Vir Kryptik Vyřešeno

[Hastalda]

o.k., potvrdila jsem v Malwarebyets smazání, nový log file:

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Verze databáze: v2012.05.11.04

Windows XP Service Pack 2 x86 NTFS
Internet Explorer 8.0.6001.18702
1102 :: UGLY [administrátor]

11.5.2012 19:36:00
mbam-log-2012-05-11 (19-36-00).txt

Typ: Úplná kontrola
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 271377
Uplynulý čas: 17 minut, 29 sekund

Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené klíče v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené hodnoty v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené datové položky v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené složky: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené soubory: 1
H:\Programy\Nero 8.1.1.0 Ultra Edition + Keygen [h33t] [CaZoR]\nero8x.exe (RiskWare.Tool.CK) -> Umístnění do karantény a smazání se zdařilo.

(konec)

Ještě než spustím ComboFix:
- mám teď odpojit externí disk ?? Ptám se proto, že veškerou zálohu mám právě na tomto externím disku;
- mám vrátit to obnovení systému na všech jednotkách ?

[Reklama]

[guest]

Vyčkej co ti poradí chlapi od virů ad. a nic nedělej, nebo uděláš víc škody a užitku.
A příště nestahuj keygeny, což je zřejmá příčina problémů.

[Hastalda]

Já vím, že mám hloupé dotazy, ale jak mám vypnout rez. ochranu u antiviru a antispamu ??
A co když antivirový program po spuštění ComboFixu a restartu, nenaběhne ? ;o(

o.k., radši počkám, ať něco blbě neudělám.. ;o((

[guest]

Hloupé dotazy nemáš, máš otázky jako my všichni co tomu nerozumíme. Proto musíš vyčkat na odpověď odborníka!

[Žbeky]

Proč by nenaběhl. Klikni ravám na ikonu esetu dole v liště a bude tam něco jako zastavit štíty nebo něco na ten způsob

[guest]

http://nod32.helpmax.net/cs/dialogove-o ... a-sektoru/

[Hastalda]

Díky moc - tak už se mě podle návodu podařilo rez. ochranu zastavit.

Když byl vir v externím disku, mám ho při spuštění ComboFixu nechat připojený k PC nebo ho mám odpojit ??
Mám vrátit nazpět to obnovení systému na všech jednotkách, když jaro3 napsal, že to bylo špatně ?

Když spustím ComboFix a po restartu windows nenaběhnou - jak píše jaro3 - mám zmáčknout klávesu F8 a "poslední známou konfiguraci" => to je co ??

Já se fakt omlouvám, ale když nenaběhne, pak se s vámi nebudu moct spojit a sama s tim nic neudělám.. ;o((

[jaro3]

Nech připojen ext.disk..

Ostatní - bod obnovy si zapni , ale nic nepodnikej jen Combofix.

Před ním:
Stáhni si TDSSKiller

Na svojí plochu.Ujisti se , že máš zavřeny všechny ostatní aplikace a prohlížeče. Rozbal soubor a spusť TDSSKiller.exe. Restartuj PC . Log z TDSSKilleru najdeš zde:
C:\TDSSKiller.2.2.7.1._(datum)_log.txt , vlož sem prosím celý obsah logu.

Pak Combofix.

[guest]

Když spustím ComboFix a po restartu windows nenaběhnou - jak píše jaro3 - mám zmáčknout klávesu F8 a "poslední známou konfiguraci" => to je co ??

Do poslední funkční konfigurace se dostaneš tak, že po zapnutí či restartu PC mačkáš opakovaně F8. Vybereš ji a potvrdíš.

[Hastalda]

Díky za rady a otisk obrazovky - to pomohlo.. ;o)

o.k., postupovala jsem přesně podle popisu - po restartu jsem skopírovala z TDSSKiller logfile:

16:07:03.0546 2720 TDSS rootkit removing tool 2.7.34.0 May 2 2012 09:59:18
16:07:03.0734 2720 ============================================================
16:07:03.0734 2720 Current date / time: 2012/05/12 16:07:03.0734
16:07:03.0734 2720 SystemInfo:
16:07:03.0734 2720
16:07:03.0734 2720 OS Version: 5.1.2600 ServicePack: 2.0
16:07:03.0734 2720 Product type: Workstation
16:07:03.0734 2720 ComputerName: UGLY
16:07:03.0734 2720 UserName: 1102
16:07:03.0734 2720 Windows directory: C:\windows
16:07:03.0734 2720 System windows directory: C:\windows
16:07:03.0734 2720 Processor architecture: Intel x86
16:07:03.0734 2720 Number of processors: 1
16:07:03.0734 2720 Page size: 0x1000
16:07:03.0734 2720 Boot type: Normal boot
16:07:03.0734 2720 ============================================================
16:07:04.0312 2720 Drive \Device\Harddisk0\DR0 - Size: 0x2E93E36000 (186.31 Gb), SectorSize: 0x200, Cylinders: 0x5F01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
16:07:04.0312 2720 Drive \Device\Harddisk1\DR2 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
16:07:04.0781 2720 ============================================================
16:07:04.0781 2720 \Device\Harddisk0\DR0:
16:07:04.0781 2720 MBR partitions:
16:07:04.0781 2720 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x17499EC1
16:07:04.0781 2720 \Device\Harddisk1\DR2:
16:07:04.0781 2720 MBR partitions:
16:07:04.0781 2720 \Device\Harddisk1\DR2\Partition0: MBR, Type 0xC, StartLBA 0x3F, BlocksNum 0x74705982
16:07:04.0781 2720 ============================================================
16:07:04.0812 2720 C: <-> \Device\Harddisk0\DR0\Partition0
16:07:04.0812 2720 H: <-> \Device\Harddisk1\DR2\Partition0
16:07:04.0812 2720 ============================================================
16:07:04.0812 2720 Initialize success
16:07:04.0812 2720 ============================================================
16:07:10.0000 2760 ============================================================
16:07:10.0000 2760 Scan started
16:07:10.0000 2760 Mode: Manual;
16:07:10.0000 2760 ============================================================
16:07:10.0109 2760 Abiosdsk - ok
16:07:10.0109 2760 abp480n5 - ok
16:07:10.0156 2760 ACPI (fa2fbcda96d2385f773b059fe5a125a6) C:\windows\system32\DRIVERS\ACPI.sys
16:07:10.0156 2760 ACPI - ok
16:07:10.0171 2760 ACPIEC (afdff022a01f0b11c776f0860c3b282f) C:\windows\system32\drivers\ACPIEC.sys
16:07:10.0203 2760 ACPIEC - ok
16:07:10.0203 2760 adpu160m - ok
16:07:10.0265 2760 aec (1ee7b434ba961ef845de136224c30fec) C:\windows\system32\drivers\aec.sys
16:07:10.0281 2760 aec - ok
16:07:10.0312 2760 AFD (5ac495f4cb807b2b98ad2ad591e6d92e) C:\windows\System32\drivers\afd.sys
16:07:10.0328 2760 AFD - ok
16:07:10.0343 2760 Aha154x - ok
16:07:10.0343 2760 aic78u2 - ok
16:07:10.0359 2760 aic78xx - ok
16:07:10.0468 2760 ALCXWDM (dd8520280304b6145a6be31008748c7c) C:\windows\system32\drivers\ALCXWDM.SYS
16:07:10.0593 2760 ALCXWDM - ok
16:07:10.0656 2760 Alerter (026ddaa7e6f8d49df82c7a98bae5d0d1) C:\windows\system32\alrsvc.dll
16:07:10.0656 2760 Alerter - ok
16:07:10.0671 2760 ALG (b3f690bf43f93a012a52f28f234faa1b) C:\windows\System32\alg.exe
16:07:10.0671 2760 ALG - ok
16:07:10.0703 2760 AliIde - ok
16:07:10.0734 2760 AmdK8 (59301936898ae62245a6f09c0aba9475) C:\windows\system32\DRIVERS\AmdK8.sys
16:07:10.0750 2760 AmdK8 - ok
16:07:10.0765 2760 amsint - ok
16:07:10.0781 2760 AppMgmt (421184f91eae5c6e78e653c6b32aae84) C:\windows\System32\appmgmts.dll
16:07:10.0781 2760 AppMgmt - ok
16:07:10.0796 2760 asc - ok
16:07:10.0796 2760 asc3350p - ok
16:07:10.0812 2760 asc3550 - ok
16:07:10.0875 2760 aspnet_state (d33c507942299753868204cc7642fa27) C:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
16:07:10.0890 2760 aspnet_state - ok
16:07:10.0906 2760 AsyncMac (02000abf34af4c218c35d257024807d6) C:\windows\system32\DRIVERS\asyncmac.sys
16:07:10.0921 2760 AsyncMac - ok
16:07:10.0937 2760 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\windows\system32\DRIVERS\atapi.sys
16:07:10.0968 2760 atapi - ok
16:07:10.0984 2760 Atdisk - ok
16:07:11.0015 2760 atksgt (3c4b9850a2631c2263507400d029057b) C:\windows\system32\DRIVERS\atksgt.sys
16:07:11.0078 2760 atksgt - ok
16:07:11.0093 2760 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\windows\system32\DRIVERS\atmarpc.sys
16:07:11.0109 2760 Atmarpc - ok
16:07:11.0125 2760 AudioSrv (40d78f514c8588ef12ec718d2af0fc4e) C:\windows\System32\audiosrv.dll
16:07:11.0125 2760 AudioSrv - ok
16:07:11.0156 2760 audstub (d9f724aa26c010a217c97606b160ed68) C:\windows\system32\DRIVERS\audstub.sys
16:07:11.0171 2760 audstub - ok
16:07:11.0250 2760 Autodesk Licensing Service (ea2d28bbe98256654397cd1f6eaebdd8) C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
16:07:11.0250 2760 Autodesk Licensing Service - ok
16:07:11.0281 2760 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\windows\system32\drivers\Beep.sys
16:07:11.0296 2760 Beep - ok
16:07:11.0328 2760 BITS (e774a26610ec92674273486612c11cfc) C:\WINDOWS\system32\qmgr.dll
16:07:11.0375 2760 BITS - ok
16:07:11.0406 2760 Browser (f219e27e88107a50544153898dd8178e) C:\windows\System32\browser.dll
16:07:11.0406 2760 Browser - ok
16:07:11.0437 2760 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\windows\system32\drivers\cbidf2k.sys
16:07:11.0453 2760 cbidf2k - ok
16:07:11.0468 2760 cd20xrnt - ok
16:07:11.0484 2760 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\windows\system32\drivers\Cdaudio.sys
16:07:11.0500 2760 Cdaudio - ok
16:07:11.0531 2760 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\windows\system32\drivers\Cdfs.sys
16:07:11.0546 2760 Cdfs - ok
16:07:11.0578 2760 cdrbsdrv (351735695e9ead93de6af85d8beb1ca8) C:\windows\system32\drivers\cdrbsdrv.sys
16:07:11.0593 2760 cdrbsdrv - ok
16:07:11.0625 2760 Cdrom (7b53584d94e9d8716b2de91d5f1cb42d) C:\windows\system32\DRIVERS\cdrom.sys
16:07:11.0640 2760 Cdrom - ok
16:07:11.0640 2760 Changer - ok
16:07:11.0671 2760 CiSvc (9e21229e04e1d301bb40222fe4641cb2) C:\windows\system32\cisvc.exe
16:07:11.0671 2760 CiSvc - ok
16:07:11.0671 2760 ClipSrv (d3dc45553c8025338e08a60e95b1b91d) C:\windows\system32\clipsrv.exe
16:07:11.0671 2760 ClipSrv - ok
16:07:11.0718 2760 clr_optimization_v2.0.50727_32 (3c4d595e7f9b747325aef28b4adcaae5) C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:07:11.0765 2760 clr_optimization_v2.0.50727_32 - ok
16:07:11.0781 2760 CmdIde - ok
16:07:11.0781 2760 COMSysApp - ok
16:07:11.0796 2760 Cpqarray - ok
16:07:11.0828 2760 CryptSvc (70d2a1756f4b2067658a186c963fcabd) C:\windows\System32\cryptsvc.dll
16:07:11.0828 2760 CryptSvc - ok
16:07:11.0859 2760 d347bus (5776322f93cdb91086111f5ffbfda2a0) C:\windows\system32\DRIVERS\d347bus.sys
16:07:11.0859 2760 d347bus - ok
16:07:11.0875 2760 d347prt (b49f79ace459763f4e0380071be9cb45) C:\windows\system32\Drivers\d347prt.sys
16:07:11.0890 2760 d347prt - ok
16:07:11.0890 2760 dac2w2k - ok
16:07:11.0906 2760 dac960nt - ok
16:07:11.0937 2760 DcomLaunch (dbde980506b54ae928d151d12419b425) C:\windows\system32\rpcss.dll
16:07:11.0953 2760 DcomLaunch - ok
16:07:11.0984 2760 Dhcp (06a30f453ca4cb1431037e4813f697cb) C:\windows\System32\dhcpcsvc.dll
16:07:11.0984 2760 Dhcp - ok
16:07:12.0015 2760 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\windows\system32\DRIVERS\disk.sys
16:07:12.0031 2760 Disk - ok
16:07:12.0046 2760 dmadmin - ok
16:07:12.0093 2760 dmboot (e1968edec81c430108feb23ab07bdb14) C:\windows\system32\drivers\dmboot.sys
16:07:12.0156 2760 dmboot - ok
16:07:12.0171 2760 dmio (1b1520a82e396e46b9ae9fa6b03ff6c6) C:\windows\system32\drivers\dmio.sys
16:07:12.0187 2760 dmio - ok
16:07:12.0203 2760 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\windows\system32\drivers\dmload.sys
16:07:12.0234 2760 dmload - ok
16:07:12.0265 2760 dmserver (7b3ca72885923eb947221f17f3e3ac59) C:\windows\System32\dmserver.dll
16:07:12.0265 2760 dmserver - ok
16:07:12.0296 2760 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\windows\system32\drivers\DMusic.sys
16:07:12.0296 2760 DMusic - ok
16:07:12.0312 2760 Dnscache (f605b3f5674d67587c4b6c9e92a3e025) C:\windows\System32\dnsrslvr.dll
16:07:12.0312 2760 Dnscache - ok
16:07:12.0328 2760 dpti2o - ok
16:07:12.0343 2760 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\windows\system32\drivers\drmkaud.sys
16:07:12.0359 2760 drmkaud - ok
16:07:12.0390 2760 eamon (9307bb1b5c3ed19517056e1f122d8c77) C:\windows\system32\DRIVERS\eamon.sys
16:07:12.0406 2760 eamon - ok
16:07:12.0437 2760 easdrv (df91159321c0991a2e2eb97c84dc4110) C:\windows\system32\DRIVERS\easdrv.sys
16:07:12.0453 2760 easdrv - ok
16:07:12.0515 2760 EhttpSrv (18773d7229a47612c063e39b8ea07ebb) C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
16:07:12.0531 2760 EhttpSrv - ok
16:07:12.0562 2760 ekrn (69edd345f4ec07ba35e3d0d718d89071) C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
16:07:12.0562 2760 ekrn - ok
16:07:12.0578 2760 epfw (e5fd8f94ea5e8be3e5aefbcadfdec2cf) C:\windows\system32\DRIVERS\epfw.sys
16:07:12.0593 2760 epfw - ok
16:07:12.0609 2760 Epfwndis (e0b251dc16c6df74bd6b2b8f5aad7abb) C:\windows\system32\DRIVERS\Epfwndis.sys
16:07:12.0625 2760 Epfwndis - ok
16:07:12.0640 2760 epfwtdi (269adc224b5946ad75d8368ce91f5ed7) C:\windows\system32\DRIVERS\epfwtdi.sys
16:07:12.0656 2760 epfwtdi - ok
16:07:12.0687 2760 ERSvc (d6f7428b201e33bc80066b47144cb568) C:\windows\System32\ersvc.dll
16:07:12.0687 2760 ERSvc - ok
16:07:12.0703 2760 Eventlog (6e401e61f952fbbf708afbecefafae81) C:\windows\system32\services.exe
16:07:12.0703 2760 Eventlog - ok
16:07:12.0718 2760 EventSystem (8b1b932554b6317e97ae3b9d05344470) C:\WINDOWS\system32\es.dll
16:07:12.0734 2760 EventSystem - ok
16:07:12.0750 2760 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\windows\system32\drivers\Fastfat.sys
16:07:12.0765 2760 Fastfat - ok
16:07:12.0781 2760 FastUserSwitchingCompatibility (8ba76bd2a943f642f267a296a15776d2) C:\windows\System32\shsvcs.dll
16:07:12.0796 2760 FastUserSwitchingCompatibility - ok
16:07:12.0812 2760 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\windows\system32\DRIVERS\fdc.sys
16:07:12.0828 2760 Fdc - ok
16:07:12.0843 2760 Fips (266dab58619b17bdf37fabbd48d875ca) C:\windows\system32\drivers\Fips.sys
16:07:12.0843 2760 Fips - ok
16:07:12.0859 2760 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\windows\system32\DRIVERS\flpydisk.sys
16:07:12.0875 2760 Flpydisk - ok
16:07:12.0890 2760 FltMgr (3d234fb6d6ee875eb009864a299bea29) C:\windows\system32\DRIVERS\fltMgr.sys
16:07:12.0906 2760 FltMgr - ok
16:07:12.0921 2760 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\windows\system32\drivers\Fs_Rec.sys
16:07:12.0937 2760 Fs_Rec - ok
16:07:12.0953 2760 Ftdisk (4e664d8541db4a66b73a24257e322e1f) C:\windows\system32\DRIVERS\ftdisk.sys
16:07:12.0968 2760 Ftdisk - ok
16:07:12.0984 2760 GMSIPCI - ok
16:07:13.0015 2760 Gpc (c0f1d4a21de5a415df8170616703debf) C:\windows\system32\DRIVERS\msgpc.sys
16:07:13.0031 2760 Gpc - ok
16:07:13.0078 2760 helpsvc (f59152272782fed8a8197fa788287f68) C:\windows\PCHealth\HelpCtr\Binaries\pchsvc.dll
16:07:13.0078 2760 helpsvc - ok
16:07:13.0093 2760 HidServ - ok
16:07:13.0125 2760 HidUsb (1de6783b918f540149aa69943bdfeba8) C:\windows\system32\DRIVERS\hidusb.sys
16:07:13.0140 2760 HidUsb - ok
16:07:13.0140 2760 hpn - ok
16:07:13.0234 2760 hpqcxs08 (97aac45a375168c6a2297beeb9692e31) C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
16:07:13.0250 2760 hpqcxs08 - ok
16:07:13.0265 2760 hpqddsvc (19a4fb67b1c97ea18edff44340973cd9) C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
16:07:13.0265 2760 hpqddsvc - ok
16:07:13.0328 2760 HPSLPSVC (56fc98f1014ea8dc51b92839c32759ec) C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL
16:07:13.0359 2760 HPSLPSVC - ok
16:07:13.0406 2760 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\windows\system32\DRIVERS\HPZid412.sys
16:07:13.0421 2760 HPZid412 - ok
16:07:13.0468 2760 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\windows\system32\DRIVERS\HPZipr12.sys
16:07:13.0484 2760 HPZipr12 - ok
16:07:13.0531 2760 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\windows\system32\DRIVERS\HPZius12.sys
16:07:13.0546 2760 HPZius12 - ok
16:07:13.0593 2760 HTTP (cb77bb47e67e84deb17ba29632501730) C:\windows\system32\Drivers\HTTP.sys
16:07:13.0609 2760 HTTP - ok
16:07:13.0625 2760 HTTPFilter (da826826c5c9116f47e0cd0ca8cc7c11) C:\windows\System32\w3ssl.dll
16:07:13.0625 2760 HTTPFilter - ok
16:07:13.0640 2760 i2omgmt - ok
16:07:13.0640 2760 i2omp - ok
16:07:13.0671 2760 i8042prt (0f42de9909b5dbf2c48dd1a79d491af5) C:\windows\system32\DRIVERS\i8042prt.sys
16:07:13.0687 2760 i8042prt - ok
16:07:13.0718 2760 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\windows\system32\DRIVERS\imapi.sys
16:07:13.0734 2760 Imapi - ok
16:07:13.0781 2760 ImapiService (cf9d286b34cb4912f3b28b4972d5cb33) C:\WINDOWS\system32\imapi.exe
16:07:13.0781 2760 ImapiService - ok
16:07:13.0796 2760 ini910u - ok
16:07:13.0796 2760 IntelIde - ok
16:07:13.0843 2760 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\windows\system32\DRIVERS\Ip6Fw.sys
16:07:13.0859 2760 Ip6Fw - ok
16:07:13.0906 2760 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\windows\system32\DRIVERS\ipfltdrv.sys
16:07:13.0937 2760 IpFilterDriver - ok
16:07:13.0968 2760 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\windows\system32\DRIVERS\ipinip.sys
16:07:13.0984 2760 IpInIp - ok
16:07:14.0015 2760 IpNat (e2168cbc7098ffe963c6f23f472a3593) C:\windows\system32\DRIVERS\ipnat.sys
16:07:14.0031 2760 IpNat - ok
16:07:14.0062 2760 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\windows\system32\DRIVERS\ipsec.sys
16:07:14.0078 2760 IPSec - ok
16:07:14.0109 2760 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\windows\system32\DRIVERS\irenum.sys
16:07:14.0125 2760 IRENUM - ok
16:07:14.0171 2760 isapnp (1091528512e4dd7ed5fddcc4df1c53d7) C:\windows\system32\DRIVERS\isapnp.sys
16:07:14.0187 2760 isapnp - ok
16:07:14.0187 2760 Kbdclass (6f877bf8dc01a550cd666f3bedb2213c) C:\windows\system32\DRIVERS\kbdclass.sys
16:07:14.0218 2760 Kbdclass - ok
16:07:14.0250 2760 kmixer (ba5deda4d934e6288c2f66caf58d2562) C:\windows\system32\drivers\kmixer.sys
16:07:14.0250 2760 kmixer - ok
16:07:14.0265 2760 KSecDD (eb7ffe87fd367ea8fca0506f74a87fbb) C:\windows\system32\drivers\KSecDD.sys
16:07:14.0281 2760 KSecDD - ok
16:07:14.0296 2760 lanmanserver (9757f6e16fd1eab54d6eb9d5eb3cbcb5) C:\windows\System32\srvsvc.dll
16:07:14.0296 2760 lanmanserver - ok
16:07:14.0343 2760 lanmanworkstation (57f5534f07df14c6a74ec6a40b6d04d5) C:\windows\System32\wkssvc.dll
16:07:14.0375 2760 lanmanworkstation - ok
16:07:14.0375 2760 lbrtfdc - ok
16:07:14.0406 2760 lirsgt (4127e8b6ddb4090e815c1f8852c277d3) C:\windows\system32\DRIVERS\lirsgt.sys
16:07:14.0421 2760 lirsgt - ok
16:07:14.0437 2760 LmHosts (f9ee6d2aab0690b34ae35ba9921a1414) C:\windows\System32\lmhsvc.dll
16:07:14.0437 2760 LmHosts - ok
16:07:14.0453 2760 Messenger (8b2fcbd881879b55be40b41f12ffc431) C:\windows\System32\msgsvc.dll
16:07:14.0453 2760 Messenger - ok
16:07:14.0484 2760 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\windows\system32\drivers\mnmdd.sys
16:07:14.0500 2760 mnmdd - ok
16:07:14.0515 2760 mnmsrvc (7d137132d6a9b41ef800e59a771ed48c) C:\WINDOWS\system32\mnmsrvc.exe
16:07:14.0515 2760 mnmsrvc - ok
16:07:14.0531 2760 Modem (60210deb037846afe521ebf349964f6b) C:\windows\system32\drivers\Modem.sys
16:07:14.0546 2760 Modem - ok
16:07:14.0562 2760 Mouclass (b160ec94114715675509115986400fd9) C:\windows\system32\DRIVERS\mouclass.sys
16:07:14.0578 2760 Mouclass - ok
16:07:14.0609 2760 mouhid (bb269eba740737ab749b214d568b6812) C:\windows\system32\DRIVERS\mouhid.sys
16:07:14.0625 2760 mouhid - ok
16:07:14.0640 2760 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\windows\system32\drivers\MountMgr.sys
16:07:14.0656 2760 MountMgr - ok
16:07:14.0656 2760 mraid35x - ok
16:07:14.0687 2760 MRxDAV (46edcc8f2db2f322c24f48785cb46366) C:\windows\system32\DRIVERS\mrxdav.sys
16:07:14.0687 2760 MRxDAV - ok
16:07:14.0718 2760 MRxSmb (025af03ce51645c62f3b6907a7e2be5e) C:\windows\system32\DRIVERS\mrxsmb.sys
16:07:14.0781 2760 MRxSmb - ok
16:07:14.0812 2760 MSDTC (944a24032aed84c59455b981f6ca1c1a) C:\WINDOWS\system32\msdtc.exe
16:07:14.0812 2760 MSDTC - ok
16:07:14.0828 2760 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\windows\system32\drivers\Msfs.sys
16:07:14.0843 2760 Msfs - ok
16:07:14.0843 2760 MSICPL - ok
16:07:14.0843 2760 MSIServer - ok
16:07:14.0875 2760 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\windows\system32\drivers\MSKSSRV.sys
16:07:14.0890 2760 MSKSSRV - ok
16:07:14.0921 2760 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\windows\system32\drivers\MSPCLOCK.sys
16:07:14.0937 2760 MSPCLOCK - ok
16:07:14.0953 2760 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\windows\system32\drivers\MSPQM.sys
16:07:14.0968 2760 MSPQM - ok
16:07:15.0015 2760 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\windows\system32\DRIVERS\mssmbios.sys
16:07:15.0015 2760 mssmbios - ok
16:07:15.0031 2760 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\windows\system32\drivers\Mup.sys
16:07:15.0046 2760 Mup - ok
16:07:15.0171 2760 NBService (b498a14133bd09ad0817590ace4470ad) C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
16:07:15.0203 2760 NBService - ok
16:07:15.0234 2760 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\windows\system32\drivers\NDIS.sys
16:07:15.0250 2760 NDIS - ok
16:07:15.0281 2760 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\windows\system32\DRIVERS\ndistapi.sys
16:07:15.0281 2760 NdisTapi - ok
16:07:15.0296 2760 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\windows\system32\DRIVERS\ndisuio.sys
16:07:15.0312 2760 Ndisuio - ok
16:07:15.0328 2760 NdisWan (0b90e255a9490166ab368cd55a529893) C:\windows\system32\DRIVERS\ndiswan.sys
16:07:15.0343 2760 NdisWan - ok
16:07:15.0359 2760 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\windows\system32\drivers\NDProxy.sys
16:07:15.0390 2760 NDProxy - ok
16:07:15.0421 2760 Net Driver HPZ12 (69c503c004f49aee8b8e3067cc047ba7) C:\windows\system32\HPZinw12.dll
16:07:15.0421 2760 Net Driver HPZ12 - ok
16:07:15.0421 2760 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\windows\system32\DRIVERS\netbios.sys
16:07:15.0453 2760 NetBIOS - ok
16:07:15.0468 2760 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\windows\system32\DRIVERS\netbt.sys
16:07:15.0500 2760 NetBT - ok
16:07:15.0515 2760 NetDDE (818053225bf4aac5f0f718001e492f70) C:\windows\system32\netdde.exe
16:07:15.0531 2760 NetDDE - ok
16:07:15.0546 2760 NetDDEdsdm (818053225bf4aac5f0f718001e492f70) C:\windows\system32\netdde.exe
16:07:15.0546 2760 NetDDEdsdm - ok
16:07:15.0562 2760 Netlogon (82a362fe1d4980b71b588d9c10748511) C:\windows\system32\lsass.exe
16:07:15.0562 2760 Netlogon - ok
16:07:15.0593 2760 Netman (86ad5b0e02f2c968fbb096ab4c555c9c) C:\windows\System32\netman.dll
16:07:15.0609 2760 Netman - ok
16:07:15.0625 2760 Nla (64c078bd4efd441c3f159edc5ea4420a) C:\windows\System32\mswsock.dll
16:07:15.0640 2760 Nla - ok
16:07:15.0718 2760 NMIndexingService (a328a46d87bb92ce4d8a4528e9d84787) C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
16:07:15.0750 2760 NMIndexingService - ok
16:07:15.0781 2760 Nokia USB Generic (a32ea921cd2e99e9c180b1d478b4da0f) C:\windows\system32\drivers\nmwcdc.sys
16:07:15.0796 2760 Nokia USB Generic - ok
16:07:15.0828 2760 Nokia USB Modem (eeff633bc334d09dc4db5bf48e466a0a) C:\windows\system32\drivers\nmwcdcm.sys
16:07:15.0843 2760 Nokia USB Modem - ok
16:07:15.0890 2760 Nokia USB Phone Parent (d2e494f5b5748628ce2823c187cdda7f) C:\windows\system32\drivers\nmwcd.sys
16:07:15.0906 2760 Nokia USB Phone Parent - ok
16:07:15.0937 2760 Nokia USB Port (eeff633bc334d09dc4db5bf48e466a0a) C:\windows\system32\drivers\nmwcdcj.sys
16:07:15.0953 2760 Nokia USB Port - ok
16:07:15.0968 2760 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\windows\system32\drivers\Npfs.sys
16:07:15.0984 2760 Npfs - ok
16:07:15.0984 2760 NTACCESS - ok
16:07:16.0046 2760 Ntfs (b78be402c3f63dd55521f73876951cdd) C:\windows\system32\drivers\Ntfs.sys
16:07:16.0078 2760 Ntfs - ok
16:07:16.0093 2760 NtLmSsp (82a362fe1d4980b71b588d9c10748511) C:\windows\system32\lsass.exe
16:07:16.0093 2760 NtLmSsp - ok
16:07:16.0109 2760 NtmsSvc (d8d2b13ba93ae830b1a637df571d1195) C:\windows\system32\ntmssvc.dll
16:07:16.0125 2760 NtmsSvc - ok
16:07:16.0140 2760 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\windows\system32\drivers\Null.sys
16:07:16.0156 2760 Null - ok
16:07:16.0343 2760 nv (8c0456001b6900114bbb1c548bd8aaf5) C:\windows\system32\DRIVERS\nv4_mini.sys
16:07:16.0562 2760 nv - ok
16:07:16.0625 2760 nvata (0344aa9113dc16eec379f4652020849d) C:\windows\system32\DRIVERS\nvata.sys
16:07:16.0625 2760 nvata - ok
16:07:16.0656 2760 NVENETFD (720cc533eecb65553bd86b139ca04433) C:\windows\system32\DRIVERS\NVENETFD.sys
16:07:16.0671 2760 NVENETFD - ok
16:07:16.0687 2760 nvnetbus (5f9f545cc5904dd8765f84ee1d056406) C:\windows\system32\DRIVERS\nvnetbus.sys
16:07:16.0703 2760 nvnetbus - ok
16:07:16.0718 2760 NVSvc (472a00d2183c9e5edb3e076272741812) C:\windows\system32\nvsvc32.exe
16:07:16.0718 2760 NVSvc - ok
16:07:16.0765 2760 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\windows\system32\DRIVERS\nwlnkflt.sys
16:07:16.0781 2760 NwlnkFlt - ok
16:07:16.0796 2760 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\windows\system32\DRIVERS\nwlnkfwd.sys
16:07:16.0812 2760 NwlnkFwd - ok
16:07:16.0890 2760 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
16:07:16.0890 2760 ose - ok
16:07:16.0921 2760 Parport (76a18caa2fefb28a4ced38d76837e86e) C:\windows\system32\DRIVERS\parport.sys
16:07:16.0953 2760 Parport - ok
16:07:16.0968 2760 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\windows\system32\drivers\PartMgr.sys
16:07:16.0984 2760 PartMgr - ok
16:07:17.0000 2760 ParVdm (1fae19d0457176318bba4a8795656ebc) C:\windows\system32\drivers\ParVdm.sys
16:07:17.0015 2760 ParVdm - ok
16:07:17.0031 2760 PCI (b7979f37bb7b9df2230046134955e6e7) C:\windows\system32\DRIVERS\pci.sys
16:07:17.0046 2760 PCI - ok
16:07:17.0046 2760 PCIDump - ok
16:07:17.0062 2760 PCIIde (2da4ec85e0ea7a45c6b2a05820492d5a) C:\windows\system32\DRIVERS\pciide.sys
16:07:17.0078 2760 PCIIde - ok
16:07:17.0078 2760 Pcmcia (90505755634407d4ef4c6dea60fc1df9) C:\windows\system32\drivers\Pcmcia.sys
16:07:17.0109 2760 Pcmcia - ok
16:07:17.0125 2760 Pcouffin (cd2425fd848e5fa09c9a213da56817a9) C:\windows\system32\Drivers\Pcouffin.sys
16:07:17.0156 2760 Pcouffin - ok
16:07:17.0156 2760 PDCOMP - ok
16:07:17.0171 2760 PDFRAME - ok
16:07:17.0171 2760 PDRELI - ok
16:07:17.0187 2760 PDRFRAME - ok
16:07:17.0187 2760 perc2 - ok
16:07:17.0187 2760 perc2hib - ok
16:07:17.0234 2760 PlugPlay (6e401e61f952fbbf708afbecefafae81) C:\windows\system32\services.exe
16:07:17.0234 2760 PlugPlay - ok
16:07:17.0265 2760 Pml Driver HPZ12 (12b4549d515cb26bb8d375038017ca65) C:\windows\system32\HPZipm12.dll
16:07:17.0265 2760 Pml Driver HPZ12 - ok
16:07:17.0265 2760 PolicyAgent (82a362fe1d4980b71b588d9c10748511) C:\windows\system32\lsass.exe
16:07:17.0265 2760 PolicyAgent - ok
16:07:17.0281 2760 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\windows\system32\DRIVERS\raspptp.sys
16:07:17.0296 2760 PptpMiniport - ok
16:07:17.0328 2760 Processor (9a10e4fd13824823da50d4758bd0a645) C:\windows\system32\DRIVERS\processr.sys
16:07:17.0359 2760 Processor - ok
16:07:17.0359 2760 ProtectedStorage (82a362fe1d4980b71b588d9c10748511) C:\windows\system32\lsass.exe
16:07:17.0359 2760 ProtectedStorage - ok
16:07:17.0375 2760 PSched (48671f327553dcf1d27f6197f622a668) C:\windows\system32\DRIVERS\psched.sys
16:07:17.0406 2760 PSched - ok
16:07:17.0406 2760 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\windows\system32\DRIVERS\ptilink.sys
16:07:17.0421 2760 Ptilink - ok
16:07:17.0437 2760 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\windows\system32\Drivers\PxHelp20.sys
16:07:17.0453 2760 PxHelp20 - ok
16:07:17.0468 2760 ql1080 - ok
16:07:17.0468 2760 Ql10wnt - ok
16:07:17.0484 2760 ql12160 - ok
16:07:17.0484 2760 ql1240 - ok
16:07:17.0500 2760 ql1280 - ok
16:07:17.0515 2760 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\windows\system32\DRIVERS\rasacd.sys
16:07:17.0531 2760 RasAcd - ok
16:07:17.0562 2760 RasAuto (e68b6f9a726a444059705ab43b5656d1) C:\windows\System32\rasauto.dll
16:07:17.0578 2760 RasAuto - ok
16:07:17.0578 2760 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\windows\system32\DRIVERS\rasl2tp.sys
16:07:17.0609 2760 Rasl2tp - ok
16:07:17.0640 2760 RasMan (43a5c7969718ee00940a6d096960dbc8) C:\windows\System32\rasmans.dll
16:07:17.0656 2760 RasMan - ok
16:07:17.0671 2760 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\windows\system32\DRIVERS\raspppoe.sys
16:07:17.0687 2760 RasPppoe - ok
16:07:17.0687 2760 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\windows\system32\DRIVERS\raspti.sys
16:07:17.0703 2760 Raspti - ok
16:07:17.0734 2760 Rdbss (03b965b1ca47f6ef60eb5e51cb50e0af) C:\windows\system32\DRIVERS\rdbss.sys
16:07:17.0796 2760 Rdbss - ok
16:07:17.0812 2760 RDPCDD (4912d5b403614ce99c28420f75353332) C:\windows\system32\DRIVERS\RDPCDD.sys
16:07:17.0828 2760 RDPCDD - ok
16:07:17.0859 2760 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\windows\system32\DRIVERS\rdpdr.sys
16:07:17.0890 2760 rdpdr - ok
16:07:17.0906 2760 RDPWD (b54cd38a9ebfbf2b3561426e3fe26f62) C:\windows\system32\drivers\RDPWD.sys
16:07:17.0921 2760 RDPWD - ok
16:07:17.0953 2760 RDSessMgr (125acf258da9633f748131a0e0185af3) C:\WINDOWS\system32\sessmgr.exe
16:07:17.0953 2760 RDSessMgr - ok
16:07:18.0000 2760 redbook (aba13d33e1f888c9a68599a48a8840d6) C:\windows\system32\DRIVERS\redbook.sys
16:07:18.0015 2760 redbook - ok
16:07:18.0062 2760 RemoteAccess (eb5e1a601e5a1908a87e4d5a41803d98) C:\windows\System32\mprdim.dll
16:07:18.0062 2760 RemoteAccess - ok
16:07:18.0093 2760 RemoteRegistry (5b21208fcf8970bb61fe98e19d828714) C:\windows\system32\regsvc.dll
16:07:18.0109 2760 RemoteRegistry - ok
16:07:18.0140 2760 rockusb (07cf2d08a49d6aba475d00c7e7e4186b) C:\windows\system32\DRIVERS\rockusb.sys
16:07:18.0140 2760 rockusb - ok
16:07:18.0187 2760 RpcLocator (c8a3b668985d61249f2dc71716c58de8) C:\windows\system32\locator.exe
16:07:18.0203 2760 RpcLocator - ok
16:07:18.0234 2760 RpcSs (dbde980506b54ae928d151d12419b425) C:\windows\system32\rpcss.dll
16:07:18.0250 2760 RpcSs - ok
16:07:18.0281 2760 RSVP (09ab2e71e58b078038e3bfdba7ffc984) C:\windows\system32\rsvp.exe
16:07:18.0296 2760 RSVP - ok
16:07:18.0328 2760 SamSs (82a362fe1d4980b71b588d9c10748511) C:\windows\system32\lsass.exe
16:07:18.0328 2760 SamSs - ok
16:07:18.0359 2760 SCardSvr (c177354e995cc1aa1f767bcd9980434a) C:\windows\System32\SCardSvr.exe
16:07:18.0359 2760 SCardSvr - ok
16:07:18.0406 2760 Schedule (29ac93307c6182dbe336bca314947f28) C:\windows\system32\schedsvc.dll
16:07:18.0421 2760 Schedule - ok
16:07:18.0500 2760 SeaPort (3e0cff5f0a9d23e327703d72cea5253f) C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
16:07:18.0500 2760 SeaPort - ok
16:07:18.0531 2760 Secdrv (c71394d99a04ca76484492f590c9cba5) C:\windows\system32\DRIVERS\secdrv.sys
16:07:18.0546 2760 Secdrv - ok
16:07:18.0562 2760 seclogon (c76cb8a133374fac6805f83ff7b7da03) C:\windows\System32\seclogon.dll
16:07:18.0562 2760 seclogon - ok
16:07:18.0578 2760 SENS (220ad85ba9c5b3011296354011b901cc) C:\windows\system32\sens.dll
16:07:18.0578 2760 SENS - ok
16:07:18.0609 2760 serenum (a2d868aeeff612e70e213c451a70cafb) C:\windows\system32\DRIVERS\serenum.sys
16:07:18.0625 2760 serenum - ok
16:07:18.0640 2760 Serial (c1ddbc85251551a840212999da3d95f3) C:\windows\system32\DRIVERS\serial.sys
16:07:18.0656 2760 Serial - ok
16:07:18.0718 2760 ServiceLayer (bf1adc427620e14f45bc00447524a1dc) C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
16:07:18.0718 2760 ServiceLayer - ok
16:07:18.0718 2760 SetupNTGLM7X - ok
16:07:18.0750 2760 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\windows\system32\DRIVERS\sfloppy.sys
16:07:18.0765 2760 Sfloppy - ok
16:07:18.0812 2760 SharedAccess (6a93501bcdebf159109429b022c0ff83) C:\windows\System32\ipnathlp.dll
16:07:18.0828 2760 SharedAccess - ok
16:07:18.0859 2760 ShellHWDetection (8ba76bd2a943f642f267a296a15776d2) C:\windows\System32\shsvcs.dll
16:07:18.0859 2760 ShellHWDetection - ok
16:07:18.0875 2760 Simbad - ok
16:07:18.0875 2760 Sparrow - ok
16:07:18.0906 2760 splitter (0ce218578fff5f4f7e4201539c45c78f) C:\windows\system32\drivers\splitter.sys
16:07:18.0921 2760 splitter - ok
16:07:18.0953 2760 Spooler (da81ec57acd4cdc3d4c51cf3d409af9f) C:\windows\system32\spoolsv.exe
16:07:18.0953 2760 Spooler - ok
16:07:19.0000 2760 sptd (73205bd9a388639c210636793fe3fd61) C:\windows\system32\Drivers\sptd.sys
16:07:19.0000 2760 Suspicious file (NoAccess): C:\windows\system32\Drivers\sptd.sys. md5: 73205bd9a388639c210636793fe3fd61
16:07:19.0000 2760 sptd ( LockedFile.Multi.Generic ) - warning
16:07:19.0000 2760 sptd - detected LockedFile.Multi.Generic (1)
16:07:19.0000 2760 sr (a74035ea526db97d9d50d2143a55f5cf) C:\windows\system32\DRIVERS\sr.sys
16:07:19.0031 2760 sr - ok
16:07:19.0062 2760 srservice (3cd57f31a64d32fdb28918b16d1e6aac) C:\WINDOWS\system32\srsvc.dll
16:07:19.0078 2760 srservice - ok
16:07:19.0109 2760 Srv (ea554a3ffc3f536fe8320eb38f5e4843) C:\windows\system32\DRIVERS\srv.sys
16:07:19.0125 2760 Srv - ok
16:07:19.0156 2760 SSDPSRV (88c28f53f53438dafcd95e99c837c61e) C:\windows\System32\ssdpsrv.dll
16:07:19.0156 2760 SSDPSRV - ok
16:07:19.0187 2760 StarWindService (ab2b9349ada4ac5ec74b622b8303fe23) C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
16:07:19.0187 2760 StarWindService - ok
16:07:19.0218 2760 stisvc (0645ccdddd27f96eea3534c1def736d9) C:\windows\system32\wiaservc.dll
16:07:19.0265 2760 stisvc - ok
16:07:19.0281 2760 swenum (03c1bae4766e2450219d20b993d6e046) C:\windows\system32\DRIVERS\swenum.sys
16:07:19.0296 2760 swenum - ok
16:07:19.0328 2760 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\windows\system32\drivers\swmidi.sys
16:07:19.0343 2760 swmidi - ok
16:07:19.0359 2760 SwPrv - ok
16:07:19.0359 2760 symc810 - ok
16:07:19.0359 2760 symc8xx - ok
16:07:19.0375 2760 sym_hi - ok
16:07:19.0375 2760 sym_u3 - ok
16:07:19.0421 2760 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\windows\system32\drivers\sysaudio.sys
16:07:19.0421 2760 sysaudio - ok
16:07:19.0453 2760 SysmonLog (d9c9ecff4904e6151525c533aeedf8f4) C:\windows\system32\smlogsvc.exe
16:07:19.0468 2760 SysmonLog - ok
16:07:19.0500 2760 TapiSrv (250241d65ccf692aeacc318a266413c2) C:\windows\System32\tapisrv.dll
16:07:19.0515 2760 TapiSrv - ok
16:07:19.0546 2760 Tcpip (1dbf125862891817f374f407626967f4) C:\windows\system32\DRIVERS\tcpip.sys
16:07:19.0593 2760 Tcpip - ok
16:07:19.0625 2760 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\windows\system32\drivers\TDPIPE.sys
16:07:19.0640 2760 TDPIPE - ok
16:07:19.0671 2760 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\windows\system32\drivers\TDTCP.sys
16:07:19.0687 2760 TDTCP - ok
16:07:19.0718 2760 TermDD (a540a99c281d933f3d69d55e48727f47) C:\windows\system32\DRIVERS\termdd.sys
16:07:19.0734 2760 TermDD - ok
16:07:19.0765 2760 TermService (2f5919f2f6ee7a845893d9c3aa2bc56a) C:\windows\System32\termsrv.dll
16:07:19.0796 2760 TermService - ok
16:07:19.0828 2760 Themes (8ba76bd2a943f642f267a296a15776d2) C:\windows\System32\shsvcs.dll
16:07:19.0828 2760 Themes - ok
16:07:19.0875 2760 TlntSvr (535c2fb97336bafa509f4783dd1e5746) C:\WINDOWS\system32\tlntsvr.exe
16:07:19.0875 2760 TlntSvr - ok
16:07:19.0890 2760 TosIde - ok
16:07:19.0921 2760 TrkWks (4dce17221b1a87fb47e36842f3e38753) C:\windows\system32\trkwks.dll
16:07:19.0937 2760 TrkWks - ok
16:07:19.0968 2760 Udfs (12f70256f140cd7d52c58c7048fde657) C:\windows\system32\drivers\Udfs.sys
16:07:19.0984 2760 Udfs - ok
16:07:20.0000 2760 ultra - ok
16:07:20.0031 2760 Update (aff2e5045961bbc0a602bb6f95eb1345) C:\windows\system32\DRIVERS\update.sys
16:07:20.0046 2760 Update - ok
16:07:20.0093 2760 upnphost (984fc1518b0d5b31d76f0e63608e0500) C:\windows\System32\upnphost.dll
16:07:20.0093 2760 upnphost - ok
16:07:20.0109 2760 UPS (6148a3ba4d9cc628357fc92014fea30e) C:\windows\System32\ups.exe
16:07:20.0125 2760 UPS - ok
16:07:20.0171 2760 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\windows\system32\DRIVERS\usbccgp.sys
16:07:20.0187 2760 usbccgp - ok
16:07:20.0218 2760 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\windows\system32\DRIVERS\usbehci.sys
16:07:20.0250 2760 usbehci - ok
16:07:20.0281 2760 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\windows\system32\DRIVERS\usbhub.sys
16:07:20.0296 2760 usbhub - ok
16:07:20.0312 2760 usbohci (bdfe799a8531bad8a5a985821fe78760) C:\windows\system32\DRIVERS\usbohci.sys
16:07:20.0328 2760 usbohci - ok
16:07:20.0359 2760 usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) C:\windows\system32\DRIVERS\usbprint.sys
16:07:20.0375 2760 usbprint - ok
16:07:20.0406 2760 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\windows\system32\DRIVERS\usbscan.sys
16:07:20.0421 2760 usbscan - ok
16:07:20.0437 2760 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\windows\system32\DRIVERS\USBSTOR.SYS
16:07:20.0453 2760 USBSTOR - ok
16:07:20.0468 2760 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\windows\System32\drivers\vga.sys
16:07:20.0484 2760 VgaSave - ok
16:07:20.0500 2760 ViaIde - ok
16:07:20.0531 2760 VolSnap (cd8cce067f7e9cbd762c00bdddecaa34) C:\windows\system32\drivers\VolSnap.sys
16:07:20.0562 2760 VolSnap - ok
16:07:20.0593 2760 VSS (043539881667bb37b07524032d6ffc3e) C:\windows\System32\vssvc.exe
16:07:20.0609 2760 VSS - ok
16:07:20.0640 2760 W32Time (2ceebb402187ae56b585701f3d191fb3) C:\WINDOWS\system32\w32time.dll
16:07:20.0640 2760 W32Time - ok
16:07:20.0656 2760 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\windows\system32\DRIVERS\wanarp.sys
16:07:20.0671 2760 Wanarp - ok
16:07:20.0687 2760 WDICA - ok
16:07:20.0703 2760 wdmaud (efd235ca22b57c81118c1aeb4798f1c1) C:\windows\system32\drivers\wdmaud.sys
16:07:20.0718 2760 wdmaud - ok
16:07:20.0750 2760 WebClient (4bd50644cf52f00091f894ab7541e538) C:\windows\System32\webclnt.dll
16:07:20.0765 2760 WebClient - ok
16:07:20.0812 2760 winmgmt (e12084ea622bdf2262c637bef15dd85c) C:\windows\system32\wbem\WMIsvc.dll
16:07:20.0812 2760 winmgmt - ok
16:07:20.0921 2760 wlidsvc (5144ae67d60ec653f97ddf3feed29e77) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
16:07:20.0984 2760 wlidsvc - ok
16:07:21.0046 2760 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\windows\system32\MsPMSNSv.dll
16:07:21.0062 2760 WmdmPmSN - ok
16:07:21.0093 2760 Wmi (0cdc4a0c6b820fad99fb4ca74cd0c476) C:\windows\System32\advapi32.dll
16:07:21.0125 2760 Wmi - ok
16:07:21.0171 2760 WmiApSrv (bcd21b989f0fd4ace78287fc01b4693d) C:\WINDOWS\system32\wbem\wmiapsrv.exe
16:07:21.0171 2760 WmiApSrv - ok
16:07:21.0265 2760 WMPNetworkSvc (3739866d20abd42f26a7b85f9e2560af) C:\Program Files\Windows Media Player\WMPNetwk.exe
16:07:21.0296 2760 WMPNetworkSvc - ok
16:07:21.0343 2760 wscsvc (4aded1adef25041d9827f9a79c0fda13) C:\windows\system32\wscsvc.dll
16:07:21.0343 2760 wscsvc - ok
16:07:21.0390 2760 wuauserv (21f5169ca14e0b25c757644456f637df) C:\windows\system32\wuauserv.dll
16:07:21.0390 2760 wuauserv - ok
16:07:21.0437 2760 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\windows\system32\DRIVERS\WudfPf.sys
16:07:21.0453 2760 WudfPf - ok
16:07:21.0468 2760 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\windows\system32\DRIVERS\wudfrd.sys
16:07:21.0468 2760 WudfRd - ok
16:07:21.0515 2760 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\windows\System32\WUDFSvc.dll
16:07:21.0515 2760 WudfSvc - ok
16:07:21.0562 2760 WZCSVC (325cedef696ef4b649ddcd3968d085c9) C:\windows\System32\wzcsvc.dll
16:07:21.0625 2760 WZCSVC - ok
16:07:21.0656 2760 xmlprov (9b835d4c64860b155a1701d5092ec9e4) C:\windows\System32\xmlprov.dll
16:07:21.0671 2760 xmlprov - ok
16:07:21.0703 2760 MBR (0x1B8) (413fc2a0c716421b3158746d63736515) \Device\Harddisk0\DR0
16:07:21.0781 2760 \Device\Harddisk0\DR0 - ok
16:07:22.0265 2760 MBR (0x1B8) (671b81004fdd1588fa9ed1331c9ceca9) \Device\Harddisk1\DR2
16:07:22.0265 2760 \Device\Harddisk1\DR2 - ok
16:07:22.0265 2760 Boot (0x1200) (de0575e787f4652e506336ddc29c2ce7) \Device\Harddisk0\DR0\Partition0
16:07:22.0265 2760 \Device\Harddisk0\DR0\Partition0 - ok
16:07:22.0281 2760 Boot (0x1200) (cafca50e7d68eb764527790595fcc2df) \Device\Harddisk1\DR2\Partition0
16:07:22.0296 2760 \Device\Harddisk1\DR2\Partition0 - ok
16:07:22.0296 2760 ============================================================
16:07:22.0296 2760 Scan finished
16:07:22.0296 2760 ============================================================
16:07:22.0312 2752 Detected object count: 1
16:07:22.0312 2752 Actual detected object count: 1
16:07:50.0421 2752 C:\windows\system32\Drivers\sptd.sys - copied to quarantine
16:07:50.0531 2752 sptd ( LockedFile.Multi.Generic ) - User select action: Quarantine


Teď se mám ze všeho odhlásit, pozastavit antivir a spustit ten ComboFix nebo mám ještě něco udělat ?

[guest]

Teď se mám ze všeho odhlásit, pozastavit antivir a spustit ten ComboFix

Ano a až se to ukončí tak sem zase vložíš log. Je možné že bude dlouhý a budeš ho muset vložit na dva díly.

[Hastalda]

Tak snad jsem vše udělala dobře...

Logfile z ComboFixu:

ComboFix 12-05-11.03 - 1102 12.05.2012 16:53:13.1.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.1023.584 [GMT 2:00]
Spuštěný z: c:\documents and settings\1102\Plocha\STAHOVANI\ComboFix.exe
AV: ESET Smart Security 3.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET personal firewall *Disabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
.
VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\1102\System
c:\documents and settings\1102\System\win_qs8.jqx
c:\windows\daemon.dll
c:\windows\IsUn0405.exe
c:\windows\iun6002.exe
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\ST6UNST.000
c:\windows\system32\CddbCdda.dll
c:\windows\system32\Filters
c:\windows\system32\Filters\AviSplitter.ax
c:\windows\system32\Filters\ffdshow\ffdshow.ax
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-04-12 do 2012-05-12 )))))))))))))))))))))))))))))))
.
.
2012-05-12 14:07 . 2012-05-12 14:07 -------- d-----w- C:\TDSSKiller_Quarantine
2012-05-11 13:50 . 2012-05-11 13:50 -------- d-----w- c:\documents and settings\1102\Data aplikací\Malwarebytes
2012-05-11 13:50 . 2012-05-11 13:50 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2012-05-11 13:50 . 2012-04-04 13:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-05-11 13:50 . 2012-05-11 13:50 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-05-10 08:50 . 2012-05-10 08:50 -------- d-----w- c:\program files\CCleaner
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-13 11:49 . 2012-03-13 11:49 108144 ----a-w- c:\windows\system32\CmdLineExt.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OM_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master\Monitor.exe" [2005-07-19 57344]
"PcSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-04-11 1409024]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-04 8523776]
"nwiz"="nwiz.exe" [2007-12-04 1626112]
"PDUiP6220DMon"="c:\program files\Canon\Memory Card Utility\iP6220D\PDUiP6220DMon.exe" [2005-05-06 69632]
"Easy-PrintToolBox"="c:\program files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE" [2004-01-14 409600]
"DataLayer"="c:\program files\Common Files\PCSuite\DataLayer\DataLayer.exe" [2006-03-22 851968]
"DAEMON Tools-1033"="c:\program files\D-Tools\daemon.exe" [2004-08-22 81920]
"OM_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master\FirstStart.exe" [2005-07-19 40960]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-12-04 81920]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-07-01 1447168]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-11-11 288088]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 577536]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-17 15360]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
GoGear SA3MXX Device Manager.lnk - c:\program files\Philips\GoGear SA3MXX Device Manager\main.exe [2011-12-8 124880]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2010-5-28 276328]
Rychlý začátek s aplikací HP Photosmart Premier.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2006-2-10 73728]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=
"c:\\Program Files\\HP\\HP Software Update\\hpwucli.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R0 d347bus;d347bus;c:\windows\system32\drivers\d347bus.sys [25.11.2006 18:54 155136]
R0 d347prt;d347prt;c:\windows\system32\drivers\d347prt.sys [25.11.2006 18:54 5248]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [25.11.2006 20:04 639224]
R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [14.7.2008 9:53 468224]
R3 Pcouffin;Low level access layer for CD devices;c:\windows\system32\drivers\Pcouffin.sys [8.3.2008 22:05 47360]
S3 rockusb;Driver for rockusb Device;c:\windows\system32\drivers\rockusb.sys [8.12.2011 16:02 80680]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\d:\ntglm7x.sys --> d:\NTGLM7X.sys [?]
.