Virus a nefunguje IE

[T-I-Y]

Dobrý den,
mám takový problém.Avast (legální free verze) mi našel hrozbu.Myslím že se jmenovala nějak Win32:Sinowal-IK[Trj].Tento problém Avast asi vyřešil přesunutím do karantény.Nicméně od té doby je téměř nemožné pracovat s IE. Právě teď mi běží sken MBAM (Avast dočasně vypnut) jestli nejsou nějaké jiné hrozby v PC. Přikládám log z RSIT a prosím Vás o radu.

Mockrát díky,
přeji hezký den;)

Logfile of random's system information tool 1.06 (written by random/random)
Run by Roman at 2013-01-26 07:30:26
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 60 GB (39%) free of 153 GB
Total RAM: 2039 MB (46% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:30:37, on 26.1.2013
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
C:\Program Files\ATKGFNEX\GFNEXSrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\Common Files\soft602\602updsvc\602updsvc.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Software602\Print2PDF\Print2PDF.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
C:\Program Files\VibrateGameDeviceDriver\RFPIcon.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Roman\Dokumenty\Downloads\RSIT.exe
C:\Program Files\trend micro\Roman.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://toolbar.inbox.com/search/dispatc ... &%language
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://toolbar.inbox.com/search/ie.aspx ... =11&lng=cs
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://toolbar.inbox.com/help/sa_custom ... tbid=80096
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: pdfMachine - {56CF4856-ECB4-4e46-A897-A378821F97B9} - C:\WINDOWS\system32\bgstb.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: pdfMachine - {56CF4856-ECB4-4e46-A897-A378821F97B9} - C:\WINDOWS\system32\bgstb.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Print2PDF Print Monitor] "C:\Program Files\Software602\Print2PDF\Print2PDF.exe" /server
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [IJNetworkScanUtility] C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
O4 - HKLM\..\Run: [RTBatteryMeter] C:\Program Files\VibrateGameDeviceDriver\RFPIcon.exe
O4 - HKLM\..\Run: [NSU_agent] "C:\Program Files\Nokia\Nokia Software Updater\nsu3ui_agent.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-18 Startup: PicoPhone.lnk = E:\Program Files\PicoPhone164.exe (User 'SYSTEM')
O4 - S-1-5-18 Startup: SAM.lnk = C:\Program Files\SAM\SAM.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: PicoPhone.lnk = E:\Program Files\PicoPhone164.exe (User 'Default user')
O4 - .DEFAULT Startup: SAM.lnk = C:\Program Files\SAM\SAM.exe (User 'Default user')
O4 - Startup: PicoPhone.lnk = E:\Program Files\PicoPhone164.exe
O4 - Startup: SAM.lnk = C:\Program Files\SAM\SAM.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.eset.cz
O15 - Trusted Zone: http://www.intel.com
O15 - Trusted Zone: http://www.ziveprenosy.cz
O16 - DPF: {5CF549B1-E178-4D8C-ADEF-73F226644F12} (Room328 Designer Setup) - http://deploy.webvdecor.com/app/WebVDSetUp.cab
O16 - DPF: {6E49B4EF-9FE5-44DF-8D04-445AA94F83DB} (Sony Network Camera Viewer Control) - http://82.99.175.180/program/SonyNetwor ... Viewer.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O23 - Service: 602Updater (602XML Updater) - Software602 a.s. - C:\Program Files\Common Files\soft602\602updsvc\602updsvc.exe
O23 - Service: Konfigurační služba Atheros (ACS) - Atheros - C:\WINDOWS\system32\acs.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: ADSM Service (ADSMService) - Unknown owner - C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

--
End of file - 11111 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Adobe Flash Player Updater.job
C:\WINDOWS\tasks\avast! Emergency Update.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0347C33E-8762-4905-BF09-768834316C61}]
HP Print Enhancer - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll [2007-03-02 1298024]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{053F9267-DC04-4294-A72C-58F732D338C0}]
HP Print Clips - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll [2007-03-02 177768]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-04-04 63912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{56CF4856-ECB4-4e46-A897-A378821F97B9}]
pdfMachine - C:\WINDOWS\system32\bgstb.dll [2007-03-09 272088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre7\bin\ssv.dll [2012-09-08 449512]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2012-10-30 1227736]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2013-01-09 192144]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll [2013-01-09 1000984]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2012-09-08 157672]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{56CF4856-ECB4-4e46-A897-A378821F97B9} - pdfMachine - C:\WINDOWS\system32\bgstb.dll [2007-03-09 272088]
Locked
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2012-10-30 1227736]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2013-01-09 192144]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2008-02-15 135168]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2008-02-15 159744]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2008-02-15 131072]
"Print2PDF Print Monitor"=C:\Program Files\Software602\Print2PDF\Print2PDF.exe [2011-10-04 220992]
"avast"=C:\Program Files\AVAST Software\Avast\avastUI.exe [2012-10-30 4297136]
"IJNetworkScanUtility"=C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe [2010-03-02 140640]
"RTBatteryMeter"=C:\Program Files\VibrateGameDeviceDriver\RFPIcon.exe [2003-01-16 49152]
"NSU_agent"=C:\Program Files\Nokia\Nokia Software Updater\nsu3ui_agent.exe [2012-02-28 190768]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2012-07-03 252848]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-12-03 946352]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"=C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2007-06-20 451872]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
""= []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ActivControl]
C:\Program Files\Activ Software\ActivDriver\ActivControl2.exe [2010-12-17 1094000]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
Service Manager.lnk - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe

C:\Documents and Settings\Roman\Nabídka Start\Programy\Po spuštění
PicoPhone.lnk - E:\Program Files\PicoPhone164.exe
SAM.lnk - C:\Program Files\SAM\SAM.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2008-02-15 208896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG8\avgemc.exe"="C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe"
"C:\Program Files\AVG\AVG8\avgnsx.exe"="C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Nokia\Nokia Software Updater\nsu_ui_client.exe"="C:\Program Files\Nokia\Nokia Software Updater\nsu_ui_client.exe:*:Enabled:Nokia Software Updater"
"C:\Program Files\Common Files\Nokia\Service Layer\A\nsl_host_process.exe"="C:\Program Files\Common Files\Nokia\Service Layer\A\nsl_host_process.exe:*:Enabled:Nokia Service Layer Host Process "
"C:\Program Files\AeriaGames\Project Torque\ProjectTorque.bin"="C:\Program Files\AeriaGames\Project Torque\ProjectTorque.bin:*:Enabled:Game"
"E:\FireSky\Stargate Resistance\Binaries\Win32\SGBGame.exe"="E:\FireSky\Stargate Resistance\Binaries\Win32\SGBGame.exe:*:Enabled:SGBGame"
"C:\Program Files\Xfire\xfire.exe"="C:\Program Files\Xfire\xfire.exe:*:Enabled:Xfire"
"E:\Programy\Nainstalované\Xfire\Xfire.exe"="E:\Programy\Nainstalované\Xfire\Xfire.exe:*:Enabled:Xfire"
"E:\Programy\Nainstalované\ICQ7.1\ICQ.exe"="E:\Programy\Nainstalované\ICQ7.1\ICQ.exe:*:Enabled:ICQ"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Documents and Settings\Roman\Plocha\MP3\Democracy Player\xulrunner\Democracy.exe"="C:\Documents and Settings\Roman\Plocha\MP3\Democracy Player\xulrunner\Democracy.exe:*:Enabled:Democracy"
"E:\Hry\Counter Strike\hlds.exe"="E:\Hry\Counter Strike\hlds.exe:*:Enabled:HLDS Launcher"
"E:\Hry\Counter Strike\hltv.exe"="E:\Hry\Counter Strike\hltv.exe:*:Enabled:HLTV Launcher"
"E:\stanicar\Stanicar.exe"="E:\stanicar\Stanicar.exe:*:Enabled:Staničář 2.0"
"C:\Program Files\Google\Google Earth\client\googleearth.exe"="C:\Program Files\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth"
"C:\Program Files\Google\Google Earth\plugin\geplugin.exe"="C:\Program Files\Google\Google Earth\plugin\geplugin.exe:*:Enabled:Google Earth"
"E:\Hry\Counter Strike\hl.exe"="E:\Hry\Counter Strike\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Program Files\Common Files\soft602\langserv.exe"="C:\Program Files\Common Files\soft602\langserv.exe:*:Enabled:Software602 Spell Checker"
"E:\Hry\Wolfenstein\ET.exe"="E:\Hry\Wolfenstein\ET.exe:*:Enabled:ET"
"F:\Hry\CS 15-09-2011\hl.exe"="F:\Hry\CS 15-09-2011\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Documents and Settings\Roman\Plocha\VRÁTIT NA FLAŠKU\Counter-Strike\csko.exe"="C:\Documents and Settings\Roman\Plocha\VRÁTIT NA FLAŠKU\Counter-Strike\csko.exe:*:Enabled:Half-Life Launcher"
"C:\Documents and Settings\Roman\Plocha\VRÁTIT NA FLAŠKU\Counter Strike\csko.exe"="C:\Documents and Settings\Roman\Plocha\VRÁTIT NA FLAŠKU\Counter Strike\csko.exe:*:Enabled:Half-Life Launcher"
"C:\Documents and Settings\Roman\Plocha\VRÁTIT NA FLAŠKU\CS 1.6\csko.exe"="C:\Documents and Settings\Roman\Plocha\VRÁTIT NA FLAŠKU\CS 1.6\csko.exe:*:Enabled:Half-Life Launcher"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\Microsoft Games\FS2002\fs2002.exe"="C:\Program Files\Microsoft Games\FS2002\fs2002.exe:*:Enabled:Microsoft Flight Simulator Module"
"C:\WINDOWS\system32\muzapp.exe"="C:\WINDOWS\system32\muzapp.exe:*:Enabled:MUZ AOD APP player"
"C:\Program Files\Electronic Arts\Need For Speed World\Data\nfsw.exe"="C:\Program Files\Electronic Arts\Need For Speed World\Data\nfsw.exe:*:Enabled:Need for Speed World"
"C:\Documents and Settings\Roman\Plocha\aircrack-ng-1.1-win\bin\buddy-ng.exe"="C:\Documents and Settings\Roman\Plocha\aircrack-ng-1.1-win\bin\buddy-ng.exe:*:Enabled:buddy-ng"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4dd45945-c252-11de-bcab-001fc62c664c}]
shell\AutoRun\command - E:\setup_vmc_lite.exe /checkApplicationPresence

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4dd45946-c252-11de-bcab-001fc62c664c}]
shell\AutoRun\command - E:\setup_vmc_lite.exe /checkApplicationPresence

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5c81926d-ce1d-11de-bcc7-001fc62c664c}]
shell\AutoRun\command - E:\setup_vmc_lite.exe /checkApplicationPresence

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a7979204-c00c-11de-aa9f-001fc62c664c}]
shell\AutoRun\command - E:\setup_vmc_lite.exe /checkApplicationPresence

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a7979205-c00c-11de-aa9f-001fc62c664c}]
shell\AutoRun\command - E:\setup_vmc_lite.exe /checkApplicationPresence

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d6f782cc-22ca-11df-bdbf-001fc62c664c}]
shell\AutoRun\command - "E:\WD SmartWare.exe" autoplay=true


======List of files/folders created in the last 1 months======

2013-01-19 16:46:15 ----D---- C:\Program Files\Defraggler
2013-01-19 16:20:14 ----D---- C:\Program Files\VS Revo Group
2013-01-19 16:10:39 ----D---- C:\Program Files\Common Files\Adobe
2013-01-19 15:56:39 ----D---- C:\Program Files\CCleaner
2013-01-10 03:02:48 ----HDC---- C:\WINDOWS\$NtUninstallKB2757638$

======List of files/folders modified in the last 1 months======

2013-01-26 07:30:33 ----D---- C:\WINDOWS\Prefetch
2013-01-26 07:30:29 ----D---- C:\Program Files\trend micro
2013-01-26 06:21:12 ----D---- C:\WINDOWS\Temp
2013-01-25 22:25:00 ----A---- C:\WINDOWS\SchedLgU.Txt
2013-01-25 18:04:37 ----HD---- C:\WINDOWS\inf
2013-01-25 18:03:56 ----D---- C:\WINDOWS\system32\CatRoot2
2013-01-25 18:00:14 ----D---- C:\WINDOWS\system32\drivers
2013-01-24 10:21:18 ----D---- C:\WINDOWS\system32
2013-01-24 08:28:46 ----D---- C:\WINDOWS
2013-01-23 10:46:56 ----D---- C:\Documents and Settings\All Users\Data aplikací\Adobe
2013-01-23 09:14:06 ----A---- C:\WINDOWS\NeroDigital.ini
2013-01-20 09:08:57 ----HD---- C:\Config.Msi
2013-01-19 16:46:15 ----RD---- C:\Program Files
2013-01-19 16:44:55 ----D---- C:\Documents and Settings\All Users\Data aplikací\Promethean
2013-01-19 16:42:23 ----SHD---- C:\WINDOWS\Installer
2013-01-19 16:41:25 ----D---- C:\Documents and Settings\All Users\Data aplikací\Activ Software
2013-01-19 16:41:18 ----D---- C:\Program Files\Common Files\Activ Software
2013-01-19 16:35:16 ----D---- C:\Program Files\Samsung
2013-01-19 16:35:14 ----HD---- C:\Program Files\InstallShield Installation Information
2013-01-19 16:29:30 ----RSD---- C:\WINDOWS\assembly
2013-01-19 16:21:36 ----RD---- C:\Program Files\Skype
2013-01-19 16:12:41 ----SD---- C:\Documents and Settings\Roman\Data aplikací\Microsoft
2013-01-19 16:12:41 ----D---- C:\Documents and Settings\Roman\Data aplikací\Adobe
2013-01-19 16:10:39 ----D---- C:\Program Files\Common Files
2013-01-19 16:10:39 ----D---- C:\Program Files\Adobe
2013-01-19 16:06:31 ----SD---- C:\WINDOWS\Tasks
2013-01-19 16:01:16 ----D---- C:\Documents and Settings\Roman\Data aplikací\Skype
2013-01-19 16:00:54 ----D---- C:\WINDOWS\Minidump
2013-01-19 16:00:54 ----D---- C:\WINDOWS\Debug
2013-01-15 03:01:57 ----RSHDC---- C:\WINDOWS\system32\dllcache
2013-01-15 03:00:29 ----HD---- C:\WINDOWS\$hf_mig$
2013-01-10 03:19:26 ----D---- C:\WINDOWS\Microsoft.NET
2013-01-10 03:15:26 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2013-01-10 03:14:38 ----D---- C:\WINDOWS\WinSxS
2013-01-09 02:48:36 ----A---- C:\WINDOWS\system32\FlashPlayerApp.exe
2013-01-06 17:07:09 ----D---- C:\Documents and Settings\Roman\Data aplikací\vlc
2013-01-06 06:33:55 ----A---- C:\WINDOWS\system32\mshtml.dll
2013-01-03 23:45:15 ----D---- C:\WINDOWS\Help

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2012-10-30 25256]
R1 AswRdr;aswRdr; C:\WINDOWS\system32\drivers\AswRdr.sys [2012-10-30 35928]
R1 aswSnx;aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [2012-10-30 738504]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2012-10-30 361032]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2012-10-30 54232]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 Tosrfcom;Bluetooth RFCOMM; C:\WINDOWS\System32\Drivers\tosrfcom.sys [2007-05-24 64000]
R2 ASMMAP;ASMMAP; \??\C:\Program Files\ATKGFNEX\ASMMAP.sys []
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2012-10-30 21256]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2012-10-30 97608]
R2 ghaio;ghaio; \??\C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys []
R2 rimmptsk;rimmptsk; C:\WINDOWS\system32\DRIVERS\rimmptsk.sys [2007-08-08 45568]
R2 rimsptsk;rimsptsk; C:\WINDOWS\system32\DRIVERS\rimsptsk.sys [2007-07-30 43008]
R3 AR5211;Atheros Wireless Network Adapter Service; C:\WINDOWS\system32\DRIVERS\ar5211.sys [2007-10-26 549184]
R3 CmBatt;Microsoft AC Adapter Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 DynCal;Dynamic Calibration Service; C:\WINDOWS\system32\drivers\Dyncal.sys [2007-11-07 12928]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2008-02-15 5854752]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-11-01 4620288]
R3 kbfiltr;Keyboard Filter; C:\WINDOWS\system32\DRIVERS\kbfiltr.sys [2007-01-24 5632]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 MTsensor;ATK0100 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ATKACPI.sys [2007-08-24 5760]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2006-03-02 5888]
R3 RTL8023xp;Realtek 10/100/1000 PCI NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys [2007-07-12 96384]
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-13 79232]
R3 smserial;smserial; C:\WINDOWS\system32\DRIVERS\smserial.sys [2006-11-22 982272]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2006-05-25 193088]
R3 tosporte;Bluetooth COM Port; C:\WINDOWS\system32\DRIVERS\tosporte.sys [2006-10-10 41600]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 WSIMD;wsimd Service; C:\WINDOWS\system32\DRIVERS\wsimd.sys [2007-07-03 57344]
R3 xcpip;Ovladač protokolu TCP/IP; C:\WINDOWS\system32\drivers\xcpip.sys []
R3 xpsec;Ovladač IPSEC; C:\WINDOWS\system32\drivers\xpsec.sys []
S1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
S1 SASDIFSV;SASDIFSV; \??\C:\DOCUME~1\Roman\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS []
S1 SASKUTIL;SASKUTIL; \??\C:\DOCUME~1\Roman\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.SYS []
S3 ASNDIS5;ASNDIS5 Protocol Driver; \??\C:\PROGRA~1\ATKHOT~1\ASNDIS5.SYS []
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.); C:\WINDOWS\system32\DRIVERS\ssudbus.sys [2012-07-31 83168]
S3 dgderdrv;dgderdrv; C:\WINDOWS\System32\drivers\dgderdrv.sys [2012-08-28 20032]
S3 Dot4;Ovladač MS IEEE-1284.4; C:\WINDOWS\system32\DRIVERS\Dot4.sys [2008-04-13 206976]
S3 Dot4Print;Ovladač třídy tiskárny standardu IEEE-1284.4; C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys [2001-08-17 12928]
S3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:\WINDOWS\system32\DRIVERS\dot4usb.sys [2001-10-24 23808]
S3 EagleNT;EagleNT; \??\C:\WINDOWS\system32\drivers\EagleNT.sys []
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2007-03-08 49920]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2007-03-08 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2007-03-08 21568]
S3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys [2008-12-30 101120]
S3 MREMP50;MREMP50 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS []
S3 MREMP50a64;MREMP50a64 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS []
S3 MREMPR5;MREMPR5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS []
S3 MRENDIS5;MRENDIS5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS []
S3 MRESP50;MRESP50 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS []
S3 MRESP50a64;MRESP50a64 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS []
S3 nmwcd;Nokia USB Phone Parent Driver; C:\WINDOWS\system32\drivers\ccdcmb.sys [2012-01-09 18176]
S3 nmwcdc;Nokia USB Communication Driver; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2012-01-09 23168]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2012-06-27 19072]
S3 Penet;PlaceEngine NDIS Protocol Driver; C:\WINDOWS\system32\DRIVERS\penet.sys [2008-11-11 21376]
S3 qoj5.sys;qoj5.sys; \??\C:\WINDOWS\system32\drivers\qoj5.sys []
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
S3 sffdisk;Ovladač třídy úložiště SFF; C:\WINDOWS\system32\DRIVERS\sffdisk.sys [2008-04-13 11904]
S3 sffp_sd;Ovladač protokolu úložiště SFF pro paměť sběrnici SDBus; C:\WINDOWS\system32\DRIVERS\sffp_sd.sys [2008-04-13 11008]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.); C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [2012-07-31 181344]
S3 SynasUSB;SynasUSB; C:\WINDOWS\system32\drivers\SynasUSB.sys [2006-11-23 18432]
S3 tosrfbd;Bluetooth RFBUS; C:\WINDOWS\system32\DRIVERS\tosrfbd.sys [2007-04-24 113920]
S3 tosrfbnp;Bluetooth RFBNEP; C:\WINDOWS\System32\Drivers\tosrfbnp.sys [2006-11-20 36480]
S3 Tosrfhid;Bluetooth RFHID; C:\WINDOWS\system32\DRIVERS\Tosrfhid.sys [2007-03-01 73728]
S3 tosrfnds;Bluetooth Personal Area Network; C:\WINDOWS\system32\DRIVERS\tosrfnds.sys [2005-01-07 18612]
S3 TosRfSnd;Bluetooth Audio; C:\WINDOWS\system32\drivers\tosrfsnd.sys [2007-01-22 53376]
S3 tosrfusb;Bluetooth USB Controller; C:\WINDOWS\system32\DRIVERS\tosrfusb.sys [2007-06-11 41856]
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2012-01-09 8192]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2012-01-09 8192]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2009-07-14 444136]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2009-07-13 132224]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 602XML Updater;602Updater; C:\Program Files\Common Files\soft602\602updsvc\602updsvc.exe [2011-03-14 84520]
R2 ACS;Konfigurační služba Atheros; C:\WINDOWS\system32\acs.exe [2007-10-23 364629]
R2 ADSMService;ADSM Service; C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe [2007-05-18 73728]
R2 ATKGFNEXSrv;ATKGFNEX Service; C:\Program Files\ATKGFNEX\GFNEXSrv.exe [2007-08-07 94208]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-10-30 44808]
R2 hpqddsvc;Služba HP CUE DeviceDiscovery; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre7\bin\jqs.exe [2012-09-08 161768]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2007-06-28 79136]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe [2006-09-29 266343]
R2 spmgr;spmgr; C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe [2007-08-03 125496]
R2 TOSHIBA Bluetooth Service;TOSHIBA Bluetooth Service; C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe [2007-02-25 125048]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R3 hpqcxs08;hpqcxs08; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 gupdate;Google Update Service (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-03-11 135664]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-01-09 251400]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-03-11 135664]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2012-10-29 194032]
S3 idsvc;Služba Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 MSSQLSERVER;MSSQLSERVER; C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe [2005-05-04 9150464]
S3 MSSQLServerADHelper;MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [2005-05-03 73728]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-04-13 792112]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-06-01 271920]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2012-08-01 724888]
S3 SQLSERVERAGENT;SQLSERVERAGENT; C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlagent.EXE [2005-05-03 323584]
S3 WinRM;Windows Remote Management (WS-Management); C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S4 NetTcpPortSharing;Služba sdílení portů Net.Tcp; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

[Rudy]

Zdravím!
Dejte log ComboFix:

Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se

jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine

aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode,

pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k

nezadoucim kolizim s rezidentem antispyware

[T-I-Y]

Pustím to až mi doběhne sken MBAM.Je možné že mi ComboFix smaže nějaké soubory nebo si ty co maže někam zálohuje? Nemám možnost zálohování a o data se trochu bojím protože to není můj PC.

[Rudy]

CF zálohuje vše, co maže do složky c:\Quoobox. Zkotrolujte, zda tam nemáte program Účto, ten maže, ačkoli to není šmejd. Ten byste musel zazálohovat.

[T-I-Y]

Tak MBAM předtím nic nenašel.Avast našel MBRootkita stejně jako pak CF při skenu. IE už funguje přijatelně.Mockrát děkuji a přikládám log.

ComboFix 13-01-26.02 - Roman 26.01.2013 12:57:22.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.2039.1556 [GMT 1:00]
Spuštěný z: c:\documents and settings\Roman\Plocha\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\regtlib.exe
.
.
\\.\PhysicalDrive0 - Bootkit Sinowal was found and disinfected
.
\\.\PhysicalDrive0 - Bootkit Sinowal was found and disinfected
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_xcpip
-------\Service_xpsec
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-12-26 do 2013-01-26 )))))))))))))))))))))))))))))))
.
.
2013-01-26 07:39 . 2013-01-26 07:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-01-26 07:39 . 2012-12-14 15:49 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-01-19 15:46 . 2013-01-19 15:46 -------- d-----w- c:\program files\Defraggler
2013-01-19 15:20 . 2013-01-19 15:20 -------- d-----w- c:\program files\VS Revo Group
2013-01-19 15:10 . 2013-01-19 15:11 -------- d-----w- c:\program files\Common Files\Adobe
2013-01-19 14:56 . 2013-01-19 14:56 -------- d-----w- c:\program files\CCleaner
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-09 01:48 . 2012-05-05 16:25 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-01-09 01:48 . 2011-07-01 16:58 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-12-16 12:23 . 2006-03-02 12:00 290560 ----a-w- c:\windows\system32\atmfd.dll
2012-11-13 11:55 . 2006-03-02 12:00 1866368 ----a-w- c:\windows\system32\win32k.sys
2012-11-08 10:29 . 2012-11-08 10:29 1402312 ----a-w- c:\windows\system32\msxml4.dll
2012-11-06 02:00 . 2008-04-14 03:21 1371648 ------w- c:\windows\system32\msxml6.dll
2012-11-02 02:03 . 2006-03-02 12:00 375296 ----a-w- c:\windows\system32\dpnet.dll
2012-11-01 12:12 . 2006-03-02 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-11-01 12:12 . 2006-03-02 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-11-01 12:12 . 2006-03-02 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-11-01 00:35 . 2006-03-02 12:00 385024 ----a-w- c:\windows\system32\html.iec
2012-10-30 22:51 . 2012-03-02 18:27 361032 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-10-30 22:51 . 2012-03-02 18:27 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-10-30 22:51 . 2012-03-02 18:27 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-10-30 22:51 . 2012-03-02 18:27 738504 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-10-30 22:51 . 2012-03-02 18:27 97608 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2012-10-30 22:51 . 2012-03-02 18:27 89752 ----a-w- c:\windows\system32\drivers\aswmon.sys
2012-10-30 22:51 . 2012-03-02 18:27 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-10-30 22:51 . 2012-03-02 18:27 25256 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2012-10-30 22:51 . 2012-03-02 18:26 41224 ----a-w- c:\windows\avastSS.scr
2012-10-30 22:50 . 2012-03-02 18:26 227648 ----a-w- c:\windows\system32\aswBoot.exe
2009-06-10 11:49 . 2009-06-10 11:49 17695920 ----a-w- c:\program files\PDFCreator-0_9_8_setup.exe
2009-01-28 10:20 . 2009-01-28 10:20 7730856 ----a-w- c:\program files\Google_Earth_CZXV.exe
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 22:50 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-01 15:08 143360 ----a-w- c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-06-20 451872]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-15 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-15 159744]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-15 131072]
"Print2PDF Print Monitor"="c:\program files\Software602\Print2PDF\Print2PDF.exe" [2011-10-04 220992]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]
"IJNetworkScanUtility"="c:\program files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe" [2010-03-02 140640]
"RTBatteryMeter"="c:\program files\VibrateGameDeviceDriver\RFPIcon.exe" [2003-01-16 49152]
"NSU_agent"="c:\program files\Nokia\Nokia Software Updater\nsu3ui_agent.exe" [2012-02-28 190768]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\Roman\Nabídka Start\Programy\Po spuštění\
PicoPhone.lnk - e:\program files\PicoPhone164.exe [N/A]
SAM.lnk - c:\program files\SAM\SAM.exe [N/A]
.
c:\documents and settings\Roman\Nabídka Start\Programy\Po spuštění\
PicoPhone.lnk - e:\program files\PicoPhone164.exe [N/A]
SAM.lnk - c:\program files\SAM\SAM.exe [N/A]
.
c:\documents and settings\Roman\Nabídka Start\Programy\Po spuštění\
PicoPhone.lnk - e:\program files\PicoPhone164.exe [N/A]
SAM.lnk - c:\program files\SAM\SAM.exe [N/A]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2007-8-2 2760704]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]
Service Manager.lnk - c:\program files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2005-5-3 81920]
.
c:\documents and settings\Roman\Nabídka Start\Programy\Po spuštění\
PicoPhone.lnk - e:\program files\PicoPhone164.exe [N/A]
SAM.lnk - c:\program files\SAM\SAM.exe [N/A]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ActivControl]
2010-12-17 13:37 1094000 ----a-w- c:\program files\Activ Software\ActivDriver\ActivControl2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Program Files\\Common Files\\soft602\\langserv.exe"=
"c:\\Documents and Settings\\Roman\\Plocha\\VRÁTIT NA FLAŠKU\\CS 1.6\\csko.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Microsoft Games\\FS2002\\fs2002.exe"=
"c:\\WINDOWS\\system32\\muzapp.exe"=
"c:\\Program Files\\Electronic Arts\\Need For Speed World\\Data\\nfsw.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:Vzdálená správa systému Windows
"5938:TCP"= 5938:TCP:Team Viewer
"3389:TCP"= 3389:TCP:Remote Desktop
"65533:TCP"= 65533:TCP:Services
"52344:TCP"= 52344:TCP:Services
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2.3.2012 19:27 738504]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2.3.2012 19:27 361032]
R2 602XML Updater;602Updater;c:\program files\Common Files\soft602\602updsvc\602updsvc.exe [14.4.2010 10:28 84520]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2.3.2012 19:27 21256]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [26.1.2013 8:39 682344]
R3 DynCal;Dynamic Calibration Service;c:\windows\system32\drivers\DynCal.sys [7.11.2007 19:15 12928]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [26.1.2013 8:39 21104]
S1 SASDIFSV;SASDIFSV;\??\c:\docume~1\Roman\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS --> c:\docume~1\Roman\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS [?]
S1 SASKUTIL;SASKUTIL;\??\c:\docume~1\Roman\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.SYS --> c:\docume~1\Roman\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.SYS [?]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\drivers\ssudbus.sys [8.9.2012 20:25 83168]
S3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [8.9.2012 19:53 20032]
S3 Penet;PlaceEngine NDIS Protocol Driver;c:\windows\system32\drivers\Penet.sys [11.11.2008 20:52 21376]
S3 qoj5.sys;qoj5.sys;\??\c:\windows\system32\drivers\qoj5.sys --> c:\windows\system32\drivers\qoj5.sys [?]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\drivers\ssudmdm.sys [8.9.2012 20:25 181344]
S3 SynasUSB;SynasUSB;c:\windows\system32\drivers\synasUSB.sys [22.5.2008 16:38 18432]
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - MBAMSCHEDULER
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-06-20 10:47 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-01-26 07:29 1624528 ----a-w- c:\program files\Google\Chrome\Application\25.0.1364.45\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2013-01-26 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-05 01:48]
.
2013-01-26 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2012-07-08 22:50]
.
2013-01-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-11 16:20]
.
2013-01-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-11 16:20]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
Trusted Zone: eset.cz
Trusted Zone: intel.com\www
Trusted Zone: ziveprenosy.cz\www
TCP: DhcpNameServer = 10.0.0.138
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
DPF: {5CF549B1-E178-4D8C-ADEF-73F226644F12} - hxxp://deploy.webvdecor.com/app/WebVDSetUp.cab
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Toolbar-Locked - (no file)
SafeBoot-WudfPf
SafeBoot-WudfRd
AddRemove-Personal Trainer One_is1 - e:\program files\Personal Trainer One\unins000.exe
AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - c:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - c:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-05_Sloan - c:\program files\Samsung\USB Drivers\05_Sloan\Uninstall.exe
AddRemove-06_Spencer - c:\program files\Samsung\USB Drivers\06_Spencer\Uninstall.exe
AddRemove-07_Schorl - c:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-08_EMPChipset - c:\program files\Samsung\USB Drivers\08_EMPChipset\Uninstall.exe
AddRemove-09_Hsp - c:\program files\Samsung\USB Drivers\09_Hsp\Uninstall.exe
AddRemove-11_HSP_Plus_Default - c:\program files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe
AddRemove-17_EMP_Chipset2 - c:\program files\Samsung\USB Drivers\17_EMP_Chipset2\Uninstall.exe
AddRemove-18_Zinia_Serial_Driver - c:\program files\Samsung\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe
AddRemove-19_VIA_driver - c:\program files\Samsung\USB Drivers\19_VIA_driver\Uninstall.exe
AddRemove-20_NXP_Driver - c:\program files\Samsung\USB Drivers\20_NXP_Driver\Uninstall.exe
AddRemove-21_Searsburg - c:\program files\Samsung\USB Drivers\21_Searsburg\Uninstall.exe
AddRemove-22_WiBro_WiMAX - c:\program files\Samsung\USB Drivers\22_WiBro_WiMAX\Uninstall.exe
AddRemove-24_flashusbdriver - c:\program files\Samsung\USB Drivers\24_flashusbdriver\Uninstall.exe
AddRemove-25_escape - c:\program files\Samsung\USB Drivers\25_escape\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-01-26 13:15
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,4d,7d,14,43,18,a3,43,41,8e,65,94,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,4d,7d,14,43,18,a3,43,41,8e,65,94,\
.
[HKEY_USERS\S-1-5-21-448539723-1957994488-839522115-1004\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-448539723-1957994488-839522115-1004_Classes\{057C7771-F320-4C2A-A2EA-747945FA82F2}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@=hex:76,9e,da,74,5c,d5,cc,01
DUMPHIVE0.003 (REGF)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\{057C7771-F320-4C2A-A2EA-747945FA82F2}*]
@=hex:3a,d5,a0,e3,05,cf,cc,01
.
[HKEY_LOCAL_MACHINE\software\Classes\{47BF077C-44C6-42B1-8F88-ADE2585DD2ED}*]
@=hex:8e,6f,22,38,05,cf,cc,01
.
[HKEY_LOCAL_MACHINE\software\Classes\{97A98033-9FA1-4E80-A339-59787B43CC89}*]
@=hex:96,1e,52,38,05,cf,cc,01
.
[HKEY_LOCAL_MACHINE\software\Classes\{A82EB336-567D-4F41-A63E-8113AD8B6903}*]
@=hex:4a,5c,c3,34,05,cf,cc,01
.
[HKEY_LOCAL_MACHINE\software\Classes\{C4B20040-7D5A-4558-9E19-B7DF94366F97}*]
@=hex:24,09,23,3a,05,cf,cc,01
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(3356)
c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt.dll
c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_cze.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
c:\program files\ATKGFNEX\GFNEXSrv.exe
c:\windows\system32\acs.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files\Java\jre7\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Google\Update\1.3.21.123\GoogleCrashHandler.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\ASUS\NB Probe\SPM\spmgr.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
c:\windows\System32\spool\DRIVERS\W32X86\3\HP1006MC.EXE
c:\windows\system32\wbem\wmiapsrv.exe
c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe
c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\Common Files\Java\Java Update\jucheck.exe
.
**************************************************************************
.
Celkový čas: 2013-01-26 13:22:58 - počítač byl restartován
ComboFix-quarantined-files.txt 2013-01-26 12:22
.
Před spuštěním: Volných bajtů: 62 532 960 256
Po spuštění: Volných bajtů: 62 708 527 104
.
WindowsXP-KB310994-SP2-Home-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - F410F9245EDE31D3F743BB277DDE6740

[Rudy]

Ještě dočistíme. Otevřte poznámkový blok a zkopírujte do něj:

KillAll::

Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"65533:TCP"=-
"52344:TCP"=-

RegLock::
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

Regnull::
[HKEY_USERS\S-1-5-21-448539723-1957994488-839522115-1004\Software\Microsoft\SystemCertificates\AddressBook*]
[HKEY_USERS\S-1-5-21-448539723-1957994488-839522115-1004_Classes\{057C7771-F320-4C2A-A2EA-747945FA82F2}*]
[HKEY_LOCAL_MACHINE\software\Classes\{057C7771-F320-4C2A-A2EA-747945FA82F2}*]
[HKEY_LOCAL_MACHINE\software\Classes\{47BF077C-44C6-42B1-8F88-ADE2585DD2ED}*]
[HKEY_LOCAL_MACHINE\software\Classes\{97A98033-9FA1-4E80-A339-59787B43CC89}*]
[HKEY_LOCAL_MACHINE\software\Classes\{A82EB336-567D-4F41-A63E-8113AD8B6903}*]
[HKEY_LOCAL_MACHINE\software\Classes\{C4B20040-7D5A-4558-9E19-B7DF94366F97}*]

Reboot::

Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.

[T-I-Y]

Tak jsem udělal jak jste říkal.Napsal skript, přetáhl na CF, CFko se spustilo.Ale potom:

a) CF našlo znovu ten rootkit v MBR (takže restart)
b) Po restartování PC (kvůli rootkitu) by měl začít CF hledat ale nic.Zasekl se na 1,5 hodiny a ani nezačal.Takže jsem restartoval PC.

c) Co mám udělat dál prosím?:)

[Rudy]

Stáhnět, rozbalte a spusťte TDSSKiller: http://support.kaspersky.com/downloads/ ... killer.zip . Necte pracovat a po skončení akce sem dejte log.

[T-I-Y]

Tak jsem spustil ještě Avast kontrolu na rootkity a našel myslím 3.Pak jsemdal ten TDSSKiller.Tady je log

21:29:35.0515 5600 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
21:29:35.0781 5600 ============================================================
21:29:35.0781 5600 Current date / time: 2013/01/26 21:29:35.0781
21:29:35.0781 5600 SystemInfo:
21:29:35.0781 5600
21:29:35.0781 5600 OS Version: 5.1.2600 ServicePack: 3.0
21:29:35.0781 5600 Product type: Workstation
21:29:35.0781 5600 ComputerName: NB-ASUS
21:29:35.0781 5600 UserName: Roman
21:29:35.0781 5600 Windows directory: C:\WINDOWS
21:29:35.0781 5600 System windows directory: C:\WINDOWS
21:29:35.0781 5600 Processor architecture: Intel x86
21:29:35.0781 5600 Number of processors: 2
21:29:35.0781 5600 Page size: 0x1000
21:29:35.0781 5600 Boot type: Normal boot
21:29:35.0781 5600 ============================================================
21:29:37.0453 5600 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
21:29:37.0453 5600 Drive \Device\Harddisk1\DR2 - Size: 0x1E98000 (0.03 Gb), SectorSize: 0x200, Cylinders: 0x3, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
21:29:37.0468 5600 Drive \Device\Harddisk2\DR4 - Size: 0x3BA800000 (14.91 Gb), SectorSize: 0x200, Cylinders: 0x79A, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
21:29:37.0468 5600 ============================================================
21:29:37.0468 5600 \Device\Harddisk0\DR0:
21:29:37.0468 5600 MBR partitions:
21:29:37.0468 5600 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x12A14BC1
21:29:37.0468 5600 \Device\Harddisk1\DR2:
21:29:37.0468 5600 MBR partitions:
21:29:37.0468 5600 \Device\Harddisk1\DR2\Partition1: MBR, Type 0x4, StartLBA 0x40, BlocksNum 0xF4C0
21:29:37.0468 5600 \Device\Harddisk2\DR4:
21:29:37.0468 5600 MBR partitions:
21:29:37.0468 5600 \Device\Harddisk2\DR4\Partition1: MBR, Type 0xC, StartLBA 0x1F80, BlocksNum 0x1DD2080
21:29:37.0468 5600 ============================================================
21:29:37.0500 5600 C: <-> \Device\Harddisk0\DR0\Partition1
21:29:37.0500 5600 ============================================================
21:29:37.0500 5600 Initialize success
21:29:37.0500 5600 ============================================================
21:30:24.0031 3648 ============================================================
21:30:24.0031 3648 Scan started
21:30:24.0031 3648 Mode: Manual;
21:30:24.0031 3648 ============================================================
21:30:24.0609 3648 ================ Scan system memory ========================
21:30:25.0609 3648 System memory - ok
21:30:25.0609 3648 ================ Scan services =============================
21:30:25.0718 3648 [ 42FAEEF297D64C132862266418DBEF7F ] 602XML Updater C:\Program Files\Common Files\soft602\602updsvc\602updsvc.exe
21:30:25.0718 3648 602XML Updater - ok
21:30:25.0843 3648 [ 149A8F7ADF9742554DC323E290551E3E ] Aavmker4 C:\WINDOWS\system32\drivers\Aavmker4.sys
21:30:25.0843 3648 Aavmker4 - ok
21:30:25.0859 3648 Abiosdsk - ok
21:30:25.0875 3648 abp480n5 - ok
21:30:25.0921 3648 [ 4FE34F1F3126B61FCC6B2043AA8112C9 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
21:30:25.0921 3648 ACPI - ok
21:30:25.0953 3648 [ AFDFF022A01F0B11C776F0860C3B282F ] ACPIEC C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
21:30:25.0953 3648 ACPIEC - ok
21:30:25.0984 3648 [ 9FEFF3A731EAAB3EB34F2AF361D703EE ] ACS C:\WINDOWS\system32\acs.exe
21:30:26.0000 3648 ACS - ok
21:30:26.0078 3648 [ 424877CB9D5517F980FF7BACA2EB379D ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
21:30:26.0093 3648 AdobeFlashPlayerUpdateSvc - ok
21:30:26.0093 3648 adpu160m - ok
21:30:26.0140 3648 [ 609A6F49B6AF0F25837F8A0EDDDB0745 ] ADSMService C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
21:30:26.0140 3648 ADSMService - ok
21:30:26.0156 3648 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
21:30:26.0171 3648 aec - ok
21:30:26.0218 3648 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
21:30:26.0218 3648 AFD - ok
21:30:26.0234 3648 Aha154x - ok
21:30:26.0234 3648 aic78u2 - ok
21:30:26.0250 3648 aic78xx - ok
21:30:26.0296 3648 [ E0A6FA244B8624D78FE5FF6F56A33BAE ] Alerter C:\WINDOWS\system32\alrsvc.dll
21:30:26.0296 3648 Alerter - ok
21:30:26.0328 3648 [ 88842DE939A827577BF24243699AC80A ] ALG C:\WINDOWS\System32\alg.exe
21:30:26.0328 3648 ALG - ok
21:30:26.0328 3648 AliIde - ok
21:30:26.0343 3648 amsint - ok
21:30:26.0343 3648 AppMgmt - ok
21:30:26.0421 3648 [ BD4A059B937A64F403E693DCAA26FE38 ] AR5211 C:\WINDOWS\system32\DRIVERS\ar5211.sys
21:30:26.0437 3648 AR5211 - ok
21:30:26.0453 3648 asc - ok
21:30:26.0453 3648 asc3350p - ok
21:30:26.0468 3648 asc3550 - ok
21:30:26.0515 3648 [ 4385E371C25C94C804E9D3152BD9E1F7 ] AsDsm C:\WINDOWS\system32\drivers\AsDsm.sys
21:30:26.0515 3648 AsDsm - ok
21:30:26.0578 3648 [ 7B4D08D2017AC06689D422E06C43F0AA ] ASMMAP C:\Program Files\ATKGFNEX\ASMMAP.sys
21:30:26.0578 3648 ASMMAP - ok
21:30:26.0625 3648 [ 05A56C3156E1B6CC7BBD8E1D54D491F2 ] ASNDIS5 C:\PROGRA~1\ATKHOT~1\ASNDIS5.SYS
21:30:26.0625 3648 ASNDIS5 - ok
21:30:26.0734 3648 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
21:30:26.0734 3648 aspnet_state - ok
21:30:26.0781 3648 [ DE6ED95AEF259979B2830450072A627B ] aswFsBlk C:\WINDOWS\system32\drivers\aswFsBlk.sys
21:30:26.0781 3648 aswFsBlk - ok
21:30:26.0812 3648 [ 84F0BE324EE111338589F448C3E8BAB2 ] aswMon2 C:\WINDOWS\system32\drivers\aswMon2.sys
21:30:26.0828 3648 aswMon2 - ok
21:30:26.0843 3648 [ 7C9F0A2AB17D52261A9252A2EB320884 ] AswRdr C:\WINDOWS\system32\drivers\AswRdr.sys
21:30:26.0843 3648 AswRdr - ok
21:30:26.0875 3648 [ B32E9AD44A1DBB3E8095E80F8DF32B03 ] aswSnx C:\WINDOWS\system32\drivers\aswSnx.sys
21:30:26.0921 3648 aswSnx - ok
21:30:26.0937 3648 [ 67B558895695545FB0568B7541F3BCA7 ] aswSP C:\WINDOWS\system32\drivers\aswSP.sys
21:30:26.0937 3648 aswSP - ok
21:30:26.0968 3648 [ E3E73B2B73A4DFADFDDF557192C4B08A ] aswTdi C:\WINDOWS\system32\drivers\aswTdi.sys
21:30:26.0968 3648 aswTdi - ok
21:30:27.0031 3648 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
21:30:27.0031 3648 AsyncMac - ok
21:30:27.0046 3648 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
21:30:27.0062 3648 atapi - ok
21:30:27.0062 3648 Atdisk - ok
21:30:27.0093 3648 [ 7C157574A181B19B9DCF5F339E25337E ] ATKGFNEXSrv C:\Program Files\ATKGFNEX\GFNEXSrv.exe
21:30:27.0093 3648 ATKGFNEXSrv - ok
21:30:27.0109 3648 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
21:30:27.0109 3648 Atmarpc - ok
21:30:27.0140 3648 [ DE31B88962A8645DBA5A37B993E7B0F1 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
21:30:27.0140 3648 AudioSrv - ok
21:30:27.0171 3648 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
21:30:27.0171 3648 audstub - ok
21:30:27.0281 3648 [ 8FA553E9AE69808D99C164733A0F9590 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
21:30:27.0281 3648 avast! Antivirus - ok
21:30:27.0328 3648 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
21:30:27.0328 3648 Beep - ok
21:30:27.0375 3648 [ 19395D092FD85DDC2D9C7729CF5A2AC8 ] BITS C:\WINDOWS\system32\qmgr.dll
21:30:27.0390 3648 BITS - ok
21:30:27.0437 3648 [ 89E739BBA5F636297EA5B5F811189E06 ] Browser C:\WINDOWS\System32\browser.dll
21:30:27.0437 3648 Browser - ok
21:30:27.0609 3648 catchme - ok
21:30:27.0640 3648 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
21:30:27.0640 3648 cbidf2k - ok
21:30:27.0656 3648 cd20xrnt - ok
21:30:27.0687 3648 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
21:30:27.0687 3648 Cdaudio - ok
21:30:27.0734 3648 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
21:30:27.0750 3648 Cdfs - ok
21:30:27.0796 3648 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
21:30:27.0796 3648 Cdrom - ok
21:30:27.0796 3648 Changer - ok
21:30:27.0843 3648 [ E390DC1D7C461D7D56EC53402F329928 ] CiSvc C:\WINDOWS\system32\cisvc.exe
21:30:27.0843 3648 CiSvc - ok
21:30:27.0859 3648 [ 064507A8DFA8C5C7E2FFDDD3E6F424FA ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
21:30:27.0859 3648 ClipSrv - ok
21:30:27.0921 3648 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:30:27.0921 3648 clr_optimization_v2.0.50727_32 - ok
21:30:28.0046 3648 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:30:28.0125 3648 clr_optimization_v4.0.30319_32 - ok
21:30:28.0140 3648 [ 0F6C187D38D98F8DF904589A5F94D411 ] CmBatt C:\WINDOWS\system32\DRIVERS\CmBatt.sys
21:30:28.0140 3648 CmBatt - ok
21:30:28.0156 3648 CmdIde - ok
21:30:28.0187 3648 [ 6E4C9F21F0FAE8940661144F41B13203 ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys
21:30:28.0187 3648 Compbatt - ok
21:30:28.0203 3648 COMSysApp - ok
21:30:28.0234 3648 Cpqarray - ok
21:30:28.0281 3648 [ F3AB0933CBD166D271992F411C27CCAF ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
21:30:28.0281 3648 CryptSvc - ok
21:30:28.0281 3648 dac2w2k - ok
21:30:28.0296 3648 dac960nt - ok
21:30:28.0343 3648 [ BE27674D1CBC3214AEC84B4336A38BBF ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
21:30:28.0359 3648 DcomLaunch - ok
21:30:28.0406 3648 [ 6216FD7FD227DE454238A702B218CEC7 ] dgderdrv C:\WINDOWS\system32\drivers\dgderdrv.sys
21:30:28.0406 3648 dgderdrv - ok
21:30:28.0437 3648 [ 7BEF2E2159EDB03105BC7A8BABE04726 ] dg_ssudbus C:\WINDOWS\system32\DRIVERS\ssudbus.sys
21:30:28.0437 3648 dg_ssudbus - ok
21:30:28.0484 3648 [ 8C9A53E285AC5E6704844D0459EC85BE ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
21:30:28.0500 3648 Dhcp - ok
21:30:28.0500 3648 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
21:30:28.0515 3648 Disk - ok
21:30:28.0515 3648 dmadmin - ok
21:30:28.0546 3648 [ DB5FD2BF5B07DC54BFCB3664FF05BD7C ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
21:30:28.0609 3648 dmboot - ok
21:30:28.0625 3648 [ FFF1720AF51171F32F1EAD5CF71F2810 ] dmio C:\WINDOWS\system32\drivers\dmio.sys
21:30:28.0625 3648 dmio - ok
21:30:28.0656 3648 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
21:30:28.0656 3648 dmload - ok
21:30:28.0687 3648 [ 2BFEFE9E865655A76982F050450B9591 ] dmserver C:\WINDOWS\System32\dmserver.dll
21:30:28.0703 3648 dmserver - ok
21:30:28.0718 3648 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
21:30:28.0718 3648 DMusic - ok
21:30:28.0765 3648 [ DFAA406BF19F4EE806A6F8D4342137F7 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
21:30:28.0765 3648 Dnscache - ok
21:30:28.0812 3648 [ 4A3E2BD20157A0946751229E92EB8621 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
21:30:28.0812 3648 Dot3svc - ok
21:30:28.0843 3648 [ 3E4B043F8BC6BE1D4820CC6C9C500306 ] Dot4 C:\WINDOWS\system32\DRIVERS\Dot4.sys
21:30:28.0843 3648 Dot4 - ok
21:30:28.0890 3648 [ 77CE63A8A34AE23D9FE4C7896D1DEBE7 ] Dot4Print C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys
21:30:28.0890 3648 Dot4Print - ok
21:30:28.0906 3648 [ CCC4092DFC85336F2E1C142483ADEB42 ] dot4usb C:\WINDOWS\system32\DRIVERS\dot4usb.sys
21:30:28.0906 3648 dot4usb - ok
21:30:28.0921 3648 dpti2o - ok
21:30:28.0937 3648 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
21:30:28.0937 3648 drmkaud - ok
21:30:28.0984 3648 [ 1D995CF2789E2844FC538C540E8563DE ] DynCal C:\WINDOWS\system32\drivers\Dyncal.sys
21:30:28.0984 3648 DynCal - ok
21:30:29.0000 3648 EagleNT - ok
21:30:29.0046 3648 [ 0887D9C2BE8D940778CAD1E3B85F2A41 ] EapHost C:\WINDOWS\System32\eapsvc.dll
21:30:29.0046 3648 EapHost - ok
21:30:29.0078 3648 [ A2A4912798F2BE706ABADD3D30800D16 ] ERSvc C:\WINDOWS\System32\ersvc.dll
21:30:29.0078 3648 ERSvc - ok
21:30:29.0125 3648 [ 9EF697AF07BB8DD82C3B02CA953A95B7 ] Eventlog C:\WINDOWS\system32\services.exe
21:30:29.0140 3648 Eventlog - ok
21:30:29.0187 3648 [ A371F11EF07653591C8DE26AFB13CE7F ] EventSystem C:\WINDOWS\system32\es.dll
21:30:29.0187 3648 EventSystem - ok
21:30:29.0250 3648 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
21:30:29.0250 3648 Fastfat - ok
21:30:29.0281 3648 [ EE9A2B9EA968A792A053C9D1A86BF870 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
21:30:29.0296 3648 FastUserSwitchingCompatibility - ok
21:30:29.0312 3648 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys
21:30:29.0328 3648 Fdc - ok
21:30:29.0359 3648 [ AC366695A0796560AA37215AD5762AAF ] Fips C:\WINDOWS\system32\drivers\Fips.sys
21:30:29.0359 3648 Fips - ok
21:30:29.0375 3648 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
21:30:29.0375 3648 Flpydisk - ok
21:30:29.0421 3648 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
21:30:29.0437 3648 FltMgr - ok
21:30:29.0531 3648 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
21:30:29.0531 3648 FontCache3.0.0.0 - ok
21:30:29.0531 3648 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
21:30:29.0531 3648 Fs_Rec - ok
21:30:29.0562 3648 [ 4E664D8541DB4A66B73A24257E322E1F ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
21:30:29.0578 3648 Ftdisk - ok
21:30:29.0625 3648 [ 31B40F40E09513ADDC460F6A297AD474 ] ghaio C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys
21:30:29.0625 3648 ghaio - ok
21:30:29.0671 3648 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
21:30:29.0687 3648 Gpc - ok
21:30:29.0750 3648 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
21:30:29.0750 3648 gupdate - ok
21:30:29.0750 3648 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
21:30:29.0765 3648 gupdatem - ok
21:30:29.0812 3648 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
21:30:29.0812 3648 gusvc - ok
21:30:29.0843 3648 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
21:30:29.0843 3648 HDAudBus - ok
21:30:29.0921 3648 [ FCFE31FB75F8A6295B6B0AF87A626282 ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
21:30:29.0921 3648 helpsvc - ok
21:30:29.0937 3648 [ 00E25EE90166B3E1BE6E74AEBF858306 ] HidServ C:\WINDOWS\System32\hidserv.dll
21:30:29.0953 3648 HidServ - ok
21:30:30.0000 3648 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
21:30:30.0000 3648 HidUsb - ok
21:30:30.0046 3648 [ 7A6B320928F86BC851530D63C82965D9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
21:30:30.0062 3648 hkmsvc - ok
21:30:30.0062 3648 hpn - ok
21:30:30.0140 3648 [ 38D6B51F04DEF7FB248FA56E4C47407E ] hpqcxs08 C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
21:30:30.0156 3648 hpqcxs08 - ok
21:30:30.0171 3648 [ 3EE4A63539EC04EE2D4BD293985087AB ] hpqddsvc C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
21:30:30.0171 3648 hpqddsvc - ok
21:30:30.0203 3648 [ D03D10F7DED688FECF50F8FBF1EA9B8A ] HPZid412 C:\WINDOWS\system32\DRIVERS\HPZid412.sys
21:30:30.0203 3648 HPZid412 - ok
21:30:30.0234 3648 [ 89F41658929393487B6B7D13C8528CE3 ] HPZipr12 C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
21:30:30.0234 3648 HPZipr12 - ok
21:30:30.0265 3648 [ ABCB05CCDBF03000354B9553820E39F8 ] HPZius12 C:\WINDOWS\system32\DRIVERS\HPZius12.sys
21:30:30.0265 3648 HPZius12 - ok
21:30:30.0312 3648 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
21:30:30.0328 3648 HTTP - ok
21:30:30.0375 3648 [ 58FE2F2DA3BC5573F4A35B3760D3125F ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
21:30:30.0390 3648 HTTPFilter - ok
21:30:30.0437 3648 [ 53F1160666435151B6FCF89D015FE620 ] hwdatacard C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys
21:30:30.0437 3648 hwdatacard - ok
21:30:30.0453 3648 i2omgmt - ok
21:30:30.0453 3648 i2omp - ok
21:30:30.0484 3648 [ C528E27945367191E7BAE364930B6932 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
21:30:30.0484 3648 i8042prt - ok
21:30:30.0671 3648 [ 48846B31BE5A4FA662CCFDE7A1BA86B9 ] ialm C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
21:30:30.0843 3648 ialm - ok
21:30:30.0921 3648 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
21:30:30.0953 3648 idsvc - ok
21:30:30.0968 3648 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
21:30:30.0968 3648 Imapi - ok
21:30:31.0000 3648 [ F7B93AAFAD33B2320954C17E26C8D361 ] ImapiService C:\WINDOWS\system32\imapi.exe
21:30:31.0015 3648 ImapiService - ok
21:30:31.0015 3648 ini910u - ok
21:30:31.0187 3648 [ EB5608FD4F2961517AC9F5CAC88B023B ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
21:30:31.0312 3648 IntcAzAudAddService - ok
21:30:31.0328 3648 IntelIde - ok
21:30:31.0343 3648 [ 27B290D632AF2CF3CF40BFDDB7370985 ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
21:30:31.0343 3648 intelppm - ok
21:30:31.0375 3648 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
21:30:31.0375 3648 Ip6Fw - ok
21:30:31.0390 3648 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
21:30:31.0406 3648 IpFilterDriver - ok
21:30:31.0421 3648 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
21:30:31.0421 3648 IpInIp - ok
21:30:31.0437 3648 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
21:30:31.0453 3648 IpNat - ok
21:30:31.0468 3648 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
21:30:31.0468 3648 IPSec - ok
21:30:31.0515 3648 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
21:30:31.0515 3648 IRENUM - ok
21:30:31.0546 3648 [ CC9F8A2D60AED1A51A3AC34C59B987AE ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
21:30:31.0546 3648 isapnp - ok
21:30:31.0640 3648 [ A12175F063302CD68F8FC6D572D7E5FD ] JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe
21:30:31.0640 3648 JavaQuickStarterService - ok
21:30:31.0656 3648 [ 1B6162FE7F66B1A71A4B70F941C4AA9B ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
21:30:31.0656 3648 Kbdclass - ok
21:30:31.0656 3648 [ 86C8F23616C6C6E5B2776901C17B945B ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
21:30:31.0671 3648 kbdhid - ok
21:30:31.0687 3648 [ CC2A86D7BBF14977340DCA61BBCBA771 ] kbfiltr C:\WINDOWS\system32\DRIVERS\kbfiltr.sys
21:30:31.0687 3648 kbfiltr - ok
21:30:31.0718 3648 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
21:30:31.0718 3648 kmixer - ok
21:30:31.0781 3648 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
21:30:31.0781 3648 KSecDD - ok
21:30:31.0828 3648 [ 3428E8F86F8ADD36B42FB23542C7B3E4 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
21:30:31.0843 3648 lanmanserver - ok
21:30:31.0875 3648 [ 936C1D110232D23B621CB0196E4F80F0 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
21:30:31.0890 3648 lanmanworkstation - ok
21:30:31.0906 3648 lbrtfdc - ok
21:30:31.0984 3648 [ 98D884ADC0B8C0FEBCC9D7BEE6D86F90 ] LightScribeService C:\Program Files\Common Files\LightScribe\LSSrvc.exe
21:30:32.0015 3648 LightScribeService - ok
21:30:32.0078 3648 [ 0AB159F536E3E8F7F07113702A07CCA5 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
21:30:32.0078 3648 LmHosts - ok
21:30:32.0125 3648 [ 629CABB0421668C9D3D402A3C3D77E14 ] MBAMProtector C:\WINDOWS\system32\drivers\mbam.sys
21:30:32.0125 3648 MBAMProtector - ok
21:30:32.0265 3648 [ 1ACAA67676E9E7BDA5E0C41B6E0DECAF ] MBAMScheduler C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
21:30:32.0265 3648 MBAMScheduler - ok
21:30:32.0312 3648 [ 916B8954AC3E06DC9E898AFFB41F3FB6 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
21:30:32.0328 3648 MBAMService - ok
21:30:32.0375 3648 [ 11F714F85530A2BD134074DC30E99FCA ] MDM C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
21:30:32.0375 3648 MDM - ok
21:30:32.0406 3648 [ 221CD1C815B8A6B79389C3F5D1018DE8 ] Messenger C:\WINDOWS\System32\msgsvc.dll
21:30:32.0421 3648 Messenger - ok
21:30:32.0453 3648 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
21:30:32.0453 3648 mnmdd - ok
21:30:32.0484 3648 [ 9A57D046F88F4B69751B11FD40088A61 ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
21:30:32.0484 3648 mnmsrvc - ok
21:30:32.0515 3648 [ 44032B0C6D9954D3FD26438330B99EE7 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
21:30:32.0515 3648 Modem - ok
21:30:32.0515 3648 [ 4CB582831DBDE63CE43B45D771218374 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
21:30:32.0531 3648 Mouclass - ok
21:30:32.0578 3648 [ BB269EBA740737AB749B214D568B6812 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
21:30:32.0578 3648 mouhid - ok
21:30:32.0593 3648 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
21:30:32.0593 3648 MountMgr - ok
21:30:32.0609 3648 mraid35x - ok
21:30:32.0687 3648 [ 9BD4DCB5412921864A7AACDEDFBD1923 ] MREMP50 C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS
21:30:32.0687 3648 MREMP50 - ok
21:30:32.0687 3648 MREMP50a64 - ok
21:30:32.0687 3648 MREMPR5 - ok
21:30:32.0703 3648 MRENDIS5 - ok
21:30:32.0718 3648 [ 07C02C892E8E1A72D6BF35004F0E9C5E ] MRESP50 C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS
21:30:32.0718 3648 MRESP50 - ok
21:30:32.0718 3648 MRESP50a64 - ok
21:30:32.0734 3648 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
21:30:32.0734 3648 MRxDAV - ok
21:30:32.0781 3648 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
21:30:32.0796 3648 MRxSmb - ok
21:30:32.0828 3648 [ 6DB4D1521CABA9A5FFAB54ADE0AE867D ] MSDTC C:\WINDOWS\system32\msdtc.exe
21:30:32.0828 3648 MSDTC - ok
21:30:32.0843 3648 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
21:30:32.0843 3648 Msfs - ok
21:30:32.0859 3648 MSIServer - ok
21:30:32.0875 3648 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
21:30:32.0875 3648 MSKSSRV - ok
21:30:32.0906 3648 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
21:30:32.0906 3648 MSPCLOCK - ok
21:30:32.0906 3648 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
21:30:32.0906 3648 MSPQM - ok
21:30:32.0937 3648 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
21:30:32.0937 3648 mssmbios - ok
21:30:33.0250 3648 [ 751961E128DBCC7A32304339C4BDEFF0 ] MSSQLSERVER C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
21:30:33.0468 3648 MSSQLSERVER - ok
21:30:33.0515 3648 [ 1D1B22613EAB9287AF902398867BC93C ] MSSQLServerADHelper C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe
21:30:33.0515 3648 MSSQLServerADHelper - ok
21:30:33.0546 3648 [ 1C0F480B7C6136DDB5FB909995AF014A ] MTsensor C:\WINDOWS\system32\DRIVERS\ATKACPI.sys
21:30:33.0546 3648 MTsensor - ok
21:30:33.0593 3648 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
21:30:33.0593 3648 Mup - ok
21:30:33.0640 3648 [ 6EA362E9DB03D44F6B996F4D8BE237E9 ] napagent C:\WINDOWS\System32\qagentrt.dll
21:30:33.0656 3648 napagent - ok
21:30:33.0765 3648 [ 6D8FCDD5BB3B676EF58FA234073492C6 ] NBService C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
21:30:33.0781 3648 NBService - ok
21:30:33.0812 3648 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
21:30:33.0812 3648 NDIS - ok
21:30:33.0859 3648 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
21:30:33.0859 3648 NdisTapi - ok
21:30:33.0906 3648 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
21:30:33.0906 3648 Ndisuio - ok
21:30:33.0921 3648 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
21:30:33.0921 3648 NdisWan - ok
21:30:33.0984 3648 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
21:30:33.0984 3648 NDProxy - ok
21:30:34.0015 3648 [ 51C6D8BFBD4EA5B62A1BA7F4469250D3 ] Net Driver HPZ12 C:\WINDOWS\system32\HPZinw12.dll
21:30:34.0015 3648 Net Driver HPZ12 - ok
21:30:34.0046 3648 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
21:30:34.0046 3648 NetBIOS - ok
21:30:34.0062 3648 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
21:30:34.0062 3648 NetBT - ok
21:30:34.0109 3648 [ 933DE774986EC85E48210C44AB431DE6 ] NetDDE C:\WINDOWS\system32\netdde.exe
21:30:34.0109 3648 NetDDE - ok
21:30:34.0109 3648 [ 933DE774986EC85E48210C44AB431DE6 ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
21:30:34.0125 3648 NetDDEdsdm - ok
21:30:34.0156 3648 [ ED0A176354487CEED65B80A7148AB739 ] Netlogon C:\WINDOWS\system32\lsass.exe
21:30:34.0171 3648 Netlogon - ok
21:30:34.0187 3648 [ 72E1E9E2977BE08BDEEDB6D8FD9D4D40 ] Netman C:\WINDOWS\System32\netman.dll
21:30:34.0203 3648 Netman - ok
21:30:34.0234 3648 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
21:30:34.0234 3648 NetTcpPortSharing - ok
21:30:34.0281 3648 [ 39EE7C3BFBC64BA87CC8CF67386E814C ] Nla C:\WINDOWS\System32\mswsock.dll
21:30:34.0296 3648 Nla - ok
21:30:34.0390 3648 [ 060DAF68493AD7ADF104413E5A62AFA8 ] NMIndexingService C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
21:30:34.0390 3648 NMIndexingService - ok
21:30:34.0437 3648 [ F6C40E0A565EE3CE5AEEB325E10054F2 ] nmwcd C:\WINDOWS\system32\drivers\ccdcmb.sys
21:30:34.0437 3648 nmwcd - ok
21:30:34.0484 3648 [ 2A394E9E1FA3565E4B2FEA470FFE4D6B ] nmwcdc C:\WINDOWS\system32\drivers\ccdcmbo.sys
21:30:34.0484 3648 nmwcdc - ok
21:30:34.0531 3648 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
21:30:34.0531 3648 Npfs - ok
21:30:34.0546 3648 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
21:30:34.0562 3648 Ntfs - ok
21:30:34.0593 3648 [ ED0A176354487CEED65B80A7148AB739 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
21:30:34.0593 3648 NtLmSsp - ok
21:30:34.0640 3648 [ 023DD70573D644F3D9C8B1258A7BFD08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
21:30:34.0671 3648 NtmsSvc - ok
21:30:34.0687 3648 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
21:30:34.0687 3648 Null - ok
21:30:34.0734 3648 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
21:30:34.0734 3648 NwlnkFlt - ok
21:30:34.0750 3648 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
21:30:34.0750 3648 NwlnkFwd - ok
21:30:34.0796 3648 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:30:34.0796 3648 ose - ok
21:30:34.0859 3648 [ 46F8DB73B4A53E543F8E371DC7C75BAE ] Parport C:\WINDOWS\system32\drivers\Parport.sys
21:30:34.0859 3648 Parport - ok
21:30:34.0875 3648 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
21:30:34.0875 3648 PartMgr - ok
21:30:34.0921 3648 [ 1FAE19D0457176318BBA4A8795656EBC ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
21:30:34.0921 3648 ParVdm - ok
21:30:34.0953 3648 [ F451DCACBAA67F3307305EBD4A39EA07 ] pccsmcfd C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys
21:30:34.0953 3648 pccsmcfd - ok
21:30:34.0968 3648 [ 6CE351D149CB4BEFC702951E471E1730 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
21:30:34.0968 3648 PCI - ok
21:30:34.0968 3648 PCIDump - ok
21:30:35.0000 3648 [ 2DA4EC85E0EA7A45C6B2A05820492D5A ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
21:30:35.0000 3648 PCIIde - ok
21:30:35.0015 3648 [ 4FC31E6C19A5CE5198B1ABFF94CAE758 ] Pcmcia C:\WINDOWS\system32\DRIVERS\pcmcia.sys
21:30:35.0015 3648 Pcmcia - ok
21:30:35.0015 3648 PDCOMP - ok
21:30:35.0031 3648 PDFRAME - ok
21:30:35.0031 3648 PDRELI - ok
21:30:35.0046 3648 PDRFRAME - ok
21:30:35.0093 3648 [ A914397BE9E9C3179026C3C6AEE87844 ] Penet C:\WINDOWS\system32\DRIVERS\penet.sys
21:30:35.0093 3648 Penet - ok
21:30:35.0093 3648 perc2 - ok
21:30:35.0109 3648 perc2hib - ok
21:30:35.0140 3648 [ 9EF697AF07BB8DD82C3B02CA953A95B7 ] PlugPlay C:\WINDOWS\system32\services.exe
21:30:35.0140 3648 PlugPlay - ok
21:30:35.0187 3648 [ 79834AA2FBF9FE81EEBB229024F6F7FC ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.dll
21:30:35.0187 3648 Pml Driver HPZ12 - ok
21:30:35.0218 3648 [ ED0A176354487CEED65B80A7148AB739 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
21:30:35.0218 3648 PolicyAgent - ok
21:30:35.0265 3648 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
21:30:35.0265 3648 PptpMiniport - ok
21:30:35.0265 3648 [ ED0A176354487CEED65B80A7148AB739 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
21:30:35.0281 3648 ProtectedStorage - ok
21:30:35.0281 3648 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
21:30:35.0281 3648 PSched - ok
21:30:35.0312 3648 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
21:30:35.0312 3648 Ptilink - ok
21:30:35.0312 3648 ql1080 - ok
21:30:35.0328 3648 Ql10wnt - ok
21:30:35.0328 3648 ql12160 - ok
21:30:35.0343 3648 ql1240 - ok
21:30:35.0343 3648 ql1280 - ok
21:30:35.0359 3648 qoj5.sys - ok
21:30:35.0359 3648 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
21:30:35.0359 3648 RasAcd - ok
21:30:35.0406 3648 [ 2B5E44EA009F2F374B980E1E9A70635D ] RasAuto C:\WINDOWS\System32\rasauto.dll
21:30:35.0406 3648 RasAuto - ok
21:30:35.0421 3648 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
21:30:35.0421 3648 Rasl2tp - ok
21:30:35.0468 3648 [ D57554C664B64604BD1EE13EA2C07E77 ] RasMan C:\WINDOWS\System32\rasmans.dll
21:30:35.0500 3648 RasMan - ok
21:30:35.0500 3648 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
21:30:35.0500 3648 RasPppoe - ok
21:30:35.0515 3648 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
21:30:35.0515 3648 Raspti - ok
21:30:35.0531 3648 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
21:30:35.0531 3648 Rdbss - ok
21:30:35.0531 3648 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
21:30:35.0546 3648 RDPCDD - ok
21:30:35.0593 3648 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
21:30:35.0593 3648 RDPWD - ok
21:30:35.0640 3648 [ C0D9D9711CB74EE9BC66353D8CBDAB0E ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
21:30:35.0656 3648 RDSessMgr - ok
21:30:35.0703 3648 [ 611BFD220305BE3A85AE876EA47D4AA5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
21:30:35.0703 3648 redbook - ok
21:30:35.0734 3648 [ 127C26B5371651043450E52542099ABA ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
21:30:35.0734 3648 RemoteAccess - ok
21:30:35.0828 3648 [ B216B03852DF788C7E2AFDF6C6E8A9B0 ] RichVideo C:\Program Files\CyberLink\Shared Files\RichVideo.exe
21:30:35.0828 3648 RichVideo - ok
21:30:35.0875 3648 [ C35CA13D3627EBD9DD12A23CE781BC3D ] rimmptsk C:\WINDOWS\system32\DRIVERS\rimmptsk.sys
21:30:35.0875 3648 rimmptsk - ok
21:30:35.0906 3648 [ C398BCA91216755B098679A8DA8A2300 ] rimsptsk C:\WINDOWS\system32\DRIVERS\rimsptsk.sys
21:30:35.0906 3648 rimsptsk - ok
21:30:35.0953 3648 [ D8B0B4ADE32574B2D9C5CC34DC0DBBE7 ] ROOTMODEM C:\WINDOWS\system32\Drivers\RootMdm.sys
21:30:35.0953 3648 ROOTMODEM - ok
21:30:36.0000 3648 [ 718B3BDC0BC3C2F7D065A53D26202AF9 ] RpcLocator C:\WINDOWS\system32\locator.exe
21:30:36.0000 3648 RpcLocator - ok
21:30:36.0031 3648 [ BE27674D1CBC3214AEC84B4336A38BBF ] RpcSs C:\WINDOWS\System32\rpcss.dll
21:30:36.0046 3648 RpcSs - ok
21:30:36.0078 3648 [ 09AB2E71E58B078038E3BFDBA7FFC984 ] RSVP C:\WINDOWS\system32\rsvp.exe
21:30:36.0078 3648 RSVP - ok
21:30:36.0093 3648 [ 69EE1E8DC0C750A5D03739E6E9429959 ] RTL8023xp C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys
21:30:36.0109 3648 RTL8023xp - ok
21:30:36.0140 3648 [ D507C1400284176573224903819FFDA3 ] rtl8139 C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
21:30:36.0140 3648 rtl8139 - ok
21:30:36.0171 3648 [ ED0A176354487CEED65B80A7148AB739 ] SamSs C:\WINDOWS\system32\lsass.exe
21:30:36.0171 3648 SamSs - ok
21:30:36.0171 3648 SASDIFSV - ok
21:30:36.0187 3648 SASKUTIL - ok
21:30:36.0218 3648 [ 410046E401EB11E1E6749E9DEEA41D4A ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
21:30:36.0234 3648 SCardSvr - ok
21:30:36.0265 3648 [ 3FF232A7731621B8902D81D42418C93C ] Schedule C:\WINDOWS\system32\schedsvc.dll
21:30:36.0281 3648 Schedule - ok
21:30:36.0328 3648 [ 8D04819A3CE51B9EB47E5689B44D43C4 ] sdbus C:\WINDOWS\system32\DRIVERS\sdbus.sys
21:30:36.0328 3648 sdbus - ok
21:30:36.0359 3648 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
21:30:36.0359 3648 Secdrv - ok
21:30:36.0375 3648 [ 477E2C3CC5E4A0D635BCB0EA8DCAC3C6 ] seclogon C:\WINDOWS\System32\seclogon.dll
21:30:36.0390 3648 seclogon - ok
21:30:36.0406 3648 [ A530B75C10C23C9AB28FDB6CE719E21F ] SENS C:\WINDOWS\system32\sens.dll
21:30:36.0406 3648 SENS - ok
21:30:36.0437 3648 [ B842729337C9B921615C40D3C1A1AF96 ] Serial C:\WINDOWS\system32\drivers\Serial.sys
21:30:36.0437 3648 Serial - ok
21:30:36.0546 3648 [ E90CE237E99C5D26CB3872318A7799D0 ] ServiceLayer C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
21:30:36.0593 3648 ServiceLayer - ok
21:30:36.0671 3648 [ 4C0D673281178CB496011A2E28571FC8 ] sfdrv01 C:\WINDOWS\system32\drivers\sfdrv01.sys
21:30:36.0671 3648 sfdrv01 - ok
21:30:36.0687 3648 [ 0FA803C64DF0914B41F807EA276BF2A6 ] sffdisk C:\WINDOWS\system32\DRIVERS\sffdisk.sys
21:30:36.0687 3648 sffdisk - ok
21:30:36.0703 3648 [ C17C331E435ED8737525C86A7557B3AC ] sffp_sd C:\WINDOWS\system32\DRIVERS\sffp_sd.sys
21:30:36.0703 3648 sffp_sd - ok
21:30:36.0718 3648 [ 15BE2B5E4DC5B8623CF167720682ABC9 ] sfhlp02 C:\WINDOWS\system32\drivers\sfhlp02.sys
21:30:36.0718 3648 sfhlp02 - ok
21:30:36.0734 3648 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
21:30:36.0734 3648 Sfloppy - ok
21:30:36.0750 3648 [ EFEBBC1D13FDB77A6AF4EDDFC7232EDF ] sfsync02 C:\WINDOWS\system32\drivers\sfsync02.sys
21:30:36.0750 3648 sfsync02 - ok
21:30:36.0796 3648 [ F58FACA9621D2DB01BD0927D9A0A208E ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
21:30:36.0828 3648 SharedAccess - ok
21:30:36.0843 3648 [ EE9A2B9EA968A792A053C9D1A86BF870 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
21:30:36.0859 3648 ShellHWDetection - ok
21:30:36.0859 3648 Simbad - ok
21:30:36.0937 3648 [ D9BFD2298F5CF116D8EAAE3B02DCEE2E ] smserial C:\WINDOWS\system32\DRIVERS\smserial.sys
21:30:36.0968 3648 smserial - ok
21:30:36.0984 3648 Sparrow - ok
21:30:37.0015 3648 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
21:30:37.0015 3648 splitter - ok
21:30:37.0062 3648 [ 739DB668DBD812285ECC553E64A5E212 ] spmgr C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
21:30:37.0062 3648 spmgr - ok
21:30:37.0093 3648 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
21:30:37.0109 3648 Spooler - ok
21:30:37.0187 3648 [ 352E375AB298C23B0F9BC307652C7F50 ] SQLSERVERAGENT C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlagent.EXE
21:30:37.0218 3648 SQLSERVERAGENT - ok
21:30:37.0250 3648 [ 94610C8653635E4459316A0050D55CE7 ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
21:30:37.0250 3648 sr - ok
21:30:37.0296 3648 [ 35B91147124F64AC8081A2EDB9EA4DEE ] srservice C:\WINDOWS\system32\srsvc.dll
21:30:37.0312 3648 srservice - ok
21:30:37.0375 3648 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
21:30:37.0390 3648 Srv - ok
21:30:37.0406 3648 [ BECD5271DC4E3B7C3D035F790FCBC1E5 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
21:30:37.0421 3648 SSDPSRV - ok
21:30:37.0468 3648 [ BCB4E273147AFCAFDFC0DA59AF9E6E25 ] ssudmdm C:\WINDOWS\system32\DRIVERS\ssudmdm.sys
21:30:37.0468 3648 ssudmdm - ok
21:30:37.0500 3648 [ C1CDD9275F6A115BB0AE1D55D8D27BA6 ] stisvc C:\WINDOWS\system32\wiaservc.dll
21:30:37.0531 3648 stisvc - ok
21:30:37.0546 3648 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
21:30:37.0546 3648 swenum - ok
21:30:37.0593 3648 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
21:30:37.0593 3648 swmidi - ok
21:30:37.0593 3648 SwPrv - ok
21:30:37.0609 3648 symc810 - ok
21:30:37.0609 3648 symc8xx - ok
21:30:37.0625 3648 sym_hi - ok
21:30:37.0625 3648 sym_u3 - ok
21:30:37.0671 3648 [ 418BD80A7FEFAA3FCBD3DCFC021CB294 ] SynasUSB C:\WINDOWS\system32\drivers\SynasUSB.sys
21:30:37.0671 3648 SynasUSB - ok
21:30:37.0718 3648 [ 69BF2DD9B1099D1AA3E7CF14B4B842CD ] SynTP C:\WINDOWS\system32\DRIVERS\SynTP.sys
21:30:37.0734 3648 SynTP - ok
21:30:37.0750 3648 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
21:30:37.0750 3648 sysaudio - ok
21:30:37.0796 3648 [ CE06F01B88ACE199A1BF460CAC29C110 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
21:30:37.0812 3648 SysmonLog - ok
21:30:37.0828 3648 [ C2546CD7A398476F9DF5614B2AE160E8 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
21:30:37.0843 3648 TapiSrv - ok
21:30:37.0906 3648 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
21:30:37.0906 3648 Tcpip - ok
21:30:37.0953 3648 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
21:30:37.0953 3648 TDPIPE - ok
21:30:37.0968 3648 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
21:30:37.0984 3648 TDTCP - ok
21:30:38.0000 3648 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
21:30:38.0000 3648 TermDD - ok
21:30:38.0046 3648 [ A75DD6FC3DBEE4FFF5EBC9F2C28BB66E ] TermService C:\WINDOWS\System32\termsrv.dll
21:30:38.0062 3648 TermService - ok
21:30:38.0093 3648 [ EE9A2B9EA968A792A053C9D1A86BF870 ] Themes C:\WINDOWS\System32\shsvcs.dll
21:30:38.0093 3648 Themes - ok
21:30:38.0187 3648 [ 87843B2DA99051BC66E2D6C211E3D6A4 ] TOSHIBA Bluetooth Service C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
21:30:38.0187 3648 TOSHIBA Bluetooth Service - ok
21:30:38.0203 3648 TosIde - ok
21:30:38.0218 3648 [ 8D624D3BD1F2D78BD1C01A2D4E954B4E ] tosporte C:\WINDOWS\system32\DRIVERS\tosporte.sys
21:30:38.0218 3648 tosporte - ok
21:30:38.0250 3648 [ 8C3BFAF3FCA90502E6FA35503B8E979E ] tosrfbd C:\WINDOWS\system32\DRIVERS\tosrfbd.sys
21:30:38.0265 3648 tosrfbd - ok
21:30:38.0281 3648 [ 90C8525BC578AAFFE87C2D0ED4379E9E ] tosrfbnp C:\WINDOWS\system32\Drivers\tosrfbnp.sys
21:30:38.0281 3648 tosrfbnp - ok
21:30:38.0312 3648 [ 4742F0BAD28268AB093ED6F4EA857997 ] Tosrfcom C:\WINDOWS\system32\Drivers\tosrfcom.sys
21:30:38.0312 3648 Tosrfcom - ok
21:30:38.0328 3648 [ 7C807BA9660E2995CC0217A14A24094C ] Tosrfhid C:\WINDOWS\system32\DRIVERS\Tosrfhid.sys
21:30:38.0343 3648 Tosrfhid - ok
21:30:38.0343 3648 [ C52FD27B9ADF3A1F22CB90E6BCF9B0CB ] tosrfnds C:\WINDOWS\system32\DRIVERS\tosrfnds.sys
21:30:38.0359 3648 tosrfnds - ok
21:30:38.0390 3648 [ A4CE9572BC4AC8D329455059B43C5BEA ] TosRfSnd C:\WINDOWS\system32\drivers\tosrfsnd.sys
21:30:38.0390 3648 TosRfSnd - ok
21:30:38.0406 3648 [ 01C90086CD37E7E8D9A827E24167FCB7 ] tosrfusb C:\WINDOWS\system32\DRIVERS\tosrfusb.sys
21:30:38.0421 3648 tosrfusb - ok
21:30:38.0468 3648 [ 38853304CCB938D30E0C4CDE8D2C2A8A ] TrkWks C:\WINDOWS\system32\trkwks.dll
21:30:38.0468 3648 TrkWks - ok
21:30:38.0500 3648 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
21:30:38.0500 3648 Udfs - ok
21:30:38.0500 3648 ultra - ok
21:30:38.0562 3648 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
21:30:38.0562 3648 Update - ok
21:30:38.0609 3648 [ 651BD90DCEE5B7BDC74A2EB7C9266F9E ] upnphost C:\WINDOWS\System32\upnphost.dll
21:30:38.0625 3648 upnphost - ok
21:30:38.0656 3648 [ 47F5F9D837D80FFD5882A14DB9DA0A67 ] upperdev C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys
21:30:38.0656 3648 upperdev - ok
21:30:38.0671 3648 [ 20A0F6A11959E92908717D09E87D670D ] UPS C:\WINDOWS\System32\ups.exe
21:30:38.0687 3648 UPS - ok
21:30:38.0718 3648 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
21:30:38.0718 3648 usbccgp - ok
21:30:38.0765 3648 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
21:30:38.0765 3648 usbehci - ok
21:30:38.0765 3648 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
21:30:38.0781 3648 usbhub - ok
21:30:38.0796 3648 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
21:30:38.0796 3648 usbprint - ok
21:30:38.0843 3648 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
21:30:38.0843 3648 usbscan - ok
21:30:38.0890 3648 [ E44F0D17BE0908B58DCC99CCB99C6C32 ] UsbserFilt C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys
21:30:38.0890 3648 UsbserFilt - ok
21:30:38.0937 3648 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
21:30:38.0937 3648 USBSTOR - ok
21:30:38.0968 3648 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
21:30:38.0968 3648 usbuhci - ok
21:30:38.0984 3648 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
21:30:38.0984 3648 VgaSave - ok
21:30:39.0000 3648 ViaIde - ok
21:30:39.0015 3648 [ 28A4B296B47782173C346E376CB374D1 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
21:30:39.0015 3648 VolSnap - ok
21:30:39.0062 3648 [ D6BA1A63D9E00933F1CD2A885573AFB2 ] VSS C:\WINDOWS\System32\vssvc.exe
21:30:39.0093 3648 VSS - ok
21:30:39.0125 3648 [ FA4E1CDBA256787F2149F4AAD07BC91F ] W32Time C:\WINDOWS\system32\w32time.dll
21:30:39.0140 3648 W32Time - ok
21:30:39.0171 3648 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
21:30:39.0171 3648 Wanarp - ok
21:30:39.0234 3648 [ D918617B46457B9AC28027722E30F647 ] Wdf01000 C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
21:30:39.0234 3648 Wdf01000 - ok
21:30:39.0250 3648 WDICA - ok
21:30:39.0265 3648 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
21:30:39.0281 3648 wdmaud - ok
21:30:39.0296 3648 [ 47AE51048A82DFA1CD6B51D369F7E169 ] WebClient C:\WINDOWS\System32\webclnt.dll
21:30:39.0312 3648 WebClient - ok
21:30:39.0406 3648 [ E488332126E3B1182D2B8A0C35408EC6 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
21:30:39.0406 3648 winmgmt - ok
21:30:39.0468 3648 [ 4D34CEDD74BDBF2B6A935EAE3BF80543 ] WinRM C:\WINDOWS\system32\WsmSvc.dll
21:30:39.0515 3648 WinRM - ok
21:30:39.0562 3648 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
21:30:39.0562 3648 WmdmPmSN - ok
21:30:39.0609 3648 [ 23F6F03272F7E5679F1F050AED5ACEE6 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
21:30:39.0625 3648 WmiApSrv - ok
21:30:39.0718 3648 [ 3739866D20ABD42F26A7B85F9E2560AF ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
21:30:39.0750 3648 WMPNetworkSvc - ok
21:30:39.0781 3648 [ CF4DEF1BF66F06964DC0D91844239104 ] WpdUsb C:\WINDOWS\system32\DRIVERS\wpdusb.sys
21:30:39.0781 3648 WpdUsb - ok
21:30:39.0875 3648 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
21:30:39.0906 3648 WPFFontCache_v0400 - ok
21:30:39.0937 3648 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
21:30:39.0937 3648 WS2IFSL - ok
21:30:39.0984 3648 [ 4C86D5FAF78194995AF9CC1075F65DD3 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
21:30:40.0000 3648 wscsvc - ok
21:30:40.0046 3648 [ 2EA107F535B0B7BFB1D8D6BD79325DBB ] WSIMD C:\WINDOWS\system32\DRIVERS\wsimd.sys
21:30:40.0046 3648 WSIMD - ok
21:30:40.0062 3648 [ C1364564800EE9784192145324A23308 ] wuauserv C:\WINDOWS\system32\wuauserv.dll
21:30:40.0078 3648 wuauserv - ok
21:30:40.0125 3648 [ EAA6324F51214D2F6718977EC9CE0DEF ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
21:30:40.0125 3648 WudfPf - ok
21:30:40.0156 3648 [ F91FF1E51FCA30B3C3981DB7D5924252 ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
21:30:40.0156 3648 WudfRd - ok
21:30:40.0171 3648 [ DDEE3682FE97037C45F4D7AB467CB8B6 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
21:30:40.0171 3648 WudfSvc - ok
21:30:40.0234 3648 [ A27D4BA7264C0BF52F32D10405BEA1D4 ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
21:30:40.0250 3648 WZCSVC - ok
21:30:40.0265 3648 xcpip - ok
21:30:40.0312 3648 [ EAA4BB9EDB3FB10CF8979FE65E63658F ] xmlprov C:\WINDOWS\System32\xmlprov.dll
21:30:40.0328 3648 xmlprov - ok
21:30:40.0343 3648 xpsec - ok
21:30:40.0343 3648 ================ Scan global ===============================
21:30:40.0390 3648 [ F36278E42C8C5DF03CE17DAC8231C91C ] C:\WINDOWS\system32\basesrv.dll
21:30:40.0421 3648 [ F3FA14A297BC687D0B51289D034033C9 ] C:\WINDOWS\system32\winsrv.dll
21:30:40.0453 3648 [ F3FA14A297BC687D0B51289D034033C9 ] C:\WINDOWS\system32\winsrv.dll
21:30:40.0468 3648 [ 9EF697AF07BB8DD82C3B02CA953A95B7 ] C:\WINDOWS\system32\services.exe
21:30:40.0484 3648 [Global] - ok
21:30:40.0484 3648 ================ Scan MBR ==================================
21:30:40.0500 3648 [ 9ECD6A6563309C153732EB5F8CCDAAE9 ] \Device\Harddisk0\DR0
21:30:40.0500 3648 \Device\Harddisk0\DR0 ( Rootkit.Boot.Sinowal.b ) - infected
21:30:40.0500 3648 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Sinowal.b (0)
21:30:40.0515 3648 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk1\DR2
21:30:40.0578 3648 \Device\Harddisk1\DR2 - ok
21:30:40.0578 3648 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk2\DR4
21:30:40.0593 3648 \Device\Harddisk2\DR4 - ok
21:30:40.0593 3648 ================ Scan VBR ==================================
21:30:40.0593 3648 [ 0CB708EDF2DD943F7479D204906EBA7D ] \Device\Harddisk0\DR0\Partition1
21:30:40.0593 3648 \Device\Harddisk0\DR0\Partition1 - ok
21:30:40.0609 3648 [ 9C194C8200C48C9CC3171172DDA8FDE1 ] \Device\Harddisk1\DR2\Partition1
21:30:40.0609 3648 \Device\Harddisk1\DR2\Partition1 - ok
21:30:40.0609 3648 [ CA8CEC3433055FAD9E56E05D7225DB83 ] \Device\Harddisk2\DR4\Partition1
21:30:40.0609 3648 \Device\Harddisk2\DR4\Partition1 - ok
21:30:40.0609 3648 ============================================================
21:30:40.0609 3648 Scan finished
21:30:40.0609 3648 ============================================================
21:30:40.0640 5308 Detected object count: 1
21:30:40.0640 5308 Actual detected object count: 1
21:30:50.0734 5308 \Device\Harddisk0\DR0\# - copied to quarantine
21:30:50.0734 5308 \Device\Harddisk0\DR0 - copied to quarantine
21:30:50.0734 5308 \Device\Harddisk0\DR0 ( Rootkit.Boot.Sinowal.b ) - will be cured on reboot
21:30:50.0750 5308 \Device\Harddisk0\DR0 - ok
21:30:50.0750 5308 \Device\Harddisk0\DR0 ( Rootkit.Boot.Sinowal.b ) - User select action: Cure

[Rudy]

Sinowal by měl být pryč. Zkuste nyní ten Combofix spustit skriptem.

[T-I-Y]

Tak zase jsem zkusil skript 35 minut a nic zůstane to na tom vyhledávání virů jak píše že to může trvat 10 minut ale klidně i 20. Rootkit je pryč ale CFko furt nefunguje:/

[Rudy]

Zkuste to v nouz. režimu.

[T-I-Y]

Tak v nouzovém režimu to šlo.Tady přikládám ještě log.Jinak Avast (štíty) se v nouzovém režimu sami vypínají a nejdou ovládat.Takže funkční nebyly.


ComboFix 13-01-26.02 - Roman 27.01.2013 11:36:32.2.2 - x86 MINIMAL
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.2039.1733 [GMT 1:00]
Spuštěný z: c:\documents and settings\Roman\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Roman\Plocha\CFScript.txt
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\AutoRun.inf
c:\windows\system32\drivers\etc\hosts.ics
c:\windows\system32\muzapp.exe
c:\windows\system32\zip32.dll
.
.
\\.\PhysicalDrive0 - Bootkit Sinowal was found and disinfected
\\.\PhysicalDrive4 - Bootkit Sinowal was found and disinfected
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_xcpip
-------\Service_xpsec
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-12-27 do 2013-01-27 )))))))))))))))))))))))))))))))
.
.
2013-01-26 20:30 . 2013-01-26 20:30 -------- d-----w- C:\TDSSKiller_Quarantine
2013-01-19 15:46 . 2013-01-19 15:46 -------- d-----w- c:\program files\Defraggler
2013-01-19 15:20 . 2013-01-19 15:20 -------- d-----w- c:\program files\VS Revo Group
2013-01-19 15:10 . 2013-01-19 15:11 -------- d-----w- c:\program files\Common Files\Adobe
2013-01-19 14:56 . 2013-01-19 14:56 -------- d-----w- c:\program files\CCleaner
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-09 01:48 . 2012-05-05 16:25 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-01-09 01:48 . 2011-07-01 16:58 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-12-16 12:23 . 2006-03-02 12:00 290560 ----a-w- c:\windows\system32\atmfd.dll
2012-11-13 11:55 . 2006-03-02 12:00 1866368 ----a-w- c:\windows\system32\win32k.sys
2012-11-08 10:29 . 2012-11-08 10:29 1402312 ----a-w- c:\windows\system32\msxml4.dll
2012-11-06 02:00 . 2008-04-14 03:21 1371648 ------w- c:\windows\system32\msxml6.dll
2012-11-02 02:03 . 2006-03-02 12:00 375296 ----a-w- c:\windows\system32\dpnet.dll
2012-11-01 12:12 . 2006-03-02 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-11-01 12:12 . 2006-03-02 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-11-01 12:12 . 2006-03-02 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-11-01 00:35 . 2006-03-02 12:00 385024 ----a-w- c:\windows\system32\html.iec
2012-10-30 22:51 . 2012-03-02 18:27 361032 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-10-30 22:51 . 2012-03-02 18:27 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-10-30 22:51 . 2012-03-02 18:27 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-10-30 22:51 . 2012-03-02 18:27 738504 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-10-30 22:51 . 2012-03-02 18:27 97608 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2012-10-30 22:51 . 2012-03-02 18:27 89752 ----a-w- c:\windows\system32\drivers\aswmon.sys
2012-10-30 22:51 . 2012-03-02 18:27 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-10-30 22:51 . 2012-03-02 18:27 25256 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2012-10-30 22:51 . 2012-03-02 18:26 41224 ----a-w- c:\windows\avastSS.scr
2012-10-30 22:50 . 2012-03-02 18:26 227648 ----a-w- c:\windows\system32\aswBoot.exe
2009-06-10 11:49 . 2009-06-10 11:49 17695920 ----a-w- c:\program files\PDFCreator-0_9_8_setup.exe
2009-01-28 10:20 . 2009-01-28 10:20 7730856 ----a-w- c:\program files\Google_Earth_CZXV.exe
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 22:50 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-01 15:08 143360 ----a-w- c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-06-20 451872]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-15 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-15 159744]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-15 131072]
"Print2PDF Print Monitor"="c:\program files\Software602\Print2PDF\Print2PDF.exe" [2011-10-04 220992]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]
"IJNetworkScanUtility"="c:\program files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe" [2010-03-02 140640]
"RTBatteryMeter"="c:\program files\VibrateGameDeviceDriver\RFPIcon.exe" [2003-01-16 49152]
"NSU_agent"="c:\program files\Nokia\Nokia Software Updater\nsu3ui_agent.exe" [2012-02-28 190768]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\Roman\Nabídka Start\Programy\Po spuštění\
PicoPhone.lnk - e:\program files\PicoPhone164.exe [N/A]
SAM.lnk - c:\program files\SAM\SAM.exe [N/A]
.
c:\documents and settings\Roman\Nabídka Start\Programy\Po spuštění\
PicoPhone.lnk - e:\program files\PicoPhone164.exe [N/A]
SAM.lnk - c:\program files\SAM\SAM.exe [N/A]
.
c:\documents and settings\Roman\Nabídka Start\Programy\Po spuštění\
PicoPhone.lnk - e:\program files\PicoPhone164.exe [N/A]
SAM.lnk - c:\program files\SAM\SAM.exe [N/A]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2007-8-2 2760704]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]
Service Manager.lnk - c:\program files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2005-5-3 81920]
.
c:\documents and settings\Roman\Nabídka Start\Programy\Po spuštění\
PicoPhone.lnk - e:\program files\PicoPhone164.exe [N/A]
SAM.lnk - c:\program files\SAM\SAM.exe [N/A]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ActivControl]
2010-12-17 13:37 1094000 ----a-w- c:\program files\Activ Software\ActivDriver\ActivControl2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Program Files\\Common Files\\soft602\\langserv.exe"=
"c:\\Documents and Settings\\Roman\\Plocha\\VRÁTIT NA FLAŠKU\\CS 1.6\\csko.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Microsoft Games\\FS2002\\fs2002.exe"=
"c:\\Program Files\\Electronic Arts\\Need For Speed World\\Data\\nfsw.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:Vzdálená správa systému Windows
"5938:TCP"= 5938:TCP:Team Viewer
"3389:TCP"= 3389:TCP:Remote Desktop
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2.3.2012 19:27 738504]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2.3.2012 19:27 361032]
R2 602XML Updater;602Updater;c:\program files\Common Files\soft602\602updsvc\602updsvc.exe [14.4.2010 10:28 84520]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2.3.2012 19:27 21256]
R3 DynCal;Dynamic Calibration Service;c:\windows\system32\drivers\DynCal.sys [7.11.2007 19:15 12928]
S1 SASDIFSV;SASDIFSV;\??\c:\docume~1\Roman\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS --> c:\docume~1\Roman\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS [?]
S1 SASKUTIL;SASKUTIL;\??\c:\docume~1\Roman\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.SYS --> c:\docume~1\Roman\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.SYS [?]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\drivers\ssudbus.sys [8.9.2012 20:25 83168]
S3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [8.9.2012 19:53 20032]
S3 Penet;PlaceEngine NDIS Protocol Driver;c:\windows\system32\drivers\Penet.sys [11.11.2008 20:52 21376]
S3 qoj5.sys;qoj5.sys;\??\c:\windows\system32\drivers\qoj5.sys --> c:\windows\system32\drivers\qoj5.sys [?]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\drivers\ssudmdm.sys [8.9.2012 20:25 181344]
S3 SynasUSB;SynasUSB;c:\windows\system32\drivers\synasUSB.sys [22.5.2008 16:38 18432]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-06-20 10:47 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-01-26 07:29 1624528 ----a-w- c:\program files\Google\Chrome\Application\25.0.1364.45\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2013-01-27 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-05 01:48]
.
2013-01-26 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2012-07-08 22:50]
.
2013-01-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-11 16:20]
.
2013-01-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-11 16:20]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
Trusted Zone: eset.cz
Trusted Zone: intel.com\www
Trusted Zone: ziveprenosy.cz\www
TCP: DhcpNameServer = 10.0.0.138
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
DPF: {5CF549B1-E178-4D8C-ADEF-73F226644F12} - hxxp://deploy.webvdecor.com/app/WebVDSetUp.cab
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
SafeBoot-55357612.sys
SafeBoot-86053359.sys
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-01-27 11:57
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-448539723-1957994488-839522115-1004\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(3876)
c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt.dll
c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_cze.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\Microsoft Office\OFFICE11\msohev.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
c:\program files\ATKGFNEX\GFNEXSrv.exe
c:\windows\system32\acs.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files\Java\jre7\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Google\Update\1.3.21.123\GoogleCrashHandler.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\ASUS\NB Probe\SPM\spmgr.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
c:\windows\System32\spool\DRIVERS\W32X86\3\HP1006MC.EXE
c:\windows\system32\igfxsrvc.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
.
**************************************************************************
.
Celkový čas: 2013-01-27 12:04:01 - počítač byl restartován
ComboFix-quarantined-files.txt 2013-01-27 11:03
ComboFix2.txt 2013-01-26 12:22
.
Před spuštěním: Volných bajtů: 62 439 907 328
Po spuštění: Volných bajtů: 62 419 394 560
.
- - End Of File - - 45B9A09503FC64B81724B3AD4265E018

[Rudy]

Ještě jednou spusťte CF tímto sriptem:

KillAll::

Collect::
c:\windows\system32\drivers\qoj5.sys

File::
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

Driver::
qoj5.sys
55357612
86053359

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"=-

Reboot::

Stejným způsobem, jako v předchozím případě.

[T-I-Y]

Omlouvám se, ale k notebooku se dostanu asi až za pár dní.Nicméně jak to udělám tak se ozvu.A mockrát díky.