Avast - problem

Zpráva

ravirX · #1 Příspěvek od **ravirX** » 23 úno 2010 19:38

Nainštaloval som si avast free antivirus a hlási mi toto:
Obrázek

Keď dám opraviť alebo zapnúť tak sa nič neopraví... a keď si zapnem outlook tak sa to same opraví:
Obrázek

ale keď zatvorím outlook tak zase sa vypne mailový štít...

Predtým nez som nainštaloval avast free antivirus som skusil avast pro antivirus alebo avast internet security (nie som si isty ktorú verziu) a tam som mal problem z Firewallom tak preto som to odinštaloval. No a teraz som skusil avast free antivirus a teraz tento problem. Tiež počítač sa dlkšie zapínal po nainštalovaní avastu... V čom je chyba? ďakujem

#2 Příspěvek od **Rudy** » 23 úno 2010 20:05

Dejte log z RSIT: http://viry.cz/forum/viewtopic.php?f=24&t=81939 .

ravirX · #3 Příspěvek od **ravirX** » 25 úno 2010 09:08

Na čo je dobry tento log? Keďže mi avast blbol tak teraz tam mam pre istotu aviru pokial sa nevyriesi problem s avastom dufam že nevadí (myslim tým že či kvoli tomu logu tam mam mat avast ). ak ano tak to preinštalujem.

Logfile of random's system information tool 1.06 (written by random/random)
Run by Rasto at 2010-02-25 08:58:01
Microsoft Windows 7 Ultimate Service Pack 2
System drive C: has 23 GB (57%) free of 40 GB
Total RAM: 2047 MB (64% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:58:06, on 25. 2. 2010
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
C:\Program Files\CyberLink\Shared Files\brs.exe
C:\Program Files\Mobility Manager\MobilityManager.exe
C:\Program Files\Mobility Manager\jre\bin\javaw.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe
C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
C:\Program Files\Adobe\Adobe Bridge CS4\Bridge.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\System32\msdt.exe
C:\Windows\System32\sdiagnhost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\taskeng.exe
C:\Users\Rasto\Desktop\RSIT.exe
C:\Program Files\trend micro\Rasto.exe
C:\Windows\system32\DllHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\ProgramData\LangSoft\WebIE.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\ProgramData\LangSoft\WebIE.dll
O4 - HKLM\..\Run: [RemoteControl8] "C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe"
O4 - HKLM\..\Run: [PDVD8LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe"
O4 - HKLM\..\Run: [BDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe
O4 - HKLM\..\Run: [MobilityManager] C:\Program Files\Mobility Manager\MobilityManager
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Google Update] "C:\Users\Rasto\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [SpywareTerminatorUpdate] "C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe"
O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon
O4 - HKCU\..\Run: [AdobeBridge] "C:\Program Files\Adobe\Adobe Bridge CS4\Bridge.exe" -stealth
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: &Nastaviť prekladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: Preložiť &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: Preložiť &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\ProgramData\LangSoft\WebIE.dll
O13 - Gopher Prefix:
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: FMMService - Flarion Technologies, Inc. - C:\PROGRA~1\MOBILI~1\FMMSER~1.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: Sony Ericsson OMSI download service (OMSI download service) - Unknown owner - C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe

--
End of file - 7476 bytes

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3739804143-2010650947-3799046463-1000Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3739804143-2010650947-3799046463-1000UA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-12-21 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2DB66063-BB98-466A-AA0D-3E7ACF5ED853}]
WebTransBHO Class - C:\ProgramData\LangSoft\WebIE.dll [2010-01-16 503808]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{BFC32E1D-EE75-4A48-BC60-104E11EE2431} - WebTranslator - C:\ProgramData\LangSoft\WebIE.dll [2010-01-16 503808]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RemoteControl8"=C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe [2008-03-20 83240]
"PDVD8LanguageShortcut"=C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe [2007-12-14 50472]
"BDRegion"=C:\Program Files\Cyberlink\Shared Files\brs.exe [2008-05-19 91432]
"MobilityManager"=C:\Program Files\Mobility Manager\MobilityManager []
"SpywareTerminator"=C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe [2010-01-23 2166784]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-03-28 413696]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-12-22 35760]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-12-11 948672]
"AdobeCS4ServiceManager"=C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [2008-08-14 611712]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"OEXPRESS"= []
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-07-14 1173504]
"Google Update"=C:\Users\Rasto\AppData\Local\Google\Update\GoogleUpdate.exe [2010-01-16 135664]
"RocketDock"=C:\Program Files\RocketDock\RocketDock.exe [2007-09-02 495616]
"LightScribe Control Panel"=C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2008-06-09 2363392]
"SpywareTerminatorUpdate"=C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe [2010-01-23 3037696]
"Sony Ericsson PC Suite"=C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe [2009-09-24 434176]
"AdobeBridge"=C:\Program Files\Adobe\Adobe Bridge CS4\Bridge.exe [2008-08-28 13145448]

C:\Users\Rasto\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
OpenOffice.org 3.1.lnk - C:\Program Files\OpenOffice.org 3\program\quickstart.exe

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EFS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Power]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcEptMapper]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vmms]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AppInfo]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\BFE]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\bowser]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\dfsc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Dot3Svc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Eaphost]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\EFS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\IKEEXT]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\KeyIso]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MPSDrv]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MPSSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mrxsmb]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mrxsmb10]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mrxsmb20]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NativeWifiP]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ndiscap]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\netprofm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NlaSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Nsi]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nsiproxy.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NTDS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PolicyAgent]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Power]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ProfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\rdbss]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\rdpencdd.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\RpcEptMapper]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sacsvr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SCardSvr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SWPRV]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TabletInputService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TBS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TrustedInstaller]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\VaultSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\VDS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vmms]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\volmgr.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\volmgrx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wlansvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{50DD5230-BA8A-11D1-BF5D-0000F805F530}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2010-02-25 07:36:14 ----D---- C:\Program Files\trend micro
2010-02-25 07:36:13 ----D---- C:\rsit
2010-02-24 20:54:47 ----A---- C:\Windows\system32\tzres.dll
2010-02-24 20:54:39 ----A---- C:\Windows\system32\jscript.dll
2010-02-22 18:36:04 ----D---- C:\ProgramData\Avira
2010-02-22 18:36:04 ----D---- C:\Program Files\Avira
2010-02-22 16:17:25 ----A---- C:\Windows\system32\avaC357.tmp
2010-02-22 16:17:24 ----A---- C:\Windows\system32\aswC1DF.tmp
2010-02-19 15:43:38 ----D---- C:\ProgramData\FLEXnet
2010-02-19 15:29:44 ----D---- C:\Program Files\Adobe Media Player
2010-02-19 15:24:56 ----D---- C:\Program Files\Common Files\Adobe AIR
2010-02-19 15:19:13 ----D---- C:\Program Files\Common Files\Macrovision Shared
2010-02-18 19:10:33 ----D---- C:\Program Files\SlySoft
2010-02-11 10:55:38 ----A---- C:\Windows\system32\kernel32.dll
2010-02-11 10:55:36 ----A---- C:\Windows\system32\ntkrnlpa.exe
2010-02-11 10:55:34 ----A---- C:\Windows\system32\apphelp.dll
2010-02-11 10:55:33 ----A---- C:\Windows\system32\ntoskrnl.exe
2010-02-11 10:55:27 ----A---- C:\Windows\system32\quartz.dll
2010-02-11 10:55:26 ----A---- C:\Windows\system32\msyuv.dll
2010-02-11 10:55:26 ----A---- C:\Windows\system32\msvidc32.dll
2010-02-11 10:55:26 ----A---- C:\Windows\system32\mciavi32.dll
2010-02-11 10:55:26 ----A---- C:\Windows\system32\iyuv_32.dll
2010-02-11 10:55:26 ----A---- C:\Windows\system32\avifil32.dll
2010-02-11 10:55:25 ----A---- C:\Windows\system32\tsbyuv.dll
2010-02-11 10:55:25 ----A---- C:\Windows\system32\msrle32.dll
2010-02-07 20:04:51 ----D---- C:\Program Files\Google
2010-02-05 13:07:50 ----D---- C:\Users\Rasto\AppData\Roaming\LG Electronics
2010-02-05 13:03:56 ----D---- C:\Program Files\LG Electronics
2010-02-05 13:02:58 ----D---- C:\Program Files\Common Files\InstallShield
2010-02-05 12:59:48 ----D---- C:\Program Files\LG PC Suite 2
2010-02-02 21:01:21 ----D---- C:\Users\Rasto\AppData\Roaming\IrfanView
2010-02-02 21:01:20 ----D---- C:\Program Files\IrfanView
2010-02-01 11:51:26 ----A---- C:\Windows\system32\PnkBstrA.exe
2010-01-31 15:38:08 ----A---- C:\Windows\system32\PnkBstrB.exe
2010-01-31 14:52:23 ----D---- C:\Users\Rasto\AppData\Roaming\Leadertech
2010-01-31 14:25:17 ----A---- C:\Windows\system32\XAudio2_0.dll
2010-01-31 14:25:16 ----A---- C:\Windows\system32\xactengine3_0.dll
2010-01-31 14:25:16 ----A---- C:\Windows\system32\X3DAudio1_3.dll
2010-01-31 14:25:15 ----A---- C:\Windows\system32\d3dx10_37.dll
2010-01-31 14:25:15 ----A---- C:\Windows\system32\D3DCompiler_37.dll
2010-01-31 14:25:14 ----A---- C:\Windows\system32\xactengine2_10.dll
2010-01-31 14:25:14 ----A---- C:\Windows\system32\D3DX9_37.dll
2010-01-31 14:25:13 ----A---- C:\Windows\system32\d3dx10_36.dll
2010-01-31 14:25:13 ----A---- C:\Windows\system32\D3DCompiler_36.dll
2010-01-31 14:25:12 ----A---- C:\Windows\system32\d3dx9_36.dll
2010-01-31 14:25:11 ----A---- C:\Windows\system32\xactengine2_9.dll
2010-01-31 14:25:10 ----A---- C:\Windows\system32\d3dx10_35.dll
2010-01-31 14:25:10 ----A---- C:\Windows\system32\D3DCompiler_35.dll
2010-01-31 14:25:09 ----A---- C:\Windows\system32\d3dx9_35.dll
2010-01-31 14:25:08 ----A---- C:\Windows\system32\xactengine2_8.dll
2010-01-31 14:25:08 ----A---- C:\Windows\system32\X3DAudio1_2.dll
2010-01-31 14:25:07 ----A---- C:\Windows\system32\d3dx10_34.dll
2010-01-31 14:25:07 ----A---- C:\Windows\system32\D3DCompiler_34.dll
2010-01-31 14:25:06 ----A---- C:\Windows\system32\xinput1_3.dll
2010-01-31 14:25:06 ----A---- C:\Windows\system32\d3dx9_34.dll
2010-01-31 14:25:05 ----A---- C:\Windows\system32\xactengine2_7.dll
2010-01-31 14:25:05 ----A---- C:\Windows\system32\d3dx10_33.dll
2010-01-31 14:25:04 ----A---- C:\Windows\system32\d3dx9_33.dll
2010-01-31 14:25:04 ----A---- C:\Windows\system32\D3DCompiler_33.dll
2010-01-31 14:25:03 ----A---- C:\Windows\system32\xactengine2_6.dll
2010-01-31 14:25:02 ----A---- C:\Windows\system32\xactengine2_5.dll
2010-01-31 14:25:02 ----A---- C:\Windows\system32\d3dx10.dll
2010-01-31 14:25:01 ----A---- C:\Windows\system32\d3dx9_32.dll
2010-01-31 14:25:00 ----A---- C:\Windows\system32\xactengine2_4.dll
2010-01-31 14:25:00 ----A---- C:\Windows\system32\x3daudio1_1.dll
2010-01-31 14:24:59 ----A---- C:\Windows\system32\d3dx9_31.dll
2010-01-31 14:24:57 ----A---- C:\Windows\system32\xinput1_2.dll
2010-01-31 14:24:57 ----A---- C:\Windows\system32\xactengine2_3.dll
2010-01-31 14:24:56 ----A---- C:\Windows\system32\xinput1_1.dll
2010-01-31 14:24:56 ----A---- C:\Windows\system32\xactengine2_2.dll
2010-01-31 14:24:56 ----A---- C:\Windows\system32\xactengine2_1.dll
2010-01-31 14:24:40 ----A---- C:\Windows\system32\xactengine2_0.dll
2010-01-31 14:24:40 ----A---- C:\Windows\system32\x3daudio1_0.dll
2010-01-31 14:24:39 ----A---- C:\Windows\system32\d3dx9_29.dll
2010-01-31 14:24:38 ----A---- C:\Windows\system32\d3dx9_28.dll
2010-01-31 14:24:37 ----A---- C:\Windows\system32\d3dx9_27.dll
2010-01-31 14:24:36 ----A---- C:\Windows\system32\d3dx9_26.dll
2010-01-31 14:24:35 ----A---- C:\Windows\system32\d3dx9_25.dll
2010-01-31 14:24:35 ----A---- C:\Windows\system32\d3dx9_24.dll
2010-01-30 20:42:57 ----D---- C:\Program Files\Adobe
2010-01-27 21:00:59 ----A---- C:\Windows\system32\winlogon.exe
2010-01-27 21:00:59 ----A---- C:\Windows\explorer.exe
2010-01-26 18:10:34 ----A---- C:\ProgramData\hpe9E7A.dll

======List of files/folders modified in the last 1 months======

2010-02-25 08:58:03 ----D---- C:\Windows\Temp
2010-02-25 08:57:48 ----D---- C:\Windows\system32\Tasks
2010-02-25 07:36:14 ----RD---- C:\Program Files
2010-02-25 07:34:27 ----D---- C:\Windows\System32
2010-02-25 07:34:27 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-02-25 07:34:26 ----D---- C:\Windows\inf
2010-02-24 21:47:05 ----D---- C:\Windows\system32\config
2010-02-24 20:58:42 ----D---- C:\Windows\winsxs
2010-02-24 20:55:34 ----D---- C:\Windows\system32\sk-SK
2010-02-24 20:55:23 ----SHD---- C:\System Volume Information
2010-02-24 20:54:31 ----D---- C:\Windows\system32\catroot
2010-02-24 20:37:54 ----D---- C:\Users\Rasto\AppData\Roaming\Spyware Terminator
2010-02-23 18:18:37 ----D---- C:\ProgramData\Spyware Terminator
2010-02-23 17:46:03 ----AD---- C:\Windows
2010-02-22 18:36:13 ----D---- C:\Windows\system32\drivers
2010-02-22 18:36:04 ----HD---- C:\ProgramData
2010-02-22 18:33:13 ----SHD---- C:\Windows\Installer
2010-02-22 16:59:36 ----D---- C:\Windows\Minidump
2010-02-22 16:59:36 ----D---- C:\Windows\debug
2010-02-22 16:17:19 ----D---- C:\Program Files\Alwil Software
2010-02-21 16:20:03 ----D---- C:\Program Files\Spyware Terminator
2010-02-21 16:18:18 ----D---- C:\Windows\Tasks
2010-02-21 16:18:18 ----D---- C:\Windows\system32\wfp
2010-02-21 16:18:18 ----D---- C:\Windows\system32\wbem
2010-02-21 16:18:18 ----D---- C:\Windows\system32\DriverStore
2010-02-21 16:18:18 ----D---- C:\Windows\system32\catroot2
2010-02-21 16:18:14 ----D---- C:\Windows\registration
2010-02-21 16:15:08 ----D---- C:\Windows\system32\LogFiles
2010-02-20 20:11:30 ----D---- C:\Users\Rasto\AppData\Roaming\Adobe
2010-02-19 15:33:14 ----D---- C:\ProgramData\Adobe
2010-02-19 15:31:14 ----D---- C:\Program Files\Common Files\Adobe
2010-02-19 15:28:36 ----RSD---- C:\Windows\Fonts
2010-02-19 15:24:56 ----D---- C:\Program Files\Common Files
2010-02-18 19:14:39 ----D---- C:\Windows\Prefetch
2010-02-13 13:12:18 ----D---- C:\Users\Rasto\AppData\Roaming\gtk-2.0
2010-02-07 14:24:07 ----D---- C:\Windows\system32\wdi
2010-02-05 13:03:56 ----HD---- C:\Program Files\InstallShield Installation Information
2010-02-01 20:26:20 ----A---- C:\Windows\system32\MRT.exe
2010-01-31 14:24:55 ----RSD---- C:\Windows\assembly
2010-01-31 14:24:42 ----D---- C:\Windows\Microsoft.NET
2010-01-27 21:12:25 ----D---- C:\Program Files\Mozilla Firefox
2010-01-26 18:10:09 ----D---- C:\Program Files\Sony Ericsson
2010-01-26 18:09:31 ----D---- C:\Program Files\Avanquest update

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys [2009-02-13 11608]
R1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [2009-03-30 96104]
R1 blbdrive;blbdrive; C:\Windows\system32\DRIVERS\blbdrive.sys [2009-07-14 35328]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2009-07-14 387584]
R1 DfsC;@%systemroot%\system32\drivers\dfsc.sys,-101; C:\Windows\System32\Drivers\dfsc.sys [2009-07-14 78336]
R1 discache;@%systemroot%\system32\drivers\discache.sys,-102; C:\Windows\System32\drivers\discache.sys [2009-07-14 32256]
R1 nsiproxy;@%SystemRoot%\system32\drivers\nsiproxy.sys,-2; C:\Windows\system32\drivers\nsiproxy.sys [2009-07-14 16896]
R1 RDPENCDD;@%systemroot%\system32\drivers\RDPENCDD.sys,-101; C:\Windows\system32\drivers\rdpencdd.sys [2009-07-14 6656]
R1 RDPREFMP;@%systemroot%\system32\drivers\RdpRefMp.sys,-101; C:\Windows\system32\drivers\rdprefmp.sys [2009-07-14 7168]
R1 sp_rsdrv2;Spyware Terminator Driver 2; \??\C:\Windows\system32\drivers\sp_rsdrv2.sys [2010-01-23 142592]
R1 ssmdrv;ssmdrv; C:\Windows\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520]
R1 tdx;@%SystemRoot%\system32\tcpipcfg.dll,-50004; C:\Windows\system32\DRIVERS\tdx.sys [2009-07-14 74240]
R1 Wanarpv6;@%systemroot%\system32\rascfg.dll,-32012; C:\Windows\system32\DRIVERS\wanarp.sys [2009-07-14 63488]
R1 WfpLwf;WFP Lightweight Filter; C:\Windows\system32\DRIVERS\wfplwf.sys [2009-07-14 9728]
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}; \??\C:\Program Files\CyberLink\PowerDVD8\000.fcl [2008-05-15 61424]
R2 adfs;adfs; C:\Windows\system32\drivers\adfs.sys [2008-08-14 74720]
R2 avgntflt;avgntflt; C:\Windows\system32\DRIVERS\avgntflt.sys [2009-11-25 56816]
R2 lltdio;Link-Layer Topology Discovery Mapper I/O Driver; C:\Windows\system32\DRIVERS\lltdio.sys [2009-07-14 48128]
R2 luafv;@%systemroot%\system32\drivers\luafv.sys,-100; C:\Windows\system32\drivers\luafv.sys [2009-07-14 86528]
R2 PEAUTH;PEAUTH; C:\Windows\system32\drivers\peauth.sys [2009-07-14 586752]
R2 rspndr;Link-Layer Topology Discovery Responder; C:\Windows\system32\DRIVERS\rspndr.sys [2009-07-14 60928]
R2 tcpipreg;TCP/IP Registry Compatibility; C:\Windows\System32\drivers\tcpipreg.sys [2009-07-14 34816]
R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2009-07-13 4194816]
R3 bowser;@%systemroot%\system32\browser.dll,-102; C:\Windows\system32\DRIVERS\bowser.sys [2009-07-14 69632]
R3 CompositeBus;Composite Bus Enumerator Driver; C:\Windows\system32\DRIVERS\CompositeBus.sys [2009-07-14 31232]
R3 DXGKrnl;LDDM Graphics Subsystem; C:\Windows\System32\drivers\dxgkrnl.sys [2009-10-02 728648]
R3 FlrnUSB;Leadtek USB Network Interface; C:\Windows\system32\DRIVERS\LtkUSB.sys [2008-05-14 41907]
R3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2009-07-14 304128]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\Windows\system32\DRIVERS\HDAudBus.sys [2009-07-14 108544]
R3 HidUsb;Microsoft HID Class Driver; C:\Windows\system32\DRIVERS\hidusb.sys [2009-07-14 24064]
R3 intelppm;Intel Processor Driver; C:\Windows\system32\DRIVERS\intelppm.sys [2009-07-14 53760]
R3 monitor;Microsoft Monitor Class Function Driver Service; C:\Windows\system32\DRIVERS\monitor.sys [2009-07-14 23552]
R3 mouhid;Mouse HID Driver; C:\Windows\system32\DRIVERS\mouhid.sys [2009-07-14 26112]
R3 mpsdrv;@%SystemRoot%\system32\FirewallAPI.dll,-23092; C:\Windows\System32\drivers\mpsdrv.sys [2009-07-14 60416]
R3 mrxsmb10;@%systemroot%\system32\wkssvc.dll,-1004; C:\Windows\system32\DRIVERS\mrxsmb10.sys [2010-01-08 221184]
R3 mrxsmb20;@%systemroot%\system32\wkssvc.dll,-1006; C:\Windows\system32\DRIVERS\mrxsmb20.sys [2009-07-14 95744]
R3 RasAgileVpn;WAN Miniport (IKEv2); C:\Windows\system32\DRIVERS\AgileVpn.sys [2009-07-14 49152]
R3 RasSstp;@%systemroot%\system32\sstpsvc.dll,-202; C:\Windows\system32\DRIVERS\rassstp.sys [2009-07-14 75264]
R3 rdpbus;Remote Desktop Device Redirector Bus Driver; C:\Windows\system32\DRIVERS\rdpbus.sys [2009-07-14 18944]
R3 seehcri;Sony Ericsson seehcri Device Driver; C:\Windows\system32\DRIVERS\seehcri.sys [2008-01-09 27632]
R3 srv2;@%systemroot%\system32\srvsvc.dll,-104; C:\Windows\System32\DRIVERS\srv2.sys [2009-07-14 306688]
R3 srvnet;srvnet; C:\Windows\System32\DRIVERS\srvnet.sys [2009-12-08 113664]
R3 tunnel;Microsoft Tunnel Miniport Adapter Driver; C:\Windows\system32\DRIVERS\tunnel.sys [2009-07-14 108544]
R3 umbus;UMBus Enumerator Driver; C:\Windows\system32\DRIVERS\umbus.sys [2009-07-14 39936]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\Windows\system32\DRIVERS\usbehci.sys [2009-07-14 41472]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\Windows\system32\DRIVERS\usbhub.sys [2009-07-14 258560]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\Windows\system32\DRIVERS\usbuhci.sys [2009-07-14 24064]
R3 WudfPf;User Mode Driver Frameworks Platform Driver; C:\Windows\system32\drivers\WudfPf.sys [2009-07-14 92672]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller; C:\Windows\system32\DRIVERS\yk62x86.sys [2009-09-28 315392]
S3 1394ohci;1394 OHCI Compliant Host Controller; C:\Windows\system32\DRIVERS\1394ohci.sys [2009-07-14 163328]
S3 AcpiPmi;ACPI Power Meter Driver; C:\Windows\system32\DRIVERS\acpipmi.sys [2009-07-14 9728]
S3 adp94xx;adp94xx; C:\Windows\system32\DRIVERS\adp94xx.sys [2009-07-14 422976]
S3 adpahci;adpahci; C:\Windows\system32\DRIVERS\adpahci.sys [2009-07-14 297552]
S3 adpu320;adpu320; C:\Windows\system32\DRIVERS\adpu320.sys [2009-07-14 146512]
S3 agp440;Intel AGP Bus Filter; C:\Windows\system32\DRIVERS\agp440.sys [2009-07-14 53312]
S3 amdagp;AMD AGP Bus Filter Driver; C:\Windows\system32\DRIVERS\amdagp.sys [2009-07-14 53312]
S3 amdide;amdide; C:\Windows\system32\DRIVERS\amdide.sys [2009-07-14 14912]
S3 AmdK8;AMD K8 Processor Driver; C:\Windows\system32\DRIVERS\amdk8.sys [2009-07-14 55296]
S3 AmdPPM;AMD Processor Driver; C:\Windows\system32\DRIVERS\amdppm.sys [2009-07-14 52736]
S3 amdsata;amdsata; C:\Windows\system32\DRIVERS\amdsata.sys [2009-07-14 79952]
S3 amdsbs;amdsbs; C:\Windows\system32\DRIVERS\amdsbs.sys [2009-07-14 159312]
S3 AppID;@%systemroot%\system32\appidsvc.dll,-102; C:\Windows\system32\drivers\appid.sys [2009-07-14 50176]
S3 arc;arc; C:\Windows\system32\DRIVERS\arc.sys [2009-07-14 76368]
S3 arcsas;arcsas; C:\Windows\system32\DRIVERS\arcsas.sys [2009-07-14 86608]
S3 b06bdrv;Broadcom NetXtreme II VBD; C:\Windows\system32\DRIVERS\bxvbdx.sys [2009-07-13 430080]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-13 229888]
S3 BrFiltLo;Brother USB Mass-Storage Lower Filter Driver; C:\Windows\system32\DRIVERS\BrFiltLo.sys [2009-07-13 13568]
S3 BrFiltUp;Brother USB Mass-Storage Upper Filter Driver; C:\Windows\system32\DRIVERS\BrFiltUp.sys [2009-07-13 5248]
S3 Brserid;Brother MFC Serial Port Interface Driver (WDM); C:\Windows\System32\Drivers\Brserid.sys [2009-07-14 272128]
S3 BrSerWdm;Brother WDM Serial driver; C:\Windows\System32\Drivers\BrSerWdm.sys [2009-07-13 62336]
S3 BrUsbMdm;Brother MFC USB Fax Only Modem; C:\Windows\System32\Drivers\BrUsbMdm.sys [2009-07-13 12160]
S3 BrUsbSer;Brother MFC USB Serial WDM Driver; C:\Windows\System32\Drivers\BrUsbSer.sys [2009-07-13 11904]
S3 BTHMODEM;Bluetooth Serial Communications Driver; C:\Windows\system32\DRIVERS\bthmodem.sys [2009-07-14 56320]
S3 circlass;Consumer IR Devices; C:\Windows\system32\DRIVERS\circlass.sys [2009-07-14 37888]
S3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\Windows\system32\DRIVERS\CmBatt.sys [2009-07-14 14080]
S3 Compbatt;Compbatt; C:\Windows\system32\DRIVERS\compbatt.sys [2009-07-14 19024]
S3 ebdrv;Broadcom NetXtreme II 10 GigE VBD; C:\Windows\system32\DRIVERS\evbdx.sys [2009-07-13 3100160]
S3 elxstor;elxstor; C:\Windows\system32\DRIVERS\elxstor.sys [2009-07-14 453712]
S3 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\DRIVERS\errdev.sys [2009-07-14 7168]
S3 exfat;exFAT File System Driver; C:\Windows\system32\drivers\exfat.sys [2009-07-14 142336]
S3 Filetrace;@%SystemRoot%\system32\drivers\filetrace.sys,-10001; C:\Windows\system32\drivers\filetrace.sys [2009-07-14 28160]
S3 FsDepends;@%SystemRoot%\system32\drivers\fsdepends.sys,-10001; C:\Windows\System32\drivers\FsDepends.sys [2009-07-14 46160]
S3 gagp30kx;Microsoft Generic AGPv3.0 Filter for K8 Processor Platforms; C:\Windows\system32\DRIVERS\gagp30kx.sys [2009-07-14 57936]
S3 hcw85cir;Hauppauge Consumer Infrared Receiver; C:\Windows\system32\drivers\hcw85cir.sys [2009-07-13 26624]
S3 HidBatt;HID UPS Battery Driver; C:\Windows\system32\DRIVERS\HidBatt.sys [2009-07-14 21504]
S3 HidBth;Microsoft Bluetooth HID Miniport; C:\Windows\system32\DRIVERS\hidbth.sys [2009-07-14 91136]
S3 HidIr;Microsoft Infrared HID Driver; C:\Windows\system32\DRIVERS\hidir.sys [2009-07-14 37888]
S3 HpSAMD;HpSAMD; C:\Windows\system32\DRIVERS\HpSAMD.sys [2009-07-14 67152]
S3 iaStorV;iaStorV; C:\Windows\system32\DRIVERS\iaStorV.sys [2009-07-14 332352]
S3 iirsp;iirsp; C:\Windows\system32\DRIVERS\iirsp.sys [2009-07-14 41040]
S3 IPMIDRV;IPMIDRV; C:\Windows\system32\DRIVERS\IPMIDrv.sys [2009-07-14 65536]
S3 isapnp;isapnp; C:\Windows\system32\DRIVERS\isapnp.sys [2009-07-14 46656]
S3 iScsiPrt;iScsiPort Driver; C:\Windows\system32\DRIVERS\msiscsi.sys [2009-07-14 186960]
S3 kbdhid;Keyboard HID Driver; C:\Windows\system32\DRIVERS\kbdhid.sys [2009-07-14 28160]
S3 LSI_FC;LSI_FC; C:\Windows\system32\DRIVERS\lsi_fc.sys [2009-07-14 95824]
S3 LSI_SAS;LSI_SAS; C:\Windows\system32\DRIVERS\lsi_sas.sys [2009-07-14 89168]
S3 LSI_SAS2;LSI_SAS2; C:\Windows\system32\DRIVERS\lsi_sas2.sys [2009-07-14 54864]
S3 LSI_SCSI;LSI_SCSI; C:\Windows\system32\DRIVERS\lsi_scsi.sys [2009-07-14 96848]
S3 megasas;megasas; C:\Windows\system32\DRIVERS\megasas.sys [2009-07-14 30800]
S3 MegaSR;MegaSR; C:\Windows\system32\DRIVERS\MegaSR.sys [2009-07-14 235584]
S3 mpio;mpio; C:\Windows\system32\DRIVERS\mpio.sys [2009-07-14 130624]
S3 msahci;msahci; C:\Windows\system32\DRIVERS\msahci.sys [2009-07-14 27712]
S3 msdsm;msdsm; C:\Windows\system32\DRIVERS\msdsm.sys [2009-07-14 115792]
S3 mshidkmdf;@%SystemRoot%\system32\drivers\mshidkmdf.sys,-100; C:\Windows\System32\drivers\mshidkmdf.sys [2009-07-14 4096]
S3 MsRPC;MsRPC; C:\Windows\system32\drivers\MsRPC.sys [2009-07-14 162896]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2009-07-14 6144]
S3 MTConfig;Microsoft Input Configuration Driver; C:\Windows\system32\DRIVERS\MTConfig.sys [2009-07-14 12288]
S3 NativeWifiP;NativeWiFi Filter; C:\Windows\system32\DRIVERS\nwifi.sys [2009-07-14 267264]
S3 NdisCap;NDIS Capture LightWeight Filter; C:\Windows\system32\DRIVERS\ndiscap.sys [2009-07-14 27136]
S3 nfrd960;nfrd960; C:\Windows\system32\DRIVERS\nfrd960.sys [2009-07-14 44624]
S3 nv_agp;NVIDIA nForce AGP Bus Filter; C:\Windows\system32\DRIVERS\nv_agp.sys [2009-07-14 105024]
S3 nvraid;nvraid; C:\Windows\system32\DRIVERS\nvraid.sys [2009-07-14 117312]
S3 nvstor;nvstor; C:\Windows\system32\DRIVERS\nvstor.sys [2009-07-14 142416]
S3 ohci1394;1394 OHCI Compliant Host Controller (Legacy); C:\Windows\system32\DRIVERS\ohci1394.sys [2009-07-14 62464]
S3 ql2300;ql2300; C:\Windows\system32\DRIVERS\ql2300.sys [2009-07-14 1383488]
S3 ql40xx;ql40xx; C:\Windows\system32\DRIVERS\ql40xx.sys [2009-07-14 106064]
S3 QWAVEdrv;@%SystemRoot%\system32\drivers\qwavedrv.sys,-1; C:\Windows\system32\drivers\qwavedrv.sys [2009-07-14 31744]
S3 s1018bus;Sony Ericsson Device 1018 driver (WDM); C:\Windows\system32\DRIVERS\s1018bus.sys [2008-11-04 86696]
S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter; C:\Windows\system32\DRIVERS\s1018mdfl.sys [2008-11-04 15016]
S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver; C:\Windows\system32\DRIVERS\s1018mdm.sys [2008-11-04 114472]
S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM); C:\Windows\system32\DRIVERS\s1018mgmt.sys [2008-11-04 108200]
S3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS); C:\Windows\system32\DRIVERS\s1018nd5.sys [2008-11-04 26024]
S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface; C:\Windows\system32\DRIVERS\s1018obex.sys [2008-11-04 104616]
S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM); C:\Windows\system32\DRIVERS\s1018unic.sys [2008-11-04 109736]
S3 s3cap;s3cap; C:\Windows\system32\DRIVERS\vms3cap.sys [2009-07-14 5632]
S3 sbp2port;sbp2port; C:\Windows\system32\DRIVERS\sbp2port.sys [2009-07-14 85568]
S3 scfilter;@%SystemRoot%\System32\drivers\scfilter.sys,-11; C:\Windows\System32\DRIVERS\scfilter.sys [2009-07-14 26624]
S3 sermouse;Serial Mouse Driver; C:\Windows\system32\DRIVERS\sermouse.sys [2009-07-14 19968]
S3 sffdisk;SFF Storage Class Driver; C:\Windows\system32\DRIVERS\sffdisk.sys [2009-07-14 11264]
S3 sffp_mmc;SFF Storage Protocol Driver for MMC; C:\Windows\system32\DRIVERS\sffp_mmc.sys [2009-07-14 12288]
S3 sffp_sd;SFF Storage Protocol Driver for SDBus; C:\Windows\system32\DRIVERS\sffp_sd.sys [2009-07-14 12800]
S3 sisagp;SIS AGP Bus Filter; C:\Windows\system32\DRIVERS\sisagp.sys [2009-07-14 52304]
S3 SiSRaid2;SiSRaid2; C:\Windows\system32\DRIVERS\SiSRaid2.sys [2009-07-14 40016]
S3 SiSRaid4;SiSRaid4; C:\Windows\system32\DRIVERS\sisraid4.sys [2009-07-14 77888]
S3 Smb;@%SystemRoot%\system32\tcpipcfg.dll,-50005; C:\Windows\system32\DRIVERS\smb.sys [2009-07-14 71168]
S3 stexstor;stexstor; C:\Windows\system32\DRIVERS\stexstor.sys [2009-07-14 21072]
S3 storvsc;storvsc; C:\Windows\system32\DRIVERS\storvsc.sys [2009-07-14 28224]
S3 TCPIP6;Microsoft IPv6 Protocol Driver; C:\Windows\system32\DRIVERS\tcpip.sys [2009-07-14 1285712]
S3 tssecsrv;@%SystemRoot%\System32\DRIVERS\tssecsrv.sys,-101; C:\Windows\System32\DRIVERS\tssecsrv.sys [2009-07-14 30208]
S3 uagp35;Microsoft AGPv3.5 Filter; C:\Windows\system32\DRIVERS\uagp35.sys [2009-07-14 55888]
S3 uliagpkx;Uli AGP Bus Filter; C:\Windows\system32\DRIVERS\uliagpkx.sys [2009-07-14 57424]
S3 UmPass;Microsoft UMPass Driver; C:\Windows\system32\DRIVERS\umpass.sys [2009-07-14 8192]
S3 usbbus;LGE Mobile Composite USB Device; C:\Windows\system32\DRIVERS\lgusbbus.sys [2007-07-11 12416]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\Windows\system32\DRIVERS\usbccgp.sys [2009-07-14 75264]
S3 usbcir;eHome Infrared Receiver (USBCIR); C:\Windows\system32\DRIVERS\usbcir.sys [2009-07-14 86016]
S3 UsbDiag;LGE Mobile USB Serial Port; C:\Windows\system32\DRIVERS\lgusbdiag.sys [2007-07-11 19840]
S3 USBModem;LGE Mobile USB Modem; C:\Windows\system32\DRIVERS\lgusbmodem.sys [2007-07-11 21632]
S3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\Windows\system32\DRIVERS\usbohci.sys [2009-07-14 20480]
S3 usbprint;Microsoft USB PRINTER Class; C:\Windows\system32\DRIVERS\usbprint.sys [2009-07-14 19968]
S3 USBSTOR;USB Mass Storage Driver; C:\Windows\system32\DRIVERS\USBSTOR.SYS [2009-07-14 74752]
S3 vga;vga; C:\Windows\system32\DRIVERS\vgapnp.sys [2009-07-14 26112]
S3 vhdmp;vhdmp; C:\Windows\system32\DRIVERS\vhdmp.sys [2009-07-14 159824]
S3 viaagp;VIA AGP Bus Filter; C:\Windows\system32\DRIVERS\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]
S3 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\DRIVERS\vmbus.sys [2009-07-14 175824]
S3 VMBusHID;VMBusHID; C:\Windows\system32\DRIVERS\VMBusHID.sys [2009-07-14 17920]
S3 vsmraid;vsmraid; C:\Windows\system32\DRIVERS\vsmraid.sys [2009-07-14 141904]
S3 vwifibus;@%SystemRoot%\System32\drivers\vwifibus.sys,-257; C:\Windows\System32\drivers\vwifibus.sys [2009-07-14 19968]
S3 WacomPen;Wacom Serial Pen HID Driver; C:\Windows\system32\DRIVERS\wacompen.sys [2009-07-14 21632]
S3 Wd;Wd; C:\Windows\system32\DRIVERS\wd.sys [2009-07-14 19024]
S3 WIMMount;WIMMount; C:\Windows\system32\drivers\wimmount.sys [2009-07-14 19008]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2009-07-14 34944]
S3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2009-07-14 11264]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2009-07-14 132224]
S4 crcdisk;Crcdisk Filter Driver; C:\Windows\system32\DRIVERS\crcdisk.sys [2009-07-14 22096]
S4 ws2ifsl;@%systemroot%\System32\drivers\ws2ifsl.sys,-1000; C:\Windows\system32\drivers\ws2ifsl.sys [2009-07-14 16384]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-07-21 185089]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
R2 AudioEndpointBuilder;@%SystemRoot%\system32\audiosrv.dll,-204; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 BFE;@%SystemRoot%\system32\bfe.dll,-1001; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 DPS;@%systemroot%\system32\dps.dll,-500; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 FMMService;FMMService; C:\PROGRA~1\MOBILI~1\FMMSER~1.EXE [2007-12-06 40960]
R2 gpsvc;@gpapi.dll,-112; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R2 iphlpsvc;@%SystemRoot%\system32\iphlpsvc.dll,-500; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2008-06-09 73728]
R2 MMCSS;@%systemroot%\system32\mmcss.dll,-100; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R2 MpsSvc;@%SystemRoot%\system32\FirewallAPI.dll,-23090; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe [2008-09-24 935208]
R2 NlaSvc;@%SystemRoot%\System32\nlasvc.dll,-1; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 nsi;@%SystemRoot%\system32\nsisvc.dll,-200; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R2 OMSI download service;Sony Ericsson OMSI download service; C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [2009-04-30 90112]
R2 PnkBstrA;PnkBstrA; C:\Windows\system32\PnkBstrA.exe [2010-02-01 66872]
R2 Power;@%SystemRoot%\system32\umpo.dll,-100; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R2 ProfSvc;@%systemroot%\system32\profsvc.dll,-300; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R2 RpcEptMapper;@%windir%\system32\RpcEpMap.dll,-1001; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R2 sp_rssrv;Spyware Terminator Realtime Shield Service; C:\Program Files\Spyware Terminator\sp_rsser.exe [2010-01-23 488960]
R2 SysMain;@%SystemRoot%\system32\sysmain.dll,-1000; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R2 UxSms;@%SystemRoot%\system32\dwm.exe,-2000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 WinDefend;@%ProgramFiles%\Windows Defender\MsMpRes.dll,-103; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 WMPNetworkSvc;@%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101; C:\Program Files\Windows Media Player\wmpnetwk.exe [2009-07-14 1121280]
R2 WSearch;@%systemroot%\system32\SearchIndexer.exe,-103; C:\Windows\system32\SearchIndexer.exe [2009-07-14 428032]
R2 wudfsvc;@%SystemRoot%\system32\wudfsvc.dll,-1000; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R3 AeLookupSvc;@%SystemRoot%\system32\aelupsvc.dll,-1; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R3 netprofm;@%SystemRoot%\system32\netprofm.dll,-202; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R3 PcaSvc;@%SystemRoot%\system32\pcasvc.dll,-1; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R3 WdiServiceHost;@%systemroot%\system32\wdi.dll,-502; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S2 sppsvc;@%SystemRoot%\system32\sppsvc.exe,-101; C:\Windows\system32\sppsvc.exe [2009-07-14 3179520]
S3 AppIDSvc;@%systemroot%\system32\appidsvc.dll,-100; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 Appinfo;@%systemroot%\system32\appinfo.dll,-100; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 AxInstSV;@%SystemRoot%\system32\AxInstSV.dll,-103; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 BDESVC;@%SystemRoot%\system32\bdesvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 bthserv;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 CertPropSvc;@%SystemRoot%\System32\certprop.dll,-11; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 clr_optimization_v2.0.50727_32;Microsoft .NET Framework NGEN v2.0.50727_X86; C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2009-06-10 66384]
S3 defragsvc;@%SystemRoot%\system32\defragsvc.dll,-101; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 EFS;@%SystemRoot%\system32\efssvc.dll,-100; C:\Windows\System32\lsass.exe [2009-07-14 22528]
S3 ehRecvr;@%SystemRoot%\ehome\ehrecvr.exe,-101; C:\Windows\ehome\ehRecvr.exe [2009-07-14 557056]
S3 ehSched;@%SystemRoot%\ehome\ehsched.exe,-101; C:\Windows\ehome\ehsched.exe [2009-07-14 94720]
S3 Fax;@%systemroot%\system32\fxsresm.dll,-118; C:\Windows\system32\fxssvc.exe [2009-07-14 522752]
S3 fdPHost;@%systemroot%\system32\fdPHost.dll,-100; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 FDResPub;@%systemroot%\system32\fdrespub.dll,-100; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2010-02-19 655624]
S3 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 FontCache3.0.0.0;@%SystemRoot%\system32\PresentationHost.exe,-3309; C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2009-06-10 42856]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-11-20 136120]
S3 HomeGroupListener;@%SystemRoot%\System32\ListSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 HomeGroupProvider;@%SystemRoot%\System32\provsvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 idsvc;@%systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelInstallRC.dll,-8193; C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2009-06-10 878416]
S3 IKEEXT;@%SystemRoot%\system32\ikeext.dll,-501; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 IPBusEnum;@%systemroot%\system32\IPBusEnum.dll,-102; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 KeyIso;@keyiso.dll,-100; C:\Windows\system32\lsass.exe [2009-07-14 22528]
S3 KtmRm;@comres.dll,-2946; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 lltdsvc;@%SystemRoot%\system32\lltdres.dll,-1; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 MSiSCSI;@%SystemRoot%\system32\iscsidsc.dll,-5000; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 p2pimsvc;@%SystemRoot%\system32\pnrpsvc.dll,-8004; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 p2psvc;@%SystemRoot%\system32\p2psvc.dll,-8006; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 pla;@%systemroot%\system32\pla.dll,-500; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 PNRPAutoReg;@%SystemRoot%\system32\pnrpauto.dll,-8002; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 PNRPsvc;@%SystemRoot%\system32\pnrpsvc.dll,-8000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 QWAVE;@%SystemRoot%\system32\qwave.dll,-1; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 SCPolicySvc;@%SystemRoot%\System32\certprop.dll,-13; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 SDRSVC;@%SystemRoot%\system32\sdrsvc.dll,-107; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 SensrSvc;@%SystemRoot%\System32\sensrsvc.dll,-1000; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 SessionEnv;@%SystemRoot%\System32\SessEnv.dll,-1026; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 SNMPTRAP;@%SystemRoot%\system32\snmptrap.exe,-3; C:\Windows\System32\snmptrap.exe [2009-07-14 12800]
S3 sppuinotify;@%SystemRoot%\system32\sppuinotify.dll,-103; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 SstpSvc;@%SystemRoot%\system32\sstpsvc.dll,-200; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 TabletInputService;@%SystemRoot%\system32\TabSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 TBS;@%SystemRoot%\system32\tbssvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 THREADORDER;@%systemroot%\system32\mmcss.dll,-102; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 TrustedInstaller;@%SystemRoot%\servicing\TrustedInstaller.exe,-100; C:\Windows\servicing\TrustedInstaller.exe [2009-07-14 204800]
S3 UI0Detect;@%SystemRoot%\system32\ui0detect.exe,-101; C:\Windows\system32\UI0Detect.exe [2009-07-14 35840]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 VaultSvc;@%SystemRoot%\system32\vaultsvc.dll,-1003; C:\Windows\system32\lsass.exe [2009-07-14 22528]
S3 vds;@%SystemRoot%\system32\vds.exe,-100; C:\Windows\System32\vds.exe [2009-07-14 452608]
S3 wbengine;@%systemroot%\system32\wbengine.exe,-104; C:\Windows\system32\wbengine.exe [2009-07-14 1202688]
S3 WbioSrvc;@%systemroot%\system32\wbiosrvc.dll,-100; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 wcncsvc;@%SystemRoot%\system32\wcncsvc.dll,-3; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 WcsPlugInService;@%SystemRoot%\system32\WcsPlugInService.dll,-200; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 WdiSystemHost;@%systemroot%\system32\wdi.dll,-500; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 Wecsvc;@%SystemRoot%\system32\wecsvc.dll,-200; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 wercplsupport;@%SystemRoot%\System32\wercplsupport.dll,-101; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 WerSvc;@%SystemRoot%\System32\wersvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 WinHttpAutoProxySvc;@%SystemRoot%\system32\winhttp.dll,-100; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 WinRM;@%Systemroot%\system32\wsmsvc.dll,-101; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 Wlansvc;@%SystemRoot%\System32\wlansvc.dll,-257; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 WPCSvc;@%SystemRoot%\system32\wpcsvc.dll,-100; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 WPDBusEnum;@%SystemRoot%\system32\wpdbusenum.dll,-100; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 WwanSvc;@%SystemRoot%\System32\wwansvc.dll,-257; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S4 Mcx2Svc;@%SystemRoot%\ehome\ehres.dll,-15501; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S4 NetTcpPortSharing;@%systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelInstallRC.dll,-8201; C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2009-06-10 128848]

-----------------EOF-----------------

#4 Příspěvek od **Rudy** » 25 úno 2010 20:59

Log je dobrý k tomu, abychom věděli, zda v PC nemáte nějaký šmejd. Myslím, že máte, proto dejte log z ComboFix.

Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode, pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k nezadoucim kolizim s rezidentem antispyware

ravirX · #5 Příspěvek od **ravirX** » 26 úno 2010 12:12

Šmejd? to akože nejaký vírus?

ComboFix 10-02-25.02 - Rasto . 02. 2010 11:42:17.1.1 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1250.421.1051.18.2047.1371 [GMT 1:00]
Running from: c:\users\Rasto\Desktop\ComboFix.exe
SP: Spyware Terminator *disabled* (Updated) {55EE49A8-16BE-4601-BBE6-607B7F7317DE}
.
ADS - Windows: deleted 24 bytes in 1 streams.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\programdata\hpe9E7A.dll

.
((((((((((((((((((((((((( Files Created from 2010-01-26 to 2010-02-26 )))))))))))))))))))))))))))))))
.

2010-02-26 10:40 . 2010-02-26 10:40 -------- d-----w- C:\32788R22FWJFW
2010-02-25 06:36 . 2010-02-25 07:58 -------- d-----w- c:\program files\trend micro
2010-02-25 06:36 . 2010-02-25 07:58 -------- d-----w- C:\rsit
2010-02-24 19:54 . 2010-02-02 07:45 2048 ----a-w- c:\windows\system32\tzres.dll
2010-02-22 17:36 . 2009-11-25 10:19 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-02-22 17:36 . 2009-03-30 08:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-02-22 17:36 . 2010-02-22 17:36 -------- d-----w- c:\programdata\Avira
2010-02-22 17:36 . 2010-02-22 17:36 -------- d-----w- c:\program files\Avira
2010-02-19 14:43 . 2010-02-19 14:44 -------- d-----w- c:\programdata\FLEXnet
2010-02-19 14:29 . 2010-02-19 14:29 -------- d-----w- c:\program files\Adobe Media Player
2010-02-19 14:24 . 2010-02-19 14:24 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-02-19 14:19 . 2010-02-19 14:19 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2010-02-18 19:35 . 2010-02-18 19:35 -------- d-----w- c:\users\Rasto\AppData\Local\ElevatedDiagnostics
2010-02-18 18:10 . 2010-02-18 18:19 -------- d-----w- c:\program files\SlySoft
2010-02-11 17:57 . 2010-02-11 17:58 -------- d-----w- c:\users\Rasto\AppData\Local\Microsoft Games
2010-02-07 19:04 . 2010-02-11 15:35 -------- d-----w- c:\program files\Google
2010-02-05 12:07 . 2010-02-05 12:07 -------- d-----w- c:\users\Rasto\AppData\Roaming\LG Electronics
2010-02-05 12:03 . 2007-07-11 14:51 19840 ----a-w- c:\windows\system32\drivers\lgusbdiag.sys
2010-02-05 12:03 . 2007-07-11 09:45 21632 ----a-w- c:\windows\system32\drivers\lgusbmodem.sys
2010-02-05 12:03 . 2007-07-11 09:40 12416 ----a-w- c:\windows\system32\drivers\lgusbbus.sys
2010-02-05 12:03 . 2010-02-05 12:03 -------- d-----w- c:\program files\LG Electronics
2010-02-05 12:02 . 2010-02-05 12:02 -------- d-----w- c:\program files\Common Files\InstallShield
2010-02-05 11:59 . 2010-02-05 12:02 -------- d-----w- c:\program files\LG PC Suite 2
2010-02-02 20:01 . 2010-02-21 15:18 -------- d-----w- c:\users\Rasto\AppData\Roaming\IrfanView
2010-02-02 20:01 . 2010-02-02 20:01 -------- d-----w- c:\program files\IrfanView
2010-02-01 10:51 . 2010-02-01 10:51 66872 ----a-w- c:\windows\system32\PnkBstrA.exe
2010-02-01 10:51 . 2010-02-13 13:37 138184 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-01-31 14:38 . 2010-02-13 13:37 183112 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-01-31 14:34 . 2010-01-31 14:34 -------- d-----w- c:\users\Rasto\AppData\Local\PunkBuster
2010-01-31 13:52 . 2010-01-31 13:52 -------- d-----w- c:\users\Rasto\AppData\Roaming\Leadertech
2010-01-31 13:24 . 2006-09-28 15:05 2414360 ----a-w- c:\windows\system32\d3dx9_31.dll
2010-01-27 20:00 . 2009-10-31 05:45 2614272 ----a-w- c:\windows\explorer.exe
2010-01-27 20:00 . 2009-10-28 06:17 285696 ----a-w- c:\windows\system32\winlogon.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-26 10:22 . 2010-01-23 18:44 -------- d-----w- c:\users\Rasto\AppData\Roaming\Spyware Terminator
2010-02-25 10:09 . 2010-01-19 13:41 1 ----a-w- c:\users\Rasto\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-02-25 10:09 . 2010-01-22 13:46 -------- d-----w- c:\users\Rasto\AppData\Roaming\gtk-2.0
2010-02-24 08:16 . 2010-01-16 14:39 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-23 17:18 . 2010-01-23 18:32 -------- d-----w- c:\programdata\Spyware Terminator
2010-02-22 15:17 . 2010-01-16 13:43 -------- d-----w- c:\program files\Alwil Software
2010-02-22 15:15 . 2010-02-22 15:15 0 ----a-w- c:\users\Rasto\MobilityManager.tmp
2010-02-21 15:20 . 2010-01-23 18:32 -------- d-----w- c:\program files\Spyware Terminator
2010-02-19 14:42 . 2010-01-16 17:12 113000 ----a-w- c:\users\Rasto\AppData\Local\GDIPFONTCACHEV1.DAT
2010-02-19 14:31 . 2010-01-16 13:35 -------- d-----w- c:\program files\Common Files\Adobe
2010-02-11 18:53 . 2010-02-22 15:17 38848 ----a-w- c:\windows\system32\avaC357.tmp
2010-02-11 18:53 . 2010-02-22 15:17 153184 ----a-w- c:\windows\system32\aswC1DF.tmp
2010-02-05 12:03 . 2010-01-16 13:24 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-31 13:19 . 2010-01-16 13:05 717296 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-01-26 17:10 . 2010-01-25 13:31 -------- d-----w- c:\program files\Sony Ericsson
2010-01-26 17:09 . 2010-01-25 13:33 -------- d-----w- c:\program files\Avanquest update
2010-01-25 13:51 . 2010-01-25 13:51 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2010-01-25 13:42 . 2010-01-25 13:42 -------- d-----w- c:\program files\Common Files\Sony Shared
2010-01-25 13:42 . 2010-01-25 13:42 -------- d-----w- c:\program files\Sony
2010-01-25 13:41 . 2010-01-25 13:40 -------- d-----w- c:\program files\QuickTime
2010-01-25 13:40 . 2010-01-25 13:40 -------- d-----w- c:\programdata\Apple Computer
2010-01-25 13:39 . 2010-01-25 13:39 -------- d-----w- c:\program files\Apple Software Update
2010-01-25 13:39 . 2010-01-25 13:39 -------- d-----w- c:\programdata\Apple
2010-01-25 13:33 . 2010-01-25 13:33 -------- d-----w- c:\programdata\BVRP Software
2010-01-25 13:31 . 2010-01-25 13:31 -------- d-----w- c:\programdata\Sony Ericsson
2010-01-25 13:30 . 2010-01-25 13:30 -------- d-----w- c:\users\Rasto\AppData\Roaming\InstallShield
2010-01-24 14:25 . 2010-01-16 13:39 -------- d-----w- c:\program files\Mobility Manager
2010-01-23 18:44 . 2010-01-23 18:44 6144 ----a-w- c:\programdata\Spyware Terminator\sp_rsdel.exe
2010-01-23 18:44 . 2010-01-23 18:44 5632 ----a-w- c:\programdata\Spyware Terminator\fileobjinfo.sys
2010-01-23 18:44 . 2010-01-23 18:44 142592 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys
2010-01-23 18:09 . 2010-01-23 18:09 -------- d-----w- c:\program files\FLV Player
2010-01-22 12:51 . 2010-01-22 12:51 -------- d-----w- c:\program files\GIMP-2.0
2010-01-19 13:40 . 2010-01-19 13:40 -------- d-----w- c:\users\Rasto\AppData\Roaming\OpenOffice.org
2010-01-19 12:04 . 2010-01-16 13:24 -------- d-----w- c:\programdata\CyberLink
2010-01-19 11:53 . 2010-01-19 11:53 -------- d-----w- c:\program files\MSXML 4.0
2010-01-19 11:37 . 2010-01-19 11:36 -------- d-----w- c:\users\Rasto\AppData\Roaming\Nero
2010-01-19 11:36 . 2010-01-19 11:36 -------- d-----w- c:\programdata\LightScribe
2010-01-17 14:18 . 2010-01-17 13:47 -------- d-----w- c:\program files\Common Files\Nero
2010-01-17 14:03 . 2010-01-17 13:48 -------- d-----w- c:\program files\Nero
2010-01-17 13:56 . 2010-01-17 13:47 -------- d-----w- c:\programdata\Nero
2010-01-17 13:46 . 2010-01-17 13:46 -------- d-----w- c:\program files\Common Files\LightScribe
2010-01-16 17:07 . 2010-01-16 17:07 -------- d-----w- c:\program files\RocketDock
2010-01-16 16:58 . 2010-01-16 16:42 -------- d-----w- c:\programdata\Microsoft Help
2010-01-16 16:54 . 2010-01-16 16:54 -------- d-----w- c:\program files\Microsoft Works
2010-01-16 16:54 . 2009-07-14 04:52 -------- d-----w- c:\program files\MSBuild
2010-01-16 16:52 . 2010-01-16 16:52 -------- d-----w- c:\program files\Microsoft.NET
2010-01-16 16:46 . 2010-01-16 16:46 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2010-01-16 16:15 . 2010-01-16 16:15 -------- d-----w- c:\programdata\McAfee
2010-01-16 16:11 . 2010-01-16 16:11 -------- d-----w- c:\programdata\McAfee Security Scan
2010-01-16 13:43 . 2010-01-16 13:43 -------- d-----w- c:\programdata\Alwil Software
2010-01-16 13:39 . 2010-01-16 13:39 -------- d--h--w- c:\program files\Zero G Registry
2010-01-16 13:37 . 2010-01-16 13:37 -------- d-----w- c:\program files\OpenOffice.org 3
2010-01-16 13:33 . 2010-01-16 13:33 -------- d-----w- c:\program files\The KMPlayer
2010-01-16 13:28 . 2010-01-16 13:27 -------- d-----w- c:\users\Rasto\AppData\Roaming\Mp3 Audio Editor
2010-01-16 13:25 . 2010-01-16 13:25 -------- d-----w- c:\users\Rasto\AppData\Roaming\CyberLink
2010-01-16 13:24 . 2010-01-16 13:23 -------- d-----w- c:\program files\CyberLink
2010-01-16 13:24 . 2010-01-16 13:24 -------- d-----w- c:\program files\Common Files\CyberLink
2010-01-16 13:22 . 2010-01-16 13:23 29480 ----a-w- c:\windows\system32\msxml3a.dll
2010-01-16 13:22 . 2010-01-16 13:23 505128 ----a-w- c:\windows\system32\msvcp71.dll
2010-01-16 13:22 . 2010-01-16 13:23 353576 ----a-w- c:\windows\system32\msvcr71.dll
2010-01-16 13:18 . 2010-01-16 13:18 503808 ----a-w- c:\programdata\LangSoft\WebIE.dll
2010-01-16 13:18 . 2010-01-16 13:18 356352 ----a-w- c:\programdata\LangSoft\TrnOutl.dll
2010-01-16 13:18 . 2010-01-16 13:18 299008 ----a-w- c:\programdata\LangSoft\TrnWord.dll
2010-01-16 13:18 . 2010-01-16 13:16 -------- d-----w- c:\programdata\LangSoft
2010-01-16 13:17 . 2010-01-16 13:16 -------- d-----w- c:\users\Rasto\AppData\Roaming\LangSoft
2010-01-16 13:08 . 2010-01-16 13:08 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_09_00.Wdf
2010-01-16 12:54 . 2010-01-16 12:54 0 ----a-w- c:\windows\system32\atiicdxx.dat
2010-01-16 12:54 . 2010-01-16 12:54 0 ----a-w- c:\windows\ativpsrm.bin
2010-01-08 22:42 . 2010-01-08 22:42 3366912 ----a-w- c:\windows\system32\GPhotos.scr
2010-01-08 03:18 . 2010-02-11 09:55 221184 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-01-08 03:17 . 2010-02-11 09:55 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2009-12-19 09:02 . 2010-01-21 18:50 977920 ----a-w- c:\windows\system32\wininet.dll
2009-12-19 09:02 . 2010-02-11 09:55 12288 ----a-w- c:\windows\system32\tsbyuv.dll
2009-12-19 09:02 . 2010-02-11 09:55 1328640 ----a-w- c:\windows\system32\quartz.dll
2009-12-19 09:02 . 2010-02-11 09:55 22016 ----a-w- c:\windows\system32\msyuv.dll
2009-12-19 09:02 . 2010-02-11 09:55 31744 ----a-w- c:\windows\system32\msvidc32.dll
2009-12-19 09:02 . 2010-02-11 09:55 13312 ----a-w- c:\windows\system32\msrle32.dll
2009-12-19 09:02 . 2010-02-11 09:55 84480 ----a-w- c:\windows\system32\mciavi32.dll
2009-12-19 09:02 . 2010-02-11 09:55 50176 ----a-w- c:\windows\system32\iyuv_32.dll
2009-12-19 09:02 . 2010-02-11 09:55 91648 ----a-w- c:\windows\system32\avifil32.dll
2009-12-08 11:40 . 2010-02-11 09:55 3955288 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-12-08 11:40 . 2010-02-11 09:55 3899464 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-12-08 11:32 . 2010-02-11 09:55 292864 ----a-w- c:\windows\system32\apphelp.dll
2009-12-08 08:05 . 2010-02-11 09:55 310784 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-08 08:05 . 2010-02-11 09:55 113664 ----a-w- c:\windows\system32\drivers\srvnet.sys
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
"Google Update"="c:\users\Rasto\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-01-16 135664]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-06-09 2363392]
"SpywareTerminatorUpdate"="c:\program files\Spyware Terminator\SpywareTerminatorUpdate.exe" [2010-01-23 3037696]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2009-09-24 434176]
"AdobeBridge"="c:\program files\Adobe\Adobe Bridge CS4\Bridge.exe" [2008-08-28 13145448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MobilityManager"="c:\program files\Mobility Manager\MobilityManager" [X]
"RemoteControl8"="c:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe" [2008-03-20 83240]
"PDVD8LanguageShortcut"="c:\program files\CyberLink\PowerDVD8\Language\Language.exe" [2007-12-14 50472]
"BDRegion"="c:\program files\Cyberlink\Shared Files\brs.exe" [2008-05-19 91432]
"SpywareTerminator"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe" [2010-01-23 2166784]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-03-28 413696]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

c:\users\Rasto\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-9-16 384512]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\System32\drivers\sp_rsdrv2.sys [23. 1. 2010 19:44 142592]
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};c:\program files\CyberLink\PowerDVD8\000.fcl [15. 5. 2008 12:07 61424]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [22. 2. 2010 18:36 108289]
R2 FMMService;FMMService;c:\progra~1\MOBILI~1\FMMSER~1.EXE [16. 1. 2010 14:39 40960]
R3 FlrnUSB;Leadtek USB Network Interface;c:\windows\System32\drivers\LtkUSB.sys [16. 1. 2010 14:39 41907]
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\System32\drivers\seehcri.sys [26. 1. 2010 18:10 27632]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\System32\drivers\yk62x86.sys [28. 9. 2009 9:22 315392]
S0 sptd;sptd;c:\windows\System32\drivers\sptd.sys [16. 1. 2010 14:05 717296]
S2 OMSI download service;Sony Ericsson OMSI download service;c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [26. 1. 2010 18:10 90112]
S3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\System32\drivers\s1018bus.sys [25. 1. 2010 14:31 86696]
S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\System32\drivers\s1018mdfl.sys [25. 1. 2010 14:31 15016]
S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\System32\drivers\s1018mdm.sys [25. 1. 2010 14:31 114472]
S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\System32\drivers\s1018mgmt.sys [25. 1. 2010 14:31 108200]
S3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\System32\drivers\s1018nd5.sys [25. 1. 2010 14:31 26024]
S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\System32\drivers\s1018obex.sys [25. 1. 2010 14:31 104616]
S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\System32\drivers\s1018unic.sys [25. 1. 2010 14:31 109736]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-06-09 09:14 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder

2010-02-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3739804143-2010650947-3799046463-1000Core.job
- c:\users\Rasto\AppData\Local\Google\Update\GoogleUpdate.exe [2010-01-16 17:11]

2010-02-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3739804143-2010650947-3799046463-1000UA.job
- c:\users\Rasto\AppData\Local\Google\Update\GoogleUpdate.exe [2010-01-16 17:11]
.
.
------- Supplementary Scan -------
.
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\programdata\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748449} - c:\programdata\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\programdata\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\programdata\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\programdata\LangSoft\WebIE.dll
FF - ProfilePath - c:\users\Rasto\AppData\Roaming\Mozilla\Firefox\Profiles\sfgdcftf.default\
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\users\Rasto\AppData\Local\Google\Update\1.2.183.13\npGoogleOneClick8.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".sk");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-OEXPRESS - (no file)
AddRemove-PC Translator - c:\users\Rasto\AppData\Local\Temp\UN32.EXE

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD8\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2010-02-26 11:59:17
ComboFix-quarantined-files.txt 2010-02-26 10:59

Pre-Run: 23 733 846 016 bytes free
Post-Run: 23 729 799 168 bytes free

- - End Of File - - 3F19C3AA2C2BEC7ABCC80914FFA41ADC

Tak ako to vyzerá?

#6 Příspěvek od **Rudy** » 26 úno 2010 19:41

1 infikovaná položka byla smazána. Ještě poprosím o online test těchto souborů na www.virustotal.com :

c:\windows\system32\avaC357.tmp
c:\windows\system32\aswC1DF.tmp

ravirX · #7 Příspěvek od **ravirX** » 27 úno 2010 17:33

neviem či som to dobre spravil:

c:\windows\system32\avaC357.tmp

Soubor A525FB83C0A1ED5B9725000CB68D0400F085B965.scr přijatý 2010.02.10 11:41:31 (UTC)
Současný stav: Dokončeno
Výsledek: 1/41 (2.44%)
Formátované Formátované
Vytisknout výsledky Vytisknout výsledky
Antivirus Verze Poslední aktualizace Výsledek
a-squared 4.5.0.50 2010.02.10 -
AhnLab-V3 5.0.0.2 2010.02.09 -
AntiVir 7.9.1.160 2010.02.10 -
Antiy-AVL 2.0.3.7 2010.02.09 -
Authentium 5.2.0.5 2010.02.10 -
Avast 4.8.1351.0 2010.02.10 -
AVG 9.0.0.730 2010.02.10 -
BitDefender 7.2 2010.02.10 -
CAT-QuickHeal 10.00 2010.02.10 -
ClamAV 0.96.0.0-git 2010.02.10 -
Comodo 3886 2010.02.10 -
DrWeb 5.0.1.12222 2010.02.10 -
eSafe 7.0.17.0 2010.02.09 -
eTrust-Vet 35.2.7294 2010.02.10 -
F-Prot 4.5.1.85 2010.02.09 -
F-Secure 9.0.15370.0 2010.02.10 -
Fortinet 4.0.14.0 2010.02.10 -
GData 19 2010.02.10 -
Ikarus T3.1.1.80.0 2010.02.10 -
Jiangmin 13.0.900 2010.02.08 -
K7AntiVirus 7.10.969 2010.02.08 -
Kaspersky 7.0.0.125 2010.02.10 -
McAfee 5887 2010.02.09 -
McAfee+Artemis 5887 2010.02.09 -
McAfee-GW-Edition 6.8.5 2010.02.10 -
Microsoft 1.5406 2010.02.10 -
NOD32 4853 2010.02.10 -
Norman 6.04.03 2010.02.10 -
nProtect 2009.1.8.0 2010.02.10 -
Panda 10.0.2.2 2010.02.09 -
PCTools 7.0.3.5 2010.02.10 -
Prevx 3.0 2010.02.10 -
Rising 22.34.01.02 2010.02.10 -
Sophos 4.50.0 2010.02.10 -
Sunbelt 3.2.1858.2 2010.02.10 -
Symantec 20091.2.0.41 2010.02.10 Suspicious.Insight
TheHacker 6.5.1.1.186 2010.02.10 -
TrendMicro 9.120.0.1004 2010.02.10 -
VBA32 3.12.12.2 2010.02.09 -
ViRobot 2010.2.10.2180 2010.02.10 -
VirusBuster 5.0.21.0 2010.02.09 -
Rozšiřující informace
File size: 38848 bytes
MD5 : a0160ad4ce53cdb21abc67f6b6e1e07b
SHA1 : 7b9c1ab4c7bfacb61e42a8d20014839a65cb8cc9
SHA256: da57aaf40e23449de2f8e8b5ff6addc23507ca35ac590d6327e8f34bee37269f
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x14E9
timedatestamp.....: 0x4B7017C0 (Mon Feb 8 14:55:12 2010)
machinetype.......: 0x14C (Intel I386)

( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0xA2E 0xC00 5.56 177395b9a1ac3fafdf1e96fa3fba8395
.rdata 0x2000 0x71A 0x800 4.53 61c2ffde700478d94ec5af1edb55bdbc
.data 0x3000 0x38C 0x200 0.35 e2b23683a8b8935f281d74e560c5fad8
.rsrc 0x4000 0x6008 0x6200 5.06 a5390ae62cc2b459e406fdecd6893a69

( 3 imports )

> advapi32.dll: RegCloseKey, RegQueryValueExW, RegOpenKeyExW
> kernel32.dll: GetLastError, GetProcAddress, LoadLibraryExW, GetCurrentProcessId, GetCurrentThreadId, GetTickCount, QueryPerformanceCounter, IsDebuggerPresent, SetUnhandledExceptionFilter, UnhandledExceptionFilter, GetCurrentProcess, TerminateProcess, GetStartupInfoW, InterlockedCompareExchange, Sleep, InterlockedExchange, GetSystemTimeAsFileTime
> msvcr90.dll: __p__fmode, _encode_pointer, __set_app_type, __p__commode, _terminate@@YAXXZ, _unlock, __dllonexit, _lock, _onexit, _decode_pointer, _except_handler4_common, _invoke_watson, _controlfp_s, _adjust_fdiv, __setusermatherr, _configthreadlocale, _initterm_e, _initterm, _wcmdln, exit, _XcptFilter, _exit, _cexit, __wgetmainargs, _amsg_exit, wcsrchr, _crt_debugger_hook

( 0 exports )
TrID : File type identification
Win64 Executable Generic (80.9%)
Win32 Executable Generic (8.0%)
Win32 Dynamic Link Library (generic) (7.1%)
Generic Win/DOS Executable (1.8%)
DOS Executable Generic (1.8%)
ssdeep: 384:eTgIJz0DE4D+GFhP51ORQ9kvIojFWllnV5p+OEX5I3m6ihYJLWKFbQ6jbXe:kgxEqXTYQ9uIcSlnV5kpI26ZLvbQmbXe
PEiD : -
RDS : NSRL Reference Data Set
-

c:\windows\system32\aswC1DF.tmp

Soubor aswBoot.exe přijatý 2010.02.18 14:26:38 (UTC)
Současný stav: Dokončeno
Výsledek: 0/41 (0.00%)
Formátované Formátované
Vytisknout výsledky Vytisknout výsledky
Antivirus Verze Poslední aktualizace Výsledek
a-squared 4.5.0.50 2010.02.18 -
AhnLab-V3 5.0.0.2 2010.02.17 -
AntiVir 8.2.1.170 2010.02.18 -
Antiy-AVL 2.0.3.7 2010.02.18 -
Authentium 5.2.0.5 2010.02.18 -
Avast 4.8.1351.0 2010.02.18 -
AVG 9.0.0.730 2010.02.18 -
BitDefender 7.2 2010.02.18 -
CAT-QuickHeal 10.00 2010.02.18 -
ClamAV 0.96.0.0-git 2010.02.18 -
Comodo 3981 2010.02.18 -
DrWeb 5.0.1.12222 2010.02.18 -
eSafe 7.0.17.0 2010.02.17 -
eTrust-Vet 35.2.7310 2010.02.18 -
F-Prot 4.5.1.85 2010.02.17 -
F-Secure 9.0.15370.0 2010.02.18 -
Fortinet 4.0.14.0 2010.02.18 -
GData 19 2010.02.18 -
Ikarus T3.1.1.80.0 2010.02.18 -
Jiangmin 13.0.900 2010.02.18 -
K7AntiVirus 7.10.976 2010.02.17 -
Kaspersky 7.0.0.125 2010.02.17 -
McAfee 5895 2010.02.17 -
McAfee+Artemis 5895 2010.02.17 -
McAfee-GW-Edition 6.8.5 2010.02.18 -
Microsoft 1.5406 2010.02.18 -
NOD32 4877 2010.02.18 -
Norman 6.04.08 2010.02.18 -
nProtect 2009.1.8.0 2010.02.18 -
Panda 10.0.2.2 2010.02.17 -
PCTools 7.0.3.5 2010.02.17 -
Prevx 3.0 2010.02.18 -
Rising 22.34.01.03 2010.02.11 -
Sophos 4.50.0 2010.02.18 -
Sunbelt 5684 2010.02.18 -
Symantec 20091.2.0.41 2010.02.18 -
TheHacker 6.5.1.4.198 2010.02.18 -
TrendMicro 9.120.0.1004 2010.02.18 -
VBA32 3.12.12.2 2010.02.18 -
ViRobot 2010.2.18.2192 2010.02.18 -
VirusBuster 5.0.27.0 2010.02.18 -
Rozšiřující informace
File size: 153184 bytes
MD5 : 61c5f7d57d5d91003a9caab01df61883
SHA1 : 55011ab62e9fe84218fba427bdd79df23cb068b9
SHA256: 3bdf3de73abf6cc08381c13c482dd26ec11549587b20f4da9bced6442f199d4e
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x1000
timedatestamp.....: 0x4B745104 (Thu Feb 11 19:48:36 2010)
machinetype.......: 0x14C (Intel I386)

( 5 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x1958A 0x19600 6.63 d9689a5ce536bd7dfb6687831e6bd751
.rdata 0x1B000 0x7CB2 0x7E00 6.33 1517532f5ebb9730deb9c84452712c8a
.data 0x23000 0x1A54 0x200 3.28 40438a1dce83fa098ba6e8bb78f7be68
.rsrc 0x25000 0x368 0x400 2.90 0e58996e8500356951f39641e0ccc785
.reloc 0x26000 0x18BC 0x1A00 4.90 1c776f34f34b9ef342b1c5c72141d86f

( 1 imports )

> ntdll.dll: wcschr, _wcsnicmp, NtSetInformationProcess, RtlCreateHeap, RtlAllocateHeap, RtlReAllocateHeap, RtlFreeHeap, NtTerminateProcess, _strnicmp, _snwprintf, NtQueryInformationThread, RtlEnterCriticalSection, RtlLeaveCriticalSection, RtlInitializeCriticalSection, RtlDeleteCriticalSection, RtlRaiseException, memset, memcpy, strlen, strcmp, memmove, _allmul, RtlUnwind, wcstoul, wcsrchr, strtoul, wcsstr, wcsncmp, RtlInitUnicodeString, NtCreateFile, NtQueryInformationFile, NtSetInformationFile, NtClose, NtReadFile, NtDelayExecution, wcsncpy, NtCreateSection, NtMapViewOfSection, NtDuplicateObject, NtUnmapViewOfSection, NtQueryAttributesFile, NtQueryInformationProcess, RtlInitAnsiString, RtlAnsiStringToUnicodeString, RtlQueryEnvironmentVariable_U, swprintf, NtQuerySystemInformation, LdrFindEntryForAddress, LdrLoadDll, LdrGetDllHandle, LdrGetProcedureAddress, LdrUnloadDll, NtOpenKey, NtQueryValueKey, NtCreateDirectoryObject, RtlCreateSecurityDescriptor, RtlSetDaclSecurityDescriptor, strncpy, NtOpenFile, NtDeviceIoControlFile, NtAllocateVirtualMemory, NtFreeVirtualMemory, _alldiv, _aulldiv, _chkstk

( 0 exports )
TrID : File type identification
Win32 Executable Generic (68.0%)
Generic Win/DOS Executable (15.9%)
DOS Executable Generic (15.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
ssdeep: 3072:jBzwUr64KbLHLJlpU4FhxOnOVLsp3J/o78mR3eqWM4te:9LuvnVlpU0hJ0Z/o78mR3efMie
sigcheck: publisher....: ALWIL Software
copyright....: Copyright (c) 2010 ALWIL Software
product......: avast_ Antivirus
description..: avast_ start-up scanner
original name: aswBoot.exe
internal name: aswBoot
file version.: 5, 0, 418, 0
comments.....: n/a
signers......: ALWIL Software
VeriSign Class 3 Code Signing 2004 CA
Class 3 Public Primary Certification Authority
signing date.: 7:53 PM 2/11/2010
verified.....: -
PEiD : -
RDS : NSRL Reference Data Set
-

a čo teraz? uz by to malo ist?

#8 Příspěvek od **Rudy** » 27 úno 2010 20:03

Jeden ze souborů byl u 1 AV považován za podezřelý, což by nemělo nic znamenat. PC by měl být čistý. Jak se nyní Avast tváří?

ravirX · #9 Příspěvek od **ravirX** » 28 úno 2010 20:18

nainštaloval som ho a ide v poriadku. takze je to spravené? A čo vlastne tomu bolo?
Vďaka

#10 Příspěvek od **Rudy** » 28 úno 2010 20:23

Byl tam 1 šmejd, který smazal ComboFix. Nemáte zač!

VIRY.CZ

Avast - problem

Avast - problem

Re: Avast - problem

Re: Avast - problem

Re: Avast - problem

Re: Avast - problem

Re: Avast - problem

Re: Avast - problem

Re: Avast - problem

Re: Avast - problem

Re: Avast - problem