Prosím o kontrolu logu.

agassi · Příspěvekod **agassi** » 08 črc 2012 18:59

Ahoj machři,

prosím o zkontrolování mého logu.
PC už není nejmladší a ani nejrychlejší.

Děkuji
Aleš.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:54:51, on 8.7.2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\DU Meter\DUMeterSvc.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Vista Components\True Transparency\TrueTransparency.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Vista Components\Vista Drive Icon\DrvIcon.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DU Meter\DUMeter.exe
C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Seagate\Seagate Dashboard\MemeoDashboard.exe
C:\Program Files\Seagate\Seagate Dashboard\HipServAgent\HipServAgent.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\ales\Dokumenty\Stažené soubory\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer - Microsoft Windows XP 2008 Ultra Edition
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IEPro\iepro.dll
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [True Transparency] C:\Program Files\Vista Components\True Transparency\TrueTransparency.exe
O4 - HKLM\..\Run: [Transparency Bar] C:\Program Files\Vista Components\Transparency Bar\TransBar.exe /s
O4 - HKLM\..\Run: [Auto Del Temp] C:\WINDOWS\system32\TEMP.cmd
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [DrvIcon] C:\Program Files\Vista Components\Vista Drive Icon\DrvIcon.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nview\nwiz.exe /installquiet
O4 - HKLM\..\Run: [Seagate Dashboard] C:\Program Files\Seagate\Seagate Dashboard\MemeoLauncher.exe --silent --no_ui
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exe
O4 - HKCU\..\Run: [NokiaSuite.exe] C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe -tray
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-1547161642-1757981266-682003330-1005\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-1547161642-1757981266-682003330-1005\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'UpdatusUser')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O4 - Startup: Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DU Meter Service (DUMeterSvc) - Hagel Technologies Ltd - C:\Program Files\DU Meter\DUMeterSvc.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: Seagate Dashboard Service (SeagateDashboardService) - Memeo - C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe

--
End of file - 10259 bytes

Reklama

Příspěvekod **Žbeky** » 08 črc 2012 19:05

Microsoft Windows XP 2008 Ultra Edition, nějaké Vista transparency.... jednak to 100% není legál, druhak je toto hlavní příčina pomalosti

Fixni:

Kód: Vybrat vše

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer - Microsoft Windows XP 2008 Ultra Edition
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - Default URLSearchHook is missing
O4 - HKLM\..\Run: [Auto Del Temp] C:\WINDOWS\system32\TEMP.cmd
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-1547161642-1757981266-682003330-1005\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'UpdatusUser')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')

Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
- Pokud používáš Firefox, klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
- Pokud používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected.
- Pokud používáš Chrome, nic dalšího nevybírej a dej Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.

Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Update Malwarebytes' Anti-Malware (Aktualizace Malwarebytes' Anti-Malware) a Launch Malwarebytes' Anti-Malware (Spustit aplikaci Malwarebytes' Anti-Malware), pokud jo tak klikni na tlačítko Finish
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Perform Quick Scan (Provést rychlý sken) a klikni na tlačítko Scan (Skenovat)
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- pak zvol možnost Save Logfile a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(ZATÍM SÁM NIC NEMAŽ!).
Vlož sem pak obsah toho logu.

agassi · Příspěvekod **agassi** » 08 črc 2012 19:38

S OS máš pravdu.(jsou to XP s designem Vistama) :smile:

ATF-C i CC Cleaner test jsem udělal před dotazem.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:26:03, on 8.7.2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\DU Meter\DUMeterSvc.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Vista Components\True Transparency\TrueTransparency.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Vista Components\Vista Drive Icon\DrvIcon.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DU Meter\DUMeter.exe
C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Seagate\Seagate Dashboard\MemeoDashboard.exe
C:\Program Files\Seagate\Seagate Dashboard\HipServAgent\HipServAgent.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\ales\Dokumenty\Stažené soubory\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IEPro\iepro.dll
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [True Transparency] C:\Program Files\Vista Components\True Transparency\TrueTransparency.exe
O4 - HKLM\..\Run: [Transparency Bar] C:\Program Files\Vista Components\Transparency Bar\TransBar.exe /s
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [DrvIcon] C:\Program Files\Vista Components\Vista Drive Icon\DrvIcon.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nview\nwiz.exe /installquiet
O4 - HKLM\..\Run: [Seagate Dashboard] C:\Program Files\Seagate\Seagate Dashboard\MemeoLauncher.exe --silent --no_ui
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exe
O4 - HKCU\..\Run: [NokiaSuite.exe] C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe -tray
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-1547161642-1757981266-682003330-1005\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-1547161642-1757981266-682003330-1005\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'UpdatusUser')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Startup: Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DU Meter Service (DUMeterSvc) - Hagel Technologies Ltd - C:\Program Files\DU Meter\DUMeterSvc.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: Seagate Dashboard Service (SeagateDashboardService) - Memeo - C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe

--
End of file - 10326 bytes

Malwarebytes Anti-Malware (Zkušební verze Malwarebytes Anti-Malware) 1.61.0.1400
www.malwarebytes.org

Verze databáze: v2012.07.08.06

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 7.0.5730.13
ales :: ALES-3B4F3548BE [administrátor]

Ochrana: Povolena

8.7.2012 19:27:44
mbam-log-2012-07-08 (19-34-14).txt

Typ: Rychlá kontrola
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 236598
Uplynulý čas: 6 minut, 4 sekund

Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené klíče v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené hodnoty v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené datové položky v registru: 1
HKLM\SOFTWARE\Microsoft\Security Center|UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Špatný: (1) Dobrý: (0) -> Žádná instrukce nebyla provedena.

Nalezené složky: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené soubory: 1
C:\Documents and Settings\All Users\Plocha\MP3 Downloader.lnk (Rogue.Link) -> Žádná instrukce nebyla provedena.

(konec)

Díky.

Příspěvekod **Žbeky** » 08 črc 2012 22:06

Znovu spusť MbAM a dej Scan
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- ujistit se že máš zatrhnuté všechny vypsané nálezy a klikni na tlačítko Remove Selected
- když skončí odstraňování tak se ti zobrazí log, tak ho sem dej.
- pak zvol v programu OK a pak program ukonči přes Exit

Stáhni si TDSSKiller

Na svojí plochu. Ujisti se , že máš zavřeny všechny ostatní aplikace a prohlížeče. Rozbal soubor a spusť TDSSKiller.exe. Restartuj PC . Log z TDSSKilleru najdeš zde:
C:\TDSSKiller.2.2.7.1._(datum)_log.txt , vlož sem prosím celý obsah logu.

Vypni rezidentní štít antiviru a antispywaru
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Pokud bude po kontrole problém spustit aplikace nebo bude vyskakovat hláška o pokusu použít neplatnou operaci na klíč registru, který je označen pro odstranění, stačí restartovat počítač.

agassi · Příspěvekod **agassi** » 10 črc 2012 22:11

Malwarebytes Anti-Malware (Zkušební verze Malwarebytes Anti-Malware) 1.61.0.1400
www.malwarebytes.org

Verze databáze: v2012.07.10.09

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 7.0.5730.13
ales :: ALES-3B4F3548BE [administrátor]

Ochrana: Povolena

10.7.2012 21:26:27
mbam-log-2012-07-10 (21-26-27).txt

Typ: Rychlá kontrola
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 236690
Uplynulý čas: 6 minut, 10 sekund

Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené klíče v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené hodnoty v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené datové položky v registru: 1
HKLM\SOFTWARE\Microsoft\Security Center|UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Špatný: (1) Dobrý: (0) -> Umístnění do karantény a opravení se zdařilo.

Nalezené složky: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené soubory: 1
C:\Documents and Settings\All Users\Plocha\MP3 Downloader.lnk (Rogue.Link) -> Umístnění do karantény a smazání se zdařilo.

(konec)

21:36:14.0171 2672 TDSS rootkit removing tool 2.7.45.0 Jul 9 2012 12:46:35
21:36:14.0421 2672 ============================================================
21:36:14.0421 2672 Current date / time: 2012/07/10 21:36:14.0421
21:36:14.0421 2672 SystemInfo:
21:36:14.0421 2672
21:36:14.0421 2672 OS Version: 5.1.2600 ServicePack: 3.0
21:36:14.0421 2672 Product type: Workstation
21:36:14.0421 2672 ComputerName: ALES-3B4F3548BE
21:36:14.0421 2672 UserName: ales
21:36:14.0421 2672 Windows directory: C:\WINDOWS
21:36:14.0421 2672 System windows directory: C:\WINDOWS
21:36:14.0421 2672 Processor architecture: Intel x86
21:36:14.0421 2672 Number of processors: 1
21:36:14.0421 2672 Page size: 0x1000
21:36:14.0421 2672 Boot type: Normal boot
21:36:14.0421 2672 ============================================================
21:36:15.0453 2672 Drive \Device\Harddisk0\DR0 - Size: 0x9925B0000 (38.29 Gb), SectorSize: 0x200, Cylinders: 0x1386, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
21:36:15.0453 2672 Drive \Device\Harddisk1\DR1 - Size: 0x2F7B100000 (189.92 Gb), SectorSize: 0x200, Cylinders: 0x60D8, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
21:36:15.0468 2672 Drive \Device\Harddisk2\DR5 - Size: 0x1D1C1116000 (1863.02 Gb), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
21:36:15.0484 2672 Drive \Device\Harddisk4\DR19 - Size: 0x1DD7F8000 (7.46 Gb), SectorSize: 0x200, Cylinders: 0x3CD, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
21:36:15.0484 2672 ============================================================
21:36:15.0484 2672 \Device\Harddisk0\DR0:
21:36:15.0484 2672 MBR partitions:
21:36:15.0484 2672 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x4C8ED06
21:36:15.0484 2672 \Device\Harddisk1\DR1:
21:36:15.0484 2672 MBR partitions:
21:36:15.0484 2672 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F00, BlocksNum 0x752C5A1
21:36:15.0484 2672 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x75304A1, BlocksNum 0x106A4E37
21:36:15.0484 2672 \Device\Harddisk2\DR5:
21:36:15.0500 2672 MBR partitions:
21:36:15.0500 2672 \Device\Harddisk2\DR5\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xE8E07482
21:36:15.0500 2672 \Device\Harddisk4\DR19:
21:36:15.0500 2672 MBR partitions:
21:36:15.0500 2672 \Device\Harddisk4\DR19\Partition0: MBR, Type 0xB, StartLBA 0x3F, BlocksNum 0xEEBDA1
21:36:15.0500 2672 ============================================================
21:36:15.0546 2672 D: <-> \Device\Harddisk1\DR1\Partition1
21:36:15.0609 2672 E: <-> \Device\Harddisk1\DR1\Partition0
21:36:15.0671 2672 C: <-> \Device\Harddisk0\DR0\Partition0
21:36:15.0718 2672 I: <-> \Device\Harddisk2\DR5\Partition0
21:36:15.0718 2672 ============================================================
21:36:15.0718 2672 Initialize success
21:36:15.0718 2672 ============================================================
21:36:27.0593 3444 ============================================================
21:36:27.0593 3444 Scan started
21:36:27.0593 3444 Mode: Manual;
21:36:27.0593 3444 ============================================================
21:36:28.0234 3444 Abiosdsk - ok
21:36:28.0265 3444 abp480n5 - ok
21:36:28.0328 3444 ACPI (4fe34f1f3126b61fcc6b2043aa8112c9) C:\WINDOWS\system32\DRIVERS\ACPI.sys
21:36:28.0343 3444 ACPI - ok
21:36:28.0406 3444 ACPIEC (afdff022a01f0b11c776f0860c3b282f) C:\WINDOWS\system32\drivers\ACPIEC.sys
21:36:28.0406 3444 ACPIEC - ok
21:36:28.0500 3444 AdobeFlashPlayerUpdateSvc (990dc6edc9f933194d7cd4e65146bc94) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
21:36:28.0515 3444 AdobeFlashPlayerUpdateSvc - ok
21:36:28.0531 3444 adpu160m - ok
21:36:28.0609 3444 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
21:36:28.0609 3444 aec - ok
21:36:28.0687 3444 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
21:36:28.0687 3444 AFD - ok
21:36:28.0718 3444 Aha154x - ok
21:36:28.0734 3444 aic78u2 - ok
21:36:28.0765 3444 aic78xx - ok
21:36:28.0906 3444 ALCXWDM (35045a23957a71ba649740741e69408c) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
21:36:28.0937 3444 ALCXWDM - ok
21:36:29.0109 3444 Alerter (e0a6fa244b8624d78fe5ff6f56a33bae) C:\WINDOWS\system32\alrsvc.dll
21:36:29.0109 3444 Alerter - ok
21:36:29.0156 3444 ALG (88842de939a827577bf24243699ac80a) C:\WINDOWS\System32\alg.exe
21:36:29.0156 3444 ALG - ok
21:36:29.0203 3444 AliIde - ok
21:36:29.0250 3444 AmdK8 (61aa5cc421e74f2487b263066f79a006) C:\WINDOWS\system32\DRIVERS\AmdK8.sys
21:36:29.0281 3444 AmdK8 - ok
21:36:29.0296 3444 amsint - ok
21:36:29.0359 3444 AppMgmt (6b8e7a90e576d4fe308f97c69060a171) C:\WINDOWS\System32\appmgmts.dll
21:36:29.0375 3444 AppMgmt - ok
21:36:29.0406 3444 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
21:36:29.0406 3444 Arp1394 - ok
21:36:29.0437 3444 asc - ok
21:36:29.0453 3444 asc3350p - ok
21:36:29.0484 3444 asc3550 - ok
21:36:29.0625 3444 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
21:36:29.0640 3444 aspnet_state - ok
21:36:29.0687 3444 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
21:36:29.0703 3444 AsyncMac - ok
21:36:29.0765 3444 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
21:36:29.0765 3444 atapi - ok
21:36:29.0796 3444 Atdisk - ok
21:36:29.0859 3444 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
21:36:29.0859 3444 Atmarpc - ok
21:36:29.0906 3444 AudioSrv (de31b88962a8645dba5a37b993e7b0f1) C:\WINDOWS\System32\audiosrv.dll
21:36:29.0906 3444 AudioSrv - ok
21:36:29.0968 3444 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
21:36:29.0984 3444 audstub - ok
21:36:30.0062 3444 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
21:36:30.0062 3444 Beep - ok
21:36:30.0125 3444 BITS (19395d092fd85ddc2d9c7729cf5a2ac8) C:\WINDOWS\system32\qmgr.dll
21:36:30.0140 3444 BITS - ok
21:36:30.0312 3444 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
21:36:30.0343 3444 Bonjour Service - ok
21:36:30.0390 3444 Browser (249276d3ef1e74b992299cb96099e4d7) C:\WINDOWS\System32\browser.dll
21:36:30.0406 3444 Browser - ok
21:36:30.0453 3444 BS2Srv (4cfa33fdc5d593eccfe1f0b68a93c3d4) C:\WINDOWS\system32\Drivers\BS2Drv.sys
21:36:30.0453 3444 BS2Srv - ok
21:36:30.0500 3444 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
21:36:30.0515 3444 cbidf2k - ok
21:36:30.0546 3444 cd20xrnt - ok
21:36:30.0578 3444 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
21:36:30.0578 3444 Cdaudio - ok
21:36:30.0671 3444 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
21:36:30.0671 3444 Cdfs - ok
21:36:30.0750 3444 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
21:36:30.0750 3444 Cdrom - ok
21:36:30.0781 3444 Changer - ok
21:36:30.0828 3444 CiSvc (e390dc1d7c461d7d56ec53402f329928) C:\WINDOWS\system32\cisvc.exe
21:36:30.0828 3444 CiSvc - ok
21:36:30.0859 3444 ClipSrv (532796991db963330967f6fc49169bd9) C:\WINDOWS\system32\clipsrv.exe
21:36:30.0859 3444 ClipSrv - ok
21:36:30.0968 3444 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:36:30.0968 3444 clr_optimization_v2.0.50727_32 - ok
21:36:31.0000 3444 CmdIde - ok
21:36:31.0015 3444 COMSysApp - ok
21:36:31.0062 3444 Cpqarray - ok
21:36:31.0125 3444 CryptSvc (f3ab0933cbd166d271992f411c27ccaf) C:\WINDOWS\System32\cryptsvc.dll
21:36:31.0125 3444 CryptSvc - ok
21:36:31.0156 3444 dac2w2k - ok
21:36:31.0187 3444 dac960nt - ok
21:36:31.0265 3444 DcomLaunch (be27674d1cbc3214aec84b4336a38bbf) C:\WINDOWS\system32\rpcss.dll
21:36:31.0265 3444 DcomLaunch - ok
21:36:31.0312 3444 Dhcp (8c9a53e285ac5e6704844d0459ec85be) C:\WINDOWS\System32\dhcpcsvc.dll
21:36:31.0312 3444 Dhcp - ok
21:36:31.0390 3444 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
21:36:31.0406 3444 Disk - ok
21:36:31.0421 3444 dmadmin - ok
21:36:31.0484 3444 dmboot (db5fd2bf5b07dc54bfcb3664ff05bd7c) C:\WINDOWS\system32\drivers\dmboot.sys
21:36:31.0484 3444 dmboot - ok
21:36:31.0546 3444 dmio (fff1720af51171f32f1ead5cf71f2810) C:\WINDOWS\system32\drivers\dmio.sys
21:36:31.0546 3444 dmio - ok
21:36:31.0593 3444 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
21:36:31.0625 3444 dmload - ok
21:36:31.0671 3444 dmserver (2bfefe9e865655a76982f050450b9591) C:\WINDOWS\System32\dmserver.dll
21:36:31.0671 3444 dmserver - ok
21:36:31.0750 3444 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
21:36:31.0750 3444 DMusic - ok
21:36:31.0828 3444 Dnscache (dfaa406bf19f4ee806a6f8d4342137f7) C:\WINDOWS\System32\dnsrslvr.dll
21:36:31.0828 3444 Dnscache - ok
21:36:31.0875 3444 Dot3svc (4a3e2bd20157a0946751229e92eb8621) C:\WINDOWS\System32\dot3svc.dll
21:36:31.0875 3444 Dot3svc - ok
21:36:31.0890 3444 dpti2o - ok
21:36:31.0953 3444 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
21:36:31.0968 3444 drmkaud - ok
21:36:32.0046 3444 dtsoftbus01 (c0c7ceccb6c85994c2bc92d58e52d3f2) C:\WINDOWS\system32\DRIVERS\dtsoftbus01.sys
21:36:32.0046 3444 dtsoftbus01 - ok
21:36:32.0156 3444 DUMeterSvc - ok
21:36:32.0171 3444 eamon (59d9e5dbcfef1e0e3dbac1b55c718f2d) C:\WINDOWS\system32\DRIVERS\eamon.sys
21:36:32.0171 3444 eamon - ok
21:36:32.0234 3444 EapHost (0887d9c2be8d940778cad1e3b85f2a41) C:\WINDOWS\System32\eapsvc.dll
21:36:32.0250 3444 EapHost - ok
21:36:32.0296 3444 ehdrv (3bd67a869964bf57266cbbd1dca38c6a) C:\WINDOWS\system32\DRIVERS\ehdrv.sys
21:36:32.0296 3444 ehdrv - ok
21:36:32.0406 3444 EhttpSrv (96fc9ad2c1b008424093f5367ca1ae3e) C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
21:36:32.0406 3444 EhttpSrv - ok
21:36:32.0484 3444 ekrn (d543e7e8bcae3f5d256335eee809adf5) C:\Program Files\ESET\ESET Smart Security\ekrn.exe
21:36:32.0515 3444 ekrn - ok
21:36:32.0546 3444 epfw (1a7384d0684adc204178f593994194b1) C:\WINDOWS\system32\DRIVERS\epfw.sys
21:36:32.0562 3444 epfw - ok
21:36:32.0609 3444 Epfwndis (82ccb9d92dd674f3a4758f4a6a18fc1c) C:\WINDOWS\system32\DRIVERS\Epfwndis.sys
21:36:32.0609 3444 Epfwndis - ok
21:36:32.0687 3444 epfwtdi (db4fe66ecc47e6934dd769ff00e170bc) C:\WINDOWS\system32\DRIVERS\epfwtdi.sys
21:36:32.0687 3444 epfwtdi - ok
21:36:32.0750 3444 ERSvc (a2a4912798f2be706abadd3d30800d16) C:\WINDOWS\System32\ersvc.dll
21:36:32.0750 3444 ERSvc - ok
21:36:32.0828 3444 Eventlog (9ef697af07bb8dd82c3b02ca953a95b7) C:\WINDOWS\system32\services.exe
21:36:32.0828 3444 Eventlog - ok
21:36:32.0890 3444 EventSystem (a371f11ef07653591c8de26afb13ce7f) C:\WINDOWS\system32\es.dll
21:36:32.0890 3444 EventSystem - ok
21:36:32.0968 3444 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
21:36:32.0968 3444 Fastfat - ok
21:36:33.0046 3444 FastUserSwitchingCompatibility (ee9a2b9ea968a792a053c9d1a86bf870) C:\WINDOWS\System32\shsvcs.dll
21:36:33.0046 3444 FastUserSwitchingCompatibility - ok
21:36:33.0109 3444 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
21:36:33.0125 3444 Fdc - ok
21:36:33.0187 3444 Fips (ac366695a0796560aa37215ad5762aaf) C:\WINDOWS\system32\drivers\Fips.sys
21:36:33.0187 3444 Fips - ok
21:36:33.0250 3444 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
21:36:33.0265 3444 Flpydisk - ok
21:36:33.0343 3444 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
21:36:33.0343 3444 FltMgr - ok
21:36:33.0453 3444 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
21:36:33.0453 3444 FontCache3.0.0.0 - ok
21:36:33.0500 3444 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
21:36:33.0531 3444 Fs_Rec - ok
21:36:33.0593 3444 Ftdisk (4e664d8541db4a66b73a24257e322e1f) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
21:36:33.0609 3444 Ftdisk - ok
21:36:33.0687 3444 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys
21:36:33.0687 3444 gameenum - ok
21:36:33.0703 3444 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
21:36:33.0734 3444 Gpc - ok
21:36:33.0828 3444 helpsvc (fcfe31fb75f8a6295b6b0af87a626282) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
21:36:33.0828 3444 helpsvc - ok
21:36:33.0906 3444 HidServ (00e25ee90166b3e1be6e74aebf858306) C:\WINDOWS\System32\hidserv.dll
21:36:33.0906 3444 HidServ - ok
21:36:33.0953 3444 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
21:36:33.0953 3444 hidusb - ok
21:36:34.0000 3444 hkmsvc (7a6b320928f86bc851530d63c82965d9) C:\WINDOWS\System32\kmsvc.dll
21:36:34.0015 3444 hkmsvc - ok
21:36:34.0031 3444 hpn - ok
21:36:34.0093 3444 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
21:36:34.0140 3444 HTTP - ok
21:36:34.0187 3444 HTTPFilter (58fe2f2da3bc5573f4a35b3760d3125f) C:\WINDOWS\System32\w3ssl.dll
21:36:34.0187 3444 HTTPFilter - ok
21:36:34.0218 3444 i2omgmt - ok
21:36:34.0234 3444 i2omp - ok
21:36:34.0281 3444 i8042prt (c528e27945367191e7bae364930b6932) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
21:36:34.0296 3444 i8042prt - ok
21:36:34.0406 3444 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
21:36:34.0421 3444 idsvc - ok
21:36:34.0484 3444 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
21:36:34.0484 3444 Imapi - ok
21:36:34.0546 3444 ImapiService (f7b93aafad33b2320954c17e26c8d361) C:\WINDOWS\system32\imapi.exe
21:36:34.0546 3444 ImapiService - ok
21:36:34.0578 3444 ini910u - ok
21:36:34.0609 3444 IntelIde - ok
21:36:34.0656 3444 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
21:36:34.0703 3444 Ip6Fw - ok
21:36:34.0750 3444 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
21:36:34.0750 3444 IpFilterDriver - ok
21:36:34.0796 3444 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
21:36:34.0796 3444 IpInIp - ok
21:36:34.0843 3444 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
21:36:34.0843 3444 IpNat - ok
21:36:34.0875 3444 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
21:36:34.0906 3444 IPSec - ok
21:36:34.0968 3444 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
21:36:34.0968 3444 IRENUM - ok
21:36:35.0031 3444 isapnp (cc9f8a2d60aed1a51a3ac34c59b987ae) C:\WINDOWS\system32\DRIVERS\isapnp.sys
21:36:35.0046 3444 isapnp - ok
21:36:35.0218 3444 JavaQuickStarterService (de5d05fd449798ef88cc34ad4b1e7f85) C:\Program Files\Java\jre6\bin\jqs.exe
21:36:35.0234 3444 JavaQuickStarterService - ok
21:36:35.0281 3444 Kbdclass (1b6162fe7f66b1a71a4b70f941c4aa9b) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
21:36:35.0296 3444 Kbdclass - ok
21:36:35.0359 3444 kbdhid (86c8f23616c6c6e5b2776901c17b945b) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
21:36:35.0359 3444 kbdhid - ok
21:36:35.0421 3444 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
21:36:35.0421 3444 kmixer - ok
21:36:35.0484 3444 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
21:36:35.0515 3444 KSecDD - ok
21:36:35.0578 3444 LanmanServer (3428e8f86f8add36b42fb23542c7b3e4) C:\WINDOWS\System32\srvsvc.dll
21:36:35.0578 3444 LanmanServer - ok
21:36:35.0656 3444 lanmanworkstation (936c1d110232d23b621cb0196e4f80f0) C:\WINDOWS\System32\wkssvc.dll
21:36:35.0671 3444 lanmanworkstation - ok
21:36:35.0687 3444 lbrtfdc - ok
21:36:35.0781 3444 LmHosts (0ab159f536e3e8f7f07113702a07cca5) C:\WINDOWS\System32\lmhsvc.dll
21:36:35.0781 3444 LmHosts - ok
21:36:35.0843 3444 MBAMProtector (fb097bbc1a18f044bd17bd2fccf97865) C:\WINDOWS\system32\drivers\mbam.sys
21:36:35.0843 3444 MBAMProtector - ok
21:36:35.0906 3444 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
21:36:35.0937 3444 MBAMService - ok
21:36:36.0000 3444 Messenger (221cd1c815b8a6b79389c3f5d1018de8) C:\WINDOWS\System32\msgsvc.dll
21:36:36.0000 3444 Messenger - ok
21:36:36.0093 3444 Microsoft Office Groove Audit Service (033b947af4a997820e86fcb070b1f450) C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
21:36:36.0093 3444 Microsoft Office Groove Audit Service - ok
21:36:36.0140 3444 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
21:36:36.0140 3444 mnmdd - ok
21:36:36.0203 3444 mnmsrvc (f35e7d1f9edb5446a48b5139ae7566db) C:\WINDOWS\system32\mnmsrvc.exe
21:36:36.0203 3444 mnmsrvc - ok
21:36:36.0234 3444 Modem (44032b0c6d9954d3fd26438330b99ee7) C:\WINDOWS\system32\drivers\Modem.sys
21:36:36.0234 3444 Modem - ok
21:36:36.0281 3444 Mouclass (4cb582831dbde63ce43b45d771218374) C:\WINDOWS\system32\DRIVERS\mouclass.sys
21:36:36.0281 3444 Mouclass - ok
21:36:36.0312 3444 mouhid (bb269eba740737ab749b214d568b6812) C:\WINDOWS\system32\DRIVERS\mouhid.sys
21:36:36.0312 3444 mouhid - ok
21:36:36.0343 3444 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
21:36:36.0375 3444 MountMgr - ok
21:36:36.0453 3444 MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
21:36:36.0453 3444 MozillaMaintenance - ok
21:36:36.0468 3444 mraid35x - ok
21:36:36.0531 3444 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
21:36:36.0578 3444 MRxDAV - ok
21:36:36.0656 3444 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
21:36:36.0687 3444 MRxSmb - ok
21:36:36.0750 3444 MSDTC (89f6e40e87a68ae64de735cd008c4ac9) C:\WINDOWS\system32\msdtc.exe
21:36:36.0750 3444 MSDTC - ok
21:36:36.0796 3444 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
21:36:36.0828 3444 Msfs - ok
21:36:36.0843 3444 MSIServer - ok
21:36:36.0875 3444 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
21:36:36.0875 3444 MSKSSRV - ok
21:36:36.0906 3444 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
21:36:36.0906 3444 MSPCLOCK - ok
21:36:36.0937 3444 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
21:36:36.0937 3444 MSPQM - ok
21:36:37.0015 3444 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
21:36:37.0015 3444 mssmbios - ok
21:36:37.0062 3444 ms_mpu401 (ca3e22598f411199adc2dfee76cd0ae0) C:\WINDOWS\system32\drivers\msmpu401.sys
21:36:37.0078 3444 ms_mpu401 - ok
21:36:37.0125 3444 MTsensor (d48659bb24c48345d926ecb45c1ebdf5) C:\WINDOWS\system32\DRIVERS\ASACPI.sys
21:36:37.0125 3444 MTsensor - ok
21:36:37.0187 3444 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
21:36:37.0187 3444 Mup - ok
21:36:37.0234 3444 napagent (6ea362e9db03d44f6b996f4d8be237e9) C:\WINDOWS\System32\qagentrt.dll
21:36:37.0250 3444 napagent - ok
21:36:37.0296 3444 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
21:36:37.0296 3444 NDIS - ok
21:36:37.0359 3444 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
21:36:37.0359 3444 NdisTapi - ok
21:36:37.0406 3444 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
21:36:37.0406 3444 Ndisuio - ok
21:36:37.0468 3444 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
21:36:37.0484 3444 NdisWan - ok
21:36:37.0546 3444 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
21:36:37.0546 3444 NDProxy - ok
21:36:37.0625 3444 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
21:36:37.0625 3444 NetBIOS - ok
21:36:37.0656 3444 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
21:36:37.0671 3444 NetBT - ok
21:36:37.0718 3444 NetDDE (933de774986ec85e48210c44ab431de6) C:\WINDOWS\system32\netdde.exe
21:36:37.0718 3444 NetDDE - ok
21:36:37.0734 3444 NetDDEdsdm (933de774986ec85e48210c44ab431de6) C:\WINDOWS\system32\netdde.exe
21:36:37.0750 3444 NetDDEdsdm - ok
21:36:37.0812 3444 Netlogon (ed0a176354487ceed65b80a7148ab739) C:\WINDOWS\system32\lsass.exe
21:36:37.0812 3444 Netlogon - ok
21:36:37.0859 3444 Netman (72e1e9e2977be08bdeedb6d8fd9d4d40) C:\WINDOWS\System32\netman.dll
21:36:37.0859 3444 Netman - ok
21:36:38.0015 3444 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
21:36:38.0015 3444 NetTcpPortSharing - ok
21:36:38.0078 3444 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
21:36:38.0078 3444 NIC1394 - ok
21:36:38.0140 3444 Nla (39ee7c3bfbc64ba87cc8cf67386e814c) C:\WINDOWS\System32\mswsock.dll
21:36:38.0140 3444 Nla - ok
21:36:38.0187 3444 nmwcd (f6c40e0a565ee3ce5aeeb325e10054f2) C:\WINDOWS\system32\drivers\ccdcmb.sys
21:36:38.0218 3444 nmwcd - ok
21:36:38.0265 3444 nmwcdc (2a394e9e1fa3565e4b2fea470ffe4d6b) C:\WINDOWS\system32\drivers\ccdcmbo.sys
21:36:38.0265 3444 nmwcdc - ok
21:36:38.0312 3444 nmwcdnsu (99b224f8026cb534724aa3c408561e45) C:\WINDOWS\system32\drivers\nmwcdnsu.sys
21:36:38.0312 3444 nmwcdnsu - ok
21:36:38.0343 3444 nmwcdnsuc (d23257682d349a5e2e4507ed33decc16) C:\WINDOWS\system32\drivers\nmwcdnsuc.sys
21:36:38.0343 3444 nmwcdnsuc - ok
21:36:38.0390 3444 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
21:36:38.0390 3444 Npfs - ok
21:36:38.0421 3444 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
21:36:38.0421 3444 Ntfs - ok
21:36:38.0453 3444 NtLmSsp (ed0a176354487ceed65b80a7148ab739) C:\WINDOWS\system32\lsass.exe
21:36:38.0453 3444 NtLmSsp - ok
21:36:38.0515 3444 NtmsSvc (023dd70573d644f3d9c8b1258a7bfd08) C:\WINDOWS\system32\ntmssvc.dll
21:36:38.0515 3444 NtmsSvc - ok
21:36:38.0578 3444 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
21:36:38.0593 3444 Null - ok
21:36:39.0125 3444 nv (062c16f3364c7706713282163586988e) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
21:36:39.0312 3444 nv - ok
21:36:39.0468 3444 nvatabus (a1f88223528aadbb6374132becbbdcc1) C:\WINDOWS\system32\DRIVERS\nvatabus.sys
21:36:39.0484 3444 nvatabus - ok
21:36:39.0515 3444 NVENETFD (ac050fdc2d24c678bc49b5d5671e13be) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
21:36:39.0515 3444 NVENETFD - ok
21:36:39.0546 3444 nvnetbus (81339157c429aada7a6aea97f3177da7) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
21:36:39.0562 3444 nvnetbus - ok
21:36:39.0640 3444 NVSvc (b2f5ac506c9b1103827b62ba18a2c514) C:\WINDOWS\system32\nvsvc32.exe
21:36:39.0640 3444 NVSvc - ok
21:36:39.0859 3444 nvUpdatusService (844a25c9e3076edef2b12e0beded755d) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
21:36:39.0968 3444 nvUpdatusService - ok
21:36:40.0140 3444 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
21:36:40.0140 3444 NwlnkFlt - ok
21:36:40.0156 3444 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
21:36:40.0171 3444 NwlnkFwd - ok
21:36:40.0281 3444 odserv (e54aa592a65f317390eee386a8821692) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
21:36:40.0281 3444 odserv - ok
21:36:40.0343 3444 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
21:36:40.0359 3444 ohci1394 - ok
21:36:40.0406 3444 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:36:40.0406 3444 ose - ok
21:36:40.0468 3444 Parport (46f8db73b4a53e543f8e371dc7c75bae) C:\WINDOWS\system32\DRIVERS\parport.sys
21:36:40.0468 3444 Parport - ok
21:36:40.0531 3444 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
21:36:40.0531 3444 PartMgr - ok
21:36:40.0578 3444 ParVdm (1fae19d0457176318bba4a8795656ebc) C:\WINDOWS\system32\drivers\ParVdm.sys
21:36:40.0593 3444 ParVdm - ok
21:36:40.0656 3444 pccsmcfd (fd2041e9ba03db7764b2248f02475079) C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys
21:36:40.0656 3444 pccsmcfd - ok
21:36:40.0718 3444 PCI (6ce351d149cb4befc702951e471e1730) C:\WINDOWS\system32\DRIVERS\pci.sys
21:36:40.0718 3444 PCI - ok
21:36:40.0718 3444 PCIDump - ok
21:36:40.0750 3444 PCIIde (2da4ec85e0ea7a45c6b2a05820492d5a) C:\WINDOWS\system32\DRIVERS\pciide.sys
21:36:40.0750 3444 PCIIde - ok
21:36:40.0796 3444 Pcmcia (4fc31e6c19a5ce5198b1abff94cae758) C:\WINDOWS\system32\drivers\Pcmcia.sys
21:36:40.0796 3444 Pcmcia - ok
21:36:40.0812 3444 PDCOMP - ok
21:36:40.0828 3444 PDFRAME - ok
21:36:40.0843 3444 PDRELI - ok
21:36:40.0875 3444 PDRFRAME - ok
21:36:40.0890 3444 perc2 - ok
21:36:40.0906 3444 perc2hib - ok
21:36:41.0000 3444 PlugPlay (9ef697af07bb8dd82c3b02ca953a95b7) C:\WINDOWS\system32\services.exe
21:36:41.0000 3444 PlugPlay - ok
21:36:41.0046 3444 PolicyAgent (ed0a176354487ceed65b80a7148ab739) C:\WINDOWS\system32\lsass.exe
21:36:41.0046 3444 PolicyAgent - ok
21:36:41.0093 3444 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
21:36:41.0109 3444 PptpMiniport - ok
21:36:41.0156 3444 Processor (7eb15dce4ec3a0220bd796a15c18186e) C:\WINDOWS\system32\DRIVERS\processr.sys
21:36:41.0171 3444 Processor - ok
21:36:41.0187 3444 ProtectedStorage (ed0a176354487ceed65b80a7148ab739) C:\WINDOWS\system32\lsass.exe
21:36:41.0187 3444 ProtectedStorage - ok
21:36:41.0250 3444 Ps2 (390c204ced3785609ab24e9c52054a84) C:\WINDOWS\system32\DRIVERS\PS2.sys
21:36:41.0250 3444 Ps2 - ok
21:36:41.0312 3444 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
21:36:41.0375 3444 PSched - ok
21:36:41.0406 3444 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
21:36:41.0406 3444 Ptilink - ok
21:36:41.0453 3444 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
21:36:41.0453 3444 PxHelp20 - ok
21:36:41.0468 3444 ql1080 - ok
21:36:41.0484 3444 Ql10wnt - ok
21:36:41.0515 3444 ql12160 - ok
21:36:41.0531 3444 ql1240 - ok
21:36:41.0546 3444 ql1280 - ok
21:36:41.0609 3444 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
21:36:41.0625 3444 RasAcd - ok
21:36:41.0671 3444 RasAuto (2b5e44ea009f2f374b980e1e9a70635d) C:\WINDOWS\System32\rasauto.dll
21:36:41.0671 3444 RasAuto - ok
21:36:41.0734 3444 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
21:36:41.0750 3444 Rasl2tp - ok
21:36:41.0796 3444 RasMan (d57554c664b64604bd1ee13ea2c07e77) C:\WINDOWS\System32\rasmans.dll
21:36:41.0796 3444 RasMan - ok
21:36:41.0812 3444 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
21:36:41.0828 3444 RasPppoe - ok
21:36:41.0890 3444 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
21:36:41.0890 3444 Raspti - ok
21:36:41.0953 3444 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
21:36:41.0953 3444 Rdbss - ok
21:36:42.0015 3444 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
21:36:42.0015 3444 RDPCDD - ok
21:36:42.0093 3444 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
21:36:42.0093 3444 rdpdr - ok
21:36:42.0156 3444 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
21:36:42.0156 3444 RDPWD - ok
21:36:42.0203 3444 RDSessMgr (c0d9d9711cb74ee9bc66353d8cbdab0e) C:\WINDOWS\system32\sessmgr.exe
21:36:42.0203 3444 RDSessMgr - ok
21:36:42.0265 3444 redbook (611bfd220305be3a85ae876ea47d4aa5) C:\WINDOWS\system32\DRIVERS\redbook.sys
21:36:42.0265 3444 redbook - ok
21:36:42.0312 3444 RemoteAccess (127c26b5371651043450e52542099aba) C:\WINDOWS\System32\mprdim.dll
21:36:42.0312 3444 RemoteAccess - ok
21:36:42.0375 3444 RemoteRegistry (8f31505484a190d5b22274708799f4ec) C:\WINDOWS\system32\regsvc.dll
21:36:42.0375 3444 RemoteRegistry - ok
21:36:42.0421 3444 RpcLocator (718b3bdc0bc3c2f7d065a53d26202af9) C:\WINDOWS\system32\locator.exe
21:36:42.0421 3444 RpcLocator - ok
21:36:42.0484 3444 RpcSs (be27674d1cbc3214aec84b4336a38bbf) C:\WINDOWS\system32\rpcss.dll
21:36:42.0500 3444 RpcSs - ok
21:36:42.0546 3444 RSVP (09ab2e71e58b078038e3bfdba7ffc984) C:\WINDOWS\system32\rsvp.exe
21:36:42.0562 3444 RSVP - ok
21:36:42.0640 3444 SamSs (ed0a176354487ceed65b80a7148ab739) C:\WINDOWS\system32\lsass.exe
21:36:42.0640 3444 SamSs - ok
21:36:42.0703 3444 SCardSvr (410046e401eb11e1e6749e9deea41d4a) C:\WINDOWS\System32\SCardSvr.exe
21:36:42.0703 3444 SCardSvr - ok
21:36:42.0765 3444 Schedule (3ff232a7731621b8902d81d42418c93c) C:\WINDOWS\system32\schedsvc.dll
21:36:42.0765 3444 Schedule - ok
21:36:42.0921 3444 SeagateDashboardService (2c542fb84b26459d437b22a9bc63c14d) C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe
21:36:42.0921 3444 SeagateDashboardService - ok
21:36:42.0984 3444 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
21:36:43.0000 3444 Secdrv - ok
21:36:43.0046 3444 seclogon (477e2c3cc5e4a0d635bcb0ea8dcac3c6) C:\WINDOWS\System32\seclogon.dll
21:36:43.0046 3444 seclogon - ok
21:36:43.0078 3444 SENS (a530b75c10c23c9ab28fdb6ce719e21f) C:\WINDOWS\system32\sens.dll
21:36:43.0078 3444 SENS - ok
21:36:43.0140 3444 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
21:36:43.0140 3444 serenum - ok
21:36:43.0171 3444 Serial (b842729337c9b921615c40d3c1a1af96) C:\WINDOWS\system32\DRIVERS\serial.sys
21:36:43.0171 3444 Serial - ok
21:36:43.0296 3444 ServiceLayer (c15b813f2fdb44f87f23312472c6e790) C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
21:36:43.0312 3444 ServiceLayer - ok
21:36:43.0390 3444 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
21:36:43.0390 3444 Sfloppy - ok
21:36:43.0453 3444 SharedAccess (f58faca9621d2db01bd0927d9a0a208e) C:\WINDOWS\System32\ipnathlp.dll
21:36:43.0468 3444 SharedAccess - ok
21:36:43.0531 3444 ShellHWDetection (ee9a2b9ea968a792a053c9d1a86bf870) C:\WINDOWS\System32\shsvcs.dll
21:36:43.0531 3444 ShellHWDetection - ok
21:36:43.0625 3444 si3114r5 (87d406c592327ded095ff314427a4fa7) C:\WINDOWS\system32\DRIVERS\Si3114r5.sys
21:36:43.0656 3444 si3114r5 - ok
21:36:43.0703 3444 SiFilter (1582e88c6f340627247b1ecd00fa84fe) C:\WINDOWS\system32\DRIVERS\SiWinAcc.sys
21:36:43.0703 3444 SiFilter - ok
21:36:43.0718 3444 Simbad - ok
21:36:43.0750 3444 Sparrow - ok
21:36:43.0812 3444 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
21:36:43.0812 3444 splitter - ok
21:36:43.0875 3444 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
21:36:43.0875 3444 Spooler - ok
21:36:43.0953 3444 sr (94610c8653635e4459316a0050d55ce7) C:\WINDOWS\system32\DRIVERS\sr.sys
21:36:43.0953 3444 sr - ok
21:36:43.0984 3444 srservice (35b91147124f64ac8081a2edb9ea4dee) C:\WINDOWS\system32\srsvc.dll
21:36:43.0984 3444 srservice - ok
21:36:44.0062 3444 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
21:36:44.0062 3444 Srv - ok
21:36:44.0140 3444 SSDPSRV (becd5271dc4e3b7c3d035f790fcbc1e5) C:\WINDOWS\System32\ssdpsrv.dll
21:36:44.0140 3444 SSDPSRV - ok
21:36:44.0218 3444 stisvc (c1cdd9275f6a115bb0ae1d55d8d27ba6) C:\WINDOWS\system32\wiaservc.dll
21:36:44.0218 3444 stisvc - ok
21:36:44.0281 3444 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
21:36:44.0281 3444 swenum - ok
21:36:44.0312 3444 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
21:36:44.0312 3444 swmidi - ok
21:36:44.0328 3444 SwPrv - ok
21:36:44.0343 3444 symc810 - ok
21:36:44.0359 3444 symc8xx - ok
21:36:44.0375 3444 sym_hi - ok
21:36:44.0406 3444 sym_u3 - ok
21:36:44.0437 3444 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
21:36:44.0437 3444 sysaudio - ok
21:36:44.0484 3444 SysmonLog (ce06f01b88ace199a1bf460cac29c110) C:\WINDOWS\system32\smlogsvc.exe
21:36:44.0484 3444 SysmonLog - ok
21:36:44.0531 3444 TapiSrv (c2546cd7a398476f9df5614b2ae160e8) C:\WINDOWS\System32\tapisrv.dll
21:36:44.0531 3444 TapiSrv - ok
21:36:44.0625 3444 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
21:36:44.0625 3444 Tcpip - ok
21:36:44.0687 3444 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
21:36:44.0687 3444 TDPIPE - ok
21:36:44.0718 3444 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
21:36:44.0718 3444 TDTCP - ok
21:36:44.0781 3444 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
21:36:44.0781 3444 TermDD - ok
21:36:44.0843 3444 TermService (a75dd6fc3dbee4fff5ebc9f2c28bb66e) C:\WINDOWS\System32\termsrv.dll
21:36:44.0859 3444 TermService - ok
21:36:44.0921 3444 Themes (ee9a2b9ea968a792a053c9d1a86bf870) C:\WINDOWS\System32\shsvcs.dll
21:36:44.0921 3444 Themes - ok
21:36:44.0984 3444 TlntSvr (cd0cc7b167d78043a41c98d4921efb54) C:\WINDOWS\system32\tlntsvr.exe
21:36:44.0984 3444 TlntSvr - ok
21:36:45.0125 3444 TomTomHOMEService (3199a477f0f06eede41bd55179f8eb05) C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
21:36:45.0125 3444 TomTomHOMEService - ok
21:36:45.0156 3444 TosIde - ok
21:36:45.0218 3444 TrkWks (38853304ccb938d30e0c4cde8d2c2a8a) C:\WINDOWS\system32\trkwks.dll
21:36:45.0218 3444 TrkWks - ok
21:36:45.0265 3444 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
21:36:45.0265 3444 Udfs - ok
21:36:45.0296 3444 ultra - ok
21:36:45.0359 3444 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
21:36:45.0359 3444 Update - ok
21:36:45.0421 3444 upnphost (651bd90dcee5b7bdc74a2eb7c9266f9e) C:\WINDOWS\System32\upnphost.dll
21:36:45.0437 3444 upnphost - ok
21:36:45.0468 3444 upperdev (47f5f9d837d80ffd5882a14db9da0a67) C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys
21:36:45.0484 3444 upperdev - ok
21:36:45.0515 3444 UPS (20a0f6a11959e92908717d09e87d670d) C:\WINDOWS\System32\ups.exe
21:36:45.0515 3444 UPS - ok
21:36:45.0578 3444 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
21:36:45.0578 3444 usbccgp - ok
21:36:45.0656 3444 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
21:36:45.0656 3444 usbehci - ok
21:36:45.0718 3444 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
21:36:45.0718 3444 usbhub - ok
21:36:45.0750 3444 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
21:36:45.0750 3444 usbohci - ok
21:36:45.0796 3444 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
21:36:45.0796 3444 usbprint - ok
21:36:45.0843 3444 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
21:36:45.0875 3444 usbscan - ok
21:36:45.0906 3444 usbser (1c888b000c2f9492f4b15b5b6b84873e) C:\WINDOWS\system32\drivers\usbser.sys
21:36:45.0906 3444 usbser - ok
21:36:45.0953 3444 UsbserFilt (e44f0d17be0908b58dcc99ccb99c6c32) C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys
21:36:45.0953 3444 UsbserFilt - ok
21:36:46.0000 3444 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
21:36:46.0000 3444 USBSTOR - ok
21:36:46.0062 3444 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
21:36:46.0062 3444 VgaSave - ok
21:36:46.0078 3444 ViaIde - ok
21:36:46.0109 3444 VolSnap (28a4b296b47782173c346e376cb374d1) C:\WINDOWS\system32\drivers\VolSnap.sys
21:36:46.0109 3444 VolSnap - ok
21:36:46.0171 3444 vsbus (1c8a783e90c34d205596f1ab4a97e261) C:\WINDOWS\system32\DRIVERS\vsb.sys
21:36:46.0171 3444 vsbus - ok
21:36:46.0203 3444 vserial (3377daa1cb8cac46a538c236f5f3d58f) C:\WINDOWS\system32\DRIVERS\vserial.sys
21:36:46.0234 3444 vserial - ok
21:36:46.0281 3444 VSS (d6ba1a63d9e00933f1cd2a885573afb2) C:\WINDOWS\System32\vssvc.exe
21:36:46.0281 3444 VSS - ok
21:36:46.0343 3444 W32Time (fa4e1cdba256787f2149f4aad07bc91f) C:\WINDOWS\system32\w32time.dll
21:36:46.0343 3444 W32Time - ok
21:36:46.0375 3444 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
21:36:46.0390 3444 Wanarp - ok
21:36:46.0453 3444 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys
21:36:46.0468 3444 Wdf01000 - ok
21:36:46.0484 3444 WDICA - ok
21:36:46.0546 3444 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
21:36:46.0546 3444 wdmaud - ok
21:36:46.0609 3444 WebClient (47ae51048a82dfa1cd6b51d369f7e169) C:\WINDOWS\System32\webclnt.dll
21:36:46.0609 3444 WebClient - ok
21:36:46.0765 3444 WinDefend (f45dd1e1365d857dd08bc23563370d0e) C:\Program Files\Windows Defender\MsMpEng.exe
21:36:46.0781 3444 WinDefend - ok
21:36:46.0921 3444 winmgmt (e488332126e3b1182d2b8a0c35408ec6) C:\WINDOWS\system32\wbem\WMIsvc.dll
21:36:46.0921 3444 winmgmt - ok
21:36:47.0015 3444 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\mspmsnsv.dll
21:36:47.0015 3444 WmdmPmSN - ok
21:36:47.0093 3444 Wmi (0171cff34bba8c5977f18c48d8aef8c6) C:\WINDOWS\System32\advapi32.dll
21:36:47.0109 3444 Wmi - ok
21:36:47.0187 3444 WmiApSrv (23f6f03272f7e5679f1f050aed5acee6) C:\WINDOWS\system32\wbem\wmiapsrv.exe
21:36:47.0187 3444 WmiApSrv - ok
21:36:47.0312 3444 WMPNetworkSvc (3739866d20abd42f26a7b85f9e2560af) C:\Program Files\Windows Media Player\WMPNetwk.exe
21:36:47.0312 3444 WMPNetworkSvc - ok
21:36:47.0390 3444 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
21:36:47.0406 3444 WpdUsb - ok
21:36:47.0468 3444 wscsvc (4c86d5faf78194995af9cc1075f65dd3) C:\WINDOWS\system32\wscsvc.dll
21:36:47.0468 3444 wscsvc - ok
21:36:47.0546 3444 wuauserv (c1364564800ee9784192145324a23308) C:\WINDOWS\system32\wuauserv.dll
21:36:47.0546 3444 wuauserv - ok
21:36:47.0625 3444 WudfPf (eaa6324f51214d2f6718977ec9ce0def) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
21:36:47.0625 3444 WudfPf - ok
21:36:47.0671 3444 WudfRd (f91ff1e51fca30b3c3981db7d5924252) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
21:36:47.0671 3444 WudfRd - ok
21:36:47.0718 3444 WudfSvc (ddee3682fe97037c45f4d7ab467cb8b6) C:\WINDOWS\System32\WUDFSvc.dll
21:36:47.0734 3444 WudfSvc - ok
21:36:47.0812 3444 WZCSVC (a27d4ba7264c0bf52f32d10405bea1d4) C:\WINDOWS\System32\wzcsvc.dll
21:36:47.0828 3444 WZCSVC - ok
21:36:47.0890 3444 xmlprov (eaa4bb9edb3fb10cf8979fe65e63658f) C:\WINDOWS\System32\xmlprov.dll
21:36:47.0890 3444 xmlprov - ok
21:36:47.0937 3444 MBR (0x1B8) (413fc2a0c716421b3158746d63736515) \Device\Harddisk0\DR0
21:36:48.0328 3444 \Device\Harddisk0\DR0 - ok
21:36:48.0359 3444 MBR (0x1B8) (413fc2a0c716421b3158746d63736515) \Device\Harddisk1\DR1
21:36:48.0703 3444 \Device\Harddisk1\DR1 - ok
21:36:48.0750 3444 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk2\DR5
21:36:48.0750 3444 \Device\Harddisk2\DR5 - ok
21:36:48.0765 3444 MBR (0x1B8) (ddae9d649db12f6aff24483f2c298989) \Device\Harddisk4\DR19
21:36:48.0781 3444 \Device\Harddisk4\DR19 - ok
21:36:48.0781 3444 Boot (0x1200) (a1039a1a4eff64b8917bc2a21f622194) \Device\Harddisk0\DR0\Partition0
21:36:48.0796 3444 \Device\Harddisk0\DR0\Partition0 - ok
21:36:48.0828 3444 Boot (0x1200) (598d439c8c7bb53af53f0a8f4e91f6ed) \Device\Harddisk1\DR1\Partition0
21:36:48.0828 3444 \Device\Harddisk1\DR1\Partition0 - ok
21:36:48.0828 3444 Boot (0x1200) (e1dbe8255f7800e6d0a68939b13b6fa2) \Device\Harddisk1\DR1\Partition1
21:36:48.0828 3444 \Device\Harddisk1\DR1\Partition1 - ok
21:36:48.0859 3444 Boot (0x1200) (4890157468cc39826724f308bc907a66) \Device\Harddisk2\DR5\Partition0
21:36:48.0859 3444 \Device\Harddisk2\DR5\Partition0 - ok
21:36:48.0875 3444 Boot (0x1200) (9e0e502f56a8531ab4be705a54d21ba1) \Device\Harddisk4\DR19\Partition0
21:36:48.0875 3444 \Device\Harddisk4\DR19\Partition0 - ok
21:36:48.0875 3444 ============================================================
21:36:48.0875 3444 Scan finished
21:36:48.0875 3444 ============================================================
21:36:48.0890 3892 Detected object count: 0
21:36:48.0890 3892 Actual detected object count: 0
21:37:01.0546 1524 Deinitialize success

ComboFix 12-07-10.01 - ales 10.07.2012 21:56:13.1.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2047.1397 [GMT 2:00]
Spuštěný z: c:\documents and settings\ales\Plocha\ComboFix.exe
AV: ESET Smart Security 4.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET personal firewall *Enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
.
VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\ales\xmlUpdater.exe
c:\documents and settings\Default User\xmlUpdater.exe
c:\documents and settings\Sona\xmlUpdater.exe
c:\documents and settings\UpdatusUser\xmlUpdater.exe
c:\windows\IsUn0405.exe
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\regedit.com
c:\windows\system32\config\systemprofile\xmlUpdater.exe
c:\windows\system32\taskmgr.com
I:\Autorun.inf
I:\Setup.exe
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-06-10 do 2012-07-10 )))))))))))))))))))))))))))))))
.
.
2012-07-10 16:28 . 2012-07-10 16:28 -------- d-----w- c:\documents and settings\All Users\Data aplikací\TomTom
2012-07-08 17:05 . 2012-07-08 17:05 -------- d-----w- c:\documents and settings\ales\Data aplikací\Malwarebytes
2012-07-08 17:05 . 2012-07-08 17:05 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2012-07-08 17:05 . 2012-07-08 17:05 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-07-08 17:05 . 2012-04-04 13:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-24 05:54 . 2012-06-24 05:54 626688 ----a-w- c:\windows\system32\msvcr80.dll
2012-06-24 05:54 . 2012-06-24 05:54 548864 ----a-w- c:\windows\system32\msvcp80.dll
2012-06-24 05:54 . 2012-06-24 05:54 28672 ----a-w- c:\windows\system32\eEmpty.exe
2012-06-24 05:54 . 2008-07-30 08:16 223232 ----a-w- c:\windows\system32\T.COM
2012-06-24 05:54 . 2008-04-14 08:52 277504 ----a-w- c:\windows\R.COM
2012-06-24 05:54 . 2012-06-24 05:54 -------- d-----w- c:\documents and settings\All Users\Data aplikací\MicroWorld
2012-06-20 20:28 . 2012-06-20 20:28 -------- d-----w- c:\documents and settings\ales\Local Settings\Data aplikací\Garmin
2012-06-20 20:27 . 2012-06-20 20:27 -------- d-----w- c:\documents and settings\ales\Local Settings\Data aplikací\GARMIN_Corp
2012-06-20 20:24 . 2006-06-29 11:07 14048 ------w- c:\windows\system32\spmsg2.dll
2012-06-20 20:21 . 2012-06-20 20:21 -------- d-----w- c:\windows\system32\XPSViewer
2012-06-20 20:20 . 2012-06-20 20:20 -------- d-----w- c:\program files\Reference Assemblies
2012-06-20 20:20 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2012-06-20 20:19 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2012-06-20 20:19 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2012-06-20 20:19 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2012-06-20 20:19 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2012-06-20 20:19 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2012-06-20 20:19 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2012-06-20 20:19 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2012-06-20 20:19 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2012-06-20 20:14 . 2012-06-20 20:14 -------- d-----w- c:\documents and settings\All Users\Data aplikací\GARMIN
2012-06-20 20:10 . 2012-06-20 20:12 -------- d-----w- C:\Garmin
2012-06-19 20:32 . 2012-06-19 20:32 -------- d-----w- c:\documents and settings\ales\Local Settings\Data aplikací\MediaMonkey
2012-06-19 20:32 . 2012-06-20 14:43 -------- d-----w- c:\documents and settings\ales\Data aplikací\MediaMonkey
2012-06-19 20:32 . 2012-06-19 20:32 -------- d-----w- c:\documents and settings\All Users\Data aplikací\MediaMonkey
2012-06-19 20:32 . 2012-06-19 20:32 -------- d-----w- c:\program files\MediaMonkey
2012-06-19 20:27 . 2012-06-20 11:41 -------- d-----w- c:\windows\SxsCaPendDel
2012-06-19 20:13 . 2012-06-19 20:13 476936 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-06-19 20:09 . 2012-06-19 20:09 -------- d-----w- c:\documents and settings\All Users\Data aplikací\McAfee
2012-06-19 19:27 . 2012-06-19 19:49 -------- d-----w- c:\documents and settings\ales\Data aplikací\Apple Computer
2012-06-19 19:27 . 2012-06-19 19:27 -------- d-----w- c:\documents and settings\ales\Local Settings\Data aplikací\Apple Computer
2012-06-19 19:24 . 2012-06-19 20:30 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Apple Computer
2012-06-19 19:24 . 2012-06-19 19:26 -------- d-----w- c:\documents and settings\All Users\Data aplikací\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2012-06-19 19:24 . 2012-06-19 19:24 -------- d-----w- c:\documents and settings\ales\Local Settings\Data aplikací\Apple
2012-06-19 19:24 . 2012-06-19 19:24 -------- d-----w- c:\documents and settings\LocalService\Data aplikací\Apple Computer
2012-06-19 19:23 . 2012-06-19 19:23 -------- d-----w- c:\program files\Bonjour
2012-06-19 19:22 . 2012-06-19 20:26 -------- d-----w- c:\program files\Common Files\Apple
2012-06-19 19:22 . 2012-06-19 19:24 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Apple
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-06 12:38 . 2012-03-31 12:29 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-06 12:38 . 2012-01-13 20:00 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-19 20:13 . 2012-01-09 00:41 472840 ----a-w- c:\windows\system32\deployJava1.dll
2012-06-19 20:13 . 2012-01-08 15:07 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-04-22 11:51 . 2012-05-30 21:26 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2012-04-18 01:06 . 2012-04-24 17:52 6734704 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Windows Defender\Definition Updates\{499A8C98-7F1C-4750-A15D-447996F2CF3D}\mpengine.dll
2012-06-19 05:42 . 2012-01-08 23:41 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2008-07-30 08:09 . A825F4181AEC077D8DCA1053DC015265 . 1542656 . . [2001.12.4414.700] . . c:\windows\system32\comres.dll
.
[-] 2008-07-30 . 12A799AD9415AE9C8ABCC5F75E9CF034 . 557056 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe
.
[-] 2008-07-30 . CCB32D10C69A89822E9134C0C4894BE1 . 578560 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll
.
[-] 2008-07-30 . DD7E25E20AEBD672DAE7E1D911C2D824 . 1589760 . . [6.00.2900.5512] . . c:\windows\explorer.exe
.
[-] 2008-04-14 . C2DCB09A1EA98F248DD9A5DE195B3DF3 . 277504 . . [5.1.2600.5512] . . c:\windows\regedit.exe
.
[-] 2008-07-30 . 94927BB89A6825C4A5952A2BF78F027B . 40960 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe
.
[-] 2008-08-01 . 4904E891E6C814DE9225400C8DAD494D . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-10-13 17351304]
"DU Meter"="c:\program files\DU Meter\DUMeter.exe" [2008-06-10 2645528]
"NokiaSuite.exe"="c:\program files\Nokia\Nokia Suite\NokiaSuite.exe" [2012-05-16 1084840]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"True Transparency"="c:\program files\Vista Components\True Transparency\TrueTransparency.exe" [2008-05-27 371200]
"Transparency Bar"="c:\program files\Vista Components\Transparency Bar\TransBar.exe" [2005-06-01 87040]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"DrvIcon"="c:\program files\Vista Components\Vista Drive Icon\DrvIcon.exe" [2007-07-04 45056]
"SoundMan"="SOUNDMAN.EXE" [2005-08-11 77824]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2009-02-06 2021400]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2012-02-29 15494464]
"NvMediaCenter"="NvMCTray.dll" [2012-02-29 108352]
"nwiz"="c:\program files\NVIDIA Corporation\nview\nwiz.exe" [2012-02-29 1634112]
"Seagate Dashboard"="c:\program files\Seagate\Seagate Dashboard\MemeoLauncher.exe" [2011-06-01 79112]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 79400]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-07-30 40960]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_3"="advpack.dll" [2011-10-31 124928]
.
c:\documents and settings\ales\Nabídka Start\Programy\Po spuštění\
Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^BeoPlayer.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\BeoPlayer.lnk
backup=c:\windows\pss\BeoPlayer.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Beoplayertray]
2010-01-28 13:15 414720 ----a-w- c:\program files\Bang & Olufsen\BeoPlayer\BeoTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DU Meter]
2008-06-10 16:16 2645528 ----a-w- c:\program files\DU Meter\DUMeter.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2006-11-03 18:20 866584 ----a-w- c:\program files\Windows Defender\MSASCui.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\IEPro\\MiniDM.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Update Core\\daemonu.exe"=
"c:\\Program Files\\Seagate\\Seagate Dashboard\\HipServAgent\\HipServAgent.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
.
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [9.1.2012 2:35 232512]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [6.2.2009 15:23 106208]
R2 DUMeterSvc;DU Meter Service;c:\program files\DU Meter\DUMeterSvc.exe [9.1.2012 2:31 1386008]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [6.2.2009 15:23 727720]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [8.7.2012 19:05 654408]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [13.3.2012 23:07 2348352]
R2 SeagateDashboardService;Seagate Dashboard Service;c:\program files\Seagate\Seagate Dashboard\SeagateDashboardService.exe [2.6.2011 1:06 14088]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [23.1.2012 6:43 92592]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [3.11.2006 20:19 13592]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [8.7.2012 19:05 22344]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [31.3.2012 14:29 250056]
S3 BS2Srv;BeoSound 2;c:\windows\system32\drivers\BS2Drv.sys [18.2.2012 18:07 16512]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [26.4.2012 21:10 113120]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [13.3.2012 22:37 137600]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [13.3.2012 22:37 8576]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D58F39FF-953E-4F45-898F-59F243B9A523}]
2011-10-31 23:37 124928 ----a-w- c:\windows\system32\advpack.dll
.
Obsah adresáře 'Naplánované úlohy'
.
2012-07-10 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-31 12:38]
.
2012-07-10 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 18:20]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 10.0.0.138 10.0.0.138
FF - ProfilePath - c:\documents and settings\ales\Data aplikací\Mozilla\Firefox\Profiles\euqmxqve.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - www.seznam.cz
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
SafeBoot-WudfPf
SafeBoot-WudfRd
AddRemove-Jak věci pracují 2.0 - c:\windows\IsUn0405.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-07-10 22:01
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\DUMeterSvc]
"ImagePath"="c:\program files\DU Meter\DUMeterSvc.exe /startedbyscm:E1F6D4BE-40E33354-DUMeterService"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(968)
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\cscui.dll
.
- - - - - - - > 'lsass.exe'(1028)
c:\windows\system32\setupapi.dll
.
Celkový čas: 2012-07-10 22:03:40
ComboFix-quarantined-files.txt 2012-07-10 20:03
.
Před spuštěním: Volných bajtů: 13 506 510 848
Po spuštění: Volných bajtů: 13 481 193 472
.
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
.
- - End Of File - - 732E7F0F8E979787303C2B4E49DC261E

Příspěvekod **Žbeky** » 11 črc 2012 08:07

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

KillAll::

Folder::
c:\documents and settings\All Users\Data aplikací\McAfee

Firefox::
FF - ProfilePath - c:\documents and settings\ales\Data aplikací\Mozilla\Firefox\Profiles\euqmxqve.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu

agassi · Příspěvekod **agassi** » 11 črc 2012 18:13

Po kontrole se PC sám restartoval a poté vytvořil tento log:

ComboFix 12-07-11.03 - ales 11.07.2012 17:45:38.2.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2047.1468 [GMT 2:00]
Spuštěný z: c:\documents and settings\ales\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\ales\Plocha\CFScript.txt
AV: ESET Smart Security 4.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET personal firewall *Enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
.
VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-06-11 do 2012-07-11 )))))))))))))))))))))))))))))))
.
.
2012-07-10 16:28 . 2012-07-10 16:28 -------- d-----w- c:\documents and settings\All Users\Data aplikací\TomTom
2012-07-08 17:05 . 2012-07-08 17:05 -------- d-----w- c:\documents and settings\ales\Data aplikací\Malwarebytes
2012-07-08 17:05 . 2012-07-08 17:05 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2012-07-08 17:05 . 2012-07-08 17:05 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-07-08 17:05 . 2012-04-04 13:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-24 05:54 . 2012-06-24 05:54 626688 ----a-w- c:\windows\system32\msvcr80.dll
2012-06-24 05:54 . 2012-06-24 05:54 548864 ----a-w- c:\windows\system32\msvcp80.dll
2012-06-24 05:54 . 2012-06-24 05:54 28672 ----a-w- c:\windows\system32\eEmpty.exe
2012-06-24 05:54 . 2008-07-30 08:16 223232 ----a-w- c:\windows\system32\T.COM
2012-06-24 05:54 . 2008-04-14 08:52 277504 ----a-w- c:\windows\R.COM
2012-06-24 05:54 . 2012-06-24 05:54 -------- d-----w- c:\documents and settings\All Users\Data aplikací\MicroWorld
2012-06-20 20:28 . 2012-06-20 20:28 -------- d-----w- c:\documents and settings\ales\Local Settings\Data aplikací\Garmin
2012-06-20 20:27 . 2012-06-20 20:27 -------- d-----w- c:\documents and settings\ales\Local Settings\Data aplikací\GARMIN_Corp
2012-06-20 20:24 . 2006-06-29 11:07 14048 ------w- c:\windows\system32\spmsg2.dll
2012-06-20 20:21 . 2012-06-20 20:21 -------- d-----w- c:\windows\system32\XPSViewer
2012-06-20 20:20 . 2012-06-20 20:20 -------- d-----w- c:\program files\Reference Assemblies
2012-06-20 20:20 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2012-06-20 20:19 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2012-06-20 20:19 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2012-06-20 20:19 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2012-06-20 20:19 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2012-06-20 20:19 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2012-06-20 20:19 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2012-06-20 20:19 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2012-06-20 20:19 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2012-06-20 20:14 . 2012-06-20 20:14 -------- d-----w- c:\documents and settings\All Users\Data aplikací\GARMIN
2012-06-20 20:10 . 2012-06-20 20:12 -------- d-----w- C:\Garmin
2012-06-19 20:32 . 2012-06-19 20:32 -------- d-----w- c:\documents and settings\ales\Local Settings\Data aplikací\MediaMonkey
2012-06-19 20:32 . 2012-06-20 14:43 -------- d-----w- c:\documents and settings\ales\Data aplikací\MediaMonkey
2012-06-19 20:32 . 2012-06-19 20:32 -------- d-----w- c:\documents and settings\All Users\Data aplikací\MediaMonkey
2012-06-19 20:32 . 2012-06-19 20:32 -------- d-----w- c:\program files\MediaMonkey
2012-06-19 20:27 . 2012-06-20 11:41 -------- d-----w- c:\windows\SxsCaPendDel
2012-06-19 20:13 . 2012-06-19 20:13 476936 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-06-19 20:09 . 2012-06-19 20:09 -------- d-----w- c:\documents and settings\All Users\Data aplikací\McAfee
2012-06-19 19:27 . 2012-06-19 19:49 -------- d-----w- c:\documents and settings\ales\Data aplikací\Apple Computer
2012-06-19 19:27 . 2012-06-19 19:27 -------- d-----w- c:\documents and settings\ales\Local Settings\Data aplikací\Apple Computer
2012-06-19 19:24 . 2012-06-19 20:30 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Apple Computer
2012-06-19 19:24 . 2012-06-19 19:26 -------- d-----w- c:\documents and settings\All Users\Data aplikací\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2012-06-19 19:24 . 2012-06-19 19:24 -------- d-----w- c:\documents and settings\ales\Local Settings\Data aplikací\Apple
2012-06-19 19:24 . 2012-06-19 19:24 -------- d-----w- c:\documents and settings\LocalService\Data aplikací\Apple Computer
2012-06-19 19:23 . 2012-06-19 19:23 -------- d-----w- c:\program files\Bonjour
2012-06-19 19:22 . 2012-06-19 20:26 -------- d-----w- c:\program files\Common Files\Apple
2012-06-19 19:22 . 2012-06-19 19:24 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Apple
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-06 12:38 . 2012-03-31 12:29 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-06 12:38 . 2012-01-13 20:00 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-19 20:13 . 2012-01-09 00:41 472840 ----a-w- c:\windows\system32\deployJava1.dll
2012-06-19 20:13 . 2012-01-08 15:07 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-04-22 11:51 . 2012-05-30 21:26 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2012-04-18 01:06 . 2012-04-24 17:52 6734704 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Windows Defender\Definition Updates\{499A8C98-7F1C-4750-A15D-447996F2CF3D}\mpengine.dll
2012-06-19 05:42 . 2012-01-08 23:41 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2008-07-30 08:09 . A825F4181AEC077D8DCA1053DC015265 . 1542656 . . [2001.12.4414.700] . . c:\windows\system32\comres.dll
.
[-] 2008-07-30 . 12A799AD9415AE9C8ABCC5F75E9CF034 . 557056 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe
.
[-] 2008-07-30 . CCB32D10C69A89822E9134C0C4894BE1 . 578560 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll
.
[-] 2008-07-30 . DD7E25E20AEBD672DAE7E1D911C2D824 . 1589760 . . [6.00.2900.5512] . . c:\windows\explorer.exe
.
[-] 2008-04-14 . C2DCB09A1EA98F248DD9A5DE195B3DF3 . 277504 . . [5.1.2600.5512] . . c:\windows\regedit.exe
.
[-] 2008-07-30 . 94927BB89A6825C4A5952A2BF78F027B . 40960 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe
.
[-] 2008-08-01 . 4904E891E6C814DE9225400C8DAD494D . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((( SnapShot@2012-07-10_20.01.26 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-07-11 15:53 . 2012-07-11 15:53 16384 c:\windows\temp\Perflib_Perfdata_2c0.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DU Meter"="c:\program files\DU Meter\DUMeter.exe" [2008-06-10 2645528]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"True Transparency"="c:\program files\Vista Components\True Transparency\TrueTransparency.exe" [2008-05-27 371200]
"Transparency Bar"="c:\program files\Vista Components\Transparency Bar\TransBar.exe" [2005-06-01 87040]
"DrvIcon"="c:\program files\Vista Components\Vista Drive Icon\DrvIcon.exe" [2007-07-04 45056]
"SoundMan"="SOUNDMAN.EXE" [2005-08-11 77824]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2009-02-06 2021400]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2012-02-29 15494464]
"NvMediaCenter"="NvMCTray.dll" [2012-02-29 108352]
"nwiz"="c:\program files\NVIDIA Corporation\nview\nwiz.exe" [2012-02-29 1634112]
"Seagate Dashboard"="c:\program files\Seagate\Seagate Dashboard\MemeoLauncher.exe" [2011-06-01 79112]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 79400]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-07-30 40960]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_3"="advpack.dll" [2011-10-31 124928]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^ales^Nabídka Start^Programy^Po spuštění^Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk]
path=c:\documents and settings\ales\Nabídka Start\Programy\Po spuštění\Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk
backup=c:\windows\pss\Výřezy obrazovky a spuštění aplikace OneNote 2007.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^BeoPlayer.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\BeoPlayer.lnk
backup=c:\windows\pss\BeoPlayer.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Beoplayertray]
2010-01-28 13:15 414720 ----a-w- c:\program files\Bang & Olufsen\BeoPlayer\BeoTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DU Meter]
2008-06-10 16:16 2645528 ----a-w- c:\program files\DU Meter\DUMeter.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2007-08-24 06:00 33648 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2012-04-04 13:56 462408 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaSuite.exe]
2012-05-16 13:44 1084840 ----a-w- c:\program files\Nokia\Nokia Suite\NokiaSuite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2011-10-13 08:27 17351304 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2006-11-03 18:20 866584 ----a-w- c:\program files\Windows Defender\MSASCui.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\IEPro\\MiniDM.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Update Core\\daemonu.exe"=
"c:\\Program Files\\Seagate\\Seagate Dashboard\\HipServAgent\\HipServAgent.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
.
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [9.1.2012 2:35 232512]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [6.2.2009 15:23 106208]
R2 DUMeterSvc;DU Meter Service;c:\program files\DU Meter\DUMeterSvc.exe [9.1.2012 2:31 1386008]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [6.2.2009 15:23 727720]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [8.7.2012 19:05 654408]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [13.3.2012 23:07 2348352]
R2 SeagateDashboardService;Seagate Dashboard Service;c:\program files\Seagate\Seagate Dashboard\SeagateDashboardService.exe [2.6.2011 1:06 14088]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [23.1.2012 6:43 92592]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [3.11.2006 20:19 13592]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [8.7.2012 19:05 22344]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [31.3.2012 14:29 250056]
S3 BS2Srv;BeoSound 2;c:\windows\system32\drivers\BS2Drv.sys [18.2.2012 18:07 16512]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [26.4.2012 21:10 113120]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [13.3.2012 22:37 137600]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [13.3.2012 22:37 8576]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D58F39FF-953E-4F45-898F-59F243B9A523}]
2011-10-31 23:37 124928 ----a-w- c:\windows\system32\advpack.dll
.
Obsah adresáře 'Naplánované úlohy'
.
2012-07-11 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-31 12:38]
.
2012-07-11 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 18:20]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 10.0.0.138 10.0.0.138
FF - ProfilePath - c:\documents and settings\ales\Data aplikací\Mozilla\Firefox\Profiles\euqmxqve.default\
FF - prefs.js: browser.startup.homepage - www.seznam.cz
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-07-11 17:54
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\DUMeterSvc]
"ImagePath"="c:\program files\DU Meter\DUMeterSvc.exe /startedbyscm:E1F6D4BE-40E33354-DUMeterService"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(980)
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\cscui.dll
.
- - - - - - - > 'lsass.exe'(1036)
c:\windows\system32\setupapi.dll
.
- - - - - - - > 'explorer.exe'(3192)
c:\windows\system32\SHDOCVW.dll
c:\program files\ScanSoft\OmniPageSE4\OpHookSE4.dll
c:\program files\Vista Components\True Transparency\TrueTransparencyHook.dll
c:\windows\system32\COMRes.dll
c:\windows\System32\cscui.dll
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
c:\windows\system32\NETSHELL.dll
c:\windows\system32\credui.dll
c:\windows\system32\MSVCP60.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\SOUNDMAN.EXE
c:\windows\system32\wscntfy.exe
c:\windows\system32\RunDLL32.exe
c:\program files\Seagate\Seagate Dashboard\MemeoDashboard.exe
c:\program files\Seagate\Seagate Dashboard\HipServAgent\HipServAgent.exe
.
**************************************************************************
.
Celkový čas: 2012-07-11 18:00:35 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-07-11 16:00
ComboFix2.txt 2012-07-10 20:03
.
Před spuštěním: Volných bajtů: 13 319 282 688
Po spuštění: Volných bajtů: 13 305 888 768
.
- - End Of File - - 8216D976F00FC4FA6563D8C9CEFFED36

Příspěvekod **jaro3** » 11 črc 2012 22:42

Aktualizuj javu:
Java SE Runtime Environment 7

Klikni na Accept License Agreement
Vyber si OS (Windows nebo Windows x64, Offline Installation)
jre-7-windows-i586-p.exe nebo
jre-7-windows-x64.exe
Stáhni ( download) a nainstaluj.
Ostatní javy odeber v přidat/odebrat programy.

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:

Kód: Vybrat vše

ClearJavaCache::

KillAll::
Folder::
c:\windows\SxsCaPendDel
c:\documents and settings\All Users\Data aplikací\McAfee

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.

V možnostech složky si povol zobrazování skrytých souborů a složek+ odškrtni zatržítko skrýt chráněné soubory operačního systému

Toto otestuj na Virustotal
c:\windows\system32\comres.dll
c:\windows\system32\winlogon.exe
c:\windows\system32\user32.dll
c:\windows\explorer.exe
c:\windows\regedit.exe
c:\windows\system32\ctfmon.exe
c:\windows\system32\sfcfiles.dll

Klikni vpravo od okénka na Vybrat a v Exploreru najdi požadovaný soubor v Tvém PC. Označ ho myší a klikni na Otevřít , poté klikni na Send File. Pokud už byl soubor testován , objeví se okno ve kterém klikni na Reanalyze. Soubor se začne postupně testovat více antivirovými programy. Až skončí test posledního antiviru , objeví se nahoře result a červeně počet nákaz , např. 0/43 , nebo 1/43. Pak zkopíruj myší odkaz na tuto stránku a vlož ji do svého příspěvku.

Nebo na:
http://www.virscan.org/

Stáhni si aswMBR
na svojí plochu. Uzavři všechna okna , programy a prohlížeče. Poklepej na aswMBR.exe. Pokud se objeví hláška o možnosti stáhnutí databáze Avastu , klikni na NE. Poté klikni na „Scan“ . Po skenu klikni na „Save Log“ a ulož si log na plochu .Zkopíruj sem celý obsah toho logu. Pak klikni na „Exit“ k zavření programu.

agassi · Příspěvekod **agassi** » 12 črc 2012 20:27

ComboFix 12-07-11.03 - ales 12.07.2012 19:28:04.3.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2047.1444 [GMT 2:00]
Spuštěný z: c:\documents and settings\ales\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\ales\Plocha\CFScript.txt
AV: ESET Smart Security 4.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET personal firewall *Enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
.
VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\SxsCaPendDel
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-06-12 do 2012-07-12 )))))))))))))))))))))))))))))))
.
.
2012-07-12 16:52 . 2012-07-12 16:52 9822920 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2012-07-10 16:28 . 2012-07-10 16:28 -------- d-----w- c:\documents and settings\All Users\Data aplikací\TomTom
2012-07-08 17:05 . 2012-07-08 17:05 -------- d-----w- c:\documents and settings\ales\Data aplikací\Malwarebytes
2012-07-08 17:05 . 2012-07-08 17:05 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2012-07-08 17:05 . 2012-07-08 17:05 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-07-08 17:05 . 2012-04-04 13:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-24 05:54 . 2012-06-24 05:54 626688 ----a-w- c:\windows\system32\msvcr80.dll
2012-06-24 05:54 . 2012-06-24 05:54 548864 ----a-w- c:\windows\system32\msvcp80.dll
2012-06-24 05:54 . 2012-06-24 05:54 28672 ----a-w- c:\windows\system32\eEmpty.exe
2012-06-24 05:54 . 2008-07-30 08:16 223232 ----a-w- c:\windows\system32\T.COM
2012-06-24 05:54 . 2008-04-14 08:52 277504 ----a-w- c:\windows\R.COM
2012-06-24 05:54 . 2012-06-24 05:54 -------- d-----w- c:\documents and settings\All Users\Data aplikací\MicroWorld
2012-06-20 20:28 . 2012-06-20 20:28 -------- d-----w- c:\documents and settings\ales\Local Settings\Data aplikací\Garmin
2012-06-20 20:27 . 2012-06-20 20:27 -------- d-----w- c:\documents and settings\ales\Local Settings\Data aplikací\GARMIN_Corp
2012-06-20 20:24 . 2006-06-29 11:07 14048 ------w- c:\windows\system32\spmsg2.dll
2012-06-20 20:21 . 2012-06-20 20:21 -------- d-----w- c:\windows\system32\XPSViewer
2012-06-20 20:20 . 2012-06-20 20:20 -------- d-----w- c:\program files\Reference Assemblies
2012-06-20 20:20 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2012-06-20 20:19 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2012-06-20 20:19 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2012-06-20 20:19 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2012-06-20 20:19 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2012-06-20 20:19 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2012-06-20 20:19 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2012-06-20 20:19 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2012-06-20 20:19 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2012-06-20 20:14 . 2012-06-20 20:14 -------- d-----w- c:\documents and settings\All Users\Data aplikací\GARMIN
2012-06-20 20:10 . 2012-06-20 20:12 -------- d-----w- C:\Garmin
2012-06-19 20:32 . 2012-06-19 20:32 -------- d-----w- c:\documents and settings\ales\Local Settings\Data aplikací\MediaMonkey
2012-06-19 20:32 . 2012-06-20 14:43 -------- d-----w- c:\documents and settings\ales\Data aplikací\MediaMonkey
2012-06-19 20:32 . 2012-06-19 20:32 -------- d-----w- c:\documents and settings\All Users\Data aplikací\MediaMonkey
2012-06-19 20:32 . 2012-06-19 20:32 -------- d-----w- c:\program files\MediaMonkey
2012-06-19 20:13 . 2012-06-19 20:13 476936 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-06-19 20:09 . 2012-06-19 20:09 -------- d-----w- c:\documents and settings\All Users\Data aplikací\McAfee
2012-06-19 19:27 . 2012-06-19 19:49 -------- d-----w- c:\documents and settings\ales\Data aplikací\Apple Computer
2012-06-19 19:27 . 2012-06-19 19:27 -------- d-----w- c:\documents and settings\ales\Local Settings\Data aplikací\Apple Computer
2012-06-19 19:24 . 2012-06-19 20:30 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Apple Computer
2012-06-19 19:24 . 2012-06-19 19:26 -------- d-----w- c:\documents and settings\All Users\Data aplikací\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2012-06-19 19:24 . 2012-06-19 19:24 -------- d-----w- c:\documents and settings\ales\Local Settings\Data aplikací\Apple
2012-06-19 19:24 . 2012-06-19 19:24 -------- d-----w- c:\documents and settings\LocalService\Data aplikací\Apple Computer
2012-06-19 19:23 . 2012-06-19 19:23 -------- d-----w- c:\program files\Bonjour
2012-06-19 19:22 . 2012-06-19 20:26 -------- d-----w- c:\program files\Common Files\Apple
2012-06-19 19:22 . 2012-06-19 19:24 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Apple
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-12 17:19 . 2012-01-09 00:41 544656 ----a-w- c:\windows\system32\deployJava1.dll
2012-07-12 17:19 . 2012-01-08 15:07 128000 ----a-w- c:\windows\system32\javacpl.cpl
2012-07-12 16:52 . 2012-03-31 12:29 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-12 16:52 . 2012-01-13 20:00 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-22 11:51 . 2012-05-30 21:26 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2012-04-18 01:06 . 2012-04-24 17:52 6734704 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Windows Defender\Definition Updates\{499A8C98-7F1C-4750-A15D-447996F2CF3D}\mpengine.dll
2012-06-19 05:42 . 2012-01-08 23:41 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2008-07-30 08:09 . A825F4181AEC077D8DCA1053DC015265 . 1542656 . . [2001.12.4414.700] . . c:\windows\system32\comres.dll
.
[-] 2008-07-30 . 12A799AD9415AE9C8ABCC5F75E9CF034 . 557056 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe
.
[-] 2008-07-30 . CCB32D10C69A89822E9134C0C4894BE1 . 578560 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll
.
[-] 2008-07-30 . DD7E25E20AEBD672DAE7E1D911C2D824 . 1589760 . . [6.00.2900.5512] . . c:\windows\explorer.exe
.
[-] 2008-04-14 . C2DCB09A1EA98F248DD9A5DE195B3DF3 . 277504 . . [5.1.2600.5512] . . c:\windows\regedit.exe
.
[-] 2008-07-30 . 94927BB89A6825C4A5952A2BF78F027B . 40960 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe
.
[-] 2008-08-01 . 4904E891E6C814DE9225400C8DAD494D . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((( SnapShot@2012-07-10_20.01.26 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-07-12 16:51 . 2012-07-12 16:51 16384 c:\windows\temp\Perflib_Perfdata_c34.dat
+ 2012-07-12 16:52 . 2012-07-12 16:52 686280 c:\windows\system32\Macromed\Flash\FlashUtil32_11_3_300_265_Plugin.exe
+ 2012-03-31 12:29 . 2012-07-12 16:52 250056 c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
- 2012-03-31 12:29 . 2012-07-06 12:38 250056 c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
+ 2012-07-12 17:19 . 2012-07-12 17:19 214408 c:\windows\system32\javaws.exe
+ 2012-07-12 17:19 . 2012-07-12 17:19 173960 c:\windows\system32\javaw.exe
+ 2012-07-12 17:19 . 2012-07-12 17:19 173960 c:\windows\system32\java.exe
+ 2012-07-12 17:20 . 2012-07-12 17:20 176640 c:\windows\Installer\1ab012.msi
+ 2012-07-12 17:19 . 2012-07-12 17:19 937984 c:\windows\Installer\1aaffe.msi
+ 2012-07-12 16:52 . 2012-07-12 16:52 9465032 c:\windows\system32\Macromed\Flash\NPSWF32_11_3_300_265.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DU Meter"="c:\program files\DU Meter\DUMeter.exe" [2008-06-10 2645528]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"True Transparency"="c:\program files\Vista Components\True Transparency\TrueTransparency.exe" [2008-05-27 371200]
"Transparency Bar"="c:\program files\Vista Components\Transparency Bar\TransBar.exe" [2005-06-01 87040]
"DrvIcon"="c:\program files\Vista Components\Vista Drive Icon\DrvIcon.exe" [2007-07-04 45056]
"SoundMan"="SOUNDMAN.EXE" [2005-08-11 77824]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2009-02-06 2021400]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2012-02-29 15494464]
"NvMediaCenter"="NvMCTray.dll" [2012-02-29 108352]
"nwiz"="c:\program files\NVIDIA Corporation\nview\nwiz.exe" [2012-02-29 1634112]
"Seagate Dashboard"="c:\program files\Seagate\Seagate Dashboard\MemeoLauncher.exe" [2011-06-01 79112]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 79400]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-07-30 40960]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_3"="advpack.dll" [2011-10-31 124928]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^ales^Nabídka Start^Programy^Po spuštění^Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk]
path=c:\documents and settings\ales\Nabídka Start\Programy\Po spuštění\Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk
backup=c:\windows\pss\Výřezy obrazovky a spuštění aplikace OneNote 2007.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^BeoPlayer.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\BeoPlayer.lnk
backup=c:\windows\pss\BeoPlayer.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Beoplayertray]
2010-01-28 13:15 414720 ----a-w- c:\program files\Bang & Olufsen\BeoPlayer\BeoTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DU Meter]
2008-06-10 16:16 2645528 ----a-w- c:\program files\DU Meter\DUMeter.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2007-08-24 06:00 33648 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2012-04-04 13:56 462408 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaSuite.exe]
2012-05-16 13:44 1084840 ----a-w- c:\program files\Nokia\Nokia Suite\NokiaSuite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2011-10-13 08:27 17351304 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2006-11-03 18:20 866584 ----a-w- c:\program files\Windows Defender\MSASCui.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\IEPro\\MiniDM.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Update Core\\daemonu.exe"=
"c:\\Program Files\\Seagate\\Seagate Dashboard\\HipServAgent\\HipServAgent.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
.
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [9.1.2012 2:35 232512]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [6.2.2009 15:23 106208]
R2 DUMeterSvc;DU Meter Service;c:\program files\DU Meter\DUMeterSvc.exe [9.1.2012 2:31 1386008]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [6.2.2009 15:23 727720]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [8.7.2012 19:05 654408]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [13.3.2012 23:07 2348352]
R2 SeagateDashboardService;Seagate Dashboard Service;c:\program files\Seagate\Seagate Dashboard\SeagateDashboardService.exe [2.6.2011 1:06 14088]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [23.1.2012 6:43 92592]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [3.11.2006 20:19 13592]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [8.7.2012 19:05 22344]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [31.3.2012 14:29 250056]
S3 BS2Srv;BeoSound 2;c:\windows\system32\drivers\BS2Drv.sys [18.2.2012 18:07 16512]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [26.4.2012 21:10 113120]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [13.3.2012 22:37 137600]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [13.3.2012 22:37 8576]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D58F39FF-953E-4F45-898F-59F243B9A523}]
2011-10-31 23:37 124928 ----a-w- c:\windows\system32\advpack.dll
.
Obsah adresáře 'Naplánované úlohy'
.
2012-07-12 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-31 16:52]
.
2012-07-12 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 18:20]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 10.0.0.138 10.0.0.138
FF - ProfilePath - c:\documents and settings\ales\Data aplikací\Mozilla\Firefox\Profiles\euqmxqve.default\
FF - prefs.js: browser.startup.homepage - www.seznam.cz
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
HKLM-Run-SunJavaUpdateSched - c:\program files\Java\jre7\bin\jusched.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-07-12 19:40
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\DUMeterSvc]
"ImagePath"="c:\program files\DU Meter\DUMeterSvc.exe /startedbyscm:E1F6D4BE-40E33354-DUMeterService"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(976)
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\cscui.dll
.
- - - - - - - > 'lsass.exe'(1036)
c:\windows\system32\SETUPAPI.dll
.
- - - - - - - > 'explorer.exe'(1752)
c:\windows\system32\SHDOCVW.dll
c:\program files\ScanSoft\OmniPageSE4\OpHookSE4.dll
c:\program files\Vista Components\True Transparency\TrueTransparencyHook.dll
c:\windows\system32\COMRes.dll
c:\windows\System32\cscui.dll
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
c:\windows\system32\NETSHELL.dll
c:\windows\system32\credui.dll
c:\windows\system32\MSVCP60.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\SOUNDMAN.EXE
c:\windows\system32\RunDLL32.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Celkový čas: 2012-07-12 19:45:12 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-07-12 17:45
ComboFix2.txt 2012-07-11 16:00
ComboFix3.txt 2012-07-10 20:03
.
Před spuštěním: Volných bajtů: 13 148 975 104
Po spuštění: Volných bajtů: 13 136 973 824
.
- - End Of File - - CD44398186EE5F9D4287E5F102E790E9

https://www.virustotal.com/file/cd083dd5fe03956903a5456a5f6c08ced9fad22a3d38cebc4529b59aaf9048c0/analysis/1342116261/
https://www.virustotal.com/file/cacdb2fce3182cf90d59f8c619031a1eaab02fcb6dd4cbc802b3acb4761c0dd5/analysis/1342116126/
https://www.virustotal.com/file/e8ab1fef178d8baa881a243dbf5a704167dfcf3ee42903a4c8276a99647fcaf5/analysis/1342116399/
https://www.virustotal.com/file/9bb657825169a36a7f0af54d2ca8dd11ed56736004f203f45b8d38dfc71f75ef/analysis/1342116579/
https://www.virustotal.com/file/bd5a051e2fa2c8a68dbd4f5a386589f175159f41b6920fcca9443cce10036bd6/analysis/1342116762/
https://www.virustotal.com/file/542b57f22e84392deec1e8cf02a19e43144a6280c3984049d6626ba957f2c370/analysis/1342116968/
https://www.virustotal.com/file/b61f748b99e4d3a6d608ad55af76608a16e380d63de6b0e86cfdcf7bb626045b/analysis/1342117178/

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-07-12 20:22:42
-----------------------------
20:22:42.515 OS Version: Windows 5.1.2600 Service Pack 3
20:22:42.515 Number of processors: 1 586 0x40A
20:22:42.515 ComputerName: ALES-3B4F3548BE UserName: ales
20:22:43.203 Initialize success
20:22:54.968 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000006a
20:22:54.968 Disk 0 Vendor: Maxtor_6E040L0 NAR61EA0 Size: 39205MB BusType: 3
20:22:54.968 Disk 1 \Device\Harddisk1\DR1 -> \Device\0000006b
20:22:54.968 Disk 1 Vendor: Maxtor_6B200P0 BAH41B70 Size: 194481MB BusType: 3
20:22:54.984 Disk 0 MBR read successfully
20:22:54.984 Disk 0 MBR scan
20:22:54.984 Disk 0 Windows XP default MBR code
20:22:54.984 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 39197 MB offset 63
20:22:54.984 Disk 0 scanning sectors +80276805
20:22:55.062 Disk 0 scanning C:\WINDOWS\system32\drivers
20:23:02.109 Service scanning
20:23:28.640 Modules scanning
20:23:37.625 Disk 0 trace - called modules:
20:23:37.640 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll nvatabus.sys
20:23:38.140 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x89d67ab8]
20:23:38.140 3 CLASSPNP.SYS[b8108fd7] -> nt!IofCallDriver -> \Device\0000006d[0x89d69a38]
20:23:38.140 5 ACPI.sys[b7f7f620] -> nt!IofCallDriver -> \Device\0000006a[0x89d68030]
20:23:38.140 Scan finished successfully
20:23:53.031 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\ales\Plocha\MBR.dat"
20:23:53.031 The log file has been saved successfully to "C:\Documents and Settings\ales\Plocha\aswMBR.txt"

Příspěvekod **jaro3** » 13 črc 2012 11:10

Zopakuj na Virus total:
c:\windows\system32\user32.dll

ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix /Uninstall

Vyčisti systém CCleanerem
a použij i T-Cleaner
smaže vše po Combu,MWAVu atd.-stáhneš>spustíš

pozn. před stažením T-Cleaneru a po dobu čištění deaktivuj antivir a antispyware ,následně T-Cleaner smaž a zapni si znovu antivir a antispyware.

Vlož nový log z HJT+ info o problémech.

agassi · Příspěvekod **agassi** » 13 črc 2012 18:00

Tak znovu otestováno:

https://www.virustotal.com/file/e8ab1fef178d8baa881a243dbf5a704167dfcf3ee42903a4c8276a99647fcaf5/analysis/1342193295/

Ale T-Cleaner mi nejde stáhnout (i po vypnutí antiviru)
Hlásí mi to toto: (zkoušel jsem i z uložto,e-disk...)

C:\DOCUME~1\ales\LOCALS~1\Temp\2TXsvZz9.exe.part nemohl být uložen, protože nemohl být přečten zdrojový soubor.

Zkuste to prosím za chvíli znovu nebo kontaktujte administrátora serveru.

Příspěvekod **jaro3** » 13 črc 2012 23:56

Místo T-Cleaneru:

Stáhni si ToolsCleaner2( by de A.Rothstein & Dj Quiou & překlad: Damned )
Na plochu a spusť ho.
Klikni na Bod obnovení a poté na OK , OK.
Klikni na Koš a poté na OK.
Klikni na Dočasné soubory a poté na OK.
Klikni na Vyhledat[b] a nech Cleaner pracovat. Může se během čištění zastavit (neodpovídá), ale nech ho pokračovat.
Když program skončí , klikni na [b]Odstranit a odstraň nalezené.
Zavři program.
Program maže i všechny nástroje na odvirování a vytváření logů , které se zde používají (HJT, Combofix, OTM, OTL, OTS atd.)

C:\DOCUME~1\ales\LOCALS~1\Temp\2TXsvZz9.exe.part -- to je co?

Jsou ještě problémy?

Prosím o kontrolu logu.

Prosím o kontrolu logu.

Re: Prosím o kontrolu logu.

Re: Prosím o kontrolu logu.

Re: Prosím o kontrolu logu.

Re: Prosím o kontrolu logu.

Re: Prosím o kontrolu logu.

Re: Prosím o kontrolu logu.

Re: Prosím o kontrolu logu.

Re: Prosím o kontrolu logu.

Re: Prosím o kontrolu logu.

Re: Prosím o kontrolu logu.

Re: Prosím o kontrolu logu.

Kdo je online