
20:56:50.0525 2388 Deinitialize success

krombi · #4 Příspěvek od **krombi** » 13 pro 2011 14:55

Druhý:

21:03:47.0973 2880 TDSS rootkit removing tool 2.6.22.0 Dec 7 2011 13:21:06
21:03:48.0976 2880 ============================================================
21:03:48.0976 2880 Current date / time: 2011/12/12 21:03:48.0976
21:03:48.0976 2880 SystemInfo:
21:03:48.0976 2880
21:03:48.0976 2880 OS Version: 6.1.7601 ServicePack: 1.0
21:03:48.0976 2880 Product type: Workstation
21:03:48.0977 2880 ComputerName: JOHNY
21:03:48.0977 2880 UserName: Krombi
21:03:48.0977 2880 Windows directory: C:\Windows
21:03:48.0977 2880 System windows directory: C:\Windows
21:03:48.0977 2880 Processor architecture: Intel x86
21:03:48.0977 2880 Number of processors: 2
21:03:48.0977 2880 Page size: 0x1000
21:03:48.0978 2880 Boot type: Normal boot
21:03:48.0978 2880 ============================================================
21:03:49.0580 2880 Initialize success
21:03:51.0220 4444 ============================================================
21:03:51.0220 4444 Scan started
21:03:51.0220 4444 Mode: Manual;
21:03:51.0220 4444 ============================================================
21:03:51.0931 4444 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
21:03:51.0961 4444 1394ohci - ok
21:03:52.0068 4444 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
21:03:52.0074 4444 ACPI - ok
21:03:52.0123 4444 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
21:03:52.0153 4444 AcpiPmi - ok
21:03:52.0385 4444 ADIHdAudAddService (a51ea92451897824c5c7474a160af773) C:\Windows\system32\drivers\ADIHdAud.sys
21:03:52.0432 4444 ADIHdAudAddService - ok
21:03:52.0499 4444 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
21:03:52.0547 4444 adp94xx - ok
21:03:52.0588 4444 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
21:03:52.0603 4444 adpahci - ok
21:03:52.0644 4444 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
21:03:52.0660 4444 adpu320 - ok
21:03:52.0825 4444 adusbser (d9fde4ee2b1b115a78014921b84da635) C:\Windows\system32\DRIVERS\adusbser.sys
21:03:52.0830 4444 adusbser - ok
21:03:52.0913 4444 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
21:03:52.0917 4444 AFD - ok
21:03:53.0052 4444 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
21:03:53.0089 4444 agp440 - ok
21:03:53.0280 4444 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
21:03:53.0311 4444 aic78xx - ok
21:03:53.0421 4444 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
21:03:53.0455 4444 aliide - ok
21:03:53.0492 4444 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
21:03:53.0516 4444 amdagp - ok
21:03:53.0596 4444 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
21:03:53.0619 4444 amdide - ok
21:03:53.0699 4444 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
21:03:53.0730 4444 AmdK8 - ok
21:03:53.0887 4444 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
21:03:53.0944 4444 AmdPPM - ok
21:03:54.0008 4444 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
21:03:54.0034 4444 amdsata - ok
21:03:54.0096 4444 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
21:03:54.0111 4444 amdsbs - ok
21:03:54.0149 4444 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
21:03:54.0164 4444 amdxata - ok
21:03:54.0358 4444 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
21:03:54.0421 4444 AppID - ok
21:03:54.0576 4444 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
21:03:54.0613 4444 arc - ok
21:03:54.0751 4444 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
21:03:54.0786 4444 arcsas - ok
21:03:54.0874 4444 ASPI (e54e27976e2c5a6465d44c10b1d87ac0) C:\Windows\System32\DRIVERS\ASPI32.sys
21:03:54.0932 4444 ASPI - ok
21:03:55.0025 4444 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
21:03:55.0048 4444 AsyncMac - ok
21:03:55.0235 4444 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
21:03:55.0262 4444 atapi - ok
21:03:55.0390 4444 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
21:03:55.0397 4444 b06bdrv - ok
21:03:55.0438 4444 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
21:03:55.0480 4444 b57nd60x - ok
21:03:55.0676 4444 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
21:03:55.0721 4444 Beep - ok
21:03:55.0790 4444 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
21:03:55.0823 4444 blbdrive - ok
21:03:55.0897 4444 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
21:03:55.0923 4444 bowser - ok
21:03:56.0098 4444 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
21:03:56.0103 4444 BrFiltLo - ok
21:03:56.0147 4444 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
21:03:56.0152 4444 BrFiltUp - ok
21:03:56.0218 4444 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
21:03:56.0228 4444 Brserid - ok
21:03:56.0270 4444 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
21:03:56.0274 4444 BrSerWdm - ok
21:03:56.0463 4444 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
21:03:56.0469 4444 BrUsbMdm - ok
21:03:56.0525 4444 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
21:03:56.0530 4444 BrUsbSer - ok
21:03:56.0603 4444 BthEnum (2865a5c8e98c70c605f417908cebb3a4) C:\Windows\system32\drivers\BthEnum.sys
21:03:56.0636 4444 BthEnum - ok
21:03:56.0677 4444 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
21:03:56.0701 4444 BTHMODEM - ok
21:03:56.0881 4444 BthPan (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\Windows\system32\DRIVERS\bthpan.sys
21:03:56.0925 4444 BthPan - ok
21:03:56.0983 4444 BTHPORT (c2fbf6d271d9a94d839c416bf186ead9) C:\Windows\system32\Drivers\BTHport.sys
21:03:56.0991 4444 BTHPORT - ok
21:03:57.0059 4444 BTHUSB (c81e9413a25a439f436b1d4b6a0cf9e9) C:\Windows\system32\Drivers\BTHUSB.sys
21:03:57.0097 4444 BTHUSB - ok
21:03:57.0278 4444 btwaudio (f2f7342742180d5060285499dee50f99) C:\Windows\system32\drivers\btwaudio.sys
21:03:57.0319 4444 btwaudio - ok
21:03:57.0362 4444 btwavdt (32f59f26a30cfc508da11db3ea0f8b77) C:\Windows\system32\drivers\btwavdt.sys
21:03:57.0387 4444 btwavdt - ok
21:03:57.0454 4444 btwl2cap (ecb98391c756a7b9cfbae89d9d1235e1) C:\Windows\system32\DRIVERS\btwl2cap.sys
21:03:57.0482 4444 btwl2cap - ok
21:03:57.0531 4444 btwrchid (03658734ef7d0f3b3f4636d3e8a38964) C:\Windows\system32\DRIVERS\btwrchid.sys
21:03:57.0536 4444 btwrchid - ok
21:03:57.0725 4444 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
21:03:57.0766 4444 cdfs - ok
21:03:57.0842 4444 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\DRIVERS\cdrom.sys
21:03:57.0888 4444 cdrom - ok
21:03:57.0943 4444 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
21:03:57.0950 4444 circlass - ok
21:03:58.0037 4444 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
21:03:58.0040 4444 CLFS - ok
21:03:58.0251 4444 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
21:03:58.0285 4444 CmBatt - ok
21:03:58.0360 4444 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
21:03:58.0392 4444 cmdide - ok
21:03:58.0438 4444 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
21:03:58.0442 4444 CNG - ok
21:03:58.0497 4444 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
21:03:58.0529 4444 Compbatt - ok
21:03:58.0686 4444 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
21:03:58.0693 4444 CompositeBus - ok
21:03:58.0789 4444 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
21:03:58.0823 4444 crcdisk - ok
21:03:58.0958 4444 CSC (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\Windows\system32\drivers\csc.sys
21:03:58.0998 4444 CSC - ok
21:03:59.0194 4444 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
21:03:59.0236 4444 DfsC - ok
21:03:59.0290 4444 DgiVecp - ok
21:03:59.0368 4444 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
21:03:59.0370 4444 discache - ok
21:03:59.0469 4444 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
21:03:59.0501 4444 Disk - ok
21:03:59.0731 4444 DLABMFSM (475024f44e0b0ff2e89b0b7450c51e9a) C:\Windows\system32\DLA\DLABMFSM.SYS
21:03:59.0774 4444 DLABMFSM - ok
21:03:59.0806 4444 DLABOIOM (d418a2c037f0367af8ceb955f8162219) C:\Windows\system32\DLA\DLABOIOM.SYS
21:03:59.0841 4444 DLABOIOM - ok
21:03:59.0884 4444 DLACDBHM (5230cdb7e715f3a3b4a882e254cdd35d) C:\Windows\system32\Drivers\DLACDBHM.SYS
21:03:59.0903 4444 DLACDBHM - ok
21:03:59.0943 4444 DLADResM (c696b47b36c278a349b433b206e4b105) C:\Windows\system32\DLA\DLADResM.SYS
21:03:59.0961 4444 DLADResM - ok
21:04:00.0105 4444 DLAIFS_M (97e1cc730f1f931c5232013432584334) C:\Windows\system32\DLA\DLAIFS_M.SYS
21:04:00.0144 4444 DLAIFS_M - ok
21:04:00.0269 4444 DLAOPIOM (d98be003d85c0251a3db5851a29c6ba8) C:\Windows\system32\DLA\DLAOPIOM.SYS
21:04:00.0300 4444 DLAOPIOM - ok
21:04:00.0344 4444 DLAPoolM (3821ad5aa0ac0f05625923cfcc0c0fbb) C:\Windows\system32\DLA\DLAPoolM.SYS
21:04:00.0373 4444 DLAPoolM - ok
21:04:00.0413 4444 DLARTL_M (77fe51f0f8d86804cb81f6ef6bfb86dd) C:\Windows\system32\Drivers\DLARTL_M.SYS
21:04:00.0446 4444 DLARTL_M - ok
21:04:00.0574 4444 DLAUDFAM (0fdd55d09da1657fc28ebc015f5f45d6) C:\Windows\system32\DLA\DLAUDFAM.SYS
21:04:00.0610 4444 DLAUDFAM - ok
21:04:00.0740 4444 DLAUDF_M (147bc35eba264118988f5c5580860336) C:\Windows\system32\DLA\DLAUDF_M.SYS
21:04:00.0781 4444 DLAUDF_M - ok
21:04:00.0885 4444 dot4 (b5e479eb83707dd698f66953e922042c) C:\Windows\system32\DRIVERS\Dot4.sys
21:04:00.0923 4444 dot4 - ok
21:04:00.0982 4444 Dot4Print (caefd09b6a6249c53a67d55a9a9fcabf) C:\Windows\system32\drivers\Dot4Prt.sys
21:04:01.0015 4444 Dot4Print - ok
21:04:01.0181 4444 dot4usb (cf491ff38d62143203c065260567e2f7) C:\Windows\system32\DRIVERS\dot4usb.sys
21:04:01.0239 4444 dot4usb - ok
21:04:01.0323 4444 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
21:04:01.0354 4444 drmkaud - ok
21:04:01.0433 4444 DRVMCDB (83106585494d5eb96f59187200c144bd) C:\Windows\system32\Drivers\DRVMCDB.SYS
21:04:01.0460 4444 DRVMCDB - ok
21:04:01.0492 4444 DRVNDDM (ffc371525aa55d1bae18715ebcb8797c) C:\Windows\system32\Drivers\DRVNDDM.SYS
21:04:01.0517 4444 DRVNDDM - ok
21:04:01.0749 4444 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
21:04:01.0880 4444 DXGKrnl - ok
21:04:01.0973 4444 e1express (e4563be48ef4e8d8ad3edd92bb01ad9a) C:\Windows\system32\DRIVERS\e1e6032.sys
21:04:02.0001 4444 e1express - ok
21:04:02.0081 4444 eamon (af82dc664e3d8e2cba3b95e68f6448a7) C:\Windows\system32\DRIVERS\eamon.sys
21:04:02.0087 4444 eamon - ok
21:04:02.0372 4444 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
21:04:02.0406 4444 ebdrv - ok
21:04:02.0454 4444 ehdrv (686a799c1bf1b18941994daf9f45db06) C:\Windows\system32\DRIVERS\ehdrv.sys
21:04:02.0488 4444 ehdrv - ok
21:04:02.0613 4444 ElbyCDFL (ce37e3d51912e59c80c6d84337c0b4cd) C:\Windows\system32\Drivers\ElbyCDFL.sys
21:04:02.0650 4444 ElbyCDFL - ok
21:04:02.0796 4444 ElbyCDIO (aaa8999a169e39fb8b48ae49cd6ac30a) C:\Windows\system32\Drivers\ElbyCDIO.sys
21:04:02.0803 4444 ElbyCDIO - ok
21:04:02.0980 4444 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
21:04:03.0024 4444 elxstor - ok
21:04:03.0243 4444 epfw (39f48a0784be8465cd1ac80b36d61613) C:\Windows\system32\DRIVERS\epfw.sys
21:04:03.0251 4444 epfw - ok
21:04:03.0427 4444 Epfwndis (3b47010b2425b69826004767e59045ba) C:\Windows\system32\DRIVERS\Epfwndis.sys
21:04:03.0466 4444 Epfwndis - ok
21:04:03.0565 4444 epfwwfp (702a4695ca4ebdefa30235dda300c9d0) C:\Windows\system32\DRIVERS\epfwwfp.sys
21:04:03.0567 4444 epfwwfp - ok
21:04:03.0747 4444 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
21:04:03.0783 4444 ErrDev - ok
21:04:03.0897 4444 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
21:04:03.0928 4444 exfat - ok
21:04:03.0968 4444 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
21:04:03.0983 4444 fastfat - ok
21:04:04.0039 4444 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
21:04:04.0066 4444 fdc - ok
21:04:04.0205 4444 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
21:04:04.0230 4444 FileInfo - ok
21:04:04.0341 4444 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
21:04:04.0372 4444 Filetrace - ok
21:04:04.0474 4444 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
21:04:04.0489 4444 flpydisk - ok
21:04:04.0718 4444 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
21:04:04.0735 4444 FltMgr - ok
21:04:04.0792 4444 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
21:04:04.0808 4444 FsDepends - ok
21:04:04.0847 4444 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
21:04:04.0882 4444 Fs_Rec - ok
21:04:05.0139 4444 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
21:04:05.0196 4444 fvevol - ok
21:04:05.0291 4444 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
21:04:05.0323 4444 gagp30kx - ok
21:04:05.0539 4444 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
21:04:05.0543 4444 GEARAspiWDM - ok
21:04:05.0662 4444 hamachi (7929a161f9951d173ca9900fe7067391) C:\Windows\system32\DRIVERS\hamachi.sys
21:04:05.0665 4444 hamachi - ok
21:04:05.0740 4444 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
21:04:05.0763 4444 hcw85cir - ok
21:04:06.0035 4444 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
21:04:06.0039 4444 HDAudBus - ok
21:04:06.0120 4444 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
21:04:06.0136 4444 HidBatt - ok
21:04:06.0201 4444 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
21:04:06.0220 4444 HidBth - ok
21:04:06.0406 4444 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
21:04:06.0440 4444 HidIr - ok
21:04:06.0527 4444 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\DRIVERS\hidusb.sys
21:04:06.0555 4444 HidUsb - ok
21:04:06.0666 4444 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
21:04:06.0714 4444 HpSAMD - ok
21:04:06.0934 4444 HSF_DPV (cc267848cb3508e72762be65734e764d) C:\Windows\system32\DRIVERS\HSX_DPV.sys
21:04:06.0974 4444 HSF_DPV - ok
21:04:07.0025 4444 HSXHWAZL (a2882945cc4b6e3e4e9e825590438888) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
21:04:07.0028 4444 HSXHWAZL - ok
21:04:07.0130 4444 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
21:04:07.0136 4444 HTTP - ok
21:04:07.0215 4444 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
21:04:07.0216 4444 hwpolicy - ok
21:04:07.0423 4444 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
21:04:07.0461 4444 i8042prt - ok
21:04:07.0546 4444 iaNvStor (89a5bf70f2f23f502f4b87aa38b7eb74) C:\Windows\system32\DRIVERS\iaNvStor.sys
21:04:07.0549 4444 iaNvStor - ok
21:04:07.0645 4444 iaStor (01446278d4563b3013c92830ae6cbb26) C:\Windows\system32\DRIVERS\iaStor.sys
21:04:07.0650 4444 iaStor - ok
21:04:07.0730 4444 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
21:04:07.0766 4444 iaStorV - ok
21:04:07.0955 4444 IBMPMDRV (4dcfc1792be8fc092ab41eafa9d0fde5) C:\Windows\system32\DRIVERS\ibmpmdrv.sys
21:04:07.0995 4444 IBMPMDRV - ok
21:04:08.0274 4444 igfx (1f50623259df354776df04c56504a2d7) C:\Windows\system32\DRIVERS\igdkmd32.sys
21:04:08.0302 4444 igfx - ok
21:04:08.0459 4444 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
21:04:08.0483 4444 iirsp - ok
21:04:08.0611 4444 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
21:04:08.0642 4444 intelide - ok
21:04:08.0753 4444 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
21:04:08.0784 4444 intelppm - ok
21:04:08.0899 4444 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:04:08.0934 4444 IpFilterDriver - ok
21:04:09.0056 4444 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
21:04:09.0088 4444 IPMIDRV - ok
21:04:09.0170 4444 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
21:04:09.0209 4444 IPNAT - ok
21:04:09.0291 4444 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
21:04:09.0321 4444 IRENUM - ok
21:04:09.0439 4444 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
21:04:09.0489 4444 isapnp - ok
21:04:09.0606 4444 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
21:04:09.0644 4444 iScsiPrt - ok
21:04:09.0736 4444 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\drivers\kbdclass.sys
21:04:09.0766 4444 kbdclass - ok
21:04:09.0847 4444 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\drivers\kbdhid.sys
21:04:09.0881 4444 kbdhid - ok
21:04:10.0004 4444 KSecDD (412cea1aa78cc02a447f5c9e62b32ff1) C:\Windows\system32\Drivers\ksecdd.sys
21:04:10.0011 4444 KSecDD - ok
21:04:10.0103 4444 KSecPkg (26c046977e85b95036453d7b88ba1820) C:\Windows\system32\Drivers\ksecpkg.sys
21:04:10.0153 4444 KSecPkg - ok
21:04:10.0307 4444 lenovo.smi (3c3f7f424e324c6971632c5de5ff458f) C:\Windows\system32\DRIVERS\smiif32.sys
21:04:10.0320 4444 lenovo.smi - ok
21:04:10.0493 4444 LenovoRd (007c3a7e6a864ab2b8c52df717a7254c) C:\Windows\system32\Drivers\LenovoRd.sys
21:04:10.0548 4444 LenovoRd - ok
21:04:10.0693 4444 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
21:04:10.0730 4444 lltdio - ok
21:04:10.0793 4444 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
21:04:10.0828 4444 LSI_FC - ok
21:04:10.0963 4444 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
21:04:10.0995 4444 LSI_SAS - ok
21:04:11.0033 4444 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
21:04:11.0071 4444 LSI_SAS2 - ok
21:04:11.0153 4444 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
21:04:11.0193 4444 LSI_SCSI - ok
21:04:11.0261 4444 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
21:04:11.0300 4444 luafv - ok
21:04:11.0468 4444 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
21:04:11.0473 4444 mdmxsdk - ok
21:04:11.0509 4444 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
21:04:11.0554 4444 megasas - ok
21:04:11.0648 4444 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
21:04:11.0668 4444 MegaSR - ok
21:04:11.0713 4444 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
21:04:11.0728 4444 Modem - ok
21:04:11.0831 4444 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
21:04:11.0861 4444 monitor - ok
21:04:12.0052 4444 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
21:04:12.0072 4444 mouclass - ok
21:04:12.0185 4444 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
21:04:12.0202 4444 mouhid - ok
21:04:12.0282 4444 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
21:04:12.0285 4444 mountmgr - ok
21:04:12.0348 4444 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
21:04:12.0382 4444 mpio - ok
21:04:12.0513 4444 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
21:04:12.0534 4444 mpsdrv - ok
21:04:12.0629 4444 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
21:04:12.0656 4444 MRxDAV - ok
21:04:12.0730 4444 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
21:04:12.0749 4444 mrxsmb - ok
21:04:12.0804 4444 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:04:12.0821 4444 mrxsmb10 - ok
21:04:12.0950 4444 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:04:12.0978 4444 mrxsmb20 - ok
21:04:13.0152 4444 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
21:04:13.0167 4444 msahci - ok
21:04:13.0239 4444 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
21:04:13.0257 4444 msdsm - ok
21:04:13.0500 4444 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
21:04:13.0516 4444 Msfs - ok
21:04:13.0649 4444 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
21:04:13.0664 4444 mshidkmdf - ok
21:04:13.0748 4444 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
21:04:13.0764 4444 msisadrv - ok
21:04:13.0917 4444 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
21:04:13.0920 4444 MSKSSRV - ok
21:04:13.0971 4444 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
21:04:13.0988 4444 MSPCLOCK - ok
21:04:14.0031 4444 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
21:04:14.0033 4444 MSPQM - ok
21:04:14.0186 4444 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
21:04:14.0196 4444 MsRPC - ok
21:04:14.0282 4444 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
21:04:14.0301 4444 mssmbios - ok
21:04:14.0533 4444 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
21:04:14.0548 4444 MSTEE - ok
21:04:14.0599 4444 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
21:04:14.0618 4444 MTConfig - ok
21:04:14.0668 4444 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
21:04:14.0670 4444 Mup - ok
21:04:14.0740 4444 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
21:04:14.0775 4444 NativeWifiP - ok
21:04:14.0974 4444 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
21:04:14.0984 4444 NDIS - ok
21:04:15.0061 4444 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
21:04:15.0092 4444 NdisCap - ok
21:04:15.0146 4444 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
21:04:15.0149 4444 NdisTapi - ok
21:04:15.0243 4444 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
21:04:15.0261 4444 Ndisuio - ok
21:04:15.0457 4444 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
21:04:15.0490 4444 NdisWan - ok
21:04:15.0597 4444 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
21:04:15.0625 4444 NDProxy - ok
21:04:15.0741 4444 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
21:04:15.0778 4444 NetBIOS - ok
21:04:15.0981 4444 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
21:04:15.0984 4444 NetBT - ok
21:04:16.0248 4444 netw5v32 (58218ec6b61b1169cf54aab0d00f5fe2) C:\Windows\system32\DRIVERS\netw5v32.sys
21:04:16.0289 4444 netw5v32 - ok
21:04:16.0397 4444 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
21:04:16.0434 4444 nfrd960 - ok
21:04:16.0649 4444 nmwcd (cfe3462a9e94a57dcd9676f6b7fe7f67) C:\Windows\system32\drivers\ccdcmb.sys
21:04:16.0694 4444 nmwcd - ok
21:04:16.0740 4444 nmwcdc (8f2a94f991f8c73cec26b4b5620d1edc) C:\Windows\system32\drivers\ccdcmbo.sys
21:04:16.0743 4444 nmwcdc - ok
21:04:16.0784 4444 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
21:04:16.0807 4444 Npfs - ok
21:04:16.0886 4444 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
21:04:16.0887 4444 nsiproxy - ok
21:04:17.0103 4444 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
21:04:17.0146 4444 Ntfs - ok
21:04:17.0187 4444 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
21:04:17.0202 4444 Null - ok
21:04:17.0266 4444 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
21:04:17.0302 4444 nvraid - ok
21:04:17.0359 4444 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
21:04:17.0392 4444 nvstor - ok
21:04:17.0567 4444 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
21:04:17.0603 4444 nv_agp - ok
21:04:17.0752 4444 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
21:04:17.0756 4444 ohci1394 - ok
21:04:17.0966 4444 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
21:04:17.0999 4444 Parport - ok
21:04:18.0071 4444 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys
21:04:18.0087 4444 partmgr - ok
21:04:18.0129 4444 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
21:04:18.0145 4444 Parvdm - ok
21:04:18.0217 4444 pccsmcfd (fd2041e9ba03db7764b2248f02475079) C:\Windows\system32\DRIVERS\pccsmcfd.sys
21:04:18.0222 4444 pccsmcfd - ok
21:04:18.0399 4444 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
21:04:18.0425 4444 pci - ok
21:04:18.0482 4444 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
21:04:18.0510 4444 pciide - ok
21:04:18.0595 4444 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
21:04:18.0616 4444 pcmcia - ok
21:04:18.0655 4444 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
21:04:18.0671 4444 pcw - ok
21:04:18.0781 4444 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
21:04:18.0790 4444 PEAUTH - ok
21:04:18.0936 4444 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
21:04:18.0971 4444 PptpMiniport - ok
21:04:19.0049 4444 PROCDD (1d80309fed4babf8ea9e7b84a394348b) C:\Windows\system32\DRIVERS\PROCDD.SYS
21:04:19.0085 4444 PROCDD - ok
21:04:19.0177 4444 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
21:04:19.0210 4444 Processor - ok
21:04:19.0325 4444 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
21:04:19.0328 4444 Psched - ok
21:04:19.0458 4444 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\Windows\system32\Drivers\PxHelp20.sys
21:04:19.0494 4444 PxHelp20 - ok
21:04:19.0568 4444 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
21:04:19.0604 4444 ql2300 - ok
21:04:19.0716 4444 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
21:04:19.0759 4444 ql40xx - ok
21:04:19.0857 4444 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
21:04:19.0894 4444 QWAVEdrv - ok
21:04:20.0003 4444 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
21:04:20.0036 4444 RasAcd - ok
21:04:20.0185 4444 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
21:04:20.0208 4444 RasAgileVpn - ok
21:04:20.0342 4444 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
21:04:20.0387 4444 Rasl2tp - ok
21:04:20.0433 4444 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
21:04:20.0457 4444 RasPppoe - ok
21:04:20.0540 4444 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
21:04:20.0568 4444 RasSstp - ok
21:04:20.0646 4444 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
21:04:20.0696 4444 rdbss - ok
21:04:20.0828 4444 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
21:04:20.0867 4444 rdpbus - ok
21:04:21.0004 4444 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
21:04:21.0005 4444 RDPCDD - ok
21:04:21.0132 4444 RDPDR (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys
21:04:21.0140 4444 RDPDR - ok
21:04:21.0191 4444 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
21:04:21.0192 4444 RDPENCDD - ok
21:04:21.0291 4444 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
21:04:21.0322 4444 RDPREFMP - ok
21:04:21.0477 4444 RdpVideoMiniport (68a0387f58e226deee23d9715955572a) C:\Windows\system32\drivers\rdpvideominiport.sys
21:04:21.0508 4444 RdpVideoMiniport - ok
21:04:21.0627 4444 RDPWD (288b06960d78428ff89e811632684e20) C:\Windows\system32\drivers\RDPWD.sys
21:04:21.0660 4444 RDPWD - ok
21:04:21.0763 4444 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
21:04:21.0801 4444 rdyboost - ok
21:04:21.0962 4444 RFCOMM (cb928d9e6daf51879dd6ba8d02f01321) C:\Windows\system32\DRIVERS\rfcomm.sys
21:04:21.0978 4444 RFCOMM - ok
21:04:22.0149 4444 RsFx0150 (a95840a95a9ff74b0009e5d848cddb39) C:\Windows\system32\DRIVERS\RsFx0150.sys
21:04:22.0156 4444 RsFx0150 - ok
21:04:22.0259 4444 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
21:04:22.0312 4444 rspndr - ok
21:04:22.0418 4444 s3cap (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows\system32\drivers\vms3cap.sys
21:04:22.0460 4444 s3cap - ok
21:04:22.0600 4444 SASDIFSV (c5d996556c9df4716a09e7f8c3ddd2cf) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
21:04:22.0637 4444 SASDIFSV - ok
21:04:22.0651 4444 SASENUM (7f1085895e499907f68df7731924122b) C:\Program Files\SUPERAntiSpyware\SASENUM.SYS
21:04:22.0669 4444 SASENUM - ok
21:04:22.0681 4444 SASKUTIL (1380ab4ac393b5d3e21521fced3cd834) C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
21:04:22.0698 4444 SASKUTIL - ok
21:04:22.0871 4444 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
21:04:22.0910 4444 sbp2port - ok
21:04:22.0999 4444 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
21:04:23.0003 4444 scfilter - ok
21:04:23.0108 4444 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
21:04:23.0140 4444 secdrv - ok
21:04:23.0361 4444 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
21:04:23.0395 4444 Serenum - ok
21:04:23.0442 4444 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
21:04:23.0467 4444 Serial - ok
21:04:23.0552 4444 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
21:04:23.0567 4444 sermouse - ok
21:04:23.0642 4444 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
21:04:23.0657 4444 sffdisk - ok
21:04:23.0790 4444 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
21:04:23.0819 4444 sffp_mmc - ok
21:04:23.0852 4444 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
21:04:23.0867 4444 sffp_sd - ok
21:04:23.0961 4444 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
21:04:23.0993 4444 sfloppy - ok
21:04:24.0082 4444 Shockprf (fc0127343bd1ce1986ba12f8937f1057) C:\Windows\system32\DRIVERS\Apsx86.sys
21:04:24.0116 4444 Shockprf - ok
21:04:24.0247 4444 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
21:04:24.0280 4444 sisagp - ok
21:04:24.0381 4444 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
21:04:24.0419 4444 SiSRaid2 - ok
21:04:24.0542 4444 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
21:04:24.0587 4444 SiSRaid4 - ok
21:04:24.0673 4444 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
21:04:24.0690 4444 Smb - ok
21:04:24.0798 4444 smihlp2 (2a348e2292eb57775787ec4be7622715) C:\Program Files\Common Files\ThinkVantage Fingerprint Software\Drivers\smihlp.sys
21:04:24.0804 4444 smihlp2 - ok
21:04:25.0086 4444 SNP2UVC (1ef34706531b188d1ce12127d8233e87) C:\Windows\system32\DRIVERS\snp2uvc.sys
21:04:25.0099 4444 SNP2UVC - ok
21:04:25.0366 4444 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
21:04:25.0368 4444 spldr - ok
21:04:25.0564 4444 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
21:04:25.0583 4444 srv - ok
21:04:25.0669 4444 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
21:04:25.0687 4444 srv2 - ok
21:04:25.0733 4444 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
21:04:25.0762 4444 srvnet - ok
21:04:25.0972 4444 SSPORT (5f77725ec309de1242d8efc8e9259a9f) C:\Windows\system32\Drivers\SSPORT.sys
21:04:25.0987 4444 SSPORT - ok
21:04:26.0058 4444 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
21:04:26.0086 4444 stexstor - ok
21:04:26.0162 4444 storflt (472af0311073dceceaa8fa18ba2bdf89) C:\Windows\system32\drivers\vmstorfl.sys
21:04:26.0197 4444 storflt - ok
21:04:26.0354 4444 storvsc (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows\system32\drivers\storvsc.sys
21:04:26.0384 4444 storvsc - ok
21:04:26.0465 4444 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
21:04:26.0470 4444 swenum - ok
21:04:26.0502 4444 Synth3dVsc - ok
21:04:26.0603 4444 SynTP (130332e29759fd0eeffbb143edf4e8d3) C:\Windows\system32\DRIVERS\SynTP.sys
21:04:26.0637 4444 SynTP - ok
21:04:26.0848 4444 Tcpip (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\drivers\tcpip.sys
21:04:26.0869 4444 Tcpip - ok
21:04:26.0947 4444 TCPIP6 (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\DRIVERS\tcpip.sys
21:04:26.0954 4444 TCPIP6 - ok
21:04:27.0033 4444 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
21:04:27.0063 4444 tcpipreg - ok
21:04:27.0173 4444 TcUsb (a54b8fc62db00c018eafafb47d00511e) C:\Windows\system32\Drivers\tcusb.sys
21:04:27.0180 4444 TcUsb - ok
21:04:27.0438 4444 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
21:04:27.0466 4444 TDPIPE - ok
21:04:27.0501 4444 TDTCP (2c10395baa4847f83042813c515cc289) C:\Windows\system32\drivers\tdtcp.sys
21:04:27.0517 4444 TDTCP - ok
21:04:27.0808 4444 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
21:04:27.0871 4444 tdx - ok
21:04:28.0065 4444 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
21:04:28.0095 4444 TermDD - ok
21:04:28.0201 4444 TPDIGIMN (521866a3ce5a1a69b4b4a87bdb52be26) C:\Windows\system32\DRIVERS\ApsHM86.sys
21:04:28.0222 4444 TPDIGIMN - ok
21:04:28.0314 4444 TPM (5ad05191dc8b444a7ba4d79b76c42a30) C:\Windows\system32\drivers\tpm.sys
21:04:28.0342 4444 TPM - ok
21:04:28.0395 4444 TPPWRIF (6412da2b8d079d821b99b3a99943284e) C:\Windows\system32\drivers\Tppwr32v.sys
21:04:28.0432 4444 TPPWRIF - ok
21:04:28.0632 4444 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
21:04:28.0701 4444 tssecsrv - ok
21:04:28.0802 4444 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
21:04:28.0836 4444 TsUsbFlt - ok
21:04:28.0869 4444 tsusbhub - ok
21:04:28.0952 4444 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
21:04:28.0985 4444 tunnel - ok
21:04:29.0067 4444 tvtfilter (79e8d72b321d6e0ebc83b31d9cccd19c) C:\Windows\system32\DRIVERS\tvtfilter.sys
21:04:29.0097 4444 tvtfilter - ok
21:04:29.0332 4444 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
21:04:29.0367 4444 uagp35 - ok
21:04:29.0478 4444 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
21:04:29.0520 4444 udfs - ok
21:04:29.0719 4444 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
21:04:29.0747 4444 uliagpkx - ok
21:04:29.0891 4444 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\DRIVERS\umbus.sys
21:04:29.0929 4444 umbus - ok
21:04:30.0115 4444 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
21:04:30.0147 4444 UmPass - ok
21:04:30.0224 4444 upperdev (ec01da44b090d2651fc032c8b9257232) C:\Windows\system32\DRIVERS\usbser_lowerflt.sys
21:04:30.0226 4444 upperdev - ok
21:04:30.0319 4444 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
21:04:30.0335 4444 USBAAPL - ok
21:04:30.0481 4444 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys
21:04:30.0543 4444 usbccgp - ok
21:04:30.0601 4444 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
21:04:30.0644 4444 usbcir - ok
21:04:30.0737 4444 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\drivers\usbehci.sys
21:04:30.0774 4444 usbehci - ok
21:04:30.0874 4444 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
21:04:30.0908 4444 usbhub - ok
21:04:31.0051 4444 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\drivers\usbohci.sys
21:04:31.0066 4444 usbohci - ok
21:04:31.0162 4444 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
21:04:31.0193 4444 usbprint - ok
21:04:31.0285 4444 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
21:04:31.0318 4444 usbscan - ok
21:04:31.0506 4444 usbser (31181de6190b39fc8007dffd1a48ffd6) C:\Windows\system32\drivers\usbser.sys
21:04:31.0521 4444 usbser - ok
21:04:31.0579 4444 UsbserFilt (4abd37cfbd710e64f01f9da8710c73f7) C:\Windows\system32\DRIVERS\usbser_lowerfltj.sys
21:04:31.0585 4444 UsbserFilt - ok
21:04:31.0661 4444 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:04:31.0695 4444 USBSTOR - ok
21:04:31.0879 4444 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\drivers\usbuhci.sys
21:04:31.0914 4444 usbuhci - ok
21:04:32.0008 4444 usb_rndisx (d82f43d15fdaa666856c0190cb73e7c9) C:\Windows\system32\DRIVERS\usb8023x.sys
21:04:32.0039 4444 usb_rndisx - ok
21:04:32.0140 4444 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
21:04:32.0173 4444 vdrvroot - ok
21:04:32.0344 4444 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
21:04:32.0387 4444 vga - ok
21:04:32.0434 4444 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
21:04:32.0470 4444 VgaSave - ok
21:04:32.0513 4444 VGPU - ok
21:04:32.0578 4444 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
21:04:32.0603 4444 vhdmp - ok
21:04:32.0780 4444 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
21:04:32.0815 4444 viaagp - ok
21:04:32.0903 4444 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
21:04:32.0936 4444 ViaC7 - ok
21:04:33.0096 4444 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
21:04:33.0137 4444 viaide - ok
21:04:33.0195 4444 vmbus (c2f2911156fdc7817c52829c86da494e) C:\Windows\system32\drivers\vmbus.sys
21:04:33.0204 4444 vmbus - ok
21:04:33.0383 4444 VMBusHID (d4d77455211e204f370d08f4963063ce) C:\Windows\system32\drivers\VMBusHID.sys
21:04:33.0387 4444 VMBusHID - ok
21:04:33.0473 4444 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
21:04:33.0516 4444 volmgr - ok
21:04:33.0610 4444 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
21:04:33.0614 4444 volmgrx - ok
21:04:33.0672 4444 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
21:04:33.0717 4444 volsnap - ok
21:04:33.0867 4444 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
21:04:33.0899 4444 vsmraid - ok
21:04:33.0982 4444 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
21:04:34.0007 4444 vwifibus - ok
21:04:34.0067 4444 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
21:04:34.0082 4444 WacomPen - ok
21:04:34.0272 4444 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
21:04:34.0309 4444 WANARP - ok
21:04:34.0313 4444 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
21:04:34.0315 4444 Wanarpv6 - ok
21:04:34.0483 4444 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
21:04:34.0522 4444 Wd - ok
21:04:34.0572 4444 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
21:04:34.0616 4444 Wdf01000 - ok
21:04:34.0775 4444 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
21:04:34.0801 4444 WfpLwf - ok
21:04:34.0834 4444 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
21:04:34.0849 4444 WIMMount - ok
21:04:34.0973 4444 winachsf (0acd399f5db3df1b58903cf4949ab5a8) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
21:04:35.0011 4444 winachsf - ok
21:04:35.0244 4444 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUsb.sys
21:04:35.0252 4444 WinUsb - ok
21:04:35.0358 4444 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
21:04:35.0393 4444 WmiAcpi - ok
21:04:35.0502 4444 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
21:04:35.0533 4444 ws2ifsl - ok
21:04:35.0717 4444 WSDPrintDevice (553f6ccd7c58eb98d4a8fbdaf283d7a9) C:\Windows\system32\DRIVERS\WSDPrint.sys
21:04:35.0746 4444 WSDPrintDevice - ok
21:04:35.0833 4444 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
21:04:35.0864 4444 WudfPf - ok
21:04:35.0934 4444 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
21:04:35.0940 4444 WUDFRd - ok
21:04:36.0037 4444 XAudio (dab33cfa9dd24251aaa389ff36b64d4b) C:\Windows\system32\DRIVERS\xaudio.sys
21:04:36.0069 4444 XAudio - ok
21:04:36.0109 4444 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
21:04:36.0135 4444 \Device\Harddisk0\DR0 - ok
21:04:36.0163 4444 Boot (0x1200) (1972614f54c9eea5ad06a1ddef86c456) \Device\Harddisk0\DR0\Partition0
21:04:36.0164 4444 \Device\Harddisk0\DR0\Partition0 - ok
21:04:36.0169 4444 Boot (0x1200) (12f2d3c39c66888468cdb1a5e383bc84) \Device\Harddisk0\DR0\Partition1
21:04:36.0170 4444 \Device\Harddisk0\DR0\Partition1 - ok
21:04:36.0173 4444 ============================================================
21:04:36.0173 4444 Scan finished
21:04:36.0173 4444 ============================================================
21:04:36.0192 6268 Detected object count: 0
21:04:36.0192 6268 Actual detected object count: 0
21:04:38.0635 1108 Deinitialize success

#5 Příspěvek od **vyosek** » 13 pro 2011 15:07

Prejmenujte ComboFix na Beruska.com, vypnete antiviry a CF spustte, mel by probehnout a dat log - ten sem vlozte

krombi · #6 Příspěvek od **krombi** » 13 pro 2011 16:06

Provedeno a toto je log:

ComboFix 11-12-12.02 - Krombi 13.12.2011 15:23:29.2.2 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3062.1534 [GMT 1:00]
Running from: c:\users\Krombi\Desktop\Beruska.com.exe
AV: ESET Smart Security 4.0 *Disabled/Updated* {CB0F8167-5331-BA19-698E-64816B6801A5}
FW: ESET personal firewall *Disabled* {F3340042-195E-BB41-42D1-CDB495BB46DE}
SP: ESET Smart Security 4.0 *Disabled/Updated* {706E6083-750B-B597-533E-5FF310EF4B18}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\users\Krombi\20081212190802\AVCHD\BDMV\CLIPINF\00000.CPI
c:\users\Krombi\20081212190802\AVCHD\BDMV\INDEX.BDM
c:\users\Krombi\20081212190802\AVCHD\BDMV\MOVIEOBJ.BDM
c:\users\Krombi\20081212190802\AVCHD\BDMV\PLAYLIST\00000.MPL
c:\users\Krombi\20081212190802\AVCHD\BDMV\STREAM\00000.MTS
c:\users\Krombi\20081212190802\AVCHD\CANON\00000.MPL
c:\users\Krombi\20081212190802\AVCHD\CANON\BACKUP\00000.MPL
c:\users\Krombi\20081212190802\AVCHD\CANON\BACKUP\INDEX.BDM
c:\users\Krombi\20081212190802\AVCHD\CANON\BACKUP\THUMB.TID
c:\users\Krombi\20081212190802\AVCHD\CANON\THUMB.TID
c:\users\Krombi\20081212190802\AVCHD\CANON\THUMB00\00000.JPG
c:\users\Krombi\Documents\~WRL0256.tmp
c:\users\Krombi\Documents\~WRL1071.tmp
c:\users\Krombi\Documents\~WRL1971.tmp
c:\users\Krombi\Documents\~WRL2034.tmp
c:\users\Krombi\Documents\~WRL2120.tmp
c:\users\Krombi\Documents\~WRL2352.tmp
c:\users\Krombi\Documents\~WRL2769.tmp
c:\users\Krombi\Documents\~WRL3172.tmp
c:\users\Krombi\Documents\~WRL3540.tmp
c:\users\Krombi\Documents\~WRL3542.tmp
c:\users\Krombi\Documents\~WRL3589.tmp
c:\users\Krombi\Documents\~WRL3738.tmp
c:\users\Krombi\g2mdlhlpx.exe
c:\windows\iun6002.exe
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
.
.
((((((((((((((((((((((((( Files Created from 2011-11-13 to 2011-12-13 )))))))))))))))))))))))))))))))
.
.
2011-12-13 14:33 . 2011-12-13 14:33 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-12-13 12:08 . 2011-12-13 12:19 -------- d-----w- c:\program files\trend micro
2011-12-13 12:08 . 2011-12-13 12:08 -------- d-----w- C:\rsit
2011-12-12 21:54 . 2011-12-12 21:54 -------- d-----w- c:\programdata\I.CA SecureStore
2011-12-12 21:54 . 2011-12-12 21:54 -------- d-----w- c:\program files\I.CA SecureStore
2011-12-12 21:53 . 2011-12-12 21:53 -------- d-----w- c:\program files\Gemalto
2011-12-12 21:37 . 2011-12-12 21:37 -------- d-----w- c:\users\Krombi\.ica
2011-12-12 20:28 . 2011-12-12 20:28 -------- d-----w- c:\users\Krombi\AppData\Local\Deployment
2011-11-23 19:17 . 2011-11-23 19:17 -------- d-----w- c:\users\Krombi\AppData\Local\CrossLoop
2011-11-22 19:04 . 2011-11-22 19:04 -------- d-----w- c:\program files\NinjaTrader 7
2011-11-16 12:39 . 2011-11-23 19:26 -------- d-----w- C:\BracketTrader
2011-11-16 12:23 . 2000-12-06 00:00 209608 ----a-w- c:\windows\system32\TABCTL32.OCX
2011-11-16 12:23 . 2000-07-08 16:19 204800 ----a-w- c:\windows\system32\MBClrPkr.ocx
2011-11-16 12:23 . 2011-11-16 19:43 -------- d-----w- c:\program files\TSimPlus
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-25 08:24 . 2011-10-25 08:24 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-24 13:29 . 2011-10-24 13:29 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-10-24 13:29 . 2011-10-24 13:29 69632 ----a-w- c:\windows\system32\QuickTime.qts
2011-10-03 04:06 . 2011-03-08 22:42 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-09-29 16:03 . 2011-11-09 17:40 1290608 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-09-29 03:37 . 2011-11-09 17:39 2341888 ----a-w- c:\windows\system32\win32k.sys
2011-11-05 13:29 . 2011-03-22 18:08 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Krombi\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Krombi\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Krombi\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Krombi\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GoToMeeting"="c:\program files\Citrix\GoToMeeting\457\g2mstart.exe" [2010-06-03 39816]
"NokiaOviSuite2"="c:\program files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe" [2011-09-01 966712]
"chromium"="c:\users\Krombi\AppData\Local\Google\Chrome\Application\chrome.exe" [2011-11-15 1036344]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-10-13 17351304]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-12-07 1282048]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-10-06 824616]
"AwaySch"="c:\program files\Lenovo\AwayTask\AwaySch.EXE" [2006-11-07 91688]
"CameraApplicationLauncher"="c:\program files\Lenovo\Camera Center\bin\CameraApplicationLaunchpadLauncher.exe" [2007-08-23 16384]
"cssauth"="c:\program files\Lenovo\Client Security Solution\cssauth.exe" [2007-08-09 2630968]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-08-07 186904]
"IaNvSrv"="c:\program files\Intel\Intel Matrix Storage Manager\OROM\IaNvSrv\IaNvSrv.exe" [2009-08-20 33304]
"LENOVO.TPFNF6R"="c:\program files\Lenovo\HOTKEY\TPFNF6R.exe" [2009-08-20 62752]
"Message Center Plus"="c:\program files\LENOVO\Message Center Plus\MCPLaunch.exe" [2009-05-27 49976]
"PSQLLauncher"="c:\program files\ThinkVantage Fingerprint Software\launcher.exe" [2008-11-20 49928]
"TPHOTKEY"="c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe" [2009-03-13 68976]
"TPKMAPHELPER"="c:\program files\ThinkPad\Utilities\TpKmapAp.exe" [2007-02-26 992816]
"TpShocks"="TpShocks.exe" [2009-07-08 337184]
"TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2008-03-04 487424]
"WD Drive Manager"="c:\program files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe" [2008-05-16 430080]
"BLOG"="c:\progra~1\ThinkPad\UTILIT~1\BTVLogEx.DLL" [2009-09-09 214576]
"EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2008-10-08 256576]
"PWMTRV"="c:\progra~1\ThinkPad\UTILIT~1\PWMTR32V.DLL" [2009-09-09 714016]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2009-11-16 2054360]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-04-17 185896]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-08-06 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-08-06 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-08-06 150552]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"WinSSHD Activation State Checker"="c:\program files\Bitvise WinSSHD\WinsshdActStateCheck.exe" [2011-02-15 247040]
"SAOB Monitor"="c:\program files\Acronis\OnlineBackupStandalone\TrueImageMonitor.exe" [2010-03-02 2535312]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2010-03-02 361632]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2010-02-09 618496]
"4623FW Scan2PC"="c:\windows\twain_32\Samsung\SCX4623W\Scan2Pc.exe" [2010-02-11 1982464]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-10-09 421736]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
.
c:\users\Krombi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-17 113664]
Check for TWS Updates.lnk - c:\jts\WiseUpdt.exe [2008-4-9 194775]
Dropbox.lnk - c:\users\Krombi\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-5-25 24176560]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\ThinkPad\Bluetooth Software\BTTray.exe [2008-3-17 752168]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2009-6-8 50688]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"DisableCAD"= 1 (0x1)
"SynchronousMachineGroupPolicy"= 0 (0x0)
"SynchronousUserGroupPolicy"= 0 (0x0)
"SoftwareSASGeneration"= 3 (0x3)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2006-12-20 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-04-19 19:41 294912 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2008-11-20 22:35 95496 ----a-w- c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=c:\windows\pss\Adobe Reader Speed Launch.lnk.CommonStartup
backupExtension=.CommonStartup
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
backup=c:\windows\pss\Adobe Reader Synchronizer.lnk.CommonStartup
backupExtension=.CommonStartup
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Krombi^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Check for TWS Updates.lnk]
path=c:\users\Krombi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Check for TWS Updates.lnk
backup=c:\windows\pss\Check for TWS Updates.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ACTray]
2009-07-29 13:09 435488 ----a-w- c:\program files\ThinkPad\ConnectUtilities\ACTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ACWlIcon]
2009-07-29 13:09 177440 ----a-w- c:\program files\ThinkPad\ConnectUtilities\ACWLIcon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AMSG]
2009-04-29 15:56 424512 ----a-w- c:\progra~1\THINKV~1\AMSG\Amsg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
2006-09-28 19:21 57344 ----a-w- c:\program files\SlySoft\CloneCD\CloneCDTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LPMailChecker]
2009-01-29 01:10 124248 ----a-w- c:\progra~1\THINKV~1\PrdCtr\LPMLCHK.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LPManager]
2009-01-29 01:10 185688 ----a-w- c:\progra~1\THINKV~1\PrdCtr\LPMGR.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
2009-11-11 09:57 1451520 ----a-w- c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-10-24 13:28 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2008-04-17 05:09 185896 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPFNF7]
2009-04-16 02:04 61728 ----a-w- c:\progra~1\Lenovo\NPDIRECT\tpfnf7sp.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 CrossLoopService;CrossLoop Service;c:\users\Krombi\AppData\Local\CrossLoop\CrossLoopService.exe [2011-09-07 569072]
R2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [2009-07-03 45424]
R2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\Lenovo\Rescue and Recovery\rrpservice.exe [2007-07-10 569344]
R3 adusbser;AnyDATA USB Device for Legacy Serial Communication;c:\windows\system32\DRIVERS\adusbser.sys [2007-11-14 100992]
R3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\System32\DRIVERS\ASPI32.sys [2002-07-17 84832]
R3 GemCCID;GemCCID;c:\windows\system32\Drivers\GemCCID.sys [2009-08-10 89600]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2006-02-16 4096]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 tvnserver;TightVNC Server;c:\users\Krombi\AppData\Local\CrossLoop\tvnserver.exe [2010-07-21 814080]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-25 1343400]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 17920]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2010-04-03 44896]
R4 RsFx0150;RsFx0150 Driver;c:\windows\system32\DRIVERS\RsFx0150.sys [2010-04-03 240608]
S0 iaNvStor;Intel(R) Turbo Memory Controller;c:\windows\system32\DRIVERS\iaNvStor.sys [2009-02-02 229400]
S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM86.sys [2009-06-29 20520]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2009-11-16 108792]
S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiif32.sys [2008-05-12 13480]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2008-02-29 8944]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2008-02-29 51440]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2009-11-16 735960]
S2 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [2009-12-18 38240]
S2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [2010-09-06 247096]
S2 Power Manager DBC Service;Power Manager DBC Service;c:\program files\ThinkPad\Utilities\PWMDBSVC.EXE [2009-09-09 75040]
S2 Samsung Network Fax Server;Samsung Network Fax Server;c:\windows\system32\spool\drivers\w32x86\3\NetFaxServer.exe [2009-12-02 165888]
S2 smihlp2;SMI Helper Driver (smihlp2);c:\program files\Common Files\ThinkVantage Fingerprint Software\Drivers\smihlp.sys [2008-11-20 12560]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [2009-10-27 5120]
S2 TPHKSVC;On Screen Display;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [2009-07-15 62320]
S2 WDBtnMgrSvc.exe;WD Drive Manager Service;c:\program files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe [2008-05-16 102400]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2008-01-29 29736]
S3 LenovoRd;LenovoRd;c:\windows\system32\Drivers\LenovoRd.sys [2007-06-08 81280]
S3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
HPService REG_MULTI_SZ HPSLPSVC
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
Contents of the 'Scheduled Tasks' folder
.
2009-02-15 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-02-12 22:54]
.
2011-12-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-852458815-2499913598-1969615966-1002Core.job
- c:\users\Krombi\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-19 08:03]
.
2011-12-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-852458815-2499913598-1969615966-1002UA.job
- c:\users\Krombi\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-19 08:03]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://start.icq.com/
uInternet Settings,ProxyOverride = *.local
IE: &Translate - c:\program files\Arsenal Company\SOCRAT Internet\HTML\WSocrat.js
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie.htm
IE: {{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - c:\program files\ICQ7.4\ICQ.exe
IE: {{17FA5CD6-5737-45c2-B194-74C8A4A7F7E7} - {7E1F0737-53A5-4EDC-8734-DD94B50AAF83} - c:\program files\Arsenal Company\SOCRAT Internet\SocratInternet.dll
IE: {{DFDC8970-FD66-4385-B8C0-835A4AA1DA00} - {A3400175-12F9-4220-83BF-A7210CA4003E} - c:\program files\Arsenal Company\SOCRAT Internet\SocratInternet.dll
Trusted Zone: mojebanka.cz\etrading
Trusted Zone: mojebanka.cz\www
Trusted Zone: mojebanka.cz\etrading
Trusted Zone: mojebanka.cz\www
TCP: DhcpNameServer = 192.168.2.10 192.168.2.11 212.24.128.8
FF - ProfilePath - c:\users\Krombi\AppData\Roaming\Mozilla\Firefox\Profiles\5x3q1a5q.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://www.igoogle.com/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.3.3&q=
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-ICQ - c:\program files\ICQ7.0\ICQ.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,b9,b7,4b,25,21,08,33,4c,a7,07,a8,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,b9,b7,4b,25,21,08,33,4c,a7,07,a8,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(616)
c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll
c:\program files\ThinkVantage Fingerprint Software\homefus2.dll
c:\program files\ThinkVantage Fingerprint Software\infql2.dll
.
- - - - - - - > 'Explorer.exe'(1824)
c:\progra~1\ThinkPad\UTILIT~1\PWMTR32V.DLL
c:\progra~1\ThinkPad\UTILIT~1\US\PWMRT32V.DLL
c:\users\Krombi\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
c:\windows\system32\btmmhook.dll
.
Completion time: 2011-12-13 15:36:54
ComboFix-quarantined-files.txt 2011-12-13 14:36
.
Pre-Run: 4 263 964 672 bytes free
Post-Run: 3 781 246 976 bytes free
.
- - End Of File - - DCEC8F68EACED6B90745773AF5A66C60

#7 Příspěvek od **vyosek** » 13 pro 2011 16:11

Ten ESET Smart Security mate legalni = zakoupena licence

krombi · #8 Příspěvek od **krombi** » 13 pro 2011 16:18

Samozřejmě, do 18.7.2014 dokonce...

Trochu začínám podezřívat ten ESET, zda to není jen planý poplach (i dle debaty na některých diskuzních forech), ale to berte jako pohled laika. Nerad bych něco podcenil. Mimo té nepříjemné červené hlášky a okénka funguje počítač naprosto standardně.

#9 Příspěvek od **vyosek** » 13 pro 2011 16:21

Stahnete aswMBR http://public.avast.com/%7Egmerek/aswMBR.exe a ulozte jej na plochu.

Utilitu spustte a prikazte ji, at skenuje - klik na Scan
Kliknutim na Save log ulozte log aswMBR na plochu
Obsah logu aswMBR mi sem vlozte

krombi · #10 Příspěvek od **krombi** » 14 pro 2011 09:06

Provedl jsem, zde je log:

aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-12-13 18:25:54
-----------------------------
18:25:54.419 OS Version: Windows 6.1.7601 Service Pack 1
18:25:54.420 Number of processors: 2 586 0x1706
18:25:54.421 ComputerName: JOHNY UserName:
18:25:55.405 Initialize success
18:26:02.367 AVAST engine defs: 11121301
18:26:08.764 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
18:26:08.771 Disk 0 Vendor: FUJITSU_ 0084 Size: 152627MB BusType: 3
18:26:08.778 Disk 1 \Device\Harddisk1\DR1 -> \Device\RobsonImd-0
18:26:08.785 Disk 1 Vendor: Size: 513MB BusType: 0
18:26:08.802 Disk 0 MBR read successfully
18:26:08.810 Disk 0 MBR scan
18:26:08.840 Disk 0 Windows 7 default MBR code
18:26:08.851 Disk 0 scanning sectors +312578048
18:26:08.938 Disk 0 scanning C:\Windows\system32\drivers
18:26:32.040 Service scanning
18:26:33.606 Modules scanning
18:26:53.662 Disk 0 trace - called modules:
18:26:53.682 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll iaStor.sys
18:26:53.688 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8792f5a8]
18:26:53.694 3 CLASSPNP.SYS[8bbb959e] -> nt!IofCallDriver -> [0x86720868]
18:26:53.700 5 ACPI.sys[8b4bb3d4] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x86702028]
18:26:54.496 AVAST engine scan C:\Windows
18:27:11.781 AVAST engine scan C:\Windows\system32
18:30:24.807 AVAST engine scan C:\Windows\system32\drivers
18:30:48.197 AVAST engine scan C:\Users\Krombi
19:36:16.898 AVAST engine scan C:\ProgramData
19:42:29.851 Scan finished successfully
09:01:56.021 Disk 0 MBR has been saved successfully to "C:\Users\Krombi\Desktop\MBR.dat"
09:01:56.027 The log file has been saved successfully to "C:\Users\Krombi\Desktop\aswMBR.txt"

#11 Příspěvek od **vyosek** » 14 pro 2011 10:18

Pokud nemate, tak presunte Combofix na plochu

Spustte poznamkovy blok (Start-spustit-notepad)
Zkopirujte skript nize

Kód: Vybrat vše

KillAll::

RegLock::
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

DDS::
uStart Page = hxxp://start.icq.com/
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
Trusted Zone: mojebanka.cz\etrading
Trusted Zone: mojebanka.cz\www
Trusted Zone: mojebanka.cz\etrading
Trusted Zone: mojebanka.cz\www

Firefox::
FF - ProfilePath - c:\users\Krombi\AppData\Roaming\Mozilla\Firefox\Profiles\5x3q1a5q.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://www.igoogle.com/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_result ... r=1.3.3&q=

File::
c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-852458815-2499913598-1969615966-1002Core.job
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-852458815-2499913598-1969615966-1002UA.job
c:\users\Krombi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk

Folder::
c:\program files\ICQ6Toolbar

Driver::
ICQ Service

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
[-HKLM\~\startupfolder\C:^Users^Krombi^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Check for TWS Updates.lnk]
[-HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
[-HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"=-
"HP Software Update"=-
"TkBellExe"=-
"Adobe Reader Speed Launcher"=-
"Adobe ARM"=-
"iTunesHelper"=-
"QuickTime Task"=-
"SunJavaUpdateSched"=-
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaOviSuite2"=-
"chromium"=-
"Skype"=-

Reboot::

Ulozte vytvoreny TXT jako CFScript.txt
Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte

Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci

krombi · #12 Příspěvek od **krombi** » 14 pro 2011 12:29

Děkuji a zasílám log:

ComboFix 11-12-12.02 - Krombi 14.12.2011 10:42:45.3.2 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3062.1658 [GMT 1:00]
Running from: c:\users\Krombi\Desktop\ComboFix.exe
Command switches used :: c:\users\Krombi\Desktop\CFScript.txt
AV: ESET Smart Security 4.0 *Disabled/Updated* {CB0F8167-5331-BA19-698E-64816B6801A5}
FW: ESET personal firewall *Disabled* {F3340042-195E-BB41-42D1-CDB495BB46DE}
SP: ESET Smart Security 4.0 *Disabled/Updated* {706E6083-750B-B597-533E-5FF310EF4B18}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
FILE ::
"c:\users\Krombi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk"
"c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-852458815-2499913598-1969615966-1002Core.job"
"c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-852458815-2499913598-1969615966-1002UA.job"
"c:\windows\Tasks\Check Updates for Windows Live Toolbar.job"
.
.
Overlay aborted ... Please run ComboFix once more
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\ICQ6Toolbar
c:\program files\ICQ6Toolbar\config.xml
c:\program files\ICQ6Toolbar\Icons.bmp
c:\program files\ICQ6Toolbar\ICQ Service.exe
c:\program files\ICQ6Toolbar\icq6Toolbar.ico
c:\program files\ICQ6Toolbar\ICQToolBar.dll
c:\program files\ICQ6Toolbar\ICQUnToolbar.exe
c:\program files\ICQ6Toolbar\logo_small.gif
c:\program files\ICQ6Toolbar\ServiceStarter.exe
c:\program files\ICQ6Toolbar\short.wav
c:\program files\ICQ6Toolbar\Version.txt
c:\program files\ICQ6Toolbar\voucher.bmp
c:\program files\ICQ6Toolbar\voucher2.bmp
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-852458815-2499913598-1969615966-1002Core.job
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-852458815-2499913598-1969615966-1002UA.job
c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_ICQ Service
.
.
((((((((((((((((((((((((( Files Created from 2011-11-14 to 2011-12-14 )))))))))))))))))))))))))))))))
.
.
2011-12-14 09:53 . 2011-12-14 09:53 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-12-13 12:08 . 2011-12-13 12:19 -------- d-----w- c:\program files\trend micro
2011-12-13 12:08 . 2011-12-13 12:08 -------- d-----w- C:\rsit
2011-12-12 21:54 . 2011-12-12 21:54 -------- d-----w- c:\programdata\I.CA SecureStore
2011-12-12 21:54 . 2011-12-12 21:54 -------- d-----w- c:\program files\I.CA SecureStore
2011-12-12 21:53 . 2011-12-12 21:53 -------- d-----w- c:\program files\Gemalto
2011-12-12 21:37 . 2011-12-12 21:37 -------- d-----w- c:\users\Krombi\.ica
2011-12-12 20:28 . 2011-12-12 20:28 -------- d-----w- c:\users\Krombi\AppData\Local\Deployment
2011-11-23 19:17 . 2011-11-23 19:17 -------- d-----w- c:\users\Krombi\AppData\Local\CrossLoop
2011-11-22 19:04 . 2011-11-22 19:04 -------- d-----w- c:\program files\NinjaTrader 7
2011-11-16 12:39 . 2011-11-23 19:26 -------- d-----w- C:\BracketTrader
2011-11-16 12:23 . 2000-12-06 00:00 209608 ----a-w- c:\windows\system32\TABCTL32.OCX
2011-11-16 12:23 . 2000-07-08 16:19 204800 ----a-w- c:\windows\system32\MBClrPkr.ocx
2011-11-16 12:23 . 2011-11-16 19:43 -------- d-----w- c:\program files\TSimPlus
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-25 08:24 . 2011-10-25 08:24 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-24 13:29 . 2011-10-24 13:29 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-10-24 13:29 . 2011-10-24 13:29 69632 ----a-w- c:\windows\system32\QuickTime.qts
2011-10-03 04:06 . 2011-03-08 22:42 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-09-29 16:03 . 2011-11-09 17:40 1290608 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-09-29 03:37 . 2011-11-09 17:39 2341888 ----a-w- c:\windows\system32\win32k.sys
2011-11-05 13:29 . 2011-03-22 18:08 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Krombi\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Krombi\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Krombi\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Krombi\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GoToMeeting"="c:\program files\Citrix\GoToMeeting\457\g2mstart.exe" [2010-06-03 39816]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-12-07 1282048]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-10-06 824616]
"AwaySch"="c:\program files\Lenovo\AwayTask\AwaySch.EXE" [2006-11-07 91688]
"CameraApplicationLauncher"="c:\program files\Lenovo\Camera Center\bin\CameraApplicationLaunchpadLauncher.exe" [2007-08-23 16384]
"cssauth"="c:\program files\Lenovo\Client Security Solution\cssauth.exe" [2007-08-09 2630968]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-08-07 186904]
"IaNvSrv"="c:\program files\Intel\Intel Matrix Storage Manager\OROM\IaNvSrv\IaNvSrv.exe" [2009-08-20 33304]
"LENOVO.TPFNF6R"="c:\program files\Lenovo\HOTKEY\TPFNF6R.exe" [2009-08-20 62752]
"Message Center Plus"="c:\program files\LENOVO\Message Center Plus\MCPLaunch.exe" [2009-05-27 49976]
"PSQLLauncher"="c:\program files\ThinkVantage Fingerprint Software\launcher.exe" [2008-11-20 49928]
"TPHOTKEY"="c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe" [2009-03-13 68976]
"TPKMAPHELPER"="c:\program files\ThinkPad\Utilities\TpKmapAp.exe" [2007-02-26 992816]
"TpShocks"="TpShocks.exe" [2009-07-08 337184]
"TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2008-03-04 487424]
"WD Drive Manager"="c:\program files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe" [2008-05-16 430080]
"BLOG"="c:\progra~1\ThinkPad\UTILIT~1\BTVLogEx.DLL" [2009-09-09 214576]
"EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2008-10-08 256576]
"PWMTRV"="c:\progra~1\ThinkPad\UTILIT~1\PWMTR32V.DLL" [2009-09-09 714016]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2009-11-16 2054360]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-08-06 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-08-06 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-08-06 150552]
"WinSSHD Activation State Checker"="c:\program files\Bitvise WinSSHD\WinsshdActStateCheck.exe" [2011-02-15 247040]
"SAOB Monitor"="c:\program files\Acronis\OnlineBackupStandalone\TrueImageMonitor.exe" [2010-03-02 2535312]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2010-03-02 361632]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2010-02-09 618496]
"4623FW Scan2PC"="c:\windows\twain_32\Samsung\SCX4623W\Scan2Pc.exe" [2010-02-11 1982464]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
.
c:\users\Krombi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-17 113664]
Check for TWS Updates.lnk - c:\jts\WiseUpdt.exe [2008-4-9 194775]
Dropbox.lnk - c:\users\Krombi\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-5-25 24176560]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\ThinkPad\Bluetooth Software\BTTray.exe [2008-3-17 752168]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2009-6-8 50688]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"DisableCAD"= 1 (0x1)
"SynchronousMachineGroupPolicy"= 0 (0x0)
"SynchronousUserGroupPolicy"= 0 (0x0)
"SoftwareSASGeneration"= 3 (0x3)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2006-12-20 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-04-19 19:41 294912 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2008-11-20 22:35 95496 ----a-w- c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Krombi^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Check for TWS Updates.lnk]
path=c:\users\Krombi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Check for TWS Updates.lnk
backup=c:\windows\pss\Check for TWS Updates.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ACTray]
2009-07-29 13:09 435488 ----a-w- c:\program files\ThinkPad\ConnectUtilities\ACTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ACWlIcon]
2009-07-29 13:09 177440 ----a-w- c:\program files\ThinkPad\ConnectUtilities\ACWLIcon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AMSG]
2009-04-29 15:56 424512 ----a-w- c:\progra~1\THINKV~1\AMSG\Amsg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LPMailChecker]
2009-01-29 01:10 124248 ----a-w- c:\progra~1\THINKV~1\PrdCtr\LPMLCHK.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LPManager]
2009-01-29 01:10 185688 ----a-w- c:\progra~1\THINKV~1\PrdCtr\LPMGR.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPFNF7]
2009-04-16 02:04 61728 ----a-w- c:\progra~1\Lenovo\NPDIRECT\tpfnf7sp.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [2009-07-03 45424]
R2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\Lenovo\Rescue and Recovery\rrpservice.exe [2007-07-10 569344]
R3 adusbser;AnyDATA USB Device for Legacy Serial Communication;c:\windows\system32\DRIVERS\adusbser.sys [2007-11-14 100992]
R3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\System32\DRIVERS\ASPI32.sys [2002-07-17 84832]
R3 GemCCID;GemCCID;c:\windows\system32\Drivers\GemCCID.sys [2009-08-10 89600]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2006-02-16 4096]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 tvnserver;TightVNC Server;c:\users\Krombi\AppData\Local\CrossLoop\tvnserver.exe [2010-07-21 814080]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-25 1343400]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 17920]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2010-04-03 44896]
R4 RsFx0150;RsFx0150 Driver;c:\windows\system32\DRIVERS\RsFx0150.sys [2010-04-03 240608]
S0 iaNvStor;Intel(R) Turbo Memory Controller;c:\windows\system32\DRIVERS\iaNvStor.sys [2009-02-02 229400]
S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM86.sys [2009-06-29 20520]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2009-11-16 108792]
S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiif32.sys [2008-05-12 13480]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2008-02-29 8944]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2008-02-29 51440]
S2 CrossLoopService;CrossLoop Service;c:\users\Krombi\AppData\Local\CrossLoop\CrossLoopService.exe [2011-09-07 569072]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2009-11-16 735960]
S2 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [2009-12-18 38240]
S2 Power Manager DBC Service;Power Manager DBC Service;c:\program files\ThinkPad\Utilities\PWMDBSVC.EXE [2009-09-09 75040]
S2 Samsung Network Fax Server;Samsung Network Fax Server;c:\windows\system32\spool\drivers\w32x86\3\NetFaxServer.exe [2009-12-02 165888]
S2 smihlp2;SMI Helper Driver (smihlp2);c:\program files\Common Files\ThinkVantage Fingerprint Software\Drivers\smihlp.sys [2008-11-20 12560]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [2009-10-27 5120]
S2 TPHKSVC;On Screen Display;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [2009-07-15 62320]
S2 WDBtnMgrSvc.exe;WD Drive Manager Service;c:\program files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe [2008-05-16 102400]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2008-01-29 29736]
S3 LenovoRd;LenovoRd;c:\windows\system32\Drivers\LenovoRd.sys [2007-06-08 81280]
S3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
HPService REG_MULTI_SZ HPSLPSVC
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: &Translate - c:\program files\Arsenal Company\SOCRAT Internet\HTML\WSocrat.js
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie.htm
IE: {{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - c:\program files\ICQ7.4\ICQ.exe
IE: {{17FA5CD6-5737-45c2-B194-74C8A4A7F7E7} - {7E1F0737-53A5-4EDC-8734-DD94B50AAF83} - c:\program files\Arsenal Company\SOCRAT Internet\SocratInternet.dll
IE: {{DFDC8970-FD66-4385-B8C0-835A4AA1DA00} - {A3400175-12F9-4220-83BF-A7210CA4003E} - c:\program files\Arsenal Company\SOCRAT Internet\SocratInternet.dll
TCP: DhcpNameServer = 192.168.2.10 192.168.2.11 212.24.128.8
FF - ProfilePath - c:\users\Krombi\AppData\Roaming\Mozilla\Firefox\Profiles\5x3q1a5q.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://www.igoogle.com/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.3.3&q=
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-ICQToolbar - c:\program files\ICQ6Toolbar\ICQUnToolbar.exe
.
.
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(616)
c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll
c:\program files\ThinkVantage Fingerprint Software\homefus2.dll
c:\program files\ThinkVantage Fingerprint Software\infql2.dll
.
- - - - - - - > 'Explorer.exe'(4640)
c:\users\Krombi\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
c:\windows\system32\btmmhook.dll
c:\progra~1\ThinkPad\UTILIT~1\PWMTR32V.DLL
c:\progra~1\ThinkPad\UTILIT~1\US\PWMRT32V.DLL
c:\progra~1\ThinkPad\UTILIT~1\PWMIF32V.DLL
c:\windows\system32\btncopy.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_cze.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\program files\Lenovo\Drag-to-Disc\Shellex.dll
c:\windows\system32\DLAAPI_W.DLL
c:\program files\Lenovo\Drag-to-Disc\ShellRes.dll
c:\windows\system32\BtwNamespaceExt.dll
c:\windows\system32\BtwNeLib.dll
c:\windows\system32\btwapi.dll
c:\windows\system32\btosif.dll
c:\windows\system32\btwpimif.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ibmpmsvc.exe
c:\program files\ThinkVantage Fingerprint Software\upeksvr.exe
c:\windows\system32\IPSSVC.EXE
c:\program files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
c:\program files\Common Files\Acronis\Schedule2\schedul2.exe
c:\windows\system32\AEADISRV.EXE
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\SYSTEM32\astsrv.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\ThinkPad\Bluetooth Software\bin\btwdins.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\program files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\sqlservr.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\Lenovo\Client Security Solution\tvttcsd.exe
c:\program files\Bitvise WinSSHD\WinSSHD.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\ThinkPad\ConnectUtilities\AcSvc.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files\lenovo\system update\suservice.exe
c:\program files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
c:\windows\system32\taskhost.exe
c:\program files\Bitvise WinSSHD\sshdctrl.exe
c:\windows\system32\conhost.exe
c:\program files\Synaptics\SynTP\SynTPLpr.exe
c:\windows\System32\TpShocks.exe
c:\program files\Lenovo\HOTKEY\TPONSCR.exe
c:\program files\Lenovo\Zoom\TpScrex.exe
c:\program files\ThinkPad\Utilities\EZEJMNAP.EXE
c:\windows\System32\rundll32.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\ThinkPad\Bluetooth Software\BtStackServer.exe
c:\program files\Citrix\GoToMeeting\457\g2mcomm.exe
c:\program files\Citrix\GoToMeeting\457\g2mlauncher.exe
c:\windows\system32\sppsvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\DllHost.exe
.
**************************************************************************
.
Completion time: 2011-12-14 11:02:52 - machine was rebooted
ComboFix-quarantined-files.txt 2011-12-14 10:02
ComboFix2.txt 2011-12-13 14:36
.
Pre-Run: 2 485 833 728 bytes free
Post-Run: 4 012 351 488 bytes free
.
- - End Of File - - 01733E2A0F329FA5B3EDC3E9847DCD23

#13 Příspěvek od **vyosek** » 14 pro 2011 13:16

Jeste jeden skript pro CF, postup stejny

Kód: Vybrat vše

KillAll::

Firefox::
FF - ProfilePath - c:\users\Krombi\AppData\Roaming\Mozilla\Firefox\Profiles\5x3q1a5q.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://www.igoogle.com/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_result ... r=1.3.3&q=

File::
c:\users\Krombi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk

Reboot::

krombi · #14 Příspěvek od **krombi** » 14 pro 2011 15:13

Děkuji, zasílám log:

ComboFix 11-12-13.03 - Krombi 14.12.2011 13:28:39.6.2 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3062.2029 [GMT 1:00]
Running from: c:\users\Krombi\Desktop\ComboFix.exe
Command switches used :: c:\users\Krombi\Desktop\CFScript.txt
AV: ESET Smart Security 4.0 *Disabled/Updated* {CB0F8167-5331-BA19-698E-64816B6801A5}
FW: ESET personal firewall *Disabled* {F3340042-195E-BB41-42D1-CDB495BB46DE}
SP: ESET Smart Security 4.0 *Disabled/Updated* {706E6083-750B-B597-533E-5FF310EF4B18}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\users\Krombi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk"
.
.
((((((((((((((((((((((((( Files Created from 2011-11-14 to 2011-12-14 )))))))))))))))))))))))))))))))
.
.
2011-12-14 13:01 . 2011-12-14 13:01 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-12-13 12:08 . 2011-12-13 12:19 -------- d-----w- c:\program files\trend micro
2011-12-13 12:08 . 2011-12-13 12:08 -------- d-----w- C:\rsit
2011-12-12 21:54 . 2011-12-12 21:54 -------- d-----w- c:\programdata\I.CA SecureStore
2011-12-12 21:54 . 2011-12-12 21:54 -------- d-----w- c:\program files\I.CA SecureStore
2011-12-12 21:53 . 2011-12-12 21:53 -------- d-----w- c:\program files\Gemalto
2011-12-12 21:37 . 2011-12-12 21:37 -------- d-----w- c:\users\Krombi\.ica
2011-12-12 20:28 . 2011-12-12 20:28 -------- d-----w- c:\users\Krombi\AppData\Local\Deployment
2011-11-23 19:17 . 2011-11-23 19:17 -------- d-----w- c:\users\Krombi\AppData\Local\CrossLoop
2011-11-22 19:04 . 2011-11-22 19:04 -------- d-----w- c:\program files\NinjaTrader 7
2011-11-16 12:39 . 2011-11-23 19:26 -------- d-----w- C:\BracketTrader
2011-11-16 12:23 . 2000-12-06 00:00 209608 ----a-w- c:\windows\system32\TABCTL32.OCX
2011-11-16 12:23 . 2000-07-08 16:19 204800 ----a-w- c:\windows\system32\MBClrPkr.ocx
2011-11-16 12:23 . 2011-11-16 19:43 -------- d-----w- c:\program files\TSimPlus
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-25 08:24 . 2011-10-25 08:24 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-24 13:29 . 2011-10-24 13:29 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-10-24 13:29 . 2011-10-24 13:29 69632 ----a-w- c:\windows\system32\QuickTime.qts
2011-10-03 04:06 . 2011-03-08 22:42 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-09-29 16:03 . 2011-11-09 17:40 1290608 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-09-29 03:37 . 2011-11-09 17:39 2341888 ----a-w- c:\windows\system32\win32k.sys
2011-11-05 13:29 . 2011-03-22 18:08 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Krombi\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Krombi\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Krombi\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Krombi\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GoToMeeting"="c:\program files\Citrix\GoToMeeting\457\g2mstart.exe" [2010-06-03 39816]
"chromium"="c:\users\Krombi\AppData\Local\Google\Chrome\Application\chrome.exe" [2011-11-15 1036344]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-12-07 1282048]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-10-06 824616]
"AwaySch"="c:\program files\Lenovo\AwayTask\AwaySch.EXE" [2006-11-07 91688]
"CameraApplicationLauncher"="c:\program files\Lenovo\Camera Center\bin\CameraApplicationLaunchpadLauncher.exe" [2007-08-23 16384]
"cssauth"="c:\program files\Lenovo\Client Security Solution\cssauth.exe" [2007-08-09 2630968]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-08-07 186904]
"IaNvSrv"="c:\program files\Intel\Intel Matrix Storage Manager\OROM\IaNvSrv\IaNvSrv.exe" [2009-08-20 33304]
"LENOVO.TPFNF6R"="c:\program files\Lenovo\HOTKEY\TPFNF6R.exe" [2009-08-20 62752]
"Message Center Plus"="c:\program files\LENOVO\Message Center Plus\MCPLaunch.exe" [2009-05-27 49976]
"PSQLLauncher"="c:\program files\ThinkVantage Fingerprint Software\launcher.exe" [2008-11-20 49928]
"TPHOTKEY"="c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe" [2009-03-13 68976]
"TPKMAPHELPER"="c:\program files\ThinkPad\Utilities\TpKmapAp.exe" [2007-02-26 992816]
"TpShocks"="TpShocks.exe" [2009-07-08 337184]
"TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2008-03-04 487424]
"WD Drive Manager"="c:\program files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe" [2008-05-16 430080]
"BLOG"="c:\progra~1\ThinkPad\UTILIT~1\BTVLogEx.DLL" [2009-09-09 214576]
"EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2008-10-08 256576]
"PWMTRV"="c:\progra~1\ThinkPad\UTILIT~1\PWMTR32V.DLL" [2009-09-09 714016]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2009-11-16 2054360]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-08-06 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-08-06 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-08-06 150552]
"WinSSHD Activation State Checker"="c:\program files\Bitvise WinSSHD\WinsshdActStateCheck.exe" [2011-02-15 247040]
"SAOB Monitor"="c:\program files\Acronis\OnlineBackupStandalone\TrueImageMonitor.exe" [2010-03-02 2535312]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2010-03-02 361632]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2010-02-09 618496]
"4623FW Scan2PC"="c:\windows\twain_32\Samsung\SCX4623W\Scan2Pc.exe" [2010-02-11 1982464]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
.
c:\users\Krombi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-17 113664]
Check for TWS Updates.lnk - c:\jts\WiseUpdt.exe [2008-4-9 194775]
Dropbox.lnk - c:\users\Krombi\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-5-25 24176560]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\ThinkPad\Bluetooth Software\BTTray.exe [2008-3-17 752168]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2009-6-8 50688]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"DisableCAD"= 1 (0x1)
"SynchronousMachineGroupPolicy"= 0 (0x0)
"SynchronousUserGroupPolicy"= 0 (0x0)
"SoftwareSASGeneration"= 3 (0x3)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2006-12-20 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-04-19 19:41 294912 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2008-11-20 22:35 95496 ----a-w- c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Krombi^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Check for TWS Updates.lnk]
path=c:\users\Krombi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Check for TWS Updates.lnk
backup=c:\windows\pss\Check for TWS Updates.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ACTray]
2009-07-29 13:09 435488 ----a-w- c:\program files\ThinkPad\ConnectUtilities\ACTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ACWlIcon]
2009-07-29 13:09 177440 ----a-w- c:\program files\ThinkPad\ConnectUtilities\ACWLIcon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AMSG]
2009-04-29 15:56 424512 ----a-w- c:\progra~1\THINKV~1\AMSG\Amsg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LPMailChecker]
2009-01-29 01:10 124248 ----a-w- c:\progra~1\THINKV~1\PrdCtr\LPMLCHK.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LPManager]
2009-01-29 01:10 185688 ----a-w- c:\progra~1\THINKV~1\PrdCtr\LPMGR.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPFNF7]
2009-04-16 02:04 61728 ----a-w- c:\progra~1\Lenovo\NPDIRECT\tpfnf7sp.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [2009-07-03 45424]
R2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\Lenovo\Rescue and Recovery\rrpservice.exe [2007-07-10 569344]
R3 adusbser;AnyDATA USB Device for Legacy Serial Communication;c:\windows\system32\DRIVERS\adusbser.sys [2007-11-14 100992]
R3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\System32\DRIVERS\ASPI32.sys [2002-07-17 84832]
R3 GemCCID;GemCCID;c:\windows\system32\Drivers\GemCCID.sys [2009-08-10 89600]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2006-02-16 4096]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 tvnserver;TightVNC Server;c:\users\Krombi\AppData\Local\CrossLoop\tvnserver.exe [2010-07-21 814080]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-25 1343400]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 17920]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2010-04-03 44896]
R4 RsFx0150;RsFx0150 Driver;c:\windows\system32\DRIVERS\RsFx0150.sys [2010-04-03 240608]
S0 iaNvStor;Intel(R) Turbo Memory Controller;c:\windows\system32\DRIVERS\iaNvStor.sys [2009-02-02 229400]
S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM86.sys [2009-06-29 20520]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2009-11-16 108792]
S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiif32.sys [2008-05-12 13480]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2008-02-29 8944]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2008-02-29 51440]
S2 CrossLoopService;CrossLoop Service;c:\users\Krombi\AppData\Local\CrossLoop\CrossLoopService.exe [2011-09-07 569072]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2009-11-16 735960]
S2 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [2009-12-18 38240]
S2 Power Manager DBC Service;Power Manager DBC Service;c:\program files\ThinkPad\Utilities\PWMDBSVC.EXE [2009-09-09 75040]
S2 Samsung Network Fax Server;Samsung Network Fax Server;c:\windows\system32\spool\drivers\w32x86\3\NetFaxServer.exe [2009-12-02 165888]
S2 smihlp2;SMI Helper Driver (smihlp2);c:\program files\Common Files\ThinkVantage Fingerprint Software\Drivers\smihlp.sys [2008-11-20 12560]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [2009-10-27 5120]
S2 TPHKSVC;On Screen Display;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [2009-07-15 62320]
S2 WDBtnMgrSvc.exe;WD Drive Manager Service;c:\program files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe [2008-05-16 102400]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2008-01-29 29736]
S3 LenovoRd;LenovoRd;c:\windows\system32\Drivers\LenovoRd.sys [2007-06-08 81280]
S3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
HPService REG_MULTI_SZ HPSLPSVC
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: &Translate - c:\program files\Arsenal Company\SOCRAT Internet\HTML\WSocrat.js
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie.htm
IE: {{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - c:\program files\ICQ7.4\ICQ.exe
IE: {{17FA5CD6-5737-45c2-B194-74C8A4A7F7E7} - {7E1F0737-53A5-4EDC-8734-DD94B50AAF83} - c:\program files\Arsenal Company\SOCRAT Internet\SocratInternet.dll
IE: {{DFDC8970-FD66-4385-B8C0-835A4AA1DA00} - {A3400175-12F9-4220-83BF-A7210CA4003E} - c:\program files\Arsenal Company\SOCRAT Internet\SocratInternet.dll
TCP: DhcpNameServer = 192.168.2.10 192.168.2.11 212.24.128.8
FF - ProfilePath - c:\users\Krombi\AppData\Roaming\Mozilla\Firefox\Profiles\5x3q1a5q.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://www.igoogle.com/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.3.3&q=
.
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(616)
c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll
c:\program files\ThinkVantage Fingerprint Software\homefus2.dll
c:\program files\ThinkVantage Fingerprint Software\infql2.dll
.
- - - - - - - > 'Explorer.exe'(692)
c:\users\Krombi\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
c:\windows\system32\btmmhook.dll
c:\progra~1\ThinkPad\UTILIT~1\PWMTR32V.DLL
c:\progra~1\ThinkPad\UTILIT~1\US\PWMRT32V.DLL
c:\progra~1\ThinkPad\UTILIT~1\PWMIF32V.DLL
c:\windows\system32\btncopy.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_cze.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\program files\Lenovo\Drag-to-Disc\Shellex.dll
c:\windows\system32\DLAAPI_W.DLL
c:\program files\Lenovo\Drag-to-Disc\ShellRes.dll
c:\windows\system32\BtwNamespaceExt.dll
c:\windows\system32\BtwNeLib.dll
c:\windows\system32\btwapi.dll
c:\windows\system32\btosif.dll
c:\windows\system32\btwpimif.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ibmpmsvc.exe
c:\windows\system32\IPSSVC.EXE
c:\program files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
c:\program files\Common Files\Acronis\Schedule2\schedul2.exe
c:\program files\ThinkVantage Fingerprint Software\upeksvr.exe
c:\windows\system32\AEADISRV.EXE
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\SYSTEM32\astsrv.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\ThinkPad\Bluetooth Software\bin\btwdins.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\program files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\sqlservr.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\Lenovo\Client Security Solution\tvttcsd.exe
c:\program files\Bitvise WinSSHD\WinSSHD.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\ThinkPad\ConnectUtilities\AcSvc.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files\lenovo\system update\suservice.exe
c:\program files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\taskhost.exe
c:\program files\Bitvise WinSSHD\sshdctrl.exe
c:\windows\system32\conhost.exe
c:\windows\System32\TpShocks.exe
c:\program files\ThinkPad\Utilities\EZEJMNAP.EXE
c:\program files\Lenovo\HOTKEY\TPONSCR.exe
c:\windows\System32\rundll32.exe
c:\program files\Lenovo\Zoom\TpScrex.exe
c:\program files\Synaptics\SynTP\SynTPLpr.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\ThinkPad\Bluetooth Software\BtStackServer.exe
c:\program files\Citrix\GoToMeeting\457\g2mcomm.exe
c:\program files\Citrix\GoToMeeting\457\g2mlauncher.exe
.
**************************************************************************
.
Completion time: 2011-12-14 14:58:33 - machine was rebooted
ComboFix-quarantined-files.txt 2011-12-14 13:58
ComboFix2.txt 2011-12-14 11:15
ComboFix3.txt 2011-12-14 10:02
ComboFix4.txt 2011-12-13 14:36
.
Pre-Run: 2 436 718 592 bytes free
Post-Run: 3 003 961 344 bytes free
.
- - End Of File - - A8D294167DA8D97CBD1AE49BCEA621DA

#15 Příspěvek od **vyosek** » 14 pro 2011 15:17

Jak se chova PC

VIRY.CZ

WIN32/Agent.SDG.Gen trojský kůň

WIN32/Agent.SDG.Gen trojský kůň

Re: WIN32/Agent.SDG.Gen trojský kůň

Re: WIN32/Agent.SDG.Gen trojský kůň

Re: WIN32/Agent.SDG.Gen trojský kůň

Re: WIN32/Agent.SDG.Gen trojský kůň

Re: WIN32/Agent.SDG.Gen trojský kůň

Re: WIN32/Agent.SDG.Gen trojský kůň

Re: WIN32/Agent.SDG.Gen trojský kůň

Re: WIN32/Agent.SDG.Gen trojský kůň

Re: WIN32/Agent.SDG.Gen trojský kůň

Re: WIN32/Agent.SDG.Gen trojský kůň

Re: WIN32/Agent.SDG.Gen trojský kůň

Re: WIN32/Agent.SDG.Gen trojský kůň

Re: WIN32/Agent.SDG.Gen trojský kůň

Re: WIN32/Agent.SDG.Gen trojský kůň