VIRY.CZ

Combofix zjistil, že nemám konzoli pro zotavení nebo pro poslední konfiguraci, omlouvám se nepamatuji si přesně, tak jsem povolil aby si ji stáhl. Neproběhl restart. Na ploše se mi objevil zástupce internet explorer a po přihlášení mi to oznámilo, že mozzila není nastavena jako výchozí prohlížeč. Tak jsem nic nepo...

zde je log

ComboFix 13-08-09.02 - Roman 10.08.2013 17:23:04.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1250.420.1033.18.3062.2425 [GMT 2:00]
Spuštěný z: c:\documents and settings\Roman\Desktop\ComboFix.exe
AV: ESET Smart Security 6.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET personal firewall *Enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\1365944781.2052.bin
c:\documents and settings\All Users\Application Data\1365944781.3472.bin
c:\documents and settings\All Users\Application Data\1365944781.3540.bin
c:\documents and settings\All Users\Application Data\1365944781.3552.bin
c:\documents and settings\All Users\Application Data\1365944781.3696.bin
c:\documents and settings\All Users\Application Data\1365944781.3800.bin
c:\documents and settings\All Users\Application Data\1365944781.3804.bin
c:\documents and settings\All Users\Application Data\1365944781.3808.bin
c:\documents and settings\All Users\Application Data\1365944781.3840.bin
c:\documents and settings\All Users\Application Data\1365944781.3844.bin
c:\documents and settings\All Users\Application Data\1365944781.4072.bin
c:\documents and settings\All Users\Application Data\1366379054.bdinstall.bin
c:\documents and settings\All Users\Application Data\1366379634.bdinstall.bin
c:\documents and settings\All Users\Application Data\TEMP
c:\windows\iun6002.exe
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\system32\AegisI5Installer.exe
c:\windows\wininit.ini
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-07-10 do 2013-08-10 )))))))))))))))))))))))))))))))
.
.
2013-08-10 09:15 . 2013-08-10 09:16 -------- d-----w- c:\program files\trend micro
2013-08-10 09:15 . 2013-08-10 09:16 -------- d-----w- C:\rsit
2013-08-10 01:24 . 2013-08-10 01:24 -------- d-----w- c:\program files\Ableton
2013-08-10 01:17 . 2013-08-10 01:17 -------- d-----w- c:\program files\MixMeister BPM Analyzer
2013-08-10 00:22 . 2013-08-10 00:22 -------- d-----w- c:\documents and settings\Roman\Application Data\Cycling '74
2013-08-10 00:22 . 2013-08-10 00:22 -------- d-----w- c:\documents and settings\Roman\Application Data\PACE Anti-Piracy
2013-08-10 00:22 . 2013-08-10 00:22 -------- d-----w- c:\documents and settings\All Users\Application Data\PACE Anti-Piracy
2013-08-10 00:22 . 2013-08-10 00:22 -------- d-----w- c:\program files\Common Files\PACE Anti-Piracy
2013-08-10 00:22 . 2013-08-10 00:22 -------- d-----w- c:\documents and settings\Roman\Local Settings\Application Data\PACE Anti-Piracy
2013-08-09 09:33 . 2008-04-13 19:15 60032 -c--a-w- c:\windows\system32\dllcache\usbaudio.sys
2013-08-09 09:33 . 2008-04-13 19:15 60032 ----a-w- c:\windows\system32\drivers\USBAUDIO.sys
2013-08-07 21:21 . 2003-06-20 10:28 1777664 ----a-w- c:\windows\system32\gdiplus.dll
2013-08-07 18:49 . 2013-08-10 01:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Ableton
2013-08-07 18:49 . 2013-08-10 01:13 -------- d-----w- c:\documents and settings\Roman\Application Data\Ableton
2013-08-07 18:49 . 2008-05-09 10:23 368640 ----a-w- c:\windows\system32\ReWire.dll
2013-08-07 18:49 . 2008-05-09 10:23 233472 ----a-w- c:\windows\system32\REX Shared Library.dll
2013-07-18 15:23 . 2013-07-18 15:23 -------- d-----w- c:\documents and settings\Roman\Application Data\Philips
2013-07-18 15:21 . 2013-07-18 15:21 -------- d-----w- c:\documents and settings\Roman\Local Settings\Application Data\Philips-Songbird
2013-07-18 15:21 . 2013-07-18 15:21 -------- d-----w- c:\documents and settings\Roman\Application Data\Philips-Songbird
2013-07-18 15:21 . 2012-03-19 10:23 118784 ----a-w- c:\windows\system32\DriverCoInstaller.dll
2013-07-18 15:21 . 2012-03-19 10:20 11264 ----a-w- c:\windows\system32\rockusbCoInstaller.dll
2013-07-18 15:21 . 2008-03-21 11:57 14640 ------w- c:\windows\system32\spmsgXP_2k3.dll
2013-07-18 15:20 . 2013-07-18 15:20 -------- d-----w- c:\documents and settings\All Users\Application Data\{F0489EF2-D393-4114-85BA-A94D71D89543}
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-07-10 13:41 . 2008-04-14 12:00 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-07-10 13:41 . 2008-04-14 12:00 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2012-08-18 . E17798E1E6FF1CA9C67B8576570E05EE . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2013-03-14 3672640]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-11-15 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-11-15 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-11-15 137752]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-04-27 851968]
"Dell QuickSet"="c:\program files\DELL\QuickSet\quickset.exe" [2007-07-03 1228800]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-10-09 2183168]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2013-03-21 5078504]
"M-Audio Taskbar Icon"="c:\windows\System32\MAFWTray.exe" [2008-03-03 252424]
"MAFWTaskbarApp"="c:\windows\system32\MAFWTray.exe" [2008-03-03 252424]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"NeroCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Post-it® Software Notes Lite.lnk - c:\program files\3M\PSNLite\PsnLite.exe -RegRun [2003-10-9 1622016]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, credssp.dll, digest.dll, msnsspc.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
backup=c:\windows\pss\Bluetooth.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2013-03-14 08:23 3672640 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DELL Webcam Manager]
2007-06-07 09:14 118784 ------w- c:\program files\DELL\DELL Webcam Manager\DellWMgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OEM02Mon.exe]
2007-05-09 23:01 36864 ----a-w- c:\windows\OEM02Mon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
2007-05-10 08:22 405504 ----a-w- c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"wuauserv"=2 (0x2)
"TapiSrv"=3 (0x3)
"RDSessMgr"=3 (0x3)
"RasMan"=3 (0x3)
"RasAuto"=3 (0x3)
"mnmsrvc"=3 (0x3)
"btwdins"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
.
R0 iastor3;iastor3;c:\windows\system32\drivers\iastor3.sys [18.8.2012 4:12 308248]
R0 mv61xxmm;mv61xxmm;c:\windows\system32\drivers\mv61xxmm.sys [18.8.2012 4:12 13616]
R0 mv64xxmm;mv64xxmm;c:\windows\system32\drivers\mv64xxmm.sys [18.8.2012 4:12 5632]
R0 mvxxmm;mvxxmm;c:\windows\system32\drivers\mvxxmm.sys [18.8.2012 4:12 13616]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [20.4.2013 18:34 242240]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [10.1.2013 10:25 122240]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [21.3.2013 15:19 1341664]
R3 MAFW;MAFW;c:\windows\system32\drivers\mafw.sys [20.4.2013 15:51 193032]
S3 PortTalk;PortTalk;c:\windows\system32\drivers\PortTalk.sys [18.4.2013 15:24 3567]
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - TRUESIGHT
*Deregistered* - TrueSight
.
Obsah adresáře 'Naplánované úlohy'
.
2013-08-10 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-18 13:41]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.advaita.cz/
uInternet Settings,ProxyOverride = *.local
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\documents and settings\Roman\Application Data\Mozilla\Firefox\Profiles\uppn404s.default\
FF - prefs.js: browser.startup.homepage - www.advaita.cz
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
HKCU-Run-AdobeBridge - (no file)
AddRemove-Cool's_Codec_pack_4.12 - c:\windows\iun6002.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-08-10 17:25
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(1028)
c:\windows\System32\BCMLogon.dll
.
Celkový čas: 2013-08-10 17:27:02
ComboFix-quarantined-files.txt 2013-08-10 15:27
.
Před spuštěním: 104 601 874 432 bytes free
Po spuštění: 104 723 042 304 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 0B9598FA09DC669DE406FF2E54053743
8F558EB6672622401DA993E1E865C861

To si pak prenastavite zpatky


Otevrete si poznamkovy blok a zkopirujte do nej tento skript Vlevo nahore kliknete na napis Soubor
Kliknete na napis Ulozit jako...
Napiste spravne ten cerveny nazev CFScript a ulozte na plochu.
Vypnete antivir i dalsi pripadne zabezpeceni.
Pretahntete mysi tento vytvoreny textovy dokument nad ikonu ComboFix a pustte.
ComboFix by se mel spustit a vykonat prikazy.
Az skonci (muze dojit k restartu pc), mel by se objevit novy log, ten mi sem zase zkopirujte.

Kdyby po restartu nenabehl windows, restartujte znovu, mackejte klavesu F8 a zvolte - Posledni znama funkcni konfigurace
Kdyz windows nabehne, ale pri spousteni ruznych programu bude hlasena chyba, staci restartovat pc a bude to v poradku

Ano, přednastvím, jen vše poslušně hlásím Po restartu se mi automaticky sepíná Eset rychle jsem ho ještě vypl, když jsem neměl nic spouštět, snad to ničemu nevadilo.

log:


ComboFix 13-08-09.02 - Roman 10.08.2013 17:54:52.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1250.420.1033.18.3062.2488 [GMT 2:00]
Spuštěný z: c:\documents and settings\Roman\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Roman\Desktop\CFScript.txt
AV: ESET Smart Security 6.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET personal firewall *Enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
.
FILE ::
"c:\windows\tasks\Adobe Flash Player Updater.job"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\tasks\Adobe Flash Player Updater.job
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-07-10 do 2013-08-10 )))))))))))))))))))))))))))))))
.
.
2013-08-10 09:15 . 2013-08-10 09:16 -------- d-----w- c:\program files\trend micro
2013-08-10 09:15 . 2013-08-10 09:16 -------- d-----w- C:\rsit
2013-08-10 01:24 . 2013-08-10 01:24 -------- d-----w- c:\program files\Ableton
2013-08-10 01:17 . 2013-08-10 01:17 -------- d-----w- c:\program files\MixMeister BPM Analyzer
2013-08-10 00:22 . 2013-08-10 00:22 -------- d-----w- c:\documents and settings\Roman\Application Data\Cycling '74
2013-08-10 00:22 . 2013-08-10 00:22 -------- d-----w- c:\documents and settings\Roman\Application Data\PACE Anti-Piracy
2013-08-10 00:22 . 2013-08-10 00:22 -------- d-----w- c:\documents and settings\All Users\Application Data\PACE Anti-Piracy
2013-08-10 00:22 . 2013-08-10 00:22 -------- d-----w- c:\program files\Common Files\PACE Anti-Piracy
2013-08-10 00:22 . 2013-08-10 00:22 -------- d-----w- c:\documents and settings\Roman\Local Settings\Application Data\PACE Anti-Piracy
2013-08-09 09:33 . 2008-04-13 19:15 60032 -c--a-w- c:\windows\system32\dllcache\usbaudio.sys
2013-08-09 09:33 . 2008-04-13 19:15 60032 ----a-w- c:\windows\system32\drivers\USBAUDIO.sys
2013-08-07 21:21 . 2003-06-20 10:28 1777664 ----a-w- c:\windows\system32\gdiplus.dll
2013-08-07 18:49 . 2013-08-10 01:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Ableton
2013-08-07 18:49 . 2013-08-10 01:13 -------- d-----w- c:\documents and settings\Roman\Application Data\Ableton
2013-08-07 18:49 . 2008-05-09 10:23 368640 ----a-w- c:\windows\system32\ReWire.dll
2013-08-07 18:49 . 2008-05-09 10:23 233472 ----a-w- c:\windows\system32\REX Shared Library.dll
2013-07-18 15:23 . 2013-07-18 15:23 -------- d-----w- c:\documents and settings\Roman\Application Data\Philips
2013-07-18 15:21 . 2013-07-18 15:21 -------- d-----w- c:\documents and settings\Roman\Local Settings\Application Data\Philips-Songbird
2013-07-18 15:21 . 2013-07-18 15:21 -------- d-----w- c:\documents and settings\Roman\Application Data\Philips-Songbird
2013-07-18 15:21 . 2012-03-19 10:23 118784 ----a-w- c:\windows\system32\DriverCoInstaller.dll
2013-07-18 15:21 . 2012-03-19 10:20 11264 ----a-w- c:\windows\system32\rockusbCoInstaller.dll
2013-07-18 15:21 . 2008-03-21 11:57 14640 ------w- c:\windows\system32\spmsgXP_2k3.dll
2013-07-18 15:20 . 2013-07-18 15:20 -------- d-----w- c:\documents and settings\All Users\Application Data\{F0489EF2-D393-4114-85BA-A94D71D89543}
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-07-10 13:41 . 2008-04-14 12:00 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-07-10 13:41 . 2008-04-14 12:00 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2012-08-18 . E17798E1E6FF1CA9C67B8576570E05EE . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-11-15 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-11-15 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-11-15 137752]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-04-27 851968]
"Dell QuickSet"="c:\program files\DELL\QuickSet\quickset.exe" [2007-07-03 1228800]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-10-09 2183168]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2013-03-21 5078504]
"M-Audio Taskbar Icon"="c:\windows\System32\MAFWTray.exe" [2008-03-03 252424]
"MAFWTaskbarApp"="c:\windows\system32\MAFWTray.exe" [2008-03-03 252424]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Post-it® Software Notes Lite.lnk - c:\program files\3M\PSNLite\PsnLite.exe -RegRun [2003-10-9 1622016]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, credssp.dll, digest.dll, msnsspc.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
backup=c:\windows\pss\Bluetooth.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DELL Webcam Manager]
2007-06-07 09:14 118784 ------w- c:\program files\DELL\DELL Webcam Manager\DellWMgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OEM02Mon.exe]
2007-05-09 23:01 36864 ----a-w- c:\windows\OEM02Mon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
2007-05-10 08:22 405504 ----a-w- c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"wuauserv"=2 (0x2)
"TapiSrv"=3 (0x3)
"RDSessMgr"=3 (0x3)
"RasMan"=3 (0x3)
"RasAuto"=3 (0x3)
"mnmsrvc"=3 (0x3)
"btwdins"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
.
R0 iastor3;iastor3;c:\windows\system32\drivers\iastor3.sys [18.8.2012 4:12 308248]
R0 mv61xxmm;mv61xxmm;c:\windows\system32\drivers\mv61xxmm.sys [18.8.2012 4:12 13616]
R0 mv64xxmm;mv64xxmm;c:\windows\system32\drivers\mv64xxmm.sys [18.8.2012 4:12 5632]
R0 mvxxmm;mvxxmm;c:\windows\system32\drivers\mvxxmm.sys [18.8.2012 4:12 13616]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [20.4.2013 18:34 242240]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [10.1.2013 10:25 122240]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [21.3.2013 15:19 1341664]
R3 MAFW;MAFW;c:\windows\system32\drivers\mafw.sys [20.4.2013 15:51 193032]
S3 PortTalk;PortTalk;c:\windows\system32\drivers\PortTalk.sys [18.4.2013 15:24 3567]
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - WS2IFSL
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.advaita.cz/
uInternet Settings,ProxyOverride = *.local
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\documents and settings\Roman\Application Data\Mozilla\Firefox\Profiles\uppn404s.default\
FF - prefs.js: browser.startup.homepage - www.advaita.cz
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-08-10 17:58
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(1032)
c:\windows\System32\BCMLogon.dll
.
- - - - - - - > 'explorer.exe'(3712)
c:\windows\system32\WININET.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\IEFRAME.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\System32\WLTRYSVC.EXE
c:\windows\System32\bcmwltry.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\STacSV.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\3M\PSNLite\PsnLite.exe
c:\progra~1\3M\PSNLite\PSNGive.exe
.
**************************************************************************
.
Celkový čas: 2013-08-10 18:01:09 - počítač byl restartován
ComboFix-quarantined-files.txt 2013-08-10 16:01
ComboFix2.txt 2013-08-10 15:27
.
Před spuštěním: 104 661 790 720 bytes free
Po spuštění: 104 659 460 096 bytes free
.
- - End Of File - - 59775BC947CB6F8251853C2D538CF3E8
8F558EB6672622401DA993E1E865C861

V poradku, ESET uz po restartu klidne muze byt zapnuty


Porad to pri startu blikne?

Dejte novy log z RSIT

Tak ta dlouhá černá obrazovka jsem teď došel na to, že když odpojím firewire zvukovku tak je zapnutí běžné. Akorát po najetí plochy stále problikne černá obrazovka.

Logfile of random's system information tool 1.09 (written by random/random)
Run by Roman at 2013-08-10 18:38:50
Microsoft Windows XP Professional Service Pack 3
System drive C: has 100 GB (83%) free of 120 GB
Total RAM: 3062 MB (79% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:39:00, on 10.8.2013
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\STacSV.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\DELL\QuickSet\quickset.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\WINDOWS\System32\MAFWTray.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\3M\PSNLite\PsnLite.exe
C:\PROGRA~1\3M\PSNLite\PSNGive.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\totalcmd\TOTALCMD.EXE
D:\TEMP\MALWAREspyware\RSIT.exe
C:\Program Files\trend micro\Roman.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.advaita.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\DELL\QuickSet\quickset.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [M-Audio Taskbar Icon] C:\WINDOWS\System32\MAFWTray.exe
O4 - HKLM\..\Run: [MAFWTaskbarApp] C:\WINDOWS\system32\MAFWTray.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Program Files\3M\PSNLite\PsnLite.exe
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\STacSV.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 4623 bytes

=========Mozilla firefox=========

ProfilePath - C:\Documents and Settings\Roman\Application Data\Mozilla\Firefox\Profiles\uppn404s.default

prefs.js - "browser.startup.homepage" - "www.advaita.cz"

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.8.800.94 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=2.0.6]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll


C:\Program Files\Mozilla Firefox\plugins\
nppdf32.dll
npwachk.dll

======Registry dump======

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2007-11-15 141848]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2007-11-15 166424]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2007-11-15 137752]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2007-04-27 851968]
"Dell QuickSet"=C:\Program Files\DELL\QuickSet\quickset.exe [2007-07-03 1228800]
"Broadcom Wireless Manager UI"=C:\WINDOWS\system32\WLTRAY.exe [2007-10-09 2183168]
"egui"=C:\Program Files\ESET\ESET Smart Security\egui.exe [2013-03-21 5078504]
"M-Audio Taskbar Icon"=C:\WINDOWS\System32\MAFWTray.exe [2008-03-03 252424]
"MAFWTaskbarApp"=C:\WINDOWS\system32\MAFWTray.exe [2008-03-03 252424]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DELL Webcam Manager]
C:\Program Files\DELL\DELL Webcam Manager\DellWMgr.exe [2007-06-07 118784]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OEM02Mon.exe]
C:\WINDOWS\OEM02Mon.exe [2007-05-10 36864]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe [2007-05-10 405504]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk]
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTTray.exe [2007-05-17 568176]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"wuauserv"=2
"TapiSrv"=3
"RDSessMgr"=3
"RasMan"=3
"RasAuto"=3
"mnmsrvc"=3
"btwdins"=2

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Post-it® Software Notes Lite.lnk - C:\Program Files\3M\PSNLite\PsnLite.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2007-10-30 208896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=msapsspc.dll, schannel.dll, credssp.dll, digest.dll, msnsspc.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"VIDC.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"VIDC.IYUV"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVU9"=tsbyuv.dll
"VIDC.YVYU"=msyuv.dll
"wavemapper"=msacm32.drv
"MSVideo8"=VfWWDM32.dll
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"mixer"=wdmaud.drv
"wave1"=wdmaud.drv
"mixer1"=wdmaud.drv
"wave2"=wdmaud.drv
"mixer2"=wdmaud.drv
"Midi"=wdmaud.drv
"wave3"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer3"=wdmaud.drv
"wave4"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer4"=wdmaud.drv
"wave5"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer5"=wdmaud.drv
"aux"=wdmaud.drv
"wave6"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer6"=wdmaud.drv
"aux1"=wdmaud.drv

======List of files/folders created in the last 1 month======

2013-08-10 18:01:11 ----D---- C:\WINDOWS\temp
2013-08-10 18:01:09 ----A---- C:\ComboFix.txt
2013-08-10 17:21:55 ----A---- C:\Boot.bak
2013-08-10 17:21:52 ----RASHD---- C:\cmdcons
2013-08-10 17:19:43 ----A---- C:\WINDOWS\zip.exe
2013-08-10 17:19:43 ----A---- C:\WINDOWS\SWXCACLS.exe
2013-08-10 17:19:43 ----A---- C:\WINDOWS\SWSC.exe
2013-08-10 17:19:43 ----A---- C:\WINDOWS\SWREG.exe
2013-08-10 17:19:43 ----A---- C:\WINDOWS\sed.exe
2013-08-10 17:19:43 ----A---- C:\WINDOWS\PEV.exe
2013-08-10 17:19:43 ----A---- C:\WINDOWS\NIRCMD.exe
2013-08-10 17:19:43 ----A---- C:\WINDOWS\MBR.exe
2013-08-10 17:19:43 ----A---- C:\WINDOWS\grep.exe
2013-08-10 17:19:34 ----D---- C:\Qoobox
2013-08-10 17:19:22 ----D---- C:\WINDOWS\erdnt
2013-08-10 15:13:15 ----A---- C:\AdwCleaner[S1].txt
2013-08-10 14:32:49 ----A---- C:\AdwCleaner[R2].txt
2013-08-10 14:32:08 ----A---- C:\AdwCleaner[R1].txt
2013-08-10 11:15:22 ----D---- C:\Program Files\trend micro
2013-08-10 11:15:21 ----D---- C:\rsit
2013-08-10 03:24:43 ----D---- C:\Program Files\Ableton
2013-08-10 03:17:21 ----D---- C:\Program Files\MixMeister BPM Analyzer
2013-08-10 02:29:23 ----D---- C:\WINDOWS\system32\appmgmt
2013-08-10 02:22:05 ----D---- C:\Documents and Settings\Roman\Application Data\Cycling '74
2013-08-10 02:22:03 ----D---- C:\Program Files\Common Files\PACE Anti-Piracy
2013-08-10 02:22:03 ----D---- C:\Documents and Settings\Roman\Application Data\PACE Anti-Piracy
2013-08-10 02:22:03 ----D---- C:\Documents and Settings\All Users\Application Data\PACE Anti-Piracy
2013-08-09 11:33:53 ----A---- C:\WINDOWS\system32\drivers\USBAUDIO.sys
2013-08-07 23:21:31 ----A---- C:\WINDOWS\system32\gdiplus.dll
2013-08-07 20:49:53 ----D---- C:\Documents and Settings\Roman\Application Data\Ableton
2013-08-07 20:49:53 ----D---- C:\Documents and Settings\All Users\Application Data\Ableton
2013-08-07 20:49:10 ----A---- C:\WINDOWS\system32\REX Shared Library.dll
2013-08-07 20:49:10 ----A---- C:\WINDOWS\system32\ReWire.dll
2013-07-18 17:23:39 ----D---- C:\Documents and Settings\Roman\Application Data\Philips
2013-07-18 17:21:37 ----D---- C:\Documents and Settings\Roman\Application Data\Philips-Songbird
2013-07-18 17:21:29 ----A---- C:\WINDOWS\system32\DriverCoInstaller.dll
2013-07-18 17:21:26 ----A---- C:\WINDOWS\system32\rockusbCoInstaller.dll
2013-07-18 17:21:24 ----N---- C:\WINDOWS\system32\spmsgXP_2k3.dll
2013-07-18 17:20:55 ----D---- C:\Documents and Settings\All Users\Application Data\{F0489EF2-D393-4114-85BA-A94D71D89543}

======List of files/folders modified in the last 1 month======

2013-08-10 18:38:34 ----A---- C:\WINDOWS\wincmd.ini
2013-08-10 18:37:16 ----D---- C:\WINDOWS
2013-08-10 18:31:30 ----A---- C:\WINDOWS\SchedLgU.Txt
2013-08-10 18:02:29 ----D---- C:\WINDOWS\system32
2013-08-10 18:02:29 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2013-08-10 18:01:12 ----D---- C:\WINDOWS\system32\drivers
2013-08-10 18:00:09 ----D---- C:\WINDOWS\system32\CatRoot2
2013-08-10 17:58:37 ----A---- C:\WINDOWS\system.ini
2013-08-10 17:58:27 ----D---- C:\WINDOWS\system32\drivers\etc
2013-08-10 17:57:09 ----SD---- C:\WINDOWS\Tasks
2013-08-10 17:56:05 ----D---- C:\WINDOWS\AppPatch
2013-08-10 17:56:03 ----D---- C:\Program Files\Common Files
2013-08-10 17:21:55 ----RASH---- C:\boot.ini
2013-08-10 17:19:29 ----D---- C:\WINDOWS\Prefetch
2013-08-10 14:29:23 ----RD---- C:\Program Files
2013-08-10 03:24:52 ----SHD---- C:\WINDOWS\Installer
2013-08-10 03:24:52 ----D---- C:\WINDOWS\WinSxS
2013-08-10 02:28:24 ----HD---- C:\WINDOWS\inf
2013-08-10 02:28:24 ----DC---- C:\WINDOWS\system32\DRVSTORE
2013-08-10 02:22:23 ----ASD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2013-08-10 02:22:22 ----AHD---- C:\Program Files\WindowsUpdate
2013-08-10 02:22:22 ----AD---- C:\Program Files\Common Files\System
2013-08-10 02:22:04 ----D---- C:\Program Files\Common Files\Microsoft Shared
2013-08-09 11:33:58 ----RSHDC---- C:\WINDOWS\system32\dllcache
2013-08-06 14:52:27 ----D---- C:\Documents and Settings\Roman\Application Data\Audacity
2013-08-04 21:48:34 ----D---- C:\Documents and Settings\Roman\Application Data\vlc
2013-07-29 10:43:20 ----D---- C:\Documents and Settings\Roman\Application Data\OpenOffice.org2
2013-07-19 10:15:31 ----D---- C:\WINDOWS\system32\CatRoot
2013-07-18 17:21:28 ----D---- C:\Program Files\DIFX
2013-07-18 16:31:08 ----D---- C:\WINDOWS\system32\drivers\UMDF

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 iaStor;Intel AHCI Controller; C:\WINDOWS\system32\DRIVERS\iaStor.sys [2007-09-30 308248]
R0 iastor3;iastor3; C:\WINDOWS\system32\drivers\iastor3.sys [2012-08-18 308248]
R0 mv61xxmm;mv61xxmm; C:\WINDOWS\system32\drivers\mv61xxmm.sys [2012-08-18 13616]
R0 mv64xxmm;mv64xxmm; C:\WINDOWS\system32\drivers\mv64xxmm.sys [2012-08-18 5632]
R0 mvxxmm;mvxxmm; C:\WINDOWS\system32\drivers\mvxxmm.sys [2012-08-18 13616]
R0 ohci1394;OHCI Compliant IEEE 1394 Host Controller; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2012-08-18 61824]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2011-03-04 45648]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
R1 APPDRV;APPDRV; C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS [2005-08-12 16128]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\WINDOWS\system32\DRIVERS\dtsoftbus01.sys [2013-04-20 242240]
R1 eamon;eamon; C:\WINDOWS\system32\DRIVERS\eamon.sys [2013-01-10 161368]
R1 ehdrv;ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [2013-01-10 122240]
R1 epfwtdi;epfwtdi; C:\WINDOWS\system32\DRIVERS\epfwtdi.sys [2013-02-14 62512]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2008-04-14 12032]
R2 epfw;epfw; C:\WINDOWS\system32\DRIVERS\epfw.sys [2013-01-10 150080]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2006-06-19 12672]
R2 rimmptsk;rimmptsk; C:\WINDOWS\system32\DRIVERS\rimmptsk.sys [2006-11-15 32256]
R2 rimsptsk;rimsptsk; C:\WINDOWS\system32\DRIVERS\rimsptsk.sys [2006-11-14 43520]
R2 rismxdp;Ricoh xD-Picture Card Driver; C:\WINDOWS\system32\DRIVERS\rixdptsk.sys [2006-11-14 37376]
R2 rspndr;Link-Layer Topology Discovery Responder; C:\WINDOWS\system32\DRIVERS\rspndr.sys [2012-08-18 62848]
R3 61883;61883 Unit Device; C:\WINDOWS\system32\DRIVERS\61883.sys [2008-04-13 48128]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2012-08-18 60800]
R3 Avc;AVC Device; C:\WINDOWS\system32\DRIVERS\avc.sys [2008-04-13 38912]
R3 BCM43XX;Ovladač bezdrátové karty Dell WLAN; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2007-10-09 1123328]
R3 BTKRNL;Bluetooth Bus Enumerator; C:\WINDOWS\system32\DRIVERS\btkrnl.sys [2007-03-31 876384]
R3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2007-03-23 67960]
R3 Epfwndis;Eset Personal Firewall; C:\WINDOWS\system32\DRIVERS\Epfwndis.sys [2013-01-10 40376]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-14 144384]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2006-11-02 989696]
R3 HSFHWAZL;HSFHWAZL; C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys [2006-11-02 209152]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2007-10-30 5851488]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2012-08-18 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2012-08-18 61824]
R3 OEM02Dev;Creative Camera OEM002 Driver; C:\WINDOWS\system32\DRIVERS\OEM02Dev.sys [2007-07-18 235520]
R3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver; C:\WINDOWS\system32\DRIVERS\OEM02Vfx.sys [2007-03-05 7424]
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-14 79232]
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2007-05-10 1222840]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2007-04-27 202912]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2006-11-02 730112]
S2 adfs;adfs; C:\WINDOWS\system32\drivers\adfs.sys []
S3 b57w2k;BCM5701 Gigabit Ethernet; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2001-08-17 96640]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 MAFW;MAFW; C:\WINDOWS\system32\DRIVERS\mafw.sys [2008-03-03 193032]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 PortTalk;PortTalk; C:\WINDOWS\System32\Drivers\PortTalk.sys [2002-01-12 3567]
S3 sffdisk;SFF Storage Class Driver; C:\WINDOWS\system32\DRIVERS\sffdisk.sys [2008-04-14 11904]
S3 sffp_sd;SFF Storage Protocol Driver for SDBus; C:\WINDOWS\system32\DRIVERS\sffp_sd.sys [2008-04-14 11008]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 UIUSys;Conexant Setup API; C:\WINDOWS\system32\DRIVERS\UIUSYS.SYS []
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 usbvideo;USB Video Device (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-13 121984]
S3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2008-03-27 503008]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:\WINDOWS\system32\DRIVERS\yk51x86.sys [2007-09-17 265856]
S4 exFat;exFat; C:\WINDOWS\system32\drivers\exFat.sys [2012-08-18 133632]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:\Program Files\Bonjour\mDNSResponder.exe [2006-02-28 229376]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2013-03-21 1341664]
R2 STacSV;SigmaTel Audio Service; C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\STacSV.exe [2007-05-10 94208]
R2 wltrysvc;Dell Wireless WLAN Tray Service; C:\WINDOWS\System32\WLTRYSVC.EXE [2007-10-09 24064]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-07-10 257416]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2013-05-20 654848]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2013-06-27 117144]
S4 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe [2007-05-17 260968]

-----------------EOF-----------------

Ono to nemusi byt zpusobeno haveti. Muze to delat nejaky legitimni soft, ktery startuje hned pri startu systemu. Dela to i pri startu do nouzoveho rezimu?



Vypnete antivir, at nebrani programu v praci.
Stahnete OTM http://oldtimer.geekstogo.com/OTM.exe a ulozte nejlepe na plochu.
Kliknete na nej pravym mysidlem a levym na Spustit jako spravce.
Do leveho okna zkopirujte tento skript (vcetne te dvojtecky pred slovem commands) Kliknete na MoveIt a nechte program pracovat. Pri otazce na restart souhlaste.
Po restartu sem dejte log, ktery na vas vyskoci, nebo bude zde C:\_OTM\MovedFiles\xxxxxxxx_xxxxxx (misto tech x budou cisla, predstavujici datum a cas spusteni)

Tak jsem spustil OTM a klikl na něj pravým myšidlem, ale nic takového v nabídce SPUSTIT jako správce nevykouklo.
Co dělám prosím špatně?

Jo a ještě, teď se mi to stalo když píšu třeba " špatně" napíše se to "tněšpa"

Promiňte už to chápu klikne se na ikonu na ploše...

ím zatčekám na log

Tak teď nevím zda jsem udělal správtu ně, čekal jsem čekal, tak jse otm vypl, restartoval a zapl znova v vyskočil na mě ten log:

Files moved on Reboot...

Registry entries deleted on Reboot...

pak jsem tedy provedl znovu příkaz a čekal a čekal a nakonec zkopíroval obsah pravého okna:

All processes killed
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
Unable to locate HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce key.
Unable to locate HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce key.
Unable to locate HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce key.
Unable to locate HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce key.
Unable to locate HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce key.
Unable to locate HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce key.
Unable to locate HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce key.
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService

User: NetworkService

User: Roman

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
Unable to locate HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce key.
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 0,00 mb


[EMPTYFLASH]

User: All Users

User: Default User

User: LocalService

User: NetworkService

User: Roman

Total Flash Files Cleaned = 0,00 mb

Unable to locate HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce key.
File move failed. C:\WINDOWS\System32\drivers\etc\Hosts scheduled to be moved on reboot.

To stím psaním mi teď dělá každou chvíli

Ve složce OTM je jen ten log co na mě vyskočil při druhém spuštění.

Ja teda nevim, co jste tam provadel, ale log urcite nevypada, tak jak by mel.

Zkuste to tedy jeste jednou, ale v nouzovem rezimu a s timto upravenym skriptem.

Zazmatkoval jsem se spuštěním OTM a prvně je pustil normálním dvojklikem.....Pak jsem to pochopil a spustil OTM dle instrukcí, program začal pracovat a vyskočilo okno viz foto 1.

http://2i.cz/7dab4963b0

Dále jsem nemohl OTM v nouzovém režimu spustit, objevila se zpráva viz foto 2.

http://2i.cz/5f896b4192

Nevím co dělám špatně OTM mě nechce....

Ještě jsem si všimnul, že to probliknutí při startu v nouzovém režimu nebylo.

Tak kaslem na OTM, docistime to jinak.


Vsechny tyto programy - vcetne pripadne instalace - spoustejte jako spravce (kliknete na ne pravym mysidlem a zvolte - Spustit jako spravce)

Prejmenujte ComboFix na Uninstall a spustte ho. CF by se mel odinstalovat.

vyosek píše: T-Cleaner http://tharifas.sweb.cz/T-Cleaner.exe

• Stahnete a spustte
• Pro potvrzeni volby mackejte A, Enter
• Po pouziti utilitu smazte
• Antiviry mohou utilitu chybne oznacit jako vir - jedna se o falesny poplach - takze v pohode stahnete (pripadne vypnete pri stahovani antivir)

Stahnete OTC http://oldtimer.geekstogo.com/OTC.exe , ulozte a spustte.
Kliknete na napis CleanUp a pote OK - Po uklidu dojde k restartu pc.

Stahnete TFC http://oldtimer.geekstogo.com/TFC.exe , ulozte a spustte
Kliknete na START a pote OK - Po uklidu dojde k restartu pc.
Po pouziti muzete programek smazat

Stahnete Ccleaner http://www.stahuj.centrum.cz/utility_a_ ... /ccleaner/ a spustte.
Pri instalaci pozor na toolbar (ci jine doplnky), jestli vam nabidne jeho instalaci, tak zruste zatrzitko.
Po spusteni se ocitnete ve funkci Cistic. Vlevo je spousta zatrzitek. Pozor dejte hlavne na kos, pokud nechate zatrzene, vzdy ho vysype.
Dale, podle toho jak je nastaven, smaze vsechna hesla ulozena na netu!!! Takze jestli mate nastavene, at si pocitac hesla pamatuje (coz neni pro bezpecnost dobre), budete je muset pak napsat znova rucne (napr mail, facebook, ruzna fora atd.)
Kliknete na Analyzovat a az dokonci analyzu, kliknete na Spustit Cleaner.
Potom kliknete vlevo na funkci Registry
Kliknete na Hledej problemy, kdyz najde, kliknete na Opravit problemy. Nabidne Vam zalohu, tu udelejte a ulozte ji tak, at ji v pripade potreby najdete.
Funkce Nastroje umoznuje odinstalovani programu. Je dukladnejsi nez samotny windows!

Defragmentujte disk(y)
Stahnete program Defraggler http://www.stahuj.centrum.cz/utility_a_ ... efraggler/
Pri instalaci opet pozor na toolbar
Po nainstalovani program spustte a kliknete na Analyzovat, po analyze kliknete na Defragmentovat a programek odvede svou praci.




Pak napiste, jak je na tom pc.

Dobrý den,
počítač prošel určitě výraznou očistou, slovo klystýr je asi slabé slovo, je to něco jako prolívání útrob slanou vodou. Také jsem došel na to proč nefungovalo OTM, při spuštění Run as na mě vyskočilo vždy okno s ikonou klíčků a dalo se vybrat mezi účty admina nebo uživatele a uživatel měl zatrhnutou nějakou ochranu. Nicméně při startu okno problikne, teď se objeví plocha po chvíli problik a pak se ukáže eset. Před tím to vše proběhlo naráz. Tento problém začal asi týden po instalaci nového systému, když jsem instaloval programy, neměl jsem ještě tehdy eset. Proto jsem to považoval za nějakého vetřelce když to po přeinstalaci nedělalo.....tak nevím.
Víc Vám stejně řekne nový log RSIT

Logfile of random's system information tool 1.09 (written by random/random)
Run by Roman at 2013-08-11 11:56:28
Microsoft Windows XP Professional Service Pack 3
System drive C: has 105 GB (87%) free of 120 GB
Total RAM: 3062 MB (80% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:56:37, on 11.8.2013
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\STacSV.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\DELL\QuickSet\quickset.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\System32\MAFWTray.exe
C:\Program Files\3M\PSNLite\PsnLite.exe
C:\PROGRA~1\3M\PSNLite\PSNGive.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\totalcmd\TOTALCMD.EXE
D:\TEMP\MALWAREspyware\RSIT.exe
C:\Program Files\trend micro\Roman.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.advaita.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\DELL\QuickSet\quickset.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [M-Audio Taskbar Icon] C:\WINDOWS\System32\MAFWTray.exe
O4 - HKLM\..\Run: [MAFWTaskbarApp] C:\WINDOWS\system32\MAFWTray.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Program Files\3M\PSNLite\PsnLite.exe
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\STacSV.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 4590 bytes

=========Mozilla firefox=========

ProfilePath - C:\Documents and Settings\Roman\Application Data\Mozilla\Firefox\Profiles\uppn404s.default

prefs.js - "browser.startup.homepage" - "www.advaita.cz"

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.8.800.94 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=2.0.6]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll


C:\Program Files\Mozilla Firefox\plugins\
nppdf32.dll
npwachk.dll

======Registry dump======

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2007-11-15 141848]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2007-11-15 166424]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2007-11-15 137752]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2007-04-27 851968]
"Dell QuickSet"=C:\Program Files\DELL\QuickSet\quickset.exe [2007-07-03 1228800]
"Broadcom Wireless Manager UI"=C:\WINDOWS\system32\WLTRAY.exe [2007-10-09 2183168]
"egui"=C:\Program Files\ESET\ESET Smart Security\egui.exe [2013-03-21 5078504]
"M-Audio Taskbar Icon"=C:\WINDOWS\System32\MAFWTray.exe [2008-03-03 252424]
"MAFWTaskbarApp"=C:\WINDOWS\system32\MAFWTray.exe [2008-03-03 252424]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DELL Webcam Manager]
C:\Program Files\DELL\DELL Webcam Manager\DellWMgr.exe [2007-06-07 118784]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OEM02Mon.exe]
C:\WINDOWS\OEM02Mon.exe [2007-05-10 36864]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe [2007-05-10 405504]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk]
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTTray.exe [2007-05-17 568176]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"wuauserv"=2
"TapiSrv"=3
"RDSessMgr"=3
"RasMan"=3
"RasAuto"=3
"mnmsrvc"=3
"btwdins"=2

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Post-it® Software Notes Lite.lnk - C:\Program Files\3M\PSNLite\PsnLite.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2007-10-30 208896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=msapsspc.dll, schannel.dll, credssp.dll, digest.dll, msnsspc.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"VIDC.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"VIDC.IYUV"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVU9"=tsbyuv.dll
"VIDC.YVYU"=msyuv.dll
"wavemapper"=msacm32.drv
"MSVideo8"=VfWWDM32.dll
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"mixer"=wdmaud.drv
"wave1"=wdmaud.drv
"mixer1"=wdmaud.drv
"wave2"=wdmaud.drv
"mixer2"=wdmaud.drv
"Midi"=wdmaud.drv
"wave3"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer3"=wdmaud.drv
"wave4"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer4"=wdmaud.drv
"wave5"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer5"=wdmaud.drv
"aux"=wdmaud.drv
"wave6"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer6"=wdmaud.drv
"aux1"=wdmaud.drv

======List of files/folders created in the last 1 month======

2013-08-11 11:56:28 ----D---- C:\rsit
2013-08-11 01:49:10 ----D---- C:\Program Files\Defraggler
2013-08-11 01:31:59 ----SHD---- C:\RECYCLER
2013-08-10 22:34:13 ----ASH---- C:\pagefile.sys
2013-08-10 22:31:22 ----D---- C:\WINDOWS\CSC
2013-08-10 18:01:11 ----D---- C:\WINDOWS\temp
2013-08-10 17:21:55 ----A---- C:\Boot.bak
2013-08-10 17:21:52 ----RASHD---- C:\cmdcons
2013-08-10 11:15:22 ----D---- C:\Program Files\trend micro
2013-08-10 03:24:43 ----D---- C:\Program Files\Ableton
2013-08-10 03:17:21 ----D---- C:\Program Files\MixMeister BPM Analyzer
2013-08-10 02:29:23 ----D---- C:\WINDOWS\system32\appmgmt
2013-08-10 02:22:05 ----D---- C:\Documents and Settings\Roman\Application Data\Cycling '74
2013-08-10 02:22:03 ----D---- C:\Program Files\Common Files\PACE Anti-Piracy
2013-08-10 02:22:03 ----D---- C:\Documents and Settings\Roman\Application Data\PACE Anti-Piracy
2013-08-10 02:22:03 ----D---- C:\Documents and Settings\All Users\Application Data\PACE Anti-Piracy
2013-08-09 11:33:53 ----A---- C:\WINDOWS\system32\drivers\USBAUDIO.sys
2013-08-07 23:21:31 ----A---- C:\WINDOWS\system32\gdiplus.dll
2013-08-07 20:49:53 ----D---- C:\Documents and Settings\Roman\Application Data\Ableton
2013-08-07 20:49:10 ----A---- C:\WINDOWS\system32\REX Shared Library.dll
2013-08-07 20:49:10 ----A---- C:\WINDOWS\system32\ReWire.dll
2013-07-18 17:23:39 ----D---- C:\Documents and Settings\Roman\Application Data\Philips
2013-07-18 17:21:37 ----D---- C:\Documents and Settings\Roman\Application Data\Philips-Songbird
2013-07-18 17:21:29 ----A---- C:\WINDOWS\system32\DriverCoInstaller.dll
2013-07-18 17:21:26 ----A---- C:\WINDOWS\system32\rockusbCoInstaller.dll
2013-07-18 17:21:24 ----N---- C:\WINDOWS\system32\spmsgXP_2k3.dll
2013-07-18 17:20:55 ----D---- C:\Documents and Settings\All Users\Application Data\{F0489EF2-D393-4114-85BA-A94D71D89543}

======List of files/folders modified in the last 1 month======

2013-08-11 11:56:21 ----A---- C:\WINDOWS\wincmd.ini
2013-08-11 11:45:47 ----D---- C:\WINDOWS\system32
2013-08-11 11:45:46 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2013-08-11 11:41:45 ----D---- C:\WINDOWS
2013-08-11 09:16:20 ----A---- C:\WINDOWS\SchedLgU.Txt
2013-08-11 02:17:35 ----D---- C:\WINDOWS\Prefetch
2013-08-11 01:49:10 ----RD---- C:\Program Files
2013-08-11 01:45:10 ----D---- C:\Documents and Settings\Roman\Application Data\Winamp
2013-08-11 01:45:10 ----D---- C:\Documents and Settings\Roman\Application Data\DAEMON Tools Lite
2013-08-11 01:42:08 ----D---- C:\Program Files\CCleaner
2013-08-11 01:26:48 ----SHD---- C:\System Volume Information
2013-08-11 01:26:48 ----D---- C:\WINDOWS\system32\Restore
2013-08-11 01:24:36 ----D---- C:\WINDOWS\system32\drivers
2013-08-10 22:34:27 ----D---- C:\Documents and Settings
2013-08-10 20:41:42 ----D---- C:\WINDOWS\system32\CatRoot2
2013-08-10 17:58:37 ----A---- C:\WINDOWS\system.ini
2013-08-10 17:58:27 ----D---- C:\WINDOWS\system32\drivers\etc
2013-08-10 17:57:09 ----SD---- C:\WINDOWS\Tasks
2013-08-10 17:56:05 ----D---- C:\WINDOWS\AppPatch
2013-08-10 17:56:03 ----D---- C:\Program Files\Common Files
2013-08-10 17:21:55 ----RASH---- C:\boot.ini
2013-08-10 03:24:52 ----SHD---- C:\WINDOWS\Installer
2013-08-10 03:24:52 ----D---- C:\WINDOWS\WinSxS
2013-08-10 02:28:24 ----HD---- C:\WINDOWS\inf
2013-08-10 02:28:24 ----DC---- C:\WINDOWS\system32\DRVSTORE
2013-08-10 02:22:23 ----ASD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2013-08-10 02:22:22 ----AHD---- C:\Program Files\WindowsUpdate
2013-08-10 02:22:22 ----AD---- C:\Program Files\Common Files\System
2013-08-10 02:22:04 ----D---- C:\Program Files\Common Files\Microsoft Shared
2013-08-09 11:33:58 ----RSHDC---- C:\WINDOWS\system32\dllcache
2013-08-06 14:52:27 ----D---- C:\Documents and Settings\Roman\Application Data\Audacity
2013-08-04 21:48:34 ----D---- C:\Documents and Settings\Roman\Application Data\vlc
2013-07-29 10:43:20 ----D---- C:\Documents and Settings\Roman\Application Data\OpenOffice.org2
2013-07-19 10:15:31 ----D---- C:\WINDOWS\system32\CatRoot
2013-07-18 17:21:28 ----D---- C:\Program Files\DIFX
2013-07-18 16:31:08 ----D---- C:\WINDOWS\system32\drivers\UMDF

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 iaStor;Intel AHCI Controller; C:\WINDOWS\system32\DRIVERS\iaStor.sys [2007-09-30 308248]
R0 iastor3;iastor3; C:\WINDOWS\system32\drivers\iastor3.sys [2012-08-18 308248]
R0 mv61xxmm;mv61xxmm; C:\WINDOWS\system32\drivers\mv61xxmm.sys [2012-08-18 13616]
R0 mv64xxmm;mv64xxmm; C:\WINDOWS\system32\drivers\mv64xxmm.sys [2012-08-18 5632]
R0 mvxxmm;mvxxmm; C:\WINDOWS\system32\drivers\mvxxmm.sys [2012-08-18 13616]
R0 ohci1394;OHCI Compliant IEEE 1394 Host Controller; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2012-08-18 61824]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2011-03-04 45648]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
R1 APPDRV;APPDRV; C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS [2005-08-12 16128]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\WINDOWS\system32\DRIVERS\dtsoftbus01.sys [2013-04-20 242240]
R1 eamon;eamon; C:\WINDOWS\system32\DRIVERS\eamon.sys [2013-01-10 161368]
R1 ehdrv;ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [2013-01-10 122240]
R1 epfwtdi;epfwtdi; C:\WINDOWS\system32\DRIVERS\epfwtdi.sys [2013-02-14 62512]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2008-04-14 12032]
R2 epfw;epfw; C:\WINDOWS\system32\DRIVERS\epfw.sys [2013-01-10 150080]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2006-06-19 12672]
R2 rimmptsk;rimmptsk; C:\WINDOWS\system32\DRIVERS\rimmptsk.sys [2006-11-15 32256]
R2 rimsptsk;rimsptsk; C:\WINDOWS\system32\DRIVERS\rimsptsk.sys [2006-11-14 43520]
R2 rismxdp;Ricoh xD-Picture Card Driver; C:\WINDOWS\system32\DRIVERS\rixdptsk.sys [2006-11-14 37376]
R2 rspndr;Link-Layer Topology Discovery Responder; C:\WINDOWS\system32\DRIVERS\rspndr.sys [2012-08-18 62848]
R3 61883;61883 Unit Device; C:\WINDOWS\system32\DRIVERS\61883.sys [2008-04-13 48128]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2012-08-18 60800]
R3 Avc;AVC Device; C:\WINDOWS\system32\DRIVERS\avc.sys [2008-04-13 38912]
R3 BCM43XX;Ovladač bezdrátové karty Dell WLAN; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2007-10-09 1123328]
R3 BTKRNL;Bluetooth Bus Enumerator; C:\WINDOWS\system32\DRIVERS\btkrnl.sys [2007-03-31 876384]
R3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2007-03-23 67960]
R3 Epfwndis;Eset Personal Firewall; C:\WINDOWS\system32\DRIVERS\Epfwndis.sys [2013-01-10 40376]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-14 144384]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2006-11-02 989696]
R3 HSFHWAZL;HSFHWAZL; C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys [2006-11-02 209152]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2007-10-30 5851488]
R3 MAFW;MAFW; C:\WINDOWS\system32\DRIVERS\mafw.sys [2008-03-03 193032]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2012-08-18 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2012-08-18 61824]
R3 OEM02Dev;Creative Camera OEM002 Driver; C:\WINDOWS\system32\DRIVERS\OEM02Dev.sys [2007-07-18 235520]
R3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver; C:\WINDOWS\system32\DRIVERS\OEM02Vfx.sys [2007-03-05 7424]
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-14 79232]
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2007-05-10 1222840]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2007-04-27 202912]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2006-11-02 730112]
S2 adfs;adfs; C:\WINDOWS\system32\drivers\adfs.sys []
S3 b57w2k;BCM5701 Gigabit Ethernet; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2001-08-17 96640]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 PortTalk;PortTalk; C:\WINDOWS\System32\Drivers\PortTalk.sys [2002-01-12 3567]
S3 sffdisk;SFF Storage Class Driver; C:\WINDOWS\system32\DRIVERS\sffdisk.sys [2008-04-14 11904]
S3 sffp_sd;SFF Storage Protocol Driver for SDBus; C:\WINDOWS\system32\DRIVERS\sffp_sd.sys [2008-04-14 11008]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 UIUSys;Conexant Setup API; C:\WINDOWS\system32\DRIVERS\UIUSYS.SYS []
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 usbvideo;USB Video Device (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-13 121984]
S3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2008-03-27 503008]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:\WINDOWS\system32\DRIVERS\yk51x86.sys [2007-09-17 265856]
S4 exFat;exFat; C:\WINDOWS\system32\drivers\exFat.sys [2012-08-18 133632]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:\Program Files\Bonjour\mDNSResponder.exe [2006-02-28 229376]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2013-03-21 1341664]
R2 STacSV;SigmaTel Audio Service; C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\STacSV.exe [2007-05-10 94208]
R2 wltrysvc;Dell Wireless WLAN Tray Service; C:\WINDOWS\System32\WLTRYSVC.EXE [2007-10-09 24064]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-07-10 257416]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2013-05-20 654848]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2013-06-27 117144]
S4 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe [2007-05-17 260968]

-----------------EOF-----------------