Policie ČR virus-následky odstranění

[sawyer154]

Zdravím.Dneska jsem chytil virus "Policie Čr",byl to zrovna ten kterej se dostal i do nouzáku.Nakonec jsem ho odstranil pomocí Malwarebytes Anti-Malware v nouzovym režimu MS-DOS.Jenže po odstranění viru se PC chová dost divně.Nešel zapnout avast (Vyřešil jsem přeinstalací) a vůbec mi nefunguje firewall.Ještě se mi po načtení OS zobrazuje taková divná tabulka.

Mám Windows XP Service Pack 3 na starym netbooku Acer Aspire One.

Tady je ta tabulka po startu:



Tohle dělá firewall:




A tady je log z HiJackThis:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:57:03, on 9.6.2013
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Program Files\DefaultTab\DefaultTabSearch.exe
C:\Documents and Settings\Jirka\Data aplikací\DefaultTab\DefaultTab\DTUpdate.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesApp32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Documents and Settings\Jirka\Plocha\hijackthis.exe
C:\Program Files\TuneUp Utilities 2013\OneClickStarter.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.bing.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - {7473b6bd-4691-4744-a82b-7854eb3d70b6} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: HelloWorldBHO - {7825CFB6-490A-436B-9F26-4A7B5CFC01A9} - C:\Program Files\OApps\SelectionLinks.dll
O2 - BHO: DefaultTabBHO - {7F6AFBF1-E065-4627-A2FD-810366367D01} - C:\Documents and Settings\Jirka\Data aplikací\DefaultTab\DefaultTab\DefaultTabBHO.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {7473b6bd-4691-4744-a82b-7854eb3d70b6} - (no file)
O3 - Toolbar: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Printsrv] c:\Windows\System32\Printing_Admin_Scripts\en-US\pubpr.vbs
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-21-1844237615-1450960922-515967899-1004\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: DefaultTabSearch - Unknown owner - C:\Program Files\DefaultTab\DefaultTabSearch.exe
O23 - Service: DefaultTabUpdate - Unknown owner - C:\Documents and Settings\Jirka\Data aplikací\DefaultTab\DefaultTab\DTUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe

--
End of file - 5682 bytes


Našel jsem si tady jiný téma se stejnym virem,a pustil ATF-Cleaner,TFC, a ještě něco na Adw.Už nevim co to bylo.

//přesunuto

//mmmartin

[Reklama]

[memphisto]

Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranìní historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit doèasné soubory Windows, vysypat koš atd.

Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Update Malwarebytes' Anti-Malware (Aktualizace Malwarebytes' Anti-Malware) a Launch Malwarebytes' Anti-Malware (Spustit aplikaci Malwarebytes' Anti-Malware), pokud jo tak klikni na tlačítko Finish
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Perform Quick Scan (Provést rychlý sken) a klikni na tlačítko Scan (Skenovat)
- po probìhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- pak zvol možnost Save Logfile a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.

Stáhni AdwCleaner
Ulož si ho na svojí plochu
Ukonči všechny programy, okna a prohlížeče
Spusť program poklepáním a klikni na „Search“
Po skenu se objeví log (jinak je uložen systémovem disku jako AdwCleaner[R?].txt), jeho obsah sem celý vlož.

[Deny18]

Nechytl si vir Conficker? Ten je známý tím, že ti nejdřív vypne všechny možné ochrany. Z osobní zkušenosti.. :)

[sawyer154]

Malwarebytes' Anti-Malware log

Malwarebytes Anti-Malware 1.75.0.1300
http://www.malwarebytes.org

Database version: v2013.06.09.02

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Jirka :: JIRKA-263373285 [administrator]

9.6.2013 21:26:16
mbam-log-2013-06-09 (21-26-16).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 213316
Time elapsed: 8 minute(s), 53 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Nenašel nic protože s tim jsem virus "Falešná policie" odstranil.


AdwCleaner log:

# AdwCleaner v2.303 - Log vytvooen 09/06/2013 v 21:38:57
# Aktualizováno 08/06/2013 Xplode
# Operaení systém : Microsoft Windows XP Service Pack 3 (32 bits)
# Uživatel : Jirka - JIRKA-263373285
# Spuštin systém : Normální
# Spuštino z : C:\Documents and Settings\Jirka\Plocha\adwcleaner.exe
# Volba [Prohledat]


***** [Služby] *****

Nalezeno : DefaultTabSearch
Nalezeno : DefaultTabUpdate

***** [Soubory / Složky] *****

Složka Nalezeno : C:\Documents and Settings\All Users\Data aplikací\ParetoLogic
Složka Nalezeno : C:\Documents and Settings\Jirka\Data aplikací\DefaultTab
Složka Nalezeno : C:\Documents and Settings\Jirka\Data aplikací\DriverCure
Složka Nalezeno : C:\Documents and Settings\Jirka\Data aplikací\ParetoLogic
Složka Nalezeno : C:\Documents and Settings\Jirka\Local Settings\Data aplikací\Conduit
Složka Nalezeno : C:\Documents and Settings\Jirka\Local Settings\Data aplikací\uTorrentControl_v2
Složka Nalezeno : C:\Program Files\Conduit
Složka Nalezeno : C:\Program Files\DefaultTab
Složka Nalezeno : C:\Program Files\OApps
Složka Nalezeno : C:\Program Files\uTorrentControl_v2

***** [Registry] *****

Hodnota Nalezeno : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{7473B6BD-4691-4744-A82B-7854EB3D70B6}]
Hodnota Nalezeno : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{7473B6BD-4691-4744-A82B-7854EB3D70B6}]
Hodnota Nalezeno : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{7473B6BD-4691-4744-A82B-7854EB3D70B6}]
Klíe Nalezeno : HKCU\Software\AppDataLow\Software\DefaultTab
Klíe Nalezeno : HKCU\Software\Conduit
Klíe Nalezeno : HKCU\Software\Default Tab
Klíe Nalezeno : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
Klíe Nalezeno : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Klíe Nalezeno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Klíe Nalezeno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Klíe Nalezeno : HKCU\Software\SmartBar
Klíe Nalezeno : HKCU\Software\uTorrentControl_v2
Klíe Nalezeno : HKCU\Toolbar
Klíe Nalezeno : HKLM\SOFTWARE\Classes\AppID\DefaultTabBHO.DLL
Klíe Nalezeno : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\CLSID\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowser
Klíe Nalezeno : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowser.1
Klíe Nalezeno : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowserActiveX
Klíe Nalezeno : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowserActiveX.1
Klíe Nalezeno : HKLM\Software\Conduit
Klíe Nalezeno : HKLM\Software\Default Tab
Klíe Nalezeno : HKLM\Software\DefaultTab
Klíe Nalezeno : HKLM\SOFTWARE\Google\Chrome\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc
Klíe Nalezeno : HKLM\Software\InstallIQ
Klíe Nalezeno : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3FE5BAFE-3C18-405F-94E1-BE01EC1C8710}
Klíe Nalezeno : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6E0C7373-6A0D-4A06-B16F-E7E967375D01}
Klíe Nalezeno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\uTorrentControl_v2 Toolbar
Klíe Nalezeno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Klíe Nalezeno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{537F4F0B-3542-4C7D-A3E5-CF121482696C}
Klíe Nalezeno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Klíe Nalezeno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DefaultTab
Klíe Nalezeno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\uTorrentControl_v2 Toolbar
Klíe Nalezeno : HKLM\Software\uTorrentControl_v2
Klíe Nalezeno : HKU\S-1-5-21-1844237615-1450960922-515967899-1004\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}

***** [Internetové prohlížeee] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry jsou eisté.

-\\ Opera v12.15.1748.0

Soubor : C:\Documents and Settings\Jirka\Data aplikací\Opera\Opera\operaprefs.ini

[OK] Soubor je eistý.

*************************

AdwCleaner[R1].txt - [4438 octets] - [09/06/2013 21:38:57]

########## EOF - C:\AdwCleaner[R1].txt - [4498 octets] ##########

[sawyer154]

Nechytl si vir Conficker? Ten je známý tím, že ti nejdřív vypne všechny možné ochrany. Z osobní zkušenosti.. :)

Pravda je že než mi problikla obrazovka a resetoval se Pc mi avast něco detekoval a hned na to se vypnul.

[jaro3]

Spusť znovu AdwCleaner (u Windows Vista či Windows7, klikni na AdwCleaner pravým a vyber „Spustit jako správce“
Klikni na „ Vymazat“
Program provede opravu, po automatickém restartu neukáže log (C:\AdwCleaner [S?].txt) , jeho obsah sem celý vlož.

Stáhni si RogueKiller
32bit.:
http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe
64bit.:
http://www.sur-la-toile.com/RogueKiller ... lerX64.exe
na svojí plochu.
- Zavři všechny ostatní programy a prohlížeče.
- Pro OS Vista a win7 spusť program RogueKiller.exe jako správce , u XP poklepáním.
- počkej až skončí Prescan -vyhledávání škodlivých procesů.
- Zkontroluj , zda máš zaškrtnuto:
Kontrola MBR
Kontrola Faked
Antirootkit
-Potom klikni na „Prohledat“.
- Program skenuje procesy PC. Po proskenování klikni na „Zpráva“celý obsah logu sem zkopíruj.
Pokud je program blokován , zkus ho spustit několikrát. Pokud dále program nepůjde spustit a pracovat, přejmenuj ho na winlogon.exe.

Stáhni si TDSSKiller
Na svojí plochu.Ujisti se , že máš zavřeny všechny ostatní aplikace a prohlížeče. Rozbal soubor a spusť TDSSKiller.exe. Restartuj PC . Log z TDSSKilleru najdeš zde:
C:\TDSSKiller. 2.8.16.0_(datum)_log.txt , vlož sem prosím celý obsah logu.

[sawyer154]

AdwCleaner:

# AdwCleaner v2.303 - Log vytvooen 10/06/2013 v 12:06:35
# Aktualizováno 08/06/2013 Xplode
# Operaení systém : Microsoft Windows XP Service Pack 3 (32 bits)
# Uživatel : Jirka - JIRKA-263373285
# Spuštin systém : Normální
# Spuštino z : C:\Documents and Settings\Jirka\Plocha\adwcleaner.exe
# Volba [Vymazat]


***** [Služby] *****

Zastaveno & vymazáno : DefaultTabSearch
Zastaveno & vymazáno : DefaultTabUpdate

***** [Soubory / Složky] *****

Složka Vymazáno : C:\Documents and Settings\All Users\Data aplikací\ParetoLogic
Složka Vymazáno : C:\Documents and Settings\Jirka\Data aplikací\DefaultTab
Složka Vymazáno : C:\Documents and Settings\Jirka\Data aplikací\DriverCure
Složka Vymazáno : C:\Documents and Settings\Jirka\Data aplikací\ParetoLogic
Složka Vymazáno : C:\Documents and Settings\Jirka\Local Settings\Data aplikací\Conduit
Složka Vymazáno : C:\Documents and Settings\Jirka\Local Settings\Data aplikací\uTorrentControl_v2
Složka Vymazáno : C:\Program Files\Conduit
Složka Vymazáno : C:\Program Files\DefaultTab
Složka Vymazáno : C:\Program Files\OApps
Složka Vymazáno : C:\Program Files\uTorrentControl_v2

***** [Registry] *****

Hodnota Vymazáno : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{7473B6BD-4691-4744-A82B-7854EB3D70B6}]
Hodnota Vymazáno : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{7473B6BD-4691-4744-A82B-7854EB3D70B6}]
Hodnota Vymazáno : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{7473B6BD-4691-4744-A82B-7854EB3D70B6}]
Klíe Vymazáno : HKCU\Software\AppDataLow\Software\DefaultTab
Klíe Vymazáno : HKCU\Software\Conduit
Klíe Vymazáno : HKCU\Software\Default Tab
Klíe Vymazáno : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
Klíe Vymazáno : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Klíe Vymazáno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Klíe Vymazáno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Klíe Vymazáno : HKCU\Software\SmartBar
Klíe Vymazáno : HKCU\Software\uTorrentControl_v2
Klíe Vymazáno : HKCU\Toolbar
Klíe Vymazáno : HKLM\SOFTWARE\Classes\AppID\DefaultTabBHO.DLL
Klíe Vymazáno : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\CLSID\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowser
Klíe Vymazáno : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowser.1
Klíe Vymazáno : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowserActiveX
Klíe Vymazáno : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowserActiveX.1
Klíe Vymazáno : HKLM\Software\Conduit
Klíe Vymazáno : HKLM\Software\Default Tab
Klíe Vymazáno : HKLM\Software\DefaultTab
Klíe Vymazáno : HKLM\SOFTWARE\Google\Chrome\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc
Klíe Vymazáno : HKLM\Software\InstallIQ
Klíe Vymazáno : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3FE5BAFE-3C18-405F-94E1-BE01EC1C8710}
Klíe Vymazáno : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6E0C7373-6A0D-4A06-B16F-E7E967375D01}
Klíe Vymazáno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\uTorrentControl_v2 Toolbar
Klíe Vymazáno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Klíe Vymazáno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{537F4F0B-3542-4C7D-A3E5-CF121482696C}
Klíe Vymazáno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Klíe Vymazáno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DefaultTab
Klíe Vymazáno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\uTorrentControl_v2 Toolbar
Klíe Vymazáno : HKLM\Software\uTorrentControl_v2

***** [Internetové prohlížeee] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry jsou eisté.

-\\ Opera v12.15.1748.0

Soubor : C:\Documents and Settings\Jirka\Data aplikací\Opera\Opera\operaprefs.ini

[OK] Soubor je eistý.

*************************

AdwCleaner[R1].txt - [4567 octets] - [09/06/2013 21:38:57]
AdwCleaner[S1].txt - [4364 octets] - [10/06/2013 12:06:35]

########## EOF - C:\AdwCleaner[S1].txt - [4424 octets] ##########


Rogue Killer:

RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Podpora : http://www.geekstogo.com/forum/files/fi ... guekiller/
Webové stránky : http://tigzy.geekstogo.com/roguekiller.php
: http://tigzyrk.blogspot.com/

Operační systém : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Spuštěno v : Normální režim
Uživatel : Jirka [Práva správce]
Mód : Kontrola -- Datum : 06/10/2013 12:22:26
| ARK || FAK || MBR |

¤¤¤ Škodlivé procesy: : 0 ¤¤¤

¤¤¤ ¤¤¤ Záznamy Registrů: : 1 ¤¤¤
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> NALEZENO

¤¤¤ Zvláštní soubory / Složky: ¤¤¤

¤¤¤ Ovladač : [NAHRÁNO] ¤¤¤

¤¤¤ Soubor HOSTS: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 localhost


¤¤¤ Kontrola MBR: ¤¤¤

+++++ PhysicalDrive0: +++++
--- User ---
[MBR] a4d29d698e2569b087c19cd56e59bb20
[BSP] 0ec240855e8874371f8f80038040f1b9 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] COMPAQ (0x12) [VISIBLE] Offset (sectors): 2048 | Size: 10240 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 20980890 | Size: 142372 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: +++++
--- User ---
[MBR] c8091ba954fe0277f03a2f17fae3c9ad
[BSP] d9bc96732d53b135d9f0f2e2d91f9aaa : MBR Code unknown
Partition table:
0 - [ACTIVE] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 63 | Size: 30829 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Dokončeno : << RKreport[1]_S_06102013_02d1222.txt >>
RKreport[1]_S_06102013_02d1222.txt


TDSS:

12:26:16.0406 3068 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
12:26:16.0593 3068 ============================================================
12:26:16.0593 3068 Current date / time: 2013/06/10 12:26:16.0593
12:26:16.0593 3068 SystemInfo:
12:26:16.0593 3068
12:26:16.0593 3068 OS Version: 5.1.2600 ServicePack: 3.0
12:26:16.0593 3068 Product type: Workstation
12:26:16.0593 3068 ComputerName: JIRKA-263373285
12:26:16.0593 3068 UserName: Jirka
12:26:16.0593 3068 Windows directory: C:\WINDOWS
12:26:16.0593 3068 System windows directory: C:\WINDOWS
12:26:16.0593 3068 Processor architecture: Intel x86
12:26:16.0593 3068 Number of processors: 2
12:26:16.0593 3068 Page size: 0x1000
12:26:16.0593 3068 Boot type: Normal boot
12:26:16.0593 3068 ============================================================
12:26:17.0250 3068 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
12:26:17.0250 3068 Drive \Device\Harddisk1\DR3 - Size: 0x786D14000 (30.11 Gb), SectorSize: 0x200, Cylinders: 0xF5A, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
12:26:17.0250 3068 ============================================================
12:26:17.0250 3068 \Device\Harddisk0\DR0:
12:26:17.0250 3068 MBR partitions:
12:26:17.0250 3068 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x140249A, BlocksNum 0x11612766
12:26:17.0250 3068 \Device\Harddisk1\DR3:
12:26:17.0250 3068 MBR partitions:
12:26:17.0250 3068 \Device\Harddisk1\DR3\Partition1: MBR, Type 0xC, StartLBA 0x3F, BlocksNum 0x3C36861
12:26:17.0250 3068 ============================================================
12:26:17.0343 3068 C: <-> \Device\Harddisk0\DR0\Partition1
12:26:17.0343 3068 ============================================================
12:26:17.0343 3068 Initialize success
12:26:17.0343 3068 ============================================================
12:26:29.0343 2648 ============================================================
12:26:29.0343 2648 Scan started
12:26:29.0343 2648 Mode: Manual;
12:26:29.0343 2648 ============================================================
12:26:29.0500 2648 ================ Scan system memory ========================
12:26:29.0500 2648 System memory - ok
12:26:29.0515 2648 ================ Scan services =============================
12:26:29.0687 2648 Abiosdsk - ok
12:26:29.0687 2648 abp480n5 - ok
12:26:29.0750 2648 [ 4FE34F1F3126B61FCC6B2043AA8112C9 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
12:26:29.0750 2648 ACPI - ok
12:26:29.0796 2648 [ AFDFF022A01F0B11C776F0860C3B282F ] ACPIEC C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
12:26:29.0796 2648 ACPIEC - ok
12:26:29.0796 2648 adpu160m - ok
12:26:29.0875 2648 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
12:26:29.0875 2648 aec - ok
12:26:29.0937 2648 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
12:26:29.0953 2648 AFD - ok
12:26:29.0953 2648 Aha154x - ok
12:26:29.0968 2648 aic78u2 - ok
12:26:29.0968 2648 aic78xx - ok
12:26:30.0000 2648 [ E0A6FA244B8624D78FE5FF6F56A33BAE ] Alerter C:\WINDOWS\system32\alrsvc.dll
12:26:30.0000 2648 Alerter - ok
12:26:30.0031 2648 [ 88842DE939A827577BF24243699AC80A ] ALG C:\WINDOWS\System32\alg.exe
12:26:30.0031 2648 ALG - ok
12:26:30.0046 2648 AliIde - ok
12:26:30.0140 2648 [ 267FC636801EDC5AB28E14036349E3BE ] Ambfilt C:\WINDOWS\system32\drivers\Ambfilt.sys
12:26:30.0171 2648 Ambfilt - ok
12:26:30.0187 2648 amsint - ok
12:26:30.0203 2648 AppMgmt - ok
12:26:30.0328 2648 [ BEDBE05A8D40AFDB7A3410A1E9D3BFA9 ] AR5416 C:\WINDOWS\system32\DRIVERS\athw.sys
12:26:30.0359 2648 AR5416 - ok
12:26:30.0375 2648 asc - ok
12:26:30.0390 2648 asc3350p - ok
12:26:30.0406 2648 asc3550 - ok
12:26:30.0578 2648 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
12:26:30.0609 2648 aspnet_state - ok
12:26:30.0671 2648 [ 4AF5F360BA1E8794D32B366E45A64A0A ] aswFsBlk C:\WINDOWS\system32\drivers\aswFsBlk.sys
12:26:30.0671 2648 aswFsBlk - ok
12:26:30.0718 2648 [ 1F7094D4268D46F718C51286DC189791 ] aswMonFlt C:\WINDOWS\system32\drivers\aswMonFlt.sys
12:26:30.0718 2648 aswMonFlt - ok
12:26:30.0765 2648 [ 7B43265F92257A21CBFD88E7A651044C ] AswRdr C:\WINDOWS\system32\drivers\AswRdr.sys
12:26:30.0781 2648 AswRdr - ok
12:26:30.0796 2648 [ B680134BA1813B78B47FDD1DFF223CA5 ] aswRvrt C:\WINDOWS\system32\drivers\aswRvrt.sys
12:26:30.0796 2648 aswRvrt - ok
12:26:30.0875 2648 [ 6CAB0A5991C5C0FC63F5E66593E71D7E ] aswSnx C:\WINDOWS\system32\drivers\aswSnx.sys
12:26:30.0890 2648 aswSnx - ok
12:26:30.0921 2648 [ 99102F60F344BEBAF4F6114514FD28D3 ] aswSP C:\WINDOWS\system32\drivers\aswSP.sys
12:26:30.0937 2648 aswSP - ok
12:26:30.0968 2648 [ 1F71F170D90E42EFDE9633D81D5E12DC ] aswTdi C:\WINDOWS\system32\drivers\aswTdi.sys
12:26:30.0968 2648 aswTdi - ok
12:26:30.0984 2648 [ 16B8E3CD50A460EC32CA680C8210A0A9 ] aswVmm C:\WINDOWS\system32\drivers\aswVmm.sys
12:26:30.0984 2648 aswVmm - ok
12:26:31.0046 2648 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
12:26:31.0046 2648 AsyncMac - ok
12:26:31.0078 2648 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
12:26:31.0078 2648 atapi - ok
12:26:31.0093 2648 Atdisk - ok
12:26:31.0109 2648 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
12:26:31.0109 2648 Atmarpc - ok
12:26:31.0156 2648 [ DE31B88962A8645DBA5A37B993E7B0F1 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
12:26:31.0171 2648 AudioSrv - ok
12:26:31.0218 2648 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
12:26:31.0234 2648 audstub - ok
12:26:31.0359 2648 [ 28D6701C710AD7BA3CB95E75F8F1A9AA ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
12:26:31.0359 2648 avast! Antivirus - ok
12:26:31.0421 2648 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
12:26:31.0421 2648 Beep - ok
12:26:31.0484 2648 [ 19395D092FD85DDC2D9C7729CF5A2AC8 ] BITS C:\WINDOWS\system32\qmgr.dll
12:26:31.0546 2648 BITS - ok
12:26:31.0593 2648 [ 89E739BBA5F636297EA5B5F811189E06 ] Browser C:\WINDOWS\System32\browser.dll
12:26:31.0609 2648 Browser - ok
12:26:31.0656 2648 [ B279426E3C0C344893ED78A613A73BDE ] BthEnum C:\WINDOWS\system32\DRIVERS\BthEnum.sys
12:26:31.0671 2648 BthEnum - ok
12:26:31.0703 2648 [ 80602B8746D3738F5886CE3D67EF06B6 ] BthPan C:\WINDOWS\system32\DRIVERS\bthpan.sys
12:26:31.0703 2648 BthPan - ok
12:26:31.0765 2648 [ F338662A6C1FC11DD9508F6DFF2C06A2 ] BTHPORT C:\WINDOWS\system32\Drivers\BTHport.sys
12:26:31.0781 2648 BTHPORT - ok
12:26:31.0843 2648 [ 70CA4B3F634C9DCA200832F8DA76E009 ] BthServ C:\WINDOWS\System32\bthserv.dll
12:26:31.0843 2648 BthServ - ok
12:26:31.0906 2648 [ 61364CD71EF63B0F038B7E9DF00F1EFA ] BTHUSB C:\WINDOWS\system32\Drivers\BTHUSB.sys
12:26:31.0906 2648 BTHUSB - ok
12:26:31.0953 2648 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
12:26:31.0953 2648 cbidf2k - ok
12:26:32.0000 2648 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
12:26:32.0000 2648 CCDECODE - ok
12:26:32.0015 2648 cd20xrnt - ok
12:26:32.0062 2648 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
12:26:32.0062 2648 Cdaudio - ok
12:26:32.0125 2648 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
12:26:32.0125 2648 Cdfs - ok
12:26:32.0187 2648 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
12:26:32.0203 2648 Cdrom - ok
12:26:32.0203 2648 Changer - ok
12:26:32.0250 2648 [ E390DC1D7C461D7D56EC53402F329928 ] CiSvc C:\WINDOWS\system32\cisvc.exe
12:26:32.0265 2648 CiSvc - ok
12:26:32.0296 2648 [ 064507A8DFA8C5C7E2FFDDD3E6F424FA ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
12:26:32.0296 2648 ClipSrv - ok
12:26:32.0359 2648 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
12:26:32.0390 2648 clr_optimization_v4.0.30319_32 - ok
12:26:32.0421 2648 [ 0F6C187D38D98F8DF904589A5F94D411 ] CmBatt C:\WINDOWS\system32\DRIVERS\CmBatt.sys
12:26:32.0437 2648 CmBatt - ok
12:26:32.0437 2648 CmdIde - ok
12:26:32.0468 2648 [ 6E4C9F21F0FAE8940661144F41B13203 ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys
12:26:32.0468 2648 Compbatt - ok
12:26:32.0484 2648 COMSysApp - ok
12:26:32.0515 2648 Cpqarray - ok
12:26:32.0515 2648 cpudrv - ok
12:26:32.0593 2648 [ F3AB0933CBD166D271992F411C27CCAF ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
12:26:32.0593 2648 CryptSvc - ok
12:26:32.0609 2648 dac2w2k - ok
12:26:32.0625 2648 dac960nt - ok
12:26:32.0687 2648 [ BE27674D1CBC3214AEC84B4336A38BBF ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
12:26:32.0734 2648 DcomLaunch - ok
12:26:32.0765 2648 [ 8C9A53E285AC5E6704844D0459EC85BE ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
12:26:32.0781 2648 Dhcp - ok
12:26:32.0812 2648 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
12:26:32.0812 2648 Disk - ok
12:26:32.0828 2648 dmadmin - ok
12:26:32.0890 2648 [ DB5FD2BF5B07DC54BFCB3664FF05BD7C ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
12:26:32.0906 2648 dmboot - ok
12:26:32.0937 2648 [ FFF1720AF51171F32F1EAD5CF71F2810 ] dmio C:\WINDOWS\system32\drivers\dmio.sys
12:26:32.0937 2648 dmio - ok
12:26:32.0968 2648 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
12:26:32.0984 2648 dmload - ok
12:26:33.0015 2648 [ 2BFEFE9E865655A76982F050450B9591 ] dmserver C:\WINDOWS\System32\dmserver.dll
12:26:33.0031 2648 dmserver - ok
12:26:33.0062 2648 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
12:26:33.0078 2648 DMusic - ok
12:26:33.0125 2648 [ DFAA406BF19F4EE806A6F8D4342137F7 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
12:26:33.0140 2648 Dnscache - ok
12:26:33.0171 2648 [ 4A3E2BD20157A0946751229E92EB8621 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
12:26:33.0187 2648 Dot3svc - ok
12:26:33.0203 2648 dpti2o - ok
12:26:33.0218 2648 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
12:26:33.0234 2648 drmkaud - ok
12:26:33.0281 2648 [ 687AF6BB383885FF6A64071B189A7F3E ] dtsoftbus01 C:\WINDOWS\system32\DRIVERS\dtsoftbus01.sys
12:26:33.0296 2648 dtsoftbus01 - ok
12:26:33.0296 2648 EagleXNt - ok
12:26:33.0328 2648 [ 0887D9C2BE8D940778CAD1E3B85F2A41 ] EapHost C:\WINDOWS\System32\eapsvc.dll
12:26:33.0343 2648 EapHost - ok
12:26:33.0390 2648 [ A2A4912798F2BE706ABADD3D30800D16 ] ERSvc C:\WINDOWS\System32\ersvc.dll
12:26:33.0406 2648 ERSvc - ok
12:26:33.0468 2648 [ 9EF697AF07BB8DD82C3B02CA953A95B7 ] Eventlog C:\WINDOWS\system32\services.exe
12:26:33.0500 2648 Eventlog - ok
12:26:33.0562 2648 [ A371F11EF07653591C8DE26AFB13CE7F ] EventSystem C:\WINDOWS\system32\es.dll
12:26:33.0578 2648 EventSystem - ok
12:26:33.0656 2648 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
12:26:33.0656 2648 Fastfat - ok
12:26:33.0718 2648 [ EE9A2B9EA968A792A053C9D1A86BF870 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
12:26:33.0765 2648 FastUserSwitchingCompatibility - ok
12:26:33.0796 2648 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys
12:26:33.0812 2648 Fdc - ok
12:26:33.0859 2648 [ AC366695A0796560AA37215AD5762AAF ] Fips C:\WINDOWS\system32\drivers\Fips.sys
12:26:33.0859 2648 Fips - ok
12:26:33.0875 2648 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
12:26:33.0875 2648 Flpydisk - ok
12:26:33.0921 2648 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\DRIVERS\fltMgr.sys
12:26:33.0937 2648 FltMgr - ok
12:26:33.0937 2648 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
12:26:33.0953 2648 Fs_Rec - ok
12:26:33.0984 2648 [ 4E664D8541DB4A66B73A24257E322E1F ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
12:26:33.0984 2648 Ftdisk - ok
12:26:34.0031 2648 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
12:26:34.0031 2648 Gpc - ok
12:26:34.0093 2648 [ 833051C6C6C42117191935F734CFBD97 ] hamachi C:\WINDOWS\system32\DRIVERS\hamachi.sys
12:26:34.0093 2648 hamachi - ok
12:26:34.0156 2648 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
12:26:34.0156 2648 HDAudBus - ok
12:26:34.0265 2648 [ FCFE31FB75F8A6295B6B0AF87A626282 ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
12:26:34.0265 2648 helpsvc - ok
12:26:34.0296 2648 [ 00E25EE90166B3E1BE6E74AEBF858306 ] HidServ C:\WINDOWS\System32\hidserv.dll
12:26:34.0312 2648 HidServ - ok
12:26:34.0359 2648 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
12:26:34.0359 2648 HidUsb - ok
12:26:34.0406 2648 [ 7A6B320928F86BC851530D63C82965D9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
12:26:34.0421 2648 hkmsvc - ok
12:26:34.0437 2648 hpn - ok
12:26:34.0500 2648 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
12:26:34.0500 2648 HTTP - ok
12:26:34.0562 2648 [ 58FE2F2DA3BC5573F4A35B3760D3125F ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
12:26:34.0593 2648 HTTPFilter - ok
12:26:34.0609 2648 i2omgmt - ok
12:26:34.0625 2648 i2omp - ok
12:26:34.0671 2648 [ C528E27945367191E7BAE364930B6932 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
12:26:34.0671 2648 i8042prt - ok
12:26:34.0984 2648 [ 48846B31BE5A4FA662CCFDE7A1BA86B9 ] ialm C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
12:26:35.0078 2648 ialm - ok
12:26:35.0187 2648 [ ABFEBC5F846C71AFEBD7F8F6BA740C03 ] iastor C:\WINDOWS\system32\DRIVERS\iaStor.sys
12:26:35.0187 2648 iastor - ok
12:26:35.0250 2648 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
12:26:35.0250 2648 Imapi - ok
12:26:35.0312 2648 [ F7B93AAFAD33B2320954C17E26C8D361 ] ImapiService C:\WINDOWS\system32\imapi.exe
12:26:35.0328 2648 ImapiService - ok
12:26:35.0343 2648 ini910u - ok
12:26:35.0609 2648 [ 0503EB6F3359E1C6E4C46FEF376405EF ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
12:26:35.0687 2648 IntcAzAudAddService - ok
12:26:35.0703 2648 IntelIde - ok
12:26:35.0734 2648 [ 27B290D632AF2CF3CF40BFDDB7370985 ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
12:26:35.0750 2648 intelppm - ok
12:26:35.0765 2648 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
12:26:35.0765 2648 Ip6Fw - ok
12:26:35.0812 2648 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
12:26:35.0812 2648 IpFilterDriver - ok
12:26:35.0828 2648 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
12:26:35.0828 2648 IpInIp - ok
12:26:35.0843 2648 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
12:26:35.0843 2648 IpNat - ok
12:26:35.0859 2648 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
12:26:35.0859 2648 IPSec - ok
12:26:35.0906 2648 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
12:26:35.0906 2648 IRENUM - ok
12:26:35.0968 2648 [ CC9F8A2D60AED1A51A3AC34C59B987AE ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
12:26:35.0968 2648 isapnp - ok
12:26:36.0062 2648 [ B591E761161D1EF547D76EF236EAA6A5 ] JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe
12:26:36.0078 2648 JavaQuickStarterService - ok
12:26:36.0125 2648 [ 1B6162FE7F66B1A71A4B70F941C4AA9B ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
12:26:36.0125 2648 Kbdclass - ok
12:26:36.0187 2648 [ 86C8F23616C6C6E5B2776901C17B945B ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
12:26:36.0187 2648 kbdhid - ok
12:26:36.0250 2648 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
12:26:36.0250 2648 kmixer - ok
12:26:36.0281 2648 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
12:26:36.0281 2648 KSecDD - ok
12:26:36.0328 2648 [ 080CF8720A306A64F7A09D1226491791 ] L1e C:\WINDOWS\system32\DRIVERS\l1e51x86.sys
12:26:36.0328 2648 L1e - ok
12:26:36.0375 2648 [ 3428E8F86F8ADD36B42FB23542C7B3E4 ] LanmanServer C:\WINDOWS\System32\srvsvc.dll
12:26:36.0406 2648 LanmanServer - ok
12:26:36.0437 2648 [ 936C1D110232D23B621CB0196E4F80F0 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
12:26:36.0453 2648 lanmanworkstation - ok
12:26:36.0453 2648 lbrtfdc - ok
12:26:36.0500 2648 [ 0AB159F536E3E8F7F07113702A07CCA5 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
12:26:36.0515 2648 LmHosts - ok
12:26:36.0531 2648 [ 221CD1C815B8A6B79389C3F5D1018DE8 ] Messenger C:\WINDOWS\System32\msgsvc.dll
12:26:36.0546 2648 Messenger - ok
12:26:36.0578 2648 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
12:26:36.0578 2648 mnmdd - ok
12:26:36.0640 2648 [ 9A57D046F88F4B69751B11FD40088A61 ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
12:26:36.0656 2648 mnmsrvc - ok
12:26:36.0687 2648 [ 44032B0C6D9954D3FD26438330B99EE7 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
12:26:36.0703 2648 Modem - ok
12:26:36.0765 2648 [ C7D9F9717916B34C1B00DD4834AF485C ] Monfilt C:\WINDOWS\system32\drivers\Monfilt.sys
12:26:36.0781 2648 Monfilt - ok
12:26:36.0843 2648 [ 4CB582831DBDE63CE43B45D771218374 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
12:26:36.0843 2648 Mouclass - ok
12:26:36.0906 2648 [ BB269EBA740737AB749B214D568B6812 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
12:26:36.0906 2648 mouhid - ok
12:26:36.0968 2648 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
12:26:36.0968 2648 MountMgr - ok
12:26:36.0968 2648 mraid35x - ok
12:26:37.0000 2648 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
12:26:37.0015 2648 MRxDAV - ok
12:26:37.0046 2648 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
12:26:37.0046 2648 MRxSmb - ok
12:26:37.0109 2648 [ 6DB4D1521CABA9A5FFAB54ADE0AE867D ] MSDTC C:\WINDOWS\system32\msdtc.exe
12:26:37.0125 2648 MSDTC - ok
12:26:37.0187 2648 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
12:26:37.0187 2648 Msfs - ok
12:26:37.0203 2648 MSIServer - ok
12:26:37.0234 2648 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
12:26:37.0234 2648 MSKSSRV - ok
12:26:37.0250 2648 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
12:26:37.0250 2648 MSPCLOCK - ok
12:26:37.0296 2648 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
12:26:37.0296 2648 MSPQM - ok
12:26:37.0343 2648 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
12:26:37.0343 2648 mssmbios - ok
12:26:37.0359 2648 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
12:26:37.0359 2648 MSTEE - ok
12:26:37.0390 2648 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
12:26:37.0406 2648 Mup - ok
12:26:37.0421 2648 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
12:26:37.0421 2648 NABTSFEC - ok
12:26:37.0468 2648 [ 6EA362E9DB03D44F6B996F4D8BE237E9 ] napagent C:\WINDOWS\System32\qagentrt.dll
12:26:37.0484 2648 napagent - ok
12:26:37.0531 2648 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
12:26:37.0531 2648 NDIS - ok
12:26:37.0546 2648 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
12:26:37.0546 2648 NdisIP - ok
12:26:37.0609 2648 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
12:26:37.0609 2648 NdisTapi - ok
12:26:37.0656 2648 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
12:26:37.0656 2648 Ndisuio - ok
12:26:37.0671 2648 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
12:26:37.0671 2648 NdisWan - ok
12:26:37.0750 2648 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
12:26:37.0750 2648 NDProxy - ok
12:26:37.0750 2648 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
12:26:37.0765 2648 NetBIOS - ok
12:26:37.0796 2648 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
12:26:37.0812 2648 NetBT - ok
12:26:37.0875 2648 [ 933DE774986EC85E48210C44AB431DE6 ] NetDDE C:\WINDOWS\system32\netdde.exe
12:26:37.0875 2648 NetDDE - ok
12:26:37.0890 2648 [ 933DE774986EC85E48210C44AB431DE6 ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
12:26:37.0906 2648 NetDDEdsdm - ok
12:26:37.0968 2648 [ ED0A176354487CEED65B80A7148AB739 ] Netlogon C:\WINDOWS\system32\lsass.exe
12:26:37.0968 2648 Netlogon - ok
12:26:38.0000 2648 [ 72E1E9E2977BE08BDEEDB6D8FD9D4D40 ] Netman C:\WINDOWS\System32\netman.dll
12:26:38.0015 2648 Netman - ok
12:26:38.0046 2648 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
12:26:38.0078 2648 NetTcpPortSharing - ok
12:26:38.0109 2648 [ 39EE7C3BFBC64BA87CC8CF67386E814C ] Nla C:\WINDOWS\System32\mswsock.dll
12:26:38.0125 2648 Nla - ok
12:26:38.0140 2648 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
12:26:38.0140 2648 Npfs - ok
12:26:38.0218 2648 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
12:26:38.0234 2648 Ntfs - ok
12:26:38.0234 2648 [ ED0A176354487CEED65B80A7148AB739 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
12:26:38.0250 2648 NtLmSsp - ok
12:26:38.0296 2648 [ 023DD70573D644F3D9C8B1258A7BFD08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
12:26:38.0328 2648 NtmsSvc - ok
12:26:38.0343 2648 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
12:26:38.0343 2648 Null - ok
12:26:38.0390 2648 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
12:26:38.0406 2648 NwlnkFlt - ok
12:26:38.0406 2648 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
12:26:38.0406 2648 NwlnkFwd - ok
12:26:38.0453 2648 [ 46F8DB73B4A53E543F8E371DC7C75BAE ] Parport C:\WINDOWS\system32\drivers\Parport.sys
12:26:38.0453 2648 Parport - ok
12:26:38.0500 2648 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
12:26:38.0500 2648 PartMgr - ok
12:26:38.0546 2648 [ 1FAE19D0457176318BBA4A8795656EBC ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
12:26:38.0546 2648 ParVdm - ok
12:26:38.0578 2648 [ 6CE351D149CB4BEFC702951E471E1730 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
12:26:38.0578 2648 PCI - ok
12:26:38.0578 2648 PCIDump - ok
12:26:38.0593 2648 [ 2DA4EC85E0EA7A45C6B2A05820492D5A ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
12:26:38.0593 2648 PCIIde - ok
12:26:38.0625 2648 [ 4FC31E6C19A5CE5198B1ABFF94CAE758 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
12:26:38.0625 2648 Pcmcia - ok
12:26:38.0640 2648 PDCOMP - ok
12:26:38.0640 2648 PDFRAME - ok
12:26:38.0656 2648 PDRELI - ok
12:26:38.0671 2648 PDRFRAME - ok
12:26:38.0671 2648 perc2 - ok
12:26:38.0687 2648 perc2hib - ok
12:26:38.0750 2648 [ 9EF697AF07BB8DD82C3B02CA953A95B7 ] PlugPlay C:\WINDOWS\system32\services.exe
12:26:38.0765 2648 PlugPlay - ok
12:26:38.0765 2648 [ ED0A176354487CEED65B80A7148AB739 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
12:26:38.0781 2648 PolicyAgent - ok
12:26:38.0796 2648 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
12:26:38.0796 2648 PptpMiniport - ok
12:26:38.0859 2648 [ 18D9789A4664BF417EEA944D2776091A ] prodrv06 C:\WINDOWS\System32\drivers\prodrv06.sys
12:26:38.0875 2648 prodrv06 - ok
12:26:38.0890 2648 [ 8CC9671A7ED2902E747EE0892E1C8575 ] prohlp02 C:\WINDOWS\system32\drivers\prohlp02.sys
12:26:38.0890 2648 prohlp02 - ok
12:26:38.0921 2648 [ 960BCE3ED38761B446AABAC06C76BADF ] prosync1 C:\WINDOWS\system32\drivers\prosync1.sys
12:26:38.0921 2648 prosync1 - ok
12:26:38.0937 2648 [ ED0A176354487CEED65B80A7148AB739 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
12:26:38.0953 2648 ProtectedStorage - ok
12:26:38.0953 2648 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
12:26:38.0953 2648 PSched - ok
12:26:38.0968 2648 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
12:26:38.0968 2648 Ptilink - ok
12:26:38.0984 2648 ql1080 - ok
12:26:38.0984 2648 Ql10wnt - ok
12:26:39.0000 2648 ql12160 - ok
12:26:39.0015 2648 ql1240 - ok
12:26:39.0015 2648 ql1280 - ok
12:26:39.0046 2648 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
12:26:39.0046 2648 RasAcd - ok
12:26:39.0093 2648 [ 2B5E44EA009F2F374B980E1E9A70635D ] RasAuto C:\WINDOWS\System32\rasauto.dll
12:26:39.0109 2648 RasAuto - ok
12:26:39.0156 2648 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
12:26:39.0156 2648 Rasl2tp - ok
12:26:39.0187 2648 [ D57554C664B64604BD1EE13EA2C07E77 ] RasMan C:\WINDOWS\System32\rasmans.dll
12:26:39.0203 2648 RasMan - ok
12:26:39.0218 2648 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
12:26:39.0218 2648 RasPppoe - ok
12:26:39.0234 2648 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
12:26:39.0234 2648 Raspti - ok
12:26:39.0265 2648 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
12:26:39.0281 2648 Rdbss - ok
12:26:39.0281 2648 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
12:26:39.0281 2648 RDPCDD - ok
12:26:39.0343 2648 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
12:26:39.0343 2648 RDPWD - ok
12:26:39.0406 2648 [ C0D9D9711CB74EE9BC66353D8CBDAB0E ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
12:26:39.0421 2648 RDSessMgr - ok
12:26:39.0468 2648 [ 611BFD220305BE3A85AE876EA47D4AA5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
12:26:39.0468 2648 redbook - ok
12:26:39.0515 2648 [ 127C26B5371651043450E52542099ABA ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
12:26:39.0531 2648 RemoteAccess - ok
12:26:39.0562 2648 [ 851C30DF2807FCFA21E4C681A7D6440E ] RFCOMM C:\WINDOWS\system32\DRIVERS\rfcomm.sys
12:26:39.0578 2648 RFCOMM - ok
12:26:39.0578 2648 [ 718B3BDC0BC3C2F7D065A53D26202AF9 ] RpcLocator C:\WINDOWS\system32\locator.exe
12:26:39.0593 2648 RpcLocator - ok
12:26:39.0640 2648 [ BE27674D1CBC3214AEC84B4336A38BBF ] RpcSs C:\WINDOWS\system32\rpcss.dll
12:26:39.0656 2648 RpcSs - ok
12:26:39.0703 2648 [ 7FFA9821B1C5E0E0667E0A2685CFB89F ] RSUSBSTOR C:\WINDOWS\system32\Drivers\RtsUStor.sys
12:26:39.0718 2648 RSUSBSTOR - ok
12:26:39.0765 2648 [ 09AB2E71E58B078038E3BFDBA7FFC984 ] RSVP C:\WINDOWS\system32\rsvp.exe
12:26:39.0781 2648 RSVP - ok
12:26:39.0796 2648 Rts516xIR - ok
12:26:39.0828 2648 [ ED0A176354487CEED65B80A7148AB739 ] SamSs C:\WINDOWS\system32\lsass.exe
12:26:39.0843 2648 SamSs - ok
12:26:39.0890 2648 [ 410046E401EB11E1E6749E9DEEA41D4A ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
12:26:39.0906 2648 SCardSvr - ok
12:26:39.0968 2648 [ 3FF232A7731621B8902D81D42418C93C ] Schedule C:\WINDOWS\system32\schedsvc.dll
12:26:39.0984 2648 Schedule - ok
12:26:40.0000 2648 [ 8D04819A3CE51B9EB47E5689B44D43C4 ] sdbus C:\WINDOWS\system32\DRIVERS\sdbus.sys
12:26:40.0015 2648 sdbus - ok
12:26:40.0031 2648 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
12:26:40.0031 2648 Secdrv - ok
12:26:40.0062 2648 [ 477E2C3CC5E4A0D635BCB0EA8DCAC3C6 ] seclogon C:\WINDOWS\System32\seclogon.dll
12:26:40.0078 2648 seclogon - ok
12:26:40.0093 2648 [ A530B75C10C23C9AB28FDB6CE719E21F ] SENS C:\WINDOWS\system32\sens.dll
12:26:40.0109 2648 SENS - ok
12:26:40.0140 2648 [ B842729337C9B921615C40D3C1A1AF96 ] Serial C:\WINDOWS\system32\drivers\Serial.sys
12:26:40.0156 2648 Serial - ok
12:26:40.0218 2648 [ 4C0D673281178CB496011A2E28571FC8 ] sfdrv01 C:\WINDOWS\system32\drivers\sfdrv01.sys
12:26:40.0218 2648 sfdrv01 - ok
12:26:40.0250 2648 [ 0FA803C64DF0914B41F807EA276BF2A6 ] sffdisk C:\WINDOWS\system32\DRIVERS\sffdisk.sys
12:26:40.0250 2648 sffdisk - ok
12:26:40.0265 2648 [ C17C331E435ED8737525C86A7557B3AC ] sffp_sd C:\WINDOWS\system32\DRIVERS\sffp_sd.sys
12:26:40.0265 2648 sffp_sd - ok
12:26:40.0281 2648 [ 462AEE0EA0481EA8BD45CAC876A4CCC4 ] sfhlp01 C:\WINDOWS\system32\drivers\sfhlp01.sys
12:26:40.0281 2648 sfhlp01 - ok
12:26:40.0296 2648 [ 15BE2B5E4DC5B8623CF167720682ABC9 ] sfhlp02 C:\WINDOWS\system32\drivers\sfhlp02.sys
12:26:40.0296 2648 sfhlp02 - ok
12:26:40.0328 2648 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
12:26:40.0343 2648 Sfloppy - ok
12:26:40.0375 2648 [ EFEBBC1D13FDB77A6AF4EDDFC7232EDF ] sfsync02 C:\WINDOWS\system32\drivers\sfsync02.sys
12:26:40.0375 2648 sfsync02 - ok
12:26:40.0390 2648 [ 05E3038180CD846B0BCA0E915163606A ] sfsync04 C:\WINDOWS\system32\drivers\sfsync04.sys
12:26:40.0390 2648 sfsync04 - ok
12:26:40.0421 2648 [ F58FACA9621D2DB01BD0927D9A0A208E ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
12:26:40.0437 2648 SharedAccess - ok
12:26:40.0453 2648 [ EE9A2B9EA968A792A053C9D1A86BF870 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
12:26:40.0468 2648 ShellHWDetection - ok
12:26:40.0484 2648 Simbad - ok
12:26:40.0546 2648 [ 7C15061CD0372487903B07B9BB03AFAD ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
12:26:40.0562 2648 SkypeUpdate - ok
12:26:40.0593 2648 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
12:26:40.0609 2648 SLIP - ok
12:26:40.0609 2648 Sparrow - ok
12:26:40.0671 2648 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
12:26:40.0671 2648 splitter - ok
12:26:40.0734 2648 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
12:26:40.0750 2648 Spooler - ok
12:26:40.0812 2648 [ 94610C8653635E4459316A0050D55CE7 ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
12:26:40.0828 2648 sr - ok
12:26:40.0859 2648 [ 35B91147124F64AC8081A2EDB9EA4DEE ] srservice C:\WINDOWS\system32\srsvc.dll
12:26:40.0875 2648 srservice - ok
12:26:40.0906 2648 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
12:26:40.0906 2648 Srv - ok
12:26:40.0953 2648 [ BECD5271DC4E3B7C3D035F790FCBC1E5 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
12:26:40.0968 2648 SSDPSRV - ok
12:26:41.0000 2648 [ C1CDD9275F6A115BB0AE1D55D8D27BA6 ] stisvc C:\WINDOWS\system32\wiaservc.dll
12:26:41.0031 2648 stisvc - ok
12:26:41.0062 2648 [ 77813007BA6265C4B6098187E6ED79D2 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
12:26:41.0062 2648 streamip - ok
12:26:41.0093 2648 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
12:26:41.0093 2648 swenum - ok
12:26:41.0109 2648 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
12:26:41.0125 2648 swmidi - ok
12:26:41.0125 2648 SwPrv - ok
12:26:41.0140 2648 symc810 - ok
12:26:41.0140 2648 symc8xx - ok
12:26:41.0156 2648 sym_hi - ok
12:26:41.0171 2648 sym_u3 - ok
12:26:41.0234 2648 [ 60CD166AE4261920B4008A1A114AE97C ] SynTP C:\WINDOWS\system32\DRIVERS\SynTP.sys
12:26:41.0234 2648 SynTP - ok
12:26:41.0296 2648 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
12:26:41.0296 2648 sysaudio - ok
12:26:41.0359 2648 [ CE06F01B88ACE199A1BF460CAC29C110 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
12:26:41.0359 2648 SysmonLog - ok
12:26:41.0406 2648 [ C2546CD7A398476F9DF5614B2AE160E8 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
12:26:41.0421 2648 TapiSrv - ok
12:26:41.0468 2648 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
12:26:41.0484 2648 Tcpip - ok
12:26:41.0515 2648 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
12:26:41.0531 2648 TDPIPE - ok
12:26:41.0531 2648 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
12:26:41.0531 2648 TDTCP - ok
12:26:41.0562 2648 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
12:26:41.0578 2648 TermDD - ok
12:26:41.0609 2648 [ A75DD6FC3DBEE4FFF5EBC9F2C28BB66E ] TermService C:\WINDOWS\System32\termsrv.dll
12:26:41.0625 2648 TermService - ok
12:26:41.0656 2648 [ EE9A2B9EA968A792A053C9D1A86BF870 ] Themes C:\WINDOWS\System32\shsvcs.dll
12:26:41.0671 2648 Themes - ok
12:26:41.0671 2648 TosIde - ok
12:26:41.0703 2648 [ 38853304CCB938D30E0C4CDE8D2C2A8A ] TrkWks C:\WINDOWS\system32\trkwks.dll
12:26:41.0718 2648 TrkWks - ok
12:26:41.0875 2648 [ D179DD8F0C475B0FC609EE01FB3F5F50 ] TuneUp.UtilitiesSvc C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe
12:26:41.0890 2648 TuneUp.UtilitiesSvc - ok
12:26:41.0937 2648 [ 94C4CD2D19B8C4137A46261F229FEC24 ] TuneUpUtilitiesDrv C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesDriver32.sys
12:26:41.0937 2648 TuneUpUtilitiesDrv - ok
12:26:42.0000 2648 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
12:26:42.0000 2648 Udfs - ok
12:26:42.0015 2648 ultra - ok
12:26:42.0078 2648 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
12:26:42.0093 2648 Update - ok
12:26:42.0140 2648 [ 651BD90DCEE5B7BDC74A2EB7C9266F9E ] upnphost C:\WINDOWS\System32\upnphost.dll
12:26:42.0156 2648 upnphost - ok
12:26:42.0187 2648 [ 20A0F6A11959E92908717D09E87D670D ] UPS C:\WINDOWS\System32\ups.exe
12:26:42.0203 2648 UPS - ok
12:26:42.0265 2648 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
12:26:42.0265 2648 usbccgp - ok
12:26:42.0281 2648 USBCCID - ok
12:26:42.0328 2648 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
12:26:42.0328 2648 usbehci - ok
12:26:42.0343 2648 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
12:26:42.0359 2648 usbhub - ok
12:26:42.0390 2648 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
12:26:42.0406 2648 usbscan - ok
12:26:42.0406 2648 [ A32426D9B14A089EAA1D922E0C5801A9 ] usbstor C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
12:26:42.0406 2648 usbstor - ok
12:26:42.0437 2648 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
12:26:42.0453 2648 usbuhci - ok
12:26:42.0484 2648 [ 63BBFCA7F390F4C49ED4B96BFB1633E0 ] usbvideo C:\WINDOWS\system32\Drivers\usbvideo.sys
12:26:42.0484 2648 usbvideo - ok
12:26:42.0515 2648 [ 08D6390A4150577C1FA0330B98485AB5 ] UxTuneUp C:\WINDOWS\System32\uxtuneup.dll
12:26:42.0531 2648 UxTuneUp - ok
12:26:42.0578 2648 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
12:26:42.0578 2648 VgaSave - ok
12:26:42.0578 2648 ViaIde - ok
12:26:42.0609 2648 [ 28A4B296B47782173C346E376CB374D1 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
12:26:42.0609 2648 VolSnap - ok
12:26:42.0671 2648 [ D6BA1A63D9E00933F1CD2A885573AFB2 ] VSS C:\WINDOWS\System32\vssvc.exe
12:26:42.0687 2648 VSS - ok
12:26:42.0703 2648 vtany - ok
12:26:42.0734 2648 [ FA4E1CDBA256787F2149F4AAD07BC91F ] W32Time C:\WINDOWS\system32\w32time.dll
12:26:42.0750 2648 W32Time - ok
12:26:42.0781 2648 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
12:26:42.0781 2648 Wanarp - ok
12:26:42.0843 2648 [ BBCFEAB7E871CDDAC2D397EE7FA91FDC ] Wdf01000 C:\WINDOWS\system32\Drivers\wdf01000.sys
12:26:42.0859 2648 Wdf01000 - ok
12:26:42.0875 2648 WDICA - ok
12:26:42.0890 2648 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
12:26:42.0890 2648 wdmaud - ok
12:26:42.0921 2648 [ 47AE51048A82DFA1CD6B51D369F7E169 ] WebClient C:\WINDOWS\System32\webclnt.dll
12:26:42.0953 2648 WebClient - ok
12:26:43.0015 2648 winmgmt - ok
12:26:43.0015 2648 WinRing0_1_2_0 - ok
12:26:43.0062 2648 [ 5D410936831F7FB58EFF941EAC3F6D3D ] WmBEnum C:\WINDOWS\system32\drivers\WmBEnum.sys
12:26:43.0078 2648 WmBEnum - ok
12:26:43.0109 2648 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\mspmsnsv.dll
12:26:43.0125 2648 WmdmPmSN - ok
12:26:43.0171 2648 [ 7A13CFDE92956CA61A0927D766C5AD4F ] WmFilter C:\WINDOWS\system32\drivers\WmFilter.sys
12:26:43.0171 2648 WmFilter - ok
12:26:43.0187 2648 [ 1F596392149CAC51F7C095AF7D533934 ] WmHidLo C:\WINDOWS\system32\drivers\WmHidLo.sys
12:26:43.0203 2648 WmHidLo - ok
12:26:43.0250 2648 [ C42584FD66CE9E17403AEBCA199F7BDB ] WmiAcpi C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
12:26:43.0250 2648 WmiAcpi - ok
12:26:43.0328 2648 [ 23F6F03272F7E5679F1F050AED5ACEE6 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
12:26:43.0328 2648 WmiApSrv - ok
12:26:43.0390 2648 [ 6F04646BC690F8BBFC344BE32A60796D ] WmVirHid C:\WINDOWS\system32\drivers\WmVirHid.sys
12:26:43.0390 2648 WmVirHid - ok
12:26:43.0406 2648 [ 1D6CA43D562333F4DFB40BCEF2453F3A ] WmXlCore C:\WINDOWS\system32\drivers\WmXlCore.sys
12:26:43.0406 2648 WmXlCore - ok
12:26:43.0484 2648 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
12:26:43.0515 2648 WPFFontCache_v0400 - ok
12:26:43.0562 2648 [ 4C86D5FAF78194995AF9CC1075F65DD3 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
12:26:43.0578 2648 wscsvc - ok
12:26:43.0609 2648 [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
12:26:43.0609 2648 WSTCODEC - ok
12:26:43.0640 2648 [ C1364564800EE9784192145324A23308 ] wuauserv C:\WINDOWS\system32\wuauserv.dll
12:26:43.0656 2648 wuauserv - ok
12:26:43.0687 2648 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
12:26:43.0703 2648 WudfPf - ok
12:26:43.0703 2648 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
12:26:43.0718 2648 WudfRd - ok
12:26:43.0734 2648 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
12:26:43.0765 2648 WudfSvc - ok
12:26:43.0812 2648 [ A27D4BA7264C0BF52F32D10405BEA1D4 ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
12:26:43.0843 2648 WZCSVC - ok
12:26:43.0843 2648 xhunter1 - ok
12:26:43.0890 2648 [ EAA4BB9EDB3FB10CF8979FE65E63658F ] xmlprov C:\WINDOWS\System32\xmlprov.dll
12:26:43.0937 2648 xmlprov - ok
12:26:43.0937 2648 xspirit - ok
12:26:43.0968 2648 ================ Scan global ===============================
12:26:44.0000 2648 [ F36278E42C8C5DF03CE17DAC8231C91C ] C:\WINDOWS\system32\basesrv.dll
12:26:44.0046 2648 [ F3FA14A297BC687D0B51289D034033C9 ] C:\WINDOWS\system32\winsrv.dll
12:26:44.0093 2648 [ F3FA14A297BC687D0B51289D034033C9 ] C:\WINDOWS\system32\winsrv.dll
12:26:44.0140 2648 [ 9EF697AF07BB8DD82C3B02CA953A95B7 ] C:\WINDOWS\system32\services.exe
12:26:44.0156 2648 [Global] - ok
12:26:44.0156 2648 ================ Scan MBR ==================================
12:26:44.0187 2648 [ 413FC2A0C716421B3158746D63736515 ] \Device\Harddisk0\DR0
12:26:44.0500 2648 \Device\Harddisk0\DR0 - ok
12:26:44.0500 2648 [ 973E9BA32FDBB305C552ED3E1EBF0686 ] \Device\Harddisk1\DR3
12:26:44.0531 2648 \Device\Harddisk1\DR3 - ok
12:26:44.0531 2648 ================ Scan VBR ==================================
12:26:44.0531 2648 [ 707801AE8F41F42CB1F915F30F8D06F7 ] \Device\Harddisk0\DR0\Partition1
12:26:44.0546 2648 \Device\Harddisk0\DR0\Partition1 - ok
12:26:44.0546 2648 [ CE6B18983FB4D08601E44721474F8AC7 ] \Device\Harddisk1\DR3\Partition1
12:26:44.0546 2648 \Device\Harddisk1\DR3\Partition1 - ok
12:26:44.0546 2648 ============================================================
12:26:44.0546 2648 Scan finished
12:26:44.0546 2648 ============================================================
12:26:44.0562 0532 Detected object count: 0
12:26:44.0562 0532 Actual detected object count: 0
12:27:18.0109 3024 Deinitialize success

[Žbeky]

Zavři všechny programy a prohlížeče.
Odpoj všechny USB nebo externí disky z počítače před spuštěním tohoto programu.
Spusť RogueKiller (Pro Windows Vista nebo WIN7 klepni pravým a vyber "Spustit jako správce", ve Windows XP poklepej ke spuštění).
- Počkej, až Prescan dokončí práci...
- Počkej, dokud status box zobrazuje "Scan" "
- Klikni na "Delete"
- Počkej, dokud status box zobrazuje "Smazání - Finished"
- Klikni na "Zprávy", zkopíruj a vlož obsah té zprávy prosím sem. Log je možno nalézt v RKreport [1].txt na ploše.
- Zavři RogueKiller

Vypni rezidentní štít antiviru a antispywaru
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Pokud bude po kontrole problém spustit aplikace nebo bude vyskakovat hláška o pokusu použít neplatnou operaci na klíč registru, který je označen pro odstranění, stačí restartovat počítač.

[sawyer154]

RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Podpora : http://www.geekstogo.com/forum/files/fi ... guekiller/
Webové stránky : http://tigzy.geekstogo.com/roguekiller.php
: http://tigzyrk.blogspot.com/

Operační systém : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Spuštěno v : Normální režim
Uživatel : Jirka [Práva správce]
Mód : Odebrat -- Datum : 06/10/2013 18:13:41
| ARK || FAK || MBR |

¤¤¤ Škodlivé procesy: : 0 ¤¤¤

¤¤¤ ¤¤¤ Záznamy Registrů: : 1 ¤¤¤
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> NAHRAZENO (1)

¤¤¤ Zvláštní soubory / Složky: ¤¤¤

¤¤¤ Ovladač : [NAHRÁNO] ¤¤¤

¤¤¤ Soubor HOSTS: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 localhost


¤¤¤ Kontrola MBR: ¤¤¤

+++++ PhysicalDrive0: +++++
--- User ---
[MBR] a4d29d698e2569b087c19cd56e59bb20
[BSP] 0ec240855e8874371f8f80038040f1b9 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] COMPAQ (0x12) [VISIBLE] Offset (sectors): 2048 | Size: 10240 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 20980890 | Size: 142372 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Dokončeno : << RKreport[3]_D_06102013_02d1813.txt >>
RKreport[1]_S_06102013_02d1222.txt ; RKreport[2]_S_06102013_02d1810.txt ; RKreport[3]_D_06102013_02d1813.txt


ComboFix mi žádnej log nevyhodil.Koukal jsem se do toho céčka,pak jsem používal i hledat,ale nic.Dneska ráno jsem nahodil Pc a žádná tabulka se už neobjevuje,a firewall funguje úplně normálně.
Když jsem spustil ComboFix podruhý,něco to dělalo a pak to chtělo stáhnout zotavovací konzoli.Takže bych už to asi nechal.Dodělal jsem ještě defragmentaci disku a Pc jede jako novej.

Takže dík.

[jaro3]

Jak míníš , Combofix by ještě určitě něco našel..

ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix /Uninstall

Vyčisti systém CCleanerem

Stáhni si OTC

na plochu. Poklepej na něj. Potom klikni na Clean up!.
Restartuj PC , pokud Ti bude doporučeno.


Pokud nejsou problémy , je to vše a můžeš dát vyřešeno , zelenou fajfku.