VIRY.CZ

OK. Je proti pravidlům tohoto fóra radit uživateli s nelegálním softem. Stáhněte, rozbalte a spusťte TDSSKiller: http://support.kaspersky.com/downloads/ ... killer.zip . Nechte pracovat a po ukončení skenu dejte log.

OK:Tady je log

18:33:36.0578 3260 TDSS rootkit removing tool 2.7.20.0 Mar 9 2012 17:10:43
18:33:36.0812 3260 ============================================================
18:33:36.0812 3260 Current date / time: 2012/03/13 18:33:36.0812
18:33:36.0812 3260 SystemInfo:
18:33:36.0812 3260
18:33:36.0812 3260 OS Version: 5.1.2600 ServicePack: 2.0
18:33:36.0812 3260 Product type: Workstation
18:33:36.0812 3260 ComputerName: ATHLON
18:33:36.0812 3260 UserName: Administrator
18:33:36.0812 3260 Windows directory: C:\WINDOWS
18:33:36.0812 3260 System windows directory: C:\WINDOWS
18:33:36.0812 3260 Processor architecture: Intel x86
18:33:36.0812 3260 Number of processors: 1
18:33:36.0812 3260 Page size: 0x1000
18:33:36.0812 3260 Boot type: Normal boot
18:33:36.0812 3260 ============================================================
18:33:38.0968 3260 Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
18:33:38.0968 3260 Drive \Device\Harddisk1\DR2 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
18:33:39.0062 3260 \Device\Harddisk0\DR0:
18:33:39.0062 3260 MBR used
18:33:39.0062 3260 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xDF8F8C1
18:33:39.0062 3260 \Device\Harddisk1\DR2:
18:33:39.0062 3260 MBR used
18:33:39.0062 3260 \Device\Harddisk1\DR2\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A384C02
18:33:39.0125 3260 Initialize success
18:33:39.0125 3260 ============================================================
18:33:44.0015 2736 ============================================================
18:33:44.0015 2736 Scan started
18:33:44.0015 2736 Mode: Manual;
18:33:44.0015 2736 ============================================================
18:33:44.0375 2736 Scan interrupted by user!
18:33:44.0375 2736 Scan interrupted by user!
18:33:44.0375 2736 Scan interrupted by user!
18:33:44.0375 2736 ============================================================
18:33:44.0375 2736 Scan finished
18:33:44.0375 2736 ============================================================
18:33:44.0421 2064 Detected object count: 0
18:33:44.0421 2064 Actual detected object count: 0
18:33:46.0375 3784 ============================================================
18:33:46.0375 3784 Scan started
18:33:46.0375 3784 Mode: Manual;
18:33:46.0375 3784 ============================================================
18:33:46.0953 3784 61883 (86d7b1e70661d754685b9ac6d749aae5) C:\WINDOWS\system32\DRIVERS\61883.sys
18:33:46.0968 3784 61883 - ok
18:33:47.0078 3784 a347bus (1f61cacacb521215f39061789147968c) C:\WINDOWS\system32\DRIVERS\a347bus.sys
18:33:47.0078 3784 a347bus - ok
18:33:47.0140 3784 a347scsi (113e4b318bbaa7483ca4e582a4d63f49) C:\WINDOWS\system32\Drivers\a347scsi.sys
18:33:47.0171 3784 a347scsi - ok
18:33:47.0265 3784 Aavmker4 (473f97edc5a5312f3665ab2921196c0c) C:\WINDOWS\system32\drivers\Aavmker4.sys
18:33:47.0265 3784 Aavmker4 - ok
18:33:47.0343 3784 Abiosdsk - ok
18:33:47.0406 3784 abp480n5 - ok
18:33:47.0453 3784 ACPI (fa2fbcda96d2385f773b059fe5a125a6) C:\WINDOWS\system32\DRIVERS\ACPI.sys
18:33:47.0453 3784 ACPI - ok
18:33:47.0562 3784 ACPIEC (afdff022a01f0b11c776f0860c3b282f) C:\WINDOWS\system32\drivers\ACPIEC.sys
18:33:47.0562 3784 ACPIEC - ok
18:33:47.0640 3784 adpu160m - ok
18:33:47.0750 3784 aec (1ee7b434ba961ef845de136224c30fec) C:\WINDOWS\system32\drivers\aec.sys
18:33:47.0750 3784 aec - ok
18:33:47.0843 3784 AFD (55e6e1c51b6d30e54335750955453702) C:\WINDOWS\System32\drivers\afd.sys
18:33:47.0859 3784 AFD - ok
18:33:47.0921 3784 Aha154x - ok
18:33:47.0984 3784 aic78u2 - ok
18:33:48.0046 3784 aic78xx - ok
18:33:48.0156 3784 ALCXSENS (a9355a51698f6901b362ef738b15631d) C:\WINDOWS\system32\drivers\ALCXSENS.SYS
18:33:48.0156 3784 ALCXSENS - ok
18:33:48.0281 3784 ALCXWDM (b191753b1aa2e7b11a18d5fde8248aa2) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
18:33:48.0296 3784 ALCXWDM - ok
18:33:48.0375 3784 AliIde - ok
18:33:48.0468 3784 AmdK7 (2cc3bf45ac3180fe29c199bd95f09601) C:\WINDOWS\system32\DRIVERS\amdk7.sys
18:33:48.0468 3784 AmdK7 - ok
18:33:48.0546 3784 amsint - ok
18:33:48.0640 3784 AnyDVD (ef832e448aa61e4833844c34cb04b2f1) C:\WINDOWS\system32\Drivers\AnyDVD.sys
18:33:48.0656 3784 AnyDVD - ok
18:33:48.0781 3784 Arp1394 (f0d692b0bffb46e30eb3cea168bbc49f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
18:33:48.0781 3784 Arp1394 - ok
18:33:48.0843 3784 asc - ok
18:33:48.0906 3784 asc3350p - ok
18:33:48.0968 3784 asc3550 - ok
18:33:49.0109 3784 Aspi32 (ed8cee58c1e4c5893f5b2fd686a272bf) C:\WINDOWS\system32\drivers\aspi32.sys
18:33:49.0109 3784 Aspi32 - ok
18:33:49.0203 3784 aswFsBlk (0ae43c6c411254049279c2ee55630f95) C:\WINDOWS\system32\drivers\aswFsBlk.sys
18:33:49.0218 3784 aswFsBlk - ok
18:33:49.0343 3784 aswMon2 (8c30b7ddd2f1d8d138ebe40345af2b11) C:\WINDOWS\system32\drivers\aswMon2.sys
18:33:49.0343 3784 aswMon2 - ok
18:33:49.0421 3784 AswRdr (da12626fd9a67f4e917e2f2fbe1e1764) C:\WINDOWS\system32\drivers\AswRdr.sys
18:33:49.0421 3784 AswRdr - ok
18:33:49.0531 3784 aswSnx (dcb199b967375753b5019ec15f008f53) C:\WINDOWS\system32\drivers\aswSnx.sys
18:33:49.0531 3784 aswSnx - ok
18:33:49.0625 3784 aswSP (b32873e5a1443c0a1e322266e203bf10) C:\WINDOWS\system32\drivers\aswSP.sys
18:33:49.0625 3784 aswSP - ok
18:33:49.0750 3784 aswTdi (6ff544175a9180c5d88534d3d9c9a9f7) C:\WINDOWS\system32\drivers\aswTdi.sys
18:33:49.0750 3784 aswTdi - ok
18:33:49.0843 3784 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
18:33:49.0843 3784 AsyncMac - ok
18:33:49.0906 3784 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
18:33:49.0921 3784 Suspicious file (NoAccess): C:\WINDOWS\system32\DRIVERS\atapi.sys. md5: cdfe4411a69c224bd1d11b2da92dac51
18:33:49.0921 3784 atapi ( LockedFile.Multi.Generic ) - warning
18:33:49.0921 3784 atapi - detected LockedFile.Multi.Generic (1)
18:33:49.0953 3784 Atdisk - ok
18:33:50.0046 3784 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
18:33:50.0062 3784 Atmarpc - ok
18:33:50.0171 3784 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
18:33:50.0171 3784 audstub - ok
18:33:50.0265 3784 Avc (87c223adb8f7596b31caae3c67b16ddd) C:\WINDOWS\system32\DRIVERS\avc.sys
18:33:50.0281 3784 Avc - ok
18:33:50.0359 3784 basic2 (1b9c81ab9a456eabd9f8335f04b5f495) C:\WINDOWS\system32\DRIVERS\HSF_BSC2.sys
18:33:50.0390 3784 basic2 - ok
18:33:50.0515 3784 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
18:33:50.0515 3784 Beep - ok
18:33:50.0578 3784 catchme - ok
18:33:50.0687 3784 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
18:33:50.0687 3784 cbidf2k - ok
18:33:50.0796 3784 CCDECODE (6163ed60b684bab19d3352ab22fc48b2) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
18:33:50.0796 3784 CCDECODE - ok
18:33:50.0859 3784 cd20xrnt - ok
18:33:50.0937 3784 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
18:33:50.0937 3784 Cdaudio - ok
18:33:51.0031 3784 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
18:33:51.0031 3784 Cdfs - ok
18:33:51.0109 3784 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
18:33:51.0109 3784 Cdrom - ok
18:33:51.0171 3784 Changer - ok
18:33:51.0296 3784 CmdIde - ok
18:33:51.0390 3784 Cpqarray - ok
18:33:51.0468 3784 dac2w2k - ok
18:33:51.0562 3784 dac960nt - ok
18:33:51.0656 3784 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
18:33:51.0656 3784 Disk - ok
18:33:51.0765 3784 dmboot (e1968edec81c430108feb23ab07bdb14) C:\WINDOWS\system32\drivers\dmboot.sys
18:33:51.0781 3784 dmboot - ok
18:33:51.0859 3784 dmio (1b1520a82e396e46b9ae9fa6b03ff6c6) C:\WINDOWS\system32\drivers\dmio.sys
18:33:51.0859 3784 dmio - ok
18:33:51.0921 3784 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
18:33:51.0921 3784 dmload - ok
18:33:52.0000 3784 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
18:33:52.0000 3784 DMusic - ok
18:33:52.0187 3784 dpti2o - ok
18:33:52.0265 3784 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
18:33:52.0281 3784 drmkaud - ok
18:33:52.0312 3784 EagleNT - ok
18:33:52.0421 3784 ElbyCDIO (aaa8999a169e39fb8b48ae49cd6ac30a) C:\WINDOWS\system32\Drivers\ElbyCDIO.sys
18:33:52.0421 3784 ElbyCDIO - ok
18:33:52.0515 3784 ElbyDelay (20d3b81663b3dfd5e32b0af8640aaf50) C:\WINDOWS\system32\Drivers\ElbyDelay.sys
18:33:52.0531 3784 ElbyDelay - ok
18:33:52.0609 3784 ElbyVCD - ok
18:33:52.0703 3784 ENTECH (bdd170fecb0e496a914318009d85b819) C:\WINDOWS\System32\DRIVERS\ENTECH.sys
18:33:52.0703 3784 ENTECH - ok
18:33:52.0843 3784 Fallback (c823debe2548656549f84a875d65237b) C:\WINDOWS\system32\DRIVERS\HSF_FALL.sys
18:33:52.0843 3784 Fallback - ok
18:33:52.0906 3784 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
18:33:52.0921 3784 Fastfat - ok
18:33:52.0984 3784 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\DRIVERS\fdc.sys
18:33:52.0984 3784 Fdc - ok
18:33:53.0093 3784 Fips (266dab58619b17bdf37fabbd48d875ca) C:\WINDOWS\system32\drivers\Fips.sys
18:33:53.0093 3784 Fips - ok
18:33:53.0156 3784 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
18:33:53.0171 3784 Flpydisk - ok
18:33:53.0265 3784 FltMgr (3d234fb6d6ee875eb009864a299bea29) C:\WINDOWS\system32\drivers\fltmgr.sys
18:33:53.0265 3784 FltMgr - ok
18:33:53.0343 3784 Fsks (6483414841d4cab6c3b4db2ac6edd70b) C:\WINDOWS\system32\DRIVERS\HSF_FSKS.sys
18:33:53.0359 3784 Fsks - ok
18:33:53.0437 3784 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
18:33:53.0437 3784 Fs_Rec - ok
18:33:53.0531 3784 Ftdisk (4e664d8541db4a66b73a24257e322e1f) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
18:33:53.0546 3784 Ftdisk - ok
18:33:53.0593 3784 gameenum (5f92fd09e5610a5995da7d775eadcd12) C:\WINDOWS\system32\DRIVERS\gameenum.sys
18:33:53.0656 3784 gameenum - ok
18:33:53.0718 3784 genmcmn (8ca4da1fc8c3fb098b1aadddb111cd28) C:\WINDOWS\system32\DRIVERS\gmfiltr.sys
18:33:53.0718 3784 genmcmn - ok
18:33:53.0812 3784 giveio (77ebf3e9386daa51551af429052d88d0) C:\WINDOWS\system32\giveio.sys
18:33:53.0812 3784 giveio - ok
18:33:53.0890 3784 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
18:33:53.0890 3784 Gpc - ok
18:33:54.0031 3784 HCF_MSFT (9513de607cd2c6d7fbeca2e6e0ae5dc0) C:\WINDOWS\system32\DRIVERS\HCF_MSFT.sys
18:33:54.0062 3784 HCF_MSFT - ok
18:33:54.0140 3784 HidUsb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
18:33:54.0156 3784 HidUsb - ok
18:33:54.0218 3784 hpn - ok
18:33:54.0281 3784 HPZid412 (5faba4775d4c61e55ec669d643ffc71f) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
18:33:54.0281 3784 HPZid412 - ok
18:33:54.0343 3784 HPZipr12 (a3c43980ee1f1beac778b44ea65dbdd4) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
18:33:54.0359 3784 HPZipr12 - ok
18:33:54.0390 3784 HPZius12 (2906949bd4e206f2bb0dd1896ce9f66f) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
18:33:54.0406 3784 HPZius12 - ok
18:33:54.0500 3784 hsf_msft (74e379857d4c0dfb56de2d19b8f4c434) C:\WINDOWS\system32\DRIVERS\HSF_MSFT.sys
18:33:54.0500 3784 hsf_msft - ok
18:33:54.0625 3784 HTTP (9f8b0f4276f618964fd118be4289b7cd) C:\WINDOWS\system32\Drivers\HTTP.sys
18:33:54.0625 3784 HTTP - ok
18:33:54.0718 3784 i2omgmt - ok
18:33:54.0796 3784 i2omp - ok
18:33:54.0875 3784 i8042prt (0f42de9909b5dbf2c48dd1a79d491af5) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
18:33:54.0875 3784 i8042prt - ok
18:33:54.0984 3784 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
18:33:54.0984 3784 Imapi - ok
18:33:55.0078 3784 ini910u - ok
18:33:55.0140 3784 IntelIde - ok
18:33:55.0234 3784 ip6fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\drivers\ip6fw.sys
18:33:55.0234 3784 ip6fw - ok
18:33:55.0359 3784 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
18:33:55.0359 3784 IpFilterDriver - ok
18:33:55.0625 3784 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
18:33:55.0625 3784 IpInIp - ok
18:33:55.0734 3784 IpNat (e2168cbc7098ffe963c6f23f472a3593) C:\WINDOWS\system32\DRIVERS\ipnat.sys
18:33:55.0734 3784 IpNat - ok
18:33:55.0828 3784 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
18:33:55.0843 3784 IPSec - ok
18:33:55.0921 3784 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
18:33:55.0937 3784 IRENUM - ok
18:33:56.0062 3784 isapnp (1091528512e4dd7ed5fddcc4df1c53d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
18:33:56.0078 3784 isapnp - ok
18:33:56.0234 3784 ISODrive (2f03ceb28307983f3b36216d35ffa5aa) C:\Program Files\UltraISO\drivers\ISODrive.sys
18:33:56.0234 3784 ISODrive - ok
18:33:56.0375 3784 K56 (9c5e3fdbfcc30cf71a49ca178b9ad442) C:\WINDOWS\system32\DRIVERS\HSF_K56K.sys
18:33:56.0375 3784 K56 - ok
18:33:56.0453 3784 Kbdclass (6f877bf8dc01a550cd666f3bedb2213c) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
18:33:56.0453 3784 Kbdclass - ok
18:33:56.0562 3784 kbdhid (065b5a83aa78c0c7047bf22e0ab5c821) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
18:33:56.0562 3784 kbdhid - ok
18:33:56.0671 3784 kmixer (ba5deda4d934e6288c2f66caf58d2562) C:\WINDOWS\system32\drivers\kmixer.sys
18:33:56.0687 3784 kmixer - ok
18:33:56.0796 3784 KMWDFilter (84c72cbcea88c7fb61a60e80b5b82ec6) C:\WINDOWS\System32\Drivers\KMWDFilter.SYS
18:33:56.0796 3784 KMWDFilter - ok
18:33:56.0921 3784 KSecDD (674d3e5a593475915dc6643317192403) C:\WINDOWS\system32\drivers\KSecDD.sys
18:33:56.0921 3784 KSecDD - ok
18:33:57.0031 3784 Lavasoft Kernexplorer - ok
18:33:57.0078 3784 lbrtfdc - ok
18:33:57.0265 3784 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
18:33:57.0265 3784 mnmdd - ok
18:33:57.0390 3784 Modem (60210deb037846afe521ebf349964f6b) C:\WINDOWS\system32\drivers\Modem.sys
18:33:57.0390 3784 Modem - ok
18:33:57.0500 3784 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
18:33:57.0500 3784 MODEMCSA - ok
18:33:57.0578 3784 Mouclass (b160ec94114715675509115986400fd9) C:\WINDOWS\system32\DRIVERS\mouclass.sys
18:33:57.0578 3784 Mouclass - ok
18:33:57.0671 3784 moufiltr (6ed1d87904edfbd26dfb31abf1040d92) C:\WINDOWS\system32\DRIVERS\moufiltr.sys
18:33:57.0671 3784 moufiltr - ok
18:33:57.0750 3784 mouhid (bb269eba740737ab749b214d568b6812) C:\WINDOWS\system32\DRIVERS\mouhid.sys
18:33:57.0750 3784 mouhid - ok
18:33:57.0812 3784 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
18:33:57.0812 3784 MountMgr - ok
18:33:57.0859 3784 mraid35x - ok
18:33:57.0953 3784 MREMP50 (9bd4dcb5412921864a7aacdedfbd1923) C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS
18:33:57.0968 3784 MREMP50 - ok
18:33:58.0015 3784 MREMP50a64 - ok
18:33:58.0046 3784 MREMPR5 - ok
18:33:58.0078 3784 MRENDIS5 - ok
18:33:58.0125 3784 MRESP50 (07c02c892e8e1a72d6bf35004f0e9c5e) C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS
18:33:58.0125 3784 MRESP50 - ok
18:33:58.0156 3784 MRESP50a64 - ok
18:33:58.0281 3784 MRxDAV (29414447eb5bde2f8397dc965dbb3156) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
18:33:58.0281 3784 MRxDAV - ok
18:33:58.0406 3784 MrxSmb (fb6c89bb3ce282b08bdb1e3c179e1c39) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
18:33:58.0406 3784 MrxSmb - ok
18:33:58.0515 3784 MSDV (6dd721dfd2648f3f6d5808b5ba6cb095) C:\WINDOWS\system32\DRIVERS\msdv.sys
18:33:58.0531 3784 MSDV - ok
18:33:58.0593 3784 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
18:33:58.0609 3784 Msfs - ok
18:33:58.0703 3784 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
18:33:58.0703 3784 MSKSSRV - ok
18:33:58.0781 3784 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
18:33:58.0781 3784 MSPCLOCK - ok
18:33:58.0875 3784 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
18:33:58.0875 3784 MSPQM - ok
18:33:59.0015 3784 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
18:33:59.0046 3784 mssmbios - ok
18:33:59.0140 3784 MSTEE (bf13612142995096ab084f2db7f40f77) C:\WINDOWS\system32\drivers\MSTEE.sys
18:33:59.0156 3784 MSTEE - ok
18:33:59.0234 3784 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
18:33:59.0234 3784 Mup - ok
18:33:59.0312 3784 NABTSFEC (5c8dc6429c43dc6177c1fa5b76290d1a) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
18:33:59.0312 3784 NABTSFEC - ok
18:33:59.0390 3784 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
18:33:59.0406 3784 NDIS - ok
18:33:59.0484 3784 NdisIP (520ce427a8b298f54112857bcf6bde15) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
18:33:59.0484 3784 NdisIP - ok
18:33:59.0593 3784 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
18:33:59.0593 3784 NdisTapi - ok
18:33:59.0703 3784 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
18:33:59.0718 3784 Ndisuio - ok
18:33:59.0812 3784 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
18:33:59.0812 3784 NdisWan - ok
18:33:59.0906 3784 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
18:33:59.0921 3784 NDProxy - ok
18:33:59.0984 3784 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
18:34:00.0000 3784 NetBIOS - ok
18:34:00.0078 3784 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
18:34:00.0109 3784 NetBT - ok
18:34:00.0265 3784 NIC1394 (5c5c53db4fef16cf87b9911c7e8c6fbc) C:\WINDOWS\system32\DRIVERS\nic1394.sys
18:34:00.0265 3784 NIC1394 - ok
18:34:00.0406 3784 Nokia USB Generic (1926b4eef80f4a0c8cc8fcbb6b4a7461) C:\WINDOWS\system32\drivers\nmwcdc.sys
18:34:00.0421 3784 Nokia USB Generic - ok
18:34:00.0484 3784 Nokia USB Modem (df4211b6ca609ff11f43261e04ac92f1) C:\WINDOWS\system32\drivers\nmwcdcm.sys
18:34:00.0484 3784 Nokia USB Modem - ok
18:34:00.0562 3784 Nokia USB Phone Parent (ddfe78eeb4afcf91edc52b8f7c7dad15) C:\WINDOWS\system32\drivers\nmwcd.sys
18:34:00.0562 3784 Nokia USB Phone Parent - ok
18:34:00.0625 3784 Nokia USB Port (df4211b6ca609ff11f43261e04ac92f1) C:\WINDOWS\system32\drivers\nmwcdcj.sys
18:34:00.0625 3784 Nokia USB Port - ok
18:34:00.0687 3784 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
18:34:00.0687 3784 Npfs - ok
18:34:00.0812 3784 Ntfs (19a811ef5f1ed5c926a028ce107ff1af) C:\WINDOWS\system32\drivers\Ntfs.sys
18:34:00.0843 3784 Ntfs - ok
18:34:00.0937 3784 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
18:34:00.0937 3784 Null - ok
18:34:01.0234 3784 nv (31794adbb0cd6434b29f34d55074a0ba) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
18:34:01.0265 3784 nv - ok
18:34:01.0390 3784 nvcap (d39a77296f39ae50c0d01dff46d4b594) C:\WINDOWS\system32\DRIVERS\nvcap.sys
18:34:01.0390 3784 nvcap - ok
18:34:01.0484 3784 NVXBAR (2c6c9c82505f5d4f89bb73c3f7feeb99) C:\WINDOWS\system32\DRIVERS\NVxbar.sys
18:34:01.0484 3784 NVXBAR - ok
18:34:01.0578 3784 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
18:34:01.0593 3784 NwlnkFlt - ok
18:34:01.0671 3784 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
18:34:01.0671 3784 NwlnkFwd - ok
18:34:01.0812 3784 ohci1394 (0951db8e5823ea366b0e408d71e1ba2a) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
18:34:01.0812 3784 ohci1394 - ok
18:34:01.0906 3784 Parport (76a18caa2fefb28a4ced38d76837e86e) C:\WINDOWS\system32\DRIVERS\parport.sys
18:34:01.0921 3784 Parport - ok
18:34:01.0984 3784 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
18:34:01.0984 3784 PartMgr - ok
18:34:02.0078 3784 ParVdm (1fae19d0457176318bba4a8795656ebc) C:\WINDOWS\system32\drivers\ParVdm.sys
18:34:02.0078 3784 ParVdm - ok
18:34:02.0156 3784 PCI (b7979f37bb7b9df2230046134955e6e7) C:\WINDOWS\system32\DRIVERS\pci.sys
18:34:02.0203 3784 PCI - ok
18:34:02.0265 3784 PCIDump - ok
18:34:02.0328 3784 PCIIde - ok
18:34:02.0421 3784 PCLEPCI (1bebe7de8508a02650cdce45c664c2a2) C:\WINDOWS\System32\drivers\pclepci.sys
18:34:02.0421 3784 PCLEPCI - ok
18:34:02.0515 3784 Pcmcia (90505755634407d4ef4c6dea60fc1df9) C:\WINDOWS\system32\drivers\Pcmcia.sys
18:34:02.0515 3784 Pcmcia - ok
18:34:02.0609 3784 Pcouffin (5b6c11de7e839c05248ced8825470fef) C:\WINDOWS\system32\Drivers\Pcouffin.sys
18:34:02.0625 3784 Pcouffin - ok
18:34:02.0687 3784 PDCOMP - ok
18:34:02.0750 3784 PDFRAME - ok
18:34:02.0796 3784 PDRELI - ok
18:34:02.0859 3784 PDRFRAME - ok
18:34:02.0921 3784 perc2 - ok
18:34:02.0984 3784 perc2hib - ok
18:34:03.0093 3784 pfc (444f122e68db44c0589227781f3c8b3f) C:\WINDOWS\system32\drivers\pfc.sys
18:34:03.0109 3784 pfc - ok
18:34:03.0265 3784 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
18:34:03.0281 3784 PptpMiniport - ok
18:34:03.0359 3784 Processor (9a10e4fd13824823da50d4758bd0a645) C:\WINDOWS\system32\DRIVERS\processr.sys
18:34:03.0375 3784 Processor - ok
18:34:03.0468 3784 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
18:34:03.0468 3784 PSched - ok
18:34:03.0546 3784 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
18:34:03.0546 3784 Ptilink - ok
18:34:03.0609 3784 ql1080 - ok
18:34:03.0671 3784 Ql10wnt - ok
18:34:03.0734 3784 ql12160 - ok
18:34:03.0796 3784 ql1240 - ok
18:34:03.0843 3784 ql1280 - ok
18:34:03.0921 3784 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
18:34:03.0937 3784 RasAcd - ok
18:34:04.0031 3784 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
18:34:04.0031 3784 Rasl2tp - ok
18:34:04.0125 3784 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
18:34:04.0125 3784 RasPppoe - ok
18:34:04.0203 3784 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
18:34:04.0203 3784 Raspti - ok
18:34:04.0328 3784 Rdbss (03b965b1ca47f6ef60eb5e51cb50e0af) C:\WINDOWS\system32\DRIVERS\rdbss.sys
18:34:04.0343 3784 Rdbss - ok
18:34:04.0421 3784 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
18:34:04.0421 3784 RDPCDD - ok
18:34:04.0546 3784 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
18:34:04.0546 3784 rdpdr - ok
18:34:04.0671 3784 RDPWD (b54cd38a9ebfbf2b3561426e3fe26f62) C:\WINDOWS\system32\drivers\RDPWD.sys
18:34:04.0671 3784 RDPWD - ok
18:34:04.0812 3784 redbook (aba13d33e1f888c9a68599a48a8840d6) C:\WINDOWS\system32\DRIVERS\redbook.sys
18:34:04.0812 3784 redbook - ok
18:34:04.0937 3784 Rksample (bb7549bd94d1aac3599c7606c50c48a0) C:\WINDOWS\system32\DRIVERS\HSF_SAMP.sys
18:34:04.0937 3784 Rksample - ok
18:34:05.0062 3784 rtl8139 (8be348f9aeeb4da0005b7f500f46f6ad) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
18:34:05.0062 3784 rtl8139 - ok
18:34:05.0234 3784 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
18:34:05.0234 3784 Secdrv - ok
18:34:05.0343 3784 sensorsview - ok
18:34:05.0437 3784 Ser2pl (6ce397c482bede91a38e56a8c4a0dc6d) C:\WINDOWS\system32\DRIVERS\ser2pl.sys
18:34:05.0437 3784 Ser2pl - ok
18:34:05.0531 3784 serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys
18:34:05.0531 3784 serenum - ok
18:34:05.0640 3784 Serial (c1ddbc85251551a840212999da3d95f3) C:\WINDOWS\system32\DRIVERS\serial.sys
18:34:05.0640 3784 Serial - ok
18:34:05.0859 3784 sfdrv01 (4c0d673281178cb496011a2e28571fc8) C:\WINDOWS\system32\drivers\sfdrv01.sys
18:34:05.0875 3784 sfdrv01 - ok
18:34:05.0953 3784 sfdrv01a (4d0ce0fadca29e7da68ce597ac9010bd) C:\WINDOWS\system32\drivers\sfdrv01a.sys
18:34:05.0953 3784 sfdrv01a - ok
18:34:06.0015 3784 sfhlp02 (daad4c099ebf5094d32c373ac1ac0f3c) C:\WINDOWS\system32\drivers\sfhlp02.sys
18:34:06.0031 3784 sfhlp02 - ok
18:34:06.0125 3784 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
18:34:06.0140 3784 Sfloppy - ok
18:34:06.0250 3784 sfsync02 (6dc03269f4c71e4ab313c3597f42a340) C:\WINDOWS\system32\drivers\sfsync02.sys
18:34:06.0250 3784 sfsync02 - ok
18:34:06.0343 3784 sfvfs02 (107b772690050d3b19cbc637ad8fd96e) C:\WINDOWS\system32\drivers\sfvfs02.sys
18:34:06.0359 3784 sfvfs02 - ok
18:34:06.0437 3784 Simbad - ok
18:34:06.0546 3784 SLIP (5caeed86821fa2c6139e32e9e05ccdc9) C:\WINDOWS\system32\DRIVERS\SLIP.sys
18:34:06.0546 3784 SLIP - ok
18:34:06.0687 3784 SoftFax (d9e8e0ce154a2f6430d9efabdf730867) C:\WINDOWS\system32\DRIVERS\HSF_FAXX.sys
18:34:06.0687 3784 SoftFax - ok
18:34:06.0765 3784 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
18:34:06.0781 3784 SONYPVU1 - ok
18:34:06.0859 3784 Sparrow - ok
18:34:06.0937 3784 SpeakerPhone (6c843c43fd7f0b42cfe477ce88d0f9b3) C:\WINDOWS\system32\DRIVERS\HSF_SPKP.sys
18:34:06.0937 3784 SpeakerPhone - ok
18:34:07.0015 3784 speedfan (5d6401db90ec81b71f8e2c5c8f0fef23) C:\WINDOWS\system32\speedfan.sys
18:34:07.0046 3784 speedfan - ok
18:34:07.0171 3784 splitter (0ce218578fff5f4f7e4201539c45c78f) C:\WINDOWS\system32\drivers\splitter.sys
18:34:07.0171 3784 splitter - ok
18:34:07.0265 3784 sr (a74035ea526db97d9d50d2143a55f5cf) C:\WINDOWS\system32\DRIVERS\sr.sys
18:34:07.0265 3784 sr - ok
18:34:07.0406 3784 Srv (7a4f147cc6b133f905f6e65e2f8669fb) C:\WINDOWS\system32\DRIVERS\srv.sys
18:34:07.0421 3784 Srv - ok
18:34:07.0515 3784 StillCam (06cda2a5a549bc455d004461e6bc5b33) C:\WINDOWS\system32\DRIVERS\serscan.sys
18:34:07.0562 3784 StillCam - ok
18:34:07.0687 3784 streamip (284c57df5dc7abca656bc2b96a667afb) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
18:34:07.0687 3784 streamip - ok
18:34:07.0781 3784 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
18:34:07.0781 3784 swenum - ok
18:34:07.0890 3784 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
18:34:07.0890 3784 swmidi - ok
18:34:07.0984 3784 symc810 - ok
18:34:08.0046 3784 symc8xx - ok
18:34:08.0093 3784 sym_hi - ok
18:34:08.0156 3784 sym_u3 - ok
18:34:08.0218 3784 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
18:34:08.0218 3784 sysaudio - ok
18:34:08.0359 3784 Tcpip (2a5554fc5b1e04e131230e3ce035c3f9) C:\WINDOWS\system32\DRIVERS\tcpip.sys
18:34:08.0375 3784 Tcpip - ok
18:34:08.0453 3784 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
18:34:08.0453 3784 TDPIPE - ok
18:34:08.0562 3784 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
18:34:08.0609 3784 TDTCP - ok
18:34:08.0687 3784 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
18:34:08.0703 3784 TermDD - ok
18:34:08.0828 3784 Tones (8021a499db46b2961c285168671cb9af) C:\WINDOWS\system32\DRIVERS\HSF_TONE.sys
18:34:08.0828 3784 Tones - ok
18:34:08.0890 3784 TosIde - ok
18:34:08.0984 3784 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
18:34:09.0000 3784 Udfs - ok
18:34:09.0062 3784 ultra - ok
18:34:09.0156 3784 Update (aff2e5045961bbc0a602bb6f95eb1345) C:\WINDOWS\system32\DRIVERS\update.sys
18:34:09.0171 3784 Update - ok
18:34:09.0328 3784 usbaudio (45a0d14b26c35497ad93bce7e15c9941) C:\WINDOWS\system32\drivers\usbaudio.sys
18:34:09.0328 3784 usbaudio - ok
18:34:09.0421 3784 usbbus (6e2f566de8b0adf756385195071e7a69) C:\WINDOWS\system32\DRIVERS\lgusbbus.sys
18:34:09.0437 3784 usbbus - ok
18:34:09.0531 3784 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
18:34:09.0546 3784 usbccgp - ok
18:34:09.0625 3784 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys
18:34:09.0687 3784 usbehci - ok
18:34:09.0781 3784 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
18:34:09.0796 3784 usbhub - ok
18:34:09.0890 3784 USBModem (b013b5f6a290a148f00f988a19175a03) C:\WINDOWS\system32\DRIVERS\lgusbmodem.sys
18:34:09.0890 3784 USBModem - ok
18:34:09.0984 3784 usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys
18:34:09.0984 3784 usbprint - ok
18:34:10.0062 3784 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys
18:34:10.0062 3784 usbscan - ok
18:34:10.0125 3784 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
18:34:10.0125 3784 USBSTOR - ok
18:34:10.0203 3784 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
18:34:10.0203 3784 usbuhci - ok
18:34:10.0281 3784 usbvideo (8968ff3973a883c49e8b564200f565b9) C:\WINDOWS\system32\Drivers\usbvideo.sys
18:34:10.0281 3784 usbvideo - ok
18:34:10.0421 3784 V124 (269c0ade94b90029b12497747be408cb) C:\WINDOWS\system32\DRIVERS\HSF_V124.sys
18:34:10.0437 3784 V124 - ok
18:34:10.0515 3784 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
18:34:10.0515 3784 VgaSave - ok
18:34:10.0625 3784 viaagp1 (0e3e3fae3a0a58b8d936a8e841a17d16) C:\WINDOWS\system32\DRIVERS\viaagp1.sys
18:34:10.0640 3784 viaagp1 - ok
18:34:10.0687 3784 ViaIde (59cb1338ad3654417bea49636457f65d) C:\WINDOWS\system32\DRIVERS\viaide.sys
18:34:10.0765 3784 ViaIde - ok
18:34:10.0859 3784 VolSnap (cd8cce067f7e9cbd762c00bdddecaa34) C:\WINDOWS\system32\drivers\VolSnap.sys
18:34:10.0875 3784 VolSnap - ok
18:34:11.0046 3784 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
18:34:11.0062 3784 Wanarp - ok
18:34:11.0109 3784 WDICA - ok
18:34:11.0187 3784 wdmaud (efd235ca22b57c81118c1aeb4798f1c1) C:\WINDOWS\system32\drivers\wdmaud.sys
18:34:11.0203 3784 wdmaud - ok
18:34:11.0468 3784 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\Drivers\wpdusb.sys
18:34:11.0484 3784 WpdUsb - ok
18:34:11.0593 3784 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
18:34:11.0593 3784 WS2IFSL - ok
18:34:11.0718 3784 WSTCODEC (d5842484f05e12121c511aa93f6439ec) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
18:34:11.0734 3784 WSTCODEC - ok
18:34:11.0843 3784 WudfPf (50eb9e21963b4f06fd010d007d54351b) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
18:34:11.0843 3784 WudfPf - ok
18:34:11.0921 3784 WudfRd (6e209664bdea8a15b5e8e480d6c607c2) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
18:34:11.0937 3784 WudfRd - ok
18:34:12.0031 3784 xcpip - ok
18:34:12.0109 3784 xpsec - ok
18:34:12.0203 3784 MBR (0x1B8) (0e1d60863e74698b6255deeb65261da6) \Device\Harddisk0\DR0
18:34:12.0203 3784 \Device\Harddisk0\DR0 ( Backdoor.Win32.Sinowal.knf ) - infected
18:34:12.0203 3784 \Device\Harddisk0\DR0 - detected Backdoor.Win32.Sinowal.knf (0)
18:34:12.0218 3784 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR2
18:34:12.0218 3784 \Device\Harddisk1\DR2 - ok
18:34:12.0265 3784 Boot (0x1200) (1bc405e4ea4e753a1a027c71a056e649) \Device\Harddisk0\DR0\Partition0
18:34:12.0265 3784 \Device\Harddisk0\DR0\Partition0 - ok
18:34:12.0296 3784 Boot (0x1200) (d0785336995e54b98bbae8b03d858ea3) \Device\Harddisk1\DR2\Partition0
18:34:12.0296 3784 \Device\Harddisk1\DR2\Partition0 - ok
18:34:12.0312 3784 ============================================================
18:34:12.0312 3784 Scan finished
18:34:12.0312 3784 ============================================================
18:34:12.0375 3692 Detected object count: 2
18:34:12.0375 3692 Actual detected object count: 2
18:35:19.0437 3692 atapi ( LockedFile.Multi.Generic ) - skipped by user
18:35:19.0437 3692 atapi ( LockedFile.Multi.Generic ) - User select action: Skip
18:35:19.0843 3692 \Device\Harddisk0\DR0\# - copied to quarantine
18:35:19.0843 3692 \Device\Harddisk0\DR0 - copied to quarantine
18:35:19.0859 3692 \Device\Harddisk0\DR0 ( Backdoor.Win32.Sinowal.knf ) - will be cured on reboot
18:35:19.0984 3692 \Device\Harddisk0\DR0 - ok
18:35:19.0984 3692 \Device\Harddisk0\DR0 ( Backdoor.Win32.Sinowal.knf ) - User select action: Cure
18:36:16.0140 3304 Deinitialize success

Restartujte a dejte nový ComboFix.

OK. Tady je log combofix

ComboFix 12-03-11.01 - Administrator 13.03.2012 19:48:19.4.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.1535.1158 [GMT 1:00]
Spuštěný z: c:\documents and settings\Administrator\Plocha\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Data aplikací\ReminderNextRun
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_xcpip
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-02-13 do 2012-03-13 )))))))))))))))))))))))))))))))
.
.
2012-03-13 17:35 . 2012-03-13 17:35 -------- d-----w- C:\TDSSKiller_Quarantine
2012-03-13 16:47 . 2012-03-07 00:01 20696 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-03-13 16:47 . 2012-03-07 00:03 337880 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-03-13 16:47 . 2012-03-07 00:02 35672 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-03-13 16:47 . 2012-03-07 00:03 612184 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-03-13 16:47 . 2012-03-07 00:01 53848 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-03-13 16:47 . 2012-03-07 00:01 95704 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2012-03-13 16:47 . 2012-03-07 00:01 89048 ----a-w- c:\windows\system32\drivers\aswmon.sys
2012-03-13 16:47 . 2012-03-06 23:58 24920 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2012-03-13 16:46 . 2012-03-07 00:15 41184 ----a-w- c:\windows\avastSS.scr
2012-03-13 16:46 . 2012-03-07 00:15 201352 ----a-w- c:\windows\system32\aswBoot.exe
2012-03-13 16:46 . 2012-03-13 16:46 -------- d-----w- c:\program files\AVAST Software
2012-03-13 16:46 . 2012-03-13 16:46 -------- d-----w- c:\documents and settings\All Users\Data aplikací\AVAST Software
2012-03-13 15:51 . 2004-09-20 00:59 29696 ------w- c:\windows\system32\FILTER.AX
2012-03-13 15:51 . 2004-09-20 00:59 15790 ------w- c:\windows\system32\drivers\NVXBAR.SYS
2012-03-13 15:51 . 2004-09-20 00:59 140732 ------w- c:\windows\system32\drivers\NVCAP.SYS
2012-03-11 18:36 . 2012-03-11 18:36 0 --sh--w- c:\windows\S8A385048.tmp
2012-03-11 18:30 . 2012-03-11 18:30 -------- d-----w- C:\_OTM
2012-03-11 16:16 . 2012-03-11 16:16 -------- d-----w- c:\documents and settings\LocalService\Plocha
2012-03-11 16:08 . 2012-03-11 16:08 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Lavasoft
2012-03-11 15:40 . 2012-03-13 17:44 -------- d-----w- c:\program files\trend micro
2012-03-11 15:32 . 2012-03-11 15:33 -------- d-----w- C:\rsit
2012-03-09 14:04 . 2012-03-09 14:04 -------- d-----w- c:\windows\system32\wbem\Repository
2012-03-09 14:04 . 2012-03-09 14:04 -------- d-----w- C:\TopCD
2012-03-06 07:01 . 2012-03-07 14:26 -------- d-----w- c:\documents and settings\Administrator\Data aplikací\Screaming Bee
2012-03-06 07:00 . 2012-03-07 14:21 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Screaming Bee
2012-02-14 16:48 . 2012-02-14 16:48 -------- d-----w- C:\UDK
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-04 17:19 . 2005-11-13 16:00 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2004-08-03 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\atapi.sys
[-] 2004-08-03 21:59 . !HASH: COULD NOT OPEN FILE !!!!! . 95360 . . [------] . . c:\windows\system32\drivers\atapi.sys
.
((((((((((((((((((((((((((((( SnapShot@2012-03-11_20.49.09 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-11 23:02 . 2009-07-11 23:02 51008 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_f0ccd4aa\vcomp90.dll
+ 2009-07-11 23:02 . 2009-07-11 23:02 59728 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90rus.dll
+ 2009-07-11 23:02 . 2009-07-11 23:02 42832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90kor.dll
+ 2009-07-11 23:02 . 2009-07-11 23:02 43344 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90jpn.dll
+ 2009-07-11 23:02 . 2009-07-11 23:02 61264 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90ita.dll
+ 2009-07-11 23:02 . 2009-07-11 23:02 36688 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90cht.dll
+ 2009-07-11 23:02 . 2009-07-11 23:02 35648 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90chs.dll
+ 2009-07-11 23:02 . 2009-07-11 23:02 62800 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90fra.dll
+ 2009-07-11 23:02 . 2009-07-11 23:02 61760 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esp.dll
+ 2009-07-11 23:02 . 2009-07-11 23:02 61776 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esn.dll
+ 2009-07-11 23:02 . 2009-07-11 23:02 53568 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90enu.dll
+ 2009-07-11 23:02 . 2009-07-11 23:02 63296 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90deu.dll
+ 2009-07-11 23:05 . 2009-07-11 23:05 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90u.dll
+ 2009-07-11 23:05 . 2009-07-11 23:05 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90.dll
+ 2012-03-13 19:15 . 2012-03-13 19:15 16384 c:\windows\Temp\Perflib_Perfdata_198.dat
+ 2012-03-13 16:54 . 2005-04-22 02:54 81920 c:\windows\system32\ReinstallBackups\0015\DriverFiles\nvwddi.dll
+ 2012-03-13 16:54 . 2005-04-22 02:54 86016 c:\windows\system32\ReinstallBackups\0015\DriverFiles\nvmctray.dll
+ 2012-03-13 16:54 . 2005-04-22 02:54 32256 c:\windows\system32\ReinstallBackups\0015\DriverFiles\nvcod.dll
+ 2004-06-04 18:35 . 2004-08-17 14:49 54272 c:\windows\system32\dllcache\vfwwdm32.dll
+ 2004-12-30 18:14 . 2004-08-03 22:08 48640 c:\windows\system32\dllcache\stream.sys
- 2009-11-27 17:35 . 2009-11-27 17:35 17920 c:\windows\system32\dllcache\msyuv.dll
+ 2004-12-30 18:14 . 2009-11-27 17:35 17920 c:\windows\system32\dllcache\msyuv.dll
- 2009-11-27 16:40 . 2009-11-27 16:40 48128 c:\windows\system32\dllcache\iyuv_32.dll
+ 2001-10-24 12:24 . 2009-11-27 16:40 48128 c:\windows\system32\dllcache\iyuv_32.dll
+ 2005-07-27 11:09 . 2004-08-03 22:08 60288 c:\windows\system32\dllcache\drmk.sys
+ 2001-10-24 12:25 . 2009-11-27 16:40 8704 c:\windows\system32\dllcache\tsbyuv.dll
- 2009-11-27 16:40 . 2009-11-27 16:40 8704 c:\windows\system32\dllcache\tsbyuv.dll
+ 2004-12-30 18:14 . 2004-08-17 14:49 4096 c:\windows\system32\dllcache\ksuser.dll
+ 2009-07-11 23:02 . 2009-07-11 23:02 653120 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcr90.dll
+ 2009-07-11 23:02 . 2009-07-11 23:02 569664 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcp90.dll
+ 2009-07-11 23:05 . 2009-07-11 23:05 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcm90.dll
+ 2009-07-11 23:02 . 2009-07-11 23:02 159032 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_353599c2\atl90.dll
+ 2012-03-13 16:54 . 2005-04-22 02:54 127043 c:\windows\system32\ReinstallBackups\0015\DriverFiles\nvsvc32.exe
+ 2012-03-13 16:54 . 2005-04-22 02:54 286720 c:\windows\system32\ReinstallBackups\0015\DriverFiles\nvnt4cpl.dll
+ 2012-03-13 16:54 . 2005-04-22 02:54 548864 c:\windows\system32\ReinstallBackups\0015\DriverFiles\nvhwvid.dll
+ 2005-04-22 02:54 . 2005-04-22 02:54 167936 c:\windows\system32\nvwrszht.dll
+ 2005-04-22 02:54 . 2005-04-22 02:54 163840 c:\windows\system32\nvwrszhc.dll
+ 2005-04-22 02:54 . 2005-04-22 02:54 299008 c:\windows\system32\nvwrstr.dll
+ 2005-04-22 02:54 . 2005-04-22 02:54 294912 c:\windows\system32\nvwrssv.dll
+ 2005-04-22 02:54 . 2005-04-22 02:54 299008 c:\windows\system32\nvwrssl.dll
+ 2005-04-22 02:54 . 2005-04-22 02:54 294912 c:\windows\system32\nvwrssk.dll
+ 2005-04-22 02:54 . 2005-04-22 02:54 311296 c:\windows\system32\nvwrsru.dll
+ 2005-04-22 02:54 . 2005-04-22 02:54 315392 c:\windows\system32\nvwrsptb.dll
+ 2005-04-22 02:54 . 2005-04-22 02:54 319488 c:\windows\system32\nvwrspt.dll
+ 2005-04-22 02:54 . 2005-04-22 02:54 294912 c:\windows\system32\nvwrspl.dll
+ 2005-04-22 02:54 . 2005-04-22 02:54 294912 c:\windows\system32\nvwrsno.dll
+ 2005-04-22 02:54 . 2005-04-22 02:54 315392 c:\windows\system32\nvwrsnl.dll
+ 2005-04-22 02:54 . 2005-04-22 02:54 196608 c:\windows\system32\nvwrsko.dll
+ 2005-04-22 02:54 . 2005-04-22 02:54 208896 c:\windows\system32\nvwrsja.dll
+ 2005-04-22 02:54 . 2005-04-22 02:54 319488 c:\windows\system32\nvwrsit.dll
+ 2005-04-22 02:54 . 2005-04-22 02:54 311296 c:\windows\system32\nvwrshu.dll
+ 2005-04-22 02:54 . 2005-04-22 02:54 274432 c:\windows\system32\nvwrshe.dll
+ 2005-04-22 02:54 . 2005-04-22 02:54 323584 c:\windows\system32\nvwrsfr.dll
+ 2005-04-22 02:54 . 2005-04-22 02:54 299008 c:\windows\system32\nvwrsfi.dll
+ 2005-04-22 02:54 . 2005-04-22 02:54 323584 c:\windows\system32\nvwrsesm.dll
+ 2005-04-22 02:54 . 2005-04-22 02:54 331776 c:\windows\system32\nvwrses.dll
+ 2005-04-22 02:54 . 2005-04-22 02:54 282624 c:\windows\system32\nvwrseng.dll
+ 2005-04-22 02:54 . 2005-04-22 02:54 331776 c:\windows\system32\nvwrsel.dll
+ 2005-04-22 02:54 . 2005-04-22 02:54 307200 c:\windows\system32\nvwrsde.dll
+ 2005-04-22 02:54 . 2005-04-22 02:54 294912 c:\windows\system32\nvwrsda.dll
+ 2005-04-22 02:54 . 2005-04-22 02:54 282624 c:\windows\system32\nvwrscs.dll
+ 2005-04-22 02:54 . 2005-04-22 02:54 278528 c:\windows\system32\nvwrsar.dll
+ 2009-04-30 22:31 . 2005-04-22 02:54 466944 c:\windows\system32\nvshell.dll
- 2009-04-30 22:31 . 2007-12-05 00:41 466944 c:\windows\system32\nvshell.dll
+ 2005-04-22 02:54 . 2005-04-22 02:54 114688 c:\windows\system32\nvrszht.dll
+ 2005-04-22 02:54 . 2005-04-22 02:54 212992 c:\windows\system32\nvrszhc.dll
+ 2005-04-22 02:54 . 2005-04-22 02:54 241664 c:\windows\system32\nvrstr.dll
+ 2005-04-22 02:54 . 2005-04-22 02:54 241664 c:\windows\system32\nvrssv.dll
+ 2005-04-22 02:54 . 2005-04-22 02:54 241664 c:\windows\system32\nvrssl.dll
+ 2005-04-22 02:54 . 2005-04-22 02:54 241664 c:\windows\system32\nvrssk.dll
+ 2005-04-22 02:54 . 2005-04-22 02:54 253952 c:\windows\system32\nvrsru.dll
+ 2005-04-22 02:54 . 2005-04-22 02:54 253952 c:\windows\system32\nvrsptb.dll
+ 2005-04-22 02:54 . 2005-04-22 02:54 258048 c:\windows\system32\nvrspt.dll
+ 2005-04-22 02:54 . 2005-04-22 02:54 241664 c:\windows\system32\nvrspl.dll
+ 2005-04-22 02:54 . 2005-04-22 02:54 241664 c:\windows\system32\nvrsno.dll
+ 2005-04-22 02:54 . 2005-04-22 02:54 258048 c:\windows\system32\nvrsnl.dll
+ 2005-04-22 02:54 . 2005-04-22 02:54 249856 c:\windows\system32\nvrsko.dll
+ 2005-04-22 02:54 . 2005-04-22 02:54 253952 c:\windows\system32\nvrsja.dll
+ 2005-04-22 02:54 . 2005-04-22 02:54 266240 c:\windows\system32\nvrsit.dll
+ 2005-04-22 02:54 . 2005-04-22 02:54 245760 c:\windows\system32\nvrshu.dll
+ 2005-04-22 02:54 . 2005-04-22 02:54 311296 c:\windows\system32\nvrshe.dll
+ 2005-04-22 02:54 . 2005-04-22 02:54 270336 c:\windows\system32\nvrsfr.dll
+ 2005-04-22 02:54 . 2005-04-22 02:54 233472 c:\windows\system32\nvrsfi.dll
+ 2005-04-22 02:54 . 2005-04-22 02:54 258048 c:\windows\system32\nvrsesm.dll
+ 2005-04-22 02:54 . 2005-04-22 02:54 266240 c:\windows\system32\nvrses.dll
+ 2005-04-22 02:54 . 2005-04-22 02:54 233472 c:\windows\system32\nvrseng.dll
+ 2005-04-22 02:54 . 2005-04-22 02:54 270336 c:\windows\system32\nvrsel.dll
+ 2005-04-22 02:54 . 2005-04-22 02:54 262144 c:\windows\system32\nvrsde.dll
+ 2005-04-22 02:54 . 2005-04-22 02:54 241664 c:\windows\system32\nvrsda.dll
+ 2005-04-22 02:54 . 2005-04-22 02:54 233472 c:\windows\system32\nvrscs.dll
+ 2005-04-22 02:54 . 2005-04-22 02:54 311296 c:\windows\system32\nvrsar.dll
- 2009-04-30 22:30 . 2007-12-05 00:41 147456 c:\windows\system32\nvcolor.exe
+ 2009-04-30 22:30 . 2005-04-22 02:54 147456 c:\windows\system32\nvcolor.exe
- 2009-04-30 22:31 . 2007-12-05 00:41 442368 c:\windows\system32\nvappbar.exe
+ 2009-04-30 22:31 . 2005-04-22 02:54 442368 c:\windows\system32\nvappbar.exe
+ 2009-04-30 22:31 . 2005-04-22 02:54 393216 c:\windows\system32\keystone.exe
+ 2005-07-27 11:09 . 2004-08-03 22:15 145792 c:\windows\system32\dllcache\portcls.sys
+ 2004-12-30 18:14 . 2004-08-03 22:15 140928 c:\windows\system32\dllcache\ks.sys
+ 2012-03-13 16:46 . 2012-03-13 16:46 219648 c:\windows\Installer\b7cd1.msi
+ 2009-07-11 23:02 . 2009-07-11 23:02 3780424 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90u.dll
+ 2009-07-11 23:02 . 2009-07-11 23:02 3765048 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90.dll
+ 2012-03-13 16:54 . 2005-04-22 02:54 5115904 c:\windows\system32\ReinstallBackups\0015\DriverFiles\nvoglnt.dll
+ 2012-03-13 16:54 . 2005-04-22 02:54 5898240 c:\windows\system32\ReinstallBackups\0015\DriverFiles\nvcpl.dll
+ 2012-03-13 16:54 . 2005-04-22 02:54 3095680 c:\windows\system32\ReinstallBackups\0015\DriverFiles\nv4_mini.sys
+ 2012-03-13 16:54 . 2005-04-22 02:54 3849344 c:\windows\system32\ReinstallBackups\0015\DriverFiles\nv4_disp.dll
+ 2009-04-30 22:31 . 2005-04-22 02:54 1519616 c:\windows\system32\nwiz.exe
+ 2009-04-30 22:31 . 2005-04-22 02:54 1019904 c:\windows\system32\nvwimg.dll
- 2009-04-30 22:31 . 2007-12-05 00:41 1019904 c:\windows\system32\nvwimg.dll
+ 2009-04-30 22:31 . 2005-04-22 02:54 1662976 c:\windows\system32\nvwdmcpl.dll
+ 2009-04-30 22:31 . 2005-04-22 02:54 1462272 c:\windows\system32\nview.dll
- 2007-12-05 00:41 . 2007-12-05 00:41 1339392 c:\windows\system32\nvdspsch.exe
+ 2007-12-05 00:41 . 2005-04-22 02:54 1339392 c:\windows\system32\nvdspsch.exe
.
-- Snímek resetován k současnému datu --
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-07 00:15 123536 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Seznam Postak"="c:\program files\Seznam.cz\postak.exe" [2009-09-23 434840]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"mouseElf"="c:\progra~1\GENIUS~1\GNETMOUS.EXE" [2002-08-20 172032]
"HPDJ Taskbar Utility"="c:\windows\System32\spool\drivers\w32x86\3\hpztsb11.exe" [2004-04-06 172032]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"SoundMan"="SOUNDMAN.EXE" [2003-08-15 57344]
"KMCONFIG"="c:\program files\Silvercrest MTS2218 driver\StartAutorun.exe" [2008-05-30 212992]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-03 37296]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-04-22 5898240]
"nwiz"="nwiz.exe" [2005-04-22 1519616]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-07 4241512]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-04-22 86016]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"PcSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-11-09 1634304]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2006-10-04 54784]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SynchronousMachineGroupPolicy"= 0 (0x0)
"SynchronousUserGroupPolicy"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoSecCpl"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoStrCmpLogical"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMBalloonTip"= 1 (0x1)
"MemCheckBoxInRunDlg"= 0 (0x0)
"NoResolveTrack"= 0 (0x0)
"NoWelcomeScreen"= 1 (0x1)
"NoRecentDocsNetHood"= 1 (0x1)
"NoStartMenuSubFolders"= 0 (0x0)
"NoCommonGroups"= 0 (0x0)
"NoPrinters"= 0 (0x0)
"NoChangeAnimation"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{93994DE8-8239-4655-B1D1-5F4E91300429}"= "c:\progra~1\DVDIdle Pro\DVDShell.dll" [2004-10-09 49152]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"CHotkey"=mHotkey.exe
"ISUSPM Startup"=c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe"
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe"
"HPHUPD06"=c:\program files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
"TO2SSM_McciTrayApp"=c:\program files\TO2SSM\McciTrayApp.exe
"HPHmon06"=c:\windows\System32\hphmon06.exe
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
"PCSuiteTrayApplication"=c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
"nwiz"=nwiz.exe /install
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" -start
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"UpdateReminder"=c:\program files\Eset\UpdateReminder.exe
"NvMediaCenter"=RUNDLL32.EXE c:\windows\System32\NvMcTray.dll,NvTaskbarInit
"NvCplDaemon"=RUNDLL32.EXE c:\windows\System32\NvCpl.dll,NvStartup
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\MC2\\Sniper Elite\\SniperElite.exe"=
"c:\\Program Files\\Eidos\\Pyro Studios\\Commandos Strike Force\\CommXPC.exe"=
"c:\\WINDOWS\\system32\\java.exe"=
"c:\\Program Files\\Sierra\\FEAR\\FEAR.exe"=
"c:\\Program Files\\TmUnitedForever\\TmForever.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\Sierra Entertainment\\TimeShift\\bin\\TimeShift.exe"=
"c:\\Program Files\\Metin2\\metin2client.bin"=
"c:\\Program Files\\Metin2\\metin2.bin"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\ASUS\\OLink\\MyNeighbors.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\ASUS O!Play Tools\\O!Play moServices Manager\\OPlaySM.exe"=
"c:\\Program Files\\Readon Technology\\Readon TV Movie Radio Player 7.3.0.0\\internettv.exe"=
"c:\\Program Files\\FreeFileViewer\\FFVCheckForUpdates.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:Remote Desktop
"65533:TCP"= 65533:TCP:Services
"52344:TCP"= 52344:TCP:Services
.
R0 a347bus;a347bus;c:\windows\system32\drivers\a347bus.sys [9.1.2005 16:31 160640]
R0 a347scsi;a347scsi;c:\windows\system32\drivers\a347scsi.sys [9.1.2005 16:31 5248]
R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\system32\drivers\sfdrv01a.sys [5.7.2006 13:46 63352]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [13.3.2012 17:47 612184]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [13.3.2012 17:47 337880]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [13.3.2012 17:47 20696]
R2 KMWDSERVICE;Keyboard And Mouse Communication Service;c:\program files\Silvercrest MTS2218 driver\KMWDSrv.exe [30.5.2008 1:17 208896]
R3 Pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [17.9.2006 11:42 47360]
S0 ElbyVCD;ElbyVCD;c:\windows\system32\DRIVERS\ElbyVCD.sys --> c:\windows\system32\DRIVERS\ElbyVCD.sys [?]
S1 sensorsview;sensorsview;\??\c:\program files\SensorsViewPro41\drv\sensorsview32.sys --> c:\program files\SensorsViewPro41\drv\sensorsview32.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 13:16 130384]
S2 sfrem02;FrontLine Drivers Auto Removal (v2);c:\windows\system32\sfrem02.exe svc --> c:\windows\system32\sfrem02.exe svc [?]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys --> c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.3.2010 13:16 753504]
S3 xpsec;Ovladač IPSEC;c:\windows\system32\drivers\xpsec.sys --> c:\windows\system32\drivers\xpsec.sys [?]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'
.
2012-03-13 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2008\OneClickStarter.exe [2008-06-20 07:09]
.
2012-03-13 c:\windows\Tasks\FreeFileViewerUpdateChecker.job
- c:\program files\FreeFileViewer\FFVCheckForUpdates.exe [2011-08-02 13:24]
.
2012-03-13 c:\windows\Tasks\HP Usg Daily.job
- c:\program files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\pexpress\hphped05.exe [2004-06-07 05:35]
.
2012-03-13 c:\windows\Tasks\User_Feed_Synchronization-{672D6087-66A5-4D32-BBEB-6B9456A06600}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 02:31]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uInternet Connection Wizard,ShellNext = iexplore
IE: {{0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - {E601996F-E400-41CA-804B-CD6373A7EEE2} -
TCP: DhcpNameServer = 10.0.0.138
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-03-13 20:16
Windows 5.1.2600 Service Pack 2 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-1177238915-1897051121-725345543-500\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-1177238915-1897051121-725345543-500\Software\Policies\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (Administrator)
@Allowed: (Read) (Administrator)
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(764)
c:\windows\system32\vorbis.dll
c:\windows\system32\ogg.dll
.
- - - - - - - > 'lsass.exe'(820)
c:\windows\system32\vorbis.dll
c:\windows\system32\ogg.dll
.
- - - - - - - > 'explorer.exe'(2944)
c:\windows\system32\vorbis.dll
c:\windows\system32\ogg.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 6\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 6\PCSCM.dll
c:\program files\PC Connectivity Solution\ConnAPI.DLL
c:\program files\Nokia\Nokia PC Suite 6\Lang\PhoneBrowser_cze.nlr
c:\program files\Nokia\Nokia PC Suite 6\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\windows\system32\nvsvc32.exe
c:\windows\System32\oodag.exe
c:\windows\system32\wscntfy.exe
c:\windows\SOUNDMAN.EXE
c:\program files\Silvercrest MTS2218 driver\KMConfig.exe
c:\program files\Silvercrest MTS2218 driver\KMProcess.exe
.
**************************************************************************
.
Celkový čas: 2012-03-13 20:20:08 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-03-13 19:20
ComboFix2.txt 2012-03-13 14:21
ComboFix3.txt 2012-03-12 14:32
ComboFix4.txt 2012-03-11 20:52
.
Před spuštěním: Volných bajtů: 44 808 032 256
Po spuštění: Volných bajtů: 44 804 333 568
.
- - End Of File - - 1A74013D459419FAF40F185A2F9F071E

Ještě jednou spusťte CF tímto skriptem:

FCopy::
c:\windows\ServicePackFiles\i386\atapi.sys | c:\windows\system32\drivers\atapi.sys

Super,tady je log

ComboFix 12-03-11.01 - Administrator 14.03.2012 15:45:48.5.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.1535.1090 [GMT 1:00]
Spuštěný z: c:\documents and settings\Administrator\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Administrator\Plocha\CFScript.txt.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
--------------- FCopy ---------------
.
c:\windows\ServicePackFiles\i386\atapi.sys --> c:\windows\system32\drivers\atapi.sys
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-02-14 do 2012-03-14 )))))))))))))))))))))))))))))))
.
.
2012-03-13 17:35 . 2012-03-13 17:35 -------- d-----w- C:\TDSSKiller_Quarantine
2012-03-13 16:47 . 2012-03-07 00:01 20696 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-03-13 16:47 . 2012-03-07 00:03 337880 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-03-13 16:47 . 2012-03-07 00:02 35672 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-03-13 16:47 . 2012-03-07 00:03 612184 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-03-13 16:47 . 2012-03-07 00:01 53848 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-03-13 16:47 . 2012-03-07 00:01 95704 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2012-03-13 16:47 . 2012-03-07 00:01 89048 ----a-w- c:\windows\system32\drivers\aswmon.sys
2012-03-13 16:47 . 2012-03-06 23:58 24920 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2012-03-13 16:46 . 2012-03-07 00:15 41184 ----a-w- c:\windows\avastSS.scr
2012-03-13 16:46 . 2012-03-07 00:15 201352 ----a-w- c:\windows\system32\aswBoot.exe
2012-03-13 16:46 . 2012-03-13 16:46 -------- d-----w- c:\program files\AVAST Software
2012-03-13 16:46 . 2012-03-13 16:46 -------- d-----w- c:\documents and settings\All Users\Data aplikací\AVAST Software
2012-03-13 15:51 . 2004-09-20 00:59 29696 ------w- c:\windows\system32\FILTER.AX
2012-03-13 15:51 . 2004-09-20 00:59 15790 ------w- c:\windows\system32\drivers\NVXBAR.SYS
2012-03-13 15:51 . 2004-09-20 00:59 140732 ------w- c:\windows\system32\drivers\NVCAP.SYS
2012-03-11 18:36 . 2012-03-11 18:36 0 --sh--w- c:\windows\S8A385048.tmp
2012-03-11 18:30 . 2012-03-11 18:30 -------- d-----w- C:\_OTM
2012-03-11 16:16 . 2012-03-11 16:16 -------- d-----w- c:\documents and settings\LocalService\Plocha
2012-03-11 16:08 . 2012-03-11 16:08 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Lavasoft
2012-03-11 15:40 . 2012-03-13 17:44 -------- d-----w- c:\program files\trend micro
2012-03-11 15:32 . 2012-03-11 15:33 -------- d-----w- C:\rsit
2012-03-09 14:04 . 2012-03-09 14:04 -------- d-----w- c:\windows\system32\wbem\Repository
2012-03-09 14:04 . 2012-03-09 14:04 -------- d-----w- C:\TopCD
2012-03-06 07:01 . 2012-03-07 14:26 -------- d-----w- c:\documents and settings\Administrator\Data aplikací\Screaming Bee
2012-03-06 07:00 . 2012-03-07 14:21 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Screaming Bee
2012-02-14 16:48 . 2012-02-14 16:48 -------- d-----w- C:\UDK
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-04 17:19 . 2005-11-13 16:00 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
.
.
((((((((((((((((((((((((((((( SnapShot_2012-03-13_19.16.08 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-03-14 14:02 . 2012-03-14 14:02 16384 c:\windows\Temp\Perflib_Perfdata_3d4.dat
+ 2002-08-28 23:27 . 2004-08-03 21:59 95360 c:\windows\system32\dllcache\atapi.sys
+ 2008-11-04 15:46 . 2012-03-14 14:09 54215544 c:\windows\system32\MRT.exe
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-07 00:15 123536 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Seznam Postak"="c:\program files\Seznam.cz\postak.exe" [2009-09-23 434840]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"mouseElf"="c:\progra~1\GENIUS~1\GNETMOUS.EXE" [2002-08-20 172032]
"HPDJ Taskbar Utility"="c:\windows\System32\spool\drivers\w32x86\3\hpztsb11.exe" [2004-04-06 172032]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"SoundMan"="SOUNDMAN.EXE" [2003-08-15 57344]
"KMCONFIG"="c:\program files\Silvercrest MTS2218 driver\StartAutorun.exe" [2008-05-30 212992]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-03 37296]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-04-22 5898240]
"nwiz"="nwiz.exe" [2005-04-22 1519616]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-07 4241512]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-04-22 86016]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"PcSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-11-09 1634304]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2006-10-04 54784]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SynchronousMachineGroupPolicy"= 0 (0x0)
"SynchronousUserGroupPolicy"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoSecCpl"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoStrCmpLogical"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMBalloonTip"= 1 (0x1)
"MemCheckBoxInRunDlg"= 0 (0x0)
"NoResolveTrack"= 0 (0x0)
"NoWelcomeScreen"= 1 (0x1)
"NoRecentDocsNetHood"= 1 (0x1)
"NoStartMenuSubFolders"= 0 (0x0)
"NoCommonGroups"= 0 (0x0)
"NoPrinters"= 0 (0x0)
"NoChangeAnimation"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{93994DE8-8239-4655-B1D1-5F4E91300429}"= "c:\progra~1\DVDIdle Pro\DVDShell.dll" [2004-10-09 49152]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"CHotkey"=mHotkey.exe
"ISUSPM Startup"=c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe"
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe"
"HPHUPD06"=c:\program files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
"TO2SSM_McciTrayApp"=c:\program files\TO2SSM\McciTrayApp.exe
"HPHmon06"=c:\windows\System32\hphmon06.exe
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
"PCSuiteTrayApplication"=c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
"nwiz"=nwiz.exe /install
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" -start
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"UpdateReminder"=c:\program files\Eset\UpdateReminder.exe
"NvMediaCenter"=RUNDLL32.EXE c:\windows\System32\NvMcTray.dll,NvTaskbarInit
"NvCplDaemon"=RUNDLL32.EXE c:\windows\System32\NvCpl.dll,NvStartup
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\MC2\\Sniper Elite\\SniperElite.exe"=
"c:\\Program Files\\Eidos\\Pyro Studios\\Commandos Strike Force\\CommXPC.exe"=
"c:\\WINDOWS\\system32\\java.exe"=
"c:\\Program Files\\Sierra\\FEAR\\FEAR.exe"=
"c:\\Program Files\\TmUnitedForever\\TmForever.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\Sierra Entertainment\\TimeShift\\bin\\TimeShift.exe"=
"c:\\Program Files\\Metin2\\metin2client.bin"=
"c:\\Program Files\\Metin2\\metin2.bin"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\ASUS\\OLink\\MyNeighbors.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\ASUS O!Play Tools\\O!Play moServices Manager\\OPlaySM.exe"=
"c:\\Program Files\\Readon Technology\\Readon TV Movie Radio Player 7.3.0.0\\internettv.exe"=
"c:\\Program Files\\FreeFileViewer\\FFVCheckForUpdates.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:Remote Desktop
"65533:TCP"= 65533:TCP:Services
"52344:TCP"= 52344:TCP:Services
.
R0 a347bus;a347bus;c:\windows\system32\drivers\a347bus.sys [9.1.2005 16:31 160640]
R0 a347scsi;a347scsi;c:\windows\system32\drivers\a347scsi.sys [9.1.2005 16:31 5248]
R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\system32\drivers\sfdrv01a.sys [5.7.2006 13:46 63352]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [13.3.2012 17:47 612184]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [13.3.2012 17:47 337880]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [13.3.2012 17:47 20696]
R2 KMWDSERVICE;Keyboard And Mouse Communication Service;c:\program files\Silvercrest MTS2218 driver\KMWDSrv.exe [30.5.2008 1:17 208896]
R3 Pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [17.9.2006 11:42 47360]
S0 ElbyVCD;ElbyVCD;c:\windows\system32\DRIVERS\ElbyVCD.sys --> c:\windows\system32\DRIVERS\ElbyVCD.sys [?]
S1 sensorsview;sensorsview;\??\c:\program files\SensorsViewPro41\drv\sensorsview32.sys --> c:\program files\SensorsViewPro41\drv\sensorsview32.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 13:16 130384]
S2 sfrem02;FrontLine Drivers Auto Removal (v2);c:\windows\system32\sfrem02.exe svc --> c:\windows\system32\sfrem02.exe svc [?]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys --> c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.3.2010 13:16 753504]
S3 xpsec;Ovladač IPSEC;c:\windows\system32\drivers\xpsec.sys --> c:\windows\system32\drivers\xpsec.sys [?]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'
.
2012-03-14 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2008\OneClickStarter.exe [2008-06-20 07:09]
.
2012-03-14 c:\windows\Tasks\FreeFileViewerUpdateChecker.job
- c:\program files\FreeFileViewer\FFVCheckForUpdates.exe [2011-08-02 13:24]
.
2012-03-13 c:\windows\Tasks\HP Usg Daily.job
- c:\program files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\pexpress\hphped05.exe [2004-06-07 05:35]
.
2012-03-13 c:\windows\Tasks\User_Feed_Synchronization-{672D6087-66A5-4D32-BBEB-6B9456A06600}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 02:31]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uInternet Connection Wizard,ShellNext = iexplore
IE: {{0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - {E601996F-E400-41CA-804B-CD6373A7EEE2} -
TCP: DhcpNameServer = 10.0.0.138
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-03-14 16:04
Windows 5.1.2600 Service Pack 2 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-1177238915-1897051121-725345543-500\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-1177238915-1897051121-725345543-500\Software\Policies\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (Administrator)
@Allowed: (Read) (Administrator)
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(760)
c:\windows\system32\vorbis.dll
c:\windows\system32\ogg.dll
.
- - - - - - - > 'lsass.exe'(816)
c:\windows\system32\vorbis.dll
c:\windows\system32\ogg.dll
.
- - - - - - - > 'explorer.exe'(3576)
c:\windows\system32\vorbis.dll
c:\windows\system32\ogg.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Celkový čas: 2012-03-14 16:07:02
ComboFix-quarantined-files.txt 2012-03-14 15:06
ComboFix2.txt 2012-03-13 19:20
ComboFix3.txt 2012-03-13 14:21
ComboFix4.txt 2012-03-12 14:32
ComboFix5.txt 2012-03-14 14:33
.
Před spuštěním: Volných bajtů: 44 544 159 744
Po spuštění: Volných bajtů: 44 553 576 448
.
- - End Of File - - F1D01299DD1377153558DF6A0BCF2FDE

Log je již čistý. Nastala nějaká změna?

Ano,zdá se ,že vše běhá tak jak má.
Všechny problémy zmizeli,počítač pracuje jak má

Moc vám děkuji,jste velmi ochotný a opravdu odborník.

V dnešní době opravdu obdivuhodné

Ještě jednou MOC MOC díky

Kyzi

Rádo se stalo!