Kontrola logu-nemužu se zbavit trojana Vyřešeno

[doyll]

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 14:04:41, on 1.11.2012
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20696)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\Program Files\AVG\AVG2012\avgemcx.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\admin\Dokumenty\Stažené soubory\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: AVG Do Not Track - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files\AVG\AVG2012\avgdtiex.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files\AVG\AVG2012\avgtray.exe"
O4 - HKLM\..\Run: [OSSelectorReinstall] C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O9 - Extra button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files\AVG\AVG2012\avgdtiex.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{857CFF4C-8419-4323-9C13-8BDF81451CA8}: NameServer = 10.153.28.49
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgwdsvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - Unknown owner - C:\WINDOWS\System32\TuneUpDefragService.exe (file missing)
O23 - Service: AVG PC TuneUp Service (TuneUp.UtilitiesSvc) - Unknown owner - C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesService32.exe (file missing)

--
End of file - 5551 bytes

[Reklama]

[Žbeky]

Kde má být ten trojan?

Fixni:

Kód: Vybrat vše

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab

Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
- Pokud používáš Firefox, klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
- Pokud používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected.
- Pokud používáš Chrome, nic dalšího nevybírej a dej Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.

Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Update Malwarebytes' Anti-Malware (Aktualizace Malwarebytes' Anti-Malware) a Launch Malwarebytes' Anti-Malware (Spustit aplikaci Malwarebytes' Anti-Malware), pokud jo tak klikni na tlačítko Finish
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Perform Quick Scan (Provést rychlý sken) a klikni na tlačítko Scan (Skenovat)
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- pak zvol možnost Save Logfile a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(ZATÍM SÁM NIC NEMAŽ!).
Vlož sem pak obsah toho logu.

[doyll]

Ahoj mam ho ve složce Windows:system32_drivers.atapi.sys a avg ho nemuže ani uložit do truhly ani smazat

[doyll]

Malwarebytes Anti-Malware (Zkušební verze Malwarebytes Anti-Malware) 1.65.1.1000
www.malwarebytes.org

Verze databáze: v2012.11.11.03

Windows XP Service Pack 2 x86 NTFS
Internet Explorer 7.0.5730.13
admin :: STORM [administrátor]

Ochrana: Povolena

11.11.2012 14:18:22
mbam-log-2012-11-11 (14-24-35).txt

Typ: Rychlá kontrola
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 184940
Uplynulý čas: 5 minut, 56 sekund

Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené klíče v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené hodnoty v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené datové položky v registru: 2
HKLM\SOFTWARE\Microsoft\Security Center|AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Špatný: (1) Dobrý: (0) -> Žádná instrukce nebyla provedena.
HKLM\SOFTWARE\Microsoft\Security Center|UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Špatný: (1) Dobrý: (0) -> Žádná instrukce nebyla provedena.

Nalezené složky: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené soubory: 0
(Žádné škodlivé položky nebyly zjištěny)

(konec)

[doyll]

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 14:29:22, on 11.11.2012
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20696)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\AVG\AVG2012\avgemcx.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: AVG Do Not Track - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files\AVG\AVG2012\avgdtiex.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files\AVG\AVG2012\avgtray.exe"
O4 - HKLM\..\Run: [OSSelectorReinstall] C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall.exe
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O9 - Extra button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files\AVG\AVG2012\avgdtiex.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O17 - HKLM\System\CCS\Services\Tcpip\..\{857CFF4C-8419-4323-9C13-8BDF81451CA8}: NameServer = 10.153.28.49
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgwdsvc.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - Unknown owner - C:\WINDOWS\System32\TuneUpDefragService.exe (file missing)
O23 - Service: AVG PC TuneUp Service (TuneUp.UtilitiesSvc) - Unknown owner - C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesService32.exe (file missing)

--
End of file - 5190 bytes

[Orcus]

AVG máš starší verzi 2012. Nainstaluj 2013 a zkus jestli to jde odstranit s ní. Pokud máš nainstalovanej AVG PC TuneUp a nemáš ho placenej, tak ho vykopej a nahraď něčím, co nedělá víc paseky než užitku.

Znovu spusť MbAM a dej Scan
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- ujistit se že máš zatrhnuté všechny vypsané nálezy a klikni na tlačítko Remove Selected
- když skončí odstraňování tak se ti zobrazí log, tak ho sem dej.
- pak zvol v programu OK a pak program ukonči přes Exit

====================================================

Stáhni si TDSSKiller

Na svojí plochu. Ujisti se , že máš zavřeny všechny ostatní aplikace a prohlížeče. Rozbal soubor a spusť TDSSKiller.exe. Restartuj PC . Log z TDSSKilleru najdeš zde:
C:\TDSSKiller.2.2.7.1._(datum)_log.txt , vlož sem prosím celý obsah logu.

====================================================

Vypni rezidentní štít antiviru a antispywaru
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Pokud bude po kontrole problém spustit aplikace nebo bude vyskakovat hláška o pokusu použít neplatnou operaci na klíč registru, který je označen pro odstranění, stačí restartovat počítač.

Pokud budou problémy , spusť v nouz. režimu.

[doyll]

15:14:49.0750 3984 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
15:14:50.0203 3984 ============================================================
15:14:50.0203 3984 Current date / time: 2012/11/11 15:14:50.0203
15:14:50.0203 3984 SystemInfo:
15:14:50.0203 3984
15:14:50.0203 3984 OS Version: 5.1.2600 ServicePack: 2.0
15:14:50.0203 3984 Product type: Workstation
15:14:50.0203 3984 ComputerName: STORM
15:14:50.0218 3984 UserName: admin
15:14:50.0218 3984 Windows directory: C:\WINDOWS
15:14:50.0218 3984 System windows directory: C:\WINDOWS
15:14:50.0218 3984 Processor architecture: Intel x86
15:14:50.0218 3984 Number of processors: 2
15:14:50.0218 3984 Page size: 0x1000
15:14:50.0218 3984 Boot type: Normal boot
15:14:50.0218 3984 ============================================================
15:14:52.0046 3984 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000020
15:14:52.0046 3984 ============================================================
15:14:52.0046 3984 \Device\Harddisk0\DR0:
15:14:52.0046 3984 MBR partitions:
15:14:52.0046 3984 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x5FB18A7
15:14:52.0062 3984 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x5FB35B1, BlocksNum 0xCA612DD
15:14:52.0062 3984 ============================================================
15:14:52.0078 3984 D: <-> \Device\Harddisk0\DR0\Partition2
15:14:52.0109 3984 C: <-> \Device\Harddisk0\DR0\Partition1
15:14:52.0109 3984 ============================================================
15:14:59.0000 2468 Deinitialize success

[doyll]

15:16:19.0515 1212 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
15:16:19.0843 1212 ============================================================
15:16:19.0843 1212 Current date / time: 2012/11/11 15:16:19.0843
15:16:19.0843 1212 SystemInfo:
15:16:19.0843 1212
15:16:19.0843 1212 OS Version: 5.1.2600 ServicePack: 2.0
15:16:19.0843 1212 Product type: Workstation
15:16:19.0843 1212 ComputerName: STORM
15:16:19.0859 1212 UserName: admin
15:16:19.0859 1212 Windows directory: C:\WINDOWS
15:16:19.0859 1212 System windows directory: C:\WINDOWS
15:16:19.0859 1212 Processor architecture: Intel x86
15:16:19.0859 1212 Number of processors: 2
15:16:19.0859 1212 Page size: 0x1000
15:16:19.0859 1212 Boot type: Normal boot
15:16:19.0859 1212 ============================================================
15:16:23.0593 1212 BG loaded
15:16:24.0921 1212 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x000000A4
15:16:25.0046 1212 ============================================================
15:16:25.0046 1212 \Device\Harddisk0\DR0:
15:16:25.0046 1212 MBR partitions:
15:16:25.0046 1212 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x5FB18A7
15:16:25.0046 1212 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x5FB35B1, BlocksNum 0xCA612DD
15:16:25.0046 1212 ============================================================
15:16:25.0062 1212 D: <-> \Device\Harddisk0\DR0\Partition2
15:16:25.0250 1212 C: <-> \Device\Harddisk0\DR0\Partition1
15:16:25.0250 1212 ============================================================
15:16:25.0250 1212 Initialize success
15:16:25.0250 1212 ============================================================
15:16:30.0796 2964 ============================================================
15:16:30.0796 2964 Scan started
15:16:30.0796 2964 Mode: Manual;
15:16:30.0796 2964 ============================================================
15:16:33.0484 2964 ================ Scan system memory ========================
15:16:35.0281 2964 System memory ( MEM:Backdoor.Win32.Sinowal.d ) - infected
15:16:35.0296 2964 System memory - detected MEM:Backdoor.Win32.Sinowal.d (0)
15:16:35.0296 2964 ================ Scan services =============================
15:16:36.0468 2964 Abiosdsk - ok
15:16:37.0984 2964 abp480n5 - ok
15:16:38.0265 2964 [ FA2FBCDA96D2385F773B059FE5A125A6 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
15:16:38.0312 2964 ACPI - ok
15:16:38.0468 2964 [ AFDFF022A01F0B11C776F0860C3B282F ] ACPIEC C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
15:16:38.0484 2964 ACPIEC - ok
15:16:38.0625 2964 [ 85C8B00A1BB3B782FF963BA2A5F2934C ] AcrSch2Svc C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
15:16:38.0640 2964 AcrSch2Svc - ok
15:16:38.0656 2964 adpu160m - ok
15:16:38.0921 2964 [ 1EE7B434BA961EF845DE136224C30FEC ] aec C:\WINDOWS\system32\drivers\aec.sys
15:16:38.0921 2964 aec - ok
15:16:39.0031 2964 [ 5AC495F4CB807B2B98AD2AD591E6D92E ] AFD C:\WINDOWS\System32\drivers\afd.sys
15:16:39.0156 2964 AFD - ok
15:16:39.0171 2964 Aha154x - ok
15:16:39.0187 2964 aic78u2 - ok
15:16:39.0203 2964 aic78xx - ok
15:16:39.0281 2964 [ 026DDAA7E6F8D49DF82C7A98BAE5D0D1 ] Alerter C:\WINDOWS\system32\alrsvc.dll
15:16:39.0359 2964 Alerter - ok
15:16:39.0375 2964 [ B3F690BF43F93A012A52F28F234FAA1B ] ALG C:\WINDOWS\System32\alg.exe
15:16:39.0437 2964 ALG - ok
15:16:39.0453 2964 AliIde - ok
15:16:39.0468 2964 amsint - ok
15:16:40.0468 2964 [ 421184F91EAE5C6E78E653C6B32AAE84 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
15:16:40.0593 2964 AppMgmt - ok
15:16:41.0015 2964 [ BD4A059B937A64F403E693DCAA26FE38 ] AR5211 C:\WINDOWS\system32\DRIVERS\ar5211.sys
15:16:41.0656 2964 AR5211 - ok
15:16:42.0343 2964 asc - ok
15:16:42.0359 2964 asc3350p - ok
15:16:42.0375 2964 asc3550 - ok
15:16:42.0500 2964 [ 05A56C3156E1B6CC7BBD8E1D54D491F2 ] ASNDIS5 C:\PROGRA~1\ATKHOT~1\ASNDIS5.SYS
15:16:42.0703 2964 ASNDIS5 - ok
15:16:42.0968 2964 [ D33C507942299753868204CC7642FA27 ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
15:16:43.0265 2964 aspnet_state - ok
15:16:43.0312 2964 [ 02000ABF34AF4C218C35D257024807D6 ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
15:16:43.0515 2964 AsyncMac - ok
15:16:43.0671 2964 [ CDFE4411A69C224BD1D11B2DA92DAC51 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
15:16:43.0687 2964 atapi - ok
15:16:43.0703 2964 Atdisk - ok
15:16:43.0828 2964 [ 29B2874B3956B62C0DBEA32D75A8E776 ] Ati HotKey Poller C:\WINDOWS\system32\Ati2evxx.exe
15:16:43.0828 2964 Ati HotKey Poller - ok
15:16:44.0000 2964 [ A1789368B4A31D2111AF7AEDA0C8D3FC ] ati2mtag C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
15:16:44.0046 2964 ati2mtag - ok
15:16:44.0515 2964 [ EC88DA854AB7D7752EC8BE11A741BB7F ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
15:16:44.0671 2964 Atmarpc - ok
15:16:44.0734 2964 [ 40D78F514C8588EF12EC718D2AF0FC4E ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
15:16:44.0734 2964 AudioSrv - ok
15:16:44.0796 2964 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
15:16:44.0828 2964 audstub - ok
15:16:44.0921 2964 [ D63D83659EEDF60B3A3E620281A888E5 ] AVGIDSHX C:\WINDOWS\system32\DRIVERS\avgidshx.sys
15:16:45.0078 2964 AVGIDSHX - ok
15:16:45.0093 2964 [ DCB09125C8B4766A88C86914B65487C1 ] Avgldx86 C:\WINDOWS\system32\DRIVERS\avgldx86.sys
15:16:45.0171 2964 Avgldx86 - ok
15:16:45.0203 2964 [ CCDD61545AAEA265977E4B1EFDC74E8C ] Avgmfx86 C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
15:16:45.0250 2964 Avgmfx86 - ok
15:16:45.0296 2964 [ 1FD90B28D2C3100BF4500199C8AD6358 ] Avgrkx86 C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
15:16:45.0375 2964 Avgrkx86 - ok
15:16:45.0421 2964 [ C0BC3B2E3FD625E7F55E1FF863E94592 ] Avgtdix C:\WINDOWS\system32\DRIVERS\avgtdix.sys
15:16:45.0484 2964 Avgtdix - ok
15:16:45.0640 2964 [ EA1145DEBCD508FD25BD1E95C4346929 ] avgwd C:\Program Files\AVG\AVG2012\avgwdsvc.exe
15:16:45.0640 2964 avgwd - ok
15:16:45.0703 2964 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
15:16:45.0718 2964 Beep - ok
15:16:45.0812 2964 [ E774A26610EC92674273486612C11CFC ] BITS C:\WINDOWS\system32\qmgr.dll
15:16:45.0984 2964 BITS - ok
15:16:46.0078 2964 [ F219E27E88107A50544153898DD8178E ] Browser C:\WINDOWS\System32\browser.dll
15:16:46.0109 2964 Browser - ok
15:16:46.0171 2964 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
15:16:46.0218 2964 cbidf2k - ok
15:16:46.0234 2964 cd20xrnt - ok
15:16:46.0250 2964 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
15:16:46.0281 2964 Cdaudio - ok
15:16:46.0343 2964 [ CD7D5152DF32B47F4E36F710B35AAE02 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
15:16:46.0375 2964 Cdfs - ok
15:16:46.0390 2964 [ AF9C19B3100FE010496B1A27181FBF72 ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
15:16:46.0421 2964 Cdrom - ok
15:16:46.0437 2964 Changer - ok
15:16:46.0468 2964 [ 9E21229E04E1D301BB40222FE4641CB2 ] CiSvc C:\WINDOWS\system32\cisvc.exe
15:16:46.0500 2964 CiSvc - ok
15:16:46.0609 2964 [ D3DC45553C8025338E08A60E95B1B91D ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
15:16:46.0625 2964 ClipSrv - ok
15:16:46.0703 2964 [ 3C4D595E7F9B747325AEF28B4ADCAAE5 ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:16:47.0015 2964 clr_optimization_v2.0.50727_32 - ok
15:16:47.0046 2964 [ 4266BE808F85826AEDF3C64C1E240203 ] CmBatt C:\WINDOWS\system32\DRIVERS\CmBatt.sys
15:16:47.0093 2964 CmBatt - ok
15:16:47.0109 2964 CmdIde - ok
15:16:47.0125 2964 [ DF1B1A24BF52D0EBC01ED4ECE8979F50 ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys
15:16:47.0281 2964 Compbatt - ok
15:16:47.0296 2964 COMSysApp - ok
15:16:47.0375 2964 Cpqarray - ok
15:16:47.0406 2964 [ 70D2A1756F4B2067658A186C963FCABD ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
15:16:47.0437 2964 CryptSvc - ok
15:16:47.0437 2964 dac2w2k - ok
15:16:47.0453 2964 dac960nt - ok
15:16:47.0562 2964 [ 46C3197AAC32EBA82453ACDD84114DC2 ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
15:16:47.0562 2964 DcomLaunch - ok
15:16:47.0609 2964 [ 815C52E540D2FB63DE159EFFF09CF234 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
15:16:47.0687 2964 Dhcp - ok
15:16:47.0781 2964 [ 00CA44E4534865F8A3B64F7C0984BFF0 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
15:16:47.0843 2964 Disk - ok
15:16:47.0906 2964 dmadmin - ok
15:16:48.0187 2964 [ E1968EDEC81C430108FEB23AB07BDB14 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
15:16:48.0593 2964 dmboot - ok
15:16:48.0687 2964 [ 1B1520A82E396E46B9AE9FA6B03FF6C6 ] dmio C:\WINDOWS\system32\drivers\dmio.sys
15:16:48.0750 2964 dmio - ok
15:16:48.0828 2964 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
15:16:48.0828 2964 dmload - ok
15:16:48.0859 2964 [ 7B3CA72885923EB947221F17F3E3AC59 ] dmserver C:\WINDOWS\System32\dmserver.dll
15:16:48.0906 2964 dmserver - ok
15:16:48.0953 2964 [ A6F881284AC1150E37D9AE47FF601267 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
15:16:48.0953 2964 DMusic - ok
15:16:49.0031 2964 [ F605B3F5674D67587C4B6C9E92A3E025 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
15:16:49.0093 2964 Dnscache - ok
15:16:49.0109 2964 dpti2o - ok
15:16:49.0140 2964 [ 1ED4DBBAE9F5D558DBBA4CC450E3EB2E ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
15:16:49.0218 2964 drmkaud - ok
15:16:49.0265 2964 [ D6F7428B201E33BC80066B47144CB568 ] ERSvc C:\WINDOWS\System32\ersvc.dll
15:16:49.0296 2964 ERSvc - ok
15:16:49.0343 2964 [ 6E401E61F952FBBF708AFBECEFAFAE81 ] Eventlog C:\WINDOWS\system32\services.exe
15:16:49.0390 2964 Eventlog - ok
15:16:49.0437 2964 [ 7B9199B6809586DC2CF30D411CECBD33 ] EventSystem C:\WINDOWS\system32\es.dll
15:16:49.0546 2964 EventSystem - ok
15:16:49.0640 2964 [ 3117F595E9615E04F05A54FC15A03B20 ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
15:16:49.0671 2964 Fastfat - ok
15:16:49.0859 2964 [ F961FDD353F9451440197024FDDFE086 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
15:16:49.0906 2964 FastUserSwitchingCompatibility - ok
15:16:49.0953 2964 [ CED2E8396A8838E59D8FD529C680E02C ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys
15:16:49.0968 2964 Fdc - ok
15:16:50.0015 2964 [ 266DAB58619B17BDF37FABBD48D875CA ] Fips C:\WINDOWS\system32\drivers\Fips.sys
15:16:50.0046 2964 Fips - ok
15:16:50.0093 2964 [ 0DD1DE43115B93F4D85E889D7A86F548 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
15:16:50.0109 2964 Flpydisk - ok
15:16:50.0203 2964 [ 5A85CD3D07273E3F6FE72EE9C6431632 ] FltMgr C:\WINDOWS\system32\DRIVERS\fltMgr.sys
15:16:50.0234 2964 FltMgr - ok
15:16:50.0296 2964 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
15:16:50.0328 2964 Fs_Rec - ok
15:16:50.0375 2964 [ 4E664D8541DB4A66B73A24257E322E1F ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
15:16:50.0453 2964 Ftdisk - ok
15:16:50.0640 2964 [ C0F1D4A21DE5A415DF8170616703DEBF ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
15:16:50.0656 2964 Gpc - ok
15:16:50.0687 2964 [ 3FCC124B6E08EE0E9351F717DD136939 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
15:16:50.0703 2964 HDAudBus - ok
15:16:50.0828 2964 [ F59152272782FED8A8197FA788287F68 ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
15:16:50.0890 2964 helpsvc - ok
15:16:50.0906 2964 HidServ - ok
15:16:50.0968 2964 [ 1DE6783B918F540149AA69943BDFEBA8 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
15:16:50.0984 2964 HidUsb - ok
15:16:51.0000 2964 hpn - ok
15:16:51.0203 2964 [ 909D110C9634B0F1487EAAEA837317D9 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
15:16:51.0218 2964 HTTP - ok
15:16:51.0281 2964 [ DA826826C5C9116F47E0CD0CA8CC7C11 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
15:16:51.0328 2964 HTTPFilter - ok
15:16:51.0343 2964 i2omgmt - ok
15:16:51.0359 2964 i2omp - ok
15:16:51.0390 2964 [ 0F42DE9909B5DBF2C48DD1A79D491AF5 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
15:16:51.0421 2964 i8042prt - ok
15:16:51.0468 2964 [ F8AA320C6A0409C0380E5D8A99D76EC6 ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
15:16:51.0484 2964 Imapi - ok
15:16:51.0531 2964 [ CF9D286B34CB4912F3B28B4972D5CB33 ] ImapiService C:\WINDOWS\system32\imapi.exe
15:16:51.0531 2964 ImapiService - ok
15:16:51.0546 2964 ini910u - ok
15:16:52.0375 2964 [ 08BAF30F6DE95814F58AF9CE7BBC5614 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
15:16:54.0515 2964 IntcAzAudAddService - ok
15:16:54.0562 2964 IntelIde - ok
15:16:54.0671 2964 [ 10A3AC0F0DF720AD3C3FD13861D50EB9 ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
15:16:54.0687 2964 intelppm - ok
15:16:54.0734 2964 [ 4448006B6BC60E6C027932CFC38D6855 ] Ip6Fw C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
15:16:54.0796 2964 Ip6Fw - ok
15:16:54.0843 2964 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
15:16:54.0843 2964 IpFilterDriver - ok
15:16:54.0859 2964 [ E1EC7F5DA720B640CD8FB8424F1B14BB ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
15:16:54.0906 2964 IpInIp - ok
15:16:55.0031 2964 [ 5191673215C91FF13CEAA83EF8E9653F ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
15:16:55.0078 2964 IpNat - ok
15:16:55.0140 2964 [ 64537AA5C003A6AFEEE1DF819062D0D1 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
15:16:55.0156 2964 IPSec - ok
15:16:55.0234 2964 [ 50708DAA1B1CBB7D6AC1CF8F56A24410 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
15:16:55.0265 2964 IRENUM - ok
15:16:55.0343 2964 [ 1091528512E4DD7ED5FDDCC4DF1C53D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
15:16:55.0406 2964 isapnp - ok
15:16:55.0531 2964 [ 6F877BF8DC01A550CD666F3BEDB2213C ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
15:16:55.0546 2964 Kbdclass - ok
15:16:55.0562 2964 [ 8531438246CE9474E41EE1599904C0C7 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
15:16:55.0562 2964 kmixer - ok
15:16:55.0750 2964 [ EB7FFE87FD367EA8FCA0506F74A87FBB ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
15:16:55.0781 2964 KSecDD - ok
15:16:55.0890 2964 [ 5F4591B2ABF3EC4D0EE752B5535E9517 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
15:16:55.0937 2964 lanmanserver - ok
15:16:56.0437 2964 [ 0423A8F550114044C21D8E3D6E2F48FB ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
15:16:56.0484 2964 lanmanworkstation - ok
15:16:56.0484 2964 lbrtfdc - ok
15:16:56.0593 2964 [ F9EE6D2AAB0690B34AE35BA9921A1414 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
15:16:56.0609 2964 LmHosts - ok
15:16:56.0656 2964 [ 500D089CE760D83DA2B6CBA681AA9949 ] MBAMProtector C:\WINDOWS\system32\drivers\mbam.sys
15:16:56.0687 2964 MBAMProtector - ok
15:16:57.0000 2964 [ 85B16A92B117A5A800032ECD904B86DB ] MBAMScheduler C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
15:16:57.0093 2964 MBAMScheduler - ok
15:16:57.0312 2964 [ 20E2469DB709FC675E655CEAA11BE312 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
15:16:57.0406 2964 MBAMService - ok
15:16:57.0656 2964 [ 8B2FCBD881879B55BE40B41F12FFC431 ] Messenger C:\WINDOWS\System32\msgsvc.dll
15:16:57.0671 2964 Messenger - ok
15:16:57.0703 2964 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
15:16:57.0718 2964 mnmdd - ok
15:16:57.0765 2964 [ 7D137132D6A9B41EF800E59A771ED48C ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
15:16:57.0765 2964 mnmsrvc - ok
15:16:57.0828 2964 [ 60210DEB037846AFE521EBF349964F6B ] Modem C:\WINDOWS\system32\drivers\Modem.sys
15:16:57.0828 2964 Modem - ok
15:16:57.0859 2964 [ B160EC94114715675509115986400FD9 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
15:16:58.0375 2964 Mouclass - ok
15:16:58.0453 2964 [ BB269EBA740737AB749B214D568B6812 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
15:16:58.0515 2964 mouhid - ok
15:16:58.0593 2964 [ 65653F3B4477F3C63E68A9659F85EE2E ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
15:16:58.0609 2964 MountMgr - ok
15:16:58.0984 2964 [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
15:16:59.0000 2964 MozillaMaintenance - ok
15:16:59.0015 2964 mraid35x - ok
15:16:59.0109 2964 [ 46EDCC8F2DB2F322C24F48785CB46366 ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
15:16:59.0187 2964 MRxDAV - ok
15:16:59.0515 2964 [ 7412CE77C6FD823F8889B4DF420C680B ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
15:16:59.0812 2964 MRxSmb - ok
15:17:00.0046 2964 [ 944A24032AED84C59455B981F6CA1C1A ] MSDTC C:\WINDOWS\system32\msdtc.exe
15:17:00.0062 2964 MSDTC - ok
15:17:00.0265 2964 [ 561B3A4333CA2DBDBA28B5B956822519 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
15:17:00.0281 2964 Msfs - ok
15:17:00.0281 2964 MSIServer - ok
15:17:00.0562 2964 [ AE431A8DD3C1D0D0610CDBAC16057AD0 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
15:17:00.0640 2964 MSKSSRV - ok
15:17:00.0750 2964 [ 13E75FEF9DFEB08EEDED9D0246E1F448 ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
15:17:00.0781 2964 MSPCLOCK - ok
15:17:01.0437 2964 [ 1988A33FF19242576C3D0EF9CE785DA7 ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
15:17:01.0453 2964 MSPQM - ok
15:17:01.0609 2964 [ 469541F8BFD2B32659D5D463A6714BCE ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
15:17:01.0640 2964 mssmbios - ok
15:17:02.0343 2964 [ E333010A50BF603ACC350F6019E9CE02 ] MTsensor C:\WINDOWS\system32\DRIVERS\ATKACPI.sys
15:17:02.0359 2964 MTsensor - ok
15:17:02.0500 2964 [ 82035E0F41C2DD05AE41D27FE6CF7DE1 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
15:17:02.0531 2964 Mup - ok
15:17:03.0359 2964 [ 6D8FCDD5BB3B676EF58FA234073492C6 ] NBService C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
15:17:03.0468 2964 NBService - ok
15:17:03.0593 2964 [ 558635D3AF1C7546D26067D5D9B6959E ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
15:17:03.0593 2964 NDIS - ok
15:17:03.0640 2964 [ 08D43BBDACDF23F34D79E44ED35C1B4C ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
15:17:03.0640 2964 NdisTapi - ok
15:17:03.0687 2964 [ 34D6CD56409DA9A7ED573E1C90A308BF ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
15:17:03.0703 2964 Ndisuio - ok
15:17:03.0781 2964 [ 0B90E255A9490166AB368CD55A529893 ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
15:17:03.0843 2964 NdisWan - ok
15:17:03.0890 2964 [ 59FC3FB44D2669BC144FD87826BB571F ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
15:17:03.0906 2964 NDProxy - ok
15:17:03.0968 2964 [ 3A2ACA8FC1D7786902CA434998D7CEB4 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
15:17:03.0984 2964 NetBIOS - ok
15:17:04.0015 2964 [ 0C80E410CD2F47134407EE7DD19CC86B ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
15:17:04.0046 2964 NetBT - ok
15:17:04.0171 2964 [ 818053225BF4AAC5F0F718001E492F70 ] NetDDE C:\WINDOWS\system32\netdde.exe
15:17:04.0203 2964 NetDDE - ok
15:17:04.0281 2964 [ 818053225BF4AAC5F0F718001E492F70 ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
15:17:04.0281 2964 NetDDEdsdm - ok
15:17:04.0312 2964 [ 82A362FE1D4980B71B588D9C10748511 ] Netlogon C:\WINDOWS\system32\lsass.exe
15:17:04.0343 2964 Netlogon - ok
15:17:04.0390 2964 [ BB0557B62B95F366464C3C60A0BD6BDF ] Netman C:\WINDOWS\System32\netman.dll
15:17:04.0390 2964 Netman - ok
15:17:04.0656 2964 [ 64C078BD4EFD441C3F159EDC5EA4420A ] Nla C:\WINDOWS\System32\mswsock.dll
15:17:04.0656 2964 Nla - ok
15:17:05.0156 2964 [ E32686B4E27D11F83E3F2844E104C66C ] NMIndexingService C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
15:17:05.0187 2964 NMIndexingService - ok
15:17:05.0218 2964 [ 4F601BCB8F64EA3AC0994F98FED03F8E ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
15:17:05.0234 2964 Npfs - ok
15:17:05.0531 2964 [ 05AB81909514BFD69CBB1F2C147CF6B9 ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
15:17:05.0687 2964 Ntfs - ok
15:17:05.0750 2964 [ 82A362FE1D4980B71B588D9C10748511 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
15:17:05.0750 2964 NtLmSsp - ok
15:17:05.0968 2964 [ D8D2B13BA93AE830B1A637DF571D1195 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
15:17:06.0375 2964 NtmsSvc - ok
15:17:06.0453 2964 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
15:17:06.0453 2964 Null - ok
15:17:06.0500 2964 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
15:17:06.0546 2964 NwlnkFlt - ok
15:17:06.0578 2964 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
15:17:06.0593 2964 NwlnkFwd - ok
15:17:06.0687 2964 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:17:06.0718 2964 ose - ok
15:17:06.0765 2964 [ 76A18CAA2FEFB28A4CED38D76837E86E ] Parport C:\WINDOWS\system32\drivers\Parport.sys
15:17:06.0796 2964 Parport - ok
15:17:06.0828 2964 [ 3334430C29DC338092F79C38EF7B4CD0 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
15:17:06.0843 2964 PartMgr - ok
15:17:06.0859 2964 [ 1FAE19D0457176318BBA4A8795656EBC ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
15:17:06.0890 2964 ParVdm - ok
15:17:06.0984 2964 [ B7979F37BB7B9DF2230046134955E6E7 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
15:17:07.0078 2964 PCI - ok
15:17:07.0078 2964 PCIDump - ok
15:17:07.0093 2964 [ 2DA4EC85E0EA7A45C6B2A05820492D5A ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
15:17:07.0156 2964 PCIIde - ok
15:17:07.0171 2964 [ 90505755634407D4EF4C6DEA60FC1DF9 ] Pcmcia C:\WINDOWS\system32\DRIVERS\pcmcia.sys
15:17:07.0234 2964 Pcmcia - ok
15:17:07.0234 2964 PDCOMP - ok
15:17:07.0250 2964 PDFRAME - ok
15:17:07.0265 2964 PDRELI - ok
15:17:07.0281 2964 PDRFRAME - ok
15:17:07.0281 2964 perc2 - ok
15:17:07.0328 2964 perc2hib - ok
15:17:07.0406 2964 [ 6E401E61F952FBBF708AFBECEFAFAE81 ] PlugPlay C:\WINDOWS\system32\services.exe
15:17:07.0406 2964 PlugPlay - ok
15:17:07.0437 2964 [ 82A362FE1D4980B71B588D9C10748511 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
15:17:07.0437 2964 PolicyAgent - ok
15:17:07.0484 2964 [ 1C5CC65AAC0783C344F16353E60B72AC ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
15:17:07.0484 2964 PptpMiniport - ok
15:17:07.0500 2964 [ 82A362FE1D4980B71B588D9C10748511 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
15:17:07.0500 2964 ProtectedStorage - ok
15:17:07.0562 2964 [ 48671F327553DCF1D27F6197F622A668 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
15:17:07.0609 2964 PSched - ok
15:17:07.0921 2964 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
15:17:07.0953 2964 Ptilink - ok
15:17:08.0000 2964 [ 81088114178112618B1C414A65E50F7C ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
15:17:08.0015 2964 PxHelp20 - ok
15:17:08.0031 2964 ql1080 - ok
15:17:08.0031 2964 Ql10wnt - ok
15:17:08.0046 2964 ql12160 - ok
15:17:08.0062 2964 ql1240 - ok
15:17:08.0078 2964 ql1280 - ok
15:17:08.0390 2964 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
15:17:08.0390 2964 RasAcd - ok
15:17:08.0453 2964 [ E68B6F9A726A444059705AB43B5656D1 ] RasAuto C:\WINDOWS\System32\rasauto.dll
15:17:08.0453 2964 RasAuto - ok
15:17:08.0484 2964 [ 98FAEB4A4DCF812BA1C6FCA4AA3E115C ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
15:17:08.0562 2964 Rasl2tp - ok
15:17:08.0593 2964 [ 9F1AD38C7035F0FD4EF3002B0AC34BA3 ] RasMan C:\WINDOWS\System32\rasmans.dll
15:17:08.0609 2964 RasMan - ok
15:17:08.0671 2964 [ 7306EEED8895454CBED4669BE9F79FAA ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
15:17:08.0687 2964 RasPppoe - ok
15:17:08.0890 2964 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
15:17:08.0906 2964 Raspti - ok
15:17:12.0656 2964 [ ED375CE745C42A14F10753F7022ECD6A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
15:17:12.0734 2964 Rdbss - ok
15:17:18.0859 2964 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
15:17:18.0906 2964 RDPCDD - ok
15:17:19.0031 2964 [ A2CAE2C60BC37E0751EF9DDA7CEAF4AD ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
15:17:19.0093 2964 rdpdr - ok
15:17:19.0218 2964 [ 047BEA21274C8A4A233674A76C958C2C ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
15:17:19.0218 2964 RDPWD - ok
15:17:19.0390 2964 [ 125ACF258DA9633F748131A0E0185AF3 ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
15:17:19.0437 2964 RDSessMgr - ok
15:17:19.0546 2964 [ ABA13D33E1F888C9A68599A48A8840D6 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
15:17:19.0562 2964 redbook - ok
15:17:19.0656 2964 [ EB5E1A601E5A1908A87E4D5A41803D98 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
15:17:19.0671 2964 RemoteAccess - ok
15:17:19.0781 2964 [ 5B21208FCF8970BB61FE98E19D828714 ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
15:17:19.0781 2964 RemoteRegistry - ok
15:17:19.0859 2964 [ 1BDBA2D2D402415A78A4BA766DFE0F7B ] rimsptsk C:\WINDOWS\system32\DRIVERS\rimsptsk.sys
15:17:19.0921 2964 rimsptsk - ok
15:17:20.0000 2964 [ ACE2CE73D7B04EAC48FB80482E05E770 ] risdptsk C:\WINDOWS\system32\DRIVERS\risdptsk.sys
15:17:20.0078 2964 risdptsk - ok
15:17:20.0156 2964 [ C8A3B668985D61249F2DC71716C58DE8 ] RpcLocator C:\WINDOWS\system32\locator.exe
15:17:20.0187 2964 RpcLocator - ok
15:17:20.0312 2964 [ 46C3197AAC32EBA82453ACDD84114DC2 ] RpcSs C:\WINDOWS\system32\rpcss.dll
15:17:20.0328 2964 RpcSs - ok
15:17:20.0546 2964 [ 09AB2E71E58B078038E3BFDBA7FFC984 ] RSVP C:\WINDOWS\system32\rsvp.exe
15:17:20.0578 2964 RSVP - ok
15:17:20.0625 2964 [ D507C1400284176573224903819FFDA3 ] rtl8139 C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
15:17:20.0640 2964 rtl8139 - ok
15:17:20.0671 2964 [ 82A362FE1D4980B71B588D9C10748511 ] SamSs C:\WINDOWS\system32\lsass.exe
15:17:20.0687 2964 SamSs - ok
15:17:20.0781 2964 [ C177354E995CC1AA1F767BCD9980434A ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
15:17:20.0843 2964 SCardSvr - ok
15:17:20.0953 2964 [ 29AC93307C6182DBE336BCA314947F28 ] Schedule C:\WINDOWS\system32\schedsvc.dll
15:17:21.0031 2964 Schedule - ok
15:17:21.0062 2964 [ 02FC71B020EC8700EE8A46C58BC6F276 ] sdbus C:\WINDOWS\system32\DRIVERS\sdbus.sys
15:17:21.0171 2964 sdbus - ok
15:17:21.0234 2964 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
15:17:21.0281 2964 Secdrv - ok
15:17:21.0296 2964 [ C76CB8A133374FAC6805F83FF7B7DA03 ] seclogon C:\WINDOWS\System32\seclogon.dll
15:17:21.0328 2964 seclogon - ok
15:17:21.0390 2964 [ 220AD85BA9C5B3011296354011B901CC ] SENS C:\WINDOWS\system32\sens.dll
15:17:21.0468 2964 SENS - ok
15:17:21.0484 2964 [ C1DDBC85251551A840212999DA3D95F3 ] Serial C:\WINDOWS\system32\drivers\Serial.sys
15:17:21.0531 2964 Serial - ok
15:17:22.0531 2964 [ 0D13B6DF6E9E101013A7AFB0CE629FE0 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
15:17:22.0546 2964 Sfloppy - ok
15:17:22.0828 2964 [ 6A93501BCDEBF159109429B022C0FF83 ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
15:17:23.0062 2964 SharedAccess - ok
15:17:23.0109 2964 [ F961FDD353F9451440197024FDDFE086 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
15:17:23.0109 2964 ShellHWDetection - ok
15:17:23.0125 2964 Simbad - ok
15:17:23.0375 2964 [ B7FBC508933553828E0948B537FD7984 ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
15:17:23.0375 2964 SkypeUpdate - ok
15:17:23.0906 2964 [ 84A9AF2B348B691453ACBAB37C8BFB27 ] smserial C:\WINDOWS\system32\DRIVERS\smserial.sys
15:17:24.0468 2964 smserial - ok
15:17:25.0609 2964 [ E78C98378A071CE4D48A7C514FA98FA1 ] snapman C:\WINDOWS\system32\DRIVERS\snapman.sys
15:17:25.0656 2964 snapman - ok
15:17:25.0656 2964 Sparrow - ok
15:17:26.0328 2964 [ 9BB1DD670CB7505A90FC4E61D4AA8227 ] splitter C:\WINDOWS\system32\drivers\splitter.sys
15:17:26.0343 2964 splitter - ok
15:17:26.0968 2964 [ AD3D9D191AEA7B5445FE1D82FFBB4788 ] Spooler C:\WINDOWS\system32\spoolsv.exe
15:17:27.0031 2964 Spooler - ok
15:17:27.0156 2964 [ A74035EA526DB97D9D50D2143A55F5CF ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
15:17:27.0250 2964 sr - ok
15:17:27.0609 2964 [ 3CD57F31A64D32FDB28918B16D1E6AAC ] srservice C:\WINDOWS\system32\srsvc.dll
15:17:27.0687 2964 srservice - ok
15:17:28.0171 2964 [ 5230953C21C811B5FC1FF31AE2B48097 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
15:17:28.0171 2964 Srv - ok
15:17:28.0312 2964 [ 88C28F53F53438DAFCD95E99C837C61E ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
15:17:28.0328 2964 SSDPSRV - ok
15:17:28.0406 2964 [ 1F3BB7CB8064B3EC143D291F7222DF4B ] stisvc C:\WINDOWS\system32\wiaservc.dll
15:17:28.0625 2964 stisvc - ok
15:17:28.0765 2964 [ 03C1BAE4766E2450219D20B993D6E046 ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
15:17:28.0828 2964 swenum - ok
15:17:28.0906 2964 [ 94ABC808FC4B6D7D2BBF42B85E25BB4D ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
15:17:28.0906 2964 swmidi - ok
15:17:28.0921 2964 SwPrv - ok
15:17:28.0984 2964 symc810 - ok
15:17:29.0000 2964 symc8xx - ok
15:17:29.0015 2964 sym_hi - ok
15:17:29.0031 2964 sym_u3 - ok
15:17:29.0531 2964 [ 69BF2DD9B1099D1AA3E7CF14B4B842CD ] SynTP C:\WINDOWS\system32\DRIVERS\SynTP.sys
15:17:29.0609 2964 SynTP - ok
15:17:29.0656 2964 [ 650AD082D46BAC0E64C9C0E0928492FD ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
15:17:29.0656 2964 sysaudio - ok
15:17:29.0765 2964 [ D9C9ECFF4904E6151525C533AEEDF8F4 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
15:17:29.0812 2964 SysmonLog - ok
15:17:30.0671 2964 [ 2EB5536278D697C5895A48514682BF64 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
15:17:30.0687 2964 TapiSrv - ok
15:17:30.0750 2964 [ B2220C618B42A2212A59D91EBD6FC4B4 ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
15:17:30.0875 2964 Tcpip - ok
15:17:31.0140 2964 [ 38D437CF2D98965F239B0ABCD66DCB0F ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
15:17:31.0156 2964 TDPIPE - ok
15:17:31.0281 2964 [ ED0580AF02502D00AD8C4C066B156BE9 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
15:17:31.0281 2964 TDTCP - ok
15:17:31.0312 2964 [ A540A99C281D933F3D69D55E48727F47 ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
15:17:31.0343 2964 TermDD - ok
15:17:31.0640 2964 [ 2F5919F2F6EE7A845893D9C3AA2BC56A ] TermService C:\WINDOWS\System32\termsrv.dll
15:17:31.0656 2964 TermService - ok
15:17:31.0671 2964 [ F961FDD353F9451440197024FDDFE086 ] Themes C:\WINDOWS\System32\shsvcs.dll
15:17:31.0671 2964 Themes - ok
15:17:31.0812 2964 [ 7369F74DD9172C6527A8ACEB010E28F1 ] tifsfilter C:\WINDOWS\system32\DRIVERS\tifsfilt.sys
15:17:31.0828 2964 tifsfilter - ok
15:17:32.0671 2964 [ 53FEC95B844C46489F6683DC0A606E01 ] timounter C:\WINDOWS\system32\DRIVERS\timntr.sys
15:17:32.0812 2964 timounter - ok
15:17:32.0890 2964 [ 535C2FB97336BAFA509F4783DD1E5746 ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
15:17:32.0921 2964 TlntSvr - ok
15:17:33.0359 2964 [ 87843B2DA99051BC66E2D6C211E3D6A4 ] TOSHIBA Bluetooth Service C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
15:17:33.0500 2964 TOSHIBA Bluetooth Service - ok
15:17:33.0515 2964 TosIde - ok
15:17:33.0546 2964 Tosrfcom - ok
15:17:33.0796 2964 [ 4DCE17221B1A87FB47E36842F3E38753 ] TrkWks C:\WINDOWS\system32\trkwks.dll
15:17:33.0828 2964 TrkWks - ok
15:17:33.0875 2964 TuneUp.Defrag - ok
15:17:33.0890 2964 TuneUp.UtilitiesSvc - ok
15:17:33.0906 2964 TuneUpUtilitiesDrv - ok
15:17:34.0125 2964 [ 12F70256F140CD7D52C58C7048FDE657 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
15:17:34.0156 2964 Udfs - ok
15:17:34.0156 2964 ultra - ok
15:17:34.0296 2964 [ A4815A4884898F355A3513E60843A4FD ] Update C:\WINDOWS\system32\DRIVERS\update.sys
15:17:34.0390 2964 Update - ok
15:17:34.0484 2964 [ 6FD45FDC0C32BC4E81F718B671A3E017 ] upnphost C:\WINDOWS\System32\upnphost.dll
15:17:34.0500 2964 upnphost - ok
15:17:34.0687 2964 [ 6148A3BA4D9CC628357FC92014FEA30E ] UPS C:\WINDOWS\System32\ups.exe
15:17:34.0718 2964 UPS - ok
15:17:34.0812 2964 [ 15E993BA2F6946B2BFBBFCD30398621E ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
15:17:34.0812 2964 usbehci - ok
15:17:34.0859 2964 [ C72F40947F92CEA56A8FB532EDF025F1 ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
15:17:34.0859 2964 usbhub - ok
15:17:34.0875 2964 [ BDFE799A8531BAD8A5A985821FE78760 ] usbohci C:\WINDOWS\system32\DRIVERS\usbohci.sys
15:17:34.0875 2964 usbohci - ok
15:17:34.0890 2964 [ 6CD7B22193718F1D17A47A1CD6D37E75 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
15:17:34.0906 2964 USBSTOR - ok
15:17:34.0906 2964 UxTuneUp - ok
15:17:34.0968 2964 [ 8A60EDD72B4EA5AEA8202DAF0E427925 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
15:17:34.0984 2964 VgaSave - ok
15:17:35.0093 2964 ViaIde - ok
15:17:35.0390 2964 [ CD8CCE067F7E9CBD762C00BDDDECAA34 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
15:17:35.0421 2964 VolSnap - ok
15:17:35.0468 2964 [ 043539881667BB37B07524032D6FFC3E ] VSS C:\WINDOWS\System32\vssvc.exe
15:17:35.0484 2964 VSS - ok
15:17:36.0015 2964 [ 2CEEBB402187AE56B585701F3D191FB3 ] W32Time C:\WINDOWS\system32\w32time.dll
15:17:36.0015 2964 W32Time - ok
15:17:36.0062 2964 [ 984EF0B9788ABF89974CFED4BFBAACBC ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
15:17:36.0062 2964 Wanarp - ok
15:17:36.0078 2964 WDICA - ok
15:17:36.0125 2964 [ 0BFA8203B8148FB4E54BC212C41CE497 ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
15:17:36.0125 2964 wdmaud - ok
15:17:36.0156 2964 [ F00DA7A8B61972898A1661B1B9095218 ] WebClient C:\WINDOWS\System32\webclnt.dll
15:17:36.0171 2964 WebClient - ok
15:17:36.0734 2964 [ E12084EA622BDF2262C637BEF15DD85C ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
15:17:36.0734 2964 winmgmt - ok
15:17:36.0796 2964 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\mspmsnsv.dll
15:17:36.0796 2964 WmdmPmSN - ok
15:17:36.0953 2964 [ 0CDC4A0C6B820FAD99FB4CA74CD0C476 ] Wmi C:\WINDOWS\System32\advapi32.dll
15:17:36.0953 2964 Wmi - ok
15:17:37.0000 2964 [ BCD21B989F0FD4ACE78287FC01B4693D ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
15:17:37.0000 2964 WmiApSrv - ok
15:17:37.0359 2964 [ 3739866D20ABD42F26A7B85F9E2560AF ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
15:17:37.0375 2964 WMPNetworkSvc - ok
15:17:37.0437 2964 [ CF4DEF1BF66F06964DC0D91844239104 ] WpdUsb C:\WINDOWS\system32\DRIVERS\wpdusb.sys
15:17:37.0437 2964 WpdUsb - ok
15:17:37.0453 2964 [ 4ADED1ADEF25041D9827F9A79C0FDA13 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
15:17:37.0468 2964 wscsvc - ok
15:17:37.0500 2964 [ 21F5169CA14E0B25C757644456F637DF ] wuauserv C:\WINDOWS\system32\wuauserv.dll
15:17:37.0500 2964 wuauserv - ok
15:17:37.0531 2964 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
15:17:37.0531 2964 WudfPf - ok
15:17:37.0562 2964 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
15:17:37.0562 2964 WudfRd - ok
15:17:37.0578 2964 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
15:17:37.0578 2964 WudfSvc - ok
15:17:37.0625 2964 [ 325CEDEF696EF4B649DDCD3968D085C9 ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
15:17:37.0625 2964 WZCSVC - ok
15:17:37.0640 2964 xcpip - ok
15:17:37.0703 2964 [ 9B835D4C64860B155A1701D5092EC9E4 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
15:17:37.0703 2964 xmlprov - ok
15:17:37.0718 2964 xpsec - ok
15:17:37.0734 2964 ================ Scan global ===============================
15:17:37.0906 2964 [ F642F3368D2839798DA79E7BA9218481 ] C:\WINDOWS\system32\basesrv.dll
15:17:38.0015 2964 [ 6D731741FEF45B51FCFBC5396076F561 ] C:\WINDOWS\system32\winsrv.dll
15:17:38.0046 2964 [ 6D731741FEF45B51FCFBC5396076F561 ] C:\WINDOWS\system32\winsrv.dll
15:17:38.0093 2964 [ 6E401E61F952FBBF708AFBECEFAFAE81 ] C:\WINDOWS\system32\services.exe
15:17:38.0109 2964 [Global] - ok
15:17:38.0109 2964 ================ Scan MBR ==================================
15:17:38.0140 2964 [ 2EE71BF0EED0EA80EA06D295A1A50104 ] \Device\Harddisk0\DR0
15:17:38.0156 2964 \Device\Harddisk0\DR0 ( Rootkit.Boot.Sinowal.b ) - infected
15:17:38.0156 2964 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Sinowal.b (0)
15:17:38.0156 2964 ================ Scan VBR ==================================
15:17:38.0171 2964 [ 751317884D974D301F19AF51CD204640 ] \Device\Harddisk0\DR0\Partition1
15:17:38.0187 2964 \Device\Harddisk0\DR0\Partition1 - ok
15:17:38.0203 2964 [ 7A47414BFD2247B2B3B1784C3135BACB ] \Device\Harddisk0\DR0\Partition2
15:17:38.0265 2964 \Device\Harddisk0\DR0\Partition2 - ok
15:17:38.0265 2964 ============================================================
15:17:38.0265 2964 Scan finished
15:17:38.0265 2964 ============================================================
15:17:38.0312 2956 Detected object count: 2
15:17:38.0312 2956 Actual detected object count: 2
15:20:20.0687 2956 System memory - cured
15:20:20.0687 2956 System memory ( MEM:Backdoor.Win32.Sinowal.d ) - User select action: Cure
15:20:21.0140 2956 \Device\Harddisk0\DR0\# - copied to quarantine
15:20:21.0140 2956 \Device\Harddisk0\DR0 - copied to quarantine
15:20:21.0156 2956 \Device\Harddisk0\DR0 ( Rootkit.Boot.Sinowal.b ) - will be cured on reboot
15:20:21.0171 2956 \Device\Harddisk0\DR0 - ok
15:20:21.0171 2956 \Device\Harddisk0\DR0 ( Rootkit.Boot.Sinowal.b ) - User select action: Cure

[doyll]

ComboFix 12-11-09.02 - admin 11.11.2012 15:30:59.1.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.895.392 [GMT 1:00]
Spuštěný z: c:\documents and settings\admin\Dokumenty\Sta×enÚ soubory\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\uxt7C.tmp
D:\AUTORUN.INF
.
.
\\.\PhysicalDrive0 - Bootkit Sinowal was found and disinfected
\\.\PhysicalDrive1 - Bootkit Sinowal was found and disinfected
\\.\PhysicalDrive2 - Bootkit Sinowal was found and disinfected
\\.\PhysicalDrive3 - Bootkit Sinowal was found and disinfected
\\.\PhysicalDrive4 - Bootkit Sinowal was found and disinfected
\\.\PhysicalDrive5 - Bootkit Sinowal was found and disinfected
\\.\PhysicalDrive6 - Bootkit Sinowal was found and disinfected
\\.\PhysicalDrive7 - Bootkit Sinowal was found and disinfected
\\.\PhysicalDrive8 - Bootkit Sinowal was found and disinfected
\\.\PhysicalDrive9 - Bootkit Sinowal was found and disinfected
.
\\.\PhysicalDrive0 - Bootkit Sinowal was found and disinfected
\\.\PhysicalDrive1 - Bootkit Sinowal was found and disinfected
\\.\PhysicalDrive2 - Bootkit Sinowal was found and disinfected
\\.\PhysicalDrive3 - Bootkit Sinowal was found and disinfected
\\.\PhysicalDrive4 - Bootkit Sinowal was found and disinfected
\\.\PhysicalDrive5 - Bootkit Sinowal was found and disinfected
\\.\PhysicalDrive6 - Bootkit Sinowal was found and disinfected
\\.\PhysicalDrive7 - Bootkit Sinowal was found and disinfected
\\.\PhysicalDrive8 - Bootkit Sinowal was found and disinfected
\\.\PhysicalDrive9 - Bootkit Sinowal was found and disinfected
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_xcpip
-------\Service_xpsec
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-10-11 do 2012-11-11 )))))))))))))))))))))))))))))))
.
.
2012-11-11 14:20 . 2012-11-11 14:20 -------- d-----w- C:\TDSSKiller_Quarantine
2012-11-11 13:16 . 2012-11-11 13:16 -------- d-----w- c:\documents and settings\admin\Data aplikací\Malwarebytes
2012-11-11 13:16 . 2012-11-11 13:16 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2012-11-11 13:16 . 2012-11-11 13:16 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-11-11 13:16 . 2012-09-29 18:54 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-11-11 13:04 . 2012-11-11 13:04 388096 ----a-r- c:\documents and settings\admin\Data aplikací\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-11-11 13:04 . 2012-11-11 13:04 -------- d-----w- c:\program files\Trend Micro
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-24 12:48 . 2009-01-30 19:25 114048 ----a-w- c:\windows\system32\drivers\snapman.sys
2012-08-30 21:08 . 2012-08-30 21:08 73416 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-30 21:08 . 2012-08-30 21:08 696520 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-24 13:43 . 2012-08-24 13:43 301920 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2012-10-08 17:37 . 2012-10-08 17:37 266720 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2008-01-05 . 0C2F6B6366E23D7362EB2C2EC29262F6 . 1548288 . . [5.1.2600.2180] . . c:\windows\system32\sfcfiles.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2008-02-13 16857600]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-07-31 2596984]
"OSSelectorReinstall"="c:\program files\Common Files\Acronis\Acronis Disk Director\oss_reinstall.exe" [2007-03-15 2225208]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKLM\~\startupfolder\C:^Documents and Settings^admin^Nabídka Start^Programy^Po spuštění^CCC.lnk]
path=c:\documents and settings\admin\Nabídka Start\Programy\Po spuštění\CCC.lnk
backup=c:\windows\pss\CCC.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service]
2005-10-18 18:26 118784 ----a-w- c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATKHOTKEY]
2007-08-23 10:18 229376 ----a-w- c:\program files\ATK Hotkey\HControl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HControl]
2009-01-30 19:43 98304 ----a-w- c:\windows\ATK0100\HControl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 14:57 153136 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2012-07-13 11:34 17420464 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]
2006-08-07 12:11 573440 ----a-w- c:\program files\Motorola\SMSERIAL\sm56hlpr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2006-11-10 10:35 90112 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2006-05-25 19:02 786521 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrueImageMonitor.exe]
2005-10-18 18:26 1009192 ----a-w- c:\program files\Acronis\TrueImage\TrueImageMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"wuauserv"=2 (0x2)
"AcrSch2Svc"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:Remote Desktop
"65533:TCP"= 65533:TCP:Services
"52344:TCP"= 52344:TCP:Services
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [19.4.2012 3:50 24896]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [31.1.2012 3:46 31952]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [26.7.2012 2:21 237408]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [24.8.2012 14:43 301920]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [14.2.2012 3:53 193288]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [11.11.2012 14:16 676936]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [11.11.2012 14:16 22856]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [13.7.2012 12:29 160944]
S2 TuneUp.UtilitiesSvc;AVG PC TuneUp Service;"c:\program files\AVG\AVG PC TuneUp\TuneUpUtilitiesService32.exe" --> c:\program files\AVG\AVG PC TuneUp\TuneUpUtilitiesService32.exe [?]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;\??\c:\program files\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver32.sys --> c:\program files\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver32.sys [?]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
TCP: Interfaces\{857CFF4C-8419-4323-9C13-8BDF81451CA8}: NameServer = 10.153.28.49
FF - ProfilePath - c:\documents and settings\admin\Data aplikací\Mozilla\Firefox\Profiles\fdk96az2.default\
FF - prefs.js: browser.search.selectedEngine - Search Here
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - ExtSQL: 2012-09-24 14:42; {F53C93F1-07D5-430c-86D4-C9531B27DFAF}; c:\program files\AVG\AVG2012\Firefox\DoNotTrack
FF - ExtSQL: 2012-09-24 15:50; {ea614400-e918-4741-9a97-7a972ff7c30b}; c:\documents and settings\admin\Data aplikací\Mozilla\Firefox\Profiles\fdk96az2.default\extensions\{ea614400-e918-4741-9a97-7a972ff7c30b}
FF - ExtSQL: 2012-11-11 15:09; addon@defaulttab.com; c:\documents and settings\admin\Data aplikací\Mozilla\Firefox\Profiles\fdk96az2.default\extensions\addon@defaulttab.com.xpi
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
SafeBoot-47260887.sys
SafeBoot-87938919.sys
MSConfigStartUp-egui - c:\program files\ESET\ESET Smart Security\egui.exe
HKLM_ActiveSetup-ccc-core-static - msiexec
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-11-11 15:37
Windows 5.1.2600 Service Pack 2 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(900)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'lsass.exe'(960)
c:\windows\system32\relog_ap.dll
.
- - - - - - - > 'explorer.exe'(2888)
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\progra~1\AVG\AVG2012\avgrsx.exe
c:\program files\AVG\AVG2012\avgcsrvx.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
c:\program files\AVG\AVG2012\avgnsx.exe
c:\program files\AVG\AVG2012\avgemcx.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\mom.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
c:\windows\RTHDCPL.EXE
.
**************************************************************************
.
Celkový čas: 2012-11-11 15:40:00 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-11-11 14:39
.
Před spuštěním: Volných bajtů: 40 585 650 176
Po spuštění: Volných bajtů: 40 988 893 184
.
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 27D3F4FEBCF411008CB1B42EE6C5BB71

[memphisto]

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

KillAll::
Driver::
SkypeUpdate
TuneUp.UtilitiesSvc
TuneUpUtilitiesDrv

File::
c:\program files\AVG\AVG PC TuneUp\TuneUpUtilitiesService32.exe
c:\program files\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver32.sys

Folder::
c:\program files\Skype\Updater


Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upus.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu

[doyll]

vyše uvedenou ulohu jsem provedl podle navodu, nic meně asi hodinu se nic nedělo combofix stale skenoval . po te jsem proces ukončil. jak dlouho muže kontrola trvat? Mam začit znovu?

[doyll]

při druhem spuštěni už scan probihal jen deset min, vše ok. tady je logo
ComboFix 12-11-14.01 - admin 15.11.2012 12:24:29.2.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.895.484 [GMT 1:00]
Spuštěný z: c:\documents and settings\admin\Dokumenty\Stažené soubory\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\admin\Plocha\CFScript.txt
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
FILE ::
"c:\program files\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver32.sys"
"c:\program files\AVG\AVG PC TuneUp\TuneUpUtilitiesService32.exe"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Skype\Updater
c:\program files\Skype\Updater\Updater.dll
c:\program files\Skype\Updater\Updater.exe
c:\windows\iun6002.exe
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_SKYPEUPDATE
-------\Legacy_TUNEUP.UTILITIESSVC
-------\Legacy_TUNEUPUTILITIESDRV
-------\Service_SkypeUpdate
-------\Service_TuneUp.UtilitiesSvc
-------\Service_TuneUpUtilitiesDrv
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-10-15 do 2012-11-15 )))))))))))))))))))))))))))))))
.
.
2012-11-11 14:20 . 2012-11-11 14:20 -------- d-----w- C:\TDSSKiller_Quarantine
2012-11-11 13:16 . 2012-11-11 13:16 -------- d-----w- c:\documents and settings\admin\Data aplikací\Malwarebytes
2012-11-11 13:16 . 2012-11-11 13:16 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2012-11-11 13:16 . 2012-11-11 13:16 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-11-11 13:16 . 2012-09-29 18:54 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-11-11 13:04 . 2012-11-11 13:04 388096 ----a-r- c:\documents and settings\admin\Data aplikací\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-11-11 13:04 . 2012-11-11 13:04 -------- d-----w- c:\program files\Trend Micro
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-24 12:48 . 2009-01-30 19:25 114048 ----a-w- c:\windows\system32\drivers\snapman.sys
2012-08-30 21:08 . 2012-08-30 21:08 73416 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-30 21:08 . 2012-08-30 21:08 696520 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-24 13:43 . 2012-08-24 13:43 301920 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2012-10-24 17:50 . 2012-11-11 14:59 261600 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2008-01-05 . 0C2F6B6366E23D7362EB2C2EC29262F6 . 1548288 . . [5.1.2600.2180] . . c:\windows\system32\sfcfiles.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2008-02-13 16857600]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-07-31 2596984]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKLM\~\startupfolder\C:^Documents and Settings^admin^Nabídka Start^Programy^Po spuštění^CCC.lnk]
path=c:\documents and settings\admin\Nabídka Start\Programy\Po spuštění\CCC.lnk
backup=c:\windows\pss\CCC.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATKHOTKEY]
2007-08-23 10:18 229376 ----a-w- c:\program files\ATK Hotkey\HControl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HControl]
2009-01-30 19:43 98304 ----a-w- c:\windows\ATK0100\HControl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 14:57 153136 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2012-07-13 11:34 17420464 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]
2006-08-07 12:11 573440 ----a-w- c:\program files\Motorola\SMSERIAL\sm56hlpr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2006-11-10 10:35 90112 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2006-05-25 19:02 786521 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"wuauserv"=2 (0x2)
"AcrSch2Svc"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:Remote Desktop
"65533:TCP"= 65533:TCP:Services
"52344:TCP"= 52344:TCP:Services
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [19.4.2012 3:50 24896]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [31.1.2012 3:46 31952]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [26.7.2012 2:21 237408]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [24.8.2012 14:43 301920]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [14.2.2012 3:53 193288]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [11.11.2012 14:16 676936]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [11.11.2012 14:16 22856]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
TCP: Interfaces\{857CFF4C-8419-4323-9C13-8BDF81451CA8}: NameServer = 10.153.28.49
FF - ProfilePath - c:\documents and settings\admin\Data aplikací\Mozilla\Firefox\Profiles\70oaxplw.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - ExtSQL: 2012-09-24 14:42; {F53C93F1-07D5-430c-86D4-C9531B27DFAF}; c:\program files\AVG\AVG2012\Firefox\DoNotTrack
FF - ExtSQL: 2012-11-11 15:59; {ea614400-e918-4741-9a97-7a972ff7c30b}; c:\documents and settings\admin\Data aplikací\Mozilla\Firefox\Profiles\70oaxplw.default\extensions\{ea614400-e918-4741-9a97-7a972ff7c30b}
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
MSConfigStartUp-Acronis Scheduler2 Service - c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe
MSConfigStartUp-TrueImageMonitor - c:\program files\Acronis\TrueImage\TrueImageMonitor.exe
AddRemove-Cool's_Codec_pack_4.12 - c:\windows\iun6002.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-11-15 12:30
Windows 5.1.2600 Service Pack 2 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(824)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(2072)
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\progra~1\AVG\AVG2012\avgrsx.exe
c:\program files\AVG\AVG2012\avgcsrvx.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe
c:\windows\RTHDCPL.EXE
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
c:\program files\AVG\AVG2012\avgnsx.exe
c:\program files\AVG\AVG2012\avgemcx.exe
.
**************************************************************************
.
Celkový čas: 2012-11-15 12:32:28 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-11-15 11:32
ComboFix2.txt 2012-11-11 14:40
.
Před spuštěním: Volných bajtů: 40 965 410 816
Po spuštění: Volných bajtů: 40 959 127 552
.
- - End Of File - - 973E5AEEB1B8798D2D5533C8D84FBBAA