Problém s odstraněním "Olmarik trojský kůň"

Zpráva

scuser · #1 Příspěvek od **scuser** » 11 úno 2011 11:22

Zdravím,

ESET NODE32 antivirus detekoval v Operační paměti Win32/Olmarik trojský kůň který "nelze léčit" .

Tady je obsah reportu ComboFixu:
ComboFix 11-02-09.05 - randula 10.02.2011 14:36:44.2.2 - x86
Microsoft® Windows Vista™ Business 6.0.6002.2.1250.420.1029.18.2015.1187 [GMT 1:00]
Spuštěný z: c:\users\randula\Downloads\unvir\ComboFix.exe
AV: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
* Rezidentní štít AV je zapnutý

.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Předchozí spuštění -------
.
c:\windows\jestertb.dll
c:\windows\system32\UNWISE.EXE
D:\Autorun.inf

.
((((((((((((((((((((((((( Soubory vytvořené od 2011-01-10 do 2011-02-10 )))))))))))))))))))))))))))))))
.

2011-02-10 13:49 . 2011-02-10 13:50 -------- d-----w- c:\users\randula\AppData\Local\temp
2011-02-10 13:49 . 2011-02-10 13:49 -------- d-----w- c:\users\Test\AppData\Local\temp
2011-02-10 13:49 . 2011-02-10 13:49 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-02-10 10:24 . 2011-02-10 10:24 273920 ----a-w- c:\windows\system32\drivers\cbksqquy.sys
2011-02-10 10:22 . 2011-02-10 10:26 -------- d-----w- c:\windows\system32\MpEngineStore
2011-02-09 21:46 . 2011-02-09 21:46 -------- d-----w- c:\users\randula\AppData\Local\ESET
2011-02-09 16:55 . 2011-02-09 16:55 -------- d-----w- c:\program files\ESET
2011-02-09 16:45 . 2011-02-09 16:45 273920 ----a-w- c:\windows\system32\drivers\cfoycasb.sys
2011-02-09 16:38 . 2011-02-09 16:38 273920 ----a-w- c:\windows\system32\drivers\mrrncgqf.sys
2011-02-09 16:12 . 2011-02-09 16:12 273920 ----a-w- c:\windows\system32\drivers\cfhksyco.sys
2011-02-09 15:48 . 2010-04-05 20:00 221568 ----a-w- c:\windows\system32\drivers\netio.sys
2011-01-30 13:57 . 2011-01-30 13:57 103864 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
2011-01-30 13:57 . 2011-01-30 13:57 103864 ----a-w- c:\program files\Internet Explorer\Plugins\nppdf32.dll
2011-01-28 10:20 . 2011-01-28 10:20 -------- d-----w- c:\users\randula\AppData\Roaming\Softtech
2011-01-28 10:16 . 2011-01-28 10:16 -------- d-----w- c:\programdata\Softtech
2011-01-26 13:49 . 2011-01-26 15:13 -------- d-----w- c:\users\randula\AppData\Roaming\TeamViewer
2011-01-20 12:48 . 2011-02-09 16:48 -------- d-----w- c:\program files\Mozilla Firefox 4.0 Beta 9

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-21 15:52 . 2010-12-21 15:52 1201279 ----a-w- c:\windows\unins003.exe
2010-12-21 14:04 . 2010-12-21 14:04 137144 ----a-w- c:\windows\system32\drivers\eamonm.sys
2010-12-21 14:04 . 2010-12-21 14:04 115008 ----a-w- c:\windows\system32\drivers\ehdrv.sys
2010-12-21 12:47 . 2010-12-21 12:47 95384 ----a-w- c:\windows\system32\drivers\epfwwfpr.sys
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"Google Update"="c:\users\randula\AppData\Local\Google\Update\GoogleUpdate.exe" [2008-09-05 133104]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-14 39408]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PTHOSTTR"="c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE" [2007-01-09 145184]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-28 1045800]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2007-03-12 50696]
"CognizanceTS"="c:\progra~1\HEWLET~1\IAM\Bin\ASTSVCC.dll" [2003-12-22 17920]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 49152]
"atchk"="c:\program files\Intel\AMT\atchk.exe" [2007-04-10 404248]
"WatchDog"="c:\program files\InterVideo\DVD Check\DVDCheck.exe" [2007-05-23 192512]
"openvpn-gui"="c:\program files\OpenVPN\bin\openvpn-gui.exe" [2005-08-18 99328]
"IFXSPMGT"="c:\windows\system32\ifxspmgt.exe" [2007-02-15 677408]
"PDF Complete"="c:\program files\PDF Complete\pdfsty.exe" [2008-01-16 330264]
"bgsmsnd.exe"="c:\windows\system32\bgsmsnd.exe" [2007-11-19 160136]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-02-21 1183744]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-02-18 13830760]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2011-01-12 2219184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"ST Recovery Launcher"="c:\windows\SMINST\launcher.exe" [2007-03-09 44168]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
DVD Check.lnk - c:\program files\InterVideo\DVD Check\DVDCheck.exe [2007-11-13 192512]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DeviceNP]
2007-04-30 06:19 49152 ----a-w- c:\windows\System32\DeviceNP.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

R2 gupdate1c9c974a3a17236;Google Update Service (gupdate1c9c974a3a17236);c:\program files\Google\Update\GoogleUpdate.exe [2009-04-30 133104]
R3 adusbser;AnyDATA USB Device for Legacy Serial Communication;c:\windows\system32\DRIVERS\adusbser.sys [2006-12-20 97920]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2006-11-02 167936]
R3 FLCDLOCK;HP ProtectTools Device Locking / Auditing;c:\windows\system32\flcdlock.exe [2007-04-30 172131]
R3 FNU;FNU;c:\users\randula\AppData\Local\Temp\FNU.exe [x]
R3 Huawei;HUAWEI Mobile Connect - USB Smart Card Reader;c:\windows\system32\DRIVERS\ewdcsc.sys [2009-12-15 23424]
R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys [2009-12-15 101120]
R3 QVKRD;QVKRD;c:\users\randula\AppData\Local\Temp\QVKRD.exe [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2010-12-21 115008]
S1 PersonalSecureDrive;PersonalSecureDrive;c:\windows\System32\drivers\psd.sys [2007-01-23 39080]
S2 602XML Updater;602Updater;c:\program files\Common Files\soft602\602updsvc\602updsvc.exe [2010-04-14 73728]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2008-01-19 21504]
S2 ASBroker;Logon Session Broker;c:\windows\System32\svchost.exe [2008-01-19 21504]
S2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe [2008-01-19 21504]
S2 atchksrv;Intel(R) Active Management Technology System Status Service;c:\program files\Intel\AMT\atchksrv.exe [2007-04-10 183064]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2010-12-21 137144]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2011-01-12 810144]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2010-12-21 95384]
S2 HpFkCryptService;Drive Encryption Service;c:\program files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [2007-04-27 221184]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2008-08-07 24880]
S2 pdfcDispatcher;PDF Document Manager;c:\program files\PDF Complete\pdfsvc.exe [2008-01-16 542744]
S3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-11-17 3668480]
S3 rismc32;RICOH Smart Card Reader;c:\windows\system32\DRIVERS\rismc32.sys [2006-12-20 47616]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
bthsvcs REG_MULTI_SZ BthServ
Cognizance REG_MULTI_SZ ASBroker ASChannel
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
LPDService REG_MULTI_SZ LPDSVC
Akamai REG_MULTI_SZ Akamai

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-04-19 11:23 452136 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Obsah adresáře 'Naplánované úlohy'

2011-02-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-30 09:18]

2011-02-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-30 09:18]

2011-02-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-972185092-1158475264-1021527904-1003Core.job
- c:\users\randula\AppData\Local\Google\Update\GoogleUpdate.exe [2008-09-05 07:02]

2011-02-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-972185092-1158475264-1021527904-1003UA.job
- c:\users\randula\AppData\Local\Google\Update\GoogleUpdate.exe [2008-09-05 07:02]

2011-02-10 c:\windows\Tasks\User_Feed_Synchronization-{D5D93112-F6F4-4B41-82DF-0823431BBFAF}.job
- c:\windows\system32\msfeedssync.exe [2010-10-13 04:25]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.softconsult.tv/
uDefault_Search_URL = hxxp://search.qip.ru
uSearchAssistant = hxxp://search.qip.ru/ie
Trusted Zone: microsoft.com
Trusted Zone: softconsult.tv\www
TCP: {5F80D403-E85B-4897-B8D7-4D1DD9827591} = 217.11.224.1,217.11.224.2
DPF: {5FB60DF1-234D-4067-8A61-536E540DA81E} - hxxp://www.webplaner-innoplus.de/royalstone/royalstone.cab
DPF: {672EE252-D813-4F5E-81BB-5DD163DD4FA5} - hxxps://www.mojedatovaschranka.cz/static/pages/ ... ?3,16,13,0
DPF: {B1953AD6-C50E-11D3-B020-00A0C9251384} - hxxp://www.o2c.de/download/o2cplayer.cab
FF - ProfilePath - c:\users\randula\AppData\Roaming\Mozilla\Firefox\Profiles\i6fmgzo5.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.softconsult.tv/
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?sourceid=navclient&hl=cs&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox 4.0 Beta 9\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: O2CPlayer Plugin: o2cplayer@eleco.com - %profile%\extensions\o2cplayer@eleco.com
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - %profile%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
FF - Ext: QipAuthorizer: {32a1fd71-835e-4b11-8e54-886fda0b4c89} - %profile%\extensions\{32a1fd71-835e-4b11-8e54-886fda0b4c89}
FF - Ext: Answers: {C0D0F6D1-9FC9-4b0a-B485-D5E13AF40D51} - %profile%\extensions\{C0D0F6D1-9FC9-4b0a-B485-D5E13AF40D51}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
.
------- Asociace souborů -------
.
.scr=DWGTrueViewScriptFile
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

HKLM-Run-hpWirelessAssistant - %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
HKLM-Run-WAWifiMessage - %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
HKLM-Run-QlbCtrl - %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
AddRemove-Hardlock Device Drivers - c:\windows\system32\UNWISE.EXE
AddRemove-QipGuard - c:\users\randula\AppData\Roaming\QipGuard\QipGuard.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-02-10 14:49
Windows 6.0.6002 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

c:\windows\TEMP\TMP000000463333FE4E1FCF9B5C 524288 bytes executable

sken byl úspešně dokončen
skryté soubory: 1

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.0.6002 Disk: FUJITSU_ rev.891F -> Harddisk0\DR0 -> \Device\Ide\iaStor0

device: opened successfully
user: MBR read successfully

Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys hpdskflt.sys hal.dll acpi.sys >>UNKNOWN [0x8FA03EC5]<<
c:\windows\system32\DRIVERS\hpdskflt.sys Hewlett-Packard Corporation Hewlett-Packard Corporation Mobile Data Protection System
_asm { PUSH EBP; MOV EBP, ESP; SUB ESP, 0x1c; PUSH EBX; PUSH ESI; MOV DWORD [EBP-0x4], 0x8693c872; SUB DWORD [EBP-0x4], 0x8693c12e; PUSH EDI; CALL 0xffffffffffffdf33; }
1 ntkrnlpa!IofCallDriver[0x81C8B962] -> \Device\Harddisk0\DR0[0x860A4AC8]
3 CLASSPNP[0x87DC28B3] -> ntkrnlpa!IofCallDriver[0x81C8B962] -> [0x85FA1380]
5 hpdskflt[0x87DA506E] -> ntkrnlpa!IofCallDriver[0x81C8B962] -> [0x84E716D0]
7 acpi[0x806996BC] -> ntkrnlpa!IofCallDriver[0x81C8B962] -> [0x84E74030]
[0x8E6EA920] -> IRP_MJ_CREATE -> 0x8FA03EC5
kernel: MBR read successfully
_asm { XOR DI, DI; MOV SI, 0x200; MOV SS, DI; MOV SP, 0x7a00; MOV BX, 0x7a0; MOV CX, SI; MOV DS, BX; MOV ES, BX; REP MOVSB ; JMP FAR 0x7a0:0x5d; }
detected disk devices:
\Device\Ide\IAAStorageDevice-0 -> \??\IDE#DiskFUJITSU_MHW2160BH_PL____________________891F____#4&1c6bb5cf&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
\Driver\iaStor DriverStartIo -> 0x8FA03AEA
user & kernel MBR OK
sectors 312581806 (+255): user != kernel
Warning: possible TDL3 rootkit infection !

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Celkový čas: 2011-02-10 14:53:54
ComboFix-quarantined-files.txt 2011-02-10 13:53

Před spuštěním: Volných bajtů: 79 768 096 768
Po spuštění: Volných bajtů: 79 744 999 424

- - End Of File - - B766ACE26CC8A7AF722888BBC3A166F4

#2 Příspěvek od **Caroprd111** » 11 úno 2011 16:47

Zdravím

ComboFix se nedoporučuje používat bez dozoru zkušené osoby a většinou kontroly logu z jiného detekčního programu, případně spuštění CF s příslušným parametrem. Rádce ví, jak případné legitimní smazané soubory obnovit, zná příkazy, dokáže se orientovat v logu atp. Nejde jen o problém restartování PC v případě, když vir smaže knihovnu hal.dll, ale o nespočet dalších věcí, které často nelze ani předpovídat.

Obrázek

Stáhněte TDSSKiller http://support.kaspersky.com/downloads/ ... killer.exe

Spusťte, poté klikněte na start scan.
Po dokončení scanu klikněte na Continue, poté případně na Reboot computer.
Následně sem vložte log, který najdete v C:\TDSSKiller.Verze_Datum_Čas_log.txt

scuser · #3 Příspěvek od **scuser** » 11 úno 2011 21:48

Díky za fundovanou radu. Pravda nejsem odborník na odstraňování virů (dělám do 3d sw). Posílám pro info ten log. Esset NOD 32 už nedetekoval toho Trojského koně (ale je jasné že to nemusí být definitivní).

Petr

2011/02/11 21:25:03.0190 4328 TDSS rootkit removing tool 2.4.17.0 Feb 10 2011 11:07:20
2011/02/11 21:25:03.0624 4328 ================================================================================
2011/02/11 21:25:03.0624 4328 SystemInfo:
2011/02/11 21:25:03.0624 4328
2011/02/11 21:25:03.0624 4328 OS Version: 6.0.6002 ServicePack: 2.0
2011/02/11 21:25:03.0624 4328 Product type: Workstation
2011/02/11 21:25:03.0624 4328 ComputerName: HP-NOTEBOOK-PR
2011/02/11 21:25:03.0624 4328 UserName: randula
2011/02/11 21:25:03.0624 4328 Windows directory: C:\Windows
2011/02/11 21:25:03.0624 4328 System windows directory: C:\Windows
2011/02/11 21:25:03.0624 4328 Processor architecture: Intel x86
2011/02/11 21:25:03.0624 4328 Number of processors: 2
2011/02/11 21:25:03.0624 4328 Page size: 0x1000
2011/02/11 21:25:03.0624 4328 Boot type: Normal boot
2011/02/11 21:25:03.0625 4328 ================================================================================
2011/02/11 21:25:04.0449 4328 Initialize success
2011/02/11 21:25:09.0675 1220 ================================================================================
2011/02/11 21:25:09.0675 1220 Scan started
2011/02/11 21:25:09.0675 1220 Mode: Manual;
2011/02/11 21:25:09.0675 1220 ================================================================================
2011/02/11 21:25:10.0429 1220 Accelerometer (aef9ee4451d5c46370142cb06d0f3591) C:\Windows\system32\DRIVERS\Accelerometer.sys
2011/02/11 21:25:10.0539 1220 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
2011/02/11 21:25:10.0631 1220 ADIHdAudAddService (fb9ece3f7b8a03e474e611031ad4cd23) C:\Windows\system32\drivers\ADIHdAud.sys
2011/02/11 21:25:10.0780 1220 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
2011/02/11 21:25:10.0891 1220 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
2011/02/11 21:25:10.0976 1220 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
2011/02/11 21:25:11.0204 1220 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
2011/02/11 21:25:11.0303 1220 adusbser (4ae9537ac4df20f857e5db119ef4b1ca) C:\Windows\system32\DRIVERS\adusbser.sys
2011/02/11 21:25:11.0411 1220 AFD (4cba5b151eb1d21af2e52b02e4f7da95) C:\Windows\system32\DRIVERS\AFD.SYS
2011/02/11 21:25:11.0414 1220 Suspicious file (Forged): C:\Windows\system32\DRIVERS\AFD.SYS. Real md5: 4cba5b151eb1d21af2e52b02e4f7da95, Fake md5: a201207363aa900abf1a388468688570
2011/02/11 21:25:11.0431 1220 AFD - detected Rootkit.Win32.TDSS.tdl3 (0)
2011/02/11 21:25:11.0555 1220 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
2011/02/11 21:25:11.0617 1220 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/02/11 21:25:11.0729 1220 akshasp (3f9f42085ab5b6a55498a539c54575ab) C:\Windows\system32\DRIVERS\akshasp.sys
2011/02/11 21:25:11.0808 1220 aksusb (d2b95315cc47f9230006fdbcba394d8d) C:\Windows\system32\DRIVERS\aksusb.sys
2011/02/11 21:25:11.0949 1220 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
2011/02/11 21:25:12.0018 1220 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
2011/02/11 21:25:12.0084 1220 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
2011/02/11 21:25:12.0150 1220 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
2011/02/11 21:25:12.0223 1220 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\DRIVERS\amdk8.sys
2011/02/11 21:25:12.0382 1220 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
2011/02/11 21:25:12.0476 1220 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
2011/02/11 21:25:12.0602 1220 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/02/11 21:25:12.0680 1220 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
2011/02/11 21:25:12.0787 1220 ATSWPDRV (293e8cc3c246a89f4cca75b024ad757f) C:\Windows\system32\DRIVERS\ATSwpDrv.sys
2011/02/11 21:25:12.0874 1220 b57nd60x (8e287eb3a52fd30c999482c576f4a61b) C:\Windows\system32\DRIVERS\b57nd60x.sys
2011/02/11 21:25:12.0952 1220 BCM43XV (746f59822a5187510471fc46889b8cc9) C:\Windows\system32\DRIVERS\bcmwl6.sys
2011/02/11 21:25:12.0985 1220 BCM43XX (746f59822a5187510471fc46889b8cc9) C:\Windows\system32\DRIVERS\bcmwl6.sys
2011/02/11 21:25:13.0077 1220 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2011/02/11 21:25:13.0210 1220 bowser (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys
2011/02/11 21:25:13.0278 1220 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/02/11 21:25:13.0325 1220 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/02/11 21:25:13.0407 1220 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/02/11 21:25:13.0501 1220 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/02/11 21:25:13.0565 1220 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/02/11 21:25:13.0633 1220 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/02/11 21:25:13.0731 1220 BthEnum (6d39c954799b63ba866910234cf7d726) C:\Windows\system32\DRIVERS\BthEnum.sys
2011/02/11 21:25:13.0810 1220 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2011/02/11 21:25:13.0884 1220 BthPan (5904efa25f829bf84ea6fb045134a1d8) C:\Windows\system32\DRIVERS\bthpan.sys
2011/02/11 21:25:13.0966 1220 BTHPORT (73d53f8e90550ba81e2cf44a0873b410) C:\Windows\system32\Drivers\BTHport.sys
2011/02/11 21:25:14.0049 1220 BTHUSB (32045a4bb143bbc5bab1298c4e9e309a) C:\Windows\system32\Drivers\BTHUSB.sys
2011/02/11 21:25:14.0298 1220 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/02/11 21:25:14.0385 1220 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
2011/02/11 21:25:14.0483 1220 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
2011/02/11 21:25:14.0568 1220 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
2011/02/11 21:25:14.0682 1220 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/02/11 21:25:14.0792 1220 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
2011/02/11 21:25:14.0884 1220 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
2011/02/11 21:25:14.0949 1220 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
2011/02/11 21:25:15.0015 1220 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
2011/02/11 21:25:15.0148 1220 CSC (9bdb2e89be8d0ef37b1f25c3d3fc192c) C:\Windows\system32\drivers\csc.sys
2011/02/11 21:25:15.0276 1220 DfsC (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys
2011/02/11 21:25:15.0346 1220 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
2011/02/11 21:25:15.0399 1220 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2011/02/11 21:25:15.0507 1220 DXGKrnl (fb85f7f69e9b109820409243f578cc4d) C:\Windows\System32\drivers\dxgkrnl.sys
2011/02/11 21:25:15.0634 1220 e1express (908ed85b7806e8af3af5e9b74f7809d4) C:\Windows\system32\DRIVERS\e1e6032.sys
2011/02/11 21:25:15.0710 1220 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/02/11 21:25:15.0837 1220 eabfiltr (e88b0cfcecf745211bba87f44f85d0dd) C:\Windows\system32\DRIVERS\eabfiltr.sys
2011/02/11 21:25:15.0966 1220 eamonm (04cba07e73f152970fc34d66d3892e2a) C:\Windows\system32\DRIVERS\eamonm.sys
2011/02/11 21:25:16.0040 1220 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
2011/02/11 21:25:16.0149 1220 ehdrv (fe7824239d132ad9ebd8645fe1199b30) C:\Windows\system32\DRIVERS\ehdrv.sys
2011/02/11 21:25:16.0259 1220 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
2011/02/11 21:25:16.0378 1220 epfwwfpr (ddb45f6371714601a43e8be38145be18) C:\Windows\system32\DRIVERS\epfwwfpr.sys
2011/02/11 21:25:16.0487 1220 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
2011/02/11 21:25:16.0588 1220 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
2011/02/11 21:25:16.0673 1220 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
2011/02/11 21:25:16.0800 1220 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2011/02/11 21:25:16.0873 1220 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2011/02/11 21:25:16.0967 1220 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/02/11 21:25:17.0081 1220 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
2011/02/11 21:25:17.0193 1220 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2011/02/11 21:25:17.0290 1220 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
2011/02/11 21:25:17.0422 1220 GEARAspiWDM (ab8a6a87d9d7255c3884d5b9541a6e80) C:\Windows\system32\Drivers\GEARAspiWDM.sys
2011/02/11 21:25:17.0560 1220 Hardlock (d95554949082fd29a04d351b58396718) C:\Windows\system32\drivers\hardlock.sys
2011/02/11 21:25:17.0693 1220 HBtnKey (de15777902a5d9121857d155873a1d1b) C:\Windows\system32\DRIVERS\cpqbttn.sys
2011/02/11 21:25:17.0758 1220 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
2011/02/11 21:25:17.0881 1220 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/02/11 21:25:18.0005 1220 HECI (66fed3eeabdce17829edf4c68702ed22) C:\Windows\system32\DRIVERS\HECI.sys
2011/02/11 21:25:18.0069 1220 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2011/02/11 21:25:18.0167 1220 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2011/02/11 21:25:18.0269 1220 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
2011/02/11 21:25:18.0389 1220 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
2011/02/11 21:25:18.0456 1220 hpdskflt (64637b65c90df48c94bb9346afb3ac61) C:\Windows\system32\DRIVERS\hpdskflt.sys
2011/02/11 21:25:18.0638 1220 HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
2011/02/11 21:25:18.0723 1220 HSF_DPV (7bc42c65b5c6281777c1a7605b253ba8) C:\Windows\system32\DRIVERS\HSX_DPV.sys
2011/02/11 21:25:18.0824 1220 HSXHWAZL (9ebf2d102ccbb6bcdfbf1b7922f8ba2e) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
2011/02/11 21:25:18.0916 1220 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
2011/02/11 21:25:18.0980 1220 Huawei (c1258adcbe6e51a3c06c234d2bdb81b5) C:\Windows\system32\DRIVERS\ewdcsc.sys
2011/02/11 21:25:19.0047 1220 hwdatacard (0515065a3c7e8869dd01253e987c5bd1) C:\Windows\system32\DRIVERS\ewusbmdm.sys
2011/02/11 21:25:19.0137 1220 hwusbdev (a259d3619aa23d4562581067f85e2006) C:\Windows\system32\DRIVERS\ewusbdev.sys
2011/02/11 21:25:19.0224 1220 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
2011/02/11 21:25:19.0306 1220 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/02/11 21:25:19.0378 1220 iaStor (997e8f5939f2d12cd9f2e6b395724c16) C:\Windows\system32\DRIVERS\iaStor.sys
2011/02/11 21:25:19.0474 1220 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
2011/02/11 21:25:19.0630 1220 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/02/11 21:25:19.0711 1220 intelide (97469037714070e45194ed318d636401) C:\Windows\system32\drivers\intelide.sys
2011/02/11 21:25:19.0782 1220 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2011/02/11 21:25:19.0887 1220 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/02/11 21:25:20.0031 1220 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
2011/02/11 21:25:20.0114 1220 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2011/02/11 21:25:20.0205 1220 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2011/02/11 21:25:20.0289 1220 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
2011/02/11 21:25:20.0367 1220 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/02/11 21:25:20.0426 1220 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/02/11 21:25:20.0514 1220 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/02/11 21:25:20.0612 1220 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/02/11 21:25:20.0674 1220 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/02/11 21:25:20.0771 1220 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
2011/02/11 21:25:20.0905 1220 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/02/11 21:25:21.0033 1220 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
2011/02/11 21:25:21.0103 1220 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
2011/02/11 21:25:21.0165 1220 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
2011/02/11 21:25:21.0260 1220 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2011/02/11 21:25:21.0350 1220 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
2011/02/11 21:25:21.0431 1220 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
2011/02/11 21:25:21.0524 1220 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2011/02/11 21:25:21.0621 1220 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2011/02/11 21:25:21.0711 1220 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2011/02/11 21:25:21.0777 1220 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2011/02/11 21:25:21.0851 1220 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2011/02/11 21:25:21.0944 1220 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
2011/02/11 21:25:22.0061 1220 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2011/02/11 21:25:22.0164 1220 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/02/11 21:25:22.0258 1220 MREMP50 (9bd4dcb5412921864a7aacdedfbd1923) C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS
2011/02/11 21:25:22.0402 1220 MRESP50 (07c02c892e8e1a72d6bf35004f0e9c5e) C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS
2011/02/11 21:25:22.0539 1220 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
2011/02/11 21:25:22.0613 1220 mrxsmb (454341e652bdf5e01b0f2140232b073e) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/02/11 21:25:22.0673 1220 mrxsmb10 (2a4901aff069944fa945ed5bbf4dcde3) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/02/11 21:25:22.0737 1220 mrxsmb20 (28b3f1ab44bdd4432c041581412f17d9) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/02/11 21:25:22.0836 1220 msahci (b2efb263600314babcf9dadb1cbba994) C:\Windows\system32\drivers\msahci.sys
2011/02/11 21:25:22.0917 1220 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
2011/02/11 21:25:23.0000 1220 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2011/02/11 21:25:23.0073 1220 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2011/02/11 21:25:23.0206 1220 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2011/02/11 21:25:23.0295 1220 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/02/11 21:25:23.0352 1220 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2011/02/11 21:25:23.0418 1220 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
2011/02/11 21:25:23.0492 1220 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/02/11 21:25:23.0594 1220 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2011/02/11 21:25:23.0669 1220 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
2011/02/11 21:25:23.0751 1220 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
2011/02/11 21:25:23.0842 1220 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
2011/02/11 21:25:23.0966 1220 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/02/11 21:25:24.0034 1220 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/02/11 21:25:24.0097 1220 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/02/11 21:25:24.0159 1220 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2011/02/11 21:25:24.0229 1220 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2011/02/11 21:25:24.0298 1220 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
2011/02/11 21:25:24.0455 1220 NETw4v32 (6522dd40a5f67ced020bd81b856613fb) C:\Windows\system32\DRIVERS\NETw4v32.sys
2011/02/11 21:25:24.0640 1220 NETw5v32 (8de67bd902095a13329fd82c85a1fa09) C:\Windows\system32\DRIVERS\NETw5v32.sys
2011/02/11 21:25:24.0751 1220 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/02/11 21:25:24.0849 1220 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
2011/02/11 21:25:24.0925 1220 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2011/02/11 21:25:25.0053 1220 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
2011/02/11 21:25:25.0187 1220 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/02/11 21:25:25.0277 1220 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2011/02/11 21:25:25.0739 1220 nvlddmkm (b4c5099e80c873d665b8aaaadf8494c2) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2011/02/11 21:25:25.0917 1220 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
2011/02/11 21:25:25.0974 1220 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
2011/02/11 21:25:26.0044 1220 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
2011/02/11 21:25:26.0192 1220 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/02/11 21:25:26.0343 1220 Parport (8a79fdf04a73428597e2caf9d0d67850) C:\Windows\system32\DRIVERS\parport.sys
2011/02/11 21:25:26.0416 1220 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
2011/02/11 21:25:26.0469 1220 Parvdm (6c580025c81caf3ae9e3617c22cad00e) C:\Windows\system32\DRIVERS\parvdm.sys
2011/02/11 21:25:26.0542 1220 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
2011/02/11 21:25:26.0606 1220 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\DRIVERS\pciide.sys
2011/02/11 21:25:26.0690 1220 pcmcia (3bb2244f343b610c29c98035504c9b75) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/02/11 21:25:26.0800 1220 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/02/11 21:25:26.0952 1220 PersonalSecureDrive (0d8848fbe1765a3e27b69b5bef6d429f) C:\Windows\System32\drivers\psd.sys
2011/02/11 21:25:27.0098 1220 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2011/02/11 21:25:27.0185 1220 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
2011/02/11 21:25:27.0279 1220 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
2011/02/11 21:25:27.0366 1220 PxHelp20 (feffcfdc528764a04c8ed63d5fa6e711) C:\Windows\system32\Drivers\PxHelp20.sys
2011/02/11 21:25:27.0446 1220 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
2011/02/11 21:25:27.0563 1220 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/02/11 21:25:27.0663 1220 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2011/02/11 21:25:27.0827 1220 R300 (e642b131fb74caf4bb8a014f31113142) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/02/11 21:25:28.0007 1220 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2011/02/11 21:25:28.0103 1220 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/02/11 21:25:28.0196 1220 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/02/11 21:25:28.0276 1220 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
2011/02/11 21:25:28.0378 1220 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
2011/02/11 21:25:28.0469 1220 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/02/11 21:25:28.0591 1220 rdpdr (943b18305eae3935598a9b4a3d560b4c) C:\Windows\system32\DRIVERS\rdpdr.sys
2011/02/11 21:25:28.0650 1220 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2011/02/11 21:25:28.0752 1220 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
2011/02/11 21:25:28.0836 1220 RFCOMM (6482707f9f4da0ecbab43b2e0398a101) C:\Windows\system32\DRIVERS\rfcomm.sys
2011/02/11 21:25:28.0962 1220 rimmptsk (355aac141b214bef1dbc1483afd9bd50) C:\Windows\system32\DRIVERS\rimmptsk.sys
2011/02/11 21:25:29.0012 1220 rimsptsk (a4216c71dd4f60b26418ccfd99cd0815) C:\Windows\system32\DRIVERS\rimsptsk.sys
2011/02/11 21:25:29.0069 1220 rismc32 (7c21554942bef51cbd84fd7d4e62cb9a) C:\Windows\system32\DRIVERS\rismc32.sys
2011/02/11 21:25:29.0174 1220 rismxdp (c663af77e2f4eabf8eb08b388d2f1f36) C:\Windows\system32\DRIVERS\rixdptsk.sys
2011/02/11 21:25:29.0299 1220 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2011/02/11 21:25:29.0373 1220 RsvLock (40ace983d0b03e997191ff6f7ff407d7) C:\Windows\system32\drivers\RsvLock.sys
2011/02/11 21:25:29.0410 1220 SafeBoot (58a8f41e174b28843692812d55547dc3) C:\Windows\system32\drivers\SafeBoot.sys
2011/02/11 21:25:29.0410 1220 Suspicious file (NoAccess): C:\Windows\system32\drivers\SafeBoot.sys. md5: 58a8f41e174b28843692812d55547dc3
2011/02/11 21:25:29.0421 1220 SafeBoot - detected Locked file (1)
2011/02/11 21:25:29.0481 1220 SbAlg (f6367fb350f8e5d3f6dd8040e4c0e33b) C:\Windows\system32\drivers\SbAlg.sys
2011/02/11 21:25:29.0578 1220 SbFsLock (df4a90b29b878e8cd95a1ac8f94ca954) C:\Windows\system32\drivers\SbFsLock.sys
2011/02/11 21:25:29.0660 1220 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/02/11 21:25:29.0781 1220 sdbus (8f36b54688c31eed4580129040c6a3d3) C:\Windows\system32\DRIVERS\sdbus.sys
2011/02/11 21:25:29.0875 1220 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/02/11 21:25:29.0946 1220 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\DRIVERS\serenum.sys
2011/02/11 21:25:30.0015 1220 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\DRIVERS\serial.sys
2011/02/11 21:25:30.0088 1220 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2011/02/11 21:25:30.0217 1220 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
2011/02/11 21:25:30.0268 1220 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
2011/02/11 21:25:30.0370 1220 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
2011/02/11 21:25:30.0435 1220 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2011/02/11 21:25:30.0556 1220 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
2011/02/11 21:25:30.0657 1220 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
2011/02/11 21:25:30.0726 1220 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
2011/02/11 21:25:30.0901 1220 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
2011/02/11 21:25:31.0013 1220 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2011/02/11 21:25:31.0102 1220 srv (96a5e2c642af8f591a7366429809506b) C:\Windows\system32\DRIVERS\srv.sys
2011/02/11 21:25:31.0164 1220 srv2 (71da2d64880c97e5ffc3c81761632751) C:\Windows\system32\DRIVERS\srv2.sys
2011/02/11 21:25:31.0259 1220 srvnet (0c5ab1892ae0fa504218db094bf6d041) C:\Windows\system32\DRIVERS\srvnet.sys
2011/02/11 21:25:31.0361 1220 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2011/02/11 21:25:31.0437 1220 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/02/11 21:25:31.0490 1220 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/02/11 21:25:31.0577 1220 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/02/11 21:25:31.0669 1220 SynasUSB (bb277d40458b4bdddda51f02a1e77f99) C:\Windows\system32\drivers\SynasUSB.sys
2011/02/11 21:25:31.0750 1220 SynTP (f5d926807bd9bc0af68f9376144de425) C:\Windows\system32\DRIVERS\SynTP.sys
2011/02/11 21:25:31.0831 1220 tap0801 (0c82061920a2de35d33c2c2bb83b1e98) C:\Windows\system32\DRIVERS\tap0801.sys
2011/02/11 21:25:31.0950 1220 Tcpip (6a10afce0b38371064be41c1fbfd3c6b) C:\Windows\system32\drivers\tcpip.sys
2011/02/11 21:25:32.0061 1220 Tcpip6 (6a10afce0b38371064be41c1fbfd3c6b) C:\Windows\system32\DRIVERS\tcpip.sys
2011/02/11 21:25:32.0123 1220 tcpipreg (9bf343f4c878d6ad6922b2c5a4fefe0d) C:\Windows\system32\drivers\tcpipreg.sys
2011/02/11 21:25:32.0193 1220 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2011/02/11 21:25:32.0283 1220 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2011/02/11 21:25:32.0368 1220 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
2011/02/11 21:25:32.0479 1220 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
2011/02/11 21:25:32.0648 1220 TPM (cb258c2f726f1be73c507022be33ebb3) C:\Windows\system32\drivers\tpm.sys
2011/02/11 21:25:32.0744 1220 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/02/11 21:25:32.0822 1220 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2011/02/11 21:25:32.0887 1220 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
2011/02/11 21:25:33.0005 1220 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
2011/02/11 21:25:33.0095 1220 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
2011/02/11 21:25:33.0204 1220 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
2011/02/11 21:25:33.0286 1220 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
2011/02/11 21:25:33.0371 1220 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/02/11 21:25:33.0460 1220 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/02/11 21:25:33.0529 1220 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2011/02/11 21:25:33.0623 1220 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/02/11 21:25:33.0692 1220 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/02/11 21:25:33.0765 1220 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
2011/02/11 21:25:33.0866 1220 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
2011/02/11 21:25:33.0926 1220 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\DRIVERS\usbohci.sys
2011/02/11 21:25:34.0003 1220 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys
2011/02/11 21:25:34.0076 1220 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/02/11 21:25:34.0175 1220 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/02/11 21:25:34.0262 1220 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/02/11 21:25:34.0345 1220 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2011/02/11 21:25:34.0408 1220 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
2011/02/11 21:25:34.0495 1220 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
2011/02/11 21:25:34.0568 1220 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
2011/02/11 21:25:34.0646 1220 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2011/02/11 21:25:34.0715 1220 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
2011/02/11 21:25:34.0810 1220 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
2011/02/11 21:25:34.0891 1220 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
2011/02/11 21:25:34.0979 1220 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/02/11 21:25:35.0055 1220 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/02/11 21:25:35.0074 1220 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/02/11 21:25:35.0156 1220 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
2011/02/11 21:25:35.0249 1220 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2011/02/11 21:25:35.0383 1220 WimFltr (f9ad3a5e3fd7e0bdb18b8202b0fdd4e4) C:\Windows\system32\DRIVERS\wimfltr.sys
2011/02/11 21:25:35.0481 1220 winachsf (5a77ac34a0ffb70ce8b35b524fede9ba) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
2011/02/11 21:25:35.0658 1220 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/02/11 21:25:35.0762 1220 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/02/11 21:25:35.0855 1220 XAudio (88af537264f2b818da15479ceeaf5d7c) C:\Windows\system32\DRIVERS\xaudio.sys
2011/02/11 21:25:36.0202 1220 ================================================================================
2011/02/11 21:25:36.0202 1220 Scan finished
2011/02/11 21:25:36.0202 1220 ================================================================================
2011/02/11 21:25:36.0239 2860 Detected object count: 2
2011/02/11 21:25:54.0001 2860 AFD (4cba5b151eb1d21af2e52b02e4f7da95) C:\Windows\system32\DRIVERS\AFD.SYS
2011/02/11 21:25:54.0004 2860 Suspicious file (Forged): C:\Windows\system32\DRIVERS\AFD.SYS. Real md5: 4cba5b151eb1d21af2e52b02e4f7da95, Fake md5: a201207363aa900abf1a388468688570
2011/02/11 21:26:02.0203 2860 Backup copy not found, trying to cure infected file..
2011/02/11 21:26:02.0205 2860 Cure success, using it..
2011/02/11 21:26:02.0397 2860 C:\Windows\system32\DRIVERS\AFD.SYS - will be cured after reboot
2011/02/11 21:26:02.0397 2860 Rootkit.Win32.TDSS.tdl3(AFD) - User select action: Cure
2011/02/11 21:26:02.0400 2860 Locked file(SafeBoot) - User select action: Skip
2011/02/11 21:26:22.0408 3280 Deinitialize success

#4 Příspěvek od **Caroprd111** » 11 úno 2011 22:05

Doporučuji odinstalovat Spybot - Search & Destroy, je zastaralý a nedoporučuje se používat.

Obrázek

Pokud nemáte, přesuňte Combofix na plochu

Otevřete si Poznámkový blok a zkopírujte do něj text z bílého okénka.

Kód: Vybrat vše

File::
c:\windows\system32\drivers\cfoycasb.sys
c:\windows\system32\drivers\mrrncgqf.sys
c:\windows\system32\drivers\cfhksyco.sys
c:\windows\system32\drivers\netio.sys
c:\windows\system32\drivers\cbksqquy.sys

Driver::
FNU
QVKRD

DDS::
uDefault_Search_URL = hxxp://search.qip.ru
uSearchAssistant = hxxp://search.qip.ru/ie

Folder::
c:\windows\TEMP
c:\users\randula\AppData\Local\Temp

RegLock::
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]

Uložte Vámi vytvořený TXT soubor jako CFScript.txt na plochu
Po uložení uchopte vámi vytvořený skript levým myšítkem a přesuňte ho nad ikonu Combofixu, kde ho upustíte:
Po aplikaci na Vás vypadne další log,vložte ho sem

Může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou, v tom případě znovu restartujte a přitom mačkejte F8, pak zvolte Poslední známou funkční konfiguraci

scuser · #5 Příspěvek od **scuser** » 12 úno 2011 00:26

Zdravím, vše jsme provedl a proběhlo vše dle vašeho popisu a ok. Jen ve výsledku již nebyl žádný log v txt (předpokládám že to je přívětivá zpráva). Doufám že jsem něco neudělal chybně.
Musím ocenit že fungujete tímto profesionálním způsobem. Za 20 let v oblasti sw se setkávám s dosti problematickým oceněním od uživatelů (jaká je cena rady). V řadě případů se stane, že nepostupují podle naší rady (opakovaně sdělené). a potom se rozohní že jsme jim v tom nezabránili.
Petr

#6 Příspěvek od **Caroprd111** » 12 úno 2011 12:34

Dobré poledne,
děkuji za ocenění.

Podívejte se, prosím, na disk C:, jestli se tam nenachází poslední log z ComboFixu. On by totiž log vyhodit měl. Podle mého už jsou viry pryč, ale pokud nebudete proti, rád bych to ještě ověřil.

scuser · #7 Příspěvek od **scuser** » 12 úno 2011 15:32

Zdravím, v noci jsem už nehledal důsledně, ale soubor ComboFix.txt (dle datumu je to asi ten požadovaný), byl ve složce C:\Combofix

Tady je obsah:
ComboFix 11-02-11.01 - randula 11.02.2011 23:25:11.3.2 - x86
Microsoft® Windows Vista™ Business 6.0.6002.2.1250.420.1029.18.2015.976 [GMT 1:00]
Spuštěný z: C:\Users\randula\Desktop\ComboFix.exe
Použité ovládací přepínače :: C:\Users\randula\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FILE ::
"c:\windows\system32\drivers\cbksqquy.sys"
"c:\windows\system32\drivers\cfhksyco.sys"
"c:\windows\system32\drivers\cfoycasb.sys"
"c:\windows\system32\drivers\mrrncgqf.sys"
"c:\windows\system32\drivers\netio.sys"
.

Ještě dvě informace. Ten Spybot se dost bránil uninstalu, ale je pryč. Hlavně běží WinUpdate, (nešla aktualizace), což byl první příznak něčeho nekalého. Bohužel AVG nic nedetekovalo.

Petr

#8 Příspěvek od **Caroprd111** » 12 úno 2011 15:41

Poprosím vás o log z RSIT.

Obrázek

Odinstalujte všechny emulátory virtuálních mechanik.

Obrázek

Stáhněte SPTD http://www.duplexsecure.com/en/downloads

Vyberte verzi podle svého operačního systému (64 & 32b). Uložte na plochu a spusťte.
zvolte možnost Uninstall a restartujte PC.

Stáhněte a spusťte http://www.jpshortstuff.247fixes.com/Defogger.exe

Klikněte na "Disable" a restartujte PC.

Stáhněte MBR na plochu http://www2.gmer.net/mbr/mbr.exe

Obrázek

Start > Spustit (Win + R)

Vyskočí okénko, zkopírujte do něj:

Kód: Vybrat vše

"%userprofile%\plocha\mbr" -t

Klikněte na OK

Vytvoří se log s názvem mbr.log, vložte ho sem.

Dejte log z Gmer http://www.viry.cz/forum/viewtopic.php?f=29&t=62878

scuser · #9 Příspěvek od **scuser** » 12 úno 2011 21:41

** Tady je log z RSIT:
Logfile of random's system information tool 1.08 (written by random/random)
Run by randula at 2011-02-12 20:01:33
Microsoft® Windows Vista™ Business Service Pack 2
System drive C: has 65 GB (45%) free of 144 GB
Total RAM: 2015 MB (51% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:04:08, on 12.2.2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.19019)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Hewlett-Packard\IAM\bin\asghost.exe
C:\WINDOWS\SMINST\scheduler.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe
C:\Program Files\OpenVPN\bin\openvpn-gui.exe
C:\Program Files\PDF Complete\pdfsty.exe
C:\WINDOWS\System32\bgsmsnd.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\conime.exe
C:\Program Files\Hewlett-Packard\Embedded Security Software\PSDrt.exe
C:\Users\randula\AppData\Local\Google\Update\1.2.183.39\GoogleCrashHandler.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\SeaMonkey\seamonkey.exe
C:\Users\randula\Downloads\unvir\RSIT.exe
C:\Program Files\trend micro\randula.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.softconsult.tv/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: QIPBHO Class - {95289393-33EA-4F8D-B952-483415B9C955} - C:\Users\randula\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll (file missing)
O2 - BHO: pdfMachine - {56CF4856-ECB4-4e46-A897-A378821F97B9} - C:\Windows\system32\bgstb.dll
O2 - BHO: QIPBHO - {95289393-33EA-4F8D-B952-483415B9C955} - C:\Users\randula\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Credential Manager for HP ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll
O3 - Toolbar: Web Accessibility Toolbar - {11352A67-0178-46B1-8855-D50B2F81C054} - C:\PROGRA~1\ACCESS~1\ACCESS~1.DLL
O3 - Toolbar: pdfMachine - {56CF4856-ECB4-4e46-A897-A378821F97B9} - C:\Windows\system32\bgstb.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [PTHOSTTR] C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\HEWLET~1\IAM\Bin\ASTSVCC.dll,RegisterModule
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - HKLM\..\Run: [openvpn-gui] C:\Program Files\OpenVPN\bin\openvpn-gui.exe
O4 - HKLM\..\Run: [IFXSPMGT] C:\Windows\system32\ifxspmgt.exe /NotifyLogon
O4 - HKLM\..\Run: [PDF Complete] "C:\Program Files\PDF Complete\pdfsty.exe"
O4 - HKLM\..\Run: [bgsmsnd.exe] C:\Windows\system32\bgsmsnd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /installquiet
O4 - HKLM\..\RunOnce: [ST Recovery Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Google Update] "C:\Users\randula\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll (file missing)
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll (file missing)
O15 - Trusted Zone: http://www.softconsult.tv
O16 - DPF: {5FB60DF1-234D-4067-8A61-536E540DA81E} (royalstone Control) - http://www.webplaner-innoplus.de/royals ... lstone.cab
O16 - DPF: {672EE252-D813-4F5E-81BB-5DD163DD4FA5} (Active602XMLFiller Control) - https://www.mojedatovaschranka.cz/stati ... ?3,16,13,0
O16 - DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} (DLC Class) - https://transfers.ds.microsoft.com/FTM/ ... erCtrl.cab
O16 - DPF: {B1953AD6-C50E-11D3-B020-00A0C9251384} (O2C-Player (ELECO Software GmbH)) - http://www.o2c.de/download/o2cplayer.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://googleonline.webex.com/client/T ... atgpc1.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5F80D403-E85B-4897-B8D7-4D1DD9827591}: NameServer = 217.11.224.1,217.11.224.2
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: DeviceNP - DeviceNP.dll (file missing)
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: 602Updater (602XML Updater) - Software602 a.s. - C:\Program Files\Common Files\soft602\602updsvc\602updsvc.exe
O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Andrea Electronics Corporation - C:\Windows\system32\AEADISRV.EXE
O23 - Service: Intel(R) Active Management Technology System Status Service (atchksrv) - Intel Corporation - C:\Program Files\Intel\AMT\atchksrv.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: HP ProtectTools Device Locking / Auditing (FLCDLOCK) - Hewlett-Packard Ltd - C:\Windows\system32\flcdlock.exe
O23 - Service: FNU - Unknown owner - C:\Users\randula\AppData\Local\Temp\FNU.exe (file missing)
O23 - Service: Google Update Service (gupdate1c9c974a3a17236) (gupdate1c9c974a3a17236) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: Drive Encryption Service (HpFkCryptService) - SafeBoot International - C:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: HP Service (hpsrv) - Hewlett-Packard Corporation - C:\Windows\system32\Hpservice.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Security Platform Management Service (IFXSpMgtSrv) - Infineon Technologies AG - C:\Windows\system32\ifxspmgt.exe
O23 - Service: Trusted Platform Core Service (IFXTCS) - Infineon Technologies AG - C:\Windows\system32\ifxtcs.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Intel(R) Active Management Technology Local Management Service (LMS) - Intel Corporation - C:\Program Files\Intel\AMT\LMS.exe
O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: OpenVPN Service (OpenVPNService) - Unknown owner - C:\Program Files\OpenVPN\bin\openvpnserv.exe
O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files\PDF Complete\pdfsvc.exe
O23 - Service: Personal Secure Drive service (PersonalSecureDriveService) - Infineon Technologies AG - C:\Windows\system32\IfxPsdSv.exe
O23 - Service: QVKRD - Unknown owner - C:\Users\randula\AppData\Local\Temp\QVKRD.exe (file missing)
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: TLSW - Unknown owner - C:\Users\randula\AppData\Local\Temp\TLSW.exe (file missing)
O23 - Service: Intel(R) Active Management Technology User Notification Service (UNS) - Intel Corporation - C:\Program Files\Intel\AMT\UNS.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 11063 bytes

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-972185092-1158475264-1021527904-1003Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-972185092-1158475264-1021527904-1003UA.job
C:\Windows\tasks\User_Feed_Synchronization-{D5D93112-F6F4-4B41-82DF-0823431BBFAF}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2008-05-04 308856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{56CF4856-ECB4-4e46-A897-A378821F97B9}]
pdfMachine - C:\Windows\system32\bgstb.dll [2007-11-19 270728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95289393-33EA-4F8D-B952-483415B9C955}]
QIPBHO Class - C:\Users\randula\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll [2008-12-30 131072]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-08-26 256112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll [2010-09-17 842296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll [2009-08-26 458736]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-11 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DF21F1DB-80C6-11D3-9483-B03D0EC10000}]
Credential Manager for HP ProtectTools - C:\Program Files\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll [2006-11-21 71192]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{11352A67-0178-46B1-8855-D50B2F81C054} - Web Accessibility Toolbar - C:\PROGRA~1\ACCESS~1\ACCESS~1.DLL [2007-10-26 429056]
{56CF4856-ECB4-4e46-A897-A378821F97B9} - pdfMachine - C:\Windows\system32\bgstb.dll [2007-11-19 270728]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-08-26 256112]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"PTHOSTTR"=C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE [2007-01-09 145184]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2008-03-28 1045800]
"HP Health Check Scheduler"=C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2007-03-12 50696]
"CognizanceTS"=C:\PROGRA~1\HEWLET~1\IAM\Bin\ASTSVCC.dll [2003-12-22 17920]
"HP Software Update"=c:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [2005-02-16 49152]
"WatchDog"=C:\Program Files\InterVideo\DVD Check\DVDCheck.exe [2007-05-23 192512]
"openvpn-gui"=C:\Program Files\OpenVPN\bin\openvpn-gui.exe [2005-08-18 99328]
"IFXSPMGT"=C:\Windows\system32\ifxspmgt.exe [2007-02-15 677408]
"PDF Complete"=C:\Program Files\PDF Complete\pdfsty.exe [2008-01-16 330264]
"bgsmsnd.exe"=C:\Windows\system32\bgsmsnd.exe [2007-11-19 160136]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-10-11 149280]
"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2007-02-21 1183744]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-09-20 932288]
"MSC"=c:\Program Files\Microsoft Security Client\msseces.exe [2010-11-30 997408]
"nwiz"=C:\Program Files\NVIDIA Corporation\nView\nwiz.exe [2010-11-04 1753192]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"ST Recovery Launcher"=C:\Windows\SMINST\launcher.exe [2007-03-09 44168]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-04-11 1233920]
"Google Update"=C:\Users\randula\AppData\Local\Google\Update\GoogleUpdate.exe [2008-09-05 133104]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-01-14 39408]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-19 202240]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
DVD Check.lnk - C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\DeviceNP]
C:\Windows\system32\DeviceNP.dll [2007-04-30 49152]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
wlnotify.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"= []

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\klmdb.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\klmdb.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableLUA"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=0
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.scr - open - C:\Windows\system32\notepad.exe "%1"
.scr - install -
.scr - config -

======List of files/folders created in the last 1 months======

2011-02-12 20:01:33 ----D---- C:\rsit
2011-02-12 07:16:44 ----A---- C:\Windows\system32\shsvcs.dll
2011-02-12 02:01:15 ----A---- C:\Windows\system32\srvsvc.dll
2011-02-12 02:01:14 ----A---- C:\Windows\system32\drivers\srvnet.sys
2011-02-12 02:01:14 ----A---- C:\Windows\system32\drivers\srv2.sys
2011-02-12 02:01:14 ----A---- C:\Windows\system32\drivers\srv.sys
2011-02-12 02:01:13 ----A---- C:\Windows\system32\netevent.dll
2011-02-12 01:56:48 ----A---- C:\Windows\system32\wmploc.DLL
2011-02-12 01:56:48 ----A---- C:\Windows\system32\wmp.dll
2011-02-12 01:49:51 ----D---- C:\Program Files\Windows Portable Devices
2011-02-12 01:47:50 ----A---- C:\Windows\system32\usp10.dll
2011-02-12 01:47:24 ----A---- C:\Windows\system32\schannel.dll
2011-02-12 01:47:05 ----A---- C:\Windows\system32\odbc32.dll
2011-02-12 01:46:54 ----A---- C:\Windows\system32\win32k.sys
2011-02-12 01:45:32 ----A---- C:\Windows\system32\stobject.dll
2011-02-12 01:45:31 ----A---- C:\Windows\system32\XpsPrint.dll
2011-02-12 01:45:31 ----A---- C:\Windows\system32\shdocvw.dll
2011-02-12 01:45:31 ----A---- C:\Windows\system32\printfilterpipelinesvc.exe
2011-02-12 01:45:30 ----A---- C:\Windows\system32\printfilterpipelineprxy.dll
2011-02-12 01:45:30 ----A---- C:\Windows\system32\mfreadwrite.dll
2011-02-12 01:45:30 ----A---- C:\Windows\system32\mfplat.dll
2011-02-12 01:45:30 ----A---- C:\Windows\system32\mfmp4src.dll
2011-02-12 01:45:30 ----A---- C:\Windows\system32\MFHEAACdec.dll
2011-02-12 01:45:29 ----A---- C:\Windows\system32\mfps.dll
2011-02-12 01:45:29 ----A---- C:\Windows\system32\MFH264Dec.dll
2011-02-12 01:45:28 ----A---- C:\Windows\system32\mf.dll
2011-02-12 01:45:28 ----A---- C:\Windows\system32\drivers\dxgkrnl.sys
2011-02-12 01:45:28 ----A---- C:\Windows\system32\cdd.dll
2011-02-12 01:45:27 ----A---- C:\Windows\system32\dxgi.dll
2011-02-12 01:45:27 ----A---- C:\Windows\system32\d3d10warp.dll
2011-02-12 01:45:27 ----A---- C:\Windows\system32\d3d10core.dll
2011-02-12 01:45:27 ----A---- C:\Windows\system32\d3d10.dll
2011-02-12 01:45:26 ----A---- C:\Windows\system32\DWrite.dll
2011-02-12 01:45:26 ----A---- C:\Windows\system32\d3d10level9.dll
2011-02-12 01:45:26 ----A---- C:\Windows\system32\d3d10_1core.dll
2011-02-12 01:45:26 ----A---- C:\Windows\system32\d3d10_1.dll
2011-02-12 01:45:24 ----A---- C:\Windows\system32\FntCache.dll
2011-02-12 01:45:24 ----A---- C:\Windows\system32\d2d1.dll
2011-02-12 01:45:21 ----A---- C:\Windows\system32\OpcServices.dll
2011-02-12 01:45:20 ----A---- C:\Windows\system32\xpsservices.dll
2011-02-12 01:45:20 ----A---- C:\Windows\system32\XpsRasterService.dll
2011-02-12 01:45:20 ----A---- C:\Windows\system32\XpsGdiConverter.dll
2011-02-12 01:45:03 ----A---- C:\Windows\system32\ole32.dll
2011-02-12 01:44:31 ----A---- C:\Windows\system32\spoolsv.exe
2011-02-12 01:44:18 ----A---- C:\Windows\system32\t2embed.dll
2011-02-12 01:44:10 ----A---- C:\Windows\system32\sdclt.exe
2011-02-12 01:43:44 ----A---- C:\Windows\system32\GameUXLegacyGDFs.dll
2011-02-12 01:43:43 ----A---- C:\Windows\system32\gameux.dll
2011-02-12 01:43:36 ----A---- C:\Windows\system32\Apphlpdm.dll
2011-02-12 01:43:29 ----A---- C:\Windows\system32\MP4SDECD.DLL
2011-02-12 01:43:22 ----A---- C:\Windows\system32\mfc40.dll
2011-02-12 01:43:21 ----A---- C:\Windows\system32\mfc40u.dll
2011-02-12 01:42:55 ----A---- C:\Windows\system32\ieui.dll
2011-02-12 01:42:54 ----A---- C:\Windows\system32\ieframe.dll
2011-02-12 01:42:53 ----A---- C:\Windows\system32\iesysprep.dll
2011-02-12 01:42:53 ----A---- C:\Windows\system32\iesetup.dll
2011-02-12 01:42:53 ----A---- C:\Windows\system32\iertutil.dll
2011-02-12 01:42:53 ----A---- C:\Windows\system32\iernonce.dll
2011-02-12 01:42:53 ----A---- C:\Windows\system32\ie4uinit.exe
2011-02-12 01:42:52 ----A---- C:\Windows\system32\occache.dll
2011-02-12 01:42:52 ----A---- C:\Windows\system32\ieUnatt.exe
2011-02-12 01:42:50 ----A---- C:\Windows\system32\mshtml.dll
2011-02-12 01:42:49 ----A---- C:\Windows\system32\mshtmled.dll
2011-02-12 01:42:49 ----A---- C:\Windows\system32\msfeedssync.exe
2011-02-12 01:42:49 ----A---- C:\Windows\system32\msfeedsbs.dll
2011-02-12 01:42:49 ----A---- C:\Windows\system32\msfeeds.dll
2011-02-12 01:42:48 ----A---- C:\Windows\system32\licmgr10.dll
2011-02-12 01:42:48 ----A---- C:\Windows\system32\iepeers.dll
2011-02-12 01:42:48 ----A---- C:\Windows\system32\iedkcs32.dll
2011-02-12 01:42:47 ----A---- C:\Windows\system32\wininet.dll
2011-02-12 01:42:47 ----A---- C:\Windows\system32\jsproxy.dll
2011-02-12 01:42:46 ----A---- C:\Windows\system32\urlmon.dll
2011-02-12 01:42:46 ----A---- C:\Windows\system32\mstime.dll
2011-02-12 01:42:39 ----A---- C:\Windows\system32\wmpmde.dll
2011-02-12 01:42:21 ----A---- C:\Windows\system32\shlwapi.dll
2011-02-12 01:42:19 ----A---- C:\Windows\system32\shell32.dll
2011-02-12 01:42:01 ----A---- C:\Windows\system32\wmicmiplugin.dll
2011-02-12 01:42:01 ----A---- C:\Windows\system32\taskeng.exe
2011-02-12 01:42:01 ----A---- C:\Windows\system32\schedsvc.dll
2011-02-12 01:42:00 ----A---- C:\Windows\system32\taskschd.dll
2011-02-12 01:42:00 ----A---- C:\Windows\system32\taskcomp.dll
2011-02-12 01:41:50 ----A---- C:\Windows\system32\consent.exe
2011-02-12 01:41:10 ----A---- C:\Windows\system32\tzres.dll
2011-02-12 01:40:25 ----A---- C:\Windows\system32\fontsub.dll
2011-02-12 01:40:25 ----A---- C:\Windows\system32\atmlib.dll
2011-02-12 01:40:25 ----A---- C:\Windows\system32\atmfd.dll
2011-02-12 01:40:14 ----A---- C:\Windows\system32\inetcomm.dll
2011-02-12 01:40:02 ----A---- C:\Windows\system32\comctl32.dll
2011-02-12 01:39:55 ----A---- C:\Windows\system32\msshsq.dll
2011-02-12 01:31:11 ----A---- C:\Windows\system32\UIAnimation.dll
2011-02-12 01:31:10 ----A---- C:\Windows\system32\UIRibbonRes.dll
2011-02-12 01:31:10 ----A---- C:\Windows\system32\UIRibbon.dll
2011-02-12 01:30:35 ----A---- C:\Windows\system32\WMPhoto.dll
2011-02-12 01:30:32 ----A---- C:\Windows\system32\WindowsCodecsExt.dll
2011-02-12 01:30:32 ----A---- C:\Windows\system32\WindowsCodecs.dll
2011-02-12 01:30:32 ----A---- C:\Windows\system32\PhotoMetadataHandler.dll
2011-02-12 01:30:32 ----A---- C:\Windows\system32\dxdiagn.dll
2011-02-12 01:30:32 ----A---- C:\Windows\system32\dxdiag.exe
2011-02-12 01:30:31 ----A---- C:\Windows\system32\d3d11.dll
2011-02-12 01:30:04 ----A---- C:\Windows\system32\WPDShextAutoplay.exe
2011-02-12 01:30:04 ----A---- C:\Windows\system32\BthMtpContextHandler.dll
2011-02-12 01:30:03 ----A---- C:\Windows\system32\wpdbusenum.dll
2011-02-12 01:29:57 ----A---- C:\Windows\system32\PortableDeviceConnectApi.dll
2011-02-12 01:29:51 ----A---- C:\Windows\system32\WPDShServiceObj.dll
2011-02-12 01:29:51 ----A---- C:\Windows\system32\wpdshext.dll
2011-02-12 01:29:51 ----A---- C:\Windows\system32\wpd_ci.dll
2011-02-12 01:29:51 ----A---- C:\Windows\system32\PortableDeviceTypes.dll
2011-02-12 01:29:51 ----A---- C:\Windows\system32\PortableDeviceApi.dll
2011-02-12 01:29:50 ----A---- C:\Windows\system32\WPDSp.dll
2011-02-12 01:29:50 ----A---- C:\Windows\system32\PortableDeviceWMDRM.dll
2011-02-12 01:29:50 ----A---- C:\Windows\system32\PortableDeviceClassExtension.dll
2011-02-12 01:28:39 ----A---- C:\Windows\system32\oleaccrc.dll
2011-02-12 01:28:38 ----A---- C:\Windows\system32\oleacc.dll
2011-02-12 01:28:37 ----A---- C:\Windows\system32\UIAutomationCore.dll
2011-02-12 01:19:48 ----D---- C:\ProgramData\NVIDIA Corporation
2011-02-12 01:19:33 ----D---- C:\Program Files\NVIDIA Corporation
2011-02-11 23:22:19 ----SD---- C:\ComboFix
2011-02-11 22:59:57 ----A---- C:\Windows\system32\ntkrnlpa.exe
2011-02-11 22:59:57 ----A---- C:\Windows\system32\ntdll.dll
2011-02-11 22:59:56 ----A---- C:\Windows\system32\ntoskrnl.exe
2011-02-11 21:57:12 ----D---- C:\Program Files\Microsoft Security Client
2011-02-11 21:31:38 ----A---- C:\TDSSKiller.2.4.17.0_11.02.2011_21.31.38_log.txt
2011-02-11 21:25:03 ----A---- C:\TDSSKiller.2.4.17.0_11.02.2011_21.25.03_log.txt
2011-02-10 23:57:14 ----A---- C:\Windows\system32\drivers\gojevqmw.sys
2011-02-10 15:47:48 ----D---- C:\Program Files\trend micro
2011-02-10 14:54:02 ----SHD---- C:\$RECYCLE.BIN
2011-02-10 14:22:26 ----A---- C:\Windows\SWXCACLS.exe
2011-02-10 11:31:37 ----A---- C:\Windows\PEV.exe
2011-02-10 11:31:37 ----A---- C:\Windows\NIRCMD.exe
2011-02-10 11:31:37 ----A---- C:\Windows\MBR.exe
2011-02-10 11:31:36 ----A---- C:\Windows\zip.exe
2011-02-10 11:31:36 ----A---- C:\Windows\SWSC.exe
2011-02-10 11:31:36 ----A---- C:\Windows\SWREG.exe
2011-02-10 11:31:36 ----A---- C:\Windows\sed.exe
2011-02-10 11:31:36 ----A---- C:\Windows\grep.exe
2011-02-10 11:30:12 ----D---- C:\Windows\ERDNT
2011-02-10 11:27:21 ----AD---- C:\Qoobox
2011-02-10 11:24:55 ----A---- C:\Windows\system32\drivers\cbksqquy.sys
2011-02-10 11:22:54 ----D---- C:\Windows\system32\MpEngineStore
2011-02-09 17:45:14 ----A---- C:\Windows\system32\drivers\cfoycasb.sys
2011-02-09 17:38:04 ----A---- C:\Windows\system32\drivers\mrrncgqf.sys
2011-02-09 17:12:49 ----A---- C:\Windows\system32\drivers\cfhksyco.sys
2011-02-09 16:48:05 ----A---- C:\Windows\system32\drivers\netio.sys
2011-02-07 16:59:55 ----A---- C:\Windows\system32\XAudio2_7.dll
2011-02-07 16:59:55 ----A---- C:\Windows\system32\XAudio2_6.dll
2011-02-07 16:59:55 ----A---- C:\Windows\system32\XAPOFX1_5.dll
2011-02-07 16:59:55 ----A---- C:\Windows\system32\XAPOFX1_4.dll
2011-02-07 16:59:55 ----A---- C:\Windows\system32\xactengine3_7.dll
2011-02-07 16:59:55 ----A---- C:\Windows\system32\d3dx11_43.dll
2011-02-07 16:59:55 ----A---- C:\Windows\system32\d3dx10_43.dll
2011-02-07 16:59:55 ----A---- C:\Windows\system32\d3dcsx_43.dll
2011-02-07 16:59:55 ----A---- C:\Windows\system32\D3DCompiler_43.dll
2011-02-07 16:59:54 ----A---- C:\Windows\system32\XAudio2_5.dll
2011-02-07 16:59:54 ----A---- C:\Windows\system32\xactengine3_6.dll
2011-02-07 16:59:54 ----A---- C:\Windows\system32\X3DAudio1_7.dll
2011-02-07 16:59:53 ----A---- C:\Windows\system32\xactengine3_5.dll
2011-02-07 16:59:52 ----A---- C:\Windows\system32\D3DX9_42.dll
2011-02-07 16:59:52 ----A---- C:\Windows\system32\d3dx11_42.dll
2011-02-07 16:59:52 ----A---- C:\Windows\system32\d3dx10_42.dll
2011-02-07 16:59:52 ----A---- C:\Windows\system32\d3dcsx_42.dll
2011-02-07 16:59:52 ----A---- C:\Windows\system32\D3DCompiler_42.dll
2011-02-07 16:59:51 ----A---- C:\Windows\system32\XAudio2_4.dll
2011-02-07 16:59:51 ----A---- C:\Windows\system32\XAPOFX1_3.dll
2011-02-07 16:59:51 ----A---- C:\Windows\system32\xactengine3_4.dll
2011-02-07 16:59:51 ----A---- C:\Windows\system32\X3DAudio1_6.dll
2011-02-07 16:59:51 ----A---- C:\Windows\system32\D3DX9_41.dll
2011-02-07 16:59:51 ----A---- C:\Windows\system32\D3DX9_40.dll
2011-02-07 16:59:51 ----A---- C:\Windows\system32\d3dx10_41.dll
2011-02-07 16:59:51 ----A---- C:\Windows\system32\d3dx10_40.dll
2011-02-07 16:59:51 ----A---- C:\Windows\system32\D3DCompiler_41.dll
2011-02-07 16:59:51 ----A---- C:\Windows\system32\D3DCompiler_40.dll
2011-02-07 16:59:50 ----A---- C:\Windows\system32\XAudio2_3.dll
2011-02-07 16:59:50 ----A---- C:\Windows\system32\XAudio2_2.dll
2011-02-07 16:59:50 ----A---- C:\Windows\system32\XAPOFX1_2.dll
2011-02-07 16:59:50 ----A---- C:\Windows\system32\XAPOFX1_1.dll
2011-02-07 16:59:50 ----A---- C:\Windows\system32\xactengine3_3.dll
2011-02-07 16:59:50 ----A---- C:\Windows\system32\xactengine3_2.dll
2011-02-07 16:59:50 ----A---- C:\Windows\system32\X3DAudio1_5.dll
2011-02-07 16:59:50 ----A---- C:\Windows\system32\d3dx10_39.dll
2011-02-07 16:59:50 ----A---- C:\Windows\system32\D3DCompiler_39.dll
2011-02-07 16:59:49 ----A---- C:\Windows\system32\XAudio2_1.dll
2011-02-07 16:59:49 ----A---- C:\Windows\system32\XAudio2_0.dll
2011-02-07 16:59:49 ----A---- C:\Windows\system32\XAPOFX1_0.dll
2011-02-07 16:59:49 ----A---- C:\Windows\system32\xactengine3_1.dll
2011-02-07 16:59:49 ----A---- C:\Windows\system32\X3DAudio1_4.dll
2011-02-07 16:59:49 ----A---- C:\Windows\system32\D3DX9_39.dll
2011-02-07 16:59:49 ----A---- C:\Windows\system32\D3DX9_38.dll
2011-02-07 16:59:49 ----A---- C:\Windows\system32\d3dx10_38.dll
2011-02-07 16:59:49 ----A---- C:\Windows\system32\D3DCompiler_38.dll
2011-02-07 16:59:48 ----A---- C:\Windows\system32\xactengine3_0.dll
2011-02-07 16:59:48 ----A---- C:\Windows\system32\xactengine2_10.dll
2011-02-07 16:59:48 ----A---- C:\Windows\system32\X3DAudio1_3.dll
2011-02-07 16:59:48 ----A---- C:\Windows\system32\D3DX9_37.dll
2011-02-07 16:59:48 ----A---- C:\Windows\system32\d3dx10_37.dll
2011-02-07 16:59:48 ----A---- C:\Windows\system32\d3dx10_36.dll
2011-02-07 16:59:48 ----A---- C:\Windows\system32\D3DCompiler_37.dll
2011-02-07 16:59:48 ----A---- C:\Windows\system32\D3DCompiler_36.dll
2011-02-07 16:59:47 ----A---- C:\Windows\system32\xactengine2_9.dll
2011-02-07 16:59:47 ----A---- C:\Windows\system32\xactengine2_8.dll
2011-02-07 16:59:47 ----A---- C:\Windows\system32\X3DAudio1_2.dll
2011-02-07 16:59:47 ----A---- C:\Windows\system32\d3dx9_36.dll
2011-02-07 16:59:47 ----A---- C:\Windows\system32\d3dx10_35.dll
2011-02-07 16:59:47 ----A---- C:\Windows\system32\D3DCompiler_35.dll
2011-02-07 16:59:46 ----A---- C:\Windows\system32\xinput1_3.dll
2011-02-07 16:59:46 ----A---- C:\Windows\system32\xactengine2_7.dll
2011-02-07 16:59:46 ----A---- C:\Windows\system32\xactengine2_6.dll
2011-02-07 16:59:46 ----A---- C:\Windows\system32\d3dx9_34.dll
2011-02-07 16:59:46 ----A---- C:\Windows\system32\d3dx9_33.dll
2011-02-07 16:59:46 ----A---- C:\Windows\system32\d3dx10_34.dll
2011-02-07 16:59:46 ----A---- C:\Windows\system32\d3dx10_33.dll
2011-02-07 16:59:46 ----A---- C:\Windows\system32\D3DCompiler_34.dll
2011-02-07 16:59:46 ----A---- C:\Windows\system32\D3DCompiler_33.dll
2011-02-07 16:59:45 ----A---- C:\Windows\system32\xinput1_2.dll
2011-02-07 16:59:45 ----A---- C:\Windows\system32\xactengine2_5.dll
2011-02-07 16:59:45 ----A---- C:\Windows\system32\xactengine2_4.dll
2011-02-07 16:59:45 ----A---- C:\Windows\system32\xactengine2_3.dll
2011-02-07 16:59:45 ----A---- C:\Windows\system32\x3daudio1_1.dll
2011-02-07 16:59:45 ----A---- C:\Windows\system32\d3dx9_32.dll
2011-02-07 16:59:45 ----A---- C:\Windows\system32\d3dx9_31.dll
2011-02-07 16:59:45 ----A---- C:\Windows\system32\d3dx10.dll
2011-02-07 16:59:44 ----A---- C:\Windows\system32\xinput1_1.dll
2011-02-07 16:59:44 ----A---- C:\Windows\system32\xactengine2_2.dll
2011-02-07 16:59:44 ----A---- C:\Windows\system32\xactengine2_1.dll
2011-02-07 16:59:44 ----A---- C:\Windows\system32\xactengine2_0.dll
2011-02-07 16:59:44 ----A---- C:\Windows\system32\x3daudio1_0.dll
2011-02-07 16:59:44 ----A---- C:\Windows\system32\d3dx9_29.dll
2011-02-07 16:59:44 ----A---- C:\Windows\system32\d3dx9_28.dll
2011-02-07 16:59:44 ----A---- C:\Windows\system32\d3dx9_27.dll
2011-02-07 16:59:44 ----A---- C:\Windows\system32\d3dx9_26.dll
2011-02-07 16:59:43 ----A---- C:\Windows\system32\d3dx9_25.dll
2011-02-07 16:59:43 ----A---- C:\Windows\system32\d3dx9_24.dll
2011-02-07 16:57:56 ----HD---- C:\Windows\msdownld.tmp
2011-02-07 16:57:45 ----D---- C:\Windows\system32\directx
2011-01-28 11:20:09 ----D---- C:\Users\randula\AppData\Roaming\Softtech
2011-01-28 11:16:30 ----D---- C:\ProgramData\Softtech
2011-01-26 14:49:30 ----D---- C:\Users\randula\AppData\Roaming\TeamViewer
2011-01-20 13:48:08 ----D---- C:\Program Files\Mozilla Firefox 4.0 Beta 9

======List of files/folders modified in the last 1 months======

2011-02-12 20:03:21 ----D---- C:\Windows\Temp
2011-02-12 20:01:54 ----D---- C:\Windows\Prefetch
2011-02-12 19:56:37 ----D---- C:\Program Files\SeaMonkey
2011-02-12 19:05:03 ----D---- C:\Windows\rescache
2011-02-12 18:54:32 ----D---- C:\Windows\System32
2011-02-12 18:54:32 ----D---- C:\Windows\inf
2011-02-12 18:54:32 ----A---- C:\Windows\system32\PerfStringBackup.INI
2011-02-12 18:48:44 ----D---- C:\Windows\system32\Tasks
2011-02-12 18:48:32 ----D---- C:\Windows\SMINST
2011-02-12 18:48:09 ----A---- C:\Windows\system32\log.txt
2011-02-12 18:48:08 ----D---- C:\Program Files\Common Files\Akamai
2011-02-12 16:17:37 ----D---- C:\Windows\winsxs
2011-02-12 16:17:36 ----D---- C:\Windows\system32\cs-CZ
2011-02-12 16:16:48 ----SHD---- C:\System Volume Information
2011-02-12 08:47:06 ----D---- C:\Windows\system32\config
2011-02-12 08:46:29 ----SD---- C:\Windows\Downloaded Program Files
2011-02-12 08:46:29 ----D---- C:\Program Files\Common Files\Services
2011-02-12 08:46:22 ----D---- C:\Windows\Tasks
2011-02-12 08:46:22 ----D---- C:\Windows\system32\spool
2011-02-12 08:46:22 ----D---- C:\Windows\system32\Msdtc
2011-02-12 08:46:22 ----D---- C:\Windows\system32\drivers\etc
2011-02-12 08:46:21 ----D---- C:\ProgramData\Spybot - Search & Destroy
2011-02-12 07:59:13 ----D---- C:\Windows\Microsoft.NET
2011-02-12 07:59:12 ----RSD---- C:\Windows\assembly
2011-02-12 07:45:54 ----SHD---- C:\Windows\Installer
2011-02-12 07:41:50 ----D---- C:\Windows\system32\en-US
2011-02-12 07:41:46 ----D---- C:\Program Files\Microsoft.NET
2011-02-12 07:14:08 ----D---- C:\Windows\system32\catroot
2011-02-12 07:14:06 ----D---- C:\Windows\system32\catroot2
2011-02-12 07:10:35 ----D---- C:\Program Files\Windows Mail
2011-02-12 07:04:01 ----D---- C:\Program Files\Microsoft Silverlight
2011-02-12 07:01:58 ----D---- C:\Program Files\Windows Media Player
2011-02-12 07:01:57 ----D---- C:\Windows\system32\drivers
2011-02-12 07:01:54 ----D---- C:\Program Files\Internet Explorer
2011-02-12 07:01:53 ----D---- C:\Windows\system32\migration
2011-02-12 07:01:53 ----D---- C:\Windows\AppPatch
2011-02-12 02:15:38 ----D---- C:\Program Files\Microsoft SQL Server
2011-02-12 02:10:04 ----D---- C:\Windows\registration
2011-02-12 01:52:49 ----D---- C:\ProgramData\NVIDIA
2011-02-12 01:50:10 ----D---- C:\WINDOWS
2011-02-12 01:49:52 ----D---- C:\Windows\system32\drivers\cs-CZ
2011-02-12 01:49:51 ----D---- C:\Windows\system32\wbem
2011-02-12 01:49:51 ----D---- C:\Program Files
2011-02-12 01:49:50 ----D---- C:\Windows\system32\pt-PT
2011-02-12 01:49:50 ----D---- C:\Windows\system32\pt-BR
2011-02-12 01:49:50 ----D---- C:\Windows\system32\pl-PL
2011-02-12 01:49:50 ----D---- C:\Windows\system32\it-IT
2011-02-12 01:49:50 ----D---- C:\Windows\system32\he-IL
2011-02-12 01:49:50 ----D---- C:\Windows\system32\bg-BG
2011-02-12 01:49:49 ----D---- C:\Windows\system32\zh-TW
2011-02-12 01:49:49 ----D---- C:\Windows\system32\zh-HK
2011-02-12 01:49:49 ----D---- C:\Windows\system32\zh-CN
2011-02-12 01:49:49 ----D---- C:\Windows\system32\uk-UA
2011-02-12 01:49:49 ----D---- C:\Windows\system32\tr-TR
2011-02-12 01:49:49 ----D---- C:\Windows\system32\th-TH
2011-02-12 01:49:49 ----D---- C:\Windows\system32\sv-SE
2011-02-12 01:49:49 ----D---- C:\Windows\system32\sr-Latn-CS
2011-02-12 01:49:49 ----D---- C:\Windows\system32\sl-SI
2011-02-12 01:49:49 ----D---- C:\Windows\system32\sk-SK
2011-02-12 01:49:49 ----D---- C:\Windows\system32\ru-RU
2011-02-12 01:49:49 ----D---- C:\Windows\system32\ro-RO
2011-02-12 01:49:49 ----D---- C:\Windows\system32\nl-NL
2011-02-12 01:49:49 ----D---- C:\Windows\system32\nb-NO
2011-02-12 01:49:49 ----D---- C:\Windows\system32\lv-LV
2011-02-12 01:49:49 ----D---- C:\Windows\system32\lt-LT
2011-02-12 01:49:49 ----D---- C:\Windows\system32\ko-KR
2011-02-12 01:49:49 ----D---- C:\Windows\system32\ja-JP
2011-02-12 01:49:49 ----D---- C:\Windows\system32\hu-HU
2011-02-12 01:49:49 ----D---- C:\Windows\system32\hr-HR
2011-02-12 01:49:49 ----D---- C:\Windows\system32\fr-FR
2011-02-12 01:49:49 ----D---- C:\Windows\system32\fi-FI
2011-02-12 01:49:49 ----D---- C:\Windows\system32\et-EE
2011-02-12 01:49:49 ----D---- C:\Windows\system32\es-ES
2011-02-12 01:49:49 ----D---- C:\Windows\system32\el-GR
2011-02-12 01:49:49 ----D---- C:\Windows\system32\de-DE
2011-02-12 01:49:49 ----D---- C:\Windows\system32\da-DK
2011-02-12 01:49:49 ----D---- C:\Windows\system32\ar-SA
2011-02-12 01:49:02 ----D---- C:\Windows\system32\drivers\UMDF
2011-02-12 01:20:47 ----D---- C:\Windows\Help
2011-02-12 01:19:48 ----D---- C:\ProgramData
2011-02-11 23:32:10 ----D---- C:\Program Files\Common Files
2011-02-11 15:21:42 ----D---- C:\Users\randula\AppData\Roaming\pdfMachine
2011-02-11 14:55:06 ----D---- C:\Users\randula\AppData\Roaming\FileZilla
2011-02-11 13:46:13 ----D---- C:\ProgramData\aec-creative
2011-02-10 16:10:41 ----D---- C:\Program Files\BioAdmin
2011-02-10 15:41:03 ----D---- C:\Windows\Debug
2011-02-10 15:29:12 ----D---- C:\Windows\Minidump
2011-02-10 14:50:15 ----A---- C:\Windows\system.ini
2011-02-09 21:25:34 ----HD---- C:\Windows\system32\GroupPolicy
2011-02-09 16:48:30 ----SD---- C:\ProgramData\Microsoft
2011-02-09 16:47:01 ----SD---- C:\Users\randula\AppData\Roaming\Microsoft
2011-02-09 16:32:23 ----D---- C:\Users\randula\AppData\Roaming\Skype
2011-02-09 16:02:17 ----D---- C:\Users\randula\AppData\Roaming\skypePM
2011-02-09 08:40:35 ----D---- C:\Program Files\QIP Infium
2011-02-07 16:59:44 ----D---- C:\Windows\Logs
2011-02-07 16:57:46 ----D---- C:\temp
2011-02-04 17:34:02 ----A---- C:\Windows\system32\mrt.exe
2011-02-02 17:11:20 ----N---- C:\Windows\system32\MpSigStub.exe
2011-02-02 14:35:13 ----D---- C:\ProgramData\Roxio
2011-01-26 11:21:47 ----RD---- C:\Users
2011-01-24 20:55:51 ----D---- C:\Program Files\FAMADA

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 hpdskflt;HP Filter; C:\Windows\system32\DRIVERS\hpdskflt.sys [2008-08-07 25392]
R0 iaStor;Intel AHCI Controller; C:\Windows\system32\DRIVERS\iaStor.sys [2007-03-21 304920]
R0 PxHelp20;PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [2006-07-24 36528]
R0 SafeBoot;SafeBoot; C:\Windows\system32\drivers\SafeBoot.sys [2007-04-26 100095]
R0 SbAlg;SbAlg; C:\Windows\system32\drivers\SbAlg.sys [2006-10-09 44720]
R0 SbFsLock;SbFsLock; C:\Windows\system32\drivers\SbFsLock.sys [2007-03-29 13696]
R1 eabfiltr;eabfiltr; C:\Windows\system32\DRIVERS\eabfiltr.sys [2006-11-30 8192]
R1 MpFilter;Microsoft Malware Protection Driver; C:\Windows\system32\DRIVERS\MpFilter.sys [2010-10-24 165264]
R1 MpKsl2cae02e8;MpKsl2cae02e8; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{5E36BEC2-EB97-474F-8C33-997423473340}\MpKsl2cae02e8.sys [2011-02-12 28752]
R1 PersonalSecureDrive;PersonalSecureDrive; C:\Windows\System32\drivers\psd.sys [2007-01-23 39080]
R1 RsvLock;RsvLock; C:\Windows\system32\drivers\RsvLock.sys [2007-04-26 5808]
R2 Hardlock;Hardlock; C:\Windows\system32\drivers\hardlock.sys [2006-11-22 693760]
R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2007-04-16 12672]
R2 rimmptsk;rimmptsk; C:\Windows\system32\DRIVERS\rimmptsk.sys [2007-02-24 39936]
R2 rimsptsk;rimsptsk; C:\Windows\system32\DRIVERS\rimsptsk.sys [2007-01-23 42496]
R2 rismxdp;Ricoh xD-Picture Card Driver; C:\Windows\system32\DRIVERS\rixdptsk.sys [2007-01-23 37376]
R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2007-04-16 8192]
R3 Accelerometer;HP Accelerometer; C:\Windows\system32\DRIVERS\Accelerometer.sys [2008-08-07 34608]
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\ADIHdAud.sys [2008-04-24 309248]
R3 BthPan;Zařízení Bluetooth (síť PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2008-01-19 92160]
R3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2008-04-29 29184]
R3 e1express;Intel(R) PRO/1000 PCI Express Network Connection Driver; C:\Windows\system32\DRIVERS\e1e6032.sys [2008-01-19 220672]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
R3 HBtnKey;HBtnKey; C:\Windows\system32\DRIVERS\cpqbttn.sys [2006-06-28 9472]
R3 HECI;Intel(R) Management Engine Interface; C:\Windows\system32\DRIVERS\HECI.sys [2007-04-06 44800]
R3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\HSX_DPV.sys [2007-04-16 985600]
R3 HSXHWAZL;HSXHWAZL; C:\Windows\system32\DRIVERS\HSXHWAZL.sys [2007-04-16 207360]
R3 MpNWMon;Microsoft Malware Protection Network Driver; C:\Windows\system32\DRIVERS\MpNWMon.sys [2010-10-24 43392]
R3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw5v32.sys [2008-11-17 3668480]
R3 NisDrv;Microsoft Network Inspection System; C:\Windows\system32\DRIVERS\NisDrvWFP.sys [2010-10-24 54144]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2010-12-04 10370152]
R3 rismc32;RICOH Smart Card Reader; C:\Windows\system32\DRIVERS\rismc32.sys [2006-12-20 47616]
R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2009-04-11 89088]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2008-03-28 199472]
R3 tap0801;TAP-Win32 Adapter V8; C:\Windows\system32\DRIVERS\tap0801.sys [2006-10-01 26624]
R3 TPM;Čip TPM; C:\Windows\system32\drivers\tpm.sys [2008-01-19 45624]
R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2007-04-16 659968]
S3 adusbser;AnyDATA USB Device for Legacy Serial Communication; C:\Windows\system32\DRIVERS\adusbser.sys [2006-12-20 97920]
S3 akshasp;Aladdin HASP Key; C:\Windows\system32\DRIVERS\akshasp.sys [2006-11-22 327168]
S3 aksusb;Aladdin USB Key; C:\Windows\system32\DRIVERS\aksusb.sys [2006-11-17 100096]
S3 ATSWPDRV;(****DEBUG****) AuthenTec TruePrint USB Driver (SwipeSensor); C:\Windows\system32\DRIVERS\ATSwpDrv.sys [2007-04-10 140808]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2006-11-02 167936]
S3 BCM43XV;Broadcom Extensible 802.11 Network Adapter Driver; C:\Windows\system32\DRIVERS\bcmwl6.sys [2007-03-01 534016]
S3 BCM43XX;Ovladač síťového adaptéru Broadcom 802.11; C:\Windows\system32\DRIVERS\bcmwl6.sys [2007-03-01 534016]
S3 BthEnum;Služba Bluetooth Enumerator; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-04-11 22528]
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2008-04-29 220160]
S3 catchme;catchme; \??\C:\Users\randula\AppData\Local\Temp\catchme.sys []
S3 drmkaud;Dekodér zvuků DRM jádra společnosti Microsoft; C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632]
S3 HdAudAddService;Ovladač funkce Microsoft 1.1 UAA pro službu zvuku High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 HSFHWAZL;HSFHWAZL; C:\Windows\system32\DRIVERS\VSTAZL3.SYS [2006-11-02 200704]
S3 Huawei;HUAWEI Mobile Connect - USB Smart Card Reader; C:\Windows\system32\DRIVERS\ewdcsc.sys [2009-12-15 23424]
S3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\Windows\system32\DRIVERS\ewusbmdm.sys [2009-12-15 102912]
S3 hwusbdev;Huawei DataCard USB PNP Device; C:\Windows\system32\DRIVERS\ewusbdev.sys [2009-12-15 101120]
S3 MREMP50;MREMP50 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS [2008-03-29 21248]
S3 MREMP50a64;MREMP50a64 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS []
S3 MREMPR5;MREMPR5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS []
S3 MRENDIS5;MRENDIS5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS []
S3 MRESP50;MRESP50 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS [2008-03-29 20096]
S3 MRESP50a64;MRESP50a64 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS []
S3 MSKSSRV;Server proxy služby datových proudů Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192]
S3 MSPCLOCK;Server proxy hodin datových proudů Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888]
S3 MSPQM;Server proxy správce kvality datových proudů Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504]
S3 MSTEE;Konvertor jímka-jímka typu T datových proudů Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016]
S3 NETw4v32;Ovladač adaptéru Intel(R) Wireless WiFi Link pro systém Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw4v32.sys [2007-09-26 2251776]
S3 R300;R300; C:\Windows\system32\DRIVERS\atikmdag.sys [2006-11-02 2028032]
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-04-11 148992]
S3 SynasUSB;SynasUSB; C:\Windows\system32\drivers\SynasUSB.sys [2005-11-03 16896]
S3 UIUSys;Conexant Setup API; C:\Windows\system32\DRIVERS\UIUSYS.SYS []
S3 WimFltr;WimFltr; C:\Windows\system32\DRIVERS\wimfltr.sys [2006-11-02 128104]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-19 83328]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 602XML Updater;602Updater; C:\Program Files\Common Files\soft602\602updsvc\602updsvc.exe [2010-04-14 73728]
R2 AEADIFilters;Andrea ADI Filters Service; C:\Windows\system32\AEADISRV.EXE [2007-02-06 69632]
R2 Akamai;Akamai NetSession Interface; C:\Windows\System32\svchost.exe [2008-01-19 21504]
R2 ASBroker;Logon Session Broker; C:\Windows\System32\svchost.exe [2008-01-19 21504]
R2 ASChannel;Local Communication Channel; C:\Windows\System32\svchost.exe [2008-01-19 21504]
R2 atchksrv;Intel(R) Active Management Technology System Status Service; C:\Program Files\Intel\AMT\atchksrv.exe [2007-04-10 183064]
R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R2 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R2 HP Health Check Service;HP Health Check Service; C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [2007-03-14 62984]
R2 HpFkCryptService;Drive Encryption Service; C:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [2007-04-27 221184]
R2 hpqwmiex;hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [2006-05-02 135168]
R2 hpsrv;HP Service; C:\Windows\system32\Hpservice.exe [2008-08-07 24880]
R2 IFXSpMgtSrv;Security Platform Management Service; C:\Windows\system32\ifxspmgt.exe [2007-02-15 677408]
R2 IFXTCS;Trusted Platform Core Service; C:\Windows\system32\ifxtcs.exe [2007-01-23 849440]
R2 IviRegMgr;IviRegMgr; C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe [2007-01-04 112152]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2007-04-19 75304]
R2 LMS;Intel(R) Active Management Technology Local Management Service; C:\Program Files\Intel\AMT\LMS.exe [2007-04-10 121624]
R2 LPDSVC;@%systemroot%\system32\lpdsvc.dll,-500; C:\Windows\System32\svchost.exe [2008-01-19 21504]
R2 MsMpSvc;Microsoft Antimalware Service; c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe [2010-11-11 11736]
R2 MySQL;MySQL; C:\Program Files\MySQL\MySQL Server 5.1\bin\mysqld --defaults-file=C:\Program Files\MySQL\MySQL Server 5.1\my.ini MySQL []
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2010-12-04 129640]
R2 pdfcDispatcher;PDF Document Manager; C:\Program Files\PDF Complete\pdfsvc.exe [2008-01-16 542744]
R2 PersonalSecureDriveService;Personal Secure Drive service; C:\Windows\system32\IfxPsdSv.exe [2007-02-15 140832]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-19 21504]
R2 SQLBrowser;SQL Server Browser; c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2010-12-10 238944]
R2 SQLWriter;SQL Server VSS Writer; c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2010-12-10 86880]
R2 UNS;Intel(R) Active Management Technology User Notification Service; C:\Program Files\Intel\AMT\UNS.exe [2007-04-10 1489688]
R2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2007-04-16 386560]
R3 NisSrv;@c:\Program Files\Microsoft Security Client\Antimalware\MpAsDesc.dll,-243; c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 206360]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 gupdate1c9c974a3a17236;Google Update Service (gupdate1c9c974a3a17236); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-04-30 133104]
S3 AxInstSV;@%SystemRoot%\system32\AxInstSV.dll,-103; C:\Windows\system32\svchost.exe [2008-01-19 21504]
S3 Com4Qlb;Com4Qlb; C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe [2007-03-05 110592]
S3 FLCDLOCK;HP ProtectTools Device Locking / Auditing; C:\Windows\system32\flcdlock.exe [2007-04-30 172131]
S3 FNU;FNU; C:\Users\randula\AppData\Local\Temp\FNU.exe []
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-05-05 182768]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 MSSQL$SQLEXPRESS;SQL Server (SQLEXPRESS); c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2010-12-10 29293408]
S3 OpenVPNService;OpenVPN Service; C:\Program Files\OpenVPN\bin\openvpnserv.exe [2006-10-01 16384]
S3 QVKRD;QVKRD; C:\Users\randula\AppData\Local\Temp\QVKRD.exe []
S3 RoxMediaDB9;RoxMediaDB9; c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [2006-11-06 887544]
S3 stllssvr;stllssvr; c:\Program Files\Common Files\SureThing Shared\stllssvr.exe [2006-11-01 73728]
S3 TLSW;TLSW; C:\Users\randula\AppData\Local\Temp\TLSW.exe []
S3 WPFFontCache_v0400;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100; C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S4 MSSQLServerADHelper;SQL Server Active Directory Helper; c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [2010-12-10 44384]

-----------------EOF-----------------

** Tady je MBR
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.0.6002 Disk: FUJITSU_ rev.891F -> Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0

device: opened successfully
user: MBR read successfully

Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys hpdskflt.sys hal.dll acpi.sys iaStor.sys
C:\Windows\system32\DRIVERS\hpdskflt.sys Hewlett-Packard Corporation Hewlett-Packard Corporation Mobile Data Protection System
C:\Windows\system32\DRIVERS\iaStor.sys Intel Corporation Intel Matrix Storage Manager driver
1 ntkrnlpa!IofCallDriver[0x82494912] -> \Device\Harddisk0\DR0[0x8682BAC8]
3 CLASSPNP[0x885C18B3] -> ntkrnlpa!IofCallDriver[0x82494912] -> [0x86728188]
5 hpdskflt[0x885A406E] -> ntkrnlpa!IofCallDriver[0x82494912] -> [0x85678710]
7 acpi[0x806986BC] -> ntkrnlpa!IofCallDriver[0x82494912] -> \Device\Ide\IAAStorageDevice-0[0x8567B030]
kernel: MBR read successfully
user & kernel MBR OK

GMER se nedokončil (program šel do padajeva) (2 pokusy) není tedy log

#10 Příspěvek od **Caroprd111** » 12 úno 2011 21:46

Zkuste znovu spustit ComboFix s následujícím skriptem, log vložte sem.

Kód: Vybrat vše

File::
c:\windows\system32\drivers\cfoycasb.sys
c:\windows\system32\drivers\mrrncgqf.sys
c:\windows\system32\drivers\cfhksyco.sys
c:\windows\system32\drivers\cbksqquy.sys
C:\Windows\system32\drivers\gojevqmw.sys

Driver::
FNU
QVKRD
TLSW

DDS::
uDefault_Search_URL = hxxp://search.qip.ru
uSearchAssistant = hxxp://search.qip.ru/ie

Folder::
c:\windows\TEMP
c:\users\randula\AppData\Local\Temp

RegLock::
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]

scuser · #11 Příspěvek od **scuser** » 13 úno 2011 18:26

ComboFix 11-02-12.02 - randula 13.02.2011 17:13:56.3.2 - x86
Microsoft® Windows Vista™ Business 6.0.6002.2.1250.420.1029.18.2015.1024 [GMT 1:00]
Spuštěný z: C:\Users\randula\Desktop\ComboFix.exe
Použité ovládací přepínače :: C:\Users\randula\Desktop\CFscript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FILE ::
"c:\windows\system32\drivers\cbksqquy.sys"
"c:\windows\system32\drivers\cfhksyco.sys"
"c:\windows\system32\drivers\cfoycasb.sys"
"C:\Windows\system32\drivers\gojevqmw.sys"
"c:\windows\system32\drivers\mrrncgqf.sys"
.

#12 Příspěvek od **Caroprd111** » 13 úno 2011 18:55

Stáhněte OTL http://oldtimer.geekstogo.com/OTL.exe na plochu

Spusťte, poté do spodního políčka vložte následující skript.

Kód: Vybrat vše

netsvcs
drivers32
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s
c:\windows\*.* /U
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys 
symmpi.sys
adp3132.sys
mv61xx.sys
nvraid.sys 
ndis.sys
winlogon.exe
explorer.exe
userinit.exe
lsass.exe
svchost.exe
smss.exe
hal.dll
ws2_32.dll
tcpip.sys
cryptsvc.dll
Changer.sys
JakNDis.sys
isapnp.sys 
cdrom.sys 
autochk.exe
/md5stop
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav 
%systemroot%\system32\*.dll /lockedfiles
reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c
reg query "HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager" /v BootExecute /c
%systemroot%\system32\drivers\*.sys /3
%systemroot%\system32\*.* /3
CREATERESTOREPOINT

Označte položku Pro všechny uživatele.
Označte položky Kontrola na havěť "LOP" a Kontrola na havěť "Purity"
Klikněte na tlačítko Prohledat
Po dokončení, sem vložte logy OTL.Txt a Extras.txt

scuser · #13 Příspěvek od **scuser** » 13 úno 2011 22:23

Posílám ty výsledky (ale bude to po částech). Jedna informace - nejde WIN Defender aktivovat. Ve výsledcích je tam k tomu info.

scuser · #14 Příspěvek od **scuser** » 13 úno 2011 22:30

OTL Extras logfile created on: 13.2.2011 21:46:33 - Run 1
OTL by OldTimer - Version 3.2.20.6 Folder = C:\Users\randula\Desktop
Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19019)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 48,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 71,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 140,92 Gb Total Space | 60,45 Gb Free Space | 42,89% Space Free | Partition Type: NTFS
Drive D: | 6,58 Gb Total Space | 0,74 Gb Free Space | 11,32% Space Free | Partition Type: NTFS
Drive E: | 1,55 Gb Total Space | 1,31 Gb Free Space | 84,19% Space Free | Partition Type: NTFS

Computer Name: HP-NOTEBOOK-PR | User Name: randula | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-972185092-1158475264-1021527904-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox 4.0 Beta 9\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{2543547F-9BF7-488D-8219-FCCBFC6784F9}" = lport=2869 | protocol=6 | dir=in | app=system |
"{45A6FA71-73D0-4F2F-9CE7-341081C2DA87}" = lport=5900 | protocol=6 | dir=in | name=realvnc |
"{52ED7D12-8190-45C5-82F1-BF6A4AE37ECA}" = rport=10243 | protocol=6 | dir=out | app=system |
"{56D18F1F-F0BE-46C9-8D95-3A45D35B6C0B}" = lport=49160 | protocol=6 | dir=in | name=akamai netsession interface |
"{5E040043-2C67-40D1-9E1C-13F271BA78D0}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{5EDE6343-04F7-4740-89F6-B42831A4CE6C}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6A146E36-02D2-498B-8B1A-EB643912264E}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{724806A7-FFBE-440F-8DE5-B88CEE7BCDA9}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{72C646AE-E7A8-4117-BC9C-8DC471D1B371}" = lport=5800 | protocol=6 | dir=in | name=vnc5800 |
"{7DEBB64B-EF43-4C06-9C75-57BE832997D6}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{8EAD341D-3C7E-41D6-BD5C-1E9B35E76E89}" = lport=49396 | protocol=6 | dir=in | name=akamai netsession interface |
"{8F04EE93-FCE2-4C57-9F3B-F4E49B741D46}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{AD9DF79A-3AB5-4BB4-9762-0811A0BB941F}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{EC989CEA-8422-4089-88FB-CFF0E9703EC9}" = lport=10243 | protocol=6 | dir=in | app=system |
"{F1359A55-7F68-4240-9369-26AEBB86BCCA}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{F6CC0B81-6DD8-4903-83ED-7BD6402B1638}" = lport=5900 | protocol=6 | dir=in | name=vnc5900 |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01910AE1-E7D8-4629-ACA2-73C16072C1C3}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{048195D0-1442-4424-AA71-E8CE76D932E2}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{06F6C140-EDF8-4573-947A-D58DD8CC6A96}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{0E5F1688-AA7B-44EC-BE44-86F6500DD191}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{1008CA17-522B-4D6F-A1DE-D877179CFC94}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{11702371-0B82-4B07-9F40-502D00AC947A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{119CC43F-A31A-41A0-88F8-A0CB7937A412}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{162FA356-931D-4A71-A366-BE5DA875C43D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{19CE8264-6DB1-441F-BDCD-3EA06090084D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{1CB9096E-EBDF-476E-9496-E3351E065825}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{22D9448B-75D5-44BE-8BD2-D3088411E339}" = protocol=17 | dir=in | app=c:\program files\mozilla.org\seamonkey\palmsyncinstall.exe |
"{2805BF3D-EB5E-4348-B1D7-6752AFD3AED4}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{2C9C5257-178C-4EBD-9CE8-086E2A2DE5CC}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3388D32F-93F3-4176-AD48-571E27CDD5D9}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{35632921-89A4-46C2-AA26-3E21CF21BF25}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{35E2F65B-F045-4C69-92BA-42C24638097D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{36190478-949A-49F6-B79E-2A33A0412FE1}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{374B4952-0DE4-4830-93E3-35C626C61B77}" = dir=in | app=c:\program files\avg\avg8\avgnsx.exe |
"{4B8E8920-FBB3-409E-ACEF-B46B0EC43A9E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{4E07BE2C-9B65-432B-8FC4-6E2728F7A8D5}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{4FB8A9E7-76DB-4351-B1E7-48F38D7B924B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{52676C99-7ED3-43C3-B57A-7E7BD4C41B25}" = protocol=6 | dir=out | app=system |
"{552164A9-7EE6-4890-8157-6BEDA0E2DCA2}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{55AAB44B-D95E-449D-9F70-3E91E5A44241}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{58148C6A-96E9-4321-87BD-DBF18CBE83B9}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{59E5DC01-629C-4C3A-B788-7F3DBA77AFAE}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{5C3EAC96-6E23-47A6-AD0E-B92C37B041B4}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{65290ADF-7765-4A3C-9266-F858BC7FD541}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{665AA0BE-F849-4D8A-8617-24E1F63ECD60}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{6AF8D702-6EB2-4C14-BE3F-659667424183}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{6B9F68DC-3ED3-46FE-BE34-CD519054C545}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6C4B447C-6723-4CC3-B905-07B2FAFE736F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{70BA5E7D-ECA9-4981-AE2E-203C288E0388}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{77C13AE2-15E8-4792-A92C-84D67C08738F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{77C41F2D-36E3-40EE-8F8B-55D8AD62F24E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{7AEAE4F4-E0F2-44BE-B3B2-2CD0077488FE}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7C498697-F23F-4414-8A0C-B3F5D2AED0A7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{8AB10357-F9C5-453D-BA25-FF5BFE8EB0DA}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{9162D36F-91A8-483D-B296-6AADC282D714}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{9184BC8F-6734-496A-8992-F27C80332BF1}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{94C135A3-7255-484D-98EE-2B092EC91498}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{96F9EEB9-7E5D-48ED-B1CC-A405780AF6D1}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{975A4438-C79E-40DC-A618-F48625924326}" = protocol=6 | dir=in | app=c:\program files\mozilla.org\seamonkey\palmsyncinstall.exe |
"{98B16E65-7DF7-488C-A4A9-6D4F311B513C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{9F119790-AAC5-4EB9-9710-80019080FEFD}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A04FE082-1A31-4359-AE15-4A365E0FB507}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A2D2F071-B209-4836-A4FD-89D981F33645}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A34828B2-5E2E-4336-BF1F-636A2AC7C1E3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A77D8BEF-7911-43D4-A1D0-6A345A31ABC9}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{AB0495C3-263A-40E0-A2A7-021E2259700D}" = protocol=17 | dir=in | app=c:\users\randula\appdata\local\temp\7zs31e.tmp\symnrt.exe |
"{AE8CFE44-F927-422F-99C1-093278B1E7AA}" = dir=in | app=c:\program files\avg\avg8\avgam.exe |
"{AEDF4BC1-FFF7-471B-9852-6E0B3A13423C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{AF8E554A-1C29-400F-81D4-439333254489}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B1AA016A-9BB7-47E8-AC68-A452D5874D42}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B262CF71-DE2E-4207-809F-38A963E86E99}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B4470E6B-33E3-48EB-B45D-73C87A570C27}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B4AF89DF-F015-4412-A58D-BA90A5717660}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B5A34253-755D-47E2-8998-3D21DACAA382}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{BDA97389-A01A-4FC8-897A-BB879C59F0DF}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{BDED35CD-1952-4ABA-AA0B-46F9EADE166D}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{BEF97FDC-9EA2-4E8E-A3F1-3CF648B68ECB}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C0B5B536-13F0-49B3-AE5E-23A3DAA9ADCA}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C1A350FF-3A26-4BFF-BB57-5231F7DC12BF}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C7C748F7-2BF5-4163-A613-E9BD81110712}" = protocol=17 | dir=in | app=c:\program files\ultravnc\winvnc.exe |
"{C938E33D-DCC7-4C8C-B1AB-E72190E7F8F0}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C93CCA29-6D7F-4463-840A-C6D59B8B20AB}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{CA56ADAD-3ECF-48F5-9195-DEC9FF83FD0D}" = protocol=6 | dir=in | app=c:\program files\ultravnc\winvnc.exe |
"{CE1B0F58-56C1-47C8-BBB2-6B85700AB9EA}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D0209AA8-B122-4698-83E9-ED41380BB924}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D0F04728-BF83-4968-84E3-382CA3A18C3F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D100387B-A512-499C-AC80-BAF8FDBBF82B}" = protocol=6 | dir=in | app=c:\users\randula\appdata\local\temp\7zs31e.tmp\symnrt.exe |
"{D2C18E0E-80D8-44C7-9763-FFC620FF75B4}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D5E73A0B-3EE4-4BD8-90A1-0088D4B05D2D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D7C2B86E-9537-4351-BF65-CCC7DF0DC8D2}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{DE208840-CD0A-42A7-8B0D-847732CEC41E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{DF618F5B-9570-4437-918E-00580CD659D7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{DFA3CFB6-8E16-401E-BDDB-52B1DACCBE33}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E0B4ED20-8D14-4530-BC27-D119264FB317}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E375D753-0877-4363-A59F-0D56D77A65BC}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E6658ED6-F608-4DCE-9D19-7419C26C6B97}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E76FE97C-8E54-4CF2-804A-E0B06093C4FE}" = dir=in | app=c:\program files\avg\avg8\avgupd.exe |
"{ED7BC1C6-5752-4997-9F43-FF0AB4ED4A0D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{EE371C29-AF58-43F2-BB63-6E9ACD79DABB}" = dir=in | app=c:\program files\avg\avg8\avgemc.exe |
"{F0F81DA3-ECE5-4A47-A49D-FDBE67D9F6CB}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{FA930F9E-39FC-4EE5-B96B-F41C2409C336}" = dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{FC6CF010-DF4F-4AD9-BFBD-E88A0DFD62D4}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{FE580EE3-B681-41F2-95E0-89583CE9EDCC}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"TCP Query User{0DEEEB61-8833-4951-98D3-D64C54D82522}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{1997FF03-C3AE-4C1F-97B2-C1ABEE3E05CD}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{29555225-5BA8-476B-B752-C38512CA72A7}C:\program files\qip infium\infium.exe" = protocol=6 | dir=in | app=c:\program files\qip infium\infium.exe |
"TCP Query User{5919F6FC-F31E-48D2-AA48-AFE0528AFCA4}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"TCP Query User{745CC5F5-7B18-4553-88FC-B7C207BA28CC}C:\program files\one instant messenger\one instant messenger.exe" = protocol=6 | dir=in | app=c:\program files\one instant messenger\one instant messenger.exe |
"TCP Query User{7D4F89D6-4766-450C-BD15-B8518B706E8F}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{B60DB148-D6B6-4185-850B-12A318491FB2}C:\program files\qip infium\infium.exe" = protocol=6 | dir=in | app=c:\program files\qip infium\infium.exe |
"TCP Query User{C96C8501-F34D-42CD-AA12-BF22FC6350B2}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{CFB28885-2C13-41A1-93BB-C7B4432B15E4}C:\program files\mozilla firefox 4.0 beta 9\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox 4.0 beta 9\plugin-container.exe |
"UDP Query User{40B1CDE0-F7CF-4482-858C-7F0F51599A24}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{42EAFA7E-13CA-4820-96B3-651A194486E2}C:\program files\qip infium\infium.exe" = protocol=17 | dir=in | app=c:\program files\qip infium\infium.exe |
"UDP Query User{5F22AF5A-FDBB-45D8-963A-9298E699209A}C:\program files\qip infium\infium.exe" = protocol=17 | dir=in | app=c:\program files\qip infium\infium.exe |
"UDP Query User{66E5B256-07E3-4842-9936-61D5B4476E05}C:\program files\mozilla firefox 4.0 beta 9\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox 4.0 beta 9\plugin-container.exe |
"UDP Query User{803C911A-1A0A-4757-98E9-6DF99E04770C}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{9CCC43B9-1A16-466E-B130-B3CDC1F6880A}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{E81A3C77-B122-4DD9-98AD-567CDC627311}C:\program files\one instant messenger\one instant messenger.exe" = protocol=17 | dir=in | app=c:\program files\one instant messenger\one instant messenger.exe |
"UDP Query User{F22D352F-9460-4476-8751-EA77AFB77255}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{FBDBD3A9-0B99-4AED-8C71-DEA40D9BA5E3}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00010405-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Professional
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{189B55AF-507A-4AF2-ABF4-AB7000094D63}" = BioAdmin Standalone 4.2
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20608BFA-6068-48FE-A410-400F2A124C27}" = Microsoft SQL Server Management Studio Express
"{20A1D306-CE83-492A-8525-D6DF50B5944A}" = Embedded Security for HP ProtectTools
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 17
"{26E20136-E332-4BC6-903F-ADDCAEE53263}" = ArCon 9 Profesionál
"{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition
"{29042B1C-0713-4575-B7CA-5C8E7B0899D4}" = MySQL Connector/ODBC 5.1
"{290B83AA-093A-45BF-A917-D1C4A1E8D917}" = HP Active Support Library
"{2952C529-2503-4C2F-BCBD-DE7093C27C2C}" = AEC creative : FaMaDa pro ArCon 1.0 CZ
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
"{2DB165DC-DDB4-403F-B985-19F3EC7D0357}" = HP ProtectTools Security Manager
"{2DC9E3BC-441B-4481-B26F-4A3D85808298}" = HP MULTIPLE WLAN INSTALLER for VISTA
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{30FFDE17-1663-1F04-0043-C9D728962CCF}" = Objednávky dvířek Trachea
"{30FFDE17-1663-4FC2-B831-C9D728962CCF}" = Objednávání dvířek Trachea
"{3248F0A8-6813-11D6-A77B-00B0D0150110}" = J2SE Runtime Environment 5.0 Update 11
"{33C65B6A-5D73-4E3E-A1F9-127C27BD3F72}" = Roxio MyDVD Basic v9
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.20 F2
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
"{36D67DC1-F6D5-4058-B973-31865FD12580}_is1" = Lock Plate Planner 1.5 EN
"{3912A629-0020-0005-3131-2FBA74D4DF0A}" = InterVideo WinDVD
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{3F9F7336-6DF8-476F-ABF6-C70A17FAF619}" = Instalátor programu HP Backup & Recovery Manager
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{45A136EC-88BF-4B95-99F5-C45D3930E1CC}" = HP MULTIPLE MODEM INSTALLER for VISTA
"{4F3614C4-0634-4F39-B7C0-02CA72F0526D}" = ESU for Microsoft Vista
"{521F72F4-FFE4-4959-AA88-EED06125211F}" = HP Notebook Accessories Product Tour
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{556EEE74-6788-4292-8252-8B17E2C7952A}" = Photosynth 2.0.1403.5
"{55B52830-024A-443E-AF61-61E1E71AFA1B}" = Device Access Manager for HP ProtectTools
"{5783F2D6-7028-0409-0000-0060B0CE6BBA}" = DWG TrueView 2009
"{584B0895-8EF3-4175-8E80-1B68BFA04636}" = HP Help and Support
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C853 Driver Ver.1.00.02
"{5D97A4A7-C274-4B63-86D9-07A33435F505}" = InterVideo DVD Check
"{5E65E94D-69F2-4850-9E93-6459C53A0F50}" = Microsoft .NET Framework 1.1 Czech Language Pack
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent
"{69333A04-5134-40A5-A055-9166A7AA1EC8}" =
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{7036A6F4-5DAD-3908-956D-1752CD7F7E5A}" = Microsoft .NET Framework 4 Client Profile CSY Language Pack
"{70CEFEBA-F757-4DBE-8A21-027C326137CE}" = Application Installer 4.00.B13
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}" = Microsoft SQL Server Native Client
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{774088D4-0777-4D78-904D-E435B318F5D2}" = Microsoft Antimalware
"{77A776C4-D10F-416D-88F0-53F2D9DCD9B3}" = Microsoft Security Client
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{859B9BCA-5376-4566-9F88-C6C9DAA7A925}" = Microsoft Security Client CS-CZ Language Pack
"{87212E16-7BA8-45AD-B66D-0F8C9A52F83A}" = aec creative : CAMINUS pro ArCon 1.1 CZ
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D20B4D7-3422-4099-9332-39F27E617A6F}" = Autodesk Design Review 2011
"{8F420AB9-1E77-4CF9-B559-EDADA1CD5A59}" = aec creative : TILER pro ArCon 2.2 CZ
"{8FD6931B-2E3E-48F9-87C4-D247DB52C7FE}" = Vista Default Settings
"{911B0405-6000-11D3-8CFE-0050048383C9}" = Microsoft Word 2002
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9DA5B72E-219D-4A40-826B-5D4570A8757E}" = aec creative : FAMADA pro ArCon 1.0 CZ
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB40272D-92AB-4F30-B36B-22EDE16F8FE5}" = HP Update
"{AB5E289E-76BF-4251-9F3F-9B763F681AE0}" = HP Customer Experience Enhancements
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.2
"{AC76BA86-7AD7-2447-0000-800000000003}" = Chinese Simplified Fonts Support For Adobe Reader 8
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{AC76BA86-7AD7-5760-0000-800000000003}" = Japanese Fonts Support For Adobe Reader 8
"{AFAC4AF7-C3E4-4E15-8118-18CD0896DF3B}" = MySQL Server 5.1
"{B376772A-1160-43BF-B15B-7A794A4C2A6E}" = Makro soupiska 2 pro ArCon 9
"{B9F9C536-ECF3-399F-A57B-84378144B91E}" = O3D Plugin
"{BB83E624-F15E-416E-A6DB-2C5245AE90D2}" = O2CPlayerAC
"{BBE5C83E-4DC5-494F-8A23-3AAE242E94C2}" = HP Easy Setup - Frontend
"{BE41F3D2-FC73-4C3E-A2C2-5D2B08A5B2D0}" = Credential Manager for HP ProtectTools
"{BE8BE32F-F595-4693-9F82-1E0A5A047BB6}" = OpenOffice.org 3.0
"{C74D0FA0-1D49-464F-A707-B427EE3385C1}" = BIOS Configuration for HP ProtectTools
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator Basic v9
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2AFD577-8CF5-37F4-A4CF-32BEE91CB9C8}" = O3D Extras
"{D32067CD-7409-4792-BFA0-1469BCD8F0C8}" = HP Wireless Assistant
"{D485DCBB-DBBE-4E47-B7F4-250F87A7B629}" = Google AdWords Editor
"{D9B4D7EE-481C-4C36-86AB-A8F7417725FF}" = LightScribe 1.6.43.1
"{DC47022F-8FD7-411C-878F-3EAEFCFED480}" = HD Tach
"{DC60D812-119D-4E37-893B-CD1A9300D254}" = LBCS - cenová nabídka
"{DD42CAE3-FADD-4B36-95B1-E1CB75BCD364}" = HP User Guides 0074
"{DD73CA82-EA82-38AA-863D-9A24A018DC96}" = Microsoft .NET Framework 3.5 Language Pack SP1 - csy
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.0
"{E7084B89-69E0-46B3-A118-8F99D06988CD}" = Microsoft SQL Server VSS Writer
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F18DB86D-BC16-4E01-BCCE-63F62B931D82}" = InterVideo Register Manager
"{F2620FDC-8D31-4BA3-B003-89B8FFE9EDCF}" = MSCU for Microsoft Vista
"{F6197679-051D-4E3E-9757-4D5CDA6D658B}" = Microsoft Antimalware Service CS-CZ Language Pack
"{F843AC27-704C-4731-A590-F57841B488F2}" = Drive Encryption for HP ProtectTools
"{F94234DB-FD06-42C3-B88D-6FC4DC9F988C}" = HP Easy Setup - Core
"{FAB0C302-CB18-4A7A-BA03-C3DC23101A68}" = HP Active Support Library 32 bit components
"{FBC87420-CEB6-4FE4-91E6-4178FB3ADD65}_is1" = aec creative : KUCHYŇ pro ArCon 4.3 CZ
"{FC17899A-5FD9-4A98-A5CB-8558F7FB32BB}" = HP 3D DriveGuard
"602XMLFiller_CAB" = 602XML Filler rozšíření pro Internet Explorer
"Accessibility Toolbar_is1" = Web Accessibility Toolbar 2.0
"ActiveTouchMeetingClient" = WebEx
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AEC-DATA Bramac 01-2008_is1" = AEC-DATA Bramac 01-2008
"AEC-DATA IRŘ 04-2008_is1" = AEC-DATA IRŘ 04-2008
"AEC-DATA Obecné objekty 10-2008_is1" = AEC-DATA Obecné objekty 10-2008
"AEC-DATA Office Pro 9/2009_is1" = AEC-DATA Office Pro 9/2009
"AEC-DATA SAPELI 12/2010_is1" = AEC-DATA SAPELI 12/2010
"Agenda" = Agenda
"Akamai" = Akamai NetSession Interface
"ArchAngle for Velox Systems_is1" = ArchAngle DEMO
"Autodesk Design Review 2011" = Autodesk Design Review 2011
"BDE 5" = BDE 5
"Borland Database Engine Setup" = Borland Database Engine Setup
"Broadcom 802.11b Network Adapter" = Broadcom 802.11 Wireless LAN Adapter
"BroadGun pdfMachine" = BroadGun pdfMachine
"CCleaner" = CCleaner
"CNXT_MODEM_PCI_VEN_14F1&DEV_2C06_hpZ1379z" = Soft Data Fax Modem with SmartCP
"Databáze pro TILER : LB 01-2009_is1" = Databáze pro TILER : LB 01-2009
"DUA1" = Domácí učitel angličtiny 1 (odstranění)
"DWG TrueView 2009" = DWG TrueView 2009
"FileZilla Client" = FileZilla Client 3.3.5.1
"HECI" = Intel(R) Management Engine Interface
"icapkitool" = I.CA icapki
"InstallShield_{189B55AF-507A-4AF2-ABF4-AB7000094D63}" = BioAdmin Standalone 4.2
"InstallShield_{26E20136-E332-4BC6-903F-ADDCAEE53263}" = ArCon 9 Profesionál
"InstallShield_{2952C529-2503-4C2F-BCBD-DE7093C27C2C}" = AEC creative : FaMaDa pro ArCon 1.0 CZ
"InstallShield_{87212E16-7BA8-45AD-B66D-0F8C9A52F83A}" = aec creative : CAMINUS pro ArCon 1.1 CZ
"InstallShield_{8F420AB9-1E77-4CF9-B559-EDADA1CD5A59}" = aec creative : TILER pro ArCon 2.2 CZ
"InstallShield_{9DA5B72E-219D-4A40-826B-5D4570A8757E}" = aec creative : FAMADA pro ArCon 1.0 CZ
"InstallShield_{B376772A-1160-43BF-B15B-7A794A4C2A6E}" = Makro soupiska 2 pro ArCon 9
"InstallShield_{BB83E624-F15E-416E-A6DB-2C5245AE90D2}" = O2CPlayerAC
"InstallShield_{DC60D812-119D-4E37-893B-CD1A9300D254}" = LBCS - cenová nabídka
"IrfanView" = IrfanView (remove only)
"MESOL" = Intel(R) Active Management Technology Device Software
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - csy" = Microsoft .NET Framework 3.5 SP1 – jazyková sada – CSY
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile CSY Language Pack" = Microsoft .NET Framework 4 Client Profile CSY Language Pack
"Microsoft Security Client" = Microsoft Security Essentials
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"Mozilla Firefox 4.0b11 (x86 cs)" = Mozilla Firefox 4.0b11 (x86 cs)
"Mozilla Sunbird (0.7)" = Mozilla Sunbird (0.7)
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"O2CZ" = O2
"OpenSSL_is1" = OpenSSL 0.9.8d
"OpenVPN" = OpenVPN 2.0.9-gui-1.0.3
"PDF Complete" = PDF Complete
"PROSet" = Intel(R) PRO Network Connections Drivers
"RealPlayer 6.0" = RealPlayer
"SeaMonkey (1.1.17)" = SeaMonkey (1.1.17)
"SeaMonkey (2.0.11)" = SeaMonkey (2.0.11)
"SOFTconsult screensaver 2_is1" = SOFTconsult screensaver 2
"SPIRIT 2010_is1" = SPIRIT 2010
"Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.4
"SQLyog Community" = SQLyog Community 8.05
"Syncrosoft's License Control" = Syncrosoft's License Control
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"SystemRequirementsLab" = System Requirements Lab
"ViewletCam2_is1" = ViewletCam2
"WinRAR archiver" = WinRAR

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-972185092-1158475264-1021527904-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BogFran Designer" = BogFran Designer
"Domestav Architekt" = Domestav Architekt
"QIP Infium" = QIP Infium 3.0.9042
"Sweet Home 3D" = Sweet Home 3D

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 13.2.2011 12:40:25 | Computer Name = HP-notebook-PR | Source = Windows Search Service | ID = 3013
Description =

Error - 13.2.2011 12:40:25 | Computer Name = HP-notebook-PR | Source = Windows Search Service | ID = 3013
Description =

Error - 13.2.2011 12:40:26 | Computer Name = HP-notebook-PR | Source = Windows Search Service | ID = 3013
Description =

Error - 13.2.2011 12:40:26 | Computer Name = HP-notebook-PR | Source = Windows Search Service | ID = 3013
Description =

Error - 13.2.2011 12:40:26 | Computer Name = HP-notebook-PR | Source = Windows Search Service | ID = 3013
Description =

Error - 13.2.2011 12:40:26 | Computer Name = HP-notebook-PR | Source = Windows Search Service | ID = 3013
Description =

Error - 13.2.2011 12:40:26 | Computer Name = HP-notebook-PR | Source = Windows Search Service | ID = 3013
Description =

Error - 13.2.2011 12:40:26 | Computer Name = HP-notebook-PR | Source = Windows Search Service | ID = 3013
Description =

Error - 13.2.2011 16:29:12 | Computer Name = HP-notebook-PR | Source = Intel(R) AMT | ID = 2002
Description = [UNS] Failed to subscribe to local Intel(R) AMT.

Error - 13.2.2011 16:29:21 | Computer Name = HP-notebook-PR | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

[ Credential Manager Events ]
Error - 27.11.2007 7:16:45 | Computer Name = HP-notebook-PR | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected. User: randula@HP-NOTEBOOK-PR
Credentials:
Password Error: (0xC516020B) The system could not log you on. Verify your user
name and domain are correct and then type your password again. Letters in passwords
must be typed using the correct case. Verify that Caps Lock is off.

Error - 9.1.2008 10:41:09 | Computer Name = HP-notebook-PR | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected. User: randula@HP-NOTEBOOK-PR
Credentials:
Password Error: (0xC516020B) The system could not log you on. Verify your user
name and domain are correct and then type your password again. Letters in passwords
must be typed using the correct case. Verify that Caps Lock is off.

Error - 27.1.2008 6:25:38 | Computer Name = HP-notebook-PR | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected. User: randula@HP-NOTEBOOK-PR
Credentials:
Password Error: (0xC516020B) The system could not log you on. Verify your user
name and domain are correct and then type your password again. Letters in passwords
must be typed using the correct case. Verify that Caps Lock is off.

Error - 3.3.2008 5:04:05 | Computer Name = HP-notebook-PR | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected. User: randula@HP-NOTEBOOK-PR
Credentials:
Password Error: (0xC516020B) The system could not log you on. Verify your user
name and domain are correct and then type your password again. Letters in passwords
must be typed using the correct case. Verify that Caps Lock is off.

Error - 7.4.2008 8:17:04 | Computer Name = HP-notebook-PR | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected. User: randula@HP-NOTEBOOK-PR
Credentials:
Password Error: (0xC516020B) The system could not log you on. Verify your user
name and domain are correct and then type your password again. Letters in passwords
must be typed using the correct case. Verify that Caps Lock is off.

Error - 13.4.2008 8:33:30 | Computer Name = HP-notebook-PR | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected. User: randula@HP-NOTEBOOK-PR
Credentials:
Password Error: (0xC516020B) The system could not log you on. Verify your user
name and domain are correct and then type your password again. Letters in passwords
must be typed using the correct case. Verify that Caps Lock is off.

Error - 7.5.2008 14:43:32 | Computer Name = HP-notebook-PR | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected. User: randula@HP-NOTEBOOK-PR
Credentials:
Password Error: (0xC516020B) The system could not log you on. Verify your user
name and domain are correct and then type your password again. Letters in passwords
must be typed using the correct case. Verify that Caps Lock is off.

Error - 20.5.2008 2:25:48 | Computer Name = HP-notebook-PR | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected. User: randula@HP-NOTEBOOK-PR
Credentials:
Password Error: (0xC516020B) The system could not log you on. Verify your user
name and domain are correct and then type your password again. Letters in passwords
must be typed using the correct case. Verify that Caps Lock is off.

Error - 11.6.2008 7:49:41 | Computer Name = HP-notebook-PR | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected. User: randula@HP-NOTEBOOK-PR
Credentials:
Password Error: (0xC516020B) The system could not log you on. Verify your user
name and domain are correct and then type your password again. Letters in passwords
must be typed using the correct case. Verify that Caps Lock is off.

Error - 16.11.2008 12:49:38 | Computer Name = HP-notebook-PR | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected. User: randula@HP-NOTEBOOK-PR
Credentials:
Password Error: (0xC516020B) The system could not log you on. Verify your user
name and domain are correct and then type your password again. Letters in passwords
must be typed using the correct case. Verify that Caps Lock is off.

[ System Events ]
Error - 12.2.2011 16:25:04 | Computer Name = HP-notebook-PR | Source = EventLog | ID = 6008
Description = Předchozí vypnutí systému (21:19:50, 12.2.2011) bylo neočekávané.

Error - 13.2.2011 12:12:13 | Computer Name = HP-notebook-PR | Source = Service Control Manager | ID = 7034
Description =

Error - 13.2.2011 12:12:36 | Computer Name = HP-notebook-PR | Source = Service Control Manager | ID = 7034
Description =

Error - 13.2.2011 12:12:38 | Computer Name = HP-notebook-PR | Source = Service Control Manager | ID = 7030
Description =

Error - 13.2.2011 12:28:56 | Computer Name = HP-notebook-PR | Source = Service Control Manager | ID = 7030
Description =

Error - 13.2.2011 12:29:12 | Computer Name = HP-notebook-PR | Source = Service Control Manager | ID = 7030
Description =

Error - 13.2.2011 12:37:32 | Computer Name = HP-notebook-PR | Source = Microsoft Antimalware | ID = 2004
Description = %%860 – došlo k chybě při načítání podpisů; bude proveden pokus o
vrácení k poslední funkční sadě podpisů. Pokus o načtení podpisů: %%824 Kód chyby:
0x80070002 Popis chyby: Systém nemůže nalézt uvedený soubor. Verze podpisu: 0.0.0.0;0.0.0.0

Verze
stroje: 0.0.0.0

Error - 13.2.2011 16:29:30 | Computer Name = HP-notebook-PR | Source = Microsoft Antimalware | ID = 3002
Description = %%860 – funkce ochrany v reálném čase selhala z důvodu chyby. Funkce:
%%835 Kód chyby: 0x80004005 Popis chyby: Nespecifikovaná chyba Důvod: %%842

< End of report >

scuser · #15 Příspěvek od **scuser** » 13 úno 2011 22:38

OTL.txt je moc velký. Jak ho mám poslat ?

VIRY.CZ

Problém s odstraněním "Olmarik trojský kůň"

Problém s odstraněním "Olmarik trojský kůň"

Re: Problém s odstraněním "Olmarik trojský kůň"

Re: Problém s odstraněním "Olmarik trojský kůň"

Re: Problém s odstraněním "Olmarik trojský kůň"

Re: Problém s odstraněním "Olmarik trojský kůň"

Re: Problém s odstraněním "Olmarik trojský kůň"

Re: Problém s odstraněním "Olmarik trojský kůň"

Re: Problém s odstraněním "Olmarik trojský kůň"

Re: Problém s odstraněním "Olmarik trojský kůň"

Re: Problém s odstraněním "Olmarik trojský kůň"

Re: Problém s odstraněním "Olmarik trojský kůň"

Re: Problém s odstraněním "Olmarik trojský kůň"

Re: Problém s odstraněním "Olmarik trojský kůň"

Re: Problém s odstraněním "Olmarik trojský kůň"

Re: Problém s odstraněním "Olmarik trojský kůň"