Dobrý večer,
pri poslednej aktualizácii Win 7 mi systém po reštarte išiel do BSOD, pričom nešiel spustiť ani safemod.
Znova som ho nabootoval z inštalačného DVD, pričom sa vrátil stav pred aktualizáciou.
Zopakoval som to viackrát s rovnakým výsledkom.
Teraz som sa dočítal, že MS síce stiahol túto aktualizáciu, ale vraj tieto problémy spôsobuje
Backdoor.Tidserv
Boli by ste, prosím, takí dobrí, a pozreli si môj log, či tam naozaj to svinstvo nie je?
Ďakujem,
Peter
Logfile of random's system information tool 1.06 (written by random/random)
Run by a at 2010-02-19 21:26:56
Microsoft Windows 7 Ultimate Service Pack 3
System drive C: has 145 GB (38%) free of 377 GB
Total RAM: 3327 MB (29% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:28:40, on 19.2.2010
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\Dwm.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Vista Start Menu\VistaStartMenu.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\LEGO Company\LEGO Digital Designer\LDD.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Vista Start Menu\VistaStartMenu.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\wincmd\TOTALCMD.EXE
C:\Program Files\Java\jre6\launch4j-tmp\frd.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Samsung\Samsung New PC Studio\NewPCStudio.exe
C:\Program Files\Samsung\Samsung New PC Studio\NPSToolboxAdd.exe
C:\Program Files\Samsung\Samsung New PC Studio\NPSStageSync.exe
C:\Program Files\Samsung\Samsung New PC Studio\NPSAlarm.exe
C:\Program Files\Samsung\Samsung New PC Studio\NPSDexplorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft Office\OFFICE11\POWERPNT.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\wincmd\TOTALCMD.EXE
C:\Program Files\Opera\opera.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\DL\RSIT.exe
C:\Program Files\trend micro\HijackThis\a.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://club.geewa.com/sk/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [OutpostMonitor] "C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe" /tray /noservice
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [VistaStartMenu] C:\Program Files\Vista Start Menu\VistaStartMenu.exe
O4 - HKUS\S-1-5-21-2042303748-983762039-2973062252-1003\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'i')
O4 - HKUS\S-1-5-21-2042303748-983762039-2973062252-1003\..\Run: [VistaStartMenu] C:\Program Files\Vista Start Menu\VistaStartMenu.exe (User 'i')
O4 - HKUS\S-1-5-21-2042303748-983762039-2973062252-1003\..\RunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\FlashUtil10d.exe (User 'i')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O10 - Unknown file in Winsock LSP: c:\program files\vmware\vmware workstation\vsocklib.dll
O10 - Unknown file in Winsock LSP: c:\program files\vmware\vmware workstation\vsocklib.dll
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: c:\PROGRA~1\Agnitum\OUTPOS~1\wl_hook.dll
O23 - Service: Agnitum Client Security Service (acssrv) - Agnitum Ltd. - C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: FsUsbExService - Teruten - C:\Windows\system32\FsUsbExService.Exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Sony Ericsson OMSI download service (OMSI download service) - Unknown owner - C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-ufad.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\Windows\system32\vmnetdhcp.exe
O23 - Service: VMware USB Arbitration Service (VMUSBArbService) - VMware, Inc. - C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\Windows\system32\vmnat.exe
--
End of file - 7170 bytes
======Scheduled tasks folder======
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2042303748-983762039-2973062252-1004Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2042303748-983762039-2973062252-1004UA.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-12-21 75200]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-11 41760]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2007-08-28 1282048]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]
"Ad-Watch"=C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe [2010-01-27 788880]
"OutpostMonitor"=C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe [2009-09-23 1270080]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-07-14 1173504]
"VistaStartMenu"=C:\Program Files\Vista Start Menu\VistaStartMenu.exe [2010-02-04 2471296]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-12-11 948672]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-12-22 35760]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [2008-08-14 611712]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoStartNPSAgent]
C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe [2009-04-02 102400]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
C:\Program Files\DAEMON Tools Lite\DTLite.exe [2009-10-30 369200]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-03-11 49152]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OutpostFeedBack]
C:\Program Files\Agnitum\Outpost Firewall Pro\feedback.exe [2009-09-23 436552]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RGSC]
C:\Hry\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe [2008-12-13 306088]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe [2009-09-24 434176]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundTray]
C:\Program Files\Analog Devices\SoundMAX\SoundTray.exe [2007-08-02 53248]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Start WingMan Profiler]
C:\Program Files\Logitech\Gaming Software\LWEMon.exe [2009-01-21 92168]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
C:\Program Files\ATI\ATI.ACE\Core-Static\CLIStart.exe [2009-12-14 98304]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
C:\Hry\Steam\Steam.exe [2009-11-22 1217808]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre6\bin\jusched.exe [2009-10-11 149280]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vmware-tray]
C:\Program Files\VMware\VMware Workstation\vmware-tray.exe [2009-10-22 129584]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
[]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe [2007-03-11 210520]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^i^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^FreeRapid 0.82.lnk]
C:\PROGRA~1\FREERA~1\frd.exe [2009-10-29 35840]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^i^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^update.exe]
C:\Users\i\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^i^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^updater.exe]
C:\Users\i\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\updater.exe []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="c:\PROGRA~1\Agnitum\OUTPOS~1\wl_hook.dll"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EFS]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Power]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcEptMapper]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vmms]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AppInfo]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\BFE]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\bowser]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\dfsc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Dot3Svc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Eaphost]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\EFS]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\IKEEXT]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\KeyIso]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MPSDrv]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MPSSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mrxsmb]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mrxsmb10]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mrxsmb20]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NativeWifiP]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ndiscap]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\netprofm]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NlaSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Nsi]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nsiproxy.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NTDS]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PolicyAgent]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Power]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ProfSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\rdbss]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\rdpencdd.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\RpcEptMapper]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sacsvr]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SCardSvr]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SWPRV]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TabletInputService]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TBS]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TrustedInstaller]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\VaultSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\VDS]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vmms]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\volmgr.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\volmgrx.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wlansvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{50DD5230-BA8A-11D1-BF5D-0000F805F530}]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"SynchronousMachineGroupPolicy"=0
"SynchronousUserGroupPolicy"=0
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=
"NoDriveTypeAutoRun"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
======List of files/folders created in the last 1 months======
2010-02-19 21:24:14 ----D---- C:\rsit
2010-02-18 17:01:18 ----D---- C:\Windows\system32\ShellExt
2010-02-15 16:47:53 ----D---- C:\Program Files\LEGO Company
2010-02-15 16:46:47 ----A---- C:\SetupLDD-PC-3_0_11.exe
2010-02-11 17:33:21 ----D---- C:\Program Files\Audacity 1.3 Beta (Unicode)
2010-02-10 17:55:41 ----A---- C:\Windows\system32\tsbyuv.dll
2010-02-10 17:55:41 ----A---- C:\Windows\system32\quartz.dll
2010-02-10 17:55:41 ----A---- C:\Windows\system32\msyuv.dll
2010-02-10 17:55:41 ----A---- C:\Windows\system32\msvidc32.dll
2010-02-10 17:55:41 ----A---- C:\Windows\system32\msrle32.dll
2010-02-10 17:55:41 ----A---- C:\Windows\system32\mciavi32.dll
2010-02-10 17:55:41 ----A---- C:\Windows\system32\iyuv_32.dll
2010-02-10 17:55:41 ----A---- C:\Windows\system32\avifil32.dll
2010-02-10 17:47:40 ----A---- C:\Windows\system32\winlogon.exe
2010-02-10 17:47:40 ----A---- C:\Windows\explorer.exe
2010-02-08 17:11:22 ----D---- C:\Program Files\Autoruns
2010-02-04 17:19:06 ----D---- C:\Program Files\Yamicsoft
2010-02-04 17:18:13 ----A---- C:\Windows\system32\BASSMOD.dll
2010-02-02 14:04:10 ----AD---- C:\Windows\rundll16.exe
2010-02-02 14:04:10 ----AD---- C:\Windows\logo1_.exe
2010-02-02 10:09:58 ----D---- C:\ProgramData\Office Genuine Advantage
2010-02-02 09:49:50 ----AD---- C:\Windows\VDLL.DLL
2010-02-02 09:49:50 ----AD---- C:\Windows\system32\runouce.exe
2010-02-02 09:49:50 ----AD---- C:\Windows\RUNDL132.EXE
2010-02-02 09:49:50 ----AD---- C:\Windows\logo_1.exe
2010-02-02 09:46:48 ----A---- C:\Windows\system32\msvcr80.dll
2010-02-02 09:46:47 ----A---- C:\Windows\system32\msvcp80.dll
2010-02-02 09:46:46 ----A---- C:\Windows\system32\eEmpty.exe
2010-02-02 09:46:42 ----D---- C:\Program Files\Common Files\MicroWorld
2010-02-02 09:46:35 ----D---- C:\ProgramData\MicroWorld
2010-02-02 09:45:58 ----D---- C:\Program Files\MWAV
2010-02-01 16:15:20 ----AD---- C:\Program Files\Registry_Easy_5.6_Portable
2010-01-24 13:56:50 ----D---- C:\Program Files\FixWin
2010-01-22 19:09:27 ----D---- C:\vcs5BGEffects
2010-01-22 19:09:20 ----D---- C:\vcs5core
2010-01-22 19:09:20 ----D---- C:\AV_LOGS
2010-01-22 19:07:25 ----D---- C:\Program Files\AV Vcs 6.0 DIAMOND
2010-01-22 17:14:55 ----A---- C:\Windows\system32\mshtml.dll
2010-01-22 17:14:55 ----A---- C:\Windows\system32\ieframe.dll
2010-01-22 17:14:54 ----A---- C:\Windows\system32\wininet.dll
2010-01-22 17:14:54 ----A---- C:\Windows\system32\urlmon.dll
2010-01-22 17:14:54 ----A---- C:\Windows\system32\msfeedsbs.dll
2010-01-22 17:14:54 ----A---- C:\Windows\system32\iedkcs32.dll
======List of files/folders modified in the last 1 months======
2010-02-19 21:26:55 ----D---- C:\Windows\Prefetch
2010-02-19 19:54:54 ----D---- C:\Windows\system32\Tasks
2010-02-19 19:54:15 ----D---- C:\Windows\temp
2010-02-19 18:02:25 ----D---- C:\Igorko
2010-02-19 15:17:48 ----D---- C:\Strong DL
2010-02-18 17:14:26 ----D---- C:\DL
2010-02-18 17:02:54 ----D---- C:\Windows\System32
2010-02-18 17:02:54 ----D---- C:\Windows\inf
2010-02-18 17:02:54 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-02-18 16:09:08 ----D---- C:\Windows
2010-02-18 15:33:12 ----D---- C:\Program Files\Free Rapidshare Downloader
2010-02-15 18:10:36 ----D---- C:\Windows\system32\config
2010-02-15 17:59:33 ----SHD---- C:\System Volume Information
2010-02-15 16:47:53 ----RD---- C:\Program Files
2010-02-15 16:43:39 ----D---- C:\Windows\Tasks
2010-02-15 07:04:52 ----D---- C:\ProgramData\VMware
2010-02-15 07:04:34 ----D---- C:\Windows\Minidump
2010-02-12 13:18:38 ----D---- C:\Windows\system32\Filt
2010-02-12 13:11:10 ----AD---- C:\ProgramData\TEMP
2010-02-11 17:29:24 ----D---- C:\X
2010-02-11 03:06:17 ----D---- C:\Windows\system32\wfp
2010-02-11 03:06:17 ----D---- C:\Windows\system32\catroot2
2010-02-11 03:06:16 ----D---- C:\Windows\system32\wbem
2010-02-11 03:06:16 ----D---- C:\Windows\registration
2010-02-11 02:27:28 ----D---- C:\Users\a\AppData\Roaming\GHISLER
2010-02-11 02:13:22 ----D---- C:\Windows\system32\DriverStore
2010-02-11 02:13:19 ----D---- C:\ProgramData\Spybot - Search & Destroy
2010-02-11 02:10:50 ----D---- C:\Windows\system32\LogFiles
2010-02-10 18:22:14 ----SHD---- C:\Windows\Installer
2010-02-10 18:16:06 ----D---- C:\Windows\system32\catroot
2010-02-10 18:14:10 ----D---- C:\Windows\winsxs
2010-02-10 18:12:38 ----D---- C:\Windows\system32\drivers
2010-02-10 17:15:57 ----D---- C:\Users\a\AppData\Roaming\Vista Start Menu
2010-02-07 09:46:12 ----D---- C:\ Sylvia
2010-02-06 10:36:38 ----D---- C:\Program Files\xpAntispy
2010-02-06 10:26:11 ----SD---- C:\Users\a\AppData\Roaming\Microsoft
2010-02-06 10:15:49 ----D---- C:\Program Files\Fraps
2010-02-06 10:04:22 ----D---- C:\Windows\pss
2010-02-06 10:03:00 ----D---- C:\Zachytene video
2010-02-06 10:03:00 ----D---- C:\Zachytene obrazky
2010-02-04 19:09:37 ----D---- C:\Program Files\Vista Start Menu
2010-02-02 17:01:13 ----D---- C:\Program Files\DAEMON Tools Lite
2010-02-02 10:09:58 ----D---- C:\ProgramData
2010-02-02 09:46:42 ----D---- C:\Program Files\Common Files
2010-02-01 20:26:20 ----A---- C:\Windows\system32\MRT.exe
2010-01-30 12:03:37 ----D---- C:\Windows\system32\NDF
2010-01-27 16:50:09 ----A---- C:\Windows\system32\lsdelete.exe
2010-01-24 14:46:14 ----HD---- C:\Program Files\InstallShield Installation Information
2010-01-22 17:18:33 ----D---- C:\Program Files\Microsoft Silverlight
2010-01-22 17:17:19 ----D---- C:\Program Files\Internet Explorer
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 afw;Agnitum Firewall Driver; C:\Windows\system32\DRIVERS\afw.sys [2009-02-18 29208]
R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys [2009-02-13 11608]
R1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [2009-03-30 96104]
R1 blbdrive;blbdrive; C:\Windows\system32\DRIVERS\blbdrive.sys [2009-07-14 35328]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2009-07-14 387584]
R1 DfsC;@%systemroot%\system32\drivers\dfsc.sys,-101; C:\Windows\System32\Drivers\dfsc.sys [2009-07-14 78336]
R1 discache;@%systemroot%\system32\drivers\discache.sys,-102; C:\Windows\System32\drivers\discache.sys [2009-07-14 32256]
R1 nsiproxy;@%SystemRoot%\system32\drivers\nsiproxy.sys,-2; C:\Windows\system32\drivers\nsiproxy.sys [2009-07-14 16896]
R1 RDPENCDD;@%systemroot%\system32\drivers\RDPENCDD.sys,-101; C:\Windows\system32\drivers\rdpencdd.sys [2009-07-14 6656]
R1 RDPREFMP;@%systemroot%\system32\drivers\RdpRefMp.sys,-101; C:\Windows\system32\drivers\rdprefmp.sys [2009-07-14 7168]
R1 SandBox;SandBox; \??\C:\Windows\system32\drivers\SandBox.sys [2009-08-28 714112]
R1 ssmdrv;ssmdrv; C:\Windows\system32\DRIVERS\ssmdrv.sys [2009-08-15 28520]
R1 StarOpen;StarOpen; C:\Windows\system32\drivers\StarOpen.sys [2006-07-24 5632]
R1 tdx;@%SystemRoot%\system32\tcpipcfg.dll,-50004; C:\Windows\system32\DRIVERS\tdx.sys [2009-07-14 74240]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 48128]
R1 Wanarpv6;@%systemroot%\system32\rascfg.dll,-32012; C:\Windows\system32\DRIVERS\wanarp.sys [2009-07-14 63488]
R1 WfpLwf;WFP Lightweight Filter; C:\Windows\system32\DRIVERS\wfplwf.sys [2009-07-14 9728]
R2 avgntflt;avgntflt; C:\Windows\system32\DRIVERS\avgntflt.sys [2009-12-07 56816]
R2 hcmon;VMware hcmon; \??\C:\Windows\system32\drivers\hcmon.sys [2009-10-22 32304]
R2 lltdio;Link-Layer Topology Discovery Mapper I/O Driver; C:\Windows\system32\DRIVERS\lltdio.sys [2009-07-14 48128]
R2 luafv;@%systemroot%\system32\drivers\luafv.sys,-100; C:\Windows\system32\drivers\luafv.sys [2009-07-14 86528]
R2 PEAUTH;PEAUTH; C:\Windows\system32\drivers\peauth.sys [2009-07-14 586752]
R2 rspndr;Link-Layer Topology Discovery Responder; C:\Windows\system32\DRIVERS\rspndr.sys [2009-07-14 60928]
R2 tcpipreg;TCP/IP Registry Compatibility; C:\Windows\System32\drivers\tcpipreg.sys [2009-07-14 34816]
R2 vmci;VMware vmci; \??\C:\Windows\system32\Drivers\vmci.sys [2009-10-22 70704]
R2 VMnetBridge;VMware Bridge Protocol; C:\Windows\system32\DRIVERS\vmnetbridge.sys [2009-10-22 36400]
R2 VMnetuserif;VMware Network Application Interface; \??\C:\Windows\system32\drivers\vmnetuserif.sys [2009-10-22 26288]
R2 vmx86;VMware vmx86; \??\C:\Windows\system32\Drivers\vmx86.sys [2009-10-22 853936]
R2 vstor2-ws60;Vstor2 WS60 Virtual Storage Driver; \??\C:\Program Files\VMware\VMware Workstation\vstor2-ws60.sys [2009-10-12 22448]
R3 1394ohci;1394 OHCI Compliant Host Controller; C:\Windows\system32\DRIVERS\1394ohci.sys [2009-07-14 163328]
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\ADIHdAud.sys [2007-08-29 345088]
R3 afwcore;afwcore; C:\Windows\system32\drivers\afwcore.sys [2009-09-14 318488]
R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2009-12-15 5144576]
R3 bowser;@%systemroot%\system32\browser.dll,-102; C:\Windows\system32\DRIVERS\bowser.sys [2009-07-14 69632]
R3 CompositeBus;Composite Bus Enumerator Driver; C:\Windows\system32\DRIVERS\CompositeBus.sys [2009-07-14 31232]
R3 DXGKrnl;LDDM Graphics Subsystem; C:\Windows\System32\drivers\dxgkrnl.sys [2009-10-02 728648]
R3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2009-07-14 304128]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\Windows\system32\DRIVERS\HDAudBus.sys [2009-07-14 108544]
R3 HidUsb;Microsoft HID Class Driver; C:\Windows\system32\DRIVERS\hidusb.sys [2009-07-14 24064]
R3 intelppm;Intel Processor Driver; C:\Windows\system32\DRIVERS\intelppm.sys [2009-07-14 53760]
R3 MarvinBus;Pinnacle Marvin Bus; C:\Windows\system32\DRIVERS\MarvinBus.sys [2005-09-23 171520]
R3 monitor;Microsoft Monitor Class Function Driver Service; C:\Windows\system32\DRIVERS\monitor.sys [2009-07-14 23552]
R3 mouhid;Mouse HID Driver; C:\Windows\system32\DRIVERS\mouhid.sys [2009-07-14 26112]
R3 mpsdrv;@%SystemRoot%\system32\FirewallAPI.dll,-23092; C:\Windows\System32\drivers\mpsdrv.sys [2009-07-14 60416]
R3 mrxsmb10;@%systemroot%\system32\wkssvc.dll,-1004; C:\Windows\system32\DRIVERS\mrxsmb10.sys [2010-01-08 221184]
R3 mrxsmb20;@%systemroot%\system32\wkssvc.dll,-1006; C:\Windows\system32\DRIVERS\mrxsmb20.sys [2009-07-14 95744]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\Windows\system32\DRIVERS\ASACPI.sys [2006-10-18 7680]
R3 RasAgileVpn;WAN Miniport (IKEv2); C:\Windows\system32\DRIVERS\AgileVpn.sys [2009-07-14 49152]
R3 RasSstp;@%systemroot%\system32\sstpsvc.dll,-202; C:\Windows\system32\DRIVERS\rassstp.sys [2009-07-14 75264]
R3 rdpbus;Remote Desktop Device Redirector Bus Driver; C:\Windows\system32\DRIVERS\rdpbus.sys [2009-07-14 18944]
R3 seehcri;Sony Ericsson seehcri Device Driver; C:\Windows\system32\DRIVERS\seehcri.sys [2008-01-09 27632]
R3 srv2;@%systemroot%\system32\srvsvc.dll,-104; C:\Windows\System32\DRIVERS\srv2.sys [2009-07-14 306688]
R3 srvnet;srvnet; C:\Windows\System32\DRIVERS\srvnet.sys [2009-12-08 113664]
R3 tunnel;Microsoft Tunnel Miniport Adapter Driver; C:\Windows\system32\DRIVERS\tunnel.sys [2009-07-14 108544]
R3 umbus;UMBus Enumerator Driver; C:\Windows\system32\DRIVERS\umbus.sys [2009-07-21 39936]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\Windows\system32\DRIVERS\usbehci.sys [2009-06-13 41472]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\Windows\system32\DRIVERS\usbhub.sys [2009-07-21 258560]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\Windows\system32\DRIVERS\usbuhci.sys [2009-06-13 24064]
R3 VCSVADHWSer;Avnex Virtual Audio Device (WDM); C:\Windows\system32\DRIVERS\vcsvad.sys [2008-12-26 17792]
R3 vmkbd2;VMware kbd2; \??\C:\Windows\system32\drivers\VMkbd.sys [2009-10-22 23216]
R3 VMnetAdapter;VMware Virtual Ethernet Adapter Driver; C:\Windows\system32\DRIVERS\vmnetadapter.sys [2009-10-22 16560]
R3 WmBEnum;Logitech Virtual Bus Enumerator Driver; C:\Windows\system32\drivers\WmBEnum.sys [2009-01-13 19336]
R3 WmXlCore;Logitech Translation Layer Driver; C:\Windows\system32\drivers\WmXlCore.sys [2009-01-13 49160]
S3 a1ya5j3w;a1ya5j3w; C:\Windows\system32\drivers\a1ya5j3w.sys []
S3 AcpiPmi;ACPI Power Meter Driver; C:\Windows\system32\DRIVERS\acpipmi.sys [2009-07-14 9728]
S3 adp94xx;adp94xx; C:\Windows\system32\DRIVERS\adp94xx.sys [2009-07-14 422976]
S3 adpahci;adpahci; C:\Windows\system32\DRIVERS\adpahci.sys [2009-07-14 297552]
S3 adpu320;adpu320; C:\Windows\system32\DRIVERS\adpu320.sys [2009-07-14 146512]
S3 agp440;Intel AGP Bus Filter; C:\Windows\system32\DRIVERS\agp440.sys [2009-07-14 53312]
S3 amdagp;AMD AGP Bus Filter Driver; C:\Windows\system32\DRIVERS\amdagp.sys [2009-07-14 53312]
S3 amdide;amdide; C:\Windows\system32\DRIVERS\amdide.sys [2009-07-14 14912]
S3 AmdK8;AMD K8 Processor Driver; C:\Windows\system32\DRIVERS\amdk8.sys [2009-07-14 55296]
S3 AmdPPM;AMD Processor Driver; C:\Windows\system32\DRIVERS\amdppm.sys [2009-07-14 52736]
S3 amdsata;amdsata; C:\Windows\system32\DRIVERS\amdsata.sys [2009-07-14 79952]
S3 amdsbs;amdsbs; C:\Windows\system32\DRIVERS\amdsbs.sys [2009-07-14 159312]
S3 AppID;@%systemroot%\system32\appidsvc.dll,-102; C:\Windows\system32\drivers\appid.sys [2009-07-14 50176]
S3 arc;arc; C:\Windows\system32\DRIVERS\arc.sys [2009-07-14 76368]
S3 arcsas;arcsas; C:\Windows\system32\DRIVERS\arcsas.sys [2009-07-14 86608]
S3 ASWFilt;ASWFilt; \??\C:\Windows\system32\Filt\ASWFilt.dll [2009-08-28 33920]
S3 AtiHdmiService;ATI Service for HD Audio Codec; C:\Windows\system32\drivers\AtiHdmi.sys [2009-07-24 103440]
S3 b06bdrv;Broadcom NetXtreme II VBD; C:\Windows\system32\DRIVERS\bxvbdx.sys [2009-07-13 430080]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-13 229888]
S3 BrFiltLo;Brother USB Mass-Storage Lower Filter Driver; C:\Windows\system32\DRIVERS\BrFiltLo.sys [2009-07-13 13568]
S3 BrFiltUp;Brother USB Mass-Storage Upper Filter Driver; C:\Windows\system32\DRIVERS\BrFiltUp.sys [2009-07-13 5248]
S3 Bridge;@%SystemRoot%\system32\bridgeres.dll,-3; C:\Windows\system32\DRIVERS\bridge.sys [2009-07-14 78336]
S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\Windows\system32\DRIVERS\bridge.sys [2009-07-14 78336]
S3 Brserid;Brother MFC Serial Port Interface Driver (WDM); C:\Windows\System32\Drivers\Brserid.sys [2009-07-14 272128]
S3 BrSerWdm;Brother WDM Serial driver; C:\Windows\System32\Drivers\BrSerWdm.sys [2009-07-13 62336]
S3 BrUsbMdm;Brother MFC USB Fax Only Modem; C:\Windows\System32\Drivers\BrUsbMdm.sys [2009-07-13 12160]
S3 BrUsbSer;Brother MFC USB Serial WDM Driver; C:\Windows\System32\Drivers\BrUsbSer.sys [2009-07-13 11904]
S3 BTHMODEM;Bluetooth Serial Communications Driver; C:\Windows\system32\DRIVERS\bthmodem.sys [2009-07-14 56320]
S3 circlass;Consumer IR Devices; C:\Windows\system32\DRIVERS\circlass.sys [2009-07-14 37888]
S3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\Windows\system32\DRIVERS\CmBatt.sys [2009-07-14 14080]
S3 Compbatt;Compbatt; C:\Windows\system32\DRIVERS\compbatt.sys [2009-07-14 19024]
S3 Dot4;MS IEEE-1284.4 Driver; C:\Windows\system32\DRIVERS\Dot4.sys [2009-07-14 131072]
S3 Dot4Print;Print Class Driver for IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Prt.sys [2009-07-14 16384]
S3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys [2009-07-14 36864]
S3 ebdrv;Broadcom NetXtreme II 10 GigE VBD; C:\Windows\system32\DRIVERS\evbdx.sys [2009-07-13 3100160]
S3 elxstor;elxstor; C:\Windows\system32\DRIVERS\elxstor.sys [2009-07-14 453712]
S3 ENTECH;ENTECH; \??\C:\Windows\system32\DRIVERS\ENTECH.sys [2008-04-22 27672]
S3 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\DRIVERS\errdev.sys [2009-07-14 7168]
S3 exfat;exFAT File System Driver; C:\Windows\system32\drivers\exfat.sys [2009-07-14 142336]
S3 Filetrace;@%SystemRoot%\system32\drivers\filetrace.sys,-10001; C:\Windows\system32\drivers\filetrace.sys [2009-07-14 28160]
S3 FsDepends;@%SystemRoot%\system32\drivers\fsdepends.sys,-10001; C:\Windows\System32\drivers\FsDepends.sys [2009-07-14 46160]
S3 FsUsbExDisk;FsUsbExDisk; \??\C:\Windows\system32\FsUsbExDisk.SYS [2009-03-31 36608]
S3 gagp30kx;Microsoft Generic AGPv3.0 Filter for K8 Processor Platforms; C:\Windows\system32\DRIVERS\gagp30kx.sys [2009-07-14 57936]
S3 hcw85cir;Hauppauge Consumer Infrared Receiver; C:\Windows\system32\drivers\hcw85cir.sys [2009-07-13 26624]
S3 HidBatt;HID UPS Battery Driver; C:\Windows\system32\DRIVERS\HidBatt.sys [2009-07-14 21504]
S3 HidBth;Microsoft Bluetooth HID Miniport; C:\Windows\system32\DRIVERS\hidbth.sys [2009-07-14 91136]
S3 HidIr;Microsoft Infrared HID Driver; C:\Windows\system32\DRIVERS\hidir.sys [2009-07-14 37888]
S3 HpSAMD;HpSAMD; C:\Windows\system32\DRIVERS\HpSAMD.sys [2009-07-14 67152]
S3 iaStorV;iaStorV; C:\Windows\system32\DRIVERS\iaStorV.sys [2009-07-14 332352]
S3 iirsp;iirsp; C:\Windows\system32\DRIVERS\iirsp.sys [2009-07-14 41040]
S3 intelide;intelide; C:\Windows\system32\DRIVERS\intelide.sys [2009-07-14 15424]
S3 IPMIDRV;IPMIDRV; C:\Windows\system32\DRIVERS\IPMIDrv.sys [2009-07-14 65536]
S3 isapnp;isapnp; C:\Windows\system32\DRIVERS\isapnp.sys [2009-07-14 46656]
S3 iScsiPrt;iScsiPort Driver; C:\Windows\system32\DRIVERS\msiscsi.sys [2009-07-14 186960]
S3 kbdhid;Keyboard HID Driver; C:\Windows\system32\DRIVERS\kbdhid.sys [2009-07-14 28160]
S3 LSI_FC;LSI_FC; C:\Windows\system32\DRIVERS\lsi_fc.sys [2009-07-14 95824]
S3 LSI_SAS;LSI_SAS; C:\Windows\system32\DRIVERS\lsi_sas.sys [2009-07-14 89168]
S3 LSI_SAS2;LSI_SAS2; C:\Windows\system32\DRIVERS\lsi_sas2.sys [2009-07-14 54864]
S3 LSI_SCSI;LSI_SCSI; C:\Windows\system32\DRIVERS\lsi_scsi.sys [2009-07-14 96848]
S3 megasas;megasas; C:\Windows\system32\DRIVERS\megasas.sys [2009-07-14 30800]
S3 MegaSR;MegaSR; C:\Windows\system32\DRIVERS\MegaSR.sys [2009-07-14 235584]
S3 mpio;mpio; C:\Windows\system32\DRIVERS\mpio.sys [2009-07-14 130624]
S3 msahci;msahci; C:\Windows\system32\DRIVERS\msahci.sys [2009-07-14 27712]
S3 msdsm;msdsm; C:\Windows\system32\DRIVERS\msdsm.sys [2009-07-14 115792]
S3 mshidkmdf;@%SystemRoot%\system32\drivers\mshidkmdf.sys,-100; C:\Windows\System32\drivers\mshidkmdf.sys [2009-07-14 4096]
S3 MsRPC;MsRPC; C:\Windows\system32\drivers\MsRPC.sys [2009-07-14 162896]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2009-07-14 6144]
S3 MTConfig;Microsoft Input Configuration Driver; C:\Windows\system32\DRIVERS\MTConfig.sys [2009-07-14 12288]
S3 NativeWifiP;NativeWiFi Filter; C:\Windows\system32\DRIVERS\nwifi.sys [2009-07-14 267264]
S3 NdisCap;NDIS Capture LightWeight Filter; C:\Windows\system32\DRIVERS\ndiscap.sys [2009-07-14 27136]
S3 nfrd960;nfrd960; C:\Windows\system32\DRIVERS\nfrd960.sys [2009-07-14 44624]
S3 nmwcd;Nokia USB Phone Parent; C:\Windows\system32\drivers\ccdcmb.sys [2009-02-09 17664]
S3 nmwcdc;Nokia USB Generic; C:\Windows\system32\drivers\ccdcmbo.sys [2009-02-09 22016]
S3 nv_agp;NVIDIA nForce AGP Bus Filter; C:\Windows\system32\DRIVERS\nv_agp.sys [2009-07-14 105024]
S3 nvraid;nvraid; C:\Windows\system32\DRIVERS\nvraid.sys [2009-07-14 117312]
S3 nvstor;nvstor; C:\Windows\system32\DRIVERS\nvstor.sys [2009-07-14 142416]
S3 ohci1394;1394 OHCI Compliant Host Controller (Legacy); C:\Windows\system32\DRIVERS\ohci1394.sys [2009-07-14 62464]
S3 pgfilter;pgfilter; C:\Windows\system32\drivers\pgfilter.sys []
S3 ql2300;ql2300; C:\Windows\system32\DRIVERS\ql2300.sys [2009-07-14 1383488]
S3 ql40xx;ql40xx; C:\Windows\system32\DRIVERS\ql40xx.sys [2009-07-14 106064]
S3 QWAVEdrv;@%SystemRoot%\system32\drivers\qwavedrv.sys,-1; C:\Windows\system32\drivers\qwavedrv.sys [2009-07-14 31744]
S3 s1018bus;Sony Ericsson Device 1018 driver (WDM); C:\Windows\system32\DRIVERS\s1018bus.sys [2009-03-25 86824]
S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter; C:\Windows\system32\DRIVERS\s1018mdfl.sys [2009-03-25 15016]
S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver; C:\Windows\system32\DRIVERS\s1018mdm.sys [2009-03-25 114728]
S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM); C:\Windows\system32\DRIVERS\s1018mgmt.sys [2009-03-25 106208]
S3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS); C:\Windows\system32\DRIVERS\s1018nd5.sys [2009-03-25 26024]
S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface; C:\Windows\system32\DRIVERS\s1018obex.sys [2009-03-25 104744]
S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM); C:\Windows\system32\DRIVERS\s1018unic.sys [2009-03-25 109864]
S3 s3cap;s3cap; C:\Windows\system32\DRIVERS\vms3cap.sys [2009-07-14 5632]
S3 sbp2port;sbp2port; C:\Windows\system32\DRIVERS\sbp2port.sys [2009-07-14 85568]
S3 scfilter;@%SystemRoot%\System32\drivers\scfilter.sys,-11; C:\Windows\System32\DRIVERS\scfilter.sys [2009-07-14 26624]
S3 sermouse;Serial Mouse Driver; C:\Windows\system32\DRIVERS\sermouse.sys [2009-07-14 19968]
S3 sffdisk;SFF Storage Class Driver; C:\Windows\system32\DRIVERS\sffdisk.sys [2009-07-14 11264]
S3 sffp_mmc;SFF Storage Protocol Driver for MMC; C:\Windows\system32\DRIVERS\sffp_mmc.sys [2009-07-14 12288]
S3 sffp_sd;SFF Storage Protocol Driver for SDBus; C:\Windows\system32\DRIVERS\sffp_sd.sys [2009-07-14 12800]
S3 sisagp;SIS AGP Bus Filter; C:\Windows\system32\DRIVERS\sisagp.sys [2009-07-14 52304]
S3 SiSRaid2;SiSRaid2; C:\Windows\system32\DRIVERS\SiSRaid2.sys [2009-07-14 40016]
S3 SiSRaid4;SiSRaid4; C:\Windows\system32\DRIVERS\sisraid4.sys [2009-07-14 77888]
S3 Smb;@%SystemRoot%\system32\tcpipcfg.dll,-50005; C:\Windows\system32\DRIVERS\smb.sys [2009-07-14 71168]
S3 ss_bbus;SAMSUNG USB Mobile Device (WDM); C:\Windows\system32\DRIVERS\ss_bbus.sys [2009-03-20 90112]
S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter); C:\Windows\system32\DRIVERS\ss_bmdfl.sys [2009-03-20 14976]
S3 ss_bmdm;SAMSUNG USB Mobile Modem; C:\Windows\system32\DRIVERS\ss_bmdm.sys [2009-03-20 121856]
S3 sscdbus;SAMSUNG USB Composite Device driver (WDM); C:\Windows\system32\DRIVERS\sscdbus.sys [2007-07-03 80552]
S3 sscdmdfl;SAMSUNG Mobile Modem Filter; C:\Windows\system32\DRIVERS\sscdmdfl.sys [2007-07-03 11944]
S3 sscdmdm;SAMSUNG Mobile Modem Drivers; C:\Windows\system32\DRIVERS\sscdmdm.sys [2007-07-03 106792]
S3 stexstor;stexstor; C:\Windows\system32\DRIVERS\stexstor.sys [2009-07-14 21072]
S3 storvsc;storvsc; C:\Windows\system32\DRIVERS\storvsc.sys [2009-07-14 28224]
S3 TCPIP6;Microsoft IPv6 Protocol Driver; C:\Windows\system32\DRIVERS\tcpip.sys [2009-07-24 1285208]
S3 tssecsrv;@%SystemRoot%\System32\DRIVERS\tssecsrv.sys,-101; C:\Windows\System32\DRIVERS\tssecsrv.sys [2009-07-14 30208]
S3 uagp35;Microsoft AGPv3.5 Filter; C:\Windows\system32\DRIVERS\uagp35.sys [2009-07-14 55888]
S3 uliagpkx;Uli AGP Bus Filter; C:\Windows\system32\DRIVERS\uliagpkx.sys [2009-07-14 57424]
S3 UmPass;Microsoft UMPass Driver; C:\Windows\system32\DRIVERS\umpass.sys [2009-07-14 8192]
S3 upperdev;upperdev; C:\Windows\system32\DRIVERS\usbser_lowerflt.sys [2009-02-09 7808]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\Windows\system32\DRIVERS\usbccgp.sys [2009-06-13 75264]
S3 usbcir;eHome Infrared Receiver (USBCIR); C:\Windows\system32\DRIVERS\usbcir.sys [2009-07-14 86016]
S3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\Windows\system32\DRIVERS\usbohci.sys [2009-06-13 20480]
S3 usbprint;Microsoft USB PRINTER Class; C:\Windows\system32\DRIVERS\usbprint.sys [2009-07-14 19968]
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2009-07-14 35840]
S3 usbser;USB Modem Driver; C:\Windows\system32\drivers\usbser.sys [2009-07-14 27648]
S3 UsbserFilt;UsbserFilt; C:\Windows\system32\DRIVERS\usbser_lowerfltj.sys [2009-02-09 7808]
S3 USBSTOR;USB Mass Storage Driver; C:\Windows\system32\DRIVERS\USBSTOR.SYS [2009-07-14 74752]
S3 vga;vga; C:\Windows\system32\DRIVERS\vgapnp.sys [2009-07-14 26112]
S3 vhdmp;vhdmp; C:\Windows\system32\DRIVERS\vhdmp.sys [2009-07-14 159824]
S3 viaagp;VIA AGP Bus Filter; C:\Windows\system32\DRIVERS\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]
S3 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\DRIVERS\vmbus.sys [2009-07-14 175824]
S3 VMBusHID;VMBusHID; C:\Windows\system32\DRIVERS\VMBusHID.sys [2009-07-14 17920]
S3 vpcbus;Virtual PC Host Bus Service; C:\Windows\system32\DRIVERS\vpchbus.sys [2009-09-23 165376]
S3 vpcusb;USB Virtualization Connector Service; C:\Windows\system32\DRIVERS\vpcusb.sys [2009-09-23 78336]
S3 vpcuxd;USB Virtualization Stub Service; C:\Windows\system32\DRIVERS\vpcuxd.sys [2009-09-23 12800]
S3 vsmraid;vsmraid; C:\Windows\system32\DRIVERS\vsmraid.sys [2009-07-14 141904]
S3 vwifibus;@%SystemRoot%\System32\drivers\vwifibus.sys,-257; C:\Windows\System32\drivers\vwifibus.sys [2009-07-14 19968]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-14 14336]
S3 WacomPen;Wacom Serial Pen HID Driver; C:\Windows\system32\DRIVERS\wacompen.sys [2009-07-14 21632]
S3 Wd;Wd; C:\Windows\system32\DRIVERS\wd.sys [2009-07-14 19024]
S3 WIMMount;WIMMount; C:\Windows\system32\drivers\wimmount.sys [2009-07-14 19008]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2009-07-14 34944]
S3 WmFilter;Logitech Gaming HID Filter Driver; C:\Windows\system32\drivers\WmFilter.sys [2009-01-13 29192]
S3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2009-07-14 11264]
S3 WmVirHid;Logitech Virtual Hid Device Driver; C:\Windows\system32\drivers\WmVirHid.sys [2009-01-13 14728]
S4 crcdisk;Crcdisk Filter Driver; C:\Windows\system32\DRIVERS\crcdisk.sys [2009-07-14 22096]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 acssrv;Agnitum Client Security Service; C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe [2009-09-23 1338560]
R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-08-15 185089]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-08-15 108289]
R2 AudioEndpointBuilder;@%SystemRoot%\system32\audiosrv.dll,-204; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 BFE;@%SystemRoot%\system32\bfe.dll,-1001; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R2 DPS;@%systemroot%\system32\dps.dll,-500; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 FDResPub;@%systemroot%\system32\fdrespub.dll,-100; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R2 gpsvc;@gpapi.dll,-112; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R2 hpqddsvc;HP CUE DeviceDiscovery Service; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R2 IKEEXT;@%SystemRoot%\system32\ikeext.dll,-501; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2010-02-06 1181328]
R2 MpsSvc;Brána Windows Firewall; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R2 NlaSvc;@%SystemRoot%\System32\nlasvc.dll,-1; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 nsi;@%SystemRoot%\system32\nsisvc.dll,-200; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R2 OMSI download service;Sony Ericsson OMSI download service; C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [2009-04-30 90112]
R2 Power;@%SystemRoot%\system32\umpo.dll,-100; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R2 ProfSvc;@%systemroot%\system32\profsvc.dll,-300; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R2 RpcEptMapper;@%windir%\system32\RpcEpMap.dll,-1001; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R2 SBSDWSCService;SBSD Security Center Service; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
R2 SysMain;@%SystemRoot%\system32\sysmain.dll,-1000; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R2 UxSms;@%SystemRoot%\system32\dwm.exe,-2000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 VMAuthdService;VMware Authorization Service; C:\Program Files\VMware\VMware Workstation\vmware-authd.exe [2009-10-22 113200]
R2 VMnetDHCP;VMware DHCP Service; C:\Windows\system32\vmnetdhcp.exe [2009-10-22 334384]
R2 VMware NAT Service;VMware NAT Service; C:\Windows\system32\vmnat.exe [2009-10-22 395824]
R2 wcncsvc;Windows Connect Now - Config Registrar; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R3 fdPHost;@%systemroot%\system32\fdPHost.dll,-100; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R3 hpqcxs08;hpqcxs08; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R3 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R3 MMCSS;Služba Plánovač multimédií; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R3 netprofm;@%SystemRoot%\system32\netprofm.dll,-202; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R3 PcaSvc;@%SystemRoot%\system32\pcasvc.dll,-1; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2009-06-02 637952]
R3 SstpSvc;@%SystemRoot%\system32\sstpsvc.dll,-200; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R3 WdiServiceHost;@%systemroot%\system32\wdi.dll,-502; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S2 sppsvc;@%SystemRoot%\system32\sppsvc.exe,-101; C:\Windows\system32\sppsvc.exe [2009-07-14 3179520]
S2 VMUSBArbService;VMware USB Arbitration Service; C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe [2009-10-22 563760]
S3 AeLookupSvc;@%SystemRoot%\system32\aelupsvc.dll,-1; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 AppIDSvc;@%systemroot%\system32\appidsvc.dll,-100; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 Appinfo;@%systemroot%\system32\appinfo.dll,-100; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 AxInstSV;@%SystemRoot%\system32\AxInstSV.dll,-103; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 BDESVC;@%SystemRoot%\system32\bdesvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 CertPropSvc;@%SystemRoot%\System32\certprop.dll,-11; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 clr_optimization_v2.0.50727_32;Microsoft .NET Framework NGEN v2.0.50727_X86; C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2009-06-10 66384]
S3 defragsvc;@%SystemRoot%\system32\defragsvc.dll,-101; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 EFS;@%SystemRoot%\system32\efssvc.dll,-100; C:\Windows\System32\lsass.exe [2009-07-14 22528]
S3 ehRecvr;@%SystemRoot%\ehome\ehrecvr.exe,-101; C:\Windows\ehome\ehRecvr.exe [2009-07-14 557056]
S3 ehSched;@%SystemRoot%\ehome\ehsched.exe,-101; C:\Windows\ehome\ehsched.exe [2009-07-14 94720]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance; C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 1527900]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-12-30 655624]
S3 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 FontCache3.0.0.0;@%SystemRoot%\system32\PresentationHost.exe,-3309; C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2009-06-10 42856]
S3 FsUsbExService;FsUsbExService; C:\Windows\system32\FsUsbExService.Exe [2009-03-31 233472]
S3 HomeGroupListener;@%SystemRoot%\System32\ListSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 HomeGroupProvider;@%SystemRoot%\System32\provsvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 idsvc;@%systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelInstallRC.dll,-8193; C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2009-06-10 878416]
S3 IPBusEnum;@%systemroot%\system32\IPBusEnum.dll,-102; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 KeyIso;@keyiso.dll,-100; C:\Windows\system32\lsass.exe [2009-07-14 22528]
S3 KtmRm;@comres.dll,-2946; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 lltdsvc;@%SystemRoot%\system32\lltdres.dll,-1; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 MSiSCSI;@%SystemRoot%\system32\iscsidsc.dll,-5000; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 p2pimsvc;@%SystemRoot%\system32\pnrpsvc.dll,-8004; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 p2psvc;@%SystemRoot%\system32\p2psvc.dll,-8006; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 pla;@%systemroot%\system32\pla.dll,-500; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 PNRPAutoReg;@%SystemRoot%\system32\pnrpauto.dll,-8002; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 PNRPsvc;@%SystemRoot%\system32\pnrpsvc.dll,-8000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 QWAVE;@%SystemRoot%\system32\qwave.dll,-1; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 SDRSVC;@%SystemRoot%\system32\sdrsvc.dll,-107; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 SessionEnv;@%SystemRoot%\System32\SessEnv.dll,-1026; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 sppuinotify;@%SystemRoot%\system32\sppuinotify.dll,-103; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 Steam Client Service;Steam Client Service; C:\Program Files\Common Files\Steam\SteamService.exe [2009-06-30 316664]
S3 TBS;@%SystemRoot%\system32\tbssvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 THREADORDER;@%systemroot%\system32\mmcss.dll,-102; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 TrustedInstaller;@%SystemRoot%\servicing\TrustedInstaller.exe,-100; C:\Windows\servicing\TrustedInstaller.exe [2009-07-14 204800]
S3 ufad-ws60;VMware Agent Service; C:\Program Files\VMware\VMware Workstation\vmware-ufad.exe [2009-10-12 191024]
S3 UI0Detect;@%SystemRoot%\system32\ui0detect.exe,-101; C:\Windows\system32\UI0Detect.exe [2009-07-14 35840]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 VaultSvc;@%SystemRoot%\system32\vaultsvc.dll,-1003; C:\Windows\system32\lsass.exe [2009-07-14 22528]
S3 vds;@%SystemRoot%\system32\vds.exe,-100; C:\Windows\System32\vds.exe [2009-07-14 452608]
S3 wbengine;@%systemroot%\system32\wbengine.exe,-104; C:\Windows\system32\wbengine.exe [2009-07-14 1202688]
S3 WbioSrvc;@%systemroot%\system32\wbiosrvc.dll,-100; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 WcsPlugInService;@%SystemRoot%\system32\WcsPlugInService.dll,-200; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 WdiSystemHost;@%systemroot%\system32\wdi.dll,-500; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 Wecsvc;@%SystemRoot%\system32\wecsvc.dll,-200; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 wercplsupport;@%SystemRoot%\System32\wercplsupport.dll,-101; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 WinHttpAutoProxySvc;@%SystemRoot%\system32\winhttp.dll,-100; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 WinRM;@%Systemroot%\system32\wsmsvc.dll,-101; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 Wlansvc;Automatická konfigurace sítě WLAN; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S4 AEADIFilters;Andrea ADI Filters Service; C:\Windows\system32\AEADISRV.EXE [2007-06-07 86016]
S4 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2009-12-15 172032]
S4 bthserv;Služba pro podporu technologie Bluetooth; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S4 CscService;Offline soubory; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S4 Fax;Fax; C:\Windows\system32\fxssvc.exe [2009-07-14 522752]
S4 iphlpsvc;Pomocná služba protokolu IP; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S4 Mcx2Svc;@%SystemRoot%\ehome\ehres.dll,-15501; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S4 NetTcpPortSharing;@%systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelInstallRC.dll,-8201; C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2009-06-10 128848]
S4 PeerDistSvc;BranchCache; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S4 SCPolicySvc;Smart Card Removal Policy; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S4 SensrSvc;Adaptivní jas; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S4 SNMPTRAP;Zachytávání pro službu SNMP; C:\Windows\System32\snmptrap.exe [2009-07-14 12800]
S4 TabletInputService;Služba Vstupní panel počítače Tablet PC; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S4 WerSvc;Služba Zasílání zpráv o chybách systému Windows; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S4 WinDefend;Windows Defender; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S4 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\wmpnetwk.exe [2009-07-14 1121280]
-----------------EOF-----------------
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Prosím o kontrolu logu - podozrenie na Backdoor.Tidserv
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
-
666_peter_666
- Návštěvník
- Příspěvky: 32
- Registrován: 25 kvě 2006 08:27
-
Rudy
- Site Admin
- Příspěvky: 119402
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Prosím o kontrolu logu - podozrenie na Backdoor.Tidserv
Dejte log z ComboFix.
Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
pote spustte aplikaci pod uctem s administratorskym opravnenim
hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.
v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine aplikace ani nic jineho
behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)
upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode, pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k nezadoucim kolizim s rezidentem antispyware
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
-
666_peter_666
- Návštěvník
- Příspěvky: 32
- Registrován: 25 kvě 2006 08:27
Re: Prosím o kontrolu logu - podozrenie na Backdoor.Tidserv
ComboFix 10-02-19.04 - a 20.02.2010 10:12:53.2.4 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1250.420.1033.18.3327.2329 [GMT 1:00]
Spuštěný z: c:\dl\ComboFix.exe
FW: Outpost Firewall Pro *disabled* {8A20CA2A-9E02-4A64-923B-0A38208EB7FD}
SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Outpost Firewall Pro *disabled* (Updated) {8A20CA2A-9E02-4A64-923B-0A38208EB7FD}
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\users\a\AppData\Local\Temp\E_N4
c:\users\a\AppData\Local\Temp\E_N4\eCalc.fne
c:\users\a\AppData\Local\Temp\E_N4\GDI+Ö§łÖżâ.fne
c:\users\a\AppData\Local\Temp\E_N4\krnln.fnr
Nakažená kopie c:\windows\system32\DRIVERS\atapi.sys byla nalezena a vyléčena.
Obnovena kopie z - Kitty ate it :p
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-01-20 do 2010-02-20 )))))))))))))))))))))))))))))))
.
2010-02-20 09:26 . 2010-02-20 09:31 -------- d-----w- c:\users\a\AppData\Local\temp
2010-02-20 09:26 . 2010-02-20 09:26 -------- d-----w- c:\users\s\AppData\Local\temp
2010-02-20 09:26 . 2010-02-20 09:26 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-02-20 09:26 . 2010-02-20 09:26 -------- d-----w- c:\users\i\AppData\Local\temp
2010-02-20 09:26 . 2010-02-20 09:26 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-02-20 09:26 . 2010-02-20 09:26 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2010-02-19 20:24 . 2010-02-19 20:28 -------- d-----w- C:\rsit
2010-02-18 16:01 . 2010-02-18 16:01 -------- d-----w- c:\windows\system32\ShellExt
2010-02-15 15:48 . 2010-02-15 15:48 -------- d-----w- c:\users\i\AppData\Roaming\LEGO Company
2010-02-15 15:47 . 2010-02-15 15:47 -------- d-----w- c:\program files\LEGO Company
2010-02-15 15:46 . 2010-02-15 15:46 55193336 ----a-w- C:\SetupLDD-PC-3_0_11.exe
2010-02-11 16:33 . 2010-02-11 16:36 -------- d-----w- c:\users\i\AppData\Roaming\Audacity
2010-02-11 16:33 . 2010-02-12 12:12 -------- d-----w- c:\program files\Audacity 1.3 Beta (Unicode)
2010-02-10 17:11 . 2010-01-08 03:17 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-10 17:11 . 2010-01-08 03:18 221184 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-02-10 16:55 . 2009-12-19 09:02 12288 ----a-w- c:\windows\system32\tsbyuv.dll
2010-02-10 16:55 . 2009-12-19 09:02 1328640 ----a-w- c:\windows\system32\quartz.dll
2010-02-10 16:55 . 2009-12-19 09:02 22016 ----a-w- c:\windows\system32\msyuv.dll
2010-02-10 16:55 . 2009-12-19 09:02 31744 ----a-w- c:\windows\system32\msvidc32.dll
2010-02-10 16:55 . 2009-12-19 09:02 13312 ----a-w- c:\windows\system32\msrle32.dll
2010-02-10 16:55 . 2009-12-19 09:02 84480 ----a-w- c:\windows\system32\mciavi32.dll
2010-02-10 16:55 . 2009-12-19 09:02 50176 ----a-w- c:\windows\system32\iyuv_32.dll
2010-02-10 16:55 . 2009-12-19 09:02 91648 ----a-w- c:\windows\system32\avifil32.dll
2010-02-10 16:51 . 2009-12-08 08:05 310784 ----a-w- c:\windows\system32\drivers\srv.sys
2010-02-10 16:51 . 2009-12-08 08:05 113664 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-02-10 16:47 . 2009-10-31 05:45 2614272 ----a-w- c:\windows\explorer.exe
2010-02-10 16:47 . 2009-10-28 06:17 285696 ----a-w- c:\windows\system32\winlogon.exe
2010-02-08 16:11 . 2010-02-11 01:13 -------- d-----w- c:\program files\Autoruns
2010-02-06 09:29 . 2010-02-06 09:29 176863088 ----a-w- C:\BackupRegistry(20100206).reg
2010-02-04 16:19 . 2010-02-04 16:19 -------- d-----w- c:\program files\Yamicsoft
2010-02-02 16:01 . 2010-02-02 16:01 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-02-02 15:22 . 2010-02-02 15:22 -------- d-----w- c:\users\i\AppData\Local\Pinnacle
2010-02-02 13:04 . 2010-02-02 13:04 -------- d---a-w- c:\windows\rundll16.exe
2010-02-02 13:04 . 2010-02-02 13:04 -------- d---a-w- c:\windows\logo1_.exe
2010-02-02 09:09 . 2010-02-02 09:09 -------- d-----w- c:\programdata\Office Genuine Advantage
2010-02-02 09:02 . 2010-02-02 09:03 10518150 ----a-w- c:\windows\REGBK00.ZIP
2010-02-02 08:49 . 2010-02-02 08:49 -------- d---a-w- c:\windows\VDLL.DLL
2010-02-02 08:49 . 2010-02-02 08:49 -------- d---a-w- c:\windows\system32\runouce.exe
2010-02-02 08:49 . 2010-02-02 08:49 -------- d---a-w- c:\windows\RUNDL132.EXE
2010-02-02 08:49 . 2010-02-02 08:49 -------- d---a-w- c:\windows\logo_1.exe
2010-02-02 08:46 . 2010-02-02 08:46 632064 ----a-w- c:\windows\system32\msvcr80.dll
2010-02-02 08:46 . 2010-02-02 08:46 554240 ----a-w- c:\windows\system32\msvcp80.dll
2010-02-02 08:46 . 2010-02-02 08:46 34048 ----a-w- c:\windows\system32\eEmpty.exe
2010-02-02 08:46 . 2010-02-02 08:46 -------- d-----w- c:\program files\Common Files\MicroWorld
2010-02-02 08:46 . 2010-02-02 08:46 -------- d-----w- c:\programdata\MicroWorld
2010-02-02 08:45 . 2010-02-02 08:46 -------- d-----w- c:\program files\MWAV
2010-02-01 15:15 . 2010-02-01 15:15 -------- d---a-w- c:\program files\Registry_Easy_5.6_Portable
2010-01-24 13:13 . 2010-01-24 13:14 177042384 ----a-w- C:\BackupRegistry(20100124) po fixwin.reg
2010-01-24 12:56 . 2010-01-24 12:56 -------- d-----w- c:\program files\FixWin
2010-01-22 18:09 . 2010-01-22 18:09 -------- d-----w- C:\vcs5BGEffects
2010-01-22 18:09 . 2010-01-22 18:15 -------- d-----w- C:\vcs5core
2010-01-22 18:09 . 2010-01-22 18:09 -------- d-----w- C:\AV_LOGS
2010-01-22 18:07 . 2010-01-30 12:13 -------- d-----w- c:\program files\AV Vcs 6.0 DIAMOND
2010-01-22 16:14 . 2009-12-19 09:02 977920 ----a-w- c:\windows\system32\wininet.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-20 09:29 . 2010-01-06 09:20 -------- d-----w- c:\programdata\VMware
2010-02-20 09:19 . 2009-08-15 13:05 625128 ----a-w- c:\windows\system32\perfh005.dat
2010-02-20 09:19 . 2009-08-15 13:05 119822 ----a-w- c:\windows\system32\perfc005.dat
2010-02-20 08:27 . 2009-08-15 17:34 -------- d-----w- c:\program files\Free Rapidshare Downloader
2010-02-20 08:12 . 2009-09-22 14:36 -------- d-----w- c:\users\a\AppData\Roaming\Vista Start Menu
2010-02-19 13:32 . 2010-01-06 09:53 -------- d-----w- c:\users\i\AppData\Roaming\VMware
2010-02-11 01:27 . 2009-08-15 12:40 -------- d-----w- c:\users\a\AppData\Roaming\GHISLER
2010-02-11 01:13 . 2009-08-18 18:40 -------- d-----w- c:\users\s\AppData\Roaming\GHISLER
2010-02-11 01:13 . 2009-08-17 15:19 -------- d-----w- c:\users\i\AppData\Roaming\GHISLER
2010-02-11 01:13 . 2009-08-15 15:35 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-02-06 10:09 . 2009-09-22 14:58 -------- d-----w- c:\users\i\AppData\Roaming\Vista Start Menu
2010-02-06 09:36 . 2009-09-11 14:12 -------- d-----w- c:\program files\xpAntispy
2010-02-06 09:15 . 2009-08-17 14:43 -------- d-----w- c:\program files\Fraps
2010-02-06 08:49 . 2009-08-23 14:20 389784 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\UpdateManager.dll
2010-02-06 08:49 . 2009-09-21 12:50 3803208 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\AutoLaunch.exe
2010-02-06 08:49 . 2009-08-23 14:19 823928 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe
2010-02-06 08:49 . 2009-08-23 14:19 1181328 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\AAWService.exe
2010-02-04 18:09 . 2009-09-22 14:35 -------- d-----w- c:\program files\Vista Start Menu
2010-02-04 16:25 . 2009-09-23 17:34 -------- d-----w- c:\users\s\AppData\Roaming\Vista Start Menu
2010-02-02 16:01 . 2009-10-30 15:05 -------- d-----w- c:\program files\DAEMON Tools Lite
2010-01-27 15:50 . 2009-08-23 14:20 862040 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\threatwork.exe
2010-01-27 15:50 . 2009-08-23 14:20 15880 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\lsdelete.exe
2010-01-27 15:50 . 2009-08-20 14:05 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-01-27 15:50 . 2009-08-23 14:20 206944 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\lavamessage.dll
2010-01-27 15:50 . 2009-08-23 14:20 390288 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\lavalicense.dll
2010-01-27 15:50 . 2009-10-14 17:53 537576 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\aawapi.dll
2010-01-27 15:49 . 2009-08-23 14:19 163728 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\ShellExt.dll
2010-01-27 15:49 . 2009-08-23 14:20 8 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Savapibridge.dll
2010-01-27 15:49 . 2009-08-23 14:19 6296864 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Resources.dll
2010-01-27 15:49 . 2009-08-23 14:19 327000 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\RPAPI.dll
2010-01-27 15:49 . 2009-08-23 14:19 87496 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\PrivacyClean.dll
2010-01-27 15:49 . 2009-08-23 14:19 933120 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\CEAPI.dll
2010-01-27 15:48 . 2009-08-23 14:19 816784 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe
2010-01-27 15:48 . 2009-08-23 14:19 1643272 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
2010-01-27 15:48 . 2009-08-23 14:19 788880 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\AAWTray.exe
2010-01-24 13:46 . 2009-08-15 13:31 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-22 16:18 . 2009-09-11 14:02 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-19 20:51 . 2010-01-19 20:51 -------- d-----w- c:\users\i\AppData\Roaming\Avnex
2010-01-18 19:21 . 2010-01-18 19:21 -------- d-----w- c:\programdata\PC Suite
2010-01-17 18:36 . 2010-01-17 18:24 -------- d-----w- c:\program files\Cool Record Edit Deluxe 7.9.2
2010-01-16 20:06 . 2009-08-15 17:33 -------- d-----w- c:\program files\Common Files\Adobe
2010-01-14 19:20 . 2010-01-06 09:23 909320 ----a-w- c:\programdata\VMware\VMware Workstation\Uninstaller\uninstall.exe
2010-01-14 19:20 . 2010-01-06 09:23 625200 ----a-w- c:\programdata\VMware\VMware Workstation\Uninstaller\instUtils.dll
2010-01-14 19:15 . 2010-01-06 09:23 360448 ----a-w- c:\programdata\VMware\VMware Workstation\Uninstaller\module_license.dll
2010-01-14 19:15 . 2010-01-06 09:23 331776 ----a-w- c:\programdata\VMware\VMware Workstation\Uninstaller\module_ws.dll
2010-01-14 19:15 . 2010-01-06 09:23 569344 ----a-w- c:\programdata\VMware\VMware Workstation\Uninstaller\module_core.dll
2010-01-14 19:15 . 2010-01-06 09:23 958000 ----a-w- c:\programdata\VMware\VMware Workstation\Uninstaller\vnetlib64.dll
2010-01-14 19:15 . 2010-01-06 09:23 922672 ----a-w- c:\programdata\VMware\VMware Workstation\Uninstaller\vnetlib64.exe
2010-01-14 19:15 . 2010-01-06 09:23 760368 ----a-w- c:\programdata\VMware\VMware Workstation\Uninstaller\vnetlib.dll
2010-01-14 19:15 . 2010-01-06 09:23 731696 ----a-w- c:\programdata\VMware\VMware Workstation\Uninstaller\vminstutil.dll
2010-01-14 19:15 . 2010-01-06 09:23 703024 ----a-w- c:\programdata\VMware\VMware Workstation\Uninstaller\vnetlib.exe
2010-01-07 16:12 . 2010-01-07 16:12 -------- d-----w- c:\users\i\AppData\Roaming\LucasArts
2010-01-06 09:32 . 2010-01-06 09:28 -------- d-----w- c:\users\a\AppData\Roaming\VMware
2010-01-06 09:21 . 2010-01-06 09:21 -------- d-----w- c:\program files\Common Files\VMware
2010-01-06 09:20 . 2010-01-06 09:20 -------- d-----w- c:\program files\VMware
2009-12-31 18:13 . 2009-12-31 18:13 -------- d-----w- c:\programdata\ATI
2009-12-31 18:13 . 2009-08-15 14:26 -------- d-----w- c:\users\a\AppData\Roaming\ATI
2009-12-31 18:11 . 2009-12-31 18:08 -------- d-----w- c:\program files\ATI
2009-12-31 18:09 . 2009-12-31 18:09 10134 ----a-r- c:\users\a\AppData\Roaming\Microsoft\Installer\{1F19E412-CA39-1DC9-409E-D20130E97CB5}\ARPPRODUCTICON.exe
2009-12-31 17:45 . 2009-08-31 21:31 -------- d-----w- c:\program files\7-Zip
2009-12-30 16:08 . 2009-08-15 12:49 140504 ----a-w- c:\users\a\AppData\Local\GDIPFONTCACHEV1.DAT
2009-12-30 16:05 . 2009-08-20 11:40 140504 ----a-w- c:\users\s\AppData\Local\GDIPFONTCACHEV1.DAT
2009-12-30 16:02 . 2009-08-17 15:57 140504 ----a-w- c:\users\i\AppData\Local\GDIPFONTCACHEV1.DAT
2009-12-30 16:01 . 2009-12-30 16:01 -------- d-----w- c:\programdata\FLEXnet
2009-12-30 15:52 . 2009-12-30 15:52 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2009-12-24 11:24 . 2009-08-20 09:45 -------- d-----w- c:\users\i\AppData\Roaming\URSoft
2009-12-24 10:28 . 2009-08-15 20:06 -------- d-----w- c:\program files\Winamp
2009-12-24 10:23 . 2009-12-24 10:22 -------- d-----w- c:\program files\Your Uninstaller 2010
2009-12-24 10:22 . 2009-08-16 10:59 -------- d-----w- c:\users\a\AppData\Roaming\URSoft
2009-12-23 21:07 . 2009-08-26 07:07 -------- d-----w- c:\program files\FLV to AVI
2009-12-15 00:21 . 2009-12-15 00:21 5144576 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2009-12-14 23:47 . 2009-12-14 23:47 446464 ----a-w- c:\windows\system32\ATIDEMGX.dll
2009-12-14 23:47 . 2009-12-14 23:47 368640 ----a-w- c:\windows\system32\atieclxx.exe
2009-12-14 23:46 . 2009-12-14 23:46 172032 ----a-w- c:\windows\system32\atiesrxx.exe
2009-12-14 23:45 . 2009-12-14 23:45 159744 ----a-w- c:\windows\system32\atitmmxx.dll
2009-12-14 23:45 . 2009-12-14 23:45 356352 ----a-w- c:\windows\system32\atipdlxx.dll
2009-12-14 23:45 . 2009-12-14 23:45 274432 ----a-w- c:\windows\system32\Oemdspif.dll
2009-12-14 23:44 . 2009-12-14 23:44 11776 ----a-w- c:\windows\system32\atimuixx.dll
2009-12-14 23:44 . 2009-12-14 23:44 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2009-12-14 23:41 . 2009-12-14 23:41 3056640 ----a-w- c:\windows\system32\atidxx32.dll
2009-12-14 23:25 . 2009-12-14 23:25 3618304 ----a-w- c:\windows\system32\atiumdag.dll
2009-12-14 23:13 . 2009-12-14 23:13 13487616 ----a-w- c:\windows\system32\atioglxx.dll
2009-12-14 23:07 . 2009-12-14 23:07 2902016 ----a-w- c:\windows\system32\atiumdva.dll
2009-12-14 22:55 . 2009-12-14 22:55 52224 ----a-w- c:\windows\system32\atimpc32.dll
2009-12-14 22:55 . 2009-12-14 22:55 52224 ----a-w- c:\windows\system32\amdpcom32.dll
2009-12-14 22:54 . 2009-12-14 22:54 225280 ----a-w- c:\windows\system32\atiadlxx.dll
2009-12-14 22:50 . 2009-12-14 22:50 53248 ----a-w- c:\windows\system32\aticalrt.dll
2009-12-14 22:49 . 2009-12-14 22:49 53248 ----a-w- c:\windows\system32\aticalcl.dll
2009-12-14 22:48 . 2009-12-14 22:48 3629056 ----a-w- c:\windows\system32\aticaldd.dll
2009-12-14 22:39 . 2009-12-14 22:39 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2009-12-07 17:13 . 2009-08-15 14:47 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-12-04 09:03 . 2009-12-04 09:03 251376 ----a-w- c:\users\s\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
2009-11-30 18:50 . 2009-11-30 18:50 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2006-05-03 09:06 . 2009-08-15 18:03 163328 --sh--r- c:\windows\System32\flvDX.dll
2007-02-21 10:47 . 2009-08-15 18:03 31232 --sh--r- c:\windows\System32\msfDX.dll
2008-03-16 12:30 . 2009-08-15 18:03 216064 --sh--r- c:\windows\System32\nbDX.dll
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
"VistaStartMenu"="c:\program files\Vista Start Menu\VistaStartMenu.exe" [2010-02-04 2471296]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-08-28 1282048]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"OutpostMonitor"="c:\progra~1\Agnitum\OUTPOS~1\op_mon.exe" [2009-09-23 1270080]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"SynchronousMachineGroupPolicy"= 0 (0x0)
"SynchronousUserGroupPolicy"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Agnitum\OUTPOS~1\wl_hook.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sr.sys]
@="FSFilter System Recovery"
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
backup=c:\windows\pss\Adobe Gamma Loader.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^Users^i^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^FreeRapid 0.82.lnk]
backup=c:\windows\pss\FreeRapid 0.82.lnk.Startup
backupExtension=.Startup
[HKLM\~\startupfolder\C:^Users^i^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^update.exe]
path=c:\users\i\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exe
backup=c:\windows\pss\update.exe.Startup
backupExtension=.Startup
[HKLM\~\startupfolder\C:^Users^i^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^updater.exe]
path=c:\users\i\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\updater.exe
backup=c:\windows\pss\updater.exe.Startup
backupExtension=.Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad-Watch]
2010-01-27 15:48 788880 ----a-w- c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2009-12-11 14:57 948672 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-12-22 00:57 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
2008-08-14 06:58 611712 ----a-w- c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoStartNPSAgent]
2009-04-02 16:05 102400 ----a-w- c:\program files\Samsung\Samsung New PC Studio\NPSAgent.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2009-10-30 11:57 369200 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-03-11 19:34 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OutpostFeedBack]
2009-09-23 11:34 436552 ----a-w- c:\program files\Agnitum\Outpost Firewall Pro\feedback.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RGSC]
2008-12-13 07:10 306088 ----a-w- c:\hry\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
2009-09-24 13:41 434176 ----a-w- c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundTray]
2007-08-02 15:45 53248 ----a-w- c:\program files\Analog Devices\SoundMAX\SoundTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Start WingMan Profiler]
2009-01-21 12:19 92168 ----a-w- c:\program files\Logitech\Gaming Software\LWEMon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2009-12-14 16:54 98304 ----a-w- c:\program files\ATI\ATI.ACE\Core-Static\CLIStart.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2009-11-22 10:34 1217808 ----a-w- c:\hry\Steam\steam.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-10-11 03:17 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vmware-tray]
2009-10-22 03:59 129584 ----a-w- c:\program files\VMware\VMware Workstation\vmware-tray.exe
R0 Lbd;Lbd;c:\windows\System32\drivers\Lbd.sys [14.10.2009 18:53 64288]
R1 afw;Agnitum Firewall Driver;c:\windows\System32\drivers\afw.sys [15.8.2009 16:11 29208]
R1 SandBox;SandBox;c:\windows\System32\drivers\SandBox.sys [15.8.2009 16:13 714112]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\System32\drivers\vwififlt.sys [14.7.2009 0:52 48128]
R2 acssrv;Agnitum Client Security Service;c:\progra~1\Agnitum\OUTPOS~1\acs.exe [15.8.2009 16:11 1338560]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [15.8.2009 15:47 108289]
R2 OMSI download service;Sony Ericsson OMSI download service;c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [27.11.2009 17:54 90112]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [15.8.2009 16:35 1153368]
R2 vmci;VMware vmci;c:\windows\System32\drivers\vmci.sys [22.10.2009 5:00 70704]
R3 afwcore;afwcore;c:\windows\System32\drivers\afwcore.sys [15.8.2009 16:13 318488]
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\System32\drivers\seehcri.sys [27.11.2009 17:54 27632]
R3 VCSVADHWSer;Avnex Virtual Audio Device (WDM);c:\windows\System32\drivers\vcsvad.sys [19.1.2010 21:50 17792]
S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files\Common Files\VMware\USB\vmware-usbarbitrator.exe [22.10.2009 3:47 563760]
S3 ASWFilt;ASWFilt;c:\windows\System32\Filt\ASWFilt.dll [15.8.2009 16:13 33920]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\MAGIX\Common\Database\bin\fbserver.exe [16.8.2009 18:31 1527900]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\System32\FsUsbExDisk.Sys [16.9.2009 19:09 36608]
S3 FsUsbExService;FsUsbExService;c:\windows\System32\FsUsbExService.Exe [16.9.2009 19:09 233472]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [24.9.2009 12:17 1181328]
S3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\System32\drivers\s1018bus.sys [27.11.2009 17:54 86824]
S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\System32\drivers\s1018mdfl.sys [27.11.2009 17:54 15016]
S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\System32\drivers\s1018mdm.sys [27.11.2009 17:54 114728]
S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\System32\drivers\s1018mgmt.sys [27.11.2009 17:54 106208]
S3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\System32\drivers\s1018nd5.sys [27.11.2009 17:54 26024]
S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\System32\drivers\s1018obex.sys [27.11.2009 17:54 104744]
S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\System32\drivers\s1018unic.sys [27.11.2009 17:54 109864]
S3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\System32\drivers\ss_bbus.sys [16.9.2009 19:10 90112]
S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\System32\drivers\ss_bmdfl.sys [16.9.2009 19:10 14976]
S3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\System32\drivers\ss_bmdm.sys [16.9.2009 19:10 121856]
S3 vpcuxd;USB Virtualization Stub Service;c:\windows\System32\drivers\vpcuxd.sys [10.11.2009 17:17 12800]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\System32\drivers\vwifimp.sys [14.7.2009 0:52 14336]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\System32\drivers\yk62x86.sys [13.7.2009 23:02 311296]
S4 AMD External Events Utility;AMD External Events Utility;c:\windows\System32\atiesrxx.exe [15.12.2009 0:46 172032]
S4 sptd;sptd;c:\windows\System32\drivers\sptd.sys [2.2.2010 17:01 691696]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Obsah adresáře 'Naplánované úlohy'
2010-01-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2042303748-983762039-2973062252-1004Core.job
- c:\users\s\AppData\Local\Google\Update\GoogleUpdate.exe [2009-12-22 21:05]
2010-01-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2042303748-983762039-2973062252-1004UA.job
- c:\users\s\AppData\Local\Google\Update\GoogleUpdate.exe [2009-12-22 21:05]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://club.geewa.com/sk/
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
LSP: c:\program files\VMware\VMware Workstation\vsocklib.dll
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
SafeBoot-dmboot.sys
SafeBoot-dmio.sys
SafeBoot-dmload.sys
SafeBoot-dmadmin
SafeBoot-dmserver
SafeBoot-SRService
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'Explorer.exe'(1080)
c:\program files\Vista Start Menu\VistaStartMenu.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\windows\system32\vmnat.exe
c:\program files\VMware\VMware Workstation\vmware-authd.exe
c:\windows\system32\vmnetdhcp.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
.
**************************************************************************
.
Celkový čas: 2010-02-20 10:36:52 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-02-20 09:36
ComboFix2.txt 2010-01-05 19:40
Před spuštěním: Volných bajtů: 152 973 238 272
Po spuštění: Volných bajtů: 153 011 355 648
- - End Of File - - FE9F81E7CF3F7C96C76E7880FA4579D2
Microsoft Windows 7 Ultimate 6.1.7600.0.1250.420.1033.18.3327.2329 [GMT 1:00]
Spuštěný z: c:\dl\ComboFix.exe
FW: Outpost Firewall Pro *disabled* {8A20CA2A-9E02-4A64-923B-0A38208EB7FD}
SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Outpost Firewall Pro *disabled* (Updated) {8A20CA2A-9E02-4A64-923B-0A38208EB7FD}
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\users\a\AppData\Local\Temp\E_N4
c:\users\a\AppData\Local\Temp\E_N4\eCalc.fne
c:\users\a\AppData\Local\Temp\E_N4\GDI+Ö§łÖżâ.fne
c:\users\a\AppData\Local\Temp\E_N4\krnln.fnr
Nakažená kopie c:\windows\system32\DRIVERS\atapi.sys byla nalezena a vyléčena.
Obnovena kopie z - Kitty ate it :p
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-01-20 do 2010-02-20 )))))))))))))))))))))))))))))))
.
2010-02-20 09:26 . 2010-02-20 09:31 -------- d-----w- c:\users\a\AppData\Local\temp
2010-02-20 09:26 . 2010-02-20 09:26 -------- d-----w- c:\users\s\AppData\Local\temp
2010-02-20 09:26 . 2010-02-20 09:26 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-02-20 09:26 . 2010-02-20 09:26 -------- d-----w- c:\users\i\AppData\Local\temp
2010-02-20 09:26 . 2010-02-20 09:26 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-02-20 09:26 . 2010-02-20 09:26 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2010-02-19 20:24 . 2010-02-19 20:28 -------- d-----w- C:\rsit
2010-02-18 16:01 . 2010-02-18 16:01 -------- d-----w- c:\windows\system32\ShellExt
2010-02-15 15:48 . 2010-02-15 15:48 -------- d-----w- c:\users\i\AppData\Roaming\LEGO Company
2010-02-15 15:47 . 2010-02-15 15:47 -------- d-----w- c:\program files\LEGO Company
2010-02-15 15:46 . 2010-02-15 15:46 55193336 ----a-w- C:\SetupLDD-PC-3_0_11.exe
2010-02-11 16:33 . 2010-02-11 16:36 -------- d-----w- c:\users\i\AppData\Roaming\Audacity
2010-02-11 16:33 . 2010-02-12 12:12 -------- d-----w- c:\program files\Audacity 1.3 Beta (Unicode)
2010-02-10 17:11 . 2010-01-08 03:17 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-10 17:11 . 2010-01-08 03:18 221184 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-02-10 16:55 . 2009-12-19 09:02 12288 ----a-w- c:\windows\system32\tsbyuv.dll
2010-02-10 16:55 . 2009-12-19 09:02 1328640 ----a-w- c:\windows\system32\quartz.dll
2010-02-10 16:55 . 2009-12-19 09:02 22016 ----a-w- c:\windows\system32\msyuv.dll
2010-02-10 16:55 . 2009-12-19 09:02 31744 ----a-w- c:\windows\system32\msvidc32.dll
2010-02-10 16:55 . 2009-12-19 09:02 13312 ----a-w- c:\windows\system32\msrle32.dll
2010-02-10 16:55 . 2009-12-19 09:02 84480 ----a-w- c:\windows\system32\mciavi32.dll
2010-02-10 16:55 . 2009-12-19 09:02 50176 ----a-w- c:\windows\system32\iyuv_32.dll
2010-02-10 16:55 . 2009-12-19 09:02 91648 ----a-w- c:\windows\system32\avifil32.dll
2010-02-10 16:51 . 2009-12-08 08:05 310784 ----a-w- c:\windows\system32\drivers\srv.sys
2010-02-10 16:51 . 2009-12-08 08:05 113664 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-02-10 16:47 . 2009-10-31 05:45 2614272 ----a-w- c:\windows\explorer.exe
2010-02-10 16:47 . 2009-10-28 06:17 285696 ----a-w- c:\windows\system32\winlogon.exe
2010-02-08 16:11 . 2010-02-11 01:13 -------- d-----w- c:\program files\Autoruns
2010-02-06 09:29 . 2010-02-06 09:29 176863088 ----a-w- C:\BackupRegistry(20100206).reg
2010-02-04 16:19 . 2010-02-04 16:19 -------- d-----w- c:\program files\Yamicsoft
2010-02-02 16:01 . 2010-02-02 16:01 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-02-02 15:22 . 2010-02-02 15:22 -------- d-----w- c:\users\i\AppData\Local\Pinnacle
2010-02-02 13:04 . 2010-02-02 13:04 -------- d---a-w- c:\windows\rundll16.exe
2010-02-02 13:04 . 2010-02-02 13:04 -------- d---a-w- c:\windows\logo1_.exe
2010-02-02 09:09 . 2010-02-02 09:09 -------- d-----w- c:\programdata\Office Genuine Advantage
2010-02-02 09:02 . 2010-02-02 09:03 10518150 ----a-w- c:\windows\REGBK00.ZIP
2010-02-02 08:49 . 2010-02-02 08:49 -------- d---a-w- c:\windows\VDLL.DLL
2010-02-02 08:49 . 2010-02-02 08:49 -------- d---a-w- c:\windows\system32\runouce.exe
2010-02-02 08:49 . 2010-02-02 08:49 -------- d---a-w- c:\windows\RUNDL132.EXE
2010-02-02 08:49 . 2010-02-02 08:49 -------- d---a-w- c:\windows\logo_1.exe
2010-02-02 08:46 . 2010-02-02 08:46 632064 ----a-w- c:\windows\system32\msvcr80.dll
2010-02-02 08:46 . 2010-02-02 08:46 554240 ----a-w- c:\windows\system32\msvcp80.dll
2010-02-02 08:46 . 2010-02-02 08:46 34048 ----a-w- c:\windows\system32\eEmpty.exe
2010-02-02 08:46 . 2010-02-02 08:46 -------- d-----w- c:\program files\Common Files\MicroWorld
2010-02-02 08:46 . 2010-02-02 08:46 -------- d-----w- c:\programdata\MicroWorld
2010-02-02 08:45 . 2010-02-02 08:46 -------- d-----w- c:\program files\MWAV
2010-02-01 15:15 . 2010-02-01 15:15 -------- d---a-w- c:\program files\Registry_Easy_5.6_Portable
2010-01-24 13:13 . 2010-01-24 13:14 177042384 ----a-w- C:\BackupRegistry(20100124) po fixwin.reg
2010-01-24 12:56 . 2010-01-24 12:56 -------- d-----w- c:\program files\FixWin
2010-01-22 18:09 . 2010-01-22 18:09 -------- d-----w- C:\vcs5BGEffects
2010-01-22 18:09 . 2010-01-22 18:15 -------- d-----w- C:\vcs5core
2010-01-22 18:09 . 2010-01-22 18:09 -------- d-----w- C:\AV_LOGS
2010-01-22 18:07 . 2010-01-30 12:13 -------- d-----w- c:\program files\AV Vcs 6.0 DIAMOND
2010-01-22 16:14 . 2009-12-19 09:02 977920 ----a-w- c:\windows\system32\wininet.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-20 09:29 . 2010-01-06 09:20 -------- d-----w- c:\programdata\VMware
2010-02-20 09:19 . 2009-08-15 13:05 625128 ----a-w- c:\windows\system32\perfh005.dat
2010-02-20 09:19 . 2009-08-15 13:05 119822 ----a-w- c:\windows\system32\perfc005.dat
2010-02-20 08:27 . 2009-08-15 17:34 -------- d-----w- c:\program files\Free Rapidshare Downloader
2010-02-20 08:12 . 2009-09-22 14:36 -------- d-----w- c:\users\a\AppData\Roaming\Vista Start Menu
2010-02-19 13:32 . 2010-01-06 09:53 -------- d-----w- c:\users\i\AppData\Roaming\VMware
2010-02-11 01:27 . 2009-08-15 12:40 -------- d-----w- c:\users\a\AppData\Roaming\GHISLER
2010-02-11 01:13 . 2009-08-18 18:40 -------- d-----w- c:\users\s\AppData\Roaming\GHISLER
2010-02-11 01:13 . 2009-08-17 15:19 -------- d-----w- c:\users\i\AppData\Roaming\GHISLER
2010-02-11 01:13 . 2009-08-15 15:35 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-02-06 10:09 . 2009-09-22 14:58 -------- d-----w- c:\users\i\AppData\Roaming\Vista Start Menu
2010-02-06 09:36 . 2009-09-11 14:12 -------- d-----w- c:\program files\xpAntispy
2010-02-06 09:15 . 2009-08-17 14:43 -------- d-----w- c:\program files\Fraps
2010-02-06 08:49 . 2009-08-23 14:20 389784 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\UpdateManager.dll
2010-02-06 08:49 . 2009-09-21 12:50 3803208 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\AutoLaunch.exe
2010-02-06 08:49 . 2009-08-23 14:19 823928 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe
2010-02-06 08:49 . 2009-08-23 14:19 1181328 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\AAWService.exe
2010-02-04 18:09 . 2009-09-22 14:35 -------- d-----w- c:\program files\Vista Start Menu
2010-02-04 16:25 . 2009-09-23 17:34 -------- d-----w- c:\users\s\AppData\Roaming\Vista Start Menu
2010-02-02 16:01 . 2009-10-30 15:05 -------- d-----w- c:\program files\DAEMON Tools Lite
2010-01-27 15:50 . 2009-08-23 14:20 862040 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\threatwork.exe
2010-01-27 15:50 . 2009-08-23 14:20 15880 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\lsdelete.exe
2010-01-27 15:50 . 2009-08-20 14:05 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-01-27 15:50 . 2009-08-23 14:20 206944 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\lavamessage.dll
2010-01-27 15:50 . 2009-08-23 14:20 390288 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\lavalicense.dll
2010-01-27 15:50 . 2009-10-14 17:53 537576 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\aawapi.dll
2010-01-27 15:49 . 2009-08-23 14:19 163728 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\ShellExt.dll
2010-01-27 15:49 . 2009-08-23 14:20 8 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Savapibridge.dll
2010-01-27 15:49 . 2009-08-23 14:19 6296864 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Resources.dll
2010-01-27 15:49 . 2009-08-23 14:19 327000 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\RPAPI.dll
2010-01-27 15:49 . 2009-08-23 14:19 87496 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\PrivacyClean.dll
2010-01-27 15:49 . 2009-08-23 14:19 933120 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\CEAPI.dll
2010-01-27 15:48 . 2009-08-23 14:19 816784 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe
2010-01-27 15:48 . 2009-08-23 14:19 1643272 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
2010-01-27 15:48 . 2009-08-23 14:19 788880 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\AAWTray.exe
2010-01-24 13:46 . 2009-08-15 13:31 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-22 16:18 . 2009-09-11 14:02 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-19 20:51 . 2010-01-19 20:51 -------- d-----w- c:\users\i\AppData\Roaming\Avnex
2010-01-18 19:21 . 2010-01-18 19:21 -------- d-----w- c:\programdata\PC Suite
2010-01-17 18:36 . 2010-01-17 18:24 -------- d-----w- c:\program files\Cool Record Edit Deluxe 7.9.2
2010-01-16 20:06 . 2009-08-15 17:33 -------- d-----w- c:\program files\Common Files\Adobe
2010-01-14 19:20 . 2010-01-06 09:23 909320 ----a-w- c:\programdata\VMware\VMware Workstation\Uninstaller\uninstall.exe
2010-01-14 19:20 . 2010-01-06 09:23 625200 ----a-w- c:\programdata\VMware\VMware Workstation\Uninstaller\instUtils.dll
2010-01-14 19:15 . 2010-01-06 09:23 360448 ----a-w- c:\programdata\VMware\VMware Workstation\Uninstaller\module_license.dll
2010-01-14 19:15 . 2010-01-06 09:23 331776 ----a-w- c:\programdata\VMware\VMware Workstation\Uninstaller\module_ws.dll
2010-01-14 19:15 . 2010-01-06 09:23 569344 ----a-w- c:\programdata\VMware\VMware Workstation\Uninstaller\module_core.dll
2010-01-14 19:15 . 2010-01-06 09:23 958000 ----a-w- c:\programdata\VMware\VMware Workstation\Uninstaller\vnetlib64.dll
2010-01-14 19:15 . 2010-01-06 09:23 922672 ----a-w- c:\programdata\VMware\VMware Workstation\Uninstaller\vnetlib64.exe
2010-01-14 19:15 . 2010-01-06 09:23 760368 ----a-w- c:\programdata\VMware\VMware Workstation\Uninstaller\vnetlib.dll
2010-01-14 19:15 . 2010-01-06 09:23 731696 ----a-w- c:\programdata\VMware\VMware Workstation\Uninstaller\vminstutil.dll
2010-01-14 19:15 . 2010-01-06 09:23 703024 ----a-w- c:\programdata\VMware\VMware Workstation\Uninstaller\vnetlib.exe
2010-01-07 16:12 . 2010-01-07 16:12 -------- d-----w- c:\users\i\AppData\Roaming\LucasArts
2010-01-06 09:32 . 2010-01-06 09:28 -------- d-----w- c:\users\a\AppData\Roaming\VMware
2010-01-06 09:21 . 2010-01-06 09:21 -------- d-----w- c:\program files\Common Files\VMware
2010-01-06 09:20 . 2010-01-06 09:20 -------- d-----w- c:\program files\VMware
2009-12-31 18:13 . 2009-12-31 18:13 -------- d-----w- c:\programdata\ATI
2009-12-31 18:13 . 2009-08-15 14:26 -------- d-----w- c:\users\a\AppData\Roaming\ATI
2009-12-31 18:11 . 2009-12-31 18:08 -------- d-----w- c:\program files\ATI
2009-12-31 18:09 . 2009-12-31 18:09 10134 ----a-r- c:\users\a\AppData\Roaming\Microsoft\Installer\{1F19E412-CA39-1DC9-409E-D20130E97CB5}\ARPPRODUCTICON.exe
2009-12-31 17:45 . 2009-08-31 21:31 -------- d-----w- c:\program files\7-Zip
2009-12-30 16:08 . 2009-08-15 12:49 140504 ----a-w- c:\users\a\AppData\Local\GDIPFONTCACHEV1.DAT
2009-12-30 16:05 . 2009-08-20 11:40 140504 ----a-w- c:\users\s\AppData\Local\GDIPFONTCACHEV1.DAT
2009-12-30 16:02 . 2009-08-17 15:57 140504 ----a-w- c:\users\i\AppData\Local\GDIPFONTCACHEV1.DAT
2009-12-30 16:01 . 2009-12-30 16:01 -------- d-----w- c:\programdata\FLEXnet
2009-12-30 15:52 . 2009-12-30 15:52 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2009-12-24 11:24 . 2009-08-20 09:45 -------- d-----w- c:\users\i\AppData\Roaming\URSoft
2009-12-24 10:28 . 2009-08-15 20:06 -------- d-----w- c:\program files\Winamp
2009-12-24 10:23 . 2009-12-24 10:22 -------- d-----w- c:\program files\Your Uninstaller 2010
2009-12-24 10:22 . 2009-08-16 10:59 -------- d-----w- c:\users\a\AppData\Roaming\URSoft
2009-12-23 21:07 . 2009-08-26 07:07 -------- d-----w- c:\program files\FLV to AVI
2009-12-15 00:21 . 2009-12-15 00:21 5144576 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2009-12-14 23:47 . 2009-12-14 23:47 446464 ----a-w- c:\windows\system32\ATIDEMGX.dll
2009-12-14 23:47 . 2009-12-14 23:47 368640 ----a-w- c:\windows\system32\atieclxx.exe
2009-12-14 23:46 . 2009-12-14 23:46 172032 ----a-w- c:\windows\system32\atiesrxx.exe
2009-12-14 23:45 . 2009-12-14 23:45 159744 ----a-w- c:\windows\system32\atitmmxx.dll
2009-12-14 23:45 . 2009-12-14 23:45 356352 ----a-w- c:\windows\system32\atipdlxx.dll
2009-12-14 23:45 . 2009-12-14 23:45 274432 ----a-w- c:\windows\system32\Oemdspif.dll
2009-12-14 23:44 . 2009-12-14 23:44 11776 ----a-w- c:\windows\system32\atimuixx.dll
2009-12-14 23:44 . 2009-12-14 23:44 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2009-12-14 23:41 . 2009-12-14 23:41 3056640 ----a-w- c:\windows\system32\atidxx32.dll
2009-12-14 23:25 . 2009-12-14 23:25 3618304 ----a-w- c:\windows\system32\atiumdag.dll
2009-12-14 23:13 . 2009-12-14 23:13 13487616 ----a-w- c:\windows\system32\atioglxx.dll
2009-12-14 23:07 . 2009-12-14 23:07 2902016 ----a-w- c:\windows\system32\atiumdva.dll
2009-12-14 22:55 . 2009-12-14 22:55 52224 ----a-w- c:\windows\system32\atimpc32.dll
2009-12-14 22:55 . 2009-12-14 22:55 52224 ----a-w- c:\windows\system32\amdpcom32.dll
2009-12-14 22:54 . 2009-12-14 22:54 225280 ----a-w- c:\windows\system32\atiadlxx.dll
2009-12-14 22:50 . 2009-12-14 22:50 53248 ----a-w- c:\windows\system32\aticalrt.dll
2009-12-14 22:49 . 2009-12-14 22:49 53248 ----a-w- c:\windows\system32\aticalcl.dll
2009-12-14 22:48 . 2009-12-14 22:48 3629056 ----a-w- c:\windows\system32\aticaldd.dll
2009-12-14 22:39 . 2009-12-14 22:39 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2009-12-07 17:13 . 2009-08-15 14:47 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-12-04 09:03 . 2009-12-04 09:03 251376 ----a-w- c:\users\s\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
2009-11-30 18:50 . 2009-11-30 18:50 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2006-05-03 09:06 . 2009-08-15 18:03 163328 --sh--r- c:\windows\System32\flvDX.dll
2007-02-21 10:47 . 2009-08-15 18:03 31232 --sh--r- c:\windows\System32\msfDX.dll
2008-03-16 12:30 . 2009-08-15 18:03 216064 --sh--r- c:\windows\System32\nbDX.dll
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
"VistaStartMenu"="c:\program files\Vista Start Menu\VistaStartMenu.exe" [2010-02-04 2471296]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-08-28 1282048]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"OutpostMonitor"="c:\progra~1\Agnitum\OUTPOS~1\op_mon.exe" [2009-09-23 1270080]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"SynchronousMachineGroupPolicy"= 0 (0x0)
"SynchronousUserGroupPolicy"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Agnitum\OUTPOS~1\wl_hook.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sr.sys]
@="FSFilter System Recovery"
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
backup=c:\windows\pss\Adobe Gamma Loader.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^Users^i^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^FreeRapid 0.82.lnk]
backup=c:\windows\pss\FreeRapid 0.82.lnk.Startup
backupExtension=.Startup
[HKLM\~\startupfolder\C:^Users^i^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^update.exe]
path=c:\users\i\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exe
backup=c:\windows\pss\update.exe.Startup
backupExtension=.Startup
[HKLM\~\startupfolder\C:^Users^i^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^updater.exe]
path=c:\users\i\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\updater.exe
backup=c:\windows\pss\updater.exe.Startup
backupExtension=.Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad-Watch]
2010-01-27 15:48 788880 ----a-w- c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2009-12-11 14:57 948672 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-12-22 00:57 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
2008-08-14 06:58 611712 ----a-w- c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoStartNPSAgent]
2009-04-02 16:05 102400 ----a-w- c:\program files\Samsung\Samsung New PC Studio\NPSAgent.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2009-10-30 11:57 369200 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-03-11 19:34 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OutpostFeedBack]
2009-09-23 11:34 436552 ----a-w- c:\program files\Agnitum\Outpost Firewall Pro\feedback.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RGSC]
2008-12-13 07:10 306088 ----a-w- c:\hry\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
2009-09-24 13:41 434176 ----a-w- c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundTray]
2007-08-02 15:45 53248 ----a-w- c:\program files\Analog Devices\SoundMAX\SoundTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Start WingMan Profiler]
2009-01-21 12:19 92168 ----a-w- c:\program files\Logitech\Gaming Software\LWEMon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2009-12-14 16:54 98304 ----a-w- c:\program files\ATI\ATI.ACE\Core-Static\CLIStart.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2009-11-22 10:34 1217808 ----a-w- c:\hry\Steam\steam.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-10-11 03:17 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vmware-tray]
2009-10-22 03:59 129584 ----a-w- c:\program files\VMware\VMware Workstation\vmware-tray.exe
R0 Lbd;Lbd;c:\windows\System32\drivers\Lbd.sys [14.10.2009 18:53 64288]
R1 afw;Agnitum Firewall Driver;c:\windows\System32\drivers\afw.sys [15.8.2009 16:11 29208]
R1 SandBox;SandBox;c:\windows\System32\drivers\SandBox.sys [15.8.2009 16:13 714112]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\System32\drivers\vwififlt.sys [14.7.2009 0:52 48128]
R2 acssrv;Agnitum Client Security Service;c:\progra~1\Agnitum\OUTPOS~1\acs.exe [15.8.2009 16:11 1338560]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [15.8.2009 15:47 108289]
R2 OMSI download service;Sony Ericsson OMSI download service;c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [27.11.2009 17:54 90112]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [15.8.2009 16:35 1153368]
R2 vmci;VMware vmci;c:\windows\System32\drivers\vmci.sys [22.10.2009 5:00 70704]
R3 afwcore;afwcore;c:\windows\System32\drivers\afwcore.sys [15.8.2009 16:13 318488]
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\System32\drivers\seehcri.sys [27.11.2009 17:54 27632]
R3 VCSVADHWSer;Avnex Virtual Audio Device (WDM);c:\windows\System32\drivers\vcsvad.sys [19.1.2010 21:50 17792]
S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files\Common Files\VMware\USB\vmware-usbarbitrator.exe [22.10.2009 3:47 563760]
S3 ASWFilt;ASWFilt;c:\windows\System32\Filt\ASWFilt.dll [15.8.2009 16:13 33920]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\MAGIX\Common\Database\bin\fbserver.exe [16.8.2009 18:31 1527900]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\System32\FsUsbExDisk.Sys [16.9.2009 19:09 36608]
S3 FsUsbExService;FsUsbExService;c:\windows\System32\FsUsbExService.Exe [16.9.2009 19:09 233472]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [24.9.2009 12:17 1181328]
S3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\System32\drivers\s1018bus.sys [27.11.2009 17:54 86824]
S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\System32\drivers\s1018mdfl.sys [27.11.2009 17:54 15016]
S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\System32\drivers\s1018mdm.sys [27.11.2009 17:54 114728]
S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\System32\drivers\s1018mgmt.sys [27.11.2009 17:54 106208]
S3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\System32\drivers\s1018nd5.sys [27.11.2009 17:54 26024]
S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\System32\drivers\s1018obex.sys [27.11.2009 17:54 104744]
S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\System32\drivers\s1018unic.sys [27.11.2009 17:54 109864]
S3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\System32\drivers\ss_bbus.sys [16.9.2009 19:10 90112]
S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\System32\drivers\ss_bmdfl.sys [16.9.2009 19:10 14976]
S3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\System32\drivers\ss_bmdm.sys [16.9.2009 19:10 121856]
S3 vpcuxd;USB Virtualization Stub Service;c:\windows\System32\drivers\vpcuxd.sys [10.11.2009 17:17 12800]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\System32\drivers\vwifimp.sys [14.7.2009 0:52 14336]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\System32\drivers\yk62x86.sys [13.7.2009 23:02 311296]
S4 AMD External Events Utility;AMD External Events Utility;c:\windows\System32\atiesrxx.exe [15.12.2009 0:46 172032]
S4 sptd;sptd;c:\windows\System32\drivers\sptd.sys [2.2.2010 17:01 691696]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Obsah adresáře 'Naplánované úlohy'
2010-01-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2042303748-983762039-2973062252-1004Core.job
- c:\users\s\AppData\Local\Google\Update\GoogleUpdate.exe [2009-12-22 21:05]
2010-01-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2042303748-983762039-2973062252-1004UA.job
- c:\users\s\AppData\Local\Google\Update\GoogleUpdate.exe [2009-12-22 21:05]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://club.geewa.com/sk/
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
LSP: c:\program files\VMware\VMware Workstation\vsocklib.dll
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
SafeBoot-dmboot.sys
SafeBoot-dmio.sys
SafeBoot-dmload.sys
SafeBoot-dmadmin
SafeBoot-dmserver
SafeBoot-SRService
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'Explorer.exe'(1080)
c:\program files\Vista Start Menu\VistaStartMenu.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\windows\system32\vmnat.exe
c:\program files\VMware\VMware Workstation\vmware-authd.exe
c:\windows\system32\vmnetdhcp.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
.
**************************************************************************
.
Celkový čas: 2010-02-20 10:36:52 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-02-20 09:36
ComboFix2.txt 2010-01-05 19:40
Před spuštěním: Volných bajtů: 152 973 238 272
Po spuštění: Volných bajtů: 153 011 355 648
- - End Of File - - FE9F81E7CF3F7C96C76E7880FA4579D2
-
Rudy
- Site Admin
- Příspěvky: 119402
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Prosím o kontrolu logu - podozrenie na Backdoor.Tidserv
4 položky smazány, 1 soubor překopírován ze zálohy. Zbytek logu vypadá čistý.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
-
666_peter_666
- Návštěvník
- Příspěvky: 32
- Registrován: 25 kvě 2006 08:27
Re: Prosím o kontrolu logu - podozrenie na Backdoor.Tidserv
Vyzerá, že Combofix to vyčistil, stiahol som a nainštaloval aj tú problematickú záplatu KB977165, už je to OK. Bez tej záplaty by som asi ani nevedel, že mám v systéme rootkit.
Velmi pekne Vám ďakujem za pomoc,
Peter
Velmi pekne Vám ďakujem za pomoc,
Peter
-
Rudy
- Site Admin
- Příspěvky: 119402
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Prosím o kontrolu logu - podozrenie na Backdoor.Tidserv
Nemáte zač!
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Přispějete na provoz fóra?