VIRY.CZ

zdravim

WinSE mi nahlasil win32/sirefef.AC, takze jsem nasel odpoviajici tema zde na foru, prosel jsem navody a spustil combofix

prikladam logy z RSIT a combofix (asi radeji v dalsim postu)

Logfile of random's system information tool 1.09 (written by random/random)
Run by michal at 2012-03-15 16:00:04
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 8 GB (21%) free of 38 GB
Total RAM: 1151 MB (33% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:00:57, on 15.3.2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\HPQ\IAM\bin\asghost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\PROGRA~1\hpq\Shared\HPQTOA~1.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
c:\Program Files\Microsoft Security Client\Antimalware\MpCmdRun.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\totalcmd\TOTALCMD.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\SoftwareDistribution\Download\Install\AM_Delta_Patch3.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\MpSigStub.exe
C:\Documents and Settings\michal\Plocha\RSIT.exe
C:\Program Files\trend micro\michal.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: HP Credential Manager for ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\HPQ\IAM\Bin\ItIeAddIN.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Stáhnout pomocí Net Transportu - C:\Program Files\NetTransport 2\NTAddLink.html
O8 - Extra context menu item: Stáhnout vše pomocí &Net Transportu - C:\Program Files\NetTransport 2\NTAddList.html
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microso ... 9188533609
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 3831437093
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn2/i ... ction2.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O20 - AppInit_DLLs: C:\WINDOWS\system32\APSHook.dll
O20 - Winlogon Notify: OneCard - C:\Program Files\HPQ\IAM\Bin\AsWlnPkg.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: hpqwmiex - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 7477 bytes

=========Mozilla firefox=========

ProfilePath - C:\Documents and Settings\michal\Data aplikací\Mozilla\Firefox\Profiles\40lkl978.default

prefs.js - "browser.search.useDBForOrder" - true
prefs.js - "browser.startup.homepage" - "about:blank"
prefs.js - "extensions.enabledItems" - "{b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.4, firegestures@xuldev.org:1.6.1, {6e84150a-d526-41f1-a480-a67d3fed910d}:1.4.5.1, {20a82645-c095-46ed-80e3-08825760534b}:1.2.1, jqs@sun.com:1.0, facebookBlocker@webgraph.com:1.2, {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.16"

"{20a82645-c095-46ed-80e3-08825760534b}"=c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
"jqs@sun.com"=C:\Program Files\Java\jre6\lib\deploy\jqs\ff

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/ShockwavePlayer]
"Description"=Adobe Shockwave Player
"Path"=C:\WINDOWS\system32\Adobe\Director\np32dsw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0]
"Description"=DivX Plus Web Player
"Path"=C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nppl3260;version=6.0.12.448]
"Description"=RealPlayer(tm) LiveConnect-Enabled Plug-In
"Path"=C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448]
"Description"=6.0.12.448
"Path"=C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=]
"Description"=
"Path"=

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=2.0.0]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}

C:\Program Files\Mozilla Firefox\components\
binary.manifest
browsercomps.dll
inspector-cmdline.js
inspector.dll
inspector.xpt
nppl3260.xpt
nsILegitCheckPlugin.xpt
nsIQTScriptablePlugin.xpt
nsJSRealPlayerPlugin.xpt

C:\Program Files\Mozilla Firefox\plugins\
np-mswmp.dll
npdeployJava1.dll
npdjvu.dll
npLegitCheckPlugin.dll
nppdf32.dll
nppl3260.dll
npqtplugin.dll
npqtplugin2.dll
npqtplugin3.dll
nprpjplug.dll
nsIQTScriptablePlugin.xpt
QuickTimePlugin.class
WMP Firefox Plugin License.rtf
WMP Firefox Plugin RelNotes.txt

C:\Program Files\Mozilla Firefox\searchplugins\
google.xml
heureka-cz.xml
jyxo-cz.xml
mall-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml

C:\Documents and Settings\michal\Data aplikací\Mozilla\Firefox\Profiles\40lkl978.default\extensions\
{b9db16a4-6edc-47ec-a1f4-b86292ed211d}

C:\Documents and Settings\michal\Data aplikací\Mozilla\Firefox\Profiles\40lkl978.default\searchplugins\
flickr-full-text-search.xml
flickr-tags.xml
imdb.xml
wikipedia-de.xml
wikipedia-en.xml
wikipedie-cs.xml
youtube.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-01-03 63912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2012-02-22 325408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2012-02-22 42272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DF21F1DB-80C6-11D3-9483-B03D0EC10000}]
HP Credential Manager for ProtectTools - C:\Program Files\HPQ\IAM\Bin\ItIeAddIN.dll [2006-05-30 65536]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2012-02-22 79648]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2006-03-08 344064]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2007-09-15 1015808]
"hpWirelessAssistant"=C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe [2005-12-13 507904]
"eabconfg.cpl"=C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe [2005-07-06 393216]
"Cpqset"=C:\Program Files\HPQ\Default Settings\cpqset.exe [2005-06-29 233534]
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2007-03-01 153136]
"SynTPStart"=C:\Program Files\Synaptics\SynTP\SynTPStart.exe [2007-09-15 102400]
"googletalk"=C:\Program Files\Google\Google Talk\googletalk.exe [2007-01-01 3739648]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2010-02-10 61440]
"MSC"=c:\Program Files\Microsoft Security Client\msseces.exe [2011-06-15 997920]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-01-03 843712]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2012-01-18 254696]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\WINDOWS\system32\APSHook.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2010-02-11 155648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\OneCard]
C:\Program Files\HPQ\IAM\Bin\AsWlnPkg.dll [2006-09-09 63488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-02-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDrives"=0
"NoDriveAutoRun"=67108863

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\Program Files\totalcmd\TOTALCMD.EXE"="C:\Program Files\totalcmd\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit international version, file manager replacement for Windows"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Disabled:Microsoft DirectPlay Voice Test"
"C:\Program Files\Google\Google Talk\googletalk.exe"="C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk"
"C:\Program Files\VideoLAN\VLC\vlc.exe"="C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"VIDC.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"VIDC.IYUV"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVU9"=tsbyuv.dll
"VIDC.YVYU"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"VIDC.SP54"=SP5X_32.DLL
"MSVideo8"=VfWWDM32.dll

======List of files/folders created in the last 1 month======

2012-03-15 16:00:05 ----D---- C:\Program Files\trend micro
2012-03-15 16:00:04 ----D---- C:\rsit
2012-03-15 15:55:21 ----A---- C:\ComboFix.txt
2012-03-15 15:24:52 ----A---- C:\WINDOWS\system32\drivers\netbt.sys
2012-03-15 15:20:44 ----A---- C:\Boot.bak
2012-03-15 15:20:23 ----RASHD---- C:\cmdcons
2012-03-15 15:17:09 ----A---- C:\WINDOWS\zip.exe
2012-03-15 15:17:09 ----A---- C:\WINDOWS\SWXCACLS.exe
2012-03-15 15:17:09 ----A---- C:\WINDOWS\SWSC.exe
2012-03-15 15:17:09 ----A---- C:\WINDOWS\SWREG.exe
2012-03-15 15:17:09 ----A---- C:\WINDOWS\sed.exe
2012-03-15 15:17:09 ----A---- C:\WINDOWS\PEV.exe
2012-03-15 15:17:09 ----A---- C:\WINDOWS\NIRCMD.exe
2012-03-15 15:17:09 ----A---- C:\WINDOWS\MBR.exe
2012-03-15 15:17:09 ----A---- C:\WINDOWS\grep.exe
2012-03-15 15:17:03 ----D---- C:\WINDOWS\ERDNT
2012-03-15 15:16:56 ----D---- C:\Qoobox
2012-03-15 14:37:23 ----ASH---- C:\WINDOWS\system32\dds_trash_log.cmd
2012-03-14 14:28:52 ----HDC---- C:\WINDOWS\$NtUninstallKB2641653$
2012-03-14 14:24:20 ----HDC---- C:\WINDOWS\$NtUninstallKB2621440$
2012-03-14 14:23:52 ----HDC---- C:\WINDOWS\$NtUninstallKB2647518$
2012-02-22 21:06:06 ----D---- C:\Program Files\Common Files\Java
2012-02-22 21:05:38 ----A---- C:\WINDOWS\system32\javaws.exe
2012-02-22 21:05:38 ----A---- C:\WINDOWS\system32\javaw.exe
2012-02-22 21:05:38 ----A---- C:\WINDOWS\system32\java.exe

======List of files/folders modified in the last 1 month======

2012-03-15 16:00:10 ----D---- C:\WINDOWS\Prefetch
2012-03-15 16:00:05 ----RD---- C:\Program Files
2012-03-15 15:57:48 ----D---- C:\WINDOWS\Temp
2012-03-15 15:56:59 ----A---- C:\WINDOWS\wincmd.ini
2012-03-15 15:55:26 ----D---- C:\WINDOWS\system32\drivers
2012-03-15 15:54:21 ----SD---- C:\WINDOWS\Tasks
2012-03-15 15:53:11 ----D---- C:\WINDOWS\system32\CatRoot2
2012-03-15 15:47:03 ----D---- C:\WINDOWS
2012-03-15 15:47:03 ----A---- C:\WINDOWS\system.ini
2012-03-15 15:46:48 ----D---- C:\WINDOWS\system32\drivers\etc
2012-03-15 15:42:54 ----D---- C:\WINDOWS\system32\config
2012-03-15 15:41:05 ----D---- C:\WINDOWS\system32
2012-03-15 15:37:19 ----D---- C:\WINDOWS\AppPatch
2012-03-15 15:37:14 ----D---- C:\Program Files\Common Files
2012-03-15 15:29:29 ----A---- C:\WINDOWS\SchedLgU.Txt
2012-03-15 15:20:44 ----RASH---- C:\boot.ini
2012-03-14 18:30:26 ----D---- C:\Documents and Settings\michal\Data aplikací\vlc
2012-03-14 14:49:40 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2012-03-14 14:28:56 ----HD---- C:\WINDOWS\inf
2012-03-14 14:28:54 ----RSHD---- C:\WINDOWS\system32\dllcache
2012-03-14 14:28:42 ----HD---- C:\WINDOWS\$hf_mig$
2012-03-14 14:24:42 ----A---- C:\WINDOWS\system32\MRT.exe
2012-03-14 14:24:31 ----A---- C:\WINDOWS\imsins.BAK
2012-03-13 17:36:04 ----D---- C:\TEMP
2012-03-12 18:16:33 ----D---- C:\Documents and Settings\michal\Data aplikací\Canon
2012-02-24 13:42:13 ----A---- C:\WINDOWS\wininit.ini
2012-02-23 11:41:51 ----D---- C:\Program Files\Mozilla Firefox
2012-02-22 21:57:40 ----D---- C:\Program Files\Mozilla Thunderbird
2012-02-22 21:06:08 ----SHD---- C:\WINDOWS\Installer
2012-02-22 21:05:07 ----A---- C:\WINDOWS\system32\deployJava1.dll
2012-02-16 15:19:31 ----RSD---- C:\WINDOWS\assembly
2012-02-16 15:19:31 ----D---- C:\WINDOWS\Microsoft.NET

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 ohci1394;Hostitelský řadič IEEE 1394 dle standardu OHCI Texas Instruments; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2008-04-14 61696]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2005-08-31 20576]
R1 AmdK8;Ovladač procesoru AMD; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-06-18 43008]
R1 ClntMgmt.sys;ClntMgmt.sys; C:\WINDOWS\System32\Drivers\ClntMgmt.sys [2004-02-20 59044]
R1 eabfiltr;EABFiltr; \??\C:\WINDOWS\system32\drivers\EABFiltr.sys []
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 MpFilter;Microsoft Malware Protection Driver; C:\WINDOWS\system32\DRIVERS\MpFilter.sys [2011-04-18 165648]
R1 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys [2007-03-19 5632]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-14 8832]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-18 12032]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2005-04-18 13059]
R2 WIBUKEY;WIBU-KEY Kernel Driver; C:\WINDOWS\SYSTEM32\DRIVERS\Wibukey.sys [2004-12-02 67584]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2010-02-11 3565056]
R3 ATSWPDRV;AuthenTec TruePrint USB Driver (AES2500); C:\WINDOWS\System32\Drivers\ATSwpDrv.sys [2006-05-25 121216]
R3 b57w2k;Broadcom NetLink (TM) Gigabit Ethernet; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2005-02-16 128256]
R3 BCM43XX;Ovladač síťového adaptéru Broadcom 802.11; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2006-10-12 604928]
R3 btaudio;Bluetooth Audio Device; C:\WINDOWS\system32\drivers\btaudio.sys [2005-05-31 401152]
R3 BTDriver;Bluetooth Virtual Communications Driver; C:\WINDOWS\system32\DRIVERS\btport.sys [2005-05-31 30363]
R3 BTKRNL;Bluetooth Bus Enumerator; C:\WINDOWS\system32\DRIVERS\btkrnl.sys [2005-05-31 1341466]
R3 btwmodem;Bluetooth Modem; C:\WINDOWS\system32\DRIVERS\btwmodem.sys [2005-05-31 30189]
R3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2005-06-02 56648]
R3 CAMCAUD;Conexant AMC Audio; C:\WINDOWS\system32\drivers\camc6aud.sys [2005-07-20 38144]
R3 CAMCHALA;CAMCHALA; C:\WINDOWS\system32\drivers\camc6hal.sys [2005-07-20 346496]
R3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
R3 HBtnKey;HBtnKey; C:\WINDOWS\system32\DRIVERS\cpqbttn.sys [2008-04-28 9344]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2004-08-18 5888]
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-14 79232]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2007-09-15 213696]
R3 tifm21;tifm21; C:\WINDOWS\system32\drivers\tifm21.sys [2005-06-23 162176]
S1 MpKsl107b0928;MpKsl107b0928; \??\c:\Documents and Settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{66187149-A002-47C6-80A2-3E304D2F9AE8}\MpKsl107b0928.sys []
S3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-14 60800]
S3 BTWDNDIS;Bluetooth LAN Access Server; C:\WINDOWS\system32\DRIVERS\btwdndis.sys [2005-05-31 148040]
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 DC1300;DC 1300 WDM Video Capture; C:\WINDOWS\System32\Drivers\BSC504AV.SYS [2002-08-08 515365]
S3 eabusb;eabusb; \??\C:\WINDOWS\system32\drivers\eabusb.sys []
S3 GTIPCI21;GTIPCI21; C:\WINDOWS\system32\DRIVERS\gtipci21.sys [2005-05-31 87936]
S3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSF_DP.sys [2005-04-18 1038336]
S3 HSFHWATI;HSFHWATI; C:\WINDOWS\system32\DRIVERS\HSFHWATI.sys [2005-04-18 200576]
S3 mbr;mbr; \??\C:\DOCUME~1\michal\LOCALS~1\Temp\mbr.sys []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-14 61824]
S3 NSNDIS5;NSNDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\NSNDIS5.SYS []
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 SMCIRDA;SMC IrCC Miniport Device Driver; C:\WINDOWS\system32\DRIVERS\smcirda.sys [2001-10-24 35913]
S3 ssm_bus;Samsung Mobile USB Device II 1.0 driver (WDM); C:\WINDOWS\system32\DRIVERS\ssm_bus.sys [2005-03-29 52416]
S3 ssm_mdfl;Samsung Mobile USB Modem II 1.0 Filter; C:\WINDOWS\system32\DRIVERS\ssm_mdfl.sys [2005-03-29 6096]
S3 ssm_mdm;Samsung Mobile USB Port II 1.0 Drivers; C:\WINDOWS\system32\DRIVERS\ssm_mdm.sys [2005-03-29 84512]
S3 StMp3Rec;˛Ą·Ĺ»ú»Ö¸´Éč±¸żŘÖĆÇý¶ŻłĚĐň; C:\WINDOWS\System32\Drivers\StMp3Rec.sys [2005-05-13 68204]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 USBCamera;DC 1300 Still Image Capture; C:\WINDOWS\System32\Drivers\BscBulk.sys [2002-07-25 10986]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
S3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2005-04-18 703488]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ASBroker;Logon Session Broker; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 ASChannel;Local Communication Channel; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2010-02-11 602112]
R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe [2005-05-31 258103]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2012-02-22 153376]
R2 MsMpSvc;Microsoft Antimalware Service; c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe [2011-04-27 11736]
R2 SimpTcp;Jednoduché služby TCP/IP; C:\WINDOWS\system32\tcpsvcs.exe [2004-08-18 19456]
S2 aswupdsv;Gdrv; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2010-02-10 593920]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2010-03-18 35160]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 hpqwmiex;hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [2010-05-14 230968]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Služba Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-06-27 279848]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2008-11-11 620544]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 iPodService;iPodService; C:\Program Files\iPod\bin\iPodService.exe []
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]

-----------------EOF-----------------

log z combofix:

ComboFix 12-03-15.02 - michal 15.03.2012 15:30:37.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.1151.751 [GMT 1:00]
Spuštěný z: c:\documents and settings\michal\Plocha\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\michal\WINDOWS
c:\windows\$NtUninstallKB62280$\2042646573
c:\windows\$NtUninstallKB62280$\485945278\@
c:\windows\$NtUninstallKB62280$\485945278\cfg.ini
c:\windows\$NtUninstallKB62280$\485945278\Desktop.ini
c:\windows\$NtUninstallKB62280$\485945278\L\jjjbaycv
c:\windows\$NtUninstallKB62280$\485945278\oemid
c:\windows\$NtUninstallKB62280$\485945278\U\00000001.@
c:\windows\$NtUninstallKB62280$\485945278\U\00000002.@
c:\windows\$NtUninstallKB62280$\485945278\U\00000004.@
c:\windows\$NtUninstallKB62280$\485945278\U\80000000.@
c:\windows\$NtUninstallKB62280$\485945278\U\80000004.@
c:\windows\$NtUninstallKB62280$\485945278\U\80000032.@
c:\windows\$NtUninstallKB62280$\485945278\version
c:\windows\system32\PowerToyReadme.htm
c:\windows\system32\roxupnprenderer.dll
.
Nakažená kopie c:\windows\system32\drivers\netbt.sys byla nalezena a vyléčena.
Obnovena kopie z - The cat found it

.
((((((((((((((((((((((((( Soubory vytvořené od 2012-02-15 do 2012-03-15 )))))))))))))))))))))))))))))))
.
.
2012-03-15 14:24 . 2008-04-13 23:51 162816 ----a-w- c:\windows\system32\drivers\netbt.sys
2012-03-15 13:37 . 2012-03-15 13:37 0 --sha-w- c:\windows\system32\dds_trash_log.cmd
2012-03-14 12:44 . 2012-02-08 06:03 6552120 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{66187149-A002-47C6-80A2-3E304D2F9AE8}\mpengine.dll
2012-02-22 20:06 . 2012-02-22 20:06 -------- d-----w- c:\program files\Common Files\Java
2012-02-22 20:05 . 2012-02-22 20:05 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-02-15 14:38 . 2012-01-11 19:07 3072 ------w- c:\windows\system32\iacenc.dll
2012-02-15 14:38 . 2012-01-11 19:07 3072 ------w- c:\windows\system32\dllcache\iacenc.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-28 19:15 . 2011-05-24 14:41 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-22 20:05 . 2010-05-03 21:29 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-02-08 06:03 . 2010-10-04 17:07 6552120 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-02-03 09:57 . 2004-08-18 08:00 1860096 ----a-w- c:\windows\system32\win32k.sys
2012-01-31 12:44 . 2010-10-03 15:00 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-01-09 16:20 . 2004-08-18 08:00 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2011-12-17 19:42 . 2004-08-18 08:00 916992 ----a-w- c:\windows\system32\wininet.dll
2011-12-17 19:42 . 2004-08-18 08:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-12-17 19:42 . 2004-08-18 08:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-02-23 10:41 . 2012-02-11 21:46 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2005-07-17 17:57 . 2005-11-30 16:42 44158 ----a-w- c:\program files\mozilla firefox\components\inspector.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2006-03-08 344064]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-09-15 1015808]
"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-12-13 507904]
"eabconfg.cpl"="c:\program files\HPQ\Quick Launch Buttons\EabServr.exe" [2005-07-06 393216]
"Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2005-06-29 233534]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-02-10 61440]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-25 437160]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2005-5-31 577597]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OneCard]
2006-09-09 01:15 63488 ----a-r- c:\program files\HPQ\IAM\Bin\AsWlnPkg.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\APSHook.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"WMPNSCFG"=c:\program files\Windows Media Player\WMPNSCFG.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\totalcmd\\TOTALCMD.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1033:TCP"= 1033:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
.
R2 ASBroker;Logon Session Broker;c:\windows\System32\svchost.exe -k Cognizance [18.8.2004 9:00 14336]
R2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe -k Cognizance [18.8.2004 9:00 14336]
S1 MpKsl107b0928;MpKsl107b0928;\??\c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{66187149-A002-47C6-80A2-3E304D2F9AE8}\MpKsl107b0928.sys --> c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{66187149-A002-47C6-80A2-3E304D2F9AE8}\MpKsl107b0928.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 12:16 130384]
S3 DC1300;DC 1300 WDM Video Capture;c:\windows\system32\drivers\BSC504AV.SYS [8.8.2002 1:33 515365]
S3 GTIPCI21;GTIPCI21;c:\windows\system32\drivers\gtipci21.sys [31.8.2005 3:36 87936]
S3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [18.4.2005 2:00 200576]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.3.2010 12:16 753504]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Cognizance REG_MULTI_SZ ASBroker ASChannel
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
aswupdsv
.
Obsah adresáře 'Naplánované úlohy'
.
.
------- Doplňkový sken -------
.
uStart Page = about:blank
IE: Send To &Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Stáhnout pomocí Net Transportu - c:\program files\NetTransport 2\NTAddLink.html
IE: Stáhnout vše pomocí &Net Transportu - c:\program files\NetTransport 2\NTAddList.html
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\michal\Data aplikací\Mozilla\Firefox\Profiles\40lkl978.default\
FF - prefs.js: browser.startup.homepage - about:blank
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-03-15 15:47
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe????????2?2?2?3??????? ???B?????????????hLC? ??????
.
skenování skrytých souborů ...
.
.
c:\windows\$NtUninstallKB62280$:SummaryInformation 0 bytes hidden from API
.
sken byl úspešně dokončen
skryté soubory: 1
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-908420167-2087922238-341329582-1006\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(816)
c:\windows\system32\Ati2evxx.dll
c:\program files\HPQ\IAM\Bin\AsWlnPkg.dll
c:\program files\HPQ\IAM\bin\ItMsg.dll
.
- - - - - - - > 'explorer.exe'(3284)
c:\windows\system32\APSHook.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\System32\SCardSvr.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\tcpsvcs.exe
c:\program files\HPQ\IAM\bin\asghost.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\progra~1\hpq\Shared\HPQTOA~1.EXE
c:\progra~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
.
**************************************************************************
.
Celkový čas: 2012-03-15 15:55:21 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-03-15 14:55
.
Před spuštěním: 8 377 741 312
Po spuštění: 8 394 194 944
.
WindowsXP-KB310994-SP2-Home-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect /usepmtimer
.
- - End Of File - - BAA07014FBB3247D73888EC2A4FA1386

a muj dotaz je tedy zjevne, jaky je doporuceny dalsi postup?

diky predem

a jeste tdsskiller:

16:20:21.0515 3220 TDSS rootkit removing tool 2.7.20.0 Mar 9 2012 17:10:43
16:20:21.0750 3220 ============================================================
16:20:21.0750 3220 Current date / time: 2012/03/15 16:20:21.0750
16:20:21.0750 3220 SystemInfo:
16:20:21.0750 3220
16:20:21.0750 3220 OS Version: 5.1.2600 ServicePack: 3.0
16:20:21.0750 3220 Product type: Workstation
16:20:21.0750 3220 ComputerName: NX6125
16:20:21.0750 3220 UserName: michal
16:20:21.0750 3220 Windows directory: C:\WINDOWS
16:20:21.0750 3220 System windows directory: C:\WINDOWS
16:20:21.0750 3220 Processor architecture: Intel x86
16:20:21.0750 3220 Number of processors: 1
16:20:21.0750 3220 Page size: 0x1000
16:20:21.0750 3220 Boot type: Normal boot
16:20:21.0750 3220 ============================================================
16:20:24.0453 3220 Drive \Device\Harddisk0\DR0 - Size: 0x950A60000 (37.26 Gb), SectorSize: 0x200, Cylinders: 0x1430, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000054
16:20:24.0453 3220 \Device\Harddisk0\DR0:
16:20:24.0453 3220 MBR used
16:20:24.0453 3220 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x4A817B1
16:20:24.0484 3220 Initialize success
16:20:24.0484 3220 ============================================================
16:20:31.0640 2872 ============================================================
16:20:31.0640 2872 Scan started
16:20:31.0640 2872 Mode: Manual;
16:20:31.0640 2872 ============================================================
16:20:32.0375 2872 Abiosdsk - ok
16:20:32.0406 2872 abp480n5 - ok
16:20:32.0484 2872 ACPI (4fe34f1f3126b61fcc6b2043aa8112c9) C:\WINDOWS\system32\DRIVERS\ACPI.sys
16:20:32.0484 2872 ACPI - ok
16:20:32.0531 2872 ACPIEC (afdff022a01f0b11c776f0860c3b282f) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
16:20:32.0531 2872 ACPIEC - ok
16:20:32.0562 2872 adpu160m - ok
16:20:32.0625 2872 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
16:20:32.0625 2872 aec - ok
16:20:32.0703 2872 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
16:20:32.0718 2872 AFD - ok
16:20:32.0750 2872 Aha154x - ok
16:20:32.0781 2872 aic78u2 - ok
16:20:32.0812 2872 aic78xx - ok
16:20:32.0843 2872 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
16:20:32.0859 2872 AliIde - ok
16:20:32.0906 2872 AmdK8 (f6f5e047369784e607f3a636ac576148) C:\WINDOWS\system32\DRIVERS\AmdK8.sys
16:20:32.0906 2872 AmdK8 - ok
16:20:33.0109 2872 amsint - ok
16:20:33.0187 2872 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
16:20:33.0187 2872 Arp1394 - ok
16:20:33.0234 2872 asc - ok
16:20:33.0250 2872 asc3350p - ok
16:20:33.0281 2872 asc3550 - ok
16:20:33.0375 2872 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
16:20:33.0375 2872 AsyncMac - ok
16:20:33.0437 2872 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
16:20:33.0453 2872 atapi - ok
16:20:33.0468 2872 Atdisk - ok
16:20:33.0796 2872 ati2mtag (c0b86ecb324e50f6bbd529f9d5c6b24b) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
16:20:33.0890 2872 ati2mtag - ok
16:20:34.0140 2872 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
16:20:34.0140 2872 Atmarpc - ok
16:20:34.0218 2872 ATSWPDRV (b92864fe3c6e7d8d0a6b5603def691fd) C:\WINDOWS\system32\Drivers\ATSwpDrv.sys
16:20:34.0218 2872 ATSWPDRV - ok
16:20:34.0296 2872 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
16:20:34.0296 2872 audstub - ok
16:20:34.0390 2872 b57w2k (03758a3307168a783d3498ec1d392611) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
16:20:34.0390 2872 b57w2k - ok
16:20:34.0515 2872 BCM43XX (b89bcf0a25aeb3b47030ac83287f894a) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
16:20:34.0531 2872 BCM43XX - ok
16:20:34.0750 2872 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
16:20:34.0750 2872 Beep - ok
16:20:34.0890 2872 btaudio (42ebce48178ce5d0998eb1ca62db1e9b) C:\WINDOWS\system32\drivers\btaudio.sys
16:20:34.0906 2872 btaudio - ok
16:20:35.0000 2872 BTDriver (39309739badd058c8f4b845d9a3c58d2) C:\WINDOWS\system32\DRIVERS\btport.sys
16:20:35.0000 2872 BTDriver - ok
16:20:35.0125 2872 BTKRNL (c9253ab5f6611fa2ca5c914d0fe384c5) C:\WINDOWS\system32\DRIVERS\btkrnl.sys
16:20:35.0171 2872 BTKRNL - ok
16:20:35.0406 2872 BTWDNDIS (9a794455b18d815db25d991452d4266a) C:\WINDOWS\system32\DRIVERS\btwdndis.sys
16:20:35.0406 2872 BTWDNDIS - ok
16:20:35.0500 2872 btwmodem (b42e484f624a39ad8a5b06d9b26d6bc1) C:\WINDOWS\system32\DRIVERS\btwmodem.sys
16:20:35.0500 2872 btwmodem - ok
16:20:35.0593 2872 BTWUSB (843e656db562ffff197afaf98042faca) C:\WINDOWS\system32\Drivers\btwusb.sys
16:20:35.0593 2872 BTWUSB - ok
16:20:35.0671 2872 CAMCAUD (3c17c5cb8655c9f8e973328926e074bd) C:\WINDOWS\system32\drivers\camc6aud.sys
16:20:35.0671 2872 CAMCAUD - ok
16:20:35.0781 2872 CAMCHALA (d72e555dd5e75c59b0338b0feb1a215b) C:\WINDOWS\system32\drivers\camc6hal.sys
16:20:35.0796 2872 CAMCHALA - ok
16:20:35.0812 2872 catchme - ok
16:20:36.0046 2872 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
16:20:36.0046 2872 cbidf2k - ok
16:20:36.0125 2872 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
16:20:36.0125 2872 CCDECODE - ok
16:20:36.0140 2872 cd20xrnt - ok
16:20:36.0187 2872 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
16:20:36.0203 2872 Cdaudio - ok
16:20:36.0250 2872 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
16:20:36.0265 2872 Cdfs - ok
16:20:36.0296 2872 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
16:20:36.0296 2872 Cdrom - ok
16:20:36.0328 2872 Changer - ok
16:20:36.0421 2872 ClntMgmt.sys (573da08641afc8d940e0431945867906) C:\WINDOWS\System32\Drivers\ClntMgmt.sys
16:20:36.0421 2872 ClntMgmt.sys - ok
16:20:36.0671 2872 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
16:20:36.0671 2872 CmBatt - ok
16:20:36.0703 2872 CmdIde - ok
16:20:36.0734 2872 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
16:20:36.0734 2872 Compbatt - ok
16:20:36.0796 2872 Cpqarray - ok
16:20:36.0828 2872 dac2w2k - ok
16:20:36.0859 2872 dac960nt - ok
16:20:36.0953 2872 DC1300 (d2db66a40d4741a6f7b38c5bf55afbf2) C:\WINDOWS\system32\Drivers\BSC504AV.SYS
16:20:36.0968 2872 DC1300 - ok
16:20:37.0062 2872 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
16:20:37.0062 2872 Disk - ok
16:20:37.0171 2872 dmboot (db5fd2bf5b07dc54bfcb3664ff05bd7c) C:\WINDOWS\system32\drivers\dmboot.sys
16:20:37.0203 2872 dmboot - ok
16:20:37.0421 2872 dmio (fff1720af51171f32f1ead5cf71f2810) C:\WINDOWS\system32\drivers\dmio.sys
16:20:37.0437 2872 dmio - ok
16:20:37.0484 2872 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
16:20:37.0484 2872 dmload - ok
16:20:37.0562 2872 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
16:20:37.0562 2872 DMusic - ok
16:20:37.0609 2872 dpti2o - ok
16:20:37.0656 2872 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
16:20:37.0656 2872 drmkaud - ok
16:20:37.0781 2872 eabfiltr (c6aca0190ee7b614673ee0c91863b1eb) C:\WINDOWS\system32\drivers\EABFiltr.sys
16:20:37.0781 2872 eabfiltr - ok
16:20:38.0031 2872 eabusb (da1011db09ad641de40cd5cca70c0c43) C:\WINDOWS\system32\drivers\eabusb.sys
16:20:38.0031 2872 eabusb - ok
16:20:38.0109 2872 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
16:20:38.0125 2872 Fastfat - ok
16:20:38.0171 2872 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
16:20:38.0171 2872 Fdc - ok
16:20:38.0234 2872 Fips (ac366695a0796560aa37215ad5762aaf) C:\WINDOWS\system32\drivers\Fips.sys
16:20:38.0234 2872 Fips - ok
16:20:38.0281 2872 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
16:20:38.0281 2872 Flpydisk - ok
16:20:38.0359 2872 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
16:20:38.0359 2872 FltMgr - ok
16:20:38.0625 2872 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
16:20:38.0625 2872 Fs_Rec - ok
16:20:38.0656 2872 Ftdisk (4e664d8541db4a66b73a24257e322e1f) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
16:20:38.0671 2872 Ftdisk - ok
16:20:38.0718 2872 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
16:20:38.0734 2872 Gpc - ok
16:20:38.0812 2872 GTIPCI21 (b6b1f53f585b41091eb3586f8297a379) C:\WINDOWS\system32\DRIVERS\gtipci21.sys
16:20:38.0812 2872 GTIPCI21 - ok
16:20:38.0937 2872 HBtnKey (407e41ddb2bfece109132aec296e0d98) C:\WINDOWS\system32\DRIVERS\cpqbttn.sys
16:20:38.0937 2872 HBtnKey - ok
16:20:39.0000 2872 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
16:20:39.0000 2872 HidUsb - ok
16:20:39.0203 2872 hpn - ok
16:20:39.0281 2872 HSFHWATI (110d8515670f8ebfc831bd02b7a8fc74) C:\WINDOWS\system32\DRIVERS\HSFHWATI.sys
16:20:39.0281 2872 HSFHWATI - ok
16:20:39.0375 2872 HSF_DP (6fbefacc2a0379bf3b395b0ca0cadb17) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
16:20:39.0406 2872 HSF_DP - ok
16:20:39.0484 2872 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
16:20:39.0500 2872 HTTP - ok
16:20:39.0718 2872 i2omgmt - ok
16:20:39.0750 2872 i2omp - ok
16:20:39.0843 2872 i8042prt (c528e27945367191e7bae364930b6932) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
16:20:39.0843 2872 i8042prt - ok
16:20:39.0890 2872 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
16:20:39.0890 2872 Imapi - ok
16:20:39.0953 2872 ini910u - ok
16:20:39.0984 2872 IntelIde (57d928e548b38502abba7a77a6eb7312) C:\WINDOWS\system32\DRIVERS\intelide.sys
16:20:40.0000 2872 IntelIde - ok
16:20:40.0062 2872 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
16:20:40.0062 2872 Ip6Fw - ok
16:20:40.0125 2872 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
16:20:40.0125 2872 IpFilterDriver - ok
16:20:40.0156 2872 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
16:20:40.0156 2872 IpInIp - ok
16:20:40.0234 2872 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
16:20:40.0234 2872 IpNat - ok
16:20:40.0531 2872 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
16:20:40.0531 2872 IPSec - ok
16:20:40.0578 2872 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
16:20:40.0593 2872 IRENUM - ok
16:20:40.0656 2872 isapnp (cc9f8a2d60aed1a51a3ac34c59b987ae) C:\WINDOWS\system32\DRIVERS\isapnp.sys
16:20:40.0656 2872 isapnp - ok
16:20:40.0703 2872 Kbdclass (1b6162fe7f66b1a71a4b70f941c4aa9b) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
16:20:40.0703 2872 Kbdclass - ok
16:20:40.0781 2872 kbdhid (86c8f23616c6c6e5b2776901c17b945b) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
16:20:40.0781 2872 kbdhid - ok
16:20:40.0859 2872 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
16:20:40.0859 2872 kmixer - ok
16:20:41.0046 2872 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
16:20:41.0046 2872 KSecDD - ok
16:20:41.0093 2872 lbrtfdc - ok
16:20:41.0187 2872 mdmxsdk (3c318b9cd391371bed62126581ee9961) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
16:20:41.0187 2872 mdmxsdk - ok
16:20:41.0281 2872 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
16:20:41.0281 2872 mnmdd - ok
16:20:41.0359 2872 Modem (44032b0c6d9954d3fd26438330b99ee7) C:\WINDOWS\system32\drivers\Modem.sys
16:20:41.0359 2872 Modem - ok
16:20:41.0390 2872 Mouclass (4cb582831dbde63ce43b45d771218374) C:\WINDOWS\system32\DRIVERS\mouclass.sys
16:20:41.0406 2872 Mouclass - ok
16:20:41.0484 2872 mouhid (bb269eba740737ab749b214d568b6812) C:\WINDOWS\system32\DRIVERS\mouhid.sys
16:20:41.0484 2872 mouhid - ok
16:20:41.0687 2872 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
16:20:41.0703 2872 MountMgr - ok
16:20:41.0750 2872 MpFilter (bb0450a63b5b5bb3bea6d5caf18a433c) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
16:20:41.0765 2872 MpFilter ( Virus.Win32.ZAccess.c ) - infected
16:20:41.0765 2872 MpFilter - detected Virus.Win32.ZAccess.c (0)
16:20:41.0906 2872 MpKsl107b0928 - ok
16:20:41.0953 2872 mraid35x - ok
16:20:42.0031 2872 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
16:20:42.0031 2872 MRxDAV - ok
16:20:42.0125 2872 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
16:20:42.0140 2872 MRxSmb - ok
16:20:42.0343 2872 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
16:20:42.0359 2872 Msfs - ok
16:20:42.0406 2872 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
16:20:42.0406 2872 MSKSSRV - ok
16:20:42.0468 2872 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
16:20:42.0468 2872 MSPCLOCK - ok
16:20:42.0546 2872 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
16:20:42.0546 2872 MSPQM - ok
16:20:42.0625 2872 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
16:20:42.0625 2872 mssmbios - ok
16:20:42.0671 2872 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
16:20:42.0671 2872 MSTEE - ok
16:20:42.0781 2872 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
16:20:42.0781 2872 Mup - ok
16:20:42.0937 2872 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
16:20:42.0937 2872 NABTSFEC - ok
16:20:43.0062 2872 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
16:20:43.0062 2872 NDIS - ok
16:20:43.0125 2872 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
16:20:43.0125 2872 NdisIP - ok
16:20:43.0218 2872 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
16:20:43.0218 2872 NdisTapi - ok
16:20:43.0328 2872 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
16:20:43.0328 2872 Ndisuio - ok
16:20:43.0406 2872 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
16:20:43.0406 2872 NdisWan - ok
16:20:43.0500 2872 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
16:20:43.0500 2872 NDProxy - ok
16:20:43.0562 2872 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
16:20:43.0562 2872 NetBIOS - ok
16:20:43.0671 2872 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
16:20:43.0671 2872 NetBT - ok
16:20:43.0890 2872 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
16:20:43.0906 2872 NIC1394 - ok
16:20:43.0984 2872 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
16:20:43.0984 2872 Npfs - ok
16:20:44.0031 2872 NSNDIS5 (53f7546e8daefb3a0813f5e19c4613c9) C:\WINDOWS\system32\NSNDIS5.SYS
16:20:44.0046 2872 NSNDIS5 - ok
16:20:44.0140 2872 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
16:20:44.0156 2872 Ntfs - ok
16:20:44.0281 2872 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
16:20:44.0281 2872 Null - ok
16:20:44.0468 2872 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
16:20:44.0468 2872 NwlnkFlt - ok
16:20:44.0500 2872 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
16:20:44.0515 2872 NwlnkFwd - ok
16:20:44.0593 2872 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
16:20:44.0593 2872 ohci1394 - ok
16:20:44.0640 2872 Parport (46f8db73b4a53e543f8e371dc7c75bae) C:\WINDOWS\system32\DRIVERS\parport.sys
16:20:44.0640 2872 Parport - ok
16:20:44.0703 2872 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
16:20:44.0703 2872 PartMgr - ok
16:20:44.0781 2872 ParVdm (1fae19d0457176318bba4a8795656ebc) C:\WINDOWS\system32\drivers\ParVdm.sys
16:20:44.0781 2872 ParVdm - ok
16:20:45.0015 2872 pccsmcfd (fd2041e9ba03db7764b2248f02475079) C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys
16:20:45.0015 2872 pccsmcfd - ok
16:20:45.0078 2872 PCI (6ce351d149cb4befc702951e471e1730) C:\WINDOWS\system32\DRIVERS\pci.sys
16:20:45.0078 2872 PCI - ok
16:20:45.0109 2872 PCIDump - ok
16:20:45.0140 2872 PCIIde (2da4ec85e0ea7a45c6b2a05820492d5a) C:\WINDOWS\system32\DRIVERS\pciide.sys
16:20:45.0156 2872 PCIIde - ok
16:20:45.0218 2872 Pcmcia (4fc31e6c19a5ce5198b1abff94cae758) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
16:20:45.0218 2872 Pcmcia - ok
16:20:45.0296 2872 PDCOMP - ok
16:20:45.0328 2872 PDFRAME - ok
16:20:45.0359 2872 PDRELI - ok
16:20:45.0390 2872 PDRFRAME - ok
16:20:45.0421 2872 perc2 - ok
16:20:45.0453 2872 perc2hib - ok
16:20:45.0562 2872 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
16:20:45.0562 2872 PptpMiniport - ok
16:20:45.0656 2872 Processor (7eb15dce4ec3a0220bd796a15c18186e) C:\WINDOWS\system32\DRIVERS\processr.sys
16:20:45.0656 2872 Processor - ok
16:20:45.0703 2872 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
16:20:45.0703 2872 PSched - ok
16:20:45.0765 2872 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
16:20:45.0781 2872 Ptilink - ok
16:20:45.0859 2872 PxHelp20 (30cbae0a34359f1cd19d1576245149ed) C:\WINDOWS\system32\Drivers\PxHelp20.sys
16:20:45.0859 2872 PxHelp20 - ok
16:20:45.0921 2872 ql1080 - ok
16:20:45.0968 2872 Ql10wnt - ok
16:20:46.0015 2872 ql12160 - ok
16:20:46.0046 2872 ql1240 - ok
16:20:46.0062 2872 ql1280 - ok
16:20:46.0125 2872 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
16:20:46.0125 2872 RasAcd - ok
16:20:46.0234 2872 Rasirda (0207d26ddf796a193ccd9f83047bb5fc) C:\WINDOWS\system32\DRIVERS\rasirda.sys
16:20:46.0234 2872 Rasirda - ok
16:20:46.0296 2872 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
16:20:46.0296 2872 Rasl2tp - ok
16:20:46.0343 2872 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
16:20:46.0343 2872 RasPppoe - ok
16:20:46.0437 2872 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
16:20:46.0437 2872 Raspti - ok
16:20:46.0515 2872 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
16:20:46.0515 2872 Rdbss - ok
16:20:46.0703 2872 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
16:20:46.0703 2872 RDPCDD - ok
16:20:46.0781 2872 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
16:20:46.0781 2872 RDPWD - ok
16:20:46.0843 2872 redbook (611bfd220305be3a85ae876ea47d4aa5) C:\WINDOWS\system32\DRIVERS\redbook.sys
16:20:46.0843 2872 redbook - ok
16:20:46.0937 2872 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
16:20:46.0937 2872 ROOTMODEM - ok
16:20:47.0093 2872 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
16:20:47.0093 2872 sdbus - ok
16:20:47.0312 2872 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
16:20:47.0312 2872 Secdrv - ok
16:20:47.0375 2872 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
16:20:47.0375 2872 serenum - ok
16:20:47.0453 2872 Serial (b842729337c9b921615c40d3c1a1af96) C:\WINDOWS\system32\DRIVERS\serial.sys
16:20:47.0453 2872 Serial - ok
16:20:47.0546 2872 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
16:20:47.0546 2872 Sfloppy - ok
16:20:47.0609 2872 Simbad - ok
16:20:47.0687 2872 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
16:20:47.0687 2872 SLIP - ok
16:20:47.0890 2872 SMCIRDA (12224ac3a6fd3577036f038a0c03f2f5) C:\WINDOWS\system32\DRIVERS\smcirda.sys
16:20:47.0906 2872 SMCIRDA - ok
16:20:47.0937 2872 Sparrow - ok
16:20:48.0000 2872 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
16:20:48.0000 2872 splitter - ok
16:20:48.0093 2872 sr (94610c8653635e4459316a0050d55ce7) C:\WINDOWS\system32\DRIVERS\sr.sys
16:20:48.0093 2872 sr - ok
16:20:48.0234 2872 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
16:20:48.0234 2872 Srv - ok
16:20:48.0468 2872 ssm_bus (8724bc8f9750c2055467654027e9aaaa) C:\WINDOWS\system32\DRIVERS\ssm_bus.sys
16:20:48.0468 2872 ssm_bus - ok
16:20:48.0531 2872 ssm_mdfl (0680dce79e0862806a6f3bb07a0550a4) C:\WINDOWS\system32\DRIVERS\ssm_mdfl.sys
16:20:48.0531 2872 ssm_mdfl - ok
16:20:48.0593 2872 ssm_mdm (175d32718db7975100deb5708fcec549) C:\WINDOWS\system32\DRIVERS\ssm_mdm.sys
16:20:48.0593 2872 ssm_mdm - ok
16:20:48.0703 2872 StarOpen (306521935042fc0a6988d528643619b3) C:\WINDOWS\system32\drivers\StarOpen.sys
16:20:48.0703 2872 StarOpen - ok
16:20:48.0921 2872 StMp3Rec (1aac62e10cbeace07b20b1494333fd0d) C:\WINDOWS\system32\Drivers\StMp3Rec.sys
16:20:48.0921 2872 StMp3Rec - ok
16:20:49.0000 2872 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
16:20:49.0000 2872 streamip - ok
16:20:49.0062 2872 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
16:20:49.0062 2872 swenum - ok
16:20:49.0109 2872 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
16:20:49.0125 2872 swmidi - ok
16:20:49.0187 2872 symc810 - ok
16:20:49.0375 2872 symc8xx - ok
16:20:49.0406 2872 sym_hi - ok
16:20:49.0437 2872 sym_u3 - ok
16:20:49.0500 2872 SynTP (0f332c0ba9b968ebc8cbb906416f8597) C:\WINDOWS\system32\DRIVERS\SynTP.sys
16:20:49.0500 2872 SynTP - ok
16:20:49.0546 2872 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
16:20:49.0546 2872 sysaudio - ok
16:20:49.0656 2872 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
16:20:49.0656 2872 Tcpip - ok
16:20:49.0718 2872 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
16:20:49.0718 2872 TDPIPE - ok
16:20:49.0828 2872 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
16:20:49.0828 2872 TDTCP - ok
16:20:50.0015 2872 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
16:20:50.0015 2872 TermDD - ok
16:20:50.0109 2872 tifm21 (0edc3cf7b38f4260eb006c38e4a44de4) C:\WINDOWS\system32\drivers\tifm21.sys
16:20:50.0125 2872 tifm21 - ok
16:20:50.0156 2872 TosIde - ok
16:20:50.0234 2872 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
16:20:50.0234 2872 Udfs - ok
16:20:50.0265 2872 ultra - ok
16:20:50.0359 2872 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
16:20:50.0359 2872 Update - ok
16:20:50.0484 2872 USBCamera (0c28dd9ec68ccb6e95d49bfd24fd2c11) C:\WINDOWS\system32\Drivers\BscBulk.sys
16:20:50.0484 2872 USBCamera - ok
16:20:50.0687 2872 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
16:20:50.0703 2872 usbccgp - ok
16:20:50.0750 2872 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
16:20:50.0765 2872 usbehci - ok
16:20:50.0796 2872 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
16:20:50.0796 2872 usbhub - ok
16:20:50.0859 2872 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
16:20:50.0859 2872 usbohci - ok
16:20:50.0906 2872 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
16:20:50.0906 2872 usbscan - ok
16:20:51.0000 2872 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
16:20:51.0000 2872 USBSTOR - ok
16:20:51.0203 2872 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
16:20:51.0203 2872 usbuhci - ok
16:20:51.0265 2872 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
16:20:51.0265 2872 VgaSave - ok
16:20:51.0312 2872 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
16:20:51.0312 2872 ViaIde - ok
16:20:51.0343 2872 VolSnap (28a4b296b47782173c346e376cb374d1) C:\WINDOWS\system32\drivers\VolSnap.sys
16:20:51.0359 2872 VolSnap - ok
16:20:51.0437 2872 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
16:20:51.0437 2872 Wanarp - ok
16:20:51.0468 2872 WDICA - ok
16:20:51.0515 2872 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
16:20:51.0515 2872 wdmaud - ok
16:20:51.0656 2872 WIBUKEY (c6b5613cc0f50a998b87e04c6c11a273) C:\WINDOWS\system32\DRIVERS\Wibukey.sys
16:20:51.0656 2872 WIBUKEY - ok
16:20:51.0937 2872 winachsf (e61219e012e41f52755c04734eb49784) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
16:20:51.0968 2872 winachsf - ok
16:20:52.0140 2872 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
16:20:52.0140 2872 WmiAcpi - ok
16:20:52.0328 2872 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
16:20:52.0328 2872 WS2IFSL - ok
16:20:52.0453 2872 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
16:20:52.0453 2872 WSTCODEC - ok
16:20:52.0546 2872 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
16:20:52.0546 2872 WudfPf - ok
16:20:52.0593 2872 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
16:20:52.0593 2872 WudfRd - ok
16:20:52.0687 2872 MBR (0x1B8) (671b81004fdd1588fa9ed1331c9ceca9) \Device\Harddisk0\DR0
16:20:52.0875 2872 \Device\Harddisk0\DR0 - ok
16:20:52.0890 2872 Boot (0x1200) (449c88ccc169960f794b4f0d513ca1aa) \Device\Harddisk0\DR0\Partition0
16:20:52.0890 2872 \Device\Harddisk0\DR0\Partition0 - ok
16:20:52.0906 2872 ============================================================
16:20:52.0906 2872 Scan finished
16:20:52.0906 2872 ============================================================
16:20:52.0921 2720 Detected object count: 1
16:20:52.0921 2720 Actual detected object count: 1
16:21:08.0000 2720 C:\WINDOWS\system32\DRIVERS\MpFilter.sys - copied to quarantine
16:21:08.0015 2720 VerifyFileNameVersionInfo: GetFileVersionInfoSizeW(C:\WINDOWS\system32\drivers\MpFilter.sys) error 1813
16:21:08.0156 2720 Backup copy not found, trying to cure infected file..
16:21:08.0156 2720 C:\WINDOWS\system32\DRIVERS\MpFilter.sys - Cure failed (FFFFFFFF)
16:21:08.0156 2720 C:\WINDOWS\system32\DRIVERS\MpFilter.sys - processing error
16:21:11.0562 2720 MpFilter ( Virus.Win32.ZAccess.c ) - User select action: Cure

Zdravim a pekny vecer preji

ComboFix se nepouziva bez doporuceni, muzete byt rad ze vam pri tomhle nespadl OS

Nebezpeci CFka

Je urcen primarne pro radce - jeho svevolnym pouzitim ztracite narok na podporu
Maze stopy po haveti, takze v logu z RSIT neni nic videt
Jeho log je treba dolustit, jelikoz neumi smazat vse - to ovsem tezko zvladnete pokud k tomu nejste vyskolen
CF muze mit bug = sunda Vam system, pokud nevite kam co uklada, jak co obnovit, mate system v kytkam a ceka Vas reinstal
CF taky bohuzel prozatim nekontroluje nektere dulezite knihovny (napr. hal.dll) - ty treba mazou nektere typy haveti (napr. angela) - smaze Vam po restartu hal.dll = nenajede Vam system a jste o radek vyse = reinstal

Mate tam peknou mrchu - zeroaccess - reknu to uprimne a i kolegove na zahranicnich forech se shoduji - tahle mrcha je zrala na format - nabori tolik veci v systemu, ze davat je do kupy je fakt "zazitek" s nejistym koncem

Takze se ptam, pustime se do toho nebo bude snazsi format

jo, omlouvam se, ted to ctu u kolegy, ze jsem se asi unahlil, postupoval jsem podle vaseho navodu asi tri dny stareho

no, kazdopadne zatim jediny viditelny problem je nespustitelny MS Security Essentials, takze bych se, a ted uz jen po vasem doporuceni, pokusil o opravu

Stahnete MBRScan http://eric71.geekstogo.com/tools/MbrScan.exe

Ulozte nejlepe na plochu
Pokud pouzivate Win Vista ci W7, kliknete na MBRScan pravym a dejte Run As Administrator ci Spustit jako spravce
Kliknete na Report
Po chvilce se objevi log do souboru MBRScan.txt, ten sem vlozte

Kód: Vybrat vše

MBRScan v1.1.1

OS             : Windows XP Home Service Pack 3 (32 bit)
PROCESSOR      : x86 Family 15 Model 44 Stepping 2, AuthenticAMD
BOOT           : Normal Boot
DATE           : 2012/03/15 (ISO 8601) at 17:54:43
________________________________________________________________________________

DISK           : Device\Harddisk0\DR0 __TOSHIBA MK4025GAS (KA101A)
BUS_TYPE       : (0x03)  P-ATA
USE_PIO        : YES
MAX_TRANSFER   : 128 Kb
ALIGNMENT_MASK : word aligned
________________________________________________________________________________

Device\Harddisk0\DR0	37.26 Go  [Fixed] ==> Unknown MBR Code

MBR_MD5   : DFF32D1143F0D9179BB6D1CC10DA6172
MBR_SHA1  : 4E0F593CFDE0AAE506C598A5EE5CC6D71253ED88

Device\Harddisk0\Partition1	37.25 Go  	0x07 NTFS / HPFS __ BOOTABLE __
________________________________________________________________________________

############################### Additional scan ################################

DRIVER  : C:\WINDOWS\System32\Drivers\dump_atapi.sys => Invisible on the disk
ADDRESS : 0xEE1C7000
SIZE    : 96.0 Ko

DRIVER  : C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS => Invisible on the disk
ADDRESS : 0xF7BD2000
SIZE    : 8.0 Ko

DRIVER  : C:\ComboFix\catchme.sys => Invisible on the disk
ADDRESS : 0xF7936000
SIZE    : 32.0 Ko

DRIVER  : C:\WINDOWS\system32\Drivers\PROCEXP113.SYS => Invisible on the disk
ADDRESS : 0xF7BDE000
SIZE    : 8.0 Ko

SystemStartOptions : NOEXECUTE=OPTIN  FASTDETECT  USEPMTIMER

________________________________________________________________________________

_______MBR   \Device\Harddisk0\DR0  

0x00000000   33 C0 8E D0 BC 00 7C FB 50 07 50 1F FC BE 1B 7C   3À.Ð¼.|ûP.P.ü¾.|
0x00000010   BF 1B 06 50 57 B9 E5 01 F3 A4 CB BE BE 07 B1 04   ¿..PW¹å.ó¤Ë¾¾.±.
0x00000020   38 2C 7C 09 75 15 83 C6 10 E2 F5 CD 18 8B 14 8B   8,|.u..Æ.âõÍ....
0x00000030   EE 83 C6 10 49 74 16 38 2C 74 F6 BE 10 07 4E AC   î.Æ.It.8,tö¾..N¬
0x00000040   3C 00 74 FA BB 07 00 B4 0E CD 10 EB F2 89 46 25   <.tú»..´.Í.ëò.F%
0x00000050   96 8A 46 04 B4 06 3C 0E 74 11 B4 0B 3C 0C 74 05   ..F.´.<.t.´.<.t.
0x00000060   3A C4 75 2B 40 C6 46 25 06 75 24 BB AA 55 50 B4   :Äu+@ÆF%.u$»ªUP´
0x00000070   41 CD 13 58 72 16 81 FB 55 AA 75 10 F6 C1 01 74   AÍ.Xr..ûUªu.öÁ.t
0x00000080   0B 8A E0 88 56 24 C7 06 A1 06 EB 1E 88 66 04 BF   ..à.V$Ç.¡.ë..f.¿
0x00000090   0A 00 B8 01 02 8B DC 33 C9 83 FF 05 7F 03 8B 4E   ..¸...Ü3É......N
0x000000A0   25 03 4E 02 CD 13 72 29 BE 46 07 81 3E FE 7D 55   %.N.Í.r)¾F..>þ}U
0x000000B0   AA 74 5A 83 EF 05 7F DA 85 F6 75 83 BE 27 07 EB   ªtZ.ï..Ú.öu.¾'.ë
0x000000C0   8A 98 91 52 99 03 46 08 13 56 0A E8 12 00 5A EB   ...R..F..V.è..Zë
0x000000D0   D5 4F 74 E4 33 C0 CD 13 EB B8 00 00 00 00 00 00   ÕOtä3ÀÍ.ë¸......
0x000000E0   56 33 F6 56 56 52 50 06 53 51 BE 10 00 56 8B F4   V3öVVRP.SQ¾..V.ô
0x000000F0   50 52 B8 00 42 8A 56 24 CD 13 5A 58 8D 64 10 72   PR¸.B.V$Í.ZX.d.r
0x00000100   0A 40 75 01 42 80 C7 02 E2 F7 F8 5E C3 EB 74 49   .@u.B.Ç.â÷ø^ÃëtI
0x00000110   6E 76 61 6C 69 64 20 70 61 72 74 69 74 69 6F 6E   nvalid partition
0x00000120   20 74 61 62 6C 65 00 45 72 72 6F 72 20 6C 6F 61    table.Error loa
0x00000130   64 69 6E 67 20 6F 70 65 72 61 74 69 6E 67 20 73   ding operating s
0x00000140   79 73 74 65 6D 00 4D 69 73 73 69 6E 67 20 6F 70   ystem.Missing op
0x00000150   65 72 61 74 69 6E 67 20 73 79 73 74 65 6D 00 00   erating system..
0x00000160   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x00000170   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x00000180   00 00 00 8B FC 1E 57 8B F5 CB 00 00 00 00 00 00   ....ü.W.õË......
0x00000190   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x000001A0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x000001B0   00 00 00 00 00 00 00 00 33 ED 33 ED 00 00 80 01   ........3í3í....
0x000001C0   01 00 07 EF FF FF 3F 00 00 00 B1 17 A8 04 00 00   ...ï..?...±.¨...
0x000001D0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x000001E0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x000001F0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 AA   ..............Uª

...tedy jen report, bez scan

Pokud nemate, tak presunte Combofix na plochu

Spustte poznamkovy blok (Start-spustit-notepad)
Zkopirujte skript nize

Kód: Vybrat vše

KillAll::

Collect::
C:\WINDOWS\system32\dds_trash_log.cmd

Folder::
C:\WINDOWS\$NtUninstallKB2641653$
C:\WINDOWS\$NtUninstallKB2621440$
C:\WINDOWS\$NtUninstallKB2647518$
c:\windows\$NtUninstallKB62280$

RegNull::
[HKEY_USERS\S-1-5-21-908420167-2087922238-341329582-1006\Software\Microsoft\SystemCertificates\AddressBook*]

Driver::
MpKsl107b0928

Rootkit::
c:\Documents and Settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{66187149-A002-47C6-80A2-3E304D2F9AE8}\MpKsl107b0928.sys

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"=-
"Adobe ARM"=-
"SunJavaUpdateSched"=-
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1033:TCP"=-
"5000:UDP"=-

Restore::
C:\WINDOWS\system32\drivers\MpFilter.sys

ClearJavaCache::

Reboot::

Ulozte vytvoreny TXT jako CFScript.txt
Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte

Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci

mam porad vypnuty firewall a MS SecEss

dam sem log hned co to dobehne

...po druhem restartu 'cinnost systemu obnovena po zavazne chybe' a zadny log soubor ani na plose ani v c:

mam ho spustit znovu? se stejnymy parametry nebo cisty?

Ja si na ten log pockam...ZA nam MSE napadl, uvidime co s nim provedem, ejstli reinstal nebo se nam jej podari vylecit...

...viz edit ve zprave vyse

ale MSE se ted chova normalne (tedy tvari se tak, nabehl po restartu, a probehne aktualizace, tedy jeji kontrola)

takze znovu combofix?

---

mezitim alespon novy RSIT, i kdyz jestli tomu spravne rozumim, ted uz moc platny nebude:

Logfile of random's system information tool 1.09 (written by random/random)
Run by michal at 2012-03-15 22:26:23
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 9 GB (23%) free of 38 GB
Total RAM: 1151 MB (52% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:26:32, on 15.3.2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\HPQ\IAM\bin\asghost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\PROGRA~1\hpq\Shared\HPQTOA~1.EXE
C:\Program Files\HPQ\Shared\hpqwmi.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\totalcmd\TOTALCMD.EXE
C:\RSIT.exe
C:\Program Files\trend micro\michal.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: HP Credential Manager for ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\HPQ\IAM\Bin\ItIeAddIN.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Stáhnout pomocí Net Transportu - C:\Program Files\NetTransport 2\NTAddLink.html
O8 - Extra context menu item: Stáhnout vše pomocí &Net Transportu - C:\Program Files\NetTransport 2\NTAddList.html
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microso ... 9188533609
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 3831437093
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn2/i ... ction2.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O20 - Winlogon Notify: OneCard - C:\Program Files\HPQ\IAM\Bin\AsWlnPkg.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\Shared\hpqwmi.exe
O23 - Service: hpqwmiex - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 6994 bytes

=========Mozilla firefox=========

ProfilePath - C:\Documents and Settings\michal\Data aplikací\Mozilla\Firefox\Profiles\40lkl978.default

prefs.js - "browser.search.useDBForOrder" - true
prefs.js - "browser.startup.homepage" - "about:blank"
prefs.js - "extensions.enabledItems" - "{b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.4, firegestures@xuldev.org:1.6.1, {6e84150a-d526-41f1-a480-a67d3fed910d}:1.4.5.1, {20a82645-c095-46ed-80e3-08825760534b}:1.2.1, jqs@sun.com:1.0, facebookBlocker@webgraph.com:1.2, {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.16"

"{20a82645-c095-46ed-80e3-08825760534b}"=c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
"jqs@sun.com"=C:\Program Files\Java\jre6\lib\deploy\jqs\ff

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/ShockwavePlayer]
"Description"=Adobe Shockwave Player
"Path"=C:\WINDOWS\system32\Adobe\Director\np32dsw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0]
"Description"=DivX Plus Web Player
"Path"=C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nppl3260;version=6.0.12.448]
"Description"=RealPlayer(tm) LiveConnect-Enabled Plug-In
"Path"=C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448]
"Description"=6.0.12.448
"Path"=C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=]
"Description"=
"Path"=

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=2.0.0]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}

C:\Program Files\Mozilla Firefox\components\
binary.manifest
browsercomps.dll
inspector-cmdline.js
inspector.dll
inspector.xpt
nppl3260.xpt
nsILegitCheckPlugin.xpt
nsIQTScriptablePlugin.xpt
nsJSRealPlayerPlugin.xpt

C:\Program Files\Mozilla Firefox\plugins\
np-mswmp.dll
npdeployJava1.dll
npdjvu.dll
npLegitCheckPlugin.dll
nppdf32.dll
nppl3260.dll
npqtplugin.dll
npqtplugin2.dll
npqtplugin3.dll
nprpjplug.dll
nsIQTScriptablePlugin.xpt
QuickTimePlugin.class
WMP Firefox Plugin License.rtf
WMP Firefox Plugin RelNotes.txt

C:\Program Files\Mozilla Firefox\searchplugins\
google.xml
heureka-cz.xml
jyxo-cz.xml
mall-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml

C:\Documents and Settings\michal\Data aplikací\Mozilla\Firefox\Profiles\40lkl978.default\extensions\
{b9db16a4-6edc-47ec-a1f4-b86292ed211d}

C:\Documents and Settings\michal\Data aplikací\Mozilla\Firefox\Profiles\40lkl978.default\searchplugins\
flickr-full-text-search.xml
flickr-tags.xml
imdb.xml
wikipedia-de.xml
wikipedia-en.xml
wikipedie-cs.xml
youtube.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-01-03 63912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2012-02-22 325408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2012-02-22 42272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DF21F1DB-80C6-11D3-9483-B03D0EC10000}]
HP Credential Manager for ProtectTools - C:\Program Files\HPQ\IAM\Bin\ItIeAddIN.dll [2006-05-30 65536]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2012-02-22 79648]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2006-03-08 344064]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2007-09-15 1015808]
"hpWirelessAssistant"=C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe [2005-12-13 507904]
"eabconfg.cpl"=C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe [2005-07-06 393216]
"Cpqset"=C:\Program Files\HPQ\Default Settings\cpqset.exe [2005-06-29 233534]
"SynTPStart"=C:\Program Files\Synaptics\SynTP\SynTPStart.exe [2007-09-15 102400]
"googletalk"=C:\Program Files\Google\Google Talk\googletalk.exe [2007-01-01 3739648]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2010-02-10 61440]
"MSC"=c:\Program Files\Microsoft Security Client\msseces.exe [2011-06-15 997920]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2010-02-11 155648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\OneCard]
C:\Program Files\HPQ\IAM\Bin\AsWlnPkg.dll [2006-09-09 63488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-02-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDrives"=0
"NoDriveAutoRun"=67108863

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\Program Files\totalcmd\TOTALCMD.EXE"="C:\Program Files\totalcmd\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit international version, file manager replacement for Windows"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Disabled:Microsoft DirectPlay Voice Test"
"C:\Program Files\Google\Google Talk\googletalk.exe"="C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk"
"C:\Program Files\VideoLAN\VLC\vlc.exe"="C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"VIDC.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"VIDC.IYUV"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVU9"=tsbyuv.dll
"VIDC.YVYU"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"VIDC.SP54"=SP5X_32.DLL
"MSVideo8"=VfWWDM32.dll

======List of files/folders created in the last 1 month======

2012-03-15 21:01:08 ----SD---- C:\ComboFix
2012-03-15 20:42:24 ----SHD---- C:\RECYCLER
2012-03-15 17:54:20 ----A---- C:\MbrScan.exe
2012-03-15 16:25:58 ----A---- C:\AntiZeroAccess_Log.txt
2012-03-15 16:25:49 ----A---- C:\antizeroaccess.exe
2012-03-15 16:21:07 ----D---- C:\TDSSKiller_Quarantine
2012-03-15 16:20:21 ----A---- C:\TDSSKiller.2.7.20.0_15.03.2012_16.20.21_log.txt
2012-03-15 16:00:05 ----D---- C:\Program Files\trend micro
2012-03-15 16:00:04 ----D---- C:\rsit
2012-03-15 15:59:44 ----A---- C:\RSIT.exe
2012-03-15 15:24:52 ----A---- C:\WINDOWS\system32\drivers\netbt.sys
2012-03-15 15:20:44 ----A---- C:\Boot.bak
2012-03-15 15:20:23 ----RASHD---- C:\cmdcons
2012-03-15 15:17:09 ----A---- C:\WINDOWS\zip.exe
2012-03-15 15:17:09 ----A---- C:\WINDOWS\SWXCACLS.exe
2012-03-15 15:17:09 ----A---- C:\WINDOWS\SWSC.exe
2012-03-15 15:17:09 ----A---- C:\WINDOWS\SWREG.exe
2012-03-15 15:17:09 ----A---- C:\WINDOWS\sed.exe
2012-03-15 15:17:09 ----A---- C:\WINDOWS\PEV.exe
2012-03-15 15:17:09 ----A---- C:\WINDOWS\NIRCMD.exe
2012-03-15 15:17:09 ----A---- C:\WINDOWS\MBR.exe
2012-03-15 15:17:09 ----A---- C:\WINDOWS\grep.exe
2012-03-15 15:17:03 ----D---- C:\WINDOWS\ERDNT
2012-03-15 15:16:56 ----D---- C:\Qoobox
2012-03-15 15:02:34 ----RA---- C:\ComboFix.exe
2012-03-15 14:55:16 ----A---- C:\tdsskiller.exe
2012-03-15 14:37:23 ----ASH---- C:\WINDOWS\system32\dds_trash_log.cmd
2012-03-14 14:28:52 ----HDC---- C:\WINDOWS\$NtUninstallKB2641653$
2012-03-14 14:24:20 ----HDC---- C:\WINDOWS\$NtUninstallKB2621440$
2012-03-14 14:23:52 ----HDC---- C:\WINDOWS\$NtUninstallKB2647518$
2012-02-22 21:06:06 ----D---- C:\Program Files\Common Files\Java
2012-02-22 21:05:38 ----A---- C:\WINDOWS\system32\javaws.exe
2012-02-22 21:05:38 ----A---- C:\WINDOWS\system32\javaw.exe
2012-02-22 21:05:38 ----A---- C:\WINDOWS\system32\java.exe

======List of files/folders modified in the last 1 month======

2012-03-15 21:32:47 ----A---- C:\WINDOWS\wincmd.ini
2012-03-15 21:30:09 ----D---- C:\WINDOWS\Temp
2012-03-15 21:25:59 ----D---- C:\WINDOWS\system32\CatRoot2
2012-03-15 21:24:35 ----D---- C:\WINDOWS
2012-03-15 21:18:18 ----D---- C:\WINDOWS\system32\drivers
2012-03-15 21:17:08 ----D---- C:\WINDOWS\system32
2012-03-15 21:17:03 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2012-03-15 21:13:35 ----A---- C:\WINDOWS\SchedLgU.Txt
2012-03-15 20:42:17 ----D---- C:\Documents and Settings\michal\Data aplikací\vlc
2012-03-15 16:00:18 ----D---- C:\WINDOWS\Prefetch
2012-03-15 16:00:05 ----RD---- C:\Program Files
2012-03-15 15:54:21 ----SD---- C:\WINDOWS\Tasks
2012-03-15 15:47:03 ----A---- C:\WINDOWS\system.ini
2012-03-15 15:46:48 ----D---- C:\WINDOWS\system32\drivers\etc
2012-03-15 15:42:54 ----D---- C:\WINDOWS\system32\config
2012-03-15 15:37:19 ----D---- C:\WINDOWS\AppPatch
2012-03-15 15:37:14 ----D---- C:\Program Files\Common Files
2012-03-15 15:20:44 ----RASH---- C:\boot.ini
2012-03-14 14:28:56 ----HD---- C:\WINDOWS\inf
2012-03-14 14:28:54 ----RSHD---- C:\WINDOWS\system32\dllcache
2012-03-14 14:28:42 ----HD---- C:\WINDOWS\$hf_mig$
2012-03-14 14:24:42 ----A---- C:\WINDOWS\system32\MRT.exe
2012-03-14 14:24:31 ----A---- C:\WINDOWS\imsins.BAK
2012-03-13 17:36:04 ----D---- C:\TEMP
2012-03-12 18:16:33 ----D---- C:\Documents and Settings\michal\Data aplikací\Canon
2012-02-24 13:42:13 ----A---- C:\WINDOWS\wininit.ini
2012-02-23 11:41:51 ----D---- C:\Program Files\Mozilla Firefox
2012-02-22 21:57:40 ----D---- C:\Program Files\Mozilla Thunderbird
2012-02-22 21:06:08 ----SHD---- C:\WINDOWS\Installer
2012-02-22 21:05:07 ----A---- C:\WINDOWS\system32\deployJava1.dll
2012-02-16 15:19:31 ----RSD---- C:\WINDOWS\assembly
2012-02-16 15:19:31 ----D---- C:\WINDOWS\Microsoft.NET

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 ohci1394;Hostitelský řadič IEEE 1394 dle standardu OHCI Texas Instruments; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2008-04-14 61696]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2005-08-31 20576]
R1 AmdK8;Ovladač procesoru AMD; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-06-18 43008]
R1 ClntMgmt.sys;ClntMgmt.sys; C:\WINDOWS\System32\Drivers\ClntMgmt.sys [2004-02-20 59044]
R1 eabfiltr;EABFiltr; \??\C:\WINDOWS\system32\drivers\EABFiltr.sys []
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 MpFilter;Microsoft Malware Protection Driver; C:\WINDOWS\system32\DRIVERS\MpFilter.sys [2011-04-18 165648]
R1 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys [2007-03-19 5632]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-14 8832]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-18 12032]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2005-04-18 13059]
R2 WIBUKEY;WIBU-KEY Kernel Driver; C:\WINDOWS\SYSTEM32\DRIVERS\Wibukey.sys [2004-12-02 67584]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2010-02-11 3565056]
R3 ATSWPDRV;AuthenTec TruePrint USB Driver (AES2500); C:\WINDOWS\System32\Drivers\ATSwpDrv.sys [2006-05-25 121216]
R3 b57w2k;Broadcom NetLink (TM) Gigabit Ethernet; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2005-02-16 128256]
R3 BCM43XX;Ovladač síťového adaptéru Broadcom 802.11; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2006-10-12 604928]
R3 btaudio;Bluetooth Audio Device; C:\WINDOWS\system32\drivers\btaudio.sys [2005-05-31 401152]
R3 BTDriver;Bluetooth Virtual Communications Driver; C:\WINDOWS\system32\DRIVERS\btport.sys [2005-05-31 30363]
R3 BTKRNL;Bluetooth Bus Enumerator; C:\WINDOWS\system32\DRIVERS\btkrnl.sys [2005-05-31 1341466]
R3 btwmodem;Bluetooth Modem; C:\WINDOWS\system32\DRIVERS\btwmodem.sys [2005-05-31 30189]
R3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2005-06-02 56648]
R3 CAMCAUD;Conexant AMC Audio; C:\WINDOWS\system32\drivers\camc6aud.sys [2005-07-20 38144]
R3 CAMCHALA;CAMCHALA; C:\WINDOWS\system32\drivers\camc6hal.sys [2005-07-20 346496]
R3 HBtnKey;HBtnKey; C:\WINDOWS\system32\DRIVERS\cpqbttn.sys [2008-04-28 9344]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2004-08-18 5888]
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-14 79232]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2007-09-15 213696]
R3 tifm21;tifm21; C:\WINDOWS\system32\drivers\tifm21.sys [2005-06-23 162176]
S1 MpKsl107b0928;MpKsl107b0928; \??\c:\Documents and Settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{66187149-A002-47C6-80A2-3E304D2F9AE8}\MpKsl107b0928.sys []
S3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-14 60800]
S3 BTWDNDIS;Bluetooth LAN Access Server; C:\WINDOWS\system32\DRIVERS\btwdndis.sys [2005-05-31 148040]
S3 catchme;catchme; \??\C:\DOCUME~1\michal\LOCALS~1\Temp\catchme.sys []
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 DC1300;DC 1300 WDM Video Capture; C:\WINDOWS\System32\Drivers\BSC504AV.SYS [2002-08-08 515365]
S3 eabusb;eabusb; \??\C:\WINDOWS\system32\drivers\eabusb.sys []
S3 GTIPCI21;GTIPCI21; C:\WINDOWS\system32\DRIVERS\gtipci21.sys [2005-05-31 87936]
S3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSF_DP.sys [2005-04-18 1038336]
S3 HSFHWATI;HSFHWATI; C:\WINDOWS\system32\DRIVERS\HSFHWATI.sys [2005-04-18 200576]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-14 61824]
S3 NSNDIS5;NSNDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\NSNDIS5.SYS []
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 SMCIRDA;SMC IrCC Miniport Device Driver; C:\WINDOWS\system32\DRIVERS\smcirda.sys [2001-10-24 35913]
S3 ssm_bus;Samsung Mobile USB Device II 1.0 driver (WDM); C:\WINDOWS\system32\DRIVERS\ssm_bus.sys [2005-03-29 52416]
S3 ssm_mdfl;Samsung Mobile USB Modem II 1.0 Filter; C:\WINDOWS\system32\DRIVERS\ssm_mdfl.sys [2005-03-29 6096]
S3 ssm_mdm;Samsung Mobile USB Port II 1.0 Drivers; C:\WINDOWS\system32\DRIVERS\ssm_mdm.sys [2005-03-29 84512]
S3 StMp3Rec;˛Ą·Ĺ»ú»Ö¸´Éč±¸żŘÖĆÇý¶ŻłĚĐň; C:\WINDOWS\System32\Drivers\StMp3Rec.sys [2005-05-13 68204]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 USBCamera;DC 1300 Still Image Capture; C:\WINDOWS\System32\Drivers\BscBulk.sys [2002-07-25 10986]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
S3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2005-04-18 703488]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ASBroker;Logon Session Broker; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 ASChannel;Local Communication Channel; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2010-02-11 602112]
R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe [2005-05-31 258103]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2012-02-22 153376]
R2 MsMpSvc;Microsoft Antimalware Service; c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe [2011-04-27 11736]
R2 SimpTcp;Jednoduché služby TCP/IP; C:\WINDOWS\system32\tcpsvcs.exe [2004-08-18 19456]
R3 hpqwmi;HP WMI Interface; C:\Program Files\HPQ\Shared\hpqwmi.exe [2005-06-14 98304]
S2 aswupdsv;Gdrv; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2010-02-10 593920]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2010-03-18 35160]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 hpqwmiex;hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [2010-05-14 230968]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Služba Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-06-27 279848]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2008-11-11 620544]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 iPodService;iPodService; C:\Program Files\iPod\bin\iPodService.exe []
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]

-----------------EOF-----------------

Udelejte znovu prosim TDSSKiller

zaskrtal jsem vsechna policka v nastaveni, vetsina nalezenych hrozeb my prisly povedoma, tak jsem nechal nabizenou moznost skip

22:43:30.0796 3504 TDSS rootkit removing tool 2.7.20.0 Mar 9 2012 17:10:43
22:43:30.0968 3504 ============================================================
22:43:30.0968 3504 Current date / time: 2012/03/15 22:43:30.0968
22:43:30.0968 3504 SystemInfo:
22:43:30.0968 3504
22:43:30.0968 3504 OS Version: 5.1.2600 ServicePack: 3.0
22:43:30.0968 3504 Product type: Workstation
22:43:30.0968 3504 ComputerName: NX6125
22:43:30.0968 3504 UserName: michal
22:43:30.0968 3504 Windows directory: C:\WINDOWS
22:43:30.0968 3504 System windows directory: C:\WINDOWS
22:43:30.0968 3504 Processor architecture: Intel x86
22:43:30.0968 3504 Number of processors: 1
22:43:30.0968 3504 Page size: 0x1000
22:43:30.0968 3504 Boot type: Normal boot
22:43:30.0968 3504 ============================================================
22:43:33.0531 3504 Drive \Device\Harddisk0\DR0 - Size: 0x950A60000 (37.26 Gb), SectorSize: 0x200, Cylinders: 0x1430, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000054
22:43:33.0875 3504 \Device\Harddisk0\DR0:
22:43:33.0875 3504 MBR used
22:43:33.0875 3504 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x4A817B1
22:43:33.0890 3504 Initialize success
22:43:33.0890 3504 ============================================================
22:43:45.0703 3664 ============================================================
22:43:45.0703 3664 Scan started
22:43:45.0703 3664 Mode: Manual; SigCheck; TDLFS;
22:43:45.0703 3664 ============================================================
22:43:46.0281 3664 Abiosdsk - ok
22:43:46.0312 3664 abp480n5 - ok
22:43:46.0406 3664 ACPI (4fe34f1f3126b61fcc6b2043aa8112c9) C:\WINDOWS\system32\DRIVERS\ACPI.sys
22:43:49.0078 3664 ACPI - ok
22:43:49.0312 3664 ACPIEC (afdff022a01f0b11c776f0860c3b282f) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
22:43:49.0484 3664 ACPIEC - ok
22:43:49.0515 3664 adpu160m - ok
22:43:49.0593 3664 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
22:43:49.0828 3664 aec - ok
22:43:49.0953 3664 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
22:43:50.0109 3664 AFD - ok
22:43:50.0312 3664 Aha154x - ok
22:43:50.0343 3664 aic78u2 - ok
22:43:50.0359 3664 aic78xx - ok
22:43:50.0437 3664 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
22:43:50.0843 3664 AliIde - ok
22:43:50.0890 3664 AmdK8 (f6f5e047369784e607f3a636ac576148) C:\WINDOWS\system32\DRIVERS\AmdK8.sys
22:43:50.0984 3664 AmdK8 - ok
22:43:51.0000 3664 amsint - ok
22:43:51.0078 3664 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
22:43:51.0281 3664 Arp1394 - ok
22:43:51.0531 3664 asc - ok
22:43:51.0562 3664 asc3350p - ok
22:43:51.0593 3664 asc3550 - ok
22:43:51.0687 3664 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
22:43:51.0906 3664 AsyncMac - ok
22:43:51.0953 3664 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
22:43:52.0187 3664 atapi - ok
22:43:52.0203 3664 Atdisk - ok
22:43:52.0625 3664 ati2mtag (c0b86ecb324e50f6bbd529f9d5c6b24b) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
22:43:53.0546 3664 ati2mtag ( UnsignedFile.Multi.Generic ) - warning
22:43:53.0546 3664 ati2mtag - detected UnsignedFile.Multi.Generic (1)
22:43:53.0765 3664 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
22:43:54.0015 3664 Atmarpc - ok
22:43:54.0093 3664 ATSWPDRV (b92864fe3c6e7d8d0a6b5603def691fd) C:\WINDOWS\system32\Drivers\ATSwpDrv.sys
22:43:54.0187 3664 ATSWPDRV - ok
22:43:54.0250 3664 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
22:43:54.0515 3664 audstub - ok
22:43:54.0593 3664 b57w2k (03758a3307168a783d3498ec1d392611) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
22:43:54.0703 3664 b57w2k - ok
22:43:55.0000 3664 BCM43XX (b89bcf0a25aeb3b47030ac83287f894a) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
22:43:55.0156 3664 BCM43XX - ok
22:43:55.0234 3664 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
22:43:55.0562 3664 Beep - ok
22:43:56.0000 3664 btaudio (42ebce48178ce5d0998eb1ca62db1e9b) C:\WINDOWS\system32\drivers\btaudio.sys
22:43:56.0250 3664 btaudio ( UnsignedFile.Multi.Generic ) - warning
22:43:56.0250 3664 btaudio - detected UnsignedFile.Multi.Generic (1)
22:43:56.0609 3664 BTDriver (39309739badd058c8f4b845d9a3c58d2) C:\WINDOWS\system32\DRIVERS\btport.sys
22:43:56.0937 3664 BTDriver ( UnsignedFile.Multi.Generic ) - warning
22:43:56.0937 3664 BTDriver - detected UnsignedFile.Multi.Generic (1)
22:43:57.0515 3664 BTKRNL (c9253ab5f6611fa2ca5c914d0fe384c5) C:\WINDOWS\system32\DRIVERS\btkrnl.sys
22:43:57.0718 3664 BTKRNL ( UnsignedFile.Multi.Generic ) - warning
22:43:57.0718 3664 BTKRNL - detected UnsignedFile.Multi.Generic (1)
22:43:58.0046 3664 BTWDNDIS (9a794455b18d815db25d991452d4266a) C:\WINDOWS\system32\DRIVERS\btwdndis.sys
22:43:58.0421 3664 BTWDNDIS ( UnsignedFile.Multi.Generic ) - warning
22:43:58.0421 3664 BTWDNDIS - detected UnsignedFile.Multi.Generic (1)
22:43:58.0640 3664 btwmodem (b42e484f624a39ad8a5b06d9b26d6bc1) C:\WINDOWS\system32\DRIVERS\btwmodem.sys
22:43:58.0750 3664 btwmodem ( UnsignedFile.Multi.Generic ) - warning
22:43:58.0750 3664 btwmodem - detected UnsignedFile.Multi.Generic (1)
22:43:58.0921 3664 BTWUSB (843e656db562ffff197afaf98042faca) C:\WINDOWS\system32\Drivers\btwusb.sys
22:43:59.0046 3664 BTWUSB ( UnsignedFile.Multi.Generic ) - warning
22:43:59.0046 3664 BTWUSB - detected UnsignedFile.Multi.Generic (1)
22:43:59.0484 3664 CAMCAUD (3c17c5cb8655c9f8e973328926e074bd) C:\WINDOWS\system32\drivers\camc6aud.sys
22:43:59.0937 3664 CAMCAUD - ok
22:44:00.0140 3664 CAMCHALA (d72e555dd5e75c59b0338b0feb1a215b) C:\WINDOWS\system32\drivers\camc6hal.sys
22:44:00.0312 3664 CAMCHALA - ok
22:44:00.0546 3664 catchme - ok
22:44:00.0843 3664 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
22:44:01.0796 3664 cbidf2k - ok
22:44:01.0890 3664 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
22:44:02.0328 3664 CCDECODE - ok
22:44:02.0375 3664 cd20xrnt - ok
22:44:02.0484 3664 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
22:44:03.0437 3664 Cdaudio - ok
22:44:03.0906 3664 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
22:44:04.0453 3664 Cdfs - ok
22:44:04.0578 3664 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
22:44:05.0265 3664 Cdrom - ok
22:44:05.0343 3664 Changer - ok
22:44:05.0546 3664 ClntMgmt.sys (573da08641afc8d940e0431945867906) C:\WINDOWS\System32\Drivers\ClntMgmt.sys
22:44:05.0828 3664 ClntMgmt.sys ( UnsignedFile.Multi.Generic ) - warning
22:44:05.0828 3664 ClntMgmt.sys - detected UnsignedFile.Multi.Generic (1)
22:44:06.0125 3664 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
22:44:06.0531 3664 CmBatt - ok
22:44:06.0546 3664 CmdIde - ok
22:44:06.0640 3664 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
22:44:07.0484 3664 Compbatt - ok
22:44:07.0531 3664 Cpqarray - ok
22:44:07.0562 3664 dac2w2k - ok
22:44:07.0593 3664 dac960nt - ok
22:44:07.0734 3664 DC1300 (d2db66a40d4741a6f7b38c5bf55afbf2) C:\WINDOWS\system32\Drivers\BSC504AV.SYS
22:44:07.0843 3664 DC1300 ( UnsignedFile.Multi.Generic ) - warning
22:44:07.0859 3664 DC1300 - detected UnsignedFile.Multi.Generic (1)
22:44:08.0109 3664 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
22:44:08.0593 3664 Disk - ok
22:44:08.0765 3664 dmboot (db5fd2bf5b07dc54bfcb3664ff05bd7c) C:\WINDOWS\system32\drivers\dmboot.sys
22:44:09.0265 3664 dmboot - ok
22:44:09.0343 3664 dmio (fff1720af51171f32f1ead5cf71f2810) C:\WINDOWS\system32\drivers\dmio.sys
22:44:09.0718 3664 dmio - ok
22:44:10.0125 3664 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
22:44:11.0015 3664 dmload - ok
22:44:11.0281 3664 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
22:44:11.0875 3664 DMusic - ok
22:44:12.0171 3664 dpti2o - ok
22:44:12.0250 3664 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
22:44:12.0859 3664 drmkaud - ok
22:44:13.0234 3664 eabfiltr (c6aca0190ee7b614673ee0c91863b1eb) C:\WINDOWS\system32\drivers\EABFiltr.sys
22:44:13.0406 3664 eabfiltr - ok
22:44:13.0515 3664 eabusb (da1011db09ad641de40cd5cca70c0c43) C:\WINDOWS\system32\drivers\eabusb.sys
22:44:13.0625 3664 eabusb - ok
22:44:13.0750 3664 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
22:44:14.0062 3664 Fastfat - ok
22:44:14.0328 3664 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
22:44:14.0796 3664 Fdc - ok
22:44:14.0875 3664 Fips (ac366695a0796560aa37215ad5762aaf) C:\WINDOWS\system32\drivers\Fips.sys
22:44:15.0359 3664 Fips - ok
22:44:15.0843 3664 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
22:44:16.0484 3664 Flpydisk - ok
22:44:16.0625 3664 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
22:44:17.0140 3664 FltMgr - ok
22:44:17.0250 3664 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
22:44:18.0000 3664 Fs_Rec - ok
22:44:18.0390 3664 Ftdisk (4e664d8541db4a66b73a24257e322e1f) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
22:44:19.0281 3664 Ftdisk - ok
22:44:19.0484 3664 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
22:44:20.0140 3664 Gpc - ok
22:44:20.0281 3664 GTIPCI21 (b6b1f53f585b41091eb3586f8297a379) C:\WINDOWS\system32\DRIVERS\gtipci21.sys
22:44:20.0390 3664 GTIPCI21 - ok
22:44:20.0781 3664 HBtnKey (407e41ddb2bfece109132aec296e0d98) C:\WINDOWS\system32\DRIVERS\cpqbttn.sys
22:44:21.0015 3664 HBtnKey - ok
22:44:21.0140 3664 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
22:44:21.0546 3664 HidUsb - ok
22:44:21.0625 3664 hpn - ok
22:44:21.0765 3664 HSFHWATI (110d8515670f8ebfc831bd02b7a8fc74) C:\WINDOWS\system32\DRIVERS\HSFHWATI.sys
22:44:22.0015 3664 HSFHWATI - ok
22:44:22.0234 3664 HSF_DP (6fbefacc2a0379bf3b395b0ca0cadb17) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
22:44:22.0562 3664 HSF_DP - ok
22:44:22.0703 3664 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
22:44:22.0921 3664 HTTP - ok
22:44:23.0078 3664 i2omgmt - ok
22:44:23.0109 3664 i2omp - ok
22:44:23.0234 3664 i8042prt (c528e27945367191e7bae364930b6932) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
22:44:23.0593 3664 i8042prt - ok
22:44:23.0671 3664 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
22:44:24.0109 3664 Imapi - ok
22:44:24.0187 3664 ini910u - ok
22:44:24.0281 3664 IntelIde (57d928e548b38502abba7a77a6eb7312) C:\WINDOWS\system32\DRIVERS\intelide.sys
22:44:24.0593 3664 IntelIde - ok
22:44:24.0671 3664 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
22:44:25.0093 3664 Ip6Fw - ok
22:44:25.0281 3664 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
22:44:25.0734 3664 IpFilterDriver - ok
22:44:25.0843 3664 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
22:44:26.0187 3664 IpInIp - ok
22:44:26.0250 3664 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
22:44:26.0593 3664 IpNat - ok
22:44:26.0781 3664 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
22:44:27.0250 3664 IPSec - ok
22:44:27.0375 3664 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
22:44:27.0953 3664 IRENUM - ok
22:44:28.0015 3664 isapnp (cc9f8a2d60aed1a51a3ac34c59b987ae) C:\WINDOWS\system32\DRIVERS\isapnp.sys
22:44:28.0328 3664 isapnp - ok
22:44:28.0390 3664 Kbdclass (1b6162fe7f66b1a71a4b70f941c4aa9b) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
22:44:28.0703 3664 Kbdclass - ok
22:44:28.0859 3664 kbdhid (86c8f23616c6c6e5b2776901c17b945b) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
22:44:29.0140 3664 kbdhid - ok
22:44:29.0281 3664 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
22:44:29.0750 3664 kmixer - ok
22:44:29.0859 3664 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
22:44:30.0156 3664 KSecDD - ok
22:44:30.0281 3664 lbrtfdc - ok
22:44:30.0437 3664 mdmxsdk (3c318b9cd391371bed62126581ee9961) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
22:44:30.0593 3664 mdmxsdk - ok
22:44:30.0750 3664 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
22:44:31.0312 3664 mnmdd - ok
22:44:31.0437 3664 Modem (44032b0c6d9954d3fd26438330b99ee7) C:\WINDOWS\system32\drivers\Modem.sys
22:44:31.0812 3664 Modem - ok
22:44:31.0953 3664 Mouclass (4cb582831dbde63ce43b45d771218374) C:\WINDOWS\system32\DRIVERS\mouclass.sys
22:44:32.0421 3664 Mouclass - ok
22:44:32.0609 3664 mouhid (bb269eba740737ab749b214d568b6812) C:\WINDOWS\system32\DRIVERS\mouhid.sys
22:44:33.0187 3664 mouhid - ok
22:44:33.0296 3664 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
22:44:33.0765 3664 MountMgr - ok
22:44:33.0984 3664 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
22:44:34.0140 3664 MpFilter - ok
22:44:34.0312 3664 MpKsle81b164d (a69630d039c38018689190234f866d77) c:\Documents and Settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{EDBA9F29-A9AE-433D-891C-0B51F28031D2}\MpKsle81b164d.sys
22:44:34.0406 3664 MpKsle81b164d - ok
22:44:34.0734 3664 mraid35x - ok
22:44:34.0843 3664 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
22:44:35.0765 3664 MRxDAV - ok
22:44:36.0640 3664 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
22:44:37.0031 3664 MRxSmb - ok
22:44:37.0328 3664 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
22:44:37.0859 3664 Msfs - ok
22:44:37.0984 3664 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
22:44:38.0359 3664 MSKSSRV - ok
22:44:38.0453 3664 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
22:44:38.0812 3664 MSPCLOCK - ok
22:44:39.0078 3664 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
22:44:39.0453 3664 MSPQM - ok
22:44:39.0640 3664 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
22:44:40.0062 3664 mssmbios - ok
22:44:40.0187 3664 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
22:44:40.0578 3664 MSTEE - ok
22:44:41.0125 3664 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
22:44:41.0562 3664 Mup - ok
22:44:41.0796 3664 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
22:44:42.0828 3664 NABTSFEC - ok
22:44:43.0234 3664 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
22:44:43.0890 3664 NDIS - ok
22:44:44.0015 3664 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
22:44:45.0015 3664 NdisIP - ok
22:44:45.0500 3664 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
22:44:45.0671 3664 NdisTapi - ok
22:44:45.0859 3664 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
22:44:46.0796 3664 Ndisuio - ok
22:44:47.0515 3664 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
22:44:48.0765 3664 NdisWan - ok
22:44:49.0062 3664 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
22:44:49.0328 3664 NDProxy - ok
22:44:49.0421 3664 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
22:44:50.0625 3664 NetBIOS - ok
22:44:50.0968 3664 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
22:44:52.0015 3664 NetBT - ok
22:44:52.0890 3664 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
22:44:53.0906 3664 NIC1394 - ok
22:44:54.0375 3664 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
22:44:55.0203 3664 Npfs - ok
22:44:55.0562 3664 NSNDIS5 (53f7546e8daefb3a0813f5e19c4613c9) C:\WINDOWS\system32\NSNDIS5.SYS
22:44:55.0734 3664 NSNDIS5 ( UnsignedFile.Multi.Generic ) - warning
22:44:55.0734 3664 NSNDIS5 - detected UnsignedFile.Multi.Generic (1)
22:44:56.0312 3664 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
22:44:57.0062 3664 Ntfs - ok
22:44:57.0453 3664 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
22:44:58.0187 3664 Null - ok
22:44:58.0359 3664 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
22:44:59.0062 3664 NwlnkFlt - ok
22:44:59.0390 3664 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
22:45:00.0656 3664 NwlnkFwd - ok
22:45:00.0750 3664 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
22:45:01.0406 3664 ohci1394 - ok
22:45:01.0640 3664 Parport (46f8db73b4a53e543f8e371dc7c75bae) C:\WINDOWS\system32\DRIVERS\parport.sys
22:45:02.0500 3664 Parport - ok
22:45:02.0671 3664 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
22:45:03.0140 3664 PartMgr - ok
22:45:03.0234 3664 ParVdm (1fae19d0457176318bba4a8795656ebc) C:\WINDOWS\system32\drivers\ParVdm.sys
22:45:04.0109 3664 ParVdm - ok
22:45:04.0437 3664 pccsmcfd (fd2041e9ba03db7764b2248f02475079) C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys
22:45:04.0765 3664 pccsmcfd - ok
22:45:04.0859 3664 PCI (6ce351d149cb4befc702951e471e1730) C:\WINDOWS\system32\DRIVERS\pci.sys
22:45:05.0359 3664 PCI - ok
22:45:05.0515 3664 PCIDump - ok
22:45:05.0656 3664 PCIIde (2da4ec85e0ea7a45c6b2a05820492d5a) C:\WINDOWS\system32\DRIVERS\pciide.sys
22:45:06.0828 3664 PCIIde - ok
22:45:07.0078 3664 Pcmcia (4fc31e6c19a5ce5198b1abff94cae758) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
22:45:08.0031 3664 Pcmcia - ok
22:45:08.0250 3664 PDCOMP - ok
22:45:08.0296 3664 PDFRAME - ok
22:45:08.0359 3664 PDRELI - ok
22:45:08.0437 3664 PDRFRAME - ok
22:45:08.0500 3664 perc2 - ok
22:45:08.0562 3664 perc2hib - ok
22:45:08.0843 3664 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
22:45:09.0296 3664 PptpMiniport - ok
22:45:09.0484 3664 Processor (7eb15dce4ec3a0220bd796a15c18186e) C:\WINDOWS\system32\DRIVERS\processr.sys
22:45:10.0234 3664 Processor - ok
22:45:10.0359 3664 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
22:45:11.0312 3664 PSched - ok
22:45:11.0687 3664 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
22:45:13.0281 3664 Ptilink - ok
22:45:13.0625 3664 PxHelp20 (30cbae0a34359f1cd19d1576245149ed) C:\WINDOWS\system32\Drivers\PxHelp20.sys
22:45:13.0781 3664 PxHelp20 ( UnsignedFile.Multi.Generic ) - warning
22:45:13.0781 3664 PxHelp20 - detected UnsignedFile.Multi.Generic (1)
22:45:13.0796 3664 ql1080 - ok
22:45:13.0843 3664 Ql10wnt - ok
22:45:13.0906 3664 ql12160 - ok
22:45:13.0937 3664 ql1240 - ok
22:45:13.0984 3664 ql1280 - ok
22:45:14.0078 3664 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
22:45:14.0781 3664 RasAcd - ok
22:45:14.0890 3664 Rasirda (0207d26ddf796a193ccd9f83047bb5fc) C:\WINDOWS\system32\DRIVERS\rasirda.sys
22:45:15.0171 3664 Rasirda - ok
22:45:15.0453 3664 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
22:45:15.0968 3664 Rasl2tp - ok
22:45:16.0093 3664 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
22:45:16.0828 3664 RasPppoe - ok
22:45:17.0000 3664 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
22:45:17.0843 3664 Raspti - ok
22:45:18.0062 3664 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
22:45:18.0781 3664 Rdbss - ok
22:45:18.0890 3664 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
22:45:19.0718 3664 RDPCDD - ok
22:45:19.0875 3664 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
22:45:20.0234 3664 RDPWD - ok
22:45:20.0484 3664 redbook (611bfd220305be3a85ae876ea47d4aa5) C:\WINDOWS\system32\DRIVERS\redbook.sys
22:45:21.0578 3664 redbook - ok
22:45:21.0703 3664 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
22:45:22.0453 3664 ROOTMODEM - ok
22:45:22.0734 3664 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
22:45:23.0203 3664 sdbus - ok
22:45:23.0500 3664 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
22:45:24.0093 3664 Secdrv - ok
22:45:24.0281 3664 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
22:45:25.0078 3664 serenum - ok
22:45:25.0390 3664 Serial (b842729337c9b921615c40d3c1a1af96) C:\WINDOWS\system32\DRIVERS\serial.sys
22:45:26.0312 3664 Serial - ok
22:45:26.0703 3664 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
22:45:27.0843 3664 Sfloppy - ok
22:45:28.0140 3664 Simbad - ok
22:45:28.0312 3664 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
22:45:28.0984 3664 SLIP - ok
22:45:29.0250 3664 SMCIRDA (12224ac3a6fd3577036f038a0c03f2f5) C:\WINDOWS\system32\DRIVERS\smcirda.sys
22:45:29.0953 3664 SMCIRDA - ok
22:45:30.0265 3664 Sparrow - ok
22:45:30.0359 3664 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
22:45:31.0062 3664 splitter - ok
22:45:31.0484 3664 sr (94610c8653635e4459316a0050d55ce7) C:\WINDOWS\system32\DRIVERS\sr.sys
22:45:32.0234 3664 sr - ok
22:45:32.0531 3664 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
22:45:32.0843 3664 Srv - ok
22:45:33.0140 3664 ssm_bus (8724bc8f9750c2055467654027e9aaaa) C:\WINDOWS\system32\DRIVERS\ssm_bus.sys
22:45:33.0343 3664 ssm_bus ( UnsignedFile.Multi.Generic ) - warning
22:45:33.0343 3664 ssm_bus - detected UnsignedFile.Multi.Generic (1)
22:45:33.0421 3664 ssm_mdfl (0680dce79e0862806a6f3bb07a0550a4) C:\WINDOWS\system32\DRIVERS\ssm_mdfl.sys
22:45:33.0468 3664 ssm_mdfl ( UnsignedFile.Multi.Generic ) - warning
22:45:33.0468 3664 ssm_mdfl - detected UnsignedFile.Multi.Generic (1)
22:45:33.0531 3664 ssm_mdm (175d32718db7975100deb5708fcec549) C:\WINDOWS\system32\DRIVERS\ssm_mdm.sys
22:45:33.0937 3664 ssm_mdm ( UnsignedFile.Multi.Generic ) - warning
22:45:33.0937 3664 ssm_mdm - detected UnsignedFile.Multi.Generic (1)
22:45:34.0062 3664 StarOpen (306521935042fc0a6988d528643619b3) C:\WINDOWS\system32\drivers\StarOpen.sys
22:45:34.0125 3664 StarOpen ( UnsignedFile.Multi.Generic ) - warning
22:45:34.0125 3664 StarOpen - detected UnsignedFile.Multi.Generic (1)
22:45:34.0312 3664 StMp3Rec (1aac62e10cbeace07b20b1494333fd0d) C:\WINDOWS\system32\Drivers\StMp3Rec.sys
22:45:34.0468 3664 StMp3Rec ( UnsignedFile.Multi.Generic ) - warning
22:45:34.0468 3664 StMp3Rec - detected UnsignedFile.Multi.Generic (1)
22:45:34.0578 3664 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
22:45:35.0234 3664 streamip - ok
22:45:35.0453 3664 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
22:45:36.0781 3664 swenum - ok
22:45:37.0046 3664 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
22:45:37.0687 3664 swmidi - ok
22:45:37.0812 3664 symc810 - ok
22:45:37.0906 3664 symc8xx - ok
22:45:38.0000 3664 sym_hi - ok
22:45:38.0031 3664 sym_u3 - ok
22:45:38.0156 3664 SynTP (0f332c0ba9b968ebc8cbb906416f8597) C:\WINDOWS\system32\DRIVERS\SynTP.sys
22:45:38.0546 3664 SynTP - ok
22:45:38.0812 3664 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
22:45:39.0234 3664 sysaudio - ok
22:45:39.0375 3664 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
22:45:39.0859 3664 Tcpip - ok
22:45:40.0109 3664 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
22:45:40.0546 3664 TDPIPE - ok
22:45:41.0234 3664 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
22:45:41.0796 3664 TDTCP - ok
22:45:42.0031 3664 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
22:45:42.0906 3664 TermDD - ok
22:45:43.0203 3664 tifm21 (0edc3cf7b38f4260eb006c38e4a44de4) C:\WINDOWS\system32\drivers\tifm21.sys
22:45:43.0421 3664 tifm21 - ok
22:45:43.0468 3664 TosIde - ok
22:45:43.0750 3664 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
22:45:44.0546 3664 Udfs - ok
22:45:44.0578 3664 ultra - ok
22:45:44.0875 3664 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
22:45:45.0453 3664 Update - ok
22:45:45.0750 3664 USBCamera (0c28dd9ec68ccb6e95d49bfd24fd2c11) C:\WINDOWS\system32\Drivers\BscBulk.sys
22:45:45.0859 3664 USBCamera ( UnsignedFile.Multi.Generic ) - warning
22:45:45.0859 3664 USBCamera - detected UnsignedFile.Multi.Generic (1)
22:45:45.0984 3664 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
22:45:46.0500 3664 usbccgp - ok
22:45:46.0578 3664 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
22:45:47.0046 3664 usbehci - ok
22:45:47.0203 3664 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
22:45:48.0078 3664 usbhub - ok
22:45:48.0375 3664 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
22:45:49.0343 3664 usbohci - ok
22:45:49.0515 3664 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
22:45:50.0218 3664 usbscan - ok
22:45:50.0562 3664 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
22:45:51.0359 3664 USBSTOR - ok
22:45:51.0515 3664 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
22:45:52.0218 3664 usbuhci - ok
22:45:52.0359 3664 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
22:45:53.0312 3664 VgaSave - ok
22:45:53.0843 3664 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
22:45:54.0218 3664 ViaIde - ok
22:45:54.0281 3664 VolSnap (28a4b296b47782173c346e376cb374d1) C:\WINDOWS\system32\drivers\VolSnap.sys
22:45:55.0031 3664 VolSnap - ok
22:45:55.0375 3664 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
22:45:56.0000 3664 Wanarp - ok
22:45:56.0078 3664 WDICA - ok
22:45:56.0171 3664 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
22:45:56.0906 3664 wdmaud - ok
22:45:57.0187 3664 WIBUKEY (c6b5613cc0f50a998b87e04c6c11a273) C:\WINDOWS\system32\DRIVERS\Wibukey.sys
22:45:57.0375 3664 WIBUKEY ( UnsignedFile.Multi.Generic ) - warning
22:45:57.0375 3664 WIBUKEY - detected UnsignedFile.Multi.Generic (1)
22:45:57.0578 3664 winachsf (e61219e012e41f52755c04734eb49784) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
22:45:57.0828 3664 winachsf - ok
22:45:58.0234 3664 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
22:45:59.0062 3664 WmiAcpi - ok
22:45:59.0578 3664 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
22:46:00.0515 3664 WS2IFSL - ok
22:46:00.0953 3664 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
22:46:01.0906 3664 WSTCODEC - ok
22:46:02.0187 3664 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
22:46:02.0750 3664 WudfPf - ok
22:46:02.0812 3664 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
22:46:03.0093 3664 WudfRd - ok
22:46:03.0375 3664 MBR (0x1B8) (671b81004fdd1588fa9ed1331c9ceca9) \Device\Harddisk0\DR0
22:46:03.0796 3664 \Device\Harddisk0\DR0 - ok
22:46:03.0812 3664 Boot (0x1200) (449c88ccc169960f794b4f0d513ca1aa) \Device\Harddisk0\DR0\Partition0
22:46:03.0812 3664 \Device\Harddisk0\DR0\Partition0 - ok
22:46:03.0828 3664 ============================================================
22:46:03.0828 3664 Scan finished
22:46:03.0875 3664 ============================================================
22:46:04.0000 3204 Detected object count: 18
22:46:04.0000 3204 Actual detected object count: 18
22:48:02.0234 3204 ati2mtag ( UnsignedFile.Multi.Generic ) - skipped by user
22:48:02.0234 3204 ati2mtag ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:48:02.0234 3204 btaudio ( UnsignedFile.Multi.Generic ) - skipped by user
22:48:02.0234 3204 btaudio ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:48:02.0250 3204 BTDriver ( UnsignedFile.Multi.Generic ) - skipped by user
22:48:02.0250 3204 BTDriver ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:48:02.0250 3204 BTKRNL ( UnsignedFile.Multi.Generic ) - skipped by user
22:48:02.0250 3204 BTKRNL ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:48:02.0296 3204 BTWDNDIS ( UnsignedFile.Multi.Generic ) - skipped by user
22:48:02.0296 3204 BTWDNDIS ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:48:02.0328 3204 btwmodem ( UnsignedFile.Multi.Generic ) - skipped by user
22:48:02.0328 3204 btwmodem ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:48:02.0328 3204 BTWUSB ( UnsignedFile.Multi.Generic ) - skipped by user
22:48:02.0328 3204 BTWUSB ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:48:02.0343 3204 ClntMgmt.sys ( UnsignedFile.Multi.Generic ) - skipped by user
22:48:02.0343 3204 ClntMgmt.sys ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:48:02.0343 3204 DC1300 ( UnsignedFile.Multi.Generic ) - skipped by user
22:48:02.0343 3204 DC1300 ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:48:02.0343 3204 NSNDIS5 ( UnsignedFile.Multi.Generic ) - skipped by user
22:48:02.0343 3204 NSNDIS5 ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:48:02.0375 3204 PxHelp20 ( UnsignedFile.Multi.Generic ) - skipped by user
22:48:02.0375 3204 PxHelp20 ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:48:02.0375 3204 ssm_bus ( UnsignedFile.Multi.Generic ) - skipped by user
22:48:02.0375 3204 ssm_bus ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:48:02.0437 3204 ssm_mdfl ( UnsignedFile.Multi.Generic ) - skipped by user
22:48:02.0437 3204 ssm_mdfl ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:48:02.0453 3204 ssm_mdm ( UnsignedFile.Multi.Generic ) - skipped by user
22:48:02.0453 3204 ssm_mdm ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:48:02.0453 3204 StarOpen ( UnsignedFile.Multi.Generic ) - skipped by user
22:48:02.0453 3204 StarOpen ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:48:02.0453 3204 StMp3Rec ( UnsignedFile.Multi.Generic ) - skipped by user
22:48:02.0453 3204 StMp3Rec ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:48:02.0468 3204 USBCamera ( UnsignedFile.Multi.Generic ) - skipped by user
22:48:02.0468 3204 USBCamera ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:48:02.0468 3204 WIBUKEY ( UnsignedFile.Multi.Generic ) - skipped by user
22:48:02.0468 3204 WIBUKEY ( UnsignedFile.Multi.Generic ) - User select action: Skip

Proc pouzivate utility, ktere jsem Vam nerikal - napr. AnitZA

Pak tu muzu treba skakat po strope a leceni stejne bude na kkt

Dejte mi sem tenhle log C:\AntiZeroAccess_Log.txt

to mam jetse z odpoledne, kdyz jsem jel 'na vlastni pest' podle vaseho starsiho prispevku
a priznavam ze jsem to jeste jednou spustil, nez jsem od vas dostal pokyny ohledne combifixu, protoze jsem necekal ze to budeme jeste resit

tohle je ten ulozeny, mam to projet znovu?:

Webroot AntiZeroAccess 0.8 Log File
Execution time: 15/03/2012 - 16:25
Host operation System: Windows Xp X86 version 5.1.2600 Service Pack 3
16:26:04 - CheckSystem - Begin to check system...
16:26:04 - OpenRootDrive - Opening system root volume and physical drive....
16:26:04 - C Root Drive: Disk number: 0 Start sector: 0x0000003F Partition Size: 0x04A817B1 sectors.
16:26:04 - PrevX Main driver extracted in "C:\WINDOWS\system32\drivers\ZeroAccess.sys".
16:26:05 - InstallAndStartDriver - Main driver was installed and now is running.
16:26:05 - CheckSystem - Disk class driver state is OK.
16:26:13 - StopAndRemoveDriver - AntiZeroAccess Driver is stopped and removed.
16:26:13 - StopAndRemoveDriver - File "ZeroAccess.sys" was deleted!
16:26:13 - Execution Ended!

Webroot AntiZeroAccess 0.8 Log File
Execution time: 15/03/2012 - 20:43
Host operation System: Windows Xp X86 version 5.1.2600 Service Pack 3
20:43:40 - CheckSystem - Begin to check system...
20:43:40 - OpenRootDrive - Opening system root volume and physical drive....
20:43:40 - C Root Drive: Disk number: 0 Start sector: 0x0000003F Partition Size: 0x04A817B1 sectors.
20:43:40 - PrevX Main driver extracted in "C:\WINDOWS\system32\drivers\ZeroAccess.sys".
20:43:42 - InstallAndStartDriver - Main driver was installed and now is running.
20:43:42 - CheckSystem - Disk class driver state is OK.
20:43:49 - StopAndRemoveDriver - AntiZeroAccess Driver is stopped and removed.
20:43:49 - StopAndRemoveDriver - File "ZeroAccess.sys" was deleted!
20:43:49 - Execution Ended!

VIRY.CZ

win32 sirefef.AC

win32 sirefef.AC

win32 sirefef.AC

win32 sirefef.AC

Re: win32 sirefef.AC

Re: win32 sirefef.AC

Re: win32 sirefef.AC

Re: win32 sirefef.AC

Re: win32 sirefef.AC

Re: win32 sirefef.AC

Re: win32 sirefef.AC

Re: win32 sirefef.AC

Re: win32 sirefef.AC

Re: win32 sirefef.AC

Re: win32 sirefef.AC

Re: win32 sirefef.AC