VIRY.CZ

zdravim, dostal sa mi do ruk notebook s tymto virusom a zbavit sa ho je nad moje sily tak prosim o pomoc. system sa da zapnut len v nudzovom rezime s prikazovym riadkom pri vsetkych ostatnych moznostiach nabehne po par sekundach obrazovka s ziadostou o zaplatenie 100e.

Zdravim

Na zdravem PC stahnete Farbar Recovery Scan Tool http://www.bleepingcomputer.com/downloa ... scan-tool/

Ulozte na nejaky flash disk, primo na jeho koren

Na poskozenem PC nabootujte Nouzovy rezim s prikazovym radkem MS-DOS

Nyni si zjisteme pismeno flash disku

Zadejte prikaz notepad a odenterujte
Otebre se poznamkovy blok (notepad)
Dejte Soubor --> Otevrit --> najdete tento pocitac a otevrete USB klic je FRST ulozeny
Podivejte se, jake pismeno ma USB klic (F:\, G:\ apod)
Zavrete notepad krizkem

Ted si ziskame log

Pokud mate stazeny FRST pro 64 bit OS, tak se jmenuje FRST64.exe a je nutne jej tak zadat
Zadejte prikaz "pismeno disku":\FRST.exe a odenterujte (napr. F:\FRST.exe)
Spusti se FRST
Spuste prohledavani kliknutim na Scan
Po chvili se vytvori na flash disku log FRST.exe
Ten mi sem vlozte pres zdravy PC

tak pravdepodobne sa mi to uz podarilo odstranit cez combofix ale tak tu je ten FRST log:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 18-05-2013
Ran by Janka (administrator) on 18-05-2013 19:38:58
Running from H:\
Microsoft Windows XP Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 6
Boot Mode: Safe Mode (minimal)
==================== Processes (Whitelisted) ===================

(Microsoft Corporation) D:\WINDOWS\system32\cmd.exe
(Farbar) H:\FRST.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [avgnt] "D:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min [x]
HKLM\...\Run: [RTHDCPL] RTHDCPL.EXE [x]
HKLM\...\Run: [Alcmtr] ALCMTR.EXE [x]
HKLM Group Policy restriction on software: %HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Cache%OLK* <====== ATTENTION
HKLM\...\Winlogon: [Userinit] D:\WINDOWS\system32\userinit.exe, [x]
HKLM\...\Winlogon: [System]
Winlogon\Notify\AtiExtEvent: Ati2evxx.dll (ATI Technologies Inc.)
HKCU\...\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe [x]
Lsa: [Authentication Packages] msv1_0 nwprovau
Startup: D:\Documents and Settings\Janka\Start Menu\Programs\Startup\msconfig.lnk
ShortcutTarget: msconfig.lnk -> d:\docume~1\alluse~1\applic~1\low47.dat (No File)
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - D:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dl ... R}&ar=home
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
SearchScopes: HKLM - DefaultScope value is missing.
HKCU SearchScopes: DefaultScope {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.as ... =CT3072253
SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.as ... =CT3072253
ShellExecuteHooks: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - D:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2210608 2006-10-27] (Microsoft Corporation)
Winsock: Catalog5 04 %SystemRoot%\System32\nwprovau.dll [142336] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 192.168.2.1

FireFox:
========
FF ProfilePath: D:\Documents and Settings\Janka\Application Data\Mozilla\Firefox\Profiles\f7dutfeh.default
FF Homepage: hxxp://www.google.sk/
FF Keyword.URL: hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=2&q=
FF Plugin: @adobe.com/FlashPlayer - D:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF Plugin: @java.com/DTPlugin,version=10.17.2 - D:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.17.2 - D:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - D:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - D:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.6 - D:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - D:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: uTorrentControl2 Community Toolbar - D:\Documents and Settings\Janka\Application Data\Mozilla\Firefox\Profiles\f7dutfeh.default\Extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}

Chrome:
=======
CHR HomePage: hxxp://search.conduit.com/?ctid=CT3072253&SearchSource=48
CHR RestoreOnStartup: "hxxp://search.conduit.com/?ctid=CT3072253&SearchSource=48"
CHR Extension: (avast! WebRep) - D:\Documents and Settings\Janka\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0
CHR Extension: (uTorrentControl2) - D:\Documents and Settings\Janka\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc\2.3.7.1_0

========================== Services (Whitelisted) =================

S2 AntiVirSchedulerService; D:\Program Files\Avira\AntiVir Desktop\sched.exe [86752 2013-04-09] (Avira Operations GmbH & Co. KG)
S2 AntiVirService; D:\Program Files\Avira\AntiVir Desktop\avguard.exe [110816 2013-04-09] (Avira Operations GmbH & Co. KG)
S2 NWCWorkstation; D:\Windows\System32\nwwks.dll [65536 2008-04-14] (Microsoft Corporation)
S4 Sony PC Companion; D:\Program Files\Sony\Sony PC Companion\PCCService.exe [155824 2013-02-04] (Avanquest Software)
S2 JavaQuickStarterService; "D:\Program Files\Java\jre7\bin\jqs.exe" -service -config "D:\Program Files\Java\jre7\lib\deploy\jqs\jqs.conf" [x]

==================== Drivers (Whitelisted) ====================

R0 a347bus; D:\Windows\System32\DRIVERS\a347bus.sys [160640 2004-04-30] ( )
R0 a347scsi; D:\Windows\System32\Drivers\a347scsi.sys [5248 2004-04-30] ( )
S3 AR5416; D:\Windows\System32\DRIVERS\athw.sys [1343616 2008-11-06] (Atheros Communications, Inc.)
R0 atapi; D:\Windows\System32\DRIVERS\atapi.sys [96512 2008-04-14] ()
S3 ati2mtag; D:\Windows\System32\DRIVERS\ati2mtag.sys [2880000 2008-04-30] (ATI Technologies Inc.)
S2 avgntflt; D:\Windows\System32\DRIVERS\avgntflt.sys [84744 2013-04-09] (Avira Operations GmbH & Co. KG)
S1 avipbb; D:\Windows\System32\DRIVERS\avipbb.sys [135136 2013-04-09] (Avira Operations GmbH & Co. KG)
S1 avkmgr; D:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-04-09] (Avira Operations GmbH & Co. KG)
S3 b57w2k; D:\Windows\System32\DRIVERS\b57xp32.sys [175104 2008-03-20] (Broadcom Corporation)
S3 CCDECODE; D:\Windows\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)
R1 cdrbsdrv; D:\Windows\System32\Drivers\cdrbsdrv.sys [13567 2004-03-08] (B.H.A Corporation)
R3 HDAudBus; D:\Windows\System32\DRIVERS\HDAudBus.sys [144384 2008-04-13] (Windows (R) Server 2003 DDK provider)
S3 HSFHWAZL; D:\Windows\System32\DRIVERS\HSFHWAZL.sys [209664 2006-12-22] (Conexant Systems, Inc.)
S3 HSF_DPV; D:\Windows\System32\DRIVERS\HSF_DPV.sys [988800 2006-12-22] (Conexant Systems, Inc.)
S3 NABTSFEC; D:\Windows\System32\DRIVERS\NABTSFEC.sys [85248 2008-04-14] (Microsoft Corporation)
S3 NdisIP; D:\Windows\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
S2 NwlnkIpx; D:\Windows\System32\DRIVERS\nwlnkipx.sys [88320 2008-04-14] (Microsoft Corporation)
S2 NwlnkNb; D:\Windows\System32\DRIVERS\nwlnknb.sys [63232 2002-08-29] (Microsoft Corporation)
S2 NwlnkSpx; D:\Windows\System32\DRIVERS\nwlnkspx.sys [55936 2002-08-29] (Microsoft Corporation)
S3 NWRDR; D:\Windows\System32\DRIVERS\nwrdr.sys [163584 2008-04-14] (Microsoft Corporation)
S3 RTHDMIAzAudService; D:\Windows\System32\drivers\RtHDMI.sys [3682240 2008-07-19] (Realtek Semiconductor Corp.)
S3 s0016bus; D:\Windows\System32\DRIVERS\s0016bus.sys [89256 2008-05-16] (MCCI Corporation)
S3 s0016mdfl; D:\Windows\System32\DRIVERS\s0016mdfl.sys [15016 2008-05-16] (MCCI Corporation)
S3 s0016mdm; D:\Windows\System32\DRIVERS\s0016mdm.sys [120744 2008-05-16] (MCCI Corporation)
S3 s0016mgmt; D:\Windows\System32\DRIVERS\s0016mgmt.sys [114216 2008-05-16] (MCCI Corporation)
S3 s0016nd5; D:\Windows\System32\DRIVERS\s0016nd5.sys [25512 2008-05-16] (MCCI Corporation)
S3 s0016obex; D:\Windows\System32\DRIVERS\s0016obex.sys [110632 2008-05-16] (MCCI Corporation)
S3 s0016unic; D:\Windows\System32\DRIVERS\s0016unic.sys [115752 2008-05-16] (MCCI Corporation)
S3 s0017bus; D:\Windows\System32\DRIVERS\s0017bus.sys [86824 2008-10-21] (MCCI Corporation)
S3 s0017mdfl; D:\Windows\System32\DRIVERS\s0017mdfl.sys [15016 2008-10-21] (MCCI Corporation)
S3 s0017mdm; D:\Windows\System32\DRIVERS\s0017mdm.sys [114600 2008-10-21] (MCCI Corporation)
S3 s0017mgmt; D:\Windows\System32\DRIVERS\s0017mgmt.sys [108328 2008-10-21] (MCCI Corporation)
S3 s0017nd5; D:\Windows\System32\DRIVERS\s0017nd5.sys [26024 2008-10-21] (MCCI Corporation)
S3 s0017obex; D:\Windows\System32\DRIVERS\s0017obex.sys [104616 2008-10-21] (MCCI Corporation)
S3 s0017unic; D:\Windows\System32\DRIVERS\s0017unic.sys [109736 2008-10-21] (MCCI Corporation)
S3 SLIP; D:\Windows\System32\DRIVERS\SLIP.sys [11136 2008-04-14] (Microsoft Corporation)
S1 ssmdrv; D:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-04-09] (Avira GmbH)
S3 streamip; D:\Windows\System32\DRIVERS\StreamIP.sys [15232 2008-04-14] (Microsoft Corporation)
S3 TS_AR5416; D:\Windows\System32\DRIVERS\ts_athw.sys [1626344 2012-10-06] (TamoSoft)
S3 WSTCODEC; D:\Windows\System32\DRIVERS\WSTCODEC.SYS [19200 2008-04-14] (Microsoft Corporation)
S4 Abiosdsk; No ImagePath
S4 abp480n5; No ImagePath
S4 adpu160m; No ImagePath
S4 Aha154x; No ImagePath
S4 aic78u2; No ImagePath
S4 aic78xx; No ImagePath
S4 AliIde; No ImagePath
S4 amsint; No ImagePath
S4 asc; No ImagePath
S4 asc3350p; No ImagePath
S4 asc3550; No ImagePath
S4 Atdisk; No ImagePath
S3 catchme; \??\D:\DOCUME~1\Janka\LOCALS~1\Temp\catchme.sys [x]
S4 cd20xrnt; No ImagePath
S1 Changer; No ImagePath
S4 CmdIde; No ImagePath
S4 Cpqarray; No ImagePath
U4 dac2w2k; No ImagePath
S4 dac960nt; No ImagePath
S4 dpti2o; No ImagePath
S4 hpn; No ImagePath
S1 i2omgmt; No ImagePath
S4 i2omp; No ImagePath
S4 ini910u; No ImagePath
S4 IntelIde; No ImagePath
S1 lbrtfdc; No ImagePath
S4 mraid35x; No ImagePath
S1 PCIDump; No ImagePath
S3 PDCOMP; No ImagePath
S3 PDFRAME; No ImagePath
S3 PDRELI; No ImagePath
S3 PDRFRAME; No ImagePath
S4 perc2; No ImagePath
S4 perc2hib; No ImagePath
S4 ql1080; No ImagePath
S4 Ql10wnt; No ImagePath
S4 ql12160; No ImagePath
S4 ql1240; No ImagePath
S4 ql1280; No ImagePath
S4 Simbad; No ImagePath
S4 Sparrow; No ImagePath
S4 symc810; No ImagePath
S4 symc8xx; No ImagePath
S4 sym_hi; No ImagePath
S4 sym_u3; No ImagePath
S4 TosIde; No ImagePath
S4 ultra; No ImagePath
S4 ViaIde; No ImagePath
S3 WDICA; No ImagePath

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-05-18 19:37 - 2013-05-18 19:37 - 00000000 ____D D:\FRST
2013-05-18 19:36 - 2013-05-18 20:27 - 00000000 ___AD D:\Kaspersky Rescue Disk 10.0
2013-05-18 19:13 - 2013-05-18 19:13 - 00010244 ____A D:\ComboFix.txt
2013-05-18 18:56 - 2013-05-18 19:13 - 00000000 ____D D:\Qoobox
2013-05-18 18:56 - 2011-06-26 08:45 - 00256000 ____A D:\Windows\PEV.exe
2013-05-18 18:56 - 2010-11-07 19:20 - 00208896 ____A D:\Windows\MBR.exe
2013-05-18 18:56 - 2009-04-20 06:56 - 00060416 ____A (NirSoft) D:\Windows\NIRCMD.exe
2013-05-18 18:56 - 2000-08-31 02:00 - 00518144 ____A (SteelWerX) D:\Windows\SWREG.exe
2013-05-18 18:56 - 2000-08-31 02:00 - 00406528 ____A (SteelWerX) D:\Windows\SWSC.exe
2013-05-18 18:56 - 2000-08-31 02:00 - 00212480 ____A (SteelWerX) D:\Windows\SWXCACLS.exe
2013-05-18 18:56 - 2000-08-31 02:00 - 00098816 ____A D:\Windows\sed.exe
2013-05-18 18:56 - 2000-08-31 02:00 - 00080412 ____A D:\Windows\grep.exe
2013-05-18 18:56 - 2000-08-31 02:00 - 00068096 ____A D:\Windows\zip.exe
2013-05-18 18:55 - 2013-05-18 19:11 - 00000000 ____D D:\Windows\erdnt
2013-05-18 18:54 - 2013-05-18 18:48 - 05067228 ____R (Swearware) D:\Documents and Settings\Janka\Desktop\ComboFix.exe
2013-05-18 17:19 - 2013-05-18 17:19 - 00000000 ____D D:\Windows\System32\appmgmt
2013-05-12 17:52 - 2013-05-18 18:36 - 00000000 ____D D:\Windows\pss
2013-05-11 09:45 - 2013-05-18 18:40 - 00000000 ____A D:\Documents and Settings\All Users\Application Data\as98213.txt
2013-05-11 09:45 - 2013-05-11 09:45 - 00003036 ____A D:\Documents and Settings\All Users\Application Data\74wol.js
2013-05-09 21:15 - 2013-05-09 21:15 - 00000000 ____D D:\Program Files\Caminova
2013-05-09 21:14 - 2013-05-09 21:14 - 00000000 ____D D:\Documents and Settings\All Users\Application Data\Caminova
2013-05-09 19:37 - 2013-05-09 21:47 - 00000000 ____D D:\Program Files\CommViewWiFi
2013-05-09 19:37 - 2013-05-09 19:37 - 00001536 ____A D:\Documents and Settings\All Users\Desktop\CommView for WiFi.lnk
2013-05-05 20:36 - 2013-05-09 21:21 - 00000000 ____D D:\Documents and Settings\Janka\Desktop\brusko
2013-05-05 20:26 - 2013-05-05 20:42 - 00000000 ____D D:\Documents and Settings\Janka\Desktop\janka foto
2013-05-05 19:59 - 2013-05-05 19:59 - 00000000 ____D D:\Documents and Settings\Janka\Local Settings\Application Data\P5
2013-05-04 22:46 - 2013-05-04 22:46 - 00003710 ____A D:\Documents and Settings\Janka\Desktop\streamy.m3u
2013-05-04 22:28 - 2013-05-04 22:28 - 00004222 ____A D:\Documents and Settings\Janka\My Documents\markiza.xspf
2013-05-04 22:24 - 2013-05-04 22:24 - 00003961 ____A D:\Documents and Settings\Janka\My Documents\nova.xspf
2013-05-04 22:24 - 2013-05-04 22:24 - 00003700 ____A D:\Documents and Settings\Janka\My Documents\ocko.xspf
2013-05-04 22:23 - 2013-05-04 22:23 - 00002917 ____A D:\Documents and Settings\Janka\Desktop\primalove.xspf
2013-05-04 22:08 - 2013-05-11 09:39 - 00000000 ____D D:\Documents and Settings\Janka\Application Data\vlc
2013-05-04 22:08 - 2013-05-04 22:08 - 00000719 ____A D:\Documents and Settings\All Users\Desktop\VLC media player.lnk
2013-05-04 22:07 - 2013-05-04 22:07 - 00000000 ____D D:\Program Files\VideoLAN

==================== One Month Modified Files and Folders ========

2013-05-18 20:27 - 2013-05-18 19:36 - 00000000 ___AD D:\Kaspersky Rescue Disk 10.0
2013-05-18 19:39 - 2010-05-25 22:56 - 00360124 ____A D:\Windows\System32\PerfStringBackup.INI
2013-05-18 19:37 - 2013-05-18 19:37 - 00000000 ____D D:\FRST
2013-05-18 19:35 - 2010-05-25 21:07 - 00000062 __ASH D:\Documents and Settings\NetworkService\Local Settings\desktop.ini
2013-05-18 19:35 - 2010-05-25 21:07 - 00000062 __ASH D:\Documents and Settings\Janka\Local Settings\desktop.ini
2013-05-18 19:33 - 2010-05-26 12:34 - 01222568 ____A D:\Windows\WindowsUpdate.log
2013-05-18 19:33 - 2010-05-25 22:57 - 00000275 ____A D:\Windows\wiadebug.log
2013-05-18 19:33 - 2010-05-25 22:57 - 00000051 ____A D:\Windows\wiaservc.log
2013-05-18 19:33 - 2010-05-25 21:07 - 00032610 ____A D:\Windows\SchedLgU.Txt
2013-05-18 19:33 - 2010-05-25 21:07 - 00000178 ___SH D:\Documents and Settings\Janka\ntuser.ini
2013-05-18 19:33 - 2010-05-25 21:04 - 00000006 ___AH D:\Windows\Tasks\SA.DAT
2013-05-18 19:32 - 2010-05-25 21:18 - 00000000 ____D D:\Program Files\Winamp
2013-05-18 19:30 - 2012-04-21 13:37 - 00000000 ____D D:\Windows\Minidump
2013-05-18 19:27 - 2012-02-04 20:44 - 00000920 ____A D:\Windows\Tasks\GoogleUpdateTaskMachineCore1cce36d8f784a2.job
2013-05-18 19:27 - 2010-05-25 21:07 - 00000062 __ASH D:\Documents and Settings\LocalService\Local Settings\desktop.ini
2013-05-18 19:26 - 2002-08-29 14:00 - 00000562 ____A D:\Windows\win.ini
2013-05-18 19:26 - 2002-08-29 14:00 - 00000283 ____A D:\Windows\system.ini
2013-05-18 19:13 - 2013-05-18 19:13 - 00010244 ____A D:\ComboFix.txt
2013-05-18 19:13 - 2013-05-18 18:56 - 00000000 ____D D:\Qoobox
2013-05-18 19:11 - 2013-05-18 18:55 - 00000000 ____D D:\Windows\erdnt
2013-05-18 18:48 - 2013-05-18 18:54 - 05067228 ____R (Swearware) D:\Documents and Settings\Janka\Desktop\ComboFix.exe
2013-05-18 18:40 - 2013-05-11 09:45 - 00000000 ____A D:\Documents and Settings\All Users\Application Data\as98213.txt
2013-05-18 18:36 - 2013-05-12 17:52 - 00000000 ____D D:\Windows\pss
2013-05-18 17:24 - 2010-07-05 11:08 - 00000000 ____D D:\Documents and Settings\Janka\Local Settings\Application Data\Google
2013-05-18 17:24 - 2010-05-26 12:39 - 00000000 ____D D:\Documents and Settings\Janka\Application Data\Mozilla
2013-05-18 17:19 - 2013-05-18 17:19 - 00000000 ____D D:\Windows\System32\appmgmt
2013-05-18 17:15 - 2010-10-11 19:53 - 00001016 ____A D:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1409082233-1123561945-839522115-1003UA.job
2013-05-18 17:15 - 2010-07-05 11:08 - 00000922 ____A D:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-05-13 22:09 - 2010-05-26 15:15 - 00070656 ____A D:\Documents and Settings\Janka\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-05-11 14:06 - 2010-10-07 15:04 - 00000000 ____D D:\Documents and Settings\Janka\My Documents\Stažené soubory
2013-05-11 10:09 - 2011-06-03 18:29 - 00000664 ____A D:\Windows\System32\d3d9caps.dat
2013-05-11 09:45 - 2013-05-11 09:45 - 00003036 ____A D:\Documents and Settings\All Users\Application Data\74wol.js
2013-05-11 09:39 - 2013-05-04 22:08 - 00000000 ____D D:\Documents and Settings\Janka\Application Data\vlc
2013-05-10 09:15 - 2010-10-11 19:53 - 00000964 ____A D:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1409082233-1123561945-839522115-1003Core.job
2013-05-09 21:51 - 2010-05-30 11:06 - 00000116 ___AC D:\Windows\NeroDigital.ini
2013-05-09 21:47 - 2013-05-09 19:37 - 00000000 ____D D:\Program Files\CommViewWiFi
2013-05-09 21:21 - 2013-05-05 20:36 - 00000000 ____D D:\Documents and Settings\Janka\Desktop\brusko
2013-05-09 21:15 - 2013-05-09 21:15 - 00000000 ____D D:\Program Files\Caminova
2013-05-09 21:14 - 2013-05-09 21:14 - 00000000 ____D D:\Documents and Settings\All Users\Application Data\Caminova
2013-05-09 19:37 - 2013-05-09 19:37 - 00001536 ____A D:\Documents and Settings\All Users\Desktop\CommView for WiFi.lnk
2013-05-09 19:37 - 2010-05-26 12:29 - 00000000 ____D D:\Windows\System32\ReinstallBackups
2013-05-08 15:02 - 2002-08-29 14:00 - 00002206 ____A D:\Windows\System32\wpa.dbl
2013-05-05 20:42 - 2013-05-05 20:26 - 00000000 ____D D:\Documents and Settings\Janka\Desktop\janka foto
2013-05-05 19:59 - 2013-05-05 19:59 - 00000000 ____D D:\Documents and Settings\Janka\Local Settings\Application Data\P5
2013-05-04 22:46 - 2013-05-04 22:46 - 00003710 ____A D:\Documents and Settings\Janka\Desktop\streamy.m3u
2013-05-04 22:28 - 2013-05-04 22:28 - 00004222 ____A D:\Documents and Settings\Janka\My Documents\markiza.xspf
2013-05-04 22:24 - 2013-05-04 22:24 - 00003961 ____A D:\Documents and Settings\Janka\My Documents\nova.xspf
2013-05-04 22:24 - 2013-05-04 22:24 - 00003700 ____A D:\Documents and Settings\Janka\My Documents\ocko.xspf
2013-05-04 22:23 - 2013-05-04 22:23 - 00002917 ____A D:\Documents and Settings\Janka\Desktop\primalove.xspf
2013-05-04 22:08 - 2013-05-04 22:08 - 00000719 ____A D:\Documents and Settings\All Users\Desktop\VLC media player.lnk
2013-05-04 22:07 - 2013-05-04 22:07 - 00000000 ____D D:\Program Files\VideoLAN
2013-05-02 07:12 - 2013-04-09 17:20 - 00000000 ____D D:\Windows\System32\NtmsData
2013-05-02 07:11 - 2010-05-25 21:01 - 00000000 ____D D:\Windows\Registration
2013-04-29 16:43 - 2011-05-19 16:39 - 00000000 ____D D:\Program Files\Sony Ericsson
2013-04-29 16:43 - 2011-05-19 16:39 - 00000000 ____D D:\Documents and Settings\All Users\Application Data\Sony Ericsson
2013-04-19 09:59 - 2012-07-04 06:37 - 00001739 ____A D:\Documents and Settings\All Users\Desktop\Sony PC Companion 2.1.lnk
2013-04-19 09:59 - 2010-05-26 12:41 - 00000000 ___HD D:\Program Files\InstallShield Installation Information

Other Malware:
===========
D:\Documents and Settings\Janka\Start Menu\Programs\Startup\msconfig.lnk

==================== Bamital & volsnap Check =================

D:\Windows\explorer.exe => MD5 is legit
D:\Windows\System32\winlogon.exe => MD5 is legit
D:\Windows\System32\svchost.exe => MD5 is legit
D:\Windows\System32\services.exe
[2002-08-29 14:00] - [2008-04-14 05:42] - 0108544 ____A (Microsoft Corporation) 0e776ed5f7cc9f94299e70461b7b8185

D:\Windows\System32\User32.dll => MD5 is legit
D:\Windows\System32\userinit.exe => MD5 is legit
D:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================

Pokud si hodlate delat kroky jak se vam chce a jake se vam chce, tak si to lecte sam

Co se tyce ComboFixu, ktery jste pouzil, tak na zaklade licence a pravidel fora ptam, umite s nim pracovat (spusteni, rozlusteni logu, napsani skriptu)?

licencni podminky hovori jasne "Nikdy by nemel byt pouzit v prostredi bez dozoru zkusene osoby"
Obrázek

Nebezpeci CFka

Je urcen primarne pro radce - jeho svevolnym pouzitim ztracite narok na podporu
Maze stopy po haveti, takze v logu z RSIT neni nic videt
Jeho log je treba dolustit, jelikoz neumi smazat vse - to ovsem tezko zvladnete pokud k tomu nejste vyskolen
CF muze mit bug = sunda Vam system, pokud nevite kam co uklada, jak co obnovit, mate system v kytkam a ceka Vas reinstal
CF taky bohuzel prozatim nekontroluje nektere dulezite knihovny (napr. hal.dll) - ty treba mazou nektere typy haveti (napr. angela) - smaze Vam po restartu hal.dll = nenajede Vam system a jste o radek vyse = reinstal

ospravedlnujem sa ale trapim sa s tym uz par hodin takze som toho uz vyskusal vela a s tym ze ten system bude potrebovat reinstal som uz vlastne ratal. combofix v case pisania prveho prispevku uz bezal takze este raz sry a o tych rizikach som nevedel. ak budes mat este zaujem to so mnou doriesit tak tu je aj CF log:

ComboFix 13-05-18.03 - Janka 18.05.2013 19:01:35.1.2 - x86 MINIMAL
Running from: d:\documents and settings\Janka\Desktop\ComboFix.exe
.
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
ADS - system32: deleted 12 bytes in 1 streams.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
d:\documents and settings\All Users\Application Data\2og8.pad
d:\documents and settings\All Users\Application Data\74wol.pad
d:\documents and settings\All Users\Application Data\8go2.dat
d:\documents and settings\All Users\Application Data\low47.dat
d:\documents and settings\All Users\Application Data\rundll32.exe
d:\windows\system32\MUI\041b\tourstart.exe
.
.
((((((((((((((((((((((((( Files Created from 2013-04-18 to 2013-05-18 )))))))))))))))))))))))))))))))
.
.
2013-05-18 17:36 . 2013-05-18 18:27 -------- d---a-w- D:\Kaspersky Rescue Disk 10.0
2013-05-11 07:45 . 2013-05-11 07:45 3036 ----a-w- d:\documents and settings\All Users\Application Data\74wol.js
2013-05-09 19:15 . 2013-02-11 23:33 1904472 ----a-w- d:\program files\Mozilla Firefox\plugins\npdjvu.dll
2013-05-09 19:15 . 2013-05-09 19:15 -------- d-----w- d:\program files\Caminova
2013-05-09 19:14 . 2013-05-09 19:14 -------- d-----w- d:\documents and settings\All Users\Application Data\Caminova
2013-05-09 17:37 . 2013-05-09 19:47 -------- d-----w- d:\program files\CommViewWiFi
2013-05-05 17:59 . 2013-05-05 17:59 -------- d-----w- d:\documents and settings\Janka\Local Settings\Application Data\P5
2013-05-04 20:08 . 2013-05-11 07:39 -------- d-----w- d:\documents and settings\Janka\Application Data\vlc
2013-05-04 20:07 . 2013-05-04 20:07 -------- d-----w- d:\program files\VideoLAN
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-04-09 15:21 . 2013-04-09 15:21 94112 ----a-w- d:\windows\system32\WindowsAccessBridge.dll
2013-04-09 15:21 . 2013-04-09 15:21 861088 ----a-w- d:\windows\system32\npDeployJava1.dll
2013-04-09 15:21 . 2013-04-09 15:21 143872 ----a-w- d:\windows\system32\javacpl.cpl
2013-04-09 15:21 . 2011-05-19 14:45 782240 -c--a-w- d:\windows\system32\deployJava1.dll
2013-04-09 15:15 . 2013-04-09 15:17 84744 ----a-w- d:\windows\system32\drivers\avgntflt.sys
2013-04-09 15:15 . 2013-04-09 15:17 37352 ----a-w- d:\windows\system32\drivers\avkmgr.sys
2013-04-09 15:15 . 2013-04-09 15:17 135136 ----a-w- d:\windows\system32\drivers\avipbb.sys
2013-04-09 15:07 . 2013-04-09 15:07 693976 ----a-w- d:\windows\system32\FlashPlayerApp.exe
2013-04-09 15:07 . 2011-06-06 17:24 73432 -c--a-w- d:\windows\system32\FlashPlayerCPLApp.cpl
2013-04-12 14:22 . 2013-04-12 14:21 263064 ----a-w- d:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . d:\windows\ServicePackFiles\i386\atapi.sys
[-] 2008-04-13 22:10 . !HASH: COULD NOT OPEN FILE !!!!! . 96512 . . [------] . . d:\windows\system32\drivers\atapi.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="d:\program files\Avira\AntiVir Desktop\avgnt.exe" [2013-05-06 345312]
.
d:\documents and settings\Janka\Start Menu\Programs\Startup\
msconfig.lnk - d:\windows\system32\rundll32.exe [2002-8-29 33280]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau
.
[HKLM\~\startupfolder\D:^Documents and Settings^Janka^Start Menu^Programs^Startup^msconfig.lnk]
path=d:\documents and settings\Janka\Start Menu\Programs\Startup\msconfig.lnk
backup=d:\windows\pss\msconfig.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2008-06-20 00:20 57344 ----a-r- d:\windows\ALCMTR.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt]
2013-05-06 08:27 345312 ----a-w- d:\program files\Avira\AntiVir Desktop\avgnt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 03:42 15360 ----a-w- d:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2008-07-29 22:31 16805888 ----a-r- d:\windows\RTHDCPL.EXE
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"d:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"d:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"d:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"d:\\Program Files\\Skype\\Phone\\Skype.exe"=
"d:\\Program Files\\Sony Ericsson\\Update Engine\\Sony Ericsson Update Engine.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"17965:TCP"= 17965:TCP:BitComet 17965 TCP
"17965:UDP"= 17965:UDP:BitComet 17965 UDP
.
R1 avkmgr;avkmgr;d:\windows\system32\DRIVERS\avkmgr.sys [x]
R2 AntiVirSchedulerService;Avira Scheduler;d:\program files\Avira\AntiVir Desktop\sched.exe [x]
R3 s0016bus;Sony Ericsson Device 0016 driver (WDM);d:\windows\system32\DRIVERS\s0016bus.sys [x]
R3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;d:\windows\system32\DRIVERS\s0016mdfl.sys [x]
R3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;d:\windows\system32\DRIVERS\s0016mdm.sys [x]
R3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);d:\windows\system32\DRIVERS\s0016mgmt.sys [x]
R3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);d:\windows\system32\DRIVERS\s0016nd5.sys [x]
R3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;d:\windows\system32\DRIVERS\s0016obex.sys [x]
R3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);d:\windows\system32\DRIVERS\s0016unic.sys [x]
R3 s0017bus;Sony Ericsson Device 0017 driver (WDM);d:\windows\system32\DRIVERS\s0017bus.sys [x]
R3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter;d:\windows\system32\DRIVERS\s0017mdfl.sys [x]
R3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver;d:\windows\system32\DRIVERS\s0017mdm.sys [x]
R3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM);d:\windows\system32\DRIVERS\s0017mgmt.sys [x]
R3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS);d:\windows\system32\DRIVERS\s0017nd5.sys [x]
R3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface;d:\windows\system32\DRIVERS\s0017obex.sys [x]
R3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM);d:\windows\system32\DRIVERS\s0017unic.sys [x]
R3 TS_AR5416;[CommView] Atheros AR5008 Wireless Network Adapter Service 7.7;d:\windows\system32\DRIVERS\ts_athw.sys [x]
R4 Sony PC Companion;Sony PC Companion;d:\program files\Sony\Sony PC Companion\PCCService.exe [x]
S0 a347bus;a347bus;d:\windows\System32\DRIVERS\a347bus.sys [x]
S0 a347scsi;a347scsi;d:\windows\System32\Drivers\a347scsi.sys [x]
S3 O2MDRDR;O2MDRDR;d:\windows\system32\DRIVERS\o2media.sys [x]
S3 O2SDRDR;O2SDRDR;d:\windows\system32\DRIVERS\o2sd.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-04-11 16:18 1642448 ----a-w- d:\program files\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-05-18 d:\windows\Tasks\GoogleUpdateTaskMachineCore1cce36d8f784a2.job
- d:\program files\Google\Update\GoogleUpdate.exe [2010-07-05 09:08]
.
2013-05-18 d:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- d:\program files\Google\Update\GoogleUpdate.exe [2010-07-05 09:08]
.
2013-05-10 d:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1409082233-1123561945-839522115-1003Core.job
- d:\documents and settings\Janka\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-03 20:23]
.
2013-05-18 d:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1409082233-1123561945-839522115-1003UA.job
- d:\documents and settings\Janka\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-03 20:23]
.
.
------- Supplementary Scan -------
.
TCP: DhcpNameServer = 192.168.2.1 192.168.2.1
DPF: DirectAnimation Java Classes - file://d:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://d:\windows\Java\classes\xmldso.cab
FF - ProfilePath - d:\documents and settings\Janka\Application Data\Mozilla\Firefox\Profiles\f7dutfeh.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://www.google.sk/
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=2&q=
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{687578B9-7132-4A7A-80E4-30EE31099E03} - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-05-18 19:10
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(348)
d:\windows\system32\Ati2evxx.dll
.
Completion time: 2013-05-18 19:13:55
ComboFix-quarantined-files.txt 2013-05-18 17:13
.
Pre-Run: 999 452 672 bytes free
Post-Run: 1 313 886 208 voľných bajtov
.
- - End Of File - - D23F03D762E7CE430916A431955CEA03

Stahnete MBRScan http://eric71.geekstogo.com/tools/MbrScan.exe

Ulozte nejlepe na plochu
Pokud pouzivate Win Vista ci W7, kliknete na MBRScan pravym a dejte Run As Administrator ci Spustit jako spravce
Kliknete na Report
Po chvilce se objevi log do souboru MBRScan.txt, ten sem vlozte

Stahnete si TDSSKiller http://support.kaspersky.com/downloads/ ... killer.exe

Kliknete na volbu Change parametrs
V okne Additional Option zakliknete vsechny moznosti
Kliknete na OK
Utilite prikazte, at skenuje - klik na Start Scan
Po dokonceni skenu se objevi okno, zkontrolujte, zda-li je vsude moznost Skip
Pokud moznost Skip nebude primarne nastavena, prekliknete ji na Skip
Pokud mate vsude Skip, kliknete na Continue
Na disku, kde mate Windows (obvykle c:\) ve tvaru TDSSKiller.nejaka cisilka _log.txt bude log - jeho obsah sem vlozte

Kód: Vybrat vše

MBRScan v1.1.1

OS             : Windows XP Home Service Pack 3 (32 bit)
PROCESSOR      : x86 Family 17 Model 3 Stepping 1, AuthenticAMD
BOOT           : Normal Boot
DATE           : 2013/05/19 (ISO 8601) at 17:35:31
________________________________________________________________________________

DISK           : Device\Harddisk0\DR0 __WDC WD3200BEVT-22ZCT0 (11.01A11)
BUS_TYPE       : (0x03)  P-ATA
USE_PIO        : YES
MAX_TRANSFER   : 128 Kb
ALIGNMENT_MASK : word aligned
________________________________________________________________________________

Device\Harddisk0\DR0	298.1 Go  [Fixed] ==> XP MBR Code

MBR_MD5   : E994DB360E2EC7E944D6F2EFB9236EB9
MBR_SHA1  : 7388BCE3A9F845F772A78647706FEC6D27527150

Device\Harddisk0\Partition1	100.0 Mo  	0x07 NTFS / HPFS __ BOOTABLE __
Device\Harddisk0\Partition2	38.96 Go  	0x07 NTFS / HPFS
Device\Harddisk0\Partition3	259.0 Go  	0x07 NTFS / HPFS
________________________________________________________________________________

############################### Additional scan ################################

DRIVER  : D:\WINDOWS\System32\Drivers\dump_atapi.sys => Invisible on the disk
ADDRESS : 0xA8AB2000
SIZE    : 96.0 Ko

DRIVER  : D:\WINDOWS\System32\Drivers\dump_WMILIB.SYS => Invisible on the disk
ADDRESS : 0xBADF0000
SIZE    : 8.0 Ko

SystemStartOptions : FASTDETECT  NOEXECUTE=OPTIN

________________________________________________________________________________

_______MBR   \Device\Harddisk0\DR0  

0x00000000   33 C0 8E D0 BC 00 7C FB 50 07 50 1F FC BE 1B 7C   3À.Ð¼.|ûP.P.ü¾.|
0x00000010   BF 1B 06 50 57 B9 E5 01 F3 A4 CB BD BE 07 B1 04   ¿..PW¹å.ó¤Ë½¾.±.
0x00000020   38 6E 00 7C 09 75 13 83 C5 10 E2 F4 CD 18 8B F5   8n.|.u..Å.âôÍ..õ
0x00000030   83 C6 10 49 74 19 38 2C 74 F6 A0 B5 07 B4 07 8B   .Æ.It.8,tö.µ.´..
0x00000040   F0 AC 3C 00 74 FC BB 07 00 B4 0E CD 10 EB F2 88   ð¬<.tü»..´.Í.ëò.
0x00000050   4E 10 E8 46 00 73 2A FE 46 10 80 7E 04 0B 74 0B   N.èF.s*þF..~..t.
0x00000060   80 7E 04 0C 74 05 A0 B6 07 75 D2 80 46 02 06 83   .~..t..¶.uÒ.F...
0x00000070   46 08 06 83 56 0A 00 E8 21 00 73 05 A0 B6 07 EB   F...V..è!.s..¶.ë
0x00000080   BC 81 3E FE 7D 55 AA 74 0B 80 7E 10 00 74 C8 A0   ¼.>þ}Uªt..~..tÈ.
0x00000090   B7 07 EB A9 8B FC 1E 57 8B F5 CB BF 05 00 8A 56   ·.ë©.ü.W.õË¿...V
0x000000A0   00 B4 08 CD 13 72 23 8A C1 24 3F 98 8A DE 8A FC   .´.Í.r#.Á$?..Þ.ü
0x000000B0   43 F7 E3 8B D1 86 D6 B1 06 D2 EE 42 F7 E2 39 56   C÷ã.Ñ.Ö±.ÒîB÷â9V
0x000000C0   0A 77 23 72 05 39 46 08 73 1C B8 01 02 BB 00 7C   .w#r.9F.s.¸..».|
0x000000D0   8B 4E 02 8B 56 00 CD 13 73 51 4F 74 4E 32 E4 8A   .N..V.Í.sQOtN2ä.
0x000000E0   56 00 CD 13 EB E4 8A 56 00 60 BB AA 55 B4 41 CD   V.Í.ëä.V.`»ªU´AÍ
0x000000F0   13 72 36 81 FB 55 AA 75 30 F6 C1 01 74 2B 61 60   .r6.ûUªu0öÁ.t+a`
0x00000100   6A 00 6A 00 FF 76 0A FF 76 08 6A 00 68 00 7C 6A   j.j..v..v.j.h.|j
0x00000110   01 6A 10 B4 42 8B F4 CD 13 61 61 73 0E 4F 74 0B   .j.´B.ôÍ.aas.Ot.
0x00000120   32 E4 8A 56 00 CD 13 EB D6 61 F9 C3 49 6E 76 61   2ä.V.Í.ëÖaùÃInva
0x00000130   6C 69 64 20 70 61 72 74 69 74 69 6F 6E 20 74 61   lid partition ta
0x00000140   62 6C 65 00 45 72 72 6F 72 20 6C 6F 61 64 69 6E   ble.Error loadin
0x00000150   67 20 6F 70 65 72 61 74 69 6E 67 20 73 79 73 74   g operating syst
0x00000160   65 6D 00 4D 69 73 73 69 6E 67 20 6F 70 65 72 61   em.Missing opera
0x00000170   74 69 6E 67 20 73 79 73 74 65 6D 00 00 00 00 00   ting system.....
0x00000180   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x00000190   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x000001A0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x000001B0   00 00 00 00 00 2C 44 63 DA 7E 4B 2F 00 00 80 20   .....,DcÚ~K/... 
0x000001C0   21 00 07 DF 13 0C 00 08 00 00 00 20 03 00 00 DF   !..ß....... ...ß
0x000001D0   14 0C 07 68 FD FF 00 28 03 00 00 E0 DE 04 00 68   ...hý..(...àÞ..h
0x000001E0   FE FF 07 25 E4 FF 00 08 E2 04 00 D8 60 20 00 00   þ..%ä...â..Ø` ..
0x000001F0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 AA   ..............Uª

17:37:25.0468 1808 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
17:37:25.0921 1808 ============================================================
17:37:25.0921 1808 Current date / time: 2013/05/19 17:37:25.0921
17:37:25.0921 1808 SystemInfo:
17:37:25.0921 1808
17:37:25.0921 1808 OS Version: 5.1.2600 ServicePack: 3.0
17:37:25.0921 1808 Product type: Workstation
17:37:25.0921 1808 ComputerName: COMP
17:37:25.0921 1808 UserName: Janka
17:37:25.0921 1808 Windows directory: D:\WINDOWS
17:37:25.0921 1808 System windows directory: D:\WINDOWS
17:37:25.0921 1808 Processor architecture: Intel x86
17:37:25.0921 1808 Number of processors: 2
17:37:25.0921 1808 Page size: 0x1000
17:37:25.0921 1808 Boot type: Normal boot
17:37:25.0921 1808 ============================================================
17:37:27.0359 1808 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
17:37:27.0359 1808 ============================================================
17:37:27.0359 1808 \Device\Harddisk0\DR0:
17:37:27.0359 1808 MBR partitions:
17:37:27.0359 1808 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
17:37:27.0359 1808 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x4DEE000
17:37:27.0359 1808 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x4E20800, BlocksNum 0x2060D800
17:37:27.0359 1808 ============================================================
17:37:27.0390 1808 C: <-> \Device\Harddisk0\DR0\Partition1
17:37:27.0406 1808 D: <-> \Device\Harddisk0\DR0\Partition2
17:37:27.0453 1808 E: <-> \Device\Harddisk0\DR0\Partition3
17:37:27.0453 1808 ============================================================
17:37:27.0453 1808 Initialize success
17:37:27.0453 1808 ============================================================
17:38:25.0625 3160 ============================================================
17:38:25.0625 3160 Scan started
17:38:25.0625 3160 Mode: Manual; SigCheck; TDLFS;
17:38:25.0625 3160 ============================================================
17:38:26.0234 3160 ================ Scan system memory ========================
17:38:26.0234 3160 System memory - ok
17:38:26.0234 3160 ================ Scan services =============================
17:38:26.0343 3160 [ 1F61CACACB521215F39061789147968C ] a347bus D:\WINDOWS\system32\DRIVERS\a347bus.sys
17:38:26.0921 3160 a347bus ( UnsignedFile.Multi.Generic ) - warning
17:38:26.0921 3160 a347bus - detected UnsignedFile.Multi.Generic (1)
17:38:26.0937 3160 [ 113E4B318BBAA7483CA4E582A4D63F49 ] a347scsi D:\WINDOWS\system32\Drivers\a347scsi.sys
17:38:26.0953 3160 a347scsi ( UnsignedFile.Multi.Generic ) - warning
17:38:26.0953 3160 a347scsi - detected UnsignedFile.Multi.Generic (1)
17:38:26.0968 3160 Abiosdsk - ok
17:38:26.0968 3160 abp480n5 - ok
17:38:27.0015 3160 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI D:\WINDOWS\system32\DRIVERS\ACPI.sys
17:38:27.0703 3160 ACPI - ok
17:38:27.0750 3160 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC D:\WINDOWS\system32\DRIVERS\ACPIEC.sys
17:38:27.0921 3160 ACPIEC - ok
17:38:27.0921 3160 adpu160m - ok
17:38:28.0031 3160 [ 8BED39E3C35D6A489438B8141717A557 ] aec D:\WINDOWS\system32\drivers\aec.sys
17:38:28.0203 3160 aec - ok
17:38:28.0218 3160 [ 322D0E36693D6E24A2398BEE62A268CD ] AFD D:\WINDOWS\System32\drivers\afd.sys
17:38:28.0359 3160 AFD - ok
17:38:28.0359 3160 Aha154x - ok
17:38:28.0375 3160 aic78u2 - ok
17:38:28.0375 3160 aic78xx - ok
17:38:28.0421 3160 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter D:\WINDOWS\system32\alrsvc.dll
17:38:28.0562 3160 Alerter - ok
17:38:28.0578 3160 [ 8C515081584A38AA007909CD02020B3D ] ALG D:\WINDOWS\System32\alg.exe
17:38:28.0718 3160 ALG - ok
17:38:28.0718 3160 AliIde - ok
17:38:28.0734 3160 amsint - ok
17:38:28.0828 3160 [ C2170E010C9B6739A136211FC0427527 ] AntiVirSchedulerService D:\Program Files\Avira\AntiVir Desktop\sched.exe
17:38:28.0859 3160 AntiVirSchedulerService - ok
17:38:28.0890 3160 [ 47EB3F0EF84E0AF8AE75DB98EEF34255 ] AntiVirService D:\Program Files\Avira\AntiVir Desktop\avguard.exe
17:38:28.0921 3160 AntiVirService - ok
17:38:28.0953 3160 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt D:\WINDOWS\System32\appmgmts.dll
17:38:29.0125 3160 AppMgmt - ok
17:38:29.0187 3160 [ 6C21F270AFEC1E423C00E96D3BD234DC ] AR5416 D:\WINDOWS\system32\DRIVERS\athw.sys
17:38:29.0343 3160 AR5416 - ok
17:38:29.0343 3160 asc - ok
17:38:29.0359 3160 asc3350p - ok
17:38:29.0359 3160 asc3550 - ok
17:38:29.0421 3160 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac D:\WINDOWS\system32\DRIVERS\asyncmac.sys
17:38:29.0546 3160 AsyncMac - ok
17:38:29.0562 3160 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi D:\WINDOWS\system32\DRIVERS\atapi.sys
17:38:29.0562 3160 Suspicious file (NoAccess): D:\WINDOWS\system32\DRIVERS\atapi.sys. md5: 9F3A2F5AA6875C72BF062C712CFA2674
17:38:29.0578 3160 atapi ( LockedFile.Multi.Generic ) - warning
17:38:29.0578 3160 atapi - detected LockedFile.Multi.Generic (1)
17:38:29.0578 3160 Atdisk - ok
17:38:29.0609 3160 [ 6D4655325EC0E99300C999E615663ADD ] Ati HotKey Poller D:\WINDOWS\System32\Ati2evxx.exe
17:38:29.0687 3160 Ati HotKey Poller - ok
17:38:29.0765 3160 [ 383DCACE469AC2EC0603342D4672CADB ] ati2mtag D:\WINDOWS\system32\DRIVERS\ati2mtag.sys
17:38:29.0875 3160 ati2mtag - ok
17:38:29.0906 3160 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc D:\WINDOWS\system32\DRIVERS\atmarpc.sys
17:38:30.0093 3160 Atmarpc - ok
17:38:30.0125 3160 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv D:\WINDOWS\System32\audiosrv.dll
17:38:30.0281 3160 AudioSrv - ok
17:38:30.0312 3160 [ D9F724AA26C010A217C97606B160ED68 ] audstub D:\WINDOWS\system32\DRIVERS\audstub.sys
17:38:30.0468 3160 audstub - ok
17:38:30.0484 3160 [ 87425709A251386064C99B684BF96F72 ] avgntflt D:\WINDOWS\system32\DRIVERS\avgntflt.sys
17:38:30.0546 3160 avgntflt - ok
17:38:30.0578 3160 [ D50FBA68163BC498F2C136E0E5BA8E2F ] avipbb D:\WINDOWS\system32\DRIVERS\avipbb.sys
17:38:30.0593 3160 avipbb - ok
17:38:30.0625 3160 [ CB8741CD7B126499FED40C9B197F6AC5 ] avkmgr D:\WINDOWS\system32\DRIVERS\avkmgr.sys
17:38:30.0625 3160 avkmgr - ok
17:38:30.0687 3160 [ 559DDDA2C88459478056174247706DEB ] b57w2k D:\WINDOWS\system32\DRIVERS\b57xp32.sys
17:38:30.0734 3160 b57w2k - ok
17:38:30.0781 3160 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep D:\WINDOWS\system32\drivers\Beep.sys
17:38:30.0937 3160 Beep - ok
17:38:30.0984 3160 [ 574738F61FCA2935F5265DC4E5691314 ] BITS D:\WINDOWS\system32\qmgr.dll
17:38:31.0156 3160 BITS - ok
17:38:31.0187 3160 [ A06CE3399D16DB864F55FAEB1F1927A9 ] Browser D:\WINDOWS\System32\browser.dll
17:38:31.0328 3160 Browser - ok
17:38:31.0390 3160 catchme - ok
17:38:31.0421 3160 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k D:\WINDOWS\system32\drivers\cbidf2k.sys
17:38:31.0593 3160 cbidf2k - ok
17:38:31.0625 3160 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE D:\WINDOWS\system32\DRIVERS\CCDECODE.sys
17:38:31.0734 3160 CCDECODE - ok
17:38:31.0750 3160 cd20xrnt - ok
17:38:31.0765 3160 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio D:\WINDOWS\system32\drivers\Cdaudio.sys
17:38:31.0937 3160 Cdaudio - ok
17:38:31.0968 3160 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs D:\WINDOWS\system32\drivers\Cdfs.sys
17:38:32.0093 3160 Cdfs - ok
17:38:32.0125 3160 [ 351735695E9EAD93DE6AF85D8BEB1CA8 ] cdrbsdrv D:\WINDOWS\system32\drivers\cdrbsdrv.sys
17:38:32.0140 3160 cdrbsdrv ( UnsignedFile.Multi.Generic ) - warning
17:38:32.0140 3160 cdrbsdrv - detected UnsignedFile.Multi.Generic (1)
17:38:32.0156 3160 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom D:\WINDOWS\system32\DRIVERS\cdrom.sys
17:38:32.0265 3160 Cdrom - ok
17:38:32.0281 3160 Changer - ok
17:38:32.0296 3160 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc D:\WINDOWS\system32\cisvc.exe
17:38:32.0437 3160 CiSvc - ok
17:38:32.0437 3160 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv D:\WINDOWS\system32\clipsrv.exe
17:38:32.0578 3160 ClipSrv - ok
17:38:32.0593 3160 [ 0F6C187D38D98F8DF904589A5F94D411 ] CmBatt D:\WINDOWS\system32\DRIVERS\CmBatt.sys
17:38:32.0718 3160 CmBatt - ok
17:38:32.0734 3160 CmdIde - ok
17:38:32.0750 3160 [ 6E4C9F21F0FAE8940661144F41B13203 ] Compbatt D:\WINDOWS\system32\DRIVERS\compbatt.sys
17:38:32.0890 3160 Compbatt - ok
17:38:32.0890 3160 COMSysApp - ok
17:38:32.0906 3160 Cpqarray - ok
17:38:32.0921 3160 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc D:\WINDOWS\System32\cryptsvc.dll
17:38:33.0062 3160 CryptSvc - ok
17:38:33.0062 3160 dac2w2k - ok
17:38:33.0078 3160 dac960nt - ok
17:38:33.0125 3160 [ 2589FE6015A316C0F5D5112B4DA7B509 ] DcomLaunch D:\WINDOWS\system32\rpcss.dll
17:38:33.0265 3160 DcomLaunch - ok
17:38:33.0312 3160 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp D:\WINDOWS\System32\dhcpcsvc.dll
17:38:33.0437 3160 Dhcp - ok
17:38:33.0453 3160 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk D:\WINDOWS\system32\DRIVERS\disk.sys
17:38:33.0562 3160 Disk - ok
17:38:33.0562 3160 dmadmin - ok
17:38:33.0625 3160 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot D:\WINDOWS\system32\drivers\dmboot.sys
17:38:33.0812 3160 dmboot - ok
17:38:33.0843 3160 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio D:\WINDOWS\system32\drivers\dmio.sys
17:38:33.0968 3160 dmio - ok
17:38:33.0984 3160 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload D:\WINDOWS\system32\drivers\dmload.sys
17:38:34.0125 3160 dmload - ok
17:38:34.0156 3160 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver D:\WINDOWS\System32\dmserver.dll
17:38:34.0265 3160 dmserver - ok
17:38:34.0312 3160 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic D:\WINDOWS\system32\drivers\DMusic.sys
17:38:34.0437 3160 DMusic - ok
17:38:34.0453 3160 [ 474B4DC3983173E4B4C9740B0DAC98A6 ] Dnscache D:\WINDOWS\System32\dnsrslvr.dll
17:38:34.0578 3160 Dnscache - ok
17:38:34.0609 3160 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc D:\WINDOWS\System32\dot3svc.dll
17:38:34.0750 3160 Dot3svc - ok
17:38:34.0750 3160 dpti2o - ok
17:38:34.0781 3160 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud D:\WINDOWS\system32\drivers\drmkaud.sys
17:38:34.0906 3160 drmkaud - ok
17:38:34.0921 3160 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost D:\WINDOWS\System32\eapsvc.dll
17:38:35.0031 3160 EapHost - ok
17:38:35.0046 3160 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc D:\WINDOWS\System32\ersvc.dll
17:38:35.0171 3160 ERSvc - ok
17:38:35.0203 3160 [ 0E776ED5F7CC9F94299E70461B7B8185 ] Eventlog D:\WINDOWS\system32\services.exe
17:38:35.0328 3160 Eventlog - ok
17:38:35.0359 3160 [ 19A799805B24990867B00C120D300C3A ] EventSystem D:\WINDOWS\System32\es.dll
17:38:35.0515 3160 EventSystem - ok
17:38:35.0531 3160 [ 38D332A6D56AF32635675F132548343E ] Fastfat D:\WINDOWS\system32\drivers\Fastfat.sys
17:38:35.0656 3160 Fastfat - ok
17:38:35.0671 3160 [ 1926899BF9FFE2602B63074971700412 ] FastUserSwitchingCompatibility D:\WINDOWS\System32\shsvcs.dll
17:38:35.0812 3160 FastUserSwitchingCompatibility - ok
17:38:35.0843 3160 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc D:\WINDOWS\system32\drivers\Fdc.sys
17:38:35.0953 3160 Fdc - ok
17:38:35.0968 3160 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips D:\WINDOWS\system32\drivers\Fips.sys
17:38:36.0093 3160 Fips - ok
17:38:36.0125 3160 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk D:\WINDOWS\system32\drivers\Flpydisk.sys
17:38:36.0234 3160 Flpydisk - ok
17:38:36.0265 3160 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr D:\WINDOWS\system32\drivers\fltmgr.sys
17:38:36.0390 3160 FltMgr - ok
17:38:36.0421 3160 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec D:\WINDOWS\system32\drivers\Fs_Rec.sys
17:38:36.0578 3160 Fs_Rec - ok
17:38:36.0593 3160 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk D:\WINDOWS\system32\DRIVERS\ftdisk.sys
17:38:36.0750 3160 Ftdisk - ok
17:38:36.0765 3160 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc D:\WINDOWS\system32\DRIVERS\msgpc.sys
17:38:36.0890 3160 Gpc - ok
17:38:36.0921 3160 [ F02A533F517EB38333CB12A9E8963773 ] gupdate D:\Program Files\Google\Update\GoogleUpdate.exe
17:38:36.0937 3160 gupdate - ok
17:38:36.0953 3160 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem D:\Program Files\Google\Update\GoogleUpdate.exe
17:38:36.0953 3160 gupdatem - ok
17:38:36.0984 3160 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus D:\WINDOWS\system32\DRIVERS\HDAudBus.sys
17:38:37.0093 3160 HDAudBus - ok
17:38:37.0140 3160 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc D:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
17:38:37.0281 3160 helpsvc - ok
17:38:37.0296 3160 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ D:\WINDOWS\System32\hidserv.dll
17:38:37.0421 3160 HidServ - ok
17:38:37.0453 3160 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] hidusb D:\WINDOWS\system32\DRIVERS\hidusb.sys
17:38:37.0578 3160 hidusb - ok
17:38:37.0593 3160 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc D:\WINDOWS\System32\kmsvc.dll
17:38:37.0718 3160 hkmsvc - ok
17:38:37.0734 3160 hpn - ok
17:38:37.0765 3160 [ 6A5C4732D6803F84E2987EDD8E4359CE ] HSFHWAZL D:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
17:38:37.0796 3160 HSFHWAZL - ok
17:38:37.0828 3160 [ 21C31273C6CC4826E74BE8AE3B09D4A8 ] HSF_DPV D:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
17:38:37.0921 3160 HSF_DPV - ok
17:38:37.0953 3160 [ F6AACF5BCE2893E0C1754AFEB672E5C9 ] HTTP D:\WINDOWS\system32\Drivers\HTTP.sys
17:38:38.0062 3160 HTTP - ok
17:38:38.0093 3160 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter D:\WINDOWS\System32\w3ssl.dll
17:38:38.0218 3160 HTTPFilter - ok
17:38:38.0218 3160 i2omgmt - ok
17:38:38.0234 3160 i2omp - ok
17:38:38.0250 3160 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt D:\WINDOWS\system32\DRIVERS\i8042prt.sys
17:38:38.0359 3160 i8042prt - ok
17:38:38.0390 3160 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi D:\WINDOWS\system32\DRIVERS\imapi.sys
17:38:38.0500 3160 Imapi - ok
17:38:38.0546 3160 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService D:\WINDOWS\system32\imapi.exe
17:38:38.0671 3160 ImapiService - ok
17:38:38.0687 3160 ini910u - ok
17:38:38.0828 3160 [ 004C80B1BDC4DD5303C89482E03153C0 ] IntcAzAudAddService D:\WINDOWS\system32\drivers\RtkHDAud.sys
17:38:39.0062 3160 IntcAzAudAddService - ok
17:38:39.0062 3160 IntelIde - ok
17:38:39.0093 3160 [ 3BB22519A194418D5FEC05D800A19AD0 ] ip6fw D:\WINDOWS\system32\drivers\ip6fw.sys
17:38:39.0218 3160 ip6fw - ok
17:38:39.0234 3160 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver D:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
17:38:39.0406 3160 IpFilterDriver - ok
17:38:39.0437 3160 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp D:\WINDOWS\system32\DRIVERS\ipinip.sys
17:38:39.0562 3160 IpInIp - ok
17:38:39.0578 3160 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat D:\WINDOWS\system32\DRIVERS\ipnat.sys
17:38:39.0687 3160 IpNat - ok
17:38:39.0703 3160 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec D:\WINDOWS\system32\DRIVERS\ipsec.sys
17:38:39.0812 3160 IPSec - ok
17:38:39.0828 3160 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM D:\WINDOWS\system32\DRIVERS\irenum.sys
17:38:39.0953 3160 IRENUM - ok
17:38:39.0968 3160 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp D:\WINDOWS\system32\DRIVERS\isapnp.sys
17:38:40.0093 3160 isapnp - ok
17:38:40.0171 3160 [ 999DB5F88C8E145CCA9D471E33227143 ] JavaQuickStarterService D:\Program Files\Java\jre7\bin\jqs.exe
17:38:40.0203 3160 JavaQuickStarterService - ok
17:38:40.0218 3160 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass D:\WINDOWS\system32\DRIVERS\kbdclass.sys
17:38:40.0312 3160 Kbdclass - ok
17:38:40.0328 3160 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid D:\WINDOWS\system32\DRIVERS\kbdhid.sys
17:38:40.0437 3160 kbdhid - ok
17:38:40.0484 3160 [ 692BCF44383D056AED41B045A323D378 ] kmixer D:\WINDOWS\system32\drivers\kmixer.sys
17:38:40.0625 3160 kmixer - ok
17:38:40.0640 3160 [ 1705745D900DABF2D89F90EBADDC7517 ] KSecDD D:\WINDOWS\system32\drivers\KSecDD.sys
17:38:40.0750 3160 KSecDD - ok
17:38:40.0796 3160 [ F385F4B02C535BFFE1D70CAB80838123 ] lanmanserver D:\WINDOWS\System32\srvsvc.dll
17:38:40.0921 3160 lanmanserver - ok
17:38:40.0937 3160 [ 1B67B632786FEF1C1BBAEF46C2F3F2E6 ] lanmanworkstation D:\WINDOWS\System32\wkssvc.dll
17:38:41.0078 3160 lanmanworkstation - ok
17:38:41.0078 3160 lbrtfdc - ok
17:38:41.0171 3160 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts D:\WINDOWS\System32\lmhsvc.dll
17:38:41.0312 3160 LmHosts - ok
17:38:41.0328 3160 [ 0CEA2D0D3FA284B85ED5B68365114F76 ] mdmxsdk D:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
17:38:41.0343 3160 mdmxsdk - ok
17:38:41.0359 3160 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger D:\WINDOWS\System32\msgsvc.dll
17:38:41.0500 3160 Messenger - ok
17:38:41.0562 3160 [ FAFE367D032ED82E9332B4C741A20216 ] Microsoft Office Groove Audit Service D:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
17:38:41.0593 3160 Microsoft Office Groove Audit Service - ok
17:38:41.0609 3160 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd D:\WINDOWS\system32\drivers\mnmdd.sys
17:38:41.0781 3160 mnmdd - ok
17:38:41.0812 3160 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc D:\WINDOWS\System32\mnmsrvc.exe
17:38:41.0921 3160 mnmsrvc - ok
17:38:41.0937 3160 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem D:\WINDOWS\system32\drivers\Modem.sys
17:38:42.0062 3160 Modem - ok
17:38:42.0078 3160 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass D:\WINDOWS\system32\DRIVERS\mouclass.sys
17:38:42.0187 3160 Mouclass - ok
17:38:42.0203 3160 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid D:\WINDOWS\system32\DRIVERS\mouhid.sys
17:38:42.0375 3160 mouhid - ok
17:38:42.0390 3160 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr D:\WINDOWS\system32\drivers\MountMgr.sys
17:38:42.0500 3160 MountMgr - ok
17:38:42.0562 3160 [ 7EDBBB9351A38C6BB0FE98CFD44DB430 ] MozillaMaintenance D:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
17:38:42.0593 3160 MozillaMaintenance - ok
17:38:42.0593 3160 mraid35x - ok
17:38:42.0609 3160 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV D:\WINDOWS\system32\DRIVERS\mrxdav.sys
17:38:42.0750 3160 MRxDAV - ok
17:38:42.0781 3160 [ 68755F0FF16070178B54674FE5B847B0 ] MRxSmb D:\WINDOWS\system32\DRIVERS\mrxsmb.sys
17:38:42.0921 3160 MRxSmb - ok
17:38:42.0953 3160 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC D:\WINDOWS\System32\msdtc.exe
17:38:43.0062 3160 MSDTC - ok
17:38:43.0078 3160 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs D:\WINDOWS\system32\drivers\Msfs.sys
17:38:43.0203 3160 Msfs - ok
17:38:43.0203 3160 MSIServer - ok
17:38:43.0218 3160 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV D:\WINDOWS\system32\drivers\MSKSSRV.sys
17:38:43.0328 3160 MSKSSRV - ok
17:38:43.0343 3160 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK D:\WINDOWS\system32\drivers\MSPCLOCK.sys
17:38:43.0468 3160 MSPCLOCK - ok
17:38:43.0468 3160 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM D:\WINDOWS\system32\drivers\MSPQM.sys
17:38:43.0578 3160 MSPQM - ok
17:38:43.0593 3160 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios D:\WINDOWS\system32\DRIVERS\mssmbios.sys
17:38:43.0703 3160 mssmbios - ok
17:38:43.0750 3160 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE D:\WINDOWS\system32\drivers\MSTEE.sys
17:38:43.0859 3160 MSTEE - ok
17:38:43.0875 3160 [ 2F625D11385B1A94360BFC70AAEFDEE1 ] Mup D:\WINDOWS\system32\drivers\Mup.sys
17:38:44.0000 3160 Mup - ok
17:38:44.0015 3160 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC D:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
17:38:44.0140 3160 NABTSFEC - ok
17:38:44.0171 3160 [ 0102140028FAD045756796E1C685D695 ] napagent D:\WINDOWS\System32\qagentrt.dll
17:38:44.0328 3160 napagent - ok
17:38:44.0328 3160 [ 1DF7F42665C94B825322FAE71721130D ] NDIS D:\WINDOWS\system32\drivers\NDIS.sys
17:38:44.0453 3160 NDIS - ok
17:38:44.0468 3160 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP D:\WINDOWS\system32\DRIVERS\NdisIP.sys
17:38:44.0593 3160 NdisIP - ok
17:38:44.0609 3160 [ 1AB3D00C991AB086E69DB84B6C0ED78F ] NdisTapi D:\WINDOWS\system32\DRIVERS\ndistapi.sys
17:38:44.0718 3160 NdisTapi - ok
17:38:44.0734 3160 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio D:\WINDOWS\system32\DRIVERS\ndisuio.sys
17:38:44.0859 3160 Ndisuio - ok
17:38:44.0890 3160 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan D:\WINDOWS\system32\DRIVERS\ndiswan.sys
17:38:45.0000 3160 NdisWan - ok
17:38:45.0000 3160 [ 6215023940CFD3702B46ABC304E1D45A ] NDProxy D:\WINDOWS\system32\drivers\NDProxy.sys
17:38:45.0109 3160 NDProxy - ok
17:38:45.0125 3160 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS D:\WINDOWS\system32\DRIVERS\netbios.sys
17:38:45.0234 3160 NetBIOS - ok
17:38:45.0250 3160 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT D:\WINDOWS\system32\DRIVERS\netbt.sys
17:38:45.0359 3160 NetBT - ok
17:38:45.0406 3160 [ B857BA82860D7FF85AE29B095645563B ] NetDDE D:\WINDOWS\system32\netdde.exe
17:38:45.0546 3160 NetDDE - ok
17:38:45.0562 3160 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm D:\WINDOWS\system32\netdde.exe
17:38:45.0671 3160 NetDDEdsdm - ok
17:38:45.0687 3160 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon D:\WINDOWS\system32\lsass.exe
17:38:45.0812 3160 Netlogon - ok
17:38:45.0828 3160 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman D:\WINDOWS\System32\netman.dll
17:38:45.0968 3160 Netman - ok
17:38:46.0000 3160 [ B4138E99236F0F57D4CF49BAE98A0746 ] Nla D:\WINDOWS\System32\mswsock.dll
17:38:46.0125 3160 Nla - ok
17:38:46.0156 3160 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs D:\WINDOWS\system32\drivers\Npfs.sys
17:38:46.0281 3160 Npfs - ok
17:38:46.0312 3160 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs D:\WINDOWS\system32\drivers\Ntfs.sys
17:38:46.0468 3160 Ntfs - ok
17:38:46.0484 3160 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp D:\WINDOWS\System32\lsass.exe
17:38:46.0578 3160 NtLmSsp - ok
17:38:46.0671 3160 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc D:\WINDOWS\system32\ntmssvc.dll
17:38:46.0843 3160 NtmsSvc - ok
17:38:46.0859 3160 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null D:\WINDOWS\system32\drivers\Null.sys
17:38:47.0015 3160 Null - ok
17:38:47.0046 3160 [ 2C2FD0E6B0180F94C260DD26706AA5F4 ] NWCWorkstation D:\WINDOWS\System32\nwwks.dll
17:38:47.0171 3160 NWCWorkstation - ok
17:38:47.0203 3160 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt D:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
17:38:47.0359 3160 NwlnkFlt - ok
17:38:47.0390 3160 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd D:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
17:38:47.0546 3160 NwlnkFwd - ok
17:38:47.0562 3160 [ 8B8B1BE2DBA4025DA6786C645F77F123 ] NwlnkIpx D:\WINDOWS\system32\DRIVERS\nwlnkipx.sys
17:38:47.0671 3160 NwlnkIpx - ok
17:38:47.0687 3160 [ 56D34A67C05E94E16377C60609741FF8 ] NwlnkNb D:\WINDOWS\system32\DRIVERS\nwlnknb.sys
17:38:47.0843 3160 NwlnkNb - ok
17:38:47.0859 3160 [ C0BB7D1615E1ACBDC99757F6CEAF8CF0 ] NwlnkSpx D:\WINDOWS\system32\DRIVERS\nwlnkspx.sys
17:38:48.0015 3160 NwlnkSpx - ok
17:38:48.0031 3160 [ 36B9B950E3D2E100970A48D8BAD86740 ] NWRDR D:\WINDOWS\system32\DRIVERS\nwrdr.sys
17:38:48.0171 3160 NWRDR - ok
17:38:48.0218 3160 [ F1072A203FB1E246BE62D736A5B88DFD ] O2MDRDR D:\WINDOWS\system32\DRIVERS\o2media.sys
17:38:48.0218 3160 O2MDRDR - ok
17:38:48.0234 3160 [ 5472C48F44B49F07B16B421899E550F8 ] O2SDRDR D:\WINDOWS\system32\DRIVERS\o2sd.sys
17:38:48.0250 3160 O2SDRDR - ok
17:38:48.0328 3160 [ 84DE1DD996B48B05ACE31AD015FA108A ] odserv D:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
17:38:48.0390 3160 odserv - ok
17:38:48.0437 3160 [ 5A432A042DAE460ABE7199B758E8606C ] ose D:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
17:38:48.0484 3160 ose - ok
17:38:48.0515 3160 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport D:\WINDOWS\system32\drivers\Parport.sys
17:38:48.0640 3160 Parport - ok
17:38:48.0656 3160 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr D:\WINDOWS\system32\drivers\PartMgr.sys
17:38:48.0781 3160 PartMgr - ok
17:38:48.0812 3160 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm D:\WINDOWS\system32\drivers\ParVdm.sys
17:38:48.0953 3160 ParVdm - ok
17:38:48.0968 3160 [ A219903CCF74233761D92BEF471A07B1 ] PCI D:\WINDOWS\system32\DRIVERS\pci.sys
17:38:49.0078 3160 PCI - ok
17:38:49.0093 3160 PCIDump - ok
17:38:49.0125 3160 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde D:\WINDOWS\system32\DRIVERS\pciide.sys
17:38:49.0281 3160 PCIIde - ok
17:38:49.0296 3160 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia D:\WINDOWS\system32\DRIVERS\pcmcia.sys
17:38:49.0406 3160 Pcmcia - ok
17:38:49.0421 3160 PDCOMP - ok
17:38:49.0421 3160 PDFRAME - ok
17:38:49.0437 3160 PDRELI - ok
17:38:49.0437 3160 PDRFRAME - ok
17:38:49.0453 3160 perc2 - ok
17:38:49.0453 3160 perc2hib - ok
17:38:49.0484 3160 [ 0E776ED5F7CC9F94299E70461B7B8185 ] PlugPlay D:\WINDOWS\system32\services.exe
17:38:49.0593 3160 PlugPlay - ok
17:38:49.0609 3160 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent D:\WINDOWS\system32\lsass.exe
17:38:49.0718 3160 PolicyAgent - ok
17:38:49.0734 3160 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport D:\WINDOWS\system32\DRIVERS\raspptp.sys
17:38:49.0859 3160 PptpMiniport - ok
17:38:49.0859 3160 [ A32BEBAF723557681BFC6BD93E98BD26 ] Processor D:\WINDOWS\system32\DRIVERS\processr.sys
17:38:49.0984 3160 Processor - ok
17:38:49.0984 3160 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage D:\WINDOWS\system32\lsass.exe
17:38:50.0093 3160 ProtectedStorage - ok
17:38:50.0093 3160 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched D:\WINDOWS\system32\DRIVERS\psched.sys
17:38:50.0203 3160 PSched - ok
17:38:50.0218 3160 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink D:\WINDOWS\system32\DRIVERS\ptilink.sys
17:38:50.0390 3160 Ptilink - ok
17:38:50.0437 3160 [ B572ED0C3E6165643FA116AF20425A54 ] PxHelp20 D:\WINDOWS\system32\DRIVERS\PxHelp20.sys
17:38:50.0453 3160 PxHelp20 ( UnsignedFile.Multi.Generic ) - warning
17:38:50.0453 3160 PxHelp20 - detected UnsignedFile.Multi.Generic (1)
17:38:50.0453 3160 ql1080 - ok
17:38:50.0468 3160 Ql10wnt - ok
17:38:50.0468 3160 ql12160 - ok
17:38:50.0484 3160 ql1240 - ok
17:38:50.0500 3160 ql1280 - ok
17:38:50.0515 3160 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd D:\WINDOWS\system32\DRIVERS\rasacd.sys
17:38:50.0656 3160 RasAcd - ok
17:38:50.0687 3160 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto D:\WINDOWS\System32\rasauto.dll
17:38:50.0812 3160 RasAuto - ok
17:38:50.0828 3160 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp D:\WINDOWS\system32\DRIVERS\rasl2tp.sys
17:38:50.0937 3160 Rasl2tp - ok
17:38:50.0968 3160 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan D:\WINDOWS\System32\rasmans.dll
17:38:51.0093 3160 RasMan - ok
17:38:51.0125 3160 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe D:\WINDOWS\system32\DRIVERS\raspppoe.sys
17:38:51.0234 3160 RasPppoe - ok
17:38:51.0250 3160 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti D:\WINDOWS\system32\DRIVERS\raspti.sys
17:38:51.0406 3160 Raspti - ok
17:38:51.0421 3160 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss D:\WINDOWS\system32\DRIVERS\rdbss.sys
17:38:51.0531 3160 Rdbss - ok
17:38:51.0562 3160 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD D:\WINDOWS\system32\DRIVERS\RDPCDD.sys
17:38:51.0703 3160 RDPCDD - ok
17:38:51.0718 3160 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr D:\WINDOWS\system32\DRIVERS\rdpdr.sys
17:38:51.0843 3160 rdpdr - ok
17:38:51.0890 3160 [ 6728E45B66F93C08F11DE2E316FC70DD ] RDPWD D:\WINDOWS\system32\drivers\RDPWD.sys
17:38:52.0031 3160 RDPWD - ok
17:38:52.0031 3160 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr D:\WINDOWS\system32\sessmgr.exe
17:38:52.0171 3160 RDSessMgr - ok
17:38:52.0203 3160 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook D:\WINDOWS\system32\DRIVERS\redbook.sys
17:38:52.0312 3160 redbook - ok
17:38:52.0343 3160 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess D:\WINDOWS\System32\mprdim.dll
17:38:52.0468 3160 RemoteAccess - ok
17:38:52.0500 3160 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry D:\WINDOWS\system32\regsvc.dll
17:38:52.0609 3160 RemoteRegistry - ok
17:38:52.0625 3160 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator D:\WINDOWS\System32\locator.exe
17:38:52.0750 3160 RpcLocator - ok
17:38:52.0781 3160 [ 2589FE6015A316C0F5D5112B4DA7B509 ] RpcSs D:\WINDOWS\System32\rpcss.dll
17:38:52.0921 3160 RpcSs - ok
17:38:52.0953 3160 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP D:\WINDOWS\System32\rsvp.exe
17:38:53.0125 3160 RSVP - ok
17:38:53.0250 3160 [ 3AEC576178BC1554FD95EF6D4729B105 ] RTHDMIAzAudService D:\WINDOWS\system32\drivers\RtHDMI.sys
17:38:53.0453 3160 RTHDMIAzAudService - ok
17:38:53.0484 3160 [ 59509AD6CBC28F2C73056268985B3E48 ] s0016bus D:\WINDOWS\system32\DRIVERS\s0016bus.sys
17:38:53.0515 3160 s0016bus - ok
17:38:53.0546 3160 [ B98C3A6F91F4FBA285AF9606A240C6B4 ] s0016mdfl D:\WINDOWS\system32\DRIVERS\s0016mdfl.sys
17:38:53.0562 3160 s0016mdfl - ok
17:38:53.0578 3160 [ 8A83426F4FB7B5212825D9DE76368B1A ] s0016mdm D:\WINDOWS\system32\DRIVERS\s0016mdm.sys
17:38:53.0593 3160 s0016mdm - ok
17:38:53.0625 3160 [ 7A78BBA97FEB5E6D24C49E93A3BF7287 ] s0016mgmt D:\WINDOWS\system32\DRIVERS\s0016mgmt.sys
17:38:53.0656 3160 s0016mgmt - ok
17:38:53.0687 3160 [ 34EF7B5F611957B73E7219DD5A222AD1 ] s0016nd5 D:\WINDOWS\system32\DRIVERS\s0016nd5.sys
17:38:53.0703 3160 s0016nd5 - ok
17:38:53.0718 3160 [ 36792935847143E4A3CDA0DC87248487 ] s0016obex D:\WINDOWS\system32\DRIVERS\s0016obex.sys
17:38:53.0734 3160 s0016obex - ok
17:38:53.0765 3160 [ 927208754FB27FC3E7A659E77500C5D1 ] s0016unic D:\WINDOWS\system32\DRIVERS\s0016unic.sys
17:38:53.0781 3160 s0016unic - ok
17:38:53.0796 3160 [ 594FF5620661D1386475406E78CB6F2F ] s0017bus D:\WINDOWS\system32\DRIVERS\s0017bus.sys
17:38:53.0828 3160 s0017bus - ok
17:38:53.0859 3160 [ 7258F550419D543BC5C8E80C578A5D54 ] s0017mdfl D:\WINDOWS\system32\DRIVERS\s0017mdfl.sys
17:38:53.0875 3160 s0017mdfl - ok
17:38:53.0890 3160 [ 1DE4F6607FEB17A15DBD4F1B139E6D2F ] s0017mdm D:\WINDOWS\system32\DRIVERS\s0017mdm.sys
17:38:53.0921 3160 s0017mdm - ok
17:38:53.0953 3160 [ 9814E6BACC06D2526CD52981C7EEEDF0 ] s0017mgmt D:\WINDOWS\system32\DRIVERS\s0017mgmt.sys
17:38:53.0968 3160 s0017mgmt - ok
17:38:54.0015 3160 [ 2C62CD58225973F26682CD4F783DDEDE ] s0017nd5 D:\WINDOWS\system32\DRIVERS\s0017nd5.sys
17:38:54.0031 3160 s0017nd5 - ok
17:38:54.0046 3160 [ F87C3422E84B2FB1B43E0A26247AD5A5 ] s0017obex D:\WINDOWS\system32\DRIVERS\s0017obex.sys
17:38:54.0062 3160 s0017obex - ok
17:38:54.0093 3160 [ DF5E7360A0AFA5956BF75DA683D0679F ] s0017unic D:\WINDOWS\system32\DRIVERS\s0017unic.sys
17:38:54.0109 3160 s0017unic - ok
17:38:54.0125 3160 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs D:\WINDOWS\system32\lsass.exe
17:38:54.0234 3160 SamSs - ok
17:38:54.0265 3160 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr D:\WINDOWS\System32\SCardSvr.exe
17:38:54.0390 3160 SCardSvr - ok
17:38:54.0453 3160 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule D:\WINDOWS\system32\schedsvc.dll
17:38:54.0578 3160 Schedule - ok
17:38:54.0625 3160 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv D:\WINDOWS\system32\DRIVERS\secdrv.sys
17:38:54.0750 3160 Secdrv - ok
17:38:54.0765 3160 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon D:\WINDOWS\System32\seclogon.dll
17:38:54.0890 3160 seclogon - ok
17:38:54.0906 3160 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS D:\WINDOWS\system32\sens.dll
17:38:55.0015 3160 SENS - ok
17:38:55.0031 3160 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial D:\WINDOWS\system32\drivers\Serial.sys
17:38:55.0156 3160 Serial - ok
17:38:55.0187 3160 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy D:\WINDOWS\system32\drivers\Sfloppy.sys
17:38:55.0312 3160 Sfloppy - ok
17:38:55.0359 3160 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess D:\WINDOWS\System32\ipnathlp.dll
17:38:55.0500 3160 SharedAccess - ok
17:38:55.0515 3160 [ 1926899BF9FFE2602B63074971700412 ] ShellHWDetection D:\WINDOWS\System32\shsvcs.dll
17:38:55.0625 3160 ShellHWDetection - ok
17:38:55.0625 3160 Simbad - ok
17:38:55.0656 3160 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP D:\WINDOWS\system32\DRIVERS\SLIP.sys
17:38:55.0765 3160 SLIP - ok
17:38:55.0812 3160 [ 3A4F2C0BB87A0895ABEBA341AA1E341B ] Sony PC Companion D:\Program Files\Sony\Sony PC Companion\PCCService.exe
17:38:55.0843 3160 Sony PC Companion - ok
17:38:55.0843 3160 Sparrow - ok
17:38:55.0890 3160 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter D:\WINDOWS\system32\drivers\splitter.sys
17:38:56.0015 3160 splitter - ok
17:38:56.0046 3160 [ D8E14A61ACC1D4A6CD0D38AEBAC7FA3B ] Spooler D:\WINDOWS\system32\spoolsv.exe
17:38:56.0171 3160 Spooler - ok
17:38:56.0187 3160 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr D:\WINDOWS\System32\DRIVERS\sr.sys
17:38:56.0312 3160 sr - ok
17:38:56.0343 3160 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice D:\WINDOWS\system32\srsvc.dll
17:38:56.0484 3160 srservice - ok
17:38:56.0531 3160 [ 5252605079810904E31C332E241CD59B ] Srv D:\WINDOWS\system32\DRIVERS\srv.sys
17:38:56.0640 3160 Srv - ok
17:38:56.0656 3160 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV D:\WINDOWS\System32\ssdpsrv.dll
17:38:56.0781 3160 SSDPSRV - ok
17:38:56.0812 3160 [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv D:\WINDOWS\system32\DRIVERS\ssmdrv.sys
17:38:56.0828 3160 ssmdrv - ok
17:38:56.0843 3160 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc D:\WINDOWS\system32\wiaservc.dll
17:38:56.0984 3160 stisvc - ok
17:38:57.0000 3160 [ 77813007BA6265C4B6098187E6ED79D2 ] streamip D:\WINDOWS\system32\DRIVERS\StreamIP.sys
17:38:57.0125 3160 streamip - ok
17:38:57.0140 3160 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum D:\WINDOWS\system32\DRIVERS\swenum.sys
17:38:57.0265 3160 swenum - ok
17:38:57.0281 3160 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi D:\WINDOWS\system32\drivers\swmidi.sys
17:38:57.0406 3160 swmidi - ok
17:38:57.0406 3160 SwPrv - ok
17:38:57.0421 3160 symc810 - ok
17:38:57.0421 3160 symc8xx - ok
17:38:57.0437 3160 sym_hi - ok
17:38:57.0437 3160 sym_u3 - ok
17:38:57.0468 3160 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio D:\WINDOWS\system32\drivers\sysaudio.sys
17:38:57.0578 3160 sysaudio - ok
17:38:57.0625 3160 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog D:\WINDOWS\system32\smlogsvc.exe
17:38:57.0750 3160 SysmonLog - ok
17:38:57.0781 3160 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv D:\WINDOWS\System32\tapisrv.dll
17:38:57.0906 3160 TapiSrv - ok
17:38:57.0953 3160 [ 93EA8D04EC73A85DB02EB8805988F733 ] Tcpip D:\WINDOWS\system32\DRIVERS\tcpip.sys
17:38:58.0078 3160 Tcpip - ok
17:38:58.0109 3160 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE D:\WINDOWS\system32\drivers\TDPIPE.sys
17:38:58.0218 3160 TDPIPE - ok
17:38:58.0234 3160 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP D:\WINDOWS\system32\drivers\TDTCP.sys
17:38:58.0343 3160 TDTCP - ok
17:38:58.0375 3160 [ 88155247177638048422893737429D9E ] TermDD D:\WINDOWS\system32\DRIVERS\termdd.sys
17:38:58.0500 3160 TermDD - ok
17:38:58.0515 3160 [ FF3477C03BE7201C294C35F684B3479F ] TermService D:\WINDOWS\System32\termsrv.dll
17:38:58.0656 3160 TermService - ok
17:38:58.0671 3160 [ 1926899BF9FFE2602B63074971700412 ] Themes D:\WINDOWS\System32\shsvcs.dll
17:38:58.0781 3160 Themes - ok
17:38:58.0812 3160 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr D:\WINDOWS\System32\tlntsvr.exe
17:38:58.0937 3160 TlntSvr - ok
17:38:58.0937 3160 TosIde - ok
17:38:58.0968 3160 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks D:\WINDOWS\system32\trkwks.dll
17:38:59.0093 3160 TrkWks - ok
17:38:59.0171 3160 [ 3BAD51CD26FBE57AD7A4E2A6CC4E282A ] TS_AR5416 D:\WINDOWS\system32\DRIVERS\ts_athw.sys
17:38:59.0250 3160 TS_AR5416 - ok
17:38:59.0265 3160 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs D:\WINDOWS\system32\drivers\Udfs.sys
17:38:59.0390 3160 Udfs - ok
17:38:59.0406 3160 ultra - ok
17:38:59.0421 3160 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update D:\WINDOWS\system32\DRIVERS\update.sys
17:38:59.0546 3160 Update - ok
17:38:59.0562 3160 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost D:\WINDOWS\System32\upnphost.dll
17:38:59.0703 3160 upnphost - ok
17:38:59.0718 3160 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS D:\WINDOWS\System32\ups.exe
17:38:59.0843 3160 UPS - ok
17:38:59.0859 3160 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp D:\WINDOWS\system32\DRIVERS\usbccgp.sys
17:38:59.0968 3160 usbccgp - ok
17:38:59.0984 3160 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci D:\WINDOWS\system32\DRIVERS\usbehci.sys
17:39:00.0109 3160 usbehci - ok
17:39:00.0125 3160 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub D:\WINDOWS\system32\DRIVERS\usbhub.sys
17:39:00.0250 3160 usbhub - ok
17:39:00.0265 3160 [ 0DAECCE65366EA32B162F85F07C6753B ] usbohci D:\WINDOWS\system32\DRIVERS\usbohci.sys
17:39:00.0390 3160 usbohci - ok
17:39:00.0437 3160 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan D:\WINDOWS\system32\DRIVERS\usbscan.sys
17:39:00.0562 3160 usbscan - ok
17:39:00.0578 3160 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR D:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
17:39:00.0687 3160 USBSTOR - ok
17:39:00.0703 3160 [ 63BBFCA7F390F4C49ED4B96BFB1633E0 ] usbvideo D:\WINDOWS\system32\Drivers\usbvideo.sys
17:39:00.0828 3160 usbvideo - ok
17:39:00.0859 3160 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave D:\WINDOWS\System32\drivers\vga.sys
17:39:00.0984 3160 VgaSave - ok
17:39:00.0984 3160 ViaIde - ok
17:39:01.0015 3160 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap D:\WINDOWS\system32\drivers\VolSnap.sys
17:39:01.0140 3160 VolSnap - ok
17:39:01.0171 3160 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS D:\WINDOWS\System32\vssvc.exe
17:39:01.0312 3160 VSS - ok
17:39:01.0328 3160 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time D:\WINDOWS\system32\w32time.dll
17:39:01.0468 3160 W32Time - ok
17:39:01.0515 3160 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp D:\WINDOWS\system32\DRIVERS\wanarp.sys
17:39:01.0609 3160 Wanarp - ok
17:39:01.0625 3160 WDICA - ok
17:39:01.0640 3160 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud D:\WINDOWS\system32\drivers\wdmaud.sys
17:39:01.0750 3160 wdmaud - ok
17:39:01.0781 3160 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient D:\WINDOWS\System32\webclnt.dll
17:39:01.0921 3160 WebClient - ok
17:39:01.0968 3160 [ 307D248F97835B6879BDD361086924FE ] winachsf D:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
17:39:02.0031 3160 winachsf - ok
17:39:02.0109 3160 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt D:\WINDOWS\system32\wbem\WMIsvc.dll
17:39:02.0250 3160 winmgmt - ok
17:39:02.0343 3160 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN D:\WINDOWS\system32\MsPMSNSv.dll
17:39:02.0406 3160 WmdmPmSN - ok
17:39:02.0453 3160 [ BAB489A5FE26F2D0C910CF7AF7E4CF92 ] Wmi D:\WINDOWS\System32\advapi32.dll
17:39:02.0578 3160 Wmi - ok
17:39:02.0609 3160 [ C42584FD66CE9E17403AEBCA199F7BDB ] WmiAcpi D:\WINDOWS\system32\DRIVERS\wmiacpi.sys
17:39:02.0703 3160 WmiAcpi - ok
17:39:02.0734 3160 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv D:\WINDOWS\System32\wbem\wmiapsrv.exe
17:39:02.0875 3160 WmiApSrv - ok
17:39:02.0875 3160 [ CF4DEF1BF66F06964DC0D91844239104 ] WpdUsb D:\WINDOWS\system32\DRIVERS\wpdusb.sys
17:39:02.0906 3160 WpdUsb - ok
17:39:02.0937 3160 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL D:\WINDOWS\System32\drivers\ws2ifsl.sys
17:39:03.0062 3160 WS2IFSL - ok
17:39:03.0093 3160 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc D:\WINDOWS\system32\wscsvc.dll
17:39:03.0234 3160 wscsvc - ok
17:39:03.0250 3160 [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC D:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
17:39:03.0359 3160 WSTCODEC - ok
17:39:03.0390 3160 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv D:\WINDOWS\system32\wuauserv.dll
17:39:03.0500 3160 wuauserv - ok
17:39:03.0531 3160 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf D:\WINDOWS\system32\DRIVERS\WudfPf.sys
17:39:03.0578 3160 WudfPf - ok
17:39:03.0578 3160 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd D:\WINDOWS\system32\DRIVERS\wudfrd.sys
17:39:03.0609 3160 WudfRd - ok
17:39:03.0625 3160 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc D:\WINDOWS\System32\WUDFSvc.dll
17:39:03.0671 3160 WudfSvc - ok
17:39:03.0703 3160 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC D:\WINDOWS\System32\wzcsvc.dll
17:39:03.0875 3160 WZCSVC - ok
17:39:03.0906 3160 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov D:\WINDOWS\System32\xmlprov.dll
17:39:04.0046 3160 xmlprov - ok
17:39:04.0062 3160 ================ Scan global ===============================
17:39:04.0109 3160 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] D:\WINDOWS\system32\basesrv.dll
17:39:04.0125 3160 [ 1618F36D4F7F6CCCEB3EE44BA95BE85C ] D:\WINDOWS\system32\winsrv.dll
17:39:04.0171 3160 [ 1618F36D4F7F6CCCEB3EE44BA95BE85C ] D:\WINDOWS\system32\winsrv.dll
17:39:04.0187 3160 [ 0E776ED5F7CC9F94299E70461B7B8185 ] D:\WINDOWS\system32\services.exe
17:39:04.0187 3160 [Global] - ok
17:39:04.0187 3160 ================ Scan MBR ==================================
17:39:04.0203 3160 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
17:39:04.0500 3160 \Device\Harddisk0\DR0 - ok
17:39:04.0500 3160 ================ Scan VBR ==================================
17:39:04.0500 3160 [ 64484C0E2E1CE88FFCEBA71DB19741BD ] \Device\Harddisk0\DR0\Partition1
17:39:04.0500 3160 \Device\Harddisk0\DR0\Partition1 - ok
17:39:04.0531 3160 [ 880BF45A4C5F3BA71DDDB04024679810 ] \Device\Harddisk0\DR0\Partition2
17:39:04.0531 3160 \Device\Harddisk0\DR0\Partition2 - ok
17:39:04.0562 3160 [ CDD13BA5FD854AD1F4E25194BF6B7E18 ] \Device\Harddisk0\DR0\Partition3
17:39:04.0562 3160 \Device\Harddisk0\DR0\Partition3 - ok
17:39:04.0562 3160 ============================================================
17:39:04.0562 3160 Scan finished
17:39:04.0562 3160 ============================================================
17:39:04.0687 3312 Detected object count: 5
17:39:04.0687 3312 Actual detected object count: 5
17:39:35.0453 3312 a347bus ( UnsignedFile.Multi.Generic ) - skipped by user
17:39:35.0453 3312 a347bus ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:39:35.0453 3312 a347scsi ( UnsignedFile.Multi.Generic ) - skipped by user
17:39:35.0453 3312 a347scsi ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:39:35.0468 3312 atapi ( LockedFile.Multi.Generic ) - skipped by user
17:39:35.0468 3312 atapi ( LockedFile.Multi.Generic ) - User select action: Skip
17:39:35.0468 3312 cdrbsdrv ( UnsignedFile.Multi.Generic ) - skipped by user
17:39:35.0468 3312 cdrbsdrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:39:35.0468 3312 PxHelp20 ( UnsignedFile.Multi.Generic ) - skipped by user
17:39:35.0468 3312 PxHelp20 ( UnsignedFile.Multi.Generic ) - User select action: Skip

Stahnete Malwarebytes Anti-Rootkit http://www.bleepingcomputer.com/downloa ... i-rootkit/

Ulozte nejlepe na Plochu a rozbalte
Spustte kliknutim na mbanr
Nyni postupne kliknete na Next a Update
Po dokonceni update (aktualizace) databaze kliknete opet na Next
Nechte zaskrtnute vsechny tri moznosti a klinete na Scan cimz spustite prohledavani PC
Po dokonceni skenu (cca 5 minutek) zkontrolujte, zda-li je u vsech nalezu (samozrejme pokud budou) zatrzitko
Tez zkontrolujte, jetsli je zatrzitko u Create Restore point
Nyni kliknete na CleanUp cimz nalezenou infekci odstranime
PC bude restartovan
Slozka mbar by mela obsahovat log (a zrejme se i sam otevre) mbar-log-rok-mesic-den (hodina-minuta-sekunda).txt, ten mi sem dejte

Stahnete Malwarebytes' Anti-Malware (zkracene MBAM) http://forum.viry.cz/viewtopic.php?f=29&t=115222

Provedte aktualizaci
Provedte uplny sken - nic nemazte
MBAM miva obcas falesne detekce, proto vlozte log do prispevku a pockejte na posouzeni

VIRY.CZ

virus policia sr

virus policia sr

Re: virus policia sr

Re: virus policia sr

Re: virus policia sr

Re: virus policia sr

Re: virus policia sr

Re: virus policia sr

Re: virus policia sr