VIRY.CZ

Dobrý den, už přes dva dny řeším problém s virem.
Popis problému: Při přihlášení přes vzdálenou plochu se při startu spustí userlogon.cmd, který následně spustí soubor taotao.com ten následně se přes ftp přihlásí na nějaká svůj server tam stáhne pár souborů (většinou viry) a ukončí se. Dále když pustím cmd, tak se taotao.com pustí také a udělá to samé. Dále se objevují na různých místech soubory s názvy hextau.exe, ontao.exe, sttao.exe a další všechny běží na pozadí. Dále tam občas jsou aplikace s náhodný názvem, které běží na pozadí a když jednu z nich zavřu tak se po chvilce spustí znova. Dále ve složce SysWOW64 bylo vytvořeno několik souborů a velikost 200mb a příponou vbs, byli vytvořeny ve stejnou dobu jako soubory, které k tomu viru patřili (123.exe atd.) a občas i nějaký nový přibil. A jedna se ve Správci úloh vždy objeví a zmizí a pořád dokola ale PID má pořád stejné, podařilo se mi je všechny naráz vypnout a pak už se nezapli. Pak jsem pustil Microsoft Safety Scanner, který našel hromadu infekcí a po následném restartu problémy zmizeli a poté jsem pustil Spyware Terminátor ten také toho dost našel a odebral a všechny problémy byly vyřešeny, druhý den jsem se přihlásil a všechno bylo jako minulý den, změnil jsem všem uživatelům hesla a postupuji jako jsem psal, plus přikládám log z RSIT.

Logfile of random's system information tool 1.09 (written by random/random)
Run by Administrator at 2011-07-16 14:02:10
Microsoft(R) Windows(R) Server 2003 Standard x64 Edition Service Pack 2
System drive C: has 898 MB (4%) free of 20 GB
Total RAM: 1023 MB (9% free)

HijackThis download failed

======Listing Processes======

\SystemRoot\System32\smss.exe
winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~2\APC\POWERC~1\agent\pbeagent.exe
C:\PROGRA~2\APC\POWERC~1\server\PBESER~1.EXE
C:\WINDOWS\System32\svchost.exe -k WinErr
C:\WINDOWS\system32\inetsrv\inetinfo.exe
"C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe"
"C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe" -s:MSSQL.1 -f:MSSQLSERVER
"C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sMSSQLSERVER
"C:\Program Files (x86)\Spyware Terminator\sp_rsser.exe"
"C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe"
C:\WINDOWS\System32\svchost.exe -k termsvcs
C:\WINDOWS\system32\lserver.exe
C:\WINDOWS\SysWOW64\svchost.exe -k "World Wide Web Publishing Service "
C:\WINDOWS\System32\svchost.exe -k iissvcs
"C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\SQLAGENT90.EXE" -i MSSQLSERVER
winlogon.exe
rdpclip
C:\WINDOWS\Explorer.EXE
"C:\WINDOWS\system32\ctfmon.exe"
"C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe"
"C:\WINDOWS\system32\ctfmon.exe"
C:\WINDOWS\System32\svchost.exe -k tapisrv
"C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe"
c:\windows\system32\inetsrv\w3wp.exe -a \\.\pipe\iisipm7cfaa5f6-0957-4471-ba3a-4c2a4d48a841 -t 20 -ap "DefaultAppPool"
RUNDLL32.EXE "C:\Program Files (x86)\NVIDIA\MHntEx.Dll" MyProc
RUNDLL32.EXE "C:\Program Files (x86)\NVIDIA\CTntEx.Dll" MyProc
RUNDLL32.EXE "C:\Program Files (x86)\NVIDIA\HWntEx.Dll" MyProc
RUNDLL32.EXE "C:\Program Files (x86)\NVIDIA\RCntEx.Dll" MyProc
RUNDLL32.EXE "C:\Program Files (x86)\NVIDIA\EFntEx.Dll" MyProc
RUNDLL32.EXE "C:\Program Files (x86)\NVIDIA\JMntEx.Dll" MyProc
RUNDLL32.EXE "C:\Program Files (x86)\NVIDIA\POntEx.Dll" MyProc
RUNDLL32.EXE "C:\Program Files (x86)\NVIDIA\ZWntEx.Dll" MyProc
RUNDLL32.EXE "C:\Program Files (x86)\NVIDIA\ZGntEx.Dll" MyProc
RUNDLL32.EXE "C:\Program Files (x86)\NVIDIA\MVntEx.Dll" MyProc
RUNDLL32.EXE "C:\Program Files (x86)\NVIDIA\PGntEx.Dll" MyProc
"C:\Documents and Settings\Administrator\Desktop\msert.exe"
"D:\data\New Folder\RSITx64.exe"

======Scheduled tasks folder======

C:\WINDOWS\tasks\At1.job
C:\WINDOWS\tasks\At10.job
C:\WINDOWS\tasks\At11.job
C:\WINDOWS\tasks\At12.job
C:\WINDOWS\tasks\At13.job
C:\WINDOWS\tasks\At14.job
C:\WINDOWS\tasks\At15.job
C:\WINDOWS\tasks\At16.job
C:\WINDOWS\tasks\At17.job
C:\WINDOWS\tasks\At18.job
C:\WINDOWS\tasks\At19.job
C:\WINDOWS\tasks\At2.job
C:\WINDOWS\tasks\At20.job
C:\WINDOWS\tasks\At3.job
C:\WINDOWS\tasks\At4.job
C:\WINDOWS\tasks\At5.job
C:\WINDOWS\tasks\At6.job
C:\WINDOWS\tasks\At7.job
C:\WINDOWS\tasks\At8.job
C:\WINDOWS\tasks\At9.job
C:\WINDOWS\tasks\backup-srv.job
C:\WINDOWS\tasks\backup-usr.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Podpora odkazu pro Adobe PDF Reader - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BA1B62CC-6D79-4901-B6A2-409F98906E9D}]
CFffPlayer Object - C:\WINDOWS\SysWow64\cd2o.dll []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2007-02-18 20992]
"SpywareTerminatorUpdate"=C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe [2011-07-15 3318784]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"SpywareTerminator"=C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe [2011-07-15 2557440]
"BDX"=C:\WINDOWS\BDQX_Beta5.EXE []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
C:\WINDOWS\system32\crypt32.dll [2007-02-18 1429504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
C:\WINDOWS\system32\cryptnet.dll [2007-02-18 111104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
C:\WINDOWS\system32\cscdll.dll [2007-02-18 155136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dimsntfy]
C:\WINDOWS\system32\dimsntfy.dll [2007-02-18 28672]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
C:\WINDOWS\system32\wlnotify.dll [2007-02-18 152064]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
C:\WINDOWS\system32\wlnotify.dll [2007-02-18 152064]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
C:\WINDOWS\system32\sclgntfy.dll [2007-02-18 27648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
C:\WINDOWS\system32\WlNotify.dll [2007-02-18 152064]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
C:\WINDOWS\system32\wlnotify.dll [2007-02-18 152064]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
C:\WINDOWS\system32\wlnotify.dll [2007-02-18 152064]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\SHELL32.dll [2011-01-22 10510336]
CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\SHELL32.dll [2011-01-22 10510336]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll [2009-03-08 304640]
SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll [2007-02-18 145920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler]
Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll [2007-02-18 1605120]
Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll [2007-02-18 1605120]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=C:\WINDOWS\system32\shell32.dll [2011-01-22 10510336]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=C:\WINDOWS\system32\shell32.dll [2011-01-22 10510336]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=RASSFM
KDCSVC
WDIGEST
scecli

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppMgmt]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Base]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot Bus Extender]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot file system]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CryptSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DcomLaunch]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmadmin]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmboot.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmio.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmload.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmserver]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EventLog]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Filter]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HelpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Netlogon]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PCI Configuration]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PlugPlay]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PNP Filter]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Primary disk]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcSs]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SCSI Class]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sermouse.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\System Bus Extender]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vga.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wd.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinMgmt]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{36FC9E60-C465-11CF-8056-444553540000}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E965-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E969-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E977-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97B-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E980-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AppMgmt]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Base]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Boot Bus Extender]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Boot file system]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Browser]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\CryptSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\DcomLaunch]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Dhcp]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\dmadmin]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\dmboot.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\dmio.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\dmload.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\dmserver]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\DnsCache]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\EventLog]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\File system]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Filter]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\HelpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ip6fw.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ipnat.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\LanmanServer]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\LanmanWorkstation]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\LmHosts]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Messenger]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NDIS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NDIS Wrapper]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Ndisuio]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetBIOS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetBIOSGroup]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetBT]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetDDEGroup]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Netlogon]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetMan]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Network]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetworkProvider]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NtLmSsp]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PCI Configuration]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PlugPlay]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PNP Filter]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PNP_TDI]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Primary disk]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\rdpcdd.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\rdpdd.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\rdpwd.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\rdsessmgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\RpcSs]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sacsvr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SCSI Class]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sermouse.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SharedAccess]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Streams Drivers]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\System Bus Extender]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Tcpip]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TDI]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\tdpipe.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\tdtcp.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\termservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vds]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vga.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vgasave.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinMgmt]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WZCSVC]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{36FC9E60-C465-11CF-8056-444553540000}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E965-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E969-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E96A-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E96B-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E96F-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E972-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E973-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E974-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E975-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E977-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E97B-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E97D-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E980-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"disablecad"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=0
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0
"ShowSuperHidden"=1
"HonorAutoRunSetting"=1
"NoActiveDesktop"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sethc.exe]
"Debugger="C:\WINDOWS\system32\taskmgr.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.i420"=msh263.drv
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv

======List of files/folders created in the last 1 month======

2011-07-16 14:02:11 ----D---- C:\Program Files\trend micro
2011-07-16 14:02:10 ----D---- C:\rsit
2011-07-16 13:46:03 ----A---- C:\WINDOWS\system32\hex360rp.exe
2011-07-16 13:44:06 ----A---- C:\WINDOWS\system32\st360rp.exe
2011-07-16 13:43:51 ----A---- C:\WINDOWS\system32\boot360rp.exe
2011-07-16 13:43:49 ----A---- C:\xp360rp.exe
2011-07-16 13:42:21 ----D---- C:\WINDOWS\LastGood
2011-07-16 13:19:49 ----A---- C:\WINDOWS\system32\gouri.bat
2011-07-16 13:19:47 ----A---- C:\WINDOWS\system32\sb.dat
2011-07-16 12:45:26 ----A---- C:\WINDOWS\system32\hex123.exe
2011-07-16 12:44:38 ----A---- C:\WINDOWS\system32\xp123.exe
2011-07-16 11:21:39 ----A---- C:\WINDOWS\system32\stserver.exe
2011-07-16 11:21:17 ----A---- C:\WINDOWS\system32\bootserver.exe
2011-07-16 10:19:34 ----A---- C:\WINDOWS\system32\zytao.exe
2011-07-16 07:59:34 ----A---- C:\WINDOWS\system32\taotao.com
2011-07-16 07:44:31 ----A---- C:\WINDOWS\system32\sttao.exe
2011-07-16 07:40:43 ----A---- C:\WINDOWS\system32\hex110.exe
2011-07-16 07:40:12 ----A---- C:\WINDOWS\SYSWOW64\fuftsm.exe
2011-07-16 07:40:06 ----A---- C:\WINDOWS\system32\st110.exe
2011-07-16 07:40:04 ----A---- C:\WINDOWS\system32\zy110.exe
2011-07-16 07:39:55 ----A---- C:\WINDOWS\system32\on110.exe
2011-07-16 07:39:51 ----A---- C:\WINDOWS\system32\onf110.dat
2011-07-16 06:32:53 ----HD---- C:\Program Files (x86)\NVIDIA
2011-07-16 06:32:34 ----A---- C:\WINDOWS\system32\xp360rp.exe
2011-07-16 06:00:07 ----A---- C:\WINDOWS\SYSWOW64\lgrhmu.exe
2011-07-16 04:04:36 ----A---- C:\WINDOWS\system32\WC.DAT
2011-07-16 04:04:19 ----A---- C:\WINDOWS\system32\windows321.sys
2011-07-16 01:58:49 ----A---- C:\WINDOWS\SYSWOW64\Nod32.ini
2011-07-16 01:58:15 ----A---- C:\WINDOWS\system32\xpserver.exe
2011-07-16 01:43:05 ----A---- C:\WINDOWS\system32\ontao.exe
2011-07-16 00:32:47 ----A---- C:\WINDOWS\system32\hextao.exe
2011-07-16 00:31:24 ----A---- C:\WINDOWS\system32\onftao.dat
2011-07-16 00:03:05 ----D---- C:\Program Files (x86)\WinClamAVShield
2011-07-15 22:59:49 ----D---- C:\Program Files (x86)\Dsio
2011-07-15 21:52:02 ----O---- C:\WINDOWS\SYSWOW64\FileName.dll
2011-07-15 21:51:58 ----A---- C:\WINDOWS\temp680600.dll
2011-07-15 21:51:58 ----A---- C:\WINDOWS\temp645000.dll
2011-07-15 21:51:57 ----A---- C:\WINDOWS\temp221400.dll
2011-07-15 19:44:19 ----D---- C:\WINDOWS\system32\iSql
2011-07-15 18:53:17 ----D---- C:\WINDOWS\system32\MpEngineStore
2011-07-15 14:44:38 ----D---- C:\Documents and Settings\Administrator\Application Data\Spyware Terminator
2011-07-15 14:44:34 ----D---- C:\Documents and Settings\All Users\Application Data\Spyware Terminator
2011-07-15 14:44:33 ----D---- C:\Program Files (x86)\Spyware Terminator
2011-07-15 13:55:53 ----D---- C:\WINDOWS\Madir
2011-07-15 13:55:34 ----D---- C:\WINDOWS\Mddie
2011-07-14 13:55:57 ----D---- C:\Program Files (x86)\Ocrm
2011-07-14 10:14:29 ----D---- C:\WINDOWS\pss
2011-07-14 08:29:29 ----D---- C:\Documents and Settings\All Users\Application Data\ETIHXYW
2011-07-14 08:29:20 ----D---- C:\Documents and Settings\All Users\Application Data\BCQHZTU
2011-07-14 08:05:19 ----D---- C:\Documents and Settings\All Users\Application Data\JAOZREI
2011-07-14 08:04:54 ----D---- C:\Documents and Settings\All Users\Application Data\SQJDEXH
2011-07-13 17:45:27 ----D---- C:\Documents and Settings\All Users\Application Data\JOSGMYM
2011-07-13 17:45:14 ----D---- C:\Documents and Settings\All Users\Application Data\HBSTRWO
2011-07-13 16:53:16 ----D---- C:\WINDOWS\Meeie
2011-07-13 16:06:44 ----D---- C:\Documents and Settings\All Users\Application Data\Google
2011-07-13 16:06:26 ----D---- C:\Program Files (x86)\uusee
2011-07-13 16:05:20 ----D---- C:\Program Files (x86)\Tqnjic Pmeyycru
2011-07-13 16:05:20 ----D---- C:\Program Files (x86)\Mvyxwikbmd
2011-07-13 16:04:39 ----D---- C:\Program Files (x86)\Messenger
2011-07-13 16:04:20 ----D---- C:\WINDOWS\Medir
2011-07-13 16:04:14 ----A---- C:\WINDOWS\SYSWOW64\sfc_my.dll
2011-07-13 16:04:13 ----D---- C:\WINDOWS\Medie
2011-07-13 12:58:55 ----A---- C:\WINDOWS\system32\ws.exe
2011-07-13 12:46:44 ----A---- C:\WINDOWS\system32\p.exe
2011-07-13 12:46:44 ----A---- C:\WINDOWS\system32\cs.exe
2011-07-13 09:30:12 ----D---- C:\Documents and Settings\All Users\Application Data\ZYKYOIX
2011-07-13 09:30:00 ----D---- C:\Documents and Settings\All Users\Application Data\GZVKHKB
2011-07-13 08:40:33 ----D---- C:\Program Files\MSDN
2011-07-13 01:14:54 ----D---- C:\Documents and Settings\All Users\Application Data\IOOQYPN
2011-07-13 01:14:38 ----D---- C:\Documents and Settings\All Users\Application Data\YFHNOKS
2011-07-12 19:19:58 ----D---- C:\WINDOWS\Mkdirr
2011-07-12 13:34:27 ----D---- C:\Documents and Settings\All Users\Application Data\Storm
2011-07-12 12:18:24 ----D---- C:\Program Files\%Program Files%
2011-07-12 10:26:43 ----A---- C:\Program Files\Garss.exe
2011-07-04 06:22:45 ----D---- C:\Documents and Settings\Administrator\Application Data\Adobe
2011-07-04 06:22:02 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2011-07-04 06:21:56 ----D---- C:\Program Files (x86)\Adobe

======List of files/folders modified in the last 1 month======

2011-07-16 14:02:11 ----RD---- C:\Program Files
2011-07-16 14:01:59 ----D---- C:\WINDOWS\system32
2011-07-16 14:01:59 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2011-07-16 13:56:21 ----D---- C:\WINDOWS\system32\inetsrv
2011-07-16 13:49:01 ----D---- C:\WINDOWS\Temp
2011-07-16 13:47:08 ----SHD---- C:\RECYCLER
2011-07-16 13:42:33 ----D---- C:\WINDOWS
2011-07-16 13:42:22 ----D---- C:\WINDOWS\inf
2011-07-16 13:42:19 ----D---- C:\WINDOWS\system32\CatRoot2
2011-07-16 13:42:09 ----D---- C:\WINDOWS\system32\LServer
2011-07-16 13:42:08 ----HD---- C:\WINDOWS\SysWOW64
2011-07-16 13:34:21 ----D---- C:\WINDOWS\system32\drivers
2011-07-16 13:31:04 ----D---- C:\WINDOWS\SYSWOW64\Drivers
2011-07-16 13:05:52 ----D---- C:\WINDOWS\system32\config
2011-07-16 12:55:08 ----D---- C:\Documents and Settings
2011-07-16 09:56:46 ----D---- C:\Program Files (x86)\Common Files
2011-07-16 06:32:53 ----SHD---- C:\Program Files (x86)
2011-07-16 01:59:29 ----RSHDC---- C:\WINDOWS\system32\dllcache
2011-07-15 20:19:12 ----D---- C:\WINDOWS\security
2011-07-15 16:29:13 ----D---- C:\WINDOWS\system32\1025
2011-07-14 23:09:54 ----A---- C:\WINDOWS\win.ini
2011-07-14 23:09:54 ----A---- C:\WINDOWS\system.ini
2011-07-14 08:40:02 ----SD---- C:\WINDOWS\Tasks
2011-07-14 08:31:24 ----D---- C:\WINDOWS\system32\NtmsData
2011-07-14 08:29:46 ----A---- C:\WINDOWS\SYSWOW64\ComRes.dll
2011-07-14 08:28:44 ----A---- C:\WINDOWS\OEWABLog.txt
2011-07-04 06:25:32 ----D---- C:\Documents and Settings\Administrator\Application Data\OpenOffice.org2
2011-07-04 06:22:38 ----SHD---- C:\WINDOWS\Installer
2011-07-01 10:31:30 ----A---- C:\WINDOWS\system32\MRT.exe
2011-06-23 22:43:54 ----D---- C:\WINDOWS\Microsoft.NET
2011-06-23 22:43:41 ----RSD---- C:\WINDOWS\assembly
2011-06-23 21:50:40 ----HD---- C:\WINDOWS\$hf_mig$
2011-06-23 21:50:36 ----A---- C:\WINDOWS\imsins.BAK
2011-06-23 21:48:20 ----D---- C:\WINDOWS\WinSxS
2011-06-23 21:41:34 ----D---- C:\Program Files\Internet Explorer
2011-06-23 21:41:34 ----D---- C:\Program Files (x86)\Internet Explorer

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 aarich;aarich; C:\WINDOWS\system32\drivers\aarich.sys [2007-04-30 344064]
R0 ACPI;Microsoft ACPI Driver; C:\WINDOWS\system32\DRIVERS\ACPI.sys [2007-02-18 322560]
R0 atapi;Standard IDE/ESDI Hard Disk Controller; C:\WINDOWS\system32\DRIVERS\atapi.sys [2007-02-18 150016]
R0 Compbatt;Microsoft Composite Battery Driver; C:\WINDOWS\system32\DRIVERS\compbatt.sys [2007-02-17 15488]
R0 crcdisk;CRC Disk Filter Driver; C:\WINDOWS\system32\DRIVERS\crcdisk.sys [2005-03-24 19968]
R0 DfsDriver;DfsDriver; C:\WINDOWS\system32\drivers\Dfs.sys [2007-02-18 52736]
R0 Disk;Disk Driver; C:\WINDOWS\system32\DRIVERS\disk.sys [2007-02-18 63488]
R0 dmio;Logical Disk Manager Driver; C:\WINDOWS\System32\drivers\dmio.sys [2007-02-18 244224]
R0 dmload;dmload; C:\WINDOWS\System32\drivers\dmload.sys [2007-02-18 9216]
R0 FltMgr;FltMgr; C:\WINDOWS\system32\DRIVERS\fltMgr.sys [2007-02-18 227328]
R0 Ftdisk;Volume Manager Driver; C:\WINDOWS\system32\DRIVERS\ftdisk.sys [2007-02-18 240128]
R0 IntelIde;IntelIde; C:\WINDOWS\system32\DRIVERS\intelide.sys [2005-03-24 9216]
R0 isapnp;PnP ISA/EISA Bus Driver; C:\WINDOWS\system32\DRIVERS\isapnp.sys [2007-02-18 14336]
R0 KSecDD;KSecDD; C:\WINDOWS\system32\drivers\KSecDD.sys [2009-06-16 190464]
R0 MountMgr;Mount Point Manager; C:\WINDOWS\system32\drivers\MountMgr.sys [2007-02-18 72192]
R0 Mup;Mup; C:\WINDOWS\system32\drivers\Mup.sys [2011-04-13 179200]
R0 NDIS;NDIS System Driver; C:\WINDOWS\system32\drivers\NDIS.sys [2007-02-18 361984]
R0 PartMgr;Partition Manager; C:\WINDOWS\system32\drivers\PartMgr.sys [2007-02-18 45056]
R0 PCI;PCI Bus Driver; C:\WINDOWS\system32\DRIVERS\pci.sys [2007-02-18 115200]
R0 PCIIde;PCIIde; C:\WINDOWS\system32\drivers\PCIIde.sys [2007-02-18 6144]
R0 VolSnap;Storage volumes; C:\WINDOWS\system32\DRIVERS\volsnap.sys [2007-02-18 288768]
R1 AFD;AFD; C:\WINDOWS\System32\drivers\afd.sys [2011-02-11 291840]
R1 Beep;Beep; C:\WINDOWS\system32\drivers\Beep.sys [2007-02-18 6144]
R1 Cdrom;CD-ROM Driver; C:\WINDOWS\system32\DRIVERS\cdrom.sys [2007-02-18 77312]
R1 Fips;Fips; C:\WINDOWS\system32\drivers\Fips.sys [2007-02-18 50176]
R1 i8042prt;i8042 Keyboard and PS/2 Mouse Port Driver; C:\WINDOWS\system32\DRIVERS\i8042prt.sys [2007-02-18 93184]
R1 IPSec;IPSEC driver; C:\WINDOWS\system32\DRIVERS\ipsec.sys [2007-02-18 156672]
R1 Kbdclass;Keyboard Class Driver; C:\WINDOWS\system32\DRIVERS\kbdclass.sys [2007-02-18 36864]
R1 mnmdd;mnmdd; C:\WINDOWS\system32\drivers\mnmdd.sys [2007-02-18 8192]
R1 Mouclass;Mouse Class Driver; C:\WINDOWS\system32\DRIVERS\mouclass.sys [2007-02-18 33792]
R1 MRxSmb;MRXSMB; C:\WINDOWS\system32\DRIVERS\mrxsmb.sys [2011-05-02 787968]
R1 Msfs;Msfs; C:\WINDOWS\system32\drivers\Msfs.sys [2007-02-18 32768]
R1 NetBIOS;NetBIOS Interface; C:\WINDOWS\system32\DRIVERS\netbios.sys [2007-02-18 53760]
R1 NetBT;NetBios over Tcpip; C:\WINDOWS\system32\DRIVERS\netbt.sys [2007-02-18 347136]
R1 Npfs;Npfs; C:\WINDOWS\system32\drivers\Npfs.sys [2007-02-18 56832]
R1 Null;Null; C:\WINDOWS\system32\drivers\Null.sys [2007-02-18 5632]
R1 RasAcd;Remote Access Auto Connection Driver; C:\WINDOWS\system32\DRIVERS\rasacd.sys [2007-02-18 18432]
R1 Rdbss;Rdbss; C:\WINDOWS\system32\DRIVERS\rdbss.sys [2010-02-25 309248]
R1 RDPCDD;RDPCDD; C:\WINDOWS\System32\DRIVERS\RDPCDD.sys [2007-02-18 7680]
R1 redbook;Digital CD Audio Playback Filter Driver; C:\WINDOWS\system32\DRIVERS\redbook.sys [2005-03-24 64000]
R1 Serial;Serial port driver; C:\WINDOWS\system32\DRIVERS\serial.sys [2007-02-18 121344]
R1 Tcpip;TCP/IP Protocol Driver; C:\WINDOWS\system32\DRIVERS\tcpip.sys [2009-08-15 781824]
R1 VgaSave;VGA Display Controller.; C:\WINDOWS\System32\drivers\vga.sys [2007-02-18 32768]
R2 CdaC15BA;CdaC15BA; C:\WINDOWS\system32\DRIVERS\CdaC15BA.sys [2007-02-18 13312]
R2 CdaD10BA;CdaD10BA; C:\WINDOWS\system32\DRIVERS\CdaD10BA.sys [2007-02-18 13312]
R2 Secdrv;Security Driver; C:\WINDOWS\system32\DRIVERS\secdrv.sys [2007-11-14 23040]
R2 TermDD;Terminal Device Driver; C:\WINDOWS\system32\DRIVERS\termdd.sys [2007-02-17 69768]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2007-02-17 1452544]
R3 audstub;Audio Stub Driver; C:\WINDOWS\system32\DRIVERS\audstub.sys [2005-03-24 5632]
R3 b57nd;Broadcom NetXtreme Gigabit Ethernet; C:\WINDOWS\system32\DRIVERS\b57amd64.sys [2006-07-10 253952]
R3 Fdc;Floppy Disk Controller Driver; C:\WINDOWS\system32\DRIVERS\fdc.sys [2007-02-18 36352]
R3 Flpydisk;Floppy Disk Driver; C:\WINDOWS\system32\DRIVERS\flpydisk.sys [2007-02-18 32256]
R3 Gpc;Generic Packet Classifier; C:\WINDOWS\system32\DRIVERS\msgpc.sys [2007-02-18 71168]
R3 HTTP;HTTP; C:\WINDOWS\System32\Drivers\HTTP.sys [2010-04-19 562176]
R3 ibmasr64;IBM (Version 1.00) x64 Automatic Server Restart; C:\WINDOWS\system32\DRIVERS\ibmasr64.sys [2005-01-26 14848]
R3 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2007-02-18 49152]
R3 ksthunk;Kernel Streaming WOW64 Thunk Service; C:\WINDOWS\system32\drivers\ksthunk.sys [2007-02-18 24192]
R3 mssmbios;Microsoft System Management BIOS Driver; C:\WINDOWS\system32\DRIVERS\mssmbios.sys [2007-02-18 29696]
R3 NdisTapi;Remote Access NDIS TAPI Driver; C:\WINDOWS\system32\DRIVERS\ndistapi.sys [2007-02-18 15872]
R3 Ndisuio;NDIS Usermode I/O Protocol; C:\WINDOWS\system32\DRIVERS\ndisuio.sys [2007-02-18 28160]
R3 NdisWan;Remote Access NDIS WAN Driver; C:\WINDOWS\system32\DRIVERS\ndiswan.sys [2007-02-18 161280]
R3 NDProxy;NDIS Proxy; C:\WINDOWS\system32\drivers\NDProxy.sys [2010-11-04 66048]
R3 Parport;Parallel port driver; C:\WINDOWS\system32\DRIVERS\parport.sys [2007-02-18 135680]
R3 PptpMiniport;WAN Miniport (PPTP); C:\WINDOWS\system32\DRIVERS\raspptp.sys [2007-02-18 120320]
R3 Ptilink;Direct Parallel Link Driver; C:\WINDOWS\system32\DRIVERS\ptilink.sys [2007-02-18 31232]
R3 Rasl2tp;WAN Miniport (L2TP); C:\WINDOWS\system32\DRIVERS\rasl2tp.sys [2007-02-18 135168]
R3 RasPppoe;Remote Access PPPOE Driver; C:\WINDOWS\system32\DRIVERS\raspppoe.sys [2007-02-18 69120]
R3 Raspti;Direct Parallel; C:\WINDOWS\system32\DRIVERS\raspti.sys [2007-02-18 31232]
R3 rdpdr;Terminal Server Device Redirector Driver; C:\WINDOWS\system32\DRIVERS\rdpdr.sys [2007-02-17 333824]
R3 RDPWD;RDPWD; C:\WINDOWS\system32\drivers\RDPWD.sys [2007-02-18 230536]
R3 serenum;Serenum Filter Driver; C:\WINDOWS\system32\DRIVERS\serenum.sys [2007-02-18 27648]
R3 Srv;Srv; C:\WINDOWS\system32\DRIVERS\srv.sys [2011-02-18 674816]
R3 swenum;Software Bus Driver; C:\WINDOWS\system32\DRIVERS\swenum.sys [2007-02-18 5120]
R3 TDTCP;TDTCP; C:\WINDOWS\system32\drivers\TDTCP.sys [2007-02-18 37512]
R3 Update;Microcode Update Driver; C:\WINDOWS\system32\DRIVERS\update.sys [2007-05-30 152576]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2007-02-18 44160]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2007-02-18 102400]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2007-02-18 32512]
R3 Wanarp;Remote Access IP ARP Driver; C:\WINDOWS\system32\DRIVERS\wanarp.sys [2007-02-18 55296]
R4 Cdfs;Cdfs; C:\WINDOWS\system32\drivers\Cdfs.sys [2007-02-18 113152]
R4 Fastfat;Fastfat; C:\WINDOWS\system32\drivers\Fastfat.sys [2007-02-18 247808]
R4 Ntfs;Ntfs; C:\WINDOWS\system32\drivers\Ntfs.sys [2007-02-18 1041920]
S0 AACmgt;AACmgt; C:\WINDOWS\system32\drivers\AACmgt.sys []
S1 Changer;Changer; C:\WINDOWS\system32\drivers\Changer.sys []
S1 i2omgmt;i2omgmt; C:\WINDOWS\system32\drivers\i2omgmt.sys []
S1 imapi;CD-Burning Filter Driver; C:\WINDOWS\system32\DRIVERS\imapi.sys [2007-02-18 72704]
S1 Sfloppy;Sfloppy; C:\WINDOWS\system32\drivers\Sfloppy.sys [2007-02-18 17920]
S2 DgiVecp;DgiVecp; \??\C:\WINDOWS\system32\Drivers\DgiVecp.sys []
S2 nktxth;nktxth; \??\C:\Documents and Settings\All Users\Application Data\JAOZREI\nktxth.bin []
S2 olfthp;olfthp; \??\C:\Documents and Settings\All Users\Application Data\ETIHXYW\olfthp.bin []
S2 rttuxq;rttuxq; \??\C:\Documents and Settings\All Users\Application Data\SQJDEXH\rttuxq.bin []
S2 SSPORT;SSPORT; \??\C:\WINDOWS\system32\Drivers\SSPORT.sys []
S3 AsyncMac;RAS Asynchronous Media Driver; C:\WINDOWS\system32\DRIVERS\asyncmac.sys [2007-02-18 25088]
S3 Atmarpc;ATM ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\atmarpc.sys [2007-02-18 106496]
S3 HidBatt;HID UPS Battery Driver; C:\WINDOWS\system32\DRIVERS\HidBatt.sys [2007-02-17 35840]
S3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2007-02-18 18944]
S3 Ip6Fw;IPv6 Windows Firewall Driver; C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys [2007-02-18 57856]
S3 IpFilterDriver;IP Traffic Filter Driver; C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys [2007-02-18 49664]
S3 IpNat;IP Network Address Translator; C:\WINDOWS\system32\DRIVERS\ipnat.sys [2007-02-18 180736]
S3 IRENUM;IR Enumerator Service; C:\WINDOWS\system32\DRIVERS\irenum.sys [2007-02-17 19456]
S3 Modem;Modem; C:\WINDOWS\system32\drivers\Modem.sys [2007-02-18 49664]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2007-02-18 19456]
S3 MRxDAV;WebDav Client Redirector; C:\WINDOWS\system32\DRIVERS\mrxdav.sys [2008-01-21 273408]
S3 PDCOMP;PDCOMP; C:\WINDOWS\system32\drivers\PDCOMP.sys []
S3 PDFRAME;PDFRAME; C:\WINDOWS\system32\drivers\PDFRAME.sys []
S3 PDRELI;PDRELI; C:\WINDOWS\system32\drivers\PDRELI.sys []
S3 PDRFRAME;PDRFRAME; C:\WINDOWS\system32\drivers\PDRFRAME.sys []
S3 TDPIPE;TDPIPE; C:\WINDOWS\system32\drivers\TDPIPE.sys [2007-02-18 20616]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2007-02-17 48128]
S3 vncmirror;vncmirror; C:\WINDOWS\system32\DRIVERS\vncmirror.sys [2007-08-14 4608]
S3 WDICA;WDICA; C:\WINDOWS\system32\drivers\WDICA.sys []
S3 WLBS;Network Load Balancing; C:\WINDOWS\system32\DRIVERS\wlbs.sys [2007-02-18 280576]
S4 Abiosdsk;Abiosdsk; C:\WINDOWS\system32\drivers\Abiosdsk.sys []
S4 ACPIEC;ACPIEC; C:\WINDOWS\system32\drivers\ACPIEC.sys [2007-02-18 18432]
S4 adpu160m;adpu160m; C:\WINDOWS\system32\drivers\adpu160m.sys []
S4 adpu320;adpu320; C:\WINDOWS\system32\drivers\adpu320.sys []
S4 aic78u2;aic78u2; C:\WINDOWS\system32\drivers\aic78u2.sys []
S4 aic78xx;aic78xx; C:\WINDOWS\system32\drivers\aic78xx.sys []
S4 AliIde;AliIde; C:\WINDOWS\system32\drivers\AliIde.sys []
S4 AmdIde;AmdIde; C:\WINDOWS\system32\drivers\AmdIde.sys []
S4 arc;arc; C:\WINDOWS\system32\drivers\arc.sys []
S4 Atdisk;Atdisk; C:\WINDOWS\system32\drivers\Atdisk.sys []
S4 ClusDisk;Cluster Disk Driver; C:\WINDOWS\system32\DRIVERS\ClusDisk.sys [2007-02-18 112640]
S4 CmdIde;CmdIde; C:\WINDOWS\system32\drivers\CmdIde.sys []
S4 cpqcissm;cpqcissm; C:\WINDOWS\system32\drivers\cpqcissm.sys []
S4 dmboot;dmboot; C:\WINDOWS\System32\drivers\dmboot.sys [2007-02-18 415232]
S4 dpti2o;dpti2o; C:\WINDOWS\system32\drivers\dpti2o.sys []
S4 elxstor;elxstor; C:\WINDOWS\system32\drivers\elxstor.sys []
S4 hpcisss;hpcisss; C:\WINDOWS\system32\drivers\hpcisss.sys []
S4 iirsp;iirsp; C:\WINDOWS\system32\drivers\iirsp.sys []
S4 lp6nds35;lp6nds35; C:\WINDOWS\system32\drivers\lp6nds35.sys []
S4 mraid35x;mraid35x; C:\WINDOWS\system32\drivers\mraid35x.sys []
S4 nfrd960;nfrd960; C:\WINDOWS\system32\drivers\nfrd960.sys []
S4 Pcmcia;Pcmcia; C:\WINDOWS\system32\drivers\Pcmcia.sys [2007-02-18 188416]
S4 ql2300;ql2300; C:\WINDOWS\system32\drivers\ql2300.sys []
S4 Simbad;Simbad; C:\WINDOWS\system32\drivers\Simbad.sys []
S4 sym_hi;sym_hi; C:\WINDOWS\system32\drivers\sym_hi.sys []
S4 sym_u3;sym_u3; C:\WINDOWS\system32\drivers\sym_u3.sys []
S4 symc8xx;symc8xx; C:\WINDOWS\system32\drivers\symc8xx.sys []
S4 symmpi;symmpi; C:\WINDOWS\system32\drivers\symmpi.sys []
S4 TosIde;TosIde; C:\WINDOWS\system32\drivers\TosIde.sys []
S4 Udfs;Udfs; C:\WINDOWS\system32\drivers\Udfs.sys [2007-02-18 107520]
S4 ultra;ultra; C:\WINDOWS\system32\drivers\ultra.sys []
S4 ViaIde;ViaIde; C:\WINDOWS\system32\drivers\ViaIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AeLookupSvc;Application Experience Lookup Service; C:\WINDOWS\system32\svchost.exe [2007-02-18 25600]
R2 APCPBEAgent;APC PBE Agent; C:\PROGRA~2\APC\POWERC~1\agent\pbeagent.exe [2005-04-14 28672]
R2 APCPBEServer;APC PBE Server; C:\PROGRA~2\APC\POWERC~1\server\PBESER~1.EXE [2005-04-14 45134]
R2 AudioSrv;Windows Audio; C:\WINDOWS\System32\svchost.exe [2007-02-18 25600]
R2 Browser;Computer Browser; C:\WINDOWS\system32\svchost.exe [2007-02-18 25600]
R2 CryptSvc;Cryptographic Services; C:\WINDOWS\system32\svchost.exe [2007-02-18 25600]
R2 DcomLaunch;DCOM Server Process Launcher; C:\WINDOWS\system32\svchost.exe [2007-02-18 25600]
R2 Dhcp;DHCP Client; C:\WINDOWS\system32\svchost.exe [2007-02-18 25600]
R2 dmserver;Logical Disk Manager; C:\WINDOWS\System32\svchost.exe [2007-02-18 25600]
R2 Dnscache;DNS Client; C:\WINDOWS\system32\svchost.exe [2007-02-18 25600]
R2 ERSvc;Error Reporting Service; C:\WINDOWS\System32\svchost.exe [2007-02-18 25600]
R2 EventSystem;COM+ Event System; C:\WINDOWS\system32\svchost.exe [2007-02-18 25600]
R2 helpsvc;Help and Support; C:\WINDOWS\System32\svchost.exe [2007-02-18 25600]
R2 IISADMIN;IIS Admin Service; C:\WINDOWS\system32\inetsrv\inetinfo.exe [2007-02-18 17920]
R2 lanmanserver;Server; C:\WINDOWS\system32\svchost.exe [2007-02-18 25600]
R2 lanmanworkstation;Workstation; C:\WINDOWS\system32\svchost.exe [2007-02-18 25600]
R2 LmHosts;TCP/IP NetBIOS Helper; C:\WINDOWS\system32\svchost.exe [2007-02-18 25600]
R2 MDM;Machine Debug Manager; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [2006-10-26 335872]
R2 MSDTC;Distributed Transaction Coordinator; C:\WINDOWS\system32\msdtc.exe [2008-07-24 6656]
R2 MsDtsServer;SQL Server Integration Services; C:\Program Files\Microsoft SQL Server\90\DTS\Binn\MsDtsSrvr.exe [2006-05-09 199456]
R2 msftesql;SQL Server FullText Search (MSSQLSERVER); C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe [2006-02-14 155856]
R2 MSSQLSERVER;SQL Server (MSSQLSERVER); C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2006-05-09 39241504]
R2 PlugPlay;Plug and Play; C:\WINDOWS\system32\services.exe [2009-03-19 227840]
R2 PolicyAgent;IPSEC Services; C:\WINDOWS\system32\lsass.exe [2007-02-18 14336]
R2 ProtectedStorage;Protected Storage; C:\WINDOWS\system32\lsass.exe [2007-02-18 14336]
R2 RemoteRegistry;Remote Registry; C:\WINDOWS\system32\svchost.exe [2007-02-18 25600]
R2 RpcSs;Remote Procedure Call (RPC); C:\WINDOWS\system32\svchost.exe [2007-02-18 25600]
R2 SamSs;Security Accounts Manager; C:\WINDOWS\system32\lsass.exe [2007-02-18 14336]
R2 seclogon;Secondary Logon; C:\WINDOWS\System32\svchost.exe [2007-02-18 25600]
R2 SENS;System Event Notification; C:\WINDOWS\system32\svchost.exe [2007-02-18 25600]
R2 ShellHWDetection;Shell Hardware Detection; C:\WINDOWS\System32\svchost.exe [2007-02-18 25600]
R2 sp_rssrv;Spyware Terminator Realtime Shield Service; C:\Program Files (x86)\Spyware Terminator\sp_rsser.exe [2011-07-15 948775]
R2 Spooler;Print Spooler; C:\WINDOWS\system32\spoolsv.exe [2010-08-18 111616]
R2 SQLBrowser;SQL Server Browser; C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2006-04-14 240416]
R2 SQLSERVERAGENT;SQL Server Agent (MSSQLSERVER); C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\SQLAGENT90.EXE [2006-04-14 391456]
R2 TermService;Terminal Services; C:\WINDOWS\System32\svchost.exe [2007-02-18 25600]
R2 TermServLicensing;Terminal Server Licensing; C:\WINDOWS\system32\lserver.exe [2007-02-18 538112]
R2 TrkWks;Distributed Link Tracking Client; C:\WINDOWS\system32\svchost.exe [2007-02-18 25600]
R2 W32Time;Windows Time; C:\WINDOWS\System32\svchost.exe [2007-02-18 25600]
R2 W3SVC;World Wide Web Publishing Service; C:\WINDOWS\System32\svchost.exe [2007-02-18 25600]
R2 winmgmt;Windows Management Instrumentation; C:\WINDOWS\system32\svchost.exe [2007-02-18 25600]
R2 World Wide Web Publishing Service ;gqyguskv; C:\WINDOWS\System32\svchost.exe [2007-02-18 25600]
R2 wuauserv;Automatic Updates; C:\WINDOWS\system32\svchost.exe [2007-02-18 25600]
R2 WZCSVC;Wireless Configuration; C:\WINDOWS\System32\svchost.exe [2007-02-18 25600]
R3 Eventlog;Event Log; C:\WINDOWS\system32\services.exe [2009-03-19 227840]
R3 HTTPFilter;HTTP SSL; C:\WINDOWS\system32\lsass.exe [2007-02-18 14336]
R3 Netman;Network Connections; C:\WINDOWS\System32\svchost.exe [2007-02-18 25600]
R3 Nla;Network Location Awareness (NLA); C:\WINDOWS\system32\svchost.exe [2007-02-18 25600]
R3 RasMan;Remote Access Connection Manager; C:\WINDOWS\system32\svchost.exe [2007-02-18 25600]
R3 TapiSrv;Telephony; C:\WINDOWS\System32\svchost.exe [2007-02-18 25600]
S2 361svc;361svc; C:\WINDOWS\System32\svchost.exe [2007-02-18 25600]
S2 AppMgmt;AppMgmt; C:\WINDOWS\System32\svchost.exe [2007-02-18 25600]
S2 Distribuygt;Distribuubg Transaction Coordinator Service; C:\WINDOWS\syswow64\lgrhmu.exe [2011-07-16 41472]
S2 netsvcs_0x4;netsvcs_0x4; C:\WINDOWS\System32\svchost.exe [2007-02-18 25600]
S2 netsvcs_0x5;netsvcs_0x5; C:\WINDOWS\System32\svchost.exe [2007-02-18 25600]
S2 netsvcs_0x6;netsvcs_0x6; C:\WINDOWS\System32\svchost.exe [2007-02-18 25600]
S2 netsvcs_0x7;netsvcs_0x7; C:\WINDOWS\System32\svchost.exe [2007-02-18 25600]
S2 netsvcs_0x8;netsvcs_0x8; C:\WINDOWS\System32\svchost.exe [2007-02-18 25600]
S2 netsvcs_0x9;netsvcs_0x9; C:\WINDOWS\System32\svchost.exe [2007-02-18 25600]
S2 Nwsapagent;Nwsapagent; C:\WINDOWS\System32\svchost.exe [2007-02-18 25600]
S2 SharedAccess;Windows Firewall/Internet Connection Sharing (ICS); C:\WINDOWS\system32\svchost.exe [2007-02-18 25600]
S2 SysmonLog;Performance Logs and Alerts; C:\WINDOWS\system32\smlogsvc.exe [2007-02-18 133120]
S2 Winet;Winet; C:\WINDOWS\System32\svchost.exe [2007-02-18 25600]
S3 ALG;Application Layer Gateway Service; C:\WINDOWS\System32\alg.exe [2007-02-18 75776]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework64\v2.0.50727\aspnet_state.exe [2008-07-25 46088]
S3 BITS;Background Intelligent Transfer Service; C:\WINDOWS\system32\svchost.exe [2007-02-18 25600]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 clr_optimization_v2.0.50727_64;.NET Runtime Optimization Service v2.0.50727_x64; C:\WINDOWS\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2008-07-25 93184]
S3 COMSysApp;COM+ System Application; C:\WINDOWS\system32\dllhost.exe [2007-02-18 6656]
S3 Dfs;Distributed File System; C:\WINDOWS\system32\Dfssvc.exe [2007-02-18 321024]
S3 dmadmin;Logical Disk Manager Administrative Service; C:\WINDOWS\System32\dmadmin.exe [2007-02-18 399872]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IASJet;IAS Jet Database Access; C:\WINDOWS\SysWOW64\svchost.exe [2007-02-18 14848]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 859648]
S3 MSIServer;Windows Installer; C:\WINDOWS\system32\msiexec.exe [2007-02-18 165376]
S3 Netlogon;Net Logon; C:\WINDOWS\system32\lsass.exe [2007-02-18 14336]
S3 NtFrs;File Replication; C:\WINDOWS\system32\ntfrs.exe [2007-02-18 1158144]
S3 NtLmSsp;NT LM Security Support Provider; C:\WINDOWS\system32\lsass.exe [2007-02-18 14336]
S3 NtmsSvc;Removable Storage; C:\WINDOWS\system32\svchost.exe [2007-02-18 25600]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 RasAuto;Remote Access Auto Connection Manager; C:\WINDOWS\system32\svchost.exe [2007-02-18 25600]
S3 RDSessMgr;Remote Desktop Help Session Manager; C:\WINDOWS\system32\sessmgr.exe [2007-02-18 212480]
S3 RemoteAccess;Routing and Remote Access; C:\WINDOWS\system32\svchost.exe [2007-02-18 25600]
S3 RpcLocator;Remote Procedure Call (RPC) Locator; C:\WINDOWS\system32\locator.exe [2007-02-18 157184]
S3 RSoPProv;Resultant Set of Policy Provider; C:\WINDOWS\system32\RSoPProv.exe [2007-02-18 103424]
S3 sacsvr;Special Administration Console Helper; C:\WINDOWS\System32\svchost.exe [2007-02-18 25600]
S3 SCardSvr;Smart Card; C:\WINDOWS\System32\SCardSvr.exe [2007-02-18 166400]
S3 Schedule;Task Scheduler; C:\WINDOWS\System32\svchost.exe [2007-02-18 25600]
S3 SQLWriter;SQL Server VSS Writer; C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2006-04-14 153376]
S3 swprv;Microsoft Software Shadow Copy Provider; C:\WINDOWS\System32\svchost.exe [2007-02-18 25600]
S3 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2007-02-18 62976]
S3 vds;Virtual Disk Service; C:\WINDOWS\System32\vds.exe [2007-02-18 613376]
S3 VSS;Volume Shadow Copy; C:\WINDOWS\System32\vssvc.exe [2007-02-18 2062336]
S3 WmdmPmSN;Portable Media Serial Number Service; C:\WINDOWS\System32\svchost.exe [2007-02-18 25600]
S3 Wmi;Windows Management Instrumentation Driver Extensions; C:\WINDOWS\System32\svchost.exe [2007-02-18 25600]
S3 WmiApSrv;WMI Performance Adapter; C:\WINDOWS\system32\wbem\wmiapsrv.exe [2007-02-18 223232]
S3 xmlprov;Network Provisioning Service; C:\WINDOWS\System32\svchost.exe [2007-02-18 25600]
S4 Alerter;Alerter; C:\WINDOWS\system32\svchost.exe [2007-02-18 25600]
S4 CiSvc;Indexing Service; C:\WINDOWS\system32\cisvc.exe [2007-02-18 8704]
S4 Ckufkmkzovq Iovelrwj Jlv Gchxj;Cgnhqapcdst Thwguubjtw Wmkn Xiuokbj Fuzo; C:\Program Files (x86)\Tqnjic Pmeyycru\Explorer.exe [2011-07-14 8734720]
S4 ClipSrv;ClipBook; C:\WINDOWS\system32\clipsrv.exe [2007-02-18 49664]
S4 HidServ;Human Interface Device Access; C:\WINDOWS\System32\svchost.exe [2007-02-18 25600]
S4 ias;buvmsguu; host.exe -k []
S4 ImapiService;IMAPI CD-Burning COM Service; C:\WINDOWS\system32\imapi.exe [2007-02-18 265728]
S4 irmon;mltfsvqe; host.exe -k []
S4 IsmServ;Intersite Messaging; C:\WINDOWS\System32\ismserv.exe [2007-02-18 60416]
S4 kdc;Kerberos Key Distribution Center; C:\WINDOWS\System32\lsass.exe [2007-02-18 14336]
S4 LicenseService;License Logging; C:\WINDOWS\System32\llssrv.exe [2007-02-18 191488]
S4 Messenger;Messenger; C:\WINDOWS\system32\svchost.exe [2007-02-18 25600]
S4 mnmsrvc;NetMeeting Remote Desktop Sharing; C:\WINDOWS\syswow64\mnmsrvc.exe [2007-02-18 32768]
S4 MSSQLServerADHelper;SQL Server Active Directory Helper; C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [2005-10-14 64216]
S4 NetDDE;Network DDE; C:\WINDOWS\system32\netdde.exe [2007-02-18 160768]
S4 NetDDEdsdm;Network DDE DSDM; C:\WINDOWS\system32\netdde.exe [2007-02-18 160768]
S4 netsvcs_0x0;cwksytbu; host.exe -k []
S4 netsvcs_0x1;scihmpyo; host.exe -k []
S4 netsvcs_0x2;ylkbcdqh; host.exe -k []
S4 netsvcs_0x3;uxnrpxnp; host.exe -k []
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 119808]
S4 nwcworkstation;yoqrjqxf; host.exe -k []
S4 OSTD;OSTD; C:\WINDOWS\syswow64\dc2d.exe []
S4 stisvc;Windows Image Acquisition (WIA); C:\WINDOWS\system32\svchost.exe [2007-02-18 25600]
S4 Themes;Themes; C:\WINDOWS\System32\svchost.exe [2007-02-18 25600]
S4 TlntSvr;Telnet; C:\WINDOWS\system32\tlntsvr.exe [2007-02-18 113152]
S4 TrkSvr;Distributed Link Tracking Server; C:\WINDOWS\system32\svchost.exe [2007-02-18 25600]
S4 Tssdis;Terminal Services Session Directory; C:\WINDOWS\System32\tssdis.exe [2007-02-18 99840]
S4 UPS;Uninterruptible Power Supply; []
S4 WebClient;WebClient; C:\WINDOWS\system32\svchost.exe [2007-02-18 25600]
S4 wmdmpmsp;blvxqtub; host.exe -k []
S4 xcvs ;ytthwqcb; host.exe -k []
S4 xcvs ;esmudpoj; host.exe -k []
S4 xcvs ;tbxpogom; host.exe -k []
S4 xcvs;yrrihwps; host.exe -k []

-----------------EOF-----------------

Zdravim a pekny den preji

Uvidime jestli nam bude Cfko fungovat, snad ano, jelikoz je tam toho opravdu pozehnane

Stahnete RKill http://download.bleepingcomputer.com/grinler/rkill.com

Pokud ho havet blokuje, pouzijte jeden z nasledujicich
motji píše: Rkill EXE:
http://download.bleepingcomputer.com/grinler/rkill.exe

Rkill SCR:
http://download.bleepingcomputer.com/grinler/rkill.scr

Rkill PIF:
http://download.bleepingcomputer.com/grinler/rkill.pif
Ulozte nejlepena plochu a ukoncete vsechny aplikace (jinak to udela RKill za Vas)
Spustte tradicne dvojklikem - program probehne temer okamzite a ukonci i svou cinnost
RKill ukonci vsechny ne-systemove procesy - tedy i procesy, pod kterymi bezi havet
Ted nerestartujte PC - prisli byste o ucinek RKillu

Pri stahovani ComboFixu jej ulozte jako Beruska.com

PROSIM CTETE DUKLADNE NAVOD - TATO UTILITA MA VELKOU SCHOPNOST MAZAT A JE NUTNE JI APLIKOVAT JEN NA DOPORUCENI, JINAK VAM MUZE JIT SYSTEM DO KYTEK

Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.
Pokud mate Win XP spustte pod uctem Spravce\Administratora
Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte
Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix

Combofix píše že operační systém není podporován jedná se o Windows Server 2003 64bit

No neda se nic delat, budem na to musetz jinak

Proc tam vubec mate takovy system a ne bezny XP, Vista ci W7

nejspíš aby to bylo licencově správně a možná kvůli dalším serverovým programům, já jsem pouze dostal zaúkol zbavit ho toho viru, což se zatím moc nedaří...

Takze ono se jedna o nejake firemni\podnikove reseni site PC

Predpokladam, ze jste za to dostal\dostanete i zaplaceno, ze? A to Vam neni blbe, nechat si to zdarma odvirovat u nas a jen si pak vzit penize za neco, co jste neumel a "chlubit" se tak i cizim perim

zaplaceno jsem za to nedostal, byl jsem požádán známím jestli bych mu s tím něco neudělal...

Aha, takze znamy dostal zrejme neco a Vas vyuzil a Vy vyuzil nas...

Pravidla fora hovori jasne - bod 7 - http://viry.cz/forum/viewtopic.php?f=12&t=2784

Vse potrebne bylo receno a zduvodneno, takze muzem

Pripadne dotazy prosim via PM

VIRY.CZ

Problém s virem - opakující se nákaza

Problém s virem - opakující se nákaza

Re: Problém s virem - opakující se nákaza

Re: Problém s virem - opakující se nákaza

Re: Problém s virem - opakující se nákaza

Re: Problém s virem - opakující se nákaza

Re: Problém s virem - opakující se nákaza

Re: Problém s virem - opakující se nákaza

Re: Problém s virem - opakující se nákaza

Re: Problém s virem - opakující se nákaza

Re: Problém s virem - opakující se nákaza

Re: Problém s virem - opakující se nákaza