VIRY.CZ

nakoniec scan zbehol cely aj v normalnom mode, tu je log:

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-04-19 11:11:49
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\Owner\LOCALS~1\Temp\pgtdrpow.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwAdjustPrivilegesToken [0xB0DAFBDA]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwConnectPort [0xB0DAF1B8]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateFile [0xB0DAF840]
SSDT BA77C506 ZwCreateKey
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreatePort [0xB0DAF09A]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateSection [0xB0DB106A]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateSymbolicLinkObject [0xB0DB1302]
SSDT BA77C4FC ZwCreateThread
SSDT BA77C50B ZwDeleteKey
SSDT BA77C515 ZwDeleteValueKey
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwDuplicateObject [0xB0DAEA92]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwLoadDriver [0xB0DB0CEC]
SSDT BA77C51A ZwLoadKey
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwMakeTemporaryObject [0xB0DAF43C]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenFile [0xB0DAFA1C]
SSDT BA77C4E8 ZwOpenProcess
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenSection [0xB0DAF6CC]
SSDT BA77C4ED ZwOpenThread
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwRenameKey [0xB0DB0720]
SSDT BA77C524 ZwReplaceKey
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwRequestWaitReplyPort [0xB0DB1648]
SSDT BA77C51F ZwRestoreKey
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSecureConnectPort [0xB0DB0A88]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSetSecurityObject [0xB0DAFDC0]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSetSystemInformation [0xB0DB0E9A]
SSDT BA77C510 ZwSetValueKey
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwShutdownSystem [0xB0DAF3D6]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSystemDebugControl [0xB0DAF5C0]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwTerminateProcess [0xB0DAEF64]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwTerminateThread [0xB0DAEE32]
SSDT \??\C:\WINDOWS\system32\Drivers\uphcleanhlp.sys ZwUnloadKey [0xADAA56D0]

INT 0x01 \SystemRoot\system32\DRIVERS\ati2mtag.sys (ATI Radeon WindowsNT Miniport Driver/ATI Technologies Inc.) B9B9E59A
INT 0x03 \SystemRoot\system32\DRIVERS\ati2mtag.sys (ATI Radeon WindowsNT Miniport Driver/ATI Technologies Inc.) B9B9E655

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwCallbackReturn + 2CE0 8050457C 4 Bytes JMP CD9CB0DA
.text ntkrnlpa.exe!ZwCallbackReturn + 2DB8 80504654 4 Bytes CALL B70ABE1D
.text C:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xB9A20000, 0x17D80E, 0xE8000020]
? C:\WINDOWS\system32\Drivers\uphcleanhlp.sys Systém nemôže nájst zadaný súbor. !

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1288] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 0040FD50 C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO Internet Security/COMODO)
.text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2880] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 0050E060 C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
.text C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[2956] USER32.dll!DefWindowProcA + 11A 7E42C298 7 Bytes JMP 10031D10 C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
.text C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[2956] USER32.dll!SetWindowRgn + 2BD 7E42E7E5 7 Bytes JMP 10031C80 C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
.text C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[2956] USER32.dll!SetClipboardData + 19D 7E43113B 7 Bytes JMP 10031CF0 C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Spoon\3.14.0.5\Spoon-Sandbox.exe[3792] ntdll.dll!NtAreMappedFilesTheSame 7C90CF7E 5 Bytes JMP 006295DC
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Spoon\3.14.0.5\Spoon-Sandbox.exe[3792] ntdll.dll!NtCancelIoFile 7C90CFBE 5 Bytes JMP 0062A45A
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Spoon\3.14.0.5\Spoon-Sandbox.exe[3792] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 00628AD1
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Spoon\3.14.0.5\Spoon-Sandbox.exe[3792] ntdll.dll!NtCompactKeys 7C90D00E 5 Bytes JMP 00631BF2
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Spoon\3.14.0.5\Spoon-Sandbox.exe[3792] ntdll.dll!NtCompressKey 7C90D03E 5 Bytes JMP 00631B6F
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Spoon\3.14.0.5\Spoon-Sandbox.exe[3792] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 0062A3B9
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Spoon\3.14.0.5\Spoon-Sandbox.exe[3792] ntdll.dll!NtCreateKey 7C90D0EE 5 Bytes JMP 00631AB7
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Spoon\3.14.0.5\Spoon-Sandbox.exe[3792] ntdll.dll!NtCreateMailslotFile 7C90D0FE 5 Bytes JMP 0062A321
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Spoon\3.14.0.5\Spoon-Sandbox.exe[3792] ntdll.dll!NtCreateNamedPipeFile 7C90D11E 5 Bytes JMP 0062A277
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Spoon\3.14.0.5\Spoon-Sandbox.exe[3792] ntdll.dll!NtCreatePagingFile 7C90D12E 5 Bytes JMP 0062A1EB
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Spoon\3.14.0.5\Spoon-Sandbox.exe[3792] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00626BCE
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Spoon\3.14.0.5\Spoon-Sandbox.exe[3792] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 00626B33
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Spoon\3.14.0.5\Spoon-Sandbox.exe[3792] ntdll.dll!NtCreateSection 7C90D17E 5 Bytes JMP 00630961
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Spoon\3.14.0.5\Spoon-Sandbox.exe[3792] ntdll.dll!NtCreateThread 7C90D1AE 5 Bytes JMP 006269FA
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Spoon\3.14.0.5\Spoon-Sandbox.exe[3792] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 0062A168
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Spoon\3.14.0.5\Spoon-Sandbox.exe[3792] ntdll.dll!NtDeleteKey 7C90D24E 5 Bytes JMP 00631A1F
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Spoon\3.14.0.5\Spoon-Sandbox.exe[3792] ntdll.dll!NtDeleteValueKey 7C90D26E 5 Bytes JMP 00631999
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Spoon\3.14.0.5\Spoon-Sandbox.exe[3792] ntdll.dll!NtDeviceIoControlFile 7C90D27E 5 Bytes JMP 0062A0CA
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Spoon\3.14.0.5\Spoon-Sandbox.exe[3792] ntdll.dll!NtDuplicateObject 7C90D29E 5 Bytes JMP 00628A3C
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Spoon\3.14.0.5\Spoon-Sandbox.exe[3792] ntdll.dll!NtEnumerateKey 7C90D2CE 5 Bytes JMP 00631907
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Spoon\3.14.0.5\Spoon-Sandbox.exe[3792] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 00631875
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Spoon\3.14.0.5\Spoon-Sandbox.exe[3792] ntdll.dll!NtExtendSection 7C90D2FE 5 Bytes JMP 006308DB
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Spoon\3.14.0.5\Spoon-Sandbox.exe[3792] ntdll.dll!NtFlushBuffersFile 7C90D32E 5 Bytes JMP 0062A044
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Spoon\3.14.0.5\Spoon-Sandbox.exe[3792] ntdll.dll!NtFlushKey 7C90D34E 5 Bytes JMP 006317F2
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Spoon\3.14.0.5\Spoon-Sandbox.exe[3792] ntdll.dll!NtFsControlFile 7C90D39E 5 Bytes JMP 00629FA6
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Spoon\3.14.0.5\Spoon-Sandbox.exe[3792] ntdll.dll!NtLoadKey 7C90D47E 5 Bytes JMP 0063176C
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Spoon\3.14.0.5\Spoon-Sandbox.exe[3792] ntdll.dll!NtLoadKey2 7C90D48E 5 Bytes JMP 006316E3
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Spoon\3.14.0.5\Spoon-Sandbox.exe[3792] ntdll.dll!NtLockFile 7C90D49E 5 Bytes JMP 00629F08
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Spoon\3.14.0.5\Spoon-Sandbox.exe[3792] ntdll.dll!NtLockRegistryKey 7C90D4BE 5 Bytes JMP 006315D4
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Spoon\3.14.0.5\Spoon-Sandbox.exe[3792] ntdll.dll!NtMakeTemporaryObject 7C90D4EE 5 Bytes JMP 006289B9
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Spoon\3.14.0.5\Spoon-Sandbox.exe[3792] ntdll.dll!NtMapViewOfSection 7C90D51E 5 Bytes JMP 0063083D
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Spoon\3.14.0.5\Spoon-Sandbox.exe[3792] ntdll.dll!NtNotifyChangeDirectoryFile 7C90D53E 5 Bytes JMP 00629E6D
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Spoon\3.14.0.5\Spoon-Sandbox.exe[3792] ntdll.dll!NtNotifyChangeKey 7C90D54E 5 Bytes JMP 00631536
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Spoon\3.14.0.5\Spoon-Sandbox.exe[3792] ntdll.dll!NtNotifyChangeMultipleKeys 7C90D55E 5 Bytes JMP 00631492
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Spoon\3.14.0.5\Spoon-Sandbox.exe[3792] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 0062A503
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Spoon\3.14.0.5\Spoon-Sandbox.exe[3792] ntdll.dll!NtOpenKey 7C90D5CE 5 Bytes JMP 00631409
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Spoon\3.14.0.5\Spoon-Sandbox.exe[3792] ntdll.dll!NtOpenSection 7C90D62E 5 Bytes JMP 006307B4
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Spoon\3.14.0.5\Spoon-Sandbox.exe[3792] ntdll.dll!NtQueryAttributesFile 7C90D70E 5 Bytes JMP 00629DE7
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Spoon\3.14.0.5\Spoon-Sandbox.exe[3792] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00629D46
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Spoon\3.14.0.5\Spoon-Sandbox.exe[3792] ntdll.dll!NtQueryEaFile 7C90D78E 5 Bytes JMP 00629CAB
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Spoon\3.14.0.5\Spoon-Sandbox.exe[3792] ntdll.dll!NtQueryFullAttributesFile 7C90D7AE 5 Bytes JMP 00629C25
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Spoon\3.14.0.5\Spoon-Sandbox.exe[3792] ntdll.dll!NtQueryInformationFile 7C90D7CE 5 Bytes JMP 00629B96
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Spoon\3.14.0.5\Spoon-Sandbox.exe[3792] ntdll.dll!NtQueryKey 7C90D85E 5 Bytes JMP 006312EE
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Spoon\3.14.0.5\Spoon-Sandbox.exe[3792] ntdll.dll!NtQueryMultipleValueKey 7C90D86E 5 Bytes JMP 0063125C
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Spoon\3.14.0.5\Spoon-Sandbox.exe[3792] ntdll.dll!NtQueryObject 7C90D88E 5 Bytes JMP 0062892A
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Spoon\3.14.0.5\Spoon-Sandbox.exe[3792] ntdll.dll!NtQueryOpenSubKeys 7C90D89E 5 Bytes JMP 006311D6
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Spoon\3.14.0.5\Spoon-Sandbox.exe[3792] ntdll.dll!NtQueryQuotaInformationFile 7C90D8BE 5 Bytes JMP 00629541
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Spoon\3.14.0.5\Spoon-Sandbox.exe[3792] ntdll.dll!NtQuerySection 7C90D8CE 5 Bytes JMP 00630725
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Spoon\3.14.0.5\Spoon-Sandbox.exe[3792] ntdll.dll!NtQuerySecurityObject 7C90D8DE 5 Bytes JMP 0062861C
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Spoon\3.14.0.5\Spoon-Sandbox.exe[3792] ntdll.dll!NtQueryValueKey 7C90D96E 5 Bytes JMP 006310B8
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Spoon\3.14.0.5\Spoon-Sandbox.exe[3792] ntdll.dll!NtQueryVirtualMemory 7C90D97E 5 Bytes JMP 0063060D
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Spoon\3.14.0.5\Spoon-Sandbox.exe[3792] ntdll.dll!NtQueryVolumeInformationFile 7C90D98E 5 Bytes JMP 00629B07
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Spoon\3.14.0.5\Spoon-Sandbox.exe[3792] ntdll.dll!NtReadFile 7C90D9CE 5 Bytes JMP 00629A6C
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Spoon\3.14.0.5\Spoon-Sandbox.exe[3792] ntdll.dll!NtReadFileScatter 7C90D9DE 5 Bytes JMP 006299D1
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Spoon\3.14.0.5\Spoon-Sandbox.exe[3792] ntdll.dll!NtRenameKey 7C90DA5E 5 Bytes JMP 00631032
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Spoon\3.14.0.5\Spoon-Sandbox.exe[3792] ntdll.dll!NtReplaceKey 7C90DA6E 5 Bytes JMP 00630FA9
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Spoon\3.14.0.5\Spoon-Sandbox.exe[3792] ntdll.dll!NtRestoreKey 7C90DB1E 5 Bytes JMP 00630F20
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Spoon\3.14.0.5\Spoon-Sandbox.exe[3792] ntdll.dll!NtSaveKey 7C90DB4E 5 Bytes JMP 00630E9A
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Spoon\3.14.0.5\Spoon-Sandbox.exe[3792] ntdll.dll!NtSaveKeyEx 7C90DB5E 5 Bytes JMP 00630E11
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Spoon\3.14.0.5\Spoon-Sandbox.exe[3792] ntdll.dll!NtSaveMergedKeys 7C90DB6E 5 Bytes JMP 00630D88
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Spoon\3.14.0.5\Spoon-Sandbox.exe[3792] ntdll.dll!NtSetEaFile 7C90DBFE 5 Bytes JMP 00629945
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Spoon\3.14.0.5\Spoon-Sandbox.exe[3792] ntdll.dll!NtSetInformationFile 7C90DC5E 5 Bytes JMP 006298B6
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Spoon\3.14.0.5\Spoon-Sandbox.exe[3792] ntdll.dll!NtSetInformationKey 7C90DC7E 5 Bytes JMP 00630CFC
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Spoon\3.14.0.5\Spoon-Sandbox.exe[3792] ntdll.dll!NtSetInformationObject 7C90DC8E 5 Bytes JMP 0062889E
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Spoon\3.14.0.5\Spoon-Sandbox.exe[3792] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 0062696E
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Spoon\3.14.0.5\Spoon-Sandbox.exe[3792] ntdll.dll!NtSetQuotaInformationFile 7C90DD1E 5 Bytes JMP 006294B5
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Spoon\3.14.0.5\Spoon-Sandbox.exe[3792] ntdll.dll!NtSetSecurityObject 7C90DD2E 5 Bytes JMP 00628593
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Spoon\3.14.0.5\Spoon-Sandbox.exe[3792] ntdll.dll!NtSetValueKey 7C90DDCE 5 Bytes JMP 00630C55
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Spoon\3.14.0.5\Spoon-Sandbox.exe[3792] ntdll.dll!NtSetVolumeInformationFile 7C90DDDE 5 Bytes JMP 00629827
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Spoon\3.14.0.5\Spoon-Sandbox.exe[3792] ntdll.dll!NtSignalAndWaitForSingleObject 7C90DDFE 5 Bytes JMP 00628811
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Spoon\3.14.0.5\Spoon-Sandbox.exe[3792] ntdll.dll!NtTerminateProcess 7C90DE6E 5 Bytes JMP 0062782D
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Spoon\3.14.0.5\Spoon-Sandbox.exe[3792] ntdll.dll!NtTranslateFilePath 7C90DEAE 5 Bytes JMP 00629429
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Spoon\3.14.0.5\Spoon-Sandbox.exe[3792] ntdll.dll!NtUnloadKey 7C90DECE 5 Bytes JMP 00630BD2
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Spoon\3.14.0.5\Spoon-Sandbox.exe[3792] ntdll.dll!NtUnloadKeyEx 7C90DEDE 5 Bytes JMP 00630AC6
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Spoon\3.14.0.5\Spoon-Sandbox.exe[3792] ntdll.dll!NtUnlockFile 7C90DEEE 5 Bytes JMP 00629798
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Spoon\3.14.0.5\Spoon-Sandbox.exe[3792] ntdll.dll!NtUnmapViewOfSection 7C90DF0E 5 Bytes JMP 0063069F
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Spoon\3.14.0.5\Spoon-Sandbox.exe[3792] ntdll.dll!NtWaitForMultipleObjects 7C90DF3E 5 Bytes JMP 0062873F
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Spoon\3.14.0.5\Spoon-Sandbox.exe[3792] ntdll.dll!NtWaitForSingleObject 7C90DF4E 5 Bytes JMP 006286AB
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Spoon\3.14.0.5\Spoon-Sandbox.exe[3792] ntdll.dll!NtWriteFile 7C90DF7E 5 Bytes JMP 006296FD
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Spoon\3.14.0.5\Spoon-Sandbox.exe[3792] ntdll.dll!NtWriteFileGather 7C90DF8E 5 Bytes JMP 00629662
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Spoon\3.14.0.5\Spoon-Sandbox.exe[3792] ntdll.dll!LdrGetDllHandle 7C915FB0 5 Bytes JMP 00626E38
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Spoon\3.14.0.5\Spoon-Sandbox.exe[3792] ntdll.dll!LdrShutdownThread 7C9358DA 5 Bytes JMP 00626DAE
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Spoon\3.14.0.5\Spoon-Sandbox.exe[3792] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 00627C50
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Spoon\3.14.0.5\Spoon-Sandbox.exe[3792] kernel32.dll!GetCommandLineA 7C812FBD 5 Bytes JMP 00626D5F
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Spoon\3.14.0.5\Spoon-Sandbox.exe[3792] kernel32.dll!CreateActCtxW 7C8154FC 5 Bytes JMP 00623DFA
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Spoon\3.14.0.5\Spoon-Sandbox.exe[3792] kernel32.dll!QueryActCtxW 7C81637B 5 Bytes JMP 00623EFA
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Spoon\3.14.0.5\Spoon-Sandbox.exe[3792] kernel32.dll!GetCommandLineW 7C817023 5 Bytes JMP 00626DE9
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Spoon\3.14.0.5\Spoon-Sandbox.exe[3792] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 00626C66
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Spoon\3.14.0.5\Spoon-Sandbox.exe[3792] kernel32.dll!GetConsoleTitleW 7C81B774 5 Bytes JMP 00627A3D
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Spoon\3.14.0.5\Spoon-Sandbox.exe[3792] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 00626D06
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Spoon\3.14.0.5\Spoon-Sandbox.exe[3792] kernel32.dll!SetConsoleTitleW 7C82D9CD 1 Byte [E9]
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Spoon\3.14.0.5\Spoon-Sandbox.exe[3792] kernel32.dll!SetConsoleTitleW 7C82D9CD 5 Bytes JMP 00627ADE
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Spoon\3.14.0.5\Spoon-Sandbox.exe[3792] kernel32.dll!GetConsoleTitleA 7C872199 5 Bytes JMP 006278EC
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Spoon\3.14.0.5\Spoon-Sandbox.exe[3792] kernel32.dll!SetConsoleTitleA 7C8721C1 5 Bytes JMP 006279A3
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Spoon\3.14.0.5\Spoon-Sandbox.exe[3792] gdi32.dll!GdiAddFontResourceW 77F1CE11 5 Bytes JMP 006280AA
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Spoon\3.14.0.5\Spoon-Sandbox.exe[3792] gdi32.dll!RemoveFontResourceExW 77F29281 5 Bytes JMP 00627F48
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Spoon\3.14.0.5\Spoon-Sandbox.exe[3792] USER32.dll!FindWindowExW 7E41E0E3 5 Bytes JMP 00619F5D
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Spoon\3.14.0.5\Spoon-Sandbox.exe[3792] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 0061A0D1
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Spoon\3.14.0.5\Spoon-Sandbox.exe[3792] USER32.dll!SetWindowTextW 7E42960E 5 Bytes JMP 0061A20A
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Spoon\3.14.0.5\Spoon-Sandbox.exe[3792] USER32.dll!GetWindowTextW 7E42A5CD 5 Bytes JMP 0061A149
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Spoon\3.14.0.5\Spoon-Sandbox.exe[3792] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 0061A059
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Spoon\3.14.0.5\Spoon-Sandbox.exe[3792] USER32.dll!SetWindowTextA 7E42F56B 5 Bytes JMP 00619EB3
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Spoon\3.14.0.5\Spoon-Sandbox.exe[3792] USER32.dll!FindWindowExA 7E43214A 5 Bytes JMP 00619FDB
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Spoon\3.14.0.5\Spoon-Sandbox.exe[3792] USER32.dll!GetWindowTextA 7E43216B 5 Bytes JMP 00619DDC
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Spoon\3.14.0.5\Spoon-Sandbox.exe[3792] ADVAPI32.dll!CloseServiceHandle 77DE6CE5 5 Bytes JMP 0062581C
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Spoon\3.14.0.5\Spoon-Sandbox.exe[3792] ADVAPI32.dll!QueryServiceStatus 77DE6D50 5 Bytes JMP 00624E77
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Spoon\3.14.0.5\Spoon-Sandbox.exe[3792] ADVAPI32.dll!OpenSCManagerW 77DE6F55 5 Bytes JMP 006243B5
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Spoon\3.14.0.5\Spoon-Sandbox.exe[3792] ADVAPI32.dll!OpenServiceW 77DE6FFD 5 Bytes JMP 006251A1
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Spoon\3.14.0.5\Spoon-Sandbox.exe[3792] ADVAPI32.dll!StartServiceA 77DEFB58 5 Bytes JMP 00624844
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Spoon\3.14.0.5\Spoon-Sandbox.exe[3792] ADVAPI32.dll!RegisterServiceCtrlHandlerExA 77DEFEAB 5 Bytes JMP 00624BFB
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Spoon\3.14.0.5\Spoon-Sandbox.exe[3792] ADVAPI32.dll!QueryServiceStatusEx 77DF120A 5 Bytes JMP 00624DD2
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Spoon\3.14.0.5\Spoon-Sandbox.exe[3792] ADVAPI32.dll!QueryServiceConfigA 77DF1596 5 Bytes JMP 006250FF
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Spoon\3.14.0.5\Spoon-Sandbox.exe[3792] ADVAPI32.dll!SetServiceStatus 77DF3251 5 Bytes JMP 00624A1E
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Spoon\3.14.0.5\Spoon-Sandbox.exe[3792] ADVAPI32.dll!StartServiceCtrlDispatcherW 77DF359D 5 Bytes JMP 006248E6
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Spoon\3.14.0.5\Spoon-Sandbox.exe[3792] ADVAPI32.dll!RegisterServiceCtrlHandlerExW 77DF3E49 5 Bytes JMP 00624B5C
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Spoon\3.14.0.5\Spoon-Sandbox.exe[3792] ADVAPI32.dll!RegisterServiceCtrlHandlerW 77DF3E77 5 Bytes JMP 00624C9A
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Spoon\3.14.0.5\Spoon-Sandbox.exe[3792] ADVAPI32.dll!StartServiceW 77DF3E94 5 Bytes JMP 006247A2
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Spoon\3.14.0.5\Spoon-Sandbox.exe[3792] ADVAPI32.dll!ControlService 77DF4A09 5 Bytes JMP 0062577D
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Spoon\3.14.0.5\Spoon-Sandbox.exe[3792] ADVAPI32.dll!OpenServiceA 77DF4C66 5 Bytes JMP 00625AAF
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Spoon\3.14.0.5\Spoon-Sandbox.exe[3792] ADVAPI32.dll!RegisterServiceCtrlHandlerA 77DF4EC6 5 Bytes JMP 00624D36
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Spoon\3.14.0.5\Spoon-Sandbox.exe[3792] ADVAPI32.dll!OpenSCManagerA 77DF69AE 5 Bytes JMP 00624415
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Spoon\3.14.0.5\Spoon-Sandbox.exe[3792] ADVAPI32.dll!EnumServicesStatusA 77DF6B47 5 Bytes JMP 006245D7
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Spoon\3.14.0.5\Spoon-Sandbox.exe[3792] ADVAPI32.dll!QueryServiceConfigW 77DF6F92 5 Bytes JMP 0062505D
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Spoon\3.14.0.5\Spoon-Sandbox.exe[3792] ADVAPI32.dll!EnumServicesStatusExW 77E369B8 5 Bytes JMP 00624475
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Spoon\3.14.0.5\Spoon-Sandbox.exe[3792] ADVAPI32.dll!SetServiceBits 77E36BF9 5 Bytes JMP 00624ABA
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Spoon\3.14.0.5\Spoon-Sandbox.exe[3792] ADVAPI32.dll!EnumServicesStatusExA 77E36C2F 5 Bytes JMP 006244ED
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Spoon\3.14.0.5\Spoon-Sandbox.exe[3792] ADVAPI32.dll!QueryServiceObjectSecurity 77E36D01 5 Bytes JMP 0062434C
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Spoon\3.14.0.5\Spoon-Sandbox.exe[3792] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 006242E9
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Spoon\3.14.0.5\Spoon-Sandbox.exe[3792] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 006256C9
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Spoon\3.14.0.5\Spoon-Sandbox.exe[3792] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00625615
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Spoon\3.14.0.5\Spoon-Sandbox.exe[3792] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 00624724
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Spoon\3.14.0.5\Spoon-Sandbox.exe[3792] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 006246A6
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Spoon\3.14.0.5\Spoon-Sandbox.exe[3792] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00624649
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Spoon\3.14.0.5\Spoon-Sandbox.exe[3792] ADVAPI32.dll!EnumDependentServicesA 77E37529 5 Bytes JMP 0062556D
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Spoon\3.14.0.5\Spoon-Sandbox.exe[3792] ADVAPI32.dll!EnumDependentServicesW 77E375E1 5 Bytes JMP 006254C5
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Spoon\3.14.0.5\Spoon-Sandbox.exe[3792] ADVAPI32.dll!GetServiceDisplayNameA 77E37699 5 Bytes JMP 006252DF
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Spoon\3.14.0.5\Spoon-Sandbox.exe[3792] ADVAPI32.dll!GetServiceDisplayNameW 77E37739 5 Bytes JMP 0062523D
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Spoon\3.14.0.5\Spoon-Sandbox.exe[3792] ADVAPI32.dll!GetServiceKeyNameA 77E377D9 5 Bytes JMP 00625423
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Spoon\3.14.0.5\Spoon-Sandbox.exe[3792] ADVAPI32.dll!GetServiceKeyNameW 77E37879 5 Bytes JMP 00625381
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Spoon\3.14.0.5\Spoon-Sandbox.exe[3792] ADVAPI32.dll!QueryServiceConfig2A 77E37999 5 Bytes JMP 00624FB8
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Spoon\3.14.0.5\Spoon-Sandbox.exe[3792] ADVAPI32.dll!QueryServiceConfig2W 77E37AB1 5 Bytes JMP 00624F13
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Spoon\3.14.0.5\Spoon-Sandbox.exe[3792] ADVAPI32.dll!EnumServicesStatusW 77E37D61 1 Byte [E9]
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Spoon\3.14.0.5\Spoon-Sandbox.exe[3792] ADVAPI32.dll!EnumServicesStatusW 77E37D61 5 Bytes JMP 00624565
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Spoon\3.14.0.5\Spoon-Sandbox.exe[3792] ADVAPI32.dll!StartServiceCtrlDispatcherA 77E37F09 5 Bytes JMP 00624982
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Spoon\3.14.0.5\Spoon-Sandbox.exe[3792] ole32.dll!CoCreateInstanceEx 774FF16C 5 Bytes JMP 0062F27C
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Spoon\3.14.0.5\Spoon-Sandbox.exe[3792] ole32.dll!CoGetClassObject 7751521D 5 Bytes JMP 0062F1D3
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Spoon\3.14.0.5\Spoon-Sandbox.exe[3792] ole32.dll!CoRegisterClassObject 775179E8 5 Bytes JMP 0062F0FD
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Spoon\3.14.0.5\Spoon-Sandbox.exe[3792] ole32.dll!CoResumeClassObjects + 7 775268AF 5 Bytes JMP 0062E7F7
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Spoon\3.14.0.5\Spoon-Sandbox.exe[3792] ole32.dll!CoRevokeClassObject 77529E6B 5 Bytes JMP 0062E996
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Spoon\3.14.0.5\Spoon-Sandbox.exe[3792] ole32.dll!CoGetInstanceFromFile 7754024B 5 Bytes JMP 0062F473

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisCloseAdapter] [B9DF16E0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisOpenAdapter] [B9DF17B0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisDeregisterProtocol] [B9DF1780] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisRegisterProtocol] [B9DF1740] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol] [B9DF1740] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter] [B9DF17B0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisCloseAdapter] [B9DF16E0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol] [B9DF1780] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisDeregisterProtocol] [B9DF1780] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisRegisterProtocol] [B9DF1740] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisOpenAdapter] [B9DF17B0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisCloseAdapter] [B9DF16E0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol] [B9DF1740] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol] [B9DF1780] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisCloseAdapter] [B9DF16E0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter] [B9DF17B0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] [B9DF16E0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [B9DF17B0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [B9DF1740] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] [B9DF1780] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] [B9DF1740] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [B9DF17B0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter] [B9DF16E0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol] [B9DF1740] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisDeregisterProtocol] [B9DF1780] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisCloseAdapter] [B9DF16E0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter] [B9DF17B0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\rspndr.sys[NDIS.SYS!NdisRegisterProtocol] [B9DF1740] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\rspndr.sys[NDIS.SYS!NdisOpenAdapter] [B9DF17B0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\rspndr.sys[NDIS.SYS!NdisDeregisterProtocol] [B9DF1780] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\rspndr.sys[NDIS.SYS!NdisCloseAdapter] [B9DF16E0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \Driver\Tcpip \Device\Udp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \Driver\Tcpip \Device\RawIp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)

Device \FileSystem\Fastfat \Fat AC482D20

AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
---- Processes - GMER 1.0.15 ----

Library C:\Program (*** hidden *** ) @ C:\Documents and Settings\Owner\Local Settings\Application Data\Spoon\3.14.0.5\Spoon-Sandbox.exe [3792] 0x10000000

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xB4 0x63 0x1A 0xA0 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xB4 0x63 0x1A 0xA0 ...

---- EOF - GMER 1.0.15 ----

Tohle otestujte na http://www.virustotal.com/cs/
C:\WINDOWS\system32\Drivers\uphcleanhlp.sys

(Soubor nehledejte, jenom vložíte tučně označenou cestu, v případě hlášky "Soubor již byl testován" dejte otestovat znovu. Výsledek analýzy sem v podobě odkazu vložte.)

dany subor nenaslo, hladal som ho aj manualne, ale nebol v tom priecinku

OK Jak to vypadá s PC

Zda sa mi, ze ide rychlejsie. a hlavne predtym mi firewall vypisoval hlasky o crscs.exe (alebo crscc.exe, neviem presne, malo to podobny nazov ako nejaky subor Windowsu, co som pozeral na nete, ze to odosiela hesla), ten chcel spustat subory DXY.exe (X a Y boli pismena abecedy, vzdy ich menilo), pre istiotu som vzdy zablokoval pristup a potom vyhodilo asi 5-6 chybovy okien Pristup zamietnuty (alebo nieco podobne) - robilo to vzdy priblizne 15-20 min. po spusteni. Kazdopadne teraz to uz prestalo robit. Dakujem velmi pekne za pomoc a trpezlivost.

Poprosím o nový log z RSIT.

Logfile of random's system information tool 1.06 (written by random/random)
Run by Owner at 2010-04-19 19:16:10
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 8 GB (14%) free of 54 GB
Total RAM: 2431 MB (62% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:16:20, on 19.4.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
c:\Program Files\ActivIdentity\ActivClient\accoca.exe
C:\Program Files\LSI SoftModem\agrsmsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Google\Update\1.2.183.23\GoogleCrashHandler.exe
C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\UPHClean\uphclean.exe
C:\Program Files\HPQ\Shared\Sierra Wireless\Win32\Unicode\SWIHPWMI.exe
C:\Program Files\Hewlett-Packard\IAM\bin\asghost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE
C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\VibrateGameDeviceDriver\RFPIcon.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe
C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe
C:\Documents and Settings\Owner\Application Data\QipGuard\QipGuard.exe
c:\Program Files\ActivIdentity\ActivClient\acevents.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Owner\Local Settings\Application Data\Spoon\3.14.0.5\Spoon-Sandbox.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\QIP Infium\infium.exe
C:\Documents and Settings\Owner\Desktop\Far20b1420.x86.20100225\Far.exe
C:\Program Files\PSPad editor\PSPad.exe
C:\Program Files\CL\cl.exe
C:\Program Files\CL\cl.exe
C:\PROGRA~1\FOXITS~1\FOXITR~1\FOXITR~1.EXE
C:\Program Files\Webteh\BSplayer\bsplayer.exe
C:\Program Files\VideoLAN\VLC\vlc.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Documents and Settings\Owner\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Owner.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Credential Manager for HP ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll
O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: NuSphere ToolBar - {0F62D223-9206-4EA3-9EA8-D0F3C7C82ACA} - C:\Program Files\NuSphere\PhpED\NuSphereIEBar.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [PTHOSTTR] c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
O4 - HKLM\..\Run: [accrdsub] "c:\Program Files\ActivIdentity\ActivClient\accrdsub.exe"
O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\HEWLET~1\IAM\Bin\ASTSVCC.dll,RegisterModule
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [AT&T Communication Manager] "c:\Program Files\AT&T\Communication Manager\ATTCM.exe" -a
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [RTBatteryMeter] C:\Program Files\VibrateGameDeviceDriver\RFPIcon.exe
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon
O4 - HKCU\..\Run: [TaskSwitchXP] C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [QIP Internet Guardian] C:\Documents and Settings\Owner\Application Data\QipGuard\QipGuard.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Startup: 8011.lnk = ?
O4 - Startup: Spoon Sandbox Manager 3.14.lnk = C:\Documents and Settings\Owner\Local Settings\Application Data\Spoon\3.14.0.5\Spoon-Sandbox.exe
O8 - Extra context menu item: NuSphere PhpED :: Debug this page - res://C:\Program Files\NuSphere\PhpED\NuSphereIEBar.dll/1000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
O9 - Extra 'Tools' menuitem: Nastavenia rozšírenia &Gears - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: QIP Infium - {1EF681F7-A04B-4D6D-9012-A307CCA55610} - C:\Program Files\QIP Infium\infium.exe (HKCU)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftup ... 1506473359
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 1506464718
O20 - Winlogon Notify: ackpbsc - c:\WINDOWS\system32\ackpbsc.dll
O20 - Winlogon Notify: acunlock - c:\Program Files\ActivIdentity\ActivClient\acunlock.dll
O20 - Winlogon Notify: DeviceNP - C:\WINDOWS\SYSTEM32\DeviceNP.dll
O20 - Winlogon Notify: OneCard - C:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll
O23 - Service: ActivClient Middleware Service (accoca) - ActivIdentity - c:\Program Files\ActivIdentity\ActivClient\accoca.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Program Files\LSI SoftModem\agrsmsvc.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: HP ProtectTools Device Locking / Auditing (FLCDLOCK) - Hewlett-Packard Ltd - C:\WINDOWS\system32\flcdlock.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Sony Ericsson OMSI download service (OMSI download service) - Unknown owner - C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
O23 - Service: OracleDBConsoleorcl - Unknown owner - C:\oracle\product\10.2.0\db_1\bin\nmesrvc.exe (file missing)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: SWIHPWMI - Sierra Wireless Inc. - C:\Program Files\HPQ\Shared\Sierra Wireless\Win32\Unicode\SWIHPWMI.exe
O23 - Service: wampapache - Apache Software Foundation - C:\Program Files\wamp\bin\apache\apache2.2.11\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - C:\Program Files\wamp\bin\mysql\mysql5.1.36\bin\mysqld.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 12061 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-448539723-1770027372-1801674531-1003Core.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-448539723-1770027372-1801674531-1003UA.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{5C46FB11-4F45-431C-BE9F-36C6B3934444}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-04-11 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DF21F1DB-80C6-11D3-9483-B03D0EC10000}]
Credential Manager for HP ProtectTools - C:\Program Files\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll [2006-11-21 70928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53}]
Google Gears Helper - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll [2010-02-23 2121728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-04-11 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{0F62D223-9206-4EA3-9EA8-D0F3C7C82ACA} - NuSphere ToolBar - C:\Program Files\NuSphere\PhpED\NuSphereIEBar.dll [2009-11-04 500856]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"=C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2008-04-14 208952]
"PHIME2002ASync"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2008-04-14 455168]
"PHIME2002A"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2008-04-14 455168]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2006-11-10 90112]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2008-03-28 1040384]
"QlbCtrl.exe"=C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [2009-04-15 181816]
"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2007-01-05 872448]
"hpWirelessAssistant"=C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [2008-04-15 488752]
"PTHOSTTR"=c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE [2007-01-09 145184]
"accrdsub"=c:\Program Files\ActivIdentity\ActivClient\accrdsub.exe [2007-05-04 293168]
"CognizanceTS"=C:\PROGRA~1\HEWLET~1\IAM\Bin\ASTSVCC.dll [2003-12-23 17920]
"HP Software Update"=c:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [2005-02-16 49152]
"AT&T Communication Manager"=c:\Program Files\AT&T\Communication Manager\ATTCM.exe [2007-05-26 22528]
"Broadcom Wireless Manager UI"=C:\WINDOWS\system32\WLTRAY.exe [2009-07-16 1945600]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2010-03-02 282792]
"RTBatteryMeter"=C:\Program Files\VibrateGameDeviceDriver\RFPIcon.exe [2003-01-16 49152]
"AdobeCS4ServiceManager"=C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [2008-08-14 611712]
"COMODO Internet Security"=C:\Program Files\COMODO\COMODO Internet Security\cfp.exe [2010-01-29 1800464]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sony Ericsson PC Suite"=C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe [2009-09-24 434176]
"TaskSwitchXP"=C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe [2007-05-09 106904]
"Google Update"=C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-10-31 135664]
"QIP Internet Guardian"=C:\Documents and Settings\Owner\Application Data\QipGuard\QipGuard.exe [2010-03-12 184272]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CoolSwitch]
C:\WINDOWS\system32\taskswitch.exe [2002-03-20 45632]

C:\Documents and Settings\Owner\Start Menu\Programs\Startup
8011.lnk - C:\DOCUME~1\Owner\LOCALS~1\Temp\mvNat.exe
Spoon Sandbox Manager 3.14.lnk - C:\Documents and Settings\Owner\Local Settings\Application Data\Spoon\3.14.0.5\Spoon-Sandbox.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ackpbsc]
c:\WINDOWS\system32\ackpbsc.dll [2007-05-04 112640]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\acunlock]
c:\Program Files\ActivIdentity\ActivClient\acunlock.dll [2007-05-04 281088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2007-12-18 122880]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\DeviceNP]
C:\WINDOWS\system32\DeviceNP.dll [2007-06-08 49152]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\OneCard]
C:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll [2008-05-13 85504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-24 3584]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2009-04-20 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"ForceClassicControlPanel"=
"MaxRecentDocs"=
"NoSMConfigurePrograms"=
"NoDriveTypeAutoRun"=
"NoRecentDocsNetHood"=
"MemCheckBoxInRunDlg"=
"NoDriveAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe"="C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:*:Enabled:Adobe CSI CS4"
"C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"
"C:\Program Files\NuSphere\PhpED\php\php.exe"="C:\Program Files\NuSphere\PhpED\php\php.exe:*:Enabled:php4-cgi"
"C:\Program Files\NuSphere\PhpED\php\php-cli.exe"="C:\Program Files\NuSphere\PhpED\php\php-cli.exe:*:Enabled:php4-cli"
"C:\Program Files\NuSphere\PhpED\php5\php-cgi.exe"="C:\Program Files\NuSphere\PhpED\php5\php-cgi.exe:*:Enabled:php5-cgi"
"C:\Program Files\NuSphere\PhpED\php5\php.exe"="C:\Program Files\NuSphere\PhpED\php5\php.exe:*:Enabled:php5-cli"
"C:\Program Files\NuSphere\PhpED\php53\php-cgi.exe"="C:\Program Files\NuSphere\PhpED\php53\php-cgi.exe:*:Enabled:php53-cgi"
"C:\Program Files\NuSphere\PhpED\php53\php.exe"="C:\Program Files\NuSphere\PhpED\php53\php.exe:*:Enabled:php53-cli"
"C:\Program Files\NuSphere\PhpED\Srv.exe"="C:\Program Files\NuSphere\PhpED\Srv.exe:*:Enabled:NuSphere PhpED SRV web server"
"C:\Program Files\NuSphere\PhpED\debugger\DbgListener.exe"="C:\Program Files\NuSphere\PhpED\debugger\DbgListener.exe:*:Enabled:NuSphere PhpED Dbg Listener"
"C:\Program Files\NuSphere\PhpED\phped.exe"="C:\Program Files\NuSphere\PhpED\phped.exe:*:Enabled:NuSphere PhpED Embedded browser"
"C:\Program Files\Vuze\Azureus.exe"="C:\Program Files\Vuze\Azureus.exe:*:Enabled:Azureus / Vuze"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======List of files/folders created in the last 1 months======

2010-04-17 19:47:06 ----SHD---- C:\RECYCLER
2010-04-17 19:16:19 ----A---- C:\ComboFix.txt
2010-04-17 18:58:12 ----A---- C:\WINDOWS\system32\wscntfy.exe
2010-04-17 18:51:49 ----A---- C:\Boot.bak
2010-04-17 18:51:40 ----RASHD---- C:\cmdcons
2010-04-17 18:42:05 ----N---- C:\wscntfy.exe
2010-04-17 17:27:21 ----D---- C:\Program Files\xerox
2010-04-17 17:27:19 ----D---- C:\WINDOWS\system32\xircom
2010-04-17 17:27:19 ----D---- C:\Program Files\windows nt
2010-04-17 17:27:19 ----D---- C:\Program Files\outlook express
2010-04-17 17:27:18 ----D---- C:\WINDOWS\system32\inetsrv
2010-04-17 17:27:18 ----D---- C:\Program Files\netmeeting
2010-04-17 17:27:18 ----D---- C:\Program Files\msn gaming zone
2010-04-17 17:27:18 ----D---- C:\Program Files\microsoft frontpage
2010-04-17 17:07:16 ----A---- C:\WINDOWS\zip.exe
2010-04-17 17:07:16 ----A---- C:\WINDOWS\SWREG.exe
2010-04-17 17:07:16 ----A---- C:\WINDOWS\sed.exe
2010-04-17 17:07:16 ----A---- C:\WINDOWS\PEV.exe
2010-04-17 17:07:16 ----A---- C:\WINDOWS\NIRCMD.exe
2010-04-17 17:07:16 ----A---- C:\WINDOWS\MBR.exe
2010-04-17 17:07:16 ----A---- C:\WINDOWS\grep.exe
2010-04-17 17:07:15 ----A---- C:\WINDOWS\SWXCACLS.exe
2010-04-17 17:07:15 ----A---- C:\WINDOWS\SWSC.exe
2010-04-17 17:07:01 ----D---- C:\WINDOWS\ERDNT
2010-04-17 17:02:55 ----D---- C:\Qoobox
2010-04-17 16:04:24 ----D---- C:\rsit
2010-04-17 14:34:38 ----HDC---- C:\WINDOWS\$NtUninstallKB978601$
2010-04-17 14:31:00 ----HDC---- C:\WINDOWS\$NtUninstallKB979683$
2010-04-17 14:30:50 ----HDC---- C:\WINDOWS\$NtUninstallKB978338$
2010-04-17 14:30:29 ----HDC---- C:\WINDOWS\$NtUninstallKB977816$
2010-04-17 14:30:20 ----HDC---- C:\WINDOWS\$NtUninstallKB980232$
2010-04-17 14:29:38 ----HDC---- C:\WINDOWS\$NtUninstallKB979306$
2010-04-17 14:29:23 ----HDC---- C:\WINDOWS\$NtUninstallKB971468$
2010-04-17 14:29:13 ----HDC---- C:\WINDOWS\$NtUninstallKB977914$
2010-04-17 14:29:01 ----HDC---- C:\WINDOWS\$NtUninstallKB978262$
2010-04-17 14:28:52 ----HDC---- C:\WINDOWS\$NtUninstallKB975560$
2010-04-17 14:28:32 ----HDC---- C:\WINDOWS\$NtUninstallKB978037$
2010-04-17 14:28:22 ----HDC---- C:\WINDOWS\$NtUninstallKB975713$
2010-04-17 14:28:14 ----HDC---- C:\WINDOWS\$NtUninstallKB972270$
2010-04-17 14:28:04 ----HDC---- C:\WINDOWS\$NtUninstallKB973904$
2010-04-17 14:27:53 ----HDC---- C:\WINDOWS\$NtUninstallKB955759$
2010-04-17 14:27:45 ----HDC---- C:\WINDOWS\$NtUninstallKB974392$
2010-04-17 14:27:37 ----HDC---- C:\WINDOWS\$NtUninstallKB974318$
2010-04-17 14:27:30 ----HDC---- C:\WINDOWS\$NtUninstallKB971737$
2010-04-17 14:27:20 ----HDC---- C:\WINDOWS\$NtUninstallKB970430$
2010-04-17 14:27:11 ----HDC---- C:\WINDOWS\$NtUninstallKB973687$
2010-04-17 14:27:04 ----HDC---- C:\WINDOWS\$NtUninstallKB969947$
2010-04-17 14:26:56 ----HDC---- C:\WINDOWS\$NtUninstallKB969059$
2010-04-17 14:26:50 ----HDC---- C:\WINDOWS\$NtUninstallKB958869$
2010-04-17 14:26:43 ----HDC---- C:\WINDOWS\$NtUninstallKB974112$
2010-04-17 14:26:35 ----HDC---- C:\WINDOWS\$NtUninstallKB974571$
2010-04-17 14:26:28 ----HDC---- C:\WINDOWS\$NtUninstallKB975025$
2010-04-17 14:26:21 ----HDC---- C:\WINDOWS\$NtUninstallKB954155_WM9$
2010-04-17 14:26:17 ----HDC---- C:\WINDOWS\$NtUninstallKB975467$
2010-04-17 14:18:37 ----N---- C:\WINDOWS\system32\browserchoice.exe
2010-04-17 14:14:59 ----D---- C:\WINDOWS\system32\SoftwareDistribution
2010-04-17 14:14:59 ----A---- C:\WINDOWS\system32\wuapi.dll.mui
2010-04-11 01:01:51 ----A---- C:\WINDOWS\system32\javaws.exe
2010-04-11 01:01:51 ----A---- C:\WINDOWS\system32\javaw.exe
2010-04-11 01:01:51 ----A---- C:\WINDOWS\system32\java.exe
2010-04-02 20:26:23 ----D---- C:\Program Files\Buzzer Control
2010-03-31 19:15:53 ----D---- C:\WINDOWS\system32\NtmsData
2010-03-31 18:40:07 ----D---- C:\Documents and Settings\Owner\Application Data\Avira
2010-03-31 13:59:46 ----D---- C:\Documents and Settings\Owner\Application Data\QipGuard

======List of files/folders modified in the last 1 months======

2010-04-19 19:16:18 ----D---- C:\WINDOWS\Prefetch
2010-04-19 19:10:22 ----D---- C:\WINDOWS\Temp
2010-04-19 18:46:19 ----D---- C:\Documents and Settings\Owner\Application Data\vlc
2010-04-19 18:07:08 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-04-19 11:25:11 ----D---- C:\WINDOWS\system32
2010-04-19 11:25:11 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-04-19 11:21:17 ----D---- C:\WINDOWS
2010-04-19 11:20:38 ----D---- C:\WINDOWS\system32\drivers
2010-04-19 11:20:30 ----D---- C:\WINDOWS\system32\CatRoot2
2010-04-19 01:25:08 ----D---- C:\Documents and Settings\Owner\Application Data\Azureus
2010-04-17 19:07:00 ----A---- C:\WINDOWS\system.ini
2010-04-17 19:03:54 ----D---- C:\WINDOWS\system32\config
2010-04-17 19:01:09 ----D---- C:\WINDOWS\AppPatch
2010-04-17 19:01:03 ----D---- C:\Program Files\Common Files
2010-04-17 18:51:49 ----RASH---- C:\boot.ini
2010-04-17 17:27:21 ----RD---- C:\Program Files
2010-04-17 17:27:20 ----D---- C:\WINDOWS\system32\wbem
2010-04-17 17:20:52 ----SD---- C:\WINDOWS\Tasks
2010-04-17 16:43:40 ----SHD---- C:\WINDOWS\Installer
2010-04-17 16:42:35 ----D---- C:\Program Files\Core Services
2010-04-17 15:38:59 ----D---- C:\WINDOWS\Microsoft.NET
2010-04-17 15:38:49 ----RSD---- C:\WINDOWS\assembly
2010-04-17 14:41:35 ----D---- C:\Program Files\Internet Explorer
2010-04-17 14:34:41 ----HD---- C:\WINDOWS\inf
2010-04-17 14:34:40 ----D---- C:\WINDOWS\system32\dllcache
2010-04-17 14:34:35 ----HD---- C:\WINDOWS\$hf_mig$
2010-04-17 14:30:40 ----D---- C:\WINDOWS\ie8updates
2010-04-17 14:26:50 ----D---- C:\WINDOWS\WinSxS
2010-04-17 14:20:28 ----D---- C:\WINDOWS\system32\CatRoot
2010-04-17 14:15:15 ----D---- C:\WINDOWS\SoftwareDistribution
2010-04-17 14:15:01 ----D---- C:\WINDOWS\Help
2010-04-17 14:14:37 ----SD---- C:\WINDOWS\Downloaded Program Files
2010-04-17 13:59:15 ----SHD---- C:\System Volume Information
2010-04-17 12:14:55 ----D---- C:\WINDOWS\Registration
2010-04-15 13:57:44 ----D---- C:\Program Files\Opera
2010-04-11 01:01:28 ----A---- C:\WINDOWS\system32\deploytk.dll
2010-04-10 11:01:59 ----D---- C:\Program Files\Vuze
2010-04-07 00:32:19 ----A---- C:\WINDOWS\ModemLog_Sony Ericsson Device 1018 USB WMC Data Modem.txt
2010-04-06 23:09:48 ----D---- C:\Documents and Settings\Owner\Application Data\gtk-2.0
2010-04-06 10:52:56 ----A---- C:\WINDOWS\system32\MRT.exe
2010-04-04 16:22:45 ----D---- C:\Program Files\Mozilla Firefox
2010-03-31 23:20:49 ----A---- C:\WINDOWS\ModemLog_Bluetooth Modem.txt
2010-03-31 19:15:53 ----D---- C:\WINDOWS\repair
2010-03-31 13:59:10 ----D---- C:\Program Files\QIP Infium

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK8;AMD Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-07-02 36864]
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2010-03-01 124784]
R1 cmdGuard;COMODO Internet Security Sandbox Driver; C:\WINDOWS\System32\DRIVERS\cmdguard.sys [2010-02-01 134344]
R1 cmdHlp;COMODO Internet Security Helper Driver; C:\WINDOWS\System32\DRIVERS\cmdhlp.sys [2010-01-29 25160]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 PQNTDrv;PQNTDrv; C:\WINDOWS\system32\drivers\PQNTDrv.sys [2002-09-16 4228]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520]
R1 VD_FileDisk;VD_FileDisk; C:\WINDOWS\system32\drivers\VD_FileDisk.sys [2006-01-13 15872]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-14 8832]
R2 adfs;adfs; C:\WINDOWS\system32\drivers\adfs.sys [2008-08-14 74720]
R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2010-02-16 60936]
R2 NPF;NetGroup Packet Filter Driver; C:\WINDOWS\system32\drivers\npf.sys [2009-10-20 50704]
R2 rspndr;Link-Layer Topology Discovery Responder; C:\WINDOWS\system32\DRIVERS\rspndr.sys [2009-04-20 62848]
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\ADIHdAud.sys [2008-02-05 281600]
R3 AEAudio;AE Audio Service; C:\WINDOWS\system32\drivers\AEAudio.sys [2007-07-13 94976]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2008-11-21 1204128]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2007-12-18 2849280]
R3 b57w2k;Broadcom 590x 10/100 Ethernet; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2007-02-27 160256]
R3 btaudio;Bluetooth Audio Device; C:\WINDOWS\system32\drivers\btaudio.sys [2007-02-14 530861]
R3 BTDriver;Bluetooth Virtual Communications Driver; C:\WINDOWS\system32\DRIVERS\btport.sys [2007-02-14 30459]
R3 BTKRNL;Bluetooth Bus Enumerator; C:\WINDOWS\system32\DRIVERS\btkrnl.sys [2007-02-14 868298]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-14 13952]
R3 DynCal;Dynamic Calibration Service; C:\WINDOWS\system32\drivers\Dyncal.sys [2007-11-07 12928]
R3 HBtnKey;HBtnKey; C:\WINDOWS\system32\DRIVERS\cpqbttn.sys [2009-03-19 9216]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-14 144384]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 HpqKbFiltr;HpqKbFilter Driver; C:\WINDOWS\system32\DRIVERS\HpqKbFiltr.sys [2007-06-19 16768]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2009-04-20 12160]
R3 RimVSerPort;RIM Virtual Serial Port v2; C:\WINDOWS\system32\DRIVERS\RimSerial.sys [2007-05-26 26368]
R3 seehcri;Sony Ericsson seehcri Device Driver; C:\WINDOWS\system32\DRIVERS\seehcri.sys [2008-01-09 27632]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2008-03-28 224672]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2009-04-20 30336]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2009-04-20 17152]
R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys []
S3 BCM43XX;Broadcom 802.11 Network Adapter Driver; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2009-07-15 1391104]
S3 BTWDNDIS;Bluetooth LAN Access Server; C:\WINDOWS\system32\DRIVERS\btwdndis.sys [2007-02-14 149123]
S3 btwhid;btwhid; C:\WINDOWS\system32\DRIVERS\btwhid.sys [2007-02-14 47907]
S3 btwmodem;Bluetooth Modem; C:\WINDOWS\system32\DRIVERS\btwmodem.sys [2007-02-14 30285]
S3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2007-02-14 67960]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 DAMDrv;DAMDrv; C:\WINDOWS\system32\DRIVERS\DAMDrv.sys [2007-06-08 30008]
S3 ggflt;SEMC USB Flash Driver Filter; C:\WINDOWS\system32\DRIVERS\ggflt.sys [2007-09-25 13352]
S3 ggsemc;SEMC USB Flash Driver; C:\WINDOWS\system32\DRIVERS\ggsemc.sys [2007-09-25 20520]
S3 HP24X;HP PC Card Smart Card Reader; C:\WINDOWS\system32\DRIVERS\HP24X.sys [2007-07-17 35072]
S3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\DRIVERS\LVUSBSta.sys []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 PCTINDIS5;PCTINDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\PCTINDIS5.SYS []
S3 PID_0928;Logitech QuickCam Express(PID_0928); C:\WINDOWS\system32\DRIVERS\LV561AV.SYS []
S3 s1018bus;Sony Ericsson Device 1018 driver (WDM); C:\WINDOWS\system32\DRIVERS\s1018bus.sys [2008-11-04 86696]
S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\s1018mdfl.sys [2008-11-04 15016]
S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\s1018mdm.sys [2008-11-04 114472]
S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\s1018mgmt.sys [2008-11-04 108200]
S3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS); C:\WINDOWS\system32\DRIVERS\s1018nd5.sys [2008-11-04 26024]
S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\s1018obex.sys [2008-11-04 104616]
S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM); C:\WINDOWS\system32\DRIVERS\s1018unic.sys [2008-11-04 109736]
S3 s125bus;Sony Ericsson Device 125 driver (WDM); C:\WINDOWS\system32\DRIVERS\s125bus.sys [2007-04-24 83336]
S3 s125mdfl;Sony Ericsson Device 125 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\s125mdfl.sys [2007-04-24 15112]
S3 s125mdm;Sony Ericsson Device 125 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\s125mdm.sys [2007-04-24 108680]
S3 s125mgmt;Sony Ericsson Device 125 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\s125mgmt.sys [2007-04-24 100488]
S3 s125obex;Sony Ericsson Device 125 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\s125obex.sys [2007-04-24 98696]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-22 32384]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2009-04-20 38528]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2009-04-20 82944]
S4 exFat;exFat; C:\WINDOWS\system32\drivers\exFat.sys [2009-04-20 133632]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 accoca;ActivClient Middleware Service; c:\Program Files\ActivIdentity\ActivClient\accoca.exe [2007-05-04 182576]
R2 AgereModemAudio;Agere Modem Call Progress Audio; C:\Program Files\LSI SoftModem\agrsmsvc.exe [2008-08-26 14336]
R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2010-04-19 267432]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2010-02-24 135336]
R2 ASBroker;Logon Session Broker; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 ASChannel;Local Communication Channel; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2007-12-18 512000]
R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe [2007-02-06 266295]
R2 cmdAgent;COMODO Internet Security Helper Service; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [2010-01-29 723632]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-04-11 153376]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2007-10-18 79136]
R2 OMSI download service;Sony Ericsson OMSI download service; C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [2009-04-30 90112]
R2 SWIHPWMI;SWIHPWMI; C:\Program Files\HPQ\Shared\Sierra Wireless\Win32\Unicode\SWIHPWMI.exe [2006-12-04 292384]
R2 UPHClean;User Profile Hive Cleanup; C:\Program Files\UPHClean\uphclean.exe [2005-04-27 241725]
R2 wltrysvc;Broadcom Wireless LAN Tray Service; C:\WINDOWS\System32\WLTRYSVC.EXE [2009-07-16 24576]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R3 Com4QLBEx;Com4QLBEx; C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-04-23 239160]
R3 hpqwmiex;hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [2008-10-22 228656]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-08-14 133104]
S2 OracleDBConsoleorcl;OracleDBConsoleorcl; C:\oracle\product\10.2.0\db_1\bin\nmesrvc.exe []
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FLCDLOCK;HP ProtectTools Device Locking / Auditing; C:\WINDOWS\system32\flcdlock.exe [2007-06-08 172131]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-11-23 655624]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-30 46104]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-30 881664]
S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files\WinPcap\rpcapd.exe [2009-10-20 117264]
S3 wampapache;wampapache; C:\Program Files\wamp\bin\apache\apache2.2.11\bin\httpd.exe [2008-12-10 24636]
S3 wampmysqld;wampmysqld; C:\Program Files\wamp\bin\mysql\mysql5.1.36\bin\mysqld.exe [2009-06-17 6582912]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2009-04-20 913408]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-30 132096]

-----------------EOF-----------------

Tohle otestujte na http://www.virustotal.com/cs/
C:\Program Files\CL\cl.exe

(Soubor nehledejte, jenom vložíte tučně označenou cestu, v případě hlášky "Soubor již byl testován" dejte otestovat znovu. Výsledek analýzy sem v podobě odkazu vložte.)

Pokud nemáte, přesuňte Combofix na plochu

• Otevřete si Poznámkový blok a zkopírujte do něj text z bílého okénka.

• Uložte Vámi vytvořený TXT soubor jako CFScript.txt na plochu
• Po uložení uchopte vámi vytvořený skript levým myšítkem a přesuňte ho nad ikonu Combofixu, kde ho upustíte:
  
  
• Po aplikaci na Vás vypadne další log,vložte ho sem

Může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou, v tom případě znovu restartujte a přitom mačkejte F8, pak zvolte Poslední známou funkční konfiguraci

ComboFix 10-04-15.05 - Owner 19.04.2010 21:25:23.3.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1252.421.1033.18.2431.1625 [GMT 2:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt

FILE ::
"c:\docume~1\Owner\LOCALS~1\Temp\mvNat.exe"
"c:\documents and settings\Owner\Start Menu\Programs\Startup\8011.lnk -"
.

((((((((((((((((((((((((( Files Created from 2010-03-19 to 2010-04-19 )))))))))))))))))))))))))))))))
.

2010-04-17 16:58 . 2009-08-17 13:27 13824 ----a-w- c:\windows\system32\wscntfy.exe
2010-04-17 16:42 . 2009-08-17 13:27 13824 ------w- C:\wscntfy.exe
2010-04-17 15:27 . 2010-04-17 15:27 -------- d-----w- c:\windows\system32\wbem\snmp
2010-04-17 15:27 . 2010-04-17 15:27 -------- d-----w- c:\windows\system32\xircom
2010-04-17 15:27 . 2010-04-17 15:27 -------- d-----w- c:\program files\microsoft frontpage
2010-04-17 14:04 . 2010-04-17 14:05 -------- d-----w- C:\rsit
2010-04-17 12:18 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe
2010-04-17 12:18 . 2010-01-01 07:58 353792 ------w- c:\windows\system32\dllcache\srv.sys
2010-04-17 12:18 . 2009-11-27 16:07 8704 ------w- c:\windows\system32\dllcache\tsbyuv.dll
2010-04-17 12:18 . 2009-11-27 16:07 28672 ------w- c:\windows\system32\dllcache\msvidc32.dll
2010-04-17 12:18 . 2009-11-27 16:07 48128 ------w- c:\windows\system32\dllcache\iyuv_32.dll
2010-04-17 12:18 . 2009-11-27 16:07 11264 ------w- c:\windows\system32\dllcache\msrle32.dll
2010-04-17 12:18 . 2009-11-27 17:23 17920 ------w- c:\windows\system32\dllcache\msyuv.dll
2010-04-17 12:18 . 2009-12-14 07:08 33280 ------w- c:\windows\system32\dllcache\csrsrv.dll
2010-04-17 12:17 . 2009-12-08 09:01 474112 ------w- c:\windows\system32\dllcache\shlwapi.dll
2010-04-17 12:17 . 2009-11-21 15:51 471552 ------w- c:\windows\system32\dllcache\aclayers.dll
2010-04-17 12:17 . 2009-10-13 10:38 270336 ------w- c:\windows\system32\dllcache\oakley.dll
2010-04-17 12:17 . 2009-10-12 13:28 79872 ------w- c:\windows\system32\dllcache\raschap.dll
2010-04-17 12:17 . 2009-08-25 09:27 354816 ------w- c:\windows\system32\dllcache\winhttp.dll
2010-04-17 12:17 . 2009-10-21 05:38 75776 ------w- c:\windows\system32\dllcache\strmfilt.dll
2010-04-17 12:17 . 2009-10-21 05:38 25088 ------w- c:\windows\system32\dllcache\httpapi.dll
2010-04-17 12:17 . 2009-10-20 16:20 265728 ------w- c:\windows\system32\dllcache\http.sys
2010-04-17 12:17 . 2009-07-31 04:24 1447424 ------w- c:\windows\system32\dllcache\msxml6.dll
2010-04-17 12:17 . 2009-07-31 04:24 1172480 ------w- c:\windows\system32\dllcache\msxml3.dll
2010-04-17 12:16 . 2009-07-17 16:22 1435648 ------w- c:\windows\system32\dllcache\query.dll
2010-04-17 12:16 . 2009-08-26 08:03 247326 ------w- c:\windows\system32\dllcache\strmdll.dll
2010-04-17 12:16 . 2009-09-04 21:03 58880 ------w- c:\windows\system32\dllcache\msasn1.dll
2010-04-17 12:16 . 2009-12-09 05:53 726528 ------w- c:\windows\system32\dllcache\jscript.dll
2010-04-02 18:26 . 2010-04-02 18:26 -------- d-----w- c:\program files\Buzzer Control
2010-03-31 17:15 . 2010-04-17 11:56 -------- d-----w- c:\windows\system32\NtmsData
2010-03-31 16:40 . 2010-03-31 16:40 -------- d-----w- c:\documents and settings\Owner\Application Data\Avira
2010-03-31 11:59 . 2010-03-31 11:59 -------- d-----w- c:\documents and settings\Owner\Application Data\QipGuard
2010-03-31 11:59 . 2010-03-12 12:20 280440 ----a-w- c:\documents and settings\Owner\Application Data\QipGuard\sqlite3.dll
2010-03-31 11:59 . 2010-03-12 12:20 184272 ----a-w- c:\documents and settings\Owner\Application Data\QipGuard\QipGuard.exe
2010-03-31 11:59 . 2010-03-12 12:20 20944 ----a-w- c:\documents and settings\Owner\Application Data\QipGuard\chrome.dll
2010-03-31 11:59 . 2010-03-12 12:20 149968 ----a-w- c:\documents and settings\Owner\Application Data\Microsoft\Internet Explorer\qipsearchbar.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-19 18:10 . 2009-07-16 11:03 -------- d-----w- c:\documents and settings\Owner\Application Data\vlc
2010-04-18 23:25 . 2009-07-16 11:13 -------- d-----w- c:\documents and settings\Owner\Application Data\Azureus
2010-04-17 14:42 . 2010-02-17 10:07 -------- d-----w- c:\program files\Core Services
2010-04-15 11:57 . 2009-07-16 12:28 -------- d-----w- c:\program files\Opera
2010-04-10 23:01 . 2009-07-16 02:14 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-04-10 09:01 . 2009-07-16 11:12 -------- d-----w- c:\program files\Vuze
2010-04-09 10:04 . 2009-09-28 11:04 1 ----a-w- c:\documents and settings\Owner\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-04-06 21:09 . 2009-11-04 09:59 -------- d-----w- c:\documents and settings\Owner\Application Data\gtk-2.0
2010-03-31 11:59 . 2009-07-16 10:36 -------- d-----w- c:\program files\QIP Infium
2010-03-16 17:12 . 2009-07-16 11:13 51152 ----a-w- c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-03-16 16:17 . 2010-03-16 16:17 -------- d-----w- c:\program files\JRE
2010-03-16 16:16 . 2009-09-28 10:58 -------- d-----w- c:\program files\OpenOffice.org 3
2010-03-14 11:36 . 2010-03-02 20:39 -------- d-----w- c:\program files\Teleport Pro
2010-03-14 11:14 . 2009-07-16 01:58 -------- d-----w- c:\program files\Microsoft Silverlight
2010-03-10 06:15 . 2009-04-20 18:19 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-03-06 14:24 . 2009-08-14 10:03 -------- d-----w- c:\program files\Google
2010-03-04 20:54 . 2010-02-02 20:18 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-03-04 20:39 . 2010-01-09 15:36 -------- d-----w- c:\program files\Eidos Interactive
2010-03-01 07:05 . 2009-07-16 12:23 124784 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-02-26 20:10 . 2010-02-26 12:37 -------- d-----w- c:\program files\Elementals - The Magic Key
2010-02-26 12:41 . 2010-02-26 12:40 -------- d-----w- c:\documents and settings\Owner\Application Data\ElementalsTheMagicKey
2010-02-25 06:24 . 2009-04-20 18:19 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-24 13:42 . 2010-02-24 13:42 -------- d-----w- c:\documents and settings\Owner\Application Data\YoudaGames
2010-02-24 13:30 . 2010-02-02 21:53 -------- d-----w- c:\program files\Games
2010-02-24 11:57 . 2009-04-20 18:17 457216 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-16 12:50 . 2009-04-20 18:18 2146304 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 12:12 . 2009-02-06 10:30 2024448 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-16 11:24 . 2009-07-16 12:23 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-02-12 04:27 . 2008-04-14 12:00 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 11:36 . 2009-04-20 18:18 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
2010-02-01 18:09 . 2009-07-16 10:06 171552 ----a-w- c:\windows\system32\guard32.dll
2010-02-01 18:09 . 2009-07-16 10:06 134344 ----a-w- c:\windows\system32\drivers\cmdguard.sys
2010-01-29 11:07 . 2009-07-16 10:06 87104 ----a-w- c:\windows\system32\drivers\inspect.sys
2010-01-29 11:07 . 2009-07-16 10:06 25160 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2010-01-27 10:01 . 2010-01-27 10:01 61440 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-4e8d067f-n\decora-sse.dll
2010-01-27 10:01 . 2010-01-27 10:01 503808 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-143eca65-n\msvcp71.dll
2010-01-27 10:01 . 2010-01-27 10:01 499712 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-143eca65-n\jmc.dll
2010-01-27 10:01 . 2010-01-27 10:01 348160 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-143eca65-n\msvcr71.dll
2010-01-27 10:01 . 2010-01-27 10:01 12800 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-4e8d067f-n\decora-d3d.dll
2010-01-23 14:31 . 2010-01-28 13:14 2797468 ----a-w- c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\dbxdfnrh.default\extensions\{3b56bcc7-54e5-44a2-9b44-66c3ef58c13e}\components\nstidy.dll
2010-01-20 17:32 . 2010-01-20 17:32 61440 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\759e98ee-5b4fb8f8-n\decora-sse.dll
2010-01-20 17:32 . 2010-01-20 17:32 503808 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\759e98ee-5b4fb8f8-n\msvcp71.dll
2010-01-20 17:32 . 2010-01-20 17:32 499712 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\759e98ee-5b4fb8f8-n\jmc.dll
2010-01-20 17:32 . 2010-01-20 17:32 348160 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\759e98ee-5b4fb8f8-n\msvcr71.dll
2010-01-20 17:32 . 2010-01-20 17:32 12800 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\759e98ee-5b4fb8f8-n\decora-d3d.dll
2010-01-20 17:32 . 2010-01-20 17:32 315392 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\62\6baea4fe-45f1884b-n\jogl.dll
2010-01-20 17:32 . 2010-01-20 17:32 20480 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\62\6baea4fe-45f1884b-n\jogl_awt.dll
2010-01-20 17:32 . 2010-01-20 17:32 20480 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\45\4f710eed-6aa83134-n\gluegen-rt.dll
2010-01-20 17:32 . 2010-01-20 17:32 114688 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\62\6baea4fe-45f1884b-n\jogl_cg.dll
.

------- Sigcheck -------

[-] 2009-04-20 . BA8C046D98345129723E6BCAA1E8AB99 . 361600 . . [5.1.2600.5649] . . c:\windows\system32\drivers\tcpip.sys

[-] 2009-08-17 . 278A14BEDEF58687EAF8BEC056A78D8B . 13824 . . [5.1.2600.5512] . . c:\windows\system32\wscntfy.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 16:55 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 16:55 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 16:55 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 16:55 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 16:55 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 16:55 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 16:55 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 16:55 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 16:55 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2009-09-24 434176]
"TaskSwitchXP"="c:\program files\TaskSwitchXP\TaskSwitchXP.exe" [2007-05-09 106904]
"Google Update"="c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-10-31 135664]
"QIP Internet Guardian"="c:\documents and settings\Owner\Application Data\QipGuard\QipGuard.exe" [2010-03-12 184272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-27 1040384]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-04-15 181816]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-01-05 872448]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]
"PTHOSTTR"="c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE" [2007-01-09 145184]
"accrdsub"="c:\program files\ActivIdentity\ActivClient\accrdsub.exe" [2007-05-03 293168]
"CognizanceTS"="c:\progra~1\HEWLET~1\IAM\Bin\ASTSVCC.dll" [2003-12-22 17920]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 49152]
"AT&T Communication Manager"="c:\program files\AT&T\Communication Manager\ATTCM.exe" [2007-05-26 22528]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2009-07-16 1945600]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]
"RTBatteryMeter"="c:\program files\VibrateGameDeviceDriver\RFPIcon.exe" [2003-01-16 49152]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2010-01-29 1800464]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"_nltide_3"="advpack.dll" [2009-04-20 128512]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
"MaxRecentDocs"= 18 (0x12)
"NoSMConfigurePrograms"= 1 (0x1)
"NoRecentDocsNetHood"= 1 (0x1)
"MemCheckBoxInRunDlg"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ackpbsc]
2007-05-03 23:51 112640 ----a-w- c:\windows\system32\ackpbsc.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\acunlock]
2007-05-03 23:51 281088 ----a-w- c:\program files\ActivIdentity\ActivClient\acunlock.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DeviceNP]
2007-06-08 14:04 49152 ----a-r- c:\windows\system32\DeviceNP.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OneCard]
2008-05-13 20:39 85504 ----a-r- c:\program files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CoolSwitch]
2002-03-19 22:30 45632 ----a-w- c:\windows\system32\TaskSwitch.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\NuSphere\\PhpED\\php\\php.exe"=
"c:\\Program Files\\NuSphere\\PhpED\\php\\php-cli.exe"=
"c:\\Program Files\\NuSphere\\PhpED\\php5\\php-cgi.exe"=
"c:\\Program Files\\NuSphere\\PhpED\\php5\\php.exe"=
"c:\\Program Files\\NuSphere\\PhpED\\php53\\php-cgi.exe"=
"c:\\Program Files\\NuSphere\\PhpED\\php53\\php.exe"=
"c:\\Program Files\\NuSphere\\PhpED\\Srv.exe"=
"c:\\Program Files\\NuSphere\\PhpED\\debugger\\DbgListener.exe"=
"c:\\Program Files\\NuSphere\\PhpED\\phped.exe"=
"c:\\Program Files\\Vuze\\Azureus.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4

R0 amdide1;amdide1;c:\windows\system32\drivers\amdide1.sys [20.4.2009 20:31 9096]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [16.7.2009 12:06 134344]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [16.7.2009 12:06 25160]
R1 VD_FileDisk;VD_FileDisk;c:\windows\system32\drivers\vd_filedisk.sys [13.1.2006 15:00 15872]
R2 accoca;ActivClient Middleware Service;c:\program files\ActivIdentity\ActivClient\accoca.exe [4.5.2007 1:51 182576]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [16.7.2009 14:23 135336]
R2 ASBroker;Logon Session Broker;c:\windows\System32\svchost.exe -k Cognizance [14.4.2008 14:00 14336]
R2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe -k Cognizance [14.4.2008 14:00 14336]
R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [20.10.2009 20:19 50704]
R2 SWIHPWMI;SWIHPWMI;c:\program files\HPQ\Shared\Sierra Wireless\Win32\Unicode\SWIHPWMI.exe [4.12.2006 23:13 292384]
R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [16.7.2009 4:41 239160]
R3 DynCal;Dynamic Calibration Service;c:\windows\system32\drivers\DynCal.sys [7.11.2007 19:15 12928]
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [28.11.2009 11:51 27632]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [14.8.2009 12:04 133104]
S2 OMSI download service;Sony Ericsson OMSI download service;c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [28.11.2009 11:48 90112]
S3 DAMDrv;DAMDrv;c:\windows\system32\drivers\damdrv.sys [15.7.2009 22:57 30008]
S3 FLCDLOCK;HP ProtectTools Device Locking / Auditing;c:\windows\system32\flcdlock.exe [8.6.2007 16:06 172131]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [27.7.2009 20:16 13352]
S3 HP24X;HP PC Card Smart Card Reader;c:\windows\system32\drivers\HP24X.sys [17.7.2007 8:24 35072]
S3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\drivers\s1018bus.sys [17.7.2009 11:55 86696]
S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\drivers\s1018mdfl.sys [17.7.2009 11:55 15016]
S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\drivers\s1018mdm.sys [17.7.2009 11:55 114472]
S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s1018mgmt.sys [17.7.2009 11:55 108200]
S3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\drivers\s1018nd5.sys [17.7.2009 11:55 26024]
S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\drivers\s1018obex.sys [17.7.2009 11:55 104616]
S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\drivers\s1018unic.sys [17.7.2009 11:55 109736]
S4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys --> c:\windows\system32\Drivers\sptd.sys [?]

--- Other Services/Drivers In Memory ---

*Deregistered* - uphcleanhlp

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Cognizance REG_MULTI_SZ ASBroker ASChannel

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-10-18 13:25 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder

2010-04-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-14 10:03]

2010-04-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-14 10:03]

2010-04-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-448539723-1770027372-1801674531-1003Core.job
- c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-12-17 15:10]

2010-04-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-448539723-1770027372-1801674531-1003UA.job
- c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-12-17 15:10]

2010-04-19 c:\windows\Tasks\User_Feed_Synchronization-{5C46FB11-4F45-431C-BE9F-36C6B3934444}.job
- c:\windows\system32\msfeedssync.exe [2009-04-20 18:22]
.
.
------- Supplementary Scan -------
.
uSearchAssistant = hxxp://search.qip.ru/ie
IE: NuSphere PhpED :: Debug this page - c:\program files\NuSphere\PhpED\NuSphereIEBar.dll/1000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\dbxdfnrh.default\
FF - prefs.js: browser.search.selectedEngine - ÄŒSFD
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
FF - prefs.js: keyword.URL - hxxp://search.qip.ru/search?from=FF&query=
FF - component: c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\dbxdfnrh.default\extensions\{3b56bcc7-54e5-44a2-9b44-66c3ef58c13e}\components\nstidy.dll
FF - component: c:\program files\Google\Google Gears\Firefox\lib\ff36\gears.dll
FF - plugin: c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\dbxdfnrh.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
FF - plugin: c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\documents and settings\Owner\Local Settings\Application Data\Spoon\3.14.0.5\npMozillaSpoonPlugin.dll
FF - plugin: c:\documents and settings\Owner\Local Settings\Application Data\Spoon\3.15.0.6\npMozillaSpoonPlugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\Opera\program\plugins\npFoxitReaderPlugin.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".sk");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-19 21:33
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(776)
c:\windows\system32\ackpbsc.dll
c:\windows\system32\aclog.dll
c:\windows\system32\ACLIBEAY.dll
c:\windows\system32\acevtsub.dll
c:\windows\system32\asphat32.dll
c:\windows\system32\acerrmes.dll
c:\windows\system32\aspcom.dll
c:\program files\ActivIdentity\ActivClient\Resources\Merged\acerrmrc.dll
c:\program files\ActivIdentity\ActivClient\Resources\Merged\asphatrc.dll
c:\windows\system32\msi.dll
c:\windows\system32\Ati2evxx.dll
c:\program files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll
c:\program files\Hewlett-Packard\IAM\bin\ItMsg.dll
c:\program files\Hewlett-Packard\IAM\Bin\TrayIcon.dll
c:\program files\Hewlett-Packard\IAM\bin\HPBrand.dll
c:\program files\Hewlett-Packard\IAM\Bin\ASChnl.dll
c:\program files\Hewlett-Packard\IAM\Bin\ItDAC.dll
c:\program files\Hewlett-Packard\IAM\Bin\ItReports.DLL
c:\program files\Hewlett-Packard\IAM\Bin\BioAuth.dll
c:\program files\Hewlett-Packard\IAM\Bin\ASBIoAT.dll
c:\program files\Hewlett-Packard\IAM\Bin\ittal.dll
c:\program files\ActivIdentity\ActivClient\acunlock.dll
c:\windows\system32\aipingui.dll
c:\program files\ActivIdentity\ActivClient\Resources\Merged\aipinguirc.dll
c:\program files\ActivIdentity\ActivClient\resources\acCobAPIrc.dll
c:\program files\ActivIdentity\ActivClient\Resources\Merged\acunlockrc.dll
c:\windows\system32\DeviceNP.dll

- - - - - - - > 'explorer.exe'(1704)
c:\windows\system32\WININET.dll
c:\windows\system32\APSHook.dll
c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
c:\program files\TortoiseSVN\bin\TortoiseStub.dll
c:\program files\TortoiseSVN\bin\TortoiseSVN.dll
c:\program files\TortoiseSVN\bin\intl3_tsvn.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-04-19 21:35:38
ComboFix-quarantined-files.txt 2010-04-19 19:35
ComboFix2.txt 2010-04-17 17:16
ComboFix3.txt 2010-04-17 15:39

Pre-Run: 8 191 225 856 bytes free
Post-Run: 8 149 118 976 bytes free

- - End Of File - - 9DDF3AE9992C2C374989EE57CAC64B91

Poprosím o nový log z RSIT.

Logfile of random's system information tool 1.06 (written by random/random)
Run by Owner at 2010-04-20 01:30:04
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 8 GB (14%) free of 54 GB
Total RAM: 2431 MB (76% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:30:22, on 20.4.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
c:\Program Files\ActivIdentity\ActivClient\accoca.exe
C:\Program Files\LSI SoftModem\agrsmsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Google\Update\1.2.183.23\GoogleCrashHandler.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\UPHClean\uphclean.exe
C:\Program Files\HPQ\Shared\Sierra Wireless\Win32\Unicode\SWIHPWMI.exe
C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
c:\Program Files\ActivIdentity\ActivClient\acevents.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Owner\Desktop\RSIT.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Avira\AntiVir Desktop\avcenter.exe
C:\Program Files\Trend Micro\HijackThis\Owner.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Credential Manager for HP ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll
O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: NuSphere ToolBar - {0F62D223-9206-4EA3-9EA8-D0F3C7C82ACA} - C:\Program Files\NuSphere\PhpED\NuSphereIEBar.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [PTHOSTTR] c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
O4 - HKLM\..\Run: [accrdsub] "c:\Program Files\ActivIdentity\ActivClient\accrdsub.exe"
O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\HEWLET~1\IAM\Bin\ASTSVCC.dll,RegisterModule
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [AT&T Communication Manager] "c:\Program Files\AT&T\Communication Manager\ATTCM.exe" -a
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [RTBatteryMeter] C:\Program Files\VibrateGameDeviceDriver\RFPIcon.exe
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon
O4 - HKCU\..\Run: [TaskSwitchXP] C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [QIP Internet Guardian] C:\Documents and Settings\Owner\Application Data\QipGuard\QipGuard.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Startup: 8011.lnk = ?
O4 - Startup: Spoon Sandbox Manager 3.14.lnk = C:\Documents and Settings\Owner\Local Settings\Application Data\Spoon\3.14.0.5\Spoon-Sandbox.exe
O8 - Extra context menu item: NuSphere PhpED :: Debug this page - res://C:\Program Files\NuSphere\PhpED\NuSphereIEBar.dll/1000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
O9 - Extra 'Tools' menuitem: Nastavenia rozšírenia &Gears - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: QIP Infium - {1EF681F7-A04B-4D6D-9012-A307CCA55610} - C:\Program Files\QIP Infium\infium.exe (HKCU)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftup ... 1506473359
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 1506464718
O20 - Winlogon Notify: ackpbsc - c:\WINDOWS\system32\ackpbsc.dll
O20 - Winlogon Notify: acunlock - c:\Program Files\ActivIdentity\ActivClient\acunlock.dll
O20 - Winlogon Notify: DeviceNP - C:\WINDOWS\SYSTEM32\DeviceNP.dll
O20 - Winlogon Notify: OneCard - C:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll
O23 - Service: ActivClient Middleware Service (accoca) - ActivIdentity - c:\Program Files\ActivIdentity\ActivClient\accoca.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Program Files\LSI SoftModem\agrsmsvc.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: HP ProtectTools Device Locking / Auditing (FLCDLOCK) - Hewlett-Packard Ltd - C:\WINDOWS\system32\flcdlock.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Sony Ericsson OMSI download service (OMSI download service) - Unknown owner - C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
O23 - Service: OracleDBConsoleorcl - Unknown owner - C:\oracle\product\10.2.0\db_1\bin\nmesrvc.exe (file missing)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: SWIHPWMI - Sierra Wireless Inc. - C:\Program Files\HPQ\Shared\Sierra Wireless\Win32\Unicode\SWIHPWMI.exe
O23 - Service: wampapache - Apache Software Foundation - C:\Program Files\wamp\bin\apache\apache2.2.11\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - C:\Program Files\wamp\bin\mysql\mysql5.1.36\bin\mysqld.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 10463 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-448539723-1770027372-1801674531-1003Core.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-448539723-1770027372-1801674531-1003UA.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{5C46FB11-4F45-431C-BE9F-36C6B3934444}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-04-11 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DF21F1DB-80C6-11D3-9483-B03D0EC10000}]
Credential Manager for HP ProtectTools - C:\Program Files\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll [2006-11-21 70928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53}]
Google Gears Helper - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll [2010-02-23 2121728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-04-11 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{0F62D223-9206-4EA3-9EA8-D0F3C7C82ACA} - NuSphere ToolBar - C:\Program Files\NuSphere\PhpED\NuSphereIEBar.dll [2009-11-04 500856]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"=C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2008-04-14 208952]
"PHIME2002ASync"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2008-04-14 455168]
"PHIME2002A"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2008-04-14 455168]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2006-11-10 90112]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2008-03-28 1040384]
"QlbCtrl.exe"=C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [2009-04-15 181816]
"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2007-01-05 872448]
"hpWirelessAssistant"=C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [2008-04-15 488752]
"PTHOSTTR"=c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE [2007-01-09 145184]
"accrdsub"=c:\Program Files\ActivIdentity\ActivClient\accrdsub.exe [2007-05-04 293168]
"CognizanceTS"=C:\PROGRA~1\HEWLET~1\IAM\Bin\ASTSVCC.dll [2003-12-23 17920]
"HP Software Update"=c:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [2005-02-16 49152]
"AT&T Communication Manager"=c:\Program Files\AT&T\Communication Manager\ATTCM.exe [2007-05-26 22528]
"Broadcom Wireless Manager UI"=C:\WINDOWS\system32\WLTRAY.exe [2009-07-16 1945600]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2010-03-02 282792]
"RTBatteryMeter"=C:\Program Files\VibrateGameDeviceDriver\RFPIcon.exe [2003-01-16 49152]
"AdobeCS4ServiceManager"=C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [2008-08-14 611712]
"COMODO Internet Security"=C:\Program Files\COMODO\COMODO Internet Security\cfp.exe [2010-01-29 1800464]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sony Ericsson PC Suite"=C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe [2009-09-24 434176]
"TaskSwitchXP"=C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe [2007-05-09 106904]
"Google Update"=C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-10-31 135664]
"QIP Internet Guardian"=C:\Documents and Settings\Owner\Application Data\QipGuard\QipGuard.exe [2010-03-12 184272]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CoolSwitch]
C:\WINDOWS\system32\taskswitch.exe [2002-03-20 45632]

C:\Documents and Settings\Owner\Start Menu\Programs\Startup
8011.lnk - C:\DOCUME~1\Owner\LOCALS~1\Temp\mvNat.exe
Spoon Sandbox Manager 3.14.lnk - C:\Documents and Settings\Owner\Local Settings\Application Data\Spoon\3.14.0.5\Spoon-Sandbox.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ackpbsc]
c:\WINDOWS\system32\ackpbsc.dll [2007-05-04 112640]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\acunlock]
c:\Program Files\ActivIdentity\ActivClient\acunlock.dll [2007-05-04 281088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2007-12-18 122880]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\DeviceNP]
C:\WINDOWS\system32\DeviceNP.dll [2007-06-08 49152]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\OneCard]
C:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll [2008-05-13 85504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-24 3584]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2009-04-20 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"ForceClassicControlPanel"=
"MaxRecentDocs"=
"NoSMConfigurePrograms"=
"NoDriveTypeAutoRun"=
"NoRecentDocsNetHood"=
"MemCheckBoxInRunDlg"=
"NoDriveAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe"="C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:*:Enabled:Adobe CSI CS4"
"C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"
"C:\Program Files\NuSphere\PhpED\php\php.exe"="C:\Program Files\NuSphere\PhpED\php\php.exe:*:Enabled:php4-cgi"
"C:\Program Files\NuSphere\PhpED\php\php-cli.exe"="C:\Program Files\NuSphere\PhpED\php\php-cli.exe:*:Enabled:php4-cli"
"C:\Program Files\NuSphere\PhpED\php5\php-cgi.exe"="C:\Program Files\NuSphere\PhpED\php5\php-cgi.exe:*:Enabled:php5-cgi"
"C:\Program Files\NuSphere\PhpED\php5\php.exe"="C:\Program Files\NuSphere\PhpED\php5\php.exe:*:Enabled:php5-cli"
"C:\Program Files\NuSphere\PhpED\php53\php-cgi.exe"="C:\Program Files\NuSphere\PhpED\php53\php-cgi.exe:*:Enabled:php53-cgi"
"C:\Program Files\NuSphere\PhpED\php53\php.exe"="C:\Program Files\NuSphere\PhpED\php53\php.exe:*:Enabled:php53-cli"
"C:\Program Files\NuSphere\PhpED\Srv.exe"="C:\Program Files\NuSphere\PhpED\Srv.exe:*:Enabled:NuSphere PhpED SRV web server"
"C:\Program Files\NuSphere\PhpED\debugger\DbgListener.exe"="C:\Program Files\NuSphere\PhpED\debugger\DbgListener.exe:*:Enabled:NuSphere PhpED Dbg Listener"
"C:\Program Files\NuSphere\PhpED\phped.exe"="C:\Program Files\NuSphere\PhpED\phped.exe:*:Enabled:NuSphere PhpED Embedded browser"
"C:\Program Files\Vuze\Azureus.exe"="C:\Program Files\Vuze\Azureus.exe:*:Enabled:Azureus / Vuze"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======List of files/folders created in the last 1 months======

2010-04-19 21:35:39 ----A---- C:\ComboFix.txt
2010-04-17 18:58:12 ----A---- C:\WINDOWS\system32\wscntfy.exe
2010-04-17 18:51:49 ----A---- C:\Boot.bak
2010-04-17 18:51:40 ----RASHD---- C:\cmdcons
2010-04-17 18:42:05 ----N---- C:\wscntfy.exe
2010-04-17 17:27:21 ----D---- C:\Program Files\xerox
2010-04-17 17:27:19 ----D---- C:\WINDOWS\system32\xircom
2010-04-17 17:27:19 ----D---- C:\Program Files\windows nt
2010-04-17 17:27:19 ----D---- C:\Program Files\outlook express
2010-04-17 17:27:18 ----D---- C:\WINDOWS\system32\inetsrv
2010-04-17 17:27:18 ----D---- C:\Program Files\netmeeting
2010-04-17 17:27:18 ----D---- C:\Program Files\msn gaming zone
2010-04-17 17:27:18 ----D---- C:\Program Files\microsoft frontpage
2010-04-17 17:07:16 ----A---- C:\WINDOWS\zip.exe
2010-04-17 17:07:16 ----A---- C:\WINDOWS\SWREG.exe
2010-04-17 17:07:16 ----A---- C:\WINDOWS\sed.exe
2010-04-17 17:07:16 ----A---- C:\WINDOWS\PEV.exe
2010-04-17 17:07:16 ----A---- C:\WINDOWS\NIRCMD.exe
2010-04-17 17:07:16 ----A---- C:\WINDOWS\MBR.exe
2010-04-17 17:07:16 ----A---- C:\WINDOWS\grep.exe
2010-04-17 17:07:15 ----A---- C:\WINDOWS\SWXCACLS.exe
2010-04-17 17:07:15 ----A---- C:\WINDOWS\SWSC.exe
2010-04-17 17:07:01 ----D---- C:\WINDOWS\ERDNT
2010-04-17 17:02:55 ----D---- C:\Qoobox
2010-04-17 16:04:24 ----D---- C:\rsit
2010-04-17 14:34:38 ----HDC---- C:\WINDOWS\$NtUninstallKB978601$
2010-04-17 14:31:00 ----HDC---- C:\WINDOWS\$NtUninstallKB979683$
2010-04-17 14:30:50 ----HDC---- C:\WINDOWS\$NtUninstallKB978338$
2010-04-17 14:30:29 ----HDC---- C:\WINDOWS\$NtUninstallKB977816$
2010-04-17 14:30:20 ----HDC---- C:\WINDOWS\$NtUninstallKB980232$
2010-04-17 14:29:38 ----HDC---- C:\WINDOWS\$NtUninstallKB979306$
2010-04-17 14:29:23 ----HDC---- C:\WINDOWS\$NtUninstallKB971468$
2010-04-17 14:29:13 ----HDC---- C:\WINDOWS\$NtUninstallKB977914$
2010-04-17 14:29:01 ----HDC---- C:\WINDOWS\$NtUninstallKB978262$
2010-04-17 14:28:52 ----HDC---- C:\WINDOWS\$NtUninstallKB975560$
2010-04-17 14:28:32 ----HDC---- C:\WINDOWS\$NtUninstallKB978037$
2010-04-17 14:28:22 ----HDC---- C:\WINDOWS\$NtUninstallKB975713$
2010-04-17 14:28:14 ----HDC---- C:\WINDOWS\$NtUninstallKB972270$
2010-04-17 14:28:04 ----HDC---- C:\WINDOWS\$NtUninstallKB973904$
2010-04-17 14:27:53 ----HDC---- C:\WINDOWS\$NtUninstallKB955759$
2010-04-17 14:27:45 ----HDC---- C:\WINDOWS\$NtUninstallKB974392$
2010-04-17 14:27:37 ----HDC---- C:\WINDOWS\$NtUninstallKB974318$
2010-04-17 14:27:30 ----HDC---- C:\WINDOWS\$NtUninstallKB971737$
2010-04-17 14:27:20 ----HDC---- C:\WINDOWS\$NtUninstallKB970430$
2010-04-17 14:27:11 ----HDC---- C:\WINDOWS\$NtUninstallKB973687$
2010-04-17 14:27:04 ----HDC---- C:\WINDOWS\$NtUninstallKB969947$
2010-04-17 14:26:56 ----HDC---- C:\WINDOWS\$NtUninstallKB969059$
2010-04-17 14:26:50 ----HDC---- C:\WINDOWS\$NtUninstallKB958869$
2010-04-17 14:26:43 ----HDC---- C:\WINDOWS\$NtUninstallKB974112$
2010-04-17 14:26:35 ----HDC---- C:\WINDOWS\$NtUninstallKB974571$
2010-04-17 14:26:28 ----HDC---- C:\WINDOWS\$NtUninstallKB975025$
2010-04-17 14:26:21 ----HDC---- C:\WINDOWS\$NtUninstallKB954155_WM9$
2010-04-17 14:26:17 ----HDC---- C:\WINDOWS\$NtUninstallKB975467$
2010-04-17 14:18:37 ----N---- C:\WINDOWS\system32\browserchoice.exe
2010-04-17 14:14:59 ----D---- C:\WINDOWS\system32\SoftwareDistribution
2010-04-17 14:14:59 ----A---- C:\WINDOWS\system32\wuapi.dll.mui
2010-04-11 01:01:51 ----A---- C:\WINDOWS\system32\javaws.exe
2010-04-11 01:01:51 ----A---- C:\WINDOWS\system32\javaw.exe
2010-04-11 01:01:51 ----A---- C:\WINDOWS\system32\java.exe
2010-04-02 20:26:23 ----D---- C:\Program Files\Buzzer Control
2010-03-31 19:15:53 ----D---- C:\WINDOWS\system32\NtmsData
2010-03-31 18:40:07 ----D---- C:\Documents and Settings\Owner\Application Data\Avira
2010-03-31 13:59:46 ----D---- C:\Documents and Settings\Owner\Application Data\QipGuard

======List of files/folders modified in the last 1 months======

2010-04-20 01:24:52 ----D---- C:\Documents and Settings\Owner\Application Data\Azureus
2010-04-19 21:35:05 ----D---- C:\WINDOWS\Temp
2010-04-19 21:33:08 ----D---- C:\WINDOWS
2010-04-19 21:33:07 ----A---- C:\WINDOWS\system.ini
2010-04-19 21:30:23 ----D---- C:\WINDOWS\system32\drivers
2010-04-19 21:30:23 ----D---- C:\WINDOWS\system32
2010-04-19 21:30:23 ----D---- C:\WINDOWS\AppPatch
2010-04-19 21:30:16 ----D---- C:\Program Files\Common Files
2010-04-19 21:24:43 ----D---- C:\WINDOWS\system32\CatRoot2
2010-04-19 21:24:30 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-04-19 21:24:04 ----D---- C:\WINDOWS\Prefetch
2010-04-19 20:10:32 ----D---- C:\Documents and Settings\Owner\Application Data\vlc
2010-04-19 11:25:11 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-04-17 19:03:54 ----D---- C:\WINDOWS\system32\config
2010-04-17 18:51:49 ----RASH---- C:\boot.ini
2010-04-17 17:27:21 ----RD---- C:\Program Files
2010-04-17 17:27:20 ----D---- C:\WINDOWS\system32\wbem
2010-04-17 17:20:52 ----SD---- C:\WINDOWS\Tasks
2010-04-17 16:43:40 ----SHD---- C:\WINDOWS\Installer
2010-04-17 16:42:35 ----D---- C:\Program Files\Core Services
2010-04-17 15:38:59 ----D---- C:\WINDOWS\Microsoft.NET
2010-04-17 15:38:49 ----RSD---- C:\WINDOWS\assembly
2010-04-17 14:41:35 ----D---- C:\Program Files\Internet Explorer
2010-04-17 14:34:41 ----HD---- C:\WINDOWS\inf
2010-04-17 14:34:40 ----D---- C:\WINDOWS\system32\dllcache
2010-04-17 14:34:35 ----HD---- C:\WINDOWS\$hf_mig$
2010-04-17 14:30:40 ----D---- C:\WINDOWS\ie8updates
2010-04-17 14:26:50 ----D---- C:\WINDOWS\WinSxS
2010-04-17 14:20:28 ----D---- C:\WINDOWS\system32\CatRoot
2010-04-17 14:15:15 ----D---- C:\WINDOWS\SoftwareDistribution
2010-04-17 14:15:01 ----D---- C:\WINDOWS\Help
2010-04-17 14:14:37 ----SD---- C:\WINDOWS\Downloaded Program Files
2010-04-17 13:59:15 ----SHD---- C:\System Volume Information
2010-04-17 12:14:55 ----D---- C:\WINDOWS\Registration
2010-04-15 13:57:44 ----D---- C:\Program Files\Opera
2010-04-11 01:01:28 ----A---- C:\WINDOWS\system32\deploytk.dll
2010-04-10 11:01:59 ----D---- C:\Program Files\Vuze
2010-04-07 00:32:19 ----A---- C:\WINDOWS\ModemLog_Sony Ericsson Device 1018 USB WMC Data Modem.txt
2010-04-06 23:09:48 ----D---- C:\Documents and Settings\Owner\Application Data\gtk-2.0
2010-04-06 10:52:56 ----A---- C:\WINDOWS\system32\MRT.exe
2010-04-04 16:22:45 ----D---- C:\Program Files\Mozilla Firefox
2010-03-31 23:20:49 ----A---- C:\WINDOWS\ModemLog_Bluetooth Modem.txt
2010-03-31 19:15:53 ----D---- C:\WINDOWS\repair
2010-03-31 13:59:10 ----D---- C:\Program Files\QIP Infium

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK8;AMD Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-07-02 36864]
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2010-03-01 124784]
R1 cmdGuard;COMODO Internet Security Sandbox Driver; C:\WINDOWS\System32\DRIVERS\cmdguard.sys [2010-02-01 134344]
R1 cmdHlp;COMODO Internet Security Helper Driver; C:\WINDOWS\System32\DRIVERS\cmdhlp.sys [2010-01-29 25160]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 PQNTDrv;PQNTDrv; C:\WINDOWS\system32\drivers\PQNTDrv.sys [2002-09-16 4228]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520]
R1 VD_FileDisk;VD_FileDisk; C:\WINDOWS\system32\drivers\VD_FileDisk.sys [2006-01-13 15872]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-14 8832]
R2 adfs;adfs; C:\WINDOWS\system32\drivers\adfs.sys [2008-08-14 74720]
R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2010-02-16 60936]
R2 NPF;NetGroup Packet Filter Driver; C:\WINDOWS\system32\drivers\npf.sys [2009-10-20 50704]
R2 rspndr;Link-Layer Topology Discovery Responder; C:\WINDOWS\system32\DRIVERS\rspndr.sys [2009-04-20 62848]
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\ADIHdAud.sys [2008-02-05 281600]
R3 AEAudio;AE Audio Service; C:\WINDOWS\system32\drivers\AEAudio.sys [2007-07-13 94976]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2008-11-21 1204128]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2007-12-18 2849280]
R3 b57w2k;Broadcom 590x 10/100 Ethernet; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2007-02-27 160256]
R3 btaudio;Bluetooth Audio Device; C:\WINDOWS\system32\drivers\btaudio.sys [2007-02-14 530861]
R3 BTDriver;Bluetooth Virtual Communications Driver; C:\WINDOWS\system32\DRIVERS\btport.sys [2007-02-14 30459]
R3 BTKRNL;Bluetooth Bus Enumerator; C:\WINDOWS\system32\DRIVERS\btkrnl.sys [2007-02-14 868298]
R3 catchme;catchme; \??\C:\DOCUME~1\Owner\LOCALS~1\Temp\catchme.sys []
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-14 13952]
R3 DynCal;Dynamic Calibration Service; C:\WINDOWS\system32\drivers\Dyncal.sys [2007-11-07 12928]
R3 HBtnKey;HBtnKey; C:\WINDOWS\system32\DRIVERS\cpqbttn.sys [2009-03-19 9216]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-14 144384]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 HpqKbFiltr;HpqKbFilter Driver; C:\WINDOWS\system32\DRIVERS\HpqKbFiltr.sys [2007-06-19 16768]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2009-04-20 12160]
R3 RimVSerPort;RIM Virtual Serial Port v2; C:\WINDOWS\system32\DRIVERS\RimSerial.sys [2007-05-26 26368]
R3 seehcri;Sony Ericsson seehcri Device Driver; C:\WINDOWS\system32\DRIVERS\seehcri.sys [2008-01-09 27632]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2008-03-28 224672]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2009-04-20 30336]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2009-04-20 17152]
R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys []
S3 BCM43XX;Broadcom 802.11 Network Adapter Driver; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2009-07-15 1391104]
S3 BTWDNDIS;Bluetooth LAN Access Server; C:\WINDOWS\system32\DRIVERS\btwdndis.sys [2007-02-14 149123]
S3 btwhid;btwhid; C:\WINDOWS\system32\DRIVERS\btwhid.sys [2007-02-14 47907]
S3 btwmodem;Bluetooth Modem; C:\WINDOWS\system32\DRIVERS\btwmodem.sys [2007-02-14 30285]
S3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2007-02-14 67960]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 DAMDrv;DAMDrv; C:\WINDOWS\system32\DRIVERS\DAMDrv.sys [2007-06-08 30008]
S3 ggflt;SEMC USB Flash Driver Filter; C:\WINDOWS\system32\DRIVERS\ggflt.sys [2007-09-25 13352]
S3 ggsemc;SEMC USB Flash Driver; C:\WINDOWS\system32\DRIVERS\ggsemc.sys [2007-09-25 20520]
S3 HP24X;HP PC Card Smart Card Reader; C:\WINDOWS\system32\DRIVERS\HP24X.sys [2007-07-17 35072]
S3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\DRIVERS\LVUSBSta.sys []
S3 mbr;mbr; \??\C:\DOCUME~1\Owner\LOCALS~1\Temp\mbr.sys []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 PCTINDIS5;PCTINDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\PCTINDIS5.SYS []
S3 PID_0928;Logitech QuickCam Express(PID_0928); C:\WINDOWS\system32\DRIVERS\LV561AV.SYS []
S3 s1018bus;Sony Ericsson Device 1018 driver (WDM); C:\WINDOWS\system32\DRIVERS\s1018bus.sys [2008-11-04 86696]
S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\s1018mdfl.sys [2008-11-04 15016]
S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\s1018mdm.sys [2008-11-04 114472]
S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\s1018mgmt.sys [2008-11-04 108200]
S3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS); C:\WINDOWS\system32\DRIVERS\s1018nd5.sys [2008-11-04 26024]
S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\s1018obex.sys [2008-11-04 104616]
S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM); C:\WINDOWS\system32\DRIVERS\s1018unic.sys [2008-11-04 109736]
S3 s125bus;Sony Ericsson Device 125 driver (WDM); C:\WINDOWS\system32\DRIVERS\s125bus.sys [2007-04-24 83336]
S3 s125mdfl;Sony Ericsson Device 125 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\s125mdfl.sys [2007-04-24 15112]
S3 s125mdm;Sony Ericsson Device 125 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\s125mdm.sys [2007-04-24 108680]
S3 s125mgmt;Sony Ericsson Device 125 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\s125mgmt.sys [2007-04-24 100488]
S3 s125obex;Sony Ericsson Device 125 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\s125obex.sys [2007-04-24 98696]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-22 32384]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2009-04-20 38528]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2009-04-20 82944]
S4 exFat;exFat; C:\WINDOWS\system32\drivers\exFat.sys [2009-04-20 133632]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 accoca;ActivClient Middleware Service; c:\Program Files\ActivIdentity\ActivClient\accoca.exe [2007-05-04 182576]
R2 AgereModemAudio;Agere Modem Call Progress Audio; C:\Program Files\LSI SoftModem\agrsmsvc.exe [2008-08-26 14336]
R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2010-04-19 267432]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2010-02-24 135336]
R2 ASBroker;Logon Session Broker; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 ASChannel;Local Communication Channel; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe [2007-02-06 266295]
R2 cmdAgent;COMODO Internet Security Helper Service; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [2010-01-29 723632]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-04-11 153376]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2007-10-18 79136]
R2 SWIHPWMI;SWIHPWMI; C:\Program Files\HPQ\Shared\Sierra Wireless\Win32\Unicode\SWIHPWMI.exe [2006-12-04 292384]
R2 UPHClean;User Profile Hive Cleanup; C:\Program Files\UPHClean\uphclean.exe [2005-04-27 241725]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R3 Com4QLBEx;Com4QLBEx; C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-04-23 239160]
R3 hpqwmiex;hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [2008-10-22 228656]
S2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2007-12-18 512000]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-08-14 133104]
S2 OMSI download service;Sony Ericsson OMSI download service; C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [2009-04-30 90112]
S2 OracleDBConsoleorcl;OracleDBConsoleorcl; C:\oracle\product\10.2.0\db_1\bin\nmesrvc.exe []
S2 wltrysvc;Broadcom Wireless LAN Tray Service; C:\WINDOWS\System32\WLTRYSVC.EXE [2009-07-16 24576]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FLCDLOCK;HP ProtectTools Device Locking / Auditing; C:\WINDOWS\system32\flcdlock.exe [2007-06-08 172131]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-11-23 655624]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-30 46104]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-30 881664]
S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files\WinPcap\rpcapd.exe [2009-10-20 117264]
S3 wampapache;wampapache; C:\Program Files\wamp\bin\apache\apache2.2.11\bin\httpd.exe [2008-12-10 24636]
S3 wampmysqld;wampmysqld; C:\Program Files\wamp\bin\mysql\mysql5.1.36\bin\mysqld.exe [2009-06-17 6582912]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2009-04-20 913408]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-30 132096]

-----------------EOF-----------------

Tohle znáte
C:\Documents and Settings\Owner\Start Menu\Programs\Startup
8011.lnk - C:\DOCUME~1\Owner\LOCALS~1\Temp\mvNat.exe

Nepoznam ich, netusim, ktore programy by ich mohli pouzivat