Havěť položila Antivir

Zpráva

tons · #1 Příspěvek od **tons** » 18 zář 2012 20:16

Žádam někoho o pomoc.
Nejspíš mam v PC vir, nemám vůbec ponětí jakej, protože antivir nejde spustit, nedá se ani spustit Správce úloh - vyskočí okénko "Správce tohoto sytému zakázal Správce úloh". Windows ani nespustim v nouzovym režimu...

Ještě jedna věc, který sem si všimnul a sice při procházení složek ve win exploreru každá obsahuje "sama sebe" akorát s jinou ikonkou. Nechápu to

: screen.jpg (85.73 KiB) Zobrazeno 1620 x

Děkuji za každou pomoc

tons · #2 Příspěvek od **tons** » 18 zář 2012 20:17

Logfile of random's system information tool 1.09 (written by random/random)
Run by tkv at 2012-09-18 20:58:09
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 2 GB (5%) free of 40 GB
Total RAM: 3070 MB (67% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:58:21, on 18.9.2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\tkv\Data aplikací\Dropbox\bin\Dropbox.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\WINDOWS\system32\FsUsbExService.Exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
H:\1_grafika\_gfx\_gfx.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\WinRAR\Rar.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\tkv\Plocha\RSIT.exe
C:\Program Files\trend micro\tkv.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://h1.ripway.com/poojasharma/index.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://h1.ripway.com/poojasharma/index.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://h1.ripway.com/poojasharma/index.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://h1.ripway.com/poojasharma/index.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://h1.ripway.com/poojasharma/index.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
F2 - REG:system.ini: Shell=Explorer.exe chrome.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [GBB36X Configure] C:\WINDOWS\system32\JMRaidTool.exe boot
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\tkv\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Yahoo Messengger] C:\WINDOWS\system32\chrome.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-2025429265-1757981266-839522115-1009\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'UpdatusUser')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-18 Startup: Dropbox.lnk = ? (User 'SYSTEM')
O4 - .DEFAULT Startup: Dropbox.lnk = ? (User 'Default user')
O4 - Startup: Dropbox.lnk = ?
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: FsUsbExService - Teruten - C:\WINDOWS\system32\FsUsbExService.Exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NVIDIA Driver Helper Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S. R. L. - C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe

--
End of file - 9543 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Adobe Flash Player Updater.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2025429265-1757981266-839522115-1004Core.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2025429265-1757981266-839522115-1004UA.job

=========Mozilla firefox=========

ProfilePath - C:\Documents and Settings\tkv\Data aplikací\Mozilla\Firefox\Profiles\84f2r86r.default

prefs.js - "browser.search.useDBForOrder" - true
prefs.js - "browser.startup.homepage" - "seznam.cz"
prefs.js - "extensions.enabledItems" - "{6614d11d-d21d-b211-ae23-815234e1ebb5}:1.0.23, {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}:6.0.17, jqs@sun.com:1.0, {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20, bkmrksync@nokia.com:1.0.0.736, {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23, foxmarks@kei.com:3.9.8, {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.16"

"{20a82645-c095-46ed-80e3-08825760534b}"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.4.402.265 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/ShockwavePlayer]
"Description"=Adobe Shockwave Player
"Path"=C:\WINDOWS\system32\Adobe\Director\np32dsw_1166636.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=10.7.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Acrobat]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}

C:\Program Files\Mozilla Firefox\components\
binary.manifest
browsercomps.dll
nsILegitCheckPlugin.xpt

C:\Program Files\Mozilla Firefox\plugins\
np-mswmp.dll
npLegitCheckPlugin.dll
nppdf32.DEU
nppdf32.dll
nppdf32.FRA
WMP Firefox Plugin License.rtf
WMP Firefox Plugin RelNotes.txt

C:\Program Files\Mozilla Firefox\searchplugins\
google.xml
heureka-cz.xml
jyxo-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml

C:\Documents and Settings\tkv\Data aplikací\Mozilla\Firefox\Profiles\84f2r86r.default\extensions\
battlefieldheroespatcher@ea.com
battlefieldplay4free@ea.com
foxmarks@kei.com

C:\Documents and Settings\tkv\Data aplikací\Mozilla\Firefox\Profiles\84f2r86r.default\searchplugins\
askcom.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-07-27 63944]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre7\bin\ssv.dll [2012-09-01 449512]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18 403840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
Adobe PDF Conversion Toolbar Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2012-07-30 349680]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2012-09-01 157672]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F4971EE7-DAA0-4053-9964-665D8EE6A077}]
SmartSelect Class - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2012-07-30 349680]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2012-07-30 349680]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"GBB36X Configure"=C:\WINDOWS\system32\JMRaidTool.exe [2006-06-02 385024]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2011-12-05 20065384]
"ISUSPM Startup"=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe [2004-06-16 221184]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-07-11 919008]
"LogitechCommunicationsManager"=C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe [2007-10-25 563984]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2012-02-29 15494464]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2012-07-03 252848]
"BDAgent"=C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe [2012-09-08 1032192]
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]
"Google Update"=C:\Documents and Settings\tkv\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe [2012-04-20 116648]
"Yahoo Messengger"=C:\WINDOWS\system32\chrome.exe [2008-12-30 522240]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EvtMgr6]
C:\Program Files\Logitech\SetPointP\SetPoint.exe [2011-10-07 1387288]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
C:\Documents and Settings\tkv\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe [2012-04-20 116648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesTrayAgent]
C:\Program Files\Samsung\Kies\KiesTrayAgent.exe [2011-12-28 3508624]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
C:\Program Files\Logitech\QuickCam\Quickcam.exe [2007-10-25 2178832]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
C:\WINDOWS\system32\NvCpl.dll [2012-02-29 15494464]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
NvMCTray.dll,NvTaskbarInit -login []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
C:\Program Files\NVIDIA Corporation\nview\nwiz.exe [2012-03-01 1634112]

C:\Documents and Settings\tkv\Nabídka Start\Programy\Po spuštění
Dropbox.lnk - C:\Documents and Settings\tkv\Data aplikací\Dropbox\bin\Dropbox.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL [2011-05-04 551296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LBTWlgn]
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll [2011-09-27 66328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2011-07-19 113024]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=1
"DisableRegistryTools"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"DisableTaskMgr"=0
"DisableCMD"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoSetActiveDesktop"=0
"NoActiveDesktopChanges"=0
"NoFolderOptions"=1
"NoRun"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoSetActiveDesktop"=0
"NoActiveDesktopChanges"=0
"NoFolderOptions"=0
"NoRun"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Java\jre6\launch4j-tmp\frd.exe"="C:\Program Files\Java\jre6\launch4j-tmp\frd.exe:*:Enabled:Java(TM) Platform SE binary"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\totalcmd\TOTALCMD.EXE"="C:\totalcmd\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit international version, file manager replacement for Windows"
"C:\Program Files\TrackMania Nations ESWC\TmNationsESWC.exe"="C:\Program Files\TrackMania Nations ESWC\TmNationsESWC.exe:*:Enabled:TmNationsESWC"
"C:\Program Files\TmNationsForever\TmForever.exe"="C:\Program Files\TmNationsForever\TmForever.exe:*:Enabled:TmForever"
"C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe"="C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:*:Enabled:Adobe CSI CS4"
"C:\Program Files\Diablo II\Game_crk.exe"="C:\Program Files\Diablo II\Game_crk.exe:*:Enabled:Diablo II"
"C:\Program Files\DsNET Corp\aTube Catcher 2.0\yct.exe"="C:\Program Files\DsNET Corp\aTube Catcher 2.0\yct.exe:*:Enabled:aTube Catcher to download and convert videos."
"C:\WINDOWS\system32\muzapp.exe"="C:\WINDOWS\system32\muzapp.exe:*:Enabled:MUZ AOD APP player"
"C:\Documents and Settings\tkv\Data aplikací\Dropbox\bin\Dropbox.exe"="C:\Documents and Settings\tkv\Data aplikací\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\PANDORA.TV\PanService\PandoraService.exe"="C:\Program Files\PANDORA.TV\PanService\PandoraService.exe:*:Enabled:PandoraService"
"C:\Program Files\Java\jre7\bin\javaw.exe"="C:\Program Files\Java\jre7\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"I:\Half-Life 2 Hra\hl2.exe"="I:\Half-Life 2 Hra\hl2.exe:*:Enabled:hl2"
"C:\Program Files\Microsoft Games\Age of Empires II\Empires2.exe"="C:\Program Files\Microsoft Games\Age of Empires II\Empires2.exe:*:Enabled:Age of Empires II"
"C:\Program Files\Microsoft Games\Age of Empires II\Age2_x1\Age2_x1.exe"="C:\Program Files\Microsoft Games\Age of Empires II\Age2_x1\Age2_x1.exe:*:Enabled:Age of Empires II Expansion"
"C:\Documents and Settings\tkv\Plocha\Age-Of-Empires-2-&-The-Conquerors-Expansion---Full-Game\Age Of Empires 2 & The Conquerors Expansion - Full Game\MYTH-Age2_x1.exe"="C:\Documents and Settings\tkv\Plocha\Age-Of-Empires-2-&-The-Conquerors-Expansion---Full-Game\Age Of Empires 2 & The Conquerors Expansion - Full Game\MYTH-Age2_x1.exe:*:Enabled:Age of Empires II Expansion"
"C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe"="C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe:*:Enabled:Daemonu.exe"
"C:\Program Files\Java\jre6\bin\java.exe"="C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Program Files\Java\jre6\bin\javaw.exe"="C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\Program Files\EA Games\Battlefield Play4Free\BFP4f.exe"="C:\Program Files\EA Games\Battlefield Play4Free\BFP4f.exe:*:Enabled:BFP4f"
"C:\Documents and Settings\tkv\Plocha\EA Games\Command & Conquer The First Decade\Command & Conquer(tm) Tiberian Sun(tm)\SUN\Game.exe"="C:\Documents and Settings\tkv\Plocha\EA Games\Command & Conquer The First Decade\Command & Conquer(tm) Tiberian Sun(tm)\SUN\Game.exe:*:Enabled:Main executable for Tiberian Sun"
"C:\Documents and Settings\tkv\Local Settings\Data aplikací\Microsoft\Age of Empires Online\Spartan.exe"="C:\Documents and Settings\tkv\Local Settings\Data aplikací\Microsoft\Age of Empires Online\Spartan.exe:*:Disabled:Age of Empires Online"
"C:\WINDOWS\system32\dplaysvr.exe"="C:\WINDOWS\system32\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper"
"C:\Documents and Settings\tkv\Plocha\bulanci.exe"="C:\Documents and Settings\tkv\Plocha\bulanci.exe:*:Enabled:bulanci"
"H:\gamesy\Age-Of-Empires-2-&-The-Conquerors-Expansion---Full-Game\Age Of Empires 2 & The Conquerors Expansion - Full Game\age2_x1.exe"="H:\gamesy\Age-Of-Empires-2-&-The-Conquerors-Expansion---Full-Game\Age Of Empires 2 & The Conquerors Expansion - Full Game\age2_x1.exe:*:Enabled:Age of Empires II Expansion"
"H:\gamesy\Age-Of-Empires-2-&-The-Conquerors-Expansion---Full-Game\Age Of Empires 2 & The Conquerors Expansion - Full Game\MYTH-Age2_x1.exe"="H:\gamesy\Age-Of-Empires-2-&-The-Conquerors-Expansion---Full-Game\Age Of Empires 2 & The Conquerors Expansion - Full Game\MYTH-Age2_x1.exe:*:Enabled:Age of Empires II Expansion"
"H:\gamesy\Age Of Empires 2 & The Conquerors Expansion - Full Game\MYTH-Age2_x1.exe"="H:\gamesy\Age Of Empires 2 & The Conquerors Expansion - Full Game\MYTH-Age2_x1.exe:*:Enabled:Age of Empires II Expansion"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\Smart Remote PC Agent\RCAgent.exe"="C:\Program Files\Smart Remote PC Agent\RCAgent.exe:*:Enabled:Smart Remote PC Agent"
"C:\Program Files\Unified Remote\RemoteServer.exe"="C:\Program Files\Unified Remote\RemoteServer.exe:*:Enabled:Unified Remote Server"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"VIDC.I420"=lvcodec2.dll
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"VIDC.IYUV"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVU9"=tsbyuv.dll
"VIDC.YVYU"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"VIDC.FMVC"=fmcodec.dll
"vidc.GEOS"=C:\WINDOWS\system32\v8300\GEO-MPEG4\2008.11.21.11.52\GeoCodecD.dll
"vidc.GEOV"=C:\WINDOWS\system32\v8300\GEO-MPEG4\2008.11.21.11.52\GeoCodec.dll
"vidc.GEOX"=C:\WINDOWS\system32\v8300\GEO-MPEG4\2008.11.21.11.52\GeoCodec.dll
"vidc.GM40"=C:\WINDOWS\system32\v8300\GEO-MPEG4-ASP\2009.1.6.13.43\GXAMP4.dll
"vidc.GMP4"=C:\WINDOWS\system32\v8300\GEO-MPEG4-ASP\2009.1.6.13.43\GXAMP4.dll
"vidc.GM4H"=C:\WINDOWS\system32\v8300\GEO-MPEG4-ASP\2009.1.6.13.43\GXAMP4D.dll
"vidc.GM4S"=C:\WINDOWS\system32\v8300\GEO-MPEG4-ASP\2009.1.6.13.43\GXAMP4D.dll
"vidc.G264"=C:\WINDOWS\system32\v8300\GEO-H264\2008.11.17.11.45\GX264.dll
"vidc.G26S"=C:\WINDOWS\system32\v8300\GEO-H264\2008.11.17.11.45\GX264D.dll
"vidc.GM20"=C:\WINDOWS\system32\v8300\GEO-MPEG2\2008.12.16.16.38\GXGM20.dll
"vidc.GJPG"=C:\WINDOWS\system32\v8300\GEO-JPEG\2009.1.5.20.39\GXJPG.dll
"vidc.GAVC"=C:\WINDOWS\system32\v8300\GEO-H264-V2\2009.1.6.11.55\GXAVC.dll
"vidc.GAVS"=C:\WINDOWS\system32\v8300\GEO-H264-V2\2009.1.6.11.55\GXAVCD.dll
"msacm.geoadpcm"=C:\WINDOWS\system32\v8200\GEO-ADPCM\2007.8.13.17.32\GeoADPCM.acm
"MSVideo"=vfwwdm32.dll
"MSVideo8"=VfWWDM32.dll
"msacm.siren"=sirenacm.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv

======List of files/folders created in the last 1 month======

2012-09-18 20:58:09 ----D---- C:\rsit
2012-09-15 10:15:46 ----A---- C:\WINDOWS\system32\cryptcom.dll
2012-09-15 10:12:19 ----RASH---- C:\WINDOWS\system32\setting.ini
2012-09-15 10:12:16 ----RASH---- C:\WINDOWS\system32\autorun.ini
2012-09-15 10:12:13 ----RASH---- C:\WINDOWS\system32\chrome.exe
2012-09-15 10:12:13 ----A---- C:\WINDOWS\chrome.exe
2012-09-12 15:04:00 ----HDC---- C:\WINDOWS\$NtUninstallKB2736233$
2012-09-08 06:31:48 ----D---- C:\Documents and Settings\tkv\Data aplikací\Unified Remote
2012-09-08 06:31:35 ----D---- C:\Program Files\Unified Remote
2012-09-08 02:36:17 ----D---- C:\Documents and Settings\tkv\Data aplikací\BitDefender
2012-09-08 02:35:54 ----D---- C:\Program Files\BitDefender
2012-09-08 02:35:54 ----D---- C:\Documents and Settings\All Users\Data aplikací\BitDefender
2012-09-08 02:33:26 ----D---- C:\Program Files\Common Files\BitDefender
2012-09-07 04:25:47 ----D---- C:\Program Files\Mozilla Firefox
2012-09-06 07:33:28 ----A---- C:\WINDOWS\IFinst27.exe
2012-09-01 23:58:35 ----D---- C:\Program Files\Common Files\Java
2012-09-01 23:58:21 ----A---- C:\WINDOWS\system32\javaws.exe
2012-09-01 23:58:16 ----A---- C:\WINDOWS\system32\WindowsAccessBridge.dll
2012-09-01 23:58:16 ----A---- C:\WINDOWS\system32\javaw.exe
2012-09-01 23:58:16 ----A---- C:\WINDOWS\system32\java.exe

======List of files/folders modified in the last 1 month======

2012-09-18 20:58:21 ----D---- C:\Program Files\trend micro
2012-09-18 20:54:48 ----D---- C:\WINDOWS\system32
2012-09-18 20:53:28 ----D---- C:\WINDOWS\Prefetch
2012-09-18 20:48:15 ----D---- C:\Documents and Settings\tkv\Data aplikací\uTorrent
2012-09-18 20:48:04 ----D---- C:\WINDOWS\system32\LogFiles
2012-09-18 20:48:03 ----D---- C:\WINDOWS\Debug
2012-09-18 20:48:03 ----D---- C:\WINDOWS
2012-09-18 20:48:00 ----D---- C:\WINDOWS\Temp
2012-09-18 20:38:27 ----D---- C:\Program Files\CCleaner
2012-09-18 20:37:35 ----D---- C:\System Volume Information
2012-09-18 20:35:48 ----D---- C:\Documents and Settings\tkv\Data aplikací\Dropbox
2012-09-18 20:34:31 ----N---- C:\WINDOWS\SchedLgU.Txt
2012-09-18 18:05:08 ----D---- C:\WINDOWS\system32\CatRoot2
2012-09-18 18:02:27 ----D---- C:\WINDOWS\system32\Restore
2012-09-18 17:14:23 ----D---- C:\Documents and Settings\tkv\Data aplikací\Skype
2012-09-15 10:10:02 ----D---- C:\WINDOWS\system32\drivers\etc
2012-09-15 10:07:59 ----HD---- C:\WINDOWS\inf
2012-09-12 15:03:17 ----HD---- C:\WINDOWS\$hf_mig$
2012-09-12 15:00:27 ----A---- C:\WINDOWS\system32\MRT.exe
2012-09-12 01:44:21 ----A---- C:\WINDOWS\NeroDigital.ini
2012-09-08 08:26:30 ----D---- C:\Program Files
2012-09-08 06:31:36 ----SHD---- C:\WINDOWS\Installer
2012-09-08 06:31:36 ----D---- C:\Config.Msi
2012-09-08 05:22:43 ----D---- C:\WINDOWS\system32\drivers
2012-09-08 02:33:26 ----D---- C:\Program Files\Common Files
2012-09-07 21:36:51 ----D---- C:\Program Files\Mozilla Maintenance Service
2012-09-01 23:58:04 ----A---- C:\WINDOWS\system32\deployJava1.dll
2012-09-01 23:55:23 ----A---- C:\WINDOWS\system32\FlashPlayerApp.exe
2012-09-01 23:55:12 ----D---- C:\Documents and Settings\All Users\Data aplikací\Adobe
2012-09-01 01:36:48 ----D---- C:\Temp

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 JGOGO;JMicron Hot-Plug Driver; C:\WINDOWS\system32\DRIVERS\JGOGO.sys [2006-02-07 6912]
R0 JRAID;JRAID; C:\WINDOWS\system32\DRIVERS\jraid.sys [2006-06-02 43264]
R0 ohci1394;Hostitelský řadič IEEE 1394 dle standardu OHCI Texas Instruments; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2008-04-13 61696]
R0 prohlp02;StarForce Protection Helper Driver v2; C:\WINDOWS\System32\drivers\prohlp02.sys [2004-04-08 70400]
R0 prosync1;StarForce Protection Synchronization Driver v1; C:\WINDOWS\System32\drivers\prosync1.sys [2003-09-06 6944]
R0 sfdrv01;StarForce Protection Environment Driver (version 1.x); C:\WINDOWS\System32\drivers\sfdrv01.sys [2005-08-10 50688]
R0 sfhlp01;StarForce Protection Helper Driver; C:\WINDOWS\System32\drivers\sfhlp01.sys [2003-12-01 4832]
R0 sfhlp02;StarForce Protection Helper Driver (version 2.x); C:\WINDOWS\System32\drivers\sfhlp02.sys [2005-05-16 6656]
R0 sfvfs02;StarForce Protection VFS Driver (version 2.x); C:\WINDOWS\System32\drivers\sfvfs02.sys [2005-11-03 63488]
R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2012-05-02 477240]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2009-07-13 91904]
R1 asuskbnt;Enhanced Display Driver Helper Service; C:\WINDOWS\system32\drivers\atkkbnt.sys [2005-10-18 11008]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 prodrv06;StarForce Protection Environment Driver v6; C:\WINDOWS\System32\drivers\prodrv06.sys [2004-04-08 54272]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS []
R2 cpuz135;cpuz135; \??\C:\WINDOWS\system32\drivers\cpuz135_x32.sys []
R2 EIO;EIO; \??\C:\WINDOWS\system32\drivers\EIO.sys []
R2 LBeepKE;Logitech Beep Suppression Driver; C:\WINDOWS\System32\Drivers\LBeepKE.sys [2011-09-02 12184]
R2 PMEM;PMEM; \??\C:\WINDOWS\system32\drivers\PMEMNT.SYS []
R2 ZDCNDIS5;ZDCNDIS5 NDIS5.1 Protocol Driver; \??\C:\WINDOWS\system32\ZDCNDIS5.sys []
R3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 FsUsbExDisk;FsUsbExDisk; \??\C:\WINDOWS\system32\FsUsbExDisk.SYS []
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2011-12-13 7069288]
R3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys [2011-09-02 41240]
R3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys [2011-09-02 39192]
R3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\drivers\LVUSBSta.sys [2007-10-12 41752]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2012-03-01 13417632]
R3 PID_0928;Logitech QuickCam Express(PID_0928); C:\WINDOWS\system32\DRIVERS\LV561AV.SYS [2007-10-12 490776]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2009-07-14 444136]
R3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:\WINDOWS\system32\DRIVERS\yk51x86.sys [2006-03-15 244608]
S2 adfs;adfs; C:\WINDOWS\system32\drivers\adfs.sys []
S3 Ambfilt;Ambfilt; C:\WINDOWS\system32\drivers\Ambfilt.sys [2009-11-18 1691480]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver; C:\WINDOWS\System32\Drivers\ssadadb.sys [2011-12-08 30312]
S3 bdfdll;bdfdll; \??\C:\Program Files\Softwin\BitDefender10\bdfdll.sys []
S3 bdfm;BDFM; C:\WINDOWS\system32\drivers\bdfm.sys [2012-09-08 146312]
S3 BDFsDrv;BDFsDrv; \??\C:\Program Files\Softwin\BitDefender10\bdfsdrv.sys []
S3 bdfsfltr;bdfsfltr; C:\WINDOWS\system32\drivers\bdfsfltr.sys [2009-04-06 266376]
S3 BDRsDrv;BDRsDrv; \??\C:\Program Files\Softwin\BitDefender10\bdrsdrv.sys []
S3 BDSelfPr;BDSelfPr; \??\C:\Program Files\BitDefender\BitDefender 2009\bdselfpr.sys []
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.); C:\WINDOWS\system32\DRIVERS\ssudbus.sys [2011-12-08 80184]
S3 dgderdrv;dgderdrv; C:\WINDOWS\System32\drivers\dgderdrv.sys [2011-12-23 20032]
S3 ENTECH;ENTECH; \??\C:\WINDOWS\system32\DRIVERS\ENTECH.sys []
S3 LVcKap;Logitech AEC Driver; C:\WINDOWS\system32\DRIVERS\LVcKap.sys [2007-10-19 2109976]
S3 LVMVDrv;Logitech Machine Vision Engine Loader; C:\WINDOWS\system32\DRIVERS\LVMVDrv.sys [2007-10-11 2142488]
S3 Monfilt;Monfilt; C:\WINDOWS\system32\drivers\Monfilt.sys [2009-11-18 1395800]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 nmwcd;Nokia USB Phone Parent Driver; C:\WINDOWS\system32\drivers\ccdcmb.sys [2011-08-17 18176]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 Profos;Profos; \??\C:\Program Files\Softwin\BitDefender10\profos.sys []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM); C:\WINDOWS\system32\DRIVERS\ssadbus.sys [2011-12-08 121064]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter); C:\WINDOWS\system32\DRIVERS\ssadmdfl.sys [2011-12-08 12776]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers; C:\WINDOWS\system32\DRIVERS\ssadmdm.sys [2011-12-08 136808]
S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM); C:\WINDOWS\system32\DRIVERS\ssadserd.sys [2011-12-08 114280]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.); C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [2011-12-08 181432]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 Trufos;Trufos; \??\C:\Program Files\Softwin\BitDefender10\trufos.sys []
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 usbstor;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WinUSB;Sony sa0102 ADB Interface; C:\WINDOWS\system32\DRIVERS\WinUSB.sys [2009-07-13 34944]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2009-07-13 132224]
S3 zgwhsmdm;ZTE WCDMA Handset USB Modem; C:\WINDOWS\system32\DRIVERS\zgwhsmdm.sys []
S3 ZY271N_XP;ZyXEL 802.11n NWD271N Driver; C:\WINDOWS\system32\DRIVERS\WLANUHN.sys [2008-06-10 420352]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 !SASCORE;SAS Core Service; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [2011-08-12 116608]
R2 ATKKeyboardService;ATK Keyboard Service; C:\WINDOWS\ATKKBService.exe [2005-10-18 241152]
R2 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2010-01-26 655624]
R2 FsUsbExService;FsUsbExService; C:\WINDOWS\system32\FsUsbExService.Exe [2010-07-04 238952]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre7\bin\jqs.exe [2012-09-01 161768]
R2 LVCOMSer;LVCOMSer; C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe [2007-10-19 186904]
R2 nvsvc;NVIDIA Driver Helper Service; C:\WINDOWS\system32\nvsvc32.exe [2012-02-29 164160]
R2 nvUpdatusService;NVIDIA Update Service Daemon; C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-03-01 2348352]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2012-07-09 76888]
R2 TomTomHOMEService;TomTomHOMEService; C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe [2012-01-23 92592]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-08-18 1529728]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 LIVESRV;BitDefender Desktop Update Service; C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe [2012-09-08 419096]
S2 LVPrcSrv;Process Monitor; C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2007-10-19 141848]
S2 LVSrvLauncher;LVSrvLauncher; C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe [2007-10-19 141848]
S2 SkypeUpdate;Skype Updater; C:\Program Files\Skype\Updater\Updater.exe [2012-07-03 160944]
S2 VSSERV;BitDefender Virus Shield; C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe [2009-04-06 1875968]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-01 250568]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2010-03-18 35160]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 idsvc;Služba Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 LBTServ;Logitech Bluetooth Service; C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe [2011-09-27 295192]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2012-09-07 114144]
S3 scan;BitDefender Threat Scanner; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S3 WinRM;Windows Remote Management (WS-Management); C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S4 NetTcpPortSharing;Služba sdílení portů Net.Tcp; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

#3 Příspěvek od **vyosek** » 18 zář 2012 21:33

Zdravim

Stahnete RogueKiller http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe

Ukoncete vsechny programy
Pokud pouzivate Win Vista ci W7, kliknete na RogueKiller pravym a dejte Run As Administrator ci Spustit jako spravce
Pockejte na dokonceni PreScanu
Zvolte moznost Prohledat (scan)
Po dokonceni skenu kliknete na Zpráva (Report)- otevre se log, ten sem vlozte
Detailni postup vc. obrazku mate zde http://forum.viry.cz/viewtopic.php?f=24&t=120452

tons · #4 Příspěvek od **tons** » 18 zář 2012 21:57

Taky zdravim, log zde:

RogueKiller V8.0.3 [09/13/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Podpora: http://www.geekstogo.com/forum/files/fi ... guekiller/
Operační systém: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Spuštěno v : Normální režim
Uživatel : tkv [Práva správce]
Mód : Kontrola -- Datum : 09/18/2012 22:55:34

¤¤¤ Škodlivé procesy: : 0 ¤¤¤

¤¤¤ ¤¤¤ Záznamy Registrů: : 74 ¤¤¤
[IFEO] HKLM\[...]\360hotfix.exe : Debugger (ntsd -dЈðӊƘÇƘÇL) -> NALEZENO
[IFEO] HKLM\[...]\360rp.exe : Debugger (ntsd -d) -> NALEZENO
[IFEO] HKLM\[...]\360rpt.exe : Debugger (ntsd -d.exe) -> NALEZENO
[IFEO] HKLM\[...]\360safe.exe : Debugger (ntsd -d) -> NALEZENO
[IFEO] HKLM\[...]\360safebox.exe : Debugger (ntsd -d);) -> NALEZENO
[IFEO] HKLM\[...]\360sd.exe : Debugger (ntsd -d"0ЩƈÇ锠ȪƺЈ₸ȫer_pref("print.printer_hp_deskjet_920c.print_evenpages", true);) -> NALEZENO
[IFEO] HKLM\[...]\360se.exe : Debugger (ntsd -dr)лƐÇƐÇ) -> NALEZENO
[IFEO] HKLM\[...]\360SoftMgrSvc.exe : Debugger (ntsd -d) -> NALEZENO
[IFEO] HKLM\[...]\360speedld.exe : Debugger (ntsd -d) -> NALEZENO
[IFEO] HKLM\[...]\360tray.exe : Debugger (ntsd -d;) -> NALEZENO
[IFEO] HKLM\[...]\ast.exe : Debugger (ntsd -dZNщƸÇƸÇnt_scaling", " 1,00");) -> NALEZENO
[IFEO] HKLM\[...]\avcenter.exe : Debugger (ntsd -dslѩƠÇƠÇ " 1,00");) -> NALEZENO
[IFEO] HKLM\[...]\avgnt.exe : Debugger (ntsd -d 0аƈÇ‐ȫƊЈﲈÍFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360safebox.exe) -> NALEZENO
[IFEO] HKLM\[...]\avguard.exe : Debugger (ntsd -deƆЈSOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360sd.exe) -> NALEZENO
[IFEO] HKLM\[...]\avmailc.exe : Debugger (ntsd -d) -> NALEZENO
[IFEO] HKLM\[...]\avp.exe : Debugger (ntsd -d) -> NALEZENO
[IFEO] HKLM\[...]\avwebgrd.exe : Debugger (ntsd -d5");) -> NALEZENO
[IFEO] HKLM\[...]\bdagent.exe : Debugger (ntsd -d0) -> NALEZENO
[IFEO] HKLM\[...]\CCenter.exe : Debugger (ntsd -dvnѴƐÇƐÇxe) -> NALEZENO
[IFEO] HKLM\[...]\ccSvcHst.exe : Debugger (ntsd -d) -> NALEZENO
[IFEO] HKLM\[...]\egui.exe : Debugger (ntsd -d) -> NALEZENO
[IFEO] HKLM\[...]\ekrn.exe : Debugger (ntsd -d) -> NALEZENO
[IFEO] HKLM\[...]\kavstart.exe : Debugger (ntsd -deeѸƈÇƈÇǪЊntsd -dvǩЊntsd -d) -> NALEZENO
[IFEO] HKLM\[...]\kissvc.exe : Debugger (ntsd -dEiѣȘÇȘÇft\Windows NT\CurrentVersion\Image File Execution Options\bdagent.exe) -> NALEZENO
[IFEO] HKLM\[...]\kmailmon.exe : Debugger (ntsd -d) -> NALEZENO
[IFEO] HKLM\[...]\kpfw32.exe : Debugger (ntsd -d) -> NALEZENO
[IFEO] HKLM\[...]\kpfwsvc.exe : Debugger (ntsd -dviѬƐÇƐÇe) -> NALEZENO
[IFEO] HKLM\[...]\krnl360svc.exe : Debugger (ntsd -d) -> NALEZENO
[IFEO] HKLM\[...]\kswebshield.exe : Debugger (ntsd -d) -> NALEZENO
[IFEO] HKLM\[...]\KVMonXP.kxp : Debugger (ntsd -dpoѮƠÇƠÇ0tray.exe) -> NALEZENO
[IFEO] HKLM\[...]\KVSrvXP.exe : Debugger (ntsd -d) -> NALEZENO
[IFEO] HKLM\[...]\kwatch.exe : Debugger (ntsd -d) -> NALEZENO
[IFEO] HKLM\[...]\livesrv.exe : Debugger (ntsd -d) -> NALEZENO
[IFEO] HKLM\[...]\Mcagent.exe : Debugger (ntsd -da
ņǈÇǈÇExecution Options\kmailmon.exe) -> NALEZENO
[IFEO] HKLM\[...]\mcmscsvc.exe : Debugger (ntsd -dWdѯȀÇȀÇT\CurrentVersion\Image File Execution Options\ccSvcHst.exe) -> NALEZENO
[IFEO] HKLM\[...]\McNASvc.exe : Debugger (ntsd -d) -> NALEZENO
[IFEO] HKLM\[...]\Mcods.exe : Debugger (ntsd -dWdѯȈÇȈÇT\CurrentVersion\Image File Execution Options\ccSvcHst.exe) -> NALEZENO
[IFEO] HKLM\[...]\McProxy.exe : Debugger (ntsd -dnƔЈSOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcmscsvc.exe) -> NALEZENO
[IFEO] HKLM\[...]\McSACore.exe : Debugger (ntsd -do)\їˀÇˀÇws NT\CurrentVersion\Image File Execution Options\kpfwsvc.exe) -> NALEZENO
[IFEO] HKLM\[...]\Mcshield.exe : Debugger (ntsd -dveѸƈÇ뵀ȪŇЊntsd -d) -> NALEZENO
[IFEO] HKLM\[...]\mcsysmon.exe : Debugger (ntsd -dEúiѣ䌈ȫŸÇft\Windows NT\CurrentVersion\Image File Execution Options\360se.exe) -> NALEZENO
[IFEO] HKLM\[...]\mcvsshld.exe : Debugger (ntsd -daO цϰÇϰÇExecution Options\avgnt.exe) -> NALEZENO
[IFEO] HKLM\[...]\MpfSrv.exe : Debugger (ntsd -dN=Cѵ͠Ç͠ÇtVersion\Image File Execution Options\avgnt.exe) -> NALEZENO
[IFEO] HKLM\[...]\MPMon.exe : Debugger (ntsd -dЈeѲǨÇǨÇf("extensions.xmarks.lastError", -2142568418);) -> NALEZENO
[IFEO] HKLM\[...]\MPSVC.exe : Debugger (ntsd -deeѮǐÇǐÇs.xmarks.lastError", -2142568418);) -> NALEZENO
[IFEO] HKLM\[...]\MPSVC1.exe : Debugger (ntsd -dmkѳƸÇƸÇtError", -2142568418);) -> NALEZENO
[IFEO] HKLM\[...]\MPSVC2.exe : Debugger (ntsd -dr"ЬƠÇƠÇ42568418);) -> NALEZENO
[IFEO] HKLM\[...]\msksrver.exe : Debugger (ntsd -do\їȈÇȈÇws NT\CurrentVersion\Image File Execution Options\mcvsshld.exe) -> NALEZENO
[IFEO] HKLM\[...]\qutmserv.exe : Debugger (ntsd -dȬ¸ЈȰÇȰÇWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\McSACore.exe) -> NALEZENO
[IFEO] HKLM\[...]\RavMonD.exe : Debugger (ntsd -dpoѮƠÇƠÇSACore.exe) -> NALEZENO
[IFEO] HKLM\[...]\RavTask.exe : Debugger (ntsd -do.ѥƈÇƈÇƓЊntsd -doƞЈntsd -dWdѯȀÇȀÇT\CurrentVersion\Image File Execution Options\ccSvcHst.exe) -> NALEZENO
[IFEO] HKLM\[...]\RsAgent.exe : Debugger (ntsd -da! цʀÇʀÇExecution Options\McNASvc.exe) -> NALEZENO
[IFEO] HKLM\[...]\rsnetsvr.exe : Debugger (ntsd -da
цǈÇǈÇExecution Options\Mcods.exe) -> NALEZENO
[IFEO] HKLM\[...]\RsTray.exe : Debugger (ntsd -dN&CѵʨÇʨÇtVersion\Image File Execution Options\mcmscsvc.exe) -> NALEZENO
[IFEO] HKLM\[...]\safeboxTray.exe : Debugger (ntsd -dEiѣȘÇȘÇft\Windows NT\CurrentVersion\Image File Execution Options\McNASvc.exe) -> NALEZENO
[IFEO] HKLM\[...]\ScanFrm.exe : Debugger (ntsd -dveѸƈÇ玠ȫņЊntsd -d) -> NALEZENO
[IFEO] HKLM\[...]\sched.exe : Debugger (ntsd -dE+iѣːÇːÇft\Windows NT\CurrentVersion\Image File Execution Options\Mcagent.exe) -> NALEZENO
[IFEO] HKLM\[...]\seccenter.exe : Debugger (ntsd -dNCѵǰÇǰÇtVersion\Image File Execution Options\mcmscsvc.exe) -> NALEZENO
[IFEO] HKLM\[...]\SfCtlCom.exe : Debugger (ntsd -drnџƨÇƨÇom", 0);) -> NALEZENO
[IFEO] HKLM\[...]\TMBMSRV.exe : Debugger (ntsd -d) -> NALEZENO
[IFEO] HKLM\[...]\TmProxy.exe : Debugger (ntsd -dE+iѣːÇːÇft\Windows NT\CurrentVersion\Image File Execution Options\kpfwsvc.exe) -> NALEZENO
[IFEO] HKLM\[...]\UfSeAgnt.exe : Debugger (ntsd -dueѮǨÇǨÇsion\Image File Execution Options\mcvsshld.exe) -> NALEZENO
[IFEO] HKLM\[...]\vsserv.exe : Debugger (ntsd -dcsѯȐÇȐÇindows NT\CurrentVersion\Image File Execution Options\Mcagent.exe) -> NALEZENO
[IFEO] HKLM\[...]\zhudongfangyu.exe : Debugger (ntsd -d) -> NALEZENO
[IFEO] HKLM\[...]\ĐŢ¸´ą¤ľß.exe : Debugger (ntsd -d) -> NALEZENO
[HJPOL] HKCU\[...]\System : DisableTaskMgr (1) -> NALEZENO
[HJPOL] HKCU\[...]\System : DisableRegistryTools (1) -> NALEZENO
[HJPOL] HKLM\[...]\System : DisableTaskMgr (0) -> NALEZENO
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> NALEZENO
[HJPOL] HKLM\[...]\System : DisableCMD (0) -> NALEZENO
[HJ] HKLM\[...]\SystemRestore : DisableSR (1) -> NALEZENO
[HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NALEZENO
[HJ DESK] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NALEZENO
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NALEZENO

¤¤¤ Zvláštní soubory / Složky: ¤¤¤

¤¤¤ Ovladač : [NAHRÁNO] ¤¤¤
IRP[IRP_MJ_CREATE] : Unknown -> HOOKED ([MAJOR] atapi.sys @ 0xB7E1FB40)
IRP[IRP_MJ_CLOSE] : Unknown -> HOOKED ([MAJOR] atapi.sys @ 0xB7E1FB40)
IRP[IRP_MJ_DEVICE_CONTROL] : Unknown -> HOOKED ([MAJOR] atapi.sys @ 0xB7E1FB40)
IRP[IRP_MJ_INTERNAL_DEVICE_CONTROL] : Unknown -> HOOKED ([MAJOR] prosync1.sys @ 0xB85AE661)
IRP[IRP_MJ_POWER] : Unknown -> HOOKED ([MAJOR] atapi.sys @ 0xB7E1FB40)
IRP[IRP_MJ_SYSTEM_CONTROL] : Unknown -> HOOKED ([MAJOR] atapi.sys @ 0xB7E1FB40)
IRP[IRP_MJ_PNP] : Unknown -> HOOKED ([MAJOR] atapi.sys @ 0xB7E1FB40)
IRP[DriverStartIo] : Unknown -> HOOKED ([MAJOR] atapi.sys @ 0xB7E1D864)

¤¤¤ Nákaza : ¤¤¤

¤¤¤ Soubor HOSTS: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 localhost

¤¤¤ Kontrola MBR: ¤¤¤

+++++ PhysicalDrive0: ST3250620AS +++++
--- User ---
[MBR] db5538326d1a74e98ae7ae6a55dc1d95
[BSP] 37340bab680a8a93630b8d9632a813f5 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 39997 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 81915435 | Size: 180472 Mo
2 - [XXXXXX] EXTEN (0x05) [VISIBLE] Offset (sectors): 451522890 | Size: 18002 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Dokončeno : << RKreport[1].txt >>
RKreport[1].txt

#5 Příspěvek od **vyosek** » 18 zář 2012 22:00

Spustte znovu RogueKiller

Pokud pouzivate Win Vista ci W7, kliknete na RogueKiller pravym a dejte Run As Administrator ci Spustit jako spravce
Zvolte moznost Prohledat a pote Smazat a nasledne Zprava - otevre se log, ten sem vlozte
Pak kliknete na Oprava Host a Zprava - otevre se log, ten sem vlozte

Stahnete MBRScan http://eric71.geekstogo.com/tools/MbrScan.exe

Ulozte nejlepe na plochu
Pokud pouzivate Win Vista ci W7, kliknete na MBRScan pravym a dejte Run As Administrator ci Spustit jako spravce
Kliknete na Report
Po chvilce se objevi log do souboru MBRScan.txt, ten sem vlozte

Stahnete si TDSSKiller http://support.kaspersky.com/downloads/ ... killer.exe

Kliknete na volbu Change parametrs
V okne Additional Option zakliknete vsechny moznosti
Kliknete na OK
Utilite prikazte, at skenuje - klik na Start Scan
Po dokonceni skenu se objevi okno, zkontrolujte, zda-li je vsude moznost Skip
Pokud moznost Skip nebude primarne nastavena, prekliknete ji na Skip
Pokud mate vsude Skip, kliknete na Continue
Na disku, kde mate Windows (obvykle c:\) ve tvaru TDSSKiller.nejaka cisilka _log.txt bude log - jeho obsah sem vlozte

tons · #6 Příspěvek od **tons** » 18 zář 2012 22:18

1) RogueKiller

RogueKiller V8.0.3 [09/13/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Podpora: http://www.geekstogo.com/forum/files/fi ... guekiller/
Operační systém: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Spuštěno v : Normální režim
Uživatel : tkv [Práva správce]
Mód : Odebrat -- Datum : 09/18/2012 23:17:24

¤¤¤ Škodlivé procesy: : 0 ¤¤¤

¤¤¤ ¤¤¤ Záznamy Registrů: : 74 ¤¤¤
[IFEO] HKLM\[...]\360hotfix.exe : Debugger (ntsd -dpnѴƠÇƠÇe_top", 0);) -> VYMAZÁNO
[IFEO] HKLM\[...]\360rp.exe : Debugger (ntsd -d彲(ѳǰÇǰÇ湹⹣汣敩瑮⹳慬瑳祓据潌慣≬‬〢⤢਻獵Ⱒ∠∰㬩਍獵牥灟敲⡦猢牥楶散⹳祳据挮楬湥獴氮獡却湹䱣捯污Ⱒ∠∰㬩਍獵ǽЈꙐȫer_pref("extensions.lastPlatformVersion", "15.0.1");) -> VYMAZÁNO
[IFEO] HKLM\[...]\360rpt.exe : Debugger (ntsd -d) -> VYMAZÁNO
[IFEO] HKLM\[...]\360safe.exe : Debugger (ntsd -d) -> VYMAZÁNO
[IFEO] HKLM\[...]\360safebox.exe : Debugger (ntsd -d) -> VYMAZÁNO
[IFEO] HKLM\[...]\360sd.exe : Debugger (ntsd -di5_Ѳ̠Ç̠Çsed", false);) -> VYMAZÁNO
[IFEO] HKLM\[...]\360se.exe : Debugger (ntsd -dk%tџʠÇʠÇ.print_scaling", " 1,00");) -> VYMAZÁNO
[IFEO] HKLM\[...]\360SoftMgrSvc.exe : Debugger (ntsd -dieѲȠÇȠÇdeskjet_920c.print_shrink_to_fit", true);) -> VYMAZÁNO
[IFEO] HKLM\[...]\360speedld.exe : Debugger (ntsd -d) -> VYMAZÁNO
[IFEO] HKLM\[...]\360tray.exe : Debugger (ntsd -dm) -> VYMAZÁNO
[IFEO] HKLM\[...]\ast.exe : Debugger (ntsd -d_y0ѣՀÇՀÇ) -> VYMAZÁNO
[IFEO] HKLM\[...]\avcenter.exe : Debugger (ntsd -d) -> VYMAZÁNO
[IFEO] HKLM\[...]\avgnt.exe : Debugger (ntsd -d_UsѫРÇРÇ92) -> VYMAZÁNO
[IFEO] HKLM\[...]\avguard.exe : Debugger (ntsd -d) -> VYMAZÁNO
[IFEO] HKLM\[...]\avmailc.exe : Debugger (ntsd -dr5) -> VYMAZÁNO
[IFEO] HKLM\[...]\avp.exe : Debugger (ntsd -d) -> VYMAZÁNO
[IFEO] HKLM\[...]\avwebgrd.exe : Debugger (ntsd -dyЀȠÇȠÇ) -> VYMAZÁNO
[IFEO] HKLM\[...]\bdagent.exe : Debugger (ntsd -d) -> VYMAZÁNO
[IFEO] HKLM\[...]\CCenter.exe : Debugger (ntsd -dePeѮϸÇϸÇs.xmarks.ST-5-d", 0);) -> VYMAZÁNO
[IFEO] HKLM\[...]\ccSvcHst.exe : Debugger (ntsd -de)eѮˀÇˀÇs.xmarks.ST-5-na", 0);) -> VYMAZÁNO
[IFEO] HKLM\[...]\egui.exe : Debugger (ntsd -d) -> VYMAZÁNO
[IFEO] HKLM\[...]\ekrn.exe : Debugger (ntsd -d) -> VYMAZÁNO
[IFEO] HKLM\[...]\kavstart.exe : Debugger (ntsd -d5ЀɰÇɰÇuser_p) -> VYMAZÁNO
[IFEO] HKLM\[...]\kissvc.exe : Debugger (ntsd -d) -> VYMAZÁNO
[IFEO] HKLM\[...]\kmailmon.exe : Debugger (ntsd -d) -> VYMAZÁNO
[IFEO] HKLM\[...]\kpfw32.exe : Debugger (ntsd -d) -> VYMAZÁNO
[IFEO] HKLM\[...]\kpfwsvc.exe : Debugger (ntsd -dAVЀШÇШÇ.print) -> VYMAZÁNO
[IFEO] HKLM\[...]\krnl360svc.exe : Debugger (ntsd -d ;ЀɰÇɰÇ
ŬĜЈuser_pref("extensions.xmarks.UST-3-u", 0);) -> VYMAZÁNO
[IFEO] HKLM\[...]\kswebshield.exe : Debugger (ntsd -d ;ЀƠÇƠÇƆ.ѥƐÇƐÇ) -> VYMAZÁNO
[IFEO] HKLM\[...]\KVMonXP.kxp : Debugger (ntsd -dTƗ-ѵ㎀ȫŸÇ);) -> VYMAZÁNO
[IFEO] HKLM\[...]\KVSrvXP.exe : Debugger (ntsd -dnřxѭ㎀ȫŸÇ.UST-5-na", 0);) -> VYMAZÁNO
[IFEO] HKLM\[...]\kwatch.exe : Debugger (ntsd -deě"ѥ㎀ȫŸÇsions.xmarks.UST-6-h", 0);) -> VYMAZÁNO
[IFEO] HKLM\[...]\livesrv.exe : Debugger (ntsd -dЈµeѲ㎀ȫŸÇf("extensions.xmarks.UST-7-u", 0);) -> VYMAZÁNO
[IFEO] HKLM\[...]\Mcagent.exe : Debugger (ntsd -d) -> VYMAZÁNO
[IFEO] HKLM\[...]\mcmscsvc.exe : Debugger (ntsd -d0() -> VYMAZÁNO
[IFEO] HKLM\[...]\McNASvc.exe : Debugger (ntsd -d) -> VYMAZÁNO
[IFEO] HKLM\[...]\Mcods.exe : Debugger (ntsd -ds5TЭ̠Ç̠Ç, 0);) -> VYMAZÁNO
[IFEO] HKLM\[...]\McProxy.exe : Debugger (ntsd -d) -> VYMAZÁNO
[IFEO] HKLM\[...]\McSACore.exe : Debugger (ntsd -da( ѓʸÇʸÇngs\\\\tkv\\\\Data aplikacÃ\\\\Mozilla\\\\Firefox\\\\Profiles\\\\84f2r86r.default\\\\extensions\\\\foxmarks@kei.com\",\"mtime\":1346536431203}}}]");) -> VYMAZÁNO
[IFEO] HKLM\[...]\Mcshield.exe : Debugger (ntsd -d);) -> VYMAZÁNO
[IFEO] HKLM\[...]\mcsysmon.exe : Debugger (ntsd -d"c\ќҐÇҐÇcuments and Settings\\\\tkv\\\\Data aplikacÃ\\\\Mozilla\\\\Firefox\\\\Profiles\\\\84f2r86r.default\\\\extensions\\\\battlefieldplay4free@ea.com\",\"mtime\":1341591068125},\"foxmarks@kei.com\":{\"descriptor\":\"C:\\\\Documents and Settings\\\\tkv\\\\Data aplikacÃ\\\\Mozilla\\\\Firefox\\\\Profiles\\\\84f2r86r.default\\\\extensions\\\\foxmarks@kei.com\",\"mtime\":1346536431203}}}]");) -> VYMAZÁNO
[IFEO] HKLM\[...]\mcvsshld.exe : Debugger (ntsd -d3ĝ0йࢀȤŸÇĞƦЈ{20DED66E-BE94-4812-8EEC-658EB562E29A}) -> VYMAZÁNO
[IFEO] HKLM\[...]\MpfSrv.exe : Debugger (ntsd -d6-дࢀȤŸÇ8620-C6C8D256A178}) -> VYMAZÁNO
[IFEO] HKLM\[...]\MPMon.exe : Debugger (ntsd -d) -> VYMAZÁNO
[IFEO] HKLM\[...]\MPSVC.exe : Debugger (ntsd -dDAхȰÇȰÇD0304}) -> VYMAZÁNO
[IFEO] HKLM\[...]\MPSVC1.exe : Debugger (ntsd -d-ʐ4и谀ȪŸÇ) -> VYMAZÁNO
[IFEO] HKLM\[...]\MPSVC2.exe : Debugger (ntsd -d) -> VYMAZÁNO
[IFEO] HKLM\[...]\msksrver.exe : Debugger (ntsd -d5Ȑ) -> VYMAZÁNO
[IFEO] HKLM\[...]\qutmserv.exe : Debugger (ntsd -d) -> VYMAZÁNO
[IFEO] HKLM\[...]\RavMonD.exe : Debugger (ntsd -dAĮЀ谀ȪŸÇD}) -> VYMAZÁNO
[IFEO] HKLM\[...]\RavTask.exe : Debugger (ntsd -d8ð-д谀ȪŸÇ) -> VYMAZÁNO
[IFEO] HKLM\[...]\RsAgent.exe : Debugger (ntsd -du²) -> VYMAZÁNO
[IFEO] HKLM\[...]\rsnetsvr.exe : Debugger (ntsd -dCt0уԘÇԘÇ) -> VYMAZÁNO
[IFEO] HKLM\[...]\RsTray.exe : Debugger (ntsd -d86Ѐ̨Ç̨ÇC46-82) -> VYMAZÁNO
[IFEO] HKLM\[...]\safeboxTray.exe : Debugger (ntsd -dA.ѤƈÇƈÇƂЈ5.0) -> VYMAZÁNO
[IFEO] HKLM\[...]\ScanFrm.exe : Debugger (ntsd -d1Ƣ1Э늠ȥŸÇ-0) -> VYMAZÁNO
[IFEO] HKLM\[...]\sched.exe : Debugger (ntsd -dЈŤCф늠ȥŸÇ) -> VYMAZÁNO
[IFEO] HKLM\[...]\seccenter.exe : Debugger (ntsd -d) -> VYMAZÁNO
[IFEO] HKLM\[...]\SfCtlCom.exe : Debugger (ntsd -d) -> VYMAZÁNO
[IFEO] HKLM\[...]\TMBMSRV.exe : Debugger (ntsd -dCˋAаꋸȧŸÇF}) -> VYMAZÁNO
[IFEO] HKLM\[...]\TmProxy.exe : Debugger (ntsd -d-ʋ4дꋸȧŸÇ04FB92EB7}) -> VYMAZÁNO
[IFEO] HKLM\[...]\UfSeAgnt.exe : Debugger (ntsd -dAɍ0иꋸȧŸÇ00-33AD-9320-5D201CB46FC9}) -> VYMAZÁNO
[IFEO] HKLM\[...]\vsserv.exe : Debugger (ntsd -d0ȉ-дꋸȧŸÇ8f70-e0597d803b9c}) -> VYMAZÁNO
[IFEO] HKLM\[...]\zhudongfangyu.exe : Debugger (ntsd -d-ƃ2хꋸȧŸÇE1D63DEA2}) -> VYMAZÁNO
[IFEO] HKLM\[...]\ĐŢ¸´ą¤ľß.exe : Debugger (ntsd -dЈù2жꋸȧŸÇ2-EB56-4857-8150-7B4292575934}) -> VYMAZÁNO
[HJPOL] HKCU\[...]\System : DisableTaskMgr (1) -> VYMAZÁNO
[HJPOL] HKCU\[...]\System : DisableRegistryTools (1) -> VYMAZÁNO
[HJPOL] HKLM\[...]\System : DisableTaskMgr (0) -> VYMAZÁNO
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> VYMAZÁNO
[HJPOL] HKLM\[...]\System : DisableCMD (0) -> VYMAZÁNO
[HJ] HKLM\[...]\SystemRestore : DisableSR (1) -> NAHRAZENO (0)
[HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NAHRAZENO (0)
[HJ DESK] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NAHRAZENO (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NAHRAZENO (0)

¤¤¤ Zvláštní soubory / Složky: ¤¤¤

¤¤¤ Ovladač : [NAHRÁNO] ¤¤¤
IRP[IRP_MJ_CREATE] : Unknown -> HOOKED ([MAJOR] atapi.sys @ 0xB7E1FB40)
IRP[IRP_MJ_CLOSE] : Unknown -> HOOKED ([MAJOR] atapi.sys @ 0xB7E1FB40)
IRP[IRP_MJ_DEVICE_CONTROL] : Unknown -> HOOKED ([MAJOR] atapi.sys @ 0xB7E1FB40)
IRP[IRP_MJ_INTERNAL_DEVICE_CONTROL] : Unknown -> HOOKED ([MAJOR] prosync1.sys @ 0xB85AE661)
IRP[IRP_MJ_POWER] : Unknown -> HOOKED ([MAJOR] atapi.sys @ 0xB7E1FB40)
IRP[IRP_MJ_SYSTEM_CONTROL] : Unknown -> HOOKED ([MAJOR] atapi.sys @ 0xB7E1FB40)
IRP[IRP_MJ_PNP] : Unknown -> HOOKED ([MAJOR] atapi.sys @ 0xB7E1FB40)
IRP[DriverStartIo] : Unknown -> HOOKED ([MAJOR] atapi.sys @ 0xB7E1D864)

¤¤¤ Nákaza : ¤¤¤

¤¤¤ Soubor HOSTS: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 localhost

¤¤¤ Kontrola MBR: ¤¤¤

+++++ PhysicalDrive0: ST3250620AS +++++
--- User ---
[MBR] db5538326d1a74e98ae7ae6a55dc1d95
[BSP] 37340bab680a8a93630b8d9632a813f5 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 39997 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 81915435 | Size: 180472 Mo
2 - [XXXXXX] EXTEN (0x05) [VISIBLE] Offset (sectors): 451522890 | Size: 18002 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Dokončeno : << RKreport[3].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt

tons · #7 Příspěvek od **tons** » 18 zář 2012 22:20

2) MBRScan

Kód: Vybrat vše

MBRScan v1.1.1

OS             : Windows XP Home Service Pack 3 (32 bit)
PROCESSOR      : x86 Family 6 Model 15 Stepping 6, GenuineIntel
BOOT           : Normal Boot
DATE           : 2012/09/18 (ISO 8601) at 23:19:22
________________________________________________________________________________

DISK           : Device\Harddisk0\DR0 __ST3250620AS (3.AAE)
BUS_TYPE       : (0x03)  P-ATA
USE_PIO        : YES
MAX_TRANSFER   : 128 Kb
ALIGNMENT_MASK : word aligned
________________________________________________________________________________

Device\Harddisk0\DR0	232.8 Go  [Fixed] ==> XP MBR Code

MBR_MD5   : DB5538326D1A74E98AE7AE6A55DC1D95
MBR_SHA1  : C557A68DA056D9AE63A72DE568120EB1F827D6D0

Device\Harddisk0\Partition1	39.06 Go  	0x07 NTFS / HPFS __ BOOTABLE __
Device\Harddisk0\Partition2	176.2 Go  	0x07 NTFS / HPFS
Device\Harddisk0\Partition3	16.80 Go  	0x83 Linux 
Device\Harddisk0\Partition4	800.1 Mo  	0x82 Linux Swap 
________________________________________________________________________________

############################### Additional scan ################################

DRIVER  : C:\WINDOWS\System32\Drivers\dump_atapi.sys => Invisible on the disk
ADDRESS : 0xB35A0000
SIZE    : 96.0 Ko

DRIVER  : C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS => Invisible on the disk
ADDRESS : 0xB8652000
SIZE    : 8.0 Ko

DRIVER  : C:\WINDOWS\TEMP\Forter.sys => Invisible on the disk
ADDRESS : 0xB85CC000
SIZE    : 8.0 Ko

SystemStartOptions : NOEXECUTE=OPTIN  FASTDETECT

________________________________________________________________________________

_______MBR   \Device\Harddisk0\DR0  

0x00000000   33 C0 8E D0 BC 00 7C FB 50 07 50 1F FC BE 1B 7C   3À.Ð¼.|ûP.P.ü¾.|
0x00000010   BF 1B 06 50 57 B9 E5 01 F3 A4 CB BD BE 07 B1 04   ¿..PW¹å.ó¤Ë½¾.±.
0x00000020   38 6E 00 7C 09 75 13 83 C5 10 E2 F4 CD 18 8B F5   8n.|.u..Å.âôÍ..õ
0x00000030   83 C6 10 49 74 19 38 2C 74 F6 A0 B5 07 B4 07 8B   .Æ.It.8,tö.µ.´..
0x00000040   F0 AC 3C 00 74 FC BB 07 00 B4 0E CD 10 EB F2 88   ð¬<.tü»..´.Í.ëò.
0x00000050   4E 10 E8 46 00 73 2A FE 46 10 80 7E 04 0B 74 0B   N.èF.s*þF..~..t.
0x00000060   80 7E 04 0C 74 05 A0 B6 07 75 D2 80 46 02 06 83   .~..t..¶.uÒ.F...
0x00000070   46 08 06 83 56 0A 00 E8 21 00 73 05 A0 B6 07 EB   F...V..è!.s..¶.ë
0x00000080   BC 81 3E FE 7D 55 AA 74 0B 80 7E 10 00 74 C8 A0   ¼.>þ}Uªt..~..tÈ.
0x00000090   B7 07 EB A9 8B FC 1E 57 8B F5 CB BF 05 00 8A 56   ·.ë©.ü.W.õË¿...V
0x000000A0   00 B4 08 CD 13 72 23 8A C1 24 3F 98 8A DE 8A FC   .´.Í.r#.Á$?..Þ.ü
0x000000B0   43 F7 E3 8B D1 86 D6 B1 06 D2 EE 42 F7 E2 39 56   C÷ã.Ñ.Ö±.ÒîB÷â9V
0x000000C0   0A 77 23 72 05 39 46 08 73 1C B8 01 02 BB 00 7C   .w#r.9F.s.¸..».|
0x000000D0   8B 4E 02 8B 56 00 CD 13 73 51 4F 74 4E 32 E4 8A   .N..V.Í.sQOtN2ä.
0x000000E0   56 00 CD 13 EB E4 8A 56 00 60 BB AA 55 B4 41 CD   V.Í.ëä.V.`»ªU´AÍ
0x000000F0   13 72 36 81 FB 55 AA 75 30 F6 C1 01 74 2B 61 60   .r6.ûUªu0öÁ.t+a`
0x00000100   6A 00 6A 00 FF 76 0A FF 76 08 6A 00 68 00 7C 6A   j.j..v..v.j.h.|j
0x00000110   01 6A 10 B4 42 8B F4 CD 13 61 61 73 0E 4F 74 0B   .j.´B.ôÍ.aas.Ot.
0x00000120   32 E4 8A 56 00 CD 13 EB D6 61 F9 C3 4E 65 70 6C   2ä.V.Í.ëÖaùÃNepl
0x00000130   61 74 6E A0 20 74 61 62 75 6C 6B 61 20 6F 64 64   atn. tabulka odd
0x00000140   A1 6C 85 00 43 68 79 62 61 20 70 FD 69 20 6E 61   ¡l..Chyba pýi na
0x00000150   9F A1 74 A0 6E A1 20 6F 70 65 72 61 9F 6E A1 68   .¡t.n¡ opera.n¡h
0x00000160   6F 20 73 79 73 74 82 6D 75 00 4F 70 65 72 61 9F   o syst.mu.Opera.
0x00000170   6E A1 20 73 79 73 74 82 6D 20 6E 65 6E 61 6C 65   n¡ syst.m nenale
0x00000180   7A 65 6E 00 00 00 00 00 00 00 00 00 00 00 00 00   zen.............
0x00000190   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x000001A0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x000001B0   00 00 00 00 00 2C 44 6A 35 E5 35 E5 00 00 80 01   .....,Dj5å5å....
0x000001C0   01 00 07 FE FF FF 3F 00 00 00 EC ED E1 04 00 00   ...þ..?...ìíá...
0x000001D0   C1 FF 07 FE FF FF 2B EE E1 04 1F C3 07 16 00 00   Á..þ..+îá..Ã....
0x000001E0   C1 FF 05 FE FF FF 4A B1 E9 1A 37 94 32 02 00 00   Á..þ..J±é.7.2...
0x000001F0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 AA   ..............Uª

tons · #8 Příspěvek od **tons** » 18 zář 2012 22:23

3) TDSSKiller

23:20:51.0437 21692 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
23:20:51.0500 21692 ============================================================
23:20:51.0500 21692 Current date / time: 2012/09/18 23:20:51.0500
23:20:51.0500 21692 SystemInfo:
23:20:51.0500 21692
23:20:51.0500 21692 OS Version: 5.1.2600 ServicePack: 3.0
23:20:51.0500 21692 Product type: Workstation
23:20:51.0500 21692 ComputerName: TONDA
23:20:51.0500 21692 UserName: tkv
23:20:51.0500 21692 Windows directory: C:\WINDOWS
23:20:51.0500 21692 System windows directory: C:\WINDOWS
23:20:51.0500 21692 Processor architecture: Intel x86
23:20:51.0500 21692 Number of processors: 2
23:20:51.0500 21692 Page size: 0x1000
23:20:51.0500 21692 Boot type: Normal boot
23:20:51.0500 21692 ============================================================
23:20:51.0953 21692 Drive \Device\Harddisk0\DR0 - Size: 0x3A3092D400 (232.76 Gb), SectorSize: 0x200, Cylinders: 0x76B0, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
23:20:51.0953 21692 ============================================================
23:20:51.0953 21692 \Device\Harddisk0\DR0:
23:20:51.0953 21692 MBR partitions:
23:20:51.0953 21692 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x4E1EDEC
23:20:51.0953 21692 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x4E1EE2B, BlocksNum 0x1607C31F
23:20:51.0984 21692 ============================================================
23:20:52.0000 21692 C: <-> \Device\Harddisk0\DR0\Partition1
23:20:52.0031 21692 H: <-> \Device\Harddisk0\DR0\Partition2
23:20:52.0031 21692 ============================================================
23:20:52.0031 21692 Initialize success
23:20:52.0031 21692 ============================================================
23:21:42.0375 24164 ============================================================
23:21:42.0375 24164 Scan started
23:21:42.0375 24164 Mode: Manual; SigCheck; TDLFS;
23:21:42.0375 24164 ============================================================
23:21:42.0609 24164 ================ Scan system memory ========================
23:21:42.0609 24164 System memory - ok
23:21:42.0609 24164 ================ Scan services =============================
23:21:42.0687 24164 [ C0393EB99A6C72C6BEF9BFC4A72B33A6 ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
23:21:42.0859 24164 !SASCORE - ok
23:21:42.0953 24164 Abiosdsk - ok
23:21:42.0953 24164 abp480n5 - ok
23:21:43.0000 24164 [ 4FE34F1F3126B61FCC6B2043AA8112C9 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
23:21:43.0921 24164 ACPI - ok
23:21:43.0937 24164 [ AFDFF022A01F0B11C776F0860C3B282F ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
23:21:44.0062 24164 ACPIEC - ok
23:21:44.0078 24164 adfs - ok
23:21:44.0125 24164 [ B2B64AF436FACCFA854DD397027C5360 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
23:21:44.0140 24164 AdobeFlashPlayerUpdateSvc - ok
23:21:44.0140 24164 adpu160m - ok
23:21:44.0156 24164 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
23:21:44.0250 24164 aec - ok
23:21:44.0265 24164 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
23:21:44.0312 24164 AFD - ok
23:21:44.0312 24164 Aha154x - ok
23:21:44.0328 24164 aic78u2 - ok
23:21:44.0328 24164 aic78xx - ok
23:21:44.0359 24164 [ E0A6FA244B8624D78FE5FF6F56A33BAE ] Alerter C:\WINDOWS\system32\alrsvc.dll
23:21:44.0437 24164 Alerter - ok
23:21:44.0453 24164 [ 88842DE939A827577BF24243699AC80A ] ALG C:\WINDOWS\System32\alg.exe
23:21:44.0546 24164 ALG - ok
23:21:44.0562 24164 AliIde - ok
23:21:44.0609 24164 [ 267FC636801EDC5AB28E14036349E3BE ] Ambfilt C:\WINDOWS\system32\drivers\Ambfilt.sys
23:21:44.0750 24164 Ambfilt - ok
23:21:44.0765 24164 amsint - ok
23:21:44.0796 24164 [ DD8D9C597AF7CD2F6B70A3D6A4A1ACEA ] androidusb C:\WINDOWS\system32\Drivers\ssadadb.sys
23:21:44.0984 24164 androidusb - ok
23:21:45.0015 24164 [ 1EF39F2D358417F7AA897FAE54160F57 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
23:21:45.0031 24164 AppMgmt ( UnsignedFile.Multi.Generic ) - warning
23:21:45.0031 24164 AppMgmt - detected UnsignedFile.Multi.Generic (1)
23:21:45.0062 24164 [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys
23:21:45.0156 24164 Arp1394 - ok
23:21:45.0156 24164 asc - ok
23:21:45.0156 24164 asc3350p - ok
23:21:45.0171 24164 asc3550 - ok
23:21:45.0250 24164 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
23:21:45.0281 24164 aspnet_state - ok
23:21:45.0312 24164 [ F5C2CCDB273A546E9C3A15250F1D9165 ] asuskbnt C:\WINDOWS\system32\drivers\atkkbnt.sys
23:21:45.0312 24164 asuskbnt ( UnsignedFile.Multi.Generic ) - warning
23:21:45.0312 24164 asuskbnt - detected UnsignedFile.Multi.Generic (1)
23:21:45.0343 24164 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
23:21:45.0421 24164 AsyncMac - ok
23:21:45.0437 24164 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
23:21:45.0531 24164 atapi - ok
23:21:45.0531 24164 Atdisk - ok
23:21:45.0562 24164 [ FD2C83A58FEAB0751E723B1676BDBF46 ] ATKKeyboardService C:\WINDOWS\ATKKBService.exe
23:21:45.0562 24164 ATKKeyboardService ( UnsignedFile.Multi.Generic ) - warning
23:21:45.0562 24164 ATKKeyboardService - detected UnsignedFile.Multi.Generic (1)
23:21:45.0578 24164 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
23:21:45.0656 24164 Atmarpc - ok
23:21:45.0687 24164 [ DE31B88962A8645DBA5A37B993E7B0F1 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
23:21:45.0765 24164 AudioSrv - ok
23:21:45.0796 24164 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
23:21:45.0890 24164 audstub - ok
23:21:45.0890 24164 bdfdll - ok
23:21:45.0937 24164 [ F040E9FFF03BC19AFF03CB922E131CD7 ] bdfm C:\WINDOWS\system32\drivers\bdfm.sys
23:21:45.0953 24164 bdfm - ok
23:21:45.0953 24164 BDFsDrv - ok
23:21:46.0000 24164 [ D281217152B9FC5774863E70E3FAB4D3 ] bdfsfltr C:\WINDOWS\system32\drivers\bdfsfltr.sys
23:21:46.0000 24164 bdfsfltr - ok
23:21:46.0015 24164 BDRsDrv - ok
23:21:46.0062 24164 [ 5EAF583C0B1CC2499761EA3B065F5DB2 ] BDSelfPr C:\Program Files\BitDefender\BitDefender 2009\bdselfpr.sys
23:21:46.0093 24164 BDSelfPr ( UnsignedFile.Multi.Generic ) - warning
23:21:46.0093 24164 BDSelfPr - detected UnsignedFile.Multi.Generic (1)
23:21:46.0109 24164 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
23:21:46.0203 24164 Beep - ok
23:21:46.0234 24164 [ 19395D092FD85DDC2D9C7729CF5A2AC8 ] BITS C:\WINDOWS\system32\qmgr.dll
23:21:46.0328 24164 BITS - ok
23:21:46.0359 24164 [ 89E739BBA5F636297EA5B5F811189E06 ] Browser C:\WINDOWS\System32\browser.dll
23:21:46.0421 24164 Browser - ok
23:21:46.0437 24164 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
23:21:46.0531 24164 cbidf2k - ok
23:21:46.0562 24164 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
23:21:46.0640 24164 CCDECODE - ok
23:21:46.0640 24164 cd20xrnt - ok
23:21:46.0656 24164 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
23:21:46.0750 24164 Cdaudio - ok
23:21:46.0781 24164 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
23:21:46.0875 24164 Cdfs - ok
23:21:46.0875 24164 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
23:21:46.0984 24164 Cdrom - ok
23:21:46.0984 24164 Changer - ok
23:21:47.0000 24164 [ E390DC1D7C461D7D56EC53402F329928 ] CiSvc C:\WINDOWS\system32\cisvc.exe
23:21:47.0093 24164 CiSvc - ok
23:21:47.0109 24164 [ 064507A8DFA8C5C7E2FFDDD3E6F424FA ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
23:21:47.0203 24164 ClipSrv - ok
23:21:47.0250 24164 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
23:21:47.0265 24164 clr_optimization_v2.0.50727_32 - ok
23:21:47.0296 24164 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
23:21:47.0328 24164 clr_optimization_v4.0.30319_32 - ok
23:21:47.0343 24164 CmdIde - ok
23:21:47.0343 24164 COMSysApp - ok
23:21:47.0343 24164 Cpqarray - ok
23:21:47.0375 24164 [ C2EB4539A4F6AB6EDD01BDC191619975 ] cpuz135 C:\WINDOWS\system32\drivers\cpuz135_x32.sys
23:21:47.0390 24164 cpuz135 - ok
23:21:47.0421 24164 [ F3AB0933CBD166D271992F411C27CCAF ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
23:21:47.0515 24164 CryptSvc - ok
23:21:47.0515 24164 dac2w2k - ok
23:21:47.0531 24164 dac960nt - ok
23:21:47.0562 24164 [ BE27674D1CBC3214AEC84B4336A38BBF ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
23:21:47.0609 24164 DcomLaunch - ok
23:21:47.0640 24164 [ 6216FD7FD227DE454238A702B218CEC7 ] dgderdrv C:\WINDOWS\system32\drivers\dgderdrv.sys
23:21:47.0656 24164 dgderdrv - ok
23:21:47.0671 24164 [ 919F338FD36F47D860775368D0748780 ] dg_ssudbus C:\WINDOWS\system32\DRIVERS\ssudbus.sys
23:21:47.0687 24164 dg_ssudbus - ok
23:21:47.0718 24164 [ 8C9A53E285AC5E6704844D0459EC85BE ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
23:21:47.0812 24164 Dhcp - ok
23:21:47.0843 24164 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
23:21:47.0937 24164 Disk - ok
23:21:47.0937 24164 dmadmin - ok
23:21:47.0984 24164 [ DB5FD2BF5B07DC54BFCB3664FF05BD7C ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
23:21:48.0093 24164 dmboot - ok
23:21:48.0125 24164 [ FFF1720AF51171F32F1EAD5CF71F2810 ] dmio C:\WINDOWS\system32\drivers\dmio.sys
23:21:48.0203 24164 dmio - ok
23:21:48.0234 24164 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
23:21:48.0328 24164 dmload - ok
23:21:48.0359 24164 [ 2BFEFE9E865655A76982F050450B9591 ] dmserver C:\WINDOWS\System32\dmserver.dll
23:21:48.0453 24164 dmserver - ok
23:21:48.0468 24164 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
23:21:48.0562 24164 DMusic - ok
23:21:48.0593 24164 [ DFAA406BF19F4EE806A6F8D4342137F7 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
23:21:48.0671 24164 Dnscache - ok
23:21:48.0671 24164 [ 4A3E2BD20157A0946751229E92EB8621 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
23:21:48.0765 24164 Dot3svc - ok
23:21:48.0781 24164 dpti2o - ok
23:21:48.0796 24164 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
23:21:48.0890 24164 drmkaud - ok
23:21:48.0906 24164 [ 0887D9C2BE8D940778CAD1E3B85F2A41 ] EapHost C:\WINDOWS\System32\eapsvc.dll
23:21:49.0000 24164 EapHost - ok
23:21:49.0015 24164 [ 6F41DA43AA4806A7BDBB2F9A8B05023E ] EIO C:\WINDOWS\system32\drivers\EIO.sys
23:21:49.0015 24164 EIO ( UnsignedFile.Multi.Generic ) - warning
23:21:49.0015 24164 EIO - detected UnsignedFile.Multi.Generic (1)
23:21:49.0046 24164 [ FD9FC82F134B1C91004FFC76A5AE494B ] ENTECH C:\WINDOWS\system32\DRIVERS\ENTECH.sys
23:21:49.0062 24164 ENTECH ( UnsignedFile.Multi.Generic ) - warning
23:21:49.0062 24164 ENTECH - detected UnsignedFile.Multi.Generic (1)
23:21:49.0078 24164 [ A2A4912798F2BE706ABADD3D30800D16 ] ERSvc C:\WINDOWS\System32\ersvc.dll
23:21:49.0171 24164 ERSvc - ok
23:21:49.0218 24164 [ 9EF697AF07BB8DD82C3B02CA953A95B7 ] Eventlog C:\WINDOWS\system32\services.exe
23:21:49.0250 24164 Eventlog - ok
23:21:49.0281 24164 [ A371F11EF07653591C8DE26AFB13CE7F ] EventSystem C:\WINDOWS\system32\es.dll
23:21:49.0312 24164 EventSystem - ok
23:21:49.0328 24164 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
23:21:49.0421 24164 Fastfat - ok
23:21:49.0437 24164 [ EE9A2B9EA968A792A053C9D1A86BF870 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
23:21:49.0484 24164 FastUserSwitchingCompatibility - ok
23:21:49.0500 24164 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys
23:21:49.0593 24164 Fdc - ok
23:21:49.0609 24164 [ AC366695A0796560AA37215AD5762AAF ] Fips C:\WINDOWS\system32\drivers\Fips.sys
23:21:49.0687 24164 Fips - ok
23:21:49.0750 24164 [ 1F63900E2EB00101B9ACA2B7A870704E ] FLEXnet Licensing Service C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
23:21:49.0875 24164 FLEXnet Licensing Service - ok
23:21:49.0906 24164 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
23:21:49.0984 24164 Flpydisk - ok
23:21:50.0015 24164 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
23:21:50.0109 24164 FltMgr - ok
23:21:50.0156 24164 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
23:21:50.0171 24164 FontCache3.0.0.0 - ok
23:21:50.0187 24164 [ CBE5F69A5E5B918225F420BA748F3742 ] FsUsbExDisk C:\WINDOWS\system32\FsUsbExDisk.SYS
23:21:50.0203 24164 FsUsbExDisk ( UnsignedFile.Multi.Generic ) - warning
23:21:50.0203 24164 FsUsbExDisk - detected UnsignedFile.Multi.Generic (1)
23:21:50.0218 24164 [ 96633419F4A1E37ACB89B45EBCCFE001 ] FsUsbExService C:\WINDOWS\system32\FsUsbExService.Exe
23:21:50.0234 24164 FsUsbExService - ok
23:21:50.0250 24164 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
23:21:50.0343 24164 Fs_Rec - ok
23:21:50.0343 24164 [ 4E664D8541DB4A66B73A24257E322E1F ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
23:21:50.0437 24164 Ftdisk - ok
23:21:50.0468 24164 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
23:21:50.0562 24164 Gpc - ok
23:21:50.0593 24164 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
23:21:50.0671 24164 HDAudBus - ok
23:21:50.0718 24164 [ FCFE31FB75F8A6295B6B0AF87A626282 ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
23:21:50.0812 24164 helpsvc - ok
23:21:50.0828 24164 [ 00E25EE90166B3E1BE6E74AEBF858306 ] HidServ C:\WINDOWS\System32\hidserv.dll
23:21:50.0921 24164 HidServ - ok
23:21:50.0937 24164 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] hidusb C:\WINDOWS\system32\DRIVERS\hidusb.sys
23:21:51.0015 24164 hidusb - ok
23:21:51.0046 24164 [ 7A6B320928F86BC851530D63C82965D9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
23:21:51.0140 24164 hkmsvc - ok
23:21:51.0140 24164 hpn - ok
23:21:51.0187 24164 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
23:21:51.0203 24164 HTTP - ok
23:21:51.0218 24164 [ 58FE2F2DA3BC5573F4A35B3760D3125F ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
23:21:51.0312 24164 HTTPFilter - ok
23:21:51.0312 24164 i2omgmt - ok
23:21:51.0312 24164 i2omp - ok
23:21:51.0328 24164 [ C528E27945367191E7BAE364930B6932 ] i8042prt C:\WINDOWS\system32\drivers\i8042prt.sys
23:21:51.0421 24164 i8042prt - ok
23:21:51.0484 24164 [ 6F95324909B502E2651442C1548AB12F ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
23:21:51.0500 24164 IDriverT ( UnsignedFile.Multi.Generic ) - warning
23:21:51.0500 24164 IDriverT - detected UnsignedFile.Multi.Generic (1)
23:21:51.0546 24164 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
23:21:51.0593 24164 idsvc - ok
23:21:51.0625 24164 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
23:21:51.0703 24164 Imapi - ok
23:21:51.0734 24164 [ F7B93AAFAD33B2320954C17E26C8D361 ] ImapiService C:\WINDOWS\system32\imapi.exe
23:21:51.0812 24164 ImapiService - ok
23:21:51.0828 24164 ini910u - ok
23:21:52.0000 24164 [ 5D138ADC44C43BF37634C8E528D75B1F ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
23:21:52.0250 24164 IntcAzAudAddService - ok
23:21:52.0250 24164 IntelIde - ok
23:21:52.0296 24164 [ 27B290D632AF2CF3CF40BFDDB7370985 ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
23:21:52.0390 24164 intelppm - ok
23:21:52.0406 24164 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
23:21:52.0500 24164 Ip6Fw - ok
23:21:52.0515 24164 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
23:21:52.0609 24164 IpFilterDriver - ok
23:21:52.0625 24164 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
23:21:52.0718 24164 IpInIp - ok
23:21:52.0718 24164 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
23:21:52.0812 24164 IpNat - ok
23:21:52.0843 24164 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
23:21:52.0921 24164 IPSec - ok
23:21:52.0937 24164 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
23:21:53.0015 24164 IRENUM - ok
23:21:53.0031 24164 [ CC9F8A2D60AED1A51A3AC34C59B987AE ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
23:21:53.0140 24164 isapnp - ok
23:21:53.0218 24164 [ 80F08F50D248EEEEB9256F6522891D40 ] JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe
23:21:53.0234 24164 JavaQuickStarterService - ok
23:21:53.0250 24164 [ C995C0E8B4503FAC38793BB0236AD246 ] JGOGO C:\WINDOWS\system32\DRIVERS\JGOGO.sys
23:21:53.0265 24164 JGOGO ( UnsignedFile.Multi.Generic ) - warning
23:21:53.0265 24164 JGOGO - detected UnsignedFile.Multi.Generic (1)
23:21:53.0281 24164 [ 06B9C22897EBDC6ABA993C77F173D882 ] JRAID C:\WINDOWS\system32\DRIVERS\jraid.sys
23:21:53.0281 24164 JRAID ( UnsignedFile.Multi.Generic ) - warning
23:21:53.0281 24164 JRAID - detected UnsignedFile.Multi.Generic (1)
23:21:53.0328 24164 [ 1B6162FE7F66B1A71A4B70F941C4AA9B ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
23:21:53.0406 24164 Kbdclass - ok
23:21:53.0421 24164 [ 86C8F23616C6C6E5B2776901C17B945B ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
23:21:53.0515 24164 kbdhid - ok
23:21:53.0531 24164 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
23:21:53.0625 24164 kmixer - ok
23:21:53.0640 24164 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
23:21:53.0687 24164 KSecDD - ok
23:21:53.0718 24164 [ 3428E8F86F8ADD36B42FB23542C7B3E4 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
23:21:53.0765 24164 lanmanserver - ok
23:21:53.0765 24164 [ 936C1D110232D23B621CB0196E4F80F0 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
23:21:53.0812 24164 lanmanworkstation - ok
23:21:53.0828 24164 [ BE2DC24D403643A2D1D98F33C7087B38 ] LBeepKE C:\WINDOWS\system32\Drivers\LBeepKE.sys
23:21:53.0843 24164 LBeepKE - ok
23:21:53.0843 24164 lbrtfdc - ok
23:21:53.0890 24164 [ 910344E2A984010435AE84783B25E5EB ] LBTServ C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
23:21:53.0906 24164 LBTServ - ok
23:21:53.0937 24164 [ 01CC7FB6E790EF044B411377F3A1FF41 ] LHidFilt C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys
23:21:53.0953 24164 LHidFilt - ok
23:21:54.0046 24164 [ 57EA8D72FDE82FB87DBF49E274620103 ] LIVESRV C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
23:21:54.0062 24164 LIVESRV - ok
23:21:54.0078 24164 [ 0AB159F536E3E8F7F07113702A07CCA5 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
23:21:54.0171 24164 LmHosts - ok
23:21:54.0187 24164 [ A2E7EAE8898D7B4B8C302B8F4E836BB5 ] LMouFilt C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys
23:21:54.0187 24164 LMouFilt - ok
23:21:54.0265 24164 [ 8113133EC42DD6C566908008CE913EDD ] LVcKap C:\WINDOWS\system32\DRIVERS\LVcKap.sys
23:21:54.0343 24164 LVcKap - ok
23:21:54.0375 24164 [ 9E41266C68C11D7101A2D18CD1F7553E ] LVCOMSer C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
23:21:54.0390 24164 LVCOMSer - ok
23:21:54.0453 24164 [ 0DD5B8AF4917A2821047450195C511B3 ] LVMVDrv C:\WINDOWS\system32\DRIVERS\LVMVDrv.sys
23:21:54.0546 24164 LVMVDrv - ok
23:21:54.0593 24164 [ 85C2E84BC1224C75A20B5560D5A15DB9 ] LVPrcSrv C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
23:21:54.0609 24164 LVPrcSrv - ok
23:21:54.0609 24164 [ 656180E9C0C5199520972426C44BC2F0 ] LVSrvLauncher C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
23:21:54.0625 24164 LVSrvLauncher - ok
23:21:54.0656 24164 [ BE5E104BE263921D6842C555DB6A5C23 ] LVUSBSta C:\WINDOWS\system32\drivers\LVUSBSta.sys
23:21:54.0671 24164 LVUSBSta - ok
23:21:54.0687 24164 [ 221CD1C815B8A6B79389C3F5D1018DE8 ] Messenger C:\WINDOWS\System32\msgsvc.dll
23:21:54.0781 24164 Messenger - ok
23:21:54.0812 24164 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
23:21:54.0921 24164 mnmdd - ok
23:21:54.0937 24164 [ 9A57D046F88F4B69751B11FD40088A61 ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
23:21:55.0031 24164 mnmsrvc - ok
23:21:55.0046 24164 [ 44032B0C6D9954D3FD26438330B99EE7 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
23:21:55.0140 24164 Modem - ok
23:21:55.0171 24164 [ C7D9F9717916B34C1B00DD4834AF485C ] Monfilt C:\WINDOWS\system32\drivers\Monfilt.sys
23:21:55.0234 24164 Monfilt - ok
23:21:55.0250 24164 [ 4CB582831DBDE63CE43B45D771218374 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
23:21:55.0343 24164 Mouclass - ok
23:21:55.0359 24164 [ BB269EBA740737AB749B214D568B6812 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
23:21:55.0468 24164 mouhid - ok
23:21:55.0484 24164 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
23:21:55.0578 24164 MountMgr - ok
23:21:55.0625 24164 [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
23:21:55.0656 24164 MozillaMaintenance - ok
23:21:55.0656 24164 mraid35x - ok
23:21:55.0671 24164 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
23:21:55.0765 24164 MRxDAV - ok
23:21:55.0796 24164 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
23:21:55.0843 24164 MRxSmb - ok
23:21:55.0875 24164 [ 6DB4D1521CABA9A5FFAB54ADE0AE867D ] MSDTC C:\WINDOWS\system32\msdtc.exe
23:21:55.0968 24164 MSDTC - ok
23:21:55.0968 24164 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
23:21:56.0062 24164 Msfs - ok
23:21:56.0062 24164 MSIServer - ok
23:21:56.0078 24164 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
23:21:56.0171 24164 MSKSSRV - ok
23:21:56.0187 24164 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
23:21:56.0265 24164 MSPCLOCK - ok
23:21:56.0281 24164 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
23:21:56.0359 24164 MSPQM - ok
23:21:56.0390 24164 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
23:21:56.0468 24164 mssmbios - ok
23:21:56.0500 24164 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
23:21:56.0578 24164 MSTEE - ok
23:21:56.0625 24164 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
23:21:56.0656 24164 Mup - ok
23:21:56.0687 24164 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
23:21:56.0781 24164 NABTSFEC - ok
23:21:56.0812 24164 [ 6EA362E9DB03D44F6B996F4D8BE237E9 ] napagent C:\WINDOWS\System32\qagentrt.dll
23:21:56.0890 24164 napagent - ok
23:21:56.0906 24164 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
23:21:57.0015 24164 NDIS - ok
23:21:57.0015 24164 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
23:21:57.0109 24164 NdisIP - ok
23:21:57.0140 24164 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
23:21:57.0203 24164 NdisTapi - ok
23:21:57.0218 24164 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
23:21:57.0296 24164 Ndisuio - ok
23:21:57.0328 24164 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
23:21:57.0406 24164 NdisWan - ok
23:21:57.0437 24164 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
23:21:57.0453 24164 NDProxy - ok
23:21:57.0468 24164 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
23:21:57.0562 24164 NetBIOS - ok
23:21:57.0578 24164 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
23:21:57.0687 24164 NetBT - ok
23:21:57.0703 24164 [ 933DE774986EC85E48210C44AB431DE6 ] NetDDE C:\WINDOWS\system32\netdde.exe
23:21:57.0796 24164 NetDDE - ok
23:21:57.0812 24164 [ 933DE774986EC85E48210C44AB431DE6 ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
23:21:57.0890 24164 NetDDEdsdm - ok
23:21:57.0921 24164 [ ED0A176354487CEED65B80A7148AB739 ] Netlogon C:\WINDOWS\system32\lsass.exe
23:21:58.0000 24164 Netlogon - ok
23:21:58.0031 24164 [ 72E1E9E2977BE08BDEEDB6D8FD9D4D40 ] Netman C:\WINDOWS\System32\netman.dll
23:21:58.0125 24164 Netman - ok
23:21:58.0140 24164 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
23:21:58.0140 24164 NetTcpPortSharing - ok
23:21:58.0171 24164 [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys
23:21:58.0265 24164 NIC1394 - ok
23:21:58.0281 24164 [ 39EE7C3BFBC64BA87CC8CF67386E814C ] Nla C:\WINDOWS\System32\mswsock.dll
23:21:58.0328 24164 Nla - ok
23:21:58.0359 24164 [ B0A67DE1A128389AEA4D42C5A56215FD ] nmwcd C:\WINDOWS\system32\drivers\ccdcmb.sys
23:21:58.0515 24164 nmwcd - ok
23:21:58.0531 24164 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
23:21:58.0625 24164 Npfs - ok
23:21:58.0671 24164 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
23:21:58.0765 24164 Ntfs - ok
23:21:58.0765 24164 [ ED0A176354487CEED65B80A7148AB739 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
23:21:58.0859 24164 NtLmSsp - ok
23:21:58.0890 24164 [ 023DD70573D644F3D9C8B1258A7BFD08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
23:21:58.0984 24164 NtmsSvc - ok
23:21:59.0000 24164 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
23:21:59.0093 24164 Null - ok
23:21:59.0390 24164 [ 062C16F3364C7706713282163586988E ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
23:21:59.0890 24164 nv - ok
23:21:59.0921 24164 [ B2F5AC506C9B1103827B62BA18A2C514 ] nvsvc C:\WINDOWS\system32\nvsvc32.exe
23:21:59.0937 24164 nvsvc - ok
23:22:00.0031 24164 [ 844A25C9E3076EDEF2B12E0BEDED755D ] nvUpdatusService C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
23:22:00.0093 24164 nvUpdatusService - ok
23:22:00.0156 24164 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
23:22:00.0250 24164 NwlnkFlt - ok
23:22:00.0250 24164 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
23:22:00.0359 24164 NwlnkFwd - ok
23:22:00.0375 24164 [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys
23:22:00.0468 24164 ohci1394 - ok
23:22:00.0484 24164 [ 46F8DB73B4A53E543F8E371DC7C75BAE ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
23:22:00.0578 24164 Parport - ok
23:22:00.0578 24164 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
23:22:00.0656 24164 PartMgr - ok
23:22:00.0687 24164 [ 1FAE19D0457176318BBA4A8795656EBC ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
23:22:00.0781 24164 ParVdm - ok
23:22:00.0796 24164 [ FD2041E9BA03DB7764B2248F02475079 ] pccsmcfd C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys
23:22:00.0828 24164 pccsmcfd - ok
23:22:00.0843 24164 [ 6CE351D149CB4BEFC702951E471E1730 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
23:22:00.0937 24164 PCI - ok
23:22:00.0937 24164 PCIDump - ok
23:22:00.0968 24164 [ 2DA4EC85E0EA7A45C6B2A05820492D5A ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
23:22:01.0046 24164 PCIIde - ok
23:22:01.0078 24164 [ 4FC31E6C19A5CE5198B1ABFF94CAE758 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
23:22:01.0171 24164 Pcmcia - ok
23:22:01.0171 24164 PDCOMP - ok
23:22:01.0171 24164 PDFRAME - ok
23:22:01.0171 24164 PDRELI - ok
23:22:01.0187 24164 PDRFRAME - ok
23:22:01.0187 24164 perc2 - ok
23:22:01.0187 24164 perc2hib - ok
23:22:01.0234 24164 [ 3551190E9CF1EB4C0971BDEF4269CA25 ] PID_0928 C:\WINDOWS\system32\DRIVERS\LV561AV.SYS
23:22:01.0250 24164 PID_0928 - ok
23:22:01.0265 24164 [ 9EF697AF07BB8DD82C3B02CA953A95B7 ] PlugPlay C:\WINDOWS\system32\services.exe
23:22:01.0296 24164 PlugPlay - ok
23:22:01.0328 24164 [ DEDEF40E1D05842639491365CB2C069E ] PMEM C:\WINDOWS\system32\drivers\PMEMNT.SYS
23:22:01.0328 24164 PMEM ( UnsignedFile.Multi.Generic ) - warning
23:22:01.0328 24164 PMEM - detected UnsignedFile.Multi.Generic (1)
23:22:01.0359 24164 [ 205E1B699FD3F2F9B036EEA2EC30C620 ] PnkBstrA C:\WINDOWS\system32\PnkBstrA.exe
23:22:01.0375 24164 PnkBstrA - ok
23:22:01.0390 24164 [ ED0A176354487CEED65B80A7148AB739 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
23:22:01.0468 24164 PolicyAgent - ok
23:22:01.0500 24164 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
23:22:01.0593 24164 PptpMiniport - ok
23:22:01.0625 24164 [ C051DEB1AD5FDAAE04114A30998FF869 ] prodrv06 C:\WINDOWS\System32\drivers\prodrv06.sys
23:22:01.0625 24164 prodrv06 ( UnsignedFile.Multi.Generic ) - warning
23:22:01.0625 24164 prodrv06 - detected UnsignedFile.Multi.Generic (1)
23:22:01.0640 24164 Profos - ok
23:22:01.0656 24164 [ D9D5CC53E73D7796FFC6266D52DE80DA ] prohlp02 C:\WINDOWS\system32\drivers\prohlp02.sys
23:22:01.0671 24164 prohlp02 ( UnsignedFile.Multi.Generic ) - warning
23:22:01.0671 24164 prohlp02 - detected UnsignedFile.Multi.Generic (1)
23:22:01.0687 24164 [ F3471E7971EE62420451D958DA635064 ] prosync1 C:\WINDOWS\system32\drivers\prosync1.sys
23:22:01.0703 24164 prosync1 ( UnsignedFile.Multi.Generic ) - warning
23:22:01.0703 24164 prosync1 - detected UnsignedFile.Multi.Generic (1)
23:22:01.0718 24164 [ ED0A176354487CEED65B80A7148AB739 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
23:22:01.0796 24164 ProtectedStorage - ok
23:22:01.0812 24164 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
23:22:01.0906 24164 PSched - ok
23:22:01.0937 24164 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
23:22:02.0031 24164 Ptilink - ok
23:22:02.0031 24164 ql1080 - ok
23:22:02.0046 24164 Ql10wnt - ok
23:22:02.0046 24164 ql12160 - ok
23:22:02.0046 24164 ql1240 - ok
23:22:02.0046 24164 ql1280 - ok
23:22:02.0078 24164 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
23:22:02.0171 24164 RasAcd - ok
23:22:02.0203 24164 [ 2B5E44EA009F2F374B980E1E9A70635D ] RasAuto C:\WINDOWS\System32\rasauto.dll
23:22:02.0296 24164 RasAuto - ok
23:22:02.0312 24164 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
23:22:02.0390 24164 Rasl2tp - ok
23:22:02.0421 24164 [ D57554C664B64604BD1EE13EA2C07E77 ] RasMan C:\WINDOWS\System32\rasmans.dll
23:22:02.0500 24164 RasMan - ok
23:22:02.0500 24164 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
23:22:02.0593 24164 RasPppoe - ok
23:22:02.0593 24164 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
23:22:02.0687 24164 Raspti - ok
23:22:02.0718 24164 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
23:22:02.0796 24164 Rdbss - ok
23:22:02.0812 24164 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
23:22:02.0921 24164 RDPCDD - ok
23:22:02.0953 24164 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
23:22:02.0984 24164 RDPWD - ok
23:22:03.0000 24164 [ C0D9D9711CB74EE9BC66353D8CBDAB0E ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
23:22:03.0093 24164 RDSessMgr - ok
23:22:03.0109 24164 [ 611BFD220305BE3A85AE876EA47D4AA5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
23:22:03.0203 24164 redbook - ok
23:22:03.0234 24164 [ 127C26B5371651043450E52542099ABA ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
23:22:03.0312 24164 RemoteAccess - ok
23:22:03.0343 24164 [ 718B3BDC0BC3C2F7D065A53D26202AF9 ] RpcLocator C:\WINDOWS\system32\locator.exe
23:22:03.0437 24164 RpcLocator - ok
23:22:03.0453 24164 [ BE27674D1CBC3214AEC84B4336A38BBF ] RpcSs C:\WINDOWS\system32\rpcss.dll
23:22:03.0484 24164 RpcSs - ok
23:22:03.0515 24164 [ 09AB2E71E58B078038E3BFDBA7FFC984 ] RSVP C:\WINDOWS\system32\rsvp.exe
23:22:03.0609 24164 RSVP - ok
23:22:03.0625 24164 [ ED0A176354487CEED65B80A7148AB739 ] SamSs C:\WINDOWS\system32\lsass.exe
23:22:03.0703 24164 SamSs - ok
23:22:03.0734 24164 [ 39763504067962108505BFF25F024345 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
23:22:03.0750 24164 SASDIFSV - ok
23:22:03.0750 24164 [ 77B9FC20084B48408AD3E87570EB4A85 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
23:22:03.0765 24164 SASKUTIL - ok
23:22:03.0828 24164 [ D89E8EC59EDE34F6D304A7B3E460316D ] scan C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\scan.dll
23:22:03.0828 24164 scan ( UnsignedFile.Multi.Generic ) - warning
23:22:03.0828 24164 scan - detected UnsignedFile.Multi.Generic (1)
23:22:03.0843 24164 [ 410046E401EB11E1E6749E9DEEA41D4A ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
23:22:03.0937 24164 SCardSvr - ok
23:22:03.0968 24164 [ 3FF232A7731621B8902D81D42418C93C ] Schedule C:\WINDOWS\system32\schedsvc.dll
23:22:04.0062 24164 Schedule - ok
23:22:04.0078 24164 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
23:22:04.0171 24164 Secdrv - ok
23:22:04.0187 24164 [ 477E2C3CC5E4A0D635BCB0EA8DCAC3C6 ] seclogon C:\WINDOWS\System32\seclogon.dll
23:22:04.0281 24164 seclogon - ok
23:22:04.0312 24164 [ A530B75C10C23C9AB28FDB6CE719E21F ] SENS C:\WINDOWS\system32\sens.dll
23:22:04.0390 24164 SENS - ok
23:22:04.0406 24164 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
23:22:04.0484 24164 serenum - ok
23:22:04.0500 24164 [ B842729337C9B921615C40D3C1A1AF96 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
23:22:04.0578 24164 Serial - ok
23:22:04.0625 24164 [ 4C0D673281178CB496011A2E28571FC8 ] sfdrv01 C:\WINDOWS\system32\drivers\sfdrv01.sys
23:22:04.0640 24164 sfdrv01 ( UnsignedFile.Multi.Generic ) - warning
23:22:04.0640 24164 sfdrv01 - detected UnsignedFile.Multi.Generic (1)
23:22:04.0656 24164 [ 462AEE0EA0481EA8BD45CAC876A4CCC4 ] sfhlp01 C:\WINDOWS\system32\drivers\sfhlp01.sys
23:22:04.0656 24164 sfhlp01 ( UnsignedFile.Multi.Generic ) - warning
23:22:04.0656 24164 sfhlp01 - detected UnsignedFile.Multi.Generic (1)
23:22:04.0671 24164 [ 15BE2B5E4DC5B8623CF167720682ABC9 ] sfhlp02 C:\WINDOWS\system32\drivers\sfhlp02.sys
23:22:04.0671 24164 sfhlp02 ( UnsignedFile.Multi.Generic ) - warning
23:22:04.0671 24164 sfhlp02 - detected UnsignedFile.Multi.Generic (1)
23:22:04.0671 24164 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
23:22:04.0765 24164 Sfloppy - ok
23:22:04.0765 24164 [ D5A7E09D2C6A702809E49190D52ADC9F ] sfvfs02 C:\WINDOWS\system32\drivers\sfvfs02.sys
23:22:04.0765 24164 sfvfs02 ( UnsignedFile.Multi.Generic ) - warning
23:22:04.0765 24164 sfvfs02 - detected UnsignedFile.Multi.Generic (1)
23:22:04.0812 24164 [ F58FACA9621D2DB01BD0927D9A0A208E ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
23:22:04.0906 24164 SharedAccess - ok
23:22:04.0921 24164 [ EE9A2B9EA968A792A053C9D1A86BF870 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
23:22:04.0937 24164 ShellHWDetection - ok
23:22:04.0937 24164 Simbad - ok
23:22:04.0984 24164 [ EA396139541706B4B433641D62EA53CE ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
23:22:05.0000 24164 SkypeUpdate - ok
23:22:05.0015 24164 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
23:22:05.0109 24164 SLIP - ok
23:22:05.0125 24164 [ A1ECEEAA5C5E74B2499EB51D38185B84 ] SONYPVU1 C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
23:22:05.0234 24164 SONYPVU1 - ok
23:22:05.0234 24164 Sparrow - ok
23:22:05.0250 24164 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
23:22:05.0343 24164 splitter - ok
23:22:05.0359 24164 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
23:22:05.0390 24164 Spooler - ok
23:22:05.0421 24164 [ 0022CFFF1A41E5CE3A764050A7DDF22A ] sptd C:\WINDOWS\System32\Drivers\sptd.sys
23:22:05.0453 24164 sptd - ok
23:22:05.0453 24164 [ 94610C8653635E4459316A0050D55CE7 ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
23:22:05.0546 24164 sr - ok
23:22:05.0562 24164 [ 35B91147124F64AC8081A2EDB9EA4DEE ] srservice C:\WINDOWS\system32\srsvc.dll
23:22:05.0656 24164 srservice - ok
23:22:05.0671 24164 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
23:22:05.0703 24164 Srv - ok
23:22:05.0718 24164 [ 64E44ACD8C238FCBBB78F0BA4BDC4B05 ] ssadbus C:\WINDOWS\system32\DRIVERS\ssadbus.sys
23:22:05.0765 24164 ssadbus - ok
23:22:05.0781 24164 [ BB2C84A15C765DA89FD832B0E73F26CE ] ssadmdfl C:\WINDOWS\system32\DRIVERS\ssadmdfl.sys
23:22:05.0828 24164 ssadmdfl - ok
23:22:05.0859 24164 [ 6D0D132DDC6F43EDA00DCED6D8B1CA31 ] ssadmdm C:\WINDOWS\system32\DRIVERS\ssadmdm.sys
23:22:05.0890 24164 ssadmdm - ok
23:22:05.0906 24164 [ 1A5A397BC459F346AB56492B61EF79F6 ] ssadserd C:\WINDOWS\system32\DRIVERS\ssadserd.sys
23:22:05.0921 24164 ssadserd - ok
23:22:05.0968 24164 [ BECD5271DC4E3B7C3D035F790FCBC1E5 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
23:22:06.0062 24164 SSDPSRV - ok
23:22:06.0093 24164 [ 8F299012EF58246F1C98DE7B7E48DBF0 ] ssudmdm C:\WINDOWS\system32\DRIVERS\ssudmdm.sys
23:22:06.0109 24164 ssudmdm - ok
23:22:06.0125 24164 [ C1CDD9275F6A115BB0AE1D55D8D27BA6 ] stisvc C:\WINDOWS\system32\wiaservc.dll
23:22:06.0218 24164 stisvc - ok
23:22:06.0234 24164 [ 77813007BA6265C4B6098187E6ED79D2 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
23:22:06.0328 24164 streamip - ok
23:22:06.0343 24164 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
23:22:06.0437 24164 swenum - ok
23:22:06.0453 24164 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
23:22:06.0546 24164 swmidi - ok
23:22:06.0562 24164 SwPrv - ok
23:22:06.0562 24164 symc810 - ok
23:22:06.0562 24164 symc8xx - ok
23:22:06.0578 24164 sym_hi - ok
23:22:06.0578 24164 sym_u3 - ok
23:22:06.0593 24164 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
23:22:06.0687 24164 sysaudio - ok
23:22:06.0718 24164 [ CE06F01B88ACE199A1BF460CAC29C110 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
23:22:06.0796 24164 SysmonLog - ok
23:22:06.0828 24164 [ C2546CD7A398476F9DF5614B2AE160E8 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
23:22:06.0906 24164 TapiSrv - ok
23:22:06.0953 24164 [ A29E1209F925A0E9B330E11DA5FC7BAB ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
23:22:06.0968 24164 Tcpip ( UnsignedFile.Multi.Generic ) - warning
23:22:06.0968 24164 Tcpip - detected UnsignedFile.Multi.Generic (1)
23:22:06.0984 24164 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
23:22:07.0078 24164 TDPIPE - ok
23:22:07.0078 24164 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
23:22:07.0171 24164 TDTCP - ok
23:22:07.0187 24164 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
23:22:07.0281 24164 TermDD - ok
23:22:07.0312 24164 [ A75DD6FC3DBEE4FFF5EBC9F2C28BB66E ] TermService C:\WINDOWS\System32\termsrv.dll
23:22:07.0390 24164 TermService - ok
23:22:07.0406 24164 [ EE9A2B9EA968A792A053C9D1A86BF870 ] Themes C:\WINDOWS\System32\shsvcs.dll
23:22:07.0421 24164 Themes - ok
23:22:07.0468 24164 [ 3199A477F0F06EEDE41BD55179F8EB05 ] TomTomHOMEService C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
23:22:07.0468 24164 TomTomHOMEService - ok
23:22:07.0484 24164 TosIde - ok
23:22:07.0500 24164 [ 38853304CCB938D30E0C4CDE8D2C2A8A ] TrkWks C:\WINDOWS\system32\trkwks.dll
23:22:07.0578 24164 TrkWks - ok
23:22:07.0578 24164 Trufos - ok
23:22:07.0593 24164 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
23:22:07.0687 24164 Udfs - ok
23:22:07.0687 24164 ultra - ok
23:22:07.0718 24164 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
23:22:07.0796 24164 Update - ok
23:22:07.0828 24164 [ 651BD90DCEE5B7BDC74A2EB7C9266F9E ] upnphost C:\WINDOWS\System32\upnphost.dll
23:22:07.0921 24164 upnphost - ok
23:22:07.0937 24164 [ 20A0F6A11959E92908717D09E87D670D ] UPS C:\WINDOWS\System32\ups.exe
23:22:08.0031 24164 UPS - ok
23:22:08.0062 24164 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
23:22:08.0156 24164 usbccgp - ok
23:22:08.0171 24164 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
23:22:08.0250 24164 usbehci - ok
23:22:08.0265 24164 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
23:22:08.0359 24164 usbhub - ok
23:22:08.0375 24164 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
23:22:08.0468 24164 usbprint - ok
23:22:08.0500 24164 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
23:22:08.0578 24164 usbscan - ok
23:22:08.0593 24164 [ A32426D9B14A089EAA1D922E0C5801A9 ] usbstor C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
23:22:08.0687 24164 usbstor - ok
23:22:08.0718 24164 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
23:22:08.0796 24164 usbuhci - ok
23:22:08.0812 24164 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
23:22:08.0906 24164 VgaSave - ok
23:22:08.0906 24164 ViaIde - ok
23:22:08.0937 24164 [ 28A4B296B47782173C346E376CB374D1 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
23:22:09.0015 24164 VolSnap - ok
23:22:09.0046 24164 [ D6BA1A63D9E00933F1CD2A885573AFB2 ] VSS C:\WINDOWS\System32\vssvc.exe
23:22:09.0125 24164 VSS - ok
23:22:09.0203 24164 [ D55D754A7C53F82AB68206BA8D82E80C ] VSSERV C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
23:22:09.0296 24164 VSSERV ( UnsignedFile.Multi.Generic ) - warning
23:22:09.0296 24164 VSSERV - detected UnsignedFile.Multi.Generic (1)
23:22:09.0343 24164 [ FA4E1CDBA256787F2149F4AAD07BC91F ] W32Time C:\WINDOWS\system32\w32time.dll
23:22:09.0437 24164 W32Time - ok
23:22:09.0453 24164 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
23:22:09.0531 24164 Wanarp - ok
23:22:09.0562 24164 [ D918617B46457B9AC28027722E30F647 ] Wdf01000 C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
23:22:09.0578 24164 Wdf01000 - ok
23:22:09.0578 24164 WDICA - ok
23:22:09.0609 24164 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
23:22:09.0718 24164 wdmaud - ok
23:22:09.0734 24164 [ 47AE51048A82DFA1CD6B51D369F7E169 ] WebClient C:\WINDOWS\System32\webclnt.dll
23:22:09.0828 24164 WebClient - ok
23:22:09.0890 24164 [ E488332126E3B1182D2B8A0C35408EC6 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
23:22:09.0968 24164 winmgmt - ok
23:22:10.0015 24164 [ 4D34CEDD74BDBF2B6A935EAE3BF80543 ] WinRM C:\WINDOWS\system32\WsmSvc.dll
23:22:10.0125 24164 WinRM - ok
23:22:10.0156 24164 [ 30FC6E5448D0CBAAA95280EEEF7FEDAE ] WinUSB C:\WINDOWS\system32\DRIVERS\WinUSB.sys
23:22:10.0187 24164 WinUSB - ok
23:22:10.0250 24164 [ 5144AE67D60EC653F97DDF3FEED29E77 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
23:22:10.0296 24164 wlidsvc - ok
23:22:10.0328 24164 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
23:22:10.0359 24164 WmdmPmSN - ok
23:22:10.0390 24164 [ 23F6F03272F7E5679F1F050AED5ACEE6 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
23:22:10.0500 24164 WmiApSrv - ok
23:22:10.0562 24164 [ 3739866D20ABD42F26A7B85F9E2560AF ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
23:22:10.0593 24164 WMPNetworkSvc - ok
23:22:10.0625 24164 [ CF4DEF1BF66F06964DC0D91844239104 ] WpdUsb C:\WINDOWS\system32\DRIVERS\wpdusb.sys
23:22:10.0640 24164 WpdUsb - ok
23:22:10.0703 24164 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
23:22:10.0781 24164 WPFFontCache_v0400 - ok
23:22:10.0812 24164 [ 4C86D5FAF78194995AF9CC1075F65DD3 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
23:22:10.0906 24164 wscsvc - ok
23:22:10.0937 24164 [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
23:22:11.0031 24164 WSTCODEC - ok
23:22:11.0046 24164 [ C1364564800EE9784192145324A23308 ] wuauserv C:\WINDOWS\system32\wuauserv.dll
23:22:11.0125 24164 wuauserv - ok
23:22:11.0156 24164 [ EAA6324F51214D2F6718977EC9CE0DEF ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
23:22:11.0187 24164 WudfPf - ok
23:22:11.0203 24164 [ F91FF1E51FCA30B3C3981DB7D5924252 ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
23:22:11.0218 24164 WudfRd - ok
23:22:11.0234 24164 [ DDEE3682FE97037C45F4D7AB467CB8B6 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
23:22:11.0250 24164 WudfSvc - ok
23:22:11.0281 24164 [ A27D4BA7264C0BF52F32D10405BEA1D4 ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
23:22:11.0406 24164 WZCSVC - ok
23:22:11.0421 24164 [ EAA4BB9EDB3FB10CF8979FE65E63658F ] xmlprov C:\WINDOWS\System32\xmlprov.dll
23:22:11.0515 24164 xmlprov - ok
23:22:11.0546 24164 [ 936A0E2D44ADF93CE0DF8E92AAB29C6E ] yukonwxp C:\WINDOWS\system32\DRIVERS\yk51x86.sys
23:22:11.0578 24164 yukonwxp - ok
23:22:11.0609 24164 [ 228EF1572CED753FE18409BB77123204 ] ZDCNDIS5 C:\WINDOWS\system32\ZDCNDIS5.sys
23:22:11.0625 24164 ZDCNDIS5 ( UnsignedFile.Multi.Generic ) - warning
23:22:11.0625 24164 ZDCNDIS5 - detected UnsignedFile.Multi.Generic (1)
23:22:11.0625 24164 zgwhsmdm - ok
23:22:11.0656 24164 [ 6DD2A9E2828459CCAD7B5F9AD367097A ] ZY271N_XP C:\WINDOWS\system32\DRIVERS\WLANUHN.sys
23:22:11.0703 24164 ZY271N_XP - ok
23:22:11.0703 24164 Suspicious service (NoAccess): {FD57ADF8-28A0-4AE0-9E6C-80E1BDA92434}
23:22:11.0703 24164 ================ Scan global ===============================
23:22:11.0734 24164 [ F36278E42C8C5DF03CE17DAC8231C91C ] C:\WINDOWS\system32\basesrv.dll
23:22:11.0765 24164 [ F3FA14A297BC687D0B51289D034033C9 ] C:\WINDOWS\system32\winsrv.dll
23:22:11.0781 24164 [ F3FA14A297BC687D0B51289D034033C9 ] C:\WINDOWS\system32\winsrv.dll
23:22:11.0796 24164 [ 9EF697AF07BB8DD82C3B02CA953A95B7 ] C:\WINDOWS\system32\services.exe
23:22:11.0796 24164 [Global] - ok
23:22:11.0796 24164 ================ Scan MBR ==================================
23:22:11.0812 24164 [ 413FC2A0C716421B3158746D63736515 ] \Device\Harddisk0\DR0
23:22:12.0062 24164 \Device\Harddisk0\DR0 - ok
23:22:12.0062 24164 ================ Scan VBR ==================================
23:22:12.0062 24164 [ 1E050E290B217986623BEE44B9932481 ] \Device\Harddisk0\DR0\Partition1
23:22:12.0062 24164 \Device\Harddisk0\DR0\Partition1 - ok
23:22:12.0078 24164 [ B710322989FAA4C22A3BAD2F1A2D7BEC ] \Device\Harddisk0\DR0\Partition2
23:22:12.0093 24164 \Device\Harddisk0\DR0\Partition2 - ok
23:22:12.0093 24164 ============================================================
23:22:12.0093 24164 Scan finished
23:22:12.0093 24164 ============================================================
23:22:12.0187 21548 Detected object count: 22
23:22:12.0187 21548 Actual detected object count: 22
23:23:01.0531 21548 AppMgmt ( UnsignedFile.Multi.Generic ) - skipped by user
23:23:01.0531 21548 AppMgmt ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:23:01.0531 21548 asuskbnt ( UnsignedFile.Multi.Generic ) - skipped by user
23:23:01.0531 21548 asuskbnt ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:23:01.0531 21548 ATKKeyboardService ( UnsignedFile.Multi.Generic ) - skipped by user
23:23:01.0531 21548 ATKKeyboardService ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:23:01.0531 21548 BDSelfPr ( UnsignedFile.Multi.Generic ) - skipped by user
23:23:01.0531 21548 BDSelfPr ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:23:01.0531 21548 EIO ( UnsignedFile.Multi.Generic ) - skipped by user
23:23:01.0531 21548 EIO ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:23:01.0546 21548 ENTECH ( UnsignedFile.Multi.Generic ) - skipped by user
23:23:01.0546 21548 ENTECH ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:23:01.0546 21548 FsUsbExDisk ( UnsignedFile.Multi.Generic ) - skipped by user
23:23:01.0546 21548 FsUsbExDisk ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:23:01.0546 21548 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
23:23:01.0546 21548 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:23:01.0546 21548 JGOGO ( UnsignedFile.Multi.Generic ) - skipped by user
23:23:01.0546 21548 JGOGO ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:23:01.0546 21548 JRAID ( UnsignedFile.Multi.Generic ) - skipped by user
23:23:01.0546 21548 JRAID ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:23:01.0546 21548 PMEM ( UnsignedFile.Multi.Generic ) - skipped by user
23:23:01.0546 21548 PMEM ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:23:01.0546 21548 prodrv06 ( UnsignedFile.Multi.Generic ) - skipped by user
23:23:01.0546 21548 prodrv06 ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:23:01.0546 21548 prohlp02 ( UnsignedFile.Multi.Generic ) - skipped by user
23:23:01.0546 21548 prohlp02 ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:23:01.0546 21548 prosync1 ( UnsignedFile.Multi.Generic ) - skipped by user
23:23:01.0546 21548 prosync1 ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:23:01.0546 21548 scan ( UnsignedFile.Multi.Generic ) - skipped by user
23:23:01.0546 21548 scan ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:23:01.0546 21548 sfdrv01 ( UnsignedFile.Multi.Generic ) - skipped by user
23:23:01.0546 21548 sfdrv01 ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:23:01.0562 21548 sfhlp01 ( UnsignedFile.Multi.Generic ) - skipped by user
23:23:01.0562 21548 sfhlp01 ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:23:01.0562 21548 sfhlp02 ( UnsignedFile.Multi.Generic ) - skipped by user
23:23:01.0562 21548 sfhlp02 ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:23:01.0562 21548 sfvfs02 ( UnsignedFile.Multi.Generic ) - skipped by user
23:23:01.0562 21548 sfvfs02 ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:23:01.0562 21548 Tcpip ( UnsignedFile.Multi.Generic ) - skipped by user
23:23:01.0562 21548 Tcpip ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:23:01.0562 21548 VSSERV ( UnsignedFile.Multi.Generic ) - skipped by user
23:23:01.0562 21548 VSSERV ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:23:01.0562 21548 ZDCNDIS5 ( UnsignedFile.Multi.Generic ) - skipped by user
23:23:01.0562 21548 ZDCNDIS5 ( UnsignedFile.Multi.Generic ) - User select action: Skip

#9 Příspěvek od **vyosek** » 18 zář 2012 22:26

Fajn, tohle bychom meli, jdeme dale

Stahnete RKill http://download.bleepingcomputer.com/grinler/rkill.com

Pokud ho havet blokuje, pouzijte jeden z nasledujicich - i ty prejmenovane
Rkill EXE:
http://download.bleepingcomputer.com/grinler/rkill.exe

Rkill iExplore.exe:
http://download.bleepingcomputer.com/gr ... xplore.exe

Rkill uSeRiNiT.exe:
http://download.bleepingcomputer.com/gr ... eRiNiT.exe

Rkill WiNlOgOn.exe:
http://download.bleepingcomputer.com/gr ... NlOgOn.exe
Ulozte nejlepena plochu a ukoncete vsechny aplikace (jinak to udela RKill za Vas)
Spustte tradicne dvojklikem - program probehne do par sekund a ukonci i svou cinnost
RKill ukonci vsechny ne-systemove procesy - tedy i procesy, pod kterymi bezi havet
Na plose vznikne log Rkill.txt ten mi sem vlozte
Ted nerestartujte PC - prisli byste o ucinek RKillu

PROSIM CTETE DUKLADNE NAVOD - TATO UTILITA MA VELKOU SCHOPNOST MAZAT A JE NUTNE JI APLIKOVAT JEN NA DOPORUCENI, JINAK VAM MUZE JIT SYSTEM DO KYTEK

Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.
Pokud mate Win XP spustte pod uctem Spravce\Administratora
Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte
Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix

tons · #10 Příspěvek od **tons** » 18 zář 2012 22:38

tak Rkill probehl, ted du na Combofix...

Rkill 2.3.15 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 09/18/2012 11:34:17 PM in x86 mode.
Windows Version: Microsoft Windows XP Service Pack 3

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* C:\WINDOWS\ATKKBService.exe (PID: 228) [WD-HEUR]

1 proccess terminated!

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* No issues found.

Checking Windows Service Integrity:

* Služba obnovení systému (srservice) is not Running.
Startup Type set to: Automatic

* AppMgmt [Missing Service]

* sr => \SystemRoot\system32\DRIVERS\sr.sys [Incorrect ImagePath]

Searching for Missing Digital Signatures:

* C:\WINDOWS\System32\appmgmts.dll [NoSig]

* C:\WINDOWS\System32\Drivers\tcpip.sys [NoSig]
+-> C:\WINDOWS\$hf_mig$\KB2509553\SP3QFE\tcpip.sys : 361 600 : 06/20/2008 01:59 PM : ad978a1b783b5719720cff204b666c8e [Pos Repl]
+-> C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\tcpip.sys : 360 960 : 06/20/2008 01:44 AM : 744e57c99232201ae98c49168b918f48 [Pos Repl]
+-> C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\tcpip.sys : 361 600 : 06/20/2008 01:51 PM : 9aefa14bd6b182d61e3119fa5f436d3d [Pos Repl]
+-> C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys : 361 600 : 06/20/2008 01:59 PM : ad978a1b783b5719720cff204b666c8e [Pos Repl]
+-> C:\WINDOWS\$NtServicePackUninstall$\tcpip.sys : 360 320 : 06/20/2008 00:45 AM : 2a5554fc5b1e04e131230e3ce035c3f9 [Pos Repl]
+-> C:\WINDOWS\$NtUninstallKB951748$\tcpip.sys : 361 344 : 04/13/2008 09:20 PM : 93ea8d04ec73a85db02eb8805988f733 [Pos Repl]
+-> C:\WINDOWS\$NtUninstallKB951748_0$\tcpip.sys : 359 040 : 03/02/2006 01:00 PM : 9f4b36614a0fc234525ba224957de55c [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\tcpip.sys : 361 344 : 04/13/2008 09:20 PM : 93ea8d04ec73a85db02eb8805988f733 [Pos Repl]
+-> C:\WINDOWS\system32\dllcache\tcpip.sys : 361 600 : 06/20/2008 01:51 PM : 9aefa14bd6b182d61e3119fa5f436d3d [Pos Repl]

Program finished at: 09/18/2012 11:35:04 PM
Execution time: 0 hours(s), 0 minute(s), and 47 seconds(s)

#11 Příspěvek od **vyosek** » 18 zář 2012 22:40

OK, pockam na ComboFix, ceka nas hodne oprav

tons · #12 Příspěvek od **tons** » 18 zář 2012 22:50

Diky za zajem, nemam tuseni k cemu v PC vlastne doslo. Je to hodne spatny?
ComboFix jeste bezi, PC je v klidu, postuju z laptopu...

#13 Příspěvek od **vyosek** » 18 zář 2012 22:54

Je tam hodne haveti, ale pokusime se to poradne vycistit a budem doufat, ze neni naboreny system...

tons · #14 Příspěvek od **tons** » 18 zář 2012 22:58

pred casem mi kolega tady pomahal zbavit se BSOD a zrychlit/procistit tohle PC
http://forum.viry.cz/viewtopic.php?t=116869

#15 Příspěvek od **vyosek** » 18 zář 2012 23:00

Je to skoro 3/4 roku, dooost dlouha doba za poradne zavirovani PC...

VIRY.CZ

Havěť položila Antivir

Havěť položila Antivir

Re: Havěť položila Antivir

Re: Havěť položila Antivir

Re: Havěť položila Antivir

Re: Havěť položila Antivir

Re: Havěť položila Antivir

Re: Havěť položila Antivir

Re: Havěť položila Antivir

Re: Havěť položila Antivir

Re: Havěť položila Antivir

Re: Havěť položila Antivir

Re: Havěť položila Antivir

Re: Havěť položila Antivir

Re: Havěť položila Antivir

Re: Havěť položila Antivir