Nejdou štíty Avast ani firewall

Baryk · Příspěvekod **Baryk** » 07 pro 2012 20:50

Dobrý den prosím o kontrolu logu, Avast spustil webový a mailový štít, nejde firewall ani internet. Moc děkuju za radu.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:20:53, on 7.12.2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\nvsvc32.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\windows\system32\spoolsv.exe
C:\windows\Explorer.EXE
C:\windows\RTHDCPL.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Lexmark 2500 Series\lxddmon.exe
C:\Program Files\Lexmark 2500 Series\lxddamon.exe
C:\windows\system32\RUNDLL32.EXE
C:\Program Files\BOINC\boinctray.exe
C:\Program Files\BOINC\boincmgr.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\DivX\DivX Plus Web Player\DDmService.exe
C:\windows\ZSSnp211.exe
C:\windows\Domino.exe
D:\ComplexWebServer\bin\ServiceDirect.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\windows\system32\ctfmon.exe
D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
D:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\uTorrent\uTorrent.exe
D:\Program Files\Steam\steam.exe
C:\Program Files\INTELLINET NETWORK SOLUTIONS\11n USB Wireless LAN Utility\RtWLan.exe
C:\windows\System32\svchost.exe
C:\Program Files\Borland\InterBase\bin\ibguard.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\windows\system32\lxddcoms.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\windows\system32\NLSSRV32.EXE
C:\windows\system32\PnkBstrA.exe
C:\windows\system32\PnkBstrB.exe
C:\Documents and Settings\All Users\Data aplikací\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\windows\system32\svchost.exe
D:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files\UltiDev\Cassini Web Server for ASP.NET 2.0\UltiDevCassinWebServer2a.exe
C:\windows\system32\wuauclt.exe
C:\Program Files\Borland\InterBase\bin\ibserver.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\windows\system32\wscntfy.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\TC PowerPack\totalcmd.exe
C:\windows\system32\msiexec.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource= ... =CT2776682
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.funmoods.com/?f=1&a=iron2& ... =708076704
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - (no file)
R3 - URLSearchHook: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\prxtbBS_2.dll
R3 - URLSearchHook: ToolbarURLSearchHook Class - {CA3EB689-8F09-4026-AA10-B9534C691CE0} - C:\Program Files\HyperCam Toolbar\tbhelper.dll
O2 - BHO: Lexmark Panel nástrojů - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Messenger Plus! Community SmartbarEngine - {31ad400d-1b06-4e33-a59a-90c2c140cba0} - mscoree.dll (file missing)
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - d:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Use the DivX Plus Web Player to watch web videos with less interruptions and smoother playback on supported sites - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Funmoods Helper Object - {75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} - C:\PROGRA~1\Funmoods\1.5.23.22\bh\escort.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Pomocník pro přihlášení ke službě Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: GdfrDUEn - {A3CF7606-E683-4375-A372-96B75DA0AEF7} - C:\Program Files\Get Styles\enlbrdr.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: (no name) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - (no file)
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: Softonic Helper Object - {E87806B5-E908-45FD-AF5E-957D83E58E68} - C:\Program Files\Softonic\softonic\1.5.11.5\bh\softonic.dll
O2 - BHO: SMTTB2009 - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\HyperCam Toolbar\tbcore3.dll
O2 - BHO: Yontoo Layers - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo\YontooIEClient.dll (file missing)
O2 - BHO: BS Player - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\prxtbBS_2.dll
O3 - Toolbar: Lexmark Panel nástrojů - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O3 - Toolbar: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\prxtbBS_2.dll
O3 - Toolbar: Messenger Plus! Community Smartbar - {ae07101b-46d4-4a98-af68-0333ea26e113} - mscoree.dll (file missing)
O3 - Toolbar: HyperCam Toolbar - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Program Files\HyperCam Toolbar\tbcore3.dll
O3 - Toolbar: Funmoods Toolbar - {A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} - C:\PROGRA~1\Funmoods\1.5.23.22\escorTlbr.dll
O3 - Toolbar: Softonic Toolbar - {5018CFD2-804D-4C99-9F81-25EAEA2769DE} - C:\Program Files\Softonic\softonic\1.5.11.5\softonicTlbr.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [lxddmon.exe] "C:\Program Files\Lexmark 2500 Series\lxddmon.exe"
O4 - HKLM\..\Run: [lxddamon] "C:\Program Files\Lexmark 2500 Series\lxddamon.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [NeroFilterCheck] C:\windows\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WinSys2] C:\windows\system32\winsys2.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [boinctray] "C:\Program Files\BOINC\boinctray.exe"
O4 - HKLM\..\Run: [boincmgr] "C:\Program Files\BOINC\boincmgr.exe" /a /s
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [DivX Download Manager] "C:\Program Files\DivX\DivX Plus Web Player\DDmService.exe" start
O4 - HKLM\..\Run: [ZSSnp211] C:\windows\ZSSnp211.exe
O4 - HKLM\..\Run: [Domino] C:\windows\Domino.exe
O4 - HKLM\..\Run: [4StoryPrePatch] D:\hry\4Story_CZ\PrePatch.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [ComplexWebServer] "d:\ComplexWebServer\bin\ServiceDirect.exe" /RUNHIDE /CONF="d:\ComplexWebServer\bin\ServiceDirect.conf"
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\RunOnce: [WIAWizardMenu] RUNDLL32.EXE C:\windows\system32\sti_ci.dll,WiaCreateWizardMenu
O4 - HKCU\..\Run: [CTFMON.EXE] C:\windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] d:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\nbj.exe"
O4 - HKCU\..\Run: [TomTomHOME.exe] "D:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe" /MINIMIZED
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [Steam] "D:\Program Files\Steam\steam.exe" -silent
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\windows\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\windows\system32\ctfmon.exe (User 'Default user')
O4 - Global Startup: INTELLINET NETWORK SOLUTIONS 802.11n Wireless LAN Utility.lnk = C:\Program Files\INTELLINET NETWORK SOLUTIONS\11n USB Wireless LAN Utility\RtWLan.exe
O8 - Extra context menu item: &Search - ?p=GRman000
O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Data aplikací\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MIF269~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIF269~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - d:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - d:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://eic.lgservice.com/DjvuViewer/DjV ... -6.1.4.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDow ... ab_nvd.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/So ... b56986.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\windows\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\windows\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: CWS_Apache_8080 - Apache Software Foundation - d:\ComplexWebServer\apache\bin\apache.exe
O23 - Service: CWS_MySQL_3306 - Unknown owner - d:\ComplexWebServer\mysql\bin\mysqld-nt.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InterBase Guardian (InterBaseGuardian) - Borland Software Corporation - C:\Program Files\Borland\InterBase\bin\ibguard.exe
O23 - Service: InterBase Server (InterBaseServer) - Borland Software Corporation - C:\Program Files\Borland\InterBase\bin\ibserver.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: lxddCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxddserv.exe
O23 - Service: lxdd_device - - C:\windows\system32\lxddcoms.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NLS Service (nlsX86cc) - Nalpeiron Ltd. - C:\windows\system32\NLSSRV32.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\windows\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\windows\system32\PnkBstrB.exe
O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\Documents and Settings\All Users\Data aplikací\Skype\Toolbars\Skype C2C Service\c2c_service.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: TomTomHOMEService - TomTom - D:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: UltiDev Cassini Web Server for ASP.NET 2.0 - UltiDev LLC - C:\Program Files\UltiDev\Cassini Web Server for ASP.NET 2.0\UltiDevCassinWebServer2a.exe

--
End of file - 16199 bytes

Reklama

Příspěvekod **Žbeky** » 07 pro 2012 21:37

Odinstaluj:
BS Player Toolbar
HyperCam Toolbar
Funmoods Toolbar
Softonic Toolbar
Spybot S&D

Fixni:

Kód: Vybrat vše

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource= ... =CT2776682
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.funmoods.com/?f=1&a=iron2& ... =708076704
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - (no file)
R3 - URLSearchHook: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\prxtbBS_2.dll
R3 - URLSearchHook: ToolbarURLSearchHook Class - {CA3EB689-8F09-4026-AA10-B9534C691CE0} - C:\Program Files\HyperCam Toolbar\tbhelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Messenger Plus! Community SmartbarEngine - {31ad400d-1b06-4e33-a59a-90c2c140cba0} - mscoree.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - d:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Funmoods Helper Object - {75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} - C:\PROGRA~1\Funmoods\1.5.23.22\bh\escort.dll
O2 - BHO: GdfrDUEn - {A3CF7606-E683-4375-A372-96B75DA0AEF7} - C:\Program Files\Get Styles\enlbrdr.dll
O2 - BHO: (no name) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - (no file)
O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - (no file)
O2 - BHO: Softonic Helper Object - {E87806B5-E908-45FD-AF5E-957D83E58E68} - C:\Program Files\Softonic\softonic\1.5.11.5\bh\softonic.dll
O2 - BHO: SMTTB2009 - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\HyperCam Toolbar\tbcore3.dll
O2 - BHO: Yontoo Layers - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo\YontooIEClient.dll (file missing)
O2 - BHO: BS Player - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\prxtbBS_2.dll
O3 - Toolbar: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\prxtbBS_2.dll
O3 - Toolbar: Messenger Plus! Community Smartbar - {ae07101b-46d4-4a98-af68-0333ea26e113} - mscoree.dll (file missing)
O3 - Toolbar: HyperCam Toolbar - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Program Files\HyperCam Toolbar\tbcore3.dll
O3 - Toolbar: Funmoods Toolbar - {A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} - C:\PROGRA~1\Funmoods\1.5.23.22\escorTlbr.dll
O3 - Toolbar: Softonic Toolbar - {5018CFD2-804D-4C99-9F81-25EAEA2769DE} - C:\Program Files\Softonic\softonic\1.5.11.5\softonicTlbr.dll
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\windows\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WinSys2] C:\windows\system32\winsys2.exe
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [DivX Download Manager] "C:\Program Files\DivX\DivX Plus Web Player\DDmService.exe" start
O4 - HKLM\..\Run: [4StoryPrePatch] D:\hry\4Story_CZ\PrePatch.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\RunOnce: [WIAWizardMenu] RUNDLL32.EXE C:\windows\system32\sti_ci.dll,WiaCreateWizardMenu
O4 - HKCU\..\Run: [SpybotSD TeaTimer] d:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [TomTomHOME.exe] "D:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe"
O8 - Extra context menu item: &Search - ?p=GRman000
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - d:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - d:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://eic.lgservice.com/DjvuViewer/DjV ... -6.1.4.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDow ... ab_nvd.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/So ... b56986.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab

Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
- Pokud používáš Firefox, klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
- Pokud používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected.
- Pokud používáš Chrome, nic dalšího nevybírej a dej Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.

Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Update Malwarebytes' Anti-Malware (Aktualizace Malwarebytes' Anti-Malware) a Launch Malwarebytes' Anti-Malware (Spustit aplikaci Malwarebytes' Anti-Malware), pokud jo tak klikni na tlačítko Finish
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Perform Quick Scan (Provést rychlý sken) a klikni na tlačítko Scan (Skenovat)
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- pak zvol možnost Save Logfile a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(ZATÍM SÁM NIC NEMAŽ!).
Vlož sem pak obsah toho logu.

Baryk · Příspěvekod **Baryk** » 08 pro 2012 09:27

Dobrý den,
Nemohu přiložit odpověď, příloha txt není povolena co s tím?
Jinak jsem ještě zapomněl napsat, že Avast ani firewal nejdou opravit z jejich menu. Firewal nahlásí chybu 2 a Avast nereaguje.

Příspěvekod **Žbeky** » 08 pro 2012 09:28

Vlož sem obsah logu, ne log samotný. Tzn. prostě zkopíruj obsah toho txt

Baryk · Příspěvekod **Baryk** » 08 pro 2012 09:41

Díky za radu taky mně to nakonec docvaklo.

Malwarebytes Anti-Malware (Zkušební verze Malwarebytes Anti-Malware) 1.65.1.1000
www.malwarebytes.org

Verze databáze: v2012.09.29.05

Windows XP Service Pack 3 x86 FAT32
Internet Explorer 8.0.6001.18702
Jirka :: DOMA-EE45DF3882 [administrátor]

Ochrana: Povolena

8.12.2012 8:55:32
mbam-log-2012-12-08 (09-08-07).txt

Typ: Rychlá kontrola
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 276758
Uplynulý čas: 11 minut, 23 sekund

Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené moduly v paměti: 1
C:\Program Files\Windows Live\Messenger\msimg32.dll (PUP.FunWebProducts) -> Žádná instrukce nebyla provedena.

Nalezené klíče v registru: 46
HKCR\CLSID\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.Funmoods) -> Žádná instrukce nebyla provedena.
HKCR\funmoods.funmoodsHlpr.1 (PUP.Funmoods) -> Žádná instrukce nebyla provedena.
HKCR\funmoods.funmoodsHlpr (PUP.Funmoods) -> Žádná instrukce nebyla provedena.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.Funmoods) -> Žádná instrukce nebyla provedena.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.Funmoods) -> Žádná instrukce nebyla provedena.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.Funmoods) -> Žádná instrukce nebyla provedena.
HKCR\CLSID\{75A4D144-506D-4BE5-81DB-EC7DA1E7F840} (PUP.Funmoods) -> Žádná instrukce nebyla provedena.
HKCR\TypeLib\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706} (PUP.Funmoods) -> Žádná instrukce nebyla provedena.
HKCR\esrv.funmoodsESrvc.1 (PUP.Funmoods) -> Žádná instrukce nebyla provedena.
HKCR\esrv.funmoodsESrvc (PUP.Funmoods) -> Žádná instrukce nebyla provedena.
HKCR\CLSID\{965B9DBE-B104-44AC-950A-8A5F97AFF439} (PUP.Funmoods) -> Žádná instrukce nebyla provedena.
HKCR\CLSID\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Žádná instrukce nebyla provedena.
HKCR\funmoods.dskBnd.1 (PUP.Funmoods) -> Žádná instrukce nebyla provedena.
HKCR\funmoods.dskBnd (PUP.Funmoods) -> Žádná instrukce nebyla provedena.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Žádná instrukce nebyla provedena.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Žádná instrukce nebyla provedena.
HKCR\CLSID\{A9DB719C-7156-415E-B49D-BAD039DE4F13} (PUP.Funmoods) -> Žádná instrukce nebyla provedena.
HKCR\funmoodsApp.appCore.1 (PUP.Funmoods) -> Žádná instrukce nebyla provedena.
HKCR\funmoodsApp.appCore (PUP.Funmoods) -> Žádná instrukce nebyla provedena.
HKCR\CLSID\{F03FD9D0-4F2B-497C-8A71-DD41D70B07D9} (PUP.Funmoods) -> Žádná instrukce nebyla provedena.
HKCR\f (PUP.Funmoods) -> Žádná instrukce nebyla provedena.
HKCR\Typelib\{1D085C0A-E4F4-4F66-BDBF-4BE51015BFC3} (PUP.Funmoods) -> Žádná instrukce nebyla provedena.
HKCR\Interface\{0D80F1C5-D17B-4177-AC68-955F3EF9F191} (PUP.Funmoods) -> Žádná instrukce nebyla provedena.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{00A6FAF1-072E-44CF-8957-5838F569A31D} (PUP.MyWebSearch) -> Žádná instrukce nebyla provedena.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D} (PUP.MyWebSearch) -> Žádná instrukce nebyla provedena.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> Žádná instrukce nebyla provedena.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> Žádná instrukce nebyla provedena.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> Žádná instrukce nebyla provedena.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EAB-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> Žádná instrukce nebyla provedena.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{25927741-5E5B-4D27-8D8B-9188FE64373F} (PUP.SearchYa) -> Žádná instrukce nebyla provedena.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{25927741-5E5B-4D27-8D8B-9188FE64373F} (PUP.SearchYa) -> Žádná instrukce nebyla provedena.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{33AA308B-B565-4376-AC66-59EE9B6AD13E} (PUP.SearchYa) -> Žádná instrukce nebyla provedena.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{33AA308B-B565-4376-AC66-59EE9B6AD13E} (PUP.SearchYa) -> Žádná instrukce nebyla provedena.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00CBB66B-1D3B-46D3-9577-323A336ACB50} (PUP.Blabbers) -> Žádná instrukce nebyla provedena.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{963B125B-8B21-49A2-A3A8-E37092276531} (PUP.Blabbers) -> Žádná instrukce nebyla provedena.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4D7B-9389-0F166788785A} (PUP.MyWebSearch) -> Žádná instrukce nebyla provedena.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8} (PUP.MyWebSearch) -> Žádná instrukce nebyla provedena.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C} (PUP.MyWebSearch) -> Žádná instrukce nebyla provedena.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98D9753D-D73B-42D5-8C85-4469CDA897AB} (PUP.MyWebSearch) -> Žádná instrukce nebyla provedena.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9FF05104-B030-46FC-94B8-81276E4E27DF} (PUP.MyWebSearch) -> Žádná instrukce nebyla provedena.
HKCU\Software\WinCodec (Trojan.Agent) -> Žádná instrukce nebyla provedena.
HKCU\Software\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh (PUP.Funmoods) -> Žádná instrukce nebyla provedena.
HKLM\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh (PUP.Funmoods) -> Žádná instrukce nebyla provedena.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (PUP.MyWebSearch) -> Žádná instrukce nebyla provedena.
HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (PUP.MyWebSearch) -> Žádná instrukce nebyla provedena.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Crusader (Rogue.Crusader) -> Žádná instrukce nebyla provedena.

Nalezené hodnoty v registru: 2
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Data: Funmoods Toolbar -> Žádná instrukce nebyla provedena.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Data: -> Žádná instrukce nebyla provedena.

Nalezené datové položky v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené složky: 3
C:\Program Files\BrowserCompanion (PUP.Blabbers) -> Žádná instrukce nebyla provedena.
C:\Program Files\Funmoods\1.5.23.22 (PUP.Funmoods) -> Žádná instrukce nebyla provedena.
C:\Program Files\Funmoods\1.5.23.22\bh (PUP.Funmoods) -> Žádná instrukce nebyla provedena.

Nalezené soubory: 14
C:\Program Files\Windows Live\Messenger\msimg32.dll (PUP.FunWebProducts) -> Žádná instrukce nebyla provedena.
C:\Program Files\Funmoods\1.5.23.22\bh\escort.dll (PUP.Funmoods) -> Žádná instrukce nebyla provedena.
C:\Program Files\Funmoods\1.5.23.22\funmoodssrv.exe (PUP.Funmoods) -> Žádná instrukce nebyla provedena.
C:\Program Files\Funmoods\1.5.23.22\escorTlbr.dll (PUP.Funmoods) -> Žádná instrukce nebyla provedena.
C:\Program Files\Funmoods\1.5.23.22\escortApp.dll (PUP.Funmoods) -> Žádná instrukce nebyla provedena.
C:\Program Files\Funmoods\1.5.23.22\escortEng.dll (PUP.Funmoods) -> Žádná instrukce nebyla provedena.
C:\Documents and Settings\Kubík\Local Settings\TempDIR\BetterInstaller.exe (PUP.BundleInstaller.Somoto) -> Žádná instrukce nebyla provedena.
C:\Program Files\BrowserCompanion\blabbers-ch.crx (PUP.Blabbers) -> Žádná instrukce nebyla provedena.
C:\Program Files\BrowserCompanion\BCHelper.exe (PUP.Blabbers) -> Žádná instrukce nebyla provedena.
C:\Program Files\BrowserCompanion\logo.ico (PUP.Blabbers) -> Žádná instrukce nebyla provedena.
C:\Program Files\BrowserCompanion\sqlite3.dll (PUP.Blabbers) -> Žádná instrukce nebyla provedena.
C:\Program Files\Funmoods\1.5.23.22\escortShld.dll (PUP.Funmoods) -> Žádná instrukce nebyla provedena.
C:\Program Files\Funmoods\1.5.23.22\FavIcon.ico (PUP.Funmoods) -> Žádná instrukce nebyla provedena.
C:\Program Files\Funmoods\1.5.23.22\uninstall.exe (PUP.Funmoods) -> Žádná instrukce nebyla provedena.

(konec)

Příspěvekod **jaro3** » 08 pro 2012 11:26

. Takže spusť znovu MbAM a dej Scan
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Ukaž výsledky
- ujisti se že máš zatrhnuté všechny vypsané nálezy a klikni na tlačítko Odstranit označené
- když skončí odstraňování tak se ti zobrazí log, tak ho sem dej.
- pak zvol v programu OK a pak program ukonči přes Exit
Můžeš sem pak vložit nový log z MbAM.

Stáhni si TDSSKiller
Na svojí plochu.Ujisti se , že máš zavřeny všechny ostatní aplikace a prohlížeče. Rozbal soubor a spusť TDSSKiller.exe. Restartuj PC . Log z TDSSKilleru najdeš zde:
C:\TDSSKiller.2.2.7.1._(datum)_log.txt , vlož sem prosím celý obsah logu.

Vypni rez. ochranu u antiviru a antispywaru,příp. firewall..

Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Pokud budou problémy , spusť ho v nouz. režimu.

Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.

Baryk · Příspěvekod **Baryk** » 08 pro 2012 13:59

Dobrý den,
tak zatím žádný pokrok AWAST má pořád štíty dole, internet nejde, firewal je vypnutý.

První log z mbam

Malwarebytes Anti-Malware (Zkušební verze Malwarebytes Anti-Malware) 1.65.1.1000
www.malwarebytes.org

Verze databáze: v2012.09.29.05

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Jirka :: DOMA-EE45DF3882 [administrátor]

Ochrana: Povolena

8.12.2012 13:01:16
mbam-log-2012-12-08 (13-01-16).txt

Typ: Rychlá kontrola
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 276744
Uplynulý čas: 11 minut, 7 sekund

Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené moduly v paměti: 1
C:\Program Files\Windows Live\Messenger\msimg32.dll (PUP.FunWebProducts) -> Bude smazán při restartu.

Nalezené klíče v registru: 46
HKCR\CLSID\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.Funmoods) -> Umístnění do karantény a smazání se zdařilo.
HKCR\funmoods.funmoodsHlpr.1 (PUP.Funmoods) -> Umístnění do karantény a smazání se zdařilo.
HKCR\funmoods.funmoodsHlpr (PUP.Funmoods) -> Umístnění do karantény a smazání se zdařilo.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.Funmoods) -> Umístnění do karantény a smazání se zdařilo.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.Funmoods) -> Umístnění do karantény a smazání se zdařilo.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.Funmoods) -> Umístnění do karantény a smazání se zdařilo.
HKCR\CLSID\{75A4D144-506D-4BE5-81DB-EC7DA1E7F840} (PUP.Funmoods) -> Umístnění do karantény a smazání se zdařilo.
HKCR\TypeLib\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706} (PUP.Funmoods) -> Umístnění do karantény a smazání se zdařilo.
HKCR\esrv.funmoodsESrvc.1 (PUP.Funmoods) -> Umístnění do karantény a smazání se zdařilo.
HKCR\esrv.funmoodsESrvc (PUP.Funmoods) -> Umístnění do karantény a smazání se zdařilo.
HKCR\CLSID\{965B9DBE-B104-44AC-950A-8A5F97AFF439} (PUP.Funmoods) -> Umístnění do karantény a smazání se zdařilo.
HKCR\CLSID\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Umístnění do karantény a smazání se zdařilo.
HKCR\funmoods.dskBnd.1 (PUP.Funmoods) -> Umístnění do karantény a smazání se zdařilo.
HKCR\funmoods.dskBnd (PUP.Funmoods) -> Umístnění do karantény a smazání se zdařilo.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Umístnění do karantény a smazání se zdařilo.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Umístnění do karantény a smazání se zdařilo.
HKCR\CLSID\{A9DB719C-7156-415E-B49D-BAD039DE4F13} (PUP.Funmoods) -> Umístnění do karantény a smazání se zdařilo.
HKCR\funmoodsApp.appCore.1 (PUP.Funmoods) -> Umístnění do karantény a smazání se zdařilo.
HKCR\funmoodsApp.appCore (PUP.Funmoods) -> Umístnění do karantény a smazání se zdařilo.
HKCR\CLSID\{F03FD9D0-4F2B-497C-8A71-DD41D70B07D9} (PUP.Funmoods) -> Umístnění do karantény a smazání se zdařilo.
HKCR\f (PUP.Funmoods) -> Umístnění do karantény a smazání se zdařilo.
HKCR\Typelib\{1D085C0A-E4F4-4F66-BDBF-4BE51015BFC3} (PUP.Funmoods) -> Umístnění do karantény a smazání se zdařilo.
HKCR\Interface\{0D80F1C5-D17B-4177-AC68-955F3EF9F191} (PUP.Funmoods) -> Umístnění do karantény a smazání se zdařilo.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{00A6FAF1-072E-44CF-8957-5838F569A31D} (PUP.MyWebSearch) -> Umístnění do karantény a smazání se zdařilo.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D} (PUP.MyWebSearch) -> Umístnění do karantény a smazání se zdařilo.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> Umístnění do karantény a smazání se zdařilo.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> Umístnění do karantény a smazání se zdařilo.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> Umístnění do karantény a smazání se zdařilo.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EAB-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> Umístnění do karantény a smazání se zdařilo.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{25927741-5E5B-4D27-8D8B-9188FE64373F} (PUP.SearchYa) -> Umístnění do karantény a smazání se zdařilo.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{25927741-5E5B-4D27-8D8B-9188FE64373F} (PUP.SearchYa) -> Umístnění do karantény a smazání se zdařilo.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{33AA308B-B565-4376-AC66-59EE9B6AD13E} (PUP.SearchYa) -> Umístnění do karantény a smazání se zdařilo.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{33AA308B-B565-4376-AC66-59EE9B6AD13E} (PUP.SearchYa) -> Umístnění do karantény a smazání se zdařilo.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00CBB66B-1D3B-46D3-9577-323A336ACB50} (PUP.Blabbers) -> Umístnění do karantény a smazání se zdařilo.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{963B125B-8B21-49A2-A3A8-E37092276531} (PUP.Blabbers) -> Umístnění do karantény a smazání se zdařilo.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4D7B-9389-0F166788785A} (PUP.MyWebSearch) -> Umístnění do karantény a smazání se zdařilo.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8} (PUP.MyWebSearch) -> Umístnění do karantény a smazání se zdařilo.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C} (PUP.MyWebSearch) -> Umístnění do karantény a smazání se zdařilo.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98D9753D-D73B-42D5-8C85-4469CDA897AB} (PUP.MyWebSearch) -> Umístnění do karantény a smazání se zdařilo.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9FF05104-B030-46FC-94B8-81276E4E27DF} (PUP.MyWebSearch) -> Umístnění do karantény a smazání se zdařilo.
HKCU\Software\WinCodec (Trojan.Agent) -> Umístnění do karantény a smazání se zdařilo.
HKCU\Software\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh (PUP.Funmoods) -> Umístnění do karantény a smazání se zdařilo.
HKLM\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh (PUP.Funmoods) -> Umístnění do karantény a smazání se zdařilo.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (PUP.MyWebSearch) -> Umístnění do karantény a smazání se zdařilo.
HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (PUP.MyWebSearch) -> Umístnění do karantény a smazání se zdařilo.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Crusader (Rogue.Crusader) -> Umístnění do karantény a smazání se zdařilo.

Nalezené hodnoty v registru: 2
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Data: Funmoods Toolbar -> Umístnění do karantény a smazání se zdařilo.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Data: -> Umístnění do karantény a smazání se zdařilo.

Nalezené datové položky v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené složky: 3
C:\Program Files\BrowserCompanion (PUP.Blabbers) -> Umístnění do karantény a smazání se zdařilo.
C:\Program Files\Funmoods\1.5.23.22 (PUP.Funmoods) -> Umístnění do karantény a smazání se zdařilo.
C:\Program Files\Funmoods\1.5.23.22\bh (PUP.Funmoods) -> Umístnění do karantény a smazání se zdařilo.

Nalezené soubory: 14
C:\Program Files\Windows Live\Messenger\msimg32.dll (PUP.FunWebProducts) -> Bude smazán při restartu.
C:\Program Files\Funmoods\1.5.23.22\bh\escort.dll (PUP.Funmoods) -> Umístnění do karantény a smazání se zdařilo.
C:\Program Files\Funmoods\1.5.23.22\funmoodssrv.exe (PUP.Funmoods) -> Umístnění do karantény a smazání se zdařilo.
C:\Program Files\Funmoods\1.5.23.22\escorTlbr.dll (PUP.Funmoods) -> Umístnění do karantény a smazání se zdařilo.
C:\Program Files\Funmoods\1.5.23.22\escortApp.dll (PUP.Funmoods) -> Umístnění do karantény a smazání se zdařilo.
C:\Program Files\Funmoods\1.5.23.22\escortEng.dll (PUP.Funmoods) -> Umístnění do karantény a smazání se zdařilo.
C:\Documents and Settings\Kubík\Local Settings\TempDIR\BetterInstaller.exe (PUP.BundleInstaller.Somoto) -> Umístnění do karantény a smazání se zdařilo.
C:\Program Files\BrowserCompanion\blabbers-ch.crx (PUP.Blabbers) -> Umístnění do karantény a smazání se zdařilo.
C:\Program Files\BrowserCompanion\BCHelper.exe (PUP.Blabbers) -> Umístnění do karantény a smazání se zdařilo.
C:\Program Files\BrowserCompanion\logo.ico (PUP.Blabbers) -> Umístnění do karantény a smazání se zdařilo.
C:\Program Files\BrowserCompanion\sqlite3.dll (PUP.Blabbers) -> Umístnění do karantény a smazání se zdařilo.
C:\Program Files\Funmoods\1.5.23.22\escortShld.dll (PUP.Funmoods) -> Umístnění do karantény a smazání se zdařilo.
C:\Program Files\Funmoods\1.5.23.22\FavIcon.ico (PUP.Funmoods) -> Umístnění do karantény a smazání se zdařilo.
C:\Program Files\Funmoods\1.5.23.22\uninstall.exe (PUP.Funmoods) -> Umístnění do karantény a smazání se zdařilo.

(konec)

Následuje log z TDSKilera

13:21:45.0078 2852 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
13:21:45.0125 2852 ============================================================
13:21:45.0125 2852 Current date / time: 2012/12/08 13:21:45.0125
13:21:45.0125 2852 SystemInfo:
13:21:45.0125 2852
13:21:45.0125 2852 OS Version: 5.1.2600 ServicePack: 3.0
13:21:45.0125 2852 Product type: Workstation
13:21:45.0125 2852 ComputerName: DOMA-EE45DF3882
13:21:45.0125 2852 UserName: Jirka
13:21:45.0125 2852 Windows directory: C:\windows
13:21:45.0125 2852 System windows directory: C:\windows
13:21:45.0125 2852 Processor architecture: Intel x86
13:21:45.0125 2852 Number of processors: 2
13:21:45.0125 2852 Page size: 0x1000
13:21:45.0125 2852 Boot type: Normal boot
13:21:45.0125 2852 ============================================================
13:21:47.0937 2852 Drive \Device\Harddisk0\DR0 - Size: 0x25432CDE00 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
13:21:47.0968 2852 Drive \Device\Harddisk1\DR1 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
13:21:47.0968 2852 Drive \Device\Harddisk2\DR5 - Size: 0x3C7C00000 (15.12 Gb), SectorSize: 0x200, Cylinders: 0x7B5, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
13:21:47.0984 2852 ============================================================
13:21:47.0984 2852 \Device\Harddisk0\DR0:
13:21:48.0000 2852 MBR partitions:
13:21:48.0000 2852 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x484C770
13:21:48.0015 2852 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x484C7F2, BlocksNum 0xDE26B61
13:21:48.0015 2852 \Device\Harddisk1\DR1:
13:21:48.0015 2852 MBR partitions:
13:21:48.0015 2852 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A384C02
13:21:48.0015 2852 \Device\Harddisk2\DR5:
13:21:48.0015 2852 MBR partitions:
13:21:48.0015 2852 \Device\Harddisk2\DR5\Partition1: MBR, Type 0xC, StartLBA 0x3F, BlocksNum 0x1E3DFC1
13:21:48.0015 2852 ============================================================
13:21:48.0203 2852 C: <-> \Device\Harddisk0\DR0\Partition1
13:21:48.0281 2852 D: <-> \Device\Harddisk1\DR1\Partition1
13:21:48.0593 2852 E: <-> \Device\Harddisk0\DR0\Partition2
13:21:48.0609 2852 ============================================================
13:21:48.0609 2852 Initialize success
13:21:48.0609 2852 ============================================================
13:22:13.0859 2692 ============================================================
13:22:13.0859 2692 Scan started
13:22:13.0859 2692 Mode: Manual;
13:22:13.0859 2692 ============================================================
13:22:15.0484 2692 ================ Scan system memory ========================
13:22:15.0500 2692 System memory - ok
13:22:15.0500 2692 ================ Scan services =============================
13:22:16.0203 2692 [ 149A8F7ADF9742554DC323E290551E3E ] Aavmker4 C:\windows\system32\drivers\Aavmker4.sys
13:22:16.0203 2692 Aavmker4 - ok
13:22:16.0203 2692 Abiosdsk - ok
13:22:16.0203 2692 abp480n5 - ok
13:22:16.0312 2692 [ 4FE34F1F3126B61FCC6B2043AA8112C9 ] ACPI C:\windows\system32\DRIVERS\ACPI.sys
13:22:16.0359 2692 ACPI - ok
13:22:16.0375 2692 [ AFDFF022A01F0B11C776F0860C3B282F ] ACPIEC C:\windows\system32\drivers\ACPIEC.sys
13:22:16.0390 2692 ACPIEC - ok
13:22:16.0468 2692 [ 0CB0AA071C7B86A64F361DCFDF357329 ] AdobeFlashPlayerUpdateSvc C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
13:22:16.0500 2692 AdobeFlashPlayerUpdateSvc - ok
13:22:16.0515 2692 adpu160m - ok
13:22:16.0578 2692 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\windows\system32\drivers\aec.sys
13:22:16.0625 2692 aec - ok
13:22:16.0656 2692 [ 023867B6606FBABCDD52E089C4A507DA ] AegisP C:\windows\system32\DRIVERS\AegisP.sys
13:22:16.0687 2692 AegisP - ok
13:22:16.0828 2692 [ E3F08935158038D385AD382442F4BB2D ] AF15BDA C:\windows\system32\DRIVERS\AF15BDA.sys
13:22:16.0968 2692 AF15BDA - ok
13:22:17.0046 2692 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\windows\System32\drivers\afd.sys
13:22:17.0062 2692 AFD - ok
13:22:17.0078 2692 Aha154x - ok
13:22:17.0078 2692 aic78u2 - ok
13:22:17.0078 2692 aic78xx - ok
13:22:18.0078 2692 [ B9B98E08EC127900025F42462D3D0A66 ] Akamai c:\program files\common files\akamai/netsession_win_ce5ba24.dll
13:22:18.0078 2692 Suspicious file (Hidden): c:\program files\common files\akamai/netsession_win_ce5ba24.dll. md5: B9B98E08EC127900025F42462D3D0A66
13:22:18.0078 2692 Akamai ( HiddenFile.Multi.Generic ) - warning
13:22:18.0078 2692 Akamai - detected HiddenFile.Multi.Generic (1)
13:22:18.0156 2692 [ E0A6FA244B8624D78FE5FF6F56A33BAE ] Alerter C:\windows\system32\alrsvc.dll
13:22:18.0156 2692 Alerter - ok
13:22:18.0187 2692 [ 88842DE939A827577BF24243699AC80A ] ALG C:\windows\System32\alg.exe
13:22:18.0203 2692 ALG - ok
13:22:18.0203 2692 AliIde - ok
13:22:18.0203 2692 amsint - ok
13:22:18.0250 2692 [ 6B8E7A90E576D4FE308F97C69060A171 ] AppMgmt C:\windows\System32\appmgmts.dll
13:22:18.0281 2692 AppMgmt - ok
13:22:18.0281 2692 asc - ok
13:22:18.0312 2692 asc3350p - ok
13:22:18.0312 2692 asc3550 - ok
13:22:18.0343 2692 [ 05A56C3156E1B6CC7BBD8E1D54D491F2 ] ASNDIS5 C:\windows\system32\ASNDIS5.SYS
13:22:18.0375 2692 ASNDIS5 - ok
13:22:18.0593 2692 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state C:\windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
13:22:18.0796 2692 aspnet_state - ok
13:22:18.0890 2692 [ DE6ED95AEF259979B2830450072A627B ] aswFsBlk C:\windows\system32\drivers\aswFsBlk.sys
13:22:18.0890 2692 aswFsBlk - ok
13:22:18.0968 2692 [ 84F0BE324EE111338589F448C3E8BAB2 ] aswMon2 C:\windows\system32\drivers\aswMon2.sys
13:22:18.0968 2692 aswMon2 - ok
13:22:19.0031 2692 [ 7C9F0A2AB17D52261A9252A2EB320884 ] AswRdr C:\windows\system32\drivers\AswRdr.sys
13:22:19.0031 2692 AswRdr - ok
13:22:19.0203 2692 [ B32E9AD44A1DBB3E8095E80F8DF32B03 ] aswSnx C:\windows\system32\drivers\aswSnx.sys
13:22:19.0203 2692 aswSnx - ok
13:22:19.0343 2692 [ 67B558895695545FB0568B7541F3BCA7 ] aswSP C:\windows\system32\drivers\aswSP.sys
13:22:19.0343 2692 aswSP - ok
13:22:19.0421 2692 [ E3E73B2B73A4DFADFDDF557192C4B08A ] aswTdi C:\windows\system32\drivers\aswTdi.sys
13:22:19.0437 2692 aswTdi - ok
13:22:19.0484 2692 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\windows\system32\DRIVERS\asyncmac.sys
13:22:19.0500 2692 AsyncMac - ok
13:22:19.0609 2692 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\windows\system32\DRIVERS\atapi.sys
13:22:19.0609 2692 atapi - ok
13:22:19.0656 2692 Atdisk - ok
13:22:19.0765 2692 [ 5B80E84AF6B02ECAB72DAE9AFEE06309 ] atksgt C:\windows\system32\DRIVERS\atksgt.sys
13:22:19.0781 2692 atksgt - ok
13:22:19.0812 2692 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\windows\system32\DRIVERS\atmarpc.sys
13:22:19.0828 2692 Atmarpc - ok
13:22:19.0875 2692 [ DE31B88962A8645DBA5A37B993E7B0F1 ] AudioSrv C:\windows\System32\audiosrv.dll
13:22:19.0890 2692 AudioSrv - ok
13:22:19.0937 2692 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\windows\system32\DRIVERS\audstub.sys
13:22:19.0968 2692 audstub - ok
13:22:20.0140 2692 [ 8FA553E9AE69808D99C164733A0F9590 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
13:22:20.0156 2692 avast! Antivirus - ok
13:22:20.0265 2692 [ E7DEBB46B9EF1F28932E533BE4A3D1A9 ] BCM43XX C:\windows\system32\DRIVERS\bcmwl5.sys
13:22:20.0468 2692 BCM43XX - ok
13:22:20.0531 2692 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\windows\system32\drivers\Beep.sys
13:22:20.0546 2692 Beep - ok
13:22:20.0703 2692 [ 19395D092FD85DDC2D9C7729CF5A2AC8 ] BITS C:\WINDOWS\system32\qmgr.dll
13:22:21.0218 2692 BITS - ok
13:22:21.0312 2692 [ 89E739BBA5F636297EA5B5F811189E06 ] Browser C:\windows\System32\browser.dll
13:22:21.0312 2692 Browser - ok
13:22:21.0359 2692 [ D6D0F3860F022A12E888965F8237CBD9 ] BsStor C:\windows\system32\DRIVERS\bsstor.sys
13:22:21.0390 2692 BsStor - ok
13:22:21.0562 2692 [ 4637C8115F9B82B08F192E29B8783AEE ] BsUDF C:\windows\system32\drivers\BsUDF.sys
13:22:21.0656 2692 BsUDF - ok
13:22:21.0718 2692 [ 51B327292408B5F3A42E295BCE055859 ] BVRPMPR5 C:\WINDOWS\system32\drivers\BVRPMPR5.SYS
13:22:21.0718 2692 BVRPMPR5 - ok
13:22:21.0750 2692 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\windows\system32\drivers\cbidf2k.sys
13:22:21.0781 2692 cbidf2k - ok
13:22:21.0843 2692 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE C:\windows\system32\DRIVERS\CCDECODE.sys
13:22:21.0859 2692 CCDECODE - ok
13:22:21.0875 2692 cd20xrnt - ok
13:22:21.0921 2692 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\windows\system32\drivers\Cdaudio.sys
13:22:21.0953 2692 Cdaudio - ok
13:22:22.0000 2692 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\windows\system32\drivers\Cdfs.sys
13:22:22.0015 2692 Cdfs - ok
13:22:22.0046 2692 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\windows\system32\DRIVERS\cdrom.sys
13:22:22.0046 2692 Cdrom - ok
13:22:22.0062 2692 Changer - ok
13:22:22.0093 2692 [ E390DC1D7C461D7D56EC53402F329928 ] CiSvc C:\windows\system32\cisvc.exe
13:22:22.0093 2692 CiSvc - ok
13:22:22.0093 2692 [ 064507A8DFA8C5C7E2FFDDD3E6F424FA ] ClipSrv C:\windows\system32\clipsrv.exe
13:22:22.0109 2692 ClipSrv - ok
13:22:22.0250 2692 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:22:22.0750 2692 clr_optimization_v2.0.50727_32 - ok
13:22:22.0812 2692 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
13:22:23.0140 2692 clr_optimization_v4.0.30319_32 - ok
13:22:23.0140 2692 CmdIde - ok
13:22:23.0156 2692 COMSysApp - ok
13:22:23.0156 2692 Cpqarray - ok
13:22:23.0203 2692 [ F3AB0933CBD166D271992F411C27CCAF ] CryptSvc C:\windows\System32\cryptsvc.dll
13:22:23.0218 2692 CryptSvc - ok
13:22:23.0312 2692 [ F054744F67576A01139885173392502B ] CrystalSysInfo D:\Program Files\MediaCoder\SysInfo.sys
13:22:23.0328 2692 CrystalSysInfo - ok
13:22:23.0390 2692 [ 801B28C9171271686D608F112747B107 ] CWS_Apache_8080 d:\ComplexWebServer\apache\bin\apache.exe
13:22:23.0390 2692 CWS_Apache_8080 - ok
13:22:23.0437 2692 CWS_MySQL_3306 - ok
13:22:23.0437 2692 dac2w2k - ok
13:22:23.0453 2692 dac960nt - ok
13:22:23.0531 2692 [ BE27674D1CBC3214AEC84B4336A38BBF ] DcomLaunch C:\windows\system32\rpcss.dll
13:22:23.0546 2692 DcomLaunch - ok
13:22:23.0578 2692 [ 8C9A53E285AC5E6704844D0459EC85BE ] Dhcp C:\windows\System32\dhcpcsvc.dll
13:22:23.0578 2692 Dhcp - ok
13:22:23.0625 2692 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\windows\system32\DRIVERS\disk.sys
13:22:23.0640 2692 Disk - ok
13:22:23.0640 2692 dmadmin - ok
13:22:23.0765 2692 [ DB5FD2BF5B07DC54BFCB3664FF05BD7C ] dmboot C:\windows\system32\drivers\dmboot.sys
13:22:24.0046 2692 dmboot - ok
13:22:24.0109 2692 [ FFF1720AF51171F32F1EAD5CF71F2810 ] dmio C:\windows\system32\drivers\dmio.sys
13:22:24.0187 2692 dmio - ok
13:22:24.0250 2692 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\windows\system32\drivers\dmload.sys
13:22:24.0250 2692 dmload - ok
13:22:24.0296 2692 [ 2BFEFE9E865655A76982F050450B9591 ] dmserver C:\windows\System32\dmserver.dll
13:22:24.0296 2692 dmserver - ok
13:22:24.0375 2692 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\windows\system32\drivers\DMusic.sys
13:22:24.0375 2692 DMusic - ok
13:22:24.0406 2692 [ DFAA406BF19F4EE806A6F8D4342137F7 ] Dnscache C:\windows\System32\dnsrslvr.dll
13:22:24.0421 2692 Dnscache - ok
13:22:24.0500 2692 [ 4A3E2BD20157A0946751229E92EB8621 ] Dot3svc C:\windows\System32\dot3svc.dll
13:22:24.0546 2692 Dot3svc - ok
13:22:24.0546 2692 dpti2o - ok
13:22:24.0578 2692 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\windows\system32\drivers\drmkaud.sys
13:22:24.0609 2692 drmkaud - ok
13:22:24.0609 2692 EagleXNt - ok
13:22:24.0671 2692 [ 0887D9C2BE8D940778CAD1E3B85F2A41 ] EapHost C:\windows\System32\eapsvc.dll
13:22:24.0687 2692 EapHost - ok
13:22:24.0734 2692 [ F07BA56B0235F15EFF8F10DC6389C42E ] epmntdrv C:\windows\system32\epmntdrv.sys
13:22:24.0750 2692 epmntdrv - ok
13:22:24.0796 2692 [ A2A4912798F2BE706ABADD3D30800D16 ] ERSvc C:\windows\System32\ersvc.dll
13:22:24.0796 2692 ERSvc - ok
13:22:24.0828 2692 [ 1F2F4AB15CE03ECC257FEB2F6DC5A013 ] EuGdiDrv C:\windows\system32\EuGdiDrv.sys
13:22:24.0906 2692 EuGdiDrv - ok
13:22:24.0968 2692 [ 9EF697AF07BB8DD82C3B02CA953A95B7 ] Eventlog C:\windows\system32\services.exe
13:22:24.0984 2692 Eventlog - ok
13:22:25.0046 2692 [ A371F11EF07653591C8DE26AFB13CE7F ] EventSystem C:\WINDOWS\system32\es.dll
13:22:25.0046 2692 EventSystem - ok
13:22:25.0093 2692 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\windows\system32\drivers\Fastfat.sys
13:22:25.0093 2692 Fastfat - ok
13:22:25.0156 2692 [ EE9A2B9EA968A792A053C9D1A86BF870 ] FastUserSwitchingCompatibility C:\windows\System32\shsvcs.dll
13:22:25.0171 2692 FastUserSwitchingCompatibility - ok
13:22:25.0203 2692 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\windows\system32\DRIVERS\fdc.sys
13:22:25.0203 2692 Fdc - ok
13:22:25.0234 2692 [ AC366695A0796560AA37215AD5762AAF ] Fips C:\windows\system32\drivers\Fips.sys
13:22:25.0234 2692 Fips - ok
13:22:25.0265 2692 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\windows\system32\DRIVERS\flpydisk.sys
13:22:25.0265 2692 Flpydisk - ok
13:22:25.0296 2692 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\windows\system32\drivers\fltmgr.sys
13:22:25.0296 2692 FltMgr - ok
13:22:25.0453 2692 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
13:22:25.0593 2692 FontCache3.0.0.0 - ok
13:22:25.0640 2692 [ C6EE3A87FE609D3E1DB9DBD072A248DE ] fssfltr C:\windows\system32\DRIVERS\fssfltr_tdi.sys
13:22:25.0656 2692 fssfltr - ok
13:22:25.0750 2692 [ 45B52394F9624237F33A8A3D73C0B221 ] fsssvc C:\Program Files\Windows Live\Family Safety\fsssvc.exe
13:22:25.0953 2692 fsssvc - ok
13:22:25.0968 2692 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\windows\system32\drivers\Fs_Rec.sys
13:22:25.0984 2692 Fs_Rec - ok
13:22:26.0031 2692 [ 4E664D8541DB4A66B73A24257E322E1F ] Ftdisk C:\windows\system32\DRIVERS\ftdisk.sys
13:22:26.0062 2692 Ftdisk - ok
13:22:26.0062 2692 GMSIPCI - ok
13:22:26.0125 2692 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\windows\system32\DRIVERS\msgpc.sys
13:22:26.0234 2692 Gpc - ok
13:22:26.0296 2692 [ 833051C6C6C42117191935F734CFBD97 ] hamachi C:\windows\system32\DRIVERS\hamachi.sys
13:22:26.0328 2692 hamachi - ok
13:22:26.0390 2692 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\windows\system32\DRIVERS\HDAudBus.sys
13:22:26.0390 2692 HDAudBus - ok
13:22:26.0562 2692 [ FCFE31FB75F8A6295B6B0AF87A626282 ] helpsvc C:\windows\PCHealth\HelpCtr\Binaries\pchsvc.dll
13:22:26.0593 2692 helpsvc - ok
13:22:26.0656 2692 [ 00E25EE90166B3E1BE6E74AEBF858306 ] HidServ C:\windows\System32\hidserv.dll
13:22:26.0656 2692 HidServ - ok
13:22:26.0671 2692 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] hidusb C:\windows\system32\DRIVERS\hidusb.sys
13:22:26.0687 2692 hidusb - ok
13:22:26.0734 2692 [ 7A6B320928F86BC851530D63C82965D9 ] hkmsvc C:\windows\System32\kmsvc.dll
13:22:26.0750 2692 hkmsvc - ok
13:22:26.0750 2692 hpn - ok
13:22:26.0843 2692 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\windows\system32\Drivers\HTTP.sys
13:22:26.0843 2692 HTTP - ok
13:22:26.0859 2692 [ 58FE2F2DA3BC5573F4A35B3760D3125F ] HTTPFilter C:\windows\System32\w3ssl.dll
13:22:26.0875 2692 HTTPFilter - ok
13:22:26.0875 2692 i2omgmt - ok
13:22:26.0890 2692 i2omp - ok
13:22:26.0937 2692 [ C528E27945367191E7BAE364930B6932 ] i8042prt C:\windows\system32\DRIVERS\i8042prt.sys
13:22:26.0968 2692 i8042prt - ok
13:22:27.0109 2692 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
13:22:27.0125 2692 IDriverT - ok
13:22:27.0437 2692 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
13:22:27.0531 2692 idsvc - ok
13:22:27.0546 2692 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\windows\system32\DRIVERS\imapi.sys
13:22:27.0562 2692 Imapi - ok
13:22:27.0656 2692 [ F7B93AAFAD33B2320954C17E26C8D361 ] ImapiService C:\WINDOWS\system32\imapi.exe
13:22:27.0656 2692 ImapiService - ok
13:22:27.0765 2692 [ 6F05034230AD665B8AD80214A3A9BC57 ] incdrm C:\windows\system32\drivers\incdrm.sys
13:22:27.0843 2692 incdrm - ok
13:22:27.0859 2692 ini910u - ok
13:22:28.0343 2692 [ 08BAF30F6DE95814F58AF9CE7BBC5614 ] IntcAzAudAddService C:\windows\system32\drivers\RtkHDAud.sys
13:22:28.0375 2692 IntcAzAudAddService - ok
13:22:28.0390 2692 IntelIde - ok
13:22:28.0484 2692 [ 27B290D632AF2CF3CF40BFDDB7370985 ] intelppm C:\windows\system32\DRIVERS\intelppm.sys
13:22:28.0500 2692 intelppm - ok
13:22:28.0593 2692 [ 692BCDCEAB912922A6BB015F45ABE862 ] InterBaseGuardian C:\Program Files\Borland\InterBase\bin\ibguard.exe
13:22:28.0593 2692 InterBaseGuardian - ok
13:22:28.0921 2692 [ 1DF5DB8996EC9D5FFCE0A60135C33F8F ] InterBaseServer C:\Program Files\Borland\InterBase\bin\ibserver.exe
13:22:28.0953 2692 InterBaseServer - ok
13:22:28.0984 2692 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\windows\system32\drivers\ip6fw.sys
13:22:29.0046 2692 Ip6Fw - ok
13:22:29.0078 2692 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\windows\system32\DRIVERS\ipfltdrv.sys
13:22:29.0125 2692 IpFilterDriver - ok
13:22:29.0187 2692 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\windows\system32\DRIVERS\ipinip.sys
13:22:29.0218 2692 IpInIp - ok
13:22:29.0250 2692 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\windows\system32\DRIVERS\ipnat.sys
13:22:29.0250 2692 IpNat - ok
13:22:29.0265 2692 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\windows\system32\DRIVERS\ipsec.sys
13:22:29.0265 2692 IPSec - ok
13:22:29.0296 2692 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\windows\system32\DRIVERS\irenum.sys
13:22:29.0312 2692 IRENUM - ok
13:22:29.0343 2692 [ CC9F8A2D60AED1A51A3AC34C59B987AE ] isapnp C:\windows\system32\DRIVERS\isapnp.sys
13:22:29.0343 2692 isapnp - ok
13:22:29.0531 2692 [ 126A16F569122AE00AD3D12EF831D651 ] JavaQuickStarterService C:\Program Files\Java\jre6\bin\jqs.exe
13:22:29.0546 2692 JavaQuickStarterService - ok
13:22:29.0625 2692 [ 1B6162FE7F66B1A71A4B70F941C4AA9B ] Kbdclass C:\windows\system32\DRIVERS\kbdclass.sys
13:22:29.0625 2692 Kbdclass - ok
13:22:29.0687 2692 [ 86C8F23616C6C6E5B2776901C17B945B ] kbdhid C:\windows\system32\DRIVERS\kbdhid.sys
13:22:29.0703 2692 kbdhid - ok
13:22:29.0718 2692 khips - ok
13:22:29.0843 2692 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\windows\system32\drivers\kmixer.sys
13:22:29.0843 2692 kmixer - ok
13:22:30.0000 2692 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\windows\system32\drivers\KSecDD.sys
13:22:30.0015 2692 KSecDD - ok
13:22:30.0578 2692 [ 3428E8F86F8ADD36B42FB23542C7B3E4 ] lanmanserver C:\windows\System32\srvsvc.dll
13:22:30.0578 2692 lanmanserver - ok
13:22:31.0203 2692 [ 936C1D110232D23B621CB0196E4F80F0 ] lanmanworkstation C:\windows\System32\wkssvc.dll
13:22:31.0250 2692 lanmanworkstation - ok
13:22:31.0265 2692 lbrtfdc - ok
13:22:31.0906 2692 [ 975B6CF65F44E95883F3855BAE8CECAF ] lirsgt C:\windows\system32\DRIVERS\lirsgt.sys
13:22:31.0906 2692 lirsgt - ok
13:22:32.0546 2692 [ 0AB159F536E3E8F7F07113702A07CCA5 ] LmHosts C:\windows\System32\lmhsvc.dll
13:22:32.0562 2692 LmHosts - ok
13:22:32.0906 2692 [ DEB8A241D5671F7D4188F86E2AEB6960 ] lxddCATSCustConnectService C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxddserv.exe
13:22:32.0906 2692 lxddCATSCustConnectService - ok
13:22:32.0921 2692 lxdd_device - ok
13:22:33.0093 2692 [ 500D089CE760D83DA2B6CBA681AA9949 ] MBAMProtector C:\windows\system32\drivers\mbam.sys
13:22:33.0093 2692 MBAMProtector - ok
13:22:33.0296 2692 [ 85B16A92B117A5A800032ECD904B86DB ] MBAMScheduler C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
13:22:33.0312 2692 MBAMScheduler - ok
13:22:33.0531 2692 [ 20E2469DB709FC675E655CEAA11BE312 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
13:22:33.0531 2692 MBAMService - ok
13:22:33.0671 2692 [ 11F714F85530A2BD134074DC30E99FCA ] MDM C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
13:22:33.0718 2692 MDM - ok
13:22:34.0062 2692 [ 221CD1C815B8A6B79389C3F5D1018DE8 ] Messenger C:\windows\System32\msgsvc.dll
13:22:34.0078 2692 Messenger - ok
13:22:34.0375 2692 [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
13:22:34.0421 2692 Microsoft Office Groove Audit Service - ok
13:22:34.0546 2692 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\windows\system32\drivers\mnmdd.sys
13:22:34.0562 2692 mnmdd - ok
13:22:34.0625 2692 [ 9A57D046F88F4B69751B11FD40088A61 ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
13:22:34.0640 2692 mnmsrvc - ok
13:22:34.0703 2692 [ 44032B0C6D9954D3FD26438330B99EE7 ] Modem C:\windows\system32\drivers\Modem.sys
13:22:34.0718 2692 Modem - ok
13:22:34.0828 2692 [ 4CB582831DBDE63CE43B45D771218374 ] Mouclass C:\windows\system32\DRIVERS\mouclass.sys
13:22:34.0859 2692 Mouclass - ok
13:22:35.0062 2692 [ BB269EBA740737AB749B214D568B6812 ] mouhid C:\windows\system32\DRIVERS\mouhid.sys
13:22:35.0078 2692 mouhid - ok
13:22:35.0109 2692 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\windows\system32\drivers\MountMgr.sys
13:22:35.0156 2692 MountMgr - ok
13:22:35.0265 2692 [ C0F8E0C2C3C0437CF37C6781896DC3EC ] MPE C:\windows\system32\DRIVERS\MPE.sys
13:22:35.0265 2692 MPE - ok
13:22:35.0281 2692 mraid35x - ok
13:22:35.0328 2692 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\windows\system32\DRIVERS\mrxdav.sys
13:22:35.0343 2692 MRxDAV - ok
13:22:35.0781 2692 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\windows\system32\DRIVERS\mrxsmb.sys
13:22:35.0890 2692 MRxSmb - ok
13:22:35.0968 2692 [ 6DB4D1521CABA9A5FFAB54ADE0AE867D ] MSDTC C:\WINDOWS\system32\msdtc.exe
13:22:36.0000 2692 MSDTC - ok
13:22:36.0046 2692 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\windows\system32\drivers\Msfs.sys
13:22:36.0046 2692 Msfs - ok
13:22:36.0046 2692 MSICPL - ok
13:22:36.0062 2692 MSIServer - ok
13:22:36.0078 2692 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\windows\system32\drivers\MSKSSRV.sys
13:22:36.0093 2692 MSKSSRV - ok
13:22:36.0140 2692 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\windows\system32\drivers\MSPCLOCK.sys
13:22:36.0156 2692 MSPCLOCK - ok
13:22:36.0203 2692 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\windows\system32\drivers\MSPQM.sys
13:22:36.0218 2692 MSPQM - ok
13:22:36.0265 2692 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\windows\system32\DRIVERS\mssmbios.sys
13:22:36.0281 2692 mssmbios - ok
13:22:36.0343 2692 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE C:\windows\system32\drivers\MSTEE.sys
13:22:36.0359 2692 MSTEE - ok
13:22:36.0390 2692 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\windows\system32\drivers\Mup.sys
13:22:36.0406 2692 Mup - ok
13:22:36.0437 2692 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC C:\windows\system32\DRIVERS\NABTSFEC.sys
13:22:36.0468 2692 NABTSFEC - ok
13:22:36.0515 2692 [ 6EA362E9DB03D44F6B996F4D8BE237E9 ] napagent C:\windows\System32\qagentrt.dll
13:22:36.0546 2692 napagent - ok
13:22:36.0593 2692 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\windows\system32\drivers\NDIS.sys
13:22:36.0609 2692 NDIS - ok
13:22:36.0640 2692 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP C:\windows\system32\DRIVERS\NdisIP.sys
13:22:36.0656 2692 NdisIP - ok
13:22:36.0703 2692 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\windows\system32\DRIVERS\ndistapi.sys
13:22:36.0703 2692 NdisTapi - ok
13:22:36.0718 2692 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\windows\system32\DRIVERS\ndisuio.sys
13:22:36.0734 2692 Ndisuio - ok
13:22:36.0765 2692 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\windows\system32\DRIVERS\ndiswan.sys
13:22:36.0796 2692 NdisWan - ok
13:22:36.0843 2692 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\windows\system32\drivers\NDProxy.sys
13:22:36.0859 2692 NDProxy - ok
13:22:37.0031 2692 [ B90E093E7A7250906F1054418B5339C0 ] Nero BackItUp Scheduler 4.0 C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
13:22:37.0062 2692 Nero BackItUp Scheduler 4.0 - ok
13:22:37.0093 2692 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\windows\system32\DRIVERS\netbios.sys
13:22:37.0093 2692 NetBIOS - ok
13:22:37.0140 2692 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\windows\system32\DRIVERS\netbt.sys
13:22:37.0171 2692 NetBT - ok
13:22:37.0218 2692 [ 933DE774986EC85E48210C44AB431DE6 ] NetDDE C:\windows\system32\netdde.exe
13:22:37.0234 2692 NetDDE - ok
13:22:37.0250 2692 [ 933DE774986EC85E48210C44AB431DE6 ] NetDDEdsdm C:\windows\system32\netdde.exe
13:22:37.0265 2692 NetDDEdsdm - ok
13:22:37.0281 2692 [ ED0A176354487CEED65B80A7148AB739 ] Netlogon C:\windows\system32\lsass.exe
13:22:37.0296 2692 Netlogon - ok
13:22:37.0343 2692 [ 72E1E9E2977BE08BDEEDB6D8FD9D4D40 ] Netman C:\windows\System32\netman.dll
13:22:37.0343 2692 Netman - ok
13:22:37.0437 2692 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
13:22:37.0437 2692 NetTcpPortSharing - ok
13:22:37.0500 2692 [ 39EE7C3BFBC64BA87CC8CF67386E814C ] Nla C:\windows\System32\mswsock.dll
13:22:37.0500 2692 Nla - ok
13:22:37.0531 2692 [ 00602D89A2564414E6F81DB0F2E24685 ] nlsX86cc C:\windows\system32\NLSSRV32.EXE
13:22:37.0531 2692 nlsX86cc - ok
13:22:37.0562 2692 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\windows\system32\drivers\Npfs.sys
13:22:37.0578 2692 Npfs - ok
13:22:37.0578 2692 NTACCESS - ok
13:22:37.0640 2692 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\windows\system32\drivers\Ntfs.sys
13:22:37.0796 2692 Ntfs - ok
13:22:37.0828 2692 [ ED0A176354487CEED65B80A7148AB739 ] NtLmSsp C:\windows\system32\lsass.exe
13:22:37.0828 2692 NtLmSsp - ok
13:22:37.0953 2692 [ 023DD70573D644F3D9C8B1258A7BFD08 ] NtmsSvc C:\windows\system32\ntmssvc.dll
13:22:38.0078 2692 NtmsSvc - ok
13:22:38.0093 2692 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\windows\system32\drivers\Null.sys
13:22:38.0093 2692 Null - ok
13:22:39.0406 2692 [ A05D99CBF55EB493C9E82B4BCA848EF5 ] nv C:\windows\system32\DRIVERS\nv4_mini.sys
13:22:41.0625 2692 nv - ok
13:22:41.0687 2692 [ A86A2F2B2BF5D5EED075B6417DE5CF1C ] NVSvc C:\windows\system32\nvsvc32.exe
13:22:41.0718 2692 NVSvc - ok
13:22:41.0765 2692 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\windows\system32\DRIVERS\nwlnkflt.sys
13:22:41.0765 2692 NwlnkFlt - ok
13:22:41.0796 2692 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\windows\system32\DRIVERS\nwlnkfwd.sys
13:22:41.0796 2692 NwlnkFwd - ok
13:22:42.0000 2692 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
13:22:42.0062 2692 odserv - ok
13:22:42.0125 2692 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
13:22:42.0156 2692 ose - ok
13:22:42.0203 2692 [ 46F8DB73B4A53E543F8E371DC7C75BAE ] Parport C:\windows\system32\DRIVERS\parport.sys
13:22:42.0218 2692 Parport - ok
13:22:42.0265 2692 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\windows\system32\drivers\PartMgr.sys
13:22:42.0296 2692 PartMgr - ok
13:22:42.0328 2692 [ 1FAE19D0457176318BBA4A8795656EBC ] ParVdm C:\windows\system32\drivers\ParVdm.sys
13:22:42.0328 2692 ParVdm - ok
13:22:42.0375 2692 [ 6CE351D149CB4BEFC702951E471E1730 ] PCI C:\windows\system32\DRIVERS\pci.sys
13:22:42.0406 2692 PCI - ok
13:22:42.0406 2692 PCIDump - ok
13:22:42.0484 2692 [ 2DA4EC85E0EA7A45C6B2A05820492D5A ] PCIIde C:\windows\system32\DRIVERS\pciide.sys
13:22:42.0484 2692 PCIIde - ok
13:22:42.0546 2692 [ 4FC31E6C19A5CE5198B1ABFF94CAE758 ] Pcmcia C:\windows\system32\drivers\Pcmcia.sys
13:22:42.0562 2692 Pcmcia - ok
13:22:42.0625 2692 [ 5B6C11DE7E839C05248CED8825470FEF ] pcouffin C:\windows\system32\Drivers\pcouffin.sys
13:22:42.0640 2692 pcouffin - ok
13:22:42.0640 2692 PDCOMP - ok
13:22:42.0656 2692 PDFRAME - ok
13:22:42.0656 2692 PDRELI - ok
13:22:42.0671 2692 PDRFRAME - ok
13:22:42.0671 2692 perc2 - ok
13:22:42.0671 2692 perc2hib - ok
13:22:42.0734 2692 [ 9EF697AF07BB8DD82C3B02CA953A95B7 ] PlugPlay C:\windows\system32\services.exe
13:22:42.0750 2692 PlugPlay - ok
13:22:42.0796 2692 [ 3A2E85F7D90D15460C337CE80C2E3B29 ] PnkBstrA C:\windows\system32\PnkBstrA.exe
13:22:42.0812 2692 PnkBstrA - ok
13:22:42.0859 2692 [ 27F1BE4A53441C9F1F48B9ADC145B0A5 ] PnkBstrB C:\windows\system32\PnkBstrB.exe
13:22:42.0875 2692 PnkBstrB - ok
13:22:42.0890 2692 [ ED0A176354487CEED65B80A7148AB739 ] PolicyAgent C:\windows\system32\lsass.exe
13:22:42.0890 2692 PolicyAgent - ok
13:22:42.0937 2692 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\windows\system32\DRIVERS\raspptp.sys
13:22:42.0937 2692 PptpMiniport - ok
13:22:42.0968 2692 [ 88422CB9D58BD542269318A6850FC384 ] PQNTDrv C:\windows\system32\drivers\PQNTDrv.sys
13:22:42.0968 2692 PQNTDrv - ok
13:22:42.0984 2692 [ ED0A176354487CEED65B80A7148AB739 ] ProtectedStorage C:\windows\system32\lsass.exe
13:22:42.0984 2692 ProtectedStorage - ok
13:22:43.0015 2692 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\windows\system32\DRIVERS\psched.sys
13:22:43.0015 2692 PSched - ok
13:22:43.0062 2692 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\windows\system32\DRIVERS\ptilink.sys
13:22:43.0062 2692 Ptilink - ok
13:22:43.0125 2692 [ E42E3433DBB4CFFE8FDD91EAB29AEA8E ] PxHelp20 C:\windows\system32\Drivers\PxHelp20.sys
13:22:43.0140 2692 PxHelp20 - ok
13:22:43.0140 2692 ql1080 - ok
13:22:43.0156 2692 Ql10wnt - ok
13:22:43.0156 2692 ql12160 - ok
13:22:43.0156 2692 ql1240 - ok
13:22:43.0171 2692 ql1280 - ok
13:22:43.0187 2692 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\windows\system32\DRIVERS\rasacd.sys
13:22:43.0187 2692 RasAcd - ok
13:22:43.0250 2692 [ 2B5E44EA009F2F374B980E1E9A70635D ] RasAuto C:\windows\System32\rasauto.dll
13:22:43.0265 2692 RasAuto - ok
13:22:43.0312 2692 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\windows\system32\DRIVERS\rasl2tp.sys
13:22:43.0312 2692 Rasl2tp - ok
13:22:43.0390 2692 [ D57554C664B64604BD1EE13EA2C07E77 ] RasMan C:\windows\System32\rasmans.dll
13:22:43.0390 2692 RasMan - ok
13:22:43.0421 2692 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\windows\system32\DRIVERS\raspppoe.sys
13:22:43.0421 2692 RasPppoe - ok
13:22:43.0437 2692 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\windows\system32\DRIVERS\raspti.sys
13:22:43.0468 2692 Raspti - ok
13:22:43.0515 2692 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\windows\system32\DRIVERS\rdbss.sys
13:22:43.0531 2692 Rdbss - ok
13:22:43.0562 2692 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\windows\system32\DRIVERS\RDPCDD.sys
13:22:43.0562 2692 RDPCDD - ok
13:22:43.0609 2692 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\windows\system32\DRIVERS\rdpdr.sys
13:22:43.0640 2692 rdpdr - ok
13:22:43.0734 2692 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\windows\system32\drivers\RDPWD.sys
13:22:43.0750 2692 RDPWD - ok
13:22:43.0796 2692 [ C0D9D9711CB74EE9BC66353D8CBDAB0E ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
13:22:43.0796 2692 RDSessMgr - ok
13:22:43.0843 2692 [ 611BFD220305BE3A85AE876EA47D4AA5 ] redbook C:\windows\system32\DRIVERS\redbook.sys
13:22:43.0859 2692 redbook - ok
13:22:43.0875 2692 [ 127C26B5371651043450E52542099ABA ] RemoteAccess C:\windows\System32\mprdim.dll
13:22:43.0890 2692 RemoteAccess - ok
13:22:43.0921 2692 [ 8F31505484A190D5B22274708799F4EC ] RemoteRegistry C:\windows\system32\regsvc.dll
13:22:43.0937 2692 RemoteRegistry - ok
13:22:43.0953 2692 [ 718B3BDC0BC3C2F7D065A53D26202AF9 ] RpcLocator C:\windows\system32\locator.exe
13:22:43.0968 2692 RpcLocator - ok
13:22:44.0015 2692 [ BE27674D1CBC3214AEC84B4336A38BBF ] RpcSs C:\windows\system32\rpcss.dll
13:22:44.0015 2692 RpcSs - ok
13:22:44.0046 2692 [ 09AB2E71E58B078038E3BFDBA7FFC984 ] RSVP C:\windows\system32\rsvp.exe
13:22:44.0078 2692 RSVP - ok
13:22:44.0156 2692 [ FF8FE1E092E5C4987FDCAF415EE7B6B5 ] RTL8192su C:\windows\system32\DRIVERS\RTL8192su.sys
13:22:44.0343 2692 RTL8192su - ok
13:22:44.0390 2692 [ 89619EF503F949FAE09252A8B883EE11 ] RTLE8023xp C:\windows\system32\DRIVERS\Rtenicxp.sys
13:22:44.0437 2692 RTLE8023xp - ok
13:22:44.0453 2692 [ ED0A176354487CEED65B80A7148AB739 ] SamSs C:\windows\system32\lsass.exe
13:22:44.0453 2692 SamSs - ok
13:22:44.0500 2692 [ 410046E401EB11E1E6749E9DEEA41D4A ] SCardSvr C:\windows\System32\SCardSvr.exe
13:22:44.0500 2692 SCardSvr - ok
13:22:44.0593 2692 [ 3FF232A7731621B8902D81D42418C93C ] Schedule C:\windows\system32\schedsvc.dll
13:22:44.0609 2692 Schedule - ok
13:22:44.0656 2692 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\windows\system32\DRIVERS\secdrv.sys
13:22:44.0656 2692 Secdrv - ok
13:22:44.0671 2692 [ 477E2C3CC5E4A0D635BCB0EA8DCAC3C6 ] seclogon C:\windows\System32\seclogon.dll
13:22:44.0671 2692 seclogon - ok
13:22:44.0687 2692 [ A530B75C10C23C9AB28FDB6CE719E21F ] SENS C:\windows\system32\sens.dll
13:22:44.0703 2692 SENS - ok
13:22:44.0718 2692 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\windows\system32\DRIVERS\serenum.sys
13:22:44.0734 2692 serenum - ok
13:22:44.0750 2692 [ B842729337C9B921615C40D3C1A1AF96 ] Serial C:\windows\system32\DRIVERS\serial.sys
13:22:44.0765 2692 Serial - ok
13:22:44.0781 2692 SetupNTGLM7X - ok
13:22:44.0796 2692 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\windows\system32\drivers\Sfloppy.sys
13:22:44.0812 2692 Sfloppy - ok
13:22:44.0906 2692 [ F58FACA9621D2DB01BD0927D9A0A208E ] SharedAccess C:\windows\System32\ipnathlp.dll
13:22:44.0906 2692 SharedAccess - ok
13:22:44.0953 2692 [ EE9A2B9EA968A792A053C9D1A86BF870 ] ShellHWDetection C:\windows\System32\shsvcs.dll
13:22:44.0968 2692 ShellHWDetection - ok
13:22:44.0968 2692 Simbad - ok
13:22:45.0546 2692 [ 388AE59FE75F1B959DFA0900923C61BB ] Skype C2C Service C:\Documents and Settings\All Users\Data aplikací\Skype\Toolbars\Skype C2C Service\c2c_service.exe
13:22:45.0578 2692 Skype C2C Service - ok
13:22:45.0765 2692 [ A4FAB5F7818A69DA6E740943CB8F7CA9 ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
13:22:45.0765 2692 SkypeUpdate - ok
13:22:45.0843 2692 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP C:\windows\system32\DRIVERS\SLIP.sys
13:22:45.0859 2692 SLIP - ok
13:22:45.0859 2692 Sparrow - ok
13:22:45.0906 2692 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\windows\system32\drivers\splitter.sys
13:22:45.0921 2692 splitter - ok
13:22:45.0953 2692 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\windows\system32\spoolsv.exe
13:22:45.0968 2692 Spooler - ok
13:22:46.0109 2692 [ CDDDEC541BC3C96F91ECB48759673505 ] sptd C:\windows\system32\Drivers\sptd.sys
13:22:46.0140 2692 Suspicious file (NoAccess): C:\windows\system32\Drivers\sptd.sys. md5: CDDDEC541BC3C96F91ECB48759673505
13:22:46.0140 2692 sptd ( LockedFile.Multi.Generic ) - warning
13:22:46.0140 2692 sptd - detected LockedFile.Multi.Generic (1)
13:22:46.0187 2692 [ 94610C8653635E4459316A0050D55CE7 ] sr C:\windows\system32\DRIVERS\sr.sys
13:22:46.0218 2692 sr - ok
13:22:46.0281 2692 [ 35B91147124F64AC8081A2EDB9EA4DEE ] srservice C:\WINDOWS\system32\srsvc.dll
13:22:46.0296 2692 srservice - ok
13:22:46.0390 2692 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\windows\system32\DRIVERS\srv.sys
13:22:46.0390 2692 Srv - ok
13:22:46.0406 2692 [ BECD5271DC4E3B7C3D035F790FCBC1E5 ] SSDPSRV C:\windows\System32\ssdpsrv.dll
13:22:46.0421 2692 SSDPSRV - ok
13:22:46.0468 2692 [ C1CDD9275F6A115BB0AE1D55D8D27BA6 ] stisvc C:\windows\system32\wiaservc.dll
13:22:46.0484 2692 stisvc - ok
13:22:46.0531 2692 [ 77813007BA6265C4B6098187E6ED79D2 ] streamip C:\windows\system32\DRIVERS\StreamIP.sys
13:22:46.0546 2692 streamip - ok
13:22:46.0593 2692 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\windows\system32\DRIVERS\swenum.sys
13:22:46.0609 2692 swenum - ok
13:22:46.0640 2692 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\windows\system32\drivers\swmidi.sys
13:22:46.0640 2692 swmidi - ok
13:22:46.0656 2692 SwPrv - ok
13:22:46.0656 2692 symc810 - ok
13:22:46.0671 2692 symc8xx - ok
13:22:46.0671 2692 sym_hi - ok
13:22:46.0687 2692 sym_u3 - ok
13:22:46.0703 2692 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\windows\system32\drivers\sysaudio.sys
13:22:46.0718 2692 sysaudio - ok
13:22:46.0750 2692 [ CE06F01B88ACE199A1BF460CAC29C110 ] SysmonLog C:\windows\system32\smlogsvc.exe
13:22:46.0812 2692 SysmonLog - ok
13:22:46.0843 2692 [ C2546CD7A398476F9DF5614B2AE160E8 ] TapiSrv C:\windows\System32\tapisrv.dll
13:22:46.0843 2692 TapiSrv - ok
13:22:46.0953 2692 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\windows\system32\DRIVERS\tcpip.sys
13:22:46.0953 2692 Tcpip - ok
13:22:47.0015 2692 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\windows\system32\drivers\TDPIPE.sys
13:22:47.0015 2692 TDPIPE - ok
13:22:47.0062 2692 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\windows\system32\drivers\TDTCP.sys
13:22:47.0078 2692 TDTCP - ok
13:22:47.0109 2692 [ 88155247177638048422893737429D9E ] TermDD C:\windows\system32\DRIVERS\termdd.sys
13:22:47.0125 2692 TermDD - ok
13:22:47.0187 2692 [ A75DD6FC3DBEE4FFF5EBC9F2C28BB66E ] TermService C:\windows\System32\termsrv.dll
13:22:47.0203 2692 TermService - ok
13:22:47.0265 2692 [ EE9A2B9EA968A792A053C9D1A86BF870 ] Themes C:\windows\System32\shsvcs.dll
13:22:47.0265 2692 Themes - ok
13:22:47.0328 2692 [ CD0CC7B167D78043A41C98D4921EFB54 ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
13:22:47.0343 2692 TlntSvr - ok
13:22:47.0406 2692 [ 0407143F2BBC1A5DD5B518AC0704FCBF ] TomTomHOMEService D:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
13:22:47.0406 2692 TomTomHOMEService - ok
13:22:47.0406 2692 TosIde - ok
13:22:47.0437 2692 [ 38853304CCB938D30E0C4CDE8D2C2A8A ] TrkWks C:\windows\system32\trkwks.dll
13:22:47.0453 2692 TrkWks - ok
13:22:47.0468 2692 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\windows\system32\drivers\Udfs.sys
13:22:47.0484 2692 Udfs - ok
13:22:47.0593 2692 [ 3B7E264485F361EA5A65FEEF89F2352F ] UltiDev Cassini Web Server for ASP.NET 2.0 C:\Program Files\UltiDev\Cassini Web Server for ASP.NET 2.0\UltiDevCassinWebServer2a.exe
13:22:47.0609 2692 UltiDev Cassini Web Server for ASP.NET 2.0 - ok
13:22:47.0609 2692 ultra - ok
13:22:47.0718 2692 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\windows\system32\DRIVERS\update.sys
13:22:47.0750 2692 Update - ok
13:22:47.0765 2692 [ 651BD90DCEE5B7BDC74A2EB7C9266F9E ] upnphost C:\windows\System32\upnphost.dll
13:22:47.0796 2692 upnphost - ok
13:22:47.0796 2692 [ 20A0F6A11959E92908717D09E87D670D ] UPS C:\windows\System32\ups.exe
13:22:47.0812 2692 UPS - ok
13:22:47.0859 2692 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\windows\system32\DRIVERS\usbccgp.sys
13:22:47.0875 2692 usbccgp - ok
13:22:47.0937 2692 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\windows\system32\DRIVERS\usbehci.sys
13:22:47.0937 2692 usbehci - ok
13:22:47.0968 2692 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\windows\system32\DRIVERS\usbhub.sys
13:22:47.0984 2692 usbhub - ok
13:22:48.0015 2692 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\windows\system32\DRIVERS\usbprint.sys
13:22:48.0015 2692 usbprint - ok
13:22:48.0046 2692 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\windows\system32\DRIVERS\usbscan.sys
13:22:48.0046 2692 usbscan - ok
13:22:48.0093 2692 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\windows\system32\DRIVERS\USBSTOR.SYS
13:22:48.0109 2692 USBSTOR - ok
13:22:48.0125 2692 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\windows\system32\DRIVERS\usbuhci.sys
13:22:48.0140 2692 usbuhci - ok
13:22:48.0187 2692 [ 9BF2EA54E5ED5ACDF96F1DEC84C117C4 ] VClone C:\windows\system32\DRIVERS\VClone.sys
13:22:48.0218 2692 VClone - ok
13:22:48.0265 2692 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\windows\System32\drivers\vga.sys
13:22:48.0281 2692 VgaSave - ok
13:22:48.0281 2692 ViaIde - ok
13:22:48.0390 2692 [ 28A4B296B47782173C346E376CB374D1 ] VolSnap C:\windows\system32\drivers\VolSnap.sys
13:22:48.0406 2692 VolSnap - ok
13:22:48.0500 2692 [ D6BA1A63D9E00933F1CD2A885573AFB2 ] VSS C:\windows\System32\vssvc.exe
13:22:48.0546 2692 VSS - ok
13:22:48.0609 2692 [ AF0850CFD99E9E5E142537CD601BCB72 ] vvftav211 C:\windows\system32\drivers\vvftav211.sys
13:22:48.0703 2692 vvftav211 - ok
13:22:48.0734 2692 [ FA4E1CDBA256787F2149F4AAD07BC91F ] W32Time C:\WINDOWS\system32\w32time.dll
13:22:48.0734 2692 W32Time - ok
13:22:48.0765 2692 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\windows\system32\DRIVERS\wanarp.sys
13:22:48.0781 2692 Wanarp - ok
13:22:48.0843 2692 [ D6EFAF429FD30C5DF613D220E344CCE7 ] WDC_SAM C:\windows\system32\DRIVERS\wdcsam.sys
13:22:48.0890 2692 WDC_SAM - ok
13:22:48.0890 2692 WDICA - ok
13:22:49.0015 2692 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\windows\system32\drivers\wdmaud.sys
13:22:49.0031 2692 wdmaud - ok
13:22:49.0078 2692 [ 47AE51048A82DFA1CD6B51D369F7E169 ] WebClient C:\windows\System32\webclnt.dll
13:22:49.0093 2692 WebClient - ok
13:22:49.0281 2692 [ E488332126E3B1182D2B8A0C35408EC6 ] winmgmt C:\windows\system32\wbem\WMIsvc.dll
13:22:49.0281 2692 winmgmt - ok
13:22:49.0328 2692 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\windows\system32\MsPMSNSv.dll
13:22:49.0359 2692 WmdmPmSN - ok
13:22:49.0421 2692 [ 0171CFF34BBA8C5977F18C48D8AEF8C6 ] Wmi C:\windows\System32\advapi32.dll
13:22:49.0421 2692 Wmi - ok
13:22:49.0484 2692 [ 23F6F03272F7E5679F1F050AED5ACEE6 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
13:22:49.0484 2692 WmiApSrv - ok
13:22:49.0546 2692 [ CF4DEF1BF66F06964DC0D91844239104 ] WpdUsb C:\windows\system32\Drivers\wpdusb.sys
13:22:49.0562 2692 WpdUsb - ok
13:22:49.0859 2692 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
13:22:50.0015 2692 WPFFontCache_v0400 - ok
13:22:50.0046 2692 [ 4C86D5FAF78194995AF9CC1075F65DD3 ] wscsvc C:\windows\system32\wscsvc.dll
13:22:50.0062 2692 wscsvc - ok
13:22:50.0109 2692 [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC C:\windows\system32\DRIVERS\WSTCODEC.SYS
13:22:50.0109 2692 WSTCODEC - ok
13:22:50.0125 2692 [ C1364564800EE9784192145324A23308 ] wuauserv C:\windows\system32\wuauserv.dll
13:22:50.0218 2692 wuauserv - ok
13:22:50.0250 2692 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\windows\system32\DRIVERS\WudfPf.sys
13:22:50.0265 2692 WudfPf - ok
13:22:50.0312 2692 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\windows\system32\DRIVERS\wudfrd.sys
13:22:50.0328 2692 WudfRd - ok
13:22:50.0390 2692 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\windows\System32\WUDFSvc.dll
13:22:50.0484 2692 WudfSvc - ok
13:22:50.0562 2692 [ A27D4BA7264C0BF52F32D10405BEA1D4 ] WZCSVC C:\windows\System32\wzcsvc.dll
13:22:50.0578 2692 WZCSVC - ok
13:22:50.0593 2692 XDva391 - ok
13:22:50.0593 2692 XDva394 - ok
13:22:50.0671 2692 [ EAA4BB9EDB3FB10CF8979FE65E63658F ] xmlprov C:\windows\System32\xmlprov.dll
13:22:51.0015 2692 xmlprov - ok
13:22:51.0265 2692 [ 17EE5FA37C15EDAE826A7CFAE227BC0B ] ZSMC30x C:\windows\system32\Drivers\ZS211.sys
13:22:51.0703 2692 ZSMC30x - ok
13:22:51.0703 2692 ================ Scan global ===============================
13:22:51.0750 2692 [ F36278E42C8C5DF03CE17DAC8231C91C ] C:\windows\system32\basesrv.dll
13:22:51.0843 2692 [ F3FA14A297BC687D0B51289D034033C9 ] C:\windows\system32\winsrv.dll
13:22:52.0000 2692 [ F3FA14A297BC687D0B51289D034033C9 ] C:\windows\system32\winsrv.dll
13:22:52.0031 2692 [ 9EF697AF07BB8DD82C3B02CA953A95B7 ] C:\windows\system32\services.exe
13:22:52.0031 2692 [Global] - ok
13:22:52.0031 2692 ================ Scan MBR ==================================
13:22:52.0046 2692 [ 413FC2A0C716421B3158746D63736515 ] \Device\Harddisk0\DR0
13:22:53.0750 2692 \Device\Harddisk0\DR0 - ok
13:22:53.0765 2692 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR1
13:22:53.0765 2692 \Device\Harddisk1\DR1 - ok
13:22:53.0781 2692 [ 739B36F7A373FC81121D831231B6D311 ] \Device\Harddisk2\DR5
13:22:53.0781 2692 \Device\Harddisk2\DR5 - ok
13:22:53.0781 2692 ================ Scan VBR ==================================
13:22:53.0796 2692 [ FC1925E041BD2B435C8A0BD294A98AEF ] \Device\Harddisk0\DR0\Partition1
13:22:53.0796 2692 \Device\Harddisk0\DR0\Partition1 - ok
13:22:53.0812 2692 [ 1688C5C21B2BC11C0DB50B211DD5B36D ] \Device\Harddisk0\DR0\Partition2
13:22:53.0843 2692 \Device\Harddisk0\DR0\Partition2 - ok
13:22:53.0859 2692 [ CD78A10849C92DF89943317F936645E2 ] \Device\Harddisk1\DR1\Partition1
13:22:53.0859 2692 \Device\Harddisk1\DR1\Partition1 - ok
13:22:53.0859 2692 [ 4D73A138CF924400815E887F932AE39D ] \Device\Harddisk2\DR5\Partition1
13:22:53.0859 2692 \Device\Harddisk2\DR5\Partition1 - ok
13:22:53.0859 2692 ============================================================
13:22:53.0859 2692 Scan finished
13:22:53.0859 2692 ============================================================
13:22:53.0875 2664 Detected object count: 2
13:22:53.0875 2664 Actual detected object count: 2
13:23:34.0921 2664 Akamai ( HiddenFile.Multi.Generic ) - skipped by user
13:23:34.0921 2664 Akamai ( HiddenFile.Multi.Generic ) - User select action: Skip
13:23:34.0921 2664 sptd ( LockedFile.Multi.Generic ) - skipped by user
13:23:34.0921 2664 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
13:23:38.0000 2716 Deinitialize success

a poslední je log z Combofixu ten dam v další zprávě již se nevejdou

Baryk · Příspěvekod **Baryk** » 08 pro 2012 14:00

DRuhá část co se nevešla z COMBOFIXU:

ComboFix 12-12-07.01 - Jirka 08.12.2012 13:31:59.1.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.3070.2205 [GMT 1:00]
Spuštěný z: c:\documents and settings\Jirka\Plocha\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Sunbelt Kerio Personal Firewall *Disabled* {CB8DE467-2367-41d1-87BA-D0AE12284F9A}
.
VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\CFLog
c:\cflog\images.jpeg
c:\documents and settings\All Users\SPL123.tmp
c:\documents and settings\All Users\SPL84.tmp
c:\documents and settings\Jirka\WINDOWS
c:\program files\Funmoods
c:\windows\msmqinst.log
c:\windows\system32\AF15BDAEX.dll
c:\windows\system32\SETD0.tmp
c:\windows\system32\SETDC.tmp
c:\windows\system32\tmp21E.tmp
c:\windows\system32\tmp21F.tmp
c:\windows\system32\ympgcdc.cfg
D:\Setup.exe
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_MYWEBSEARCHSERVICE
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-11-08 do 2012-12-08 )))))))))))))))))))))))))))))))
.
.
2012-12-08 12:26 . 2012-12-08 12:26 -------- d-----w- c:\documents and settings\All Users\Oblíbené položky
2012-12-08 07:53 . 2012-12-08 07:53 -------- d-----w- c:\documents and settings\Jirka\Data aplikací\Malwarebytes
2012-12-08 07:53 . 2012-12-08 07:53 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2012-12-08 07:53 . 2012-12-08 07:53 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-12-08 07:53 . 2012-09-29 18:54 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-12-07 19:19 . 2012-12-07 19:19 388096 ----a-r- c:\documents and settings\Jirka\Data aplikací\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-12-07 19:19 . 2012-12-07 19:19 -------- d-----w- c:\program files\Trend Micro
2012-12-07 15:11 . 2012-10-30 22:51 361032 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-12-07 15:11 . 2012-10-30 22:51 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-12-07 15:11 . 2012-10-30 22:51 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-12-07 15:10 . 2012-10-30 22:51 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-12-07 15:10 . 2012-10-30 22:51 738504 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-12-07 15:10 . 2012-10-30 22:51 97608 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2012-12-07 15:10 . 2012-10-30 22:51 89752 ----a-w- c:\windows\system32\drivers\aswmon.sys
2012-12-07 15:10 . 2012-10-30 22:51 25256 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2012-12-07 15:10 . 2012-10-30 22:51 41224 ----a-w- c:\windows\avastSS.scr
2012-12-07 15:10 . 2012-10-30 22:50 227648 ----a-w- c:\windows\system32\aswBoot.exe
2012-12-07 15:10 . 2012-12-07 15:10 -------- d-----w- c:\program files\AVAST Software
2012-12-07 15:10 . 2012-12-07 15:10 -------- d-----w- c:\documents and settings\All Users\Data aplikací\AVAST Software
2012-12-04 18:16 . 2012-12-04 18:16 -------- d-----w- c:\documents and settings\Jirka\Data aplikací\Acoustica
2012-11-23 12:20 . 2012-11-23 12:25 -------- d-----w- c:\documents and settings\Kubˇk
2012-11-23 05:51 . 2012-11-23 05:51 -------- d-----w- c:\program files\Common Files\Skype
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-04 18:29 . 2010-12-13 17:59 87608 -c--a-w- c:\documents and settings\Jirka\Data aplikací\inst.exe
2012-12-04 18:29 . 2010-12-13 17:59 47360 -c--a-w- c:\documents and settings\Jirka\Data aplikací\pcouffin.sys
2012-11-07 19:18 . 2012-04-07 15:18 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-11-07 19:18 . 2011-05-14 17:50 73656 -c--a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-26 16:49 . 2012-10-22 17:25 21361 ----a-w- c:\windows\system32\drivers\AegisP.sys
2012-10-22 19:57 . 2004-08-18 12:00 1866368 ----a-w- c:\windows\system32\win32k.sys
2012-10-16 17:07 . 2012-10-16 17:07 138904 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2012-10-16 17:07 . 2012-10-16 17:07 138904 ----a-w- c:\documents and settings\Jirka\Data aplikací\PnkBstrK.sys
2012-10-16 17:07 . 2012-10-16 17:07 189248 ----a-w- c:\windows\system32\PnkBstrB.exe
2012-10-16 17:07 . 2012-10-16 17:07 189248 ----a-w- c:\windows\system32\PnkBstrB.ex0
2012-10-16 17:07 . 2012-10-16 17:07 76888 ----a-w- c:\windows\system32\PnkBstrA.exe
2012-10-15 19:40 . 2012-10-16 17:06 840264 ----a-w- c:\windows\system32\pbsvc.exe
2012-10-02 18:04 . 2004-08-18 12:00 58368 ----a-w- c:\windows\system32\synceng.dll
2012-10-01 17:14 . 2012-10-01 17:13 7380 ----a-w- C:\cc_20121001_191352.reg
2012-09-22 17:06 . 2012-09-22 17:05 889242 ----a-w- C:\cc_20120922_190455.reg
2005-03-31 21:17 . 2009-10-25 18:15 40960 ----a-w- c:\program files\Uninstall_CDS.exe
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3CF7606-E683-4375-A372-96B75DA0AEF7}]
2009-12-16 09:03 185344 ----a-w- c:\program files\Get Styles\enlbrdr.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 22:50 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NBJ"="c:\program files\Ahead\Nero BackItUp\nbj.exe" [2005-05-19 1957888]
"TomTomHOME.exe"="d:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2012-08-28 247768]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-11-09 17877168]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2012-12-04 968592]
"Steam"="d:\program files\Steam\steam.exe" [2012-12-03 1354736]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2008-02-13 16857600]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"InCD"="c:\program files\Ahead\InCD\InCD.exe" [2002-09-26 1114112]
"lxddmon.exe"="c:\program files\Lexmark 2500 Series\lxddmon.exe" [2007-06-11 291760]
"lxddamon"="c:\program files\Lexmark 2500 Series\lxddamon.exe" [2007-04-30 20480]
"FaxCenterServer"="c:\program files\Lexmark Fax Solutions\fm3032.exe" [2007-06-11 312240]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"WinSys2"="c:\windows\system32\winsys2.exe" [2009-08-25 208896]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-11-20 12669544]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-11-20 110184]
"boinctray"="c:\program files\BOINC\boinctray.exe" [2008-12-09 58112]
"boincmgr"="c:\program files\BOINC\boincmgr.exe" [2008-12-09 4289280]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-12-08 1226608]
"DivX Download Manager"="c:\program files\DivX\DivX Plus Web Player\DDmService.exe" [2010-12-08 63360]
"ZSSnp211"="c:\windows\ZSSnp211.exe" [2007-04-06 57344]
"Domino"="c:\windows\Domino.exe" [2006-08-18 49152]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"ComplexWebServer"="d:\complexwebserver\bin\ServiceDirect.exe" [2006-09-17 686080]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"WIAWizardMenu"="c:\windows\system32\sti_ci.dll" [2008-04-14 136704]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
c:\documents and settings\Kubík\Nabídka Start\Programy\Po spuštění\
3DO - Might and Magic VII Registration.lnk - d:\hry\mm7\Register\Remind32.exe [N/A]
Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\documents and settings\Lenka\Nabídka Start\Programy\Po spuštění\
Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\documents and settings\Markéta\Nabídka Start\Programy\Po spuštění\
Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
INTELLINET NETWORK SOLUTIONS 802.11n Wireless LAN Utility.lnk - c:\program files\INTELLINET NETWORK SOLUTIONS\11n USB Wireless LAN Utility\RtWLan.exe [2012-10-26 933888]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0sdnclean.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
.
R0 BsStor;InCD Storage Helper Driver;c:\windows\system32\drivers\bsstor.sys [22.8.2009 18:46 9344]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [12.12.2009 9:01 691696]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [7.12.2012 16:10 738504]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [7.12.2012 16:11 361032]
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [18.8.2004 13:00 14336]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [7.12.2012 16:11 21256]
R2 BsUDF;InCD UDF Driver;c:\windows\system32\drivers\bsudf.sys [22.8.2009 18:46 449280]
R2 CWS_MySQL_3306;CWS_MySQL_3306;d:\complexwebserver\mysql\bin\mysqld-nt.exe --defaults-file=d:\complexwebserver\mysql\conf\mysqld.conf CWS_MySQL_3306 --> d:\complexwebserver\mysql\bin\mysqld-nt.exe --defaults-file=d:\complexwebserver\mysql\conf\mysqld.conf CWS_MySQL_3306 [?]
R2 lxdd_device;lxdd_device;c:\windows\system32\lxddcoms.exe -service --> c:\windows\system32\lxddcoms.exe -service [?]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [8.12.2012 8:53 676936]
R2 nlsX86cc;NLS Service;c:\windows\system32\NLSSRV32.EXE [16.12.2009 9:11 65856]
R2 Skype C2C Service;Skype C2C Service;c:\documents and settings\All Users\Data aplikací\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2.10.2012 12:13 3064000]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [9.11.2012 11:21 160944]
R2 TomTomHOMEService;TomTomHOMEService;d:\program files\TomTom HOME 2\TomTomHOMEService.exe [28.8.2012 6:41 92632]
R2 UltiDev Cassini Web Server for ASP.NET 2.0;UltiDev Cassini Web Server for ASP.NET 2.0;c:\program files\UltiDev\Cassini Web Server for ASP.NET 2.0\UltiDevCassinWebServer2a.exe [7.2.2007 23:06 49152]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [8.12.2012 8:53 22856]
R3 RTL8192su;INTELLINET NETWORK SOLUTIONS 802.11n USB Network Adapter;c:\windows\system32\drivers\RTL8192su.sys [26.10.2012 17:44 591488]
R3 vvftav211;vvftav211;c:\windows\system32\drivers\vvftav211.sys [13.2.2011 15:48 480128]
R3 ZSMC30x;USB PC Camera Service ZSMC30x;c:\windows\system32\drivers\ZS211.sys [13.2.2011 15:48 1537024]
S1 khips;khips;\??\c:\windows\system32\Drivers\khips.sys --> c:\windows\system32\Drivers\khips.sys [?]
S2 CWS_Apache_8080;CWS_Apache_8080;d:\complexwebserver\apache\bin\Apache.exe [30.10.2012 18:57 20541]
S2 lxddCATSCustConnectService;lxddCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxddserv.exe [22.8.2009 19:37 99248]
S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\EagleXNt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [22.9.2012 18:13 13192]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [22.9.2012 18:13 8456]
S3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [13.12.2010 18:59 47360]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\g:\ntglm7x.sys --> g:\NTGLM7X.sys [?]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [12.7.2012 14:04 11520]
S3 XDva391;XDva391;\??\c:\windows\system32\XDva391.sys --> c:\windows\system32\XDva391.sys [?]
S3 XDva394;XDva394;\??\c:\windows\system32\XDva394.sys --> c:\windows\system32\XDva394.sys [?]
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Obsah adresáře 'Naplánované úlohy'
.
2012-12-08 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-07 19:18]
.
2012-12-08 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2012-12-07 22:50]
.
2012-12-08 c:\windows\Tasks\User_Feed_Synchronization-{D738C0F6-1827-4FDC-9D1C-84B47BEEE116}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 02:31]
.
2012-12-08 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-08-22 20:18]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://search.conduit.com?SearchSource= ... =CT2776682
mStart Page = hxxp://start.funmoods.com/?f=1&a=iron2& ... =708076704
IE: &Winamp Search - c:\documents and settings\All Users\Data aplikací\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
IE: Download all with Free Download Manager
IE: Download selected with Free Download Manager
IE: Download video with Free Download Manager
IE: Download with Free Download Manager
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MIF269~1\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 213.46.172.36 213.46.172.37
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
WebBrowser-{51A86BB3-6602-4C85-92A5-130EE4864F13} - (no file)
HKCU-Run-DriverMax - (no file)
HKCU-Run-DriverMax_RESTART - (no file)
HKCU-Run-LightScribe Control Panel - c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe
HKLM-Run-nwiz - nwiz.exe
HKLM-Run-4StoryPrePatch - d:\hry\4Story_CZ\PrePatch.exe
AddRemove-Hospital - d:\hry\TH\DeIsL1.isu
AddRemove-KnightsAndMerchants - d:\hry\knightM\DeIsL1.isu
AddRemove-State of War - d:\hry\state of war\Uninst.isu
AddRemove-State of War - Warmonger - d:\hry\state of war_war monger\Uninst.isu
AddRemove-{1EAC1D02-C6AC-4FA6-9A44-96258C37C812}_is1 - d:\hry\World_of_Tanks\unins000.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-12-08 13:46
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Akamai]
"ServiceDll"="c:\program files\common files\akamai/netsession_win_ce5ba24.dll"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(288)
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\RUNDLL32.EXE
c:\program files\Borland\InterBase\bin\ibguard.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\lxddcoms.exe
c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\windows\system32\wscntfy.exe
c:\program files\Borland\InterBase\bin\ibserver.exe
c:\windows\system32\wbem\wmiapsrv.exe
.
**************************************************************************
.
Celkový čas: 2012-12-08 13:48:36 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-12-08 12:48
.
Před spuštěním: 9 308 016 640
Po spuštění: 9 477 025 792
.
- - End Of File - - 8628BEF54BC00484D6889C81F9D5C75C

Příspěvekod **Žbeky** » 08 pro 2012 17:27

Jestli nepoužíváš akamai, odinstaluj jej

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

KillAll::

File::
C:\cc_20121001_191352.reg
C:\cc_20120922_190455.reg
c:\windows\Tasks\WGASetup.job

Folder::
c:\program files\Get Styles

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3CF7606-E683-4375-A372-96B75DA0AEF7}]

Driver::
CWS_MySQL_3306
lxdd_device
khips
EagleXNt
SetupNTGLM7X
XDva391
XDva394

DDS::
uStart Page = hxxp://search.conduit.com?SearchSource= ... =CT2776682
mStart Page = hxxp://start.funmoods.com/?f=1&a=iron2& ... =708076704

RegLock::
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu

Toto otestuj na Virustotal
c:\documents and settings\Jirka\Data aplikací\inst.exe
c:\documents and settings\Jirka\Data aplikací\pcouffin.sys

Klikni vpravo od okénka na Vybrat a v Exploreru najdi požadovaný soubor v Tvém PC. Označ ho myší a klikni na Otevřít , poté klikni na Send File. Pokud už byl soubor testován , objeví se okno ve kterém klikni na Reanalyze. Soubor se začne postupně testovat více antivirovými programy. Až skončí test posledního antiviru , objeví se nahoře result a červeně počet nákaz , např. 0/40 , nebo 1/40. Pak zkopíruj myší odkaz na tuto stránku a vlož ji do svého příspěvku.

Baryk · Příspěvekod **Baryk** » 08 pro 2012 18:09

Děkuji za ochotu pomoci, ale byl jsem dotlačen okolím k format C: a tak teď sedím nad horou DVD a instaluji holý systém.I tak Vám velmi děkuji.

Nejdou štíty Avast ani firewall Vyřešeno

Nejdou štíty Avast ani firewall

Re: Nejdou štíty Avast ani firewall

Re: Nejdou štíty Avast ani firewall

Re: Nejdou štíty Avast ani firewall

Re: Nejdou štíty Avast ani firewall

Re: Nejdou štíty Avast ani firewall

Re: Nejdou štíty Avast ani firewall

Re: Nejdou štíty Avast ani firewall

Re: Nejdou štíty Avast ani firewall

Re: Nejdou štíty Avast ani firewall Vyřešeno

Kdo je online